ansible-collections/ansible_collection_centurion
2
0
Fork 0
Code Issues Activity

feat(playbook): Add playbook for teams creation and permissions

Browse Source 
https://github.com/nofusscomputing/ansible_collection_centurion/pull/17 #14
This commit is contained in:
Jason Page
2024-08-14 16:39:27 +10:00
committed by Jon
parent 821739f982
commit ae180f0a2f
1 changed files with 293 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

293
playbooks/teams.yaml Normal file
View File

@ -0,0 +1,293 @@
- name: Centurion ERP Teams Setup
hosts: |-
{%- if nfc_pb_host is defined -%}
{{ nfc_pb_host }}
{%- else -%}
all
{%- endif %}
become: false
gather_facts: false
connection: local # Play uses HTTP requests ONLY!
tasks:
- name: Confirm required vars exist
ansible.builtin.assert:
that:
- centurion_erp.teams is defined
- |
centurion_erp.teams is not mapping
and
centurion_erp.teams is iterable
and
centurion_erp.teams is not string
msg: "Missing required variable or it's of the incorrect type[list]"
run_once: true
delegate_to: localhost
- name: Collect organizations from centurion ERP
ansible.builtin.uri:
url: |-
{{ lookup('env', 'CENTURION_API') }}/api/organization/
method: GET
body_format: json
headers:
authorization: Token {{ lookup('env', 'CENTURION_TOKEN') }}
validate_certs: "{{ lookup('env', 'VALIDATE_CENTURION_CERTS') | default(true) | bool }}"
return_content: true
status_code:
- 200
register: api_get_organizations
run_once: true
delegate_to: localhost
no_log: > # Contains a secret that logging shows
{{ nfc_pb_disable_log | default(true) }}
- name: Collect teams from centurion ERP
ansible.builtin.uri:
url: "{{ item }}"
method: GET
body_format: json
headers:
authorization: Token {{ lookup('env', 'CENTURION_TOKEN') }}
validate_certs: "{{ lookup('env', 'VALIDATE_CENTURION_CERTS') | default(true) | bool }}"
return_content: true
status_code:
- 200
loop: "{{ api_get_organizations.json.results | map(attribute='url') | list }}"
register: api_get_permissions
run_once: true
delegate_to: localhost
no_log: > # Contains a secret that logging shows
{{ nfc_pb_disable_log | default(true) }}
- name: Create list of Teams
ansible.builtin.set_fact:
team_permissions: |
[
{% for config_organisation in centurion_erp.teams %}
{% set ns = namespace(added_teams = []) %}
{% for config_team in config_organisation.teams %}
{% for organization in api_get_permissions.results %}
{% if organization.json.name == config_organisation.name %}
{% for team in organization.json.teams %}
{% if team.team_name == config_team.name %}
{
"organization_id": "{{ organization.json.id }}",
"team_name": "{{ team.team_name }}",
"url": "{{ team.url }}",
"notes": "{{ config_team.notes }}",
"permissions":
{{ config_team.permissions }}
},
{% set ns.added_teams = ns.added_teams + [ config_team.name ] %}
{% endif %}
{% endfor %}
{% endif %}
{% endfor %}
{% if config_team.name not in ns.added_teams %}
{
"organization_id":
{% for organization in api_get_permissions.results %}
{% if organization.json.name == config_organisation.name %}
"{{ organization.json.id }}",
{% endif %}
{% endfor %}
"team_name": "{{ config_team.name }}",
"notes": "{{ config_team.notes }}",
"permissions":
{{ config_team.permissions }}
},
{% set ns.added_teams = ns.added_teams + [ config_team.name ] %}
{% endif %}
{% endfor %}
{% endfor %}
]
delegate_to: localhost
run_once: true
no_log: > # Contains a secret that logging shows
{{ nfc_pb_disable_log | default(true) }}
- name: Create new teams in centurion_ERP
ansible.builtin.uri:
url: |-
{{ lookup('env', 'CENTURION_API') }}/api/organization/{{ item.organization_id }}/team
method: POST
body_format: json
body: |-
{
"team_name": "{{ item.team_name }}"
}
headers:
Authorization: Token {{ lookup('env', 'CENTURION_TOKEN') }}
validate_certs: "{{ lookup('env', 'VALIDATE_CENTURION_CERTS') | default(true) | bool }}"
status_code:
- 201
when: >
item.url is not defined
loop: "{{ team_permissions | list }}"
register: api_post_teams
delegate_to: localhost
run_once: true
no_log: > # Contains a secret that logging shows
{{ nfc_pb_disable_log | default(true) }}
- name: update permissions to include newly created teams
ansible.builtin.set_fact:
team_permissions: |
[
{% for team in team_permissions %}
{
"organization_id": "{{ team.organization_id }}",
"team_name": "{{ team.team_name }}",
"notes": "{{ team.notes }}",
"permissions":
{{ team.permissions }},
"url":
{% if team.url is defined %}
"{{ team.url }}",
{% elif team.url is not defined %}
{% for api_values in api_post_teams.results %}
{% if api_values.item.organization_id == team.organization_id %}
{% if api_values.json.team_name == team.team_name %}
"{{ api_values.json.url }}",
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
},
{% endfor %}
]
delegate_to: localhost
run_once: true
no_log: > # Contains a secret that logging shows
{{ nfc_pb_disable_log | default(true) }}
- name: Patch team permissions
ansible.builtin.uri:
url: |-
{{ item.url }}permissions
method: PATCH
body_format: json
body: "{{ item.permissions }}"
headers:
Authorization: Token {{ lookup('env', 'CENTURION_TOKEN') }}
validate_certs: "{{ lookup('env', 'VALIDATE_CENTURION_CERTS') | default(true) | bool }}"
status_code:
- 200
when: >
item.url is defined
loop: "{{ team_permissions | list }}"
delegate_to: localhost
run_once: true
no_log: > # Contains a secret that logging shows
{{ nfc_pb_disable_log | default(true) }}
- name: Patch team notes
ansible.builtin.uri:
url: |-
{{ item.url }}
method: PATCH
body_format: json
body: |-
{
"model_notes": "{{ item.notes }}"
}
headers:
Authorization: Token {{ lookup('env', 'CENTURION_TOKEN') }}
validate_certs: "{{ lookup('env', 'VALIDATE_CENTURION_CERTS') | default(true) | bool }}"
status_code:
- 200
when: >
item.url is defined
loop: "{{ team_permissions | list }}"
delegate_to: localhost
run_once: true
no_log: > # Contains a secret that logging shows
{{ nfc_pb_disable_log | default(true) }}
vars:
nfc_pb_awx_tower_template:
- name: "Centurion/access/teams"
ask_tags_on_launch: false
ask_inventory_on_launch: true
ask_credential_on_launch: true
ask_limit_on_launch: true
concurrent_jobs_enabled: true
description: Creation and patching of teams and permissions
execution_environment: "No Fuss Computing EE"
job_type: "run"
# job_tags: complete
labels:
- centurion_erp
- itsm
- itam
- access
- permissions
- teams
use_fact_cache: true
credential_types:
- name: 'Playbook/teams/centurion'
description: |
Credentials for authentication to centurion_erp
inputs: |
fields:
- id: centurion_url
type: string
label: centurion url
help_text: Ensure that `https://` is prefixed to url
- id: centurion_token
type: string
label: api token
secret: true
- id: centurion_validate_certs
type: boolean
label: Validate SSL Certificate
required:
- itsm_api
- itsm_token
injectors: >
env:
CENTURION_API: '{{ centurion_url }}'
CENTURION_TOKEN: '{{ centurion_token }}'
CENTURION_VALIDATE_CERTS: '{{ centurion_validate_certs | default(true) }}'