diff --git a/lib/ansible/modules/cloud/alicloud/ali_rds_account.py b/lib/ansible/modules/cloud/alicloud/ali_rds_account.py index 588bc0d3..90720057 100644 --- a/lib/ansible/modules/cloud/alicloud/ali_rds_account.py +++ b/lib/ansible/modules/cloud/alicloud/ali_rds_account.py @@ -28,235 +28,164 @@ --- module: ali_rds_account version_added: "1.5.0" -short_description: Create, Delete, Modyfy, Reset rds account, Grant or Revoke privilege. +short_description: Create, Delete, Modyfy, Reset rds account, Grant or Revoke privilege in Alibaba Cloud. description: - This module allows the user to manage rds account. Includes support for creating, deleting, reseting and modifying rds account, granting or revoking privilege. + - An unique ali_rds_account module is co-determined by parameters db_instance_id and account_name. options: state: description: - - The state of the account after operating. + - If I(state=present), account will be created. + - If I(state=present) and account_password, account exists, it will reset account password. + - If I(state=present) and account_description exists, it will modify description. + - If I(state=present) and db_name, account_privilege exists, it will grant account privilege. + - If I(state=absent), and db_name exists, it will revoke account privilege. + - If I(state=absent), account will be removed. default: present - choices: [ 'present', 'absent'] + choices: ['present', 'absent'] db_instance_id: description: - - Id of rds instance. + - The ID of the instance. + - This is used in combination with C(account_name) to determine if the account already exists. + aliases: ['instance_id'] required: true account_name: description: - - Operation account requiring a uniqueness check. - It may consist of lower case letters, numbers and underlines, and must start with a letter and have no more than 16 characters. + - It may consist of lower case letters, numbers and underlines, and must start with a letter and have no more than 16 characters. + - This is used in combination with C(db_instance_id) to determine if the account already exists. required: true aliases: ['name'] account_password: description: - - Operation password. It may consist of letters, digits, or underlines, with a length of 6 to 32 characters, Required when C(account_password != "") + - The password of the database account. It contains 8 to 32 characters. at least three of the following four character. + types (uppercase letters, lowercase letters, digits, and special characters). + The allowed special characters are ( ! @ # $ & % ^ * ( ) _ + - = ) aliases: ['password'] - description: + account_description: description: - Account remarks, which cannot exceed 256 characters. It cannot begin with http:// , https:// . It must start with a Chinese character or English letter. It can include Chinese and English characters/letters, underlines (_), hyphens (-), and numbers. The length may be 2-256 characters, + aliases: ['description'] account_type: description: - Privilege type of account. Normal for Common privilege; Super for High privilege; Default value is Normal. - This parameter is valid for MySQL 5.5/5.6 only default: Normal aliases: ['type'] - choices: [ 'Normal', 'Super'] - db_name: + choices: ['Normal', 'Super'] + db_names: description: - - Name of the database associated with this account, Required when C(db_name != ""). + - The names of the database that the account needs to access. account_privilege: description: - - Account permission.Required when C(account_privilege != "") + - The account privilege. For MySQL and MariaDB, the values are ReadWrite, ReadOnly, DDLOnly, and DMLOnly. + For SQL Server, the values are ReadWrite, ReadOnly, and DBOwner. For PostgreSQL, the value is DBOwner. aliases: ['privilege'] - choices: ['ReadOnly', 'ReadWrite'] + choices: ['ReadOnly', 'ReadWrite', 'DDLOnly', 'DMLOnly', 'DBOwner'] author: - - "Li Qiang" + - "Li Xue" requirements: - - "python >= 2.6" - - "footmark >= 1.1.16" + - "python >= 3.6" + - "footmark >= 1.16.0" extends_documentation_fragment: - alicloud """ EXAMPLES = """ # basic provisioning example to create account -- name: create account - hosts: localhost - connection: local - vars: - alicloud_access_key: - alicloud_secret_key: - alicloud_region: cn-beijing - db_instance_id: - account_name: test - account_password: rohit@123 - description: normal account - account_type: normal - tasks: - - name: create account - ali_rds_account: - alicloud_access_key: '{{ alicloud_access_key }}' - alicloud_secret_key: '{{ alicloud_secret_key }}' - alicloud_region: '{{ alicloud_region }}' - state: present - db_instance_id: '{{ db_instance_id }}' - account_name: '{{ account_name }}' - account_password: '{{ account_password }}' - description: '{{ description }}' - account_type: '{{ account_type }}' - register: result - - debug: var=result +- name: Changed. Create rds account. + ali_rds_account: + db_instance_id: '{{ db_instance_id }}' + account_name: account + account_password: Ansible12345 + account_description: account from ansible + account_type: Normal -# basic provisioning example to modify account description -- name: modify description - hosts: localhost - connection: local - vars: - alicloud_access_key: - alicloud_secret_key: - alicloud_region: cn-beijing - db_instance_id: - account_name: test - description: normal account - tasks: - - name: modify description - ali_rds_account: - alicloud_access_key: '{{ alicloud_access_key }}' - alicloud_secret_key: '{{ alicloud_secret_key }}' - alicloud_region: '{{ alicloud_region }}' - state: present - db_instance_id: '{{ db_instance_id }}' - account_name: '{{ account_name }}' - description: '{{ description }}' - register: result - - debug: var=result +- name: Changed. Modify rds account password. + ali_rds_account: + db_instance_id: '{{ db_instance_id }}' + account_name: account + account_password: Ansible12345_new -# basic provisioning example to reset an account password -- name: Reset an account password - hosts: localhost - connection: local - vars: - alicloud_access_key: - alicloud_secret_key: - alicloud_region: cn-beijing - db_instance_id: - account_name: test - account_password: rohit@123 - tasks: - - name: reset an account password - ali_rds_account: - alicloud_access_key: '{{ alicloud_access_key }}' - alicloud_secret_key: '{{ alicloud_secret_key }}' - alicloud_region: '{{ alicloud_region }}' - state: present - db_instance_id: '{{ db_instance_id }}' - account_name: '{{ account_name }}' - account_password: '{{ account_password }}' - register: result - - debug: var=result +- name: Changed. Modify rds account description. + ali_rds_account: + db_instance_id: '{{ db_instance_id }}' + account_name: account + account_description: account from ansible -# basic provisioning example to delete an account -- name: Delete account - hosts: localhost - connection: local - vars: - alicloud_access_key: - alicloud_secret_key: - alicloud_region: cn-hongkong - state: absent - db_instance_id: - account_name: test - tasks: - - name: delete account - rds_account: - alicloud_access_key: '{{ alicloud_access_key }}' - alicloud_secret_key: '{{ alicloud_secret_key }}' - alicloud_region: '{{ alicloud_region }}' - state: present - db_instance_id: '{{ db_instance_id }}' - account_name: '{{ account_name }}' - register: result - - debug: var=result +- name: Changed. Grant rds account privilege + ali_rds_account: + db_instance_id: '{{ db_instance_id }}' + account_name: account + db_names: ['{{ db_name }}', '{{ db_name1 }}'] + account_privilege: ReadWrite -# basic provisioning example to grant account permission -- name: grant account permission - hosts: localhost - connection: local - vars: - alicloud_access_key: - alicloud_secret_key: - alicloud_region: cn-hongkong - db_instance_id: - db_name: test - account_name: account-test - account_privilege: ReadOnly - tasks: - - name: grant account permission - rds_account: - alicloud_access_key: '{{ alicloud_access_key }}' - alicloud_secret_key: '{{ alicloud_secret_key }}' - alicloud_region: '{{ alicloud_region }}' - state: present - db_instance_id: '{{ db_instance_id }}' - db_name: '{{ db_name }}' - account_name: '{{ account_name }}' - account_privilege: '{{ account_privilege }}' - register: result - - debug: var=result +- name: Changed. revoke account privilege + ali_rds_account: + db_instance_id: '{{ db_instance_id }}' + account_name: account + db_names: ['{{ db_name }}', '{{ db_name1 }}'] + state: absent -# basic provisioning example to revoke account permission -- name: revoke account permission - hosts: localhost - connection: local - vars: - alicloud_access_key: - alicloud_secret_key: - alicloud_region: cn-hongkong - db_instance_id: - db_name: db-test - account_name: account-test - tasks: - - name: revoke account permission - rds_account: - alicloud_access_key: '{{ alicloud_access_key }}' - alicloud_secret_key: '{{ alicloud_secret_key }}' - alicloud_region: '{{ alicloud_region }}' - state: present - db_instance_id: '{{ db_instance_id }}' - db_name: '{{ db_name }}' - account_name: '{{ account_name }}' - register: result - - debug: var=result +- name: Changed. Deleting account + ali_rds_account: + state: absent + db_instance_id: '{{ db_instance_id }}' + account_name: account """ RETURN = ''' account: description: account info. returned: when success - type: dict - sample: { - "account_description": "", - "account_name": "testdemoaccount", - "account_status": "Available", - "account_type": "Normal", - "database_privileges": { - "database_privilege": [ - { - "account_privilege": "ReadOnly", - "dbname": "testtest" - } - ] - }, - "db_instance_id": "rm-2zey7ir50261bmg42" - } -account_name: - description: name of account. - returned: when success - type: str - sample: "testname" + type: complex + contains: + account_description: + description: Account remarks + returned: always + type: string + sample: account from ansible + account_name: + description: The name of account. + returned: always + type: string + sample: account + account_type: + description: Privilege type of account. + returned: always + type: string + sample: Normal + db_instance_id: + description: The ID of the instance to which the account belongs. + returned: always + type: string + sample: rm-2zeib35bbexxxxxx + name: + description: alias of account_name. + returned: always + type: string + sample: account + account_status: + description: The status of the account. + returned: always + type: string + sample: Available + account_type: + description: The type of the account. + returned: always + type: string + sample: Super + status: + description: alias of status. + returned: always + type: string + sample: Available + type: + description: alias of type. + returned: always + type: string + sample: Super ''' from ansible.module_utils.basic import AnsibleModule @@ -271,34 +200,17 @@ HAS_FOOTMARK = False -def get_info(obj): - """ - get info from account obj - :type obj: account object - :param obj: the object of account - :return: dict of account info - """ - if obj: - return dict(db_instance_id=obj.dbinstance_id, - account_name=obj.account_name, - account_status=obj.account_status, - account_type=obj.account_type, - account_description=obj.account_description, - database_privileges=obj.database_privileges) - return {} - - def main(): argument_spec = ecs_argument_spec() argument_spec.update(dict( state=dict(default='present', choices=['present', 'absent']), - db_name=dict(type='str'), - db_instance_id=dict(type='str', required=True), + db_names=dict(type='list'), + db_instance_id=dict(type='str', aliases=['instance_id'], required=True), account_name=dict(type='str', aliases=['name'], required=True), account_password=dict(type='str', aliases=['password']), - account_privilege=dict(aliases=['privilege'], choices=['ReadOnly', 'ReadWrite']), - description=dict(type='str'), - account_type=dict(default='Normal', type='str', choices=['Normal', 'Super']), + account_privilege=dict(aliases=['privilege'], choices=['ReadOnly', 'ReadWrite', 'DDLOnly', 'DMLOnly', 'DBOwner']), + account_description=dict(type='str', aliases=['description']), + account_type=dict(default='Normal', type='str', choices=['Normal', 'Super']) )) module = AnsibleModule(argument_spec=argument_spec) @@ -313,16 +225,14 @@ def main(): account_name = module.params['account_name'] account_password = module.params['account_password'] account_privilege = module.params['account_privilege'] - description = module.params['description'] - account_type = module.params['account_type'] - db_name = module.params['db_name'] + account_description = module.params['account_description'] + db_names = module.params['db_names'] - account_list = [] current_account = None changed = False try: - current_account_list = rds.list_account(db_instance_id, account_name) + current_account_list = rds.describe_accounts(db_instance_id=db_instance_id, account_name=account_name) if len(current_account_list) == 1: current_account = current_account_list[0] except Exception as e: @@ -330,45 +240,44 @@ def main(): if state == "absent": if current_account: - if db_name: + if db_names: try: - changed = current_account.revoke_privilege(db_instance_id, db_name) - current_account = rds.list_account(db_instance_id, account_name)[0] - module.exit_json(changed=True, account_name=account_name, account=get_info(current_account)) + changed = current_account.revoke_privilege(db_names) + module.exit_json(changed=True, account=current_account.get().read()) except Exception as e: module.fail_json(msg=str("Unable to revoke privilege error:{0}".format(e))) try: - changed = current_account.delete(db_instance_id) - module.exit_json(changed=True, account_name=account_name, account=get_info(current_account)) + changed = current_account.delete() + module.exit_json(changed=True, account={}) except Exception as e: module.fail_json(msg=str("Unable to delete account error:{0}".format(e))) module.fail_json(msg="There is no account to revoke database privilege or delete. Please specify an account using 'account_name', and try again.") + if account_password and current_account: try: - changed = current_account.reset(db_instance_id, account_password) + changed = current_account.reset(account_password) except Exception as e: module.fail_json(msg=str("Unable to reset account password error:{0}".format(e))) + if not current_account: try: - current_account = rds.create_account(db_instance_id, account_name, account_password, description, account_type) + current_account = rds.create_account(**module.params) + changed = True except Exception as e: module.fail_json(msg=str("Unable to create account error:{0}".format(e))) - if description and description != current_account.account_description: + + if account_description and account_description != current_account.description: try: - changed = current_account.modify_description(db_instance_id, description) - current_account.account_description = description + changed = current_account.modify_description(description=account_description) except Exception as e: module.fail_json(msg=str("Unable to modify account description error:{0}".format(e))) - if db_name: - if account_privilege: - try: - changed = current_account.grant_privilege(db_instance_id, db_name, account_privilege) - current_account = current_account_list[0] - except Exception as e: - module.fail_json(msg=str("Unable to grant privilege error:{0}".format(e))) - else: - module.fail_json(msg="grant privilege failed. Please check your account_privilege and try again.") - module.exit_json(changed=changed, account_name=account_name, account=get_info(current_account)) + + if db_names and account_privilege: + try: + changed = current_account.grant_privilege(db_names, account_privilege) + except Exception as e: + module.fail_json(msg=str("Unable to grant privilege error:{0}".format(e))) + module.exit_json(changed=changed, account=current_account.read()) if __name__ == "__main__": diff --git a/lib/ansible/modules/cloud/alicloud/ali_rds_account_info.py b/lib/ansible/modules/cloud/alicloud/ali_rds_account_info.py index 852ee9f4..89266ff0 100644 --- a/lib/ansible/modules/cloud/alicloud/ali_rds_account_info.py +++ b/lib/ansible/modules/cloud/alicloud/ali_rds_account_info.py @@ -28,97 +28,93 @@ --- module: ali_rds_account_info version_added: "1.5.0" -short_description: Gather facts on RDS accounts of Alibaba Cloud. +short_description: Gather info on RDS accounts of Alibaba Cloud. description: - - This module fetches data from the Open API in Alicloud. - The module must be called from within the RDS account itself. + - Gather info on RDS accounts of Alibaba Cloud and Support to use name_prefix to filter accounts. options: db_instance_id: description: - - ID of RDS instance. - account_names: + - The ID of the instance. + aliases: ['instance_id'] + required: True + name_prefix: description: - - A list of RDS account names. - aliases: ["names"] + - Use name prefix to filter accounts. author: - "He Guimin (@xiaozhu36)" requirements: - - "python >= 2.6" - - "footmark" + - "python >= 3.6" + - "footmark >= 1.16.0" extends_documentation_fragment: - alicloud """ EXAMPLES = """ # Fetch rds account details according to setting different filters -- name: fetch rds account details example - hosts: localhost - vars: - alicloud_access_key: - alicloud_secret_key: - alicloud_region: cn-beijing - db_instance_id: rm-dj13c34832w21g47j - account_names: - - demoaccount - - testaccount - tasks: - - name: Find all accounts in the rds instance - ali_rds_account_info: - alicloud_access_key: '{{ alicloud_access_key }}' - alicloud_secret_key: '{{ alicloud_secret_key }}' - alicloud_region: '{{ alicloud_region }}' - db_instance_id: '{{ db_instance_id }}' - register: all_accounts - - debug: var=all_accounts - - - name: Find accounts in the rds instance by account name - ali_rds_account_info: - alicloud_access_key: '{{ alicloud_access_key }}' - alicloud_secret_key: '{{ alicloud_secret_key }}' - alicloud_region: '{{ alicloud_region }}' - db_instance_id: '{{ db_instance_id }}' - account_names: '{{ account_names }}' - register: accounts_by_name - - debug: var=accounts_by_name +- name: No Changed. get rds account with name_prefix. + ali_rds_account_info: + db_instance_id: '{{ db_instance_id }}' + name_prefix: account_ + +- name: No Changed. Retrieving all rds account + ali_rds_account_info: + db_instance_id: '{{ db_instance_id }}' """ RETURN = ''' -account_names: - description: List all account's name of rds instance. - returned: when success - type: list - sample: [ "demoaccount", "testaccount" ] rds_accounts: - description: Details about the rds accounts that were created. + description: Details about the rds accounts. returned: when success type: list - sample: [ - { - "account_description": "", - "account_name": "demoaccount", - "account_status": "Available", - "account_type": "Normal", - "database_privileges": { - "database_privilege": [] - }, - "db_instance_id": "rm-dj13c34832w21g47j" - }, + contains: [ { - "account_description": "", - "account_name": "testaccount", - "account_status": "Available", - "account_type": "Normal", - "database_privileges": { - "database_privilege": [] - }, - "db_instance_id": "rm-dj13c34832w21g47j" + account_description: + description: Account remarks + returned: always + type: string + sample: account from ansible + account_name: + description: The name of account. + returned: always + type: string + sample: account + account_type: + description: Privilege type of account. + returned: always + type: string + sample: Normal + db_instance_id: + description: The ID of the instance to which the account belongs. + returned: always + type: string + sample: rm-2zeib35bbexxxxxx + name: + description: alias of account_name. + returned: always + type: string + sample: account + account_status: + description: The status of the account. + returned: always + type: string + sample: Available + account_type: + description: The type of the account. + returned: always + type: string + sample: Super + status: + description: alias of account_status. + returned: always + type: string + sample: Available + type: + description: alias of account_type. + returned: always + type: string + sample: Super } ] -total: - description: The number of all rds accounts. - returned: when success - type: int - sample: 2 ''' from ansible.module_utils.basic import AnsibleModule @@ -133,28 +129,11 @@ HAS_FOOTMARK = False -def get_info(obj): - """ - get info from account obj - :type obj: account object - :param obj: the object of account - :return: dict of account info - """ - if obj: - return dict(db_instance_id=obj.dbinstance_id, - account_name=obj.account_name, - account_status=obj.account_status, - account_type=obj.account_type, - account_description=obj.account_description, - database_privileges=obj.database_privileges) - return {} - - def main(): argument_spec = ecs_argument_spec() argument_spec.update(dict( - db_instance_id=dict(type='str', required=True), - account_names=dict(type='list', aliases=['names']) + db_instance_id=dict(type='str', aliases=['instance_id'], required=True), + name_prefix=dict(type='str') )) module = AnsibleModule(argument_spec=argument_spec) @@ -164,30 +143,15 @@ def main(): # Get values of variable db_instance_id = module.params['db_instance_id'] - names = module.params['account_names'] + name_prefix = module.params['name_prefix'] result = [] - try: rds = rds_connect(module) - - if names and (not isinstance(names, list) or len(names)) < 1: - module.fail_json(msg='account_name should be a list of account name, aborting') - - # fetch rds accounts by name - if names: - for name in names: - rds_accounts = rds.list_account(db_instance_id=db_instance_id, account_name=name) - if rds_accounts and len(rds_accounts) == 1: - result.append(get_info(rds_accounts[0])) - - # fetch all rds accounts - else: - names = [] - for account in rds.list_account(db_instance_id=db_instance_id): - names.append(account.account_name) - result.append(get_info(account)) - - module.exit_json(changed=False, account_names=names, rds_accounts=result, total=len(result)) + for account in rds.describe_accounts(db_instance_id=db_instance_id): + if name_prefix and not account.name.startswith(name_prefix): + continue + result.append(account.read()) + module.exit_json(changed=False, rds_accounts=result) except Exception as e: module.fail_json(msg="Unable to describe rds accounts, and got an error: {0}.".format(e)) diff --git a/tests/ali_rds_account_info_test.yml b/tests/ali_rds_account_info_test.yml new file mode 100644 index 00000000..9fbdc43f --- /dev/null +++ b/tests/ali_rds_account_info_test.yml @@ -0,0 +1,27 @@ +--- +- name: Validate module ali_rds_account_info + hosts: localhost + remote_user: root + + roles: + - vpc + - vswitch + - rds + + tasks: + - name: Changed. Create rds account. + ali_rds_account: + db_instance_id: '{{ rds.instances.0.id }}' + account_name: account_test + account_password: Test12345 + account_description: account test from ansible + account_type: Normal + + - name: No Changed. get rds account with name_prefix. + ali_rds_account_info: + db_instance_id: '{{ rds.instances.0.id }}' + name_prefix: account_ + + - name: No Changed. Retrieving all rds account + ali_rds_account_info: + db_instance_id: '{{ rds.instances.0.id }}' diff --git a/tests/ali_rds_account_test.yml b/tests/ali_rds_account_test.yml new file mode 100644 index 00000000..afa94169 --- /dev/null +++ b/tests/ali_rds_account_test.yml @@ -0,0 +1,112 @@ +--- +- name: Validate module ali_rds_account + hosts: localhost + remote_user: root + + roles: + - vpc + - vswitch + - rds + + tasks: + - name: Create Database + ali_rds_database: + db_instance_id: '{{ rds.instances.0.id }}' + db_name: ansible_test + character_set_name: utf8 + db_description: create for ansible test + state: present + register: database + + - name: Create another Database + ali_rds_database: + db_instance_id: '{{ rds.instances.0.id }}' + db_name: ansible_test2 + character_set_name: utf8 + db_description: create for ansible test + state: present + register: database2 + + - name: Get the existing db + ali_rds_database_info: + name_prefix: ansible_test + db_instance_id: '{{ rds.instances.0.id }}' + register: db + + - name: Changed. Create rds account. + ali_rds_account: + db_instance_id: '{{ rds.instances.0.id }}' + account_name: account_test + account_password: Test12345 + account_description: account test from ansible + account_type: Normal + + - name: No Changed. get rds account. + ali_rds_account_info: + db_instance_id: '{{ rds.instances.0.id }}' + name_prefix: account_ + + - name: Changed. Modify rds account password. + ali_rds_account: + db_instance_id: '{{ rds.instances.0.id }}' + account_name: account_test + account_password: Test12345_new + + - name: No Changed. Modify rds account password. + ali_rds_account: + db_instance_id: '{{ rds.instances.0.id }}' + account_name: account_test + account_password: Test12345_new + + - name: Changed. Modify rds account description. + ali_rds_account: + db_instance_id: '{{ rds.instances.0.id }}' + account_name: account_test + account_description: account from ansible + + - name: No Changed. Modify rds account description. + ali_rds_account: + db_instance_id: '{{ rds.instances.0.id }}' + account_name: account_test + account_description: account from ansible + + - name: Changed. Grant rds account privilege + ali_rds_account: + db_instance_id: '{{ rds.instances.0.id }}' + account_name: account_test + db_names: ['{{db.databases.0.name}}', '{{db.databases.1.name}}'] + account_privilege: ReadWrite + + - name: Changed. revoke account privilege + ali_rds_account: + db_instance_id: '{{ rds.instances.0.id }}' + account_name: account_test + db_names: ['{{db.databases.0.name}}', '{{db.databases.1.name}}'] + state: absent + + - name: Changed. Deleting account + ali_rds_account: + state: absent + db_instance_id: '{{ rds.instances.0.id }}' + account_name: account_test + + - name: Changed. Deleting rds + ali_rds_instance: + state: absent + db_instance_name: '{{ rds.instances.0.name }}' + + - name: Changed. Deleting vswitches + ali_vswitch: + vpc_id: '{{ item.vpc_id}}' + cidr_block: '{{ item.cidr_block}}' + state: absent + with_items: '{{vswitches.vswitches}}' + + - name: Changed. Deleting vpcs + ali_vpc: + name: '{{vpc.vpc.vpc_name}}' + cidr_block: '{{vpc.vpc.cidr_block}}' + state: absent + + +