mirror of
				https://github.com/ansible-collections/community.general.git
				synced 2025-10-26 13:56:09 -07:00 
			
		
		
		
	* cloudstack: streamline modules doc (part 2) * Parameter types added * Copyright format fixes * Doc style fixes * Examples format fixes * minor fixes * fix missing quoting of "version_added"
		
			
				
	
	
		
			459 lines
		
	
	
	
		
			13 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
			
		
		
	
	
			459 lines
		
	
	
	
		
			13 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
| #!/usr/bin/python
 | |
| # -*- coding: utf-8 -*-
 | |
| #
 | |
| # (c) 2015, René Moser <mail@renemoser.net>
 | |
| # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 | |
| 
 | |
| ANSIBLE_METADATA = {'metadata_version': '1.1',
 | |
|                     'status': ['stableinterface'],
 | |
|                     'supported_by': 'community'}
 | |
| 
 | |
| 
 | |
| DOCUMENTATION = '''
 | |
| ---
 | |
| module: cs_account
 | |
| short_description: Manages accounts on Apache CloudStack based clouds.
 | |
| description:
 | |
|     - Create, disable, lock, enable and remove accounts.
 | |
| version_added: '2.0'
 | |
| author: René Moser (@resmo)
 | |
| options:
 | |
|   name:
 | |
|     description:
 | |
|       - Name of account.
 | |
|     type: str
 | |
|     required: true
 | |
|   username:
 | |
|     description:
 | |
|       - Username of the user to be created if account did not exist.
 | |
|       - Required on I(state=present).
 | |
|     type: str
 | |
|   password:
 | |
|     description:
 | |
|       - Password of the user to be created if account did not exist.
 | |
|       - Required on I(state=present) if I(ldap_domain) is not set.
 | |
|     type: str
 | |
|   first_name:
 | |
|     description:
 | |
|       - First name of the user to be created if account did not exist.
 | |
|       - Required on I(state=present) if I(ldap_domain) is not set.
 | |
|     type: str
 | |
|   last_name:
 | |
|     description:
 | |
|       - Last name of the user to be created if account did not exist.
 | |
|       - Required on I(state=present) if I(ldap_domain) is not set.
 | |
|     type: str
 | |
|   email:
 | |
|     description:
 | |
|       - Email of the user to be created if account did not exist.
 | |
|       - Required on I(state=present) if I(ldap_domain) is not set.
 | |
|     type: str
 | |
|   timezone:
 | |
|     description:
 | |
|       - Timezone of the user to be created if account did not exist.
 | |
|     type: str
 | |
|   network_domain:
 | |
|     description:
 | |
|       - Network domain of the account.
 | |
|     type: str
 | |
|   account_type:
 | |
|     description:
 | |
|       - Type of the account.
 | |
|     type: str
 | |
|     choices: [ user, root_admin, domain_admin ]
 | |
|     default: user
 | |
|   domain:
 | |
|     description:
 | |
|       - Domain the account is related to.
 | |
|     type: str
 | |
|     default: ROOT
 | |
|   role:
 | |
|     description:
 | |
|       - Creates the account under the specified role name or id.
 | |
|     type: str
 | |
|     version_added: '2.8'
 | |
|   ldap_domain:
 | |
|     description:
 | |
|       - Name of the LDAP group or OU to bind.
 | |
|       - If set, account will be linked to LDAP.
 | |
|     type: str
 | |
|     version_added: '2.8'
 | |
|   ldap_type:
 | |
|     description:
 | |
|       - Type of the ldap name. GROUP or OU, defaults to GROUP.
 | |
|     type: str
 | |
|     choices: [ GROUP, OU ]
 | |
|     default: GROUP
 | |
|     version_added: '2.8'
 | |
|   state:
 | |
|     description:
 | |
|       - State of the account.
 | |
|       - C(unlocked) is an alias for C(enabled).
 | |
|     type: str
 | |
|     choices: [ present, absent, enabled, disabled, locked, unlocked ]
 | |
|     default: present
 | |
|   poll_async:
 | |
|     description:
 | |
|       - Poll async jobs until job has finished.
 | |
|     type: bool
 | |
|     default: yes
 | |
| extends_documentation_fragment: cloudstack
 | |
| '''
 | |
| 
 | |
| EXAMPLES = '''
 | |
| - name: create an account in domain 'CUSTOMERS'
 | |
|   cs_account:
 | |
|     name: customer_xy
 | |
|     username: customer_xy
 | |
|     password: S3Cur3
 | |
|     last_name: Doe
 | |
|     first_name: John
 | |
|     email: john.doe@example.com
 | |
|     domain: CUSTOMERS
 | |
|     role: Domain Admin
 | |
|   delegate_to: localhost
 | |
| 
 | |
| - name: Lock an existing account in domain 'CUSTOMERS'
 | |
|   cs_account:
 | |
|     name: customer_xy
 | |
|     domain: CUSTOMERS
 | |
|     state: locked
 | |
|   delegate_to: localhost
 | |
| 
 | |
| - name: Disable an existing account in domain 'CUSTOMERS'
 | |
|   cs_account:
 | |
|     name: customer_xy
 | |
|     domain: CUSTOMERS
 | |
|     state: disabled
 | |
|   delegate_to: localhost
 | |
| 
 | |
| - name: Enable an existing account in domain 'CUSTOMERS'
 | |
|   cs_account:
 | |
|     name: customer_xy
 | |
|     domain: CUSTOMERS
 | |
|     state: enabled
 | |
|   delegate_to: localhost
 | |
| 
 | |
| - name: Remove an account in domain 'CUSTOMERS'
 | |
|   cs_account:
 | |
|     name: customer_xy
 | |
|     domain: CUSTOMERS
 | |
|     state: absent
 | |
|   delegate_to: localhost
 | |
| 
 | |
| - name: Create a single user LDAP account in domain 'CUSTOMERS'
 | |
|   cs_account:
 | |
|     name: customer_xy
 | |
|     username: customer_xy
 | |
|     domain: CUSTOMERS
 | |
|     ldap_domain: cn=customer_xy,cn=team_xy,ou=People,dc=domain,dc=local
 | |
|   delegate_to: localhost
 | |
| 
 | |
| - name: Create a LDAP account in domain 'CUSTOMERS' and bind it to a LDAP group
 | |
|   cs_account:
 | |
|     name: team_xy
 | |
|     username: customer_xy
 | |
|     domain: CUSTOMERS
 | |
|     ldap_domain: cn=team_xy,ou=People,dc=domain,dc=local
 | |
|   delegate_to: localhost
 | |
| '''
 | |
| 
 | |
| RETURN = '''
 | |
| ---
 | |
| id:
 | |
|   description: UUID of the account.
 | |
|   returned: success
 | |
|   type: str
 | |
|   sample: 87b1e0ce-4e01-11e4-bb66-0050569e64b8
 | |
| name:
 | |
|   description: Name of the account.
 | |
|   returned: success
 | |
|   type: str
 | |
|   sample: linus@example.com
 | |
| account_type:
 | |
|   description: Type of the account.
 | |
|   returned: success
 | |
|   type: str
 | |
|   sample: user
 | |
| state:
 | |
|   description: State of the account.
 | |
|   returned: success
 | |
|   type: str
 | |
|   sample: enabled
 | |
| network_domain:
 | |
|   description: Network domain of the account.
 | |
|   returned: success
 | |
|   type: str
 | |
|   sample: example.local
 | |
| domain:
 | |
|   description: Domain the account is related.
 | |
|   returned: success
 | |
|   type: str
 | |
|   sample: ROOT
 | |
| role:
 | |
|   description: The role name of the account
 | |
|   returned: success
 | |
|   type: str
 | |
|   sample: Domain Admin
 | |
| '''
 | |
| 
 | |
| # import cloudstack common
 | |
| from ansible.module_utils.basic import AnsibleModule
 | |
| from ansible.module_utils.cloudstack import (
 | |
|     AnsibleCloudStack,
 | |
|     cs_argument_spec,
 | |
|     cs_required_together
 | |
| )
 | |
| 
 | |
| 
 | |
| class AnsibleCloudStackAccount(AnsibleCloudStack):
 | |
| 
 | |
|     def __init__(self, module):
 | |
|         super(AnsibleCloudStackAccount, self).__init__(module)
 | |
|         self.returns = {
 | |
|             'networkdomain': 'network_domain',
 | |
|             'rolename': 'role',
 | |
|         }
 | |
|         self.account = None
 | |
|         self.account_types = {
 | |
|             'user': 0,
 | |
|             'root_admin': 1,
 | |
|             'domain_admin': 2,
 | |
|         }
 | |
| 
 | |
|     def get_role_id(self):
 | |
|         role_param = self.module.params.get('role')
 | |
|         role_id = None
 | |
| 
 | |
|         if role_param:
 | |
|             role_list = self.query_api('listRoles')
 | |
|             for role in role_list['role']:
 | |
|                 if role_param in [role['name'], role['id']]:
 | |
|                     role_id = role['id']
 | |
| 
 | |
|             if not role_id:
 | |
|                 self.module.fail_json(msg="Role not found: %s" % role_param)
 | |
| 
 | |
|         return role_id
 | |
| 
 | |
|     def get_account_type(self):
 | |
|         account_type = self.module.params.get('account_type')
 | |
|         return self.account_types[account_type]
 | |
| 
 | |
|     def get_account(self):
 | |
|         if not self.account:
 | |
|             args = {
 | |
|                 'listall': True,
 | |
|                 'domainid': self.get_domain(key='id'),
 | |
|                 'fetch_list': True,
 | |
|             }
 | |
|             accounts = self.query_api('listAccounts', **args)
 | |
|             if accounts:
 | |
|                 account_name = self.module.params.get('name')
 | |
|                 for a in accounts:
 | |
|                     if account_name == a['name']:
 | |
|                         self.account = a
 | |
|                         break
 | |
| 
 | |
|         return self.account
 | |
| 
 | |
|     def enable_account(self):
 | |
|         account = self.get_account()
 | |
|         if not account:
 | |
|             account = self.present_account()
 | |
| 
 | |
|         if account['state'].lower() != 'enabled':
 | |
|             self.result['changed'] = True
 | |
|             args = {
 | |
|                 'id': account['id'],
 | |
|                 'account': self.module.params.get('name'),
 | |
|                 'domainid': self.get_domain(key='id')
 | |
|             }
 | |
|             if not self.module.check_mode:
 | |
|                 res = self.query_api('enableAccount', **args)
 | |
|                 account = res['account']
 | |
|         return account
 | |
| 
 | |
|     def lock_account(self):
 | |
|         return self.lock_or_disable_account(lock=True)
 | |
| 
 | |
|     def disable_account(self):
 | |
|         return self.lock_or_disable_account()
 | |
| 
 | |
|     def lock_or_disable_account(self, lock=False):
 | |
|         account = self.get_account()
 | |
|         if not account:
 | |
|             account = self.present_account()
 | |
| 
 | |
|         # we need to enable the account to lock it.
 | |
|         if lock and account['state'].lower() == 'disabled':
 | |
|             account = self.enable_account()
 | |
| 
 | |
|         if (lock and account['state'].lower() != 'locked' or
 | |
|                 not lock and account['state'].lower() != 'disabled'):
 | |
|             self.result['changed'] = True
 | |
|             args = {
 | |
|                 'id': account['id'],
 | |
|                 'account': self.module.params.get('name'),
 | |
|                 'domainid': self.get_domain(key='id'),
 | |
|                 'lock': lock,
 | |
|             }
 | |
|             if not self.module.check_mode:
 | |
|                 account = self.query_api('disableAccount', **args)
 | |
| 
 | |
|                 poll_async = self.module.params.get('poll_async')
 | |
|                 if poll_async:
 | |
|                     account = self.poll_job(account, 'account')
 | |
|         return account
 | |
| 
 | |
|     def present_account(self):
 | |
|         account = self.get_account()
 | |
| 
 | |
|         if not account:
 | |
|             self.result['changed'] = True
 | |
| 
 | |
|             if self.module.params.get('ldap_domain'):
 | |
|                 required_params = [
 | |
|                     'domain',
 | |
|                     'username',
 | |
|                 ]
 | |
|                 self.module.fail_on_missing_params(required_params=required_params)
 | |
| 
 | |
|                 account = self.create_ldap_account(account)
 | |
| 
 | |
|             else:
 | |
|                 required_params = [
 | |
|                     'email',
 | |
|                     'username',
 | |
|                     'password',
 | |
|                     'first_name',
 | |
|                     'last_name',
 | |
|                 ]
 | |
|                 self.module.fail_on_missing_params(required_params=required_params)
 | |
| 
 | |
|                 account = self.create_account(account)
 | |
| 
 | |
|         return account
 | |
| 
 | |
|     def create_ldap_account(self, account):
 | |
|         args = {
 | |
|             'account': self.module.params.get('name'),
 | |
|             'domainid': self.get_domain(key='id'),
 | |
|             'accounttype': self.get_account_type(),
 | |
|             'networkdomain': self.module.params.get('network_domain'),
 | |
|             'username': self.module.params.get('username'),
 | |
|             'timezone': self.module.params.get('timezone'),
 | |
|             'roleid': self.get_role_id()
 | |
|         }
 | |
|         if not self.module.check_mode:
 | |
|             res = self.query_api('ldapCreateAccount', **args)
 | |
|             account = res['account']
 | |
| 
 | |
|             args = {
 | |
|                 'account': self.module.params.get('name'),
 | |
|                 'domainid': self.get_domain(key='id'),
 | |
|                 'accounttype': self.get_account_type(),
 | |
|                 'ldapdomain': self.module.params.get('ldap_domain'),
 | |
|                 'type': self.module.params.get('ldap_type')
 | |
|             }
 | |
| 
 | |
|             self.query_api('linkAccountToLdap', **args)
 | |
| 
 | |
|         return account
 | |
| 
 | |
|     def create_account(self, account):
 | |
|         args = {
 | |
|             'account': self.module.params.get('name'),
 | |
|             'domainid': self.get_domain(key='id'),
 | |
|             'accounttype': self.get_account_type(),
 | |
|             'networkdomain': self.module.params.get('network_domain'),
 | |
|             'username': self.module.params.get('username'),
 | |
|             'password': self.module.params.get('password'),
 | |
|             'firstname': self.module.params.get('first_name'),
 | |
|             'lastname': self.module.params.get('last_name'),
 | |
|             'email': self.module.params.get('email'),
 | |
|             'timezone': self.module.params.get('timezone'),
 | |
|             'roleid': self.get_role_id()
 | |
|         }
 | |
|         if not self.module.check_mode:
 | |
|             res = self.query_api('createAccount', **args)
 | |
|             account = res['account']
 | |
| 
 | |
|         return account
 | |
| 
 | |
|     def absent_account(self):
 | |
|         account = self.get_account()
 | |
|         if account:
 | |
|             self.result['changed'] = True
 | |
| 
 | |
|             if not self.module.check_mode:
 | |
|                 res = self.query_api('deleteAccount', id=account['id'])
 | |
| 
 | |
|                 poll_async = self.module.params.get('poll_async')
 | |
|                 if poll_async:
 | |
|                     self.poll_job(res, 'account')
 | |
|         return account
 | |
| 
 | |
|     def get_result(self, account):
 | |
|         super(AnsibleCloudStackAccount, self).get_result(account)
 | |
|         if account:
 | |
|             if 'accounttype' in account:
 | |
|                 for key, value in self.account_types.items():
 | |
|                     if value == account['accounttype']:
 | |
|                         self.result['account_type'] = key
 | |
|                         break
 | |
|         return self.result
 | |
| 
 | |
| 
 | |
| def main():
 | |
|     argument_spec = cs_argument_spec()
 | |
|     argument_spec.update(dict(
 | |
|         name=dict(required=True),
 | |
|         state=dict(choices=['present', 'absent', 'enabled', 'disabled', 'locked', 'unlocked'], default='present'),
 | |
|         account_type=dict(choices=['user', 'root_admin', 'domain_admin'], default='user'),
 | |
|         network_domain=dict(),
 | |
|         domain=dict(default='ROOT'),
 | |
|         email=dict(),
 | |
|         first_name=dict(),
 | |
|         last_name=dict(),
 | |
|         username=dict(),
 | |
|         password=dict(no_log=True),
 | |
|         timezone=dict(),
 | |
|         role=dict(),
 | |
|         ldap_domain=dict(),
 | |
|         ldap_type=dict(choices=['GROUP', 'OU'], default='GROUP'),
 | |
|         poll_async=dict(type='bool', default=True),
 | |
|     ))
 | |
| 
 | |
|     module = AnsibleModule(
 | |
|         argument_spec=argument_spec,
 | |
|         required_together=cs_required_together(),
 | |
|         supports_check_mode=True
 | |
|     )
 | |
| 
 | |
|     acs_acc = AnsibleCloudStackAccount(module)
 | |
| 
 | |
|     state = module.params.get('state')
 | |
| 
 | |
|     if state in ['absent']:
 | |
|         account = acs_acc.absent_account()
 | |
| 
 | |
|     elif state in ['enabled', 'unlocked']:
 | |
|         account = acs_acc.enable_account()
 | |
| 
 | |
|     elif state in ['disabled']:
 | |
|         account = acs_acc.disable_account()
 | |
| 
 | |
|     elif state in ['locked']:
 | |
|         account = acs_acc.lock_account()
 | |
| 
 | |
|     else:
 | |
|         account = acs_acc.present_account()
 | |
| 
 | |
|     result = acs_acc.get_result(account)
 | |
| 
 | |
|     module.exit_json(**result)
 | |
| 
 | |
| 
 | |
| if __name__ == '__main__':
 | |
|     main()
 |