1#!/usr/bin/python
2# -*- coding: utf-8 -*-
3
4# Copyright: (c) 2018, Dag Wieers (@dagwieers) <dag@wieers.com>
5# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
6
7from __future__ import absolute_import, division, print_function
8__metaclass__ = type
9
10ANSIBLE_METADATA = {'metadata_version': '1.1',
11                    'status': ['preview'],
12                    'supported_by': 'community'}
13
14DOCUMENTATION = r'''
15---
16module: mso_role
17short_description: Manage roles
18description:
19- Manage roles on Cisco ACI Multi-Site.
20author:
21- Dag Wieers (@dagwieers)
22version_added: '2.8'
23options:
24  role:
25    description:
26    - The name of the role.
27    type: str
28    required: yes
29    aliases: [ name ]
30  display_name:
31    description:
32    - The name of the role to be displayed in the web UI.
33    type: str
34  description:
35    description:
36    - The description of the role.
37    type: str
38  permissions:
39    description:
40    - A list of permissions tied to this role.
41    type: list
42    choices:
43    - backup-db
44    - manage-audit-records
45    - manage-labels
46    - manage-roles
47    - manage-schemas
48    - manage-sites
49    - manage-tenants
50    - manage-tenant-schemas
51    - manage-users
52    - platform-logs
53    - view-all-audit-records
54    - view-labels
55    - view-roles
56    - view-schemas
57    - view-sites
58    - view-tenants
59    - view-tenant-schemas
60    - view-users
61  state:
62    description:
63    - Use C(present) or C(absent) for adding or removing.
64    - Use C(query) for listing an object or multiple objects.
65    type: str
66    choices: [ absent, present, query ]
67    default: present
68extends_documentation_fragment: mso
69'''
70
71EXAMPLES = r'''
72- name: Add a new role
73  mso_role:
74    host: mso_host
75    username: admin
76    password: SomeSecretPassword
77    role: readOnly
78    display_name: Read Only
79    description: Read-only access for troubleshooting
80    permissions:
81    - view-roles
82    - view-schemas
83    - view-sites
84    - view-tenants
85    - view-tenant-schemas
86    - view-users
87    state: present
88  delegate_to: localhost
89
90- name: Remove a role
91  mso_role:
92    host: mso_host
93    username: admin
94    password: SomeSecretPassword
95    role: readOnly
96    state: absent
97  delegate_to: localhost
98
99- name: Query a role
100  mso_role:
101    host: mso_host
102    username: admin
103    password: SomeSecretPassword
104    role: readOnly
105    state: query
106  delegate_to: localhost
107  register: query_result
108
109- name: Query all roles
110  mso_role:
111    host: mso_host
112    username: admin
113    password: SomeSecretPassword
114    state: query
115  delegate_to: localhost
116  register: query_result
117'''
118
119RETURN = r'''
120'''
121
122from ansible.module_utils.basic import AnsibleModule
123from ansible.module_utils.network.aci.mso import MSOModule, mso_argument_spec, issubset
124
125
126def main():
127    argument_spec = mso_argument_spec()
128    argument_spec.update(
129        role=dict(type='str', aliases=['name']),
130        display_name=dict(type='str'),
131        description=dict(type='str'),
132        permissions=dict(type='list', choices=[
133            'backup-db',
134            'manage-audit-records',
135            'manage-labels',
136            'manage-roles',
137            'manage-schemas',
138            'manage-sites',
139            'manage-tenants',
140            'manage-tenant-schemas',
141            'manage-users',
142            'platform-logs',
143            'view-all-audit-records',
144            'view-labels',
145            'view-roles',
146            'view-schemas',
147            'view-sites',
148            'view-tenants',
149            'view-tenant-schemas',
150            'view-users',
151        ]),
152        state=dict(type='str', default='present', choices=['absent', 'present', 'query']),
153    )
154
155    module = AnsibleModule(
156        argument_spec=argument_spec,
157        supports_check_mode=True,
158        required_if=[
159            ['state', 'absent', ['role']],
160            ['state', 'present', ['role']],
161        ],
162    )
163
164    role = module.params['role']
165    description = module.params['description']
166    permissions = module.params['permissions']
167    state = module.params['state']
168
169    mso = MSOModule(module)
170
171    role_id = None
172    path = 'roles'
173
174    # Query for existing object(s)
175    if role:
176        mso.existing = mso.get_obj(path, name=role)
177        if mso.existing:
178            role_id = mso.existing['id']
179            # If we found an existing object, continue with it
180            path = 'roles/{id}'.format(id=role_id)
181    else:
182        mso.existing = mso.query_objs(path)
183
184    if state == 'query':
185        pass
186
187    elif state == 'absent':
188        mso.previous = mso.existing
189        if mso.existing:
190            if module.check_mode:
191                mso.existing = {}
192            else:
193                mso.existing = mso.request(path, method='DELETE')
194
195    elif state == 'present':
196        mso.previous = mso.existing
197
198        payload = dict(
199            id=role_id,
200            name=role,
201            displayName=role,
202            description=description,
203            permissions=permissions,
204        )
205
206        mso.sanitize(payload, collate=True)
207
208        if mso.existing:
209            if not issubset(mso.sent, mso.existing):
210                if module.check_mode:
211                    mso.existing = mso.proposed
212                else:
213                    mso.existing = mso.request(path, method='PUT', data=mso.sent)
214        else:
215            if module.check_mode:
216                mso.existing = mso.proposed
217            else:
218                mso.existing = mso.request(path, method='POST', data=mso.sent)
219
220    mso.exit_json()
221
222
223if __name__ == "__main__":
224    main()
225