From 30e9a21472db11b6947e3c6e7c30d8dd6e92aa3d Mon Sep 17 00:00:00 2001
From: Simon Dodsley <simon@purestorage.com>
Date: Tue, 30 Oct 2018 05:49:53 -0400
Subject: [PATCH] New Pure Storage FlashBlade module to create S3 users
 (#47452)

---
 .../storage/purestorage/purefb_s3user.py      | 197 ++++++++++++++++++
 1 file changed, 197 insertions(+)
 create mode 100644 lib/ansible/modules/storage/purestorage/purefb_s3user.py

diff --git a/lib/ansible/modules/storage/purestorage/purefb_s3user.py b/lib/ansible/modules/storage/purestorage/purefb_s3user.py
new file mode 100644
index 00000000000..ac272c35044
--- /dev/null
+++ b/lib/ansible/modules/storage/purestorage/purefb_s3user.py
@@ -0,0 +1,197 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2018, Simon Dodsley (simon@purestorage.com)
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+                    'status': ['preview'],
+                    'supported_by': 'community'}
+
+DOCUMENTATION = r'''
+---
+module: purefb_s3user
+version_added: '2.8'
+short_description: Create or delete FlashBlade Object Store account users
+description:
+- Create or delete object store account users on a Pure Stoage FlashBlade.
+author:
+- Simon Dodsley (@sdodsley)
+options:
+  state:
+    description:
+    - Create or delete object store account user
+    default: present
+    choices: [ absent, present ]
+  name:
+    description:
+    - The name of object store user
+  account:
+    description:
+    - The name of object store account associated with user
+  access_key:
+    description:
+    - Create secret access key.
+    - Key can be exposed using the I(debug) module
+    type: bool
+    default: true
+extends_documentation_fragment:
+- purestorage.fb
+'''
+
+EXAMPLES = r'''
+- name: Crrate object store user (with access ID and key) foo in account bar
+  purefb_s3user:
+    name: foo
+    account: bar
+    fb_url: 10.10.10.2
+    api_token: e31060a7-21fc-e277-6240-25983c6c4592
+
+  debug:
+    var: ansible_facts.fb_s3user
+
+- name: Delete object store user foo in account bar
+  purefb_s3user:
+    name: foo
+    account: bar
+    state: absent
+    fb_url: 10.10.10.2
+    api_token: e31060a7-21fc-e277-6240-25983c6c4592
+'''
+
+RETURN = r'''
+'''
+
+
+HAS_PURITY_FB = True
+try:
+    from purity_fb import ObjectStoreAccessKey
+except ImportError:
+    HAS_PURITY_FB = False
+
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.pure import get_blade, purefb_argument_spec
+
+
+MIN_REQUIRED_API_VERSION = '1.3'
+
+
+def get_s3acc(module, blade):
+    """Return Object Store Account or None"""
+    s3acc = None
+    accts = blade.object_store_accounts.list_object_store_accounts()
+    for acct in range(0, len(accts.items)):
+        if accts.items[acct].name == module.params['account']:
+            s3acc = accts.items[acct]
+    return s3acc
+
+
+def get_s3user(module, blade):
+    """Return Object Store Account or None"""
+    full_user = module.params['account'] + "/" + module.params['name']
+    s3user = None
+    s3users = blade.object_store_users.list_object_store_users()
+    for user in range(0, len(s3users.items)):
+        if s3users.items[user].name == full_user:
+            s3user = s3users.items[user]
+    return s3user
+
+
+def update_s3user(module, blade):
+    """Update Object Store User"""
+    changed = False
+    s3user_facts = {}
+    user = module.params['account'] + "/" + module.params['name']
+    if module.params['access_key']:
+        try:
+            result = blade.object_store_access_keys.create_object_store_access_keys(
+                object_store_access_key=ObjectStoreAccessKey(user={'name': user}))
+            s3user_facts['fb_s3user'] = {'user': user,
+                                         'access_key': result.items[0].secret_access_key,
+                                         'access_id': result.items[0].name}
+        except:
+            delete_s3user(module, blade)
+            module.fail_json(msg='Object Store User {0}: Creation failed'.format(user))
+    changed = True
+    module.exit_json(changed=changed, ansible_facts=s3user_facts)
+
+
+def create_s3user(module, blade):
+    """Create Object Store Account"""
+    s3user_facts = {}
+    changed = False
+    user = module.params['account'] + "/" + module.params['name']
+    try:
+        blade.object_store_users.create_object_store_users(names=[user])
+        if module.params['access_key']:
+            try:
+                result = blade.object_store_access_keys.create_object_store_access_keys(
+                    object_store_access_key=ObjectStoreAccessKey(user={'name': user}))
+                s3user_facts['fb_s3user'] = {'user': user,
+                                             'access_key': result.items[0].secret_access_key,
+                                             'access_id': result.items[0].name}
+            except:
+                delete_s3user(module, blade)
+                module.fail_json(msg='Object Store User {0}: Creation failed'.format(user))
+        changed = True
+    except:
+        module.fail_json(msg='Object Store User {0}: Creation failed'.format(user))
+    module.exit_json(changed=changed, ansible_facts=s3user_facts)
+
+
+def delete_s3user(module, blade):
+    """Delete Object Store Account"""
+    changed = False
+    user = module.params['account'] + "/" + module.params['name']
+    try:
+        blade.object_store_users.delete_object_store_users(names=[user])
+        changed = True
+    except:
+        module.fail_json(msg='Object Store Account {0}: Deletion failed'.format(module.params['name']))
+    module.exit_json(changed=changed)
+
+
+def main():
+    argument_spec = purefb_argument_spec()
+    argument_spec.update(dict(
+        name=dict(required=True, type='str'),
+        account=dict(required=True, type='str'),
+        access_key=dict(default='true', type='bool'),
+        state=dict(default='present', choices=['present', 'absent']),
+    ))
+
+    module = AnsibleModule(argument_spec,
+                           supports_check_mode=False)
+
+    if not HAS_PURITY_FB:
+        module.fail_json(msg='purity_fb sdk is required for this module')
+
+    state = module.params['state']
+    blade = get_blade(module)
+    versions = blade.api_version.list_versions().versions
+
+    if MIN_REQUIRED_API_VERSION not in versions:
+        module.fail_json(msg='FlashBlade REST version not supported. Minimum version required: {0}'.format(MIN_REQUIRED_API_VERSION))
+
+    s3acc = get_s3acc(module, blade)
+    if not s3acc:
+        module.fail_json(msg='Object Store Account {0} does not exist'.format(module.params['account']))
+
+    s3user = get_s3user(module, blade)
+
+    if state == 'absent' and s3user:
+        delete_s3user(module, blade)
+    elif state == 'present' and s3user:
+        update_s3user(module, blade)
+    elif not s3user and state == 'present':
+        create_s3user(module, blade)
+    else:
+        module.exit_json(changed=False)
+
+
+if __name__ == '__main__':
+    main()