"Fossies" - the Fresh Open Source Software Archive

Member "ansible-2.9.27/lib/ansible/modules/network/aci/aci_aaa_user_certificate.py" (11 Oct 2021, 7876 Bytes) of package /linux/misc/ansible-2.9.27.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. For more information about "aci_aaa_user_certificate.py" see the Fossies "Dox" file reference documentation and the last Fossies "Diffs" side-by-side code changes report: 2.9.24_vs_4.3.0.

    1 #!/usr/bin/python
    2 # -*- coding: utf-8 -*-
    3 
    4 # Copyright: (c) 2018, Dag Wieers (dagwieers) <dag@wieers.com>
    5 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
    6 
    7 from __future__ import absolute_import, division, print_function
    8 __metaclass__ = type
    9 
   10 ANSIBLE_METADATA = {'metadata_version': '1.1',
   11                     'status': ['preview'],
   12                     'supported_by': 'certified'}
   13 
   14 DOCUMENTATION = r'''
   15 ---
   16 module: aci_aaa_user_certificate
   17 short_description: Manage AAA user certificates (aaa:UserCert)
   18 description:
   19 - Manage AAA user certificates on Cisco ACI fabrics.
   20 version_added: '2.5'
   21 options:
   22   aaa_user:
   23     description:
   24     - The name of the user to add a certificate to.
   25     type: str
   26     required: yes
   27   aaa_user_type:
   28     description:
   29     - Whether this is a normal user or an appuser.
   30     type: str
   31     choices: [ appuser, user ]
   32     default: user
   33   certificate:
   34     description:
   35     - The PEM format public key extracted from the X.509 certificate.
   36     type: str
   37     aliases: [ cert_data, certificate_data ]
   38   certificate_name:
   39     description:
   40     - The name of the user certificate entry in ACI.
   41     type: str
   42     aliases: [ cert_name ]
   43   state:
   44     description:
   45     - Use C(present) or C(absent) for adding or removing.
   46     - Use C(query) for listing an object or multiple objects.
   47     type: str
   48     choices: [ absent, present, query ]
   49     default: present
   50 extends_documentation_fragment: aci
   51 notes:
   52 - The C(aaa_user) must exist before using this module in your playbook.
   53   The M(aci_aaa_user) module can be used for this.
   54 seealso:
   55 - module: aci_aaa_user
   56 - name: APIC Management Information Model reference
   57   description: More information about the internal APIC class B(aaa:UserCert).
   58   link: https://developer.cisco.com/docs/apic-mim-ref/
   59 author:
   60 - Dag Wieers (@dagwieers)
   61 '''
   62 
   63 EXAMPLES = r'''
   64 - name: Add a certificate to user
   65   aci_aaa_user_certificate:
   66     host: apic
   67     username: admin
   68     password: SomeSecretPassword
   69     aaa_user: admin
   70     certificate_name: admin
   71     certificate_data: '{{ lookup("file", "pki/admin.crt") }}'
   72     state: present
   73   delegate_to: localhost
   74 
   75 - name: Remove a certificate of a user
   76   aci_aaa_user_certificate:
   77     host: apic
   78     username: admin
   79     password: SomeSecretPassword
   80     aaa_user: admin
   81     certificate_name: admin
   82     state: absent
   83   delegate_to: localhost
   84 
   85 - name: Query a certificate of a user
   86   aci_aaa_user_certificate:
   87     host: apic
   88     username: admin
   89     password: SomeSecretPassword
   90     aaa_user: admin
   91     certificate_name: admin
   92     state: query
   93   delegate_to: localhost
   94   register: query_result
   95 
   96 - name: Query all certificates of a user
   97   aci_aaa_user_certificate:
   98     host: apic
   99     username: admin
  100     password: SomeSecretPassword
  101     aaa_user: admin
  102     state: query
  103   delegate_to: localhost
  104   register: query_result
  105 '''
  106 
  107 RETURN = r'''
  108 current:
  109   description: The existing configuration from the APIC after the module has finished
  110   returned: success
  111   type: list
  112   sample:
  113     [
  114         {
  115             "fvTenant": {
  116                 "attributes": {
  117                     "descr": "Production environment",
  118                     "dn": "uni/tn-production",
  119                     "name": "production",
  120                     "nameAlias": "",
  121                     "ownerKey": "",
  122                     "ownerTag": ""
  123                 }
  124             }
  125         }
  126     ]
  127 error:
  128   description: The error information as returned from the APIC
  129   returned: failure
  130   type: dict
  131   sample:
  132     {
  133         "code": "122",
  134         "text": "unknown managed object class foo"
  135     }
  136 raw:
  137   description: The raw output returned by the APIC REST API (xml or json)
  138   returned: parse error
  139   type: str
  140   sample: '<?xml version="1.0" encoding="UTF-8"?><imdata totalCount="1"><error code="122" text="unknown managed object class foo"/></imdata>'
  141 sent:
  142   description: The actual/minimal configuration pushed to the APIC
  143   returned: info
  144   type: list
  145   sample:
  146     {
  147         "fvTenant": {
  148             "attributes": {
  149                 "descr": "Production environment"
  150             }
  151         }
  152     }
  153 previous:
  154   description: The original configuration from the APIC before the module has started
  155   returned: info
  156   type: list
  157   sample:
  158     [
  159         {
  160             "fvTenant": {
  161                 "attributes": {
  162                     "descr": "Production",
  163                     "dn": "uni/tn-production",
  164                     "name": "production",
  165                     "nameAlias": "",
  166                     "ownerKey": "",
  167                     "ownerTag": ""
  168                 }
  169             }
  170         }
  171     ]
  172 proposed:
  173   description: The assembled configuration from the user-provided parameters
  174   returned: info
  175   type: dict
  176   sample:
  177     {
  178         "fvTenant": {
  179             "attributes": {
  180                 "descr": "Production environment",
  181                 "name": "production"
  182             }
  183         }
  184     }
  185 filter_string:
  186   description: The filter string used for the request
  187   returned: failure or debug
  188   type: str
  189   sample: ?rsp-prop-include=config-only
  190 method:
  191   description: The HTTP method used for the request to the APIC
  192   returned: failure or debug
  193   type: str
  194   sample: POST
  195 response:
  196   description: The HTTP response from the APIC
  197   returned: failure or debug
  198   type: str
  199   sample: OK (30 bytes)
  200 status:
  201   description: The HTTP status from the APIC
  202   returned: failure or debug
  203   type: int
  204   sample: 200
  205 url:
  206   description: The HTTP url used for the request to the APIC
  207   returned: failure or debug
  208   type: str
  209   sample: https://10.11.12.13/api/mo/uni/tn-production.json
  210 '''
  211 
  212 from ansible.module_utils.basic import AnsibleModule
  213 from ansible.module_utils.network.aci.aci import ACIModule, aci_argument_spec
  214 
  215 ACI_MAPPING = dict(
  216     appuser=dict(
  217         aci_class='aaaAppUser',
  218         aci_mo='userext/appuser-',
  219     ),
  220     user=dict(
  221         aci_class='aaaUser',
  222         aci_mo='userext/user-',
  223     ),
  224 )
  225 
  226 
  227 def main():
  228     argument_spec = aci_argument_spec()
  229     argument_spec.update(
  230         aaa_user=dict(type='str', required=True),
  231         aaa_user_type=dict(type='str', default='user', choices=['appuser', 'user']),
  232         certificate=dict(type='str', aliases=['cert_data', 'certificate_data']),
  233         certificate_name=dict(type='str', aliases=['cert_name']),  # Not required for querying all objects
  234         state=dict(type='str', default='present', choices=['absent', 'present', 'query']),
  235     )
  236 
  237     module = AnsibleModule(
  238         argument_spec=argument_spec,
  239         supports_check_mode=True,
  240         required_if=[
  241             ['state', 'absent', ['aaa_user', 'certificate_name']],
  242             ['state', 'present', ['aaa_user', 'certificate', 'certificate_name']],
  243         ],
  244     )
  245 
  246     aaa_user = module.params['aaa_user']
  247     aaa_user_type = module.params['aaa_user_type']
  248     certificate = module.params['certificate']
  249     certificate_name = module.params['certificate_name']
  250     state = module.params['state']
  251 
  252     aci = ACIModule(module)
  253     aci.construct_url(
  254         root_class=dict(
  255             aci_class=ACI_MAPPING[aaa_user_type]['aci_class'],
  256             aci_rn=ACI_MAPPING[aaa_user_type]['aci_mo'] + aaa_user,
  257             module_object=aaa_user,
  258             target_filter={'name': aaa_user},
  259         ),
  260         subclass_1=dict(
  261             aci_class='aaaUserCert',
  262             aci_rn='usercert-{0}'.format(certificate_name),
  263             module_object=certificate_name,
  264             target_filter={'name': certificate_name},
  265         ),
  266     )
  267     aci.get_existing()
  268 
  269     if state == 'present':
  270         aci.payload(
  271             aci_class='aaaUserCert',
  272             class_config=dict(
  273                 data=certificate,
  274                 name=certificate_name,
  275             ),
  276         )
  277 
  278         aci.get_diff(aci_class='aaaUserCert')
  279 
  280         aci.post_config()
  281 
  282     elif state == 'absent':
  283         aci.delete_config()
  284 
  285     aci.exit_json()
  286 
  287 
  288 if __name__ == "__main__":
  289     main()