state as attribute & updating readme

Author: Alex-Welsh

roles/pulp_content_guard_rbac/README.md

@@ -9,10 +9,14 @@ Role variables
 * `pulp_url`: URL of Pulp server. Default is `https://localhost:8080`
 * `pulp_admin_username`: Username used to access Pulp server. Default is `admin`
 * `pulp_admin_password`: Password used to access Pulp server. Default is unset
-* `pulp_content_guards_rbac_present`: List of groups to be present. Default is an empty list.
-* `pulp_content_guards_rbac_absent`: List of groups to be absent. Default is an empty list.
+* `pulp_content_guards_rbac`: List of groups to create/update/delete. Default is an empty list. Each item is a dict containing:
+  * `name` (Required)
+  * `state` (default is `present`. Setting this value to `absent` will delete the content guard if it exists)
+  * `download_groups` (list of groups to to be added to this content guard with the download role) 
 
-Note: The groups associated with specified content guards are evauluated against the user's current list of content guards, and their respective groups, returned from the Pulp server API. Removing a group from the list of groups defined in `pulp_content_guards_rbac_present[*].download_groups` will result in the group being removed from that content guard, and adding a group will result in the group being added to that content guard. Adding an empty `download_groups:` for a content guard will result in all groups being removed for that content guard.
+
+
+Note: The groups associated with specified content guards are evauluated against the user's current list of content guards, and their respective groups, returned from the Pulp server API. Removing a group from the list of groups defined in `pulp_content_guards_rbac[*].download_groups` will result in the group being removed from that content guard, and adding a group will result in the group being added to that content guard. Adding an empty `download_groups:` for a content guard will result in all groups being removed for that content guard.
 
 Example playbook
 ----------------
@@ -32,10 +36,13 @@ Example playbook
           download_groups:
             - existing-group-1
             - existing-group-2
+          state: present
         - name: content-guard-2
           download_groups:
             - existing-group-3
-      pulp_content_guards_rbac_absent:
-        - content-guard-3
-        - content-guard-4
+          state: present
+        - name: content-guard-3
+          state: present
+        - name: content-guard-4
+          state: absent
 ```

roles/pulp_content_guard_rbac/tasks/main.yml

@@ -11,12 +11,15 @@
   no_log: true
   register: rbac_cg_list_result
 
-- name: Set fact cgnames
+- name: Set fact remove_rbac_cg
   set_fact:
-    cgnames: "{{ (cgnames | default([])) + [item.name] }}"
-  with_items: "{{ rbac_cg_list_result.json.results }}"
+    remove_rbac_cg: "{{ (remove_rbac_cg | default([])) + [item.name] }}"
+  when: item.state | default('present') == 'absent'
+  with_items: "{{ pulp_content_guards_rbac }}"
 
 - name: Create RBAC content guards
+  vars:
+    cgnames: "{{ rbac_cg_list_result.json.results | map(attribute='name') | list }}"
   uri:
     url: "{{ pulp_rbac_cg_url }}"
     user: "{{ pulp_admin_username }}"
@@ -27,19 +30,22 @@
     body:
       name: "{{ item.name }}"
     body_format: form-urlencoded
-  loop: "{{ pulp_content_guards_rbac_present | default([], true) }}"
+  loop: "{{ pulp_content_guards_rbac | default([], true) }}"
   loop_control:
     label: "{{ item.name }}"
-  no_log: true
+  # no_log: true
   register: result
-  when: item.name not in cgnames
+  when: 
+    - item.name not in cgnames
+    - item.state | default('present') != 'absent'
   changed_when: result.status == 201
 
 - name: Add or remove group(s) from content guard
   include_tasks: rbac_group/add_or_remove_groups.yml
-  loop: "{{ pulp_content_guards_rbac_present | default([], true) }}"
+  loop: "{{ pulp_content_guards_rbac | default([], true) }}"
   loop_control:
     loop_var: content_guard
+  when: content_guard.state | default('present') != 'absent'
 
 - name: Initialise hrefs
   set_fact:
@@ -48,7 +54,7 @@
 - name: Set fact hrefs
   set_fact:
     hrefs: "{{ (hrefs | default([])) + [item.pulp_href] }}"
-  when: item.name in (pulp_content_guards_rbac_absent | default([], true))
+  when: item.name in (remove_rbac_cg | default([]))
   with_items: "{{ rbac_cg_list_result.json.results }}"
 
 - name: Delete RBAC content guards
@@ -61,8 +67,6 @@
     status_code: 204
     body_format: form-urlencoded
   loop: "{{ hrefs | default([]) }}"
-  loop_control:
-    label: "{{ item }}"
   no_log: true
   register: result
   changed_when: result.status == 204

roles/pulp_group/README.md

@@ -11,8 +11,9 @@ Role variables
 * `pulp_url`: URL of Pulp server. Default is `https://localhost:8080`
 * `pulp_admin_username`: Username used to access Pulp server. Default is `admin`
 * `pulp_admin_password`: Password used to access Pulp server. Default is unset
-* `pulp_groups_present`: List of groups to be present. Default is an empty list.
-* `pulp_groups_absent`: List of groups to be absent. Default is an empty list.
+* `pulp_groups`: List of groups to be created/updated/deleted. Default is an empty list. Each item is a dict containing:
+  * `name` (Required)
+  * `state` (default is `present`. Setting this value to `absent` will delete the use if it exists)
 
 
 
@@ -30,8 +31,10 @@ Example playbook
       pulp_admin_username: admin
       pulp_admin_password: "{{ secrets_pulp_admin_password }}"
       pulp_groups_present:
-        - example-group-1
-        - example-group-2
-      pulp_groups_absent:
-        - example-group-3
+        - name: example-group-1
+          state: present
+        - name: example-group-2
+          state: present
+        - name: example-group-3
+          state: absent
 ```

roles/pulp_group/tasks/main.yml

@@ -11,12 +11,15 @@
   no_log: true
   register: groups_list_result
 
-- name: Set fact groupnames
+- name: Set fact remove_groups
   set_fact:
-    groupnames: "{{ (groupnames | default([])) + [item.name] }}"
-  with_items: "{{ groups_list_result.json.results }}"
+    remove_groups: "{{ (remove_groups | default([])) + [item.name] }}"
+  when: item.state | default('present') == 'absent'
+  with_items: "{{ pulp_groups }}"
 
 - name: Create groups
+  vars:
+    groupnames: "{{ groups_list_result.json.results | map(attribute='name') | list }}"
   uri:
     url: "{{ pulp_group_url }}"
     user: "{{ pulp_admin_username }}"
@@ -25,13 +28,14 @@
     method: POST
     status_code: 201
     body:
-      name: "{{ item }}"
+      name: "{{ item.name }}"
     body_format: form-urlencoded
-  loop: "{{ pulp_groups_present | default([], true) }}"
-  no_log: true
+  loop: "{{ pulp_groups | default([], true) }}"
+  # no_log: true
   register: result
   when: 
-    - item not in groupnames
+    - item.name not in groupnames
+    - item.state | default('present') != 'absent'
   changed_when: result.status == 201
 
 - name: Initialise hrefs
@@ -40,8 +44,8 @@
 
 - name: Set fact hrefs
   set_fact:
-    hrefs: "{{ (hrefs|default([])) + [item.pulp_href] }}"
-  when: item.name in (pulp_groups_absent | default([], true))
+    hrefs: "{{ (hrefs | default([])) + [item.pulp_href] }}"
+  when: item.name in (remove_groups | default([]))
   with_items: "{{ groups_list_result.json.results }}"
 
 - name: Remove groups
@@ -54,8 +58,6 @@
     status_code: 204
     body_format: form-urlencoded
   loop: "{{ hrefs | default([]) }}"
-  loop_control:
-    label: "{{ item }}"
   no_log: true
   register: result
   changed_when: result.status == 204

roles/pulp_user/README.md

@@ -9,10 +9,18 @@ Role variables
 * `pulp_url`: URL of Pulp server. Default is `https://localhost:8080`
 * `pulp_admin_username`: Username used to access Pulp server. Default is `admin`
 * `pulp_admin_password`: Password used to access Pulp server. Default is unset
-* `pulp_users_present`: List of users to be present. Default is an empty list.
-* `pulp_users_absent`: List of users to be absent. Default is an empty list.
+* `pulp_users`: List of users to create/update/delete. Default is an empty list. Each item is a dict containing:
+  * `username` (Required)
+  * `password`
+  * `first_name` 
+  * `last_name` 
+  * `email`
+  * `is_staff`
+  * `is_active`
+  * `state` (default is `present`. Setting this value to `absent` will delete the use if it exists)
+  * `groups` (list of groups to add the user to) 
 
-Note: User groups are evaluated against the user's current list of groups returned from the Pulp server API. Removing a group from the list of groups defined in `pulp_users_present[*].groups` will result in the user being removed from that group, and adding a group will result in the user being added to that group. Adding an empty `groups:` for a user will result in that user being removed from all groups.
+Note: User groups are evaluated against the user's current list of groups returned from the Pulp server API. Removing a group from the list of groups defined in `pulp_users[*].groups` will result in the user being removed from that group, and adding a group will result in the user being added to that group. Adding an empty `groups:` for a user will result in that user being removed from all groups.
 
 Example playbook
 ----------------
@@ -27,16 +35,17 @@ Example playbook
       pulp_url: https://pulp.example.com
       pulp_admin_username: admin
       pulp_admin_password: "{{ secrets_pulp_admin_password }}"
-      pulp_users_present:
+      pulp_users:
         - username: example-user-1
           password: correct horse battery staple
           groups:
             - existing.container.namespace.consumers.one
             - existing.container.namespace.consumers.two
+          state: present
         - username: example-user-2
-          password: germany ansible rain farmer
           groups:
             - existing.container.namespace.consumers.one
-      pulp_users_absent:
-        - example-user-3
+          state: present
+        - username: example-user-3
+          state: absent
 ```

roles/pulp_user/defaults/main.yml

@@ -4,5 +4,4 @@ pulp_admin_username: admin
 pulp_admin_password:
 pulp_validate_certs: true
 
-pulp_users_present: []
-pulp_users_absent: []
+pulp_users: []

roles/pulp_user/tasks/main.yml

@@ -1,4 +1,5 @@
 ---
+
 - name: Get user list
   uri:
     url: "{{ pulp_user_url }}"
@@ -10,14 +11,15 @@
   no_log: true
   register: users_list_result
 
-- name: Set fact usernames
+- name: Set fact remove_users
   set_fact:
-    usernames: "{{ (usernames | default([])) + [item.username] }}"
-  with_items: "{{ users_list_result.json.results }}"
+    remove_users: "{{ (remove_users | default([])) + [item.username] }}"
+  when: item.state | default('present') == 'absent'
+  with_items: "{{ pulp_users }}"
 
 - name: Create users
   vars:
-    pulp_users_present_nn: "{{ pulp_users_present if pulp_users_present is iterable else [] }}"
+    usernames: "{{ users_list_result.json.results | map(attribute='username') | list }}"
   uri:
     url: "{{ pulp_user_url }}"
     user: "{{ pulp_admin_username }}"
@@ -34,17 +36,19 @@
       is_staff: "{{ item.is_staff | default(omit) }}"
       is_active: "{{ item.is_active | default(omit) }}"
     body_format: form-urlencoded
-  loop: "{{ pulp_users_present | default([], true) }}"
+  loop: "{{ pulp_users | default([], true) }}"
   loop_control:
     label: "{{ item.username }}"
-  no_log: true
+  # no_log: true
   register: result
-  when: item.username not in usernames
+  when: 
+    - item.username not in usernames
+    - item.state | default('present') != 'absent'
   changed_when: result.status == 201
 
 - name: Update existing users
   vars:
-    pulp_users_present_nn: "{{ pulp_users_present if pulp_users_present is iterable else [] }}"
+    usernames: "{{ users_list_result.json.results | map(attribute='username') | list }}"
     url_query: "[?username=='{{ item.username }}'].pulp_href"
   uri:
     url: "{{ pulp_url }}{{ users_list_result.json.results | json_query(url_query) | first }}"
@@ -61,12 +65,14 @@
       is_staff: "{{ item.is_staff | default(omit) }}"
       is_active: "{{ item.is_active | default(omit) }}"
     body_format: form-urlencoded
-  loop: "{{ pulp_users_present | default([], true) }}"
+  loop: "{{ pulp_users | default([], true) }}"
   loop_control:
     label: "{{ item.username }}"
   no_log: true
   register: result
-  when: item.username in usernames
+  when: 
+    - item.username in usernames
+    - item.state | default('present') != 'absent'
   changed_when: 
   # The pulp API currently does not report when a change is made, so we must
   # manually check
@@ -75,8 +81,9 @@
 
 - name: Add or remove user from group(s)
   include_tasks: user_groups/add_or_remove_users.yml
-  # Noop if pulp_users_present is defined but empty
-  loop: "{{ pulp_users_present | default([], true) }}"
+  # Noop if pulp_users is defined but empty
+  loop: "{{ pulp_users | default([], true) }}"
+  when: (user.state | default('present')) != 'absent'
   loop_control:
     loop_var: user
 
@@ -87,7 +94,7 @@
 - name: Set fact hrefs
   set_fact:
     hrefs: "{{ (hrefs | default([])) + [item.pulp_href] }}"
-  when: item.username in (pulp_users_absent | default([], true))
+  when: item.username in (remove_users | default([]))
   with_items: "{{ users_list_result.json.results }}"
 
 - name: Delete users
@@ -100,8 +107,6 @@
     status_code: 204
     body_format: form-urlencoded
   loop: "{{ hrefs | default([]) }}"
-  loop_control:
-    label: "{{ item }}"
   no_log: true
   register: result
   changed_when: result.status == 204