ansible-collections-openstack/plugins/modules/project.py

#!/usr/bin/python
# -*- coding: utf-8 -*-

# Copyright (c) 2015 IBM Corporation
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

DOCUMENTATION = r'''
---
module: project
short_description: Manage OpenStack Identity (Keystone) projects
author: OpenStack Ansible SIG
description:
  - Create, update or delete a OpenStack Identity (Keystone) project.
options:
  name:
    description:
      - Name for the project.
      - This attribute cannot be updated.
    required: true
    type: str
  description:
    description:
      - Description for the project.
    type: str
  domain:
    description:
      - Domain name or id to create the project in if the cloud supports
        domains.
    aliases: ['domain_id']
    type: str
  extra_specs:
    description:
      - Additional properties to be associated with this project.
    type: dict
    aliases: ['properties']
  is_enabled:
    description:
      - Whether this project is enabled or not.
    aliases: ['enabled']
    type: bool
  state:
    description:
      - Should the resource be present or absent.
    choices: [present, absent]
    default: present
    type: str
requirements:
  - "python >= 3.6"
  - "openstacksdk"
extends_documentation_fragment:
  - openstack.cloud.openstack
'''

EXAMPLES = r'''
- name: Create a project
  openstack.cloud.project:
    cloud: mycloud
    description: demodescription
    domain: demoid
    is_enabled: True
    name: demoproject
    extra_specs:
      internal_alias: demo_project
    state: present

- name: Delete a project
  openstack.cloud.project:
    cloud: mycloud
    endpoint_type: admin
    name: demoproject
    state: absent
'''

RETURN = r'''
project:
  description: Dictionary describing the project.
  returned: On success when I(state) is C(present).
  type: dict
  contains:
    description:
      description: Project description
      type: str
      sample: "demodescription"
    domain_id:
      description: Domain ID to which the project belongs
      type: str
      sample: "default"
    id:
      description: Project ID
      type: str
      sample: "f59382db809c43139982ca4189404650"
    is_domain:
      description: Indicates whether the project also acts as a domain.
      type: bool
    is_enabled:
      description: Indicates whether the project is enabled
      type: bool
    name:
      description: Project name
      type: str
      sample: "demoproject"
    options:
      description: The resource options for the project
      type: dict
    parent_id:
      description: The ID of the parent of the project
      type: str
    tags:
      description: A list of associated tags
      type: list
      elements: str
'''

from ansible_collections.openstack.cloud.plugins.module_utils.openstack import OpenStackModule


class IdentityProjectModule(OpenStackModule):
    argument_spec = dict(
        description=dict(),
        domain=dict(aliases=['domain_id']),
        extra_specs=dict(type='dict', aliases=['properties']),
        is_enabled=dict(type='bool', aliases=['enabled']),
        name=dict(required=True),
        state=dict(default='present', choices=['absent', 'present'])
    )
    module_kwargs = dict(
        supports_check_mode=True
    )

    def run(self):
        state = self.params['state']

        project = self._find()

        if self.ansible.check_mode:
            self.exit_json(changed=self._will_change(state, project))

        if state == 'present' and not project:
            # Create project
            project = self._create()
            self.exit_json(changed=True,
                           project=project.to_dict(computed=False))

        elif state == 'present' and project:
            # Update project
            update = self._build_update(project)
            if update:
                project = self._update(project, update)

            self.exit_json(changed=bool(update),
                           project=project.to_dict(computed=False))

        elif state == 'absent' and project:
            # Delete project
            self._delete(project)
            self.exit_json(changed=True)

        elif state == 'absent' and not project:
            # Do nothing
            self.exit_json(changed=False)

    def _build_update(self, project):
        update = {}

        # Params name and domain are being used to find this project.

        non_updateable_keys = [k for k in []
                               if self.params[k] is not None
                               and self.params[k] != project[k]]

        if non_updateable_keys:
            self.fail_json(msg='Cannot update parameters {0}'
                               .format(non_updateable_keys))

        attributes = dict((k, self.params[k])
                          for k in ['description', 'is_enabled']
                          if self.params[k] is not None
                          and self.params[k] != project[k])

        extra_specs = self.params['extra_specs']
        if extra_specs:
            duplicate_keys = set(attributes.keys()) & set(extra_specs.keys())
            if duplicate_keys:
                raise ValueError('Duplicate key(s) in extra_specs: {0}'
                                 .format(', '.join(list(duplicate_keys))))
            for k, v in extra_specs.items():
                if v != project[k]:
                    attributes[k] = v

        if attributes:
            update['attributes'] = attributes

        return update

    def _create(self):
        kwargs = dict((k, self.params[k])
                      for k in ['description', 'is_enabled', 'name']
                      if self.params[k] is not None)

        domain_name_or_id = self.params['domain']
        if domain_name_or_id is not None:
            domain = self.conn.identity.find_domain(domain_name_or_id,
                                                    ignore_missing=False)
            kwargs['domain_id'] = domain.id

        extra_specs = self.params['extra_specs']
        if extra_specs:
            duplicate_keys = set(kwargs.keys()) & set(extra_specs.keys())
            if duplicate_keys:
                raise ValueError('Duplicate key(s) in extra_specs: {0}'
                                 .format(', '.join(list(duplicate_keys))))
            kwargs = dict(kwargs, **extra_specs)

        return self.conn.identity.create_project(**kwargs)

    def _delete(self, project):
        self.conn.identity.delete_project(project.id)

    def _find(self):
        name = self.params['name']
        kwargs = {}

        domain_name_or_id = self.params['domain']
        if domain_name_or_id is not None:
            domain = self.conn.identity.find_domain(domain_name_or_id,
                                                    ignore_missing=False)
            kwargs['domain_id'] = domain.id

        return self.conn.identity.find_project(name_or_id=name,
                                               **kwargs)

    def _update(self, project, update):
        attributes = update.get('attributes')
        if attributes:
            project = self.conn.identity.update_project(project.id,
                                                        **attributes)

        return project

    def _will_change(self, state, project):
        if state == 'present' and not project:
            return True
        elif state == 'present' and project:
            return bool(self._build_update(project))
        elif state == 'absent' and project:
            return True
        else:
            # state == 'absent' and not project:
            return False


def main():
    module = IdentityProjectModule()
    module()


if __name__ == '__main__':
    main()