def main():
''' Main entry point for module execution
'''
#
__LIMIT = 100
# Module specific spec
tetration_spec = dict(name=dict(type='str', aliases=['hostname']),
ip=dict(type='str'))
# Common spec for tetration modules
argument_spec = dict(provider=dict(required=True),
state=dict(default='query',
choices=['absent', 'query']))
# Combine specs and include provider parameter
argument_spec.update(tetration_spec)
argument_spec.update(TetrationApiModule.provider_spec)
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True,
required_one_of=[['name', 'ip']],
mutually_exclusive=[['name', 'ip']])
# These are all elements we put in our return JSON object for clarity
tet_module = TetrationApiModule(module)
result = dict(
changed=False,
failed=False,
api_version=module.params['provider']['api_version'],
tetration=module.params['provider']['server_endpoint'],
object=None,
)
def get_sensors(offset=''):
return tet_module.run_method('get',
target='%s' % TETRATION_API_SENSORS,
params=dict(limit=__LIMIT, offset=offset))
# =========================================================================
# Search through sensors for one matching passed IP or hostname
offset = ''
keep_searching = True
target_sensors = []
while keep_searching:
query_result = get_sensors(offset)
if not query_result or 'results' not in query_result:
break
for sensor in query_result['results']:
if module.params['name']:
if sensor['host_name'] == module.params[
'name'] and 'deleted_at' not in sensor:
target_sensors.append(sensor)
else:
for interface in sensor['interfaces']:
if interface['ip'] == module.params[
'ip'] and 'deleted_at' not in sensor:
target_sensors.append(sensor)
if not keep_searching:
break
if 'offset' in query_result:
offset = query_result['offset']
else:
keep_searching = False
result['object'] = target_sensors
# ---------------------------------
# STATE == 'absent'
# ---------------------------------
if module.params['state'] in 'absent':
result['changed'] = True if target_sensors else False
if not result['changed']:
module.exit_json(**result)
else:
if not module.check_mode:
for sensor in target_sensors:
tet_module.run_method(
'delete',
target='%s/%s' %
(TETRATION_API_SENSORS, sensor['uuid']))
result['object'] = None
module.exit_json(**result)
# ---------------------------------
# STATE == 'query'
# ---------------------------------
else:
module.exit_json(**result)
def main():
''' Main entry point for module execution
'''
#
__LIMIT = 100
# Module specific spec
tetration_spec = dict(type=dict(type='str', required=True),
name=dict(type='str', required=True),
tenant_name=dict(type='str', required=False),
hosts_list=dict(type='list', required=False),
insecure=dict(type='bool', required=False),
id=dict(type='str', required=False),
description=dict(type='str', required=False),
username=dict(type='str', required=False),
password=dict(type='str', required=False),
aws_access_key_id=dict(type='str', required=False),
aws_secret_access_key=dict(type='str',
required=False),
delta_interval=dict(type='int', required=False),
full_snapshot_interval=dict(type='int',
required=False),
verbose_tsdb_metrics=dict(type='bool',
required=False),
aws_region=dict(type='str', required=False),
ca_certificate=dict(type='str', required=False),
certificate=dict(type='str', required=False),
key=dict(type='str', required=False))
# Common spec for tetration modules
argument_spec = dict(provider=dict(required=True),
state=dict(default='query',
choices=['present', 'absent', 'query']))
# Combine specs and include provider parameter
argument_spec.update(tetration_spec)
argument_spec.update(TetrationApiModule.provider_spec)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
required_if=[['state', 'present', ['tenant_name', 'hosts_list']]])
# These are all elements we put in our return JSON object for clarity
tet_module = TetrationApiModule(module)
result = dict(
changed=False,
object=None,
)
tenant_name = module.params.get('tenant_name')
id = module.params.get('id')
state = module.params.get('state')
name = module.params.get('name')
type = module.params.get('type')
hosts_list = module.params.get('hosts_list')
orchestrator_options = [
'type', 'name', 'hosts_list', 'insecure', 'id', 'description',
'username', 'password', 'aws_access_key_id', 'aws_secret_access_key',
'delta_interval', 'full_snapshot_interval', 'verbose_tsdb_metrics',
'aws_region', 'ca_certificate', 'certificate', 'key'
]
# =========================================================================
# Get current state of the object
# =========================================================================
tenant_object = tet_module.get_object(
target=TETRATION_API_TENANT,
filter=dict(name=tenant_name),
)
if not tenant_object:
module.fail_json(msg='Unable to find tenant named: %s' % tenant_name)
else:
result['object'] = tenant_object
existing_object = tet_module.get_object(
target='%s/%s' % (TETRATION_API_EXT_ORCHESTRATORS, tenant_name),
filter=dict(
name=name,
type=type,
),
)
# ---------------------------------
# STATE == 'present'
# ---------------------------------
if state == 'present':
new_object = dict()
for option in orchestrator_options:
if option:
new_object[option] = module.params.get(option)
if existing_object:
result['changed'] = tet_module.filter_object(existing_object,
new_object,
check_only=True)
# if the object does not exist at all, create it
if not existing_object or result['changed']:
if not module.check_mode:
result['object'] = tet_module.run_method(
method_name='put' if existing_object else 'post',
target='%s/%s/%s' %
(TETRATION_API_EXT_ORCHESTRATORS, tenant_name,
existing_object['id']) if existing_object else '%s/%s' %
(TETRATION_API_EXT_ORCHESTRATORS, tenant_name),
req_payload=new_object,
)
else:
result['object'] = tenant_object
result['changed'] = True
# ---------------------------------
# STATE == 'absent'
# ---------------------------------
elif state == 'absent':
# if the object does not exist at all, create it
if existing_object:
if not module.check_mode:
tet_module.run_method(method_name='delete',
target='%s/%s/%s' %
(TETRATION_API_EXT_ORCHESTRATORS,
tenant_name, existing_object['id']))
result['changed'] = True
# ---------------------------------
# STATE == 'query'
# ---------------------------------
elif state == 'query':
# if the object does not exist at all, create it
result['object'] = existing_object
module.exit_json(**result)
def main():
tetration_spec=dict(
email=dict(type='str', required=True),
role_ids=dict(type='list', required=True),
)
argument_spec = dict(
provider=dict(required=True),
state=dict(required=True, choices=['present', 'absent'])
)
argument_spec.update(tetration_spec)
argument_spec.update(TetrationApiModule.provider_spec)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
tet_module = TetrationApiModule(module)
# These are all elements we put in our return JSON object for clarity
result = dict(
failed=False,
object=None,
)
state = module.params['state']
email = module.params['email']
requested_list = module.params['role_ids']
# =========================================================================
# Get current state of the object
existing_object = tet_module.get_object(
target = TETRATION_API_USER,
# params=dict(include_disabled='true'),
filter = dict(email=email),
)
if bool(existing_object):
id = existing_object['id']
existing_list = existing_object['role_ids']
else:
error_message = (
'The user whose email address you specified does not exist or is '
'disabled. Roles cannot be added or removed from a disabled or '
'nonexistent user.'
)
module.fail_json(msg=error_message)
# =========================================================================
# Now enforce the desired state (present, absent)
changed = False
# ---------------------------------
# STATE == 'present'
# ---------------------------------
if state == 'present':
# step through the list and add all roles that don't already exist
for role in requested_list:
if role not in existing_list:
changed = True
if not module.check_mode:
tet_module.run_method(
method_name='put',
target='%s/%s/add_role' % (TETRATION_API_USER, id),
req_payload=dict(role_id=role),
)
# ---------------------------------
# STATE == 'absent'
# ---------------------------------
elif state == 'absent':
active_roles = tet_module.run_method(
method_name = 'get',
target = TETRATION_API_ROLE
)
active_role_ids = [ role['id'] for role in active_roles ]
# step through the list and remove all roles that exist
for role in requested_list:
if role in existing_list:
changed = True
if not module.check_mode and role in active_role_ids:
tet_module.run_method(
method_name='delete',
target='%s/%s/remove_role' % (TETRATION_API_USER, id),
req_payload=dict(role_id=role),
)
# ---------------------------------
# fetch current state to return
# ---------------------------------
query_result = tet_module.run_method(
method_name='get',
target='%s/%s' % (TETRATION_API_USER, id),
)
result['object'] = query_result
module.exit_json(changed=changed, **result)
def main():
''' Main entry point for module execution
'''
#
# Module specific spec
tetration_spec = dict(
tenant_name=dict(type='str', required=False),
root_app_scope_id=dict(type='str', required=False),
inventory_config_profile_id=dict(type='str', required=True),
inventory_filter_id=dict(type='str', required=False),
inventory_filter_name=dict(type='str', required=False),
inventory_filter_type=dict(type='str', required=False, choices=['inventory', 'scope'])
)
# Common spec for tetration modules
argument_spec = dict(
provider=dict(required=True),
state=dict(default='present', choices=['present', 'absent', 'query'])
)
# Combine specs and include provider parameter
argument_spec.update(tetration_spec)
argument_spec.update(TetrationApiModule.provider_spec)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
required_one_of=[
['inventory_filter_id', 'inventory_filter_name']
],
mutually_exclusive=[
['inventory_filter_id', 'inventory_filter_name'],
['inventory_filter_id', 'inventory_filter_type']
],
required_together=[
['inventory_filter_name', 'inventory_filter_type']
]
)
# These are all elements we put in our return JSON object for clarity
tet_module = TetrationApiModule(module)
result = dict(
changed=False,
object=None,
)
state = module.params['state']
check_mode = module.check_mode
tenant_name = module.params['tenant_name']
root_app_scope_id = module.params['root_app_scope_id']
inventory_config_profile_id = module.params['inventory_config_profile_id']
inventory_filter_id = module.params['inventory_filter_id']
inventory_filter_name = module.params['inventory_filter_name']
inventory_filter_type = module.params['inventory_filter_type']
existing_app_scope = None
existing_config_profile = None
existing_inventory_filter = None
existing_config_intent = None
# =========================================================================
# Get current state of the object
if root_app_scope_id:
existing_app_scope = tet_module.run_method(
method_name = 'get',
target = '%s/%s' % (TETRATION_API_SCOPES, root_app_scope_id)
)
elif not root_app_scope_id:
existing_app_scope = tet_module.get_object(
target = TETRATION_API_SCOPES,
filter = dict(name=tenant_name)
)
if not existing_app_scope:
if root_app_scope_id:
module.fail_json(msg='Unable to find existing app scope with id: %s' % root_app_scope_id)
else:
module.fail_json(msg='Unable to find existing app scope named: %s' % tenant_name)
existing_config_profile = tet_module.run_method(
method_name = 'get',
target = '%s/%s' % (TETRATION_API_AGENT_CONFIG_PROFILES, inventory_config_profile_id)
)
if not existing_config_profile:
module.fail_json(msg='Unable to find existing config profile with id: %s' % inventory_config_profile_id)
if inventory_filter_type == 'inventory':
if inventory_filter_id:
existing_inventory_filter = run_method(
method_name = 'get',
target = '%s/%s' % (TETRATION_API_INVENTORY_FILTER, inventory_filter_id),
)
else:
app_scopes = tet_module.get_object(
target = TETRATION_API_SCOPES,
filter = dict(root_app_scope_id = existing_app_scope['root_app_scope_id']),
allow_multiple = True
)
scope_ids = [ scope['id'] for scope in app_scopes ]
inventory_filters = tet_module.run_method(
method_name = 'get',
target = TETRATION_API_INVENTORY_FILTER,
)
if inventory_filters:
inventory_filters = [ valid_filter for valid_filter in inventory_filters if valid_filter['app_scope_id'] in scope_ids and valid_filter['name'] == inventory_filter_name ]
existing_inventory_filter = inventory_filters[0] if len(inventory_filters) == 1 else None
else:
existing_inventory_filter = None
if not existing_inventory_filter:
if inventory_filter_id:
module.fail_json(msg='Unable to find inventory filter matching id: %s' % inventory_filter_id)
else:
module.fail_json(msg='Unable to find inventory filter named: %s' % inventory_filter_name)
elif inventory_filter_type == 'scope':
if inventory_filter_id:
existing_inventory_filter = run_method(
method_name = 'get',
target = '%s/%s' % (TETRATION_API_SCOPES, inventory_filter_id),
)
else:
existing_inventory_filter = tet_module.get_object(
target = TETRATION_API_SCOPES,
filter = dict(
root_app_scope_id = existing_app_scope['root_app_scope_id'],
name = inventory_filter_name
)
)
if not existing_inventory_filter:
if inventory_filter_id:
module.fail_json(msg='Unable to find scope matching id: %s' % inventory_filter_id)
else:
module.fail_json(msg='Unable to find scope named: %s' % inventory_filter_name)
existing_config_intent = tet_module.get_object(
target = TETRATION_API_AGENT_CONFIG_INTENTS,
filter = dict(
inventory_filter_id = existing_inventory_filter['id'],
inventory_config_profile_id = inventory_config_profile_id
)
)
# ---------------------------------
# STATE == 'present'
# ---------------------------------
if state == 'present':
new_object = dict(
inventory_filter_id = existing_inventory_filter['id'],
inventory_config_profile_id = inventory_config_profile_id
)
if not existing_config_intent:
if not check_mode:
tet_module.run_method(
method_name = 'post',
target = TETRATION_API_AGENT_CONFIG_INTENTS,
req_payload = new_object
)
result['object'] = new_object
result['changed'] = True
else:
result['object'] = existing_config_profile
# ---------------------------------
# STATE == 'absent'
# ---------------------------------
elif module.params['state'] in 'absent':
if existing_config_intent:
if not check_mode:
tet_module.run_method(
method_name = 'delete',
target = '%s/%s' % (TETRATION_API_AGENT_CONFIG_INTENTS, existing_config_intent['id'])
)
result['changed'] = True
# ---------------------------------
# STATE == 'query'
# ---------------------------------
else:
result['object'] = existing_config_intent
module.exit_json(**result)
def main():
tetration_spec = dict(
name=dict(type='str', required=False),
query=dict(type='dict', required=False),
app_scope_id=dict(type='str', required=False),
app_scope_name=dict(type='str', required=False),
primary=dict(type='bool', required=False, default=False),
public=dict(type='bool', required=False, default=False),
query_type=dict(type='str',
required=False,
choices=['single', 'sub-scope', 'all'],
default='single'),
)
argument_spec = dict(provider=dict(required=True),
state=dict(required=True,
choices=['present', 'absent', 'query']))
argument_spec.update(tetration_spec)
argument_spec.update(TetrationApiModule.provider_spec)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
required_one_of=[['app_scope_id', 'app_scope_name']],
required_if=[['state', 'present', ['name']],
['state', 'absent', ['name']],
['query_type', 'sub-scope', ['app_scope_name']]])
tet_module = TetrationApiModule(module)
# These are all elements we put in our return JSON object for clarity
result = dict(
failed=False,
object=None,
)
state = module.params['state']
filter_name = module.params['name']
app_scope_id = module.params['app_scope_id']
app_scope_name = module.params['app_scope_name']
primary = module.params['primary']
query_type = module.params['query_type']
if not primary:
public = False
module.params['public'] = False
else:
public = module.params['public']
# =========================================================================
# Get current state of the object
# find the ID of the scope if specified by name
if app_scope_name is not None:
scope = tet_module.get_object(
target=TETRATION_API_SCOPES,
filter=dict(name=app_scope_name),
)
app_scope_id = scope['id'] if scope else None
# The first thing we have to do is get the object.
existing_object = tet_module.get_object(
target=TETRATION_API_INVENTORY_FILTER,
filter=dict(name=filter_name, app_scope_id=app_scope_id))
id = None if existing_object is None else existing_object['id']
# =========================================================================
# Now enforce the desired state (present, absent, query)
# at this point in the code, there will be one object stored in the
# variable named existing_object
changed = False
# ---------------------------------
# STATE == 'present'
# ---------------------------------
if state == 'present':
new_object = dict(name=filter_name,
app_scope_id=app_scope_id,
primary=primary,
public=public)
if module.params['query'] is not None:
new_object['query'] = module.params['query']
# if the object does not exist at all, create it
if not existing_object:
changed = True
if not module.check_mode:
query_result = tet_module.run_method(
method_name='post',
target=TETRATION_API_INVENTORY_FILTER,
req_payload=new_object,
)
id = query_result['id']
# if the object does exist, check to see if any part of it should be
# changed
else:
# if primary or app_scope_id don't match, UPDATE!
update_needed = False
for k in ['app_scope_id', 'primary', 'public']:
if module.params[k] is not None and existing_object[
k] != module.params[k]:
update_needed = True
# if query doesn't match, UPDATE!
if module.params['query'] is not None and module.params[
'query'] != existing_object['short_query']:
update_needed = True
if update_needed:
changed = True
if not module.check_mode:
tet_module.run_method(
method_name='put',
target='%s/%s' % (TETRATION_API_INVENTORY_FILTER, id),
req_payload=new_object,
)
# decide what value to return
if not changed:
result['object'] = existing_object
elif module.check_mode:
result['object'] = new_object
else:
# retrieve the current state of the object
query_result = tet_module.run_method(
method_name='get',
target='%s/%s' % (TETRATION_API_INVENTORY_FILTER, id))
result['object'] = query_result
# ---------------------------------
# STATE == 'absent'
# ---------------------------------
elif state == 'absent':
# if existing_object is a non-empty dictionary, that means there is
# something to delete; if it's empty then there is nothing to do
if bool(existing_object):
changed = True
if not module.check_mode:
tet_module.run_method(method_name='delete',
target='%s/%s' %
(TETRATION_API_INVENTORY_FILTER, id))
result['object'] = existing_object
# ---------------------------------
# STATE == 'query'
# ---------------------------------
elif state == 'query':
# we already retrieved the current state of the object, so there is no
# need to do it again
if query_type == 'all':
existing_app_scope = tet_module.run_method(
method_name='get',
target='%s/%s' % (TETRATION_API_SCOPES, app_scope_id))
if not existing_app_scope:
module.fail_json(msg='No app_scope was found matching id: %s' %
app_scope_id)
if existing_app_scope['id'] != existing_app_scope[
'root_app_scope_id']:
module.fail_json(
msg='query_type `all` option is only allowed on root scopes'
)
app_scopes = tet_module.get_object(
target=TETRATION_API_SCOPES,
filter=dict(
root_app_scope_id=existing_app_scope['root_app_scope_id']),
allow_multiple=True)
scope_ids = [scope['id'] for scope in app_scopes]
inventory_filters = tet_module.run_method(
method_name='get',
target=TETRATION_API_INVENTORY_FILTER,
)
if inventory_filters:
inventory_filters = [
valid_filter for valid_filter in inventory_filters
if valid_filter['app_scope_id'] in scope_ids
and valid_filter['name'] != 'Everything'
]
result['object'] = inventory_filters
elif query_type == 'sub-scope':
app_scopes = tet_module.run_method(method_name='get',
target=TETRATION_API_SCOPES)
scope_ids = [
scope['id'] for scope in app_scopes
if scope['name'].startswith(app_scope_name)
]
inventory_filters = tet_module.run_method(
method_name='get',
target=TETRATION_API_INVENTORY_FILTER,
)
if inventory_filters:
inventory_filters = [
valid_filter for valid_filter in inventory_filters
if valid_filter['app_scope_id'] in scope_ids
and valid_filter['name'] != 'Everything'
]
result['object'] = inventory_filters
else:
result['object'] = existing_object
module.exit_json(changed=changed, **result)
def main():
''' Main entry point for module execution
'''
#
# Module specific spec
tetration_spec = dict(name=dict(type='str', required=True),
root_app_scope_id=dict(type='str', required=False),
tenant_name=dict(type='str', required=False),
allow_broadcast=dict(type='bool',
required=False,
default=True),
allow_multicast=dict(type='bool',
required=False,
default=True),
auto_upgrade_opt_out=dict(type='bool',
required=False,
default=True),
cpu_quota_mode=dict(type='int',
required=False,
default=1,
choices=[0, 1, 2]),
cpu_quota_pct=dict(type='int',
required=False,
default=3),
data_plane_disabled=dict(type='bool',
required=False,
default=False),
enable_cache_sidechannel=dict(type='bool',
required=False,
default=False),
enable_forensics=dict(type='bool',
required=False,
default=False),
enable_meltdown=dict(type='bool',
required=False,
default=False),
enable_pid_lookup=dict(type='bool',
required=False,
default=False),
enforcement_disabled=dict(type='bool',
required=False,
default=True),
preserve_existing_rules=dict(type='bool',
required=False,
default=False))
# Common spec for tetration modules
argument_spec = dict(provider=dict(required=True),
state=dict(default='present',
choices=['present', 'absent', 'query']))
# Combine specs and include provider parameter
argument_spec.update(tetration_spec)
argument_spec.update(TetrationApiModule.provider_spec)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
required_one_of=[['root_app_scope_id', 'tenant_name']],
mutually_exclusive=[['root_app_scope_id', 'tenant_name']])
# These are all elements we put in our return JSON object for clarity
tet_module = TetrationApiModule(module)
result = dict(
changed=False,
object=None,
)
state = module.params['state']
check_mode = module.check_mode
name = module.params['name']
root_app_scope_id = module.params['root_app_scope_id']
tenant_name = module.params['tenant_name']
allow_broadcast = module.params['allow_broadcast']
allow_multicast = module.params['allow_multicast']
auto_upgrade_opt_out = module.params['auto_upgrade_opt_out']
cpu_quota_mode = module.params['cpu_quota_mode']
cpu_quota_pct = module.params['cpu_quota_pct']
data_plane_disabled = module.params['data_plane_disabled']
enable_cache_sidechannel = module.params['enable_cache_sidechannel']
enable_forensics = module.params['enable_forensics']
enable_meltdown = module.params['enable_meltdown']
enable_pid_lookup = module.params['enable_pid_lookup']
enforcement_disabled = module.params['enforcement_disabled']
preserve_existing_rules = module.params['preserve_existing_rules']
existing_app_scope = None
existing_config_profile = None
agent_options = [
'allow_broadcast', 'allow_multicast', 'auto_upgrade_opt_out',
'cpu_quota_mode', 'cpu_quota_pct', 'data_plane_disabled',
'enable_cache_sidechannel', 'enable_forensics', 'enable_meltdown',
'enable_pid_lookup', 'enforcement_disabled', 'preserve_existing_rules'
]
# =========================================================================
# Get current state of the object
if root_app_scope_id:
existing_app_scope = tet_module.run_method(
method_name='get',
target='%s/%s' % (TETRATION_API_SCOPES, root_app_scope_id))
elif not root_app_scope_id:
existing_app_scope = tet_module.get_object(
target=TETRATION_API_SCOPES, filter=dict(name=tenant_name))
if not existing_app_scope:
module.fail_json(msg='Unable to find existing app scope named: %s' %
tenant_name)
existing_config_profile = tet_module.get_object(
target=TETRATION_API_AGENT_CONFIG_PROFILES, filter=dict(name=name))
# ---------------------------------
# STATE == 'present'
# ---------------------------------
if state == 'present':
new_object = dict(
root_app_scope_id=existing_app_scope['id'],
name=name,
)
for option in agent_options:
new_object[option] = module.params.get(option)
if not existing_config_profile:
if not check_mode:
result['object'] = tet_module.run_method(
method_name='post',
target=TETRATION_API_AGENT_CONFIG_PROFILES,
req_payload=new_object)
else:
result['object'] = new_object
result['changed'] = True
else:
if not check_mode:
result['object'] = tet_module.run_method(
method_name='put',
target='%s/%s' % (TETRATION_API_AGENT_CONFIG_PROFILES,
existing_config_profile['id']),
req_payload=new_object)
else:
result['object'] = new_object
# ---------------------------------
# STATE == 'absent'
# ---------------------------------
elif module.params['state'] in 'absent':
if existing_config_profile:
if not check_mode:
tet_module.run_method(method_name='delete',
target='%s/%s' %
(TETRATION_API_AGENT_CONFIG_PROFILES,
existing_config_profile['id']))
result['changed'] = True
# ---------------------------------
# STATE == 'query'
# ---------------------------------
else:
result['object'] = existing_config_profile
module.exit_json(**result)
def main():
tetration_spec = dict(
first_name=dict(type='str', required=False),
last_name=dict(type='str', required=False),
email=dict(type='str', required=True),
app_scope_id=dict(type='str', required=False),
app_scope_name=dict(type='str', required=False),
)
argument_spec = dict(provider=dict(required=True),
state=dict(required=True,
choices=['present', 'absent', 'query']))
argument_spec.update(tetration_spec)
argument_spec.update(TetrationApiModule.provider_spec)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
mutually_exclusive=[['app_scope_id', 'app_scope_name']])
tet_module = TetrationApiModule(module)
# These are all elements we put in our return JSON object for clarity
result = dict(
failed=False,
object=None,
)
state = module.params['state']
email = module.params['email']
first_name = module.params['first_name']
last_name = module.params['last_name']
app_scope_id = module.params['app_scope_id']
app_scope_name = module.params['app_scope_name']
# =========================================================================
# Get current state of the object
# The first thing we have to do is get the object.
existing_object = tet_module.get_object(
target=TETRATION_API_USER,
params=dict(include_disabled='true'),
filter=dict(email=email),
)
disabled_user = False if existing_object is None or existing_object[
'disabled_at'] is None else True
id = None if existing_object is None else existing_object['id']
# =========================================================================
# Now enforce the desired state (present, absent, query)
# at this point in the code, there will be one object stored in the
# variable named existing_object
changed = False
# ---------------------------------
# STATE == 'present'
# ---------------------------------
if state == 'present':
new_object = dict(email=email)
if first_name is not None:
new_object['first_name'] = first_name
if last_name is not None:
new_object['last_name'] = last_name
if app_scope_id is not None:
new_object['app_scope_id'] = app_scope_id
# Get the app scope id if name is passed
if app_scope_name:
app_scope = tet_module.get_object(target=TETRATION_API_SCOPES,
filter=dict(name=app_scope_name))
if app_scope is None or ':' in app_scope_name:
error_message = (
'You specified an app scope name that does not exist. Try '
'again with a valid name or exclude both app_scope_name '
'and app_scope_id to create a Service Provider user. Only '
'root scopes are allowed. For example, Default is valid '
'but Default:Datacenter is not a valid scope name for '
'user accounts.')
module.fail_json(msg=error_message)
else:
new_object['app_scope_id'] = app_scope['id']
module.params['app_scope_id'] = app_scope['id']
# if the object does not exist at all, create it
if not existing_object:
changed = True
if not module.check_mode:
query_result = tet_module.run_method(
method_name='post',
target=TETRATION_API_USER,
req_payload=new_object,
)
id = query_result['id']
# if the object does exist, check to see if any part of it should be
# changed
else:
# if the user is inactive, then reactivate
if disabled_user:
changed = True
tet_module.run_method(
method_name='post',
target='%s/%s/enable' % (TETRATION_API_USER, id),
)
# if name or app_scope_id don't match, UPDATE!
update_needed = False
for k in ['first_name', 'last_name', 'app_scope_id']:
if module.params[k] is not None and existing_object[
k] != module.params[k]:
update_needed = True
if update_needed:
changed = True
if not module.check_mode:
tet_module.run_method(
method_name='put',
target='%s/%s' % (TETRATION_API_USER, id),
req_payload=new_object,
)
# decide what value to return
if not changed:
result['object'] = existing_object
elif module.check_mode:
result['object'] = new_object
else:
# retrieve the current state of the object
query_result = tet_module.run_method(method_name='get',
target='%s/%s' %
(TETRATION_API_USER, id))
result['object'] = query_result
# ---------------------------------
# STATE == 'absent'
# ---------------------------------
elif state == 'absent':
# if existing_object is a non-empty dictionary, that means there is
# something to delete; if it's empty then there is nothing to do
if bool(existing_object) and not disabled_user:
changed = True
if module.check_mode:
existing_object['disabled_at'] = int(time.time())
else:
tet_module.run_method(method_name='delete',
target='%s/%s' %
(TETRATION_API_USER, id))
# there is no way to retrieve an individual user directly
# by ID; we have to retrieve all users and filter for the
# one with the right email address
existing_object = tet_module.get_object(
target=TETRATION_API_USER,
params=dict(include_disabled='true'),
filter=dict(email=email),
)
result['object'] = existing_object
# ---------------------------------
# STATE == 'query'
# ---------------------------------
elif state == 'query':
# we already retrieved the current state of the object, so there is no
# need to do it again
result['object'] = existing_object
module.exit_json(changed=changed, **result)
def main():
tetration_spec=dict(
vrf_name=dict(type='str', required=False),
vrf_id=dict(type='str', required=False),
inventory_filter_id=dict(type='str', required=False),
inventory_filter_name=dict(type='str', required=False),
query_type=dict(type='str', required=False, choices=['single', 'all'], default='single'),
)
argument_spec = dict(
provider=dict(required=True),
state=dict(required=True, choices=['present', 'absent', 'query'])
)
argument_spec.update(tetration_spec)
argument_spec.update(TetrationApiModule.provider_spec)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
mutually_exclusive=[
['vrf_name', 'vrf_id'],
['inventory_filter_name', 'inventory_filter_id']
]
)
tet_module = TetrationApiModule(module)
# These are all elements we put in our return JSON object for clarity
result = dict(
changed=False,
object=None,
)
state = module.params['state']
vrf_name = module.params['vrf_name']
vrf_id = module.params['vrf_id']
inventory_filter_name = module.params['inventory_filter_name']
inventory_filter_id = module.params['inventory_filter_id']
app_scope = 'Default'
query_type = module.params['query_type']
current_intents = []
target_object_index = None
if state != 'query' or query_type != 'all':
if not (vrf_name or vrf_id):
module.fail_json(msg='One of the following parameters is required: vrf_name or vrf_id')
if not (inventory_filter_name or inventory_filter_id):
module.fail_json(msg='One of the following parameters is required: inventory_filter_name or inventory_filter_id')
# =========================================================================
# Get current state of the object
# Get VRF ID if name passed
if not vrf_id:
vrf_object = tet_module.get_object(
target = TETRATION_API_TENANT,
filter = dict(name=vrf_name)
)
vrf_id = None if vrf_object is None else vrf_object['id']
if not vrf_id and state != 'query':
module.fail_json(msg='A VRF could not be found matching name: %s' % vrf_name)
# Get inventory filter id if name is passed
if not inventory_filter_id:
scope_object = tet_module.get_object(
target = TETRATION_API_SCOPES,
filter = dict(name=app_scope)
)
if not scope_object:
module.fail_json(msg='An app scope cannot be found with name: %s' % app_scope)
app_scope_id = scope_object['id']
filter_object = tet_module.get_object(
target = TETRATION_API_INVENTORY_FILTER,
filter = dict(name=inventory_filter_name,app_scope_id=app_scope_id)
)
inventory_filter_id = None if filter_object is None else filter_object['id']
if not inventory_filter_id and state != 'query':
module.fail_json(msg='An inventory filter could not be found matching name: %s' % inventory_filter_name)
# Get existing interface config intent if exists
current_intents = tet_module.run_method(
method_name='get',
target=TETRATION_API_INTERFACE_INTENTS
)
current_intents = list(current_intents['intents']) if current_intents else []
for idx, intent in enumerate(current_intents):
if intent['vrf_id'] == vrf_id:
target_object_index = idx
if intent['inventory_filter_id'] != inventory_filter_id:
result['changed'] = True
break
# =========================================================================
# Now enforce the desired state (present, absent, query)
# ---------------------------------
# STATE == 'present'
# ---------------------------------
if state == 'present':
# if the object does not exist at all, create it
new_object = dict(
vrf_id=vrf_id,
inventory_filter_id=inventory_filter_id,
)
if not (target_object_index >= 0) or result['changed']:
if not result['changed']:
result['changed'] = True
current_intents.append(new_object)
else:
current_intents[target_object_index] = new_object
if not module.check_mode:
post_result = tet_module.run_method(
method_name='post',
target=TETRATION_API_INTERFACE_INTENTS,
req_payload=dict(intents=current_intents),
)
result['object'] = tet_module.run_method(
method_name='get',
target=TETRATION_API_INTERFACE_INTENTS
)
else:
filter_object = tet_module.get_object(
target = TETRATION_API_INVENTORY_FILTER,
filter = dict(id=inventory_filter_id)
)
vrf_object = tet_module.get_object(
target = TETRATION_API_TENANT,
filter = dict(id=vrf_id)
)
current_intents[-1]['inventory_filter'] = filter_object
current_intents[-1]['vrf_name'] = vrf_object['name']
result['object'] = current_intents
# if the object does exist, check to see if any part of it should be
# changed
else:
result['changed'] = False
result['object'] = current_intents
# ---------------------------------
# STATE == 'absent'
# ---------------------------------
elif state == 'absent':
if target_object_index >= 0 and not result['changed']:
result['changed'] = True
del current_intents[target_object_index]
if not module.check_mode:
post_result = tet_module.run_method(
method_name='post',
target=TETRATION_API_INTERFACE_INTENTS,
req_payload=dict(intents=current_intents),
)
result['object'] = current_intents
elif result['changed']:
module.fail_json(msg='Inventory filter id %s does not match current filter associated with vrf %s config intent' % (inventory_filter_id, vrf_id))
else:
result['object'] = current_intents
# ---------------------------------
# STATE == 'query'
# ---------------------------------
elif state == 'query':
# we already retrieved the current state of the object, so there is no
# need to do it again
if query_type == 'single':
result['object'] = current_intents[target_object_index] if target_object_index >= 0 else None
else:
result['object'] = current_intents
# Return result
module.exit_json(**result)
def main():
''' Main entry point for module execution
'''
# Module specific spec
tetration_spec = dict(name=dict(type='str',
required=False,
aliases=['tenant']),
ip=dict(type='str', required=False),
annotations=dict(type='dict'),
columns=dict(type='list', required=False))
# Common spec for tetration modules
argument_spec = dict(
provider=dict(required=True),
state=dict(default='present',
choices=['present', 'absent', 'query', 'delete_columns']))
# Combine specs and include provider parameter
argument_spec.update(tetration_spec)
argument_spec.update(TetrationApiModule.provider_spec)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
required_if=[
['state', 'present', ['annotations', 'name', 'ip']],
['state', 'absent', ['name', 'ip']],
['state', 'query', ['name', 'ip']],
['state', 'delete_columns', ['name', 'columns']],
])
# These are all elements we put in our return JSON object for clarity
tet_module = TetrationApiModule(module)
result = dict(
changed=False,
object=None,
)
name = module.params.get('name')
ip = module.params.get('ip')
annotations = module.params.get('annotations')
columns = module.params.get('columns')
# Throw error if state is absent and annotations passed
if module.params[
'state'] in 'absent' and 'annotations' in module.params and module.params[
'annotations']:
module.fail_json(
msg=
'annotations cannot be passed for state absent because all annotations are cleared'
)
# =========================================================================
# Get current state of the object
query_result = tet_module.run_method(
'get',
target='%s/%s' % (TETRATION_API_INVENTORY_TAG, module.params['name']),
params=dict(ip=module.params['ip']),
)
annotations = query_result if query_result else None
# ---------------------------------
# STATE == 'present'
# ---------------------------------
if module.params['state'] in 'present':
result['changed'] = tet_module.filter_object(
module.params['annotations'], annotations)
if not result['changed']:
result['object'] = annotations
module.exit_json(**result)
if not module.check_mode:
tet_module.run_method(
'post',
target='%s/%s' %
(TETRATION_API_INVENTORY_TAG, module.params['name']),
req_payload=dict(ip=module.params['ip'],
attributes=module.params['annotations']))
if annotations:
annotations.update(module.params['annotations'])
else:
annotations = module.params['annotations']
result['object'] = annotations
module.exit_json(**result)
# ---------------------------------
# STATE == 'absent'
# ---------------------------------
elif module.params['state'] in 'absent':
result['changed'] = True if annotations else False
if not result['changed']:
module.exit_json(**result)
else:
if not module.check_mode:
tet_module.run_method(
'delete',
target='%s/%s' %
(TETRATION_API_INVENTORY_TAG, module.params['name']),
req_payload=dict(ip=module.params['ip']))
module.exit_json(**result)
# ---------------------------------
# STATE == 'query'
# ---------------------------------
elif module.params['state'] == 'query':
if annotations:
result['object'] = annotations
module.exit_json(**result)
# ---------------------------------
# STATE == 'delete_columns'
# ---------------------------------
elif module.params['state'] == 'delete_columns':
for column in columns:
tet_module.run_method(
'delete',
target='%s/%s/%s' % (TETRATION_COLUMN_NAMES, name, column),
)
module.exit_json(**result)
def main():
tetration_spec = dict(
application_id=dict(type='str', required=True),
version=dict(type='str', required=False, default=None),
)
argument_spec = dict(provider=dict(required=True),
state=dict(required=True,
choices=['enabled', 'disabled']))
argument_spec.update(tetration_spec)
argument_spec.update(TetrationApiModule.provider_spec)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
tet_module = TetrationApiModule(module)
# These are all elements we put in our return JSON object for clarity
result = dict(
changed=False,
object=None,
)
application_id = module.params['application_id']
version = module.params['version']
state = module.params['state']
check_mode = module.check_mode
# =========================================================================
# Get current state of the object
existing_app = tet_module.run_method(
method_name='get',
target='%s/%s' % (TETRATION_API_APPLICATIONS, application_id))
if not existing_app:
module.fail_json(msg='Unable to find application with id: %s' %
application_id)
# ---------------------------------
# STATE == 'enabled'
# ---------------------------------
if state == 'enabled':
result['changed'] = not existing_app['enforcement_enabled'] or (
version and existing_app['enforced_version'] != version)
if result['changed']:
if not check_mode:
new_object = dict(application_id=application_id)
if version:
new_object['version'] = version
tet_module.run_method(
method_name='post',
target='%s/%s/enable_enforce' %
(TETRATION_API_APPLICATIONS, application_id),
req_payload=new_object)
existing_app['enforced_version'] = version if version else "latest"
existing_app['enforcement_enabled'] = True
result['object'] = existing_app
# ---------------------------------
# STATE == 'disabled'
# ---------------------------------
elif state == 'disabled':
result['changed'] = existing_app['enforcement_enabled']
if result['changed']:
if not check_mode:
tet_module.run_method(
method_name='post',
target='%s/%s/disable_enforce' %
(TETRATION_API_APPLICATIONS, application_id))
existing_app['enforcement_enabled'] = False
result['object'] = existing_app
# Return result
module.exit_json(**result)
def main():
tetration_spec = dict(
app_name=dict(type='str', required=False),
app_id=dict(type='str', required=False),
app_scope_name=dict(type='str', required=False),
app_scope_id=dict(type='str', required=False),
consumer_filter_id=dict(type='str', required=False),
consumer_filter_name=dict(type='str', required=False),
provider_filter_id=dict(type='str', required=False),
provider_filter_name=dict(type='str', required=False),
version=dict(type='str', required=False),
rank=dict(type='str',
required=False,
choices=['DEFAULT', 'ABSOLUTE', 'CATCHALL']),
policy_action=dict(type='str',
required=False,
choices=['ALLOW', 'DENY']),
priority=dict(type='int', required=False),
)
argument_spec = dict(provider=dict(required=True),
state=dict(required=True,
choices=['present', 'absent', 'query']))
argument_spec.update(tetration_spec)
argument_spec.update(TetrationApiModule.provider_spec)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
mutually_exclusive=[['app_name', 'app_id'],
['app_scope_name', 'app_scope_id'],
['consumer_filter_id', 'consumer_filter_name'],
['provider_filter_id', 'provider_filter_name']],
required_one_of=[
['app_name', 'app_id'],
['app_scope_name', 'app_scope_id', 'app_id'],
],
required_if=[[
'state', 'present', ['version', 'rank', 'policy_action']
]])
tet_module = TetrationApiModule(module)
# These are all elements we put in our return JSON object for clarity
result = dict(
changed=False,
object=None,
)
state = module.params['state']
app_name = module.params['app_name']
app_id = module.params['app_id']
app_scope_name = module.params['app_scope_name']
app_scope_id = module.params['app_scope_id']
consumer_filter_id = module.params['consumer_filter_id']
consumer_filter_name = module.params['consumer_filter_name']
provider_filter_id = module.params['provider_filter_id']
provider_filter_name = module.params['provider_filter_name']
version = module.params['version']
rank = module.params['rank']
policy_action = module.params['policy_action']
priority = module.params['priority']
existing_app_scope = None
existing_app = None
existing_policy = None
app_scopes = None
if state == 'present' and rank != 'CATCHALL':
missing_properties = []
for parameters in (['consumer_filter_id', 'consumer_filter_name'],
['provider_filter_id',
'provider_filter_name'], ['priority']):
pass_flag = False
for parameter in parameters:
if module.params[parameter]:
pass_flag = True
if not pass_flag:
if len(parameters) == 1:
missing_properties.append(parameters)
else:
missing_properties.append(" or ".join(parameters))
if missing_properties:
module.fail_json(
msg='The following missing parameters are required: %s' %
','.join(missing_properties))
elif state == 'absent' and rank == 'CATCHALL':
module.fail_json(
msg=
'State `absent` is not supported for the catchall policy. Use `present` and set the desired `policy_action`'
)
# elif state == 'present' and rank == 'CATCHALL':
# invalid_properties = [ parameter for parameter in ['consumer_filter_id', 'provider_filter_id', 'priority'] if module.params[parameter] ]
# if invalid_properties:
# module.fail_json(msg='The following parameters are not allowed with rank `CATCHALL`: %s' % ','.join(invalid_properties))
# =========================================================================
# Get current state of the object
if app_scope_id:
existing_app_scope = tet_module.run_method(
method_name='get',
target='%s/%s' % (TETRATION_API_SCOPES, app_scope_id))
if not existing_app_scope:
module.fail_json(
msg='Unable to find existing app scope with id: %s' %
app_scope_id)
elif not app_scope_id:
existing_app_scope = tet_module.get_object(
target=TETRATION_API_SCOPES, filter=dict(name=app_scope_name))
if not existing_app_scope:
module.fail_json(
msg='Unable to find existing app scope named: %s' %
app_scope_name)
if app_id:
existing_app = tet_module.run_method(
method_name='get',
target='%s/%s' % (TETRATION_API_APPLICATIONS, app_id))
if not existing_app_scope:
module.fail_json(
msg='Unable to find existing application named: %s' % app_name)
elif not app_id:
existing_app = tet_module.get_object(
target=TETRATION_API_APPLICATIONS,
filter=dict(name=app_name, app_scope_id=existing_app_scope['id']))
if not existing_app:
module.fail_json(msg='Unable to find existing app with id: %s' %
app_id)
if rank != 'CATCHALL':
existing_policies = tet_module.run_method(
method_name='get',
target='%s/%s/%s' % (TETRATION_API_APPLICATIONS,
existing_app['id'], 'absolute_policies' if
rank == 'ABSOLUTE' else 'default_policies'),
)
if existing_policies:
for policy in existing_policies:
if policy['version'] != version:
continue
consumer_flag = False
provider_flag = False
if consumer_filter_id:
consumer_flag = consumer_filter_id == policy[
'consumer_filter_id']
elif consumer_filter_name:
consumer_flag = consumer_filter_name == policy[
'consumer_filter']['name']
if consumer_flag:
consumer_filter_id = policy['consumer_filter_id']
if provider_filter_id:
provider_flag = provider_filter_id == policy[
'provider_filter_id']
elif provider_filter_name:
provider_flag = provider_filter_name == policy[
'provider_filter']['name']
if provider_flag:
provider_filter_id = policy['provider_filter_id']
if consumer_flag and provider_flag:
existing_policy = policy
break
else:
existing_policy = tet_module.run_method(
method_name='get',
target='%s/%s/catch_all' %
(TETRATION_API_APPLICATIONS, existing_app['id']),
)
if not existing_policy:
if not (consumer_filter_id and provider_filter_id):
app_clusters = tet_module.run_method(
method_name='get',
target='%s/%s/clusters' %
(TETRATION_API_APPLICATIONS, existing_app['id']))
if app_clusters:
for item in app_clusters:
consumer_filter_id = consumer_filter_id if consumer_filter_id else item[
'id'] if item['name'] == consumer_filter_name else None
provider_filter_id = provider_filter_id if provider_filter_id else item[
'id'] if item['name'] == provider_filter_name else None
if consumer_filter_id and provider_filter_id:
break
if not (consumer_filter_id and provider_filter_id):
app_scopes = tet_module.get_object(
target=TETRATION_API_SCOPES,
filter=dict(
root_app_scope_id=existing_app_scope['root_app_scope_id']),
allow_multiple=True)
scope_ids = [scope['id'] for scope in app_scopes]
inventory_filters = tet_module.run_method(
method_name='get',
target=TETRATION_API_INVENTORY_FILTER,
)
inventory_filters = [
valid_filter for valid_filter in inventory_filters
if valid_filter['app_scope_id'] in scope_ids
]
if inventory_filters:
for item in inventory_filters:
consumer_filter_id = consumer_filter_id if consumer_filter_id else item[
'id'] if item['name'] == consumer_filter_name else None
provider_filter_id = provider_filter_id if provider_filter_id else item[
'id'] if item['name'] == provider_filter_name else None
if consumer_filter_id and provider_filter_id:
break
if not (consumer_filter_id and provider_filter_id):
if app_scopes:
for item in app_scopes:
consumer_filter_id = consumer_filter_id if consumer_filter_id else item[
'id'] if item['name'] == consumer_filter_name else None
provider_filter_id = provider_filter_id if provider_filter_id else item[
'id'] if item['name'] == provider_filter_name else None
if consumer_filter_id and provider_filter_id:
break
if not (consumer_filter_id and provider_filter_id):
if consumer_filter_id and not provider_filter_id:
module.fail_json(
msg='Failed to resolve provider_filter_id: %s' %
provider_filter_id)
elif provider_filter_id and not consumer_filter_id:
module.fail_json(
msg='Failed to resolve consumer_filter_id: %s' %
consumer_filter_id)
else:
module.fail_json(
msg=
'Failed to resolve consumer_filter_id: %s and provider_filter_id: %s'
% (consumer_filter_id, provider_filter_id))
# =========================================================================
# Now enforce the desired state (present, absent, query)
# ---------------------------------
# STATE == 'present'
# ---------------------------------
if state == 'present':
# if the object does not exist at all, create it
if rank != 'CATCHALL':
new_object = dict(consumer_filter_id=consumer_filter_id,
provider_filter_id=provider_filter_id,
version=version,
rank=rank,
action=policy_action,
priority=priority)
else:
new_object = dict(version=version,
rank='CATCH_ALL',
action=policy_action)
if existing_policy:
new_object['id'] = existing_policy['id']
result['changed'] = tet_module.filter_object(new_object,
existing_policy,
check_only=True)
if result['changed']:
if not module.check_mode:
if rank != 'CATCHALL':
tet_module.run_method(
method_name='put',
target='%s/%s' %
(TETRATION_API_APPLICATION_POLICIES,
existing_policy['id']),
req_payload=dict(
consumer_filter_id=consumer_filter_id,
provider_filter_id=provider_filter_id,
rank=rank,
policy_action=policy_action,
priority=priority))
else:
tet_module.run_method(
method_name='put',
target='%s/%s/catch_all' %
(TETRATION_API_APPLICATIONS, existing_app['id']),
req_payload=dict(policy_action=policy_action,
version=version))
else:
result['object'] = new_object
else:
if not module.check_mode:
if rank != 'CATCHALL':
policy_object = tet_module.run_method(
method_name='post',
target='%s/%s/%s' %
(TETRATION_API_APPLICATIONS, existing_app['id'],
'absolute_policies'
if rank == 'ABSOLUTE' else 'default_policies'),
req_payload=dict(consumer_filter_id=consumer_filter_id,
provider_filter_id=provider_filter_id,
version=version,
rank=rank,
policy_action=policy_action,
priority=priority))
existing_policy = dict(id=policy_object['id'])
else:
policy_object = tet_module.run_method(
method_name='post',
target='%s/%s/%s' %
(TETRATION_API_APPLICATIONS, existing_app['id'],
'absolute_policies'
if rank == 'ABSOLUTE' else 'default_policies'),
req_payload=new_object)
existing_policy = dict(id=policy_object['id'])
result['changed'] = True
# if the object does exist, check to see if any part of it should be
# changed
if result['changed']:
if not module.check_mode:
result['object'] = tet_module.run_method(
method_name='get',
target='%s/%s' % (TETRATION_API_APPLICATION_POLICIES,
existing_policy['id']))
else:
result['object'] = new_object
else:
result['changed'] = False
result['object'] = existing_policy
# ---------------------------------
# STATE == 'absent'
# ---------------------------------
elif state == 'absent':
if existing_policy:
result['changed'] = True
if not module.check_mode:
tet_module.run_method(method_name='delete',
target='%s/%s' %
(TETRATION_API_APPLICATION_POLICIES,
existing_policy['id']))
# ---------------------------------
# STATE == 'query'
# ---------------------------------
elif state == 'query':
result['object'] = existing_policy
# Return result
module.exit_json(**result)
def main():
''' Main entry point for module execution
'''
#
# Module specific spec
tetration_spec = dict(
scope_id=dict(type='str', required=False),
scope_name=dict(type='str', required=False),
parent_app_scope_id=dict(type='str', required=False),
short_name=dict(type='str', required=False),
description=dict(type='str', required=False),
short_query=dict(type='dict', required=False),
policy_priority=dict(type='int', required=False),
query_type=dict(type='str',
required=False,
choices=['single', 'tenant', 'sub-scope'],
default='single'),
)
# Common spec for tetration modules
argument_spec = dict(provider=dict(required=True),
state=dict(
default='present',
choices=['present', 'absent', 'query'],
))
# Combine specs and include provider parameter
argument_spec.update(tetration_spec)
argument_spec.update(TetrationApiModule.provider_spec)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
required_one_of=[['parent_app_scope_id', 'scope_name', 'scope_id']],
mutually_exclusive=[['parent_app_scope_id', 'scope_name', 'scope_id']])
# These are all elements we put in our return JSON object for clarity
tet_module = TetrationApiModule(module)
result = dict(
changed=False,
object=None,
)
state = module.params['state']
check_mode = module.check_mode
scope_id = module.params['scope_id']
scope_name = module.params['scope_name']
parent_app_scope_id = module.params['parent_app_scope_id']
short_name = module.params['short_name']
description = module.params['description']
short_query = module.params['short_query']
policy_priority = module.params['policy_priority']
query_type = module.params['query_type']
parent_scope = None
existing_scope = None
# =========================================================================
# Get current state of the object
app_scopes = tet_module.run_method(method_name='get',
target=TETRATION_API_SCOPES)
if scope_id:
existing_scope = tet_module.get_object(search_array=app_scopes,
filter=dict(id=scope_id))
elif scope_name:
existing_scope = tet_module.get_object(search_array=app_scopes,
filter=dict(name=scope_name))
if existing_scope:
short_name = existing_scope['short_name']
else:
existing_scope = tet_module.get_object(
search_array=app_scopes,
filter=dict(parent_app_scope_id=parent_app_scope_id,
short_name=short_name))
if not existing_scope:
if parent_app_scope_id:
parent_scope = tet_module.get_object(
search_array=app_scopes, filter=dict(id=parent_app_scope_id))
else:
parent_scope_name = ':'.join(scope_name.split(':')[:-1])
parent_scope = tet_module.get_object(
search_array=app_scopes, filter=dict(name=parent_scope_name))
parent_app_scope_id = parent_scope['id']
if scope_name and not short_name:
short_name = scope_name.split(':')[-1]
else:
if (existing_scope['parent_app_scope_id']):
parent_scope = tet_module.get_object(
search_array=app_scopes,
filter=dict(id=existing_scope['parent_app_scope_id']))
parent_app_scope_id = parent_scope['id']
else:
parent_app_scope_id = existing_scope['id']
if not parent_scope and existing_scope['id'] != existing_scope[
'root_app_scope_id']:
if parent_app_scope_id:
module.fail_json(msg='Unable to find parent scope for id: %s' %
parent_app_scope_id)
else:
parent_scope_name = ':'.join(scope_name.split(':')[:-1])
module.fail_json(msg='Unable to find parent scope with name: %s' %
parent_scope_name)
# ---------------------------------
# STATE == 'present'
# ---------------------------------
if state == 'present':
if existing_scope:
new_object = dict()
for (k, v) in existing_scope.iteritems():
if module.params.get(k) and v != module.params.get(k):
new_object[k] = module.params.get(k)
else:
new_object[k] = v
else:
new_object = dict(short_name=short_name,
description=description,
short_query=short_query,
parent_app_scope_id=parent_app_scope_id,
policy_priority=policy_priority)
if not existing_scope:
if not check_mode:
result['object'] = tet_module.run_method(
method_name='post',
target=TETRATION_API_SCOPES,
req_payload=new_object)
else:
result['object'] = new_object
result['changed'] = True
else:
del new_object['parent_app_scope_id']
del new_object['policy_priority']
result['changed'] = tet_module.filter_object(new_object,
existing_scope,
check_only=True)
if result['changed']:
if not check_mode:
tet_module.run_method(
method_name='put',
target='%s/%s' %
(TETRATION_API_SCOPES, existing_scope['id']),
req_payload=new_object)
else:
result['object'] = new_object
if existing_scope and result['changed'] and not check_mode:
result['object'] = tet_module.run_method(
method_name='get',
target='%s/%s' % (TETRATION_API_SCOPES, existing_scope['id']))
elif result['changed'] and not check_mode:
if not scope_name:
scope_name = '%s:%s' % (parent_scope['name'], short_name)
existing_app_scope = tet_module.get_object(
target=TETRATION_API_SCOPES, filter=dict(name=scope_name))
else:
result['object'] = existing_scope
# ---------------------------------
# STATE == 'absent'
# ---------------------------------
elif state == 'absent':
if existing_scope:
if not check_mode:
tet_module.run_method(
method_name='delete',
target='%s/%s' %
(TETRATION_API_SCOPES, existing_scope['id']))
result['changed'] = True
# ---------------------------------
# STATE == 'query'
# ---------------------------------
else:
if existing_scope:
if query_type == 'tenant':
if existing_scope['id'] == existing_scope['root_app_scope_id']:
tenant_scopes = tet_module.get_object(
search_array=app_scopes,
filter=dict(root_app_scope_id=existing_scope['id']),
allow_multiple=True)
tenant_scopes.sort(
key=lambda x: len(str(x['name']).split(':')))
result['object'] = tenant_scopes
else:
module.fail_json(msg='Scope name: %s is not a root scope' %
existing_scope['short_name'])
elif query_type == 'sub-scope':
tenant_scopes = tet_module.get_object(
search_array=app_scopes,
filter=dict(
root_app_scope_id=existing_scope['root_app_scope_id']),
allow_multiple=True)
target_scopes = [
s for s in tenant_scopes
if s['name'].startswith(existing_scope['name'])
]
target_scopes.sort(
key=lambda x: len(str(x['name']).split(':')))
result['object'] = target_scopes
else:
result['object'] = existing_scope
else:
module.fail_json(msg='Specified scope could not be found')
module.exit_json(**result)
def main():
tetration_spec = dict(
src_subnet=dict(type='str', required=False),
src_port_range_start=dict(type='int', required=False),
src_port_range_end=dict(type='int', required=False),
vrf_name=dict(type='str', required=False),
vrf_id=dict(type='int', required=False),
nat_config_id=dict(type='str', required=False),
)
argument_spec = dict(provider=dict(required=True),
state=dict(required=True,
choices=['present', 'absent', 'query']))
argument_spec.update(tetration_spec)
argument_spec.update(TetrationApiModule.provider_spec)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
required_if=[
[
'state', 'present',
['src_subnet', 'src_port_range_start', 'src_port_range_end']
],
[
'state', 'query',
['src_subnet', 'src_port_range_start', 'src_port_range_end']
],
],
required_one_of=[
['vrf_name', 'vrf_id', 'nat_config_id'],
],
mutually_exclusive=[
['vrf_name', 'vrf_id', 'nat_config_id'],
])
tet_module = TetrationApiModule(module)
# These are all elements we put in our return JSON object for clarity
result = dict(
changed=False,
api_version=module.params['provider']['api_version'],
tetration=module.params['provider']['server_endpoint'],
object=None,
)
state = module.params['state']
src_subnet = module.params['src_subnet']
src_port_range_start = module.params['src_port_range_start']
src_port_range_end = module.params['src_port_range_end']
vrf_name = module.params['vrf_name']
vrf_id = module.params['vrf_id']
nat_config_id = module.params['nat_config_id']
# Check if valid parameters are passed for absent state
if state == 'absent' and not nat_config_id and not (
vrf_id or vrf_name) and not (src_subnet and src_port_range_end
and src_port_range_start):
module.fail_json(
msg=
'Either a valid nat config id or vrf, src_subnet, src_port_range_start, and src_port_range_end is required for state \'absent\''
)
# =========================================================================
# Get current state of the object
# Get existing nat config by nat config id if passed
if nat_config_id:
existing_object = tet_module.get_object(
target=TETRATION_API_AGENT_NAT_CONFIG,
filter=dict(id=nat_config_id),
sub_element='results')
result['object'] = existing_object
# Get existing nat config by vrf id if passed
elif vrf_id:
existing_object = tet_module.get_object(
target=TETRATION_API_AGENT_NAT_CONFIG,
filter=dict(vrf_id=vrf_id,
src_subnet=src_subnet,
src_port_range_start=src_port_range_start,
src_port_range_end=src_port_range_end),
sub_element='results')
result['object'] = existing_object
# Get existing nat config by name if passed
else:
existing_object = tet_module.get_object(target=TETRATION_API_TENANT,
filter=dict(name=vrf_name))
if not existing_object:
module.fail_json(
msg='A vrf could not be found matching vrf name: %s' %
vrf_name)
else:
vrf_id = existing_object['id']
existing_object = tet_module.get_object(
target=TETRATION_API_AGENT_NAT_CONFIG,
filter=dict(vrf_id=vrf_id,
src_subnet=src_subnet,
src_port_range_start=src_port_range_start,
src_port_range_end=src_port_range_end),
sub_element='results')
result['object'] = existing_object
# =========================================================================
# Now enforce the desired state (present, absent, query)
# ---------------------------------
# STATE == 'present'
# ---------------------------------
if state == 'present':
# if the object does not exist at all, create it
new_object = dict(src_subnet=src_subnet,
src_port_range_start=src_port_range_start,
src_port_range_end=src_port_range_end,
vrf_id=vrf_id)
if not bool(existing_object):
result['changed'] = True
if not module.check_mode:
post_result = tet_module.run_method(
method_name='post',
target=TETRATION_API_AGENT_NAT_CONFIG,
req_payload=new_object,
)
result['object'] = post_result
else:
result['object'] = new_object
# if the object does exist, check to see if any part of it should be
# changed
else:
result['changed'] = False
result['object'] = existing_object
# ---------------------------------
# STATE == 'absent'
# ---------------------------------
elif state == 'absent':
if not existing_object:
result['changed'] = False
else:
if not module.check_mode:
tet_module.run_method(
method_name='delete',
target='%s/%s' %
(TETRATION_API_AGENT_NAT_CONFIG, existing_object['id']))
result['changed'] = True
result['object'] = None
# ---------------------------------
# STATE == 'query'
# ---------------------------------
elif state == 'query':
result['object'] = existing_object
# Return result
module.exit_json(**result)
def main():
tetration_spec=dict(
name=dict(type='str', required=False),
description=dict(type='str', required=False),
app_scope_id=dict(type='str', required=False, default=""),
id=dict(type='str', required=False),
capability_appscope=dict(type='str', required=False),
capability_ability=dict(type='str', required=False,
choices=['read', 'write', 'execute', 'developer', 'enforce', 'owner'])
)
argument_spec = dict(
provider=dict(required=True),
state=dict(required=True, choices=['present', 'absent', 'query'])
)
argument_spec.update(tetration_spec)
argument_spec.update(TetrationApiModule.provider_spec)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
required_one_of=[ ['name', 'id'] ],
required_together=[ ['capability_appscope', 'capability_ability'] ],
)
tet_module = TetrationApiModule(module)
# These are all elements we put in our return JSON object for clarity
result = dict(
failed=False,
object=None,
)
CAPABILITIES = {
'read': 'SCOPE_READ',
'write': 'SCOPE_WRITE',
'execute': 'EXECUTE',
'developer': 'DEVELOPER',
'enforce': 'ENFORCE',
'owner': 'SCOPE_OWNER',
}
state = module.params['state']
scope = module.params['app_scope_id']
name = module.params['name']
description = module.params['description']
id = module.params['id']
# =========================================================================
# Get current state of the object
# The first thing we have to do is get the object.
existing_object = dict()
# if the user specified an ID, search for that ID
if id is not None:
# First ensure the ID exists to avoid errors in update and delete.
# Without this step, both the GET and DELETE operations would fail
# attempting to operate on an invalid ID.
existing_object = tet_module.get_object(
target = TETRATION_API_ROLE,
filter = dict(id=id),
)
# if it exists, then perform a GET on that ID to get the full details
if existing_object:
existing_object = tet_module.run_method(
method_name='get',
target='%s/%s' % (TETRATION_API_ROLE, id),
)
# if it doesn't exist, and the state=present, that is an error
elif state == 'present':
error_message = (
'The ID specified does not exist. To create a new object, do '
'not specify an ID as Tetration will assign one to every new '
'object.'
)
module.fail_json(msg=error_message)
# if the user specified a name, search for that name
elif name is not None:
# name alone is not unique, but name and app_scope_id is unique
existing_object = tet_module.get_object(
target = TETRATION_API_ROLE,
filter = dict(name=name, app_scope_id=scope),
)
# need to get the full object, complete with its capabilties
if existing_object is not None:
id = existing_object['id']
existing_object = tet_module.run_method(
method_name='get',
target='%s/%s' % (TETRATION_API_ROLE, id),
)
# =========================================================================
# Now enforce the desired state (present, absent, query)
# at this point in the code, there will be one object stored in the
# variable named existing_object
changed = False
# ---------------------------------
# STATE == 'present'
# ---------------------------------
if state == 'present':
new_object = dict()
if description is not None:
new_object['description'] = description
if name is not None:
new_object['name'] = name
# if the object does not exist at all, create it
if not existing_object:
changed = True
if scope != "":
new_object['app_scope_id'] = scope
if not module.check_mode:
query_result = tet_module.run_method(
method_name='post',
target=TETRATION_API_ROLE,
req_payload=new_object,
)
id = query_result['id']
# if the object does exist, check to see if any part of it should be
# changed
else:
# if the name or description don't match, update the role
if (name is not None and existing_object['name'] != name) or (description is not None and existing_object['description'] != description):
changed = True
if not module.check_mode:
tet_module.run_method(
method_name='put',
target='%s/%s' % (TETRATION_API_ROLE, id),
req_payload=new_object,
)
# now we need to see if we should add the capabilities specified
if module.params['capability_ability'] is not None:
my_ability = CAPABILITIES[module.params['capability_ability']]
my_scope = module.params['capability_appscope']
if existing_object and 'capabilities' in existing_object:
t = [ (obj['ability'], obj['app_scope_id']) for obj in existing_object['capabilities'] ]
else:
t = []
if (my_ability, my_scope) not in t:
changed = True
if not module.check_mode:
req_payload = { "app_scope_id": my_scope, "ability": my_ability }
tet_module.run_method(
method_name='post',
target='%s/%s/capabilities' % (TETRATION_API_ROLE, id),
req_payload=req_payload,
)
# decide what value to return
if not changed:
result['object'] = existing_object
elif module.check_mode:
result['object'] = new_object
else:
# retrieve the current state of the object
query_result = tet_module.run_method(
method_name='get',
target='%s/%s' % (TETRATION_API_ROLE, id)
)
result['object'] = query_result
# ---------------------------------
# STATE == 'absent'
# ---------------------------------
elif state == 'absent':
# if existing_object is a non-empty dictionary, that means there is
# something to delete; if it's empty then there is nothing to do
if bool(existing_object):
changed = True
if not module.check_mode:
tet_module.run_method(
method_name='delete',
target='%s/%s' % (TETRATION_API_ROLE, id)
)
# ---------------------------------
# STATE == 'query'
# ---------------------------------
elif state == 'query':
# we already retrieved the current state of the object, so there is no
# need to do it again
result['object'] = existing_object
module.exit_json(changed=changed, **result)
def main():
tetration_spec = dict(
app_id=dict(type='str', required=False),
app_scope_id=dict(type='str', required=False),
policy_id=dict(type='str', required=True),
version=dict(type='str', required=True),
start_port=dict(type='int', required=False),
end_port=dict(type='int', required=False),
proto_id=dict(type='int', required=False),
proto_name=dict(type='str', required=False),
)
argument_spec = dict(provider=dict(required=True),
state=dict(required=True,
choices=['present', 'absent', 'query']))
argument_spec.update(tetration_spec)
argument_spec.update(TetrationApiModule.provider_spec)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
tet_module = TetrationApiModule(module)
# These are all elements we put in our return JSON object for clarity
result = dict(
changed=False,
object=None,
)
state = module.params['state']
app_id = module.params['app_id']
app_scope_id = module.params['app_scope_id']
policy_id = module.params['policy_id']
version = module.params['version']
start_port = module.params['start_port']
end_port = module.params['end_port']
proto_id = module.params['proto_id']
proto_name = module.params['proto_name']
existing_app = None
existing_app_scope = None
existing_policy = None
existing_param = None
if state == 'present' and proto_name != 'ANY':
missing_properties = ''
for parameters in (['start_port'], ['end_port'],
['proto_id', 'proto_name']):
pass_flag = False
for parameter in parameters:
if module.params[parameter]:
pass_flag = True
if not pass_flag:
if len(parameters) == 1:
missing_properties = missing_properties + parameters[
0] + ', '
else:
missing_properties = missing_properties + " or ".join(
parameters) + ', '
if missing_properties:
module.fail_json(
msg='The following missing parameters are required: %s' %
missing_properties[:-2])
# =========================================================================
# Get current state of the object
existing_app_scope = tet_module.run_method(
method_name='get',
target='%s/%s' % (TETRATION_API_SCOPES, app_scope_id))
if not existing_app_scope:
module.fail_json(msg='Unable to find existing app scope with id: %s' %
app_scope_id)
existing_app = tet_module.run_method(method_name='get',
target='%s/%s' %
(TETRATION_API_APPLICATIONS, app_id))
if not existing_app:
module.fail_json(
msg='Unable to find existing application with id: %s' % app_id)
existing_policy = tet_module.run_method(
method_name='get',
target='%s/%s' % (TETRATION_API_APPLICATION_POLICIES, policy_id))
if not existing_policy:
module.fail_json(
msg='Unable to find existing application policy with id: %s' %
policy_id)
existing_params = existing_policy['l4_params']
for protocol in TETRATION_API_PROTOCOLS:
if proto_name:
if protocol['name'] == proto_name:
proto_id = protocol['value']
break
elif proto_id:
if protocol['value'] == proto_id:
proto_name = protocol['name']
break
if proto_id is None:
if proto_name:
module.fail_json(msg='Invalid Protocol name: %s' % proto_name)
else:
module.fail_json(msg='Invalid Protocol number: %s' % proto_id)
if existing_params:
for param in existing_params:
if not proto_id and not param['proto']:
existing_param = param
break
if param['proto'] == proto_id and param['port'][
0] == start_port and param['port'][0] == end_port:
existing_param = param
break
# =========================================================================
# Now enforce the desired state (present, absent, query)
# ---------------------------------
# STATE == 'present'
# ---------------------------------
if state == 'present':
# if the object does not exist at all, create it
new_object = dict(
version=version,
start_port=start_port if proto_name != 'ANY' else None,
end_port=end_port if proto_name != 'ANY' else None,
proto=proto_id if proto_name != 'ANY' else None)
if not existing_param:
if not module.check_mode:
param_object = tet_module.run_method(
method_name='post',
target='%s/%s/l4_params' %
(TETRATION_API_APPLICATION_POLICIES, policy_id),
req_payload=new_object)
new_object['id'] = param_object['id']
result['changed'] = True
result['object'] = param_object
else:
result['changed'] = False
result['object'] = existing_param
# ---------------------------------
# STATE == 'absent'
# ---------------------------------
elif state == 'absent':
if existing_param:
if not module.check_mode:
tet_module.run_method(method_name='delete',
target='%s/%s/l4_params/%s' %
(TETRATION_API_APPLICATION_POLICIES,
policy_id, existing_param['id']))
result['changed'] = True
# ---------------------------------
# STATE == 'query'
# ---------------------------------
elif state == 'query':
result['object'] = existing_param
# Return result
module.exit_json(**result)
def main():
tetration_spec = dict(app_name=dict(type='str', required=False),
app_id=dict(type='str', required=False),
app_scope_id=dict(type='str', required=False),
app_scope_name=dict(type='str', required=False),
description=dict(type='str', required=False),
alternate_query_mode=dict(type='bool',
required=False,
default=False),
strict_validation=dict(type='bool',
required=False,
default=False),
primary=dict(type='bool',
required=False,
default=True),
force=dict(type='bool',
required=False,
default=False),
query_type=dict(
type='str',
required=False,
choices=['single', 'scope', 'tenant'],
default='single'),
query_level=dict(type='str',
choices=['top', 'details'],
default='top'))
argument_spec = dict(provider=dict(required=True),
state=dict(required=True,
choices=['present', 'absent', 'query']))
argument_spec.update(tetration_spec)
argument_spec.update(TetrationApiModule.provider_spec)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
mutually_exclusive=[
['app_scope_name', 'app_scope_id'],
],
required_one_of=[
# ['app_name', 'app_id'],
['app_scope_name', 'app_scope_id'],
],
)
tet_module = TetrationApiModule(module)
# These are all elements we put in our return JSON object for clarity
result = dict(
changed=False,
object=None,
)
state = module.params['state']
app_name = module.params['app_name']
app_id = module.params['app_id']
app_scope_name = module.params['app_scope_name']
app_scope_id = module.params['app_scope_id']
description = module.params['description']
alternate_query_mode = module.params['alternate_query_mode']
strict_validation = module.params['strict_validation']
primary = module.params['primary']
force = module.params['force']
query_type = module.params['query_type']
query_level = module.params['query_level']
existing_app = None
existing_app_scope = None
# =========================================================================
# Get current state of the object
if app_scope_id:
existing_app_scope = tet_module.run_method(
method_name='get',
target='%s/%s' % (TETRATION_API_SCOPES, app_scope_id))
elif not app_scope_id:
existing_app_scope = tet_module.get_object(
target=TETRATION_API_SCOPES, filter=dict(name=app_scope_name))
if not existing_app_scope:
module.fail_json(msg='Unable to find existing app scope named: %s' %
app_scope_name)
if app_id:
existing_app = tet_module.run_method(
method_name='get',
target='%s/%s' % (TETRATION_API_APPLICATIONS, app_id))
elif not app_id:
existing_app = tet_module.get_object(
target=TETRATION_API_APPLICATIONS,
filter=dict(name=app_name, app_scope_id=existing_app_scope['id']))
# =========================================================================
# Now enforce the desired state (present, absent, query)
# ---------------------------------
# STATE == 'present'
# ---------------------------------
if state == 'present':
# if the object does not exist at all, create it
new_object = dict(
app_scope_id=existing_app_scope['id'],
name=app_name,
description=description,
alternate_query_mode=alternate_query_mode,
primary=primary,
)
if existing_app:
new_object['id'] = existing_app['id']
result['changed'] = tet_module.filter_object(new_object,
existing_app,
check_only=True)
if result['changed']:
if not module.check_mode:
del new_object['id']
tet_module.run_method(
method_name='put',
target='%s/%s' %
(TETRATION_API_APPLICATIONS, existing_app['id']),
req_payload=dict(name=app_name,
description=description,
primary=primary))
else:
result['object'] = new_object
else:
if not module.check_mode:
new_object['strict_validation'] = strict_validation,
app_object = tet_module.run_method(
method_name='post',
target=TETRATION_API_APPLICATIONS,
req_payload=new_object)
existing_app = dict(id=app_object['id'])
result['changed'] = True
# if the object does exist, check to see if any part of it should be
# changed
if result['changed']:
if not module.check_mode:
result['object'] = tet_module.run_method(
method_name='get',
target='%s/%s' %
(TETRATION_API_APPLICATIONS, existing_app['id']))
else:
result['object'] = new_object
else:
result['changed'] = False
result['object'] = existing_app
# ---------------------------------
# STATE == 'absent'
# ---------------------------------
elif state == 'absent':
if existing_app:
if existing_app['enforcement_enabled'] and not force:
module.fail_json(
msg=
'Cannot delete workspace with enforcement. Try disabling enforcement or use the force option'
)
elif existing_app['primary'] and not force:
module.fail_json(
msg=
'Cannot delete primary application. Try making application secondary or use the force option'
)
elif existing_app['primary'] and force:
if existing_app['enforcement_enabled']:
tet_module.run_method(
method_name='post',
target='%s/%s/disable_enforce' %
(TETRATION_API_APPLICATIONS, existing_app['id']))
sleep(10)
tet_module.run_method(
method_name='put',
target='%s/%s' %
(TETRATION_API_APPLICATIONS, existing_app['id']),
req_payload=dict(name=app_name,
description=description,
primary=False))
sleep(2)
result['changed'] = True
if not module.check_mode:
tet_module.run_method(
method_name='delete',
target='%s/%s' %
(TETRATION_API_APPLICATIONS, existing_app['id']))
# ---------------------------------
# STATE == 'query'
# ---------------------------------
elif state == 'query':
if query_type == 'tenant':
if existing_app_scope['id'] != existing_app_scope[
'root_app_scope_id']:
module.fail_json(
msg='query_type `tenant` is only allowed on root scopes')
app_scopes = tet_module.get_object(
target=TETRATION_API_SCOPES,
filter=dict(
root_app_scope_id=existing_app_scope['root_app_scope_id']),
allow_multiple=True)
scope_ids = [scope['id'] for scope in app_scopes]
applications = tet_module.run_method(
method_name='get', target=TETRATION_API_APPLICATIONS)
if applications:
applications = [
valid_item for valid_item in applications
if valid_item['app_scope_id'] in scope_ids
]
if query_level == 'details':
app_details = []
for application in applications:
app_details.append(
tet_module.run_method(
method_name='get',
target='%s/%s/details' %
(TETRATION_API_APPLICATIONS, application['id'])))
result['object'] = app_details
else:
result['object'] = applications if applications else []
elif query_type == 'scope':
applications = tet_module.run_method(
method_name='get',
target=TETRATION_API_APPLICATIONS,
)
if applications:
applications = [
valid_item for valid_item in applications
if valid_item['app_scope_id'] == existing_app_scope['id']
]
if query_level == 'details':
app_details = []
for application in applications:
app_details.append(
tet_module.run_method(
method_name='get',
target='%s/%s/details' %
(TETRATION_API_APPLICATIONS, application['id'])))
result['object'] = app_details
else:
result['object'] = applications if applications else []
else:
if query_level == 'details':
existin_app = []
app_details = tet_module.run_method(
method_name='get',
target='%s/%s/details' %
(TETRATION_API_APPLICATIONS, application['id']))
result['object'] = app_details
else:
result['object'] = existing_app
# Return result
module.exit_json(**result)
def main():
tetration_spec = dict(user_id=dict(type='str', required=False),
first_name=dict(type='str', required=False),
last_name=dict(type='str', required=False),
email=dict(type='str', required=True),
app_scope_id=dict(type='str', required=False),
app_scope_name=dict(type='str', required=False),
reuse_domain=dict(type='str',
required=False,
default=None))
argument_spec = dict(provider=dict(required=True),
state=dict(required=True,
choices=['present', 'absent', 'query']))
argument_spec.update(tetration_spec)
argument_spec.update(TetrationApiModule.provider_spec)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
mutually_exclusive=[['app_scope_id', 'app_scope_name']])
tet_module = TetrationApiModule(module)
# These are all elements we put in our return JSON object for clarity
result = dict(
failed=False,
object=None,
)
state = module.params['state']
email = module.params['email']
first_name = module.params['first_name']
last_name = module.params['last_name']
app_scope_id = module.params['app_scope_id']
app_scope_name = module.params['app_scope_name']
available_user_account = None
reuse_domain = module.params['reuse_domain']
user_id = module.params['user_id']
existing_user = None
# =========================================================================
# Get current state of the object
# The first thing we have to do is get the object.
if user_id:
existing_user = tet_module.run_method(method_name='get',
target='%s/%s' %
(TETRATION_API_USER, user_id))
if not existing_user:
module.fail_json(msg='Unable to find user with id: %s' % user_id)
disabled_user = False if existing_user['disabled_at'] is None else True
else:
all_users = tet_module.run_method(
method_name='get',
target='%s' % (TETRATION_API_USER),
params=dict(include_disabled='true'),
)
for obj in all_users:
if obj['email'] == email:
existing_user = obj
disabled_user = False if obj['disabled_at'] is None else True
break
elif not available_user_account and obj[
'disabled_at'] and reuse_domain and reuse_domain in obj[
'email']:
available_user_account = obj
# =========================================================================
# Now enforce the desired state (present, absent, query)
# at this point in the code, there will be one object stored in the
# variable named existing_user
changed = False
# ---------------------------------
# STATE == 'present'
# ---------------------------------
if state == 'present':
new_object = dict(email=email)
if first_name is not None:
new_object['first_name'] = first_name
if last_name is not None:
new_object['last_name'] = last_name
if app_scope_id is not None:
new_object['app_scope_id'] = app_scope_id
# if the object does not exist at all, create it
if not existing_user:
changed = True
# Get the app scope id if name is passed
if not app_scope_id and app_scope_name:
app_scope = tet_module.get_object(
target=TETRATION_API_SCOPES,
filter=dict(name=app_scope_name))
new_object[
'app_scope_id'] = None if app_scope is None else app_scope[
'id']
if not module.check_mode:
if available_user_account:
# Re-enable disabled account
tet_module.run_method(
method_name='post',
target='%s/%s/enable' %
(TETRATION_API_USER, available_user_account['id']),
req_payload=new_object)
# update disabled blank user account with new user details
tet_module.run_method(
method_name='put',
target='%s/%s' %
(TETRATION_API_USER, available_user_account['id']),
req_payload=new_object)
user_id = available_user_account['id']
else:
query_result = tet_module.run_method(
method_name='post',
target=TETRATION_API_USER,
req_payload=new_object,
)
user_id = query_result['id']
# if the object does exist, check to see if any part of it should be
# changed
else:
# if the user is inactive, then reactivate
user_id = user_id if user_id else existing_user['id']
if disabled_user:
changed = True
tet_module.run_method(
method_name='post',
target='%s/%s/enable' %
(TETRATION_API_USER, existing_user['id']),
)
# if email, name, or app_scope_id don't match, UPDATE!
update_needed = False
for k in ['email', 'first_name', 'last_name', 'app_scope_id']:
if module.params[k] is not None and existing_user[
k] != module.params[k]:
update_needed = True
if update_needed:
changed = True
if not module.check_mode:
tet_module.run_method(
method_name='put',
target='%s/%s' %
(TETRATION_API_USER, existing_user['id']),
req_payload=new_object,
)
# decide what value to return
if not changed:
result['object'] = existing_user
elif module.check_mode:
result['object'] = new_object
else:
# retrieve the current state of the object
query_result = tet_module.run_method(method_name='get',
target='%s/%s' %
(TETRATION_API_USER, user_id))
result['object'] = query_result
# ---------------------------------
# STATE == 'absent'
# ---------------------------------
elif state == 'absent':
# if existing_user is a non-empty dictionary, that means there is
# something to delete; if it's empty then there is nothing to do
if bool(existing_user) and not disabled_user:
changed = True
if not module.check_mode:
if reuse_domain:
# update disabled blank user account with new user details
tet_module.run_method(
method_name='put',
target='%s/%s' %
(TETRATION_API_USER, existing_user['id']),
req_payload=dict(email='%s@%s' %
(existing_user['id'], reuse_domain)))
result['object'] = dict(id=existing_user['id'])
tet_module.run_method(
method_name='delete',
target='%s/%s' % (TETRATION_API_USER, existing_user['id']))
result['object'] = existing_user
# ---------------------------------
# STATE == 'query'
# ---------------------------------
elif state == 'query':
# we already retrieved the current state of the object, so there is no
# need to do it again
result['object'] = existing_user
module.exit_json(changed=changed, **result)