From e4636bd1432f17d20ba9d46553e668a644efad34 Mon Sep 17 00:00:00 2001 From: WadeStern Date: Fri, 11 Apr 2025 14:33:31 -0400 Subject: [PATCH 01/10] Made collection ansible lint compliant --- CHANGELOG.md | 0 galaxy.yml | 12 +- meta/runtime.yml | 2 +- playbooks/admin_all_roles.yml | 1 - playbooks/app_adapter_version.yml | 74 ++++----- playbooks/create_adapter.yml | 27 ++-- playbooks/dependencies_version.yml | 186 ++++++++++++----------- playbooks/iag_refresh_custom_scripts.yml | 28 ++-- playbooks/job_worker_status.yml | 29 +--- playbooks/metrics.yml | 51 +++---- playbooks/mongo_dump.yml | 14 +- playbooks/mongodb_change_password.yml | 4 +- playbooks/restart_iag.yml | 4 +- playbooks/switch_active_profile.yml | 37 ++--- playbooks/sync_iag_script_schema.yml | 16 +- 15 files changed, 232 insertions(+), 253 deletions(-) create mode 100644 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..e69de29 diff --git a/galaxy.yml b/galaxy.yml index e72c6e2..9171383 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -16,8 +16,8 @@ readme: README.md # A list of the collection's content authors. Can be just the name or in the format 'Full Name (url) # @nicks:irc/im.site#channel' authors: -- Steven Schattenberg -- Ranjitha Parameshwaraiah + - Steven Schattenberg + - Ranjitha Parameshwaraiah ### OPTIONAL but strongly recommended @@ -26,7 +26,7 @@ description: A collection of tools intended to be used by the administrators of # Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only # accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file' -#license: GPL-2.0-or-later +# license: GPL-2.0-or-later # The path to the license file for the collection. This path is relative to the root of the collection. This key is # mutually exclusive with 'license' @@ -36,8 +36,9 @@ license_file: 'LICENSE' # requirements as 'namespace' and 'name' tags: - itential - - automation-platform - - automation-gateway + - platform + - gateway + - tools # Collections that this collection requires to be installed for it to be usable. The key of the dict is the # collection label 'namespace.name'. The value is a version range @@ -77,4 +78,3 @@ build_ignore: # 'omit_default_directives' is a boolean that controls whether the default directives are used. Mutually exclusive # with 'build_ignore' # manifest: null - diff --git a/meta/runtime.yml b/meta/runtime.yml index 20f709e..f3589f4 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -1,7 +1,7 @@ --- # Collections must specify a minimum required ansible version to upload # to galaxy -# requires_ansible: '>=2.9.10' +requires_ansible: '>=2.15.0' # Content that Ansible needs to load from another location or that has # been deprecated/removed diff --git a/playbooks/admin_all_roles.yml b/playbooks/admin_all_roles.yml index 402bd19..f550a8e 100644 --- a/playbooks/admin_all_roles.yml +++ b/playbooks/admin_all_roles.yml @@ -75,4 +75,3 @@ headers: Cookie: "token={{ auth_token }}" register: response_patch - \ No newline at end of file diff --git a/playbooks/app_adapter_version.yml b/playbooks/app_adapter_version.yml index b876e3a..4b13d77 100644 --- a/playbooks/app_adapter_version.yml +++ b/playbooks/app_adapter_version.yml @@ -2,7 +2,7 @@ # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) --- # Example usage: -# ansible-playbook -i hosts app_adapter_version.yml +# ansible-playbook -i hosts app_adapter_version.yml - name: Adapter/App Version hosts: platform @@ -10,7 +10,10 @@ connection: local vars_prompt: - name: adapter_app_names - prompt: "Provide names of Adapter/App, separated by comma. Press ENTER without providing any names in order to get the versions of all adapters and applications" + prompt: > + Provide names of Adapter/App, separated by comma. Press ENTER without + providing any names in order to get the versions of all adapters and + applications private: false - name: iap_username @@ -19,12 +22,11 @@ - name: iap_password prompt: "IAP Password" - + tasks: - name: Convert adapter_app_names to list - set_fact: - adapter_app_names_list: "{{ adapter_app_names.split(',')|map('trim') }}" - + ansible.builtin.set_fact: + adapter_app_names_list: "{{ adapter_app_names.split(',') | map('trim') }}" - name: Login to IAP and get token ansible.builtin.uri: @@ -35,60 +37,60 @@ headers: Content-Type: "application/json" status_code: 200 - return_content: yes + return_content: true register: token - name: Extract token from login response - set_fact: + ansible.builtin.set_fact: auth_token: "?token={{ token.content }}" - + - name: Get the list of Adapters ansible.builtin.uri: url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/health/adapters{{ auth_token }}" method: GET status_code: 200 - return_content: yes + return_content: true register: adapters_response - + - name: Extract the adapters response - set_fact: + ansible.builtin.set_fact: adapters_response: "{{ adapters_response.content }}" - + - name: Extract the adapter information - set_fact: - adapters: "{{ adapters_response.results | selectattr(\"id\", \"in\", adapter_app_names_list) | default([]) }}" + ansible.builtin.set_fact: + adapters: "{{ adapters_response.results | selectattr(\"id\", \"in\", adapter_app_names_list) | default([]) }}" when: adapter_app_names_list[0] != "" - + - name: Extract the adapter informations - set_fact: + ansible.builtin.set_fact: adapters: "{{ adapters_response.results }}" when: adapter_app_names_list[0] == "" - + - name: Get the list of Applications ansible.builtin.uri: url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/health/applications{{ auth_token }}" method: GET status_code: 200 - return_content: yes + return_content: true register: applications_response - name: Extract the application response - set_fact: + ansible.builtin.set_fact: applications_response: "{{ applications_response.content }}" - + - name: Get the application information - set_fact: - applications: "{{ applications_response.results | selectattr(\"id\", \"in\", adapter_app_names_list) | default([]) }}" + ansible.builtin.set_fact: + applications: "{{ applications_response.results | selectattr(\"id\", \"in\", adapter_app_names_list) | default([]) }}" when: adapter_app_names_list[0] != "" - name: Extract the adapter informations - set_fact: + ansible.builtin.set_fact: applications: "{{ applications_response.results }}" when: adapter_app_names_list[0] == "" - name: Grab adapter version - set_fact: - adapterVersions: | + ansible.builtin.set_fact: + adapter_versions: | The adapters with their versions are: ========================================== {% for item in adapters %} @@ -96,8 +98,8 @@ {% endfor %} - name: Grab application version - set_fact: - applicationVersions: | + ansible.builtin.set_fact: + application_versions: | The applications with their versions are: ============================================== {% for item in applications %} @@ -105,8 +107,8 @@ {% endfor %} - name: Grab the list of applications/adapters that are not found. - set_fact: - notFound: | + ansible.builtin.set_fact: + not_found: | Following Adapters/Applications were not found: ==================================================== {% set adaptersList = adapters_response.results | map(attribute='id') %} @@ -120,14 +122,14 @@ - name: Display the version of provided applications and adapters ansible.builtin.debug: msg: - - "{{ adapterVersions.split('\n') }}" - - "{{ applicationVersions.split('\n') }}" - - "{{ notFound.split('\n') }}" + - "{{ adapter_versions.split('\n') }}" + - "{{ application_versions.split('\n') }}" + - "{{ not_found.split('\n') }}" when: adapter_app_names_list[0] != "" - + - name: Display the version of all applications and adapters ansible.builtin.debug: msg: - - "{{ adapterVersions.split('\n') }}" - - "{{ applicationVersions.split('\n') }}" + - "{{ adapter_versions.split('\n') }}" + - "{{ application_versions.split('\n') }}" when: adapter_app_names_list[0] == "" diff --git a/playbooks/create_adapter.yml b/playbooks/create_adapter.yml index 2f3dcbb..4dedee1 100644 --- a/playbooks/create_adapter.yml +++ b/playbooks/create_adapter.yml @@ -22,7 +22,7 @@ vars: adapter_properties: "{{ lookup('file', adapter_properties_file) | from_json }}" - + tasks: - name: Login to IAP and get token ansible.builtin.uri: @@ -33,13 +33,13 @@ headers: Content-Type: "application/json" status_code: 200 - return_content: yes + return_content: true register: token - name: Extract token from login response - set_fact: + ansible.builtin.set_fact: auth_token: "?token={{ token.content }}" - + - name: Make an API call to create the adapter instance ansible.builtin.uri: url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/adapters{{ auth_token }}" @@ -48,24 +48,23 @@ body_format: json headers: Content-Type: "application/json" - status_code: [200,400,500] - return_content: yes + status_code: [200, 400, 500] + return_content: true register: response - + - name: Extract the response of an API call - set_fact: + ansible.builtin.set_fact: creation_response: "{{ response.content }}" - + - name: Start the adapter ansible.builtin.uri: url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/adapters/{{ creation_response.data.name }}/start{{ auth_token }}" method: PUT - status_code: [200,400,500] - return_content: yes + status_code: [200, 400, 500] + return_content: true when: creation_response.status is defined and creation_response.status == "Created" - + - name: Display the response. - ansible.builtin.debug: + ansible.builtin.debug: msg: - "{{ creation_response }}" - diff --git a/playbooks/dependencies_version.yml b/playbooks/dependencies_version.yml index dc9727c..2851fb0 100644 --- a/playbooks/dependencies_version.yml +++ b/playbooks/dependencies_version.yml @@ -11,10 +11,9 @@ - name: Mongo version ansible.builtin.command: mongod --version register: mongodb_version + changed_when: false when: component == "mongodb" or component == "platform" or component == "all" - - - name: Redis versions hosts: redis gather_facts: false @@ -22,9 +21,9 @@ - name: Redis version ansible.builtin.command: redis-server -v register: redis_version + changed_when: false when: component == "redis" or component == "platform" or component == "all" - - name: Rabbit versions hosts: rabbitmq gather_facts: false @@ -34,9 +33,9 @@ become: true become_user: root register: rabbitmq_version + changed_when: false when: component == "rabbitmq" or component == "platform" or component == "all" - - name: IAP Dependencies Versions hosts: platform gather_facts: false @@ -44,41 +43,49 @@ - name: Node version ansible.builtin.command: node -v register: node_version + changed_when: false when: component == "platform" or component == "all" - name: NPM version ansible.builtin.command: npm -v register: npm_version + changed_when: false when: component == "platform" or component == "all" - + - name: Python version ansible.builtin.command: python3 -V register: iap_python_version + changed_when: false when: component == "platform" or component == "all" - + - name: Pip version ansible.builtin.command: pip3 -V register: iap_pip_version + changed_when: false when: component == "platform" or component == "all" - + - name: MarkupSafe version ansible.builtin.command: pip3 show markupsafe register: iap_markupsafe_version + changed_when: false when: component == "platform" or component == "all" - + - name: TextFSM version ansible.builtin.command: pip3 show textfsm register: iap_textfsm_version + changed_when: false when: component == "platform" or component == "all" - + - name: Jinja2 version ansible.builtin.command: pip3 show jinja2 register: iap_jinja2_version + changed_when: false when: component == "platform" or component == "all" - + - name: HashiCorp Vault Version ansible.builtin.command: vault -v register: iap_vault_version + changed_when: false ignore_errors: true when: component == "platform" or component == "all" @@ -90,41 +97,49 @@ - name: Python version ansible.builtin.command: python3 -V register: iag_python_version + changed_when: false when: component == "gateway" or component == "all" - + - name: OpenSSL version ansible.builtin.command: openssl version register: iag_openssl_version + changed_when: false when: component == "gateway" or component == "all" - name: HAProxy version ansible.builtin.command: haproxy -v register: iag_haproxy_version + changed_when: false when: component == "gateway" or component == "all" - + - name: Pip version ansible.builtin.command: pip3 -V register: iag_pip_version + changed_when: false when: component == "gateway" or component == "all" - + - name: Terraform version ansible.builtin.command: terraform -v register: iag_terraform_version + changed_when: false when: component == "gateway" or component == "all" - + - name: Nornir version ansible.builtin.command: pip3 show nornir register: iag_nornir_version + changed_when: false when: component == "gateway" or component == "all" - + - name: Netmiko version ansible.builtin.command: pip3 show netmiko register: iag_netmiko_version + changed_when: false when: component == "gateway" or component == "all" - name: Ansible version ansible.builtin.command: ansible --version register: iag_ansible_version + changed_when: false when: component == "gateway" or component == "all" @@ -135,14 +150,14 @@ - name: Show Redis Version ansible.builtin.debug: msg: - - "Summary of gather facts" - - "=====================================================" - - "Architecture: {{ ansible_facts.architecture }}" - - "OS version: {{ ansible_facts.distribution }} {{ ansible_facts.distribution_version }}" - - "Memory: {{ ansible_facts.memory_mb }}" - - "=====================================================" - - "Redis version: {{ redis_version.stdout_lines }} " - - "=====================================================" + - "Summary of gather facts" + - "=====================================================" + - "Architecture: {{ ansible_facts.architecture }}" + - "OS version: {{ ansible_facts.distribution }} {{ ansible_facts.distribution_version }}" + - "Memory: {{ ansible_facts.memory_mb }}" + - "=====================================================" + - "Redis version: {{ redis_version.stdout_lines }} " + - "=====================================================" when: component == "redis" or component == "platform" or component == "all" @@ -153,17 +168,16 @@ - name: Show Rabbitmq Version ansible.builtin.debug: msg: - - "Summary of gather facts" - - "=====================================================" - - "Architecture: {{ ansible_facts.architecture }}" - - "OS version: {{ ansible_facts.distribution }} {{ ansible_facts.distribution_version }}" - - "Memory: {{ ansible_facts.memory_mb }}" - - "=====================================================" - - "RabbitMQ version: {{ rabbitmq_version.stdout_lines }} " - - "=====================================================" + - "Summary of gather facts" + - "=====================================================" + - "Architecture: {{ ansible_facts.architecture }}" + - "OS version: {{ ansible_facts.distribution }} {{ ansible_facts.distribution_version }}" + - "Memory: {{ ansible_facts.memory_mb }}" + - "=====================================================" + - "RabbitMQ version: {{ rabbitmq_version.stdout_lines }} " + - "=====================================================" when: component == "rabbitmq" or component == "platform" or component == "all" - - name: Show mongo version hosts: mongodb gather_facts: true @@ -171,16 +185,15 @@ - name: Show mongodb Version ansible.builtin.debug: msg: - - "Summary of gather facts" - - "=====================================================" - - "Architecture: {{ ansible_facts.architecture }}" - - "OS version: {{ ansible_facts.distribution }} {{ ansible_facts.distribution_version }}" - - "Memory: {{ ansible_facts.memory_mb }}" - - "=====================================================" - - "Mongo version: {{ mongodb_version.stdout_lines }} " - - "=====================================================" + - "Summary of gather facts" + - "=====================================================" + - "Architecture: {{ ansible_facts.architecture }}" + - "OS version: {{ ansible_facts.distribution }} {{ ansible_facts.distribution_version }}" + - "Memory: {{ ansible_facts.memory_mb }}" + - "=====================================================" + - "Mongo version: {{ mongodb_version.stdout_lines }} " + - "=====================================================" when: component == "mongodb" or component == "platform" or component == "all" - - name: Show IAP dependencies versions hosts: platform @@ -189,31 +202,30 @@ - name: Show versions ansible.builtin.debug: msg: - - "Summary of gather facts" - - "=====================================================" - - "Architecture: {{ ansible_facts.architecture }}" - - "OS version: {{ ansible_facts.distribution }} {{ ansible_facts.distribution_version }}" - - "Memory: {{ ansible_facts.memory_mb }}" - - "=====================================================" - - "Node version: {{ node_version.stdout_lines }}" - - "=====================================================" - - "NPM version: {{ npm_version.stdout_lines }} " - - "=====================================================" - - "Python version: {{ iap_python_version.stdout_lines }}" - - "=====================================================" - - "Pip version: {{ iap_pip_version.stdout_lines }}" - - "=====================================================" - - "MarkupSafe version: {{ iap_markupsafe_version.stdout_lines }}" - - "=====================================================" - - "TextFSM version: {{ iap_textfsm_version.stdout_lines }}" - - "=====================================================" - - "Jinja2 version: {{ iap_jinja2_version.stdout_lines }}" - - "=====================================================" - - "Hashicorp Vault version: {{ iap_vault_version.stdout_lines }}" - - "=====================================================" + - "Summary of gather facts" + - "=====================================================" + - "Architecture: {{ ansible_facts.architecture }}" + - "OS version: {{ ansible_facts.distribution }} {{ ansible_facts.distribution_version }}" + - "Memory: {{ ansible_facts.memory_mb }}" + - "=====================================================" + - "Node version: {{ node_version.stdout_lines }}" + - "=====================================================" + - "NPM version: {{ npm_version.stdout_lines }} " + - "=====================================================" + - "Python version: {{ iap_python_version.stdout_lines }}" + - "=====================================================" + - "Pip version: {{ iap_pip_version.stdout_lines }}" + - "=====================================================" + - "MarkupSafe version: {{ iap_markupsafe_version.stdout_lines }}" + - "=====================================================" + - "TextFSM version: {{ iap_textfsm_version.stdout_lines }}" + - "=====================================================" + - "Jinja2 version: {{ iap_jinja2_version.stdout_lines }}" + - "=====================================================" + - "Hashicorp Vault version: {{ iap_vault_version.stdout_lines }}" + - "=====================================================" when: component == "platform" or component == "all" - - name: Show IAG dependencies versions hosts: gateway gather_facts: true @@ -221,26 +233,26 @@ - name: Show versions ansible.builtin.debug: msg: - - "Summary of gather facts" - - "=====================================================" - - "Architecture: {{ ansible_facts.architecture }}" - - "OS version: {{ ansible_facts.distribution }} {{ ansible_facts.distribution_version }}" - - "Memory: {{ ansible_facts.memory_mb }}" - - "=====================================================" - - "Python version: {{ iag_python_version.stdout_lines }}" - - "=====================================================" - - "OpenSSL version: {{ iag_openssl_version.stdout_lines }}" - - "=====================================================" - - "HAProxy version: {{ iag_haproxy_version.stdout_lines }}" - - "=====================================================" - - "Pip version: {{ iag_pip_version.stdout_lines }}" - - "=====================================================" - - "Terraform version: {{ iag_terraform_version.stdout_lines }}" - - "=====================================================" - - "Nornir version: {{ iag_nornir_version.stdout_lines }}" - - "=====================================================" - - "Netmiko version: {{ iag_netmiko_version.stdout_lines }}" - - "=====================================================" - - "Ansible version: {{ iag_ansible_version }}" - - "=====================================================" - when: component == "gateway" or component == "all" \ No newline at end of file + - "Summary of gather facts" + - "=====================================================" + - "Architecture: {{ ansible_facts.architecture }}" + - "OS version: {{ ansible_facts.distribution }} {{ ansible_facts.distribution_version }}" + - "Memory: {{ ansible_facts.memory_mb }}" + - "=====================================================" + - "Python version: {{ iag_python_version.stdout_lines }}" + - "=====================================================" + - "OpenSSL version: {{ iag_openssl_version.stdout_lines }}" + - "=====================================================" + - "HAProxy version: {{ iag_haproxy_version.stdout_lines }}" + - "=====================================================" + - "Pip version: {{ iag_pip_version.stdout_lines }}" + - "=====================================================" + - "Terraform version: {{ iag_terraform_version.stdout_lines }}" + - "=====================================================" + - "Nornir version: {{ iag_nornir_version.stdout_lines }}" + - "=====================================================" + - "Netmiko version: {{ iag_netmiko_version.stdout_lines }}" + - "=====================================================" + - "Ansible version: {{ iag_ansible_version }}" + - "=====================================================" + when: component == "gateway" or component == "all" diff --git a/playbooks/iag_refresh_custom_scripts.yml b/playbooks/iag_refresh_custom_scripts.yml index cebda40..2a1992f 100644 --- a/playbooks/iag_refresh_custom_scripts.yml +++ b/playbooks/iag_refresh_custom_scripts.yml @@ -2,7 +2,7 @@ # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) --- # Example usage: -# ansible-playbook -i hosts iag_refresh_custom_scripts.yml +# ansible-playbook -i hosts iag_refresh_custom_scripts.yml - name: Refresh IAG Scripts hosts: all gather_facts: false @@ -18,12 +18,12 @@ headers: Content-Type: "application/json" status_code: 200 - return_content: yes + return_content: true register: iag_token when: inventory_hostname in groups["gateway"] - name: Extract IAG token from login response - set_fact: + ansible.builtin.set_fact: iag_auth_token: "{% set token_content = iag_token.content | from_json %}{{ token_content.token }}" when: inventory_hostname in groups["gateway"] @@ -32,11 +32,11 @@ url: "{{ iag_protocol }}://{{ ansible_host }}:{{ iag_port }}/api/v2.0/scripts/refresh" method: POST status_code: 200 - return_content: yes + return_content: true headers: Authorization: "{{ iag_auth_token }}" when: inventory_hostname in groups["gateway"] - + - name: Login to IAP and get token ansible.builtin.uri: url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/login" @@ -46,38 +46,38 @@ headers: Content-Type: "application/json" status_code: 200 - return_content: yes + return_content: true register: iap_token when: inventory_hostname in groups["platform"] - name: Extract token from login response - set_fact: + ansible.builtin.set_fact: iap_auth_token: "?token={{ iap_token.content }}" when: inventory_hostname in groups["platform"] - + - name: Get the list of gateway adapters ansible.builtin.uri: url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/health/adapters{{ iap_auth_token }}&contains=gateway" method: GET status_code: 200 - return_content: yes + return_content: true register: adapters_response when: inventory_hostname in groups["platform"] - + - name: Extract IAG adapter names - set_fact: + ansible.builtin.set_fact: adapters: "{% set adapters_content = adapters_response.content | from_json %}{{ adapters_content.results | map(attribute='id') }}" when: inventory_hostname in groups["platform"] - + - name: Restart IAG adapters ansible.builtin.uri: url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/adapters/{{ item }}/restart{{ iap_auth_token }}" method: PUT loop: "{{ adapters }}" when: inventory_hostname in groups["platform"] - + - name: Restart gateway application ansible.builtin.uri: url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/applications/AGManager/restart{{ iap_auth_token }}" method: PUT - when: inventory_hostname in groups["platform"] \ No newline at end of file + when: inventory_hostname in groups["platform"] diff --git a/playbooks/job_worker_status.yml b/playbooks/job_worker_status.yml index 99f792c..c056da4 100644 --- a/playbooks/job_worker_status.yml +++ b/playbooks/job_worker_status.yml @@ -2,7 +2,7 @@ # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) --- # Example usage: -# ansible-playbook -i task_worker_status.yml +# ansible-playbook -i task_worker_status.yml - name: Status of job worker and task worker hosts: platform @@ -10,34 +10,13 @@ connection: local tasks: - - name: Login to IAP and get token - ansible.builtin.uri: - url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/login" - method: POST - body: '{"username": "{{ iap_username }}", "password": "{{ iap_password }}"}' - body_format: json - headers: - Content-Type: "application/json" - status_code: 200 - return_content: yes - register: token - - - name: Extract token from login response - set_fact: - auth_token: "?token={{ token.content }}" - - name: Get the status of job worker and task worker - ansible.builtin.uri: - url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/workflow_engine/workers/status{{ auth_token }}" + itential.platform.generic_request: method: GET - status_code: 200 - return_content: yes + endpoint: "/workflow_engine/workers/status" register: status_response - + - name: Display the status ansible.builtin.debug: msg: - "{{ status_response.json }}" - - - diff --git a/playbooks/metrics.yml b/playbooks/metrics.yml index 4a04584..31f33be 100644 --- a/playbooks/metrics.yml +++ b/playbooks/metrics.yml @@ -2,7 +2,7 @@ # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) --- # Example usage: -# ansible-playbook -i hosts metrics.yml +# ansible-playbook -i hosts metrics.yml - name: IAP Metrics hosts: platform gather_facts: false @@ -19,20 +19,19 @@ headers: Content-Type: "application/json" status_code: 200 - return_content: yes + return_content: true register: token - name: Extract token from login response - set_fact: + ansible.builtin.set_fact: auth_token: "?token={{ token.content }}" - - name: Get workflow count ansible.builtin.uri: url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/automation-studio/workflows{{ auth_token }}" method: GET status_code: 200 - return_content: yes + return_content: true register: workflows - name: Get template count @@ -40,7 +39,7 @@ url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/automation-studio/templates{{ auth_token }}" method: GET status_code: 200 - return_content: yes + return_content: true register: templates - name: Get transformation count @@ -48,7 +47,7 @@ url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/transformations{{ auth_token }}" method: GET status_code: 200 - return_content: yes + return_content: true register: transformations - name: Get MOP templates count @@ -56,7 +55,7 @@ url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/mop/listTemplates{{ auth_token }}" method: GET status_code: 200 - return_content: yes + return_content: true register: mop - name: Get analytic templates count @@ -64,7 +63,7 @@ url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/mop/listAnalyticTemplates{{ auth_token }}" method: GET status_code: 200 - return_content: yes + return_content: true register: analytictemplates - name: Get jobs count @@ -72,7 +71,7 @@ url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/operations-manager/jobs{{ auth_token }}" method: GET status_code: 200 - return_content: yes + return_content: true register: jobs - name: Get automations count @@ -80,15 +79,15 @@ url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/operations-manager/automations{{ auth_token }}" method: GET status_code: 200 - return_content: yes + return_content: true register: automations - + - name: Get form count ansible.builtin.uri: url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/formbuilder/listForms{{ auth_token }}" method: GET status_code: 200 - return_content: yes + return_content: true register: forms - name: Get json form count @@ -96,20 +95,20 @@ url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/json-forms/forms{{ auth_token }}" method: GET status_code: 200 - return_content: yes + return_content: true register: jsonforms - name: Display metrics ansible.builtin.debug: - msg: - - "Metrics of {{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}" - - "=====================================================" - - "Workflow count: {{ workflows.json.count }} " - - "Template count: {{ templates.json.count }} " - - "MOP template count: {{ mop.json | length }} " - - "Analytic template count: {{ analytictemplates.json | length }} " - - "JST count: {{ transformations.json.total }} " - - "JSON form count: {{ jsonforms.json | length }} " - - "Form count: {{ forms.json | length }} " - - "Job count: {{ jobs.json.metadata.total }} " - - "Automation count: {{ automations.json.metadata.total }} " + msg: + - "Metrics of {{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}" + - "=====================================================" + - "Workflow count: {{ workflows.json.count }} " + - "Template count: {{ templates.json.count }} " + - "MOP template count: {{ mop.json | length }} " + - "Analytic template count: {{ analytictemplates.json | length }} " + - "JST count: {{ transformations.json.total }} " + - "JSON form count: {{ jsonforms.json | length }} " + - "Form count: {{ forms.json | length }} " + - "Job count: {{ jobs.json.metadata.total }} " + - "Automation count: {{ automations.json.metadata.total }} " diff --git a/playbooks/mongo_dump.yml b/playbooks/mongo_dump.yml index b67d21b..3b45cdb 100644 --- a/playbooks/mongo_dump.yml +++ b/playbooks/mongo_dump.yml @@ -9,9 +9,15 @@ tasks: - name: Dump all collections - ansible.builtin.command: mongodump -u {{mongo_username}} -d {{db}} -p {{mongo_password}} --authenticationDatabase={{mongo_auth_db}} + ansible.builtin.command: > + mongodump -u {{ mongo_username }} -d {{ db }} -p {{ mongo_password }} + --authenticationDatabase={{ mongo_auth_db }} when: collection is undefined - + changed_when: false + - name: Dump single collection - ansible.builtin.command: mongodump -u {{mongo_username}} -d {{db}} -p {{mongo_password}} --authenticationDatabase={{mongo_auth_db}} -c {{collection}} - when: collection is defined \ No newline at end of file + ansible.builtin.command: > + mongodump -u {{ mongo_username }} -d {{ db }} -p {{ mongo_password }} + --authenticationDatabase={{ mongo_auth_db }} -c {{ collection }} + when: collection is defined + changed_when: false diff --git a/playbooks/mongodb_change_password.yml b/playbooks/mongodb_change_password.yml index 1992c7d..4956142 100644 --- a/playbooks/mongodb_change_password.yml +++ b/playbooks/mongodb_change_password.yml @@ -16,7 +16,7 @@ # ansible-playbook update_mongo_password.yml -i hosts \ # -e "mongo_admin_password=adminpass mongo_new_password=newpass" -- name: Deactivate Platform workers +- name: Update Configuration and restart platform hosts: platform* gather_facts: false any_errors_fatal: true @@ -30,7 +30,7 @@ replace: "mongo_password = {{ mongo_new_password }}" notify: Restart platform -- name: Update MongoDB password and restart platform +- name: Update MongoDB password and restart hosts: mongodb gather_facts: false any_errors_fatal: true diff --git a/playbooks/restart_iag.yml b/playbooks/restart_iag.yml index 0e24dee..18fac06 100644 --- a/playbooks/restart_iag.yml +++ b/playbooks/restart_iag.yml @@ -9,4 +9,6 @@ tasks: - name: Restart IAG - ansible.builtin.command: sudo systemctl restart automation-gateway \ No newline at end of file + ansible.builtin.service: + name: automation-gateway + state: restarted diff --git a/playbooks/switch_active_profile.yml b/playbooks/switch_active_profile.yml index 14fc3f8..96aa24e 100644 --- a/playbooks/switch_active_profile.yml +++ b/playbooks/switch_active_profile.yml @@ -2,7 +2,7 @@ # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) --- # Example usage: -# ansible-playbook -i switch_active_profile.yml +# ansible-playbook -i switch_active_profile.yml - name: Switch Active Profile hosts: platform @@ -10,38 +10,19 @@ become: true tasks: - - name: Login to IAP and get token - ansible.builtin.uri: - url: "{{ iap_protocol }}://localhost:{{ iap_port }}/login" - method: POST - body: '{"username": "{{ iap_username }}", "password": "{{ iap_password }}"}' - body_format: json - headers: - Content-Type: "application/json" - status_code: 200 - return_content: yes - register: token - - - name: Extract token from login response - ansible.builtin.set_fact: - auth_token: "?token={{ token.content }}" - - name: Switch active Profile - ansible.builtin.uri: - url: "{{ iap_protocol }}://localhost:{{ iap_port }}/profiles/{{ id }}/active{{ auth_token }}" + itential.platform.generic_request: method: PUT - status_code: 200, 300, 400, 500 - return_content: yes - register: switch_profile_response - + endpoint: "/profiles/{{ id }}/active" + register: status_response + - name: Display the response ansible.builtin.debug: msg: - "{{ switch_profile_response.json }}" - - name: Restart IAP - ansible.builtin.systemd: - name: automation-platform - state: restarted + - name: Restart platform + ansible.builtin.include_role: + name: itential.toolkit.restart_platform + tasks_from: restart when: switch_profile_response.status == 200 - \ No newline at end of file diff --git a/playbooks/sync_iag_script_schema.yml b/playbooks/sync_iag_script_schema.yml index 5704974..7eeb059 100644 --- a/playbooks/sync_iag_script_schema.yml +++ b/playbooks/sync_iag_script_schema.yml @@ -20,7 +20,7 @@ headers: Content-Type: "application/json" status_code: 200 - return_content: yes + return_content: true register: iag_token when: inventory_hostname in groups["gateway"] @@ -30,21 +30,21 @@ when: inventory_hostname in groups["gateway"] - name: Get the latest script schema - ansible.builtin.uri: + ansible.builtin.uri: url: "{{ iag_protocol }}://{{ ansible_host }}:{{ iag_port }}/api/v2.0/scripts/{{ script_name }}/schema" method: GET - return_content: yes + return_content: true status_code: 200 headers: - Authorization: "{{ iag_auth_token }}" - run_once: true + Authorization: "{{ iag_auth_token }}" + delegate_to: "{{ groups['gateway'][0] }}" register: schema_response - + - name: Display the schema ansible.builtin.debug: msg: - "{{ schema_response.json }}" - run_once: true + delegate_to: "{{ groups['gateway'][0] }}" - name: Update the script schema across all IAG ansible.builtin.uri: @@ -54,6 +54,6 @@ body_format: json status_code: 200 headers: - Authorization: "{{ iag_auth_token }}" + Authorization: "{{ iag_auth_token }}" return_content: true register: update_response From cf0d36c178ab07fe9c025e888db4cb7b62ef7e81 Mon Sep 17 00:00:00 2001 From: WadeStern Date: Fri, 11 Apr 2025 15:33:29 -0400 Subject: [PATCH 02/10] testing ansible lint file tweaks --- .ansible-lint | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.ansible-lint b/.ansible-lint index 4aa19b5..81898fc 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -9,3 +9,7 @@ exclude_paths: warn_list: - yaml[line-length] - var-naming[no-role-prefix] + +# Rules to skip entirely (e.g., for private or custom collections) +skip_list: + - name[missing-module] \ No newline at end of file From 7ea324e859ad96b70efe93bd639d912d7f1e7deb Mon Sep 17 00:00:00 2001 From: WadeStern Date: Mon, 14 Apr 2025 12:15:54 -0400 Subject: [PATCH 03/10] added requirements file --- requirements.yml | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 requirements.yml diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..6227c60 --- /dev/null +++ b/requirements.yml @@ -0,0 +1,3 @@ +collections: + - name: itential.platform + - name: community.mongodb \ No newline at end of file From fb185fa5cba1a1dd20815f7ad4bc004a48db23a3 Mon Sep 17 00:00:00 2001 From: WadeStern Date: Mon, 14 Apr 2025 12:34:43 -0400 Subject: [PATCH 04/10] tweaks to fix lint --- .ansible-lint | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ansible-lint b/.ansible-lint index 81898fc..9d20dae 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -12,4 +12,4 @@ warn_list: # Rules to skip entirely (e.g., for private or custom collections) skip_list: - - name[missing-module] \ No newline at end of file + - name[missing] \ No newline at end of file From cce067d0ec78117cddabc55148b39617e09f4ac0 Mon Sep 17 00:00:00 2001 From: WadeStern Date: Mon, 14 Apr 2025 12:36:29 -0400 Subject: [PATCH 05/10] removed requirements --- requirements.yml | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 requirements.yml diff --git a/requirements.yml b/requirements.yml deleted file mode 100644 index 6227c60..0000000 --- a/requirements.yml +++ /dev/null @@ -1,3 +0,0 @@ -collections: - - name: itential.platform - - name: community.mongodb \ No newline at end of file From 41347bcc559b48db4418ed0669de352e5b6c7598 Mon Sep 17 00:00:00 2001 From: WadeStern Date: Mon, 14 Apr 2025 12:47:06 -0400 Subject: [PATCH 06/10] testing --- .ansible-lint | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ansible-lint b/.ansible-lint index 9d20dae..5756aaa 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -12,4 +12,4 @@ warn_list: # Rules to skip entirely (e.g., for private or custom collections) skip_list: - - name[missing] \ No newline at end of file + - missing-import From 4447208b3426b201b01eb02314d9322eae8b1ba9 Mon Sep 17 00:00:00 2001 From: WadeStern Date: Mon, 14 Apr 2025 13:02:43 -0400 Subject: [PATCH 07/10] ansible lint --- .ansible-lint | 4 ---- .github/workflows/ansible-lint.yml | 7 ++++++- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index 5756aaa..4aa19b5 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -9,7 +9,3 @@ exclude_paths: warn_list: - yaml[line-length] - var-naming[no-role-prefix] - -# Rules to skip entirely (e.g., for private or custom collections) -skip_list: - - missing-import diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index 7d10c2e..bb0c84b 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -11,5 +11,10 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + - name: Run ansible-lint - uses: ansible/ansible-lint@main # or version tag instead of 'main' + uses: ansible/ansible-lint@main + with: + args: > + --skip-list missing-import + --exclude .github From 19f64f6a153d9a3b8cee24d47a6f07c1b253fc6f Mon Sep 17 00:00:00 2001 From: WadeStern Date: Tue, 15 Apr 2025 15:50:53 -0400 Subject: [PATCH 08/10] testing noqa --- .github/workflows/ansible-lint.yml | 5 ----- playbooks/rbac_settings.yml | 4 ++-- playbooks/stepdown_mongo_primary.yml | 6 +++--- 3 files changed, 5 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index bb0c84b..bfd724b 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -11,10 +11,5 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: Run ansible-lint uses: ansible/ansible-lint@main - with: - args: > - --skip-list missing-import - --exclude .github diff --git a/playbooks/rbac_settings.yml b/playbooks/rbac_settings.yml index 10e1b9e..4e91380 100644 --- a/playbooks/rbac_settings.yml +++ b/playbooks/rbac_settings.yml @@ -21,13 +21,13 @@ gather_facts: false connection: local tasks: - - name: Retrieve authorization accounts + - name: Retrieve authorization accounts # noqa syntax-check itential.platform.generic_request: method: GET endpoint: "/authorization/accounts" register: auth_accounts - - name: Retrieve available roles + - name: Retrieve available roles # noqa syntax-check itential.platform.generic_request: method: GET endpoint: "/authorization/roles" diff --git a/playbooks/stepdown_mongo_primary.yml b/playbooks/stepdown_mongo_primary.yml index b5ac8fb..3fdf5fd 100644 --- a/playbooks/stepdown_mongo_primary.yml +++ b/playbooks/stepdown_mongo_primary.yml @@ -24,9 +24,9 @@ eval: "db.adminCommand('hello').isWritablePrimary" register: hello_result - - name: Set is_old_primary_mongo fact + - name: Set primary_mongo fact ansible.builtin.set_fact: - is_old_primary_mongo: "{{ hello_result.transformed_output[0] | default(false) }}" + primary_mongo: "{{ hello_result.transformed_output[0] | default(false) }}" - name: Force MongoDB primary to step down community.mongodb.mongodb_stepdown: @@ -35,4 +35,4 @@ login_database: admin stepdown_seconds: 60 force: true - when: is_old_primary_mongo | bool + when: primary_mongo | bool From 455d91b8eb37d5c0b1b2d1665b8715b8d1f7e501 Mon Sep 17 00:00:00 2001 From: WadeStern Date: Fri, 18 Apr 2025 15:58:00 -0400 Subject: [PATCH 09/10] Removed unusable files --- .../toolkit/playbooks/rbac_settings.yml | 45 ++++++ playbooks/admin_all_roles.yml | 77 ---------- playbooks/app_adapter_version.yml | 135 ------------------ playbooks/create_adapter.yml | 70 --------- playbooks/mongo_dump.yml | 23 --- playbooks/switch_active_profile.yml | 28 ---- 6 files changed, 45 insertions(+), 333 deletions(-) create mode 100644 .ansible/collections/ansible_collections/itential/toolkit/playbooks/rbac_settings.yml delete mode 100644 playbooks/admin_all_roles.yml delete mode 100644 playbooks/app_adapter_version.yml delete mode 100644 playbooks/create_adapter.yml delete mode 100644 playbooks/mongo_dump.yml delete mode 100644 playbooks/switch_active_profile.yml diff --git a/.ansible/collections/ansible_collections/itential/toolkit/playbooks/rbac_settings.yml b/.ansible/collections/ansible_collections/itential/toolkit/playbooks/rbac_settings.yml new file mode 100644 index 0000000..10e1b9e --- /dev/null +++ b/.ansible/collections/ansible_collections/itential/toolkit/playbooks/rbac_settings.yml @@ -0,0 +1,45 @@ +# Copyright (c) 2024, Itential, Inc +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) +--- +# This playbook retrieves RBAC (Role-Based Access Control) settings for one or more users. +# It gathers authorization accounts and roles from the Itential Platform API, then processes +# the data to display the RBAC settings for the specified users. + +# The 'users' variable can be provided as: +# - A single username (string) +# - A list of usernames (list) + +# Example usage: +# Pass a single user: +# ansible-playbook -i hosts rbac_settings.yml -e users=admin + +# Pass multiple users: +# ansible-playbook -i hosts rbac_settings.yml -e "users=['admin','alex','sam'] + +- name: RBAC Settings + hosts: platform + gather_facts: false + connection: local + tasks: + - name: Retrieve authorization accounts + itential.platform.generic_request: + method: GET + endpoint: "/authorization/accounts" + register: auth_accounts + + - name: Retrieve available roles + itential.platform.generic_request: + method: GET + endpoint: "/authorization/roles" + register: roles_response + + - name: Process RBAC Data + itential.toolkit.platform_rbac_processing: + auth_accounts: "{{ auth_accounts.json.results }}" + roles_response: "{{ roles_response.json.results }}" + users: "{{ users }}" + register: rbac_results + + - name: Display the RBAC Settings for users + ansible.builtin.debug: + msg: "{{ rbac_results.formatted_message.split('\n') }}" diff --git a/playbooks/admin_all_roles.yml b/playbooks/admin_all_roles.yml deleted file mode 100644 index f550a8e..0000000 --- a/playbooks/admin_all_roles.yml +++ /dev/null @@ -1,77 +0,0 @@ ---- -- name: Give admin@pronghorn user all roles - hosts: platform[0] # Only run this playbook once on a single server - gather_facts: false - connection: local - tasks: - - - name: Determine IAP port and protocol - ansible.builtin.set_fact: - iap_port: "{{ iap_https | bool | ternary(iap_https_port, iap_http_port) }}" - iap_protocol: "{{ iap_https | bool | ternary('https', 'http') }}" - - - name: Login to IAP and get token - ansible.builtin.uri: - url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/login" - method: POST - body: '{"username": "{{ iap_username }}", "password": "{{ iap_password }}"}' - body_format: json - headers: - Content-Type: "application/json" - status_code: 200 - return_content: true - register: token - - - name: Extract token from login response - ansible.builtin.set_fact: - auth_token: "{{ token.content }}" - - - name: Get admin user id - ansible.builtin.uri: - url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/authorization/accounts?username={{ iap_username }}" - method: GET - return_content: true - headers: - Cookie: "token={{ auth_token }}" - register: response - - - name: Extract admin user id - ansible.builtin.set_fact: - admin_user_id: "{{ response.json.results[0]._id }}" - - - name: Get all role IDs - ansible.builtin.uri: - url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/authorization/roles?limit=2000" - method: GET - return_content: true - headers: - Cookie: "token={{ auth_token }}" - register: response - - - name: Extract role IDs into array - ansible.builtin.set_fact: - role_ids: "{{ response.json.results | map(attribute='_id') | list }}" - - - name: Transform array of strings to array of objects - ansible.builtin.set_fact: - output_array: "{{ role_ids | map('regex_replace', '^(.*)$', '{\"roleId\": \"\\1\"}') | map('from_json') | list }}" - - - name: Prepare PATCH request payload - ansible.builtin.set_fact: - patch_payload: | - { - "updates": { - "assignedRoles": {{ output_array }} - } - } - - - name: Update admin account roles - ansible.builtin.uri: - url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/authorization/accounts/{{ admin_user_id }}" - method: PATCH - body_format: json - body: "{{ patch_payload }}" - return_content: true - headers: - Cookie: "token={{ auth_token }}" - register: response_patch diff --git a/playbooks/app_adapter_version.yml b/playbooks/app_adapter_version.yml deleted file mode 100644 index 4b13d77..0000000 --- a/playbooks/app_adapter_version.yml +++ /dev/null @@ -1,135 +0,0 @@ -# Copyright (c) 2023, Itential, LLC -# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) ---- -# Example usage: -# ansible-playbook -i hosts app_adapter_version.yml - -- name: Adapter/App Version - hosts: platform - gather_facts: false - connection: local - vars_prompt: - - name: adapter_app_names - prompt: > - Provide names of Adapter/App, separated by comma. Press ENTER without - providing any names in order to get the versions of all adapters and - applications - private: false - - - name: iap_username - prompt: "IAP username" - private: false - - - name: iap_password - prompt: "IAP Password" - - tasks: - - name: Convert adapter_app_names to list - ansible.builtin.set_fact: - adapter_app_names_list: "{{ adapter_app_names.split(',') | map('trim') }}" - - - name: Login to IAP and get token - ansible.builtin.uri: - url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/login" - method: POST - body: '{"username": "{{ iap_username }}", "password": "{{ iap_password }}"}' - body_format: json - headers: - Content-Type: "application/json" - status_code: 200 - return_content: true - register: token - - - name: Extract token from login response - ansible.builtin.set_fact: - auth_token: "?token={{ token.content }}" - - - name: Get the list of Adapters - ansible.builtin.uri: - url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/health/adapters{{ auth_token }}" - method: GET - status_code: 200 - return_content: true - register: adapters_response - - - name: Extract the adapters response - ansible.builtin.set_fact: - adapters_response: "{{ adapters_response.content }}" - - - name: Extract the adapter information - ansible.builtin.set_fact: - adapters: "{{ adapters_response.results | selectattr(\"id\", \"in\", adapter_app_names_list) | default([]) }}" - when: adapter_app_names_list[0] != "" - - - name: Extract the adapter informations - ansible.builtin.set_fact: - adapters: "{{ adapters_response.results }}" - when: adapter_app_names_list[0] == "" - - - name: Get the list of Applications - ansible.builtin.uri: - url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/health/applications{{ auth_token }}" - method: GET - status_code: 200 - return_content: true - register: applications_response - - - name: Extract the application response - ansible.builtin.set_fact: - applications_response: "{{ applications_response.content }}" - - - name: Get the application information - ansible.builtin.set_fact: - applications: "{{ applications_response.results | selectattr(\"id\", \"in\", adapter_app_names_list) | default([]) }}" - when: adapter_app_names_list[0] != "" - - - name: Extract the adapter informations - ansible.builtin.set_fact: - applications: "{{ applications_response.results }}" - when: adapter_app_names_list[0] == "" - - - name: Grab adapter version - ansible.builtin.set_fact: - adapter_versions: | - The adapters with their versions are: - ========================================== - {% for item in adapters %} - {{ item.id }}: {{ item.version }} - {% endfor %} - - - name: Grab application version - ansible.builtin.set_fact: - application_versions: | - The applications with their versions are: - ============================================== - {% for item in applications %} - {{ item.id }}: {{ item.version }} - {% endfor %} - - - name: Grab the list of applications/adapters that are not found. - ansible.builtin.set_fact: - not_found: | - Following Adapters/Applications were not found: - ==================================================== - {% set adaptersList = adapters_response.results | map(attribute='id') %} - {% set applicationsList = applications_response.results | map(attribute='id') %} - {% for item in adapter_app_names_list %} - {% if item not in adaptersList and item not in applicationsList %} - {{ item }} - {% endif %} - {% endfor %} - - - name: Display the version of provided applications and adapters - ansible.builtin.debug: - msg: - - "{{ adapter_versions.split('\n') }}" - - "{{ application_versions.split('\n') }}" - - "{{ not_found.split('\n') }}" - when: adapter_app_names_list[0] != "" - - - name: Display the version of all applications and adapters - ansible.builtin.debug: - msg: - - "{{ adapter_versions.split('\n') }}" - - "{{ application_versions.split('\n') }}" - when: adapter_app_names_list[0] == "" diff --git a/playbooks/create_adapter.yml b/playbooks/create_adapter.yml deleted file mode 100644 index 4dedee1..0000000 --- a/playbooks/create_adapter.yml +++ /dev/null @@ -1,70 +0,0 @@ -# Copyright (c) 2023, Itential, LLC -# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) ---- -# Example usage: -# ansible-playbook -i hosts create_adapter.yml - -- name: Create Adapter - hosts: platform - gather_facts: false - connection: local - vars_prompt: - - name: adapter_properties_file - prompt: "Provide the file name of the adapter properties" - private: false - - - name: iap_username - prompt: "IAP username" - private: false - - - name: iap_password - prompt: "IAP Password" - - vars: - adapter_properties: "{{ lookup('file', adapter_properties_file) | from_json }}" - - tasks: - - name: Login to IAP and get token - ansible.builtin.uri: - url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/login" - method: POST - body: '{"username": "{{ iap_username }}", "password": "{{ iap_password }}"}' - body_format: json - headers: - Content-Type: "application/json" - status_code: 200 - return_content: true - register: token - - - name: Extract token from login response - ansible.builtin.set_fact: - auth_token: "?token={{ token.content }}" - - - name: Make an API call to create the adapter instance - ansible.builtin.uri: - url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/adapters{{ auth_token }}" - method: POST - body: "{{ adapter_properties }}" - body_format: json - headers: - Content-Type: "application/json" - status_code: [200, 400, 500] - return_content: true - register: response - - - name: Extract the response of an API call - ansible.builtin.set_fact: - creation_response: "{{ response.content }}" - - - name: Start the adapter - ansible.builtin.uri: - url: "{{ iap_protocol }}://{{ ansible_host }}:{{ iap_port }}/adapters/{{ creation_response.data.name }}/start{{ auth_token }}" - method: PUT - status_code: [200, 400, 500] - return_content: true - when: creation_response.status is defined and creation_response.status == "Created" - - - name: Display the response. - ansible.builtin.debug: - msg: - - "{{ creation_response }}" diff --git a/playbooks/mongo_dump.yml b/playbooks/mongo_dump.yml deleted file mode 100644 index 3b45cdb..0000000 --- a/playbooks/mongo_dump.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) 2023, Itential, LLC -# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) ---- -# Example usage: -# ansible-playbook -i hosts mongo_dump.yml -e "db=itential collection=workflows" -- name: Mongodump - hosts: mongodb - gather_facts: false - tasks: - - - name: Dump all collections - ansible.builtin.command: > - mongodump -u {{ mongo_username }} -d {{ db }} -p {{ mongo_password }} - --authenticationDatabase={{ mongo_auth_db }} - when: collection is undefined - changed_when: false - - - name: Dump single collection - ansible.builtin.command: > - mongodump -u {{ mongo_username }} -d {{ db }} -p {{ mongo_password }} - --authenticationDatabase={{ mongo_auth_db }} -c {{ collection }} - when: collection is defined - changed_when: false diff --git a/playbooks/switch_active_profile.yml b/playbooks/switch_active_profile.yml deleted file mode 100644 index 96aa24e..0000000 --- a/playbooks/switch_active_profile.yml +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright (c) 2023, Itential, LLC -# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) ---- -# Example usage: -# ansible-playbook -i switch_active_profile.yml - -- name: Switch Active Profile - hosts: platform - gather_facts: true - become: true - - tasks: - - name: Switch active Profile - itential.platform.generic_request: - method: PUT - endpoint: "/profiles/{{ id }}/active" - register: status_response - - - name: Display the response - ansible.builtin.debug: - msg: - - "{{ switch_profile_response.json }}" - - - name: Restart platform - ansible.builtin.include_role: - name: itential.toolkit.restart_platform - tasks_from: restart - when: switch_profile_response.status == 200 From 09dbf8b2db9cf0c3a477757a81af93da518f92d3 Mon Sep 17 00:00:00 2001 From: WadeStern Date: Fri, 18 Apr 2025 15:59:44 -0400 Subject: [PATCH 10/10] wrong rbac file --- .../toolkit/playbooks/rbac_settings.yml | 45 ------------------- playbooks/rbac_settings.yml | 4 +- 2 files changed, 2 insertions(+), 47 deletions(-) delete mode 100644 .ansible/collections/ansible_collections/itential/toolkit/playbooks/rbac_settings.yml diff --git a/.ansible/collections/ansible_collections/itential/toolkit/playbooks/rbac_settings.yml b/.ansible/collections/ansible_collections/itential/toolkit/playbooks/rbac_settings.yml deleted file mode 100644 index 10e1b9e..0000000 --- a/.ansible/collections/ansible_collections/itential/toolkit/playbooks/rbac_settings.yml +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright (c) 2024, Itential, Inc -# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) ---- -# This playbook retrieves RBAC (Role-Based Access Control) settings for one or more users. -# It gathers authorization accounts and roles from the Itential Platform API, then processes -# the data to display the RBAC settings for the specified users. - -# The 'users' variable can be provided as: -# - A single username (string) -# - A list of usernames (list) - -# Example usage: -# Pass a single user: -# ansible-playbook -i hosts rbac_settings.yml -e users=admin - -# Pass multiple users: -# ansible-playbook -i hosts rbac_settings.yml -e "users=['admin','alex','sam'] - -- name: RBAC Settings - hosts: platform - gather_facts: false - connection: local - tasks: - - name: Retrieve authorization accounts - itential.platform.generic_request: - method: GET - endpoint: "/authorization/accounts" - register: auth_accounts - - - name: Retrieve available roles - itential.platform.generic_request: - method: GET - endpoint: "/authorization/roles" - register: roles_response - - - name: Process RBAC Data - itential.toolkit.platform_rbac_processing: - auth_accounts: "{{ auth_accounts.json.results }}" - roles_response: "{{ roles_response.json.results }}" - users: "{{ users }}" - register: rbac_results - - - name: Display the RBAC Settings for users - ansible.builtin.debug: - msg: "{{ rbac_results.formatted_message.split('\n') }}" diff --git a/playbooks/rbac_settings.yml b/playbooks/rbac_settings.yml index 4e91380..10e1b9e 100644 --- a/playbooks/rbac_settings.yml +++ b/playbooks/rbac_settings.yml @@ -21,13 +21,13 @@ gather_facts: false connection: local tasks: - - name: Retrieve authorization accounts # noqa syntax-check + - name: Retrieve authorization accounts itential.platform.generic_request: method: GET endpoint: "/authorization/accounts" register: auth_accounts - - name: Retrieve available roles # noqa syntax-check + - name: Retrieve available roles itential.platform.generic_request: method: GET endpoint: "/authorization/roles"