awx/lib/ansible/modules/web_infrastructure/ansible_tower/tower_credential.py

#!/usr/bin/python
#coding: utf-8 -*-

# (c) 2017, Wayne Witzel III <wayne@riotousliving.com>
#
# This module is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This software is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this software.  If not, see <http://www.gnu.org/licenses/>.

ANSIBLE_METADATA = {'status': ['preview'],
                    'supported_by': 'community',
                    'version': '1.0'}

DOCUMENTATION = '''
---
module: tower_credential
version_added: "2.3"
short_description: create, update, or destroy Ansible Tower credential.
description:
    - Create, update, or destroy Ansible Tower credentials. See
      U(https://www.ansible.com/tower) for an overview.
options:
    name:
      description:
        - The name to use for the credential.
      required: True
    description:
      description:
        - The description to use for the credential.
    user:
      description:
        - User that should own this credential.
      required: False
      default: null
    team:
      description:
        - Team that should own this credential.
      required: False
      default: null
    project:
      description:
        - Project that should for this credential.
      required: False
      default: null
    organization:
      description:
        - Organization that should own the credential.
      required: False
      default: null
    kind:
      description:
        - Type of credential being added.
      required: True
      choices: ["ssh", "net", "scm", "aws", "rax", "vmware", "satellite6", "cloudforms", "gce", "azure", "azure_rm", "openstack"]
    host:
      description:
        - Host for this credential.
      required: False
      default: null
    username:
      description:
        - Username for this credential. access_key for AWS.
      required: False
      default: null
    password:
      description:
        - Password for this credential. Use ASK for prompting. secret_key for AWS. api_key for RAX.
      required: False
      default: null
    ssh_key_data:
      description:
        - Path to SSH private key.
      required: False
      default: null
    ssh_key_unlock:
      description:
        - Unlock password for ssh_key. Use ASK for prompting.
    authorize:
      description:
        - Should use authroize for net type.
      required: False
      default: False
    authorize_password:
      description:
        - Password for net credentials that require authroize.
      required: False
      default: null
    client:
      description:
        - Client or application ID for azure_rm type.
      required: False
      default: null
    secret:
      description:
        - Secret token for azure_rm type.
      required: False
      default: null
    subscription:
      description:
        - Subscription ID for azure_rm type.
      required: False
      default: null
    tenant:
      description:
        - Tenant ID for azure_rm type.
      required: False
      default: null
    domain:
      description:
        - Domain for openstack type.
      required: False
      default: null
    become_method:
      description:
        - Become method to Use for privledge escalation.
      required: False
      choices: ["None", "sudo", "su", "pbrun", "pfexec"]
      default: "None"
    become_username:
      description:
        - Become username. Use ASK for prompting.
      required: False
      default: null
    become_password:
      description:
        - Become password. Use ASK for prompting.
      required: False
      default: null
    vault_password:
      description:
        - Valut password. Use ASK for prompting.
    state:
      description:
        - Desired state of the resource.
      required: False
      default: "present"
      choices: ["present", "absent"]
    tower_host:
      description:
        - URL to your Tower instance.
      required: False
      default: null
    tower_username:
        description:
          - Username for your Tower instance.
        required: False
        default: null
    tower_password:
        description:
          - Password for your Tower instance.
        required: False
        default: null
    tower_verify_ssl:
        description:
          - Dis/allow insecure connections to Tower. If C(no), SSL certificates will not be validated.
            This should only be used on personally controlled sites using self-signed certificates.
        required: False
        default: True
    tower_config_file:
      description:
        - Path to the Tower config file. See notes.
      required: False
      default: null


requirements:
  - "python >= 2.6"
  - "ansible-tower-cli >= 3.0.2"

notes:
  - If no I(config_file) is provided we will attempt to use the tower-cli library
    defaults to find your Tower host information.
  - I(config_file) should contain Tower configuration in the following format
      host=hostname
      username=username
      password=password
'''


EXAMPLES = '''
- name: Add tower credential
  tower_credential:
    name: Team Name
    description: Team Description
    organization: test-org
    state: present
    tower_config_file: "~/tower_cli.cfg"
'''

try:
    import os
    import tower_cli
    import tower_cli.utils.exceptions as exc

    from tower_cli.conf import settings
    from ansible.module_utils.ansible_tower import tower_auth_config, tower_check_mode

    HAS_TOWER_CLI = True
except ImportError:
    HAS_TOWER_CLI = False


def main():
    module = AnsibleModule(
        argument_spec = dict(
            name = dict(required=True),
            user = dict(),
            team = dict(),
            kind = dict(required=True,
                        choices=["ssh", "net", "scm", "aws", "rax", "vmware", "satellite6",
                                 "cloudforms", "gce", "azure", "azure_rm", "openstack"]),
            host = dict(),
            username = dict(),
            password = dict(no_log=True),
            ssh_key_data = dict(no_log=True),
            ssh_key_unlock = dict(no_log=True),
            authorize = dict(type='bool', default=False),
            authorize_password = dict(no_log=True),
            client = dict(),
            secret = dict(),
            tenant = dict(),
            subscription = dict(),
            domain = dict(),
            become_method = dict(),
            become_username = dict(),
            become_password = dict(no_log=True),
            vault_password = dict(no_log=True),
            description = dict(),
            organization = dict(required=True),
            project = dict(),
            tower_host = dict(),
            tower_username = dict(),
            tower_password = dict(no_log=True),
            tower_verify_ssl = dict(type='bool', default=True),
            tower_config_file = dict(type='path'),
            state = dict(choices=['present', 'absent'], default='present'),
        ),
        supports_check_mode=True
    )

    if not HAS_TOWER_CLI:
        module.fail_json(msg='ansible-tower-cli required for this module')

    name = module.params.get('name')
    organization = module.params.get('organization')
    state = module.params.get('state')

    json_output = {'credential': name, 'state': state}

    tower_auth = tower_auth_config(module)
    with settings.runtime_values(**tower_auth):
        tower_check_mode(module)
        credential = tower_cli.get_resource('credential')
        try:
            params = module.params.copy()
            params['create_on_missing'] = True

            if organization:
                org_res = tower_cli.get_resource('organization')
                org = org_res.get(name=organization)
                params['organization'] = org['id']

            if params['ssh_key_data']:
                filename = params['ssh_key_data']
                filename = os.path.expanduser(filename)
                if not os.path.exists(filename):
                    module.fail_json(msg='file not found: %s' % filename)
                if os.path.isdir(filename):
                    module.fail_json(msg='attempted to read contents of directory: %s' % filename)
                with open(filename, 'rb') as f:
                    params['ssh_key_data'] = f.read()

            if state == 'present':
                result = credential.modify(**params)
                json_output['id'] = result['id']
            elif state == 'absent':
                result = credential.delete(**params)
        except (exc.NotFound) as excinfo:
            module.fail_json(msg='Failed to update credential, organization not found: {0}'.format(excinfo), changed=False)
        except (exc.ConnectionError, exc.BadRequest, exc.NotFound) as excinfo:
            module.fail_json(msg='Failed to update credential: {0}'.format(excinfo), changed=False)

    json_output['changed'] = result['changed']
    module.exit_json(**json_output)


from ansible.module_utils.basic import AnsibleModule
if __name__ == '__main__':
    main()
Ansible Tower user and credential module (#21020) * rename tower config module parameters to avoid conflicts * add Ansible Tower user module * add Ansible Tower credential module * remove errant hash from interpreter line * friendlier error messages * Update tower_verify_ssl defaults and module examples * Update tower_verify_ssl default documentation * Tower expects satellite6 not foreman 2017-02-15 19:59:03 +03:00			`#!/usr/bin/python`
			`#coding: utf-8 -*-`

			`# (c) 2017, Wayne Witzel III <wayne@riotousliving.com>`
			`#`
			`# This module is free software: you can redistribute it and/or modify`
			`# it under the terms of the GNU General Public License as published by`
			`# the Free Software Foundation, either version 3 of the License, or`
			`# (at your option) any later version.`
			`#`
			`# This software is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this software. If not, see <http://www.gnu.org/licenses/>.`

			`ANSIBLE_METADATA = {'status': ['preview'],`
			`'supported_by': 'community',`
			`'version': '1.0'}`

			`DOCUMENTATION = '''`
			`---`
			`module: tower_credential`
			`version_added: "2.3"`
			`short_description: create, update, or destroy Ansible Tower credential.`
			`description:`
			`- Create, update, or destroy Ansible Tower credentials. See`
			`U(https://www.ansible.com/tower) for an overview.`
			`options:`
			`name:`
			`description:`
			`- The name to use for the credential.`
			`required: True`
			`description:`
			`description:`
			`- The description to use for the credential.`
			`user:`
			`description:`
			`- User that should own this credential.`
			`required: False`
			`default: null`
			`team:`
			`description:`
			`- Team that should own this credential.`
			`required: False`
			`default: null`
			`project:`
			`description:`
			`- Project that should for this credential.`
			`required: False`
			`default: null`
			`organization:`
			`description:`
			`- Organization that should own the credential.`
			`required: False`
			`default: null`
			`kind:`
			`description:`
			`- Type of credential being added.`
			`required: True`
			`choices: ["ssh", "net", "scm", "aws", "rax", "vmware", "satellite6", "cloudforms", "gce", "azure", "azure_rm", "openstack"]`
			`host:`
			`description:`
			`- Host for this credential.`
			`required: False`
			`default: null`
			`username:`
			`description:`
			`- Username for this credential. access_key for AWS.`
			`required: False`
			`default: null`
			`password:`
			`description:`
			`- Password for this credential. Use ASK for prompting. secret_key for AWS. api_key for RAX.`
			`required: False`
			`default: null`
			`ssh_key_data:`
			`description:`
			`- Path to SSH private key.`
			`required: False`
			`default: null`
			`ssh_key_unlock:`
			`description:`
			`- Unlock password for ssh_key. Use ASK for prompting.`
			`authorize:`
			`description:`
			`- Should use authroize for net type.`
			`required: False`
			`default: False`
			`authorize_password:`
			`description:`
			`- Password for net credentials that require authroize.`
			`required: False`
			`default: null`
			`client:`
			`description:`
			`- Client or application ID for azure_rm type.`
			`required: False`
			`default: null`
			`secret:`
			`description:`
			`- Secret token for azure_rm type.`
			`required: False`
			`default: null`
			`subscription:`
			`description:`
			`- Subscription ID for azure_rm type.`
			`required: False`
			`default: null`
			`tenant:`
			`description:`
			`- Tenant ID for azure_rm type.`
			`required: False`
			`default: null`
			`domain:`
			`description:`
			`- Domain for openstack type.`
			`required: False`
			`default: null`
			`become_method:`
			`description:`
			`- Become method to Use for privledge escalation.`
			`required: False`
			`choices: ["None", "sudo", "su", "pbrun", "pfexec"]`
			`default: "None"`
			`become_username:`
			`description:`
			`- Become username. Use ASK for prompting.`
			`required: False`
			`default: null`
			`become_password:`
			`description:`
			`- Become password. Use ASK for prompting.`
			`required: False`
			`default: null`
			`vault_password:`
			`description:`
			`- Valut password. Use ASK for prompting.`
			`state:`
			`description:`
			`- Desired state of the resource.`
			`required: False`
			`default: "present"`
			`choices: ["present", "absent"]`
			`tower_host:`
			`description:`
			`- URL to your Tower instance.`
			`required: False`
			`default: null`
			`tower_username:`
			`description:`
			`- Username for your Tower instance.`
			`required: False`
			`default: null`
			`tower_password:`
			`description:`
			`- Password for your Tower instance.`
			`required: False`
			`default: null`
			`tower_verify_ssl:`
			`description:`
			`- Dis/allow insecure connections to Tower. If C(no), SSL certificates will not be validated.`
			`This should only be used on personally controlled sites using self-signed certificates.`
			`required: False`
			`default: True`
			`tower_config_file:`
			`description:`
			`- Path to the Tower config file. See notes.`
			`required: False`
			`default: null`


			`requirements:`
			`- "python >= 2.6"`
			`- "ansible-tower-cli >= 3.0.2"`

			`notes:`
			`- If no I(config_file) is provided we will attempt to use the tower-cli library`
			`defaults to find your Tower host information.`
			`- I(config_file) should contain Tower configuration in the following format`
			`host=hostname`
			`username=username`
			`password=password`
			`'''`


			`EXAMPLES = '''`
			`- name: Add tower credential`
			`tower_credential:`
			`name: Team Name`
			`description: Team Description`
			`organization: test-org`
			`state: present`
			`tower_config_file: "~/tower_cli.cfg"`
			`'''`

			`try:`
			`import os`
			`import tower_cli`
			`import tower_cli.utils.exceptions as exc`

			`from tower_cli.conf import settings`
			`from ansible.module_utils.ansible_tower import tower_auth_config, tower_check_mode`

			`HAS_TOWER_CLI = True`
			`except ImportError:`
			`HAS_TOWER_CLI = False`


			`def main():`
			`module = AnsibleModule(`
			`argument_spec = dict(`
			`name = dict(required=True),`
			`user = dict(),`
			`team = dict(),`
			`kind = dict(required=True,`
			`choices=["ssh", "net", "scm", "aws", "rax", "vmware", "satellite6",`
			`"cloudforms", "gce", "azure", "azure_rm", "openstack"]),`
			`host = dict(),`
			`username = dict(),`
			`password = dict(no_log=True),`
			`ssh_key_data = dict(no_log=True),`
			`ssh_key_unlock = dict(no_log=True),`
			`authorize = dict(type='bool', default=False),`
			`authorize_password = dict(no_log=True),`
			`client = dict(),`
			`secret = dict(),`
			`tenant = dict(),`
			`subscription = dict(),`
			`domain = dict(),`
			`become_method = dict(),`
			`become_username = dict(),`
			`become_password = dict(no_log=True),`
			`vault_password = dict(no_log=True),`
			`description = dict(),`
			`organization = dict(required=True),`
			`project = dict(),`
			`tower_host = dict(),`
			`tower_username = dict(),`
			`tower_password = dict(no_log=True),`
			`tower_verify_ssl = dict(type='bool', default=True),`
			`tower_config_file = dict(type='path'),`
			`state = dict(choices=['present', 'absent'], default='present'),`
			`),`
			`supports_check_mode=True`
			`)`

			`if not HAS_TOWER_CLI:`
			`module.fail_json(msg='ansible-tower-cli required for this module')`

			`name = module.params.get('name')`
			`organization = module.params.get('organization')`
			`state = module.params.get('state')`

			`json_output = {'credential': name, 'state': state}`

			`tower_auth = tower_auth_config(module)`
			`with settings.runtime_values(**tower_auth):`
			`tower_check_mode(module)`
			`credential = tower_cli.get_resource('credential')`
			`try:`
			`params = module.params.copy()`
			`params['create_on_missing'] = True`

			`if organization:`
			`org_res = tower_cli.get_resource('organization')`
			`org = org_res.get(name=organization)`
			`params['organization'] = org['id']`

			`if params['ssh_key_data']:`
			`filename = params['ssh_key_data']`
			`filename = os.path.expanduser(filename)`
			`if not os.path.exists(filename):`
			`module.fail_json(msg='file not found: %s' % filename)`
			`if os.path.isdir(filename):`
			`module.fail_json(msg='attempted to read contents of directory: %s' % filename)`
			`with open(filename, 'rb') as f:`
			`params['ssh_key_data'] = f.read()`

			`if state == 'present':`
			`result = credential.modify(**params)`
			`json_output['id'] = result['id']`
			`elif state == 'absent':`
			`result = credential.delete(**params)`
			`except (exc.NotFound) as excinfo:`
			`module.fail_json(msg='Failed to update credential, organization not found: {0}'.format(excinfo), changed=False)`
			`except (exc.ConnectionError, exc.BadRequest, exc.NotFound) as excinfo:`
			`module.fail_json(msg='Failed to update credential: {0}'.format(excinfo), changed=False)`

			`json_output['changed'] = result['changed']`
			`module.exit_json(**json_output)`


			`from ansible.module_utils.basic import AnsibleModule`
			`if __name__ == '__main__':`
			`main()`