Update purefa_ds to support new directory services format (#52865)

* Update purefa_facts to collect admin accounts

* Update purefa_ds to support new Directory Services format
from Purity 5.2.0
pull/52779/head
Simon Dodsley 6 years ago committed by ansibot
parent 8062b9c0f3
commit 679e75189b

@ -69,12 +69,14 @@ options:
specify OU= for each OU and multiple OUs should be separated by commas. specify OU= for each OU and multiple OUs should be separated by commas.
The order of OUs is important and should get larger in scope from left The order of OUs is important and should get larger in scope from left
to right. Each OU should not exceed 64 characters in length. to right. Each OU should not exceed 64 characters in length.
- Not Supported from Purity 5.2.0 or higher. Use I(purefa_dsrole) module.
ro_group: ro_group:
description: description:
- Sets the common Name (CN) of the configured directory service group - Sets the common Name (CN) of the configured directory service group
containing users with read-only privileges on the FlashArray. This containing users with read-only privileges on the FlashArray. This
name should be just the Common Name of the group without the CN= name should be just the Common Name of the group without the CN=
specifier. Common Names should not exceed 64 characters in length. specifier. Common Names should not exceed 64 characters in length.
- Not Supported from Purity 5.2.0 or higher. Use I(purefa_dsrole) module.
sa_group: sa_group:
description: description:
- Sets the common Name (CN) of the configured directory service group - Sets the common Name (CN) of the configured directory service group
@ -82,24 +84,26 @@ options:
FlashArray. This name should be just the Common Name of the group FlashArray. This name should be just the Common Name of the group
without the CN= specifier. Common Names should not exceed 64 without the CN= specifier. Common Names should not exceed 64
characters in length. characters in length.
- Not Supported from Purity 5.2.0 or higher. Use I(purefa_dsrole) module.
aa_group: aa_group:
description: description:
- Sets the common Name (CN) of the directory service group containing - Sets the common Name (CN) of the directory service group containing
administrators with full privileges when managing the FlashArray. administrators with full privileges when managing the FlashArray.
The name should be just the Common Name of the group without the The name should be just the Common Name of the group without the
CN= specifier. Common Names should not exceed 64 characters in length. CN= specifier. Common Names should not exceed 64 characters in length.
- Not Supported from Purity 5.2.0 or higher. Use I(purefa_dsrole) module.
extends_documentation_fragment: extends_documentation_fragment:
- purestorage.fa - purestorage.fa
''' '''
EXAMPLES = r''' EXAMPLES = r'''
- name: Delete exisitng directory service - name: Delete existing directory service
purefa_ds: purefa_ds:
state: absent state: absent
fa_url: 10.10.10.2 fa_url: 10.10.10.2
api_token: e31060a7-21fc-e277-6240-25983c6c4592 api_token: e31060a7-21fc-e277-6240-25983c6c4592
- name: Create directory service (disabled) - name: Create directory service (disabled) - Pre-5.2.0
purefa_ds: purefa_ds:
uri: "ldap://lab.purestorage.com" uri: "ldap://lab.purestorage.com"
base_dn: "DC=lab,DC=purestorage,DC=com" base_dn: "DC=lab,DC=purestorage,DC=com"
@ -112,19 +116,28 @@ EXAMPLES = r'''
fa_url: 10.10.10.2 fa_url: 10.10.10.2
api_token: e31060a7-21fc-e277-6240-25983c6c4592 api_token: e31060a7-21fc-e277-6240-25983c6c4592
- name: Enable exisitng directory service - name: Create directory service (disabled) - 5.2.0 or higher
purefa_ds:
uri: "ldap://lab.purestorage.com"
base_dn: "DC=lab,DC=purestorage,DC=com"
bind_user: Administrator
bind_password: password
fa_url: 10.10.10.2
api_token: e31060a7-21fc-e277-6240-25983c6c4592
- name: Enable existing directory service
purefa_ds: purefa_ds:
enable: true enable: true
fa_url: 10.10.10.2 fa_url: 10.10.10.2
api_token: e31060a7-21fc-e277-6240-25983c6c4592 api_token: e31060a7-21fc-e277-6240-25983c6c4592
- name: Disable exisitng directory service - name: Disable existing directory service
purefa_ds: purefa_ds:
enable: false enable: false
fa_url: 10.10.10.2 fa_url: 10.10.10.2
api_token: e31060a7-21fc-e277-6240-25983c6c4592 api_token: e31060a7-21fc-e277-6240-25983c6c4592
- name: Create directory service (enabled) - name: Create directory service (enabled) - Pre-5.2.0
purefa_ds: purefa_ds:
enable: true enable: true
uri: "ldap://lab.purestorage.com" uri: "ldap://lab.purestorage.com"
@ -137,6 +150,16 @@ EXAMPLES = r'''
aa_group: PureAdmin aa_group: PureAdmin
fa_url: 10.10.10.2 fa_url: 10.10.10.2
api_token: e31060a7-21fc-e277-6240-25983c6c4592 api_token: e31060a7-21fc-e277-6240-25983c6c4592
- name: Create directory service (enabled) - 5.2.0 or higher
purefa_ds:
enable: true
uri: "ldap://lab.purestorage.com"
base_dn: "DC=lab,DC=purestorage,DC=com"
bind_user: Administrator
bind_password: password
fa_url: 10.10.10.2
api_token: e31060a7-21fc-e277-6240-25983c6c4592
''' '''
RETURN = r''' RETURN = r'''
@ -146,6 +169,9 @@ from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.pure import get_system, purefa_argument_spec from ansible.module_utils.pure import get_system, purefa_argument_spec
DS_ROLE_REQUIRED_API_VERSION = '1.16'
def update_ds(module, array): def update_ds(module, array):
"""Update Directory Service""" """Update Directory Service"""
changed = False changed = False
@ -179,17 +205,26 @@ def delete_ds(module, array):
"""Delete Directory Service""" """Delete Directory Service"""
changed = False changed = False
try: try:
api_version = array._list_available_rest_versions()
array.set_directory_service(enabled=False) array.set_directory_service(enabled=False)
array.set_directory_service(uri=[''], if DS_ROLE_REQUIRED_API_VERSION in api_version:
base_dn="", array.set_directory_service(uri=[''],
group_base="", base_dn="",
bind_user="", bind_user="",
bind_password="", bind_password="",
readonly_group="", certificate="")
storage_admin_group="", changed = True
array_admin_group="", else:
certificate="") array.set_directory_service(uri=[''],
changed = True base_dn="",
group_base="",
bind_user="",
bind_password="",
readonly_group="",
storage_admin_group="",
array_admin_group="",
certificate="")
changed = True
except Exception: except Exception:
module.fail_json(msg='Delete Directory Service failed') module.fail_json(msg='Delete Directory Service failed')
module.exit_json(changed=changed) module.exit_json(changed=changed)
@ -198,25 +233,39 @@ def delete_ds(module, array):
def create_ds(module, array): def create_ds(module, array):
"""Create Directory Service""" """Create Directory Service"""
changed = False changed = False
groups_rule = [not module.params['ro_group'], api_version = array._list_available_rest_versions()
not module.params['sa_group'], if DS_ROLE_REQUIRED_API_VERSION in api_version:
not module.params['aa_group']] if not module.params['role']:
module.fail_json(msg='At least one role must be configured')
try:
array.set_directory_service(uri=module.params['uri'],
base_dn=module.params['base_dn'],
bind_user=module.params['bind_user'],
bind_password=module.params['bind_password'])
array.set_directory_service(enabled=module.params['enable'])
changed = True
except Exception:
module.fail_json(msg='Create Directory Service failed: Check configuration')
else:
groups_rule = [not module.params['ro_group'],
not module.params['sa_group'],
not module.params['aa_group']]
if all(groups_rule): if all(groups_rule):
module.fail_json(msg='At least one group must be configured') module.fail_json(msg='At least one group must be configured')
try: try:
array.set_directory_service(uri=module.params['uri'], array.set_directory_service(uri=module.params['uri'],
base_dn=module.params['base_dn'], base_dn=module.params['base_dn'],
group_base=module.params['group_base'], group_base=module.params['group_base'],
bind_user=module.params['bind_user'], bind_user=module.params['bind_user'],
bind_password=module.params['bind_password'], bind_password=module.params['bind_password'],
readonly_group=module.params['ro_group'], readonly_group=module.params['ro_group'],
storage_admin_group=module.params['sa_group'], storage_admin_group=module.params['sa_group'],
array_admin_group=module.params['aa_group']) array_admin_group=module.params['aa_group'])
array.set_directory_service(enabled=module.params['enable']) array.set_directory_service(enabled=module.params['enable'])
changed = True changed = True
except Exception: except Exception:
module.fail_json(msg='Create Directory Service failed: Check configuration') module.fail_json(msg='Create Directory Service failed: Check configuration')
module.exit_json(changed=changed) module.exit_json(changed=changed)

Loading…
Cancel
Save