ansible  2.9.27
About: Ansible is an IT Configuration Management, Deployment \
About: Ansible (2.x) is an IT Configuration Management, Deployment & Orchestration tool.
ansible download page.
  Fossies Dox: ansible-2.9.27.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

aci_aaa_user_certificate.py
Go to the documentation of this file.
1#!/usr/bin/python
2# -*- coding: utf-8 -*-
3
4# Copyright: (c) 2018, Dag Wieers (dagwieers) <dag@wieers.com>
5# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
6
7from __future__ import absolute_import, division, print_function
8__metaclass__ = type
9
10ANSIBLE_METADATA = {'metadata_version': '1.1',
11 'status': ['preview'],
12 'supported_by': 'certified'}
13
14DOCUMENTATION = r'''
15---
16module: aci_aaa_user_certificate
17short_description: Manage AAA user certificates (aaa:UserCert)
18description:
19- Manage AAA user certificates on Cisco ACI fabrics.
20version_added: '2.5'
21options:
22 aaa_user:
23 description:
24 - The name of the user to add a certificate to.
25 type: str
26 required: yes
27 aaa_user_type:
28 description:
29 - Whether this is a normal user or an appuser.
30 type: str
31 choices: [ appuser, user ]
32 default: user
33 certificate:
34 description:
35 - The PEM format public key extracted from the X.509 certificate.
36 type: str
37 aliases: [ cert_data, certificate_data ]
38 certificate_name:
39 description:
40 - The name of the user certificate entry in ACI.
41 type: str
42 aliases: [ cert_name ]
43 state:
44 description:
45 - Use C(present) or C(absent) for adding or removing.
46 - Use C(query) for listing an object or multiple objects.
47 type: str
48 choices: [ absent, present, query ]
49 default: present
50extends_documentation_fragment: aci
51notes:
52- The C(aaa_user) must exist before using this module in your playbook.
53 The M(aci_aaa_user) module can be used for this.
54seealso:
55- module: aci_aaa_user
56- name: APIC Management Information Model reference
57 description: More information about the internal APIC class B(aaa:UserCert).
58 link: https://developer.cisco.com/docs/apic-mim-ref/
59author:
60- Dag Wieers (@dagwieers)
61'''
62
63EXAMPLES = r'''
64- name: Add a certificate to user
65 aci_aaa_user_certificate:
66 host: apic
67 username: admin
68 password: SomeSecretPassword
69 aaa_user: admin
70 certificate_name: admin
71 certificate_data: '{{ lookup("file", "pki/admin.crt") }}'
72 state: present
73 delegate_to: localhost
74
75- name: Remove a certificate of a user
76 aci_aaa_user_certificate:
77 host: apic
78 username: admin
79 password: SomeSecretPassword
80 aaa_user: admin
81 certificate_name: admin
82 state: absent
83 delegate_to: localhost
84
85- name: Query a certificate of a user
86 aci_aaa_user_certificate:
87 host: apic
88 username: admin
89 password: SomeSecretPassword
90 aaa_user: admin
91 certificate_name: admin
92 state: query
93 delegate_to: localhost
94 register: query_result
95
96- name: Query all certificates of a user
97 aci_aaa_user_certificate:
98 host: apic
99 username: admin
100 password: SomeSecretPassword
101 aaa_user: admin
102 state: query
103 delegate_to: localhost
104 register: query_result
105'''
106
107RETURN = r'''
108current:
109 description: The existing configuration from the APIC after the module has finished
110 returned: success
111 type: list
112 sample:
113 [
114 {
115 "fvTenant": {
116 "attributes": {
117 "descr": "Production environment",
118 "dn": "uni/tn-production",
119 "name": "production",
120 "nameAlias": "",
121 "ownerKey": "",
122 "ownerTag": ""
123 }
124 }
125 }
126 ]
127error:
128 description: The error information as returned from the APIC
129 returned: failure
130 type: dict
131 sample:
132 {
133 "code": "122",
134 "text": "unknown managed object class foo"
135 }
136raw:
137 description: The raw output returned by the APIC REST API (xml or json)
138 returned: parse error
139 type: str
140 sample: '<?xml version="1.0" encoding="UTF-8"?><imdata totalCount="1"><error code="122" text="unknown managed object class foo"/></imdata>'
141sent:
142 description: The actual/minimal configuration pushed to the APIC
143 returned: info
144 type: list
145 sample:
146 {
147 "fvTenant": {
148 "attributes": {
149 "descr": "Production environment"
150 }
151 }
152 }
153previous:
154 description: The original configuration from the APIC before the module has started
155 returned: info
156 type: list
157 sample:
158 [
159 {
160 "fvTenant": {
161 "attributes": {
162 "descr": "Production",
163 "dn": "uni/tn-production",
164 "name": "production",
165 "nameAlias": "",
166 "ownerKey": "",
167 "ownerTag": ""
168 }
169 }
170 }
171 ]
172proposed:
173 description: The assembled configuration from the user-provided parameters
174 returned: info
175 type: dict
176 sample:
177 {
178 "fvTenant": {
179 "attributes": {
180 "descr": "Production environment",
181 "name": "production"
182 }
183 }
184 }
185filter_string:
186 description: The filter string used for the request
187 returned: failure or debug
188 type: str
189 sample: ?rsp-prop-include=config-only
190method:
191 description: The HTTP method used for the request to the APIC
192 returned: failure or debug
193 type: str
194 sample: POST
195response:
196 description: The HTTP response from the APIC
197 returned: failure or debug
198 type: str
199 sample: OK (30 bytes)
200status:
201 description: The HTTP status from the APIC
202 returned: failure or debug
203 type: int
204 sample: 200
205url:
206 description: The HTTP url used for the request to the APIC
207 returned: failure or debug
208 type: str
209 sample: https://10.11.12.13/api/mo/uni/tn-production.json
210'''
211
212from ansible.module_utils.basic import AnsibleModule
213from ansible.module_utils.network.aci.aci import ACIModule, aci_argument_spec
214
215ACI_MAPPING = dict(
216 appuser=dict(
217 aci_class='aaaAppUser',
218 aci_mo='userext/appuser-',
219 ),
220 user=dict(
221 aci_class='aaaUser',
222 aci_mo='userext/user-',
223 ),
224)
225
226
227def main():
228 argument_spec = aci_argument_spec()
229 argument_spec.update(
230 aaa_user=dict(type='str', required=True),
231 aaa_user_type=dict(type='str', default='user', choices=['appuser', 'user']),
232 certificate=dict(type='str', aliases=['cert_data', 'certificate_data']),
233 certificate_name=dict(type='str', aliases=['cert_name']), # Not required for querying all objects
234 state=dict(type='str', default='present', choices=['absent', 'present', 'query']),
235 )
236
237 module = AnsibleModule(
238 argument_spec=argument_spec,
239 supports_check_mode=True,
240 required_if=[
241 ['state', 'absent', ['aaa_user', 'certificate_name']],
242 ['state', 'present', ['aaa_user', 'certificate', 'certificate_name']],
243 ],
244 )
245
246 aaa_user = module.params['aaa_user']
247 aaa_user_type = module.params['aaa_user_type']
248 certificate = module.params['certificate']
249 certificate_name = module.params['certificate_name']
250 state = module.params['state']
251
252 aci = ACIModule(module)
253 aci.construct_url(
254 root_class=dict(
255 aci_class=ACI_MAPPING[aaa_user_type]['aci_class'],
256 aci_rn=ACI_MAPPING[aaa_user_type]['aci_mo'] + aaa_user,
257 module_object=aaa_user,
258 target_filter={'name': aaa_user},
259 ),
260 subclass_1=dict(
261 aci_class='aaaUserCert',
262 aci_rn='usercert-{0}'.format(certificate_name),
263 module_object=certificate_name,
264 target_filter={'name': certificate_name},
265 ),
266 )
267 aci.get_existing()
268
269 if state == 'present':
270 aci.payload(
271 aci_class='aaaUserCert',
272 class_config=dict(
273 data=certificate,
274 name=certificate_name,
275 ),
276 )
277
278 aci.get_diff(aci_class='aaaUserCert')
279
280 aci.post_config()
281
282 elif state == 'absent':
283 aci.delete_config()
284
285 aci.exit_json()
286
287
288if __name__ == "__main__":
289 main()