def add_user(intersight_api_params,
username,
user_role='Account Administrator'):
# Create Intersight API instance
# ----------------------
api_instance = IntersightApiClient(
host=intersight_api_params['api_base_uri'],
private_key=intersight_api_params['api_private_key_file'],
api_key_id=intersight_api_params['api_key_id'],
)
# GET Permissions
permissions_handle = iam_permission_api.IamPermissionApi(api_instance)
kwargs = dict(filter="Name eq '%s'" % user_role)
permissions_result = permissions_handle.iam_permissions_get(**kwargs)
if permissions_result.results:
# GET IdpReference
idp_reference_handle = iam_idp_reference_api.IamIdpReferenceApi(
api_instance)
idp_reference_name = 'Cisco'
kwargs = dict(filter="Name eq '%s'" % idp_reference_name)
idp_reference_result = idp_reference_handle.iam_idp_references_get(
**kwargs)
if idp_reference_result.results:
user_matches = False
# GET Users
users_handle = iam_user_api.IamUserApi(api_instance)
kwargs = dict(filter="Email eq '%s'" % username)
users_result = users_handle.iam_users_get(**kwargs)
if (users_result.results
and users_result.results[0].permissions[0].moid
== permissions_result.results[0].moid
and users_result.results[0].idpreference.moid
== idp_reference_result.results[0].moid):
user_matches = True
if not user_matches:
# POST Users with Permissions and IdpReference
users_body = {
'Email': username,
'Idpreference': idp_reference_result.results[0].moid,
'Permissions': [permissions_result.results[0].moid],
}
users_result = users_handle.iam_users_post(users_body)
result['changed'] = True
else: # user exists and IdP/Permissions match
print('User exists with requested role:', username)
else:
print('Could not find IdP', idp_reference_name)
else:
print('Invalid user role', user_role)
roles_result = roles_handle.iam_roles_get()
for role in roles_result.results:
if role.name == args.role:
# GET EndPointRoles
end_point_roles_handle = iam_end_point_role_api.IamEndPointRoleApi(
api_instance)
endpoint_roles = {}
endpoint_roles['Read-Only'] = 'endpoint-readonly'
endpoint_roles['Account Administrator'] = 'endpoint-admin'
kwargs = dict(filter="RoleType eq '%s'" %
endpoint_roles[args.role])
end_point_roles_result = end_point_roles_handle.iam_end_point_roles_get(
**kwargs)
# POST Permissions with EndPointRoles
permissions_handle = iam_permission_api.IamPermissionApi(
api_instance)
permissions_body = {
'Subject': users_result.results[0].moid,
'Type': 'User',
'Account': accounts_result.results[0].account_moid,
'EndPointRoles': end_point_roles_result.results,
'Roles': [role],
}
permissions_result = permissions_handle.iam_permissions_post(
permissions_body)
break
else:
# for loop completed without finding a role
print("Role not found:", args.role)
except Exception as err: