diff --git a/lib/ansible/module_utils/alicloud_ecs.py b/lib/ansible/module_utils/alicloud_ecs.py index eaa05c50..6e7857d2 100644 --- a/lib/ansible/module_utils/alicloud_ecs.py +++ b/lib/ansible/module_utils/alicloud_ecs.py @@ -39,6 +39,7 @@ import footmark.ess import footmark.sts import footmark.dns + import footmark.ram HAS_FOOTMARK = True except ImportError: HAS_FOOTMARK = False @@ -248,3 +249,31 @@ def ess_connect(module): module.fail_json(msg=str(e)) # Otherwise, no region so we fallback to the old connection method return ess + + +def sts_connect(module): + """ Return an sts connection""" + sts_params = get_profile(module.params) + # If we have a region specified, connect to its endpoint. + region = module.params.get('alicloud_region') + if region: + try: + sts = connect_to_acs(footmark.sts, region, **sts_params) + except AnsibleACSError as e: + module.fail_json(msg=str(e)) + # Otherwise, no region so we fallback to the old connection method + return sts + + +def ram_connect(module): + """ Return an ram connection""" + ram_params = get_profile(module.params) + # If we have a region specified, connect to its endpoint. + region = module.params.get('alicloud_region') + if region: + try: + ram = connect_to_acs(footmark.ram, region, **ram_params) + except AnsibleACSError as e: + module.fail_json(msg=str(e)) + # Otherwise, no region so we fallback to the old connection method + return ram diff --git a/lib/ansible/modules/cloud/alicloud/ali_ram_access_key.py b/lib/ansible/modules/cloud/alicloud/ali_ram_access_key.py new file mode 100644 index 00000000..5fa11ffd --- /dev/null +++ b/lib/ansible/modules/cloud/alicloud/ali_ram_access_key.py @@ -0,0 +1,185 @@ +#!/usr/bin/python +# Copyright (c) 2017-present Alibaba Group Holding Limited. He Guimin +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see http://www.gnu.org/licenses/. + + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: ali_ram_access_key +version_added: "2.9" +short_description: Create, Delete, Update Ram Access Key in Alibaba Cloud. +description: + - Create, Delete Ram Access Key and Update status in Alibaba Cloud. + - This module does not support idempotence +options: + state: + description: + - If I(state=present), access key will be created. + - If I(state=present) and user_access_key_id exists, access key will be updated. + - If I(state=absent), access key will be removed. + choices: ['present', 'absent'] + default: 'present' + user_name: + description: + - The username of the RAM user. + required: True + user_access_key_id: + description: + - The ID of the AccessKey to be updated. Required when update access key. + status: + description: + - The status of the AccessKey. Required when update access key. + choices: ['Active', 'Inactive'] +requirements: + - "python >= 3.6" + - "footmark >= 1.17.0" +extends_documentation_fragment: + - alicloud +author: + - "He Guimin (@xiaozhu36)" +""" + +EXAMPLES = """ +# Note: These examples do not set authentication details, see the Alibaba Cloud Guide for details. +- name: Changed. Create access key + ali_ram_access_key: + user_name: ansible + register: access + +- name: Changed. Update access key + ali_ram_access_key: + user_access_key_id: '{{ user_access_key_id }}' + user_name: ansible + status: Inactive + +- name: Changed. Delete access key + ali_ram_access_key: + state: absent + user_access_key_id: '{{ user_access_key_id }}' + user_name: ansible +""" + +RETURN = ''' +user: + description: Returns an array of complex objects as described below. + returned: always + type: complex + contains: + access_key_id: + description: The AccessKeyId. + returned: always + type: string + sample: 0wNEpMMlzy7s**** + access_key_secret: + description: The AccessKeySecret. + returned: When create access key + type: string + sample: PupkTg8jdmau1cXxYacgE736PJ**** + create_date: + description: The date and time when the AccessKey was created. + returned: always + type: string + sample: 2015-01-23T12:33:18Z + status: + description: The status of the AccessKey. + returned: always + type: string + sample: Active +''' + +import time +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.alicloud_ecs import ecs_argument_spec, ram_connect + +HAS_FOOTMARK = False + +try: + from footmark.exception import RAMResponseError + HAS_FOOTMARK = True +except ImportError: + HAS_FOOTMARK = False + + +def list_access_key(module, ram_conn, user_name): + try: + res = [] + exists = ram_conn.list_access_keys(user_name=user_name) + if exists: + for ak in exists: + res.append(ak.read()) + return res + except Exception as e: + module.fail_json(msg="Failed to get profile: {0}".format(e)) + + +def main(): + argument_spec = ecs_argument_spec() + argument_spec.update(dict( + state=dict(default='present', choices=['present', 'absent']), + user_name=dict(type='str', required=True, aliases=['name']), + user_access_key_id=dict(type='str'), + status=dict(type='str', choices=['Active', 'Inactive']) + )) + + module = AnsibleModule(argument_spec=argument_spec) + + if HAS_FOOTMARK is False: + module.fail_json(msg='footmark required for this module.') + + ram_conn = ram_connect(module) + + # Get values of variable + state = module.params['state'] + user_access_key_id = module.params['user_access_key_id'] + user_name = module.params['user_name'] + aks = list_access_key(module, ram_conn, user_name) + + changed = False + + if state == 'absent': + try: + module.exit_json(changed=ram_conn.delete_access_key(**module.params), access_key={}) + except RAMResponseError as e: + module.fail_json(msg='Unable to delete access_key, error: {}'.format(e)) + + if user_access_key_id: + try: + res = ram_conn.update_access_key(**module.params) + if res: + module.exit_json(changed=True, access_key=res.read()) + module.exit_json(changed=changed, access_key={}) + except Exception as e: + module.fail_json(msg='Unable to update access_key, error: {}'.format(e)) + if len(aks) < 2: + try: + access_key = ram_conn.create_access_key(**module.params) + module.exit_json(changed=True, access_key=access_key.read()) + except RAMResponseError as e: + module.fail_json(msg='Unable to create access_key, error: {0}'.format(e)) + + module.exit_json(changed=changed, access_key=aks) + + +if __name__ == '__main__': + main() diff --git a/lib/ansible/modules/cloud/alicloud/ali_ram_access_key_info.py b/lib/ansible/modules/cloud/alicloud/ali_ram_access_key_info.py new file mode 100644 index 00000000..76bd921a --- /dev/null +++ b/lib/ansible/modules/cloud/alicloud/ali_ram_access_key_info.py @@ -0,0 +1,116 @@ +#!/usr/bin/python +# Copyright (c) 2017-present Alibaba Group Holding Limited. He Guimin +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see http://www.gnu.org/licenses/. + + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: ali_ram_access_key_info +version_added: "2.9" +short_description: List the AccessKeys of a RAM user in Alibaba Cloud. +description: + - List the AccessKeys of a RAM user. +options: + user_name: + description: + - The username of the RAM user. If this parameter is not set when the user logs on to the console, + the AccessKeys of this user are displayed. +author: + - "He Guimin (@xiaozhu36)" +requirements: + - "python >= 3.6" + - "footmark >= 1.17.0" +extends_documentation_fragment: + - alicloud +''' + +EXAMPLES = ''' +# Note: These examples do not set authentication details, see the Alibaba Cloud Guide for details. + +- name: Get infos about all Users + ali_ram_user_info: + +- name: Get infos about a particular User using name_prefix + ali_ram_user_info: + name_prefix: "ansible" +''' + +RETURN = ''' +users: + description: Returns an array of complex objects as described below. + returned: always + type: list + sample:[ + { + access_key_id: + description: The AccessKeyId. + returned: always + type: string + sample: 0wNEpMMlzy7s**** + create_date: + description: The date and time when the AccessKey was created. + returned: always + type: string + sample: 2015-01-23T12:33:18Z + status: + description: The status of the AccessKey. + returned: always + type: string + sample: Active + } + ] +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.alicloud_ecs import ecs_argument_spec, ram_connect + +HAS_FOOTMARK = False + +try: + from footmark.exception import RAMResponseError + HAS_FOOTMARK = True +except ImportError: + HAS_FOOTMARK = False + + +def main(): + argument_spec = ecs_argument_spec() + argument_spec.update(dict( + user_name=dict(type='str'), aliases=['name']) + ) + module = AnsibleModule(argument_spec=argument_spec) + + if HAS_FOOTMARK is False: + module.fail_json(msg="Package 'footmark' required for this module.") + try: + access_key = [] + for access in ram_connect(module).list_access_keys(**module.params): + access_key.append(access.read()) + module.exit_json(changed=False, access_keys=access_key) + except Exception as e: + module.fail_json(msg=str("Unable to list access_keys, error:{0}".format(e))) + + +if __name__ == '__main__': + main() diff --git a/lib/ansible/modules/cloud/alicloud/ali_ram_group.py b/lib/ansible/modules/cloud/alicloud/ali_ram_group.py new file mode 100644 index 00000000..1839b619 --- /dev/null +++ b/lib/ansible/modules/cloud/alicloud/ali_ram_group.py @@ -0,0 +1,225 @@ +#!/usr/bin/python +# Copyright (c) 2017-present Alibaba Group Holding Limited. He Guimin +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see http://www.gnu.org/licenses/. + + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: ali_ram_group +version_added: "2.9" +short_description: Create, Delete, Update Ram Groups in Alibaba Cloud. +description: + - Create, Delete, Update group comments, name in Alibaba Cloud. + - An unique ali_ram_group module is determined by parameters group_name. +options: + state: + description: + - If I(state=present), group will be created. + - If I(state=present), group and new_group_name exists, it will be updated. + - If I(state=present), group and comments exists, it will be updated. + - If I(state=present), group and user_name exists, it will add user to group. + - If I(state=absent), group will be removed. + - If I(state=absent), group and user_name exists, it will remove user from group. + choices: ['present', 'absent'] + default: 'present' + user_name: + description: + - The username. Required when add user to group or remove user from group. + group_name: + description: + - The RAM user group name. It must be 1 to 64 characters in length. + - This is used to determine if the group already exists. + aliases: ['name'] + required: True + new_group_name: + description: + - The new group name. Required when update group name. + comments: + description: + - The comment. It must be 1 to 128 characters in length. Required when update group comments. +requirements: + - "python >= 3.6" + - "footmark >= 1.17.0" +extends_documentation_fragment: + - alicloud +author: + - "He Guimin (@xiaozhu36)" +""" + +EXAMPLES = """ +# Note: These examples do not set authentication details, see the Alibaba Cloud Guide for details. +- name: Changed. Create a new group + ali_ram_group: + group_name: ansible + comments: create for ansible + +- name: Changed. Update group comments + ali_ram_group: + group_name: ansible + comments: just create for ansible + +- name: Changed. Update group name + ali_ram_group: + group_name: ansible + new_group_name: ansible1 + +- name: Changed. Add user to group + ali_ram_group: + group_name: ansible1 + user_name: ansible + +- name: Changed. Remove user from group + ali_ram_group: + group_name: ansible1 + user_name: ansible + state: absent + +- name: Changed. Delete group + ali_ram_group: + group_name: ansible1 + state: absent +""" + +RETURN = ''' +group: + description: Returns an array of complex objects as described below. + returned: always + type: complex + contains: + comments: + description: The comment. + returned: always + type: string + sample: Development team + create_date: + description: The date and time when the RAM user group was created. + returned: always + type: string + sample: 2015-01-23T12:33:18Z + group_name: + description: The RAM user group name. + returned: alway + type: string + sample: Dev-Team + name: + description: alias of 'group_name'. + returned: always + type: string + sample: Dev-Team + update_date: + description: The date and time when a RAM user group was modified. + returned: always + type: string + sample: 2015-01-23T12:33:18Z +''' + +import time +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.alicloud_ecs import ecs_argument_spec, ram_connect + +HAS_FOOTMARK = False + +try: + from footmark.exception import RAMResponseError + HAS_FOOTMARK = True +except ImportError: + HAS_FOOTMARK = False + + +def group_exists(module, ram_conn, group_name): + try: + for g in ram_conn.list_groups(): + if g.name == group_name: + return g + return None + except Exception as e: + module.fail_json(msg="Failed to describe Groups: {0}".format(e)) + + +def main(): + argument_spec = ecs_argument_spec() + argument_spec.update(dict( + state=dict(default='present', choices=['present', 'absent']), + group_name=dict(type='str', required=True, aliases=['name']), + new_group_name=dict(type='str'), + comments=dict(type='str'), + user_name=dict(type='str') + )) + + module = AnsibleModule(argument_spec=argument_spec) + + if HAS_FOOTMARK is False: + module.fail_json(msg='footmark required for this module.') + + ram_conn = ram_connect(module) + + # Get values of variable + state = module.params['state'] + group_name = module.params['group_name'] + new_group_name = module.params['new_group_name'] + comments = module.params['comments'] + user_name = module.params['user_name'] + changed = False + + # Check if user exists + group = group_exists(module, ram_conn, group_name) + + if state == 'absent': + if user_name: + try: + changed = group.remove_user(user_name=user_name) + module.exit_json(changed=changed, group=group.read()) + except Exception as e: + module.fail_json(msg='Unable to remove user to group {0}, error: {1}'.format(group_name, e)) + if not group: + module.exit_json(changed=changed, group={}) + try: + module.exit_json(changed=group.delete(), group={}) + except RAMResponseError as ex: + module.fail_json(msg='Unable to delete group {0}, error: {1}'.format(group_name, ex)) + + if not group: + try: + group = ram_conn.create_group(**module.params) + module.exit_json(changed=True, group=group.read()) + except RAMResponseError as e: + module.fail_json(msg='Unable to create group, error: {0}'.format(e)) + + if user_name: + try: + changed = group.add_user(user_name=user_name) + except Exception as e: + module.fail_json(msg='Unable to add user to group {0}, error: {1}'.format(group_name, e)) + + if comments or new_group_name: + try: + changed = group.update(comments=comments, new_group_name=new_group_name) + except RAMResponseError as e: + module.fail_json(msg='Unable to update comments, error: {0}'.format(e)) + + module.exit_json(changed=changed, group=group.read()) + + +if __name__ == '__main__': + main() diff --git a/lib/ansible/modules/cloud/alicloud/ali_ram_group_info.py b/lib/ansible/modules/cloud/alicloud/ali_ram_group_info.py new file mode 100644 index 00000000..c3525167 --- /dev/null +++ b/lib/ansible/modules/cloud/alicloud/ali_ram_group_info.py @@ -0,0 +1,130 @@ +#!/usr/bin/python +# Copyright (c) 2017-present Alibaba Group Holding Limited. He Guimin +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see http://www.gnu.org/licenses/. + + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: ali_ram_group_info +version_added: "2.9" +short_description: Gather info on ram groups in Alibaba Cloud. +description: + - Gather info on ram groups in Alibaba Cloud. support name_prefix to filter groups. +options: + name_prefix: + description: + - Use a group name prefix to filter groups. +author: + - "He Guimin (@xiaozhu36)" +requirements: + - "python >= 3.6" + - "footmark >= 1.17.0" +extends_documentation_fragment: + - alicloud +''' + +EXAMPLES = ''' +# Note: These examples do not set authentication details, see the Alibaba Cloud Guide for details. +- name: Get the existing group with name_prefix + ali_ram_group_info: + name_prefix: ansible + +- name: Get the existing groups + ali_ram_group_info: + +''' + +RETURN = ''' +users: + description: Returns an array of complex objects as described below. + returned: always + type: list + sample:[ + { + comments: + description: The comment. + returned: always + type: string + sample: Development team + create_date: + description: The date and time when the RAM user group was created. + returned: always + type: string + sample: 2015-01-23T12:33:18Z + group_name: + description: The RAM user group name. + returned: alway + type: string + sample: Dev-Team + name: + description: alias of 'group_name'. + returned: always + type: string + sample: Dev-Team + update_date: + description: The date and time when a RAM user group was modified. + returned: always + type: string + sample: 2015-01-23T12:33:18Z + } + ] +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.alicloud_ecs import ecs_argument_spec, ram_connect + +HAS_FOOTMARK = False + +try: + from footmark.exception import RAMResponseError + HAS_FOOTMARK = True +except ImportError: + HAS_FOOTMARK = False + + +def main(): + argument_spec = ecs_argument_spec() + argument_spec.update(dict( + name_prefix=dict(type='str')) + ) + module = AnsibleModule(argument_spec=argument_spec) + + if HAS_FOOTMARK is False: + module.fail_json(msg="Package 'footmark' required for this module.") + + name_prefix = module.params['name_prefix'] + + try: + groups = [] + for group in ram_connect(module).list_groups(): + if name_prefix and not group.name.startswith(name_prefix): + continue + groups.append(group.read()) + module.exit_json(changed=False, groups=groups) + except Exception as e: + module.fail_json(msg=str("Unable to list groups, error:{0}".format(e))) + + +if __name__ == '__main__': + main() diff --git a/lib/ansible/modules/cloud/alicloud/ali_ram_login_profile.py b/lib/ansible/modules/cloud/alicloud/ali_ram_login_profile.py new file mode 100644 index 00000000..7fcde8de --- /dev/null +++ b/lib/ansible/modules/cloud/alicloud/ali_ram_login_profile.py @@ -0,0 +1,185 @@ +#!/usr/bin/python +# Copyright (c) 2017-present Alibaba Group Holding Limited. He Guimin +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see http://www.gnu.org/licenses/. + + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: ali_ram_login_profile +version_added: "2.9" +short_description: Create, Delete, Update Ram login profile in Alibaba Cloud. +description: + - Create, Delete, Update Ram login profile in Alibaba Cloud. +options: + state: + description: + - If I(state=present), ram login profile will be created. + - If I(state=present) and login profile exists, it will be updated. + - If I(state=absent), ram login profile will be removed. + default: 'present' + user_name: + description: + - The username. + aliases: ['name'] + required: True + password: + description: + - The password. + new_password: + description: + - The new password. Required when update password. + password_reset_required: + description: + - Specifies whether you need to change your password upon logon + default: False + mfa_bind_required: + description: + - Specifies whether you need to attach an MFA device upon the next logon. + default: False +requirements: + - "python >= 3.6" + - "footmark >= 1.17.0" +extends_documentation_fragment: + - alicloud +author: + - "He Guimin (@xiaozhu36)" +""" + +EXAMPLES = """ +# Note: These examples do not set authentication details, see the Alibaba Cloud Guide for details. +- name: Changed. Create login profile + ali_ram_login_profile: + user_name: ansible + password: YourPassword + password_reset_required: True + +- name: Changed. update login profile + ali_ram_login_profile: + user_name: ansible + password: YourNewPassword + +- name: Changed. Delete login profile + ali_ram_login_profile: + state: absent + user_name: ansible +""" + +RETURN = ''' +user: + description: Returns an array of complex objects as described below. + returned: always + type: complex + contains: + create_date: + description: The creation time. + returned: always + type: string + sample: 2015-01-23T12:33:18Z + mfabind_required: + description: Indicates that you must attach an MFA device. + returned: always + type: bool + sample: False + password_reset_required: + description: Indicates that you must change your password upon next logon. + returned: always + type: bool + sample: False + user_name: + description: The username. + returned: always + type: string + sample: Alice +''' +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.alicloud_ecs import ecs_argument_spec, ram_connect + +HAS_FOOTMARK = False + +try: + from footmark.exception import RAMResponseError + HAS_FOOTMARK = True +except ImportError: + HAS_FOOTMARK = False + + +def profile_exists(module, ram_conn, user_name): + try: + return ram_conn.get_login_profile(user_name=user_name) + except Exception as e: + module.fail_json(msg="Failed to get profile: {0}".format(e)) + + +def main(): + argument_spec = ecs_argument_spec() + argument_spec.update(dict( + state=dict(default='present', choices=['present', 'absent']), + user_name=dict(type='str', required=True, aliases=['name']), + password=dict(type='str'), + new_password=dict(type='str'), + password_reset_required=dict(type='bool', default=False), + mfa_bind_required=dict(type='bool', default=False) + )) + + module = AnsibleModule(argument_spec=argument_spec) + + if HAS_FOOTMARK is False: + module.fail_json(msg='footmark required for this module.') + + ram_conn = ram_connect(module) + + # Get values of variable + state = module.params['state'] + user_name = module.params['user_name'] + changed = False + + # Check if profile exists + profile = profile_exists(module, ram_conn, user_name) + # module.exit_json(changed=True, profile=profile.read()) + + if state == 'absent': + if not profile: + module.exit_json(changed=changed, profile={}) + try: + changed = ram_conn.delete_login_profile(**module.params) + module.exit_json(changed=changed, profile={}) + except RAMResponseError as ex: + module.fail_json(msg='Unable to delete profile error: {}'.format(ex)) + + if not profile: + try: + profile = ram_conn.create_login_profile(**module.params) + module.exit_json(changed=True, profile=profile.read()) + except RAMResponseError as e: + module.fail_json(msg='Unable to create profile, error: {0}'.format(e)) + + try: + changed = profile.update(**module.params) + module.exit_json(changed=changed, profile=profile.read()) + except Exception as e: + module.fail_json(msg='Unable to update profile, error: {0}'.format(e)) + + +if __name__ == '__main__': + main() diff --git a/lib/ansible/modules/cloud/alicloud/ali_ram_login_profile_info.py b/lib/ansible/modules/cloud/alicloud/ali_ram_login_profile_info.py new file mode 100644 index 00000000..a56ecfa4 --- /dev/null +++ b/lib/ansible/modules/cloud/alicloud/ali_ram_login_profile_info.py @@ -0,0 +1,113 @@ +#!/usr/bin/python +# Copyright (c) 2017-present Alibaba Group Holding Limited. He Guimin +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see http://www.gnu.org/licenses/. + + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: ali_ram_login_profile_info +version_added: "2.9" +short_description: Gather info on ram login profile in Alibaba Cloud. +description: + - Gather info on ram login profile in Alibaba Cloud. +options: + user_name : + description: + - The username. +author: + - "He Guimin (@xiaozhu36)" +requirements: + - "python >= 3.6" + - "footmark >= 1.17.0" +extends_documentation_fragment: + - alicloud +''' + +EXAMPLES = ''' +# Note: These examples do not set authentication details, see the Alibaba Cloud Guide for details. +- name: Get the existing login profile. + ali_ram_login_profile_info: + user_name: ansible + +''' + +RETURN = ''' +users: + description: Returns an array of complex objects as described below. + returned: always + type: complex + contains: + create_date: + description: The creation time. + returned: always + type: string + sample: 2015-01-23T12:33:18Z + mfabind_required: + description: Indicates that you must attach an MFA device. + returned: always + type: bool + sample: False + password_reset_required: + description: Indicates that you must change your password upon next logon. + returned: always + type: bool + sample: False + user_name: + description: The username. + returned: always + type: string + sample: Alice +''' +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.alicloud_ecs import ecs_argument_spec, ram_connect + +HAS_FOOTMARK = False + +try: + from footmark.exception import RAMResponseError + HAS_FOOTMARK = True +except ImportError: + HAS_FOOTMARK = False + + +def main(): + argument_spec = ecs_argument_spec() + argument_spec.update(dict( + user_name=dict(type='str', required=True, aliases=['name']) + )) + module = AnsibleModule(argument_spec=argument_spec) + + if HAS_FOOTMARK is False: + module.fail_json(msg="Package 'footmark' required for this module.") + + user_name = module.params['user_name'] + try: + profile = ram_connect(module).get_login_profile(user_name=user_name) + module.exit_json(changed=False, profile=profile.read()) + except Exception as e: + module.fail_json(msg=str("Unable to get profile, error:{0}".format(e))) + + +if __name__ == '__main__': + main() diff --git a/lib/ansible/modules/cloud/alicloud/ali_ram_policy.py b/lib/ansible/modules/cloud/alicloud/ali_ram_policy.py new file mode 100644 index 00000000..0b26bfb7 --- /dev/null +++ b/lib/ansible/modules/cloud/alicloud/ali_ram_policy.py @@ -0,0 +1,293 @@ +#!/usr/bin/python +# Copyright (c) 2017-present Alibaba Group Holding Limited. He Guimin +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see http://www.gnu.org/licenses/. + + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: ali_ram_policy +version_added: "2.9" +short_description: Create, Delete, Attach and Detach policy in Alibaba Cloud. +description: + - Create, Delete, Attach and Detach policy in Alibaba Cloud. + - An unique ali_ram_policy module is determined by parameters policy_name. +options: + state: + description: + - If I(state=present), policy will be created. + - If I(state=present), policy and user_name exists, will attach policy to user. + - If I(state=present), policy and group_name exists, will attach policy to group. + - If I(state=present), policy and role_name exists, will attach policy to role. + - If I(state=absent), policy will be removed. + - If I(state=absent), and user_name exists, will detach policy from user. + - If I(state=absent), and group_name exists, will detach policy from group. + - If I(state=absent), and role_name exists, will detach policy from role. + choices: ['present', 'absent'] + default: 'present' + policy_document: + description: + - The policy text. It can be up to 2048 bytes. + aliases: ['policy'] + policy_name: + description: + - The policy name. It must be 1 to 128 characters in length. + - This is used to determine if the policy already exists. + aliases: ['name'] + required: True + description: + description: + - The policy description. It must be 1 to 1,024 characters in length. + user_name: + description: + - The username of the RAM user to which the policy is attached or detached. + group_name: + description: + - The groupname of the RAM group to which the policy is attached or detached. + role_name: + description: + - The rolename of the RAM role to which the policy is attached or detached. + policy_type: + description: + - The policy type. If this parameter is left unspecified, all polices are listed. + choices: ['System', 'Custom'] +requirements: + - "python >= 3.6" + - "footmark >= 1.17.0" +extends_documentation_fragment: + - alicloud +author: + - "He Guimin (@xiaozhu36)" +""" + +EXAMPLES = """ +# Note: These examples do not set authentication details, see the Alibaba Cloud Guide for details. +- name: Changed. Create policy + ali_ram_policy: + policy_name: ansible_oss + policy_document: '{"Statement":[{"Action":["oss:*"],"Effect":"Allow","Resource":["acs:oss:*:*:*"]}],"Version":"1"}' + description: create for ansible + +- name: Changed. Attach policy to user + ali_ram_policy: + user_name: ansible + policy_name: ansible_oss + policy_type: Custom + +- name: Changed. Detach policy from user + ali_ram_policy: + state: absent + user_name: ansible + policy_name: ansible_oss + policy_type: Custom + +- name: Changed. Attach policy to group + ali_ram_policy: + group_name: ansible + policy_name: ansible_oss + policy_type: Custom + +- name: Changed. Detach policy from group + ali_ram_policy: + state: absent + group_name: ansible + policy_name: ansible_oss + policy_type: Custom + +- name: Changed. Attach policy to role + ali_ram_policy: + role_name: ansible + policy_name: ansible_oss + policy_type: Custom + +- name: Changed. Detach policy from role + ali_ram_policy: + state: absent + role_name: ansible + policy_name: ansible_oss + policy_type: Custom + +- name: Changed. Delete policy + ali_ram_policy: + state: absent + policy_name: ansible_oss +""" + +RETURN = ''' +policy: + description: Returns an array of complex objects as described below. + returned: always + type: complex + contains: + attachment_count: + description: The number of times that the policy is referenced. + returned: always + type: int + sample: 0 + create_date: + description: The date and time when the policy was created. + returned: always + type: string + sample: 2015-01-23T12:33:18Z + default_version: + description: The default version. + returned: always + type: string + sample: v1 + description: + description: The policy description. + returned: always + type: string + sample: OSS administrator + policy_name: + description: The policy name. + returned: always + type: string + sample: OSS-Administrator + name: + description: alias of 'policy_name'. + returned: always + type: string + sample: OSS-Administrator + policy_type: + description: The policy type. + returned: always + type: string + sample: Custom + update_date: + description: The date and time when the policy was modified. + returned: always + type: string + sample: 2015-01-23T12:33:18Z +''' + +import time +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.alicloud_ecs import ecs_argument_spec, ram_connect + +HAS_FOOTMARK = False + +try: + from footmark.exception import RAMResponseError + HAS_FOOTMARK = True +except ImportError: + HAS_FOOTMARK = False + + +def policy_exists(module, ram_conn, policy_name): + try: + policies = ram_conn.list_policies() + for p in policies: + if p.policy_name == policy_name: + return p + return None + except Exception as e: + module.fail_json(msg="Failed to describe Policies: {0}".format(e)) + + +def main(): + argument_spec = ecs_argument_spec() + argument_spec.update(dict( + state=dict(default='present', choices=['present', 'absent']), + policy_document=dict(type='str', aliases=['policy']), + policy_name=dict(type='str', required=True, aliases=['name']), + description=dict(type='str'), + user_name=dict(type='str'), + group_name=dict(type='str'), + role_name=dict(type='str'), + policy_type=dict(type='str', choices=['System', 'Custom'], aliases=['type']) + )) + + module = AnsibleModule(argument_spec=argument_spec) + + if HAS_FOOTMARK is False: + module.fail_json(msg='footmark required for this module.') + + ram_conn = ram_connect(module) + + # Get values of variable + state = module.params['state'] + policy_name = module.params['policy_name'] + user_name = module.params['user_name'] + group_name = module.params['group_name'] + role_name = module.params['role_name'] + policy_type = module.params['policy_type'] + changed = False + + # Check if policy exists + policy = policy_exists(module, ram_conn, policy_name) + + if state == 'absent': + if user_name: + try: + module.exit_json(changed=policy.detach_policy_from_user(user_name=user_name, policy_type=policy_type), policy=policy.read()) + except RAMResponseError as ex: + module.fail_json(msg='Unable to detach policy {0} from user {1}, error: {2}'.format(policy_name, user_name, ex)) + if group_name: + try: + module.exit_json(changed=policy.detach_policy_from_group(group_name=group_name, policy_type=policy_type), policy=policy.read()) + except RAMResponseError as ex: + module.fail_json(msg='Unable to detach policy {0} from group {1}, error: {2}'.format(policy_name, group_name, ex)) + if role_name: + try: + module.exit_json(changed=policy.detach_policy_from_role(role_name=role_name, policy_type=policy_type), policy=policy.read()) + except RAMResponseError as ex: + module.fail_json(msg='Unable to detach policy {0} from role {1}, error: {2}'.format(policy_name, role_name, ex)) + if not policy: + module.exit_json(changed=changed, policy={}) + try: + module.exit_json(changed=policy.delete(), policy={}) + except RAMResponseError as ex: + module.fail_json(msg='Unable to delete policy {0}, error: {1}'.format(policy_name, ex)) + + if not policy: + try: + policy = ram_conn.create_policy(**module.params) + module.exit_json(changed=True, policy=policy.read()) + except RAMResponseError as e: + module.fail_json(msg='Unable to create policy, error: {0}'.format(e)) + + if user_name and policy_type: + try: + changed = policy.attach_policy_to_user(policy_type=policy_type, user_name=user_name) + module.exit_json(changed=changed, policy=policy.read()) + except Exception as e: + module.fail_json(msg='Unable to attach policy to user, error: {0}'.format(e)) + + if group_name and policy_type: + try: + changed = policy.attach_policy_to_group(policy_type=policy_type, group_name=group_name) + module.exit_json(changed=changed, policy=policy.read()) + except Exception as e: + module.fail_json(msg='Unable to attach policy to group, error: {0}'.format(e)) + + if role_name and policy_type: + try: + changed = policy.attach_policy_to_role(policy_type=policy_type, role_name=role_name) + module.exit_json(changed=changed, policy=policy.read()) + except Exception as e: + module.fail_json(msg='Unable to attach policy to role, error: {0}'.format(e)) + + +if __name__ == '__main__': + main() diff --git a/lib/ansible/modules/cloud/alicloud/ali_ram_policy_info.py b/lib/ansible/modules/cloud/alicloud/ali_ram_policy_info.py new file mode 100644 index 00000000..bcf92954 --- /dev/null +++ b/lib/ansible/modules/cloud/alicloud/ali_ram_policy_info.py @@ -0,0 +1,144 @@ +#!/usr/bin/python +# Copyright (c) 2017-present Alibaba Group Holding Limited. He Guimin +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see http://www.gnu.org/licenses/. + + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: ali_ram_policy_info +version_added: "2.9" +short_description: Gather info on ram policy in Alibaba Cloud. +description: + - Gather info on ram policy in Alibaba Cloud. support name_prefix to filter policies. +options: + name_prefix: + description: + - Use a policy name prefix to filter policies. +author: + - "He Guimin (@xiaozhu36)" +requirements: + - "python >= 3.6" + - "footmark >= 1.17.0" +extends_documentation_fragment: + - alicloud +''' + +EXAMPLES = ''' +# Note: These examples do not set authentication details, see the Alibaba Cloud Guide for details. +- name: Get the existing policy + ali_ram_policy_info: + name_prefix: ansible_oss + +- name: Get the all policy + ali_ram_policy_info: +''' + +RETURN = ''' +policies: + description: Returns an array of complex objects as described below. + returned: always + type: list + sample:[ + { + attachment_count: + description: The number of times that the policy is referenced. + returned: always + type: int + sample: 0 + create_date: + description: The date and time when the policy was created. + returned: always + type: string + sample: 2015-01-23T12:33:18Z + default_version: + description: The default version. + returned: always + type: string + sample: v1 + description: + description: The policy description. + returned: always + type: string + sample: OSS administrator + policy_name: + description: The policy name. + returned: always + type: string + sample: OSS-Administrator + name: + description: alias of 'policy_name'. + returned: always + type: string + sample: OSS-Administrator + policy_type: + description: The policy type. + returned: always + type: string + sample: Custom + update_date: + description: The date and time when the policy was modified. + returned: always + type: string + sample: 2015-01-23T12:33:18Z + } + ] +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.alicloud_ecs import ecs_argument_spec, ram_connect + +HAS_FOOTMARK = False + +try: + from footmark.exception import RAMResponseError + HAS_FOOTMARK = True +except ImportError: + HAS_FOOTMARK = False + + +def main(): + argument_spec = ecs_argument_spec() + argument_spec.update(dict( + name_prefix=dict(type='str')) + ) + module = AnsibleModule(argument_spec=argument_spec) + + if HAS_FOOTMARK is False: + module.fail_json(msg="Package 'footmark' required for this module.") + + name_prefix = module.params['name_prefix'] + + try: + policies = [] + for policy in ram_connect(module).list_policies(): + if name_prefix and not policy.name.startswith(name_prefix): + continue + policies.append(policy.read()) + module.exit_json(changed=False, policies=policies) + except Exception as e: + module.fail_json(msg=str("Unable to list groups, error:{0}".format(e))) + + +if __name__ == '__main__': + main() diff --git a/lib/ansible/modules/cloud/alicloud/ali_ram_role.py b/lib/ansible/modules/cloud/alicloud/ali_ram_role.py new file mode 100644 index 00000000..049da91a --- /dev/null +++ b/lib/ansible/modules/cloud/alicloud/ali_ram_role.py @@ -0,0 +1,195 @@ +#!/usr/bin/python +# Copyright (c) 2017-present Alibaba Group Holding Limited. He Guimin +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see http://www.gnu.org/licenses/. + + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: ali_ram_role +version_added: "2.9" +short_description: Create, Delete, Update Ram Role in Alibaba Cloud. +description: + - Create, Delete, Update Role in Alibaba Cloud. + - An unique ali_ram_role module is determined by parameters role_name. +options: + state: + description: + - If I(state=present), role will be created. + - If I(state=present), and assume_role_policy_document exists, role will be updated. + - If I(state=absent), role will be removed. + choices: ['present', 'absent'] + default: 'present' + role_name: + description: + - The name of the RAM role. The specified name can be up to 64 characters in length. Format(^[a-zA-Z0-9\. @\-]+$) + - This is used to determine if the Ram role already exists. + aliases: ['name'] + required: True + assume_role_policy_document: + description: + - The policy text that specifies one or more entities entrusted to assume the RAM role. + The trusted entity can be an Alibaba Cloud account, Alibaba Cloud service, or identity provider (IdP). + - Required when C(state=present) + description: + description: + - The description of the RAM role. The description can be up to 1,024 characters in length. +requirements: + - "python >= 3.6" + - "footmark >= 1.17.0" +extends_documentation_fragment: + - alicloud +author: + - "He Guimin (@xiaozhu36)" +""" + +EXAMPLES = """ +# Note: These examples do not set authentication details, see the Alibaba Cloud Guide for details. +- name: Changed. Create a role + ali_ram_role: + role_name: ansible + policy: '{"Statement": [{"Action": "sts:AssumeRole","Effect": "Allow","Principal": {"Service": ["rds.aliyuncs.com"]}}],"Version": "1"}' + description: create for ansible + +- name: Changed. Update role + ali_ram_role: + role_name: ansible + policy: '{"Statement": [{"Action": "sts:AssumeRole","Effect": "Allow","Principal": {"Service": ["ecs.aliyuncs.com"]}}],"Version": "1"}' + +- name: Changed. Delete role + ali_ram_role: + state: absent + role_name: ansible +""" + +RETURN = ''' +user: + description: Returns an array of complex objects as described below. + returned: always + type: complex + contains: + arn: + description: The Alibaba Cloud Resource Name (ARN) of the RAM role. + returned: always + type: string + sample: acs:ram::123456789012****:role/ECSAdmin + assume_role_policy_document: + description: The policy text that specifies one or more entities entrusted to assume the RAM role. + returned: always + type: string + sample: { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "RAM": "acs:ram::123456789012****:root" } } ], "Version": "1" } + create_date: + description: The date and time when the RAM role was created. + returned: always + type: string + sample: 2015-01-23T12:33:18Z + description: + description: The description of the RAM role. + returned: always + type: string + sample: ECS administrator + role_id: + description: The ID of the RAM role. + returned: always + type: string + sample: 901234567890**** + role_name: + description: The name of the RAM role. + returned: always + type: string + sample: ECSAdmin +''' + +import json +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.alicloud_ecs import ecs_argument_spec, ram_connect + +HAS_FOOTMARK = False + +try: + from footmark.exception import RAMResponseError + HAS_FOOTMARK = True +except ImportError: + HAS_FOOTMARK = False + + +def role_exists(module, ram_conn, role_name): + try: + for r in ram_conn.list_roles(): + if r.read()['name'] == role_name: + return r + return None + except Exception as e: + module.fail_json(msg="Failed to describe Roles: {0}".format(e)) + + +def main(): + argument_spec = ecs_argument_spec() + argument_spec.update(dict( + state=dict(default='present', choices=['present', 'absent']), + role_name=dict(type='str', required=True, aliases=['name']), + assume_role_policy_document=dict(type='str', aliases=['policy']), + description=dict(type='str') + )) + + module = AnsibleModule(argument_spec=argument_spec) + + if HAS_FOOTMARK is False: + module.fail_json(msg='footmark required for this module.') + + ram_conn = ram_connect(module) + + # Get values of variable + state = module.params['state'] + role_name = module.params['role_name'] + assume_role_policy_document = module.params['assume_role_policy_document'] + changed = False + + # Check if role exists + role = role_exists(module, ram_conn, role_name) + + if state == 'absent': + if not role: + module.exit_json(changed=changed, role={}) + try: + module.exit_json(changed=role.delete(), role={}) + except RAMResponseError as ex: + module.fail_json(msg='Unable to delete role {0}, error: {1}'.format(role_name, ex)) + + if not role: + try: + role = ram_conn.create_role(**module.params) + module.exit_json(changed=True, role=role.read()) + except RAMResponseError as e: + module.fail_json(msg='Unable to create role, error: {0}'.format(e)) + + if assume_role_policy_document: + try: + changed = role.update_policy(policy=assume_role_policy_document) + module.exit_json(changed=changed, role=role.get().read()) + except RAMResponseError as e: + module.fail_json(msg='Unable to update role policy, error: {0}'.format(e)) + + +if __name__ == '__main__': + main() diff --git a/lib/ansible/modules/cloud/alicloud/ali_ram_role_info.py b/lib/ansible/modules/cloud/alicloud/ali_ram_role_info.py new file mode 100644 index 00000000..8fb780d0 --- /dev/null +++ b/lib/ansible/modules/cloud/alicloud/ali_ram_role_info.py @@ -0,0 +1,133 @@ +#!/usr/bin/python +# Copyright (c) 2017-present Alibaba Group Holding Limited. He Guimin +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see http://www.gnu.org/licenses/. + + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: ali_ram_role_info +version_added: "2.9" +short_description: Gather info on ram role in Alibaba Cloud. +description: + - Gather info on ram role in Alibaba Cloud. support name_prefix to filter roles. +options: + name_prefix: + description: + - Use a Role name prefix to filter Roles. +author: + - "He Guimin (@xiaozhu36)" +requirements: + - "python >= 3.6" + - "footmark >= 1.17.0" +extends_documentation_fragment: + - alicloud +''' + +EXAMPLES = ''' +# Note: These examples do not set authentication details, see the Alibaba Cloud Guide for details. + +- name: Get the existing role + ali_ram_role_info: + name_prefix: ansible + +''' + +RETURN = ''' +roles: + description: Returns an array of complex objects as described below. + returned: always + type: list + sample:[ + { + arn: + description: The Alibaba Cloud Resource Name (ARN) of the RAM role. + returned: always + type: string + sample: acs:ram::123456789012****:role/ECSAdmin + assume_role_policy_document: + description: The policy text that specifies one or more entities entrusted to assume the RAM role. + returned: always + type: string + sample: {"Statement": [{ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "RAM": "acs:ram::123456789012****:root" }}], "Version": "1"} + create_date: + description: The date and time when the RAM role was created. + returned: always + type: string + sample: 2015-01-23T12:33:18Z + description: + description: The description of the RAM role. + returned: always + type: string + sample: ECS administrator + role_id: + description: The ID of the RAM role. + returned: always + type: string + sample: 901234567890**** + role_name: + description: The name of the RAM role. + returned: always + type: string + sample: ECSAdmin + } + ] +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.alicloud_ecs import ecs_argument_spec, ram_connect + +HAS_FOOTMARK = False + +try: + from footmark.exception import RAMResponseError + HAS_FOOTMARK = True +except ImportError: + HAS_FOOTMARK = False + + +def main(): + argument_spec = ecs_argument_spec() + argument_spec.update(dict( + name_prefix=dict(type='str')) + ) + module = AnsibleModule(argument_spec=argument_spec) + + if HAS_FOOTMARK is False: + module.fail_json(msg="Package 'footmark' required for this module.") + + name_prefix = module.params['name_prefix'] + + try: + roles = [] + for role in ram_connect(module).list_roles(): + if name_prefix and not role.name.startswith(name_prefix): + continue + roles.append(role.get().read()) + module.exit_json(changed=False, roles=roles) + except Exception as e: + module.fail_json(msg=str("Unable to list roles, error:{0}".format(e))) + + +if __name__ == '__main__': + main() diff --git a/lib/ansible/modules/cloud/alicloud/ali_ram_user.py b/lib/ansible/modules/cloud/alicloud/ali_ram_user.py new file mode 100644 index 00000000..2bf3c164 --- /dev/null +++ b/lib/ansible/modules/cloud/alicloud/ali_ram_user.py @@ -0,0 +1,244 @@ +#!/usr/bin/python +# Copyright (c) 2017-present Alibaba Group Holding Limited. He Guimin +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see http://www.gnu.org/licenses/. + + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = """ +--- +module: ali_ram_user +version_added: "2.9" +short_description: Create, Delete, Update Ram User in Alibaba Cloud. +description: + - Create, Delete, Update Ram User in Alibaba Cloud. + - An unique ali_ram_user module is determined by parameters user_name. +options: + state: + description: + - If I(state=present), user will be created. + - If I(state=absent), user will be removed. + choices: ['present', 'absent'] + default: 'present' + user_name: + description: + - The username. It must be 1 to 64 characters in length. + - This is used to determine if the user already exists. + aliases: ['name'] + required: True + display_name: + description: + - The display name. It must be 1 to 128 characters in length. + mobile_phone: + description: + - The mobile phone number of the RAM user. International area code-mobile phone number. + email: + description: + - The email address of the RAM user. + comments: + description: + - The comment. It must be 1 to 128 characters in length. + new_user_name: + description: + - The new username of the new RAM user. It must be 1 to 64 characters in length. + new_mobile_phone: + description: + - The new mobile phone number of the RAM user. International area code-mobile phone number. + new_display_name: + description: + - The new display name. It must be 1 to 128 characters in length. + new_email: + description: + - The new email address of the RAM user. + new_comments: + description: + - The new comment. It must be 1 to 128 characters in length. +requirements: + - "python >= 3.6" + - "footmark >= 1.17.0" +extends_documentation_fragment: + - alicloud +author: + - "He Guimin (@xiaozhu36)" +""" + +EXAMPLES = """ +# Note: These examples do not set authentication details, see the Alibaba Cloud Guide for details. +- name: Changed. Create a new user + ali_ram_user: + user_name: ansible + display_name: ab + mobile_phone: 18988888888 + email: 11288222@qq.com + comments: ansible_test + +- name: Changed. Update user + ali_ram_user: + user_name: '{{ user_name }}' + new_user_name: ansible2 + +- name: Changed. Delete user + ali_ram_user: + state: absent + user_name: '{{ user_name}}' + +""" + +RETURN = ''' +user: + description: Returns an array of complex objects as described below. + returned: always + type: complex + contains: + user_name: + description: The username. + returned: always + type: string + sample: Alice + name: + description: alias of 'user_name'. + returned: always + type: string + sample: Alice + user_id: + description: The ID of the RAM user. + returned: always + type: string + sample: 122748924538**** + id: + description: alias of 'user_id'. + returned: always + type: string + sample: 122748924538**** + mobile_phone: + description: The mobile phone number of the RAM user. + returned: always + type: string + sample: 86-1860000**** + phone: + description: alias of 'mobile_phone'. + returned: always + type: string + sample: vpc-c2e00da5 + email: + description: The email address of the RAM user. + returned: always + type: string + sample: alice@example.com + display_name: + description: The display name. + returned: always + type: string + sample: Alice + create_date: + description: The date and time when the RAM user was created. + returned: always + type: string + sample: 2015-01-23T12:33:18Z + comments: + description: The comment. + returned: always + type: string + sample: ansible test +''' + +import time +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.alicloud_ecs import ecs_argument_spec, ram_connect + +HAS_FOOTMARK = False + +try: + from footmark.exception import RAMResponseError + HAS_FOOTMARK = True +except ImportError: + HAS_FOOTMARK = False + + +def user_exists(module, ram_conn, user_name): + try: + for u in ram_conn.list_users(): + if u.name == user_name: + return u + return None + except Exception as e: + module.fail_json(msg="Failed to describe Users: {0}".format(e)) + + +def main(): + argument_spec = ecs_argument_spec() + argument_spec.update(dict( + state=dict(default='present', choices=['present', 'absent']), + user_name=dict(type='str', required=True, aliases=['name']), + display_name=dict(type='str'), + mobile_phone=dict(type='str', aliases=['phone']), + email=dict(type='str'), + comments=dict(type='str'), + new_user_name=dict(type='str'), + # new_mobile_phone=dict(type='str'), + # new_display_name=dict(type='str'), + # new_email=dict(type='str'), + # new_comments=dict(type='str') + )) + + module = AnsibleModule(argument_spec=argument_spec) + + if HAS_FOOTMARK is False: + module.fail_json(msg='footmark required for this module.') + + ram_conn = ram_connect(module) + + # Get values of variable + state = module.params['state'] + user_name = module.params['user_name'] + changed = False + + # Check if user exists + user = user_exists(module, ram_conn, user_name) + + if state == 'absent': + if not user: + module.exit_json(changed=changed, user={}) + try: + module.exit_json(changed=user.delete(), user={}) + except RAMResponseError as ex: + module.fail_json(msg='Unable to delete user {0}, error: {1}'.format(user_name, ex)) + + if not user: + try: + user = ram_conn.create_user(**module.params) + module.exit_json(changed=True, user=user.read()) + except RAMResponseError as e: + module.fail_json(msg='Unable to create user, error: {0}'.format(e)) + + try: + res = user.update(**module.params) + if res: + module.exit_json(changed=True, user=res.read()) + except RAMResponseError as e: + module.fail_json(msg='Unable to update user, error: {0}'.format(e)) + + module.exit_json(changed=changed, user=user.read()) + + +if __name__ == '__main__': + main() diff --git a/lib/ansible/modules/cloud/alicloud/ali_ram_user_info.py b/lib/ansible/modules/cloud/alicloud/ali_ram_user_info.py new file mode 100644 index 00000000..408eec26 --- /dev/null +++ b/lib/ansible/modules/cloud/alicloud/ali_ram_user_info.py @@ -0,0 +1,161 @@ +#!/usr/bin/python +# Copyright (c) 2017-present Alibaba Group Holding Limited. He Guimin +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see http://www.gnu.org/licenses/. + + +__metaclass__ = type + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: ali_ram_user_info +version_added: "2.9" +short_description: Gather info on ram users in Alibaba Cloud. +description: + - Gather info on ram users in Alibaba Cloud. support name_prefix to filter users. +options: + name_prefix: + description: + - Use a User name prefix to filter Users. +author: + - "He Guimin (@xiaozhu36)" +requirements: + - "python >= 3.6" + - "footmark >= 1.17.0" +extends_documentation_fragment: + - alicloud +''' + +EXAMPLES = ''' +# Note: These examples do not set authentication details, see the Alibaba Cloud Guide for details. + +- name: Get infos about all Users + ali_ram_user_info: + +- name: Get infos about a particular User using name_prefix + ali_ram_user_info: + name_prefix: "ansible" + +''' + +RETURN = ''' +users: + description: Returns an array of complex objects as described below. + returned: always + type: list + sample:[ + { + user_name: + description: The username. + returned: always + type: string + sample: Alice + name: + description: alias of 'user_name'. + returned: always + type: string + sample: Alice + user_id: + description: The ID of the RAM user. + returned: always + type: string + sample: 122748924538**** + id: + description: alias of 'user_id'. + returned: always + type: string + sample: 122748924538**** + update_date: + description: The date and time when the user information was modified. + returned: always + type: string + sample: 2015-01-23T12:33:18Z + mobile_phone: + description: The mobile phone number of the RAM user. + returned: always + type: string + sample: 86-1860000**** + phone: + description: alias of 'mobile_phone'. + returned: always + type: string + sample: vpc-c2e00da5 + email: + description: The email address of the RAM user. + returned: always + type: string + sample: alice@example.com + display_name: + description: The display name. + returned: always + type: string + sample: Alice + create_date: + description: The date and time when the RAM user was created. + returned: always + type: string + sample: 2015-01-23T12:33:18Z + comments: + description: The comment. + returned: always + type: string + sample: ansible test + } + ] +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.alicloud_ecs import ecs_argument_spec, ram_connect + +HAS_FOOTMARK = False + +try: + from footmark.exception import RAMResponseError + HAS_FOOTMARK = True +except ImportError: + HAS_FOOTMARK = False + + +def main(): + argument_spec = ecs_argument_spec() + argument_spec.update(dict( + name_prefix=dict(type='str')) + ) + module = AnsibleModule(argument_spec=argument_spec) + + if HAS_FOOTMARK is False: + module.fail_json(msg="Package 'footmark' required for this module.") + + name_prefix = module.params['name_prefix'] + + try: + users = [] + for user in ram_connect(module).list_users(): + if name_prefix and not user.name.startswith(name_prefix): + continue + users.append(user.read()) + module.exit_json(changed=False, users=users) + except Exception as e: + module.fail_json(msg=str("Unable to list users, error:{0}".format(e))) + + +if __name__ == '__main__': + main() diff --git a/tests/ali_ram_access_key_info_test.yml b/tests/ali_ram_access_key_info_test.yml new file mode 100644 index 00000000..1aa0f055 --- /dev/null +++ b/tests/ali_ram_access_key_info_test.yml @@ -0,0 +1,9 @@ +--- +- name: Validate module ali_ram_access_key_info + hosts: localhost + remote_user: root + + tasks: + - name: No Changed. Get ram user all access key + ali_ram_access_key_info: + user_name: ansible diff --git a/tests/ali_ram_access_key_test.yml b/tests/ali_ram_access_key_test.yml new file mode 100644 index 00000000..828e6987 --- /dev/null +++ b/tests/ali_ram_access_key_test.yml @@ -0,0 +1,22 @@ +--- +- name: Validate module ali_ram_access_key + hosts: localhost + remote_user: root + + tasks: + - name: Changed. Create access key + ali_ram_access_key: + user_name: ansible + register: access + + - name: Changed. Update access key + ali_ram_access_key: + user_access_key_id: '{{ access.access_key.access_key_id }}' + user_name: ansible + status: Inactive + + - name: Changed. Delete access key + ali_ram_access_key: + state: absent + user_access_key_id: '{{ access.access_key.access_key_id }}' + user_name: ansible \ No newline at end of file diff --git a/tests/ali_ram_group_info_test.yml b/tests/ali_ram_group_info_test.yml new file mode 100644 index 00000000..bd757e64 --- /dev/null +++ b/tests/ali_ram_group_info_test.yml @@ -0,0 +1,12 @@ +--- +- name: Validate module ali_ram_group_info + hosts: localhost + remote_user: root + + tasks: + - name: Get the existing group with name_prefix + ali_ram_group_info: + name_prefix: ansible + + - name: Get the existing groups + ali_ram_group_info: diff --git a/tests/ali_ram_group_test.yml b/tests/ali_ram_group_test.yml new file mode 100644 index 00000000..f9c70625 --- /dev/null +++ b/tests/ali_ram_group_test.yml @@ -0,0 +1,48 @@ +--- +- name: Validate module ali_ram_group + hosts: localhost + remote_user: root + + tasks: + - name: Changed. Create a new group + ali_ram_group: + group_name: ansible + comments: create for ansible + + - name: Get the existing group with name_prefix + ali_ram_group_info: + name_prefix: ansible + + - name: Changed. Update group comments + ali_ram_group: + group_name: ansible + comments: just create for ansible + + - name: Get the existing group with name_prefix + ali_ram_group_info: + name_prefix: ansible + + - name: Changed. Update group name + ali_ram_group: + group_name: ansible + new_group_name: ansible1 + + - name: Get the existing group with name_prefix + ali_ram_group_info: + name_prefix: ansible1 + + - name: Changed. Add user to group + ali_ram_group: + group_name: ansible1 + user_name: ansible + + - name: Changed. Remove user from group + ali_ram_group: + group_name: ansible1 + user_name: ansible + state: absent + + - name: Changed. Delete group + ali_ram_group: + group_name: ansible1 + state: absent \ No newline at end of file diff --git a/tests/ali_ram_login_profile_info_test.yml b/tests/ali_ram_login_profile_info_test.yml new file mode 100644 index 00000000..0dd8a124 --- /dev/null +++ b/tests/ali_ram_login_profile_info_test.yml @@ -0,0 +1,9 @@ +--- +- name: Validate module ali_ram_login_profile_info + hosts: localhost + remote_user: root + + tasks: + - name: Get the existing login profile. + ali_ram_login_profile_info: + user_name: ansible \ No newline at end of file diff --git a/tests/ali_ram_login_profile_test.yml b/tests/ali_ram_login_profile_test.yml new file mode 100644 index 00000000..3783408d --- /dev/null +++ b/tests/ali_ram_login_profile_test.yml @@ -0,0 +1,20 @@ +--- +- name: Validate module ali_ram_login_profile + hosts: localhost + remote_user: root + + tasks: + - name: Changed. Create login profile + ali_ram_login_profile: + user_name: ansible + password: YourPassword + + - name: Changed. update login profile + ali_ram_login_profile: + user_name: ansible + password_reset_required: True + + - name: Changed. Delete login profile + ali_ram_login_profile: + state: absent + user_name: ansible diff --git a/tests/ali_ram_policy_info_test.yml b/tests/ali_ram_policy_info_test.yml new file mode 100644 index 00000000..55fe5b26 --- /dev/null +++ b/tests/ali_ram_policy_info_test.yml @@ -0,0 +1,12 @@ +--- +- name: Validate module ali_ram_login_policy_info + hosts: localhost + remote_user: root + + tasks: + - name: Get the existing policy + ali_ram_policy_info: + name_prefix: ansible_oss + + - name: Get the all policy + ali_ram_policy_info: \ No newline at end of file diff --git a/tests/ali_ram_policy_test.yml b/tests/ali_ram_policy_test.yml new file mode 100644 index 00000000..1260d487 --- /dev/null +++ b/tests/ali_ram_policy_test.yml @@ -0,0 +1,60 @@ +--- +- name: Validate module ali_ram_policy + hosts: localhost + remote_user: root + + tasks: + - name: Changed. Create policy + ali_ram_policy: + policy_name: ansible_oss + policy_document: '{"Statement":[{"Action":["oss:*"],"Effect":"Allow","Resource":["acs:oss:*:*:*"]}],"Version":"1"}' + description: create for ansible + + - name: Get the existing policy + ali_ram_policy_info: + name_prefix: ansible_oss + register: policies + + - name: Changed. Attach policy to user + ali_ram_policy: + user_name: ansible + policy_name: ansible_oss + policy_type: Custom + + - name: Changed. Detach policy from user + ali_ram_policy: + state: absent + user_name: ansible + policy_name: ansible_oss + policy_type: Custom + + - name: Changed. Attach policy to group + ali_ram_policy: + group_name: ansible + policy_name: ansible_oss + policy_type: Custom + + - name: Changed. Detach policy from group + ali_ram_policy: + state: absent + group_name: ansible + policy_name: ansible_oss + policy_type: Custom + + - name: Changed. Attach policy to role + ali_ram_policy: + role_name: ansible + policy_name: ansible_oss + policy_type: Custom + + - name: Changed. Detach policy from role + ali_ram_policy: + state: absent + role_name: ansible + policy_name: ansible_oss + policy_type: Custom + + - name: Changed. Delete policy + ali_ram_policy: + state: absent + policy_name: ansible_oss diff --git a/tests/ali_ram_profile_info_test.yml b/tests/ali_ram_profile_info_test.yml new file mode 100644 index 00000000..0dd8a124 --- /dev/null +++ b/tests/ali_ram_profile_info_test.yml @@ -0,0 +1,9 @@ +--- +- name: Validate module ali_ram_login_profile_info + hosts: localhost + remote_user: root + + tasks: + - name: Get the existing login profile. + ali_ram_login_profile_info: + user_name: ansible \ No newline at end of file diff --git a/tests/ali_ram_profile_test.yml b/tests/ali_ram_profile_test.yml new file mode 100644 index 00000000..b67328b0 --- /dev/null +++ b/tests/ali_ram_profile_test.yml @@ -0,0 +1,21 @@ +--- +- name: Validate module ali_ram_login_profile + hosts: localhost + remote_user: root + + tasks: + - name: Changed. Create login profile + ali_ram_login_profile: + user_name: ansible + password: YourPassword + password_reset_required: True + + - name: Changed. update login profile + ali_ram_login_profile: + user_name: ansible + password: YourNewPassword + + - name: Changed. Delete login profile + ali_ram_login_profile: + state: absent + user_name: ansible diff --git a/tests/ali_ram_role_info_test.yml b/tests/ali_ram_role_info_test.yml new file mode 100644 index 00000000..b81cc0c8 --- /dev/null +++ b/tests/ali_ram_role_info_test.yml @@ -0,0 +1,9 @@ +--- +- name: Validate module ali_ram_role_info + hosts: localhost + remote_user: root + + tasks: + - name: Get the existing role + ali_ram_role_info: + name_prefix: ansible \ No newline at end of file diff --git a/tests/ali_ram_role_test.yml b/tests/ali_ram_role_test.yml new file mode 100644 index 00000000..470bcb58 --- /dev/null +++ b/tests/ali_ram_role_test.yml @@ -0,0 +1,25 @@ +--- +- name: Validate module ali_ram_role + hosts: localhost + remote_user: root + + tasks: + - name: Changed. Create a role + ali_ram_role: + role_name: ansible + policy: '{"Statement": [{"Action": "sts:AssumeRole","Effect": "Allow","Principal": {"Service": ["rds.aliyuncs.com"]}}],"Version": "1"}' + description: create for ansible + + - name: Get the existing role + ali_ram_role_info: + name_prefix: ansible + + - name: Changed. Update role + ali_ram_role: + role_name: ansible + policy: '{"Statement": [{"Action": "sts:AssumeRole","Effect": "Allow","Principal": {"Service": ["ecs.aliyuncs.com"]}}],"Version": "1"}' + + - name: Changed. Delete role + ali_ram_role: + state: absent + role_name: ansible diff --git a/tests/ali_ram_user_info_test.yml b/tests/ali_ram_user_info_test.yml new file mode 100644 index 00000000..421f97e9 --- /dev/null +++ b/tests/ali_ram_user_info_test.yml @@ -0,0 +1,13 @@ +--- +- name: Validate module ali_ram_user_info + hosts: localhost + remote_user: root + + tasks: + - name: Get the existing user with name_prefix + ali_ram_user_info: + name_prefix: ansible + register: users + + - name: Get the existing users + ali_ram_user_info: diff --git a/tests/ali_ram_user_test.yml b/tests/ali_ram_user_test.yml new file mode 100644 index 00000000..0b6ca0cf --- /dev/null +++ b/tests/ali_ram_user_test.yml @@ -0,0 +1,43 @@ +--- +- name: Validate module ali_ram_user + hosts: localhost + remote_user: root + + tasks: + - name: Changed. Create a new user + ali_ram_user: + user_name: ansible + display_name: ab + mobile_phone: 18988888888 + email: 11288222@qq.com + comments: ansible_test + + - name: Get the existing user + ali_ram_user_info: + name_prefix: ansible + register: users + + - name: Changed. Update email + ali_ram_user: + user_name: '{{ users.users.0.name }}' + email: update_email@163.com + + - name: No Changed. Update email + ali_ram_user: + user_name: '{{ users.users.0.name }}' + email: update_email@163.com + + - name: Changed. Update user + ali_ram_user: + user_name: '{{ users.users.0.name }}' + new_user_name: ansible2 + + - name: No Changed. Update user + ali_ram_user: + user_name: '{{ users.users.0.name }}' + new_user_name: ansible2 + + - name: Changed. Delete user + ali_ram_user: + state: absent + user_name: ansible2 diff --git a/tests/ali_sts_test.yml b/tests/ali_sts_test.yml new file mode 100644 index 00000000..275f9371 --- /dev/null +++ b/tests/ali_sts_test.yml @@ -0,0 +1,15 @@ +--- +- name: Validate module ali_sts + hosts: localhost + remote_user: root + + tasks: + - name: Changed. Create assume role + ali_sts: + role_arn: acs:ram::1182725234319447:role/ansible-test-vpc + role_session_name: ansible_test + policy: '{{ policy }}' + duration_seconds: 2000 + + - name: Get caller identity + ali_sts: diff --git a/tests/group_vars/all b/tests/group_vars/all index 4b7da220..4b51f220 100644 --- a/tests/group_vars/all +++ b/tests/group_vars/all @@ -4,6 +4,7 @@ availability_zone: cn-beijing-c name: ansible-testAcc description: "Test ansible module " tags: {For: testAcc, Created: Ansible, From: provider/tests} +policy: '{"Statement": [{"Action": ["*"],"Effect": "Allow","Resource": ["*"]}],"Version":"1"}' # create vpc parameters vpc_cidr: "172.16.0.0/12"