nautobot · joewesch · Sep 11, 2024 · Jul 30, 2024 · Jul 31, 2024 · Jul 31, 2024
@@ -0,0 +1,62 @@
+# -*- coding: utf-8 -*-
+# Copyright: (c) 2024, Jeff Kala (@jeffkala)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+from ansible_collections.networktocode.nautobot.plugins.module_utils.utils import (
+    NautobotModule,
+    ENDPOINT_NAME_MAPPING,
+)
+
+
+NB_USERS = "users"
+NB_ADMIN_GROUP = "groups"
+NB_OBJECT_PERMISSION = "permissions"
+
+
+class NautobotUsersModule(NautobotModule):
+    def run(self):
+        """
+        This function should have all necessary code for endpoints within the application
+        to create/update/delete the endpoint objects
+        Supported endpoints:
+        users
+        admin_groups
+        object_permissions
+        """
+        # Used to dynamically set key when returning results
+        endpoint_name = ENDPOINT_NAME_MAPPING[self.endpoint]
+
+        self.result = {"changed": False}
+
+        application = self._find_app(self.endpoint)
+        nb_app = getattr(self.nb, application)
+        nb_endpoint = getattr(nb_app, self.endpoint)
+        user_query_params = self.module.params.get("query_params")
+
+        data = self.data
+
+        # Used for msg output
+        if data.get("name"):
+            name = data["name"]
+        else:
+            name = data.get("id")
+
+        object_query_params = self._build_query_params(endpoint_name, data, user_query_params)
+        self.nb_object = self._nb_endpoint_get(nb_endpoint, object_query_params, name)
+
+        if self.state == "present":
+            self._ensure_object_exists(nb_endpoint, endpoint_name, name, data)
+        elif self.state == "absent":
+            self._ensure_object_absent(endpoint_name, name)
+
+        try:
+            serialized_object = self.nb_object.serialize()
+        except AttributeError:
+            serialized_object = self.nb_object
+
+        self.result.update({endpoint_name: serialized_object})
+
+        self.module.exit_json(**self.result)
@@ -91,6 +91,7 @@
     plugins=[],
     secrets=[],
     tenancy=["tenants", "tenant_groups"],
+    users=["users", "groups", "permissions"],
     virtualization=["cluster_groups", "cluster_types", "clusters", "virtual_machines"],
 )
 
@@ -107,6 +108,7 @@
     device_type="model",
     export_targets="name",
     group="name",
+    groups="name",
     installed_device="name",
     import_targets="name",
     location="name",
@@ -136,6 +138,7 @@
     tenant="name",
     tenant_group="name",
     time_zone="timezone",
+    user="username",
     virtual_chassis="name",
     virtual_machine="name",
     vlan="name",
@@ -237,6 +240,7 @@
     "device_redundancy_groups": "device_redundancy_group",
     "front_ports": "front_port",
     "front_port_templates": "front_port_template",
+    "groups": "group",
     "interfaces": "interface",
     "interface_templates": "interface_template",
     "inventory_items": "inventory_item",
@@ -246,6 +250,7 @@
     "location_types": "location_type",
     "manufacturers": "manufacturer",
     "namespaces": "namespace",
+    "permissions": "permission",
     "platforms": "platform",
     "power_feeds": "power_feed",
     "power_outlets": "power_outlet",
@@ -269,6 +274,7 @@
     "teams": "team",
     "tenants": "tenant",
     "tenant_groups": "tenant_group",
+    "users": "user",
     "virtual_chassis": "virtual_chassis",
     "virtual_machines": "virtual_machine",
     "vlans": "vlan",
@@ -309,6 +315,8 @@
     "device_type": set(["model"]),
     "front_port": set(["name", "device", "rear_port"]),
     "front_port_template": set(["name", "device_type", "rear_port_template"]),
+    "group": set(["name"]),
+    "groups": set(["name"]),
     "installed_device": set(["name"]),
     "interface": set(["name", "device", "virtual_machine"]),
     "interface_template": set(["name", "device_type"]),
@@ -326,6 +334,7 @@
     "nat_inside": set(["namespace", "address"]),
     "parent_rack_group": set(["name"]),
     "parent_tenant_group": set(["name"]),
+    "permission": set(["name"]),
     "platform": set(["name"]),
     "power_feed": set(["name", "power_panel"]),
     "power_outlet": set(["name", "device"]),
@@ -355,6 +364,7 @@
     "tenant_group": set(["name"]),
     "termination_a": set(["name", "device", "virtual_machine"]),
     "termination_b": set(["name", "device", "virtual_machine"]),
+    "user": set(["username"]),
     "untagged_vlan": set(["group", "name", "location", "vid", "vlan_group", "tenant"]),
     "virtual_chassis": set(["name", "device"]),
     "virtual_machine": set(["name", "cluster"]),

@@ -0,0 +1,92 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+# Copyright: (c) 2024, Jeff Kala (@jeffkala)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+
+DOCUMENTATION = r"""
+---
+module: admin_group
+short_description: Create, update or delete admin groups within Nautobot
+description:
+  - Creates, updates or removes admin groups from Nautobot
+notes:
+  - This should be ran with connection C(local) and hosts C(localhost)
+author:
+  - Jeff Kala (@jeffkala)
+version_added: "5.3.0"
+extends_documentation_fragment:
+  - networktocode.nautobot.fragments.base
+options:
+  name:
+    description:
+      - The name of the group
+    required: true
+    type: str
+"""
+
+EXAMPLES = r"""
+- name: "Test Nautobot modules"
+  connection: local
+  hosts: localhost
+  gather_facts: False
+
+  tasks:
+    - name: Create admin group within Nautobot
+      networktocode.nautobot.admin_group:
+        url: http://nautobot.local
+        token: thisIsMyToken
+        name: read_only_group
+        state: present
+
+    - name: Delete admin group
+      networktocode.nautobot.user:
+        url: http://nautobot.local
+        token: thisIsMyToken
+        name: read_only_group
+        state: absent
+"""
+
+RETURN = r"""
+admin_group:
+  description: Serialized object as created or already existent within Nautobot
+  returned: success (when I(state=present))
+  type: dict
+msg:
+  description: Message indicating failure or info about what has been achieved
+  returned: always
+  type: str
+"""
+
+from ansible_collections.networktocode.nautobot.plugins.module_utils.utils import NAUTOBOT_ARG_SPEC
+from ansible_collections.networktocode.nautobot.plugins.module_utils.users import (
+    NautobotUsersModule,
+    NB_ADMIN_GROUP,
+)
+from ansible.module_utils.basic import AnsibleModule
+from copy import deepcopy
+
+
+def main():
+    """
+    Main entry point for module execution
+    """
+    argument_spec = deepcopy(NAUTOBOT_ARG_SPEC)
+    argument_spec.update(
+        dict(
+            name=dict(required=True, type="str"),
+        )
+    )
+
+    module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+    nb_groups = NautobotUsersModule(module, NB_ADMIN_GROUP)
+    nb_groups.run()
+
+
+if __name__ == "__main__":  # pragma: no cover
+    main()
@@ -0,0 +1,161 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+# Copyright: (c) 2024, Jeff Kala (@jeffkala)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+
+DOCUMENTATION = r"""
+---
+module: admin_permission
+short_description: Create, update or delete object permissions within Nautobot
+description:
+  - Creates, updates or removes object permissions from Nautobot
+notes:
+  - This should be ran with connection C(local) and hosts C(localhost)
+author:
+  - Jeff Kala (@jeffkala)
+version_added: "5.3.0"
+extends_documentation_fragment:
+  - networktocode.nautobot.fragments.base
+options:
+  name:
+    description:
+      - The name of the permission
+    required: true
+    type: str
+  description:
+    description:
+      - The description of the permission
+    required: false
+    type: str
+  enabled:
+    description:
+      - If the permission is enabled or not.
+    required: true
+    type: bool
+  object_types:
+    description:
+      - The permitted object_types for the permission definition.
+    required: false
+    type: list
+    elements: str
+  actions:
+    description:
+      - The actions allowed for the permission definition.
+    choices: [ view, add, change, delete, run ]
+    required: true
+    type: list
+    elements: str
+  constraints:
+    description:
+      - The constraints for the permission definition.
+    required: false
+    type: json
+  users:
+    description:
+      - The users assigned for the permission definition.
+    required: false
+    type: list
+    elements: str
+  groups:
+    description:
+      - The groups assigned for the permission definition.
+    required: false
+    type: list
+    elements: raw
+"""
+
+EXAMPLES = r"""
+- name: "Test Nautobot modules"
+  connection: local
+  hosts: localhost
+  gather_facts: False
+
+  tasks:
+    - name: Create object permission within Nautobot with only required information
+      networktocode.nautobot.admin_permission:
+        url: http://nautobot.local
+        token: thisIsMyToken
+        name: read only
+        description: "ro permisisons"
+        enabled: true
+        object_types:
+          - "dcim.device"
+        actions:
+          - view
+          - change
+        users:
+          - nb_user
+        groups:
+          - name: read_only_group
+        state: present
+
+    - name: Delete permission
+      networktocode.nautobot.admin_permission:
+        url: http://nautobot.local
+        token: thisIsMyToken
+        name: read only
+        description: "ro permisisons"
+        enabled: true
+        object_types:
+          - "dcim.device"
+        actions:
+          - view
+          - change
+        users:
+          - nb_user
+        groups:
+          - name: read_only_group
+        state: absent
+"""
+
+RETURN = r"""
+admin_permission:
+  description: Serialized object as created or already existent within Nautobot
+  returned: success (when I(state=present))
+  type: dict
+msg:
+  description: Message indicating failure or info about what has been achieved
+  returned: always
+  type: str
+"""
+
+from ansible_collections.networktocode.nautobot.plugins.module_utils.utils import NAUTOBOT_ARG_SPEC
+from ansible_collections.networktocode.nautobot.plugins.module_utils.users import (
+    NautobotUsersModule,
+    NB_OBJECT_PERMISSION,
+)
+from ansible.module_utils.basic import AnsibleModule
+from copy import deepcopy
+
+
+def main():
+    """
+    Main entry point for module execution
+    """
+    argument_spec = deepcopy(NAUTOBOT_ARG_SPEC)
+    argument_spec.update(
+        dict(
+            name=dict(required=True, type="str"),
+            description=dict(required=False, type="str"),
+            enabled=dict(required=True, type="bool"),
+            object_types=dict(required=False, type="list", elements="str"),
+            actions=dict(required=True, type="list", elements="str", choices=["view", "add", "change", "delete", "run"]),
+            constraints=dict(required=False, type="json"),
+            users=dict(required=False, type="list", elements="str"),
+            groups=dict(required=False, type="list", elements="dict"),
+        )
+    )
+
+    module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+    nb_obj_permissions = NautobotUsersModule(module, NB_OBJECT_PERMISSION)
+    nb_obj_permissions.run()
+
+
+if __name__ == "__main__":  # pragma: no cover
+    main()