From e482467a473448c73ca34605275fca489cfee7f3 Mon Sep 17 00:00:00 2001 From: "jasonpage.tas" Date: Wed, 14 Aug 2024 16:39:27 +1000 Subject: [PATCH] feat(playbook): Add playbook for teams creation and permissions #17 --- playbooks/teams.yaml | 293 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 293 insertions(+) create mode 100644 playbooks/teams.yaml diff --git a/playbooks/teams.yaml b/playbooks/teams.yaml new file mode 100644 index 0000000..17d05c8 --- /dev/null +++ b/playbooks/teams.yaml @@ -0,0 +1,293 @@ +- name: Centurion ERP Teams Setup + hosts: |- + {%- if nfc_pb_host is defined -%} + {{ nfc_pb_host }} + {%- else -%} + all + {%- endif %} + become: false + gather_facts: false + connection: local # Play uses HTTP requests ONLY! + + + tasks: + + + - name: Confirm required vars exist + ansible.builtin.assert: + that: + - centurion_erp.teams is defined + - | + centurion_erp.teams is not mapping + and + centurion_erp.teams is iterable + and + centurion_erp.teams is not string + + msg: "Missing required variable or it's of the incorrect type[list]" + run_once: true + delegate_to: localhost + + + - name: Collect organizations from centurion ERP + ansible.builtin.uri: + url: |- + {{ lookup('env', 'CENTURION_API') }}/api/organization/ + method: GET + body_format: json + headers: + authorization: Token {{ lookup('env', 'CENTURION_TOKEN') }} + validate_certs: "{{ lookup('env', 'VALIDATE_CENTURION_CERTS') | default(true) | bool }}" + return_content: true + status_code: + - 200 + register: api_get_organizations + run_once: true + delegate_to: localhost + no_log: > # Contains a secret that logging shows + {{ nfc_pb_disable_log | default(true) }} + + + - name: Collect teams from centurion ERP + ansible.builtin.uri: + url: "{{ item }}" + method: GET + body_format: json + headers: + authorization: Token {{ lookup('env', 'CENTURION_TOKEN') }} + validate_certs: "{{ lookup('env', 'VALIDATE_CENTURION_CERTS') | default(true) | bool }}" + return_content: true + status_code: + - 200 + loop: "{{ api_get_organizations.json.results | map(attribute='url') | list }}" + register: api_get_permissions + run_once: true + delegate_to: localhost + no_log: > # Contains a secret that logging shows + {{ nfc_pb_disable_log | default(true) }} + + + - name: Create list of Teams + ansible.builtin.set_fact: + team_permissions: | + [ + {% for config_organisation in centurion_erp.teams %} + + {% set ns = namespace(added_teams = []) %} + + {% for config_team in config_organisation.teams %} + + {% for organization in api_get_permissions.results %} + + {% if organization.json.name == config_organisation.name %} + + {% for team in organization.json.teams %} + + {% if team.team_name == config_team.name %} + + { + "organization_id": "{{ organization.json.id }}", + "team_name": "{{ team.team_name }}", + "url": "{{ team.url }}", + "notes": "{{ config_team.notes }}", + "permissions": + {{ config_team.permissions }} + }, + + {% set ns.added_teams = ns.added_teams + [ config_team.name ] %} + + {% endif %} + + {% endfor %} + + {% endif %} + + {% endfor %} + + {% if config_team.name not in ns.added_teams %} + { + "organization_id": + {% for organization in api_get_permissions.results %} + {% if organization.json.name == config_organisation.name %} + "{{ organization.json.id }}", + {% endif %} + {% endfor %} + "team_name": "{{ config_team.name }}", + "notes": "{{ config_team.notes }}", + "permissions": + {{ config_team.permissions }} + }, + {% set ns.added_teams = ns.added_teams + [ config_team.name ] %} + + {% endif %} + + {% endfor %} + + {% endfor %} + ] + delegate_to: localhost + run_once: true + no_log: > # Contains a secret that logging shows + {{ nfc_pb_disable_log | default(true) }} + + + - name: Create new teams in centurion_ERP + ansible.builtin.uri: + url: |- + {{ lookup('env', 'CENTURION_API') }}/api/organization/{{ item.organization_id }}/team + method: POST + body_format: json + body: |- + { + "team_name": "{{ item.team_name }}" + } + headers: + Authorization: Token {{ lookup('env', 'CENTURION_TOKEN') }} + validate_certs: "{{ lookup('env', 'VALIDATE_CENTURION_CERTS') | default(true) | bool }}" + status_code: + - 201 + when: > + item.url is not defined + loop: "{{ team_permissions | list }}" + register: api_post_teams + delegate_to: localhost + run_once: true + no_log: > # Contains a secret that logging shows + {{ nfc_pb_disable_log | default(true) }} + + + - name: update permissions to include newly created teams + ansible.builtin.set_fact: + team_permissions: | + [ + {% for team in team_permissions %} + + { + "organization_id": "{{ team.organization_id }}", + "team_name": "{{ team.team_name }}", + "notes": "{{ team.notes }}", + "permissions": + {{ team.permissions }}, + "url": + {% if team.url is defined %} + "{{ team.url }}", + + {% elif team.url is not defined %} + + {% for api_values in api_post_teams.results %} + + {% if api_values.item.organization_id == team.organization_id %} + + {% if api_values.json.team_name == team.team_name %} + + "{{ api_values.json.url }}", + + {% endif %} + + {% endif %} + + {% endfor %} + + {% endif %} + }, + + {% endfor %} + ] + delegate_to: localhost + run_once: true + no_log: > # Contains a secret that logging shows + {{ nfc_pb_disable_log | default(true) }} + + + - name: Patch team permissions + ansible.builtin.uri: + url: |- + {{ item.url }}permissions + method: PATCH + body_format: json + body: "{{ item.permissions }}" + headers: + Authorization: Token {{ lookup('env', 'CENTURION_TOKEN') }} + validate_certs: "{{ lookup('env', 'VALIDATE_CENTURION_CERTS') | default(true) | bool }}" + status_code: + - 200 + when: > + item.url is defined + loop: "{{ team_permissions | list }}" + delegate_to: localhost + run_once: true + no_log: > # Contains a secret that logging shows + {{ nfc_pb_disable_log | default(true) }} + + + - name: Patch team notes + ansible.builtin.uri: + url: |- + {{ item.url }} + method: PATCH + body_format: json + body: |- + { + "model_notes": "{{ item.notes }}" + } + headers: + Authorization: Token {{ lookup('env', 'CENTURION_TOKEN') }} + validate_certs: "{{ lookup('env', 'VALIDATE_CENTURION_CERTS') | default(true) | bool }}" + status_code: + - 200 + when: > + item.url is defined + loop: "{{ team_permissions | list }}" + delegate_to: localhost + run_once: true + no_log: > # Contains a secret that logging shows + {{ nfc_pb_disable_log | default(true) }} + + + vars: + + nfc_pb_awx_tower_template: + + - name: "Centurion/access/teams" + ask_tags_on_launch: false + ask_inventory_on_launch: true + ask_credential_on_launch: true + ask_limit_on_launch: true + concurrent_jobs_enabled: true + description: Creation and patching of teams and permissions + execution_environment: "No Fuss Computing EE" + job_type: "run" + # job_tags: complete + labels: + - centurion_erp + - itsm + - itam + - access + - permissions + - teams + use_fact_cache: true + credential_types: + - name: 'Playbook/teams/centurion' + description: | + Credentials for authentication to centurion_erp + inputs: | + fields: + - id: centurion_url + type: string + label: centurion url + help_text: Ensure that `https://` is prefixed to url + - id: centurion_token + type: string + label: api token + secret: true + - id: centurion_validate_certs + type: boolean + label: Validate SSL Certificate + required: + - itsm_api + - itsm_token + injectors: > + env: + CENTURION_API: '{{ centurion_url }}' + CENTURION_TOKEN: '{{ centurion_token }}' + CENTURION_VALIDATE_CERTS: '{{ centurion_validate_certs | default(true) }}' \ No newline at end of file