def main(): module_args = oci_utils.get_common_arg_spec() module_args.update( dict(compartment_id=dict(type='str', required=False), policy_id=dict(type='str', required=False, aliases=['id']))) module = AnsibleModule(argument_spec=module_args, supports_check_mode=False, required_one_of=[['compartment_id', 'policy_id']]) if not HAS_OCI_PY_SDK: module.fail_json(msg='oci python sdk required for this module.') config = oci_utils.get_oci_config(module) identity_client = IdentityClient(config) policy_id = module.params['policy_id'] try: if policy_id is None: result = to_dict( oci_utils.list_all_resources( identity_client.list_policies, compartment_id=module.params['compartment_id'])) else: result = [to_dict(identity_client.get_policy(policy_id).data)] except ServiceError as ex: module.fail_json(msg=ex.message) module.exit_json(policies=result)
def get_regions_and_compartment(cls, secret_data): compartments = [] regions = [] tenancy = None secret_data.update( {"key_content": cls.private_key_content_pretreatment(secret_data)}) for default_region in DEFAULT_REGIONS: secret_data.update({'region': default_region}) try: identity = IdentityClient(secret_data) tenancy = identity.get_tenancy(secret_data["tenancy"]).data region_names = identity.list_region_subscriptions( tenancy.id).data regions = [str(es.region_name) for es in region_names] compartments = cls.identity_read_compartments( identity, tenancy, secret_data) except Exception as e: print( "[ERROR: Collector_Service] Error on get_regions_and_compartment: " + str(e.args)) pass else: break return regions, compartments, secret_data
def main(): module_args = oci_utils.get_taggable_arg_spec(supports_wait=True) module_args.update( dict(name=dict(type='str', required=False), user_id=dict(type='str', required=False, aliases=['id']), description=dict(type='str', required=False, default=''), user_groups=dict(type='list', required=False), blocked=dict(type='str', required=False, choices=['yes', 'no']), create_or_reset_ui_password=dict(type='bool', required=False, default=False), state=dict(type='str', required=False, default='present', choices=['present', 'absent']), purge_group_memberships=dict(type='bool', required=False, default=False), force=dict(type='bool', required=False, default=False))) module = AnsibleModule(argument_spec=module_args) if not HAS_OCI_PY_SDK: module.fail_json(msg='oci python sdk required for this module') oci_config = oci_utils.get_oci_config(module) identity_client = IdentityClient(oci_config) compartment_id = oci_config['tenancy'] module.params.update(dict({'compartment_id': compartment_id})) state = module.params['state'] if state == 'present': result = create_or_update_user(identity_client, module) elif state == 'absent': result = delete_user(identity_client, module) module.exit_json(**result)
def main(): module_args = oci_utils.get_common_arg_spec() module_args.update( dict(user_id=dict(type='str', required=True), customer_secret_key_id=dict(type='str', required=False, aliases=['id'], no_log=True))) module = AnsibleModule( argument_spec=module_args, supports_check_mode=False, ) if not HAS_OCI_PY_SDK: module.fail_json(msg='oci python sdk required for this module.') config = oci_utils.get_oci_config(module) identity_client = IdentityClient(config) user_id = module.params.get("user_id") id = module.params.get("customer_secret_key_id", None) result = list_customer_secret_keys(identity_client, user_id, id, module) module.exit_json(customer_secret_keys=result)
def main(): set_logger(oci_utils.get_logger("oci_customer_secret_key")) module_args = oci_utils.get_common_arg_spec(supports_create=True) module_args.update(dict( user_id=dict(type='str', required=True), customer_secret_key_id=dict(type='str', required=False, aliases=['id']), name=dict(type='str', required=False, aliases=['display_name']), state=dict(type='str', required=False, default='present', choices=['present', 'absent']) )) module = AnsibleModule( argument_spec=module_args, supports_check_mode=False, required_if=[('state', 'absent', ['customer_secret_key_id'])], ) if not HAS_OCI_PY_SDK: module.fail_json(msg='oci python sdk required for this module.') config = oci_utils.get_oci_config(module) identity_client = IdentityClient(config) state = module.params['state'] result = dict(changed=False) user_id = module.params.get("user_id", None) secret_key_id = module.params.get("customer_secret_key_id", None) name = module.params.get('name', None) get_logger().debug("Id is " + str(secret_key_id)) if secret_key_id is not None: secret_key = _get_customer_secret_key_from_id(identity_client, user_id, secret_key_id, module) if state == 'absent': get_logger().debug("Delete Customer Secret Key %s for user %s requested", secret_key_id, user_id) if secret_key is not None: get_logger().debug("Deleting %s", secret_key.id) result = delete_customer_secret_key(identity_client, user_id, secret_key_id, module) else: get_logger().debug("Customer secret key %s already deleted.", secret_key_id) elif state == 'present': if secret_key.display_name != name: result = update_customer_secret_key(identity_client, user_id, secret_key_id, name, module) else: # No change needed, return existing customer secret key details result[RESOURCE_NAME] = to_dict(secret_key) else: result = oci_utils.check_and_create_resource(resource_type=RESOURCE_NAME, create_fn=create_customer_secret_key, kwargs_create={"identity_client": identity_client, "user_id": user_id, "display_name": name, "module": module}, list_fn=identity_client.list_customer_secret_keys, kwargs_list={"user_id": user_id}, module=module, model=CreateCustomerSecretKeyDetails()) module.exit_json(**result)
def main(): module_args = oci_utils.get_taggable_arg_spec(supports_wait=True) module_args.update( dict(compartment_id=dict(type='str', required=False), description=dict(type='str', required=False), name=dict(type='str', required=False), policy_document=dict(type='str', required=False), policy_id=dict(type='str', required=False, aliases=['id']), state=dict(type='str', required=False, default='present', choices=['absent', 'present']), statements=dict(type='list', required=False), version_date=dict(type='datetime', required=False))) module = AnsibleModule( argument_spec=module_args, supports_check_mode=False, mutually_exclusive=[['policy_document', 'statements']], required_if=[['state', 'absent', ['policy_id']]]) if not HAS_OCI_PY_SDK: module.fail_json(msg='oci python sdk required for this module.') config = oci_utils.get_oci_config(module) identity_client = IdentityClient(config) state = module.params['state'] policy_id = module.params['policy_id'] exclude_attributes = {'version_date': True} if state == 'absent': result = delete_policy(identity_client, module) else: if policy_id is not None: result = update_policy(identity_client, module) else: result = oci_utils.check_and_create_resource( resource_type='policy', create_fn=create_policy, kwargs_create={ 'identity_client': identity_client, 'module': module }, list_fn=identity_client.list_policies, kwargs_list={ "compartment_id": module.params['compartment_id'] }, module=module, model=CreatePolicyDetails(), exclude_attributes=exclude_attributes) module.exit_json(**result)
def main(): module_args = oci_utils.get_common_arg_spec() module_args.update( dict(user_id=dict(type='str', required=False, aliases=['id']))) module = AnsibleModule(argument_spec=module_args) if not HAS_OCI_PY_SDK: module.fail_json(msg='oci python sdk required for this module') oci_config = oci_utils.get_oci_config(module) identity_client = IdentityClient(oci_config) compartment_id = oci_config['tenancy'] module.params.update(dict({'compartment_id': compartment_id})) result = list_users(identity_client, module) module.exit_json(users=result)
def main(): module_args = oci_utils.get_common_arg_spec() module = AnsibleModule( argument_spec=module_args, supports_check_mode=False, ) if not HAS_OCI_PY_SDK: module.fail_json(msg='oci python sdk required for this module.') config = oci_utils.get_oci_config(module) identity_client = IdentityClient(config) result = list_regions(identity_client, module) module.exit_json(regions=result)
def main(): module_args = oci_utils.get_taggable_arg_spec(supports_wait=True) module_args.update( dict(compartment_id=dict(type='str', required=True), name=dict(type='str', required=False), description=dict(type='str', required=False), state=dict(type='str', required=False, default='present', choices=['present']))) module = AnsibleModule(argument_spec=module_args, supports_check_mode=False) if not HAS_OCI_PY_SDK: module.fail_json(msg='oci python sdk required for this module.') config = oci_utils.get_oci_config(module) identity_client = IdentityClient(config) compartment_id = module.params['compartment_id'] tenancy = None try: tenancy = oci_utils.call_with_backoff(identity_client.get_tenancy, tenancy_id=compartment_id).data except ServiceError: pass # Check if the provided compartment_id is OCID of a tenancy(root compartment). If tenancy OCID is provided, it's # supposed to be a call to create compartment in the tenancy else it's a call to update compartment. if tenancy is not None: result = oci_utils.check_and_create_resource( resource_type='compartment', create_fn=create_compartment, kwargs_create={ 'identity_client': identity_client, 'module': module }, list_fn=identity_client.list_compartments, kwargs_list={"compartment_id": module.params['compartment_id']}, module=module, model=CreateCompartmentDetails()) else: result = update_compartment(identity_client, module) module.exit_json(**result)
def main(): module_args = oci_utils.get_common_arg_spec() module_args.update( dict(compartment_id=dict(type='str', required=True, aliases=['id']))) module = AnsibleModule( argument_spec=module_args, supports_check_mode=False, ) if not HAS_OCI_PY_SDK: module.fail_json(msg='oci python sdk required for this module.') config = oci_utils.get_oci_config(module) identity_client = IdentityClient(config) result = list_availability_domains(identity_client, module) module.exit_json(availability_domains=result)
def main(): module_args = oci_utils.get_common_arg_spec() module_args.update(dict(compartment_id=dict(type='str', required=True))) module = AnsibleModule(argument_spec=module_args, supports_check_mode=False) if not HAS_OCI_PY_SDK: module.fail_json(msg='oci python sdk required for this module.') config = oci_utils.get_oci_config(module) identity_client = IdentityClient(config) compartment_id = module.params['compartment_id'] tenancy = None try: tenancy = oci_utils.call_with_backoff(identity_client.get_tenancy, tenancy_id=compartment_id).data except ServiceError: pass # Check if the provided compartment_id is OCID of a tenancy(root compartment). If root compartment OCID is provided, # list all the compartments in the root compartment else retrieve information of the given compartment id. try: if tenancy is not None: result = to_dict( oci_utils.list_all_resources(identity_client.list_compartments, compartment_id=compartment_id)) else: result = [ to_dict( oci_utils.call_with_backoff( identity_client.get_compartment, compartment_id=compartment_id).data) ] except ServiceError as ex: module.fail_json(msg=ex.message) module.exit_json(compartments=result)
def main(): module_args = oci_utils.get_common_arg_spec() module_args.update( dict(tag_namespace_id=dict(type='str', required=True), tag_name=dict(type='str', required=False, aliases=['name']))) module = AnsibleModule( argument_spec=module_args, supports_check_mode=False, ) if not HAS_OCI_PY_SDK: module.fail_json(msg='oci python sdk required for this module.') config = oci_utils.get_oci_config(module) identity_client = IdentityClient(config) tag_namespace_id = module.params.get("tag_namespace_id") tag_name = module.params.get("tag_name", None) result = list_tags(identity_client, tag_namespace_id, tag_name, module) module.exit_json(tags=result)
def main(): set_logger(oci_utils.get_logger("oci_tag")) module_args = oci_utils.get_common_arg_spec() module_args.update( dict(tag_namespace_id=dict(type='str', required=True), tag_name=dict(type='str', required=True, aliases=['name']), description=dict(type='str', required=False), reactivate=dict(type='bool', required=False), state=dict(type='str', required=False, default='present', choices=['present', 'absent']))) module = AnsibleModule( argument_spec=module_args, supports_check_mode=False, ) if not HAS_OCI_PY_SDK: module.fail_json(msg='oci python sdk required for this module.') config = oci_utils.get_oci_config(module) identity_client = IdentityClient(config) state = module.params['state'] result = dict(changed=False) tag_namespace_id = module.params.get("tag_namespace_id", None) tag_name = module.params.get("tag_name", None) name = module.params.get('name', None) description = module.params.get('description', None) get_logger().debug("tag key definition name is " + str(tag_name)) tag = _get_tag_definition_from_id(identity_client, tag_namespace_id, tag_name) if state == 'absent': get_logger().debug("Retire tag key definition %s requested", tag_name) if tag is not None: retired = False if not tag.is_retired: get_logger().debug("Retiring %s", tag.id) tag, retired = update_tag_definition_state( identity_client, tag_namespace_id, tag_name, module, description=tag.description, is_retired=True) result['changed'] = retired result['tag'] = to_dict(tag) # if the Tag doesn't exist, it is already deleted and so we return the default dict with changed as False elif state == 'present': if tag is not None: desc_changed = False reactivated = False if tag.description != description: tag, desc_changed = update_tag_namespace_description( identity_client, tag_namespace_id, tag_name, description, module) reactivate = module.params.get('reactivate', None) if reactivate: get_logger().debug("Reactivate tag definition %s requested", tag_name) if tag.is_retired: tag, reactivated = update_tag_definition_state( identity_client, tag_namespace_id, tag_name, module, description=tag.description, is_retired=False) result['changed'] = desc_changed or reactivated result['tag'] = to_dict(tag) else: # Unlike other OCI resources, if a user has provided `tag_namespace_id` and `name`, and the Tag is not # present already, we will attempt to create the Tag. This is because there is no special way to # differentiate a "create" from a "update" through the absence of a "tag" "id" option for OCI Tags. # Therefore, also, oci_tag doesn't include oracle_creatable_resource documentation fragment and options. result = create_tag(identity_client, tag_namespace_id, name, description, module) module.exit_json(**result)
def main(): set_logger(oci_utils.get_logger("oci_swift_password")) module_args = oci_utils.get_common_arg_spec(supports_create=True) module_args.update( dict(user_id=dict(type='str', required=True), swift_password_id=dict(type='str', required=False, aliases=['id'], no_log=True), description=dict(type='str', required=False), state=dict(type='str', required=False, default='present', choices=['present', 'absent']))) module = AnsibleModule( argument_spec=module_args, supports_check_mode=False, required_if=[('state', 'absent', ['swift_password_id'])], ) if not HAS_OCI_PY_SDK: module.fail_json(msg='oci python sdk required for this module.') config = oci_utils.get_oci_config(module) identity_client = IdentityClient(config) state = module.params['state'] result = dict(changed=False) user_id = module.params.get("user_id", None) id = module.params.get("swift_password_id", None) description = module.params.get('description', None) get_logger().debug("Id is " + str(id)) if id is not None: sw_pass = _get_swift_password_from_id(identity_client, user_id, id, module) if state == 'absent': get_logger().debug( "Delete swift password %s for user %s requested", id, user_id) if sw_pass: get_logger().debug("Deleting %s", sw_pass.id) result = delete_swift_password(identity_client, user_id, id, module) else: get_logger().debug("Swift Password %s already deleted.", id) elif state == 'present': if sw_pass.description != description: result = update_swift_password(identity_client, user_id, id, description, module) else: # No change needed, return existing swift password details result[RESOURCE_NAME] = to_dict(sw_pass) else: # Check and create swift password if necessary result = oci_utils.check_and_create_resource( resource_type=RESOURCE_NAME, create_fn=create_swift_password, kwargs_create={ "identity_client": identity_client, "user_id": user_id, "description": description, "module": module }, list_fn=identity_client.list_swift_passwords, kwargs_list={"user_id": user_id}, module=module, model=CreateSwiftPasswordDetails()) module.exit_json(**result)
def main(): set_logger(oci_utils.get_logger("oci_tag_namespace")) module_args = oci_utils.get_taggable_arg_spec(supports_create=True) module_args.update( dict(compartment_id=dict(type='str', required=False), tag_namespace_id=dict(type='str', required=False, aliases=['id']), name=dict(type='str', required=False), description=dict(type='str', required=False), reactivate=dict(type='bool', required=False), state=dict(type='str', required=False, default='present', choices=['present', 'absent']))) module = AnsibleModule( argument_spec=module_args, supports_check_mode=False, required_if=[('state', 'absent', ['tag_namespace_id'])], ) if not HAS_OCI_PY_SDK: module.fail_json(msg='oci python sdk required for this module.') config = oci_utils.get_oci_config(module) identity_client = IdentityClient(config) state = module.params['state'] result = dict(changed=False) compartment_id = module.params.get("compartment_id", None) tag_ns_id = module.params.get("tag_namespace_id", None) name = module.params.get('name', None) description = module.params.get('description', None) get_logger().debug("Tag namespace id is " + str(tag_ns_id)) if tag_ns_id is not None: tag_ns = oci_utils.call_with_backoff(identity_client.get_tag_namespace, tag_namespace_id=tag_ns_id).data if state == 'absent': get_logger().debug("Retire tag namespace %s requested", tag_ns_id) if tag_ns is not None: retired = False if not tag_ns.is_retired: get_logger().debug("Retiring %s", tag_ns.id) tag_ns, retired = update_tag_namespace_state( identity_client, tag_ns_id, module, is_retired=True) result['changed'] = retired result['tag_namespace'] = to_dict(tag_ns) # if the Tag-namespace doesn't exist, it is already deleted and so we return the default dict with # changed as False elif state == 'present': desc_changed = False reactivated = False if tag_ns.description != description: tag_ns, desc_changed = update_tag_namespace_description( identity_client, tag_ns_id, description, module) reactivate = module.params.get('reactivate', None) if reactivate: get_logger().debug("Reactivate tag namespace %s requested", tag_ns_id) if tag_ns.is_retired: tag_ns, reactivated = update_tag_namespace_state( identity_client, tag_ns_id, module, is_retired=False) result['changed'] = desc_changed or reactivated result['tag_namespace'] = to_dict(tag_ns) else: result = oci_utils.check_and_create_resource( resource_type="tag_namespace", create_fn=create_tag_namespace, kwargs_create={ "identity_client": identity_client, "compartment_id": compartment_id, "name": name, "description": description, "module": module }, list_fn=identity_client.list_tag_namespaces, kwargs_list={"compartment_id": compartment_id}, module=module, model=CreateTagNamespaceDetails(), default_attribute_values={"defined_tags": {}}) module.exit_json(**result)
def __init__(self): self.inventory = {} # Ansible Inventory self.config = None self.params = { "ini_file": os.path.join(os.path.dirname(os.path.realpath(__file__)), 'oci_inventory.ini'), "config_file": os.path.join(os.path.expanduser("~"), ".oci", "config"), "profile": "DEFAULT", "user": None, "fingerprint": None, "key_file": None, "tenancy": None, "region": None, "pass_phrase": None, "cache_dir": ".", "cache_max_age": 300, "cache_file": "./ansible-oci.cache", "compartment": None, "debug": False, "hostname_format": "public_ip", "sanitize_names": True, "replace_dash_in_names": False } self.parse_cli_args() if self.args.debug: self.params["debug"] = True self.log("Executing in debug mode.") if 'OCI_INI_PATH' in os.environ: oci_ini_file_path = os.path.expanduser( os.path.expandvars(os.environ.get('OCI_INI_PATH'))) if os.path.isfile(oci_ini_file_path): self.params["ini_file"] = oci_ini_file_path self.settings_config = configparser.ConfigParser() self.settings_config.read(self.params["ini_file"]) # Preference order: CLI args > environment variable > settings from config file. if "config_file" in self.args and getattr(self.args, "config_file") is not None: self.params['config_file'] = os.path.expanduser( self.args.config_file) elif 'OCI_CONFIG_FILE' in os.environ: self.params['config_file'] = os.path.expanduser( os.path.expandvars(os.environ.get('OCI_CONFIG_FILE'))) elif self.settings_config.has_option('oci', 'config_file'): self.params['config_file'] = os.path.expanduser( self.settings_config.get('oci', 'config_file')) if "profile" in self.args and getattr(self.args, "profile") is not None: self.params['profile'] = self.args.profile elif 'OCI_CONFIG_PROFILE' in os.environ: self.params['profile'] = os.environ.get('OCI_CONFIG_PROFILE') elif self.settings_config.has_option('oci', 'profile'): self.params['profile'] = self.settings_config.get('oci', 'profile') self.read_config() self.read_settings_config() self.read_env_vars() self.read_cli_args() self.log("Using following parameters for OCI dynamic inventory:") self.log(self.params) self.compute_client = ComputeClient(self.params) self.identity_client = IdentityClient(self.params) self.virtual_nw_client = VirtualNetworkClient(self.params) self.params['cache_file'] = os.path.join(self.params['cache_dir'], "ansible-oci.cache") if not self.args.refresh_cache and self.is_cache_valid(): self.log("Reading inventory from cache.") self.inventory = self.read_from_cache() else: self.build_inventory() self.write_to_cache(self.inventory) if self.args.host: if self.args.host in self.inventory['_meta']['hostvars']: print( json.dumps( self.inventory['_meta']['hostvars'][self.args.host], sort_keys=True, indent=2)) else: self.log( "Either the specified host does not exist or its facts cannot be retrieved." ) print({}) else: print(json.dumps(self.inventory, sort_keys=True, indent=2))
def main(): set_logger(oci_utils.get_logger("oci_api_key")) module_args = oci_utils.get_common_arg_spec(supports_create=True, supports_wait=True) module_args.update( dict(user_id=dict(type='str', required=True), api_key_id=dict(type='str', required=False, aliases=['id']), api_signing_key=dict(type='str', required=False, aliases=['key']), state=dict(type='str', required=False, default='present', choices=['present', 'absent']))) module = AnsibleModule( argument_spec=module_args, supports_check_mode=False, required_if=[('state', 'absent', ['api_key_id'])], ) if not HAS_OCI_PY_SDK: module.fail_json(msg='oci python sdk required for this module.') config = oci_utils.get_oci_config(module) identity_client = IdentityClient(config) state = module.params['state'] result = dict(changed=False) user_id = module.params.get("user_id", None) public_key = module.params.get("api_signing_key", None) api_key_id = module.params.get("api_key_id", None) if api_key_id is not None: api_key = _get_api_key_from_id(identity_client, user_id, api_key_id, module) if state == 'absent': get_logger().debug("Delete api password %s for user %s requested", api_key_id, user_id) if api_key is not None: get_logger().debug("Deleting %s", api_key.key_id) result = delete_api_key(identity_client, user_id, api_key_id, module) else: get_logger().debug("API Signing Key %s already deleted.", api_key_id) elif state == 'present': module.fail_json(msg="API signing key cannot be updated.") else: result = oci_utils.check_and_create_resource( resource_type=RESOURCE_NAME, create_fn=create_api_key, kwargs_create={ "identity_client": identity_client, "user_id": user_id, "key": public_key, "module": module }, list_fn=identity_client.list_api_keys, kwargs_list={"user_id": user_id}, module=module, model=CreateApiKeyDetails()) module.exit_json(**result)