openstack/ansible-collections-openstack
Code Issues Proposed changes
ansible-collections-openstack/plugins/modules/neutron_rbac_policies_info.py
Jakob Meng 1b38b7c500 Properly documented openstacksdk version requirements 
With "extends_documentation_fragment: ['openstack.cloud.openstack']"
it is not necessary to list required Python libraries in section
'requirements' of DOCUMENTATION docstring in modules. Ansible will
merge requirements from doc fragments and DOCUMENTATION docstring
which previously resulted in duplicates such as in server module [0]:

* openstacksdk
* openstacksdk >= 0.36, < 0.99.0
* python >= 3.6

When removing the 'requirements' section from server module, then
Ansible will list openstacksdk once only:

* openstacksdk >= 0.36, < 0.99.0
* python >= 3.6

To see what documentation Ansible will produce for server module run:

  ansible-doc --type module openstack.cloud.server

[0] https://docs.ansible.com/ansible/latest/collections/openstack/\
    cloud/server_module.html

Change-Id: I727ed95ee480bb644b5a533f6a9526973677064c
2023-01-16 13:51:01 +01:00

187 lines
5.6 KiB
Python
Raw Blame History

#!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright: Ansible Project
# (c) 2021, Ashraf Hasson <ahasson@redhat.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
DOCUMENTATION = r'''
---
module: neutron_rbac_policies_info
short_description: Fetch Neutron RBAC policies.
author: OpenStack Ansible SIG
description:
- Fetch RBAC policies against a network, security group or a QoS Policy for
one or more projects.
options:
action:
description:
- Action for the RBAC policy.
- Can be either of the following options C(access_as_shared) or
C(access_as_external).
- Logically AND'ed with other filters.
choices: ['access_as_shared', 'access_as_external']
type: str
object_id:
description:
- The object ID (the subject of the policy) to which the RBAC rules
applies.
- This is an ID of a network, security group or a qos policy.
- Mutually exclusive with the C(object_type).
type: str
object_type:
description:
- Type of the object that this RBAC policy affects.
- Can be one of the following object types C(network), C(security_group)
or C(qos_policy).
- Mutually exclusive with the C(object_id).
choices: ['network', 'security_group', 'qos_policy']
type: str
policy_id:
description:
- The RBAC policy ID.
- If C(policy_id) is not provided, all available policies will be
fetched.
- If C(policy_id) provided, all other filters are ignored.
type: str
project:
description:
- ID or name of the project to which C(object_id) belongs to.
- Filters the RBAC rules based on the project name.
- Logically AND'ed with other filters.
type: str
aliases: ['project_id']
target_project_id:
description:
- The ID of the project this RBAC will be enforced.
- Filters the RBAC rules based on the target project id.
- Logically AND'ed with other filters.
type: str
extends_documentation_fragment:
- openstack.cloud.openstack
'''
EXAMPLES = r'''
- name: Get all rbac policies for a project
openstack.cloud.neutron_rbac_policies_info:
project: one_project
'''
RETURN = r'''
rbac_policies:
description: List of Neutron RBAC policies.
type: list
elements: dict
returned: always
contains:
action:
description:
- The access model specified by the RBAC rules
type: str
sample: "access_as_shared"
id:
description:
- The ID of the RBAC rule/policy
type: str
sample: "4154ce0c-71a7-4d87-a905-09762098ddb9"
name:
description:
- The name of the RBAC rule; usually null
type: str
sample: null
object_id:
description:
- The UUID of the object to which the RBAC rules apply
type: str
sample: "7422172b-2961-475c-ac68-bd0f2a9960ad"
object_type:
description:
- The object type to which the RBACs apply
type: str
sample: "network"
project_id:
description:
- The UUID of the project to which access is granted
type: str
sample: "84b8774d595b41e89f3dfaa1fd76932c"
target_project_id:
description:
- The UUID of the target project
type: str
sample: "c201a689c016435c8037977166f77368"
tenant_id:
description:
- The UUID of the project to which access is granted. Deprecated.
type: str
sample: "84b8774d595b41e89f3dfaa1fd76932c"
policies:
description: Same as C(rbac_policies), kept for backward compatibility.
returned: always
type: list
elements: dict
'''
from ansible_collections.openstack.cloud.plugins.module_utils.openstack import OpenStackModule
class NeutronRBACPoliciesInfo(OpenStackModule):
argument_spec = dict(
action=dict(choices=['access_as_external', 'access_as_shared']),
object_id=dict(),
object_type=dict(choices=['security_group', 'qos_policy', 'network']),
policy_id=dict(),
project=dict(aliases=['project_id']),
target_project_id=dict(),
)
module_kwargs = dict(
mutually_exclusive=[
('object_id', 'object_type'),
],
supports_check_mode=True,
)
def run(self):
project_name_or_id = self.params['project']
project = None
if project_name_or_id is not None:
project = self.conn.identity.find_project(project_name_or_id)
if not project:
self.exit_json(changed=False, rbac_policies=[], policies=[])
policy_id = self.params['policy_id']
if policy_id:
policy = self.conn.network.find_rbac_policy(policy_id)
policies = [policy] if policy else []
else:
kwargs = dict((k, self.params[k])
for k in ['action', 'object_type']
if self.params[k] is not None)
if project:
kwargs['project_id'] = project.id
policies = list(self.conn.network.rbac_policies(**kwargs))
for k in ['object_id', 'target_project_id']:
if self.params[k] is not None:
policies = [p for p in policies if p[k] == self.params[k]]
if project:
policies = [p for p in policies
if p['location']['project']['id'] == project.id]
policies = [p.to_dict(computed=False) for p in policies]
self.exit_json(changed=False,
rbac_policies=policies,
policies=policies)
def main():
module = NeutronRBACPoliciesInfo()
module()
if __name__ == '__main__':
main()
View Git Blame Copy Permalink