Add oVirt users/groups and users_facts/group/facts modules (#3153)

4 files changed, 539 insertions, 0 deletions

diff --git a/cloud/ovirt/ovirt_groups.py b/cloud/ovirt/ovirt_groups.py
new file mode 100644
index 00000000..7170bfab
--- /dev/null
+++ b/cloud/ovirt/ovirt_groups.py
@@ -0,0 +1,178 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Copyright (c) 2016 Red Hat, Inc.
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import traceback
+
+try:
+    import ovirtsdk4.types as otypes
+except ImportError:
+    pass
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.ovirt import (
+    BaseModule,
+    check_sdk,
+    check_params,
+    create_connection,
+    equal,
+    ovirt_full_argument_spec,
+)
+
+
+DOCUMENTATION = '''
+---
+module: ovirt_groups
+short_description: Module to manage groups in oVirt
+version_added: "2.3"
+author: "Ondra Machacek (@machacekondra)"
+description:
+    - "Module to manage groups in oVirt"
+options:
+    name:
+        description:
+            - "Name of the the group to manage."
+        required: true
+    state:
+        description:
+            - "Should the group be present/absent."
+        choices: ['present', 'absent']
+        default: present
+    authz_name:
+        description:
+            - "Authorization provider of the group. In previous versions of oVirt known as domain."
+        required: true
+        aliases: ['domain']
+    namespace:
+        description:
+            - "Namespace of the authorization provider, where group resides."
+        required: false
+extends_documentation_fragment: ovirt
+'''
+
+EXAMPLES = '''
+# Examples don't contain auth parameter for simplicity,
+# look at ovirt_auth module to see how to reuse authentication:
+
+# Add group group1 from authorization provider example.com-authz
+ovirt_groups:
+    name: group1
+    domain: example.com-authz
+
+# Add group group1 from authorization provider example.com-authz
+# In case of multi-domain Active Directory setup, you should pass
+# also namespace, so it adds correct group:
+ovirt_groups:
+    name: group1
+    namespace: dc=ad2,dc=example,dc=com
+    domain: example.com-authz
+
+# Remove group group1 with authorization provider example.com-authz
+ovirt_groups:
+    state: absent
+    name: group1
+    domain: example.com-authz
+'''
+
+RETURN = '''
+id:
+    description: ID of the group which is managed
+    returned: On success if group is found.
+    type: str
+    sample: 7de90f31-222c-436c-a1ca-7e655bd5b60c
+group:
+    description: "Dictionary of all the group attributes. Group attributes can be found on your oVirt instance
+                  at following url: https://ovirt.example.com/ovirt-engine/api/model#types/group."
+    returned: On success if group is found.
+'''
+
+
+def _group(connection, module):
+    groups = connection.system_service().groups_service().list(
+        search="name={name}".format(
+            name=module.params['name'],
+        )
+    )
+
+    # If found more groups, filter them by namespace and authz name:
+    # (filtering here, as oVirt backend doesn't support it)
+    if len(groups) > 1:
+        groups = [
+            g for g in groups if (
+                equal(module.params['namespace'], g.namespace) and
+                equal(module.params['authz_name'], g.domain.name)
+            )
+        ]
+    return groups[0] if groups else None
+
+
+class GroupsModule(BaseModule):
+
+    def build_entity(self):
+        return otypes.Group(
+            domain=otypes.Domain(
+                name=self._module.params['authz_name']
+            ),
+            name=self._module.params['name'],
+            namespace=self._module.params['namespace'],
+        )
+
+
+def main():
+    argument_spec = ovirt_full_argument_spec(
+        state=dict(
+            choices=['present', 'absent'],
+            default='present',
+        ),
+        name=dict(required=True),
+        authz_name=dict(required=True, aliases=['domain']),
+        namespace=dict(default=None),
+    )
+    module = AnsibleModule(
+        argument_spec=argument_spec,
+        supports_check_mode=True,
+    )
+    check_sdk(module)
+    check_params(module)
+
+    try:
+        connection = create_connection(module.params.pop('auth'))
+        groups_service = connection.system_service().groups_service()
+        groups_module = GroupsModule(
+            connection=connection,
+            module=module,
+            service=groups_service,
+        )
+        group = _group(connection, module)
+        state = module.params['state']
+        if state == 'present':
+            ret = groups_module.create(entity=group)
+        elif state == 'absent':
+            ret = groups_module.remove(entity=group)
+
+        module.exit_json(**ret)
+    except Exception as e:
+        module.fail_json(msg=str(e), exception=traceback.format_exc())
+    finally:
+        connection.close(logout=False)
+
+
+if __name__ == "__main__":
+    main()
diff --git a/cloud/ovirt/ovirt_groups_facts.py b/cloud/ovirt/ovirt_groups_facts.py
new file mode 100644
index 00000000..1f6ac177
--- /dev/null
+++ b/cloud/ovirt/ovirt_groups_facts.py
@@ -0,0 +1,98 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Copyright (c) 2016 Red Hat, Inc.
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import traceback
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.ovirt import (
+    check_sdk,
+    create_connection,
+    get_dict_of_struct,
+    ovirt_full_argument_spec,
+)
+
+
+DOCUMENTATION = '''
+---
+module: ovirt_groups_facts
+short_description: Retrieve facts about one or more oVirt groups
+author: "Ondra Machacek (@machacekondra)"
+version_added: "2.3"
+description:
+    - "Retrieve facts about one or more oVirt groups."
+notes:
+    - "This module creates a new top-level C(ovirt_groups) fact, which
+       contains a list of groups."
+options:
+    pattern:
+      description:
+        - "Search term which is accepted by oVirt search backend."
+        - "For example to search group X use following pattern: name=X"
+extends_documentation_fragment: ovirt
+'''
+
+EXAMPLES = '''
+# Examples don't contain auth parameter for simplicity,
+# look at ovirt_auth module to see how to reuse authentication:
+
+# Gather facts about all groups which names start with C(admin):
+- ovirt_groups_facts:
+    pattern: name=admin*
+- debug:
+    var: ovirt_groups
+'''
+
+RETURN = '''
+ovirt_groups:
+    description: "List of dictionaries describing the groups. Group attribues are mapped to dictionary keys,
+                  all groups attributes can be found at following url: https://ovirt.example.com/ovirt-engine/api/model#types/group."
+    returned: On success.
+    type: list
+'''
+
+
+def main():
+    argument_spec = ovirt_full_argument_spec(
+        pattern=dict(default='', required=False),
+    )
+    module = AnsibleModule(argument_spec)
+    check_sdk(module)
+
+    try:
+        connection = create_connection(module.params.pop('auth'))
+        groups_service = connection.system_service().groups_service()
+        groups = groups_service.list(search=module.params['pattern'])
+        module.exit_json(
+            changed=False,
+            ansible_facts=dict(
+                ovirt_groups=[
+                    get_dict_of_struct(c) for c in groups
+                ],
+            ),
+        )
+    except Exception as e:
+        module.fail_json(msg=str(e), exception=traceback.format_exc())
+    finally:
+        connection.close(logout=False)
+
+
+if __name__ == '__main__':
+    main()
diff --git a/cloud/ovirt/ovirt_users.py b/cloud/ovirt/ovirt_users.py
new file mode 100644
index 00000000..3abcefbe
--- /dev/null
+++ b/cloud/ovirt/ovirt_users.py
@@ -0,0 +1,165 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Copyright (c) 2016 Red Hat, Inc.
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import traceback
+
+try:
+    import ovirtsdk4.types as otypes
+except ImportError:
+    pass
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.ovirt import (
+    BaseModule,
+    check_sdk,
+    check_params,
+    create_connection,
+    ovirt_full_argument_spec,
+)
+
+
+DOCUMENTATION = '''
+---
+module: ovirt_users
+short_description: Module to manage users in oVirt
+version_added: "2.3"
+author: "Ondra Machacek (@machacekondra)"
+description:
+    - "Module to manage users in oVirt."
+options:
+    name:
+        description:
+            - "Name of the the user to manage. In most LDAPs it's I(uid) of the user, but in Active Directory you must specify I(UPN) of the user."
+        required: true
+    state:
+        description:
+            - "Should the user be present/absent."
+        choices: ['present', 'absent']
+        default: present
+    authz_name:
+        description:
+            - "Authorization provider of the user. In previous versions of oVirt known as domain."
+        required: true
+        aliases: ['domain']
+extends_documentation_fragment: ovirt
+'''
+
+EXAMPLES = '''
+# Examples don't contain auth parameter for simplicity,
+# look at ovirt_auth module to see how to reuse authentication:
+
+# Add user user1 from authorization provider example.com-authz
+ovirt_users:
+    name: user1
+    domain: example.com-authz
+
+# Add user user1 from authorization provider example.com-authz
+# In case of Active Directory specify UPN:
+ovirt_users:
+    name: user1@ad2.example.com
+    domain: example.com-authz
+
+# Remove user user1 with authorization provider example.com-authz
+ovirt_users:
+    state: absent
+    name: user1
+    authz_name: example.com-authz
+'''
+
+RETURN = '''
+id:
+    description: ID of the user which is managed
+    returned: On success if user is found.
+    type: str
+    sample: 7de90f31-222c-436c-a1ca-7e655bd5b60c
+user:
+    description: "Dictionary of all the user attributes. User attributes can be found on your oVirt instance
+                  at following url: https://ovirt.example.com/ovirt-engine/api/model#types/user."
+    returned: On success if user is found.
+'''
+
+
+def username(module):
+    return '{}@{}'.format(module.params['name'], module.params['authz_name'])
+
+
+class UsersModule(BaseModule):
+
+    def build_entity(self):
+        return otypes.User(
+            domain=otypes.Domain(
+                name=self._module.params['authz_name']
+            ),
+            user_name=username(self._module),
+            principal=self._module.params['name'],
+            namespace=self._module.params['namespace'],
+        )
+
+
+def main():
+    argument_spec = ovirt_full_argument_spec(
+        state=dict(
+            choices=['present', 'absent'],
+            default='present',
+        ),
+        name=dict(required=True),
+        authz_name=dict(required=True, aliases=['domain']),
+        namespace=dict(default=None),
+    )
+    module = AnsibleModule(
+        argument_spec=argument_spec,
+        supports_check_mode=True,
+    )
+    check_sdk(module)
+    check_params(module)
+
+    try:
+        connection = create_connection(module.params.pop('auth'))
+        users_service = connection.system_service().users_service()
+        users_module = UsersModule(
+            connection=connection,
+            module=module,
+            service=users_service,
+        )
+
+        state = module.params['state']
+        if state == 'present':
+            ret = users_module.create(
+                search_params={
+                    'usrname': username(module),
+                }
+            )
+        elif state == 'absent':
+            ret = users_module.remove(
+                search_params={
+                    'usrname': username(module),
+                }
+            )
+
+        module.exit_json(**ret)
+    except Exception as e:
+        module.fail_json(msg=str(e), exception=traceback.format_exc())
+    finally:
+        connection.close(logout=False)
+
+
+if __name__ == "__main__":
+    main()
diff --git a/cloud/ovirt/ovirt_users_facts.py b/cloud/ovirt/ovirt_users_facts.py
new file mode 100644
index 00000000..11f69f81
--- /dev/null
+++ b/cloud/ovirt/ovirt_users_facts.py
@@ -0,0 +1,98 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Copyright (c) 2016 Red Hat, Inc.
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+import traceback
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.ovirt import (
+    check_sdk,
+    create_connection,
+    get_dict_of_struct,
+    ovirt_full_argument_spec,
+)
+
+
+DOCUMENTATION = '''
+---
+module: ovirt_users_facts
+short_description: Retrieve facts about one or more oVirt users
+author: "Ondra Machacek (@machacekondra)"
+version_added: "2.3"
+description:
+    - "Retrieve facts about one or more oVirt users."
+notes:
+    - "This module creates a new top-level C(ovirt_users) fact, which
+       contains a list of users."
+options:
+    pattern:
+      description:
+        - "Search term which is accepted by oVirt search backend."
+        - "For example to search user X use following pattern: name=X"
+extends_documentation_fragment: ovirt
+'''
+
+EXAMPLES = '''
+# Examples don't contain auth parameter for simplicity,
+# look at ovirt_auth module to see how to reuse authentication:
+
+# Gather facts about all users which first names start with C(john):
+- ovirt_users_facts:
+    pattern: name=john*
+- debug:
+    var: ovirt_users
+'''
+
+RETURN = '''
+ovirt_users:
+    description: "List of dictionaries describing the users. User attribues are mapped to dictionary keys,
+                  all users attributes can be found at following url: https://ovirt.example.com/ovirt-engine/api/model#types/user."
+    returned: On success.
+    type: list
+'''
+
+
+def main():
+    argument_spec = ovirt_full_argument_spec(
+        pattern=dict(default='', required=False),
+    )
+    module = AnsibleModule(argument_spec)
+    check_sdk(module)
+
+    try:
+        connection = create_connection(module.params.pop('auth'))
+        users_service = connection.system_service().users_service()
+        users = users_service.list(search=module.params['pattern'])
+        module.exit_json(
+            changed=False,
+            ansible_facts=dict(
+                ovirt_users=[
+                    get_dict_of_struct(c) for c in users
+                ],
+            ),
+        )
+    except Exception as e:
+        module.fail_json(msg=str(e), exception=traceback.format_exc())
+    finally:
+        connection.close(logout=False)
+
+
+if __name__ == '__main__':
+    main()