def main():
module_args = oci_utils.get_common_arg_spec()
module_args.update(
dict(compartment_id=dict(type='str', required=False),
policy_id=dict(type='str', required=False, aliases=['id'])))
module = AnsibleModule(argument_spec=module_args,
supports_check_mode=False,
required_one_of=[['compartment_id', 'policy_id']])
if not HAS_OCI_PY_SDK:
module.fail_json(msg='oci python sdk required for this module.')
config = oci_utils.get_oci_config(module)
identity_client = IdentityClient(config)
policy_id = module.params['policy_id']
try:
if policy_id is None:
result = to_dict(
oci_utils.list_all_resources(
identity_client.list_policies,
compartment_id=module.params['compartment_id']))
else:
result = [to_dict(identity_client.get_policy(policy_id).data)]
except ServiceError as ex:
module.fail_json(msg=ex.message)
module.exit_json(policies=result)
def get_regions_and_compartment(cls, secret_data):
compartments = []
regions = []
tenancy = None
secret_data.update(
{"key_content": cls.private_key_content_pretreatment(secret_data)})
for default_region in DEFAULT_REGIONS:
secret_data.update({'region': default_region})
try:
identity = IdentityClient(secret_data)
tenancy = identity.get_tenancy(secret_data["tenancy"]).data
region_names = identity.list_region_subscriptions(
tenancy.id).data
regions = [str(es.region_name) for es in region_names]
compartments = cls.identity_read_compartments(
identity, tenancy, secret_data)
except Exception as e:
print(
"[ERROR: Collector_Service] Error on get_regions_and_compartment: "
+ str(e.args))
pass
else:
break
return regions, compartments, secret_data
def main():
module_args = oci_utils.get_taggable_arg_spec(supports_wait=True)
module_args.update(
dict(name=dict(type='str', required=False),
user_id=dict(type='str', required=False, aliases=['id']),
description=dict(type='str', required=False, default=''),
user_groups=dict(type='list', required=False),
blocked=dict(type='str', required=False, choices=['yes', 'no']),
create_or_reset_ui_password=dict(type='bool',
required=False,
default=False),
state=dict(type='str',
required=False,
default='present',
choices=['present', 'absent']),
purge_group_memberships=dict(type='bool',
required=False,
default=False),
force=dict(type='bool', required=False, default=False)))
module = AnsibleModule(argument_spec=module_args)
if not HAS_OCI_PY_SDK:
module.fail_json(msg='oci python sdk required for this module')
oci_config = oci_utils.get_oci_config(module)
identity_client = IdentityClient(oci_config)
compartment_id = oci_config['tenancy']
module.params.update(dict({'compartment_id': compartment_id}))
state = module.params['state']
if state == 'present':
result = create_or_update_user(identity_client, module)
elif state == 'absent':
result = delete_user(identity_client, module)
module.exit_json(**result)
def main():
module_args = oci_utils.get_common_arg_spec()
module_args.update(
dict(user_id=dict(type='str', required=True),
customer_secret_key_id=dict(type='str',
required=False,
aliases=['id'],
no_log=True)))
module = AnsibleModule(
argument_spec=module_args,
supports_check_mode=False,
)
if not HAS_OCI_PY_SDK:
module.fail_json(msg='oci python sdk required for this module.')
config = oci_utils.get_oci_config(module)
identity_client = IdentityClient(config)
user_id = module.params.get("user_id")
id = module.params.get("customer_secret_key_id", None)
result = list_customer_secret_keys(identity_client, user_id, id, module)
module.exit_json(customer_secret_keys=result)
def main():
set_logger(oci_utils.get_logger("oci_customer_secret_key"))
module_args = oci_utils.get_common_arg_spec(supports_create=True)
module_args.update(dict(
user_id=dict(type='str', required=True),
customer_secret_key_id=dict(type='str', required=False, aliases=['id']),
name=dict(type='str', required=False, aliases=['display_name']),
state=dict(type='str', required=False, default='present', choices=['present', 'absent'])
))
module = AnsibleModule(
argument_spec=module_args,
supports_check_mode=False,
required_if=[('state', 'absent', ['customer_secret_key_id'])],
)
if not HAS_OCI_PY_SDK:
module.fail_json(msg='oci python sdk required for this module.')
config = oci_utils.get_oci_config(module)
identity_client = IdentityClient(config)
state = module.params['state']
result = dict(changed=False)
user_id = module.params.get("user_id", None)
secret_key_id = module.params.get("customer_secret_key_id", None)
name = module.params.get('name', None)
get_logger().debug("Id is " + str(secret_key_id))
if secret_key_id is not None:
secret_key = _get_customer_secret_key_from_id(identity_client, user_id, secret_key_id, module)
if state == 'absent':
get_logger().debug("Delete Customer Secret Key %s for user %s requested", secret_key_id, user_id)
if secret_key is not None:
get_logger().debug("Deleting %s", secret_key.id)
result = delete_customer_secret_key(identity_client, user_id, secret_key_id, module)
else:
get_logger().debug("Customer secret key %s already deleted.", secret_key_id)
elif state == 'present':
if secret_key.display_name != name:
result = update_customer_secret_key(identity_client, user_id, secret_key_id, name, module)
else:
# No change needed, return existing customer secret key details
result[RESOURCE_NAME] = to_dict(secret_key)
else:
result = oci_utils.check_and_create_resource(resource_type=RESOURCE_NAME,
create_fn=create_customer_secret_key,
kwargs_create={"identity_client": identity_client,
"user_id": user_id, "display_name": name,
"module": module},
list_fn=identity_client.list_customer_secret_keys,
kwargs_list={"user_id": user_id},
module=module,
model=CreateCustomerSecretKeyDetails())
module.exit_json(**result)
def main():
module_args = oci_utils.get_taggable_arg_spec(supports_wait=True)
module_args.update(
dict(compartment_id=dict(type='str', required=False),
description=dict(type='str', required=False),
name=dict(type='str', required=False),
policy_document=dict(type='str', required=False),
policy_id=dict(type='str', required=False, aliases=['id']),
state=dict(type='str',
required=False,
default='present',
choices=['absent', 'present']),
statements=dict(type='list', required=False),
version_date=dict(type='datetime', required=False)))
module = AnsibleModule(
argument_spec=module_args,
supports_check_mode=False,
mutually_exclusive=[['policy_document', 'statements']],
required_if=[['state', 'absent', ['policy_id']]])
if not HAS_OCI_PY_SDK:
module.fail_json(msg='oci python sdk required for this module.')
config = oci_utils.get_oci_config(module)
identity_client = IdentityClient(config)
state = module.params['state']
policy_id = module.params['policy_id']
exclude_attributes = {'version_date': True}
if state == 'absent':
result = delete_policy(identity_client, module)
else:
if policy_id is not None:
result = update_policy(identity_client, module)
else:
result = oci_utils.check_and_create_resource(
resource_type='policy',
create_fn=create_policy,
kwargs_create={
'identity_client': identity_client,
'module': module
},
list_fn=identity_client.list_policies,
kwargs_list={
"compartment_id": module.params['compartment_id']
},
module=module,
model=CreatePolicyDetails(),
exclude_attributes=exclude_attributes)
module.exit_json(**result)
def main():
module_args = oci_utils.get_common_arg_spec()
module_args.update(
dict(user_id=dict(type='str', required=False, aliases=['id'])))
module = AnsibleModule(argument_spec=module_args)
if not HAS_OCI_PY_SDK:
module.fail_json(msg='oci python sdk required for this module')
oci_config = oci_utils.get_oci_config(module)
identity_client = IdentityClient(oci_config)
compartment_id = oci_config['tenancy']
module.params.update(dict({'compartment_id': compartment_id}))
result = list_users(identity_client, module)
module.exit_json(users=result)
def main():
module_args = oci_utils.get_common_arg_spec()
module = AnsibleModule(
argument_spec=module_args,
supports_check_mode=False,
)
if not HAS_OCI_PY_SDK:
module.fail_json(msg='oci python sdk required for this module.')
config = oci_utils.get_oci_config(module)
identity_client = IdentityClient(config)
result = list_regions(identity_client, module)
module.exit_json(regions=result)
def main():
module_args = oci_utils.get_taggable_arg_spec(supports_wait=True)
module_args.update(
dict(compartment_id=dict(type='str', required=True),
name=dict(type='str', required=False),
description=dict(type='str', required=False),
state=dict(type='str',
required=False,
default='present',
choices=['present'])))
module = AnsibleModule(argument_spec=module_args,
supports_check_mode=False)
if not HAS_OCI_PY_SDK:
module.fail_json(msg='oci python sdk required for this module.')
config = oci_utils.get_oci_config(module)
identity_client = IdentityClient(config)
compartment_id = module.params['compartment_id']
tenancy = None
try:
tenancy = oci_utils.call_with_backoff(identity_client.get_tenancy,
tenancy_id=compartment_id).data
except ServiceError:
pass
# Check if the provided compartment_id is OCID of a tenancy(root compartment). If tenancy OCID is provided, it's
# supposed to be a call to create compartment in the tenancy else it's a call to update compartment.
if tenancy is not None:
result = oci_utils.check_and_create_resource(
resource_type='compartment',
create_fn=create_compartment,
kwargs_create={
'identity_client': identity_client,
'module': module
},
list_fn=identity_client.list_compartments,
kwargs_list={"compartment_id": module.params['compartment_id']},
module=module,
model=CreateCompartmentDetails())
else:
result = update_compartment(identity_client, module)
module.exit_json(**result)
def main():
module_args = oci_utils.get_common_arg_spec()
module_args.update(
dict(compartment_id=dict(type='str', required=True, aliases=['id'])))
module = AnsibleModule(
argument_spec=module_args,
supports_check_mode=False,
)
if not HAS_OCI_PY_SDK:
module.fail_json(msg='oci python sdk required for this module.')
config = oci_utils.get_oci_config(module)
identity_client = IdentityClient(config)
result = list_availability_domains(identity_client, module)
module.exit_json(availability_domains=result)
def main():
module_args = oci_utils.get_common_arg_spec()
module_args.update(dict(compartment_id=dict(type='str', required=True)))
module = AnsibleModule(argument_spec=module_args,
supports_check_mode=False)
if not HAS_OCI_PY_SDK:
module.fail_json(msg='oci python sdk required for this module.')
config = oci_utils.get_oci_config(module)
identity_client = IdentityClient(config)
compartment_id = module.params['compartment_id']
tenancy = None
try:
tenancy = oci_utils.call_with_backoff(identity_client.get_tenancy,
tenancy_id=compartment_id).data
except ServiceError:
pass
# Check if the provided compartment_id is OCID of a tenancy(root compartment). If root compartment OCID is provided,
# list all the compartments in the root compartment else retrieve information of the given compartment id.
try:
if tenancy is not None:
result = to_dict(
oci_utils.list_all_resources(identity_client.list_compartments,
compartment_id=compartment_id))
else:
result = [
to_dict(
oci_utils.call_with_backoff(
identity_client.get_compartment,
compartment_id=compartment_id).data)
]
except ServiceError as ex:
module.fail_json(msg=ex.message)
module.exit_json(compartments=result)
def main():
module_args = oci_utils.get_common_arg_spec()
module_args.update(
dict(tag_namespace_id=dict(type='str', required=True),
tag_name=dict(type='str', required=False, aliases=['name'])))
module = AnsibleModule(
argument_spec=module_args,
supports_check_mode=False,
)
if not HAS_OCI_PY_SDK:
module.fail_json(msg='oci python sdk required for this module.')
config = oci_utils.get_oci_config(module)
identity_client = IdentityClient(config)
tag_namespace_id = module.params.get("tag_namespace_id")
tag_name = module.params.get("tag_name", None)
result = list_tags(identity_client, tag_namespace_id, tag_name, module)
module.exit_json(tags=result)
def main():
set_logger(oci_utils.get_logger("oci_tag"))
module_args = oci_utils.get_common_arg_spec()
module_args.update(
dict(tag_namespace_id=dict(type='str', required=True),
tag_name=dict(type='str', required=True, aliases=['name']),
description=dict(type='str', required=False),
reactivate=dict(type='bool', required=False),
state=dict(type='str',
required=False,
default='present',
choices=['present', 'absent'])))
module = AnsibleModule(
argument_spec=module_args,
supports_check_mode=False,
)
if not HAS_OCI_PY_SDK:
module.fail_json(msg='oci python sdk required for this module.')
config = oci_utils.get_oci_config(module)
identity_client = IdentityClient(config)
state = module.params['state']
result = dict(changed=False)
tag_namespace_id = module.params.get("tag_namespace_id", None)
tag_name = module.params.get("tag_name", None)
name = module.params.get('name', None)
description = module.params.get('description', None)
get_logger().debug("tag key definition name is " + str(tag_name))
tag = _get_tag_definition_from_id(identity_client, tag_namespace_id,
tag_name)
if state == 'absent':
get_logger().debug("Retire tag key definition %s requested", tag_name)
if tag is not None:
retired = False
if not tag.is_retired:
get_logger().debug("Retiring %s", tag.id)
tag, retired = update_tag_definition_state(
identity_client,
tag_namespace_id,
tag_name,
module,
description=tag.description,
is_retired=True)
result['changed'] = retired
result['tag'] = to_dict(tag)
# if the Tag doesn't exist, it is already deleted and so we return the default dict with changed as False
elif state == 'present':
if tag is not None:
desc_changed = False
reactivated = False
if tag.description != description:
tag, desc_changed = update_tag_namespace_description(
identity_client, tag_namespace_id, tag_name, description,
module)
reactivate = module.params.get('reactivate', None)
if reactivate:
get_logger().debug("Reactivate tag definition %s requested",
tag_name)
if tag.is_retired:
tag, reactivated = update_tag_definition_state(
identity_client,
tag_namespace_id,
tag_name,
module,
description=tag.description,
is_retired=False)
result['changed'] = desc_changed or reactivated
result['tag'] = to_dict(tag)
else:
# Unlike other OCI resources, if a user has provided `tag_namespace_id` and `name`, and the Tag is not
# present already, we will attempt to create the Tag. This is because there is no special way to
# differentiate a "create" from a "update" through the absence of a "tag" "id" option for OCI Tags.
# Therefore, also, oci_tag doesn't include oracle_creatable_resource documentation fragment and options.
result = create_tag(identity_client, tag_namespace_id, name,
description, module)
module.exit_json(**result)
def main():
set_logger(oci_utils.get_logger("oci_swift_password"))
module_args = oci_utils.get_common_arg_spec(supports_create=True)
module_args.update(
dict(user_id=dict(type='str', required=True),
swift_password_id=dict(type='str',
required=False,
aliases=['id'],
no_log=True),
description=dict(type='str', required=False),
state=dict(type='str',
required=False,
default='present',
choices=['present', 'absent'])))
module = AnsibleModule(
argument_spec=module_args,
supports_check_mode=False,
required_if=[('state', 'absent', ['swift_password_id'])],
)
if not HAS_OCI_PY_SDK:
module.fail_json(msg='oci python sdk required for this module.')
config = oci_utils.get_oci_config(module)
identity_client = IdentityClient(config)
state = module.params['state']
result = dict(changed=False)
user_id = module.params.get("user_id", None)
id = module.params.get("swift_password_id", None)
description = module.params.get('description', None)
get_logger().debug("Id is " + str(id))
if id is not None:
sw_pass = _get_swift_password_from_id(identity_client, user_id, id,
module)
if state == 'absent':
get_logger().debug(
"Delete swift password %s for user %s requested", id, user_id)
if sw_pass:
get_logger().debug("Deleting %s", sw_pass.id)
result = delete_swift_password(identity_client, user_id, id,
module)
else:
get_logger().debug("Swift Password %s already deleted.", id)
elif state == 'present':
if sw_pass.description != description:
result = update_swift_password(identity_client, user_id, id,
description, module)
else:
# No change needed, return existing swift password details
result[RESOURCE_NAME] = to_dict(sw_pass)
else:
# Check and create swift password if necessary
result = oci_utils.check_and_create_resource(
resource_type=RESOURCE_NAME,
create_fn=create_swift_password,
kwargs_create={
"identity_client": identity_client,
"user_id": user_id,
"description": description,
"module": module
},
list_fn=identity_client.list_swift_passwords,
kwargs_list={"user_id": user_id},
module=module,
model=CreateSwiftPasswordDetails())
module.exit_json(**result)
def main():
set_logger(oci_utils.get_logger("oci_tag_namespace"))
module_args = oci_utils.get_taggable_arg_spec(supports_create=True)
module_args.update(
dict(compartment_id=dict(type='str', required=False),
tag_namespace_id=dict(type='str', required=False, aliases=['id']),
name=dict(type='str', required=False),
description=dict(type='str', required=False),
reactivate=dict(type='bool', required=False),
state=dict(type='str',
required=False,
default='present',
choices=['present', 'absent'])))
module = AnsibleModule(
argument_spec=module_args,
supports_check_mode=False,
required_if=[('state', 'absent', ['tag_namespace_id'])],
)
if not HAS_OCI_PY_SDK:
module.fail_json(msg='oci python sdk required for this module.')
config = oci_utils.get_oci_config(module)
identity_client = IdentityClient(config)
state = module.params['state']
result = dict(changed=False)
compartment_id = module.params.get("compartment_id", None)
tag_ns_id = module.params.get("tag_namespace_id", None)
name = module.params.get('name', None)
description = module.params.get('description', None)
get_logger().debug("Tag namespace id is " + str(tag_ns_id))
if tag_ns_id is not None:
tag_ns = oci_utils.call_with_backoff(identity_client.get_tag_namespace,
tag_namespace_id=tag_ns_id).data
if state == 'absent':
get_logger().debug("Retire tag namespace %s requested", tag_ns_id)
if tag_ns is not None:
retired = False
if not tag_ns.is_retired:
get_logger().debug("Retiring %s", tag_ns.id)
tag_ns, retired = update_tag_namespace_state(
identity_client, tag_ns_id, module, is_retired=True)
result['changed'] = retired
result['tag_namespace'] = to_dict(tag_ns)
# if the Tag-namespace doesn't exist, it is already deleted and so we return the default dict with
# changed as False
elif state == 'present':
desc_changed = False
reactivated = False
if tag_ns.description != description:
tag_ns, desc_changed = update_tag_namespace_description(
identity_client, tag_ns_id, description, module)
reactivate = module.params.get('reactivate', None)
if reactivate:
get_logger().debug("Reactivate tag namespace %s requested",
tag_ns_id)
if tag_ns.is_retired:
tag_ns, reactivated = update_tag_namespace_state(
identity_client, tag_ns_id, module, is_retired=False)
result['changed'] = desc_changed or reactivated
result['tag_namespace'] = to_dict(tag_ns)
else:
result = oci_utils.check_and_create_resource(
resource_type="tag_namespace",
create_fn=create_tag_namespace,
kwargs_create={
"identity_client": identity_client,
"compartment_id": compartment_id,
"name": name,
"description": description,
"module": module
},
list_fn=identity_client.list_tag_namespaces,
kwargs_list={"compartment_id": compartment_id},
module=module,
model=CreateTagNamespaceDetails(),
default_attribute_values={"defined_tags": {}})
module.exit_json(**result)
def __init__(self):
self.inventory = {} # Ansible Inventory
self.config = None
self.params = {
"ini_file":
os.path.join(os.path.dirname(os.path.realpath(__file__)),
'oci_inventory.ini'),
"config_file":
os.path.join(os.path.expanduser("~"), ".oci", "config"),
"profile":
"DEFAULT",
"user":
None,
"fingerprint":
None,
"key_file":
None,
"tenancy":
None,
"region":
None,
"pass_phrase":
None,
"cache_dir":
".",
"cache_max_age":
300,
"cache_file":
"./ansible-oci.cache",
"compartment":
None,
"debug":
False,
"hostname_format":
"public_ip",
"sanitize_names":
True,
"replace_dash_in_names":
False
}
self.parse_cli_args()
if self.args.debug:
self.params["debug"] = True
self.log("Executing in debug mode.")
if 'OCI_INI_PATH' in os.environ:
oci_ini_file_path = os.path.expanduser(
os.path.expandvars(os.environ.get('OCI_INI_PATH')))
if os.path.isfile(oci_ini_file_path):
self.params["ini_file"] = oci_ini_file_path
self.settings_config = configparser.ConfigParser()
self.settings_config.read(self.params["ini_file"])
# Preference order: CLI args > environment variable > settings from config file.
if "config_file" in self.args and getattr(self.args,
"config_file") is not None:
self.params['config_file'] = os.path.expanduser(
self.args.config_file)
elif 'OCI_CONFIG_FILE' in os.environ:
self.params['config_file'] = os.path.expanduser(
os.path.expandvars(os.environ.get('OCI_CONFIG_FILE')))
elif self.settings_config.has_option('oci', 'config_file'):
self.params['config_file'] = os.path.expanduser(
self.settings_config.get('oci', 'config_file'))
if "profile" in self.args and getattr(self.args,
"profile") is not None:
self.params['profile'] = self.args.profile
elif 'OCI_CONFIG_PROFILE' in os.environ:
self.params['profile'] = os.environ.get('OCI_CONFIG_PROFILE')
elif self.settings_config.has_option('oci', 'profile'):
self.params['profile'] = self.settings_config.get('oci', 'profile')
self.read_config()
self.read_settings_config()
self.read_env_vars()
self.read_cli_args()
self.log("Using following parameters for OCI dynamic inventory:")
self.log(self.params)
self.compute_client = ComputeClient(self.params)
self.identity_client = IdentityClient(self.params)
self.virtual_nw_client = VirtualNetworkClient(self.params)
self.params['cache_file'] = os.path.join(self.params['cache_dir'],
"ansible-oci.cache")
if not self.args.refresh_cache and self.is_cache_valid():
self.log("Reading inventory from cache.")
self.inventory = self.read_from_cache()
else:
self.build_inventory()
self.write_to_cache(self.inventory)
if self.args.host:
if self.args.host in self.inventory['_meta']['hostvars']:
print(
json.dumps(
self.inventory['_meta']['hostvars'][self.args.host],
sort_keys=True,
indent=2))
else:
self.log(
"Either the specified host does not exist or its facts cannot be retrieved."
)
print({})
else:
print(json.dumps(self.inventory, sort_keys=True, indent=2))
def main():
set_logger(oci_utils.get_logger("oci_api_key"))
module_args = oci_utils.get_common_arg_spec(supports_create=True,
supports_wait=True)
module_args.update(
dict(user_id=dict(type='str', required=True),
api_key_id=dict(type='str', required=False, aliases=['id']),
api_signing_key=dict(type='str', required=False, aliases=['key']),
state=dict(type='str',
required=False,
default='present',
choices=['present', 'absent'])))
module = AnsibleModule(
argument_spec=module_args,
supports_check_mode=False,
required_if=[('state', 'absent', ['api_key_id'])],
)
if not HAS_OCI_PY_SDK:
module.fail_json(msg='oci python sdk required for this module.')
config = oci_utils.get_oci_config(module)
identity_client = IdentityClient(config)
state = module.params['state']
result = dict(changed=False)
user_id = module.params.get("user_id", None)
public_key = module.params.get("api_signing_key", None)
api_key_id = module.params.get("api_key_id", None)
if api_key_id is not None:
api_key = _get_api_key_from_id(identity_client, user_id, api_key_id,
module)
if state == 'absent':
get_logger().debug("Delete api password %s for user %s requested",
api_key_id, user_id)
if api_key is not None:
get_logger().debug("Deleting %s", api_key.key_id)
result = delete_api_key(identity_client, user_id, api_key_id,
module)
else:
get_logger().debug("API Signing Key %s already deleted.",
api_key_id)
elif state == 'present':
module.fail_json(msg="API signing key cannot be updated.")
else:
result = oci_utils.check_and_create_resource(
resource_type=RESOURCE_NAME,
create_fn=create_api_key,
kwargs_create={
"identity_client": identity_client,
"user_id": user_id,
"key": public_key,
"module": module
},
list_fn=identity_client.list_api_keys,
kwargs_list={"user_id": user_id},
module=module,
model=CreateApiKeyDetails())
module.exit_json(**result)
