1#!/usr/local/bin/python3.8 2# -*- coding: utf-8 -*- 3 4# (c) 2019, Simon Dodsley (simon@purestorage.com) 5# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) 6 7from __future__ import absolute_import, division, print_function 8 9__metaclass__ = type 10 11ANSIBLE_METADATA = { 12 "metadata_version": "1.1", 13 "status": ["preview"], 14 "supported_by": "community", 15} 16 17DOCUMENTATION = r""" 18--- 19module: purefa_dsrole 20version_added: '1.0.0' 21short_description: Configure FlashArray Directory Service Roles 22description: 23- Set or erase directory services role configurations. 24- Only available for FlashArray running Purity 5.2.0 or higher 25author: 26- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com> 27options: 28 state: 29 description: 30 - Create or delete directory service role 31 type: str 32 default: present 33 choices: [ absent, present ] 34 role: 35 description: 36 - The directory service role to work on 37 type: str 38 required: true 39 choices: [ array_admin, ops_admin, readonly, storage_admin ] 40 group_base: 41 type: str 42 description: 43 - Specifies where the configured group is located in the directory 44 tree. This field consists of Organizational Units (OUs) that combine 45 with the base DN attribute and the configured group CNs to complete 46 the full Distinguished Name of the groups. The group base should 47 specify OU= for each OU and multiple OUs should be separated by commas. 48 The order of OUs is important and should get larger in scope from left 49 to right. 50 - Each OU should not exceed 64 characters in length. 51 group: 52 type: str 53 description: 54 - Sets the common Name (CN) of the configured directory service group 55 containing users for the FlashBlade. This name should be just the 56 Common Name of the group without the CN= specifier. 57 - Common Names should not exceed 64 characters in length. 58extends_documentation_fragment: 59- purestorage.flasharray.purestorage.fa 60""" 61 62EXAMPLES = r""" 63- name: Delete exisitng array_admin directory service role 64 purefa_dsrole: 65 role: array_admin 66 state: absent 67 fa_url: 10.10.10.2 68 api_token: e31060a7-21fc-e277-6240-25983c6c4592 69 70- name: Create array_admin directory service role 71 purefa_dsrole: 72 role: array_admin 73 group_base: "OU=PureGroups,OU=SANManagers" 74 group: pureadmins 75 fa_url: 10.10.10.2 76 api_token: e31060a7-21fc-e277-6240-25983c6c4592 77 78- name: Update ops_admin directory service role 79 purefa_dsrole: 80 role: ops_admin 81 group_base: "OU=PureGroups" 82 group: opsgroup 83 fa_url: 10.10.10.2 84 api_token: e31060a7-21fc-e277-6240-25983c6c4592 85""" 86 87RETURN = r""" 88""" 89 90 91from ansible.module_utils.basic import AnsibleModule 92from ansible_collections.purestorage.flasharray.plugins.module_utils.purefa import ( 93 get_system, 94 purefa_argument_spec, 95) 96 97 98def update_role(module, array): 99 """Update Directory Service Role""" 100 changed = False 101 role = array.list_directory_service_roles(names=[module.params["role"]]) 102 if ( 103 role[0]["group_base"] != module.params["group_base"] 104 or role[0]["group"] != module.params["group"] 105 ): 106 try: 107 changed = True 108 if not module.check_mode: 109 array.set_directory_service_roles( 110 names=[module.params["role"]], 111 group_base=module.params["group_base"], 112 group=module.params["group"], 113 ) 114 except Exception: 115 module.fail_json( 116 msg="Update Directory Service Role {0} failed".format( 117 module.params["role"] 118 ) 119 ) 120 module.exit_json(changed=changed) 121 122 123def delete_role(module, array): 124 """Delete Directory Service Role""" 125 changed = True 126 if not module.check_mode: 127 try: 128 array.set_directory_service_roles( 129 names=[module.params["role"]], group_base="", group="" 130 ) 131 except Exception: 132 module.fail_json( 133 msg="Delete Directory Service Role {0} failed".format( 134 module.params["role"] 135 ) 136 ) 137 module.exit_json(changed=changed) 138 139 140def create_role(module, array): 141 """Create Directory Service Role""" 142 changed = False 143 if not module.params["group"] == "" or not module.params["group_base"] == "": 144 changed = True 145 if not module.check_mode: 146 try: 147 array.set_directory_service_roles( 148 names=[module.params["role"]], 149 group_base=module.params["group_base"], 150 group=module.params["group"], 151 ) 152 except Exception: 153 module.fail_json( 154 msg="Create Directory Service Role {0} failed".format( 155 module.params["role"] 156 ) 157 ) 158 module.exit_json(changed=changed) 159 160 161def main(): 162 argument_spec = purefa_argument_spec() 163 argument_spec.update( 164 dict( 165 role=dict( 166 required=True, 167 type="str", 168 choices=["array_admin", "ops_admin", "readonly", "storage_admin"], 169 ), 170 state=dict(type="str", default="present", choices=["absent", "present"]), 171 group_base=dict(type="str"), 172 group=dict(type="str"), 173 ) 174 ) 175 176 required_together = [["group", "group_base"]] 177 178 module = AnsibleModule( 179 argument_spec, required_together=required_together, supports_check_mode=True 180 ) 181 182 state = module.params["state"] 183 array = get_system(module) 184 role_configured = False 185 role = array.list_directory_service_roles(names=[module.params["role"]]) 186 if role[0]["group"] is not None: 187 role_configured = True 188 189 if state == "absent" and role_configured: 190 delete_role(module, array) 191 elif role_configured and state == "present": 192 update_role(module, array) 193 elif not role_configured and state == "present": 194 create_role(module, array) 195 else: 196 module.exit_json(changed=False) 197 198 199if __name__ == "__main__": 200 main() 201