| Server IP : 85.214.239.14 / Your IP : 18.191.68.112 Web Server : Apache/2.4.62 (Debian) System : Linux h2886529.stratoserver.net 4.9.0 #1 SMP Tue Jan 9 19:45:01 MSK 2024 x86_64 User : www-data ( 33) PHP Version : 7.4.18 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, MySQL : OFF | cURL : OFF | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : OFF Directory : /lib/python3/dist-packages/ansible_collections/google/cloud/plugins/modules/ |
Upload File : |
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Copyright (C) 2017 Google
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
# ----------------------------------------------------------------------------
#
# *** AUTO GENERATED CODE *** Type: MMv1 ***
#
# ----------------------------------------------------------------------------
#
# This file is automatically generated by Magic Modules and manual
# changes will be clobbered when the file is regenerated.
#
# Please read more about how to change this file at
# https://www.github.com/GoogleCloudPlatform/magic-modules
#
# ----------------------------------------------------------------------------
from __future__ import absolute_import, division, print_function
__metaclass__ = type
################################################################################
# Documentation
################################################################################
ANSIBLE_METADATA = {
"metadata_version": "1.1",
"status": ["preview"],
"supported_by": "community",
}
DOCUMENTATION = """
---
module: gcp_iam_role
description:
- A role in the Identity and Access Management API .
short_description: Creates a GCP Role
author: Google Inc. (@googlecloudplatform)
requirements:
- python >= 2.6
- requests >= 2.18.4
- google-auth >= 1.3.0
options:
state:
description:
- Whether the given object should exist in GCP
choices:
- present
- absent
default: present
type: str
name:
description:
- The name of the role.
required: true
type: str
title:
description:
- A human-readable title for the role. Typically this is limited to 100 UTF-8
bytes.
required: false
type: str
description:
description:
- Human-readable description for the role.
required: false
type: str
included_permissions:
description:
- Names of permissions this role grants when bound in an IAM policy.
elements: str
required: false
type: list
stage:
description:
- The current launch stage of the role.
- 'Some valid choices include: "ALPHA", "BETA", "GA", "DEPRECATED", "DISABLED",
"EAP"'
required: false
type: str
project:
description:
- The Google Cloud Platform project to use.
type: str
auth_kind:
description:
- The type of credential used.
type: str
required: true
choices:
- application
- machineaccount
- serviceaccount
service_account_contents:
description:
- The contents of a Service Account JSON file, either in a dictionary or as a
JSON string that represents it.
type: jsonarg
service_account_file:
description:
- The path of a Service Account JSON file if serviceaccount is selected as type.
type: path
service_account_email:
description:
- An optional service account email address if machineaccount is selected and
the user does not wish to use the default email.
type: str
scopes:
description:
- Array of scopes to be used
type: list
elements: str
env_type:
description:
- Specifies which Ansible environment you're running this module within.
- This should not be set unless you know what you're doing.
- This only alters the User Agent string for any API requests.
type: str
"""
EXAMPLES = """
- name: create a role
google.cloud.gcp_iam_role:
name: myCustomRole2
title: My Custom Role
description: My custom role description
included_permissions:
- iam.roles.list
- iam.roles.create
- iam.roles.delete
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
"""
RETURN = """
name:
description:
- The name of the role.
returned: success
type: str
title:
description:
- A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
returned: success
type: str
description:
description:
- Human-readable description for the role.
returned: success
type: str
includedPermissions:
description:
- Names of permissions this role grants when bound in an IAM policy.
returned: success
type: list
stage:
description:
- The current launch stage of the role.
returned: success
type: str
deleted:
description:
- The current deleted state of the role.
returned: success
type: bool
"""
################################################################################
# Imports
################################################################################
from ansible_collections.google.cloud.plugins.module_utils.gcp_utils import (
navigate_hash,
GcpSession,
GcpModule,
GcpRequest,
replace_resource_dict,
)
import json
################################################################################
# Main
################################################################################
def main():
"""Main function"""
module = GcpModule(
argument_spec=dict(
state=dict(default="present", choices=["present", "absent"], type="str"),
name=dict(required=True, type="str"),
title=dict(type="str"),
description=dict(type="str"),
included_permissions=dict(type="list", elements="str"),
stage=dict(type="str"),
)
)
if not module.params["scopes"]:
module.params["scopes"] = ["https://www.googleapis.com/auth/iam"]
state = module.params["state"]
fetch = fetch_resource(module, self_link(module))
changed = False
if fetch:
if state == "present":
if fetch.get("deleted"):
undelete(module, self_link(module), fetch["etag"])
changed = True
elif is_different(module, fetch):
update(module, self_link(module), fetch)
fetch = fetch_resource(module, self_link(module))
changed = True
elif not fetch.get("deleted"):
delete(module, self_link(module))
fetch = {}
changed = True
else:
if state == "present":
fetch = create(module, collection(module))
changed = True
else:
fetch = {}
fetch.update({"changed": changed})
module.exit_json(**fetch)
def create(module, link):
auth = GcpSession(module, "iam")
return return_if_object(module, auth.post(link, resource_to_create(module)))
def undelete(module, link, etag):
auth = GcpSession(module, "iam")
return return_if_object(module, auth.post(link + ":undelete", {
"etag": etag
}))
def update(module, link, fetch):
auth = GcpSession(module, "iam")
params = {
"updateMask": updateMask(
resource_to_request(module), response_to_hash(module, fetch)
)
}
request = resource_to_request(module)
del request["name"]
return return_if_object(module, auth.patch(link, request, params=params))
def updateMask(request, response):
update_mask = []
if request.get("name") != response.get("name"):
update_mask.append("name")
if request.get("title") != response.get("title"):
update_mask.append("title")
if request.get("description") != response.get("description"):
update_mask.append("description")
if request.get("includedPermissions") != response.get("includedPermissions"):
update_mask.append("includedPermissions")
if request.get("stage") != response.get("stage"):
update_mask.append("stage")
return ",".join(update_mask)
def delete(module, link):
auth = GcpSession(module, "iam")
return return_if_object(module, auth.delete(link), allow_not_found=True)
def resource_to_request(module):
request = {
"name": module.params.get("name"),
"title": module.params.get("title"),
"description": module.params.get("description"),
"includedPermissions": module.params.get("included_permissions"),
"stage": module.params.get("stage"),
}
return_vals = {}
for k, v in request.items():
if v or v is False:
return_vals[k] = v
return return_vals
def fetch_resource(module, link, allow_not_found=True):
auth = GcpSession(module, "iam")
return return_if_object(module, auth.get(link), allow_not_found)
def self_link(module):
return "https://iam.googleapis.com/v1/projects/{project}/roles/{name}".format(
**module.params
)
def collection(module):
return "https://iam.googleapis.com/v1/projects/{project}/roles".format(
**module.params
)
def return_if_object(module, response, allow_not_found=False):
# If not found, return nothing.
if allow_not_found and response.status_code == 404:
return None
# If no content, return nothing.
if response.status_code == 204:
return None
# catches and edge case specific to IAM roles where the role not
# existing returns 400.
if (allow_not_found and response.status_code == 400
and "You can't delete role_id" in response.text):
return None
try:
module.raise_for_status(response)
result = response.json()
except getattr(json.decoder, "JSONDecodeError", ValueError):
module.fail_json(msg="Invalid JSON response with error: %s" % response.text)
result = decode_response(result, module)
if navigate_hash(result, ["error", "errors"]):
module.fail_json(msg=navigate_hash(result, ["error", "errors"]))
return result
def is_different(module, response):
request = resource_to_request(module)
response = response_to_hash(module, response)
request = decode_response(request, module)
# Remove all output-only from response.
response_vals = {}
for k, v in response.items():
if k in request:
response_vals[k] = v
request_vals = {}
for k, v in request.items():
if k in response:
request_vals[k] = v
return GcpRequest(request_vals) != GcpRequest(response_vals)
# Remove unnecessary properties from the response.
# This is for doing comparisons with Ansible's current parameters.
def response_to_hash(module, response):
return {
"name": response.get("name"),
"title": response.get("title"),
"description": response.get("description"),
"includedPermissions": response.get("includedPermissions"),
"stage": response.get("stage"),
"deleted": response.get("deleted"),
}
def resource_to_create(module):
role = resource_to_request(module)
del role["name"]
return {"roleId": module.params["name"], "role": role}
def decode_response(response, module):
if "name" in response:
response["name"] = response["name"].split("/")[-1]
return response
if __name__ == "__main__":
main()