manageiq_policies_info: new module (#5321)

* manageiq_provider_info: new module * fix reference to manageiq.module * add missing alias in suboption * fix filename in botmeta * Update plugins/modules/remote_management/manageiq/manageiq_policies_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/remote_management/manageiq/manageiq_policies_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * fix description of parameters * Update plugins/modules/remote_management/manageiq/manageiq_policies_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/remote_management/manageiq/manageiq_policies_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * remove change applied on the wrong branch * fix the module name in metadata files * Update plugins/modules/remote_management/manageiq/manageiq_policies_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * adjust RETURN documentation * adjust RETURN documentation indentation * Update plugins/modules/remote_management/manageiq/manageiq_policies_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/remote_management/manageiq/manageiq_policies_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/remote_management/manageiq/manageiq_policies_info.py Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de>
2025-06-04 23:39:09 -07:00 · 2022-10-12 21:27:21 +13:00 · 2022-10-12 21:27:21 +13:00 · 32f9d78fa3
commit 32f9d78fa3
parent e47845ab3a
5 changed files with 307 additions and 180 deletions
--- a/plugins/module_utils/manageiq.py
+++ b/plugins/module_utils/manageiq.py
@ -156,3 +156,179 @@ class ManageIQ(object):
            msg = "{collection_name} where {params} does not exist in manageiq".format(
                collection_name=collection_name, params=str(params))
            self.module.fail_json(msg=msg)
+
+    def policies(self, resource_id, resource_type, resource_name):
+        manageiq = ManageIQ(self.module)
+
+        # query resource id, fail if resource does not exist
+        if resource_id is None:
+            resource_id = manageiq.find_collection_resource_or_fail(resource_type, name=resource_name)['id']
+
+        return ManageIQPolicies(manageiq, resource_type, resource_id)
+
+
+class ManageIQPolicies(object):
+    """
+        Object to execute policies management operations of manageiq resources.
+    """
+
+    def __init__(self, manageiq, resource_type, resource_id):
+        self.manageiq = manageiq
+
+        self.module = self.manageiq.module
+        self.api_url = self.manageiq.api_url
+        self.client = self.manageiq.client
+
+        self.resource_type = resource_type
+        self.resource_id = resource_id
+        self.resource_url = '{api_url}/{resource_type}/{resource_id}'.format(
+            api_url=self.api_url,
+            resource_type=resource_type,
+            resource_id=resource_id)
+
+    def query_profile_href(self, profile):
+        """ Add or Update the policy_profile href field
+
+        Example:
+            {name: STR, ...} => {name: STR, href: STR}
+        """
+        resource = self.manageiq.find_collection_resource_or_fail(
+            "policy_profiles", **profile)
+        return dict(name=profile['name'], href=resource['href'])
+
+    def query_resource_profiles(self):
+        """ Returns a set of the profile objects objects assigned to the resource
+        """
+        url = '{resource_url}/policy_profiles?expand=resources'
+        try:
+            response = self.client.get(url.format(resource_url=self.resource_url))
+        except Exception as e:
+            msg = "Failed to query {resource_type} policies: {error}".format(
+                resource_type=self.resource_type,
+                error=e)
+            self.module.fail_json(msg=msg)
+
+        resources = response.get('resources', [])
+
+        # clean the returned rest api profile object to look like:
+        # {profile_name: STR, profile_description: STR, policies: ARR<POLICIES>}
+        profiles = [self.clean_profile_object(profile) for profile in resources]
+
+        return profiles
+
+    def query_profile_policies(self, profile_id):
+        """ Returns a set of the policy objects assigned to the resource
+        """
+        url = '{api_url}/policy_profiles/{profile_id}?expand=policies'
+        try:
+            response = self.client.get(url.format(api_url=self.api_url, profile_id=profile_id))
+        except Exception as e:
+            msg = "Failed to query {resource_type} policies: {error}".format(
+                resource_type=self.resource_type,
+                error=e)
+            self.module.fail_json(msg=msg)
+
+        resources = response.get('policies', [])
+
+        # clean the returned rest api policy object to look like:
+        # {name: STR, description: STR, active: BOOL}
+        policies = [self.clean_policy_object(policy) for policy in resources]
+
+        return policies
+
+    def clean_policy_object(self, policy):
+        """ Clean a policy object to have human readable form of:
+        {
+            name: STR,
+            description: STR,
+            active: BOOL
+        }
+        """
+        name = policy.get('name')
+        description = policy.get('description')
+        active = policy.get('active')
+
+        return dict(
+            name=name,
+            description=description,
+            active=active)
+
+    def clean_profile_object(self, profile):
+        """ Clean a profile object to have human readable form of:
+        {
+            profile_name: STR,
+            profile_description: STR,
+            policies: ARR<POLICIES>
+        }
+        """
+        profile_id = profile['id']
+        name = profile.get('name')
+        description = profile.get('description')
+        policies = self.query_profile_policies(profile_id)
+
+        return dict(
+            profile_name=name,
+            profile_description=description,
+            policies=policies)
+
+    def profiles_to_update(self, profiles, action):
+        """ Create a list of policies we need to update in ManageIQ.
+
+        Returns:
+            Whether or not a change took place and a message describing the
+            operation executed.
+        """
+        profiles_to_post = []
+        assigned_profiles = self.query_resource_profiles()
+
+        # make a list of assigned full profile names strings
+        # e.g. ['openscap profile', ...]
+        assigned_profiles_set = set([profile['profile_name'] for profile in assigned_profiles])
+
+        for profile in profiles:
+            assigned = profile.get('name') in assigned_profiles_set
+
+            if (action == 'unassign' and assigned) or (action == 'assign' and not assigned):
+                # add/update the policy profile href field
+                # {name: STR, ...} => {name: STR, href: STR}
+                profile = self.query_profile_href(profile)
+                profiles_to_post.append(profile)
+
+        return profiles_to_post
+
+    def assign_or_unassign_profiles(self, profiles, action):
+        """ Perform assign/unassign action
+        """
+        # get a list of profiles needed to be changed
+        profiles_to_post = self.profiles_to_update(profiles, action)
+        if not profiles_to_post:
+            return dict(
+                changed=False,
+                msg="Profiles {profiles} already {action}ed, nothing to do".format(
+                    action=action,
+                    profiles=profiles))
+
+        # try to assign or unassign profiles to resource
+        url = '{resource_url}/policy_profiles'.format(resource_url=self.resource_url)
+        try:
+            response = self.client.post(url, action=action, resources=profiles_to_post)
+        except Exception as e:
+            msg = "Failed to {action} profile: {error}".format(
+                action=action,
+                error=e)
+            self.module.fail_json(msg=msg)
+
+        # check all entities in result to be successful
+        for result in response['results']:
+            if not result['success']:
+                msg = "Failed to {action}: {message}".format(
+                    action=action,
+                    message=result['message'])
+                self.module.fail_json(msg=msg)
+
+        # successfully changed all needed profiles
+        return dict(
+            changed=True,
+            msg="Successfully {action}ed profiles: {profiles}".format(
+                action=action,
+                profiles=profiles))