1#!/usr/bin/python 2# -*- coding: utf-8 -*- 3 4# (c) 2018, Simon Dodsley (simon@purestorage.com) 5# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) 6 7from __future__ import absolute_import, division, print_function 8__metaclass__ = type 9 10ANSIBLE_METADATA = {'metadata_version': '1.1', 11 'status': ['preview'], 12 'supported_by': 'community'} 13 14DOCUMENTATION = r''' 15--- 16module: purefb_dsrole 17version_added: '2.8' 18short_description: Configure FlashBlade Management Directory Service Roles 19description: 20- Set or erase directory services role configurations. 21author: 22- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com> 23options: 24 state: 25 description: 26 - Create or delete directory service role 27 default: present 28 type: str 29 choices: [ absent, present ] 30 role: 31 description: 32 - The directory service role to work on 33 choices: [ array_admin, ops_admin, readonly, storage_admin ] 34 type: str 35 group_base: 36 description: 37 - Specifies where the configured group is located in the directory 38 tree. This field consists of Organizational Units (OUs) that combine 39 with the base DN attribute and the configured group CNs to complete 40 the full Distinguished Name of the groups. The group base should 41 specify OU= for each OU and multiple OUs should be separated by commas. 42 The order of OUs is important and should get larger in scope from left 43 to right. 44 - Each OU should not exceed 64 characters in length. 45 type: str 46 group: 47 description: 48 - Sets the common Name (CN) of the configured directory service group 49 containing users for the FlashBlade. This name should be just the 50 Common Name of the group without the CN= specifier. 51 - Common Names should not exceed 64 characters in length. 52 type: str 53extends_documentation_fragment: 54- purestorage.fb 55''' 56 57EXAMPLES = r''' 58- name: Delete existing array_admin directory service role 59 purefb_dsrole: 60 role: array_admin 61 state: absent 62 fb_url: 10.10.10.2 63 api_token: e31060a7-21fc-e277-6240-25983c6c4592 64 65- name: Create array_admin directory service role 66 purefb_dsrole: 67 role: array_admin 68 group_base: "OU=PureGroups,OU=SANManagers" 69 group: pureadmins 70 fb_url: 10.10.10.2 71 api_token: e31060a7-21fc-e277-6240-25983c6c4592 72 73- name: Update ops_admin directory service role 74 purefb_dsrole: 75 role: ops_admin 76 group_base: "OU=PureGroups" 77 group: opsgroup 78 fb_url: 10.10.10.2 79 api_token: e31060a7-21fc-e277-6240-25983c6c4592 80''' 81 82RETURN = r''' 83''' 84 85 86HAS_PURITY_FB = True 87try: 88 from purity_fb import DirectoryServiceRole 89except ImportError: 90 HAS_PURITY_FB = False 91 92from ansible.module_utils.basic import AnsibleModule 93from ansible.module_utils.pure import get_blade, purefb_argument_spec 94 95 96def update_role(module, blade): 97 """Update Directory Service Role""" 98 changed = False 99 role = blade.directory_services.list_directory_services_roles(names=[module.params['role']]) 100 if role.items[0].group_base != module.params['group_base'] or role.items[0].group != module.params['group']: 101 try: 102 role = DirectoryServiceRole(group_base=module.params['group_base'], 103 group=module.params['group']) 104 blade.directory_services.update_directory_services_roles(names=[module.params['role']], 105 directory_service_role=role) 106 changed = True 107 except Exception: 108 module.fail_json(msg='Update Directory Service Role {0} failed'.format(module.params['role'])) 109 module.exit_json(changed=changed) 110 111 112def delete_role(module, blade): 113 """Delete Directory Service Role""" 114 changed = False 115 try: 116 role = DirectoryServiceRole(group_base='', 117 group='') 118 blade.directory_services.update_directory_services_roles(names=[module.params['role']], 119 directory_service_role=role) 120 changed = True 121 except Exception: 122 module.fail_json(msg='Delete Directory Service Role {0} failed'.format(module.params['role'])) 123 module.exit_json(changed=changed) 124 125 126def create_role(module, blade): 127 """Create Directory Service Role""" 128 changed = False 129 try: 130 role = DirectoryServiceRole(group_base=module.params['group_base'], 131 group=module.params['group']) 132 blade.directory_services.update_directory_services_roles(names=[module.params['role']], 133 directory_service_role=role) 134 changed = True 135 except Exception: 136 module.fail_json(msg='Create Directory Service Role {0} failed: Check configuration'.format(module.params['role'])) 137 module.exit_json(changed=changed) 138 139 140def main(): 141 argument_spec = purefb_argument_spec() 142 argument_spec.update(dict( 143 role=dict(required=True, type='str', choices=['array_admin', 'ops_admin', 'readonly', 'storage_admin']), 144 state=dict(type='str', default='present', choices=['absent', 'present']), 145 group_base=dict(type='str'), 146 group=dict(type='str'), 147 )) 148 149 required_together = [['group', 'group_base']] 150 151 module = AnsibleModule(argument_spec, 152 required_together=required_together, 153 supports_check_mode=False) 154 155 if not HAS_PURITY_FB: 156 module.fail_json(msg='purity_fb sdk is required for this module') 157 158 state = module.params['state'] 159 blade = get_blade(module) 160 role_configured = False 161 role = blade.directory_services.list_directory_services_roles(names=[module.params['role']]) 162 if role.items[0].group is not None: 163 role_configured = True 164 165 if state == 'absent' and role_configured: 166 delete_role(module, blade) 167 elif role_configured and state == 'present': 168 update_role(module, blade) 169 elif not role_configured and state == 'present': 170 create_role(module, blade) 171 else: 172 module.exit_json(changed=False) 173 174 175if __name__ == '__main__': 176 main() 177