Michael Grote
ccaaabc1be
Reviewed-on: #583 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de>
191 lines
6.3 KiB
Python
191 lines
6.3 KiB
Python
#!/usr/bin/python
|
|
# -*- coding: utf-8 -*-
|
|
# Copyright (c) 2017, Daniel Korn <korndaniel1@gmail.com>
|
|
# Copyright (c) 2017, Yaacov Zamir <yzamir@redhat.com>
|
|
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
|
|
from __future__ import absolute_import, division, print_function
|
|
__metaclass__ = type
|
|
|
|
|
|
DOCUMENTATION = '''
|
|
|
|
module: manageiq_policies
|
|
|
|
short_description: Management of resource policy_profiles in ManageIQ
|
|
extends_documentation_fragment:
|
|
- community.general.manageiq
|
|
- community.general.attributes
|
|
|
|
author: Daniel Korn (@dkorn)
|
|
description:
|
|
- The manageiq_policies module supports adding and deleting policy_profiles in ManageIQ.
|
|
|
|
attributes:
|
|
check_mode:
|
|
support: none
|
|
diff_mode:
|
|
support: none
|
|
|
|
options:
|
|
state:
|
|
type: str
|
|
description:
|
|
- V(absent) - policy_profiles should not exist,
|
|
- V(present) - policy_profiles should exist,
|
|
- >
|
|
V(list) - list current policy_profiles and policies.
|
|
This state is deprecated and will be removed 8.0.0.
|
|
Please use the module M(community.general.manageiq_policies_info) instead.
|
|
choices: ['absent', 'present', 'list']
|
|
default: 'present'
|
|
policy_profiles:
|
|
type: list
|
|
elements: dict
|
|
description:
|
|
- List of dictionaries, each includes the policy_profile V(name) key.
|
|
- Required if O(state) is V(present) or V(absent).
|
|
resource_type:
|
|
type: str
|
|
description:
|
|
- The type of the resource to which the profile should be [un]assigned.
|
|
required: true
|
|
choices: ['provider', 'host', 'vm', 'blueprint', 'category', 'cluster',
|
|
'data store', 'group', 'resource pool', 'service', 'service template',
|
|
'template', 'tenant', 'user']
|
|
resource_name:
|
|
type: str
|
|
description:
|
|
- The name of the resource to which the profile should be [un]assigned.
|
|
- Must be specified if O(resource_id) is not set. Both options are mutually exclusive.
|
|
resource_id:
|
|
type: int
|
|
description:
|
|
- The ID of the resource to which the profile should be [un]assigned.
|
|
- Must be specified if O(resource_name) is not set. Both options are mutually exclusive.
|
|
version_added: 2.2.0
|
|
'''
|
|
|
|
EXAMPLES = '''
|
|
- name: Assign new policy_profile for a provider in ManageIQ
|
|
community.general.manageiq_policies:
|
|
resource_name: 'EngLab'
|
|
resource_type: 'provider'
|
|
policy_profiles:
|
|
- name: openscap profile
|
|
manageiq_connection:
|
|
url: 'http://127.0.0.1:3000'
|
|
username: 'admin'
|
|
password: 'smartvm'
|
|
validate_certs: false
|
|
|
|
- name: Unassign a policy_profile for a provider in ManageIQ
|
|
community.general.manageiq_policies:
|
|
state: absent
|
|
resource_name: 'EngLab'
|
|
resource_type: 'provider'
|
|
policy_profiles:
|
|
- name: openscap profile
|
|
manageiq_connection:
|
|
url: 'http://127.0.0.1:3000'
|
|
username: 'admin'
|
|
password: 'smartvm'
|
|
validate_certs: false
|
|
'''
|
|
|
|
RETURN = '''
|
|
manageiq_policies:
|
|
description:
|
|
- List current policy_profile and policies for a provider in ManageIQ
|
|
returned: always
|
|
type: dict
|
|
sample: '{
|
|
"changed": false,
|
|
"profiles": [
|
|
{
|
|
"policies": [
|
|
{
|
|
"active": true,
|
|
"description": "OpenSCAP",
|
|
"name": "openscap policy"
|
|
},
|
|
{
|
|
"active": true,
|
|
"description": "Analyse incoming container images",
|
|
"name": "analyse incoming container images"
|
|
},
|
|
{
|
|
"active": true,
|
|
"description": "Schedule compliance after smart state analysis",
|
|
"name": "schedule compliance after smart state analysis"
|
|
}
|
|
],
|
|
"profile_description": "OpenSCAP profile",
|
|
"profile_name": "openscap profile"
|
|
}
|
|
]
|
|
}'
|
|
'''
|
|
|
|
from ansible.module_utils.basic import AnsibleModule
|
|
from ansible_collections.community.general.plugins.module_utils.manageiq import ManageIQ, manageiq_argument_spec, manageiq_entities
|
|
|
|
|
|
def main():
|
|
actions = {'present': 'assign', 'absent': 'unassign', 'list': 'list'}
|
|
argument_spec = dict(
|
|
policy_profiles=dict(type='list', elements='dict'),
|
|
resource_id=dict(type='int'),
|
|
resource_name=dict(type='str'),
|
|
resource_type=dict(required=True, type='str',
|
|
choices=list(manageiq_entities().keys())),
|
|
state=dict(required=False, type='str',
|
|
choices=['present', 'absent', 'list'], default='present'),
|
|
)
|
|
# add the manageiq connection arguments to the arguments
|
|
argument_spec.update(manageiq_argument_spec())
|
|
|
|
module = AnsibleModule(
|
|
argument_spec=argument_spec,
|
|
mutually_exclusive=[["resource_id", "resource_name"]],
|
|
required_one_of=[["resource_id", "resource_name"]],
|
|
required_if=[
|
|
('state', 'present', ['policy_profiles']),
|
|
('state', 'absent', ['policy_profiles'])
|
|
],
|
|
)
|
|
|
|
policy_profiles = module.params['policy_profiles']
|
|
resource_id = module.params['resource_id']
|
|
resource_type_key = module.params['resource_type']
|
|
resource_name = module.params['resource_name']
|
|
state = module.params['state']
|
|
|
|
if state == "list":
|
|
module.deprecate(
|
|
'The value "list" for "state" is deprecated. Please use community.general.manageiq_policies_info instead.',
|
|
version='8.0.0',
|
|
collection_name='community.general'
|
|
)
|
|
|
|
# get the action and resource type
|
|
action = actions[state]
|
|
resource_type = manageiq_entities()[resource_type_key]
|
|
|
|
manageiq = ManageIQ(module)
|
|
manageiq_policies = manageiq.policies(resource_id, resource_type, resource_name)
|
|
|
|
if action == 'list':
|
|
# return a list of current profiles for this object
|
|
current_profiles = manageiq_policies.query_resource_profiles()
|
|
res_args = dict(changed=False, profiles=current_profiles)
|
|
else:
|
|
# assign or unassign the profiles
|
|
res_args = manageiq_policies.assign_or_unassign_profiles(policy_profiles, action)
|
|
|
|
module.exit_json(**res_args)
|
|
|
|
|
|
if __name__ == "__main__":
|
|
main()
|