From 532857c0b23cedbd8949d926a2f3db6497621e15 Mon Sep 17 00:00:00 2001 From: Artem Goncharov Date: Thu, 20 May 2021 17:47:13 +0200 Subject: [PATCH] Switch federation_idp module to OpenStackModule Change-Id: I9de209373991c8d999b0514549ad5808981441f1 --- plugins/modules/federation_idp.py | 276 ++++++++++++++---------------- 1 file changed, 127 insertions(+), 149 deletions(-) diff --git a/plugins/modules/federation_idp.py b/plugins/modules/federation_idp.py index 1a616860..35606cca 100644 --- a/plugins/modules/federation_idp.py +++ b/plugins/modules/federation_idp.py @@ -72,124 +72,11 @@ EXAMPLES = ''' RETURN = ''' ''' -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_full_argument_spec -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_module_kwargs -from ansible_collections.openstack.cloud.plugins.module_utils.openstack import openstack_cloud_from_module +from ansible_collections.openstack.cloud.plugins.module_utils.openstack import OpenStackModule -def normalize_idp(idp): - """ - Normalizes the IDP definitions so that the outputs are consistent with the - parameters - - - "enabled" (parameter) == "is_enabled" (SDK) - - "name" (parameter) == "id" (SDK) - """ - if idp is None: - return None - - _idp = idp.to_dict() - _idp['enabled'] = idp['is_enabled'] - _idp['name'] = idp['id'] - return _idp - - -def delete_identity_provider(module, sdk, cloud, idp): - """ - Delete an existing Identity Provider - - returns: the "Changed" state - """ - - if idp is None: - return False - - if module.check_mode: - return True - - try: - cloud.identity.delete_identity_provider(idp) - except sdk.exceptions.OpenStackCloudException as ex: - module.fail_json(msg='Failed to delete identity provider: {0}'.format(str(ex))) - return True - - -def create_identity_provider(module, sdk, cloud, name): - """ - Create a new Identity Provider - - returns: the "Changed" state and the new identity provider - """ - - if module.check_mode: - return True, None - - description = module.params.get('description') - enabled = module.params.get('enabled') - domain_id = module.params.get('domain_id') - remote_ids = module.params.get('remote_ids') - - if enabled is None: - enabled = True - if remote_ids is None: - remote_ids = [] - - attributes = { - 'domain_id': domain_id, - 'enabled': enabled, - 'remote_ids': remote_ids, - } - if description is not None: - attributes['description'] = description - - try: - idp = cloud.identity.create_identity_provider(id=name, **attributes) - except sdk.exceptions.OpenStackCloudException as ex: - module.fail_json(msg='Failed to create identity provider: {0}'.format(str(ex))) - return (True, idp) - - -def update_identity_provider(module, sdk, cloud, idp): - """ - Update an existing Identity Provider - - returns: the "Changed" state and the new identity provider - """ - - description = module.params.get('description') - enabled = module.params.get('enabled') - domain_id = module.params.get('domain_id') - remote_ids = module.params.get('remote_ids') - - attributes = {} - - if (description is not None) and (description != idp.description): - attributes['description'] = description - if (enabled is not None) and (enabled != idp.is_enabled): - attributes['enabled'] = enabled - if (domain_id is not None) and (domain_id != idp.domain_id): - attributes['domain_id'] = domain_id - if (remote_ids is not None) and (remote_ids != idp.remote_ids): - attributes['remote_ids'] = remote_ids - - if not attributes: - return False, idp - - if module.check_mode: - return True, None - - try: - new_idp = cloud.identity.update_identity_provider(idp, **attributes) - except sdk.exceptions.OpenStackCloudException as ex: - module.fail_json(msg='Failed to update identity provider: {0}'.format(str(ex))) - return (True, new_idp) - - -def main(): - """ Module entry point """ - - argument_spec = openstack_full_argument_spec( +class IdentityFederationIdpModule(OpenStackModule): + argument_spec = dict( name=dict(required=True, aliases=['id']), state=dict(default='present', choices=['absent', 'present']), description=dict(), @@ -197,45 +84,136 @@ def main(): enabled=dict(type='bool', aliases=['is_enabled']), remote_ids=dict(type='list', elements='str'), ) - module_kwargs = openstack_module_kwargs( - ) - module = AnsibleModule( - argument_spec, + module_kwargs = dict( supports_check_mode=True, - **module_kwargs ) - name = module.params.get('name') - state = module.params.get('state') - changed = False + def normalize_idp(self, idp): + """ + Normalizes the IDP definitions so that the outputs are consistent with the + parameters - sdk, cloud = openstack_cloud_from_module(module, min_version="0.44") - - try: - idp = cloud.identity.get_identity_provider(name) - except sdk.exceptions.ResourceNotFound: - idp = None - except sdk.exceptions.OpenStackCloudException as ex: - module.fail_json(msg='Failed to get identity provider: {0}'.format(str(ex))) - - if state == 'absent': - if idp is not None: - changed = delete_identity_provider(module, sdk, cloud, idp) - module.exit_json(changed=changed) - - # state == 'present' - else: + - "enabled" (parameter) == "is_enabled" (SDK) + - "name" (parameter) == "id" (SDK) + """ if idp is None: - if module.params.get('domain_id') is None: - module.fail_json(msg='A domain_id must be passed when creating' - ' an identity provider') - (changed, idp) = create_identity_provider(module, sdk, cloud, name) - idp = normalize_idp(idp) - module.exit_json(changed=changed, identity_provider=idp) + return None - (changed, new_idp) = update_identity_provider(module, sdk, cloud, idp) - new_idp = normalize_idp(new_idp) - module.exit_json(changed=changed, identity_provider=new_idp) + _idp = idp.to_dict() + _idp['enabled'] = idp['is_enabled'] + _idp['name'] = idp['id'] + return _idp + + def delete_identity_provider(self, idp): + """ + Delete an existing Identity Provider + + returns: the "Changed" state + """ + if idp is None: + return False + + if self.ansible.check_mode: + return True + + self.conn.identity.delete_identity_provider(idp) + return True + + def create_identity_provider(self, name): + """ + Create a new Identity Provider + + returns: the "Changed" state and the new identity provider + """ + + if self.ansible.check_mode: + return True, None + + description = self.params.get('description') + enabled = self.params.get('enabled') + domain_id = self.params.get('domain_id') + remote_ids = self.params.get('remote_ids') + + if enabled is None: + enabled = True + if remote_ids is None: + remote_ids = [] + + attributes = { + 'domain_id': domain_id, + 'enabled': enabled, + 'remote_ids': remote_ids, + } + if description is not None: + attributes['description'] = description + + idp = self.conn.identity.create_identity_provider(id=name, **attributes) + return (True, idp) + + def update_identity_provider(self, idp): + """ + Update an existing Identity Provider + + returns: the "Changed" state and the new identity provider + """ + + description = self.params.get('description') + enabled = self.params.get('enabled') + domain_id = self.params.get('domain_id') + remote_ids = self.params.get('remote_ids') + + attributes = {} + + if (description is not None) and (description != idp.description): + attributes['description'] = description + if (enabled is not None) and (enabled != idp.is_enabled): + attributes['enabled'] = enabled + if (domain_id is not None) and (domain_id != idp.domain_id): + attributes['domain_id'] = domain_id + if (remote_ids is not None) and (remote_ids != idp.remote_ids): + attributes['remote_ids'] = remote_ids + + if not attributes: + return False, idp + + if self.ansible.check_mode: + return True, None + + new_idp = self.conn.identity.update_identity_provider(idp, **attributes) + return (True, new_idp) + + def run(self): + """ Module entry point """ + + name = self.params.get('name') + state = self.params.get('state') + changed = False + + idp = self.conn.identity.find_identity_provider(name) + + if state == 'absent': + if idp is not None: + changed = self.delete_identity_provider(idp) + self.exit_json(changed=changed) + + # state == 'present' + else: + if idp is None: + if self.params.get('domain_id') is None: + self.fail_json(msg='A domain_id must be passed when creating' + ' an identity provider') + (changed, idp) = self.create_identity_provider(name) + idp = self.normalize_idp(idp) + self.exit_json(changed=changed, identity_provider=idp) + + (changed, new_idp) = self.update_identity_provider(idp) + new_idp = self.normalize_idp(new_idp) + self.exit_json(changed=changed, identity_provider=new_idp) + + +def main(): + module = IdentityFederationIdpModule() + module() if __name__ == '__main__':