summaryrefslogtreecommitdiff
path: root/lib/ansible/modules/cloud/azure/azure_rm_roledefinition_facts.py
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ansible/modules/cloud/azure/azure_rm_roledefinition_facts.py')
-rw-r--r--lib/ansible/modules/cloud/azure/azure_rm_roledefinition_facts.py301
1 files changed, 301 insertions, 0 deletions
diff --git a/lib/ansible/modules/cloud/azure/azure_rm_roledefinition_facts.py b/lib/ansible/modules/cloud/azure/azure_rm_roledefinition_facts.py
new file mode 100644
index 0000000000..c83dff0386
--- /dev/null
+++ b/lib/ansible/modules/cloud/azure/azure_rm_roledefinition_facts.py
@@ -0,0 +1,301 @@
+#!/usr/bin/python
+#
+# Copyright (c) 2019 Yunge Zhu, (@yungezz)
+#
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+
+DOCUMENTATION = '''
+---
+module: azure_rm_roledefinition_facts
+version_added: "2.8"
+short_description: Get Azure Role Definition facts.
+description:
+ - Get facts of Azure Role Definition.
+
+options:
+ scope:
+ description:
+ - The scope of role defintion.
+ required: True
+ id:
+ description:
+ - Role definition id.
+ role_name:
+ description: Role name.
+ type:
+ description: Type of role.
+ choices:
+ - system
+ - custom
+
+extends_documentation_fragment:
+ - azure
+
+author:
+ - "Yunge Zhu(@yungezz)"
+
+'''
+
+EXAMPLES = '''
+ - name: List Role Definitions in scope
+ azure_rm_roledefinition_facts:
+ scope: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup
+
+ - name: Get Role Definition by name
+ azure_rm_roledefinition_facts:
+ scope: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup
+ name: myRoleDefinition
+'''
+
+RETURN = '''
+roledefinitions:
+ description: A list of Role Definition facts.
+ returned: always
+ type: complex
+ contains:
+ id:
+ description: Role Definition id.
+ returned: always
+ type: str
+ sample: "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/providers/Microsoft.Authorization/roleDefinitions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+ role_name:
+ description: Role name.
+ returned: always
+ type: str
+ sample: myCustomRoleDefinition
+ name:
+ description: System assigned role name.
+ returned: always
+ type: str
+ sample: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+ assignable_scopes:
+ description:
+ - List of assignable scope of this definition.
+ returned: always
+ type: list
+ sample: "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup"
+ permissions:
+ description:
+ - List of Role Definition peremissions.
+ returned: always
+ contains:
+ actions:
+ description:
+ - List of allowed actions.
+ returned: always
+ type: list
+ sample: Microsoft.Compute/virtualMachines/read
+ not_actions:
+ description:
+ - List of denied actions.
+ returned: always
+ type: list
+ sample: Microsoft.Compute/virtualMachines/write
+ data_actions:
+ description:
+ - List of allowed data actions.
+ returned: always
+ type: list
+ sample: Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read
+ not_data_actions:
+ description:
+ - List of denied actions.
+ returned: always
+ type: list
+ sample: Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write
+'''
+
+from ansible.module_utils.azure_rm_common import AzureRMModuleBase
+from ansible.module_utils._text import to_native
+
+try:
+ from msrestazure.azure_exceptions import CloudError
+ from msrest.serialization import Model
+ from azure.mgmt.authorization import AuthorizationManagementClient
+
+except ImportError:
+ # This is handled in azure_rm_common
+ pass
+
+
+def roledefinition_to_dict(role):
+ result = dict(
+ id=role.id,
+ name=role.name,
+ type=role.role_type,
+ assignable_scopes=role.assignable_scopes,
+ description=role.description,
+ role_name=role.role_name
+ )
+ if role.permissions:
+ result['permissions'] = [dict(
+ actions=p.actions,
+ not_actions=p.not_actions,
+ data_actions=p.data_actions,
+ not_data_actions=p.not_data_actions
+ ) for p in role.permissions]
+ return result
+
+
+class AzureRMRoleDefinitionFacts(AzureRMModuleBase):
+ def __init__(self):
+ self.module_arg_spec = dict(
+ scope=dict(
+ type='str',
+ required='true'
+ ),
+ role_name=dict(type='str'),
+ id=dict(type='str'),
+ type=dict(
+ type='str',
+ choices=['custom', 'system'])
+ )
+
+ self.role_name = None
+ self.scope = None
+ self.id = None
+ self.type = None
+
+ self.results = dict(
+ changed=False
+ )
+
+ self._client = None
+
+ super(AzureRMRoleDefinitionFacts, self).__init__(derived_arg_spec=self.module_arg_spec,
+ supports_tags=False)
+
+ def exec_module(self, **kwargs):
+ """Main module execution method"""
+
+ for key in list(self.module_arg_spec.keys()):
+ if hasattr(self, key):
+ setattr(self, key, kwargs[key])
+
+ if self.type:
+ self.type = self.get_role_type(self.type)
+
+ # get management client
+ self._client = self.get_mgmt_svc_client(AuthorizationManagementClient,
+ base_url=self._cloud_environment.endpoints.resource_manager,
+ api_version="2018-01-01-preview")
+
+ if self.id:
+ self.results['roledefinitions'] = self.get_by_id()
+ elif self.role_name:
+ self.results['roledefinitions'] = self.get_by_role_name()
+ else:
+ self.results['roledefinitions'] = self.list()
+
+ return self.results
+
+ def get_role_type(self, role_type):
+ if role_type:
+ if role_type == 'custom':
+ return 'CustomRole'
+ else:
+ return 'SystemRole'
+ return role_type
+
+ def list(self):
+ '''
+ List Role Definition in scope.
+
+ :return: deserialized Role Definition state dictionary
+ '''
+ self.log("List Role Definition in scope {0}".format(self.scope))
+
+ response = []
+
+ try:
+ response = list(self._client.role_definitions.list(scope=self.scope))
+
+ if len(response) > 0:
+ self.log("Response : {0}".format(response))
+ roles = []
+
+ if self.type:
+ roles = [r for r in response if r.role_type == self.type]
+ else:
+ roles = response
+
+ if len(roles) > 0:
+ return [roledefinition_to_dict(r) for r in roles]
+
+ except CloudError as ex:
+ self.log("Didn't find role definition in scope {0}".format(self.scope))
+
+ return []
+
+ def get_by_id(self):
+ '''
+ Get Role Definition in scope by id.
+
+ :return: deserialized Role Definition state dictionary
+ '''
+ self.log("Get Role Definition by id {0}".format(self.id))
+
+ response = None
+
+ try:
+ response = self._client.role_definitions.get(scope=self.scope, role_definition_id=self.id)
+ if response:
+ response = roledefinition_to_dict(response)
+ if self.type:
+ if response.role_type == self.type:
+ return response
+ else:
+ return response
+
+ except CloudError as ex:
+ self.log("Didn't find role definition by id {0}".format(self.id))
+
+ return []
+
+ def get_by_role_name(self):
+ '''
+ Get Role Definition in scope by role name.
+
+ :return: deserialized role definition state dictionary
+ '''
+ self.log("Get Role Definition by name {0}".format(self.role_name))
+
+ response = None
+
+ try:
+ response = self.list()
+
+ if len(response) > 0:
+ roles = []
+ for r in response:
+ if r['role_name'] == self.role_name:
+ roles.append(r)
+
+ if len(roles) == 1:
+ self.log("Role Definition : {0} found".format(self.role_name))
+ return roles[0]
+ if len(roles) > 1:
+ self.fail("Found multiple Role Definitions with name: {0}".format(self.role_name))
+
+ except CloudError as ex:
+ self.log("Didn't find Role Definition by name {0}".format(self.role_name))
+
+ return []
+
+
+def main():
+ """Main execution"""
+ AzureRMRoleDefinitionFacts()
+
+
+if __name__ == '__main__':
+ main()
View Lorry Controller Status