jasonpage.tas
1ef25b31d9
Blank lines at end of documents rewording some docs Spacing between ansible-lint-ignore rules Variable names remove uneccessry info in teams.md changed description index changed description teams.md
269 lines
8.2 KiB
YAML
269 lines
8.2 KiB
YAML
---
|
|
- name: Centurion ERP Teams Setup
|
|
hosts: |-
|
|
{%- if nfc_pb_host is defined -%}
|
|
{{ nfc_pb_host }}
|
|
{%- else -%}
|
|
all
|
|
{%- endif %}
|
|
become: false
|
|
gather_facts: false
|
|
connection: local # Play uses HTTP requests ONLY!
|
|
|
|
|
|
tasks:
|
|
|
|
|
|
- name: Confirm required vars exist
|
|
ansible.builtin.assert:
|
|
that:
|
|
- centurion_erp.teams is defined
|
|
- |
|
|
centurion_erp.teams is not mapping
|
|
and
|
|
centurion_erp.teams is iterable
|
|
and
|
|
centurion_erp.teams is not string
|
|
|
|
msg: "Missing required variable or it's of the incorrect type[list]"
|
|
run_once: true
|
|
delegate_to: localhost
|
|
|
|
|
|
- name: Collect organizations from centurion ERP
|
|
ansible.builtin.uri:
|
|
url: |-
|
|
{{ lookup('env', 'CENTURION_API') }}/api/organization/
|
|
method: GET
|
|
body_format: json
|
|
headers:
|
|
authorization: Token {{ lookup('env', 'CENTURION_TOKEN') }}
|
|
validate_certs: "{{ lookup('env', 'VALIDATE_CENTURION_CERTS') | default(true) | bool }}"
|
|
return_content: true
|
|
status_code:
|
|
- 200
|
|
register: api_get_organizations
|
|
run_once: true
|
|
delegate_to: localhost
|
|
no_log: > # Contains a secret that logging shows
|
|
{{ nfc_pb_disable_log | default(true) }}
|
|
|
|
|
|
- name: Collect teams from centurion ERP
|
|
ansible.builtin.uri:
|
|
url: "{{ item }}"
|
|
method: GET
|
|
body_format: json
|
|
headers:
|
|
authorization: Token {{ lookup('env', 'CENTURION_TOKEN') }}
|
|
validate_certs: "{{ lookup('env', 'VALIDATE_CENTURION_CERTS') | default(true) | bool }}"
|
|
return_content: true
|
|
status_code:
|
|
- 200
|
|
loop: "{{ api_get_organizations.json.results | map(attribute='url') | list }}"
|
|
register: api_get_permissions
|
|
run_once: true
|
|
delegate_to: localhost
|
|
no_log: > # Contains a secret that logging shows
|
|
{{ nfc_pb_disable_log | default(true) }}
|
|
|
|
|
|
- name: Create list of Teams
|
|
ansible.builtin.set_fact:
|
|
team_permissions: |
|
|
[
|
|
{% for config_organisation in centurion_erp.teams %}
|
|
|
|
{% set ns = namespace(added_teams = []) %}
|
|
|
|
{% for config_team in config_organisation.teams %}
|
|
|
|
{% for organization in api_get_permissions.results %}
|
|
|
|
{% if organization.json.name == config_organisation.name %}
|
|
|
|
{% for team in organization.json.teams %}
|
|
|
|
{% if team.team_name == config_team.name %}
|
|
|
|
{
|
|
"organization_id": "{{ organization.json.id }}",
|
|
"team_name": "{{ team.team_name }}",
|
|
"url": "{{ team.url }}",
|
|
"notes": "{{ config_team.notes }}",
|
|
"permissions":
|
|
{{ config_team.permissions }}
|
|
},
|
|
|
|
{% set ns.added_teams = ns.added_teams + [ config_team.name ] %}
|
|
|
|
{% endif %}
|
|
|
|
{% endfor %}
|
|
|
|
{% endif %}
|
|
|
|
{% endfor %}
|
|
|
|
{% if config_team.name not in ns.added_teams %}
|
|
{
|
|
"organization_id":
|
|
{% for organization in api_get_permissions.results %}
|
|
{% if organization.json.name == config_organisation.name %}
|
|
"{{ organization.json.id }}",
|
|
{% endif %}
|
|
{% endfor %}
|
|
"team_name": "{{ config_team.name }}",
|
|
"notes": "{{ config_team.notes }}",
|
|
"permissions":
|
|
{{ config_team.permissions }}
|
|
},
|
|
{% set ns.added_teams = ns.added_teams + [ config_team.name ] %}
|
|
|
|
{% endif %}
|
|
|
|
{% endfor %}
|
|
|
|
{% endfor %}
|
|
]
|
|
delegate_to: localhost
|
|
run_once: true
|
|
no_log: > # Contains a secret that logging shows
|
|
{{ nfc_pb_disable_log | default(true) }}
|
|
|
|
|
|
- name: Create new teams in centurion_ERP
|
|
ansible.builtin.uri:
|
|
url: |-
|
|
{{ lookup('env', 'CENTURION_API') }}/api/organization/{{ item.organization_id }}/team
|
|
method: POST
|
|
body_format: json
|
|
body: |-
|
|
{
|
|
"team_name": "{{ item.team_name }}"
|
|
}
|
|
headers:
|
|
Authorization: Token {{ lookup('env', 'CENTURION_TOKEN') }}
|
|
validate_certs: "{{ lookup('env', 'VALIDATE_CENTURION_CERTS') | default(true) | bool }}"
|
|
status_code:
|
|
- 201
|
|
when: >
|
|
item.url is not defined
|
|
loop: "{{ team_permissions | list }}"
|
|
register: api_post_teams
|
|
delegate_to: localhost
|
|
run_once: true
|
|
no_log: > # Contains a secret that logging shows
|
|
{{ nfc_pb_disable_log | default(true) }}
|
|
|
|
|
|
- name: Update permissions to include newly created teams
|
|
ansible.builtin.set_fact:
|
|
team_permissions: |
|
|
[
|
|
{% for team in team_permissions %}
|
|
|
|
{
|
|
"organization_id": "{{ team.organization_id }}",
|
|
"team_name": "{{ team.team_name }}",
|
|
"notes": "{{ team.notes }}",
|
|
"permissions":
|
|
{{ team.permissions }},
|
|
"url":
|
|
{% if team.url is defined %}
|
|
"{{ team.url }}",
|
|
{% elif team.url is not defined %}
|
|
{% for api_values in api_post_teams.results %}
|
|
|
|
{% if api_values.item.organization_id == team.organization_id %}
|
|
|
|
{% if api_values.json.team_name == team.team_name %}
|
|
|
|
"{{ api_values.json.url }}",
|
|
|
|
{% endif %}
|
|
|
|
{% endif %}
|
|
|
|
{% endfor %}
|
|
|
|
{% endif %}
|
|
},
|
|
|
|
{% endfor %}
|
|
]
|
|
delegate_to: localhost
|
|
run_once: true
|
|
no_log: > # Contains a secret that logging shows
|
|
{{ nfc_pb_disable_log | default(true) }}
|
|
|
|
|
|
- name: Patch team permissions
|
|
ansible.builtin.uri:
|
|
url: |-
|
|
{{ item.url }}permissions
|
|
method: PATCH
|
|
body_format: json
|
|
body: "{{ item.permissions }}"
|
|
headers:
|
|
Authorization: Token {{ lookup('env', 'CENTURION_TOKEN') }}
|
|
validate_certs: "{{ lookup('env', 'VALIDATE_CENTURION_CERTS') | default(true) | bool }}"
|
|
status_code:
|
|
- 200
|
|
when: >
|
|
item.url is defined
|
|
loop: "{{ team_permissions | list }}"
|
|
delegate_to: localhost
|
|
run_once: true
|
|
no_log: > # Contains a secret that logging shows
|
|
{{ nfc_pb_disable_log | default(true) }}
|
|
|
|
|
|
- name: Patch team notes
|
|
ansible.builtin.uri:
|
|
url: |-
|
|
{{ item.url }}
|
|
method: PATCH
|
|
body_format: json
|
|
body: |-
|
|
{
|
|
"model_notes": "{{ item.notes }}"
|
|
}
|
|
headers:
|
|
Authorization: Token {{ lookup('env', 'CENTURION_TOKEN') }}
|
|
validate_certs: "{{ lookup('env', 'VALIDATE_CENTURION_CERTS') | default(true) | bool }}"
|
|
status_code:
|
|
- 200
|
|
when: >
|
|
item.url is defined
|
|
loop: "{{ team_permissions | list }}"
|
|
delegate_to: localhost
|
|
run_once: true
|
|
no_log: > # Contains a secret that logging shows
|
|
{{ nfc_pb_disable_log | default(true) }}
|
|
|
|
|
|
vars:
|
|
|
|
nfc_pb_awx_tower_template:
|
|
|
|
- name: "Centurion/Access/Teams"
|
|
ask_tags_on_launch: false
|
|
ask_inventory_on_launch: true
|
|
ask_credential_on_launch: true
|
|
ask_limit_on_launch: true
|
|
concurrent_jobs_enabled: true
|
|
description: Creation and patching of teams and permissions
|
|
execution_environment: "No Fuss Computing EE"
|
|
job_type: "run"
|
|
# job_tags: complete
|
|
labels:
|
|
- access
|
|
- centurion_erp
|
|
- itam
|
|
- itsm
|
|
- permissions
|
|
- teams
|
|
use_fact_cache: true
|
|
|