├── plugins ├── modules │ ├── __init__.py │ ├── project_sync.py │ ├── user_token.py │ ├── decision_environment.py │ ├── project.py │ ├── credential.py │ ├── user.py │ └── rulebook_activation.py ├── doc_fragments │ ├── auth_plugin.py │ └── auth.py └── lookup │ └── eda_api.py ├── changelogs ├── fragments │ ├── .gitkeep │ ├── bugfix.yml │ └── project-api.yml ├── config.yaml ├── changelog.yaml └── .plugin-cache.yaml ├── CODEOWNERS ├── meta └── runtime.yml ├── .flake8 ├── tests ├── collections │ └── requirements.yml └── playbooks │ ├── eda_configs │ ├── eda_user_tokens.yml │ ├── eda_auth.yml │ ├── eda_credentials.yml │ ├── eda_decision_environments.yml │ ├── eda_users.yml │ ├── eda_projects.yml │ └── eda_rulebook_activations.yml │ └── testing_collections_playbook.yml ├── roles ├── user_token │ ├── tests │ │ ├── vars │ │ │ └── user_tokens.yml │ │ └── test.yml │ ├── defaults │ │ └── main.yml │ ├── meta │ │ ├── main.yml │ │ └── argument_specs.yml │ ├── tasks │ │ └── main.yml │ └── README.md ├── dispatch │ ├── tests │ │ ├── configs │ │ │ ├── projects.yml │ │ │ └── credentials.yml │ │ └── test.yml │ ├── defaults │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ ├── meta │ │ ├── main.yml │ │ └── argument_specs.yml │ └── README.md ├── project │ ├── tests │ │ ├── vars │ │ │ └── projects.yml │ │ └── test.yml │ ├── defaults │ │ └── main.yml │ ├── meta │ │ ├── main.yml │ │ └── argument_specs.yml │ ├── tasks │ │ └── main.yml │ └── README.md ├── decision_environment │ ├── tests │ │ ├── vars │ │ │ └── decision_environments.yml │ │ └── test.yml │ ├── defaults │ │ └── main.yml │ ├── meta │ │ ├── main.yml │ │ └── argument_specs.yml │ ├── tasks │ │ └── main.yml │ └── README.md ├── user │ ├── tests │ │ ├── vars │ │ │ └── users.yml │ │ └── test.yml │ ├── defaults │ │ └── main.yml │ ├── meta │ │ ├── main.yml │ │ └── argument_specs.yml │ ├── tasks │ │ └── main.yml │ └── README.md ├── project_sync │ ├── tests │ │ ├── vars │ │ │ └── projects.yml │ │ └── test.yml │ ├── defaults │ │ └── main.yml │ ├── meta │ │ ├── main.yml │ │ └── argument_specs.yml │ ├── tasks │ │ └── main.yml │ └── README.md ├── credential │ ├── defaults │ │ └── main.yml │ ├── tests │ │ ├── vars │ │ │ └── credentials.yml │ │ └── test.yml │ ├── meta │ │ ├── main.yml │ │ └── argument_specs.yml │ ├── tasks │ │ └── main.yml │ └── README.md └── rulebook_activation │ ├── defaults │ └── main.yml │ ├── tests │ ├── vars │ │ └── rulebook_activations.yml │ └── test.yml │ ├── meta │ ├── main.yml │ └── argument_specs.yml │ ├── tasks │ └── main.yml │ └── README.md ├── .github ├── CODE_OF_CONDUCT.md ├── files │ ├── ansible.cfg │ └── galaxy.yml.j2 ├── workflows │ ├── issue-close-inactive.yml │ ├── update_pre_commit.yml │ ├── issue-find-inactive.yml │ ├── ci_standalone.yml │ ├── pre-commit.yml │ ├── issue-remove-inactive.yml │ ├── release.yml │ ├── issue-labeled.yml │ └── ci_standalone_versioned.yml ├── ISSUE_TEMPLATE │ ├── feature_request.md │ ├── config.yml │ └── bug_report.md ├── PULL_REQUEST_TEMPLATE.md └── CONTRIBUTING.md ├── .gitignore ├── .mlc_config.json ├── .markdownlint.yml ├── galaxy.yml ├── STANDARDS.md ├── .pre-commit-config.yaml ├── .ansible-lint ├── CHANGELOG.rst ├── .yamllint.yml └── README.md /plugins/modules/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /changelogs/fragments/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | @redhat-cop/automation-cop-tower-mgrs 2 | -------------------------------------------------------------------------------- /meta/runtime.yml: -------------------------------------------------------------------------------- 1 | --- 2 | requires_ansible: '>=2.15.0' 3 | ... 4 | -------------------------------------------------------------------------------- /.flake8: -------------------------------------------------------------------------------- 1 | [flake8] 2 | max-line-length=160 3 | ignore=E402 4 | extend-ignore = E203, W503 5 | -------------------------------------------------------------------------------- /tests/collections/requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | collections: 3 | - name: infra.eda_configuration 4 | ... 5 | -------------------------------------------------------------------------------- /changelogs/fragments/bugfix.yml: -------------------------------------------------------------------------------- 1 | --- 2 | bugfixes: 3 | - fixed a bug where resolve_name_to_id data was not defined 4 | ... 5 | -------------------------------------------------------------------------------- /changelogs/fragments/project-api.yml: -------------------------------------------------------------------------------- 1 | --- 2 | minor_changes: 3 | - Adds tls_validation option to project module and role 4 | ... 5 | -------------------------------------------------------------------------------- /roles/user_token/tests/vars/user_tokens.yml: -------------------------------------------------------------------------------- 1 | --- 2 | eda_user_tokens: 3 | - name: my_user_token 4 | description: my awesome token 5 | token: ABCDEF 6 | ... 7 | -------------------------------------------------------------------------------- /.github/CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Community Code of Conduct 2 | 3 | Please see the [Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html). 4 | -------------------------------------------------------------------------------- /tests/playbooks/eda_configs/eda_user_tokens.yml: -------------------------------------------------------------------------------- 1 | --- 2 | eda_user_tokens: 3 | - name: my_user_token 4 | description: my awesome token 5 | token: ABCDEF 6 | ... 7 | -------------------------------------------------------------------------------- /.github/files/ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | collections_paths=/home/runner/collections 3 | roles_path=roles/ 4 | module_utils=plugins/module_utils 5 | library=plugins/modules 6 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | collections/* 2 | !collections/requirements.yml 3 | /*.tar.gz 4 | temp_test_module.yml 5 | test_playbook.yml 6 | test/ 7 | tests/output 8 | .vscode 9 | __pycache__ 10 | -------------------------------------------------------------------------------- /roles/dispatch/tests/configs/projects.yml: -------------------------------------------------------------------------------- 1 | --- 2 | eda_projects: 3 | - name: my_project 4 | description: my awesome project 5 | url: https://github.com/ansible/ansible-rulebook.git 6 | credential: test_token 7 | ... 8 | -------------------------------------------------------------------------------- /roles/project/tests/vars/projects.yml: -------------------------------------------------------------------------------- 1 | --- 2 | eda_projects: 3 | - name: my_project 4 | description: my awesome project 5 | url: https://github.com/ansible/ansible-rulebook.git 6 | tls_validation: true 7 | credential: test_token 8 | ... 9 | -------------------------------------------------------------------------------- /tests/playbooks/eda_configs/eda_auth.yml: -------------------------------------------------------------------------------- 1 | # User may add tower auth creds to this file and encrypt it using `ansible-vault` 2 | --- 3 | eda_hostname: http://localhost:8000 4 | eda_username: admin 5 | eda_password: testpass 6 | eda_validate_certs: false 7 | ... 8 | -------------------------------------------------------------------------------- /tests/playbooks/eda_configs/eda_credentials.yml: -------------------------------------------------------------------------------- 1 | --- 2 | eda_credentials: 3 | - name: my_github_user 4 | description: my GitHub Credential 5 | credential_type: 'GitHub Personal Access Token' 6 | username: githubuser 7 | secret: my_github_token 8 | ... 9 | -------------------------------------------------------------------------------- /roles/decision_environment/tests/vars/decision_environments.yml: -------------------------------------------------------------------------------- 1 | --- 2 | eda_decision_environments: 3 | - name: my_de 4 | description: my awesome decision environment 5 | image_url: registry.redhat.io/ansible-automation-platform-24/de-supported-rhel8 6 | credential: test_token 7 | ... 8 | -------------------------------------------------------------------------------- /roles/user/tests/vars/users.yml: -------------------------------------------------------------------------------- 1 | --- 2 | eda_users: 3 | - username: jane_doe 4 | first_name: Jane 5 | last_name: Doe 6 | email: jdoe@example.com 7 | password: my_password1 8 | update_secrets: false 9 | roles: 10 | - Auditor 11 | - Contributor 12 | ... 13 | -------------------------------------------------------------------------------- /tests/playbooks/eda_configs/eda_decision_environments.yml: -------------------------------------------------------------------------------- 1 | --- 2 | eda_decision_environments: 3 | - name: my_de 4 | description: my awesome decision environment 5 | image_url: registry.redhat.io/ansible-automation-platform-24/de-supported-rhel8 6 | credential: my_github_user 7 | ... 8 | -------------------------------------------------------------------------------- /.mlc_config.json: -------------------------------------------------------------------------------- 1 | { 2 | "ignorePatterns": [ 3 | { 4 | "pattern": "^https://cloud.redhat.com" 5 | }, 6 | { 7 | "pattern": "^https://console.redhat.com" 8 | }, 9 | { 10 | "pattern": "^https://sso.redhat.com" 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /tests/playbooks/eda_configs/eda_users.yml: -------------------------------------------------------------------------------- 1 | --- 2 | eda_users: 3 | - username: jane_doe 4 | first_name: Jane 5 | last_name: Doe 6 | email: jdoe@example.com 7 | password: my_password1 8 | update_secrets: false 9 | roles: 10 | - Auditor 11 | - Contributor 12 | ... 13 | -------------------------------------------------------------------------------- /roles/project_sync/tests/vars/projects.yml: -------------------------------------------------------------------------------- 1 | --- 2 | eda_projects: 3 | - name: my_project 4 | description: my awesome project 5 | url: https://github.com/ansible/ansible-rulebook.git 6 | credential: test_token 7 | sync: true 8 | interval: 5 9 | timeout: 30 10 | wait: true 11 | ... 12 | -------------------------------------------------------------------------------- /roles/user/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | eda_users: [] 3 | 4 | eda_configuration_user_secure_logging: "{{ eda_configuration_secure_logging | default(false) }}" 5 | eda_configuration_user_async_retries: "{{ eda_configuration_async_retries | default(50) }}" 6 | eda_configuration_user_async_delay: "{{ eda_configuration_async_delay | default(1) }}" 7 | eda_configuration_async_dir: null 8 | ... 9 | -------------------------------------------------------------------------------- /roles/project/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | eda_projects: [] 3 | 4 | eda_configuration_project_secure_logging: "{{ eda_configuration_secure_logging | default(false) }}" 5 | eda_configuration_project_async_retries: "{{ eda_configuration_async_retries | default(50) }}" 6 | eda_configuration_project_async_delay: "{{ eda_configuration_async_delay | default(1) }}" 7 | eda_configuration_async_dir: null 8 | ... 9 | -------------------------------------------------------------------------------- /roles/credential/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | eda_credentials: [] 3 | 4 | eda_configuration_credential_secure_logging: "{{ eda_configuration_secure_logging | default(true) }}" 5 | eda_configuration_credential_async_retries: "{{ eda_configuration_async_retries | default(50) }}" 6 | eda_configuration_credential_async_delay: "{{ eda_configuration_async_delay | default(1) }}" 7 | eda_configuration_async_dir: null 8 | ... 9 | -------------------------------------------------------------------------------- /roles/project_sync/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | eda_projects: [] 3 | 4 | eda_configuration_project_secure_logging: "{{ eda_configuration_secure_logging | default(false) }}" 5 | eda_configuration_project_sync_async_retries: "{{ eda_configuration_async_retries | default(50) }}" 6 | eda_configuration_project_sync_async_delay: "{{ eda_configuration_async_delay | default(1) }}" 7 | eda_configuration_async_dir: null 8 | ... 9 | -------------------------------------------------------------------------------- /roles/user_token/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | eda_user_tokens: [] 3 | 4 | eda_configuration_user_token_secure_logging: "{{ eda_configuration_secure_logging | default(false) }}" 5 | eda_configuration_user_token_async_retries: "{{ eda_configuration_async_retries | default(50) }}" 6 | eda_configuration_user_token_async_delay: "{{ eda_configuration_async_delay | default(1) }}" 7 | eda_configuration_async_dir: null 8 | ... 9 | -------------------------------------------------------------------------------- /roles/rulebook_activation/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | eda_rulebook_activations: [] 3 | 4 | eda_configuration_rulebook_activation_secure_logging: "{{ eda_configuration_secure_logging | default(false) }}" 5 | eda_configuration_rulebook_activation_async_retries: "{{ eda_configuration_async_retries | default(50) }}" 6 | eda_configuration_rulebook_activation_async_delay: "{{ eda_configuration_async_delay | default(1) }}" 7 | eda_configuration_async_dir: null 8 | ... 9 | -------------------------------------------------------------------------------- /roles/credential/tests/vars/credentials.yml: -------------------------------------------------------------------------------- 1 | --- 2 | eda_credentials: 3 | - name: my_github_user 4 | description: my GitHub Credential 5 | credential_type: 'GitHub Personal Access Token' 6 | username: githubuser 7 | secret: my_github_token 8 | - name: my_gitlab_user 9 | description: my GitLab Credential 10 | credential_type: 'GitLab Personal Access Token' 11 | username: gitlabuser 12 | secret: my_gitlab_token 13 | ... 14 | -------------------------------------------------------------------------------- /roles/decision_environment/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | eda_decision_environments: [] 3 | 4 | eda_configuration_decision_environment_secure_logging: "{{ eda_configuration_secure_logging | default(false) }}" 5 | eda_configuration_decision_environment_async_retries: "{{ eda_configuration_async_retries | default(50) }}" 6 | eda_configuration_decision_environment_async_delay: "{{ eda_configuration_async_delay | default(1) }}" 7 | eda_configuration_async_dir: null 8 | ... 9 | -------------------------------------------------------------------------------- /roles/dispatch/tests/configs/credentials.yml: -------------------------------------------------------------------------------- 1 | --- 2 | eda_credentials: 3 | - name: my_github_user 4 | description: my GitHub Credential 5 | credential_type: 'GitHub Personal Access Token' 6 | username: githubuser 7 | secret: my_github_token 8 | - name: my_gitlab_user 9 | description: my GitLab Credential 10 | credential_type: 'GitLab Personal Access Token' 11 | username: gitlabuser 12 | secret: my_gitlab_token 13 | ... 14 | -------------------------------------------------------------------------------- /tests/playbooks/eda_configs/eda_projects.yml: -------------------------------------------------------------------------------- 1 | --- 2 | eda_projects: 3 | - name: my_project 4 | description: my awesome project 5 | url: https://github.com/ansible/event-driven-ansible.git 6 | sync: true 7 | wait: true 8 | timeout: 30 9 | tls_validation: false 10 | - name: my_project_clone 11 | description: my awesome project clone 12 | url: https://github.com/ansible/event-driven-ansible.git 13 | sync: false 14 | wait: false 15 | ... 16 | -------------------------------------------------------------------------------- /tests/playbooks/eda_configs/eda_rulebook_activations.yml: -------------------------------------------------------------------------------- 1 | --- 2 | eda_rulebook_activations: 3 | - name: Github Hook 4 | description: Hook to listen for changes in GitHub 5 | project: my_project 6 | rulebook: git-hook-deploy-rules.yml 7 | awx_token: my_user_token 8 | decision_environment: my_de 9 | extra_vars: 10 | provider: github-local 11 | repo_url: https://github.com/ansible/ansible-rulebook.git 12 | enabled: true 13 | state: present 14 | ... 15 | -------------------------------------------------------------------------------- /roles/rulebook_activation/tests/vars/rulebook_activations.yml: -------------------------------------------------------------------------------- 1 | --- 2 | eda_rulebook_activations: 3 | - name: Github Hook 4 | description: Hook to listen for changes in GitHub 5 | project: EDA_example 6 | rulebook: git-hook-deploy-rules.yml 7 | decision_environment: Automation Hub Default Decision Environment 8 | extra_vars: 9 | provider: github-local 10 | repo_url: https://github.com/ansible/ansible-rulebook.git 11 | enabled: false 12 | state: present 13 | ... 14 | -------------------------------------------------------------------------------- /.github/workflows/issue-close-inactive.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # https://github.com/marketplace/actions/issues-helper 3 | name: Check and close inactive 4 | 5 | on: 6 | schedule: 7 | - cron: "0 6 * * *" 8 | 9 | jobs: 10 | close-inactive-issues: 11 | runs-on: ubuntu-latest 12 | steps: 13 | - name: close-issues 14 | uses: actions-cool/issues-helper@v3 15 | with: 16 | actions: 'close-issues' 17 | token: ${{ secrets.GITHUB_TOKEN }} 18 | labels: 'inactive' 19 | inactive-day: 7 20 | ... 21 | -------------------------------------------------------------------------------- /.github/workflows/update_pre_commit.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This workflow action will run pre-commit, which will execute ansible and yaml linting 3 | # See .pre-commit-config.yaml for what hooks are executed 4 | name: Update pre-commit configuration 5 | 6 | 7 | on: 8 | schedule: 9 | - cron: "0 5 * * *" 10 | 11 | jobs: 12 | pre-commit: 13 | uses: "redhat-cop/ansible_collections_tooling/.github/workflows/update_precommit.yml@main" 14 | with: 15 | github_actor: ${{ github.actor }} 16 | secrets: 17 | token: ${{ secrets.GITHUB_TOKEN }} 18 | ... 19 | -------------------------------------------------------------------------------- /roles/dispatch/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Run dispatch job to EDA 3 | hosts: localhost 4 | connection: local 5 | gather_facts: false 6 | vars: 7 | eda_validate_certs: false 8 | eda_hostname: eda.example.com 9 | eda_username: admin 10 | eda_password: changeme 11 | 12 | collections: 13 | - awx.awx 14 | 15 | pre_tasks: 16 | - name: Include vars from eda_configs directory 17 | ansible.builtin.include_vars: 18 | dir: ./configs 19 | extensions: ["yml"] 20 | tags: always 21 | 22 | roles: 23 | - ../.. 24 | ... 25 | -------------------------------------------------------------------------------- /roles/user/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Add user to EDA Controller 3 | hosts: localhost 4 | connection: local 5 | gather_facts: false 6 | vars: 7 | eda_validate_certs: false 8 | # Define following vars here, or in eda_configs/eda_auth.yml 9 | # eda_host: ansible-eda-web-svc-test-user.example.com 10 | # eda_token: changeme 11 | pre_tasks: 12 | - name: Include vars from eda_configs directory 13 | ansible.builtin.include_vars: 14 | dir: ./vars 15 | extensions: ["yml"] 16 | tags: 17 | - always 18 | roles: 19 | - ../../user 20 | ... 21 | -------------------------------------------------------------------------------- /roles/project/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Add project to EDA Controller 3 | hosts: localhost 4 | connection: local 5 | gather_facts: false 6 | vars: 7 | eda_validate_certs: false 8 | # Define following vars here, or in eda_configs/eda_auth.yml 9 | # eda_host: ansible-eda-web-svc-test-project.example.com 10 | # eda_token: changeme 11 | pre_tasks: 12 | - name: Include vars from eda_configs directory 13 | ansible.builtin.include_vars: 14 | dir: ./vars 15 | extensions: ["yml"] 16 | tags: 17 | - always 18 | roles: 19 | - ../../project 20 | ... 21 | -------------------------------------------------------------------------------- /roles/credential/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Add credential to EDA Controller 3 | hosts: localhost 4 | connection: local 5 | gather_facts: false 6 | vars: 7 | eda_validate_certs: false 8 | # Define following vars here, or in eda_configs/eda_auth.yml 9 | # eda_host: ansible-eda-web-svc-test-project.example.com 10 | # eda_token: changeme 11 | pre_tasks: 12 | - name: Include vars from eda_configs directory 13 | ansible.builtin.include_vars: 14 | dir: ./vars 15 | extensions: ["yml"] 16 | tags: 17 | - always 18 | roles: 19 | - ../../credential 20 | ... 21 | -------------------------------------------------------------------------------- /roles/project_sync/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Sync project on EDA Controller 3 | hosts: localhost 4 | connection: local 5 | gather_facts: false 6 | vars: 7 | eda_validate_certs: false 8 | # Define following vars here, or in eda_configs/eda_auth.yml 9 | # eda_host: ansible-eda-web-svc-test-project.example.com 10 | # eda_token: changeme 11 | pre_tasks: 12 | - name: Include vars from eda_configs directory 13 | ansible.builtin.include_vars: 14 | dir: ./vars 15 | extensions: ["yml"] 16 | tags: 17 | - always 18 | roles: 19 | - ../../project_sync 20 | ... 21 | -------------------------------------------------------------------------------- /roles/user_token/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Add user token to EDA Controller 3 | hosts: localhost 4 | connection: local 5 | gather_facts: false 6 | vars: 7 | eda_validate_certs: false 8 | # Define following vars here, or in eda_configs/eda_auth.yml 9 | # eda_host: ansible-eda-web-svc-test-project.example.com 10 | # eda_token: changeme 11 | pre_tasks: 12 | - name: Include vars from eda_configs directory 13 | ansible.builtin.include_vars: 14 | dir: ./vars 15 | extensions: ["yml"] 16 | tags: 17 | - always 18 | roles: 19 | - ../../user_token 20 | ... 21 | -------------------------------------------------------------------------------- /.markdownlint.yml: -------------------------------------------------------------------------------- 1 | --- 2 | default: true 3 | 4 | # MD003/heading-style/header-style - Heading style 5 | # This will ensure that the heading format is consistent across all markdown files 6 | MD003: 7 | style: "atx" 8 | 9 | # MD013/line-length - Line length 10 | # Setting to false to match the yamllint setting 11 | MD013: false 12 | MD022: false 13 | MD025: false 14 | MD026: false 15 | 16 | # MD046/code-block-style - Code block style 17 | # This will ensure that code block format is consistent across all markdown files 18 | MD0046: 19 | style: fenced 20 | 21 | MD033: 22 | allowed_elements: 23 | - "br" 24 | ... 25 | -------------------------------------------------------------------------------- /.github/workflows/issue-find-inactive.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # https://github.com/marketplace/actions/issues-helper 3 | name: Check inactive 4 | 5 | on: 6 | schedule: 7 | - cron: "0 5 * * *" 8 | 9 | jobs: 10 | check-inactive: 11 | runs-on: ubuntu-latest 12 | steps: 13 | - name: check-inactive 14 | uses: actions-cool/issues-helper@v3 15 | with: 16 | actions: 'check-inactive' 17 | token: ${{ secrets.GITHUB_TOKEN }} 18 | inactive-day: 30 19 | issue-state: open 20 | exclude-labels: 'new,enhancement,backlog,help wanted,module-issue,blocked - upstream' 21 | ... 22 | -------------------------------------------------------------------------------- /roles/rulebook_activation/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Add activations to EDA Controller 3 | hosts: localhost 4 | connection: local 5 | gather_facts: false 6 | vars: 7 | eda_validate_certs: false 8 | # Define following vars here, or in eda_configs/eda_auth.yml 9 | # eda_host: ansible-eda-web-svc-test-project.example.com 10 | # eda_token: changeme 11 | pre_tasks: 12 | - name: Include vars from eda_configs directory 13 | ansible.builtin.include_vars: 14 | dir: ./vars 15 | extensions: ["yml"] 16 | tags: 17 | - always 18 | roles: 19 | - ../../rulebook_activation 20 | ... 21 | -------------------------------------------------------------------------------- /.github/workflows/ci_standalone.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Test roles and modules 3 | on: [push, pull_request_target] 4 | 5 | jobs: 6 | ci_standalone: 7 | strategy: 8 | fail-fast: false 9 | matrix: 10 | eda_server_version: 11 | # Pinning to specific ref because of breaking changes to user endpoint after this. This will need to be recified later. 12 | - 93ef155accc3013f82a4870569638e7e1eaf2adc 13 | uses: "./.github/workflows/ci_standalone_versioned.yml" 14 | with: 15 | eda_server_version: ${{ matrix.eda_server_version }} 16 | gh_ref: ${{ github.event.pull_request.head.sha || github.sha }} 17 | -------------------------------------------------------------------------------- /roles/decision_environment/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Add decision environment to EDA Controller 3 | hosts: localhost 4 | connection: local 5 | gather_facts: false 6 | vars: 7 | eda_validate_certs: false 8 | # Define following vars here, or in eda_configs/eda_auth.yml 9 | # eda_host: ansible-eda-web-svc-test-project.example.com 10 | # eda_token: changeme 11 | pre_tasks: 12 | - name: Include vars from eda_configs directory 13 | ansible.builtin.include_vars: 14 | dir: ./vars 15 | extensions: ["yml"] 16 | tags: 17 | - always 18 | roles: 19 | - ../../decision_environment 20 | ... 21 | -------------------------------------------------------------------------------- /roles/dispatch/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | eda_configuration_dispatcher_roles: 3 | - role: user 4 | var: eda_users 5 | tags: user 6 | - role: credential 7 | var: eda_credentials 8 | tags: credential 9 | - role: user_token 10 | var: eda_user_tokens 11 | tags: user_token 12 | - role: project 13 | var: eda_projects 14 | tags: project 15 | - role: project_sync 16 | var: eda_projects 17 | tags: project_sync 18 | - role: decision_environment 19 | var: eda_decision_environments 20 | tags: decision_environment 21 | - role: rulebook_activation 22 | var: eda_rulebook_activations 23 | tags: rulebook_activation 24 | ... 25 | -------------------------------------------------------------------------------- /.github/workflows/pre-commit.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This workflow action will run pre-commit, which will execute ansible and yaml linting 3 | # See .pre-commit-config.yaml for what hooks are executed 4 | name: pre-commit tests 5 | 6 | 7 | on: 8 | pull_request: 9 | push: 10 | schedule: 11 | - cron: "0 6 * * *" 12 | 13 | jobs: 14 | pre-commit_and_sanity: 15 | uses: "redhat-cop/ansible_collections_tooling/.github/workflows/pre_commit_and_sanity.yml@main" 16 | with: 17 | collection_namespace: infra 18 | collection_name: eda_configuration 19 | collection_version: 0.1.0 20 | collection_repo: https://github.com/redhat-cop/eda_configuration 21 | ... 22 | -------------------------------------------------------------------------------- /.github/workflows/issue-remove-inactive.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # https://github.com/marketplace/actions/issues-helper 3 | name: Issue Remove Labels 4 | 5 | on: 6 | issues: 7 | types: [edited, reopened, labeled] 8 | issue_comment: 9 | types: [created, edited] 10 | 11 | jobs: 12 | remove-inactive: 13 | runs-on: ubuntu-latest 14 | steps: 15 | - name: remove inactive 16 | if: github.event.issue.state == 'open' && github.event.issue.user != 'github-actions' 17 | uses: actions-cool/issues-helper@v3 18 | with: 19 | actions: 'remove-labels' 20 | issue-number: ${{ github.event.issue.number }} 21 | labels: 'inactive' 22 | ... 23 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: enhancement, new 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /roles/dispatch/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Run the following infra.eda_configuration roles: {{ eda_configuration_dispatcher_roles | map(attribute='role') | join(', ') }}" 3 | ansible.builtin.include_role: 4 | name: "{{ __role.role }}" 5 | apply: 6 | tags: "{{ __role.tags }}" 7 | when: vars[__role.var] is defined 8 | tags: always 9 | loop: "{{ eda_configuration_dispatcher_roles }}" 10 | loop_control: 11 | loop_var: __role 12 | 13 | - name: "Fail the playbook if there were errors (check mode only)" 14 | ansible.builtin.fail: 15 | msg: "The execution has failed because of errors (probably due to missing dependencies caused by check mode)." 16 | when: ansible_check_mode and error_flag is defined and error_flag 17 | ... 18 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Ref: https://help.github.com/en/github/building-a-strong-community/configuring-issue-templates-for-your-repository#configuring-the-template-chooser 3 | blank_issues_enabled: false # default is true 4 | contact_links: 5 | - name: Feature requests 6 | url: https://github.com/redhat-cop/eda_configuration/discussions/categories/ideas 7 | about: Suggest an idea for this project 8 | - name: Discussions 9 | url: https://github.com/redhat-cop/eda_configuration/discussions 10 | about: Any kind of questions should go on the forum. 11 | - name: Ansible Code of Conduct 12 | url: https://docs.ansible.com/ansible/latest/community/code_of_conduct.html 13 | about: Be nice to other members of the community. Behave. 14 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 2 | # What does this PR do? 3 | 4 | 5 | 6 | # How should this be tested? 7 | 8 | 9 | 10 | # Is there a relevant Issue open for this? 11 | 12 | 13 | resolves #[number] 14 | 15 | # Other Relevant info, PRs, etc 16 | 17 | 18 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This workflow action will run pre-commit, which will execute ansible and yaml linting 3 | # See .pre-commit-config.yaml for what hooks are executed 4 | name: Release 5 | 6 | on: 7 | release: 8 | types: 9 | - published 10 | 11 | jobs: 12 | release: 13 | uses: "redhat-cop/ansible_collections_tooling/.github/workflows/release_pipeline_single.yml@main" 14 | with: 15 | collection_namespace: infra 16 | collection_name: eda_configuration 17 | collection_version: ${{ github.ref_name }} 18 | collection_repo: https://github.com/redhat-cop/eda_configuration 19 | quay_username: redhat_cop 20 | secrets: 21 | galaxy_api_key: ${{ secrets.GALAXY_INFRA_KEY }} 22 | token: ${{ secrets.GITHUB_TOKEN }} 23 | quay_token: ${{ secrets.quay_token }} 24 | 25 | ... 26 | -------------------------------------------------------------------------------- /galaxy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | authors: 3 | - Chris Renwick @crenwick93 4 | - Tom Page @Tompage1994 5 | - Sean Sullivan @sean-m-sullivan 6 | - David Danielsson @djdanielsson 7 | dependencies: {} 8 | description: Ansible content that interacts with the Ansible EDA Controller. 9 | documentation: https://github.com/redhat-cop/eda_configuration/blob/devel/README.md 10 | license: 11 | - GPL-3.0-only 12 | namespace: infra 13 | name: eda_configuration 14 | version: 1.1.0-devel 15 | readme: README.md 16 | repository: https://github.com/redhat-cop/eda_configuration 17 | issues: https://github.com/redhat-cop/eda_configuration/issues 18 | tags: 19 | - cloud 20 | - infrastructure 21 | - ansible 22 | - event 23 | - driven 24 | - controller 25 | - eda 26 | - automation 27 | build_ignore: 28 | - tools 29 | - setup.cfg 30 | - galaxy.yml.j2 31 | - template_galaxy.yml 32 | - '*.tar.gz' 33 | ... 34 | -------------------------------------------------------------------------------- /.github/files/galaxy.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | authors: 3 | - Chris Renwick @crenwick93 4 | - Tom Page @Tompage1994 5 | - Sean Sullivan @sean-m-sullivan 6 | - David Danielsson @djdanielsson 7 | dependencies: {} 8 | description: Ansible content that interacts with the Ansible EDA Controller. 9 | documentation: https://github.com/redhat-cop/eda_configuration/blob/devel/README.md 10 | license: 11 | - GPL-3.0-only 12 | namespace: {{ collection_namespace }} 13 | name: {{ collection_name }} 14 | version: {{ collection_version }} 15 | readme: README.md 16 | repository: {{ collection_repo }} 17 | issues: {{ collection_repo }}/issues 18 | tags: 19 | - cloud 20 | - infrastructure 21 | - ansible 22 | - event 23 | - driven 24 | - controller 25 | - eda 26 | - automation 27 | build_ignore: 28 | - tools 29 | - setup.cfg 30 | - galaxy.yml.j2 31 | - template_galaxy.yml 32 | - '*.tar.gz' 33 | ... 34 | -------------------------------------------------------------------------------- /.github/workflows/issue-labeled.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # https://github.com/marketplace/actions/issues-helper 3 | name: Issue Labeled 4 | 5 | on: 6 | issues: 7 | types: [labeled] 8 | 9 | jobs: 10 | issue-labeled: 11 | runs-on: ubuntu-latest 12 | steps: 13 | - name: Create comment 14 | uses: actions-cool/issues-helper@v3 15 | if: github.event.label.name == 'inactive' # || github.event.label.name == 'need info' 16 | with: 17 | actions: 'create-comment' 18 | token: ${{ secrets.GITHUB_TOKEN }} 19 | issue-number: ${{ github.event.issue.number }} 20 | body: | 21 | Hello @${{ github.event.issue.user.login }}. Please ensure that you have filled out the issue template as much as possible and have answered any further questions asked. If you have not done so in the next 7 days this issue will be automatically closed.' 22 | ... 23 | -------------------------------------------------------------------------------- /changelogs/config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | changelog_filename_template: ../CHANGELOG.rst 3 | changelog_filename_version_depth: 0 4 | changes_file: changelog.yaml 5 | changes_format: combined 6 | ignore_other_fragment_extensions: true 7 | keep_fragments: false 8 | mention_ancestor: true 9 | new_plugins_after_name: removed_features 10 | notesdir: fragments 11 | prelude_section_name: release_summary 12 | prelude_section_title: Release Summary 13 | sanitize_changelog: true 14 | sections: 15 | - - major_changes 16 | - Major Changes 17 | - - minor_changes 18 | - Minor Changes 19 | - - breaking_changes 20 | - Breaking Changes / Porting Guide 21 | - - deprecated_features 22 | - Deprecated Features 23 | - - removed_features 24 | - Removed Features (previously deprecated) 25 | - - security_fixes 26 | - Security Fixes 27 | - - bugfixes 28 | - Bugfixes 29 | - - known_issues 30 | - Known Issues 31 | title: infra.eda_configuration 32 | trivial_section_name: trivial 33 | use_fqcn: true 34 | ... 35 | -------------------------------------------------------------------------------- /STANDARDS.md: -------------------------------------------------------------------------------- 1 | 2 | # Contributor's Guidelines 3 | 4 | - All YAML files named with '.yml' extension 5 | - Use spaces around jinja variables. {{ var }} over {{var}} 6 | - Variables that are internal to the role should be lowercase 7 | - Keep roles self contained - Roles should avoid including tasks from other roles when possible 8 | - Plays should do nothing more than include a list of roles except where pre_tasks and post_tasks are required when possible 9 | - Separators - Use underscores (e.g. my_role my_playbook) not dashes (my-role) 10 | - Paths - When defining paths, do not include trailing slashes (e.g. my_path: /foo not my_path: /foo/). When concatenating paths, follow the same convention (e.g. {{ my_path }}/bar not {{ my_path }}bar) 11 | - Indentation - Use 2 spaces for each indent 12 | - `vars/` vs `defaults/` - if you have variables that don't need to change or be overridden by user, put those in `vars/` and those that a user would likely override, put those under `defaults/` directory. 13 | - All playbooks/roles should be focused on compatibility with EDA Controller 14 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | repos: 3 | - repo: 'https://github.com/pre-commit/pre-commit-hooks' 4 | rev: v6.0.0 5 | hooks: 6 | - id: end-of-file-fixer 7 | - id: trailing-whitespace 8 | - repo: 'https://github.com/ansible-community/ansible-lint.git' 9 | rev: v25.9.0 10 | hooks: 11 | # see discussions here about what arguments are used, and behavior 12 | # https://github.com/ansible/ansible-lint/issues/649 13 | # Roles will trigger an "unknown file type" 14 | # https://github.com/ansible/ansible-lint/issues/808 15 | - id: ansible-lint 16 | pass_filenames: false 17 | always_run: true 18 | entry: "ansible-lint" 19 | args: 20 | - "--profile=production" 21 | - repo: https://github.com/DavidAnson/markdownlint-cli2 22 | rev: v0.18.1 23 | hooks: 24 | - id: markdownlint-cli2 25 | - repo: https://github.com/pycqa/flake8 26 | rev: 7.3.0 27 | hooks: 28 | - id: flake8 29 | name: flake8 30 | entry: flake8 31 | types: [python] 32 | ... 33 | -------------------------------------------------------------------------------- /.ansible-lint: -------------------------------------------------------------------------------- 1 | --- 2 | # The exclude_paths does not appear to be working in pre-commit 3 | # this issue describes similar behavior but suggested fix doesn't work 4 | # https://github.com/ansible/ansible-lint/issues/371 5 | # exclude_paths: 6 | # - roles/master_role_example/ 7 | exclude_paths: 8 | - '.github/' 9 | - 'roles/master_role_example/' 10 | - 'changelogs/' 11 | - '*.py' 12 | parseable: true 13 | use_default_rules: true 14 | # https://github.com/ansible/ansible-lint/issues/808 15 | # with verbosity set to 1, its dumping 'unknown file type messages' 16 | # verbosity: 1 17 | skip_list: 18 | - meta-unsupported-ansible 19 | - meta-runtime # This collection with the appropriate awx.awx or ansible.controller still works with older ansible. 20 | - fqcn[keyword] 21 | - fqcn[action-core] 22 | - role-name[path] 23 | - var-naming[no-role-prefix] 24 | - galaxy[version-incorrect] # Added because it doesn't like pre-v1.0.0 versions 25 | warn_list: 26 | - jinja[invalid] # Temporarily adding this due to https://github.com/ansible/ansible-lint/issues/3048 27 | kinds: 28 | - playbooks: "**/examples/*.{yml,yaml}" 29 | - tasks: "**/examples/tasks/*.yml" 30 | - vars: "**/examples/vars/*.yml" 31 | ... 32 | -------------------------------------------------------------------------------- /CHANGELOG.rst: -------------------------------------------------------------------------------- 1 | ====================================== 2 | infra.eda\_configuration Release Notes 3 | ====================================== 4 | 5 | .. contents:: Topics 6 | 7 | v1.1.0 8 | ====== 9 | 10 | Minor Changes 11 | ------------- 12 | 13 | - Added eda_api lookup plugin 14 | 15 | Bugfixes 16 | -------- 17 | 18 | - Fix issue where wrong not checking for full match of name when searching for existing objects 19 | - Fixes issue where project sync reports fail because it is already running 20 | 21 | v1.0.0 22 | ====== 23 | 24 | Major Changes 25 | ------------- 26 | 27 | - Add dispatch role 28 | - Added credential module 29 | - Added credential role 30 | - Added decision environment module 31 | - Added decision environment role 32 | - Added project module 33 | - Added project role 34 | - Added project_sync module 35 | - Added project_sync role 36 | - Added rulebook_activation module 37 | - Added rulebook_activation role 38 | - Added user module 39 | - Added user role 40 | - Added user_token module 41 | - Added user_token role 42 | 43 | Bugfixes 44 | -------- 45 | 46 | - Fixed error message when project sync fails 47 | - fixed a bug where resolve_name_to_id data was not defined 48 | - fixed a bug with the API returning multiple items because it only matches the name starting with the value 49 | -------------------------------------------------------------------------------- /roles/user/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | role_name: "user" 4 | author: "Tom Page" 5 | description: "An Ansible Role to create a user in EDA Controller." 6 | company: "Red Hat" 7 | 8 | # If the issue tracker for your role is not on github, uncomment the 9 | # next line and provide a value 10 | # issue_tracker_url: http://example.com/issue/tracker 11 | license: "GPLv3+" 12 | 13 | min_ansible_version: 2.15.0 14 | 15 | # Optionally specify the branch Galaxy will use when accessing the GitHub 16 | # repo for this role. During role install, if no tags are available, 17 | # Galaxy will use this branch. During import Galaxy will access files on 18 | # this branch. If Travis integration is configured, only notifications for this 19 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 20 | # (usually master) will be used. 21 | 22 | # github_branch: 23 | 24 | # 25 | # platforms is a list of platforms, and each platform has a name and a list of versions. 26 | # 27 | platforms: 28 | - name: "EL" 29 | versions: 30 | - "all" 31 | 32 | galaxy_tags: 33 | - "edacontroller" 34 | - "eda" 35 | - "configuration" 36 | - "user" 37 | - "users" 38 | 39 | dependencies: [] 40 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 41 | # if you add dependencies to this list. 42 | ... 43 | -------------------------------------------------------------------------------- /.yamllint.yml: -------------------------------------------------------------------------------- 1 | --- 2 | extends: default 3 | 4 | ignore: | 5 | changelogs 6 | 7 | rules: 8 | # 80 chars should be enough, but don't fail if a line is longer 9 | line-length: disable 10 | colons: 11 | max-spaces-before: 0 12 | max-spaces-after: -1 13 | document-end: {present: true} 14 | indentation: 15 | level: error 16 | # Require indentation https://redhat-cop.github.io/automation-good-practices/#_yaml_and_jinja2_syntax 17 | indent-sequences: true 18 | truthy: 19 | level: error 20 | # Allow only YAML 1.2 booleans https://redhat-cop.github.io/automation-good-practices/#_yaml_and_jinja2_syntax 21 | allowed-values: 22 | - 'true' 23 | - 'false' 24 | comments: 25 | # https://github.com/prettier/prettier/issues/6780 26 | min-spaces-from-content: 1 27 | # https://github.com/adrienverge/yamllint/issues/384 28 | comments-indentation: false 29 | # We are adding an extra space inside braces as that's how prettier does it 30 | # and we are trying not to fight other linters. 31 | braces: 32 | min-spaces-inside: 0 # yamllint defaults to 0 33 | max-spaces-inside: 1 # yamllint defaults to 0 34 | # key-duplicates: 35 | # forbid-duplicated-merge-keys: true # not enabled by default 36 | octal-values: 37 | forbid-implicit-octal: true # yamllint defaults to false 38 | forbid-explicit-octal: true # yamllint defaults to false 39 | ... 40 | -------------------------------------------------------------------------------- /plugins/doc_fragments/auth_plugin.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | # Copyright: (c) 2020, Ansible by Red Hat, Inc 4 | # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) 5 | 6 | from __future__ import absolute_import, division, print_function 7 | 8 | __metaclass__ = type 9 | 10 | 11 | class ModuleDocFragment(object): 12 | 13 | # Automation Platform EDA Controller documentation fragment 14 | DOCUMENTATION = r""" 15 | options: 16 | host: 17 | description: The network address of your EDA Controller host. 18 | env: 19 | - name: EDA_HOST 20 | username: 21 | description: The user that you plan to use to access EDA Controller. 22 | env: 23 | - name: EDA_USERNAME 24 | password: 25 | description: The password for your EDA Controller user. 26 | env: 27 | - name: EDA_PASSWORD 28 | request_timeout: 29 | description: 30 | - Specify the timeout Ansible should use in requests to the EDA Controller host. 31 | - Defaults to 10 seconds 32 | type: float 33 | env: 34 | - name: EDA_REQUEST_TIMEOUT 35 | verify_ssl: 36 | description: 37 | - Specify whether Ansible should verify the SSL certificate of the EDA Controller host. 38 | - Defaults to True, but this is handled by the shared module_utils code 39 | type: bool 40 | env: 41 | - name: EDA_VERIFY_SSL 42 | aliases: [ validate_certs ] 43 | """ 44 | -------------------------------------------------------------------------------- /roles/project/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | role_name: "project" 4 | author: "Chris Renwick" 5 | description: "An Ansible Role to create a project in EDA Controller." 6 | company: "Red Hat" 7 | 8 | # If the issue tracker for your role is not on github, uncomment the 9 | # next line and provide a value 10 | # issue_tracker_url: http://example.com/issue/tracker 11 | license: "GPLv3+" 12 | 13 | min_ansible_version: 2.15.0 14 | 15 | # Optionally specify the branch Galaxy will use when accessing the GitHub 16 | # repo for this role. During role install, if no tags are available, 17 | # Galaxy will use this branch. During import Galaxy will access files on 18 | # this branch. If Travis integration is configured, only notifications for this 19 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 20 | # (usually master) will be used. 21 | 22 | # github_branch: 23 | 24 | # 25 | # platforms is a list of platforms, and each platform has a name and a list of versions. 26 | # 27 | platforms: 28 | - name: "EL" 29 | versions: 30 | - "all" 31 | 32 | galaxy_tags: 33 | - "edacontroller" 34 | - "eda" 35 | - "configuration" 36 | - "project" 37 | - "projects" 38 | 39 | dependencies: [] 40 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 41 | # if you add dependencies to this list. 42 | ... 43 | -------------------------------------------------------------------------------- /roles/user_token/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | role_name: "user_token" 4 | author: "Derek Waters" 5 | description: "An Ansible Role to create a user token in EDA Controller." 6 | company: "Red Hat" 7 | 8 | # If the issue tracker for your role is not on github, uncomment the 9 | # next line and provide a value 10 | # issue_tracker_url: http://example.com/issue/tracker 11 | license: "GPLv3+" 12 | 13 | min_ansible_version: 2.15.0 14 | 15 | # Optionally specify the branch Galaxy will use when accessing the GitHub 16 | # repo for this role. During role install, if no tags are available, 17 | # Galaxy will use this branch. During import Galaxy will access files on 18 | # this branch. If Travis integration is configured, only notifications for this 19 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 20 | # (usually master) will be used. 21 | 22 | # github_branch: 23 | 24 | # 25 | # platforms is a list of platforms, and each platform has a name and a list of versions. 26 | # 27 | platforms: 28 | - name: "EL" 29 | versions: 30 | - "all" 31 | 32 | galaxy_tags: 33 | - "edacontroller" 34 | - "eda" 35 | - "configuration" 36 | - "user" 37 | - "users" 38 | 39 | dependencies: [] 40 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 41 | # if you add dependencies to this list. 42 | ... 43 | -------------------------------------------------------------------------------- /roles/credential/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | role_name: "credential" 4 | author: "Derek Waters" 5 | description: "An Ansible Role to create a credential in EDA Controller." 6 | company: "Red Hat" 7 | 8 | # If the issue tracker for your role is not on github, uncomment the 9 | # next line and provide a value 10 | # issue_tracker_url: http://example.com/issue/tracker 11 | license: "GPLv3+" 12 | 13 | min_ansible_version: 2.15.0 14 | 15 | # Optionally specify the branch Galaxy will use when accessing the GitHub 16 | # repo for this role. During role install, if no tags are available, 17 | # Galaxy will use this branch. During import Galaxy will access files on 18 | # this branch. If Travis integration is configured, only notifications for this 19 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 20 | # (usually master) will be used. 21 | 22 | # github_branch: 23 | 24 | # 25 | # platforms is a list of platforms, and each platform has a name and a list of versions. 26 | # 27 | platforms: 28 | - name: "EL" 29 | versions: 30 | - "all" 31 | 32 | galaxy_tags: 33 | - "edacontroller" 34 | - "eda" 35 | - "configuration" 36 | - "credential" 37 | - "credentials" 38 | 39 | dependencies: [] 40 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 41 | # if you add dependencies to this list. 42 | ... 43 | -------------------------------------------------------------------------------- /roles/project_sync/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | role_name: "project_sync" 4 | author: "Tom Page" 5 | description: "An Ansible Role to create a project in EDA Controller." 6 | company: "Red Hat" 7 | 8 | # If the issue tracker for your role is not on github, uncomment the 9 | # next line and provide a value 10 | # issue_tracker_url: http://example.com/issue/tracker 11 | license: "GPLv3+" 12 | 13 | min_ansible_version: 2.15.0 14 | 15 | # Optionally specify the branch Galaxy will use when accessing the GitHub 16 | # repo for this role. During role install, if no tags are available, 17 | # Galaxy will use this branch. During import Galaxy will access files on 18 | # this branch. If Travis integration is configured, only notifications for this 19 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 20 | # (usually master) will be used. 21 | 22 | # github_branch: 23 | 24 | # 25 | # platforms is a list of platforms, and each platform has a name and a list of versions. 26 | # 27 | platforms: 28 | - name: "EL" 29 | versions: 30 | - "all" 31 | 32 | galaxy_tags: 33 | - "edacontroller" 34 | - "eda" 35 | - "configuration" 36 | - "project" 37 | - "projects" 38 | - "sync" 39 | 40 | dependencies: [] 41 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 42 | # if you add dependencies to this list. 43 | ... 44 | -------------------------------------------------------------------------------- /roles/dispatch/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | role_name: "dispatch" 4 | author: "Tom Page" 5 | description: "An Ansible Role which launches all of the roles within the eda_configuration Collection." 6 | company: "Red Hat" 7 | 8 | # If the issue tracker for your role is not on github, uncomment the 9 | # next line and provide a value 10 | # issue_tracker_url: http://example.com/issue/tracker 11 | license: GPL-3.0-or-later 12 | 13 | min_ansible_version: 2.15.0 14 | 15 | # Optionally specify the branch Galaxy will use when accessing the GitHub 16 | # repo for this role. During role install, if no tags are available, 17 | # Galaxy will use this branch. During import Galaxy will access files on 18 | # this branch. If Travis integration is configured, only notifications for this 19 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 20 | # (usually master) will be used. 21 | # github_branch: 22 | 23 | # 24 | # platforms is a list of platforms, and each platform has a name and a list of versions. 25 | # 26 | platforms: 27 | - name: "EL" 28 | versions: 29 | - "all" 30 | 31 | galaxy_tags: 32 | - "eda" 33 | - "aap" 34 | - "configuration" 35 | - "dispatch" 36 | 37 | collections: [] 38 | 39 | dependencies: [] 40 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 41 | # if you add dependencies to this list. 42 | ... 43 | -------------------------------------------------------------------------------- /roles/decision_environment/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | role_name: "decision_environment" 4 | author: "Derek Waters" 5 | description: "An Ansible Role to create a decision environment in EDA Controller." 6 | company: "Red Hat" 7 | 8 | # If the issue tracker for your role is not on github, uncomment the 9 | # next line and provide a value 10 | # issue_tracker_url: http://example.com/issue/tracker 11 | license: "GPLv3+" 12 | 13 | min_ansible_version: 2.15.0 14 | 15 | # Optionally specify the branch Galaxy will use when accessing the GitHub 16 | # repo for this role. During role install, if no tags are available, 17 | # Galaxy will use this branch. During import Galaxy will access files on 18 | # this branch. If Travis integration is configured, only notifications for this 19 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 20 | # (usually master) will be used. 21 | 22 | # github_branch: 23 | 24 | # 25 | # platforms is a list of platforms, and each platform has a name and a list of versions. 26 | # 27 | platforms: 28 | - name: "EL" 29 | versions: 30 | - "all" 31 | 32 | galaxy_tags: 33 | - "edacontroller" 34 | - "eda" 35 | - "configuration" 36 | - "decisionenvironment" 37 | - "decisionenvironments" 38 | 39 | dependencies: [] 40 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 41 | # if you add dependencies to this list. 42 | ... 43 | -------------------------------------------------------------------------------- /roles/rulebook_activation/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | role_name: "rulebook_activation" 4 | author: "Tom Page" 5 | description: "An Ansible Role to create a rulebook activation in EDA Controller." 6 | company: "Red Hat" 7 | 8 | # If the issue tracker for your role is not on github, uncomment the 9 | # next line and provide a value 10 | # issue_tracker_url: http://example.com/issue/tracker 11 | license: "GPLv3+" 12 | 13 | min_ansible_version: 2.15.0 14 | 15 | # Optionally specify the branch Galaxy will use when accessing the GitHub 16 | # repo for this role. During role install, if no tags are available, 17 | # Galaxy will use this branch. During import Galaxy will access files on 18 | # this branch. If Travis integration is configured, only notifications for this 19 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 20 | # (usually master) will be used. 21 | 22 | # github_branch: 23 | 24 | # 25 | # platforms is a list of platforms, and each platform has a name and a list of versions. 26 | # 27 | platforms: 28 | - name: "EL" 29 | versions: 30 | - "all" 31 | 32 | galaxy_tags: 33 | - "edacontroller" 34 | - "eda" 35 | - "configuration" 36 | - "rulebookactivation" 37 | - "rulebookactivations" 38 | - "activation" 39 | - "activations" 40 | 41 | dependencies: [] 42 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 43 | # if you add dependencies to this list. 44 | ... 45 | -------------------------------------------------------------------------------- /tests/playbooks/testing_collections_playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Testing EDA Server 3 | hosts: localhost 4 | connection: local 5 | gather_facts: false 6 | collections: 7 | - infra.eda_configuration 8 | pre_tasks: 9 | - name: Include vars from eda_configs directory 10 | ansible.builtin.include_vars: 11 | dir: ./eda_configs 12 | extensions: ["yml"] 13 | tags: 14 | - always 15 | 16 | tasks: 17 | - name: Verify EDA Controller is up 18 | ansible.builtin.uri: 19 | validate_certs: false 20 | url: "{{ eda_hostname }}/api/eda/v1/users/me/" 21 | url_username: "{{ eda_username }}" 22 | url_password: "{{ eda_password }}" 23 | status_code: 24 | - 200 25 | force_basic_auth: true 26 | 27 | - name: Create objects in EDA 28 | ansible.builtin.include_role: 29 | name: dispatch 30 | tags: 31 | - always 32 | 33 | - name: Use api lookup plugin to run assertions 34 | ansible.builtin.assert: 35 | that: 36 | - project_lookup | map(attribute='name') is contains('my_project') 37 | - project_lookup | map(attribute='name') is contains('my_project_clone') 38 | tags: 39 | - assertions 40 | vars: 41 | project_lookup: "{{ lookup('infra.eda_configuration.eda_api', 'projects', host=eda_hostname, username=eda_username, 42 | password=eda_password, verify_ssl=false, query_params=qp) }}" 43 | qp: 44 | url: 'https://github.com/ansible/event-driven-ansible.git' 45 | 46 | 47 | ... 48 | -------------------------------------------------------------------------------- /changelogs/changelog.yaml: -------------------------------------------------------------------------------- 1 | ancestor: null 2 | releases: 3 | 0.1.0-devel: 4 | release_date: '2023-08-17' 5 | 1.0.0: 6 | changes: 7 | bugfixes: 8 | - Fixed error message when project sync fails 9 | - fixed a bug where resolve_name_to_id data was not defined 10 | - fixed a bug with the API returning multiple items because it only matches 11 | the name starting with the value 12 | major_changes: 13 | - Add dispatch role 14 | - Added credential module 15 | - Added credential role 16 | - Added decision environment module 17 | - Added decision environment role 18 | - Added project module 19 | - Added project role 20 | - Added project_sync module 21 | - Added project_sync role 22 | - Added rulebook_activation module 23 | - Added rulebook_activation role 24 | - Added user module 25 | - Added user role 26 | - Added user_token module 27 | - Added user_token role 28 | fragments: 29 | - activations.yml 30 | - bugfix.yml 31 | - credential.yml 32 | - decision_environment.yml 33 | - dispatch.yml 34 | - project.yml 35 | - user.yml 36 | - user_token.yml 37 | release_date: '2024-04-08' 38 | 1.1.0: 39 | changes: 40 | bugfixes: 41 | - Fix issue where wrong not checking for full match of name when searching for 42 | existing objects 43 | - Fixes issue where project sync reports fail because it is already running 44 | minor_changes: 45 | - Added eda_api lookup plugin 46 | fragments: 47 | - api-lookup.yml 48 | - proj_sync.yml 49 | release_date: '2024-04-12' 50 | -------------------------------------------------------------------------------- /roles/user_token/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Create EDA Controller User Tokens 4 | - name: Add EDA Controller user token 5 | infra.eda_configuration.user_token: 6 | name: "{{ __token_item.name }}" 7 | new_name: "{{ __token_item.new_name | default(omit) }}" 8 | description: "{{ __token_item.description | default(omit) }}" 9 | token: "{{ __token_item.token | default(omit) }}" 10 | eda_host: "{{ eda_host | default(eda_hostname) }}" 11 | eda_username: "{{ eda_username | default(omit) }}" 12 | eda_password: "{{ eda_password | default(omit) }}" 13 | validate_certs: "{{ eda_validate_certs | default(omit) }}" 14 | request_timeout: "{{ eda_request_timeout | default(omit) }}" 15 | loop: "{{ eda_user_tokens }}" 16 | loop_control: 17 | loop_var: "__token_item" 18 | no_log: "{{ eda_configuration_user_token_secure_logging }}" 19 | async: 1000 20 | poll: 0 21 | register: __user_tokens_job_async 22 | changed_when: not __user_tokens_job_async.changed 23 | vars: 24 | ansible_async_dir: '{{ eda_configuration_async_dir }}' 25 | 26 | - name: "Create user_token | Wait for finish the user_token creation" 27 | ansible.builtin.async_status: 28 | jid: "{{ __user_tokens_job_async_result_item.ansible_job_id }}" 29 | register: __user_tokens_job_async_result 30 | until: __user_tokens_job_async_result.finished 31 | retries: "{{ eda_configuration_user_token_async_retries }}" 32 | delay: "{{ eda_configuration_user_token_async_delay }}" 33 | loop: "{{ __user_tokens_job_async.results }}" 34 | loop_control: 35 | loop_var: __user_tokens_job_async_result_item 36 | when: __user_tokens_job_async_result_item.ansible_job_id is defined 37 | no_log: "{{ eda_configuration_user_token_secure_logging }}" 38 | vars: 39 | ansible_async_dir: '{{ eda_configuration_async_dir }}' 40 | ... 41 | -------------------------------------------------------------------------------- /roles/project_sync/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Sync EDA Controller Project 4 | - name: Sync EDA Controller project 5 | infra.eda_configuration.project_sync: 6 | name: "{{ __project_sync_item.name }}" 7 | wait: "{{ __project_sync_item.wait | default(omit) }}" 8 | interval: "{{ __project_sync_item.interval | default(eda_configuration_project_sync_async_delay) }}" 9 | timeout: "{{ __project_sync_item.timeout | default(omit) }}" 10 | eda_host: "{{ eda_host | default(eda_hostname) }}" 11 | eda_username: "{{ eda_username | default(omit) }}" 12 | eda_password: "{{ eda_password | default(omit) }}" 13 | validate_certs: "{{ eda_validate_certs | default(omit) }}" 14 | request_timeout: "{{ eda_request_timeout | default(omit) }}" 15 | loop: "{{ eda_projects }}" 16 | loop_control: 17 | loop_var: "__project_sync_item" 18 | when: __project_sync_item.sync | default(false) 19 | no_log: "{{ eda_configuration_project_secure_logging }}" 20 | async: 1000 21 | poll: 0 22 | register: __projects_sync_job_async 23 | changed_when: not __projects_sync_job_async.changed 24 | vars: 25 | ansible_async_dir: '{{ eda_configuration_async_dir }}' 26 | 27 | - name: "Sync project | Wait for finish syncing the project" 28 | ansible.builtin.async_status: 29 | jid: "{{ __projects_sync_job_async_result_item.ansible_job_id }}" 30 | register: __projects_sync_job_async_result 31 | until: __projects_sync_job_async_result.finished 32 | retries: "{{ eda_configuration_project_sync_async_retries }}" 33 | delay: "{{ eda_configuration_project_sync_async_delay }}" 34 | loop: "{{ __projects_sync_job_async.results }}" 35 | loop_control: 36 | loop_var: __projects_sync_job_async_result_item 37 | when: __projects_sync_job_async_result_item.ansible_job_id is defined 38 | no_log: "{{ eda_configuration_project_secure_logging }}" 39 | vars: 40 | ansible_async_dir: '{{ eda_configuration_async_dir }}' 41 | ... 42 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a bug report. Please test against the latest release before submitting 4 | it. For anything else, please use the Forums link below. 5 | title: '' 6 | labels: bug, new 7 | assignees: '' 8 | 9 | --- 10 | 11 | 12 | 13 | 14 | # Summary 15 | 16 | 17 | 18 | # Issue Type 19 | 20 | - Bug Report 21 | 22 | # Ansible, Collection, Event Driven Ansible Controller details 23 | 24 | 25 | 26 | ```console (paste below) 27 | ansible --version 28 | 29 | ansible-galaxy collection list 30 | 31 | Event Driven Ansible Controller version 32 | 33 | ``` 34 | 35 | - ansible installation method: one of source, pip, OS package, EE 36 | 37 | # OS / ENVIRONMENT 38 | 39 | 40 | 41 | # Desired Behavior 42 | 43 | 44 | 45 | # Actual Behavior 46 | 47 | 48 | 49 | Please give some details of what is actually happening. 50 | Include a [minimum complete verifiable example] with: 51 | 52 | - playbook / task 53 | - configuration file / list 54 | - error 55 | 56 | 57 | 58 | ```console (error) 59 | 60 | ``` 61 | 62 | # STEPS TO REPRODUCE 63 | 64 | 65 | 66 | 67 | 68 | ```yaml (playbook/task) 69 | 70 | ``` 71 | 72 | ```yaml (config/list/array/variables) 73 | 74 | ``` 75 | 76 | 77 | 78 | 79 | -------------------------------------------------------------------------------- /roles/project/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Create EDA Controller Project 4 | - name: Add EDA Controller project 5 | infra.eda_configuration.project: 6 | name: "{{ __project_item.name }}" 7 | new_name: "{{ __project_item.new_name | default(omit) }}" 8 | description: "{{ __project_item.description | default(omit) }}" 9 | url: "{{ __project_item.url | default(__project_item.scm_url | default(omit)) }}" 10 | tls_validation: "{{ __project_item.tls_validation | default(omit) }}" 11 | credential: "{{ __project_item.credential | default(omit) }}" 12 | state: "{{ __project_item.state | default(eda_state | default('present')) }}" 13 | eda_host: "{{ eda_host | default(eda_hostname) }}" 14 | eda_username: "{{ eda_username | default(omit) }}" 15 | eda_password: "{{ eda_password | default(omit) }}" 16 | validate_certs: "{{ eda_validate_certs | default(omit) }}" 17 | request_timeout: "{{ eda_request_timeout | default(omit) }}" 18 | loop: "{{ eda_projects }}" 19 | loop_control: 20 | loop_var: "__project_item" 21 | no_log: "{{ eda_configuration_project_secure_logging }}" 22 | async: 1000 23 | poll: 0 24 | register: __projects_job_async 25 | changed_when: not __projects_job_async.changed 26 | vars: 27 | ansible_async_dir: '{{ eda_configuration_async_dir }}' 28 | 29 | - name: "Create project | Wait for finish the project creation" 30 | ansible.builtin.async_status: 31 | jid: "{{ __projects_job_async_result_item.ansible_job_id }}" 32 | register: __projects_job_async_result 33 | until: __projects_job_async_result.finished 34 | retries: "{{ eda_configuration_project_async_retries }}" 35 | delay: "{{ eda_configuration_project_async_delay }}" 36 | loop: "{{ __projects_job_async.results }}" 37 | loop_control: 38 | loop_var: __projects_job_async_result_item 39 | when: __projects_job_async_result_item.ansible_job_id is defined 40 | no_log: "{{ eda_configuration_project_secure_logging }}" 41 | vars: 42 | ansible_async_dir: '{{ eda_configuration_async_dir }}' 43 | ... 44 | -------------------------------------------------------------------------------- /roles/user/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Create EDA Controller user 4 | - name: Add EDA Controller user 5 | infra.eda_configuration.user: 6 | username: "{{ __user_item.username }}" 7 | new_username: "{{ __user_item.new_username | default(omit) }}" 8 | first_name: "{{ __user_item.first_name | default(omit) }}" 9 | last_name: "{{ __user_item.last_name | default(omit) }}" 10 | email: "{{ __user_item.email | default(omit) }}" 11 | password: "{{ __user_item.password | default(omit) }}" 12 | update_secrets: "{{ __user_item.update_secrets | default(omit) }}" 13 | roles: "{{ __user_item.roles | default(omit) }}" 14 | state: "{{ __user_item.state | default(eda_state | default('present')) }}" 15 | eda_host: "{{ eda_host | default(eda_hostname) }}" 16 | eda_username: "{{ eda_username | default(omit) }}" 17 | eda_password: "{{ eda_password | default(omit) }}" 18 | validate_certs: "{{ eda_validate_certs | default(omit) }}" 19 | request_timeout: "{{ eda_request_timeout | default(omit) }}" 20 | loop: "{{ eda_users }}" 21 | loop_control: 22 | loop_var: "__user_item" 23 | no_log: "{{ eda_configuration_user_secure_logging }}" 24 | async: 1000 25 | poll: 0 26 | register: __users_job_async 27 | changed_when: not __users_job_async.changed 28 | vars: 29 | ansible_async_dir: '{{ eda_configuration_async_dir }}' 30 | 31 | - name: "Create user | Wait for finish the user creation" 32 | ansible.builtin.async_status: 33 | jid: "{{ __users_job_async_result_item.ansible_job_id }}" 34 | register: __users_job_async_result 35 | until: __users_job_async_result.finished 36 | retries: "{{ eda_configuration_user_async_retries }}" 37 | delay: "{{ eda_configuration_user_async_delay }}" 38 | loop: "{{ __users_job_async.results }}" 39 | loop_control: 40 | loop_var: __users_job_async_result_item 41 | when: __users_job_async_result_item.ansible_job_id is defined 42 | no_log: "{{ eda_configuration_user_secure_logging }}" 43 | vars: 44 | ansible_async_dir: '{{ eda_configuration_async_dir }}' 45 | ... 46 | -------------------------------------------------------------------------------- /roles/credential/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Create EDA Controller Credential 4 | - name: Add EDA Controller credential 5 | infra.eda_configuration.credential: 6 | name: "{{ __credential_item.name }}" 7 | new_name: "{{ __credential_item.new_name | default(omit) }}" 8 | description: "{{ __credential_item.description | default(omit) }}" 9 | credential_type: "{{ __credential_item.credential_type | default('GitHub Personal Access Token') }}" 10 | username: "{{ __credential_item.username | default(omit) }}" 11 | secret: "{{ __credential_item.secret | default(omit) }}" 12 | state: "{{ __credential_item.state | default(eda_state | default('present')) }}" 13 | eda_host: "{{ eda_host | default(eda_hostname) }}" 14 | eda_username: "{{ eda_username | default(omit) }}" 15 | eda_password: "{{ eda_password | default(omit) }}" 16 | validate_certs: "{{ eda_validate_certs | default(omit) }}" 17 | request_timeout: "{{ eda_request_timeout | default(omit) }}" 18 | loop: "{{ eda_credentials }}" 19 | loop_control: 20 | loop_var: "__credential_item" 21 | no_log: "{{ eda_configuration_credential_secure_logging }}" 22 | async: 1000 23 | poll: 0 24 | register: __credentials_job_async 25 | changed_when: not __credentials_job_async.changed 26 | vars: 27 | ansible_async_dir: '{{ eda_configuration_async_dir }}' 28 | 29 | - name: "Create credential | Wait for finish the credential creation" 30 | ansible.builtin.async_status: 31 | jid: "{{ __credentials_job_async_result_item.ansible_job_id }}" 32 | register: __credentials_job_async_result 33 | until: __credentials_job_async_result.finished 34 | retries: "{{ eda_configuration_credential_async_retries }}" 35 | delay: "{{ eda_configuration_credential_async_delay }}" 36 | loop: "{{ __credentials_job_async.results }}" 37 | loop_control: 38 | loop_var: __credentials_job_async_result_item 39 | when: __credentials_job_async_result_item.ansible_job_id is defined 40 | no_log: "{{ eda_configuration_credential_secure_logging }}" 41 | vars: 42 | ansible_async_dir: '{{ eda_configuration_async_dir }}' 43 | ... 44 | -------------------------------------------------------------------------------- /roles/decision_environment/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Create EDA Controller Decision Environment 4 | - name: Add EDA Controller decision environment 5 | infra.eda_configuration.decision_environment: 6 | name: "{{ __de_item.name }}" 7 | new_name: "{{ __de_item.new_name | default(omit) }}" 8 | description: "{{ __de_item.description | default(omit) }}" 9 | image_url: "{{ __de_item.image_url | default(omit) }}" 10 | credential: "{{ __de_item.credential | default(omit) }}" 11 | state: "{{ __de_item.state | default(eda_state | default('present')) }}" 12 | eda_host: "{{ eda_host | default(eda_hostname) }}" 13 | eda_username: "{{ eda_username | default(omit) }}" 14 | eda_password: "{{ eda_password | default(omit) }}" 15 | validate_certs: "{{ eda_validate_certs | default(omit) }}" 16 | request_timeout: "{{ eda_request_timeout | default(omit) }}" 17 | loop: "{{ eda_decision_environments }}" 18 | loop_control: 19 | loop_var: "__de_item" 20 | no_log: "{{ eda_configuration_decision_environment_secure_logging }}" 21 | async: 1000 22 | poll: 0 23 | register: __decision_environments_job_async 24 | changed_when: not __decision_environments_job_async.changed 25 | vars: 26 | ansible_async_dir: '{{ eda_configuration_async_dir }}' 27 | 28 | - name: "Create decision_environment | Wait for finish the decision_environment creation" 29 | ansible.builtin.async_status: 30 | jid: "{{ __decision_environments_job_async_result_item.ansible_job_id }}" 31 | register: __decision_environments_job_async_result 32 | until: __decision_environments_job_async_result.finished 33 | retries: "{{ eda_configuration_decision_environment_async_retries }}" 34 | delay: "{{ eda_configuration_decision_environment_async_delay }}" 35 | loop: "{{ __decision_environments_job_async.results }}" 36 | loop_control: 37 | loop_var: __decision_environments_job_async_result_item 38 | when: __decision_environments_job_async_result_item.ansible_job_id is defined 39 | no_log: "{{ eda_configuration_decision_environment_secure_logging }}" 40 | vars: 41 | ansible_async_dir: '{{ eda_configuration_async_dir }}' 42 | ... 43 | -------------------------------------------------------------------------------- /plugins/doc_fragments/auth.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | # Copyright: (c) 2023, Chris Renwick <@crenwick93> 4 | # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) 5 | 6 | from __future__ import absolute_import, division, print_function 7 | 8 | __metaclass__ = type 9 | 10 | 11 | class ModuleDocFragment(object): 12 | 13 | # Ansible Galaxy documentation fragment 14 | DOCUMENTATION = r""" 15 | options: 16 | eda_host: 17 | description: 18 | - URL to Ansible Galaxy or EDA Controller instance. 19 | - If value not set, will try environment variable C(EDA_HOST) 20 | - If value not specified by any means, the value of C(127.0.0.1) will be used 21 | type: str 22 | aliases: [ eda_hostname ] 23 | eda_username: 24 | description: 25 | - Username for your Ansible Galaxy or EDA Controller instance. 26 | - If value not set, will try environment variable C(EDA_USERNAME) 27 | type: str 28 | eda_password: 29 | description: 30 | - Password for your Ansible Galaxy or EDA Controller instance. 31 | - If value not set, will try environment variable C(EDA_PASSWORD) 32 | type: str 33 | eda_token: 34 | description: 35 | - The Ansible Galaxy or EDA Controller API token to use. 36 | - This value can be in one of two formats. 37 | - A string which is the token itself. (i.e. bqV5txm97wqJqtkxlMkhQz0pKhRMMX) 38 | - A dictionary structure as returned by the eda_token module. 39 | - If value not set, will try environment variable C(EDA_API_TOKEN) 40 | type: raw 41 | validate_certs: 42 | description: 43 | - Whether to allow insecure connections to Galaxy or EDA Controller Server. 44 | - If C(no), SSL certificates will not be validated. 45 | - This should only be used on personally controlled sites using self-signed certificates. 46 | - If value not set, will try environment variable C(EDA_VERIFY_SSL) 47 | type: bool 48 | aliases: [ eda_verify_ssl ] 49 | request_timeout: 50 | description: 51 | - Specify the timeout Ansible should use in requests to the Galaxy or EDA Controller host. 52 | - Defaults to 10s, but this is handled by the shared module_utils code 53 | type: float 54 | """ 55 | -------------------------------------------------------------------------------- /roles/rulebook_activation/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Create EDA Controller Rulebook Activation 4 | - name: Add EDA Controller rulebook activation 5 | infra.eda_configuration.rulebook_activation: 6 | name: "{{ __ra_item.name }}" 7 | description: "{{ __ra_item.description | default(omit) }}" 8 | project: "{{ __ra_item.project | default(omit) }}" 9 | rulebook: "{{ __ra_item.rulebook | default(omit) }}" 10 | decision_environment: "{{ __ra_item.decision_environment | default(omit) }}" 11 | awx_token: "{{ __ra_item.awx_token | default(omit) }}" 12 | restart_policy: "{{ __ra_item.restart_policy | default(omit) }}" 13 | extra_vars: "{{ __ra_item.extra_vars | default(omit) }}" 14 | enabled: "{{ __ra_item.enabled | default(omit) }}" 15 | state: "{{ __ra_item.state | default(eda_state | default('present')) }}" 16 | eda_host: "{{ eda_host | default(eda_hostname) }}" 17 | eda_username: "{{ eda_username | default(omit) }}" 18 | eda_password: "{{ eda_password | default(omit) }}" 19 | validate_certs: "{{ eda_validate_certs | default(omit) }}" 20 | request_timeout: "{{ eda_request_timeout | default(omit) }}" 21 | loop: "{{ eda_rulebook_activations }}" 22 | loop_control: 23 | loop_var: "__ra_item" 24 | no_log: "{{ eda_configuration_rulebook_activation_secure_logging }}" 25 | async: 1000 26 | poll: 0 27 | register: __rulebook_activations_job_async 28 | changed_when: not __rulebook_activations_job_async.changed 29 | vars: 30 | ansible_async_dir: '{{ eda_configuration_async_dir }}' 31 | 32 | - name: "Create rulebook_activation | Wait for finish the rulebook_activation creation" 33 | ansible.builtin.async_status: 34 | jid: "{{ __rulebook_activations_job_async_result_item.ansible_job_id }}" 35 | register: __rulebook_activations_job_async_result 36 | until: __rulebook_activations_job_async_result.finished 37 | retries: "{{ eda_configuration_rulebook_activation_async_retries }}" 38 | delay: "{{ eda_configuration_rulebook_activation_async_delay }}" 39 | loop: "{{ __rulebook_activations_job_async.results }}" 40 | loop_control: 41 | loop_var: __rulebook_activations_job_async_result_item 42 | when: __rulebook_activations_job_async_result_item.ansible_job_id is defined 43 | no_log: "{{ eda_configuration_rulebook_activation_secure_logging }}" 44 | vars: 45 | ansible_async_dir: '{{ eda_configuration_async_dir }}' 46 | ... 47 | -------------------------------------------------------------------------------- /plugins/modules/project_sync.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # coding: utf-8 -*- 3 | 4 | # (c) 2023, Chris Renwick <@crenwick93> 5 | # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) 6 | 7 | from __future__ import absolute_import, division, print_function 8 | 9 | __metaclass__ = type 10 | 11 | 12 | ANSIBLE_METADATA = { 13 | "metadata_version": "1.1", 14 | "status": ["preview"], 15 | "supported_by": "community", 16 | } 17 | 18 | 19 | DOCUMENTATION = """ 20 | --- 21 | module: project_sync 22 | author: "Tom Page (@Tompage1994)" 23 | short_description: Sync a project in EDA Controller 24 | description: 25 | - Sync projects in EDA Controller 26 | options: 27 | name: 28 | description: 29 | - The name of the project. 30 | required: True 31 | type: str 32 | wait: 33 | description: 34 | - Wait for the project to finish syncing before returning. 35 | required: false 36 | default: True 37 | type: bool 38 | interval: 39 | description: 40 | - The interval to request an update from EDA Controller. 41 | required: False 42 | default: 1 43 | type: float 44 | timeout: 45 | description: 46 | - If waiting for the project to update this will abort after this 47 | amount of seconds 48 | type: int 49 | 50 | extends_documentation_fragment: infra.eda_configuration.auth 51 | """ 52 | 53 | 54 | EXAMPLES = """ 55 | - name: Create eda project 56 | infra.eda_configuration.project_sync: 57 | name: my_project 58 | wait: true 59 | interval: 5 60 | timeout: 60 61 | eda_host: eda.example.com 62 | eda_username: admin 63 | eda_password: Sup3r53cr3t 64 | 65 | """ 66 | 67 | from ..module_utils.eda_module import EDAModule 68 | 69 | 70 | def main(): 71 | # Any additional arguments that are not fields of the item can be added here 72 | argument_spec = dict( 73 | name=dict(required=True), 74 | wait=dict(default=True, type="bool"), 75 | interval=dict(default=1.0, type="float"), 76 | timeout=dict(default=None, type="int"), 77 | ) 78 | 79 | # Create a module for ourselves 80 | module = EDAModule(argument_spec=argument_spec) 81 | 82 | # Extract our parameters 83 | name = module.params.get("name") 84 | wait = module.params.get("wait") 85 | interval = module.params.get("interval") 86 | timeout = module.params.get("timeout") 87 | 88 | # Attempt to look up an existing item based on the provided data 89 | project = module.get_one("projects", name_or_id=name, key="req_url", allow_none=False) 90 | 91 | module.sync_project(project["id"], wait, interval, timeout) 92 | 93 | 94 | if __name__ == "__main__": 95 | main() 96 | -------------------------------------------------------------------------------- /changelogs/.plugin-cache.yaml: -------------------------------------------------------------------------------- 1 | objects: 2 | role: 3 | credential: 4 | description: An Ansible Role to create credentials in EDA controller. 5 | name: credential 6 | version_added: null 7 | decision_environment: 8 | description: An Ansible Role to create decision environments in EDA controller. 9 | name: decision_environment 10 | version_added: null 11 | dispatch: 12 | description: An Ansible Role to call other roles to create objects on Ansible 13 | eda. 14 | name: dispatch 15 | version_added: null 16 | project: 17 | description: An Ansible Role to create projects in EDA controller. 18 | name: project 19 | version_added: null 20 | project_sync: 21 | description: An Ansible Role to sync projects in EDA controller. 22 | name: project_sync 23 | version_added: null 24 | rulebook_activation: 25 | description: An Ansible Role to create rulebook activations in EDA controller. 26 | name: rulebook_activation 27 | version_added: null 28 | user: 29 | description: An Ansible Role to create users in EDA controller. 30 | name: user 31 | version_added: null 32 | user_token: 33 | description: An Ansible Role to create user tokens in EDA controller. 34 | name: user_token 35 | version_added: null 36 | plugins: 37 | become: {} 38 | cache: {} 39 | callback: {} 40 | cliconf: {} 41 | connection: {} 42 | filter: {} 43 | httpapi: {} 44 | inventory: {} 45 | lookup: 46 | eda_api: 47 | description: Search the API for objects 48 | name: eda_api 49 | version_added: null 50 | module: 51 | credential: 52 | description: Manage a Credential in EDA Controller 53 | name: credential 54 | namespace: '' 55 | version_added: null 56 | decision_environment: 57 | description: Manage a Decision Environment in EDA Controller 58 | name: decision_environment 59 | namespace: '' 60 | version_added: null 61 | project: 62 | description: Manage a project in EDA Controller 63 | name: project 64 | namespace: '' 65 | version_added: null 66 | project_sync: 67 | description: Sync a project in EDA Controller 68 | name: project_sync 69 | namespace: '' 70 | version_added: null 71 | rulebook_activation: 72 | description: Manage a rulebook_activation in EDA Controller 73 | name: rulebook_activation 74 | namespace: '' 75 | version_added: null 76 | user: 77 | description: Manage a user in EDA Controller 78 | name: user 79 | namespace: '' 80 | version_added: null 81 | user_token: 82 | description: Manage the user tokens of the current user in EDA Controller 83 | name: user_token 84 | namespace: '' 85 | version_added: null 86 | netconf: {} 87 | shell: {} 88 | strategy: {} 89 | test: {} 90 | vars: {} 91 | version: 1.1.0 92 | -------------------------------------------------------------------------------- /roles/user/meta/argument_specs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | argument_specs: 3 | main: 4 | short_description: An Ansible Role to create users in EDA controller. 5 | options: 6 | eda_users: 7 | default: [] 8 | required: false 9 | description: Data structure describing your users to manage. 10 | type: list 11 | elements: dict 12 | 13 | # Async variables 14 | eda_configuration_user_async_retries: 15 | default: "{{ eda_configuration_async_retries | default(50) }}" 16 | required: false 17 | description: This variable sets the number of retries to attempt for the role. 18 | eda_configuration_async_retries: 19 | default: 50 20 | required: false 21 | description: This variable sets number of retries across all roles as a default. 22 | eda_configuration_user_async_delay: 23 | default: "{{ eda_configuration_async_delay | default(1) }}" 24 | required: false 25 | description: This variable sets delay between retries for the role. 26 | eda_configuration_async_delay: 27 | default: 1 28 | required: false 29 | description: This variable sets delay between retries across all roles as a default. 30 | eda_configuration_async_dir: 31 | default: null 32 | required: false 33 | description: Sets the directory to write the results file for async tasks. The default value is set to `null` which uses the Ansible Default of `/root/.ansible_async/`. 34 | 35 | # No_log variables 36 | eda_configuration_user_secure_logging: 37 | default: "{{ eda_configuration_secure_logging | default(false) }}" 38 | required: false 39 | type: bool 40 | description: Whether or not to include the sensitive role tasks in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. 41 | eda_configuration_secure_logging: 42 | default: false 43 | required: false 44 | type: bool 45 | description: This variable enables secure logging across all roles as a default. 46 | 47 | # Generic across all roles 48 | eda_host: 49 | required: false 50 | description: URL to the EDA Controller Server. 51 | type: str 52 | eda_validate_certs: 53 | default: true 54 | required: false 55 | description: Whether or not to validate the EDA Controller Server's SSL certificate. 56 | type: str 57 | eda_request_timeout: 58 | default: 10 59 | required: false 60 | description: Specify the timeout Ansible should use in requests to the EDA Controller host. 61 | type: float 62 | eda_username: 63 | required: false 64 | description: User for authentication on EDA Controller 65 | type: str 66 | eda_password: 67 | required: false 68 | description: User's password For EDA Controller 69 | type: str 70 | ... 71 | -------------------------------------------------------------------------------- /roles/project/meta/argument_specs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | argument_specs: 3 | main: 4 | short_description: An Ansible Role to create projects in EDA controller. 5 | options: 6 | eda_projects: 7 | default: [] 8 | required: false 9 | description: Data structure describing your projects to manage. 10 | type: list 11 | elements: dict 12 | 13 | # Async variables 14 | eda_configuration_project_async_retries: 15 | default: "{{ eda_configuration_async_retries | default(50) }}" 16 | required: false 17 | description: This variable sets the number of retries to attempt for the role. 18 | eda_configuration_async_retries: 19 | default: 50 20 | required: false 21 | description: This variable sets number of retries across all roles as a default. 22 | eda_configuration_project_async_delay: 23 | default: "{{ eda_configuration_async_delay | default(1) }}" 24 | required: false 25 | description: This variable sets delay between retries for the role. 26 | eda_configuration_async_delay: 27 | default: 1 28 | required: false 29 | description: This variable sets delay between retries across all roles as a default. 30 | eda_configuration_async_dir: 31 | default: null 32 | required: false 33 | description: Sets the directory to write the results file for async tasks. The default value is set to `null` which uses the Ansible Default of `/root/.ansible_async/`. 34 | 35 | # No_log variables 36 | eda_configuration_project_secure_logging: 37 | default: "{{ eda_configuration_secure_logging | default(false) }}" 38 | required: false 39 | type: bool 40 | description: Whether or not to include the sensitive role tasks in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. 41 | eda_configuration_secure_logging: 42 | default: false 43 | required: false 44 | type: bool 45 | description: This variable enables secure logging across all roles as a default. 46 | 47 | # Generic across all roles 48 | eda_host: 49 | required: false 50 | description: URL to the EDA Controller Server. 51 | type: str 52 | eda_validate_certs: 53 | default: true 54 | required: false 55 | description: Whether or not to validate the EDA Controller Server's SSL certificate. 56 | type: str 57 | eda_request_timeout: 58 | default: 10 59 | required: false 60 | description: Specify the timeout Ansible should use in requests to the EDA Controller host. 61 | type: float 62 | eda_username: 63 | required: false 64 | description: User for authentication on EDA Controller 65 | type: str 66 | eda_password: 67 | required: false 68 | description: User's password For EDA Controller 69 | type: str 70 | ... 71 | -------------------------------------------------------------------------------- /roles/credential/meta/argument_specs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | argument_specs: 3 | main: 4 | short_description: An Ansible Role to create credentials in EDA controller. 5 | options: 6 | eda_credentials: 7 | default: [] 8 | required: false 9 | description: Data structure describing your credentials to manage. 10 | type: list 11 | elements: dict 12 | 13 | # Async variables 14 | eda_configuration_credential_async_retries: 15 | default: "{{ eda_configuration_async_retries | default(50) }}" 16 | required: false 17 | description: This variable sets the number of retries to attempt for the role. 18 | eda_configuration_async_retries: 19 | default: 50 20 | required: false 21 | description: This variable sets number of retries across all roles as a default. 22 | eda_configuration_credential_async_delay: 23 | default: "{{ eda_configuration_async_delay | default(1) }}" 24 | required: false 25 | description: This variable sets delay between retries for the role. 26 | eda_configuration_async_delay: 27 | default: 1 28 | required: false 29 | description: This variable sets delay between retries across all roles as a default. 30 | eda_configuration_async_dir: 31 | default: null 32 | required: false 33 | description: Sets the directory to write the results file for async tasks. The default value is set to `null` which uses the Ansible Default of `/root/.ansible_async/`. 34 | 35 | # No_log variables 36 | eda_configuration_credential_secure_logging: 37 | default: "{{ eda_configuration_secure_logging | default(true) }}" 38 | required: false 39 | type: bool 40 | description: Whether or not to include the sensitive role tasks in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. 41 | eda_configuration_secure_logging: 42 | default: false 43 | required: false 44 | type: bool 45 | description: This variable enables secure logging across all roles as a default. 46 | 47 | # Generic across all roles 48 | eda_host: 49 | required: false 50 | description: URL to the EDA Controller Server. 51 | type: str 52 | eda_validate_certs: 53 | default: true 54 | required: false 55 | description: Whether or not to validate the EDA Controller Server's SSL certificate. 56 | type: str 57 | eda_request_timeout: 58 | default: 10 59 | required: false 60 | description: Specify the timeout Ansible should use in requests to the EDA Controller host. 61 | type: float 62 | eda_username: 63 | required: false 64 | description: User for authentication on EDA Controller 65 | type: str 66 | eda_password: 67 | required: false 68 | description: User's password For EDA Controller 69 | type: str 70 | ... 71 | -------------------------------------------------------------------------------- /roles/user_token/meta/argument_specs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | argument_specs: 3 | main: 4 | short_description: An Ansible Role to create user tokens in EDA controller. 5 | options: 6 | eda_user_tokens: 7 | default: [] 8 | required: false 9 | description: Data structure describing your user tokens to manage. 10 | type: list 11 | elements: dict 12 | 13 | # Async variables 14 | eda_configuration_user_token_async_retries: 15 | default: "{{ eda_configuration_async_retries | default(50) }}" 16 | required: false 17 | description: This variable sets the number of retries to attempt for the role. 18 | eda_configuration_async_retries: 19 | default: 50 20 | required: false 21 | description: This variable sets number of retries across all roles as a default. 22 | eda_configuration_user_token_async_delay: 23 | default: "{{ eda_configuration_async_delay | default(1) }}" 24 | required: false 25 | description: This variable sets delay between retries for the role. 26 | eda_configuration_async_delay: 27 | default: 1 28 | required: false 29 | description: This variable sets delay between retries across all roles as a default. 30 | eda_configuration_async_dir: 31 | default: null 32 | required: false 33 | description: Sets the directory to write the results file for async tasks. The default value is set to `null` which uses the Ansible Default of `/root/.ansible_async/`. 34 | 35 | # No_log variables 36 | eda_configuration_user_token_secure_logging: 37 | default: "{{ eda_configuration_secure_logging | default(false) }}" 38 | required: false 39 | type: bool 40 | description: Whether or not to include the sensitive role tasks in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. 41 | eda_configuration_secure_logging: 42 | default: false 43 | required: false 44 | type: bool 45 | description: This variable enables secure logging across all roles as a default. 46 | 47 | # Generic across all roles 48 | eda_host: 49 | required: false 50 | description: URL to the EDA Controller Server. 51 | type: str 52 | eda_validate_certs: 53 | default: true 54 | required: false 55 | description: Whether or not to validate the EDA Controller Server's SSL certificate. 56 | type: str 57 | eda_request_timeout: 58 | default: 10 59 | required: false 60 | description: Specify the timeout Ansible should use in requests to the EDA Controller host. 61 | type: float 62 | eda_username: 63 | required: false 64 | description: User for authentication on EDA Controller 65 | type: str 66 | eda_password: 67 | required: false 68 | description: User's password For EDA Controller 69 | type: str 70 | ... 71 | -------------------------------------------------------------------------------- /roles/project_sync/meta/argument_specs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | argument_specs: 3 | main: 4 | short_description: An Ansible Role to sync projects in EDA controller. 5 | options: 6 | eda_projects: 7 | default: [] 8 | required: false 9 | description: Data structure describing your projects to manage. If the sync option is set then the project will be synced 10 | type: list 11 | elements: dict 12 | 13 | # Async variables 14 | eda_configuration_project_sync_async_retries: 15 | default: "{{ eda_configuration_async_retries | default(50) }}" 16 | required: false 17 | description: This variable sets the number of retries to attempt for the role. 18 | eda_configuration_async_retries: 19 | default: 50 20 | required: false 21 | description: This variable sets number of retries across all roles as a default. 22 | eda_configuration_project_sync_async_delay: 23 | default: "{{ eda_configuration_async_delay | default(1) }}" 24 | required: false 25 | description: This variable sets delay between retries for the role. 26 | eda_configuration_async_delay: 27 | default: 1 28 | required: false 29 | description: This variable sets delay between retries across all roles as a default. 30 | eda_configuration_async_dir: 31 | default: null 32 | required: false 33 | description: Sets the directory to write the results file for async tasks. The default value is set to `null` which uses the Ansible Default of `/root/.ansible_async/`. 34 | 35 | # No_log variables 36 | eda_configuration_project_secure_logging: 37 | default: "{{ eda_configuration_secure_logging | default(false) }}" 38 | required: false 39 | type: bool 40 | description: Whether or not to include the sensitive role tasks in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. 41 | eda_configuration_secure_logging: 42 | default: false 43 | required: false 44 | type: bool 45 | description: This variable enables secure logging across all roles as a default. 46 | 47 | # Generic across all roles 48 | eda_host: 49 | required: false 50 | description: URL to the EDA Controller Server. 51 | type: str 52 | eda_validate_certs: 53 | default: true 54 | required: false 55 | description: Whether or not to validate the EDA Controller Server's SSL certificate. 56 | type: str 57 | eda_request_timeout: 58 | default: 10 59 | required: false 60 | description: Specify the timeout Ansible should use in requests to the EDA Controller host. 61 | type: float 62 | eda_username: 63 | required: false 64 | description: User for authentication on EDA Controller 65 | type: str 66 | eda_password: 67 | required: false 68 | description: User's password For EDA Controller 69 | type: str 70 | ... 71 | -------------------------------------------------------------------------------- /roles/rulebook_activation/meta/argument_specs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | argument_specs: 3 | main: 4 | short_description: An Ansible Role to create rulebook activations in EDA controller. 5 | options: 6 | eda_rulebook_activations: 7 | default: [] 8 | required: false 9 | description: Data structure describing your rulebook activations to manage. 10 | type: list 11 | elements: dict 12 | 13 | # Async variables 14 | eda_configuration_rulebook_activation_async_retries: 15 | default: "{{ eda_configuration_async_retries | default(50) }}" 16 | required: false 17 | description: This variable sets the number of retries to attempt for the role. 18 | eda_configuration_async_retries: 19 | default: 50 20 | required: false 21 | description: This variable sets number of retries across all roles as a default. 22 | eda_configuration_rulebook_activation_async_delay: 23 | default: "{{ eda_configuration_async_delay | default(1) }}" 24 | required: false 25 | description: This variable sets delay between retries for the role. 26 | eda_configuration_async_delay: 27 | default: 1 28 | required: false 29 | description: This variable sets delay between retries across all roles as a default. 30 | eda_configuration_async_dir: 31 | default: null 32 | required: false 33 | description: Sets the directory to write the results file for async tasks. The default value is set to `null` which uses the Ansible Default of `/root/.ansible_async/`. 34 | 35 | # No_log variables 36 | eda_configuration_rulebook_activation_secure_logging: 37 | default: "{{ eda_configuration_secure_logging | default(false) }}" 38 | required: false 39 | type: bool 40 | description: Whether or not to include the sensitive role tasks in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. 41 | eda_configuration_secure_logging: 42 | default: false 43 | required: false 44 | type: bool 45 | description: This variable enables secure logging across all roles as a default. 46 | 47 | # Generic across all roles 48 | eda_host: 49 | required: false 50 | description: URL to the EDA Controller Server. 51 | type: str 52 | eda_validate_certs: 53 | default: true 54 | required: false 55 | description: Whether or not to validate the EDA Controller Server's SSL certificate. 56 | type: str 57 | eda_request_timeout: 58 | default: 10 59 | required: false 60 | description: Specify the timeout Ansible should use in requests to the EDA Controller host. 61 | type: float 62 | eda_username: 63 | required: false 64 | description: User for authentication on EDA Controller 65 | type: str 66 | eda_password: 67 | required: false 68 | description: User's password For EDA Controller 69 | type: str 70 | ... 71 | -------------------------------------------------------------------------------- /roles/decision_environment/meta/argument_specs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | argument_specs: 3 | main: 4 | short_description: An Ansible Role to create decision environments in EDA controller. 5 | options: 6 | eda_decision_environments: 7 | default: [] 8 | required: false 9 | description: Data structure describing your decision environments to manage. 10 | type: list 11 | elements: dict 12 | 13 | # Async variables 14 | eda_configuration_decision_environment_async_retries: 15 | default: "{{ eda_configuration_async_retries | default(50) }}" 16 | required: false 17 | description: This variable sets the number of retries to attempt for the role. 18 | eda_configuration_async_retries: 19 | default: 50 20 | required: false 21 | description: This variable sets number of retries across all roles as a default. 22 | eda_configuration_decision_environment_async_delay: 23 | default: "{{ eda_configuration_async_delay | default(1) }}" 24 | required: false 25 | description: This variable sets delay between retries for the role. 26 | eda_configuration_async_delay: 27 | default: 1 28 | required: false 29 | description: This variable sets delay between retries across all roles as a default. 30 | eda_configuration_async_dir: 31 | default: null 32 | required: false 33 | description: Sets the directory to write the results file for async tasks. The default value is set to `null` which uses the Ansible Default of `/root/.ansible_async/`. 34 | 35 | # No_log variables 36 | eda_configuration_decision_environment_secure_logging: 37 | default: "{{ eda_configuration_secure_logging | default(false) }}" 38 | required: false 39 | type: bool 40 | description: Whether or not to include the sensitive role tasks in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. 41 | eda_configuration_secure_logging: 42 | default: false 43 | required: false 44 | type: bool 45 | description: This variable enables secure logging across all roles as a default. 46 | 47 | # Generic across all roles 48 | eda_host: 49 | required: false 50 | description: URL to the EDA Controller Server. 51 | type: str 52 | eda_validate_certs: 53 | default: true 54 | required: false 55 | description: Whether or not to validate the EDA Controller Server's SSL certificate. 56 | type: str 57 | eda_request_timeout: 58 | default: 10 59 | required: false 60 | description: Specify the timeout Ansible should use in requests to the EDA Controller host. 61 | type: float 62 | eda_username: 63 | required: false 64 | description: User for authentication on EDA Controller 65 | type: str 66 | eda_password: 67 | required: false 68 | description: User's password For EDA Controller 69 | type: str 70 | ... 71 | -------------------------------------------------------------------------------- /roles/dispatch/meta/argument_specs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | argument_specs: 3 | main: 4 | short_description: An Ansible Role to call other roles to create objects on Ansible eda. 5 | options: 6 | eda_configuration_dispatcher_roles: 7 | default: 8 | - {role: user, var: eda_users, tags: user} 9 | - {role: credential, var: eda_credentials, tags: credential} 10 | - {role: user_token, var: eda_user_tokens, tags: user_token} 11 | - {role: project, var: eda_projects, tags: project} 12 | - {role: project_sync, var: eda_projects, tags: project_sync} 13 | - {role: decision_environment, var: eda_decision_environments, tags: decision_environment} 14 | - {role: rulebook_activation, var: eda_rulebook_activations, tags: rulebook_activation} 15 | required: false 16 | description: List of roles, variables and tags to run through 17 | type: list 18 | elements: dict 19 | options: 20 | role: 21 | required: true 22 | description: Name of role from this collection to call 23 | type: str 24 | var: 25 | required: true 26 | description: Name of variable to be passed to the role 27 | type: str 28 | tags: 29 | required: false 30 | description: Tags to be applied to the role so tagging can be used to run only part of a playbook 31 | 32 | 33 | # Async variables 34 | eda_configuration_async_retries: 35 | default: 30 36 | required: false 37 | description: This variable sets number of retries across all roles as a default. 38 | eda_configuration_async_delay: 39 | default: 1 40 | required: false 41 | description: This variable sets delay between retries across all roles as a default. 42 | 43 | 44 | # No_log variables 45 | eda_configuration_secure_logging: 46 | default: false 47 | required: false 48 | type: bool 49 | description: This variable enables secure logging across all roles as a default. 50 | 51 | # Generic across all roles 52 | eda_state: 53 | default: present 54 | required: false 55 | description: The state all objects will take unless overridden by object default 56 | type: str 57 | eda_hostname: 58 | default: None 59 | required: false 60 | description: URL to the Ansible EDA Server. 61 | type: str 62 | eda_validate_certs: 63 | default: true 64 | required: false 65 | description: Whether or not to validate the Ansible EDA Server's SSL certificate. 66 | type: str 67 | eda_username: 68 | default: None 69 | required: false 70 | description: Admin User on the Ansible EDA Server. Either username / password or oauthtoken need to be specified. 71 | type: str 72 | eda_password: 73 | default: None 74 | required: false 75 | description: eda Admin User's password on the Ansible EDA Server. This should be stored in an Ansible Vault at vars/eda-secrets.yml or elsewhere and called from a parent playbook. 76 | type: str 77 | ... 78 | -------------------------------------------------------------------------------- /plugins/modules/user_token.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # coding: utf-8 -*- 3 | 4 | # (c) 2024, Derek Waters <@derekwaters> 5 | # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) 6 | 7 | from __future__ import absolute_import, division, print_function 8 | 9 | __metaclass__ = type 10 | 11 | 12 | ANSIBLE_METADATA = { 13 | "metadata_version": "1.1", 14 | "status": ["preview"], 15 | "supported_by": "community", 16 | } 17 | 18 | 19 | DOCUMENTATION = """ 20 | --- 21 | module: user_token 22 | author: "Derek Waters (@derekwaters)" 23 | short_description: Manage the user tokens of the current user in EDA Controller 24 | description: 25 | - Create, update and delete user tokens in EDA Controller 26 | options: 27 | name: 28 | description: 29 | - The name of the token. 30 | required: True 31 | type: str 32 | new_name: 33 | description: 34 | - Setting this option will change the existing name (looked up via the name field). 35 | type: str 36 | description: 37 | description: 38 | - The description of the token. 39 | required: False 40 | type: str 41 | token: 42 | description: 43 | - The token data to set for the user. 44 | required: True 45 | type: str 46 | 47 | extends_documentation_fragment: infra.eda_configuration.auth 48 | """ 49 | 50 | 51 | EXAMPLES = """ 52 | - name: Create eda user token 53 | infra.eda_configuration.user_token: 54 | name: my_user_token 55 | description: my user token for accessing AAP 56 | token: SOMETOKENDATA 57 | eda_host: eda.example.com 58 | eda_username: admin 59 | eda_password: Sup3r53cr3t 60 | 61 | """ 62 | 63 | from ..module_utils.eda_module import EDAModule 64 | 65 | 66 | def main(): 67 | # Any additional arguments that are not fields of the item can be added here 68 | argument_spec = dict( 69 | name=dict(required=True), 70 | new_name=dict(), 71 | description=dict(), 72 | token=dict(required=True, no_log=True), 73 | ) 74 | 75 | # Create a module for ourselves 76 | module = EDAModule(argument_spec=argument_spec) 77 | 78 | # Extract our parameters 79 | name = module.params.get("name") 80 | new_name = module.params.get("new_name") 81 | 82 | new_fields = {} 83 | 84 | # There is no way (that I can find) to search for an existing token 85 | # based on name. This module can only attempt to create new tokens 86 | # and fail safe if the token already exists (there is no way to patch 87 | # an existing token) 88 | 89 | # Create the data that gets sent for create and update 90 | # Remove these two comments for final 91 | # Check that Links and groups works with this. 92 | new_fields["name"] = new_name if new_name else name 93 | for field_name in ( 94 | "description", 95 | "token", 96 | ): 97 | field_val = module.params.get(field_name) 98 | if field_val is not None: 99 | new_fields[field_name] = field_val 100 | 101 | module.create_if_needed( 102 | None, 103 | new_fields, 104 | endpoint="users/me/awx-tokens", 105 | item_type="awx-tokens", 106 | treat_conflict_as_unchanged=True 107 | ) 108 | 109 | 110 | if __name__ == "__main__": 111 | main() 112 | -------------------------------------------------------------------------------- /.github/workflows/ci_standalone_versioned.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Test roles and modules with galaxy_ng 3 | 4 | on: 5 | workflow_call: 6 | inputs: 7 | eda_server_version: 8 | description: The version to pull of galaxy_ng 9 | required: true 10 | type: string 11 | gh_ref: 12 | description: The ref in the repository to pull 13 | required: false 14 | default: devel 15 | type: string 16 | 17 | env: 18 | EDA_IMAGE: quay.io/ansible/eda-server:sha-${{ inputs.eda_server_version }} # If we transfer back to branches/tags then this needs updating to match the branch 19 | 20 | jobs: 21 | 22 | integration: 23 | runs-on: ubuntu-latest 24 | steps: 25 | - uses: actions/checkout@v2 26 | with: 27 | ref: ${{ inputs.gh_ref }} 28 | 29 | - name: "Checkout eda-server" 30 | uses: actions/checkout@v2 31 | with: 32 | repository: ansible/eda-server 33 | path: eda-server 34 | ref: ${{ inputs.eda_server_version }} 35 | 36 | - uses: actions/setup-python@v2 37 | with: 38 | python-version: "3.8" 39 | 40 | - name: Update apt 41 | run: sudo apt -y update 42 | 43 | - name: Install docker-compose 44 | run: sudo curl -SL https://github.com/docker/compose/releases/download/v2.20.3/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose && sudo chmod +x /usr/local/bin/docker-compose 45 | 46 | - name: collect system info 47 | run: whoami; id; pwd; ls -al; uname -a ; df -h .; mount ; cat /etc/issue; docker --version ; ps aux | fgrep -i docker; ls -al /var/run/containerd/containerd.sock 48 | 49 | # We might also want to spin up an AWX later here and set EDA_CONTROLLER_URL and EDA_CONTROLLER_SSL_VERIFY for integration testing but for now we can skip. 50 | 51 | # We should also consider setting EDA_IMAGE_URL and EDA_UI_IMAGE_URL from the eda_server_version once images are properly tagged. We may not need to pull a different version of the repo but instead just point at a different image. 52 | 53 | - name: Pull Images 54 | working-directory: eda-server/tools/docker 55 | run: docker compose -p eda -f docker-compose-stage.yaml pull 56 | 57 | - name: Start stack 58 | working-directory: eda-server/tools/docker 59 | run: | 60 | docker-compose -p eda -f docker-compose-stage.yaml up -d 61 | while ! curl -s http://localhost:8000/_healthz | grep -q "OK"; do 62 | echo "Waiting for API to be ready..." 63 | sleep 1 64 | done 65 | 66 | - name: Move ansible.cfg to root 67 | run: mv .github/files/ansible.cfg . 68 | 69 | - name: Build and install the collection 70 | id: build 71 | uses: redhat-cop/ansible_collections_tooling/actions/build_ansible_collection@main 72 | with: 73 | collection_namespace: infra 74 | collection_name: eda_configuration 75 | collection_version: 0.0.1 76 | collection_repo: https://github.com/redhat-cop/eda_configuration 77 | 78 | - name: "Verify collection installed" 79 | run: | 80 | ansible-galaxy collection list infra.eda_configuration 81 | ansible-doc --list infra.eda_configuration 82 | ansible-doc --list infra.eda_configuration -t lookup 83 | 84 | - name: "Perform playbook collection tests" 85 | run: ansible-playbook tests/playbooks/testing_collections_playbook.yml -v -e eda_server_version=${{ inputs.eda_server_version }} -e git_repo_name=${{ github.event.repository.name }} 86 | -------------------------------------------------------------------------------- /.github/CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # How to Contribute 2 | 3 | We welcome contributions from the community. Here are a few ways you can help us improve. 4 | 5 | ## Open an Issue 6 | 7 | If you see something you'd like changed, but aren't sure how to change it, submit an issue describing what you'd like to see. 8 | 9 | ## Working Locally 10 | 11 | Python's pre-commit tool can be installed, and hooks installed, to cleanup whitespace, newlines, and run yamllint and ansible-lint against your local changes before committing. This will help you avoid failures in the github workflows. 12 | 13 | 1. Create a local virtual environment for galaxy_configurations (suggested, its your system!) 14 | 2. Use pip to install pre-commit in your environment of choice: `pip install pre-commit` 15 | 3. Install pre-commit hooks with `pre-commit install --install-hooks -c .github/workflow-config/.pre-commit-config.yml` 16 | 4. With hooks installed, they will be run automatically when you call `git commit`, blocking commit if any hooks fail. 17 | 5. [Optional] If you want to ignore hook failures and commit anyway, use `git commit -n` 18 | 6. [Optional] Run pre-commit checks at any time with `pre-commit run --all -c .github/workflow-config/.pre-commit-config.yml`. 19 | 20 | Please see pre-commit documentation for further explanation: [Pre-commit](https://pre-commit.com/) 21 | 22 | ## Submit a Pull Request 23 | 24 | If you feel like getting your hands dirty, feel free to make the change yourself. Here's how: 25 | 26 | 1. Fork the repo on Github, and then clone it locally. 27 | 2. Create a branch named appropriately for the change you are going to make. 28 | 3. Make your code change. 29 | 4. If you are creating a new role, please add a test for it in our [testing playbooks.](https://github.com/redhat-cop/eda_configuration/blob/devel/tests/playbooks/) by adding a new role entry and adding the appropriate yaml file with test data in the eda_configs directory. 30 | 5. Add a changelog fragment in `changelogs/fragments` as per 31 | 6. Push your code change up to your forked repo. 32 | 7. Open a Pull Request to merge your changes to this repo. The comment box will be filled in automatically via a template. 33 | 8. All Pull Requests will be subject to Ansible and Yaml Linting checks. Please make sure that your code complies and fix any warnings that arise. These are checks that appear at the bottom of your Pull Request. 34 | 9. All Pull requests are subject to Testing against being used in eda controller As above there is a check at the bottom of your pull request for this named integration. 35 | 36 | See [Using Pull Requests](https://help.github.com/articles/using-pull-requests/) got more information on how to use GitHub PRs. 37 | 38 | For an in depth guide on how to contribute see [this article](https://opensource.com/article/19/7/create-pull-request-github) 39 | 40 | Note that we follow the [Automation Good Practices](https://redhat-cop.github.io/automation-good-practices) and so are you expected to do. 41 | 42 | Try our Matrix room [#aap_config_as_code:ansible.com](https://matrix.to/#/#aap_config_as_code:ansible.com). 43 | 44 | For the full list of Ansible IRC and Mailing list, please see the 45 | [Ansible Communication] page. 46 | Release announcements will be made to the [Ansible Announce] list. 47 | 48 | Possible security bugs should be reported via email 49 | to . 50 | 51 | ## Code of Conduct 52 | 53 | As with all Ansible projects, we have a [Code of Conduct]. 54 | 55 | [ansible announce](https://groups.google.com/forum/#!forum/ansible-announce) 56 | [ansible communication](https://docs.ansible.com/ansible/latest/community/communication.html) 57 | [code of conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html) 58 | [creating your fork on github](https://guides.github.com/activities/forking/) 59 | [supported ansible versions](https://docs.ansible.com/ansible-core/devel/reference_appendices/release_and_maintenance.html#ansible-core-release-cycle) 60 | -------------------------------------------------------------------------------- /roles/dispatch/README.md: -------------------------------------------------------------------------------- 1 | # infra.eda_configuration.dispatch 2 | 3 | ## Description 4 | 5 | An Ansible Role to run all roles on EDA Controller. 6 | 7 | ## Requirements 8 | 9 | None 10 | 11 | ## Variables 12 | 13 | Each role has its own variables, for information on those please see each role which this role will call. This role has one key variable `eda_configuration_dispatcher_roles` and its default value is shown below: 14 | 15 | ```yaml 16 | eda_configuration_dispatcher_roles: 17 | - {role: user, var: eda_users, tags: user} 18 | - {role: credential, var: eda_credentials, tags: credential} 19 | - {role: user_token, var: eda_user_tokens, tags: user_token} 20 | - {role: project, var: eda_projects, tags: project} 21 | - {role: project_sync, var: eda_projects, tags: project_sync} 22 | - {role: decision_environment, var: eda_decision_environments, tags: decision_environment} 23 | - {role: rulebook_activation, var: eda_rulebook_activations, tags: rulebook_activation} 24 | ``` 25 | 26 | Note that each item has three elements: 27 | 28 | - `role` which is the name of the role within infra.eda_configuration 29 | - `var` which is the variable which is used in that role. We use this to prevent the role being called if the variable is not set 30 | - `tags` the tags which are applied to the role so it is possible to apply tags to a playbook using the dispatcher with these tags. 31 | 32 | It is possible to redefine this variable with a subset of roles or with different tags. In general we suggest keeping the same structure and perhaps just using a subset. 33 | 34 | ### Authentication 35 | 36 | |Variable Name|Default Value|Required|Description|Example| 37 | |:---|:---:|:---:|:---|:---| 38 | |`eda_state`|"present"|no|The state all objects will take unless overridden by object default|'absent'| 39 | |`eda_hostname`|""|yes|URL to the EDA Server.|127.0.0.1| 40 | |`eda_validate_certs`|`True`|no|Whether or not to validate the EDA Controller Server's SSL certificate.|| 41 | |`eda_username`|""|no|Admin User on the EDA Controller Server.|| 42 | |`eda_password`|""|no|EDA Admin User's password on the EDA Controller Server. This should be stored in an Ansible Vault at vars/eda-secrets.yml or elsewhere and called from a parent playbook.|| 43 | 44 | ### Secure Logging Variables 45 | 46 | The role defaults to False as normally most projects task does not include sensitive information. 47 | Each role the dispatch role calls has a separate variable which can be turned on to enforce secure logging for that role but defaults to the value of eda_configuration_secure_logging if it is not explicitly called. This allows for secure logging to be toggled for the entire suite of configuration roles with a single variable, or for the user to selectively use it. If neither value is set then each role has a default value of true or false depending on the Red Hat COP suggestions. 48 | 49 | |Variable Name|Default Value|Required|Description| 50 | |:---:|:---:|:---:|:---:| 51 | |`eda_configuration_secure_logging`|""|no|This variable enables secure logging as well, but is shared across multiple roles, see above.| 52 | 53 | ### Asynchronous Retry Variables 54 | 55 | The following Variables set asynchronous retries for the role. 56 | If neither of the retries or delay or retries are set, they will default to their respective defaults. 57 | This allows for all items to be created, then checked that the task finishes successfully. 58 | This also speeds up the overall role. Each individual role has its own variable which can allow the individual setting of values. See each role for more the variable names. 59 | 60 | |Variable Name|Default Value|Required|Description| 61 | |:---:|:---:|:---:|:---:| 62 | |`eda_configuration_async_retries`|30|no|This variable sets the number of retries to attempt for the role globally.| 63 | |`eda_configuration_async_delay`|1|no|This sets the delay between retries for the role globally.| 64 | 65 | ## Playbook Examples 66 | 67 | ### Standard Role Usage 68 | 69 | ```yaml 70 | --- 71 | - name: Playbook to configure EDA post installation 72 | hosts: localhost 73 | connection: local 74 | pre_tasks: 75 | - name: Include vars from eda_configs directory 76 | ansible.builtin.include_vars: 77 | dir: ./yaml 78 | ignore_files: [eda_config.yml.template] 79 | extensions: ["yml"] 80 | roles: 81 | - infra.eda_configuration.dispatch 82 | ``` 83 | 84 | ## License 85 | 86 | [GPL-3.0](https://github.com/redhat-cop/eda_configuration#licensing) 87 | 88 | ## Author 89 | 90 | [Tom Page](https://github.com/Tompage1994) 91 | -------------------------------------------------------------------------------- /plugins/modules/decision_environment.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # coding: utf-8 -*- 3 | 4 | # (c) 2024, Derek Waters 5 | # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) 6 | 7 | from __future__ import absolute_import, division, print_function 8 | 9 | __metaclass__ = type 10 | 11 | 12 | ANSIBLE_METADATA = { 13 | "metadata_version": "1.1", 14 | "status": ["preview"], 15 | "supported_by": "community", 16 | } 17 | 18 | 19 | DOCUMENTATION = """ 20 | --- 21 | module: decision_environment 22 | author: "Derek Waters (@derekwaters)" 23 | short_description: Manage a Decision Environment in EDA Controller 24 | description: 25 | - Create, update and delete decision environments in EDA Controller 26 | options: 27 | name: 28 | description: 29 | - The name of the decision environment. 30 | required: True 31 | type: str 32 | new_name: 33 | description: 34 | - Setting this option will change the existing name (looked up via the name field). 35 | type: str 36 | description: 37 | description: 38 | - The description of the decision environment. 39 | required: False 40 | type: str 41 | image_url: 42 | description: 43 | - The full image location to use for the decision environment, including the container registry, image name, and version tag. 44 | required: True 45 | type: str 46 | credential: 47 | description: 48 | - The token needed to access the container registry, if required. 49 | required: False 50 | type: str 51 | state: 52 | description: 53 | - Desired state of the resource. 54 | choices: ["present", "absent"] 55 | default: "present" 56 | type: str 57 | 58 | extends_documentation_fragment: infra.eda_configuration.auth 59 | """ 60 | 61 | 62 | EXAMPLES = """ 63 | - name: Create eda decision environment 64 | infra.eda_configuration.decision_environment: 65 | name: my_de 66 | description: my awesome decision environment 67 | image_url: my-container_registry/ansible/de-minimal-8:latest 68 | credential: registry_access_token 69 | state: present 70 | eda_host: eda.example.com 71 | eda_username: admin 72 | eda_password: Sup3r53cr3t 73 | 74 | """ 75 | 76 | from ..module_utils.eda_module import EDAModule 77 | 78 | 79 | def main(): 80 | # Any additional arguments that are not fields of the item can be added here 81 | argument_spec = dict( 82 | name=dict(required=True), 83 | new_name=dict(), 84 | description=dict(), 85 | image_url=dict(required=True), 86 | credential=dict(), 87 | state=dict(choices=["present", "absent"], default="present"), 88 | ) 89 | 90 | # Create a module for ourselves 91 | module = EDAModule(argument_spec=argument_spec) 92 | 93 | # Extract our parameters 94 | name = module.params.get("name") 95 | new_name = module.params.get("new_name") 96 | state = module.params.get("state") 97 | 98 | new_fields = {} 99 | 100 | # Attempt to look up an existing item based on the provided data 101 | existing_item = module.get_one("decision-environments", name_or_id=name, key="req_url") 102 | 103 | if state == "absent": 104 | # If the state was absent we can let the module delete it if needed, the module will handle exiting from this 105 | module.delete_if_needed(existing_item, key="req_url") 106 | 107 | # Create the data that gets sent for create and update 108 | # Remove these two comments for final 109 | # Check that Links and groups works with this. 110 | new_fields["name"] = new_name if new_name else (module.get_item_name(existing_item) if existing_item else name) 111 | for field_name in ( 112 | "description", 113 | "image_url", 114 | ): 115 | field_val = module.params.get(field_name) 116 | if field_val is not None: 117 | new_fields[field_name] = field_val 118 | 119 | if module.params.get("credential") is not None: 120 | new_fields["credential_id"] = module.resolve_name_to_id("credentials", module.params.get("credential")) 121 | 122 | # If the state was present and we can let the module build or update the existing item, this will return on its own 123 | module.create_or_update_if_needed( 124 | existing_item, 125 | new_fields, 126 | endpoint="decision-environments", 127 | item_type="decision-environments", 128 | key="req_url", 129 | ) 130 | 131 | 132 | if __name__ == "__main__": 133 | main() 134 | -------------------------------------------------------------------------------- /plugins/modules/project.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # coding: utf-8 -*- 3 | 4 | # (c) 2023, Chris Renwick <@crenwick93> 5 | # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) 6 | 7 | from __future__ import absolute_import, division, print_function 8 | 9 | __metaclass__ = type 10 | 11 | 12 | ANSIBLE_METADATA = { 13 | "metadata_version": "1.1", 14 | "status": ["preview"], 15 | "supported_by": "community", 16 | } 17 | 18 | 19 | DOCUMENTATION = """ 20 | --- 21 | module: project 22 | author: "Chris Renwick (@crenwick93)" 23 | short_description: Manage a project in EDA Controller 24 | description: 25 | - Create, update and delete projects in EDA Controller 26 | options: 27 | name: 28 | description: 29 | - The name of the project. 30 | required: True 31 | type: str 32 | new_name: 33 | description: 34 | - Setting this option will change the existing name (looked up via the name field). 35 | type: str 36 | description: 37 | description: 38 | - The description of the project. 39 | required: False 40 | type: str 41 | url: 42 | description: 43 | - A URL to a remote archive, such as a Github Release or a build artifact stored in Artifactory and unpacks it into the project path for use. 44 | required: True 45 | type: str 46 | aliases: ['scm_url'] 47 | tls_validation: 48 | description: 49 | - Whether to use TLS validation against the url. 50 | type: bool 51 | default: True 52 | credential: 53 | description: 54 | - The token needed to utilize the SCM URL. 55 | required: False 56 | type: str 57 | state: 58 | description: 59 | - Desired state of the resource. 60 | choices: ["present", "absent"] 61 | default: "present" 62 | type: str 63 | 64 | extends_documentation_fragment: infra.eda_configuration.auth 65 | """ 66 | 67 | 68 | EXAMPLES = """ 69 | - name: Create eda project 70 | infra.eda_configuration.project: 71 | name: my_project 72 | description: my awesome project 73 | url: https://github.com/ansible/ansible-rulebook.git 74 | credential: test_token 75 | state: present 76 | eda_host: eda.example.com 77 | eda_username: admin 78 | eda_password: Sup3r53cr3t 79 | 80 | """ 81 | 82 | from ..module_utils.eda_module import EDAModule 83 | 84 | 85 | def main(): 86 | # Any additional arguments that are not fields of the item can be added here 87 | argument_spec = dict( 88 | name=dict(required=True), 89 | new_name=dict(), 90 | description=dict(), 91 | url=dict(required=True, aliases=["scm_url"]), 92 | tls_validation=dict(type="bool", default=True), 93 | credential=dict(), 94 | state=dict(choices=["present", "absent"], default="present"), 95 | ) 96 | 97 | # Create a module for ourselves 98 | module = EDAModule(argument_spec=argument_spec) 99 | 100 | # Extract our parameters 101 | name = module.params.get("name") 102 | new_name = module.params.get("new_name") 103 | state = module.params.get("state") 104 | 105 | new_fields = {} 106 | 107 | # Attempt to look up an existing item based on the provided data 108 | existing_item = module.get_one("projects", name_or_id=name, key="req_url") 109 | 110 | if state == "absent": 111 | # If the state was absent we can let the module delete it if needed, the module will handle exiting from this 112 | module.delete_if_needed(existing_item, key="req_url") 113 | 114 | # Create the data that gets sent for create and update 115 | # Remove these two comments for final 116 | # Check that Links and groups works with this. 117 | new_fields["name"] = new_name if new_name else (module.get_item_name(existing_item) if existing_item else name) 118 | for field_name in ( 119 | "description", 120 | "url", 121 | "tls_validation", 122 | ): 123 | field_val = module.params.get(field_name) 124 | if field_val is not None: 125 | new_fields[field_name] = field_val 126 | 127 | if module.params.get("credential") is not None: 128 | new_fields["credential_id"] = module.resolve_name_to_id("credentials", module.params.get("credential")) 129 | 130 | # If the state was present and we can let the module build or update the existing item, this will return on its own 131 | module.create_or_update_if_needed( 132 | existing_item, 133 | new_fields, 134 | endpoint="projects", 135 | item_type="projects", 136 | key="req_url", 137 | ) 138 | 139 | 140 | if __name__ == "__main__": 141 | main() 142 | -------------------------------------------------------------------------------- /roles/user_token/README.md: -------------------------------------------------------------------------------- 1 | # infra.eda_configuration.user_token 2 | 3 | ## Description 4 | 5 | An Ansible Role to create User Tokens in EDA Controller. Note that tokens may only be applied to the user account accessing the API (ie. eda_username) 6 | Note that tokens cannot be updated, only created. 7 | 8 | ## Variables 9 | 10 | |Variable Name|Default Value|Required|Description|Example| 11 | |:---:|:---:|:---:|:---:|:---:| 12 | |`eda_host`|""|yes|URL to the EDA Controller (alias: `eda_hostname`)|127.0.0.1| 13 | |`eda_username`|""|yes|Admin User on the EDA Controller || 14 | |`eda_password`|""|yes|EDA Controller Admin User's password on the EDA Controller Server. This should be stored in an Ansible Vault at vars/tower-secrets.yml or elsewhere and called from a parent playbook.|| 15 | |`eda_validate_certs`|`False`|no|Whether or not to validate the Ansible EDA Controller Server's SSL certificate.|| 16 | |`eda_request_timeout`|`10`|no|Specify the timeout Ansible should use in requests to the EDA Controller host.|| 17 | |`eda_configuration_async_dir`|`null`|no|Sets the directory to write the results file for async tasks. The default value is set to `null` which uses the Ansible Default of `/root/.ansible_async/`.|| 18 | |`eda_user_tokens`|`see below`|yes|Data structure describing your user tokens, described below.|| 19 | 20 | ### Secure Logging Variables 21 | 22 | The following Variables complement each other. 23 | If Both variables are not set, secure logging defaults to false. 24 | The role defaults to False as normally the add project task does not include sensitive information. 25 | eda_configuration_user_token_secure_logging defaults to the value of eda_configuration_secure_logging if it is not explicitly called. This allows for secure logging to be toggled for the entire suite of EDA Controller configuration roles with a single variable, or for the user to selectively use it. 26 | 27 | |Variable Name|Default Value|Required|Description| 28 | |:---:|:---:|:---:|:---:| 29 | |`eda_configuration_user_token_secure_logging`|`False`|no|Whether or not to include the sensitive Project role tasks in the log. Set this value to `True` if you will be providing your sensitive values from elsewhere.| 30 | |`eda_configuration_secure_logging`|`False`|no|This variable enables secure logging as well, but is shared across multiple roles, see above.| 31 | 32 | ### Asynchronous Retry Variables 33 | 34 | The following Variables set asynchronous retries for the role. 35 | If neither of the retries or delay or retries are set, they will default to their respective defaults. 36 | This allows for all items to be created, then checked that the task finishes successfully. 37 | This also speeds up the overall role. 38 | 39 | |Variable Name|Default Value|Required|Description| 40 | |:---:|:---:|:---:|:---:| 41 | |`eda_configuration_async_retries`|50|no|This variable sets the number of retries to attempt for the role globally.| 42 | |`eda_configuration_user_token_async_retries`|`eda_configuration_async_retries`|no|This variable sets the number of retries to attempt for the role.| 43 | |`eda_configuration_async_delay`|1|no|This sets the delay between retries for the role globally.| 44 | |`eda_configuration_user_token_async_delay`|`eda_configuration_async_delay`|no|This sets the delay between retries for the role.| 45 | 46 | ## Data Structure 47 | 48 | ### User Token Variables 49 | 50 | |Variable Name|Default Value|Required|Type|Description| 51 | |:---:|:---:|:---:|:---:|:---:| 52 | |`name`|""|yes|str|User Token name. Must be lower case containing only alphanumeric characters and underscores.| 53 | |`new_name`|""|no|str|Setting this option will change the existing name (looked up via the name field.)| 54 | |`description`|""|no|str|Description to use for the Project.| 55 | |`token`|""|yes|str|The value of the token to associate with the user.| 56 | 57 | ### Standard User Token Data Structure 58 | 59 | #### Yaml Example 60 | 61 | ```yaml 62 | --- 63 | eda_user_tokens: 64 | - name: my_default_token 65 | description: my default user token 66 | token: TOKEN_VALUE 67 | ``` 68 | 69 | ## Playbook Examples 70 | 71 | ### Standard Role Usage 72 | 73 | ```yaml 74 | --- 75 | - name: Add user token to EDA Controller 76 | hosts: localhost 77 | connection: local 78 | gather_facts: false 79 | vars: 80 | eda_validate_certs: false 81 | # Define following vars here, or in eda_configs/eda_auth.yml 82 | # eda_host: ansible-eda-web-svc-test-project.example.com 83 | # eda_token: changeme 84 | pre_tasks: 85 | - name: Include vars from eda_configs directory 86 | ansible.builtin.include_vars: 87 | dir: ./vars 88 | extensions: ["yml"] 89 | tags: 90 | - always 91 | roles: 92 | - ../../user_token 93 | ``` 94 | 95 | ## License 96 | 97 | [GPLv3+](https://github.com/redhat-cop/eda_configuration#licensing) 98 | 99 | ## Author 100 | 101 | [Derek Waters](https://github.com/derekwaters/) 102 | -------------------------------------------------------------------------------- /plugins/modules/credential.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # coding: utf-8 -*- 3 | 4 | # (c) 2024, Derek Waters 5 | # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) 6 | 7 | from __future__ import absolute_import, division, print_function 8 | 9 | __metaclass__ = type 10 | 11 | 12 | ANSIBLE_METADATA = { 13 | "metadata_version": "1.1", 14 | "status": ["preview"], 15 | "supported_by": "community", 16 | } 17 | 18 | 19 | DOCUMENTATION = """ 20 | --- 21 | module: credential 22 | author: "Derek Waters (@derekwaters)" 23 | short_description: Manage a Credential in EDA Controller 24 | description: 25 | - Create, update and delete credentials in EDA Controller 26 | options: 27 | name: 28 | description: 29 | - The name of the credential. 30 | required: True 31 | type: str 32 | new_name: 33 | description: 34 | - Setting this option will change the existing name (looked up via the name field). 35 | type: str 36 | description: 37 | description: 38 | - The description of the credential. 39 | required: False 40 | type: str 41 | username: 42 | description: 43 | - The username used to access the project repository. 44 | required: True 45 | type: str 46 | secret: 47 | description: 48 | - The secret associated with the credential (either a password or access token). 49 | required: True 50 | type: str 51 | credential_type: 52 | description: 53 | - The type of the credential. 54 | choices: ["GitHub Personal Access Token", "GitLab Personal Access Token", "Container Registry"] 55 | default: "GitHub Personal Access Token" 56 | type: str 57 | state: 58 | description: 59 | - Desired state of the resource. 60 | choices: ["present", "absent"] 61 | default: "present" 62 | type: str 63 | 64 | extends_documentation_fragment: infra.eda_configuration.auth 65 | """ 66 | 67 | 68 | EXAMPLES = """ 69 | - name: Create eda credential 70 | infra.eda_configuration.credential: 71 | name: my_credential 72 | description: my github access credential 73 | username: derekwaters 74 | secret: this_is_not_a_real_token 75 | credential_type: "GitHub Personal Access Token" 76 | state: present 77 | eda_host: eda.example.com 78 | eda_username: admin 79 | eda_password: Sup3r53cr3t 80 | 81 | """ 82 | 83 | from ..module_utils.eda_module import EDAModule 84 | 85 | 86 | def main(): 87 | # Any additional arguments that are not fields of the item can be added here 88 | argument_spec = dict( 89 | name=dict(required=True), 90 | new_name=dict(), 91 | description=dict(), 92 | username=dict(required=True), 93 | secret=dict(required=True, no_log=True), 94 | credential_type=dict(choices=["GitHub Personal Access Token", 95 | "GitLab Personal Access Token", 96 | "Container Registry"], 97 | default="GitHub Personal Access Token"), 98 | state=dict(choices=["present", "absent"], default="present"), 99 | ) 100 | 101 | # Create a module for ourselves 102 | module = EDAModule(argument_spec=argument_spec) 103 | 104 | # Extract our parameters 105 | name = module.params.get("name") 106 | new_name = module.params.get("new_name") 107 | state = module.params.get("state") 108 | 109 | new_fields = {} 110 | 111 | # Attempt to look up an existing item based on the provided data 112 | existing_item = module.get_one("credentials", name_or_id=name, key="req_url") 113 | 114 | if state == "absent": 115 | # If the state was absent we can let the module delete it if needed, the module will handle exiting from this 116 | module.delete_if_needed(existing_item, key="req_url") 117 | 118 | # Create the data that gets sent for create and update 119 | # Remove these two comments for final 120 | # Check that Links and groups works with this. 121 | new_fields["name"] = new_name if new_name else (module.get_item_name(existing_item) if existing_item else name) 122 | for field_name in ( 123 | "description", 124 | "credential_type", 125 | "username", 126 | "secret", 127 | ): 128 | field_val = module.params.get(field_name) 129 | if field_val is not None: 130 | new_fields[field_name] = field_val 131 | 132 | # If the state was present and we can let the module build or update the existing item, this will return on its own 133 | module.create_or_update_if_needed( 134 | existing_item, 135 | new_fields, 136 | endpoint="credentials", 137 | item_type="credentials", 138 | key="req_url", 139 | ) 140 | 141 | 142 | if __name__ == "__main__": 143 | main() 144 | -------------------------------------------------------------------------------- /roles/project_sync/README.md: -------------------------------------------------------------------------------- 1 | # infra.eda_configuration.project 2 | 3 | ## Description 4 | 5 | An Ansible Role to create Projects in EDA Controller. 6 | 7 | ## Variables 8 | 9 | |Variable Name|Default Value|Required|Description|Example| 10 | |:---:|:---:|:---:|:---:|:---:| 11 | |`eda_host`|""|yes|URL to the EDA Controller (alias: `eda_hostname`)|127.0.0.1| 12 | |`eda_username`|""|yes|Admin User on the EDA Controller || 13 | |`eda_password`|""|yes|EDA Controller Admin User's password on the EDA Controller Server. This should be stored in an Ansible Vault at vars/tower-secrets.yml or elsewhere and called from a parent playbook.|| 14 | |`eda_validate_certs`|`False`|no|Whether or not to validate the Ansible EDA Controller Server's SSL certificate.|| 15 | |`eda_request_timeout`|`10`|no|Specify the timeout Ansible should use in requests to the EDA Controller host.|| 16 | |`eda_configuration_async_dir`|`null`|no|Sets the directory to write the results file for async tasks. The default value is set to `null` which uses the Ansible Default of `/root/.ansible_async/`.|| 17 | |`eda_projects`|`see below`|yes|Data structure describing your projects, described below. Note that this role will only do anything if the `sync` suboption of this variable is set to true.|| 18 | 19 | ### Secure Logging Variables 20 | 21 | The following Variables compliment each other. 22 | If Both variables are not set, secure logging defaults to false. 23 | The role defaults to False as normally the add project task does not include sensitive information. 24 | eda_configuration_project_secure_logging defaults to the value of eda_configuration_secure_logging if it is not explicitly called. This allows for secure logging to be toggled for the entire suite of EDA Controller configuration roles with a single variable, or for the user to selectively use it. 25 | 26 | |Variable Name|Default Value|Required|Description| 27 | |:---:|:---:|:---:|:---:| 28 | |`eda_configuration_project_secure_logging`|`False`|no|Whether or not to include the sensitive Project role tasks in the log. Set this value to `True` if you will be providing your sensitive values from elsewhere.| 29 | |`eda_configuration_secure_logging`|`False`|no|This variable enables secure logging as well, but is shared across multiple roles, see above.| 30 | 31 | ### Asynchronous Retry Variables 32 | 33 | The following Variables set asynchronous retries for the role. 34 | If neither of the retries or delay or retries are set, they will default to their respective defaults. 35 | This allows for all items to be created, then checked that the task finishes successfully. 36 | This also speeds up the overall role. 37 | 38 | |Variable Name|Default Value|Required|Description| 39 | |:---:|:---:|:---:|:---:| 40 | |`eda_configuration_async_retries`|50|no|This variable sets the number of retries to attempt for the role globally.| 41 | |`eda_configuration_project_sync_async_retries`|`eda_configuration_async_retries`|no|This variable sets the number of retries to attempt for the role.| 42 | |`eda_configuration_async_delay`|1|no|This sets the delay between retries for the role globally.| 43 | |`eda_configuration_project_sync_async_delay`|`eda_configuration_async_delay`|no|This sets the delay between retries for the role.| 44 | 45 | ## Data Structure 46 | 47 | ### Project Variables 48 | 49 | |Variable Name|Default Value|Required|Type|Description| 50 | |:---:|:---:|:---:|:---:|:---:| 51 | |`name`|""|yes|str|Project name. Must be lower case containing only alphanumeric characters and underscores.| 52 | |`sync`|false|no|bool|Whether to sync the project. By default it will not sync unless this is set to true.| 53 | |`wait`|true|no|str|Whether to wait for the sync to complete| 54 | |`interval`|`eda_configuration_project_sync_async_delay`|no|str|The interval which the sync task will be checked for completion| 55 | |`timeout`|""|no|str|How long to wait for the sync task to complete| 56 | 57 | ### Standard Project Data Structure 58 | 59 | #### Yaml Example 60 | 61 | ```yaml 62 | --- 63 | eda_projects: 64 | - name: my_project 65 | description: my awesome project 66 | url: https://github.com/ansible/ansible-rulebook.git 67 | credential: test_token 68 | wait: true 69 | interval: 10 70 | sync: true 71 | ``` 72 | 73 | ## Playbook Examples 74 | 75 | ### Standard Role Usage 76 | 77 | ```yaml 78 | --- 79 | - name: Sync project to EDA Controller 80 | hosts: localhost 81 | connection: local 82 | gather_facts: false 83 | vars: 84 | eda_validate_certs: false 85 | # Define following vars here, or in eda_configs/eda_auth.yml 86 | # eda_host: ansible-eda-web-svc-test-project.example.com 87 | # eda_token: changeme 88 | pre_tasks: 89 | - name: Include vars from eda_configs directory 90 | ansible.builtin.include_vars: 91 | dir: ./vars 92 | extensions: ["yml"] 93 | tags: 94 | - always 95 | roles: 96 | - ../../project_sync 97 | ``` 98 | 99 | ## License 100 | 101 | [GPLv3+](https://github.com/redhat-cop/eda_configuration#licensing) 102 | 103 | ## Author 104 | 105 | [Tom Page](https://github.com/Tompage1994/) 106 | -------------------------------------------------------------------------------- /roles/credential/README.md: -------------------------------------------------------------------------------- 1 | # infra.eda_configuration.credential 2 | 3 | ## Description 4 | 5 | An Ansible Role to create Credentials in EDA Controller. 6 | 7 | ## Variables 8 | 9 | |Variable Name|Default Value|Required|Description|Example| 10 | |:---:|:---:|:---:|:---:|:---:| 11 | |`eda_host`|""|yes|URL to the EDA Controller (alias: `eda_hostname`)|127.0.0.1| 12 | |`eda_username`|""|yes|Admin User on the EDA Controller || 13 | |`eda_password`|""|yes|EDA Controller Admin User's password on the EDA Controller Server. This should be stored in an Ansible Vault at vars/tower-secrets.yml or elsewhere and called from a parent playbook.|| 14 | |`eda_validate_certs`|`False`|no|Whether or not to validate the Ansible EDA Controller Server's SSL certificate.|| 15 | |`eda_request_timeout`|`10`|no|Specify the timeout Ansible should use in requests to the EDA Controller host.|| 16 | |`eda_configuration_async_dir`|`null`|no|Sets the directory to write the results file for async tasks. The default value is set to `null` which uses the Ansible Default of `/root/.ansible_async/`.|| 17 | |`eda_credentials`|`see below`|yes|Data structure describing your credentials, described below.|| 18 | 19 | ### Secure Logging Variables 20 | 21 | The following Variables complement each other. 22 | If Both variables are not set, secure logging defaults to false. 23 | The role defaults to False as normally the add credential task does not include sensitive information. 24 | eda_configuration_credential_secure_logging defaults to the value of eda_configuration_secure_logging if it is not explicitly called. This allows for secure logging to be toggled for the entire suite of EDA Controller configuration roles with a single variable, or for the user to selectively use it. 25 | 26 | |Variable Name|Default Value|Required|Description| 27 | |:---:|:---:|:---:|:---:| 28 | |`eda_configuration_credential_secure_logging`|`True`|no|Whether or not to include the sensitive credential role tasks in the log. Set this value to `True` if you will be providing your sensitive values from elsewhere.| 29 | |`eda_configuration_secure_logging`|`False`|no|This variable enables secure logging as well, but is shared across multiple roles, see above.| 30 | 31 | ### Asynchronous Retry Variables 32 | 33 | The following Variables set asynchronous retries for the role. 34 | If neither of the retries or delay or retries are set, they will default to their respective defaults. 35 | This allows for all items to be created, then checked that the task finishes successfully. 36 | This also speeds up the overall role. 37 | 38 | |Variable Name|Default Value|Required|Description| 39 | |:---:|:---:|:---:|:---:| 40 | |`eda_configuration_async_retries`|50|no|This variable sets the number of retries to attempt for the role globally.| 41 | |`eda_configuration_credential_async_retries`|`eda_configuration_async_retries`|no|This variable sets the number of retries to attempt for the role.| 42 | |`eda_configuration_async_delay`|1|no|This sets the delay between retries for the role globally.| 43 | |`eda_configuration_credential_async_delay`|`eda_configuration_async_delay`|no|This sets the delay between retries for the role.| 44 | 45 | ## Data Structure 46 | 47 | ### Credential Variables 48 | 49 | |Variable Name|Default Value|Required|Type|Description| 50 | |:---:|:---:|:---:|:---:|:---:| 51 | |`name`|""|yes|str|Credential name. Must be lower case containing only alphanumeric characters and underscores.| 52 | |`new_name`|""|no|str|Setting this option will change the existing name (looked up via the name field.)| 53 | |`description`|""|no|str|Description to use for the credential.| 54 | |`username`|""|yes|str|The username of the credential.| 55 | |`secret`|""|yes|str|The token or password for the given username (depending upon the credential type).| 56 | |`credential_type`|"GitHub Personal Access Token"|yes|str|The type of the credential.| 57 | |`state`|`present`|no|str|Desired state of the credential.| 58 | 59 | ### Standard Credential Data Structure 60 | 61 | #### Yaml Example 62 | 63 | ```yaml 64 | --- 65 | eda_credentials: 66 | - name: my_github_user 67 | description: my GitHub Credential 68 | credential_type: 'GitHub Personal Access Token' 69 | username: githubuser 70 | secret: GITHUBTOKEN 71 | ``` 72 | 73 | ## Playbook Examples 74 | 75 | ### Standard Role Usage 76 | 77 | ```yaml 78 | --- 79 | - name: Add credential to EDA Controller 80 | hosts: localhost 81 | connection: local 82 | gather_facts: false 83 | vars: 84 | eda_validate_certs: false 85 | # Define following vars here, or in eda_configs/eda_auth.yml 86 | # eda_host: ansible-eda-web-svc-test-credential.example.com 87 | # eda_token: changeme 88 | pre_tasks: 89 | - name: Include vars from eda_configs directory 90 | ansible.builtin.include_vars: 91 | dir: ./vars 92 | extensions: ["yml"] 93 | tags: 94 | - always 95 | roles: 96 | - ../../credential 97 | ``` 98 | 99 | ## License 100 | 101 | [GPLv3+](https://github.com/redhat-cop/eda_configuration#licensing) 102 | 103 | ## Author 104 | 105 | [Derek Waters](https://github.com/derekwaters/) 106 | -------------------------------------------------------------------------------- /roles/project/README.md: -------------------------------------------------------------------------------- 1 | # infra.eda_configuration.project 2 | 3 | ## Description 4 | 5 | An Ansible Role to create Projects in EDA Controller. 6 | 7 | ## Variables 8 | 9 | |Variable Name|Default Value|Required|Description|Example| 10 | |:---:|:---:|:---:|:---:|:---:| 11 | |`eda_host`|""|yes|URL to the EDA Controller (alias: `eda_hostname`)|127.0.0.1| 12 | |`eda_username`|""|yes|Admin User on the EDA Controller || 13 | |`eda_password`|""|yes|EDA Controller Admin User's password on the EDA Controller Server. This should be stored in an Ansible Vault at vars/tower-secrets.yml or elsewhere and called from a parent playbook.|| 14 | |`eda_validate_certs`|`False`|no|Whether or not to validate the Ansible EDA Controller Server's SSL certificate.|| 15 | |`eda_request_timeout`|`10`|no|Specify the timeout Ansible should use in requests to the EDA Controller host.|| 16 | |`eda_configuration_async_dir`|`null`|no|Sets the directory to write the results file for async tasks. The default value is set to `null` which uses the Ansible Default of `/root/.ansible_async/`.|| 17 | |`eda_projects`|`see below`|yes|Data structure describing your projects, described below.|| 18 | 19 | ### Secure Logging Variables 20 | 21 | The following Variables compliment each other. 22 | If Both variables are not set, secure logging defaults to false. 23 | The role defaults to False as normally the add project task does not include sensitive information. 24 | eda_configuration_project_secure_logging defaults to the value of eda_configuration_secure_logging if it is not explicitly called. This allows for secure logging to be toggled for the entire suite of EDA Controller configuration roles with a single variable, or for the user to selectively use it. 25 | 26 | |Variable Name|Default Value|Required|Description| 27 | |:---:|:---:|:---:|:---:| 28 | |`eda_configuration_project_secure_logging`|`False`|no|Whether or not to include the sensitive Project role tasks in the log. Set this value to `True` if you will be providing your sensitive values from elsewhere.| 29 | |`eda_configuration_secure_logging`|`False`|no|This variable enables secure logging as well, but is shared across multiple roles, see above.| 30 | 31 | ### Asynchronous Retry Variables 32 | 33 | The following Variables set asynchronous retries for the role. 34 | If neither of the retries or delay or retries are set, they will default to their respective defaults. 35 | This allows for all items to be created, then checked that the task finishes successfully. 36 | This also speeds up the overall role. 37 | 38 | |Variable Name|Default Value|Required|Description| 39 | |:---:|:---:|:---:|:---:| 40 | |`eda_configuration_async_retries`|50|no|This variable sets the number of retries to attempt for the role globally.| 41 | |`eda_configuration_project_async_retries`|`eda_configuration_async_retries`|no|This variable sets the number of retries to attempt for the role.| 42 | |`eda_configuration_async_delay`|1|no|This sets the delay between retries for the role globally.| 43 | |`eda_configuration_project_async_delay`|`eda_configuration_async_delay`|no|This sets the delay between retries for the role.| 44 | 45 | ## Data Structure 46 | 47 | ### Project Variables 48 | 49 | |Variable Name|Default Value|Required|Type|Description| 50 | |:---:|:---:|:---:|:---:|:---:| 51 | |`name`|""|yes|str|Project name. Must be lower case containing only alphanumeric characters and underscores.| 52 | |`new_name`|""|no|str|Setting this option will change the existing name (looked up via the name field.)| 53 | |`description`|""|no|str|Description to use for the Project.| 54 | |`url`|""|yes|str|A URL to a remote archive, such as a Github Release or a build artifact stored in Artifactory and unpacks it into the project path for use. (Alias: scm_url)| 55 | |`tls_validation`|true|no|bool|Whether the URL should validate using TLS.| 56 | |`credential`|""|no|str|The token needed to utilize the SCM URL.| 57 | |`state`|`present`|no|str|Desired state of the project.| 58 | 59 | ### Standard Project Data Structure 60 | 61 | #### Yaml Example 62 | 63 | ```yaml 64 | --- 65 | eda_projects: 66 | - name: my_project 67 | description: my awesome project 68 | url: https://github.com/ansible/ansible-rulebook.git 69 | tls_validation: true 70 | credential: test_token 71 | ``` 72 | 73 | ## Playbook Examples 74 | 75 | ### Standard Role Usage 76 | 77 | ```yaml 78 | --- 79 | - name: Add project to EDA Controller 80 | hosts: localhost 81 | connection: local 82 | gather_facts: false 83 | vars: 84 | eda_validate_certs: false 85 | # Define following vars here, or in eda_configs/eda_auth.yml 86 | # eda_host: ansible-eda-web-svc-test-project.example.com 87 | # eda_token: changeme 88 | pre_tasks: 89 | - name: Include vars from eda_configs directory 90 | ansible.builtin.include_vars: 91 | dir: ./vars 92 | extensions: ["yml"] 93 | tags: 94 | - always 95 | roles: 96 | - ../../project 97 | ``` 98 | 99 | ## License 100 | 101 | [GPLv3+](https://github.com/redhat-cop/eda_configuration#licensing) 102 | 103 | ## Author 104 | 105 | [Chris Renwick](https://github.com/crenwick93/) 106 | -------------------------------------------------------------------------------- /roles/decision_environment/README.md: -------------------------------------------------------------------------------- 1 | # infra.eda_configuration.decision_environment 2 | 3 | ## Description 4 | 5 | An Ansible Role to create Decision Environments in EDA Controller. 6 | 7 | ## Variables 8 | 9 | |Variable Name|Default Value|Required|Description|Example| 10 | |:---:|:---:|:---:|:---:|:---:| 11 | |`eda_host`|""|yes|URL to the EDA Controller (alias: `eda_hostname`)|127.0.0.1| 12 | |`eda_username`|""|yes|Admin User on the EDA Controller || 13 | |`eda_password`|""|yes|EDA Controller Admin User's password on the EDA Controller Server. This should be stored in an Ansible Vault at vars/tower-secrets.yml or elsewhere and called from a parent playbook.|| 14 | |`eda_validate_certs`|`False`|no|Whether or not to validate the Ansible EDA Controller Server's SSL certificate.|| 15 | |`eda_request_timeout`|`10`|no|Specify the timeout Ansible should use in requests to the EDA Controller host.|| 16 | |`eda_configuration_async_dir`|`null`|no|Sets the directory to write the results file for async tasks. The default value is set to `null` which uses the Ansible Default of `/root/.ansible_async/`.|| 17 | |`eda_decision_environments`|`see below`|yes|Data structure describing your decision environments, described below.|| 18 | 19 | ### Secure Logging Variables 20 | 21 | The following Variables complement each other. 22 | If Both variables are not set, secure logging defaults to false. 23 | The role defaults to False as normally the add project task does not include sensitive information. 24 | eda_configuration_project_secure_logging defaults to the value of eda_configuration_secure_logging if it is not explicitly called. This allows for secure logging to be toggled for the entire suite of EDA Controller configuration roles with a single variable, or for the user to selectively use it. 25 | 26 | |Variable Name|Default Value|Required|Description| 27 | |:---:|:---:|:---:|:---:| 28 | |`eda_configuration_project_secure_logging`|`False`|no|Whether or not to include the sensitive Project role tasks in the log. Set this value to `True` if you will be providing your sensitive values from elsewhere.| 29 | |`eda_configuration_secure_logging`|`False`|no|This variable enables secure logging as well, but is shared across multiple roles, see above.| 30 | 31 | ### Asynchronous Retry Variables 32 | 33 | The following Variables set asynchronous retries for the role. 34 | If neither of the retries or delay or retries are set, they will default to their respective defaults. 35 | This allows for all items to be created, then checked that the task finishes successfully. 36 | This also speeds up the overall role. 37 | 38 | |Variable Name|Default Value|Required|Description| 39 | |:---:|:---:|:---:|:---:| 40 | |`eda_configuration_async_retries`|50|no|This variable sets the number of retries to attempt for the role globally.| 41 | |`eda_configuration_project_async_retries`|`eda_configuration_async_retries`|no|This variable sets the number of retries to attempt for the role.| 42 | |`eda_configuration_async_delay`|1|no|This sets the delay between retries for the role globally.| 43 | |`eda_configuration_project_async_delay`|`eda_configuration_async_delay`|no|This sets the delay between retries for the role.| 44 | 45 | ## Data Structure 46 | 47 | ### Decision Environment Variables 48 | 49 | |Variable Name|Default Value|Required|Type|Description| 50 | |:---:|:---:|:---:|:---:|:---:| 51 | |`name`|""|yes|str|Decision Environment name. Must be lower case containing only alphanumeric characters and underscores.| 52 | |`new_name`|""|no|str|Setting this option will change the existing name (looked up via the name field.)| 53 | |`description`|""|no|str|Description to use for the Project.| 54 | |`image_url`|""|yes|str|A URL to a a container image to use for the decision environment.| 55 | |`credential`|""|no|str|The credential used to access the container registry holding the image.| 56 | |`state`|`present`|no|str|Desired state of the decision environment.| 57 | 58 | ### Standard Decision Environment Data Structure 59 | 60 | #### Yaml Example 61 | 62 | ```yaml 63 | --- 64 | eda_decision_environments: 65 | - name: my_default_de 66 | description: my default decision environment 67 | image_url: "image_registry.example.com/default-de:latest" 68 | credential: my_credential 69 | ``` 70 | 71 | ## Playbook Examples 72 | 73 | ### Standard Role Usage 74 | 75 | ```yaml 76 | --- 77 | - name: Add decision environment to EDA Controller 78 | hosts: localhost 79 | connection: local 80 | gather_facts: false 81 | vars: 82 | eda_validate_certs: false 83 | # Define following vars here, or in eda_configs/eda_auth.yml 84 | # eda_host: ansible-eda-web-svc-test-project.example.com 85 | # eda_token: changeme 86 | pre_tasks: 87 | - name: Include vars from eda_configs directory 88 | ansible.builtin.include_vars: 89 | dir: ./vars 90 | extensions: ["yml"] 91 | tags: 92 | - always 93 | roles: 94 | - ../../decision_environment 95 | ``` 96 | 97 | ## License 98 | 99 | [GPLv3+](https://github.com/redhat-cop/eda_configuration#licensing) 100 | 101 | ## Author 102 | 103 | [Derek Waters](https://github.com/derekwaters/) 104 | -------------------------------------------------------------------------------- /plugins/modules/user.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # coding: utf-8 -*- 3 | 4 | # (c) 2023, Tom Page <@Tompage1994> 5 | # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) 6 | 7 | from __future__ import absolute_import, division, print_function 8 | 9 | __metaclass__ = type 10 | 11 | 12 | ANSIBLE_METADATA = { 13 | "metadata_version": "1.1", 14 | "status": ["preview"], 15 | "supported_by": "community", 16 | } 17 | 18 | 19 | DOCUMENTATION = """ 20 | --- 21 | module: user 22 | author: "Tom Page (@Tompage1994)" 23 | short_description: Manage a user in EDA Controller 24 | description: 25 | - Create, update and delete users in EDA Controller 26 | options: 27 | username: 28 | description: 29 | - Name of the user to create, remove, or modify. 30 | required: true 31 | type: str 32 | new_username: 33 | description: 34 | - Setting this option will change the existing username (looked up via the name field). 35 | type: str 36 | first_name: 37 | description: 38 | - User's first name. 39 | type: str 40 | last_name: 41 | description: 42 | - User's last name. 43 | type: str 44 | email: 45 | description: 46 | - User's email address. That address must be correctly formed. 47 | type: str 48 | password: 49 | description: 50 | - User's password as a clear string. 51 | type: str 52 | update_secrets: 53 | description: 54 | - C(true) will always change password if user specifies password. 55 | - C(false) will only set the password if other values change too. 56 | type: bool 57 | default: true 58 | roles: 59 | description: 60 | - The roles the user is provided with. 61 | - Current values are C(Viewer), C(Auditor), C(Editor), C(Contributor), C(Operator), C(Admin) 62 | type: list 63 | elements: str 64 | state: 65 | description: 66 | - Desired state of the resource. 67 | choices: ["present", "absent"] 68 | default: "present" 69 | type: str 70 | 71 | extends_documentation_fragment: infra.eda_configuration.auth 72 | """ 73 | 74 | 75 | EXAMPLES = """ 76 | - name: Create eda user 77 | infra.eda_configuration.user: 78 | username: john_smith 79 | first_name: john 80 | last_name: smith 81 | email: jsmith@example.com 82 | password: my_p455word 83 | roles: 84 | - Viewer 85 | - Auditor 86 | - Contributor 87 | state: present 88 | eda_host: eda.example.com 89 | eda_username: admin 90 | eda_password: Sup3r53cr3t 91 | 92 | """ 93 | 94 | from ..module_utils.eda_module import EDAModule 95 | 96 | 97 | def main(): 98 | # Any additional arguments that are not fields of the item can be added here 99 | argument_spec = dict( 100 | username=dict(required=True), 101 | new_username=dict(), 102 | first_name=dict(), 103 | last_name=dict(), 104 | email=dict(), 105 | password=dict(no_log=True), 106 | update_secrets=dict(type='bool', default=True, no_log=False), 107 | roles=dict(type="list", elements="str"), 108 | state=dict(choices=["present", "absent"], default="present"), 109 | ) 110 | 111 | # Create a module for ourselves 112 | module = EDAModule(argument_spec=argument_spec) 113 | 114 | # Extract our parameters 115 | username = module.params.get("username") 116 | new_username = module.params.get("new_username") 117 | state = module.params.get("state") 118 | 119 | new_fields = {} 120 | 121 | # Attempt to look up an existing item based on the provided data 122 | existing_item = module.get_one("users", name_or_id=username, key="req_url") 123 | 124 | if state == "absent": 125 | # If the state was absent we can let the module delete it if needed, the module will handle exiting from this 126 | module.delete_if_needed(existing_item, key="req_url") 127 | 128 | # Create the data that gets sent for create and update 129 | # Remove these two comments for final 130 | # Check that Links and groups works with this. 131 | new_fields["username"] = new_username if new_username else (existing_item["username"] if existing_item else username) 132 | for field_name in ( 133 | "first_name", 134 | "last_name", 135 | "email", 136 | "password", 137 | ): 138 | field_val = module.params.get(field_name) 139 | if field_val is not None: 140 | new_fields[field_name] = field_val 141 | 142 | if module.params.get("roles") is not None: 143 | roles = module.params.get("roles") 144 | new_fields["roles"] = list(map(lambda role: module.resolve_name_to_id("roles", role), roles)) 145 | 146 | # If the state was present and we can let the module build or update the existing item, this will return on its own 147 | module.create_or_update_if_needed( 148 | existing_item, 149 | new_fields, 150 | endpoint="users", 151 | item_type="users", 152 | key="req_url", 153 | ) 154 | 155 | 156 | if __name__ == "__main__": 157 | main() 158 | -------------------------------------------------------------------------------- /roles/user/README.md: -------------------------------------------------------------------------------- 1 | # infra.eda_configuration.user 2 | 3 | ## Description 4 | 5 | An Ansible Role to create users in EDA Controller. 6 | 7 | ## Variables 8 | 9 | |Variable Name|Default Value|Required|Description|Example| 10 | |:---:|:---:|:---:|:---:|:---:| 11 | |`eda_host`|""|yes|URL to the EDA Controller (alias: `eda_hostname`)|127.0.0.1| 12 | |`eda_username`|""|yes|Admin User on the EDA Controller || 13 | |`eda_password`|""|yes|EDA Controller Admin User's password on the EDA Controller Server. This should be stored in an Ansible Vault at vars/tower-secrets.yml or elsewhere and called from a parent playbook.|| 14 | |`eda_validate_certs`|`False`|no|Whether or not to validate the Ansible EDA Controller Server's SSL certificate.|| 15 | |`eda_request_timeout`|`10`|no|Specify the timeout Ansible should use in requests to the EDA Controller host.|| 16 | |`eda_configuration_async_dir`|`null`|no|Sets the directory to write the results file for async tasks. The default value is set to `null` which uses the Ansible Default of `/root/.ansible_async/`.|| 17 | |`eda_users`|`see below`|yes|Data structure describing your users, described below.|| 18 | 19 | ### Secure Logging Variables 20 | 21 | The following Variables compliment each other. 22 | If Both variables are not set, secure logging defaults to false. 23 | The role defaults to False as normally the add user task does not include sensitive information. 24 | eda_configuration_user_secure_logging defaults to the value of eda_configuration_secure_logging if it is not explicitly called. This allows for secure logging to be toggled for the entire suite of EDA Controller configuration roles with a single variable, or for the user to selectively use it. 25 | 26 | |Variable Name|Default Value|Required|Description| 27 | |:---:|:---:|:---:|:---:| 28 | |`eda_configuration_user_secure_logging`|`False`|no|Whether or not to include the sensitive user role tasks in the log. Set this value to `True` if you will be providing your sensitive values from elsewhere.| 29 | |`eda_configuration_secure_logging`|`False`|no|This variable enables secure logging as well, but is shared across multiple roles, see above.| 30 | 31 | ### Asynchronous Retry Variables 32 | 33 | The following Variables set asynchronous retries for the role. 34 | If neither of the retries or delay or retries are set, they will default to their respective defaults. 35 | This allows for all items to be created, then checked that the task finishes successfully. 36 | This also speeds up the overall role. 37 | 38 | |Variable Name|Default Value|Required|Description| 39 | |:---:|:---:|:---:|:---:| 40 | |`eda_configuration_async_retries`|50|no|This variable sets the number of retries to attempt for the role globally.| 41 | |`eda_configuration_user_async_retries`|`eda_configuration_async_retries`|no|This variable sets the number of retries to attempt for the role.| 42 | |`eda_configuration_async_delay`|1|no|This sets the delay between retries for the role globally.| 43 | |`eda_configuration_user_async_delay`|`eda_configuration_async_delay`|no|This sets the delay between retries for the role.| 44 | 45 | ## Data Structure 46 | 47 | ### user Variables 48 | 49 | |Variable Name|Default Value|Required|Type|Description| 50 | |:---:|:---:|:---:|:---:|:---:| 51 | |`username`|""|yes|str|Username. Must contain only letters, numbers, and `@.+-_` characters.| 52 | |`new_username`|""|no|str|Setting this option will change the existing username (looked up via the name field.)| 53 | |`first_name`|""|no|str|First ame of the user.| 54 | |`last_name`|""|no|str|Last name of the user.| 55 | |`email`|""|no|str|User's email address.| 56 | |`password`|""|yes|str|Password to use for the user.| 57 | |`update_secrets`|true|no|bool|Setting true will always change password if user specifies password. Password will only change if false if other fields change.| 58 | |`roles`|""|yes|list|Roles the user will have. Current acceptable values are: Viewer, Auditor, Editor, Contributor, Operator, Admin.| 59 | |`state`|`present`|no|str|Desired state of the user.| 60 | 61 | ### Standard user Data Structure 62 | 63 | #### Yaml Example 64 | 65 | ```yaml 66 | --- 67 | eda_users: 68 | - username: jane_doe 69 | first_name: Jane 70 | last_name: Doe 71 | email: jdoe@example.com 72 | password: my_password1 73 | update_secrets: false 74 | roles: 75 | - Auditor 76 | - Contributor 77 | ``` 78 | 79 | ## Playbook Examples 80 | 81 | ### Standard Role Usage 82 | 83 | ```yaml 84 | --- 85 | - name: Add user to EDA Controller 86 | hosts: localhost 87 | connection: local 88 | gather_facts: false 89 | vars: 90 | eda_validate_certs: false 91 | # Define following vars here, or in eda_configs/eda_auth.yml 92 | # eda_host: ansible-eda-web-svc-test-user.example.com 93 | # eda_token: changeme 94 | pre_tasks: 95 | - name: Include vars from eda_configs directory 96 | ansible.builtin.include_vars: 97 | dir: ./vars 98 | extensions: ["yml"] 99 | tags: 100 | - always 101 | roles: 102 | - ../../user 103 | ``` 104 | 105 | ## License 106 | 107 | [GPLv3+](https://github.com/redhat-cop/eda_configuration#licensing) 108 | 109 | ## Author 110 | 111 | [Tom Page](https://github.com/Tompage1994/) 112 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Red Hat Event Driven Ansible Controller Configuration Collection 2 | 3 | [![pre-commit tests](https://github.com/ansible/galaxy_collection/actions/workflows/pre-commit.yml/badge.svg?branch=devel)](https://github.com/ansible/galaxy_collection/actions/workflows/pre-commit.yml) 4 | ![Code style: flake8](https://img.shields.io/badge/Code%20style-flake8-orange) 5 | [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/8812/badge)](https://www.bestpractices.dev/projects/8812) 6 | 7 | 8 | This Ansible collection allows for easy interaction with an EDA Controller server via Ansible playbooks. 9 | 10 | ## Deprecation warning!!!!!!! 11 | This collection only supports EDA/AAP 2.4. For AAP 2.5+ take a look at our [new collection](https://github.com/redhat-cop/infra.aap_configuration) that allows you to manage your whole AAP configuration in one place. We will try and continue supporting this collection until AAP 2.4 support ends (currently set for 12/31/2025)[lifecycle](https://access.redhat.com/support/policy/updates/ansible-automation-platform). 12 | 13 | ## Links to Ansible Automation Platform Collections 14 | 15 | | Collection Name | Purpose | 16 | |:--------------------------------------------------------------------------------------------:|:----------------------------------------:| 17 | | [awx.awx/Ansible.controller repo](https://github.com/ansible/awx/tree/devel/awx_collection) | Automation Controller modules | 18 | | [Ansible Hub Configuration](https://github.com/ansible/galaxy_collection) | Automation Hub configuration | 19 | 20 | ## Links to other Validated Configuration Collections for Ansible Automation Platform 21 | 22 | | Collection Name | Purpose | 23 | |:------------------------------------------------------------------------------------------:|:----------------------------------------:| 24 | | [Controller Configuration](https://github.com/redhat-cop/controller_configuration) | Automation Controller configuration | 25 | | [EDA Controller Configuration](https://github.com/redhat-cop/eda_configuration) | EDA Controller configuration | 26 | | [EE Utilities](https://github.com/redhat-cop/ee_utilities) | Execution Environment creation utilities | 27 | | [AAP installation Utilities](https://github.com/redhat-cop/aap_utilities) | Ansible Automation Platform utilities | 28 | | [AAP Configuration Template](https://github.com/redhat-cop/aap_configuration_template) | Configuration Template for this suite | 29 | 30 | ## Included content 31 | 32 | Click the `Content` button to see the list of content included in this collection. 33 | 34 | ## Installing this collection 35 | 36 | You can install the ansible EDA Controller collection with the Ansible Galaxy CLI: 37 | 38 | ```bash 39 | ansible-galaxy collection install infra.eda_configuration 40 | ``` 41 | 42 | You can also include it in a `requirements.yml` file and install it with `ansible-galaxy collection install -r requirements.yml`, using the format: 43 | 44 | ```yaml 45 | --- 46 | collections: 47 | - name: infra.eda_configuration 48 | # If you need a specific version of the collection, you can specify like this: 49 | # version: ... 50 | ``` 51 | 52 | ## Using this collection 53 | 54 | You can make use of this collection by directly invoking the roles or modules using the FQCN (fully qualified collection name). 55 | 56 | In a playbook this might look like: 57 | 58 | ```yaml 59 | - name: Call Project role 60 | hosts: localhost 61 | roles: 62 | - infra.eda_configuration.projects 63 | ``` 64 | 65 | or 66 | 67 | ```yaml 68 | - name: Call Project role 69 | hosts: localhost 70 | tasks: 71 | - name: Add a project 72 | infra.eda_configuration.project: 73 | name: my_project 74 | url: https://github.com/my/project.git 75 | ``` 76 | 77 | ### See Also 78 | 79 | - [Ansible Using collections](https://docs.ansible.com/ansible/latest/user_guide/collections_using.html) for more details. 80 | 81 | ## Release and Upgrade Notes 82 | 83 | For details on changes between versions, please see [the changelog for this collection](CHANGELOG.rst). 84 | 85 | ## Roadmap 86 | 87 | Add more roles and modules for endpoints on the EDA Controller. 88 | 89 | ## Contributing to this collection 90 | 91 | We welcome community contributions to this collection. If you find problems, please open an issue or create a PR against [this repository](https://github.com/redhat-cop/eda_configuration). 92 | More information about contributing can be found in our [Contribution Guidelines.](https://github.com/redhat-cop/eda_configuration/blob/devel/.github/CONTRIBUTING.md) 93 | 94 | ## Code of Conduct 95 | 96 | This collection follows the Ansible project's 97 | [Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html). 98 | Please read and familiarize yourself with this document. 99 | 100 | ## Licensing 101 | 102 | GNU General Public License v3.0 or later. 103 | 104 | See [LICENSE](https://www.gnu.org/licenses/gpl-3.0.txt) to see the full text. 105 | -------------------------------------------------------------------------------- /roles/rulebook_activation/README.md: -------------------------------------------------------------------------------- 1 | # infra.eda_configuration.rulebook_activation 2 | 3 | ## Description 4 | 5 | An Ansible Role to create rulebook activations in EDA Controller. 6 | 7 | ## Variables 8 | 9 | |Variable Name|Default Value|Required|Description|Example| 10 | |:---:|:---:|:---:|:---:|:---:| 11 | |`eda_host`|""|yes|URL to the EDA Controller (alias: `eda_hostname`)|127.0.0.1| 12 | |`eda_username`|""|yes|Admin User on the EDA Controller || 13 | |`eda_password`|""|yes|EDA Controller Admin User's password on the EDA Controller Server. This should be stored in an Ansible Vault at vars/tower-secrets.yml or elsewhere and called from a parent playbook.|| 14 | |`eda_validate_certs`|`False`|no|Whether or not to validate the Ansible EDA Controller Server's SSL certificate.|| 15 | |`eda_request_timeout`|`10`|no|Specify the timeout Ansible should use in requests to the EDA Controller host.|| 16 | |`eda_configuration_async_dir`|`null`|no|Sets the directory to write the results file for async tasks. The default value is set to `null` which uses the Ansible Default of `/root/.ansible_async/`.|| 17 | |`eda_rulebook_activations`|`see below`|yes|Data structure describing your rulebook activations, described below.|| 18 | 19 | ### Secure Logging Variables 20 | 21 | The following Variables complement each other. 22 | If Both variables are not set, secure logging defaults to false. 23 | The role defaults to False as normally the add project task does not include sensitive information. 24 | eda_configuration_project_secure_logging defaults to the value of eda_configuration_secure_logging if it is not explicitly called. This allows for secure logging to be toggled for the entire suite of EDA Controller configuration roles with a single variable, or for the user to selectively use it. 25 | 26 | |Variable Name|Default Value|Required|Description| 27 | |:---:|:---:|:---:|:---:| 28 | |`eda_configuration_project_secure_logging`|`False`|no|Whether or not to include the sensitive Project role tasks in the log. Set this value to `True` if you will be providing your sensitive values from elsewhere.| 29 | |`eda_configuration_secure_logging`|`False`|no|This variable enables secure logging as well, but is shared across multiple roles, see above.| 30 | 31 | ### Asynchronous Retry Variables 32 | 33 | The following Variables set asynchronous retries for the role. 34 | If neither of the retries or delay or retries are set, they will default to their respective defaults. 35 | This allows for all items to be created, then checked that the task finishes successfully. 36 | This also speeds up the overall role. 37 | 38 | |Variable Name|Default Value|Required|Description| 39 | |:---:|:---:|:---:|:---:| 40 | |`eda_configuration_async_retries`|50|no|This variable sets the number of retries to attempt for the role globally.| 41 | |`eda_configuration_project_async_retries`|`eda_configuration_async_retries`|no|This variable sets the number of retries to attempt for the role.| 42 | |`eda_configuration_async_delay`|1|no|This sets the delay between retries for the role globally.| 43 | |`eda_configuration_project_async_delay`|`eda_configuration_async_delay`|no|This sets the delay between retries for the role.| 44 | 45 | ## Data Structure 46 | 47 | ### Rulebook activation Variables 48 | 49 | |Variable Name|Default Value|Required|Type|Description| 50 | |:---:|:---:|:---:|:---:|:---:| 51 | |`name`|""|yes|str|Rulebook activation name. Must be lower case containing only alphanumeric characters and underscores.| 52 | |`description`|""|no|str|Description to use for the Activation.| 53 | |`project`|""|no|str|Project to use for the Activation.| 54 | |`rulebook`|""|yes|str|rulebook to use for the Activation.| 55 | |`decision_environment`|""|yes|str|Decision_environment to use for the Activation.| 56 | |`restart_policy`|"always"|no|str|Restart_policy to use for the Activation, choice of ["always", "never", "on-failure"]| 57 | |`extra_vars`|""|no|str|Extra_vars to use for the Activation.| 58 | |`awx_token`|""|no|str|The token used to authenticate to controller.| 59 | |`enabled`|"true"|no|str|Whether the rulebook activation is automatically enabled to run.| 60 | |`state`|`present`|no|str|Desired state of the rulebook activation.| 61 | 62 | ### Standard rulebook activation Data Structure 63 | 64 | #### Yaml Example 65 | 66 | ```yaml 67 | --- 68 | eda_rulebook_activations: 69 | - name: Github Hook 70 | description: Hook to listen for changes in GitHub 71 | project: EDA_example 72 | rulebook: git-hook-deploy-rules.yml 73 | decision_environment: Automation Hub Default Decision Environment 74 | extra_vars: 75 | provider: github-local 76 | repo_url: https://github.com/ansible/ansible-rulebook.git 77 | enabled: false 78 | state: present 79 | ``` 80 | 81 | ## Playbook Examples 82 | 83 | ### Standard Role Usage 84 | 85 | ```yaml 86 | --- 87 | - name: Add rulebook activation to EDA Controller 88 | hosts: localhost 89 | connection: local 90 | gather_facts: false 91 | vars: 92 | eda_validate_certs: false 93 | # Define following vars here, or in eda_configs/eda_auth.yml 94 | # eda_host: ansible-eda-web-svc-test-project.example.com 95 | # eda_token: changeme 96 | pre_tasks: 97 | - name: Include vars from eda_configs directory 98 | ansible.builtin.include_vars: 99 | dir: ./vars 100 | extensions: ["yml"] 101 | tags: 102 | - always 103 | roles: 104 | - ../../rulebook_activation 105 | ``` 106 | 107 | ## License 108 | 109 | [GPLv3+](https://github.com/redhat-cop/eda_configuration#licensing) 110 | 111 | ## Author 112 | 113 | [Tom Page](https://github.com/Tompage1994/) 114 | -------------------------------------------------------------------------------- /plugins/lookup/eda_api.py: -------------------------------------------------------------------------------- 1 | # (c) 2020 Ansible Project 2 | # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) 3 | from __future__ import absolute_import, division, print_function 4 | 5 | __metaclass__ = type 6 | 7 | DOCUMENTATION = """ 8 | name: eda_api 9 | author: Tom Page (@Tompage1994) 10 | short_description: Search the API for objects 11 | requirements: 12 | - None 13 | description: 14 | - Returns GET requests from the EDA Controller API. 15 | options: 16 | _terms: 17 | description: 18 | - The endpoint to query, i.e. credentials, decision_environments, projects, etc. 19 | required: True 20 | query_params: 21 | description: 22 | - The query parameters to search for in the form of key/value pairs. 23 | type: dict 24 | required: False 25 | aliases: [query, data, filter, params] 26 | expect_objects: 27 | description: 28 | - Error if the response does not contain either a detail view or a list view. 29 | type: boolean 30 | default: False 31 | aliases: [expect_object] 32 | expect_one: 33 | description: 34 | - Error if the response contains more than one object. 35 | type: boolean 36 | default: False 37 | return_objects: 38 | description: 39 | - If a list view is returned, promote the list of data to the top-level of list returned. 40 | - Allows using this lookup plugin to loop over objects without additional work. 41 | type: boolean 42 | default: True 43 | return_all: 44 | description: 45 | - If the response is paginated, return all pages. 46 | type: boolean 47 | default: False 48 | return_ids: 49 | description: 50 | - If response contains objects, promote the id key to the top-level entries in the list. 51 | - Allows looking up a related object and passing it as a parameter to another module. 52 | - This will convert the return to a string or list of strings depending on the number of selected items. 53 | type: boolean 54 | aliases: [return_id] 55 | default: False 56 | max_objects: 57 | description: 58 | - if C(return_all) is true, this is the maximum of number of objects to return from the list. 59 | - If a list view returns more an max_objects an exception will be raised 60 | type: integer 61 | default: 1000 62 | extends_documentation_fragment: infra.eda_configuration.auth_plugin 63 | notes: 64 | - If the query is not filtered properly this can cause a performance impact. 65 | """ 66 | 67 | EXAMPLES = """ 68 | - name: Report the usernames of all users 69 | debug: 70 | msg: "Users: {{ query('infra.eda_configuration.eda_api', 'users', return_all=true) | map(attribute='username') | list }}" 71 | 72 | - name: List all projects which use the ansible/eda github repo 73 | debug: 74 | msg: "{{ lookup('infra.eda_configuration.eda_api', 'project', host='https://eda.example.com', username='ansible', 75 | password='Passw0rd123', verify_ssl=false, query_params={'url': 'https://github.com/ansible/event-driven-ansible.git'}) }}" 76 | """ 77 | 78 | RETURN = """ 79 | _raw: 80 | description: 81 | - Response from the API 82 | type: dict 83 | returned: on successful request 84 | """ 85 | 86 | from ansible.plugins.lookup import LookupBase 87 | from ansible.errors import AnsibleError 88 | from ansible.module_utils._text import to_native 89 | from ansible.utils.display import Display 90 | from ..module_utils.eda_module import EDAModule 91 | 92 | 93 | display = Display() 94 | 95 | 96 | class LookupModule(LookupBase): 97 | def handle_error(self, **kwargs): 98 | raise AnsibleError(to_native(kwargs.get('msg'))) 99 | 100 | def warn_callback(self, warning): 101 | self.display.warning(warning) 102 | 103 | def run(self, terms, variables=None, **kwargs): 104 | if len(terms) != 1: 105 | raise AnsibleError('You must pass exactly one endpoint to query') 106 | 107 | self.set_options(direct=kwargs) 108 | 109 | # Defer processing of params to logic shared with the modules 110 | module_params = {} 111 | for plugin_param, module_param in EDAModule.short_params.items(): 112 | opt_val = self.get_option(plugin_param) 113 | if opt_val is not None: 114 | module_params[module_param] = opt_val 115 | 116 | # Create our module 117 | module = EDAModule(argument_spec={}, direct_params=module_params, error_callback=self.handle_error, warn_callback=self.warn_callback) 118 | 119 | response = module.get_endpoint(terms[0], data=self.get_option('query_params', {})) 120 | 121 | if 'status_code' not in response: 122 | raise AnsibleError("Unclear response from API: {0}".format(response)) 123 | 124 | if response['status_code'] != 200: 125 | raise AnsibleError("Failed to query the API: {0}".format(response['json'].get('detail', response['json']))) 126 | 127 | return_data = response['json'] 128 | 129 | if self.get_option('expect_objects') or self.get_option('expect_one'): 130 | if ('id' not in return_data) and ('results' not in return_data): 131 | raise AnsibleError('Did not obtain a list or detail view at {0}, and ' 'expect_objects or expect_one is set to True'.format(terms[0])) 132 | 133 | if self.get_option('expect_one'): 134 | if 'results' in return_data and len(return_data['results']) != 1: 135 | raise AnsibleError('Expected one object from endpoint {0}, ' 'but obtained {1} from API'.format(terms[0], len(return_data['results']))) 136 | 137 | if self.get_option('return_all') and 'results' in return_data: 138 | if return_data['count'] > self.get_option('max_objects'): 139 | raise AnsibleError( 140 | 'List view at {0} returned {1} objects, which is more than the maximum allowed ' 141 | 'by max_objects, {2}'.format(terms[0], return_data['count'], self.get_option('max_objects')) 142 | ) 143 | 144 | next_page = return_data['next'] 145 | while next_page is not None: 146 | next_response = module.get_endpoint(next_page) 147 | return_data['results'] += next_response['json']['results'] 148 | next_page = next_response['json']['next'] 149 | return_data['next'] = None 150 | 151 | if self.get_option('return_ids'): 152 | if 'results' in return_data: 153 | return_data['results'] = [str(item['id']) for item in return_data['results']] 154 | elif 'id' in return_data: 155 | return_data = str(return_data['id']) 156 | 157 | if self.get_option('return_objects') and 'results' in return_data: 158 | return return_data['results'] 159 | else: 160 | return [return_data] 161 | -------------------------------------------------------------------------------- /plugins/modules/rulebook_activation.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # coding: utf-8 -*- 3 | 4 | # (c) 2023, Tom Page <@Tompage1994> 5 | # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) 6 | 7 | from __future__ import absolute_import, division, print_function 8 | 9 | __metaclass__ = type 10 | 11 | 12 | ANSIBLE_METADATA = { 13 | "metadata_version": "1.1", 14 | "status": ["preview"], 15 | "supported_by": "community", 16 | } 17 | 18 | 19 | DOCUMENTATION = """ 20 | --- 21 | module: rulebook_activation 22 | author: "Tom Page (@Tompage1994)" 23 | short_description: Manage a rulebook_activation in EDA Controller 24 | description: 25 | - Create, enable, disable and delete rulebook activations in EDA Controller 26 | options: 27 | name: 28 | description: 29 | - The name of the rulebook activation. 30 | required: True 31 | type: str 32 | description: 33 | description: 34 | - The description of the rulebook_activation. 35 | required: False 36 | type: str 37 | project: 38 | description: 39 | - The project from which the rulebook is found. 40 | required: False 41 | type: str 42 | rulebook: 43 | description: 44 | - The name of the rulebook to activate. 45 | required: True 46 | type: str 47 | decision_environment: 48 | description: 49 | - The decision environment to be used. 50 | required: True 51 | type: str 52 | restart_policy: 53 | description: 54 | - The policy used to determine whether to restart a rulebook. 55 | required: False 56 | choices: ["always", "never", "on-failure"] 57 | default: "always" 58 | type: str 59 | extra_vars: 60 | description: 61 | - Specify C(extra_vars) for the template. 62 | required: False 63 | type: dict 64 | awx_token: 65 | description: 66 | - The token used to authenticate to controller. 67 | required: False 68 | type: str 69 | enabled: 70 | description: 71 | - Whether the rulebook activation is automatically enabled to run. 72 | default: true 73 | type: bool 74 | state: 75 | description: 76 | - Desired state of the resource. 77 | choices: ["present", "absent", "restarted"] 78 | default: "present" 79 | type: str 80 | 81 | extends_documentation_fragment: infra.eda_configuration.auth 82 | """ 83 | 84 | 85 | EXAMPLES = """ 86 | - name: Create eda rulebook activation 87 | infra.eda_configuration.rulebook_activation: 88 | name: Github Hook 89 | description: Hook to listen for changes in GitHub 90 | project: eda_examples 91 | rulebook: git-hook-deploy-rules.yml 92 | decision_environment: my_de 93 | extra_vars: 94 | provider: github 95 | repo_url: https://github.com/ansible/ansible-rulebook.git 96 | enabled: true 97 | awx_token: my_token 98 | state: present 99 | 100 | - name: Restart eda rulebook activation 101 | infra.eda_configuration.rulebook_activation: 102 | name: Github Hook 103 | state: restarted 104 | 105 | - name: Delete eda rulebook activation 106 | infra.eda_configuration.rulebook_activation: 107 | name: Github Hook 108 | state: absent 109 | """ 110 | 111 | from ..module_utils.eda_module import EDAModule 112 | import json 113 | 114 | 115 | def main(): 116 | # Any additional arguments that are not fields of the item can be added here 117 | argument_spec = dict( 118 | name=dict(required=True), 119 | description=dict(), 120 | project=dict(), 121 | rulebook=dict(required=True), 122 | decision_environment=dict(required=True), 123 | restart_policy=dict(choices=["always", "never", "on-failure"], default="always"), 124 | extra_vars=dict(type="dict"), 125 | enabled=dict(type="bool", default="true"), 126 | state=dict(choices=["present", "absent", "restarted"], default="present"), 127 | awx_token=dict(no_log=False), 128 | ) 129 | 130 | # Create a module for ourselves 131 | module = EDAModule(argument_spec=argument_spec, required_if=[("state", "present", ("rulebook", "decision_environment"))]) 132 | 133 | # Extract our parameters 134 | name = module.params.get("name") 135 | state = module.params.get("state") 136 | 137 | new_fields = {} 138 | 139 | # Attempt to look up an existing item based on the provided data 140 | existing_item = module.get_one("activations", name_or_id=name, key="req_url") 141 | 142 | if state == "absent": 143 | # If the state was absent we can let the module delete it if needed, the module will handle exiting from this 144 | module.delete_if_needed(existing_item, key="req_url") 145 | 146 | if state == "restarted": 147 | if module.params.get("enabled") is not None and not module.params.get("enabled"): 148 | module.fail_json(msg="It is not possible to restart a disabled rulebook activation. Ensure it is set to enabled.") 149 | # If the options want the activation enabled but it currently isn't then just run through as though enabling as that performs the restart 150 | if existing_item["is_enabled"]: 151 | # If the state was restarted we will hit the restart endpoint, the module will handle exiting from this 152 | # If the item doesn't exist we will just create it anyway 153 | module.trigger_post_action("activations/{id}/restart".format(id=existing_item["id"]), auto_exit=True) 154 | 155 | # Create the data that gets sent for create and update 156 | # Remove these two comments for final 157 | # Check that Links and groups works with this. 158 | for field_name in ( 159 | "name", 160 | "description", 161 | "restart_policy", 162 | ): 163 | field_val = module.params.get(field_name) 164 | if field_val is not None: 165 | new_fields[field_name] = field_val 166 | 167 | if module.params.get("enabled") is not None: 168 | new_fields["is_enabled"] = module.params.get("enabled") 169 | 170 | if (module.params.get("project") is not None) and (module.params.get("rulebook") is not None): 171 | new_fields["project_id"] = module.resolve_name_to_id("projects", module.params.get("project")) 172 | new_fields["rulebook_id"] = module.resolve_name_to_id("rulebooks", 173 | module.params.get("rulebook"), 174 | data={"project_id": int(new_fields["project_id"])}, 175 | ) 176 | else: 177 | new_fields["rulebook_id"] = module.resolve_name_to_id("rulebooks", module.params.get("rulebook")) 178 | 179 | if module.params.get("decision_environment") is not None: 180 | new_fields["decision_environment_id"] = module.resolve_name_to_id("decision-environments", module.params.get("decision_environment")) 181 | 182 | if module.params.get("awx_token") is not None: 183 | new_fields["awx_token_id"] = module.resolve_name_to_id("users/me/awx-tokens", module.params.get("awx_token")) 184 | 185 | # Create the extra_vars 186 | if module.params.get("extra_vars") is not None: 187 | if existing_item is not None: 188 | new_fields["extra_var_id"] = -1 # Default it as something that isn't acceptable. Prove otherwise 189 | if existing_item["extra_var_id"]: 190 | # Check if matching existing extra_vars 191 | existing_vars = module.get_by_id("extra-vars", id=existing_item["extra_var_id"]) 192 | # Test if the same 193 | if json.dumps(module.params.get("extra_vars")) == existing_vars["extra_var"]: 194 | new_fields["extra_var_id"] = existing_item["extra_var_id"] 195 | else: 196 | new_fields["extra_var_id"] = module.create_no_name( 197 | {"extra_var": json.dumps(module.params.get("extra_vars"))}, 198 | endpoint="extra-vars", 199 | item_type="extra_vars" 200 | )["id"] 201 | 202 | if existing_item is not None: 203 | # If the activation already exists, all we can do is change whether it is enabled or disabled. 204 | # The module will exit from this section 205 | 206 | # First, fail; if trying to change anything other than being enabled 207 | if ("description" in new_fields and existing_item["description"] != new_fields["description"] 208 | or "restart_policy" in new_fields and existing_item["restart_policy"] != new_fields["restart_policy"] 209 | or "project_id" in new_fields and existing_item["project_id"] != new_fields["project_id"] 210 | or "rulebook_id" in new_fields and existing_item["rulebook_id"] != new_fields["rulebook_id"] 211 | or "decision_environment_id" in new_fields and existing_item["decision_environment_id"] != new_fields["decision_environment_id"] 212 | or "awx_token_id" in new_fields and existing_item["awx_token_id"] != new_fields["awx_token_id"] 213 | or "extra_var_id" in new_fields and existing_item["extra_var_id"] != new_fields["extra_var_id"]): 214 | module.fail_json(msg="Once an activation has been created it can only be enabled, disabled or deleted. Other changes cannot be made.") 215 | 216 | if module.params.get("enabled") is not None: 217 | if module.params.get("enabled") and not existing_item["is_enabled"]: 218 | module.trigger_post_action("activations/{id}/enable".format(id=existing_item["id"]), auto_exit=True) 219 | elif (not module.params.get("enabled")) and existing_item["is_enabled"]: 220 | module.trigger_post_action("activations/{id}/disable".format(id=existing_item["id"]), auto_exit=True) 221 | module.exit_json(**module.json_output) 222 | 223 | # If the state was present and we can let the module build or update the existing item, this will return on its own 224 | module.create_if_needed( 225 | existing_item, 226 | new_fields, 227 | endpoint="activations", 228 | item_type="rulebook_activations", 229 | ) 230 | 231 | 232 | if __name__ == "__main__": 233 | main() 234 | --------------------------------------------------------------------------------