2017-02-15 19:59:03 +03:00
#!/usr/bin/python
2017-05-11 19:26:36 +03:00
# coding: utf-8 -*-
2017-02-15 19:59:03 +03:00
2018-09-19 17:02:27 +03:00
# Copyright: (c) 2017, Wayne Witzel III <wayne@riotousliving.com>
Remove wildcard imports
Made the following changes:
* Removed wildcard imports
* Replaced long form of GPL header with short form
* Removed get_exception usage
* Added from __future__ boilerplate
* Adjust division operator to // where necessary
For the following files:
* web_infrastructure modules
* system modules
* linode, lxc, lxd, atomic, cloudscale, dimensiondata, ovh, packet,
profitbricks, pubnub, smartos, softlayer, univention modules
* compat dirs (disabled as its used intentionally)
2017-07-28 08:55:24 +03:00
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import , division , print_function
__metaclass__ = type
2017-02-15 19:59:03 +03:00
2017-08-16 06:16:38 +03:00
ANSIBLE_METADATA = { ' metadata_version ' : ' 1.1 ' ,
2017-03-14 19:07:22 +03:00
' status ' : [ ' preview ' ] ,
' supported_by ' : ' community ' }
2017-02-15 19:59:03 +03:00
DOCUMENTATION = '''
- - -
module : tower_credential
2017-03-09 19:20:25 +03:00
author : " Wayne Witzel III (@wwitzel3) "
2017-02-15 19:59:03 +03:00
version_added : " 2.3 "
short_description : create , update , or destroy Ansible Tower credential .
description :
- Create , update , or destroy Ansible Tower credentials . See
U ( https : / / www . ansible . com / tower ) for an overview .
options :
name :
description :
- The name to use for the credential .
required : True
2019-03-06 20:44:14 +03:00
type : str
2020-03-31 07:07:46 +03:00
new_name :
2017-02-15 19:59:03 +03:00
description :
2020-03-31 07:07:46 +03:00
- Setting this option will change the existing name ( looked up via the name field .
2020-04-01 23:08:05 +03:00
required : False
2019-03-06 20:44:14 +03:00
type : str
2020-03-31 07:07:46 +03:00
description :
2017-02-15 19:59:03 +03:00
description :
2020-03-31 07:07:46 +03:00
- The description to use for the credential .
2019-03-06 20:44:14 +03:00
type : str
2017-02-15 19:59:03 +03:00
organization :
description :
- Organization that should own the credential .
2019-10-22 21:39:27 +03:00
required : False
2019-03-06 20:44:14 +03:00
type : str
2019-10-22 21:39:27 +03:00
credential_type :
description :
- Name of credential type .
2020-03-31 19:50:34 +03:00
- Will be preferred over kind
2019-10-22 21:39:27 +03:00
required : False
version_added : " 2.10 "
type : str
inputs :
description :
- > -
Credential inputs where the keys are var names used in templating .
Refer to the Ansible Tower documentation for example syntax .
2020-03-31 07:07:46 +03:00
- Any fields in this dict will take prescedence over any fields mentioned below ( i . e . host , username , etc )
2019-10-22 21:39:27 +03:00
required : False
version_added : " 2.9 "
type : dict
2020-03-31 07:07:46 +03:00
user :
description :
- User that should own this credential .
type : str
team :
description :
- Team that should own this credential .
type : str
kind :
description :
- Type of credential being added .
- The ssh choice refers to a Tower Machine credential .
- Deprecated , please use credential_type
required : False
type : str
choices : [ " ssh " , " vault " , " net " , " scm " , " aws " , " vmware " , " satellite6 " , " cloudforms " , " gce " , " azure_rm " , " openstack " , " rhv " , " insights " , " tower " ]
2017-02-15 19:59:03 +03:00
host :
description :
- Host for this credential .
2020-03-31 07:07:46 +03:00
- Deprecated , will be removed in a future release
2019-03-06 20:44:14 +03:00
type : str
2017-02-15 19:59:03 +03:00
username :
description :
2019-07-16 22:37:47 +03:00
- Username for this credential . ` ` access_key ` ` for AWS .
2020-03-31 07:07:46 +03:00
- Deprecated , please use inputs
2019-03-06 20:44:14 +03:00
type : str
2017-02-15 19:59:03 +03:00
password :
description :
2019-07-16 22:37:47 +03:00
- Password for this credential . ` ` secret_key ` ` for AWS . ` ` api_key ` ` for RAX .
- Use " ASK " and launch in Tower to be prompted .
2020-03-31 07:07:46 +03:00
- Deprecated , please use inputs
type : str
project :
description :
- Project that should use this credential for GCP .
- Deprecated , will be removed in a future release
2019-03-06 20:44:14 +03:00
type : str
2017-02-15 19:59:03 +03:00
ssh_key_data :
description :
2018-09-07 20:41:09 +03:00
- SSH private key content . To extract the content from a file path , use the lookup function ( see examples ) .
2020-03-31 07:07:46 +03:00
- Deprecated , please use inputs
2018-09-07 20:41:09 +03:00
required : False
2019-03-06 20:44:14 +03:00
type : str
2017-02-15 19:59:03 +03:00
ssh_key_unlock :
description :
2019-07-16 22:37:47 +03:00
- Unlock password for ssh_key .
- Use " ASK " and launch in Tower to be prompted .
2020-03-31 07:07:46 +03:00
- Deprecated , please use inputs
2019-03-06 20:44:14 +03:00
type : str
2017-02-15 19:59:03 +03:00
authorize :
description :
2018-03-15 06:58:50 +03:00
- Should use authorize for net type .
2020-03-31 07:07:46 +03:00
- Deprecated , please use inputs
2018-03-16 00:15:24 +03:00
type : bool
default : ' no '
2017-02-15 19:59:03 +03:00
authorize_password :
description :
2018-03-15 06:58:50 +03:00
- Password for net credentials that require authorize .
2020-03-31 07:07:46 +03:00
- Deprecated , please use inputs
2019-03-06 20:44:14 +03:00
type : str
2017-02-15 19:59:03 +03:00
client :
description :
- Client or application ID for azure_rm type .
2020-03-31 07:07:46 +03:00
- Deprecated , please use inputs
2019-03-06 20:44:14 +03:00
type : str
2018-03-16 20:28:19 +03:00
security_token :
description :
- STS token for aws type .
2020-03-31 07:07:46 +03:00
- Deprecated , please use inputs
2018-03-16 20:28:19 +03:00
version_added : " 2.6 "
2019-03-06 20:44:14 +03:00
type : str
2017-02-15 19:59:03 +03:00
secret :
description :
- Secret token for azure_rm type .
2020-03-31 07:07:46 +03:00
- Deprecated , please use inputs
2019-03-06 20:44:14 +03:00
type : str
2017-02-15 19:59:03 +03:00
subscription :
description :
- Subscription ID for azure_rm type .
2020-03-31 07:07:46 +03:00
- Deprecated , please use inputs
2019-03-06 20:44:14 +03:00
type : str
2017-02-15 19:59:03 +03:00
tenant :
description :
- Tenant ID for azure_rm type .
2020-03-31 07:07:46 +03:00
- Deprecated , please use inputs
2019-03-06 20:44:14 +03:00
type : str
2017-02-15 19:59:03 +03:00
domain :
description :
- Domain for openstack type .
2020-03-31 07:07:46 +03:00
- Deprecated , please use inputs
2019-03-06 20:44:14 +03:00
type : str
2017-02-15 19:59:03 +03:00
become_method :
description :
2019-02-18 18:49:11 +03:00
- Become method to use for privilege escalation .
2019-09-30 23:01:44 +03:00
- Some examples are " None " , " sudo " , " su " , " pbrun "
- Due to become plugins , these can be arbitrary
2020-03-31 07:07:46 +03:00
- Deprecated , please use inputs
2019-03-06 20:44:14 +03:00
type : str
2017-02-15 19:59:03 +03:00
become_username :
description :
2019-07-16 22:37:47 +03:00
- Become username .
- Use " ASK " and launch in Tower to be prompted .
2020-03-31 07:07:46 +03:00
- Deprecated , please use inputs
2019-03-06 20:44:14 +03:00
type : str
2017-02-15 19:59:03 +03:00
become_password :
description :
2019-07-16 22:37:47 +03:00
- Become password .
- Use " ASK " and launch in Tower to be prompted .
2020-03-31 07:07:46 +03:00
- Deprecated , please use inputs
2019-03-06 20:44:14 +03:00
type : str
2017-02-15 19:59:03 +03:00
vault_password :
description :
2019-07-16 22:37:47 +03:00
- Vault password .
- Use " ASK " and launch in Tower to be prompted .
2020-03-31 07:07:46 +03:00
- Deprecated , please use inputs
2019-03-06 20:44:14 +03:00
type : str
vault_id :
description :
- Vault identifier .
- This parameter is only valid if C ( kind ) is specified as C ( vault ) .
2020-03-31 07:07:46 +03:00
- Deprecated , please use inputs
2019-03-06 20:44:14 +03:00
type : str
version_added : " 2.8 "
2017-02-15 19:59:03 +03:00
state :
description :
- Desired state of the resource .
choices : [ " present " , " absent " ]
2018-03-16 00:15:24 +03:00
default : " present "
2019-03-06 20:44:14 +03:00
type : str
2020-03-31 07:07:46 +03:00
tower_oauthtoken :
description :
- The Tower OAuth token to use .
required : False
type : str
version_added : " 3.7 "
2019-09-18 15:43:36 +03:00
extends_documentation_fragment : awx . awx . auth
2017-02-15 19:59:03 +03:00
'''
EXAMPLES = '''
2020-03-31 07:07:46 +03:00
- name : Add tower machine credential
2017-02-15 19:59:03 +03:00
tower_credential :
name : Team Name
description : Team Description
organization : test - org
2020-03-31 07:07:46 +03:00
credential_type : Machine
2017-02-15 19:59:03 +03:00
state : present
tower_config_file : " ~/tower_cli.cfg "
2018-09-07 20:41:09 +03:00
- name : Create a valid SCM credential from a private_key file
tower_credential :
name : SCM Credential
organization : Default
state : present
2020-03-31 07:07:46 +03:00
credential_type : Source Control
inputs :
username : joe
password : secret
ssh_key_data : " {{ lookup( ' file ' , ' /tmp/id_rsa ' ) }} "
ssh_key_unlock : " passphrase "
2018-10-18 23:21:35 +03:00
2019-06-11 17:25:41 +03:00
- name : Fetch private key
slurp :
src : ' $HOME/.ssh/aws-private.pem '
register : aws_ssh_key
2018-10-18 23:21:35 +03:00
- name : Add Credential Into Tower
tower_credential :
name : Workshop Credential
2020-03-31 07:07:46 +03:00
credential_type : Machine
2018-10-18 23:21:35 +03:00
organization : Default
2020-03-31 07:07:46 +03:00
inputs :
ssh_key_data : " {{ aws_ssh_key[ ' content ' ] | b64decode }} "
2018-10-18 23:21:35 +03:00
run_once : true
delegate_to : localhost
2019-10-22 21:39:27 +03:00
- name : Add Credential with Custom Credential Type
tower_credential :
name : Workshop Credential
credential_type : MyCloudCredential
organization : Default
tower_username : admin
tower_password : ansible
tower_host : https : / / localhost
2017-02-15 19:59:03 +03:00
'''
2020-03-31 07:07:46 +03:00
from . . module_utils . tower_api import TowerModule
2017-02-15 19:59:03 +03:00
2018-02-22 19:17:56 +03:00
KIND_CHOICES = {
' ssh ' : ' Machine ' ,
2020-03-31 07:07:46 +03:00
' vault ' : ' Vault ' ,
2018-02-22 19:17:56 +03:00
' net ' : ' Network ' ,
' scm ' : ' Source Control ' ,
' aws ' : ' Amazon Web Services ' ,
' vmware ' : ' VMware vCenter ' ,
' satellite6 ' : ' Red Hat Satellite 6 ' ,
' cloudforms ' : ' Red Hat CloudForms ' ,
' gce ' : ' Google Compute Engine ' ,
' azure_rm ' : ' Microsoft Azure Resource Manager ' ,
' openstack ' : ' OpenStack ' ,
' rhv ' : ' Red Hat Virtualization ' ,
' insights ' : ' Insights ' ,
' tower ' : ' Ansible Tower ' ,
}
2019-10-22 21:39:27 +03:00
OLD_INPUT_NAMES = (
' authorize ' , ' authorize_password ' , ' client ' ,
' security_token ' , ' secret ' , ' tenant ' , ' subscription ' ,
' domain ' , ' become_method ' , ' become_username ' ,
' become_password ' , ' vault_password ' , ' project ' , ' host ' ,
' username ' , ' password ' , ' ssh_key_data ' , ' vault_id ' ,
' ssh_key_unlock '
)
2017-02-15 19:59:03 +03:00
def main ( ) :
2020-03-31 07:07:46 +03:00
# Any additional arguments that are not fields of the item can be added here
2018-08-02 18:17:39 +03:00
argument_spec = dict (
2017-10-02 23:21:24 +03:00
name = dict ( required = True ) ,
2020-03-31 07:07:46 +03:00
new_name = dict ( ) ,
description = dict ( ) ,
organization = dict ( ) ,
credential_type = dict ( ) ,
inputs = dict ( type = ' dict ' ) ,
2017-10-02 23:21:24 +03:00
user = dict ( ) ,
team = dict ( ) ,
2020-03-31 07:07:46 +03:00
# These are for backwards compatability
2020-02-20 20:43:22 +03:00
kind = dict ( choices = list ( KIND_CHOICES . keys ( ) ) ) ,
2017-10-02 23:21:24 +03:00
host = dict ( ) ,
username = dict ( ) ,
password = dict ( no_log = True ) ,
2020-03-31 07:07:46 +03:00
project = dict ( ) ,
ssh_key_data = dict ( no_log = True ) ,
2017-10-02 23:21:24 +03:00
ssh_key_unlock = dict ( no_log = True ) ,
2020-03-31 07:07:46 +03:00
authorize = dict ( type = ' bool ' ) ,
2017-10-02 23:21:24 +03:00
authorize_password = dict ( no_log = True ) ,
client = dict ( ) ,
2018-03-16 20:28:19 +03:00
security_token = dict ( ) ,
2020-03-31 07:07:46 +03:00
secret = dict ( no_log = True ) ,
2017-10-02 23:21:24 +03:00
subscription = dict ( ) ,
2020-03-31 07:07:46 +03:00
tenant = dict ( ) ,
2017-10-02 23:21:24 +03:00
domain = dict ( ) ,
become_method = dict ( ) ,
become_username = dict ( ) ,
become_password = dict ( no_log = True ) ,
vault_password = dict ( no_log = True ) ,
2019-03-06 20:44:14 +03:00
vault_id = dict ( ) ,
2020-03-31 07:07:46 +03:00
# End backwards compatability
state = dict ( choices = [ ' present ' , ' absent ' ] , default = ' present ' ) ,
2018-08-02 18:17:39 +03:00
)
2017-10-02 23:21:24 +03:00
2020-03-31 07:07:46 +03:00
# Create a module for ourselves
module = TowerModule ( argument_spec = argument_spec , supports_check_mode = True , required_one_of = [ [ ' kind ' , ' credential_type ' ] ] )
2017-02-15 19:59:03 +03:00
2020-03-31 07:07:46 +03:00
# Extract our parameters
2017-02-15 19:59:03 +03:00
name = module . params . get ( ' name ' )
2020-03-31 07:07:46 +03:00
new_name = module . params . get ( ' new_name ' )
description = module . params . get ( ' description ' )
2017-02-15 19:59:03 +03:00
organization = module . params . get ( ' organization ' )
2020-03-31 07:07:46 +03:00
credential_type = module . params . get ( ' credential_type ' )
inputs = module . params . get ( ' inputs ' )
user = module . params . get ( ' user ' )
team = module . params . get ( ' team ' )
# The legacy arguments are put into a hash down below
kind = module . params . get ( ' kind ' )
# End backwards compatability
2017-02-15 19:59:03 +03:00
state = module . params . get ( ' state ' )
2020-03-31 07:07:46 +03:00
# Attempt to look up the related items the user specified (these will fail the module if not found)
if organization :
org_id = module . resolve_name_to_id ( ' organizations ' , organization )
if user :
user_id = module . resolve_name_to_id ( ' users ' , user )
if team :
team_id = module . resolve_name_to_id ( ' teams ' , team )
if kind :
2020-04-01 23:08:05 +03:00
module . deprecate ( msg = ' The kind parameter has been deprecated, please use credential_type instead ' , version = " 3.6 " )
2020-03-31 07:07:46 +03:00
cred_type_id = module . resolve_name_to_id ( ' credential_types ' , credential_type if credential_type else KIND_CHOICES [ kind ] )
2020-03-31 19:50:34 +03:00
# Attempt to look up the object based on the provided name, credential type and optional organization
lookup_data = {
' name ' : name ,
' credential_type ' : cred_type_id ,
}
if organization :
lookup_data [ ' organization ' ] = org_id
credential = module . get_one ( ' credentials ' , * * { ' data ' : lookup_data } )
2020-03-31 07:07:46 +03:00
# Create credential input from legacy inputs
credential_inputs = { }
for legacy_input in OLD_INPUT_NAMES :
if module . params . get ( legacy_input ) is not None :
2020-04-01 23:08:05 +03:00
module . deprecate ( msg = ' {0} parameter has been deprecated, please use inputs instead ' . format ( legacy_input ) , version = " 3.6 " )
2020-03-31 07:07:46 +03:00
credential_inputs [ legacy_input ] = module . params . get ( legacy_input )
if inputs :
credential_inputs . update ( inputs )
# Create the data that gets sent for create and update
credential_fields = {
' name ' : new_name if new_name else name ,
' credential_type ' : cred_type_id ,
' inputs ' : credential_inputs ,
}
if description :
credential_fields [ ' description ' ] = description
if organization :
credential_fields [ ' organization ' ] = org_id
# If we don't already have a credential (and we are creating one) we can add user/team
# The API does not appear to do anything with these after creation anyway
# NOTE: We can't just add these on a modification because they are never returned from a GET so it would always cause a changed=True
if not credential :
if user :
credential_fields [ ' user ' ] = user_id
if team :
credential_fields [ ' team ' ] = team_id
if state == ' absent ' :
# If the state was absent we can let the module delete it if needed, the module will handle exiting from this
module . delete_if_needed ( credential )
elif state == ' present ' :
# If the state was present we can let the module build or update the existing group, this will return on its own
module . create_or_update_if_needed (
credential , credential_fields , endpoint = ' credentials ' , item_type = ' credential '
)
2017-02-15 19:59:03 +03:00
if __name__ == ' __main__ ' :
main ( )