From 9be6cc1ffbc3d733363a7e61dc7f2a4a9b198589 Mon Sep 17 00:00:00 2001 From: rsuplina Date: Fri, 6 Sep 2024 11:01:51 +0100 Subject: [PATCH] Add IAM role info module Signed-off-by: rsuplina --- plugins/modules/iam_role_info.py | 120 ++++++++++++++++++ .../iam_role_info/test_iam_role_info.py | 47 +++++++ 2 files changed, 167 insertions(+) create mode 100644 plugins/modules/iam_role_info.py create mode 100644 tests/unit/plugins/modules/iam_role_info/test_iam_role_info.py diff --git a/plugins/modules/iam_role_info.py b/plugins/modules/iam_role_info.py new file mode 100644 index 0000000..1e0a714 --- /dev/null +++ b/plugins/modules/iam_role_info.py @@ -0,0 +1,120 @@ +# Copyright 2024 Cloudera, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.cloudera.cloud.plugins.module_utils.cdp_common import CdpModule + +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} + +DOCUMENTATION = r""" +--- +module: iam_role_info +short_description: Gather information about CDP Public IAM roles +description: + - Gathers information about CDP Public IAM role or roles +author: + - "Ronald Suplina (@rsuplina)" +options: + name: + description: + - A list of Role CRNs or a single role's CRN. + - If no CRNs are provided, all Roles are returned. + type: list + elements: str + required: False + aliases: + - crn +""" + +EXAMPLES = r""" +# Note: These examples do not set authentication details. + +- name: Retrieve the details about all roles + cloudera.cloud.iam_role_info: + +- name: Gather information about a specific role + cloudera.cloud.iam_role_info: + name: crn:iam:us-east-1:cm:role:ClassicClustersCreator + +- name: Gather information about specific roles + cloudera.cloud.iam_role_info: + name: + - crn:iam:us-east-1:cm:role:ClassicClustersCreator + - crn:iam:us-east-1:cm:role:DFCatalogAdmin +""" + +RETURN = r""" +roles: + description: Retrieve details about selected IAM Role or Roles + type: list + returned: always + elements: dict + contains: + crn: + description: The CRN of the IAM role. + returned: always + type: str + policies: + description: List of policy rights assigned to the role. + returned: always + type: list + elements: dict +""" + + +class IAMRoleInfo(CdpModule): + def __init__(self, module): + super(IAMRoleInfo, self).__init__(module) + + # Set Variables + self.name = self._get_param("name") + + # Initialize the return values + self.role_info = [] + + # Execute logic process + self.process() + + @CdpModule._Decorators.process_debug + def process(self): + self.role_info = self.cdpy.iam.list_roles(self.name) + + +def main(): + module = AnsibleModule( + argument_spec=CdpModule.argument_spec( + name=dict(required=False, type="list", elements="str", aliases=["crn"]) + ), + supports_check_mode=True, + ) + + result = IAMRoleInfo(module) + + output = dict( + changed=False, + roles=result.role_info, + ) + + if result.debug: + output.update(sdk_out=result.log_out, sdk_out_lines=result.log_lines) + + module.exit_json(**output) + + +if __name__ == "__main__": + main() diff --git a/tests/unit/plugins/modules/iam_role_info/test_iam_role_info.py b/tests/unit/plugins/modules/iam_role_info/test_iam_role_info.py new file mode 100644 index 0000000..4d3833a --- /dev/null +++ b/tests/unit/plugins/modules/iam_role_info/test_iam_role_info.py @@ -0,0 +1,47 @@ +# Copyright 2024 Cloudera, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +import pytest +from plugins.modules import iam_role_info + +from ansible_collections.cloudera.cloud.tests.unit.plugins.modules.utils import ( + AnsibleExitJson, + setup_module_args, +) + +def test_get_single_role_details(): + setup_module_args({ + "name": "crn:iam:us-west-1:role:ClassicClustersCreator" + }) + + with pytest.raises(AnsibleExitJson) as e: + iam_role_info.main() + +def test_get_multiple_role_details(): + setup_module_args({ + "name": ["crn:iam:us-west-1:role:ClassicClustersCreator","crn:iam:us-west-1:role:EnvironmentCreator"] + }) + + with pytest.raises(AnsibleExitJson) as e: + iam_role_info.main() + +def test_get_all_role_details(): + setup_module_args({}) + + with pytest.raises(AnsibleExitJson) as e: + iam_role_info.main()