def _modify(isim_application: ISIMApplication, person_dn: str, full_name: Optional[str] = None, surname: Optional[str] = None, aliases: Optional[List[str]] = None, password: Optional[str] = None, role_dns: Optional[List[str]] = None) -> IBMResponse: """ Modify the attributes of an existing Person. Only arguments with a value will be changed. Any arguments set to None will be left as they are. To set an attribute to an empty value, use an empty string or empty list. :param isim_application: The ISIMApplication instance to connect to. :param person_dn: The DN of the existing person to modify. :param full_name: The full name of the person. :param surname: The surname of the person. :param aliases: A list of aliases for the person. :param password: A password to use as the preferred password for the person. :param role_dns: A list of DNs corresponding to roles that the person will be part of. :return: An IBMResponse object. If the call was successful, the data field will be empty. """ # Retrieve the attribute type attribute_type_response = isim_application.retrieve_soap_type( soap_service, "ns1:WSAttribute", requires_version=requires_version) # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it if attribute_type_response['rc'] != 0: return attribute_type_response attr_type = attribute_type_response['data'] data = [] # Add the person DN to the request data.append(person_dn) # Setup the list of modified attributes and add them to the request attribute_list = _build_person_attributes_list(attr_type=attr_type, full_name=full_name, surname=surname, aliases=aliases, password=password, role_dns=role_dns) data.append(attribute_list) # Leave the date object empty data.append(None) # Invoke the call ret_obj = isim_application.invoke_soap_request( "Modifying a Person", soap_service, "modifyPerson", data, requires_version=requires_version) return ret_obj
def search(isim_application: ISIMApplication, container_dn: Optional[str], ldap_filter: str = "(errolename=*)", check_mode=False, force=False) -> IBMResponse: """ Search for a role using a filter. :param isim_application: The ISIMApplication instance to connect to. :param container_dn: The optional DN of a container to search in. Set to None to search everywhere. :param ldap_filter: An LDAP filter string to search for. :param check_mode: Set to True to enable check mode. :param force: Set to True to force execution regardless of current state. :return: An IBMResponse object. If the call was successful, the data field will contain a list of the Python dict representations of each role matching the filter. """ # The session object is handled by the ISIMApplication instance data = [] if container_dn is None: # Add the filter string to the request data.append(ldap_filter) # Invoke the call ret_obj = isim_application.invoke_soap_request( "Searching for roles", soap_service, "searchRoles", data, requires_version=requires_version) else: # Retrieve the container object (the business unit) container_response = isimws.isim.container.get( isim_application=isim_application, container_dn=container_dn) # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it if container_response['rc'] != 0: return container_response container_object = container_response['data'] data.append(container_object) # Add the filter string to the request data.append(ldap_filter) # Invoke the call ret_obj = isim_application.invoke_soap_request( "Searching for roles in container " + container_dn, soap_service, "searchForRolesInContainer", data, requires_version=requires_version) return ret_obj
def search(isim_application: ISIMApplication, ldap_filter: str = "(uid=*)", check_mode=False, force=False) -> IBMResponse: """ Search for a person using a filter. The search is performed from the root. :param isim_application: The ISIMApplication instance to connect to. :param ldap_filter: An LDAP filter string to search for. :param check_mode: Set to True to enable check mode. :param force: Set to True to force execution regardless of current state. :return: An IBMResponse object. If the call was successful, the data field will contain a list of the Python dict representations of each role matching the filter. """ # The session object is handled by the ISIMApplication instance data = [] # Add the filter string to the request data.append(ldap_filter) # Add an empty attribute list to the request data.append("") # Invoke the call ret_obj = isim_application.invoke_soap_request( "Searching for people", soap_service, "searchPersonsFromRoot", data, requires_version=requires_version) return ret_obj
def get(isim_application: ISIMApplication, role_dn: str, check_mode=False, force=False) -> IBMResponse: """ Get a role by it's DN. :param isim_application: The ISIMApplication instance to connect to. :param role_dn: The ITIM DN of the role. :param check_mode: Set to True to enable check mode. :param force: Set to True to force execution regardless of current state. :return: An IBMResponse object. If the call was successful, the data field will contain the Python dict representation of the role. """ # The session object is handled by the ISIMApplication instance # Add the dn string to the request data = [role_dn] # Invoke the call ret_obj = isim_application.invoke_soap_request( "Retrieving a static role", soap_service, "lookupRole", data, requires_version=requires_version) return ret_obj
def _get_attribute_by_filter(isim_application: ISIMApplication, search_filter: str, attribute_name: str) -> IBMResponse: """ Look up workflows using an LDAP filter and return a list of values for a specific LDAP attribute. Produces a list of attribute values with each entry corresponding to one of the workflows that was selected by the filter. :param: search_filter: An LDAP search filter to select workflows with. :param: attribute_name: The name of the LDAP attribute to retrieve. :return: An IBMResponse object. If the call was successful, the data field will contain a list of values. """ # Get the required SOAP types for the API call search_arguments_type_response = isim_application.retrieve_soap_type( "WSSearchDataService", "ns1:WSSearchArguments") # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it if search_arguments_type_response['rc'] != 0: return search_arguments_type_response search_arguments_type = search_arguments_type_response['data'] # The session object is handled by the ISIMApplication instance data = [] search_arguments_object = search_arguments_type() search_arguments_object['category'] = 'Workflow' search_arguments_object['returnedAttributeName'] = attribute_name search_arguments_object['filter'] = str(search_filter) search_arguments_object['base'] = 'global' # 'global' or 'org' data.append(search_arguments_object) # Invoke the call return isim_application.invoke_soap_request("Retrieving a workflow", "WSSearchDataService", "findSearchFilterObjects", data)
def get(isim_application: ISIMApplication, container_dn: str, check_mode=False, force=False) -> IBMResponse: # The session object is handled by the ISIMApplication instance # Add the dn string data = [container_dn] # Invoke the call ret_obj = isim_application.invoke_soap_request( "Retrieving an organisational container", soap_service, "lookupContainer", data, requires_version=requires_version) return ret_obj
def __init__(self, isim_application: ISIMApplication): self.isim_application = isim_application # Retrieve organization DN mappings from the ISIMApplication self.organization_map = {} response = isim_application.invoke_soap_request( "Retrieving organizations list", "WSOrganizationalContainerService", "getOrganizationTree", []) if response['rc'] != 0: raise ValueError( 'Cannot retrieve organization information from the application server.' ) organization_info = response['data'] for org in organization_info: self.organization_map[org['name']] = org['itimDN']
def get_all(isim_application: ISIMApplication, check_mode=False, force=False) -> IBMResponse: """ Get a list of all organizations in the system. :param isim_application: The ISIMApplication instance to connect to. :param check_mode: Set to True to enable check mode. :param force: Set to True to force execution regardless of current state. :return: An IBMResponse object. If the call was successful, the data field will contain the Python dict representation of the role. """ # The session object is handled by the ISIMApplication instance data = [] # Invoke the call ret_obj = isim_application.invoke_soap_request("Retrieving organizations list", soap_service, "getOrganizationTree", data, requires_version=requires_version) ret_obj = strip_zeep_element_data(ret_obj) return ret_obj
def search(isim_application: ISIMApplication, container_dn: str, policy_name: str, check_mode=False, force=False) -> IBMResponse: """ Search for a provisioning policy by it's name. :param isim_application: The ISIMApplication instance to connect to. :param container_dn: The DN of the container to search in. :param policy_name: The name of the provisioning policy to search for. :param check_mode: Set to True to enable check mode :param force: Set to True to force execution regardless of current state :return: An IBMResponse object. If the call was successful, the data field will contain a lst of the Python dict representations of each provisioning policy matching the criteria. """ data = [] # Add the add the container object to the request container_response = isimws.isim.container.get( isim_application=isim_application, container_dn=container_dn) # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it if container_response['rc'] != 0: return container_response container_object = container_response['data'] data.append(container_object) # Add the policy name to the request data.append(str(policy_name)) # Invoke the call ret_obj = isim_application.invoke_soap_request( "Searching for a provisioning policy", soap_service, "getPolicies", data, requires_version=requires_version) return ret_obj
def _create(isim_application: ISIMApplication, container_dn: str, name: str, role_classification: str, description: str = "", role_owner_dns: List[str] = [], user_owner_dns: List[str] = [], enable_access: bool = False, common_access: bool = False, access_type: str = "", access_image_uri: str = "", access_search_terms: List[str] = [], access_additional_info: str = "", access_badges: List[Dict[str, str]] = [], assignment_attributes: List[str] = []) -> IBMResponse: """ Create a Role. To set an attribute to an empty value, use an empty string or empty list. Do not use None as this indicates no change, which is not applicable to a create operation. :param isim_application: The ISIMApplication instance to connect to. :param container_dn: The DN of the container (business unit) to create the role under. :param name: The role name. :param role_classification: Set to either "application" or "business". :param description: A description of the role. :param role_owner_dns: A list of DNs corresponding to the roles that own this role. :param user_owner_dns: A list of DNs corresponding to the users that own this role. :param enable_access: Set to True to enable access for the role. :param common_access: Set to True to show the role as a common access. :param access_type: Set to one of 'application', 'emailgroup', 'sharedfolder' or 'role'. :param access_image_uri: The URI of an image to use for the access icon. :param access_search_terms: A list of search terms for the access. :param access_additional_info: Additional information about the acceess. :param access_badges: A list of dicts representing badges for the access. Each entry in the list must contain the keys 'text' and 'colour' with string values. :param assignment_attributes: A list of attribute names to assign to the role. :return: An IBMResponse object. If the call was successful, the data field will contain the Python dict representation of the action taken by the server. """ data = [] # Get the required SOAP types role_type_response = isim_application.retrieve_soap_type( soap_service, "ns1:WSRole", requires_version=requires_version) # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it if role_type_response['rc'] != 0: return role_type_response role_type = role_type_response['data'] # Retrieve the attribute type attribute_type_response = isim_application.retrieve_soap_type( soap_service, "ns1:WSAttribute", requires_version=requires_version) # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it if attribute_type_response['rc'] != 0: return attribute_type_response attr_type = attribute_type_response['data'] # Retrieve the container object (the business unit) container_response = isimws.isim.container.get( isim_application=isim_application, container_dn=container_dn) # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it if container_response['rc'] != 0: return container_response container_object = container_response['data'] data.append(container_object) # Setup the role object role_object = role_type() role_object['name'] = name role_object['description'] = description role_object['select'] = False # Populate the role attributes attribute_list = _build_role_attributes_list( attr_type=attr_type, role_classification=role_classification, description=description, role_owner_dns=role_owner_dns, user_owner_dns=user_owner_dns, enable_access=enable_access, common_access=common_access, access_type=access_type, access_image_uri=access_image_uri, access_search_terms=access_search_terms, access_additional_info=access_additional_info, access_badges=access_badges, assignment_attributes=assignment_attributes) role_object['attributes'] = {'item': attribute_list} data.append(role_object) # Invoke the call ret_obj = isim_application.invoke_soap_request( "Creating a Role", soap_service, "createStaticRole", data, requires_version=requires_version) return ret_obj
def main(): module = AnsibleModule(argument_spec=dict(log=dict( required=False, default='INFO', choices=['DEBUG', 'INFO', 'ERROR', 'CRITICAL']), hostname=dict(required=True), app_port=dict(required=False, default=9082, type='int'), root_dn=dict(required=True), action=dict(required=True), force=dict(required=False, default=False, type='bool'), username=dict(required=False), password=dict(required=True, no_log=True), isimapi=dict(required=False, type='dict')), supports_check_mode=True) module.debug('Started isim module') # Process all Arguments logLevel = module.params['log'] force = module.params['force'] action = module.params['action'] hostname = module.params['hostname'] app_port = module.params['app_port'] root_dn = module.params['root_dn'] username = module.params['username'] password = module.params['password'] # Setup logging for format, set log level and redirect to string strlog = StringIO() DEFAULT_LOGGING = { 'version': 1, 'disable_existing_loggers': False, 'formatters': { 'standard': { 'format': '[%(asctime)s] [PID:%(process)d TID:%(thread)d] [%(levelname)s] [%(name)s] [%(funcName)s():%(lineno)s] %(message)s' }, }, 'handlers': { 'default': { 'level': logLevel, 'formatter': 'standard', 'class': 'logging.StreamHandler', 'stream': strlog }, }, 'loggers': { '': { 'handlers': ['default'], 'level': logLevel, 'propagate': True }, 'requests.packages.urllib3.connectionpool': { 'handlers': ['default'], 'level': 'ERROR', 'propagate': True } } } logging.config.dictConfig(DEFAULT_LOGGING) # Create application user to be used for all calls if username == '' or username is None: u = ISIMApplicationUser(password=password) else: u = ISIMApplicationUser(username=username, password=password) # Create application object to be used for all calls isim_server = ISIMApplication(hostname=hostname, root_dn=root_dn, user=u, port=app_port) # Create options string to pass to action method options = 'isim_application=isim_server, force=' + str(force) if module.check_mode is True: options = options + ', check_mode=True' if isinstance(module.params['isimapi'], dict): for key, value in module.params['isimapi'].items(): if isinstance(value, str): options = options + ', ' + key + '="' + value + '"' else: options = options + ', ' + key + '=' + str(value) module.debug('Option to be passed to action: ' + options) # Dynamically process the action to be invoked # Simple check to restrict calls to just "isim" ones for safety if action.startswith('isimws.isim.'): try: module_name, method_name = action.rsplit('.', 1) module.debug('Action method to be imported from module: ' + module_name) module.debug('Action method name is: ' + method_name) mod = importlib.import_module(module_name) func_ptr = getattr( mod, method_name) # Convert action to actual function pointer func_call = 'func_ptr(' + options + ')' startd = datetime.datetime.now() # Execute requested 'action' ret_obj = eval(func_call) endd = datetime.datetime.now() delta = endd - startd ret_obj['stdout'] = strlog.getvalue() ret_obj['stdout_lines'] = strlog.getvalue().split() ret_obj['start'] = str(startd) ret_obj['end'] = str(endd) ret_obj['delta'] = str(delta) ret_obj['cmd'] = action + "(" + options + ")" # ret_obj['ansible_facts'] = isim_server.facts module.exit_json(**ret_obj) except ImportError: module.fail_json( name=action, msg='Error> action belongs to a module that is not found!', log=strlog.getvalue()) except AttributeError: module.fail_json( name=action, msg= 'Error> invalid action was specified, method not found in module!', log=strlog.getvalue()) # except TypeError: # module.fail_json(name=action, # msg='Error> action does not have the right set of arguments or there is a code bug! Options: ' + options, # log=strlog.getvalue()) except IBMError as e: module.fail_json(name=action, msg=str(e), log=strlog.getvalue()) else: module.fail_json( name=action, msg='Error> invalid action specified, needs to be isim!', log=strlog.getvalue())
def _modify(isim_application: ISIMApplication, container_dn: str, profile: str, description: Optional[str] = None, associated_people_dns: Optional[List[str]] = None) -> IBMResponse: """ Modify the attributes of an existing Container. Only arguments with a value will be changed. Any arguments set to None will be left as they are. To set an attribute to an empty value, use an empty string or empty list. :param isim_application: The ISIMApplication instance to connect to. :param container_dn: The DN of the existing container to modify. :param profile: The container profile to use. Valid values are 'Organization', 'OrganizationalUnit', 'BPOrganization', 'Location', or 'AdminDomain'. Note that this value cannot be modified- this argument is only used to determine how to process the other arguments. :param description: A description of the container. Will be ignored if the selected container profile doesn't use a description. :param associated_people_dns: A list of DNs corresponding to the people associated with the container. The way this list will be interpreted changes depending on the selected container profile. For an organization, it will be ignored. For an organizational unit or location, the first entry in the list will be set as the supervisor, and the other entries will be ignored. For a business partner unit, the first entry in the list will be set as the sponsor, and the other entries will be ignored. For an admin domain, each entry in the list will be set as an administrator of the admin domain. :return: An IBMResponse object. If the call was successful, the data field will be empty. """ # Get the required SOAP types container_type_response = isim_application.retrieve_soap_type( soap_service, "ns1:WSOrganizationalContainer", requires_version=requires_version) # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it if container_type_response['rc'] != 0: return container_type_response container_type = container_type_response['data'] # Retrieve the attribute type attribute_type_response = isim_application.retrieve_soap_type( soap_service, "ns1:WSAttribute", requires_version=requires_version) # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it if attribute_type_response['rc'] != 0: return attribute_type_response attr_type = attribute_type_response['data'] data = [] # Setup the container object container_object = container_type() container_object['select'] = False container_object['itimDN'] = container_dn # Populate the container attributes attribute_list = _build_container_attributes_list( attr_type=attr_type, name=None, profile=profile, description=description, associated_people_dns=associated_people_dns) container_object['attributes'] = {'item': attribute_list} data.append(container_object) # Invoke the call ret_obj = isim_application.invoke_soap_request( "Modifying a Container", soap_service, "modifyContainer", data, requires_version=requires_version) return ret_obj
def _create(isim_application: ISIMApplication, parent_container_dn: str, profile: str, name: str, description: str = "", associated_people_dns: List[str] = []) -> IBMResponse: """ Create a Container. To set an attribute to an empty value, use an empty string or empty list. Do not use None as this indicates no change, which is not applicable to a create operation. :param isim_application: The ISIMApplication instance to connect to. :param parent_container_dn: The DN of the existing container (business unit) to create the container under. To create an Organization, you must specify the root container here, e.g. "ou=demo,dc=com". :param profile: The container profile to use. Valid values are 'Organization', 'OrganizationalUnit', 'BPOrganization', 'Location', or 'AdminDomain'. :param name: The container name. This will be automatically applied to the correct attribute depending on the container profile selected. :param description: A description of the container. Will be ignored if the selected container profile doesn't use a description. :param associated_people_dns: A list of DNs corresponding to the people associated with the container. The way this list will be interpreted changes depending on the selected container profile. For an organization, it will be ignored. For an organizational unit or location, the first entry in the list will be set as the supervisor, and the other entries will be ignored. For a business partner unit, the first entry in the list will be set as the sponsor, and the other entries will be ignored. For an admin domain, each entry in the list will be set as an administrator of the admin domain. :return: An IBMResponse object. If the call was successful, the data field will contain the Python dict representation of the action taken by the server. """ data = [] # Get the required SOAP types container_type_response = isim_application.retrieve_soap_type( soap_service, "ns1:WSOrganizationalContainer", requires_version=requires_version) # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it if container_type_response['rc'] != 0: return container_type_response container_type = container_type_response['data'] # Retrieve the attribute type attribute_type_response = isim_application.retrieve_soap_type( soap_service, "ns1:WSAttribute", requires_version=requires_version) # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it if attribute_type_response['rc'] != 0: return attribute_type_response attr_type = attribute_type_response['data'] # Retrieve the parent container object (the business unit) parent_container_response = isimws.isim.container.get( isim_application=isim_application, container_dn=parent_container_dn) # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it if parent_container_response['rc'] != 0: return parent_container_response parent_container_object = parent_container_response['data'] data.append(parent_container_object) # Setup the new container object container_object = container_type() container_object['select'] = False container_object['name'] = name # The SOAP API uses different profile names depending on which operation is being performed for some reason. We # set the profile name here according to what is expected for a create operation. if profile == "BPOrganization": container_object['profileName'] = "BusinessPartnerOrganization" elif profile == "AdminDomain": container_object['profileName'] = "SecurityDomain" else: container_object['profileName'] = profile # Populate the container attributes attribute_list = _build_container_attributes_list( attr_type=attr_type, name=name, profile=profile, description=description, associated_people_dns=associated_people_dns) container_object['attributes'] = {'item': attribute_list} data.append(container_object) # Invoke the call ret_obj = isim_application.invoke_soap_request( "Creating a Container", soap_service, "createContainer", data, requires_version=requires_version) return ret_obj
def _create(isim_application: ISIMApplication, container_dn: str, uid: str, profile: str, full_name: str, surname: str, aliases: List[str] = [], password: str = "", role_dns: List[str] = []) -> IBMResponse: """ Create a Person. To set an attribute to an empty value, use an empty string or empty list. Do not use None as this indicates no change, which is not applicable to a create operation. :param isim_application: The ISIMApplication instance to connect to. :param container_dn: The DN of the container (business unit) to create the person under. :param uid: The username or UID for the person. :param profile: The name of the profile to use for the person. Currently only "Person" is supported. :param full_name: The full name of the person. :param surname: The surname of the person. :param aliases: A list of aliases for the person. :param password: A password to use as the preferred password for the person. :param role_dns: A list of DNs corresponding to roles that the person will be part of. :return: An IBMResponse object. If the call was successful, the data field will contain the Python dict representation of the action taken by the server. """ data = [] # Get the required SOAP types person_type_response = isim_application.retrieve_soap_type( soap_service, "ns1:WSPerson", requires_version=requires_version) # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it if person_type_response['rc'] != 0: return person_type_response person_type = person_type_response['data'] attribute_type_response = isim_application.retrieve_soap_type( soap_service, "ns1:WSAttribute", requires_version=requires_version) # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it if attribute_type_response['rc'] != 0: return attribute_type_response attr_type = attribute_type_response['data'] # Retrieve the container object (the business unit) container_response = isimws.isim.container.get( isim_application=isim_application, container_dn=container_dn) # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it if container_response['rc'] != 0: return container_response container_object = container_response['data'] data.append(container_object) # Setup the person object person_object = person_type() # Check that the profile is valid if profile.lower() == "person": person_object['profileName'] = "Person" else: raise ValueError(profile + "is not a valid profile. Must be 'Person'.") person_object['select'] = False attribute_list = _build_person_attributes_list(attr_type=attr_type, uid=uid, surname=surname, full_name=full_name, aliases=aliases, password=password, role_dns=role_dns) person_object['attributes'] = {'item': attribute_list} data.append(person_object) # Leave the date object empty data.append(None) # Invoke the call ret_obj = isim_application.invoke_soap_request( "Creating a Person", soap_service, "createPerson", data, requires_version=requires_version) return ret_obj
def _modify(isim_application: ISIMApplication, policy_dn: str, container_dn: str, name: str, priority: int, description: Optional[str] = None, keywords: Optional[str] = None, caption: Optional[str] = None, available_to_subunits: Optional[bool] = None, enabled: Optional[bool] = None, membership_type: Optional[str] = None, membership_role_dns: Optional[List[str]] = None, entitlements: List[Dict] = []) -> IBMResponse: """ Modify an existing provisioning policy. Due to differences in the SOAP API, this function works differently to the _modify functions for other types of objects. Ordinarily None would indicate no change, but here it applies an empty value. Setting an empty string or list will set the value to a literal empty string or list, which may cause problems. There is no concept of 'no change' with this API- all attributes must be set regardless of whether they already have a value. :param isim_application: The ISIMApplication instance to connect to. :param policy_dn: The DN of the existing policy to modify. :param container_dn: The DN of the container (business unit) that the policy exists in. :param name: The name of the policy. :param priority: An integer greater than 0 representing the priority of the policy. :param description: A description for the policy. :param keywords: A keywords string for the policy. :param caption: A caption for the policy. :param available_to_subunits: Set to True to make the policy available to services in subunits of the selected business unit, or False to make it available to this business unit only. :param enabled: Set to True to enable the policy, or False to disable it. :param membership_type: A string value determining how membership of the policy will be determined. Valid values are 'all' (for all users in the organization), 'other' (for all other users who are not granted to the entitlement(s) defined by this provisioning policy via other policies), or 'roles' (to specify specific roles using the membership_roles argument). :param membership_role_dns: A list of DNs of the roles to use to determine membership. This argument will be ignored if membership_type is not set to 'roles'. This list cannot be empty if membership_type is set to 'roles'. :param entitlements: A list of dicts representing entitlements for the policy. This list must contain at least one entry. Each entry is expected to contain the following keys: { automatic: bool # Set to True for automatic provisioning, or False for manual provisioning. ownership_type: str # Valid values are 'all', 'device', 'individual', 'system', or 'vendor'. target_type: str # Determines how services will be targeted. Valid values are 'all' (for all services), 'type' (for a service type), 'policy' (for a service selection policy), or 'specific' (for a specific service). service_type: str # This attribute is only required if the target_type is set to 'type' or 'policy'. Provide the exact name of the service profile to target. Note that it is case-sensitive. service_dn: str # This attribute is only required if the target_type is set to 'specific'. Provide the DN of the service to target. workflow_dn: str # Set to the DN of a workflow to use, or None to not use a workflow. } Note: This API does not currently support adding service tags to entitlements. :return: An IBMResponse object. If the call was successful, the data field will contain the Python dict representation of the action taken by the server. """ data = [] # Get the required SOAP types # Get the policy type policy_type_response = isim_application.retrieve_soap_type( soap_service, "ns1:WSProvisioningPolicy", requires_version=requires_version) # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it if policy_type_response['rc'] != 0: return policy_type_response policy_type = policy_type_response['data'] # Get the policy membership type policy_membership_type_response = isim_application.retrieve_soap_type( soap_service, "ns1:WSProvisioningPolicyMembership", requires_version=requires_version) # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it if policy_membership_type_response['rc'] != 0: return policy_membership_type_response policy_membership_type = policy_membership_type_response['data'] # Get the policy entitlement type policy_entitlement_type_response = isim_application.retrieve_soap_type( soap_service, "ns1:WSProvisioningPolicyEntitlement", requires_version=requires_version) # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it if policy_entitlement_type_response['rc'] != 0: return policy_entitlement_type_response policy_entitlement_type = policy_entitlement_type_response['data'] # Get the service target type service_target_type_response = isim_application.retrieve_soap_type( soap_service, "ns1:WSServiceTarget", requires_version=requires_version) # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it if service_target_type_response['rc'] != 0: return service_target_type_response service_target_type = service_target_type_response['data'] # Retrieve the container object (the business unit) container_response = isimws.isim.container.get( isim_application=isim_application, container_dn=container_dn) # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it if container_response['rc'] != 0: return container_response container_object = container_response['data'] data.append(container_object) # Setup the policy object policy_object = _setup_policy_object( policy_type=policy_type, policy_entitlement_type=policy_entitlement_type, service_target_type=service_target_type, policy_membership_type=policy_membership_type, container_object=container_object, name=name, priority=priority, description=description, keywords=keywords, caption=caption, available_to_subunits=available_to_subunits, enabled=enabled, membership_type=membership_type, membership_role_dns=membership_role_dns, entitlements=entitlements) policy_object[ 'itimDN'] = policy_dn # Add the policy DN so that the existing policy can be identified data.append(policy_object) # Leave the date object empty data.append(None) # Invoke the call ret_obj = isim_application.invoke_soap_request( "Modifying a provisioning policy", soap_service, "modifyPolicy", data, requires_version=requires_version) return ret_obj
def _modify(isim_application: ISIMApplication, role_dn: str, role_classification: Optional[str] = None, description: Optional[str] = None, role_owner_dns: Optional[List[str]] = None, user_owner_dns: Optional[List[str]] = None, enable_access: Optional[bool] = None, common_access: Optional[bool] = None, access_type: Optional[str] = None, access_image_uri: Optional[str] = None, access_search_terms: Optional[List[str]] = None, access_additional_info: Optional[str] = None, access_badges: Optional[List[Dict[str, str]]] = None, assignment_attributes: Optional[List[str]] = None) -> IBMResponse: """ Modify the attributes of an existing Role. Only arguments with a value will be changed. Any arguments set to None will be left as they are. The one exception to this is role_owners and user_owners. If you set either one, it will overwrite all existing owners, both role and user. To set an attribute to an empty value, use an empty string or empty list. :param isim_application: The ISIMApplication instance to connect to. :param role_dn: The DN of the existing role to modify. :param role_classification: Set to either "application" or "business". :param description: A description of the role. :param role_owner_dns: A list of DNs corresponding to the roles that own this role. :param user_owner_dns: A list of DNs corresponding to the users that own this role. :param enable_access: Set to True to enable access for the role. :param common_access: Set to True to show the role as a common access. :param access_type: Set to one of 'application', 'emailgroup', 'sharedfolder' or 'role'. :param access_image_uri: The URI of an image to use for the access icon. :param access_search_terms: A list of search terms for the access. :param access_additional_info: Additional information about the acceess. :param access_badges: A list of dicts representing badges for the access. Each entry in the list must contain the keys 'text' and 'colour' with string values. :param assignment_attributes: A list of attribute names to assign to the role. :return: An IBMResponse object. If the call was successful, the data field will be empty. """ # Retrieve the attribute type attribute_type_response = isim_application.retrieve_soap_type( soap_service, "ns1:WSAttribute", requires_version=requires_version) # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it if attribute_type_response['rc'] != 0: return attribute_type_response attr_type = attribute_type_response['data'] data = [] # Add the role DN to the request data.append(role_dn) # Setup the list of modified attributes and add them to the request attribute_list = _build_role_attributes_list( attr_type=attr_type, role_classification=role_classification, description=description, role_owner_dns=role_owner_dns, user_owner_dns=user_owner_dns, enable_access=enable_access, common_access=common_access, access_type=access_type, access_image_uri=access_image_uri, access_search_terms=access_search_terms, access_additional_info=access_additional_info, access_badges=access_badges, assignment_attributes=assignment_attributes) data.append(attribute_list) # Invoke the call ret_obj = isim_application.invoke_soap_request( "Modifying a Role", soap_service, "modifyStaticRole", data, requires_version=requires_version) return ret_obj
def search(isim_application: ISIMApplication, parent_dn: str, container_name: str, profile: str, check_mode=False, force=False) -> IBMResponse: """ Search for a container by it's name. :param isim_application: The ISIMApplication instance to connect to. :param parent_dn: The DN of the parent container to search under. All descendants of this container will be searched, not just direct children. To search for an Organization, you must specify the root container here, e.g. "ou=demo,dc=com". :param container_name: The name of the container to search for. Only containers that exactly match the name will appear in the results. :param container_name: The name of the container to search for. :param profile: The type of container to search for. Valid values are 'Organization', 'OrganizationalUnit', 'BPOrganization', 'Location', or 'AdminDomain'. :param check_mode: Set to True to enable check mode. :param force: Set to True to force execution regardless of current state. :return: An IBMResponse object. If the call was successful, the data field will contain a list of the Python dict representations of each role matching the filter. """ # The session object is handled by the ISIMApplication instance data = [] # Retrieve the parent container object container_response = isimws.isim.container.get( isim_application=isim_application, container_dn=parent_dn) # If an error was encountered and ignored, return the IBMResponse object so that Ansible can process it if container_response['rc'] != 0: return container_response container_object = container_response['data'] data.append(container_object) # Add the container profile name to the request if not (profile == "Organization" or profile == "OrganizationalUnit" or profile == "Location" or profile == "AdminDomain" or profile == "BPOrganization"): raise ValueError( "'" + profile + "' is not a valid container profile. Valid values are 'Organization', " "'OrganizationalUnit', 'BPOrganization', 'Location', or 'AdminDomain'." ) data.append(profile) # Add the container name to the request data.append(container_name) # Invoke the call ret_obj = isim_application.invoke_soap_request( "Searching for containers", soap_service, "searchContainerByName", data, requires_version=requires_version) ret_obj = strip_zeep_element_data(ret_obj) return ret_obj
# Function to pretty print JSON data def pretty_print(jdata): pp = pprint.PrettyPrinter(indent=2) pp.pprint(jdata) if __name__ == "__main__": """ This test program should not execute when imported, which would otherwise cause problems when generating the documentation. """ # Create a user credential for ISIM application u = ISIMApplicationUser(username="******", password="******") # Create an ISIM application with above credential isim_server = ISIMApplication(hostname="192.168.1.56", root_dn="ou=demo,dc=com", user=u, port=9082) dn_encoder = DNEncoder(isim_server) # # Idempotently apply a person configuration # print("Applying a person configuration...") # pretty_print(isimws.isim.person.apply(isim_application=isim_server, # container_path="//demo", # uid="cspeed", # profile="Person", # full_name="Claude Speed", # surname="Speed", # aliases=["CS", "Claude"], # password="******", # roles=[