diff --git a/lib/ansible/modules/cloud/vmware/vmware_local_role_facts.py b/lib/ansible/modules/cloud/vmware/vmware_local_role_facts.py new file mode 100644 index 0000000000..f5c4bb2baa --- /dev/null +++ b/lib/ansible/modules/cloud/vmware/vmware_local_role_facts.py @@ -0,0 +1,128 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Copyright: (c) 2018, Abhijeet Kasurde +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +ANSIBLE_METADATA = { + 'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community' +} + + +DOCUMENTATION = ''' +--- +module: vmware_local_role_facts +short_description: Gather facts about local roles on an ESXi host +description: + - This module can be used to gather facts about local role facts on an ESXi host +version_added: 2.7 +author: +- Abhijeet Kasurde (@Akasurde) +notes: + - Tested on ESXi 6.5 + - Be sure that the ESXi user used for login, has the appropriate rights to view roles +requirements: + - "python >= 2.6" + - PyVmomi +extends_documentation_fragment: vmware.documentation +''' + +EXAMPLES = ''' +- name: Gather facts about local role from an ESXi + vmware_local_role_facts: + hostname: '{{ esxi_hostname }}' + username: '{{ esxi_username }}' + password: '{{ esxi_password }}' + register: fact_details + delegate_to: localhost +- name: Get Admin privileges + set_fact: + admin_priv: "{{ fact_details.local_role_facts['Admin']['privileges'] }}" +- debug: + msg: "{{ admin_priv }}" +''' + +RETURN = r''' +local_role_facts: + description: Facts about role present on ESXi host + returned: always + type: dict + sample: { + "AnsiUser1": { + "privileges": [ + "Alarm.Acknowledge", + "Alarm.Create", + "Alarm.Delete", + "Alarm.DisableActions", + ], + "role_id": -12, + "role_info_label": "Ansible User", + "role_info_summary": "Ansible Automation user", + "role_system": true + }, + "NoAccess": { + "privileges": [], + "role_id": -5, + "role_info_label": "No access", + "role_info_summary": "Used for restricting granted access", + "role_system": true + }, + "View": { + "privileges": [ + "System.Anonymous", + "System.View" + ], + "role_id": -3, + "role_info_label": "View", + "role_info_summary": "Visibility access (cannot be granted)", + "role_system": true + } + } +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.vmware import PyVmomi, vmware_argument_spec + + +class VMwareLocalRoleFacts(PyVmomi): + def __init__(self, module): + super(VMwareLocalRoleFacts, self).__init__(module) + self.module = module + self.params = module.params + + if self.content.authorizationManager is None: + self.module.fail_json(msg="Failed to get local authorization manager settings.", + details="It seems that %s is a vCenter server " + "instead of an ESXi server" % self.params['hostname']) + + def gather_local_role_facts(self): + results = dict() + for role in self.content.authorizationManager.roleList: + results[role.name] = dict( + role_id=role.roleId, + privileges=[priv_name for priv_name in role.privilege], + role_system=role.system, + role_info_label=role.info.label, + role_info_summary=role.info.summary, + ) + + self.module.exit_json(changed=False, local_role_facts=results) + + +def main(): + argument_spec = vmware_argument_spec() + module = AnsibleModule(argument_spec=argument_spec, + supports_check_mode=True) + + vmware_local_role_facts = VMwareLocalRoleFacts(module) + vmware_local_role_facts.gather_local_role_facts() + + +if __name__ == '__main__': + main() diff --git a/test/integration/targets/vmware_local_role_facts/aliases b/test/integration/targets/vmware_local_role_facts/aliases new file mode 100644 index 0000000000..32dd9d5345 --- /dev/null +++ b/test/integration/targets/vmware_local_role_facts/aliases @@ -0,0 +1,2 @@ +shippable/vcenter/group1 +cloud/vcenter diff --git a/test/integration/targets/vmware_local_role_facts/tasks/main.yml b/test/integration/targets/vmware_local_role_facts/tasks/main.yml new file mode 100644 index 0000000000..e586bb7d00 --- /dev/null +++ b/test/integration/targets/vmware_local_role_facts/tasks/main.yml @@ -0,0 +1,69 @@ +# Test code for the vmware_local_role_facts module +# Copyright: (c) 2018, Abhijeet Kasurde +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +- name: store the vcenter container ip + set_fact: + vcsim: "{{ lookup('env', 'vcenter_host') }}" +- debug: var=vcsim + +- name: Wait for Flask controller to come up online + wait_for: + host: "{{ vcsim }}" + port: 5000 + state: started + +- name: kill vcsim + uri: + url: http://{{ vcsim }}:5000/killall + +- name: start vcsim + uri: + url: http://{{ vcsim }}:5000/spawn?esx=1 + register: vcsim_instance + +- name: Wait for Flask controller to come up online + wait_for: + host: "{{ vcsim }}" + port: 443 + state: started + +- debug: var=vcsim_instance + +- name: Gather facts about local role on ESXi + vmware_local_role_facts: + hostname: "{{ vcsim }}" + username: "{{ vcsim_instance['json']['username'] }}" + password: "{{ vcsim_instance['json']['password'] }}" + validate_certs: no + register: fact_details + +- name: verify if role is defined + assert: + that: + - "{{ fact_details.changed == false }}" + - "{{ fact_details.local_role_facts['Admin']['privileges'] is defined }}" + - "{{ fact_details.local_role_facts['Admin']['role_id'] is defined }}" + - "{{ fact_details.local_role_facts['Admin']['role_info_label'] is defined }}" + - "{{ fact_details.local_role_facts['Admin']['role_info_summary'] is defined }}" + - "{{ fact_details.local_role_facts['Admin']['role_system'] is defined }}" + + +- name: Gather facts about local role on ESXi in check mode + vmware_local_role_facts: + hostname: "{{ vcsim }}" + username: "{{ vcsim_instance['json']['username'] }}" + password: "{{ vcsim_instance['json']['password'] }}" + validate_certs: no + register: fact_details + check_mode: yes + +- name: verify if role is defined in check mode + assert: + that: + - "{{ fact_details.changed == false }}" + - "{{ fact_details.local_role_facts['Admin']['privileges'] is defined }}" + - "{{ fact_details.local_role_facts['Admin']['role_id'] is defined }}" + - "{{ fact_details.local_role_facts['Admin']['role_info_label'] is defined }}" + - "{{ fact_details.local_role_facts['Admin']['role_info_summary'] is defined }}" + - "{{ fact_details.local_role_facts['Admin']['role_system'] is defined }}"