├── .gitignore ├── Dockerfile ├── LICENSE ├── Makefile ├── PROJECT ├── README.md ├── config ├── crd │ ├── bases │ │ ├── tower.ansible.com_credentialinputsources.yaml │ │ ├── tower.ansible.com_credentials.yaml │ │ ├── tower.ansible.com_credentialtypes.yaml │ │ ├── tower.ansible.com_groups.yaml │ │ ├── tower.ansible.com_hosts.yaml │ │ ├── tower.ansible.com_inventories.yaml │ │ ├── tower.ansible.com_inventorysources.yaml │ │ ├── tower.ansible.com_jobtemplates.yaml │ │ ├── tower.ansible.com_modules.yaml │ │ ├── tower.ansible.com_notifications.yaml │ │ ├── tower.ansible.com_organizations.yaml │ │ ├── tower.ansible.com_projects.yaml │ │ ├── tower.ansible.com_roles.yaml │ │ ├── tower.ansible.com_schedules.yaml │ │ ├── tower.ansible.com_teams.yaml │ │ ├── tower.ansible.com_users.yaml │ │ ├── tower.ansible.com_workflowjobtemplatenodes.yaml │ │ ├── tower.ansible.com_workflowjobtemplates.yaml │ │ └── tower.ansible.com_workflowtemplates.yaml │ └── kustomization.yaml ├── default │ ├── kustomization.yaml │ └── manager_auth_proxy_patch.yaml ├── manager │ ├── kustomization.yaml │ └── manager.yaml ├── prometheus │ ├── kustomization.yaml │ └── monitor.yaml ├── rbac │ ├── auth_proxy_client_clusterrole.yaml │ ├── auth_proxy_role.yaml │ ├── auth_proxy_role_binding.yaml │ ├── auth_proxy_service.yaml │ ├── credential_editor_role.yaml │ ├── credential_viewer_role.yaml │ ├── credentialinputsource_editor_role.yaml │ ├── credentialinputsource_viewer_role.yaml │ ├── credentialtype_editor_role.yaml │ ├── credentialtype_viewer_role.yaml │ ├── group_editor_role.yaml │ ├── group_viewer_role.yaml │ ├── host_editor_role.yaml │ ├── host_viewer_role.yaml │ ├── inventory_editor_role.yaml │ ├── inventory_viewer_role.yaml │ ├── inventorysource_editor_role.yaml │ ├── inventorysource_viewer_role.yaml │ ├── jobtemplate_editor_role.yaml │ ├── jobtemplate_viewer_role.yaml │ ├── kustomization.yaml │ ├── leader_election_role.yaml │ ├── leader_election_role_binding.yaml │ ├── module_editor_role.yaml │ ├── module_viewer_role.yaml │ ├── notification_editor_role.yaml │ ├── notification_viewer_role.yaml │ ├── organization_editor_role.yaml │ ├── organization_viewer_role.yaml │ ├── project_editor_role.yaml │ ├── project_viewer_role.yaml │ ├── role.yaml │ ├── role_binding.yaml │ ├── role_editor_role.yaml │ ├── role_viewer_role.yaml │ ├── schedule_editor_role.yaml │ ├── schedule_viewer_role.yaml │ ├── team_editor_role.yaml │ ├── team_viewer_role.yaml │ ├── user_editor_role.yaml │ ├── user_viewer_role.yaml │ ├── workflowjobtemplate_editor_role.yaml │ ├── workflowjobtemplate_viewer_role.yaml │ ├── workflowjobtemplatenode_editor_role.yaml │ ├── workflowjobtemplatenode_viewer_role.yaml │ ├── workflowtemplate_editor_role.yaml │ └── workflowtemplate_viewer_role.yaml ├── samples │ ├── kustomization.yaml │ ├── tower_v1alpha1_credential.yaml │ ├── tower_v1alpha1_credentialinputsource.yaml │ ├── tower_v1alpha1_credentialtype.yaml │ ├── tower_v1alpha1_group.yaml │ ├── tower_v1alpha1_host.yaml │ ├── tower_v1alpha1_inventory.yaml │ ├── tower_v1alpha1_inventorysource.yaml │ ├── tower_v1alpha1_jobtemplate.yaml │ ├── tower_v1alpha1_module.yaml │ ├── tower_v1alpha1_notification.yaml │ ├── tower_v1alpha1_organization.yaml │ ├── tower_v1alpha1_project.yaml │ ├── tower_v1alpha1_role.yaml │ ├── tower_v1alpha1_schedule.yaml │ ├── tower_v1alpha1_team.yaml │ ├── tower_v1alpha1_user.yaml │ ├── tower_v1alpha1_workflowjobtemplate.yaml │ ├── tower_v1alpha1_workflowjobtemplatenode.yaml │ └── tower_v1alpha1_workflowtemplate.yaml ├── scorecard │ ├── bases │ │ └── config.yaml │ ├── kustomization.yaml │ └── patches │ │ ├── basic.config.yaml │ │ └── olm.config.yaml └── testing │ ├── debug_logs_patch.yaml │ ├── kustomization.yaml │ ├── manager_image.yaml │ └── pull_policy │ ├── Always.yaml │ ├── IfNotPresent.yaml │ └── Never.yaml ├── molecule ├── default │ ├── converge.yml │ ├── create.yml │ ├── destroy.yml │ ├── kustomize.yml │ ├── molecule.yml │ ├── prepare.yml │ ├── tasks │ │ ├── credential_test.yml │ │ ├── credentialinputsource_test.yml │ │ ├── credentialtype_test.yml │ │ ├── group_test.yml │ │ ├── host_test.yml │ │ ├── inventory_test.yml │ │ ├── inventorysource_test.yml │ │ ├── joblaunch_test.yml │ │ ├── jobtemplate_test.yml │ │ ├── module_test.yml │ │ ├── notification_test.yml │ │ ├── organization_test.yml │ │ ├── project_test.yml │ │ ├── role_test.yml │ │ ├── schedule_test.yml │ │ ├── team_test.yml │ │ ├── user_test.yml │ │ ├── workflowjobtemplate_test.yml │ │ ├── workflowjobtemplatenode_test.yml │ │ └── workflowtemplate_test.yml │ └── verify.yml └── kind │ ├── converge.yml │ ├── create.yml │ ├── destroy.yml │ └── molecule.yml ├── playbooks └── .placeholder ├── requirements.yml ├── roles ├── .placeholder ├── credential │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── absent.yml │ │ ├── main.yml │ │ └── present.yml ├── credentialinputsource │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── absent.yml │ │ ├── main.yml │ │ └── present.yml ├── credentialtype │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── absent.yml │ │ ├── main.yml │ │ └── present.yml ├── group │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── absent.yml │ │ ├── main.yml │ │ └── present.yml ├── host │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── absent.yml │ │ ├── main.yml │ │ └── present.yml ├── inventory │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── absent.yml │ │ ├── main.yml │ │ └── present.yml ├── inventorysource │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── absent.yml │ │ ├── main.yml │ │ └── present.yml ├── joblaunch │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── files │ │ └── .placeholder │ ├── handlers │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ ├── templates │ │ └── .placeholder │ └── vars │ │ └── main.yml ├── jobtemplate │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── absent.yml │ │ ├── main.yml │ │ └── present.yml ├── module │ ├── defaults │ │ └── main.yml │ ├── files │ │ └── .placeholder │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── asserts.yml │ │ ├── main.yml │ │ ├── module.yml │ │ └── secret.yml │ └── templates │ │ └── module.j2 ├── notification │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── files │ │ └── .placeholder │ ├── handlers │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ ├── templates │ │ └── .placeholder │ └── vars │ │ └── main.yml ├── organization │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── absent.yml │ │ ├── main.yml │ │ └── present.yml ├── project │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── absent.yml │ │ ├── main.yml │ │ └── present.yml ├── role │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── absent.yml │ │ ├── main.yml │ │ └── present.yml ├── schedule │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── files │ │ └── .placeholder │ ├── handlers │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ ├── templates │ │ └── .placeholder │ └── vars │ │ └── main.yml ├── team │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── absent.yml │ │ ├── main.yml │ │ └── present.yml ├── user │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── absent.yml │ │ ├── main.yml │ │ └── present.yml ├── workflowjobtemplate │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── files │ │ └── .placeholder │ ├── handlers │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ ├── templates │ │ └── .placeholder │ └── vars │ │ └── main.yml ├── workflowjobtemplatenode │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── files │ │ └── .placeholder │ ├── handlers │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ ├── templates │ │ └── .placeholder │ └── vars │ │ └── main.yml └── workflowtemplate │ ├── README.md │ ├── defaults │ └── main.yml │ ├── files │ └── .placeholder │ ├── handlers │ └── main.yml │ ├── meta │ └── main.yml │ ├── tasks │ └── main.yml │ ├── templates │ └── .placeholder │ └── vars │ └── main.yml └── watches.yaml /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Binaries for programs and plugins 3 | *.exe 4 | *.exe~ 5 | *.dll 6 | *.so 7 | *.dylib 8 | bin 9 | 10 | # editor and IDE paraphernalia 11 | .idea 12 | *.swp 13 | *.swo 14 | *~ 15 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM quay.io/operator-framework/ansible-operator:v1.2.0 2 | 3 | COPY requirements.yml ${HOME}/requirements.yml 4 | RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \ 5 | && chmod -R ug+rwx ${HOME}/.ansible 6 | 7 | COPY --chown=1001:0 watches.yaml ${HOME}/watches.yaml 8 | COPY --chown=1001:0 roles/ ${HOME}/roles/ 9 | COPY --chown=1001:0 playbooks/ ${HOME}/playbooks/ 10 | -------------------------------------------------------------------------------- /PROJECT: -------------------------------------------------------------------------------- 1 | domain: ansible.com 2 | layout: ansible.sdk.operatorframework.io/v1 3 | projectName: tower-config-operator 4 | resources: 5 | - group: tower 6 | kind: Role 7 | version: v1alpha1 8 | - group: tower 9 | kind: Credential 10 | version: v1alpha1 11 | - group: tower 12 | kind: Organization 13 | version: v1alpha1 14 | - group: tower 15 | kind: JobTemplate 16 | version: v1alpha1 17 | - group: tower 18 | kind: Team 19 | version: v1alpha1 20 | - group: tower 21 | kind: User 22 | version: v1alpha1 23 | - group: tower 24 | kind: Inventory 25 | version: v1alpha1 26 | - group: tower 27 | kind: JobLaunch 28 | version: v1alpha1 29 | - group: tower 30 | kind: Module 31 | version: v1alpha1 32 | - group: tower 33 | kind: Schedule 34 | version: v1alpha1 35 | - group: tower 36 | kind: WorkflowJobTemplate 37 | version: v1alpha1 38 | - group: tower 39 | kind: WorkflowJobTemplateNode 40 | version: v1alpha1 41 | - group: tower 42 | kind: WorkflowTemplate 43 | version: v1alpha1 44 | - group: tower 45 | kind: Notification 46 | version: v1alpha1 47 | - group: tower 48 | kind: InventorySource 49 | version: v1alpha1 50 | - group: tower 51 | kind: Host 52 | version: v1alpha1 53 | - group: tower 54 | kind: Group 55 | version: v1alpha1 56 | - group: tower 57 | kind: CredentialType 58 | version: v1alpha1 59 | - group: tower 60 | kind: CredentialInputSource 61 | version: v1alpha1 62 | - group: tower 63 | kind: Project 64 | version: v1alpha1 65 | version: 3-alpha 66 | -------------------------------------------------------------------------------- /config/crd/bases/tower.ansible.com_credentialinputsources.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: credentialinputsources.tower.ansible.com 6 | spec: 7 | group: tower.ansible.com 8 | names: 9 | kind: CredentialInputSource 10 | listKind: CredentialInputSourceList 11 | plural: credentialinputsources 12 | singular: credentialinputsource 13 | scope: Namespaced 14 | versions: 15 | - name: v1alpha1 16 | schema: 17 | openAPIV3Schema: 18 | description: CredentialInputSource is the Schema for the credentialinputsources API 19 | properties: 20 | apiVersion: 21 | description: 'APIVersion defines the versioned schema of this representation 22 | of an object. Servers should convert recognized schemas to the latest 23 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 24 | type: string 25 | kind: 26 | description: 'Kind is a string value representing the REST resource this 27 | object represents. Servers may infer this from the endpoint the client 28 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 29 | type: string 30 | metadata: 31 | type: object 32 | spec: 33 | description: Spec defines the desired state of CredentialInputSource 34 | type: object 35 | x-kubernetes-preserve-unknown-fields: true 36 | status: 37 | description: Status defines the observed state of CredentialInputSource 38 | type: object 39 | x-kubernetes-preserve-unknown-fields: true 40 | type: object 41 | served: true 42 | storage: true 43 | subresources: 44 | status: {} 45 | -------------------------------------------------------------------------------- /config/crd/bases/tower.ansible.com_credentials.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: credentials.tower.ansible.com 6 | spec: 7 | group: tower.ansible.com 8 | names: 9 | kind: Credential 10 | listKind: CredentialList 11 | plural: credentials 12 | singular: credential 13 | scope: Namespaced 14 | versions: 15 | - name: v1alpha1 16 | schema: 17 | openAPIV3Schema: 18 | description: Credential is the Schema for the credentials API 19 | properties: 20 | apiVersion: 21 | description: 'APIVersion defines the versioned schema of this representation 22 | of an object. Servers should convert recognized schemas to the latest 23 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 24 | type: string 25 | kind: 26 | description: 'Kind is a string value representing the REST resource this 27 | object represents. Servers may infer this from the endpoint the client 28 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 29 | type: string 30 | metadata: 31 | type: object 32 | spec: 33 | description: Spec defines the desired state of Credential 34 | type: object 35 | x-kubernetes-preserve-unknown-fields: true 36 | status: 37 | description: Status defines the observed state of Credential 38 | type: object 39 | x-kubernetes-preserve-unknown-fields: true 40 | type: object 41 | served: true 42 | storage: true 43 | subresources: 44 | status: {} 45 | -------------------------------------------------------------------------------- /config/crd/bases/tower.ansible.com_credentialtypes.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: credentialtypes.tower.ansible.com 6 | spec: 7 | group: tower.ansible.com 8 | names: 9 | kind: CredentialType 10 | listKind: CredentialTypeList 11 | plural: credentialtypes 12 | singular: credentialtype 13 | scope: Namespaced 14 | versions: 15 | - name: v1alpha1 16 | schema: 17 | openAPIV3Schema: 18 | description: CredentialType is the Schema for the credentialtypes API 19 | properties: 20 | apiVersion: 21 | description: 'APIVersion defines the versioned schema of this representation 22 | of an object. Servers should convert recognized schemas to the latest 23 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 24 | type: string 25 | kind: 26 | description: 'Kind is a string value representing the REST resource this 27 | object represents. Servers may infer this from the endpoint the client 28 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 29 | type: string 30 | metadata: 31 | type: object 32 | spec: 33 | description: Spec defines the desired state of CredentialType 34 | type: object 35 | x-kubernetes-preserve-unknown-fields: true 36 | status: 37 | description: Status defines the observed state of CredentialType 38 | type: object 39 | x-kubernetes-preserve-unknown-fields: true 40 | type: object 41 | served: true 42 | storage: true 43 | subresources: 44 | status: {} 45 | -------------------------------------------------------------------------------- /config/crd/bases/tower.ansible.com_groups.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: groups.tower.ansible.com 6 | spec: 7 | group: tower.ansible.com 8 | names: 9 | kind: Group 10 | listKind: GroupList 11 | plural: groups 12 | singular: group 13 | scope: Namespaced 14 | versions: 15 | - name: v1alpha1 16 | schema: 17 | openAPIV3Schema: 18 | description: Group is the Schema for the groups API 19 | properties: 20 | apiVersion: 21 | description: 'APIVersion defines the versioned schema of this representation 22 | of an object. Servers should convert recognized schemas to the latest 23 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 24 | type: string 25 | kind: 26 | description: 'Kind is a string value representing the REST resource this 27 | object represents. Servers may infer this from the endpoint the client 28 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 29 | type: string 30 | metadata: 31 | type: object 32 | spec: 33 | description: Spec defines the desired state of Group 34 | type: object 35 | x-kubernetes-preserve-unknown-fields: true 36 | status: 37 | description: Status defines the observed state of Group 38 | type: object 39 | x-kubernetes-preserve-unknown-fields: true 40 | type: object 41 | served: true 42 | storage: true 43 | subresources: 44 | status: {} 45 | -------------------------------------------------------------------------------- /config/crd/bases/tower.ansible.com_hosts.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: hosts.tower.ansible.com 6 | spec: 7 | group: tower.ansible.com 8 | names: 9 | kind: Host 10 | listKind: HostList 11 | plural: hosts 12 | singular: host 13 | scope: Namespaced 14 | versions: 15 | - name: v1alpha1 16 | schema: 17 | openAPIV3Schema: 18 | description: Host is the Schema for the hosts API 19 | properties: 20 | apiVersion: 21 | description: 'APIVersion defines the versioned schema of this representation 22 | of an object. Servers should convert recognized schemas to the latest 23 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 24 | type: string 25 | kind: 26 | description: 'Kind is a string value representing the REST resource this 27 | object represents. Servers may infer this from the endpoint the client 28 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 29 | type: string 30 | metadata: 31 | type: object 32 | spec: 33 | description: Spec defines the desired state of Host 34 | type: object 35 | x-kubernetes-preserve-unknown-fields: true 36 | status: 37 | description: Status defines the observed state of Host 38 | type: object 39 | x-kubernetes-preserve-unknown-fields: true 40 | type: object 41 | served: true 42 | storage: true 43 | subresources: 44 | status: {} 45 | -------------------------------------------------------------------------------- /config/crd/bases/tower.ansible.com_inventories.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: inventories.tower.ansible.com 6 | spec: 7 | group: tower.ansible.com 8 | names: 9 | kind: Inventory 10 | listKind: InventoryList 11 | plural: inventories 12 | singular: inventory 13 | scope: Namespaced 14 | versions: 15 | - name: v1alpha1 16 | schema: 17 | openAPIV3Schema: 18 | description: Inventory is the Schema for the inventories API 19 | properties: 20 | apiVersion: 21 | description: 'APIVersion defines the versioned schema of this representation 22 | of an object. Servers should convert recognized schemas to the latest 23 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 24 | type: string 25 | kind: 26 | description: 'Kind is a string value representing the REST resource this 27 | object represents. Servers may infer this from the endpoint the client 28 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 29 | type: string 30 | metadata: 31 | type: object 32 | spec: 33 | description: Spec defines the desired state of Inventory 34 | type: object 35 | x-kubernetes-preserve-unknown-fields: true 36 | status: 37 | description: Status defines the observed state of Inventory 38 | type: object 39 | x-kubernetes-preserve-unknown-fields: true 40 | type: object 41 | served: true 42 | storage: true 43 | subresources: 44 | status: {} 45 | -------------------------------------------------------------------------------- /config/crd/bases/tower.ansible.com_inventorysources.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: inventorysources.tower.ansible.com 6 | spec: 7 | group: tower.ansible.com 8 | names: 9 | kind: InventorySource 10 | listKind: InventorySourceList 11 | plural: inventorysources 12 | singular: inventorysource 13 | scope: Namespaced 14 | versions: 15 | - name: v1alpha1 16 | schema: 17 | openAPIV3Schema: 18 | description: InventorySource is the Schema for the inventorysources API 19 | properties: 20 | apiVersion: 21 | description: 'APIVersion defines the versioned schema of this representation 22 | of an object. Servers should convert recognized schemas to the latest 23 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 24 | type: string 25 | kind: 26 | description: 'Kind is a string value representing the REST resource this 27 | object represents. Servers may infer this from the endpoint the client 28 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 29 | type: string 30 | metadata: 31 | type: object 32 | spec: 33 | description: Spec defines the desired state of InventorySource 34 | type: object 35 | x-kubernetes-preserve-unknown-fields: true 36 | status: 37 | description: Status defines the observed state of InventorySource 38 | type: object 39 | x-kubernetes-preserve-unknown-fields: true 40 | type: object 41 | served: true 42 | storage: true 43 | subresources: 44 | status: {} 45 | -------------------------------------------------------------------------------- /config/crd/bases/tower.ansible.com_jobtemplates.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: jobtemplates.tower.ansible.com 6 | spec: 7 | group: tower.ansible.com 8 | names: 9 | kind: JobTemplate 10 | listKind: JobTemplateList 11 | plural: jobtemplates 12 | singular: jobtemplate 13 | scope: Namespaced 14 | versions: 15 | - name: v1alpha1 16 | schema: 17 | openAPIV3Schema: 18 | description: JobTemplate is the Schema for the jobtemplates API 19 | properties: 20 | apiVersion: 21 | description: 'APIVersion defines the versioned schema of this representation 22 | of an object. Servers should convert recognized schemas to the latest 23 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 24 | type: string 25 | kind: 26 | description: 'Kind is a string value representing the REST resource this 27 | object represents. Servers may infer this from the endpoint the client 28 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 29 | type: string 30 | metadata: 31 | type: object 32 | spec: 33 | description: Spec defines the desired state of JobTemplate 34 | type: object 35 | x-kubernetes-preserve-unknown-fields: true 36 | status: 37 | description: Status defines the observed state of JobTemplate 38 | type: object 39 | x-kubernetes-preserve-unknown-fields: true 40 | type: object 41 | served: true 42 | storage: true 43 | subresources: 44 | status: {} 45 | -------------------------------------------------------------------------------- /config/crd/bases/tower.ansible.com_modules.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: modules.tower.ansible.com 6 | spec: 7 | group: tower.ansible.com 8 | names: 9 | kind: Module 10 | listKind: ModuleList 11 | plural: modules 12 | singular: module 13 | scope: Namespaced 14 | versions: 15 | - name: v1alpha1 16 | schema: 17 | openAPIV3Schema: 18 | description: Module is the Schema for the modules API 19 | properties: 20 | apiVersion: 21 | description: 'APIVersion defines the versioned schema of this representation 22 | of an object. Servers should convert recognized schemas to the latest 23 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 24 | type: string 25 | kind: 26 | description: 'Kind is a string value representing the REST resource this 27 | object represents. Servers may infer this from the endpoint the client 28 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 29 | type: string 30 | metadata: 31 | type: object 32 | spec: 33 | description: Spec defines the desired state of Module 34 | type: object 35 | x-kubernetes-preserve-unknown-fields: true 36 | status: 37 | description: Status defines the observed state of Module 38 | type: object 39 | x-kubernetes-preserve-unknown-fields: true 40 | type: object 41 | served: true 42 | storage: true 43 | subresources: 44 | status: {} 45 | -------------------------------------------------------------------------------- /config/crd/bases/tower.ansible.com_notifications.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: notifications.tower.ansible.com 6 | spec: 7 | group: tower.ansible.com 8 | names: 9 | kind: Notification 10 | listKind: NotificationList 11 | plural: notifications 12 | singular: notification 13 | scope: Namespaced 14 | versions: 15 | - name: v1alpha1 16 | schema: 17 | openAPIV3Schema: 18 | description: Notification is the Schema for the notifications API 19 | properties: 20 | apiVersion: 21 | description: 'APIVersion defines the versioned schema of this representation 22 | of an object. Servers should convert recognized schemas to the latest 23 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 24 | type: string 25 | kind: 26 | description: 'Kind is a string value representing the REST resource this 27 | object represents. Servers may infer this from the endpoint the client 28 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 29 | type: string 30 | metadata: 31 | type: object 32 | spec: 33 | description: Spec defines the desired state of Notification 34 | type: object 35 | x-kubernetes-preserve-unknown-fields: true 36 | status: 37 | description: Status defines the observed state of Notification 38 | type: object 39 | x-kubernetes-preserve-unknown-fields: true 40 | type: object 41 | served: true 42 | storage: true 43 | subresources: 44 | status: {} 45 | -------------------------------------------------------------------------------- /config/crd/bases/tower.ansible.com_organizations.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: organizations.tower.ansible.com 6 | spec: 7 | group: tower.ansible.com 8 | names: 9 | kind: Organization 10 | listKind: OrganizationList 11 | plural: organizations 12 | singular: organization 13 | scope: Namespaced 14 | versions: 15 | - name: v1alpha1 16 | schema: 17 | openAPIV3Schema: 18 | description: Organization is the Schema for the organizations API 19 | properties: 20 | apiVersion: 21 | description: 'APIVersion defines the versioned schema of this representation 22 | of an object. Servers should convert recognized schemas to the latest 23 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 24 | type: string 25 | kind: 26 | description: 'Kind is a string value representing the REST resource this 27 | object represents. Servers may infer this from the endpoint the client 28 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 29 | type: string 30 | metadata: 31 | type: object 32 | spec: 33 | description: Spec defines the desired state of Organization 34 | type: object 35 | x-kubernetes-preserve-unknown-fields: true 36 | status: 37 | description: Status defines the observed state of Organization 38 | type: object 39 | x-kubernetes-preserve-unknown-fields: true 40 | type: object 41 | served: true 42 | storage: true 43 | subresources: 44 | status: {} 45 | -------------------------------------------------------------------------------- /config/crd/bases/tower.ansible.com_projects.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: projects.tower.ansible.com 6 | spec: 7 | group: tower.ansible.com 8 | names: 9 | kind: Project 10 | listKind: ProjectList 11 | plural: projects 12 | singular: project 13 | scope: Namespaced 14 | versions: 15 | - name: v1alpha1 16 | schema: 17 | openAPIV3Schema: 18 | description: Project is the Schema for the projects API 19 | properties: 20 | apiVersion: 21 | description: 'APIVersion defines the versioned schema of this representation 22 | of an object. Servers should convert recognized schemas to the latest 23 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 24 | type: string 25 | kind: 26 | description: 'Kind is a string value representing the REST resource this 27 | object represents. Servers may infer this from the endpoint the client 28 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 29 | type: string 30 | metadata: 31 | type: object 32 | spec: 33 | description: Spec defines the desired state of Project 34 | type: object 35 | x-kubernetes-preserve-unknown-fields: true 36 | status: 37 | description: Status defines the observed state of Project 38 | type: object 39 | x-kubernetes-preserve-unknown-fields: true 40 | type: object 41 | served: true 42 | storage: true 43 | subresources: 44 | status: {} 45 | -------------------------------------------------------------------------------- /config/crd/bases/tower.ansible.com_roles.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: roles.tower.ansible.com 6 | spec: 7 | group: tower.ansible.com 8 | names: 9 | kind: Role 10 | listKind: RoleList 11 | plural: roles 12 | singular: role 13 | scope: Namespaced 14 | versions: 15 | - name: v1alpha1 16 | schema: 17 | openAPIV3Schema: 18 | description: Role is the Schema for the roles API 19 | properties: 20 | apiVersion: 21 | description: 'APIVersion defines the versioned schema of this representation 22 | of an object. Servers should convert recognized schemas to the latest 23 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 24 | type: string 25 | kind: 26 | description: 'Kind is a string value representing the REST resource this 27 | object represents. Servers may infer this from the endpoint the client 28 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 29 | type: string 30 | metadata: 31 | type: object 32 | spec: 33 | description: Spec defines the desired state of Role 34 | type: object 35 | x-kubernetes-preserve-unknown-fields: true 36 | status: 37 | description: Status defines the observed state of Role 38 | type: object 39 | x-kubernetes-preserve-unknown-fields: true 40 | type: object 41 | served: true 42 | storage: true 43 | subresources: 44 | status: {} 45 | -------------------------------------------------------------------------------- /config/crd/bases/tower.ansible.com_schedules.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: schedules.tower.ansible.com 6 | spec: 7 | group: tower.ansible.com 8 | names: 9 | kind: Schedule 10 | listKind: ScheduleList 11 | plural: schedules 12 | singular: schedule 13 | scope: Namespaced 14 | versions: 15 | - name: v1alpha1 16 | schema: 17 | openAPIV3Schema: 18 | description: Schedule is the Schema for the schedules API 19 | properties: 20 | apiVersion: 21 | description: 'APIVersion defines the versioned schema of this representation 22 | of an object. Servers should convert recognized schemas to the latest 23 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 24 | type: string 25 | kind: 26 | description: 'Kind is a string value representing the REST resource this 27 | object represents. Servers may infer this from the endpoint the client 28 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 29 | type: string 30 | metadata: 31 | type: object 32 | spec: 33 | description: Spec defines the desired state of Schedule 34 | type: object 35 | x-kubernetes-preserve-unknown-fields: true 36 | status: 37 | description: Status defines the observed state of Schedule 38 | type: object 39 | x-kubernetes-preserve-unknown-fields: true 40 | type: object 41 | served: true 42 | storage: true 43 | subresources: 44 | status: {} 45 | -------------------------------------------------------------------------------- /config/crd/bases/tower.ansible.com_teams.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: teams.tower.ansible.com 6 | spec: 7 | group: tower.ansible.com 8 | names: 9 | kind: Team 10 | listKind: TeamList 11 | plural: teams 12 | singular: team 13 | scope: Namespaced 14 | versions: 15 | - name: v1alpha1 16 | schema: 17 | openAPIV3Schema: 18 | description: Team is the Schema for the teams API 19 | properties: 20 | apiVersion: 21 | description: 'APIVersion defines the versioned schema of this representation 22 | of an object. Servers should convert recognized schemas to the latest 23 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 24 | type: string 25 | kind: 26 | description: 'Kind is a string value representing the REST resource this 27 | object represents. Servers may infer this from the endpoint the client 28 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 29 | type: string 30 | metadata: 31 | type: object 32 | spec: 33 | description: Spec defines the desired state of Team 34 | type: object 35 | x-kubernetes-preserve-unknown-fields: true 36 | status: 37 | description: Status defines the observed state of Team 38 | type: object 39 | x-kubernetes-preserve-unknown-fields: true 40 | type: object 41 | served: true 42 | storage: true 43 | subresources: 44 | status: {} 45 | -------------------------------------------------------------------------------- /config/crd/bases/tower.ansible.com_users.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: users.tower.ansible.com 6 | spec: 7 | group: tower.ansible.com 8 | names: 9 | kind: User 10 | listKind: UserList 11 | plural: users 12 | singular: user 13 | scope: Namespaced 14 | versions: 15 | - name: v1alpha1 16 | schema: 17 | openAPIV3Schema: 18 | description: User is the Schema for the users API 19 | properties: 20 | apiVersion: 21 | description: 'APIVersion defines the versioned schema of this representation 22 | of an object. Servers should convert recognized schemas to the latest 23 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 24 | type: string 25 | kind: 26 | description: 'Kind is a string value representing the REST resource this 27 | object represents. Servers may infer this from the endpoint the client 28 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 29 | type: string 30 | metadata: 31 | type: object 32 | spec: 33 | description: Spec defines the desired state of User 34 | type: object 35 | x-kubernetes-preserve-unknown-fields: true 36 | status: 37 | description: Status defines the observed state of User 38 | type: object 39 | x-kubernetes-preserve-unknown-fields: true 40 | type: object 41 | served: true 42 | storage: true 43 | subresources: 44 | status: {} 45 | -------------------------------------------------------------------------------- /config/crd/bases/tower.ansible.com_workflowjobtemplatenodes.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: workflowjobtemplatenodes.tower.ansible.com 6 | spec: 7 | group: tower.ansible.com 8 | names: 9 | kind: WorkflowJobTemplateNode 10 | listKind: WorkflowJobTemplateNodeList 11 | plural: workflowjobtemplatenodes 12 | singular: workflowjobtemplatenode 13 | scope: Namespaced 14 | versions: 15 | - name: v1alpha1 16 | schema: 17 | openAPIV3Schema: 18 | description: WorkflowJobTemplateNode is the Schema for the workflowjobtemplatenodes API 19 | properties: 20 | apiVersion: 21 | description: 'APIVersion defines the versioned schema of this representation 22 | of an object. Servers should convert recognized schemas to the latest 23 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 24 | type: string 25 | kind: 26 | description: 'Kind is a string value representing the REST resource this 27 | object represents. Servers may infer this from the endpoint the client 28 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 29 | type: string 30 | metadata: 31 | type: object 32 | spec: 33 | description: Spec defines the desired state of WorkflowJobTemplateNode 34 | type: object 35 | x-kubernetes-preserve-unknown-fields: true 36 | status: 37 | description: Status defines the observed state of WorkflowJobTemplateNode 38 | type: object 39 | x-kubernetes-preserve-unknown-fields: true 40 | type: object 41 | served: true 42 | storage: true 43 | subresources: 44 | status: {} 45 | -------------------------------------------------------------------------------- /config/crd/bases/tower.ansible.com_workflowjobtemplates.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: workflowjobtemplates.tower.ansible.com 6 | spec: 7 | group: tower.ansible.com 8 | names: 9 | kind: WorkflowJobTemplate 10 | listKind: WorkflowJobTemplateList 11 | plural: workflowjobtemplates 12 | singular: workflowjobtemplate 13 | scope: Namespaced 14 | versions: 15 | - name: v1alpha1 16 | schema: 17 | openAPIV3Schema: 18 | description: WorkflowJobTemplate is the Schema for the workflowjobtemplates API 19 | properties: 20 | apiVersion: 21 | description: 'APIVersion defines the versioned schema of this representation 22 | of an object. Servers should convert recognized schemas to the latest 23 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 24 | type: string 25 | kind: 26 | description: 'Kind is a string value representing the REST resource this 27 | object represents. Servers may infer this from the endpoint the client 28 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 29 | type: string 30 | metadata: 31 | type: object 32 | spec: 33 | description: Spec defines the desired state of WorkflowJobTemplate 34 | type: object 35 | x-kubernetes-preserve-unknown-fields: true 36 | status: 37 | description: Status defines the observed state of WorkflowJobTemplate 38 | type: object 39 | x-kubernetes-preserve-unknown-fields: true 40 | type: object 41 | served: true 42 | storage: true 43 | subresources: 44 | status: {} 45 | -------------------------------------------------------------------------------- /config/crd/bases/tower.ansible.com_workflowtemplates.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: workflowtemplates.tower.ansible.com 6 | spec: 7 | group: tower.ansible.com 8 | names: 9 | kind: WorkflowTemplate 10 | listKind: WorkflowTemplateList 11 | plural: workflowtemplates 12 | singular: workflowtemplate 13 | scope: Namespaced 14 | versions: 15 | - name: v1alpha1 16 | schema: 17 | openAPIV3Schema: 18 | description: WorkflowTemplate is the Schema for the workflowtemplates API 19 | properties: 20 | apiVersion: 21 | description: 'APIVersion defines the versioned schema of this representation 22 | of an object. Servers should convert recognized schemas to the latest 23 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 24 | type: string 25 | kind: 26 | description: 'Kind is a string value representing the REST resource this 27 | object represents. Servers may infer this from the endpoint the client 28 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 29 | type: string 30 | metadata: 31 | type: object 32 | spec: 33 | description: Spec defines the desired state of WorkflowTemplate 34 | type: object 35 | x-kubernetes-preserve-unknown-fields: true 36 | status: 37 | description: Status defines the observed state of WorkflowTemplate 38 | type: object 39 | x-kubernetes-preserve-unknown-fields: true 40 | type: object 41 | served: true 42 | storage: true 43 | subresources: 44 | status: {} 45 | -------------------------------------------------------------------------------- /config/crd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # This kustomization.yaml is not intended to be run by itself, 3 | # since it depends on service name and namespace that are out of this kustomize package. 4 | # It should be run by config/default 5 | resources: 6 | - bases/tower.ansible.com_roles.yaml 7 | - bases/tower.ansible.com_credentials.yaml 8 | - bases/tower.ansible.com_organizations.yaml 9 | - bases/tower.ansible.com_jobtemplates.yaml 10 | - bases/tower.ansible.com_teams.yaml 11 | - bases/tower.ansible.com_users.yaml 12 | - bases/tower.ansible.com_inventories.yaml 13 | - bases/tower.ansible.com_modules.yaml 14 | - bases/tower.ansible.com_schedules.yaml 15 | - bases/tower.ansible.com_workflowjobtemplates.yaml 16 | - bases/tower.ansible.com_workflowjobtemplatenodes.yaml 17 | - bases/tower.ansible.com_workflowtemplates.yaml 18 | - bases/tower.ansible.com_notifications.yaml 19 | - bases/tower.ansible.com_inventorysources.yaml 20 | - bases/tower.ansible.com_hosts.yaml 21 | - bases/tower.ansible.com_groups.yaml 22 | - bases/tower.ansible.com_credentialtypes.yaml 23 | - bases/tower.ansible.com_credentialinputsources.yaml 24 | - bases/tower.ansible.com_projects.yaml 25 | # +kubebuilder:scaffold:crdkustomizeresource 26 | -------------------------------------------------------------------------------- /config/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Adds namespace to all resources. 3 | namespace: tower-config-operator-system 4 | 5 | # Value of this field is prepended to the 6 | # names of all resources, e.g. a deployment named 7 | # "wordpress" becomes "alices-wordpress". 8 | # Note that it should also match with the prefix (text before '-') of the namespace 9 | # field above. 10 | namePrefix: tower-config-operator- 11 | 12 | # Labels to add to all resources and selectors. 13 | #commonLabels: 14 | # someName: someValue 15 | 16 | bases: 17 | - ../crd 18 | - ../rbac 19 | - ../manager 20 | # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. 21 | #- ../prometheus 22 | 23 | patchesStrategicMerge: 24 | # Protect the /metrics endpoint by putting it behind auth. 25 | # If you want your controller-manager to expose the /metrics 26 | # endpoint w/o any authn/z, please comment the following line. 27 | - manager_auth_proxy_patch.yaml 28 | -------------------------------------------------------------------------------- /config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the 2 | # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: controller-manager 7 | namespace: operator 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: kube-rbac-proxy 13 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 14 | args: 15 | - "--secure-listen-address=0.0.0.0:8443" 16 | - "--upstream=http://127.0.0.1:8080/" 17 | - "--logtostderr=true" 18 | - "--v=10" 19 | ports: 20 | - containerPort: 8443 21 | name: https 22 | - name: manager 23 | args: 24 | - "--metrics-addr=127.0.0.1:8080" 25 | - "--enable-leader-election" 26 | - "--leader-election-id=tower-config-operator" 27 | -------------------------------------------------------------------------------- /config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization 5 | images: 6 | - name: controller 7 | newName: quay.io/victorock/tower-config-operator 8 | newTag: 0.0.1 9 | -------------------------------------------------------------------------------- /config/manager/manager.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | labels: 6 | control-plane: controller-manager 7 | name: operator 8 | --- 9 | apiVersion: apps/v1 10 | kind: Deployment 11 | metadata: 12 | name: controller-manager 13 | namespace: operator 14 | labels: 15 | control-plane: controller-manager 16 | spec: 17 | selector: 18 | matchLabels: 19 | control-plane: controller-manager 20 | replicas: 1 21 | template: 22 | metadata: 23 | labels: 24 | control-plane: controller-manager 25 | spec: 26 | containers: 27 | - name: manager 28 | args: 29 | - "--enable-leader-election" 30 | - "--leader-election-id=tower-config-operator" 31 | env: 32 | - name: ANSIBLE_GATHERING 33 | value: explicit 34 | - name: ANSIBLE_NOCOLOR 35 | value: "true" 36 | - name: ANSIBLE_HASH_BEHAVIOUR 37 | value: "merge" 38 | - name: ANSIBLE_ACTION_WARNINGS 39 | value: "false" 40 | image: controller:latest 41 | terminationGracePeriodSeconds: 10 42 | -------------------------------------------------------------------------------- /config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: controller-manager 8 | name: controller-manager-metrics-monitor 9 | namespace: operator 10 | spec: 11 | endpoints: 12 | - path: /metrics 13 | port: https 14 | selector: 15 | matchLabels: 16 | control-plane: controller-manager 17 | -------------------------------------------------------------------------------- /config/rbac/auth_proxy_client_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-reader 5 | rules: 6 | - nonResourceURLs: ["/metrics"] 7 | verbs: ["get"] 8 | -------------------------------------------------------------------------------- /config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: ["authentication.k8s.io"] 7 | resources: 8 | - tokenreviews 9 | verbs: ["create"] 10 | - apiGroups: ["authorization.k8s.io"] 11 | resources: 12 | - subjectaccessreviews 13 | verbs: ["create"] 14 | -------------------------------------------------------------------------------- /config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: operator 13 | -------------------------------------------------------------------------------- /config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: operator 8 | spec: 9 | ports: 10 | - name: https 11 | port: 8443 12 | targetPort: https 13 | selector: 14 | control-plane: controller-manager 15 | -------------------------------------------------------------------------------- /config/rbac/credential_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit credentials. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: credential-editor-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - credentials 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - tower.ansible.com 21 | resources: 22 | - credentials/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/credential_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view credentials. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: credential-viewer-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - credentials 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - tower.ansible.com 17 | resources: 18 | - credentials/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/credentialinputsource_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit credentialinputsources. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: credentialinputsource-editor-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - credentialinputsources 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - tower.ansible.com 21 | resources: 22 | - credentialinputsources/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/credentialinputsource_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view credentialinputsources. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: credentialinputsource-viewer-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - credentialinputsources 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - tower.ansible.com 17 | resources: 18 | - credentialinputsources/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/credentialtype_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit credentialtypes. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: credentialtype-editor-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - credentialtypes 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - tower.ansible.com 21 | resources: 22 | - credentialtypes/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/credentialtype_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view credentialtypes. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: credentialtype-viewer-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - credentialtypes 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - tower.ansible.com 17 | resources: 18 | - credentialtypes/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/group_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit groups. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: group-editor-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - groups 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - tower.ansible.com 21 | resources: 22 | - groups/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/group_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view groups. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: group-viewer-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - groups 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - tower.ansible.com 17 | resources: 18 | - groups/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/host_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit hosts. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: host-editor-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - hosts 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - tower.ansible.com 21 | resources: 22 | - hosts/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/host_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view hosts. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: host-viewer-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - hosts 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - tower.ansible.com 17 | resources: 18 | - hosts/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/inventory_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit inventories. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: inventory-editor-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - inventories 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - tower.ansible.com 21 | resources: 22 | - inventories/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/inventory_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view inventories. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: inventory-viewer-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - inventories 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - tower.ansible.com 17 | resources: 18 | - inventories/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/inventorysource_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit inventorysources. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: inventorysource-editor-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - inventorysources 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - tower.ansible.com 21 | resources: 22 | - inventorysources/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/inventorysource_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view inventorysources. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: inventorysource-viewer-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - inventorysources 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - tower.ansible.com 17 | resources: 18 | - inventorysources/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/jobtemplate_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit jobtemplates. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: jobtemplate-editor-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - jobtemplates 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - tower.ansible.com 21 | resources: 22 | - jobtemplates/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/jobtemplate_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view jobtemplates. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: jobtemplate-viewer-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - jobtemplates 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - tower.ansible.com 17 | resources: 18 | - jobtemplates/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - role.yaml 3 | - role_binding.yaml 4 | - leader_election_role.yaml 5 | - leader_election_role_binding.yaml 6 | # Comment the following 4 lines if you want to disable 7 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 8 | # which protects your /metrics endpoint. 9 | - auth_proxy_service.yaml 10 | - auth_proxy_role.yaml 11 | - auth_proxy_role_binding.yaml 12 | - auth_proxy_client_clusterrole.yaml 13 | -------------------------------------------------------------------------------- /config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - events 23 | verbs: 24 | - create 25 | - patch 26 | -------------------------------------------------------------------------------- /config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: operator 13 | -------------------------------------------------------------------------------- /config/rbac/module_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit modules. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: module-editor-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - modules 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - tower.ansible.com 21 | resources: 22 | - modules/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/module_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view modules. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: module-viewer-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - modules 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - tower.ansible.com 17 | resources: 18 | - modules/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/notification_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit notifications. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: notification-editor-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - notifications 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - tower.ansible.com 21 | resources: 22 | - notifications/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/notification_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view notifications. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: notification-viewer-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - notifications 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - tower.ansible.com 17 | resources: 18 | - notifications/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/organization_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit organizations. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: organization-editor-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - organizations 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - tower.ansible.com 21 | resources: 22 | - organizations/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/organization_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view organizations. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: organization-viewer-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - organizations 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - tower.ansible.com 17 | resources: 18 | - organizations/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/project_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit projects. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: project-editor-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - projects 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - tower.ansible.com 21 | resources: 22 | - projects/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/project_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view projects. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: project-viewer-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - projects 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - tower.ansible.com 17 | resources: 18 | - projects/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: manager-rolebinding 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: manager-role 10 | subjects: 11 | - kind: ServiceAccount 12 | name: default 13 | namespace: operator 14 | -------------------------------------------------------------------------------- /config/rbac/role_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit roles. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: role-editor-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - roles 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - tower.ansible.com 21 | resources: 22 | - roles/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/role_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view roles. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: role-viewer-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - roles 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - tower.ansible.com 17 | resources: 18 | - roles/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/schedule_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit schedules. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: schedule-editor-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - schedules 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - tower.ansible.com 21 | resources: 22 | - schedules/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/schedule_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view schedules. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: schedule-viewer-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - schedules 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - tower.ansible.com 17 | resources: 18 | - schedules/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/team_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit teams. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: team-editor-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - teams 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - tower.ansible.com 21 | resources: 22 | - teams/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/team_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view teams. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: team-viewer-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - teams 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - tower.ansible.com 17 | resources: 18 | - teams/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/user_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit users. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: user-editor-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - users 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - tower.ansible.com 21 | resources: 22 | - users/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/user_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view users. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: user-viewer-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - users 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - tower.ansible.com 17 | resources: 18 | - users/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/workflowjobtemplate_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit workflowjobtemplates. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: workflowjobtemplate-editor-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - workflowjobtemplates 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - tower.ansible.com 21 | resources: 22 | - workflowjobtemplates/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/workflowjobtemplate_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view workflowjobtemplates. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: workflowjobtemplate-viewer-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - workflowjobtemplates 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - tower.ansible.com 17 | resources: 18 | - workflowjobtemplates/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/workflowjobtemplatenode_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit workflowjobtemplatenodes. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: workflowjobtemplatenode-editor-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - workflowjobtemplatenodes 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - tower.ansible.com 21 | resources: 22 | - workflowjobtemplatenodes/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/workflowjobtemplatenode_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view workflowjobtemplatenodes. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: workflowjobtemplatenode-viewer-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - workflowjobtemplatenodes 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - tower.ansible.com 17 | resources: 18 | - workflowjobtemplatenodes/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/workflowtemplate_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit workflowtemplates. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: workflowtemplate-editor-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - workflowtemplates 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - tower.ansible.com 21 | resources: 22 | - workflowtemplates/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/workflowtemplate_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view workflowtemplates. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: workflowtemplate-viewer-role 6 | rules: 7 | - apiGroups: 8 | - tower.ansible.com 9 | resources: 10 | - workflowtemplates 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - tower.ansible.com 17 | resources: 18 | - workflowtemplates/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/samples/kustomization.yaml: -------------------------------------------------------------------------------- 1 | ## Append samples you want in your CSV to this file as resources ## 2 | resources: 3 | - tower_v1alpha1_role.yaml 4 | - tower_v1alpha1_credential.yaml 5 | - tower_v1alpha1_organization.yaml 6 | - tower_v1alpha1_jobtemplate.yaml 7 | - tower_v1alpha1_team.yaml 8 | - tower_v1alpha1_user.yaml 9 | - tower_v1alpha1_inventory.yaml 10 | - tower_v1alpha1_module.yaml 11 | - tower_v1alpha1_schedule.yaml 12 | - tower_v1alpha1_workflowjobtemplate.yaml 13 | - tower_v1alpha1_workflowjobtemplatenode.yaml 14 | - tower_v1alpha1_workflowtemplate.yaml 15 | - tower_v1alpha1_notification.yaml 16 | - tower_v1alpha1_inventorysource.yaml 17 | - tower_v1alpha1_host.yaml 18 | - tower_v1alpha1_group.yaml 19 | - tower_v1alpha1_credentialtype.yaml 20 | - tower_v1alpha1_credentialinputsource.yaml 21 | - tower_v1alpha1_project.yaml 22 | # +kubebuilder:scaffold:manifestskustomizesamples 23 | -------------------------------------------------------------------------------- /config/samples/tower_v1alpha1_credential.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tower.ansible.com/v1alpha1 3 | kind: Credential 4 | metadata: 5 | name: credential-sample 6 | spec: 7 | secret: toweraccess 8 | config: 9 | credential_type: Machine 10 | name: "{{ ansible_operator_meta.name }}" 11 | description: test 12 | organization: "organization-sample" 13 | inputs: 14 | username: test 15 | password: admintest 16 | -------------------------------------------------------------------------------- /config/samples/tower_v1alpha1_credentialinputsource.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tower.ansible.com/v1alpha1 3 | kind: CredentialInputSource 4 | metadata: 5 | name: credentialinputsource-sample 6 | spec: 7 | secret: toweraccess 8 | config: 9 | input_field_name: password 10 | target_credential: new_cred 11 | source_credential: cyberark_lookup 12 | metadata: 13 | object_query: "Safe=MY_SAFE;Object=awxuser" 14 | object_query_format: "Exact" 15 | -------------------------------------------------------------------------------- /config/samples/tower_v1alpha1_credentialtype.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tower.ansible.com/v1alpha1 3 | kind: CredentialType 4 | metadata: 5 | name: credentialtype-sample 6 | spec: 7 | secret: toweraccess 8 | config: 9 | name: "{{ ansible_operator_meta.name }}" 10 | kind: net 11 | inputs: 12 | fields: 13 | - type: string 14 | id: username 15 | label: Username 16 | - type: string 17 | id: password 18 | label: Password 19 | secret: true 20 | required: 21 | - username 22 | - password 23 | injectors: 24 | env: 25 | # escaping {{ and }} 26 | USERNAME: "{%raw%}{{ username }}{%endraw%}" 27 | PASSWORD: "{%raw%}{{ password }}{%endraw%}" 28 | -------------------------------------------------------------------------------- /config/samples/tower_v1alpha1_group.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tower.ansible.com/v1alpha1 3 | kind: Group 4 | metadata: 5 | name: group-sample 6 | spec: 7 | secret: toweraccess 8 | config: 9 | name: "{{ ansible_operator_meta.name }}" 10 | description: "Local Host Group" 11 | inventory: "inventory-sample" 12 | 13 | -------------------------------------------------------------------------------- /config/samples/tower_v1alpha1_host.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tower.ansible.com/v1alpha1 3 | kind: Host 4 | metadata: 5 | name: host-sample 6 | spec: 7 | secret: toweraccess 8 | config: 9 | name: "{{ ansible_operator_meta.name }}" 10 | description: "Local Host Group" 11 | inventory: "inventory-sample" 12 | variables: 13 | example_var: 123 14 | 15 | -------------------------------------------------------------------------------- /config/samples/tower_v1alpha1_inventory.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tower.ansible.com/v1alpha1 3 | kind: Inventory 4 | metadata: 5 | name: inventory-sample 6 | spec: 7 | secret: toweraccess 8 | config: 9 | name: "{{ ansible_operator_meta.name }}" 10 | description: "Our Foo Cloud Servers" 11 | organization: "organization-sample" 12 | 13 | -------------------------------------------------------------------------------- /config/samples/tower_v1alpha1_inventorysource.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tower.ansible.com/v1alpha1 3 | kind: InventorySource 4 | metadata: 5 | name: inventorysource-sample 6 | spec: 7 | secret: toweraccess 8 | config: 9 | name: "{{ ansible_operator_meta.name }}" 10 | description: Source for inventory 11 | inventory: "inventory-sample" 12 | source: "scm" 13 | source_project: "project-sample" 14 | source_path: "wordpress-nginx/hosts.example" 15 | overwrite: True 16 | update_on_launch: True 17 | -------------------------------------------------------------------------------- /config/samples/tower_v1alpha1_jobtemplate.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tower.ansible.com/v1alpha1 3 | kind: JobTemplate 4 | metadata: 5 | name: jobtemplate-sample 6 | spec: 7 | secret: toweraccess 8 | config: 9 | job_type: "check" # required. choices: run;check;scan. The job type to use for the job template. 10 | playbook: "wordpress-nginx/site.yml" 11 | organization: "organization-sample" 12 | name: "{{ ansible_operator_meta.name }}" 13 | project: "project-sample" 14 | ask_verbosity: "true" 15 | description: "ansible-examples" 16 | ask_diff_mode: "true" 17 | ask_skip_tags: "true" 18 | ask_limit: "true" 19 | ask_job_type: "true" 20 | ask_inventory: "true" 21 | ask_tags: "true" 22 | ask_credential: "true" 23 | ask_extra_vars: "true" 24 | -------------------------------------------------------------------------------- /config/samples/tower_v1alpha1_module.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tower.ansible.com/v1alpha1 3 | kind: Module 4 | metadata: 5 | name: "tower-organization-demo" 6 | spec: 7 | secret: toweraccess 8 | name: "tower_organization" 9 | parameters: 10 | name: "DEMO" 11 | description: "DEMO" 12 | 13 | -------------------------------------------------------------------------------- /config/samples/tower_v1alpha1_notification.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tower.ansible.com/v1alpha1 2 | kind: Notification 3 | metadata: 4 | name: notification-sample 5 | spec: 6 | foo: bar 7 | -------------------------------------------------------------------------------- /config/samples/tower_v1alpha1_organization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tower.ansible.com/v1alpha1 3 | kind: Organization 4 | metadata: 5 | name: "organization-sample" 6 | spec: 7 | secret: toweraccess 8 | config: 9 | name: "{{ ansible_operator_meta.name }}" 10 | description: "DEMO" 11 | -------------------------------------------------------------------------------- /config/samples/tower_v1alpha1_project.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tower.ansible.com/v1alpha1 3 | kind: Project 4 | metadata: 5 | name: project-sample 6 | spec: 7 | secret: toweraccess 8 | config: 9 | name: "{{ ansible_operator_meta.name }}" 10 | scm_url: "https://github.com/ansible/ansible-examples" 11 | scm_delete_on_update: no 12 | scm_type: git 13 | scm_update_on_launch: true 14 | organization: "organization-sample" 15 | -------------------------------------------------------------------------------- /config/samples/tower_v1alpha1_role.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tower.ansible.com/v1alpha1 3 | kind: Role 4 | metadata: 5 | name: role-user-team-sample 6 | spec: 7 | secret: toweraccess 8 | config: 9 | role: member 10 | user: "user-sample" 11 | target_team: "team-sample" 12 | --- 13 | apiVersion: tower.ansible.com/v1alpha1 14 | kind: Role 15 | metadata: 16 | name: role-user-organization-sample 17 | spec: 18 | secret: toweraccess 19 | config: 20 | role: member 21 | user: "user-sample" 22 | organization: "organization-sample" 23 | --- 24 | apiVersion: tower.ansible.com/v1alpha1 25 | kind: Role 26 | metadata: 27 | name: role-team-project-sample 28 | spec: 29 | secret: toweraccess 30 | config: 31 | role: admin 32 | project: "project-sample" 33 | team: "team-sample" 34 | --- 35 | apiVersion: tower.ansible.com/v1alpha1 36 | kind: Role 37 | metadata: 38 | name: role-team-jobtemplate-sample 39 | spec: 40 | secret: toweraccess 41 | config: 42 | role: admin 43 | job_template: "jobtemplate-sample" 44 | team: "team-sample" 45 | -------------------------------------------------------------------------------- /config/samples/tower_v1alpha1_schedule.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tower.ansible.com/v1alpha1 2 | kind: Schedule 3 | metadata: 4 | name: schedule-sample 5 | spec: 6 | foo: bar 7 | -------------------------------------------------------------------------------- /config/samples/tower_v1alpha1_team.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tower.ansible.com/v1alpha1 3 | kind: Team 4 | metadata: 5 | name: team-sample 6 | spec: 7 | secret: toweraccess 8 | config: 9 | name: "{{ ansible_operator_meta.name }}" # required. Name to use for the team. 10 | organization: "organization-sample" # required. Organization the team should be made a member of. 11 | -------------------------------------------------------------------------------- /config/samples/tower_v1alpha1_user.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: tower.ansible.com/v1alpha1 3 | kind: User 4 | metadata: 5 | name: user-sample 6 | spec: 7 | secret: toweraccess 8 | config: 9 | username: "{{ ansible_operator_meta.name }}" 10 | email: "user-sample@organization-sample.com" 11 | first_name: "user" 12 | last_name: "sample" 13 | 14 | -------------------------------------------------------------------------------- /config/samples/tower_v1alpha1_workflowjobtemplate.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tower.ansible.com/v1alpha1 2 | kind: WorkflowJobTemplate 3 | metadata: 4 | name: workflowjobtemplate-sample 5 | spec: 6 | foo: bar 7 | -------------------------------------------------------------------------------- /config/samples/tower_v1alpha1_workflowjobtemplatenode.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tower.ansible.com/v1alpha1 2 | kind: WorkflowJobTemplateNode 3 | metadata: 4 | name: workflowjobtemplatenode-sample 5 | spec: 6 | foo: bar 7 | -------------------------------------------------------------------------------- /config/samples/tower_v1alpha1_workflowtemplate.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tower.ansible.com/v1alpha1 2 | kind: WorkflowTemplate 3 | metadata: 4 | name: workflowtemplate-sample 5 | spec: 6 | foo: bar 7 | -------------------------------------------------------------------------------- /config/scorecard/bases/config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: scorecard.operatorframework.io/v1alpha3 2 | kind: Configuration 3 | metadata: 4 | name: config 5 | stages: 6 | - parallel: true 7 | tests: [] 8 | -------------------------------------------------------------------------------- /config/scorecard/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - bases/config.yaml 3 | patchesJson6902: 4 | - path: patches/basic.config.yaml 5 | target: 6 | group: scorecard.operatorframework.io 7 | version: v1alpha3 8 | kind: Configuration 9 | name: config 10 | - path: patches/olm.config.yaml 11 | target: 12 | group: scorecard.operatorframework.io 13 | version: v1alpha3 14 | kind: Configuration 15 | name: config 16 | # +kubebuilder:scaffold:patchesJson6902 17 | -------------------------------------------------------------------------------- /config/scorecard/patches/basic.config.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /stages/0/tests/- 3 | value: 4 | entrypoint: 5 | - scorecard-test 6 | - basic-check-spec 7 | image: quay.io/operator-framework/scorecard-test:v1.2.0 8 | labels: 9 | suite: basic 10 | test: basic-check-spec-test 11 | -------------------------------------------------------------------------------- /config/scorecard/patches/olm.config.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /stages/0/tests/- 3 | value: 4 | entrypoint: 5 | - scorecard-test 6 | - olm-bundle-validation 7 | image: quay.io/operator-framework/scorecard-test:v1.2.0 8 | labels: 9 | suite: olm 10 | test: olm-bundle-validation-test 11 | - op: add 12 | path: /stages/0/tests/- 13 | value: 14 | entrypoint: 15 | - scorecard-test 16 | - olm-crds-have-validation 17 | image: quay.io/operator-framework/scorecard-test:v1.2.0 18 | labels: 19 | suite: olm 20 | test: olm-crds-have-validation-test 21 | - op: add 22 | path: /stages/0/tests/- 23 | value: 24 | entrypoint: 25 | - scorecard-test 26 | - olm-crds-have-resources 27 | image: quay.io/operator-framework/scorecard-test:v1.2.0 28 | labels: 29 | suite: olm 30 | test: olm-crds-have-resources-test 31 | - op: add 32 | path: /stages/0/tests/- 33 | value: 34 | entrypoint: 35 | - scorecard-test 36 | - olm-spec-descriptors 37 | image: quay.io/operator-framework/scorecard-test:v1.2.0 38 | labels: 39 | suite: olm 40 | test: olm-spec-descriptors-test 41 | - op: add 42 | path: /stages/0/tests/- 43 | value: 44 | entrypoint: 45 | - scorecard-test 46 | - olm-status-descriptors 47 | image: quay.io/operator-framework/scorecard-test:v1.2.0 48 | labels: 49 | suite: olm 50 | test: olm-status-descriptors-test 51 | -------------------------------------------------------------------------------- /config/testing/debug_logs_patch.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: controller-manager 6 | namespace: system 7 | spec: 8 | template: 9 | spec: 10 | containers: 11 | - name: manager 12 | env: 13 | - name: ANSIBLE_DEBUG_LOGS 14 | value: "TRUE" 15 | -------------------------------------------------------------------------------- /config/testing/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Adds namespace to all resources. 2 | namespace: osdk-test 3 | 4 | namePrefix: osdk- 5 | 6 | # Labels to add to all resources and selectors. 7 | #commonLabels: 8 | # someName: someValue 9 | 10 | patchesStrategicMerge: 11 | - manager_image.yaml 12 | - debug_logs_patch.yaml 13 | - ../default/manager_auth_proxy_patch.yaml 14 | 15 | apiVersion: kustomize.config.k8s.io/v1beta1 16 | kind: Kustomization 17 | resources: 18 | - ../crd 19 | - ../rbac 20 | - ../manager 21 | images: 22 | - name: testing 23 | newName: testing-operator 24 | -------------------------------------------------------------------------------- /config/testing/manager_image.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: controller-manager 6 | namespace: system 7 | spec: 8 | template: 9 | spec: 10 | containers: 11 | - name: manager 12 | image: testing 13 | -------------------------------------------------------------------------------- /config/testing/pull_policy/Always.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: controller-manager 6 | namespace: system 7 | spec: 8 | template: 9 | spec: 10 | containers: 11 | - name: manager 12 | imagePullPolicy: Always 13 | -------------------------------------------------------------------------------- /config/testing/pull_policy/IfNotPresent.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: controller-manager 6 | namespace: system 7 | spec: 8 | template: 9 | spec: 10 | containers: 11 | - name: manager 12 | imagePullPolicy: IfNotPresent 13 | -------------------------------------------------------------------------------- /config/testing/pull_policy/Never.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: controller-manager 6 | namespace: system 7 | spec: 8 | template: 9 | spec: 10 | containers: 11 | - name: manager 12 | imagePullPolicy: Never 13 | -------------------------------------------------------------------------------- /molecule/default/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: localhost 4 | connection: local 5 | gather_facts: no 6 | collections: 7 | - community.kubernetes 8 | 9 | tasks: 10 | - name: Create Namespace 11 | k8s: 12 | api_version: v1 13 | kind: Namespace 14 | name: '{{ namespace }}' 15 | 16 | - import_tasks: kustomize.yml 17 | vars: 18 | state: present 19 | -------------------------------------------------------------------------------- /molecule/default/create.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create 3 | hosts: localhost 4 | connection: local 5 | gather_facts: false 6 | tasks: [] 7 | -------------------------------------------------------------------------------- /molecule/default/destroy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Destroy 3 | hosts: localhost 4 | connection: local 5 | gather_facts: false 6 | collections: 7 | - community.kubernetes 8 | 9 | tasks: 10 | - import_tasks: kustomize.yml 11 | vars: 12 | state: absent 13 | 14 | - name: Destroy Namespace 15 | k8s: 16 | api_version: v1 17 | kind: Namespace 18 | name: '{{ namespace }}' 19 | state: absent 20 | 21 | - name: Unset pull policy 22 | command: '{{ kustomize }} edit remove patch pull_policy/{{ operator_pull_policy }}.yaml' 23 | args: 24 | chdir: '{{ config_dir }}/testing' 25 | -------------------------------------------------------------------------------- /molecule/default/kustomize.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Build kustomize testing overlay 3 | # load_restrictor must be set to none so we can load patch files from the default overlay 4 | command: '{{ kustomize }} build --load_restrictor none .' 5 | args: 6 | chdir: '{{ config_dir }}/testing' 7 | register: resources 8 | changed_when: false 9 | 10 | - name: Set resources to {{ state }} 11 | k8s: 12 | definition: '{{ item }}' 13 | state: '{{ state }}' 14 | wait: yes 15 | loop: '{{ resources.stdout | from_yaml_all | list }}' 16 | -------------------------------------------------------------------------------- /molecule/default/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | driver: 5 | name: delegated 6 | lint: | 7 | set -e 8 | yamllint -d "{extends: relaxed, rules: {line-length: {max: 120}}}" . 9 | platforms: 10 | - name: cluster 11 | groups: 12 | - k8s 13 | provisioner: 14 | name: ansible 15 | lint: | 16 | set -e 17 | ansible-lint 18 | inventory: 19 | group_vars: 20 | all: 21 | namespace: ${TEST_OPERATOR_NAMESPACE:-osdk-test} 22 | host_vars: 23 | localhost: 24 | ansible_python_interpreter: '{{ ansible_playbook_python }}' 25 | config_dir: ${MOLECULE_PROJECT_DIRECTORY}/config 26 | samples_dir: ${MOLECULE_PROJECT_DIRECTORY}/config/samples 27 | operator_image: ${OPERATOR_IMAGE:-""} 28 | operator_pull_policy: ${OPERATOR_PULL_POLICY:-"Always"} 29 | kustomize: ${KUSTOMIZE_PATH:-kustomize} 30 | env: 31 | K8S_AUTH_KUBECONFIG: ${KUBECONFIG:-"~/.kube/config"} 32 | verifier: 33 | name: ansible 34 | lint: | 35 | set -e 36 | ansible-lint 37 | -------------------------------------------------------------------------------- /molecule/default/prepare.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Prepare 3 | hosts: localhost 4 | connection: local 5 | gather_facts: false 6 | 7 | tasks: 8 | - name: Ensure operator image is set 9 | fail: 10 | msg: | 11 | You must specify the OPERATOR_IMAGE environment variable in order to run the 12 | 'default' scenario 13 | when: not operator_image 14 | 15 | - name: Set testing image 16 | command: '{{ kustomize }} edit set image testing={{ operator_image }}' 17 | args: 18 | chdir: '{{ config_dir }}/testing' 19 | 20 | - name: Set pull policy 21 | command: '{{ kustomize }} edit add patch pull_policy/{{ operator_pull_policy }}.yaml' 22 | args: 23 | chdir: '{{ config_dir }}/testing' 24 | 25 | - name: Set testing namespace 26 | command: '{{ kustomize }} edit set namespace {{ namespace }}' 27 | args: 28 | chdir: '{{ config_dir }}/testing' 29 | -------------------------------------------------------------------------------- /molecule/default/tasks/credential_test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create the tower.ansible.com/v1alpha1.Credential 3 | k8s: 4 | state: present 5 | namespace: '{{ namespace }}' 6 | definition: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}" 7 | wait: yes 8 | wait_timeout: 300 9 | wait_condition: 10 | type: Running 11 | reason: Successful 12 | status: "True" 13 | vars: 14 | cr_file: 'tower_v1alpha1_credential.yaml' 15 | 16 | - name: Add assertions here 17 | assert: 18 | that: false 19 | fail_msg: FIXME Add real assertions for your operator 20 | -------------------------------------------------------------------------------- /molecule/default/tasks/credentialinputsource_test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create the tower.ansible.com/v1alpha1.CredentialInputSource 3 | k8s: 4 | state: present 5 | namespace: '{{ namespace }}' 6 | definition: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}" 7 | wait: yes 8 | wait_timeout: 300 9 | wait_condition: 10 | type: Running 11 | reason: Successful 12 | status: "True" 13 | vars: 14 | cr_file: 'tower_v1alpha1_credentialinputsource.yaml' 15 | 16 | - name: Add assertions here 17 | assert: 18 | that: false 19 | fail_msg: FIXME Add real assertions for your operator 20 | -------------------------------------------------------------------------------- /molecule/default/tasks/credentialtype_test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create the tower.ansible.com/v1alpha1.CredentialType 3 | k8s: 4 | state: present 5 | namespace: '{{ namespace }}' 6 | definition: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}" 7 | wait: yes 8 | wait_timeout: 300 9 | wait_condition: 10 | type: Running 11 | reason: Successful 12 | status: "True" 13 | vars: 14 | cr_file: 'tower_v1alpha1_credentialtype.yaml' 15 | 16 | - name: Add assertions here 17 | assert: 18 | that: false 19 | fail_msg: FIXME Add real assertions for your operator 20 | -------------------------------------------------------------------------------- /molecule/default/tasks/group_test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create the tower.ansible.com/v1alpha1.Group 3 | k8s: 4 | state: present 5 | namespace: '{{ namespace }}' 6 | definition: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}" 7 | wait: yes 8 | wait_timeout: 300 9 | wait_condition: 10 | type: Running 11 | reason: Successful 12 | status: "True" 13 | vars: 14 | cr_file: 'tower_v1alpha1_group.yaml' 15 | 16 | - name: Add assertions here 17 | assert: 18 | that: false 19 | fail_msg: FIXME Add real assertions for your operator 20 | -------------------------------------------------------------------------------- /molecule/default/tasks/host_test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create the tower.ansible.com/v1alpha1.Host 3 | k8s: 4 | state: present 5 | namespace: '{{ namespace }}' 6 | definition: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}" 7 | wait: yes 8 | wait_timeout: 300 9 | wait_condition: 10 | type: Running 11 | reason: Successful 12 | status: "True" 13 | vars: 14 | cr_file: 'tower_v1alpha1_host.yaml' 15 | 16 | - name: Add assertions here 17 | assert: 18 | that: false 19 | fail_msg: FIXME Add real assertions for your operator 20 | -------------------------------------------------------------------------------- /molecule/default/tasks/inventory_test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create the tower.ansible.com/v1alpha1.Inventory 3 | k8s: 4 | state: present 5 | namespace: '{{ namespace }}' 6 | definition: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}" 7 | wait: yes 8 | wait_timeout: 300 9 | wait_condition: 10 | type: Running 11 | reason: Successful 12 | status: "True" 13 | vars: 14 | cr_file: 'tower_v1alpha1_inventory.yaml' 15 | 16 | - name: Add assertions here 17 | assert: 18 | that: false 19 | fail_msg: FIXME Add real assertions for your operator 20 | -------------------------------------------------------------------------------- /molecule/default/tasks/inventorysource_test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create the tower.ansible.com/v1alpha1.InventorySource 3 | k8s: 4 | state: present 5 | namespace: '{{ namespace }}' 6 | definition: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}" 7 | wait: yes 8 | wait_timeout: 300 9 | wait_condition: 10 | type: Running 11 | reason: Successful 12 | status: "True" 13 | vars: 14 | cr_file: 'tower_v1alpha1_inventorysource.yaml' 15 | 16 | - name: Add assertions here 17 | assert: 18 | that: false 19 | fail_msg: FIXME Add real assertions for your operator 20 | -------------------------------------------------------------------------------- /molecule/default/tasks/joblaunch_test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create the tower.ansible.com/v1alpha1.JobLaunch 3 | k8s: 4 | state: present 5 | namespace: '{{ namespace }}' 6 | definition: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}" 7 | wait: yes 8 | wait_timeout: 300 9 | wait_condition: 10 | type: Running 11 | reason: Successful 12 | status: "True" 13 | vars: 14 | cr_file: 'tower_v1alpha1_joblaunch.yaml' 15 | 16 | - name: Add assertions here 17 | assert: 18 | that: false 19 | fail_msg: FIXME Add real assertions for your operator 20 | -------------------------------------------------------------------------------- /molecule/default/tasks/jobtemplate_test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create the tower.ansible.com/v1alpha1.JobTemplate 3 | k8s: 4 | state: present 5 | namespace: '{{ namespace }}' 6 | definition: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}" 7 | wait: yes 8 | wait_timeout: 300 9 | wait_condition: 10 | type: Running 11 | reason: Successful 12 | status: "True" 13 | vars: 14 | cr_file: 'tower_v1alpha1_jobtemplate.yaml' 15 | 16 | - name: Add assertions here 17 | assert: 18 | that: false 19 | fail_msg: FIXME Add real assertions for your operator 20 | -------------------------------------------------------------------------------- /molecule/default/tasks/module_test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create the tower.ansible.com/v1alpha1.Module 3 | k8s: 4 | state: present 5 | namespace: '{{ namespace }}' 6 | definition: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}" 7 | wait: yes 8 | wait_timeout: "300" 9 | wait_condition: 10 | type: "Running" 11 | reason: "Successful" 12 | status: "True" 13 | vars: 14 | cr_file: 'tower_v1alpha1_module.yaml' 15 | 16 | - name: Add assertions here 17 | assert: 18 | that: "false" 19 | fail_msg: FIXME Add real assertions for your operator 20 | -------------------------------------------------------------------------------- /molecule/default/tasks/notification_test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create the tower.ansible.com/v1alpha1.Notification 3 | k8s: 4 | state: present 5 | namespace: '{{ namespace }}' 6 | definition: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}" 7 | wait: yes 8 | wait_timeout: 300 9 | wait_condition: 10 | type: Running 11 | reason: Successful 12 | status: "True" 13 | vars: 14 | cr_file: 'tower_v1alpha1_notification.yaml' 15 | 16 | - name: Add assertions here 17 | assert: 18 | that: false 19 | fail_msg: FIXME Add real assertions for your operator 20 | -------------------------------------------------------------------------------- /molecule/default/tasks/organization_test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create the tower.ansible.com/v1alpha1.Organization 3 | k8s: 4 | state: present 5 | namespace: '{{ namespace }}' 6 | definition: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}" 7 | wait: yes 8 | wait_timeout: 300 9 | wait_condition: 10 | type: Running 11 | reason: Successful 12 | status: "True" 13 | vars: 14 | cr_file: 'tower_v1alpha1_organization.yaml' 15 | 16 | - name: Add assertions here 17 | assert: 18 | that: false 19 | fail_msg: FIXME Add real assertions for your operator 20 | -------------------------------------------------------------------------------- /molecule/default/tasks/project_test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create the tower.ansible.com/v1alpha1.Project 3 | k8s: 4 | state: present 5 | namespace: '{{ namespace }}' 6 | definition: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}" 7 | wait: yes 8 | wait_timeout: 300 9 | wait_condition: 10 | type: Running 11 | reason: Successful 12 | status: "True" 13 | vars: 14 | cr_file: 'tower_v1alpha1_project.yaml' 15 | 16 | - name: Add assertions here 17 | assert: 18 | that: false 19 | fail_msg: FIXME Add real assertions for your operator 20 | -------------------------------------------------------------------------------- /molecule/default/tasks/role_test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create the tower.ansible.com/v1alpha1.Role 3 | k8s: 4 | state: present 5 | namespace: '{{ namespace }}' 6 | definition: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}" 7 | wait: yes 8 | wait_timeout: 300 9 | wait_condition: 10 | type: Running 11 | reason: Successful 12 | status: "True" 13 | vars: 14 | cr_file: 'tower_v1alpha1_role.yaml' 15 | 16 | - name: Add assertions here 17 | assert: 18 | that: false 19 | fail_msg: FIXME Add real assertions for your operator 20 | -------------------------------------------------------------------------------- /molecule/default/tasks/schedule_test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create the tower.ansible.com/v1alpha1.Schedule 3 | k8s: 4 | state: present 5 | namespace: '{{ namespace }}' 6 | definition: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}" 7 | wait: yes 8 | wait_timeout: 300 9 | wait_condition: 10 | type: Running 11 | reason: Successful 12 | status: "True" 13 | vars: 14 | cr_file: 'tower_v1alpha1_schedule.yaml' 15 | 16 | - name: Add assertions here 17 | assert: 18 | that: false 19 | fail_msg: FIXME Add real assertions for your operator 20 | -------------------------------------------------------------------------------- /molecule/default/tasks/team_test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create the tower.ansible.com/v1alpha1.Team 3 | k8s: 4 | state: present 5 | namespace: '{{ namespace }}' 6 | definition: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}" 7 | wait: yes 8 | wait_timeout: 300 9 | wait_condition: 10 | type: Running 11 | reason: Successful 12 | status: "True" 13 | vars: 14 | cr_file: 'tower_v1alpha1_team.yaml' 15 | 16 | - name: Add assertions here 17 | assert: 18 | that: false 19 | fail_msg: FIXME Add real assertions for your operator 20 | -------------------------------------------------------------------------------- /molecule/default/tasks/user_test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create the tower.ansible.com/v1alpha1.User 3 | k8s: 4 | state: present 5 | namespace: '{{ namespace }}' 6 | definition: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}" 7 | wait: yes 8 | wait_timeout: 300 9 | wait_condition: 10 | type: Running 11 | reason: Successful 12 | status: "True" 13 | vars: 14 | cr_file: 'tower_v1alpha1_user.yaml' 15 | 16 | - name: Add assertions here 17 | assert: 18 | that: false 19 | fail_msg: FIXME Add real assertions for your operator 20 | -------------------------------------------------------------------------------- /molecule/default/tasks/workflowjobtemplate_test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create the tower.ansible.com/v1alpha1.WorkflowJobTemplate 3 | k8s: 4 | state: present 5 | namespace: '{{ namespace }}' 6 | definition: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}" 7 | wait: yes 8 | wait_timeout: 300 9 | wait_condition: 10 | type: Running 11 | reason: Successful 12 | status: "True" 13 | vars: 14 | cr_file: 'tower_v1alpha1_workflowjobtemplate.yaml' 15 | 16 | - name: Add assertions here 17 | assert: 18 | that: false 19 | fail_msg: FIXME Add real assertions for your operator 20 | -------------------------------------------------------------------------------- /molecule/default/tasks/workflowjobtemplatenode_test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create the tower.ansible.com/v1alpha1.WorkflowJobTemplateNode 3 | k8s: 4 | state: present 5 | namespace: '{{ namespace }}' 6 | definition: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}" 7 | wait: yes 8 | wait_timeout: 300 9 | wait_condition: 10 | type: Running 11 | reason: Successful 12 | status: "True" 13 | vars: 14 | cr_file: 'tower_v1alpha1_workflowjobtemplatenode.yaml' 15 | 16 | - name: Add assertions here 17 | assert: 18 | that: false 19 | fail_msg: FIXME Add real assertions for your operator 20 | -------------------------------------------------------------------------------- /molecule/default/tasks/workflowtemplate_test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create the tower.ansible.com/v1alpha1.WorkflowTemplate 3 | k8s: 4 | state: present 5 | namespace: '{{ namespace }}' 6 | definition: "{{ lookup('template', '/'.join([samples_dir, cr_file])) | from_yaml }}" 7 | wait: yes 8 | wait_timeout: 300 9 | wait_condition: 10 | type: Running 11 | reason: Successful 12 | status: "True" 13 | vars: 14 | cr_file: 'tower_v1alpha1_workflowtemplate.yaml' 15 | 16 | - name: Add assertions here 17 | assert: 18 | that: false 19 | fail_msg: FIXME Add real assertions for your operator 20 | -------------------------------------------------------------------------------- /molecule/default/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Verify 3 | hosts: localhost 4 | connection: local 5 | gather_facts: no 6 | collections: 7 | - community.kubernetes 8 | 9 | vars: 10 | ctrl_label: control-plane=controller-manager 11 | 12 | tasks: 13 | - block: 14 | - name: Import all test files from tasks/ 15 | include_tasks: '{{ item }}' 16 | with_fileglob: 17 | - tasks/*_test.yml 18 | rescue: 19 | - name: Retrieve relevant resources 20 | k8s_info: 21 | api_version: '{{ item.api_version }}' 22 | kind: '{{ item.kind }}' 23 | namespace: '{{ namespace }}' 24 | loop: 25 | - api_version: v1 26 | kind: Pod 27 | - api_version: apps/v1 28 | kind: Deployment 29 | - api_version: v1 30 | kind: Secret 31 | - api_version: v1 32 | kind: ConfigMap 33 | register: debug_resources 34 | 35 | - name: Retrieve Pod logs 36 | k8s_log: 37 | name: '{{ item.metadata.name }}' 38 | namespace: '{{ namespace }}' 39 | container: manager 40 | loop: "{{ q('k8s', api_version='v1', kind='Pod', namespace=namespace, label_selector=ctrl_label) }}" 41 | register: debug_logs 42 | 43 | - name: Output gathered resources 44 | debug: 45 | var: debug_resources 46 | 47 | - name: Output gathered logs 48 | debug: 49 | var: item.log_lines 50 | loop: '{{ debug_logs.results }}' 51 | 52 | - name: Re-emit failure 53 | vars: 54 | failed_task: 55 | result: '{{ ansible_failed_result }}' 56 | fail: 57 | msg: '{{ failed_task }}' 58 | -------------------------------------------------------------------------------- /molecule/kind/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: localhost 4 | connection: local 5 | gather_facts: no 6 | 7 | tasks: 8 | - name: Build operator image 9 | docker_image: 10 | build: 11 | path: '{{ project_dir }}' 12 | pull: no 13 | name: '{{ operator_image }}' 14 | tag: latest 15 | push: no 16 | source: build 17 | force_source: yes 18 | 19 | - name: Load image into kind cluster 20 | command: kind load docker-image --name osdk-test '{{ operator_image }}' 21 | register: result 22 | changed_when: '"not yet present" in result.stdout' 23 | 24 | - import_playbook: ../default/converge.yml 25 | -------------------------------------------------------------------------------- /molecule/kind/create.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create 3 | hosts: localhost 4 | connection: local 5 | gather_facts: false 6 | tasks: 7 | - name: Create test kind cluster 8 | command: kind create cluster --name osdk-test --kubeconfig {{ kubeconfig }} 9 | -------------------------------------------------------------------------------- /molecule/kind/destroy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Destroy 3 | hosts: localhost 4 | connection: local 5 | gather_facts: false 6 | collections: 7 | - community.kubernetes 8 | 9 | tasks: 10 | - name: Destroy test kind cluster 11 | command: kind delete cluster --name osdk-test --kubeconfig {{ kubeconfig }} 12 | 13 | - name: Unset pull policy 14 | command: '{{ kustomize }} edit remove patch pull_policy/{{ operator_pull_policy }}.yaml' 15 | args: 16 | chdir: '{{ config_dir }}/testing' 17 | -------------------------------------------------------------------------------- /molecule/kind/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | driver: 5 | name: delegated 6 | lint: | 7 | set -e 8 | yamllint -d "{extends: relaxed, rules: {line-length: {max: 120}}}" . 9 | platforms: 10 | - name: cluster 11 | groups: 12 | - k8s 13 | provisioner: 14 | name: ansible 15 | playbooks: 16 | prepare: ../default/prepare.yml 17 | verify: ../default/verify.yml 18 | lint: | 19 | set -e 20 | ansible-lint 21 | inventory: 22 | group_vars: 23 | all: 24 | namespace: ${TEST_OPERATOR_NAMESPACE:-osdk-test} 25 | host_vars: 26 | localhost: 27 | ansible_python_interpreter: '{{ ansible_playbook_python }}' 28 | config_dir: ${MOLECULE_PROJECT_DIRECTORY}/config 29 | samples_dir: ${MOLECULE_PROJECT_DIRECTORY}/config/samples 30 | project_dir: ${MOLECULE_PROJECT_DIRECTORY} 31 | operator_image: testing-operator 32 | operator_pull_policy: "Never" 33 | kubeconfig: "{{ lookup('env', 'KUBECONFIG') }}" 34 | kustomize: ${KUSTOMIZE_PATH:-kustomize} 35 | env: 36 | K8S_AUTH_KUBECONFIG: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig 37 | KUBECONFIG: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig 38 | verifier: 39 | name: ansible 40 | lint: | 41 | set -e 42 | ansible-lint 43 | -------------------------------------------------------------------------------- /playbooks/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/victorock/ansible-operator-tower-config/202bc8957dcef340e98ae25a61cab77f6c1d2f95/playbooks/.placeholder -------------------------------------------------------------------------------- /requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | collections: 3 | - name: awx.awx 4 | version: ">=13.0.0" 5 | - name: community.kubernetes 6 | version: "<1.0.0" 7 | - name: operator_sdk.util 8 | -------------------------------------------------------------------------------- /roles/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/victorock/ansible-operator-tower-config/202bc8957dcef340e98ae25a61cab77f6c1d2f95/roles/.placeholder -------------------------------------------------------------------------------- /roles/credential/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ## { "ansible_operator_meta": { 3 | ## "name": , 4 | ## "namespace": , 5 | ## }, 6 | ## , 7 | ## , 8 | ## , 9 | ## __: { 10 | ## as is 11 | ## } 12 | ## ___spec: { 13 | ## as is 14 | ## } 15 | ## } 16 | # yamllint disable-line rule:line-length 17 | credential_kind: "Credential" 18 | # yamllint disable-line rule:line-length 19 | credential_api_group: "tower.ansible.com" 20 | # yamllint disable-line rule:line-length 21 | credential_api_version: "v1alpha1" 22 | # yamllint disable-line rule:line-length 23 | credential_finalize_state: "{{ finalize_state | default('present', true) }}" 24 | # yamllint disable-line rule:line-length 25 | credential_metadata_name: "{{ ansible_operator_meta.name }}" 26 | # yamllint disable-line rule:line-length 27 | credential_metadata_namespace: "{{ ansible_operator_meta.namespace }}" 28 | # yamllint disable-line rule:line-length 29 | credential_module_name: "tower_credential" 30 | # yamllint disable-line rule:line-length 31 | credential_spec: "{{ _tower_ansible_com_credential.spec }}" 32 | # yamllint disable-line rule:line-length 33 | credential_spec_collection: "{{ credential_spec.collection | default('awx.awx') }}" 34 | # yamllint disable-line rule:line-length 35 | credential_spec_config: "{{ credential_spec.config | combine({'state': credential_finalize_state}) }}" 36 | # yamllint disable-line rule:line-length 37 | credential_spec_secret: "{{ credential_spec.secret | mandatory }}" 38 | -------------------------------------------------------------------------------- /roles/credential/tasks/absent.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "credential: absent" 3 | include_role: 4 | name: "module" 5 | vars: 6 | # yamllint disable-line rule:line-length 7 | module_kind: "{{ credential_kind }}" 8 | # yamllint disable-line rule:line-length 9 | module_api_group: "{{ credential_api_group }}" 10 | # yamllint disable-line rule:line-length 11 | module_api_version: "{{ credential_api_version }}" 12 | # yamllint disable-line rule:line-length 13 | module_finalize: "{{ credential_finalize }}" 14 | # yamllint disable-line rule:line-length 15 | module_metadata_namespace: "{{ credential_metadata_namespace }}" 16 | # yamllint disable-line rule:line-length 17 | module_metadata_name: "{{ credential_metadata_name }}" 18 | # yamllint disable-line rule:line-length 19 | module_spec: "{{ credential_spec }}" 20 | # yamllint disable-line rule:line-length 21 | module_spec_collection: "{{ credential_spec_collection }}" 22 | # yamllint disable-line rule:line-length 23 | module_spec_name: "{{ credential_module_name }}" 24 | # yamllint disable-line rule:line-length 25 | module_spec_parameters: "{{ credential_spec_config }}" 26 | # yamllint disable-line rule:line-length 27 | module_spec_secret: "{{ credential_spec_secret }}" 28 | -------------------------------------------------------------------------------- /roles/credential/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Assert variables" 3 | assert: 4 | that: 5 | - credential_kind is defined 6 | - credential_kind is string 7 | - credential_api_group is defined 8 | - credential_api_group is string 9 | - credential_api_version is defined 10 | - credential_api_version is string 11 | - credential_finalize_state is defined 12 | - credential_finalize_state is in ['present', 'absent'] 13 | - credential_metadata_name is defined 14 | - credential_metadata_name is string 15 | - credential_metadata_namespace is defined 16 | - credential_metadata_namespace is string 17 | - credential_module_name is defined 18 | - credential_module_name is in [ 'tower_credential' ] 19 | - credential_spec is defined 20 | - credential_spec is mapping 21 | - credential_spec_collection is defined 22 | - credential_spec_collection is in ['awx.awx', 'ansible.tower'] 23 | - credential_spec_config is defined 24 | - credential_spec_config is mapping 25 | 26 | - name: "credential: Calling desired state specific tasks" 27 | include_tasks: "{{ credential_spec_config.state | default('present') }}.yml" 28 | -------------------------------------------------------------------------------- /roles/credential/tasks/present.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "credential: present" 3 | include_role: 4 | name: "module" 5 | vars: 6 | # yamllint disable-line rule:line-length 7 | module_kind: "{{ credential_kind }}" 8 | # yamllint disable-line rule:line-length 9 | module_api_group: "{{ credential_api_group }}" 10 | # yamllint disable-line rule:line-length 11 | module_api_version: "{{ credential_api_version }}" 12 | # yamllint disable-line rule:line-length 13 | module_finalize: "{{ credential_finalize }}" 14 | # yamllint disable-line rule:line-length 15 | module_metadata_namespace: "{{ credential_metadata_namespace }}" 16 | # yamllint disable-line rule:line-length 17 | module_metadata_name: "{{ credential_metadata_name }}" 18 | # yamllint disable-line rule:line-length 19 | module_spec: "{{ credential_spec }}" 20 | # yamllint disable-line rule:line-length 21 | module_spec_collection: "{{ credential_spec_collection }}" 22 | # yamllint disable-line rule:line-length 23 | module_spec_name: "{{ credential_module_name }}" 24 | # yamllint disable-line rule:line-length 25 | module_spec_parameters: "{{ credential_spec_config }}" 26 | # yamllint disable-line rule:line-length 27 | module_spec_secret: "{{ credential_spec_secret }}" 28 | -------------------------------------------------------------------------------- /roles/credentialinputsource/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ## { "ansible_operator_meta": { 3 | ## "name": , 4 | ## "namespace": , 5 | ## }, 6 | ## , 7 | ## , 8 | ## , 9 | ## __: { 10 | ## as is 11 | ## } 12 | ## ___spec: { 13 | ## as is 14 | ## } 15 | ## } 16 | # yamllint disable-line rule:line-length 17 | credentialinputsource_kind: "CredentialInputSource" 18 | # yamllint disable-line rule:line-length 19 | credentialinputsource_api_group: "tower.ansible.com" 20 | # yamllint disable-line rule:line-length 21 | credentialinputsource_api_version: "v1alpha1" 22 | # yamllint disable-line rule:line-length 23 | credentialinputsource_finalize_state: "{{ finalize_state | default('present', true) }}" 24 | # yamllint disable-line rule:line-length 25 | credentialinputsource_metadata_name: "{{ ansible_operator_meta.name }}" 26 | # yamllint disable-line rule:line-length 27 | credentialinputsource_metadata_namespace: "{{ ansible_operator_meta.namespace }}" 28 | # yamllint disable-line rule:line-length 29 | credentialinputsource_module_name: "tower_credential_input_source" 30 | # yamllint disable-line rule:line-length 31 | credentialinputsource_spec: "{{ _tower_ansible_com_credentialinputsource.spec }}" 32 | # yamllint disable-line rule:line-length 33 | credentialinputsource_spec_collection: "{{ credentialinputsource_spec.collection | default('awx.awx') }}" 34 | # yamllint disable-line rule:line-length 35 | credentialinputsource_spec_config: "{{ credentialinputsource_spec.config | combine({'state': credentialinputsource_finalize_state}) }}" 36 | # yamllint disable-line rule:line-length 37 | credentialinputsource_spec_secret: "{{ credentialinputsource_spec.secret | mandatory }}" 38 | -------------------------------------------------------------------------------- /roles/credentialinputsource/tasks/absent.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "credentialinputsource: absent" 3 | include_role: 4 | name: "module" 5 | vars: 6 | # yamllint disable-line rule:line-length 7 | module_kind: "{{ credentialinputsource_kind }}" 8 | # yamllint disable-line rule:line-length 9 | module_api_group: "{{ credentialinputsource_api_group }}" 10 | # yamllint disable-line rule:line-length 11 | module_api_version: "{{ credentialinputsource_api_version }}" 12 | # yamllint disable-line rule:line-length 13 | module_finalize: "{{ credentialinputsource_finalize }}" 14 | # yamllint disable-line rule:line-length 15 | module_metadata_namespace: "{{ credentialinputsource_metadata_namespace }}" 16 | # yamllint disable-line rule:line-length 17 | module_metadata_name: "{{ credentialinputsource_metadata_name }}" 18 | # yamllint disable-line rule:line-length 19 | module_spec: "{{ credentialinputsource_spec }}" 20 | # yamllint disable-line rule:line-length 21 | module_spec_collection: "{{ credentialinputsource_spec_collection }}" 22 | # yamllint disable-line rule:line-length 23 | module_spec_name: "{{ credentialinputsource_module_name }}" 24 | # yamllint disable-line rule:line-length 25 | module_spec_parameters: "{{ credentialinputsource_spec_config }}" 26 | # yamllint disable-line rule:line-length 27 | module_spec_secret: "{{ credentialinputsource_spec_secret }}" 28 | -------------------------------------------------------------------------------- /roles/credentialinputsource/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Assert variables" 3 | assert: 4 | that: 5 | - credentialinputsource_kind is defined 6 | - credentialinputsource_kind is string 7 | - credentialinputsource_api_group is defined 8 | - credentialinputsource_api_group is string 9 | - credentialinputsource_api_version is defined 10 | - credentialinputsource_api_version is string 11 | - credentialinputsource_finalize_state is defined 12 | - credentialinputsource_finalize_state is in ['present', 'absent'] 13 | - credentialinputsource_metadata_name is defined 14 | - credentialinputsource_metadata_name is string 15 | - credentialinputsource_metadata_namespace is defined 16 | - credentialinputsource_metadata_namespace is string 17 | - credentialinputsource_module_name is defined 18 | - credentialinputsource_module_name is in [ 'tower_credential_input_source' ] 19 | - credentialinputsource_spec is defined 20 | - credentialinputsource_spec is mapping 21 | - credentialinputsource_spec_collection is defined 22 | - credentialinputsource_spec_collection is in ['awx.awx', 'ansible.tower'] 23 | - credentialinputsource_spec_config is defined 24 | - credentialinputsource_spec_config is mapping 25 | 26 | - name: "credentialinputsource: Calling desired state specific tasks" 27 | include_tasks: "{{ credentialinputsource_spec_config.state | default('present') }}.yml" 28 | -------------------------------------------------------------------------------- /roles/credentialinputsource/tasks/present.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "credentialinputsource: present" 3 | include_role: 4 | name: "module" 5 | vars: 6 | # yamllint disable-line rule:line-length 7 | module_kind: "{{ credentialinputsource_kind }}" 8 | # yamllint disable-line rule:line-length 9 | module_api_group: "{{ credentialinputsource_api_group }}" 10 | # yamllint disable-line rule:line-length 11 | module_api_version: "{{ credentialinputsource_api_version }}" 12 | # yamllint disable-line rule:line-length 13 | module_finalize: "{{ credentialinputsource_finalize }}" 14 | # yamllint disable-line rule:line-length 15 | module_metadata_namespace: "{{ credentialinputsource_metadata_namespace }}" 16 | # yamllint disable-line rule:line-length 17 | module_metadata_name: "{{ credentialinputsource_metadata_name }}" 18 | # yamllint disable-line rule:line-length 19 | module_spec: "{{ credentialinputsource_spec }}" 20 | # yamllint disable-line rule:line-length 21 | module_spec_collection: "{{ credentialinputsource_spec_collection }}" 22 | # yamllint disable-line rule:line-length 23 | module_spec_name: "{{ credentialinputsource_module_name }}" 24 | # yamllint disable-line rule:line-length 25 | module_spec_parameters: "{{ credentialinputsource_spec_config }}" 26 | # yamllint disable-line rule:line-length 27 | module_spec_secret: "{{ credentialinputsource_spec_secret }}" 28 | -------------------------------------------------------------------------------- /roles/credentialtype/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ## { "ansible_operator_meta": { 3 | ## "name": , 4 | ## "namespace": , 5 | ## }, 6 | ## , 7 | ## , 8 | ## , 9 | ## __: { 10 | ## as is 11 | ## } 12 | ## ___spec: { 13 | ## as is 14 | ## } 15 | ## } 16 | # yamllint disable-line rule:line-length 17 | credentialtype_kind: "CredentialType" 18 | # yamllint disable-line rule:line-length 19 | credentialtype_api_group: "tower.ansible.com" 20 | # yamllint disable-line rule:line-length 21 | credentialtype_api_version: "v1alpha1" 22 | # yamllint disable-line rule:line-length 23 | credentialtype_finalize_state: "{{ finalize_state | default('present', true) }}" 24 | # yamllint disable-line rule:line-length 25 | credentialtype_metadata_name: "{{ ansible_operator_meta.name }}" 26 | # yamllint disable-line rule:line-length 27 | credentialtype_metadata_namespace: "{{ ansible_operator_meta.namespace }}" 28 | # yamllint disable-line rule:line-length 29 | credentialtype_module_name: "tower_credential_type" 30 | # yamllint disable-line rule:line-length 31 | credentialtype_spec: "{{ _tower_ansible_com_credentialtype.spec }}" 32 | # yamllint disable-line rule:line-length 33 | credentialtype_spec_collection: "{{ credentialtype_spec.collection | default('awx.awx') }}" 34 | # yamllint disable-line rule:line-length 35 | credentialtype_spec_config: "{{ credentialtype_spec.config | combine({'state': credentialtype_finalize_state}) }}" 36 | # yamllint disable-line rule:line-length 37 | credentialtype_spec_secret: "{{ credentialtype_spec.secret | mandatory }}" 38 | -------------------------------------------------------------------------------- /roles/credentialtype/tasks/absent.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "credentialtype: absent" 3 | include_role: 4 | name: "module" 5 | vars: 6 | # yamllint disable-line rule:line-length 7 | module_kind: "{{ credentialtype_kind }}" 8 | # yamllint disable-line rule:line-length 9 | module_api_group: "{{ credentialtype_api_group }}" 10 | # yamllint disable-line rule:line-length 11 | module_api_version: "{{ credentialtype_api_version }}" 12 | # yamllint disable-line rule:line-length 13 | module_finalize: "{{ credentialtype_finalize }}" 14 | # yamllint disable-line rule:line-length 15 | module_metadata_namespace: "{{ credentialtype_metadata_namespace }}" 16 | # yamllint disable-line rule:line-length 17 | module_metadata_name: "{{ credentialtype_metadata_name }}" 18 | # yamllint disable-line rule:line-length 19 | module_spec: "{{ credentialtype_spec }}" 20 | # yamllint disable-line rule:line-length 21 | module_spec_collection: "{{ credentialtype_spec_collection }}" 22 | # yamllint disable-line rule:line-length 23 | module_spec_name: "{{ credentialtype_module_name }}" 24 | # yamllint disable-line rule:line-length 25 | module_spec_parameters: "{{ credentialtype_spec_config }}" 26 | # yamllint disable-line rule:line-length 27 | module_spec_secret: "{{ credentialtype_spec_secret }}" 28 | -------------------------------------------------------------------------------- /roles/credentialtype/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Assert variables" 3 | assert: 4 | that: 5 | - credentialtype_kind is defined 6 | - credentialtype_kind is string 7 | - credentialtype_api_group is defined 8 | - credentialtype_api_group is string 9 | - credentialtype_api_version is defined 10 | - credentialtype_api_version is string 11 | - credentialtype_finalize_state is defined 12 | - credentialtype_finalize_state is in ['present', 'absent'] 13 | - credentialtype_metadata_name is defined 14 | - credentialtype_metadata_name is string 15 | - credentialtype_metadata_namespace is defined 16 | - credentialtype_metadata_namespace is string 17 | - credentialtype_module_name is defined 18 | - credentialtype_module_name is in [ 'tower_credential_type' ] 19 | - credentialtype_spec is defined 20 | - credentialtype_spec is mapping 21 | - credentialtype_spec_collection is defined 22 | - credentialtype_spec_collection is in ['awx.awx', 'ansible.tower'] 23 | - credentialtype_spec_config is defined 24 | - credentialtype_spec_config is mapping 25 | 26 | - name: "credentialtype: Calling desired state specific tasks" 27 | include_tasks: "{{ credentialtype_spec_config.state | default('present') }}.yml" 28 | -------------------------------------------------------------------------------- /roles/credentialtype/tasks/present.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "credentialtype: present" 3 | include_role: 4 | name: "module" 5 | vars: 6 | # yamllint disable-line rule:line-length 7 | module_kind: "{{ credentialtype_kind }}" 8 | # yamllint disable-line rule:line-length 9 | module_api_group: "{{ credentialtype_api_group }}" 10 | # yamllint disable-line rule:line-length 11 | module_api_version: "{{ credentialtype_api_version }}" 12 | # yamllint disable-line rule:line-length 13 | module_finalize: "{{ credentialtype_finalize }}" 14 | # yamllint disable-line rule:line-length 15 | module_metadata_namespace: "{{ credentialtype_metadata_namespace }}" 16 | # yamllint disable-line rule:line-length 17 | module_metadata_name: "{{ credentialtype_metadata_name }}" 18 | # yamllint disable-line rule:line-length 19 | module_spec: "{{ credentialtype_spec }}" 20 | # yamllint disable-line rule:line-length 21 | module_spec_collection: "{{ credentialtype_spec_collection }}" 22 | # yamllint disable-line rule:line-length 23 | module_spec_name: "{{ credentialtype_module_name }}" 24 | # yamllint disable-line rule:line-length 25 | module_spec_parameters: "{{ credentialtype_spec_config }}" 26 | # yamllint disable-line rule:line-length 27 | module_spec_secret: "{{ credentialtype_spec_secret }}" 28 | -------------------------------------------------------------------------------- /roles/group/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ## { "ansible_operator_meta": { 3 | ## "name": , 4 | ## "namespace": , 5 | ## }, 6 | ## , 7 | ## , 8 | ## , 9 | ## __: { 10 | ## as is 11 | ## } 12 | ## ___spec: { 13 | ## as is 14 | ## } 15 | ## } 16 | # yamllint disable-line rule:line-length 17 | group_kind: "Group" 18 | # yamllint disable-line rule:line-length 19 | group_api_group: "tower.ansible.com" 20 | # yamllint disable-line rule:line-length 21 | group_api_version: "v1alpha1" 22 | # yamllint disable-line rule:line-length 23 | group_finalize_state: "{{ finalize_state | default('present', true) }}" 24 | # yamllint disable-line rule:line-length 25 | group_metadata_name: "{{ ansible_operator_meta.name }}" 26 | # yamllint disable-line rule:line-length 27 | group_metadata_namespace: "{{ ansible_operator_meta.namespace }}" 28 | # yamllint disable-line rule:line-length 29 | group_module_name: "tower_group" 30 | # yamllint disable-line rule:line-length 31 | group_spec: "{{ _tower_ansible_com_group.spec }}" 32 | # yamllint disable-line rule:line-length 33 | group_spec_collection: "{{ group_spec.collection | default('awx.awx') }}" 34 | # yamllint disable-line rule:line-length 35 | group_spec_config: "{{ group_spec.config | combine({'state': group_finalize_state}) }}" 36 | # yamllint disable-line rule:line-length 37 | group_spec_secret: "{{ group_spec.secret | mandatory }}" 38 | -------------------------------------------------------------------------------- /roles/group/tasks/absent.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "group: absent" 3 | include_role: 4 | name: "module" 5 | vars: 6 | # yamllint disable-line rule:line-length 7 | module_kind: "{{ group_kind }}" 8 | # yamllint disable-line rule:line-length 9 | module_api_group: "{{ group_api_group }}" 10 | # yamllint disable-line rule:line-length 11 | module_api_version: "{{ group_api_version }}" 12 | # yamllint disable-line rule:line-length 13 | module_finalize: "{{ group_finalize }}" 14 | # yamllint disable-line rule:line-length 15 | module_metadata_namespace: "{{ group_metadata_namespace }}" 16 | # yamllint disable-line rule:line-length 17 | module_metadata_name: "{{ group_metadata_name }}" 18 | # yamllint disable-line rule:line-length 19 | module_spec: "{{ group_spec }}" 20 | # yamllint disable-line rule:line-length 21 | module_spec_collection: "{{ group_spec_collection }}" 22 | # yamllint disable-line rule:line-length 23 | module_spec_name: "{{ group_module_name }}" 24 | # yamllint disable-line rule:line-length 25 | module_spec_parameters: "{{ group_spec_config }}" 26 | # yamllint disable-line rule:line-length 27 | module_spec_secret: "{{ group_spec_secret }}" 28 | -------------------------------------------------------------------------------- /roles/group/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Assert variables" 3 | assert: 4 | that: 5 | - group_kind is defined 6 | - group_kind is string 7 | - group_api_group is defined 8 | - group_api_group is string 9 | - group_api_version is defined 10 | - group_api_version is string 11 | - group_finalize_state is defined 12 | - group_finalize_state is in ['present', 'absent'] 13 | - group_metadata_name is defined 14 | - group_metadata_name is string 15 | - group_metadata_namespace is defined 16 | - group_metadata_namespace is string 17 | - group_module_name is defined 18 | - group_module_name is in [ 'tower_group' ] 19 | - group_spec is defined 20 | - group_spec is mapping 21 | - group_spec_collection is defined 22 | - group_spec_collection is in ['awx.awx', 'ansible.tower'] 23 | - group_spec_config is defined 24 | - group_spec_config is mapping 25 | 26 | - name: "group: Calling desired state specific tasks" 27 | include_tasks: "{{ group_spec_config.state | default('present') }}.yml" 28 | -------------------------------------------------------------------------------- /roles/group/tasks/present.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "group: present" 3 | include_role: 4 | name: "module" 5 | vars: 6 | # yamllint disable-line rule:line-length 7 | module_kind: "{{ group_kind }}" 8 | # yamllint disable-line rule:line-length 9 | module_api_group: "{{ group_api_group }}" 10 | # yamllint disable-line rule:line-length 11 | module_api_version: "{{ group_api_version }}" 12 | # yamllint disable-line rule:line-length 13 | module_finalize: "{{ group_finalize }}" 14 | # yamllint disable-line rule:line-length 15 | module_metadata_namespace: "{{ group_metadata_namespace }}" 16 | # yamllint disable-line rule:line-length 17 | module_metadata_name: "{{ group_metadata_name }}" 18 | # yamllint disable-line rule:line-length 19 | module_spec: "{{ group_spec }}" 20 | # yamllint disable-line rule:line-length 21 | module_spec_collection: "{{ group_spec_collection }}" 22 | # yamllint disable-line rule:line-length 23 | module_spec_name: "{{ group_module_name }}" 24 | # yamllint disable-line rule:line-length 25 | module_spec_parameters: "{{ group_spec_config }}" 26 | # yamllint disable-line rule:line-length 27 | module_spec_secret: "{{ group_spec_secret }}" 28 | -------------------------------------------------------------------------------- /roles/host/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ## { "ansible_operator_meta": { 3 | ## "name": , 4 | ## "namespace": , 5 | ## }, 6 | ## , 7 | ## , 8 | ## , 9 | ## __: { 10 | ## as is 11 | ## } 12 | ## ___spec: { 13 | ## as is 14 | ## } 15 | ## } 16 | # yamllint disable-line rule:line-length 17 | host_kind: "Host" 18 | # yamllint disable-line rule:line-length 19 | host_api_group: "tower.ansible.com" 20 | # yamllint disable-line rule:line-length 21 | host_api_version: "v1alpha1" 22 | # yamllint disable-line rule:line-length 23 | host_finalize_state: "{{ finalize_state | default('present', true) }}" 24 | # yamllint disable-line rule:line-length 25 | host_metadata_name: "{{ ansible_operator_meta.name }}" 26 | # yamllint disable-line rule:line-length 27 | host_metadata_namespace: "{{ ansible_operator_meta.namespace }}" 28 | # yamllint disable-line rule:line-length 29 | host_module_name: "tower_host" 30 | # yamllint disable-line rule:line-length 31 | host_spec: "{{ _tower_ansible_com_host.spec }}" 32 | # yamllint disable-line rule:line-length 33 | host_spec_collection: "{{ host_spec.collection | default('awx.awx') }}" 34 | # yamllint disable-line rule:line-length 35 | host_spec_config: "{{ host_spec.config | combine({'state': host_finalize_state}) }}" 36 | # yamllint disable-line rule:line-length 37 | host_spec_secret: "{{ host_spec.secret | mandatory }}" 38 | -------------------------------------------------------------------------------- /roles/host/tasks/absent.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "host: absent" 3 | include_role: 4 | name: "module" 5 | vars: 6 | # yamllint disable-line rule:line-length 7 | module_kind: "{{ host_kind }}" 8 | # yamllint disable-line rule:line-length 9 | module_api_group: "{{ host_api_group }}" 10 | # yamllint disable-line rule:line-length 11 | module_api_version: "{{ host_api_version }}" 12 | # yamllint disable-line rule:line-length 13 | module_finalize: "{{ host_finalize }}" 14 | # yamllint disable-line rule:line-length 15 | module_metadata_namespace: "{{ host_metadata_namespace }}" 16 | # yamllint disable-line rule:line-length 17 | module_metadata_name: "{{ host_metadata_name }}" 18 | # yamllint disable-line rule:line-length 19 | module_spec: "{{ host_spec }}" 20 | # yamllint disable-line rule:line-length 21 | module_spec_collection: "{{ host_spec_collection }}" 22 | # yamllint disable-line rule:line-length 23 | module_spec_name: "{{ host_module_name }}" 24 | # yamllint disable-line rule:line-length 25 | module_spec_parameters: "{{ host_spec_config }}" 26 | # yamllint disable-line rule:line-length 27 | module_spec_secret: "{{ host_spec_secret }}" 28 | -------------------------------------------------------------------------------- /roles/host/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Assert variables" 3 | assert: 4 | that: 5 | - host_kind is defined 6 | - host_kind is string 7 | - host_api_group is defined 8 | - host_api_group is string 9 | - host_api_version is defined 10 | - host_api_version is string 11 | - host_finalize_state is defined 12 | - host_finalize_state is in ['present', 'absent'] 13 | - host_metadata_name is defined 14 | - host_metadata_name is string 15 | - host_metadata_namespace is defined 16 | - host_metadata_namespace is string 17 | - host_module_name is defined 18 | - host_module_name is in [ 'tower_host' ] 19 | - host_spec is defined 20 | - host_spec is mapping 21 | - host_spec_collection is defined 22 | - host_spec_collection is in ['awx.awx', 'ansible.tower'] 23 | - host_spec_config is defined 24 | - host_spec_config is mapping 25 | 26 | - name: "host: Calling desired state specific tasks" 27 | include_tasks: "{{ host_spec_config.state | default('present') }}.yml" 28 | -------------------------------------------------------------------------------- /roles/host/tasks/present.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "host: present" 3 | include_role: 4 | name: "module" 5 | vars: 6 | # yamllint disable-line rule:line-length 7 | module_kind: "{{ host_kind }}" 8 | # yamllint disable-line rule:line-length 9 | module_api_group: "{{ host_api_group }}" 10 | # yamllint disable-line rule:line-length 11 | module_api_version: "{{ host_api_version }}" 12 | # yamllint disable-line rule:line-length 13 | module_finalize: "{{ host_finalize }}" 14 | # yamllint disable-line rule:line-length 15 | module_metadata_namespace: "{{ host_metadata_namespace }}" 16 | # yamllint disable-line rule:line-length 17 | module_metadata_name: "{{ host_metadata_name }}" 18 | # yamllint disable-line rule:line-length 19 | module_spec: "{{ host_spec }}" 20 | # yamllint disable-line rule:line-length 21 | module_spec_collection: "{{ host_spec_collection }}" 22 | # yamllint disable-line rule:line-length 23 | module_spec_name: "{{ host_module_name }}" 24 | # yamllint disable-line rule:line-length 25 | module_spec_parameters: "{{ host_spec_config }}" 26 | # yamllint disable-line rule:line-length 27 | module_spec_secret: "{{ host_spec_secret }}" 28 | -------------------------------------------------------------------------------- /roles/inventory/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ## { "ansible_operator_meta": { 3 | ## "name": , 4 | ## "namespace": , 5 | ## }, 6 | ## , 7 | ## , 8 | ## , 9 | ## __: { 10 | ## as is 11 | ## } 12 | ## ___spec: { 13 | ## as is 14 | ## } 15 | ## } 16 | # yamllint disable-line rule:line-length 17 | inventory_kind: "Inventory" 18 | # yamllint disable-line rule:line-length 19 | inventory_api_group: "tower.ansible.com" 20 | # yamllint disable-line rule:line-length 21 | inventory_api_version: "v1alpha1" 22 | # yamllint disable-line rule:line-length 23 | inventory_finalize_state: "{{ finalize_state | default('present', true) }}" 24 | # yamllint disable-line rule:line-length 25 | inventory_metadata_name: "{{ ansible_operator_meta.name }}" 26 | # yamllint disable-line rule:line-length 27 | inventory_metadata_namespace: "{{ ansible_operator_meta.namespace }}" 28 | # yamllint disable-line rule:line-length 29 | inventory_module_name: "tower_inventory" 30 | # yamllint disable-line rule:line-length 31 | inventory_spec: "{{ _tower_ansible_com_inventory.spec }}" 32 | # yamllint disable-line rule:line-length 33 | inventory_spec_collection: "{{ inventory_spec.collection | default('awx.awx') }}" 34 | # yamllint disable-line rule:line-length 35 | inventory_spec_config: "{{ inventory_spec.config | combine({'state': inventory_finalize_state}) }}" 36 | # yamllint disable-line rule:line-length 37 | inventory_spec_secret: "{{ inventory_spec.secret | mandatory }}" 38 | -------------------------------------------------------------------------------- /roles/inventory/tasks/absent.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "inventory: absent" 3 | include_role: 4 | name: "module" 5 | vars: 6 | # yamllint disable-line rule:line-length 7 | module_kind: "{{ inventory_kind }}" 8 | # yamllint disable-line rule:line-length 9 | module_api_group: "{{ inventory_api_group }}" 10 | # yamllint disable-line rule:line-length 11 | module_api_version: "{{ inventory_api_version }}" 12 | # yamllint disable-line rule:line-length 13 | module_finalize: "{{ inventory_finalize }}" 14 | # yamllint disable-line rule:line-length 15 | module_metadata_namespace: "{{ inventory_metadata_namespace }}" 16 | # yamllint disable-line rule:line-length 17 | module_metadata_name: "{{ inventory_metadata_name }}" 18 | # yamllint disable-line rule:line-length 19 | module_spec: "{{ inventory_spec }}" 20 | # yamllint disable-line rule:line-length 21 | module_spec_collection: "{{ inventory_spec_collection }}" 22 | # yamllint disable-line rule:line-length 23 | module_spec_name: "{{ inventory_module_name }}" 24 | # yamllint disable-line rule:line-length 25 | module_spec_parameters: "{{ inventory_spec_config }}" 26 | # yamllint disable-line rule:line-length 27 | module_spec_secret: "{{ inventory_spec_secret }}" 28 | -------------------------------------------------------------------------------- /roles/inventory/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Assert variables" 3 | assert: 4 | that: 5 | - inventory_kind is defined 6 | - inventory_kind is string 7 | - inventory_api_group is defined 8 | - inventory_api_group is string 9 | - inventory_api_version is defined 10 | - inventory_api_version is string 11 | - inventory_finalize_state is defined 12 | - inventory_finalize_state is in ['present', 'absent'] 13 | - inventory_metadata_name is defined 14 | - inventory_metadata_name is string 15 | - inventory_metadata_namespace is defined 16 | - inventory_metadata_namespace is string 17 | - inventory_module_name is defined 18 | - inventory_module_name is in [ 'tower_inventory' ] 19 | - inventory_spec is defined 20 | - inventory_spec is mapping 21 | - inventory_spec_collection is defined 22 | - inventory_spec_collection is in ['awx.awx', 'ansible.tower'] 23 | - inventory_spec_config is defined 24 | - inventory_spec_config is mapping 25 | 26 | - name: "inventory: Calling desired state specific tasks" 27 | include_tasks: "{{ inventory_spec_config.state | default('present') }}.yml" 28 | -------------------------------------------------------------------------------- /roles/inventory/tasks/present.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "inventory: present" 3 | include_role: 4 | name: "module" 5 | vars: 6 | # yamllint disable-line rule:line-length 7 | module_kind: "{{ inventory_kind }}" 8 | # yamllint disable-line rule:line-length 9 | module_api_group: "{{ inventory_api_group }}" 10 | # yamllint disable-line rule:line-length 11 | module_api_version: "{{ inventory_api_version }}" 12 | # yamllint disable-line rule:line-length 13 | module_finalize: "{{ inventory_finalize }}" 14 | # yamllint disable-line rule:line-length 15 | module_metadata_namespace: "{{ inventory_metadata_namespace }}" 16 | # yamllint disable-line rule:line-length 17 | module_metadata_name: "{{ inventory_metadata_name }}" 18 | # yamllint disable-line rule:line-length 19 | module_spec: "{{ inventory_spec }}" 20 | # yamllint disable-line rule:line-length 21 | module_spec_collection: "{{ inventory_spec_collection }}" 22 | # yamllint disable-line rule:line-length 23 | module_spec_name: "{{ inventory_module_name }}" 24 | # yamllint disable-line rule:line-length 25 | module_spec_parameters: "{{ inventory_spec_config }}" 26 | # yamllint disable-line rule:line-length 27 | module_spec_secret: "{{ inventory_spec_secret }}" 28 | -------------------------------------------------------------------------------- /roles/inventorysource/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ## { "ansible_operator_meta": { 3 | ## "name": , 4 | ## "namespace": , 5 | ## }, 6 | ## , 7 | ## , 8 | ## , 9 | ## __: { 10 | ## as is 11 | ## } 12 | ## ___spec: { 13 | ## as is 14 | ## } 15 | ## } 16 | # yamllint disable-line rule:line-length 17 | inventorysource_kind: "InventorySource" 18 | # yamllint disable-line rule:line-length 19 | inventorysource_api_group: "tower.ansible.com" 20 | # yamllint disable-line rule:line-length 21 | inventorysource_api_version: "v1alpha1" 22 | # yamllint disable-line rule:line-length 23 | inventorysource_finalize_state: "{{ finalize_state | default('present', true) }}" 24 | # yamllint disable-line rule:line-length 25 | inventorysource_metadata_name: "{{ ansible_operator_meta.name }}" 26 | # yamllint disable-line rule:line-length 27 | inventorysource_metadata_namespace: "{{ ansible_operator_meta.namespace }}" 28 | # yamllint disable-line rule:line-length 29 | inventorysource_module_name: "tower_inventory_source" 30 | # yamllint disable-line rule:line-length 31 | inventorysource_spec: "{{ _tower_ansible_com_inventorysource.spec }}" 32 | # yamllint disable-line rule:line-length 33 | inventorysource_spec_collection: "{{ inventorysource_spec.collection | default('awx.awx') }}" 34 | # yamllint disable-line rule:line-length 35 | inventorysource_spec_config: "{{ inventorysource_spec.config | combine({'state': inventorysource_finalize_state}) }}" 36 | # yamllint disable-line rule:line-length 37 | inventorysource_spec_secret: "{{ inventorysource_spec.secret | mandatory }}" 38 | -------------------------------------------------------------------------------- /roles/inventorysource/tasks/absent.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "inventorysource: absent" 3 | include_role: 4 | name: "module" 5 | vars: 6 | # yamllint disable-line rule:line-length 7 | module_kind: "{{ inventorysource_kind }}" 8 | # yamllint disable-line rule:line-length 9 | module_api_group: "{{ inventorysource_api_group }}" 10 | # yamllint disable-line rule:line-length 11 | module_api_version: "{{ inventorysource_api_version }}" 12 | # yamllint disable-line rule:line-length 13 | module_finalize: "{{ inventorysource_finalize }}" 14 | # yamllint disable-line rule:line-length 15 | module_metadata_namespace: "{{ inventorysource_metadata_namespace }}" 16 | # yamllint disable-line rule:line-length 17 | module_metadata_name: "{{ inventorysource_metadata_name }}" 18 | # yamllint disable-line rule:line-length 19 | module_spec: "{{ inventorysource_spec }}" 20 | # yamllint disable-line rule:line-length 21 | module_spec_collection: "{{ inventorysource_spec_collection }}" 22 | # yamllint disable-line rule:line-length 23 | module_spec_name: "{{ inventorysource_module_name }}" 24 | # yamllint disable-line rule:line-length 25 | module_spec_parameters: "{{ inventorysource_spec_config }}" 26 | # yamllint disable-line rule:line-length 27 | module_spec_secret: "{{ inventorysource_spec_secret }}" 28 | -------------------------------------------------------------------------------- /roles/inventorysource/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Assert variables" 3 | assert: 4 | that: 5 | - inventorysource_kind is defined 6 | - inventorysource_kind is string 7 | - inventorysource_api_group is defined 8 | - inventorysource_api_group is string 9 | - inventorysource_api_version is defined 10 | - inventorysource_api_version is string 11 | - inventorysource_finalize_state is defined 12 | - inventorysource_finalize_state is in ['present', 'absent'] 13 | - inventorysource_metadata_name is defined 14 | - inventorysource_metadata_name is string 15 | - inventorysource_metadata_namespace is defined 16 | - inventorysource_metadata_namespace is string 17 | - inventorysource_module_name is defined 18 | - inventorysource_module_name is in [ 'tower_inventory_source' ] 19 | - inventorysource_spec is defined 20 | - inventorysource_spec is mapping 21 | - inventorysource_spec_collection is defined 22 | - inventorysource_spec_collection is in ['awx.awx', 'ansible.tower'] 23 | - inventorysource_spec_config is defined 24 | - inventorysource_spec_config is mapping 25 | 26 | - name: "inventorysource: Calling desired state specific tasks" 27 | include_tasks: "{{ inventorysource_spec_config.state | default('present') }}.yml" 28 | -------------------------------------------------------------------------------- /roles/inventorysource/tasks/present.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "inventorysource: present" 3 | include_role: 4 | name: "module" 5 | vars: 6 | # yamllint disable-line rule:line-length 7 | module_kind: "{{ inventorysource_kind }}" 8 | # yamllint disable-line rule:line-length 9 | module_api_group: "{{ inventorysource_api_group }}" 10 | # yamllint disable-line rule:line-length 11 | module_api_version: "{{ inventorysource_api_version }}" 12 | # yamllint disable-line rule:line-length 13 | module_finalize: "{{ inventorysource_finalize }}" 14 | # yamllint disable-line rule:line-length 15 | module_metadata_namespace: "{{ inventorysource_metadata_namespace }}" 16 | # yamllint disable-line rule:line-length 17 | module_metadata_name: "{{ inventorysource_metadata_name }}" 18 | # yamllint disable-line rule:line-length 19 | module_spec: "{{ inventorysource_spec }}" 20 | # yamllint disable-line rule:line-length 21 | module_spec_collection: "{{ inventorysource_spec_collection }}" 22 | # yamllint disable-line rule:line-length 23 | module_spec_name: "{{ inventorysource_module_name }}" 24 | # yamllint disable-line rule:line-length 25 | module_spec_parameters: "{{ inventorysource_spec_config }}" 26 | # yamllint disable-line rule:line-length 27 | module_spec_secret: "{{ inventorysource_spec_secret }}" 28 | -------------------------------------------------------------------------------- /roles/joblaunch/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, 10 | if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 11 | 12 | Role Variables 13 | -------------- 14 | 15 | A description of the settable variables for this role should go here, including any variables that are in 16 | defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables 17 | that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well 18 | 19 | Dependencies 20 | ------------ 21 | 22 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set 23 | for other roles, or variables that are used from other roles. 24 | 25 | Example Playbook 26 | ---------------- 27 | 28 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for 29 | users too: 30 | 31 | - hosts: servers 32 | roles: 33 | - { role: username.rolename, x: 42 } 34 | 35 | License 36 | ------- 37 | 38 | BSD 39 | 40 | Author Information 41 | ------------------ 42 | 43 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 44 | -------------------------------------------------------------------------------- /roles/joblaunch/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for JobLaunch 3 | -------------------------------------------------------------------------------- /roles/joblaunch/files/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/victorock/ansible-operator-tower-config/202bc8957dcef340e98ae25a61cab77f6c1d2f95/roles/joblaunch/files/.placeholder -------------------------------------------------------------------------------- /roles/joblaunch/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for JobLaunch 3 | -------------------------------------------------------------------------------- /roles/joblaunch/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: your name 4 | description: your description 5 | company: your company (optional) 6 | 7 | # If the issue tracker for your role is not on github, uncomment the 8 | # next line and provide a value 9 | # issue_tracker_url: http://example.com/issue/tracker 10 | 11 | # Some suggested licenses: 12 | # - BSD (default) 13 | # - MIT 14 | # - GPLv2 15 | # - GPLv3 16 | # - Apache 17 | # - CC-BY 18 | license: license (GPLv2, CC-BY, etc) 19 | 20 | min_ansible_version: 2.9 21 | 22 | # If this a Container Enabled role, provide the minimum Ansible Container version. 23 | # min_ansible_container_version: 24 | 25 | # Optionally specify the branch Galaxy will use when accessing the GitHub 26 | # repo for this role. During role install, if no tags are available, 27 | # Galaxy will use this branch. During import Galaxy will access files on 28 | # this branch. If Travis integration is configured, only notifications for this 29 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 30 | # (usually master) will be used. 31 | #github_branch: 32 | 33 | # 34 | # Provide a list of supported platforms, and for each platform a list of versions. 35 | # If you don't wish to enumerate all versions for a particular platform, use 'all'. 36 | # To view available platforms and versions (or releases), visit: 37 | # https://galaxy.ansible.com/api/v1/platforms/ 38 | # 39 | # platforms: 40 | # - name: Fedora 41 | # versions: 42 | # - all 43 | # - 25 44 | # - name: SomePlatform 45 | # versions: 46 | # - all 47 | # - 1.0 48 | # - 7 49 | # - 99.99 50 | 51 | galaxy_tags: [] 52 | # List tags for your role here, one per line. A tag is a keyword that describes 53 | # and categorizes the role. Users find roles by searching for tags. Be sure to 54 | # remove the '[]' above, if you add tags to this list. 55 | # 56 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters. 57 | # Maximum 20 tags per role. 58 | 59 | dependencies: [] 60 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 61 | # if you add dependencies to this list. 62 | collections: 63 | - operator_sdk.util 64 | - community.kubernetes 65 | -------------------------------------------------------------------------------- /roles/joblaunch/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for JobLaunch 3 | -------------------------------------------------------------------------------- /roles/joblaunch/templates/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/victorock/ansible-operator-tower-config/202bc8957dcef340e98ae25a61cab77f6c1d2f95/roles/joblaunch/templates/.placeholder -------------------------------------------------------------------------------- /roles/joblaunch/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for JobLaunch 3 | -------------------------------------------------------------------------------- /roles/jobtemplate/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ## { "ansible_operator_meta": { 3 | ## "name": , 4 | ## "namespace": , 5 | ## }, 6 | ## , 7 | ## , 8 | ## , 9 | ## __: { 10 | ## as is 11 | ## } 12 | ## ___spec: { 13 | ## as is 14 | ## } 15 | ## } 16 | # yamllint disable-line rule:line-length 17 | jobtemplate_kind: "JobTemplate" 18 | # yamllint disable-line rule:line-length 19 | jobtemplate_api_group: "tower.ansible.com" 20 | # yamllint disable-line rule:line-length 21 | jobtemplate_api_version: "v1alpha1" 22 | # yamllint disable-line rule:line-length 23 | jobtemplate_finalize_state: "{{ finalize_state | default('present', true) }}" 24 | # yamllint disable-line rule:line-length 25 | jobtemplate_metadata_name: "{{ ansible_operator_meta.name }}" 26 | # yamllint disable-line rule:line-length 27 | jobtemplate_metadata_namespace: "{{ ansible_operator_meta.namespace }}" 28 | # yamllint disable-line rule:line-length 29 | jobtemplate_module_name: "tower_job_template" 30 | # yamllint disable-line rule:line-length 31 | jobtemplate_spec: "{{ _tower_ansible_com_jobtemplate.spec }}" 32 | # yamllint disable-line rule:line-length 33 | jobtemplate_spec_collection: "{{ jobtemplate_spec.collection | default('awx.awx') }}" 34 | # yamllint disable-line rule:line-length 35 | jobtemplate_spec_config: "{{ jobtemplate_spec.config | combine({'state': jobtemplate_finalize_state}) }}" 36 | # yamllint disable-line rule:line-length 37 | jobtemplate_spec_secret: "{{ jobtemplate_spec.secret | mandatory }}" 38 | -------------------------------------------------------------------------------- /roles/jobtemplate/tasks/absent.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "jobtemplate: absent" 3 | include_role: 4 | name: "module" 5 | vars: 6 | # yamllint disable-line rule:line-length 7 | module_kind: "{{ jobtemplate_kind }}" 8 | # yamllint disable-line rule:line-length 9 | module_api_group: "{{ jobtemplate_api_group }}" 10 | # yamllint disable-line rule:line-length 11 | module_api_version: "{{ jobtemplate_api_version }}" 12 | # yamllint disable-line rule:line-length 13 | module_finalize: "{{ jobtemplate_finalize }}" 14 | # yamllint disable-line rule:line-length 15 | module_metadata_namespace: "{{ jobtemplate_metadata_namespace }}" 16 | # yamllint disable-line rule:line-length 17 | module_metadata_name: "{{ jobtemplate_metadata_name }}" 18 | # yamllint disable-line rule:line-length 19 | module_spec: "{{ jobtemplate_spec }}" 20 | # yamllint disable-line rule:line-length 21 | module_spec_collection: "{{ jobtemplate_spec_collection }}" 22 | # yamllint disable-line rule:line-length 23 | module_spec_name: "{{ jobtemplate_module_name }}" 24 | # yamllint disable-line rule:line-length 25 | module_spec_parameters: "{{ jobtemplate_spec_config }}" 26 | # yamllint disable-line rule:line-length 27 | module_spec_secret: "{{ jobtemplate_spec_secret }}" 28 | -------------------------------------------------------------------------------- /roles/jobtemplate/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Assert variables" 3 | assert: 4 | that: 5 | - jobtemplate_kind is defined 6 | - jobtemplate_kind is string 7 | - jobtemplate_api_group is defined 8 | - jobtemplate_api_group is string 9 | - jobtemplate_api_version is defined 10 | - jobtemplate_api_version is string 11 | - jobtemplate_finalize_state is defined 12 | - jobtemplate_finalize_state is in ['present', 'absent'] 13 | - jobtemplate_metadata_name is defined 14 | - jobtemplate_metadata_name is string 15 | - jobtemplate_metadata_namespace is defined 16 | - jobtemplate_metadata_namespace is string 17 | - jobtemplate_module_name is defined 18 | - jobtemplate_module_name is in [ 'tower_job_template' ] 19 | - jobtemplate_spec is defined 20 | - jobtemplate_spec is mapping 21 | - jobtemplate_spec_collection is defined 22 | - jobtemplate_spec_collection is in ['awx.awx', 'ansible.tower'] 23 | - jobtemplate_spec_config is defined 24 | - jobtemplate_spec_config is mapping 25 | 26 | - name: "jobtemplate: Calling desired state specific tasks" 27 | include_tasks: "{{ jobtemplate_spec_config.state | default('present') }}.yml" 28 | -------------------------------------------------------------------------------- /roles/jobtemplate/tasks/present.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "jobtemplate: present" 3 | include_role: 4 | name: "module" 5 | vars: 6 | # yamllint disable-line rule:line-length 7 | module_kind: "{{ jobtemplate_kind }}" 8 | # yamllint disable-line rule:line-length 9 | module_api_group: "{{ jobtemplate_api_group }}" 10 | # yamllint disable-line rule:line-length 11 | module_api_version: "{{ jobtemplate_api_version }}" 12 | # yamllint disable-line rule:line-length 13 | module_finalize: "{{ jobtemplate_finalize }}" 14 | # yamllint disable-line rule:line-length 15 | module_metadata_namespace: "{{ jobtemplate_metadata_namespace }}" 16 | # yamllint disable-line rule:line-length 17 | module_metadata_name: "{{ jobtemplate_metadata_name }}" 18 | # yamllint disable-line rule:line-length 19 | module_spec: "{{ jobtemplate_spec }}" 20 | # yamllint disable-line rule:line-length 21 | module_spec_collection: "{{ jobtemplate_spec_collection }}" 22 | # yamllint disable-line rule:line-length 23 | module_spec_name: "{{ jobtemplate_module_name }}" 24 | # yamllint disable-line rule:line-length 25 | module_spec_parameters: "{{ jobtemplate_spec_config }}" 26 | # yamllint disable-line rule:line-length 27 | module_spec_secret: "{{ jobtemplate_spec_secret }}" 28 | -------------------------------------------------------------------------------- /roles/module/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ## { "ansible_operator_meta": { 3 | ## "name": , 4 | ## "namespace": , 5 | ## }, 6 | ## , 7 | ## , 8 | ## , 9 | ## __: { 10 | ## as is 11 | ## } 12 | ## ___spec: { 13 | ## as is 14 | ## } 15 | ## } 16 | # yamllint disable-line rule:line-length 17 | module_kind: "Module" 18 | # yamllint disable-line rule:line-length 19 | module_api_group: "tower.ansible.com" 20 | # yamllint disable-line rule:line-length 21 | module_api_version: "v1alpha1" 22 | # yamllint disable-line rule:line-length 23 | module_finalize_state: "{{ finalize_state | default('present') }}" 24 | # yamllint disable-line rule:line-length 25 | module_metadata_namespace: "{{ ansible_operator_meta.namespace }}" 26 | # yamllint disable-line rule:line-length 27 | module_metadata_name: "{{ ansible_operator_meta.name }}" 28 | # yamllint disable-line rule:line-length 29 | module_spec: "{{ _tower_ansible_com_module_spec }}" 30 | # yamllint disable-line rule:line-length 31 | module_spec_collection: "{{ module_spec.collection | default('awx.awx') }}" 32 | # yamllint disable-line rule:line-length 33 | module_spec_name: "{{ module_spec.name | mandatory }}" 34 | # yamllint disable-line rule:line-length 35 | module_spec_parameters: "{{ module_spec.parameters | combine({'state': module_finalize_state}) }}" 36 | # yamllint disable-line rule:line-length 37 | module_spec_secret: "{{ module_spec.secret | mandatory }}" 38 | -------------------------------------------------------------------------------- /roles/module/files/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/victorock/ansible-operator-tower-config/202bc8957dcef340e98ae25a61cab77f6c1d2f95/roles/module/files/.placeholder -------------------------------------------------------------------------------- /roles/module/tasks/asserts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Assert variables" 3 | assert: 4 | that: 5 | - module_kind is defined 6 | - module_kind is string 7 | - module_api_group is defined 8 | - module_api_group is string 9 | - module_api_version is defined 10 | - module_api_version is string 11 | - module_finalize_state is defined 12 | - module_finalize_state is in ['present', 'absent'] 13 | - module_metadata_name is defined 14 | - module_metadata_name is string 15 | - module_metadata_namespace is defined 16 | - module_metadata_namespace is string 17 | - module_spec is defined 18 | - module_spec is mapping 19 | - module_spec_collection is defined 20 | - module_spec_collection is in ['awx.awx', 'ansible.tower'] 21 | - module_spec_name is defined 22 | - module_spec_name is string 23 | - module_spec_parameters is defined 24 | - module_spec_parameters is mapping 25 | -------------------------------------------------------------------------------- /roles/module/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include_tasks: asserts.yml 3 | - include_tasks: secret.yml 4 | - include_tasks: module.yml 5 | -------------------------------------------------------------------------------- /roles/module/tasks/module.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Create temporary file" 3 | tempfile: 4 | state: file 5 | suffix: module 6 | register: r_module_tempfile 7 | 8 | - name: "Generate module's task file" 9 | when: r_module_tempfile.path is defined 10 | template: 11 | src: "module.j2" 12 | dest: "{{ r_module_tempfile.path }}" 13 | vars: 14 | module_collection: "{{ module_spec_collection }}" 15 | module_name: "{{ module_spec_name }}" 16 | 17 | - name: "Call module's task" 18 | when: r_module_tempfile.path is defined 19 | include_tasks: "{{ r_module_tempfile.path }}" 20 | vars: 21 | module_parameters: "{{ module_spec_parameters }}" 22 | tower_oauth_token: "{{ tower_secret_data.token }}" 23 | tower_host: "{{ tower_secret_data.host }}" 24 | tower_verify_ssl: "{{ tower_secret_data.verify_ssl }}" 25 | 26 | - name: "Delete tempfile" 27 | when: r_module_tempfile.path is defined 28 | file: 29 | path: "{{ r_module_tempfile.path }}" 30 | state: absent 31 | 32 | - name: "Label CR with tower.ansible.com/organization" 33 | when: module_spec_parameters.organization is defined 34 | k8s: 35 | definition: 36 | apiVersion: "{{ module_api_group }}/{{ module_api_version }}" 37 | kind: "{{ module_kind }}" 38 | metadata: 39 | name: "{{ module_metadata_name }}" 40 | namespace: "{{ module_metadata_namespace }}" 41 | labels: 42 | # yamllint disable-line rule:line-length 43 | "tower.ansible.com/organization": "{{ module_spec_parameters.organization }}" 44 | -------------------------------------------------------------------------------- /roles/module/tasks/secret.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Fetch Secret Record in _tower_secret_record 3 | k8s_info: 4 | api_version: v1 5 | kind: Secret 6 | name: "{{ module_spec_secret }}" 7 | namespace: "{{ module_metadata_namespace }}" 8 | register: _tower_secret_record 9 | 10 | - name: Assert _tower_secret_record 11 | assert: 12 | that: 13 | - _tower_secret_record["resources"] is defined 14 | - (_tower_secret_record["resources"] | length>0) 15 | fail_msg: "No data in secret {{ module_spec_secret }}" 16 | 17 | - name: Assert _tower_secret_record.host 18 | assert: 19 | that: 20 | # yamllint disable-line rule:line-length 21 | - _tower_secret_record['resources'][0]['data']['host'] is defined 22 | fail_msg: "Missing token entry in {{ module_spec_secret }}" 23 | 24 | - name: Assert _tower_secret_record.token 25 | assert: 26 | that: 27 | # yamllint disable-line rule:line-length 28 | - _tower_secret_record['resources'][0]['data']['token'] is defined 29 | fail_msg: "Missing token entry in {{ module_spec_secret }}" 30 | 31 | - name: Assert tower_secret.verify_ssl 32 | assert: 33 | that: 34 | # yamllint disable-line rule:line-length 35 | - _tower_secret_record['resources'][0]['data']['verify_ssl'] is defined 36 | fail_msg: "Missing verify_ssl entry in {{ module_spec_secret }}" 37 | 38 | - name: Set tower_secret_data (b64decoded) 39 | set_fact: 40 | tower_secret_data: 41 | # yamllint disable-line rule:line-length 42 | host: "{{ _tower_secret_record['resources'][0]['data']['host'] | b64decode }}" 43 | # yamllint disable-line rule:line-length 44 | token: "{{ _tower_secret_record['resources'][0]['data']['token'] | b64decode }}" 45 | # yamllint disable-line rule:line-length 46 | verify_ssl: "{{ _tower_secret_record['resources'][0]['data']['verify_ssl'] | b64decode }}" 47 | 48 | - name: "Annotate CR with tower.ansible.com/host" 49 | k8s: 50 | definition: 51 | apiVersion: "{{ module_api_group}}/{{ module_api_version }}" 52 | kind: "{{ module_kind }}" 53 | metadata: 54 | name: "{{ module_metadata_name }}" 55 | namespace: "{{ module_metadata_namespace }}" 56 | annotations: 57 | "tower.ansible.com/host": "{{ tower_secret_data.host }}" 58 | -------------------------------------------------------------------------------- /roles/module/templates/module.j2: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "{{ module_name }}" 3 | environment: 4 | - TOWER_OAUTH_TOKEN: "{{ '{{' }} tower_oauth_token {{ '}}' }}" 5 | - TOWER_HOST: "{{ '{{' }} tower_host {{ '}}' }}" 6 | - TOWER_VERIFY_SSL: "{{ '{{' }} tower_verify_ssl {{ '}}' }}" 7 | {{ module_collection }}.{{ module_name }}: "{{ '{{' }} module_parameters {{ '}}' }}" 8 | -------------------------------------------------------------------------------- /roles/notification/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, 10 | if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 11 | 12 | Role Variables 13 | -------------- 14 | 15 | A description of the settable variables for this role should go here, including any variables that are in 16 | defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables 17 | that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well 18 | 19 | Dependencies 20 | ------------ 21 | 22 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set 23 | for other roles, or variables that are used from other roles. 24 | 25 | Example Playbook 26 | ---------------- 27 | 28 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for 29 | users too: 30 | 31 | - hosts: servers 32 | roles: 33 | - { role: username.rolename, x: 42 } 34 | 35 | License 36 | ------- 37 | 38 | BSD 39 | 40 | Author Information 41 | ------------------ 42 | 43 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 44 | -------------------------------------------------------------------------------- /roles/notification/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for Notification 3 | -------------------------------------------------------------------------------- /roles/notification/files/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/victorock/ansible-operator-tower-config/202bc8957dcef340e98ae25a61cab77f6c1d2f95/roles/notification/files/.placeholder -------------------------------------------------------------------------------- /roles/notification/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for Notification 3 | -------------------------------------------------------------------------------- /roles/notification/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: your name 4 | description: your description 5 | company: your company (optional) 6 | 7 | # If the issue tracker for your role is not on github, uncomment the 8 | # next line and provide a value 9 | # issue_tracker_url: http://example.com/issue/tracker 10 | 11 | # Some suggested licenses: 12 | # - BSD (default) 13 | # - MIT 14 | # - GPLv2 15 | # - GPLv3 16 | # - Apache 17 | # - CC-BY 18 | license: license (GPLv2, CC-BY, etc) 19 | 20 | min_ansible_version: 2.9 21 | 22 | # If this a Container Enabled role, provide the minimum Ansible Container version. 23 | # min_ansible_container_version: 24 | 25 | # Optionally specify the branch Galaxy will use when accessing the GitHub 26 | # repo for this role. During role install, if no tags are available, 27 | # Galaxy will use this branch. During import Galaxy will access files on 28 | # this branch. If Travis integration is configured, only notifications for this 29 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 30 | # (usually master) will be used. 31 | #github_branch: 32 | 33 | # 34 | # Provide a list of supported platforms, and for each platform a list of versions. 35 | # If you don't wish to enumerate all versions for a particular platform, use 'all'. 36 | # To view available platforms and versions (or releases), visit: 37 | # https://galaxy.ansible.com/api/v1/platforms/ 38 | # 39 | # platforms: 40 | # - name: Fedora 41 | # versions: 42 | # - all 43 | # - 25 44 | # - name: SomePlatform 45 | # versions: 46 | # - all 47 | # - 1.0 48 | # - 7 49 | # - 99.99 50 | 51 | galaxy_tags: [] 52 | # List tags for your role here, one per line. A tag is a keyword that describes 53 | # and categorizes the role. Users find roles by searching for tags. Be sure to 54 | # remove the '[]' above, if you add tags to this list. 55 | # 56 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters. 57 | # Maximum 20 tags per role. 58 | 59 | dependencies: [] 60 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 61 | # if you add dependencies to this list. 62 | collections: 63 | - operator_sdk.util 64 | - community.kubernetes 65 | -------------------------------------------------------------------------------- /roles/notification/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for Notification 3 | -------------------------------------------------------------------------------- /roles/notification/templates/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/victorock/ansible-operator-tower-config/202bc8957dcef340e98ae25a61cab77f6c1d2f95/roles/notification/templates/.placeholder -------------------------------------------------------------------------------- /roles/notification/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for Notification 3 | -------------------------------------------------------------------------------- /roles/organization/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ## { "ansible_operator_meta": { 3 | ## "name": , 4 | ## "namespace": , 5 | ## }, 6 | ## , 7 | ## , 8 | ## , 9 | ## __: { 10 | ## as is 11 | ## } 12 | ## ___spec: { 13 | ## as is 14 | ## } 15 | ## } 16 | # yamllint disable-line rule:line-length 17 | organization_kind: "Organization" 18 | # yamllint disable-line rule:line-length 19 | organization_api_group: "tower.ansible.com" 20 | # yamllint disable-line rule:line-length 21 | organization_api_version: "v1alpha1" 22 | # yamllint disable-line rule:line-length 23 | organization_finalize_state: "{{ finalize_state | default('present', true) }}" 24 | # yamllint disable-line rule:line-length 25 | organization_metadata_name: "{{ ansible_operator_meta.name }}" 26 | # yamllint disable-line rule:line-length 27 | organization_metadata_namespace: "{{ ansible_operator_meta.namespace }}" 28 | # yamllint disable-line rule:line-length 29 | organization_module_name: "tower_organization" 30 | # yamllint disable-line rule:line-length 31 | organization_spec: "{{ _tower_ansible_com_organization.spec }}" 32 | # yamllint disable-line rule:line-length 33 | organization_spec_collection: "{{ organization_spec.collection | default('awx.awx') }}" 34 | # yamllint disable-line rule:line-length 35 | organization_spec_config: "{{ organization_spec.config | combine({'state': organization_finalize_state}) }}" 36 | # yamllint disable-line rule:line-length 37 | organization_spec_secret: "{{ organization_spec.secret | mandatory }}" 38 | -------------------------------------------------------------------------------- /roles/organization/tasks/absent.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "organization: absent" 3 | include_role: 4 | name: "module" 5 | vars: 6 | # yamllint disable-line rule:line-length 7 | module_kind: "{{ organization_kind }}" 8 | # yamllint disable-line rule:line-length 9 | module_api_group: "{{ organization_api_group }}" 10 | # yamllint disable-line rule:line-length 11 | module_api_version: "{{ organization_api_version }}" 12 | # yamllint disable-line rule:line-length 13 | module_finalize: "{{ organization_finalize }}" 14 | # yamllint disable-line rule:line-length 15 | module_metadata_namespace: "{{ organization_metadata_namespace }}" 16 | # yamllint disable-line rule:line-length 17 | module_metadata_name: "{{ organization_metadata_name }}" 18 | # yamllint disable-line rule:line-length 19 | module_spec: "{{ organization_spec }}" 20 | # yamllint disable-line rule:line-length 21 | module_spec_collection: "{{ organization_spec_collection }}" 22 | # yamllint disable-line rule:line-length 23 | module_spec_name: "{{ organization_module_name }}" 24 | # yamllint disable-line rule:line-length 25 | module_spec_parameters: "{{ organization_spec_config }}" 26 | # yamllint disable-line rule:line-length 27 | module_spec_secret: "{{ organization_spec_secret }}" 28 | -------------------------------------------------------------------------------- /roles/organization/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Assert variables" 3 | assert: 4 | that: 5 | - organization_kind is defined 6 | - organization_kind is string 7 | - organization_api_group is defined 8 | - organization_api_group is string 9 | - organization_api_version is defined 10 | - organization_api_version is string 11 | - organization_finalize_state is defined 12 | - organization_finalize_state is in ['present', 'absent'] 13 | - organization_metadata_name is defined 14 | - organization_metadata_name is string 15 | - organization_metadata_namespace is defined 16 | - organization_metadata_namespace is string 17 | - organization_module_name is defined 18 | - organization_module_name is in [ 'tower_organization' ] 19 | - organization_spec is defined 20 | - organization_spec is mapping 21 | - organization_spec_collection is defined 22 | - organization_spec_collection is in ['awx.awx', 'ansible.tower'] 23 | - organization_spec_config is defined 24 | - organization_spec_config is mapping 25 | 26 | - name: "organization: Calling desired state specific tasks" 27 | include_tasks: "{{ organization_spec_config.state | default('present') }}.yml" 28 | -------------------------------------------------------------------------------- /roles/organization/tasks/present.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "organization: present" 3 | include_role: 4 | name: "module" 5 | vars: 6 | # yamllint disable-line rule:line-length 7 | module_kind: "{{ organization_kind }}" 8 | # yamllint disable-line rule:line-length 9 | module_api_group: "{{ organization_api_group }}" 10 | # yamllint disable-line rule:line-length 11 | module_api_version: "{{ organization_api_version }}" 12 | # yamllint disable-line rule:line-length 13 | module_finalize: "{{ organization_finalize }}" 14 | # yamllint disable-line rule:line-length 15 | module_metadata_namespace: "{{ organization_metadata_namespace }}" 16 | # yamllint disable-line rule:line-length 17 | module_metadata_name: "{{ organization_metadata_name }}" 18 | # yamllint disable-line rule:line-length 19 | module_spec: "{{ organization_spec }}" 20 | # yamllint disable-line rule:line-length 21 | module_spec_collection: "{{ organization_spec_collection }}" 22 | # yamllint disable-line rule:line-length 23 | module_spec_name: "{{ organization_module_name }}" 24 | # yamllint disable-line rule:line-length 25 | module_spec_parameters: "{{ organization_spec_config }}" 26 | # yamllint disable-line rule:line-length 27 | module_spec_secret: "{{ organization_spec_secret }}" 28 | -------------------------------------------------------------------------------- /roles/project/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ## { "ansible_operator_meta": { 3 | ## "name": , 4 | ## "namespace": , 5 | ## }, 6 | ## , 7 | ## , 8 | ## , 9 | ## __: { 10 | ## as is 11 | ## } 12 | ## ___spec: { 13 | ## as is 14 | ## } 15 | ## } 16 | # yamllint disable-line rule:line-length 17 | project_kind: "Project" 18 | # yamllint disable-line rule:line-length 19 | project_api_group: "tower.ansible.com" 20 | # yamllint disable-line rule:line-length 21 | project_api_version: "v1alpha1" 22 | # yamllint disable-line rule:line-length 23 | project_finalize_state: "{{ finalize_state | default('present', true) }}" 24 | # yamllint disable-line rule:line-length 25 | project_metadata_name: "{{ ansible_operator_meta.name }}" 26 | # yamllint disable-line rule:line-length 27 | project_metadata_namespace: "{{ ansible_operator_meta.namespace }}" 28 | # yamllint disable-line rule:line-length 29 | project_module_name: "tower_project" 30 | # yamllint disable-line rule:line-length 31 | project_spec: "{{ _tower_ansible_com_project.spec }}" 32 | # yamllint disable-line rule:line-length 33 | project_spec_collection: "{{ project_spec.collection | default('awx.awx') }}" 34 | # yamllint disable-line rule:line-length 35 | project_spec_config: "{{ project_spec.config | combine({'state': project_finalize_state}) }}" 36 | # yamllint disable-line rule:line-length 37 | project_spec_secret: "{{ project_spec.secret | mandatory }}" 38 | -------------------------------------------------------------------------------- /roles/project/tasks/absent.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "project: absent" 3 | include_role: 4 | name: "module" 5 | vars: 6 | # yamllint disable-line rule:line-length 7 | module_kind: "{{ project_kind }}" 8 | # yamllint disable-line rule:line-length 9 | module_api_group: "{{ project_api_group }}" 10 | # yamllint disable-line rule:line-length 11 | module_api_version: "{{ project_api_version }}" 12 | # yamllint disable-line rule:line-length 13 | module_finalize: "{{ project_finalize }}" 14 | # yamllint disable-line rule:line-length 15 | module_metadata_namespace: "{{ project_metadata_namespace }}" 16 | # yamllint disable-line rule:line-length 17 | module_metadata_name: "{{ project_metadata_name }}" 18 | # yamllint disable-line rule:line-length 19 | module_spec: "{{ project_spec }}" 20 | # yamllint disable-line rule:line-length 21 | module_spec_collection: "{{ project_spec_collection }}" 22 | # yamllint disable-line rule:line-length 23 | module_spec_name: "{{ project_module_name }}" 24 | # yamllint disable-line rule:line-length 25 | module_spec_parameters: "{{ project_spec_config }}" 26 | # yamllint disable-line rule:line-length 27 | module_spec_secret: "{{ project_spec_secret }}" 28 | -------------------------------------------------------------------------------- /roles/project/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Assert variables" 3 | assert: 4 | that: 5 | - project_kind is defined 6 | - project_kind is string 7 | - project_api_group is defined 8 | - project_api_group is string 9 | - project_api_version is defined 10 | - project_api_version is string 11 | - project_finalize_state is defined 12 | - project_finalize_state is in ['present', 'absent'] 13 | - project_metadata_name is defined 14 | - project_metadata_name is string 15 | - project_metadata_namespace is defined 16 | - project_metadata_namespace is string 17 | - project_module_name is defined 18 | - project_module_name is in [ 'tower_project' ] 19 | - project_spec is defined 20 | - project_spec is mapping 21 | - project_spec_collection is defined 22 | - project_spec_collection is in ['awx.awx', 'ansible.tower'] 23 | - project_spec_config is defined 24 | - project_spec_config is mapping 25 | 26 | - name: "project: Calling desired state specific tasks" 27 | include_tasks: "{{ project_spec_config.state | default('present') }}.yml" 28 | -------------------------------------------------------------------------------- /roles/project/tasks/present.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "project: present" 3 | include_role: 4 | name: "module" 5 | vars: 6 | # yamllint disable-line rule:line-length 7 | module_kind: "{{ project_kind }}" 8 | # yamllint disable-line rule:line-length 9 | module_api_group: "{{ project_api_group }}" 10 | # yamllint disable-line rule:line-length 11 | module_api_version: "{{ project_api_version }}" 12 | # yamllint disable-line rule:line-length 13 | module_finalize: "{{ project_finalize }}" 14 | # yamllint disable-line rule:line-length 15 | module_metadata_namespace: "{{ project_metadata_namespace }}" 16 | # yamllint disable-line rule:line-length 17 | module_metadata_name: "{{ project_metadata_name }}" 18 | # yamllint disable-line rule:line-length 19 | module_spec: "{{ project_spec }}" 20 | # yamllint disable-line rule:line-length 21 | module_spec_collection: "{{ project_spec_collection }}" 22 | # yamllint disable-line rule:line-length 23 | module_spec_name: "{{ project_module_name }}" 24 | # yamllint disable-line rule:line-length 25 | module_spec_parameters: "{{ project_spec_config }}" 26 | # yamllint disable-line rule:line-length 27 | module_spec_secret: "{{ project_spec_secret }}" 28 | -------------------------------------------------------------------------------- /roles/role/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ## { "ansible_operator_meta": { 3 | ## "name": , 4 | ## "namespace": , 5 | ## }, 6 | ## , 7 | ## , 8 | ## , 9 | ## __: { 10 | ## as is 11 | ## } 12 | ## ___spec: { 13 | ## as is 14 | ## } 15 | ## } 16 | # yamllint disable-line rule:line-length 17 | role_kind: "Role" 18 | # yamllint disable-line rule:line-length 19 | role_api_group: "tower.ansible.com" 20 | # yamllint disable-line rule:line-length 21 | role_api_version: "v1alpha1" 22 | # yamllint disable-line rule:line-length 23 | role_finalize_state: "{{ finalize_state | default('present', true) }}" 24 | # yamllint disable-line rule:line-length 25 | role_metadata_name: "{{ ansible_operator_meta.name }}" 26 | # yamllint disable-line rule:line-length 27 | role_metadata_namespace: "{{ ansible_operator_meta.namespace }}" 28 | # yamllint disable-line rule:line-length 29 | role_module_name: "tower_role" 30 | # yamllint disable-line rule:line-length 31 | role_spec: "{{ _tower_ansible_com_role.spec }}" 32 | # yamllint disable-line rule:line-length 33 | role_spec_collection: "{{ role_spec.collection | default('awx.awx') }}" 34 | # yamllint disable-line rule:line-length 35 | role_spec_config: "{{ role_spec.config | combine({'state': role_finalize_state}) }}" 36 | # yamllint disable-line rule:line-length 37 | role_spec_secret: "{{ role_spec.secret | mandatory }}" 38 | -------------------------------------------------------------------------------- /roles/role/tasks/absent.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "role: absent" 3 | include_role: 4 | name: "module" 5 | vars: 6 | # yamllint disable-line rule:line-length 7 | module_kind: "{{ role_kind }}" 8 | # yamllint disable-line rule:line-length 9 | module_api_group: "{{ role_api_group }}" 10 | # yamllint disable-line rule:line-length 11 | module_api_version: "{{ role_api_version }}" 12 | # yamllint disable-line rule:line-length 13 | module_finalize: "{{ role_finalize }}" 14 | # yamllint disable-line rule:line-length 15 | module_metadata_namespace: "{{ role_metadata_namespace }}" 16 | # yamllint disable-line rule:line-length 17 | module_metadata_name: "{{ role_metadata_name }}" 18 | # yamllint disable-line rule:line-length 19 | module_spec: "{{ role_spec }}" 20 | # yamllint disable-line rule:line-length 21 | module_spec_collection: "{{ role_spec_collection }}" 22 | # yamllint disable-line rule:line-length 23 | module_spec_name: "{{ role_module_name }}" 24 | # yamllint disable-line rule:line-length 25 | module_spec_parameters: "{{ role_spec_config }}" 26 | # yamllint disable-line rule:line-length 27 | module_spec_secret: "{{ role_spec_secret }}" 28 | -------------------------------------------------------------------------------- /roles/role/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Assert variables" 3 | assert: 4 | that: 5 | - role_kind is defined 6 | - role_kind is string 7 | - role_api_group is defined 8 | - role_api_group is string 9 | - role_api_version is defined 10 | - role_api_version is string 11 | - role_finalize_state is defined 12 | - role_finalize_state is in ['present', 'absent'] 13 | - role_metadata_name is defined 14 | - role_metadata_name is string 15 | - role_metadata_namespace is defined 16 | - role_metadata_namespace is string 17 | - role_module_name is defined 18 | - role_module_name is in [ 'tower_role' ] 19 | - role_spec is defined 20 | - role_spec is mapping 21 | - role_spec_collection is defined 22 | - role_spec_collection is in ['awx.awx', 'ansible.tower'] 23 | - role_spec_config is defined 24 | - role_spec_config is mapping 25 | 26 | - name: "role: Calling desired state specific tasks" 27 | include_tasks: "{{ role_spec_config.state | default('present') }}.yml" 28 | -------------------------------------------------------------------------------- /roles/role/tasks/present.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "role: present" 3 | include_role: 4 | name: "module" 5 | vars: 6 | # yamllint disable-line rule:line-length 7 | module_kind: "{{ role_kind }}" 8 | # yamllint disable-line rule:line-length 9 | module_api_group: "{{ role_api_group }}" 10 | # yamllint disable-line rule:line-length 11 | module_api_version: "{{ role_api_version }}" 12 | # yamllint disable-line rule:line-length 13 | module_finalize: "{{ role_finalize }}" 14 | # yamllint disable-line rule:line-length 15 | module_metadata_namespace: "{{ role_metadata_namespace }}" 16 | # yamllint disable-line rule:line-length 17 | module_metadata_name: "{{ role_metadata_name }}" 18 | # yamllint disable-line rule:line-length 19 | module_spec: "{{ role_spec }}" 20 | # yamllint disable-line rule:line-length 21 | module_spec_collection: "{{ role_spec_collection }}" 22 | # yamllint disable-line rule:line-length 23 | module_spec_name: "{{ role_module_name }}" 24 | # yamllint disable-line rule:line-length 25 | module_spec_parameters: "{{ role_spec_config }}" 26 | # yamllint disable-line rule:line-length 27 | module_spec_secret: "{{ role_spec_secret }}" 28 | -------------------------------------------------------------------------------- /roles/schedule/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, 10 | if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 11 | 12 | Role Variables 13 | -------------- 14 | 15 | A description of the settable variables for this role should go here, including any variables that are in 16 | defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables 17 | that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well 18 | 19 | Dependencies 20 | ------------ 21 | 22 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set 23 | for other roles, or variables that are used from other roles. 24 | 25 | Example Playbook 26 | ---------------- 27 | 28 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for 29 | users too: 30 | 31 | - hosts: servers 32 | roles: 33 | - { role: username.rolename, x: 42 } 34 | 35 | License 36 | ------- 37 | 38 | BSD 39 | 40 | Author Information 41 | ------------------ 42 | 43 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 44 | -------------------------------------------------------------------------------- /roles/schedule/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for Schedule 3 | -------------------------------------------------------------------------------- /roles/schedule/files/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/victorock/ansible-operator-tower-config/202bc8957dcef340e98ae25a61cab77f6c1d2f95/roles/schedule/files/.placeholder -------------------------------------------------------------------------------- /roles/schedule/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for Schedule 3 | -------------------------------------------------------------------------------- /roles/schedule/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: your name 4 | description: your description 5 | company: your company (optional) 6 | 7 | # If the issue tracker for your role is not on github, uncomment the 8 | # next line and provide a value 9 | # issue_tracker_url: http://example.com/issue/tracker 10 | 11 | # Some suggested licenses: 12 | # - BSD (default) 13 | # - MIT 14 | # - GPLv2 15 | # - GPLv3 16 | # - Apache 17 | # - CC-BY 18 | license: license (GPLv2, CC-BY, etc) 19 | 20 | min_ansible_version: 2.9 21 | 22 | # If this a Container Enabled role, provide the minimum Ansible Container version. 23 | # min_ansible_container_version: 24 | 25 | # Optionally specify the branch Galaxy will use when accessing the GitHub 26 | # repo for this role. During role install, if no tags are available, 27 | # Galaxy will use this branch. During import Galaxy will access files on 28 | # this branch. If Travis integration is configured, only notifications for this 29 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 30 | # (usually master) will be used. 31 | #github_branch: 32 | 33 | # 34 | # Provide a list of supported platforms, and for each platform a list of versions. 35 | # If you don't wish to enumerate all versions for a particular platform, use 'all'. 36 | # To view available platforms and versions (or releases), visit: 37 | # https://galaxy.ansible.com/api/v1/platforms/ 38 | # 39 | # platforms: 40 | # - name: Fedora 41 | # versions: 42 | # - all 43 | # - 25 44 | # - name: SomePlatform 45 | # versions: 46 | # - all 47 | # - 1.0 48 | # - 7 49 | # - 99.99 50 | 51 | galaxy_tags: [] 52 | # List tags for your role here, one per line. A tag is a keyword that describes 53 | # and categorizes the role. Users find roles by searching for tags. Be sure to 54 | # remove the '[]' above, if you add tags to this list. 55 | # 56 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters. 57 | # Maximum 20 tags per role. 58 | 59 | dependencies: [] 60 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 61 | # if you add dependencies to this list. 62 | collections: 63 | - operator_sdk.util 64 | - community.kubernetes 65 | -------------------------------------------------------------------------------- /roles/schedule/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for Schedule 3 | -------------------------------------------------------------------------------- /roles/schedule/templates/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/victorock/ansible-operator-tower-config/202bc8957dcef340e98ae25a61cab77f6c1d2f95/roles/schedule/templates/.placeholder -------------------------------------------------------------------------------- /roles/schedule/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for Schedule 3 | -------------------------------------------------------------------------------- /roles/team/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ## { "ansible_operator_meta": { 3 | ## "name": , 4 | ## "namespace": , 5 | ## }, 6 | ## , 7 | ## , 8 | ## , 9 | ## __: { 10 | ## as is 11 | ## } 12 | ## ___spec: { 13 | ## as is 14 | ## } 15 | ## } 16 | # yamllint disable-line rule:line-length 17 | team_kind: "Team" 18 | # yamllint disable-line rule:line-length 19 | team_api_group: "tower.ansible.com" 20 | # yamllint disable-line rule:line-length 21 | team_api_version: "v1alpha1" 22 | # yamllint disable-line rule:line-length 23 | team_finalize_state: "{{ finalize_state | default('present', true) }}" 24 | # yamllint disable-line rule:line-length 25 | team_metadata_name: "{{ ansible_operator_meta.name }}" 26 | # yamllint disable-line rule:line-length 27 | team_metadata_namespace: "{{ ansible_operator_meta.namespace }}" 28 | # yamllint disable-line rule:line-length 29 | team_module_name: "tower_team" 30 | # yamllint disable-line rule:line-length 31 | team_spec: "{{ _tower_ansible_com_team.spec }}" 32 | # yamllint disable-line rule:line-length 33 | team_spec_collection: "{{ team_spec.collection | default('awx.awx') }}" 34 | # yamllint disable-line rule:line-length 35 | team_spec_config: "{{ team_spec.config | combine({'state': team_finalize_state}) }}" 36 | # yamllint disable-line rule:line-length 37 | team_spec_secret: "{{ team_spec.secret | mandatory }}" 38 | -------------------------------------------------------------------------------- /roles/team/tasks/absent.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "team: absent" 3 | include_role: 4 | name: "module" 5 | vars: 6 | # yamllint disable-line rule:line-length 7 | module_kind: "{{ team_kind }}" 8 | # yamllint disable-line rule:line-length 9 | module_api_group: "{{ team_api_group }}" 10 | # yamllint disable-line rule:line-length 11 | module_api_version: "{{ team_api_version }}" 12 | # yamllint disable-line rule:line-length 13 | module_finalize: "{{ team_finalize }}" 14 | # yamllint disable-line rule:line-length 15 | module_metadata_namespace: "{{ team_metadata_namespace }}" 16 | # yamllint disable-line rule:line-length 17 | module_metadata_name: "{{ team_metadata_name }}" 18 | # yamllint disable-line rule:line-length 19 | module_spec: "{{ team_spec }}" 20 | # yamllint disable-line rule:line-length 21 | module_spec_collection: "{{ team_spec_collection }}" 22 | # yamllint disable-line rule:line-length 23 | module_spec_name: "{{ team_module_name }}" 24 | # yamllint disable-line rule:line-length 25 | module_spec_parameters: "{{ team_spec_config }}" 26 | # yamllint disable-line rule:line-length 27 | module_spec_secret: "{{ team_spec_secret }}" 28 | -------------------------------------------------------------------------------- /roles/team/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Assert variables" 3 | assert: 4 | that: 5 | - team_kind is defined 6 | - team_kind is string 7 | - team_api_group is defined 8 | - team_api_group is string 9 | - team_api_version is defined 10 | - team_api_version is string 11 | - team_finalize_state is defined 12 | - team_finalize_state is in ['present', 'absent'] 13 | - team_metadata_name is defined 14 | - team_metadata_name is string 15 | - team_metadata_namespace is defined 16 | - team_metadata_namespace is string 17 | - team_module_name is defined 18 | - team_module_name is in [ 'tower_team' ] 19 | - team_spec is defined 20 | - team_spec is mapping 21 | - team_spec_collection is defined 22 | - team_spec_collection is in ['awx.awx', 'ansible.tower'] 23 | - team_spec_config is defined 24 | - team_spec_config is mapping 25 | 26 | - name: "team: Calling desired state specific tasks" 27 | include_tasks: "{{ team_spec_config.state | default('present') }}.yml" 28 | -------------------------------------------------------------------------------- /roles/team/tasks/present.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "team: present" 3 | include_role: 4 | name: "module" 5 | vars: 6 | # yamllint disable-line rule:line-length 7 | module_kind: "{{ team_kind }}" 8 | # yamllint disable-line rule:line-length 9 | module_api_group: "{{ team_api_group }}" 10 | # yamllint disable-line rule:line-length 11 | module_api_version: "{{ team_api_version }}" 12 | # yamllint disable-line rule:line-length 13 | module_finalize: "{{ team_finalize }}" 14 | # yamllint disable-line rule:line-length 15 | module_metadata_namespace: "{{ team_metadata_namespace }}" 16 | # yamllint disable-line rule:line-length 17 | module_metadata_name: "{{ team_metadata_name }}" 18 | # yamllint disable-line rule:line-length 19 | module_spec: "{{ team_spec }}" 20 | # yamllint disable-line rule:line-length 21 | module_spec_collection: "{{ team_spec_collection }}" 22 | # yamllint disable-line rule:line-length 23 | module_spec_name: "{{ team_module_name }}" 24 | # yamllint disable-line rule:line-length 25 | module_spec_parameters: "{{ team_spec_config }}" 26 | # yamllint disable-line rule:line-length 27 | module_spec_secret: "{{ team_spec_secret }}" 28 | -------------------------------------------------------------------------------- /roles/user/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ## { "ansible_operator_meta": { 3 | ## "name": , 4 | ## "namespace": , 5 | ## }, 6 | ## , 7 | ## , 8 | ## , 9 | ## __: { 10 | ## as is 11 | ## } 12 | ## ___spec: { 13 | ## as is 14 | ## } 15 | ## } 16 | # yamllint disable-line rule:line-length 17 | user_kind: "User" 18 | # yamllint disable-line rule:line-length 19 | user_api_group: "tower.ansible.com" 20 | # yamllint disable-line rule:line-length 21 | user_api_version: "v1alpha1" 22 | # yamllint disable-line rule:line-length 23 | user_finalize_state: "{{ finalize_state | default('present', true) }}" 24 | # yamllint disable-line rule:line-length 25 | user_metadata_name: "{{ ansible_operator_meta.name }}" 26 | # yamllint disable-line rule:line-length 27 | user_metadata_namespace: "{{ ansible_operator_meta.namespace }}" 28 | # yamllint disable-line rule:line-length 29 | user_module_name: "tower_user" 30 | # yamllint disable-line rule:line-length 31 | user_spec: "{{ _tower_ansible_com_user.spec }}" 32 | # yamllint disable-line rule:line-length 33 | user_spec_collection: "{{ user_spec.collection | default('awx.awx') }}" 34 | # yamllint disable-line rule:line-length 35 | user_spec_config: "{{ user_spec.config | combine({'state': user_finalize_state}) }}" 36 | # yamllint disable-line rule:line-length 37 | user_spec_secret: "{{ user_spec.secret | mandatory }}" 38 | -------------------------------------------------------------------------------- /roles/user/tasks/absent.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "user: absent" 3 | include_role: 4 | name: "module" 5 | vars: 6 | # yamllint disable-line rule:line-length 7 | module_kind: "{{ user_kind }}" 8 | # yamllint disable-line rule:line-length 9 | module_api_group: "{{ user_api_group }}" 10 | # yamllint disable-line rule:line-length 11 | module_api_version: "{{ user_api_version }}" 12 | # yamllint disable-line rule:line-length 13 | module_finalize: "{{ user_finalize }}" 14 | # yamllint disable-line rule:line-length 15 | module_metadata_namespace: "{{ user_metadata_namespace }}" 16 | # yamllint disable-line rule:line-length 17 | module_metadata_name: "{{ user_metadata_name }}" 18 | # yamllint disable-line rule:line-length 19 | module_spec: "{{ user_spec }}" 20 | # yamllint disable-line rule:line-length 21 | module_spec_collection: "{{ user_spec_collection }}" 22 | # yamllint disable-line rule:line-length 23 | module_spec_name: "{{ user_module_name }}" 24 | # yamllint disable-line rule:line-length 25 | module_spec_parameters: "{{ user_spec_config }}" 26 | # yamllint disable-line rule:line-length 27 | module_spec_secret: "{{ user_spec_secret }}" 28 | -------------------------------------------------------------------------------- /roles/user/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "Assert variables" 3 | assert: 4 | that: 5 | - user_kind is defined 6 | - user_kind is string 7 | - user_api_group is defined 8 | - user_api_group is string 9 | - user_api_version is defined 10 | - user_api_version is string 11 | - user_finalize_state is defined 12 | - user_finalize_state is in ['present', 'absent'] 13 | - user_metadata_name is defined 14 | - user_metadata_name is string 15 | - user_metadata_namespace is defined 16 | - user_metadata_namespace is string 17 | - user_module_name is defined 18 | - user_module_name is in [ 'tower_user' ] 19 | - user_spec is defined 20 | - user_spec is mapping 21 | - user_spec_collection is defined 22 | - user_spec_collection is in ['awx.awx', 'ansible.tower'] 23 | - user_spec_config is defined 24 | - user_spec_config is mapping 25 | 26 | - name: "user: Calling desired state specific tasks" 27 | include_tasks: "{{ user_spec_config.state | default('present') }}.yml" 28 | -------------------------------------------------------------------------------- /roles/user/tasks/present.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "user: present" 3 | include_role: 4 | name: "module" 5 | vars: 6 | # yamllint disable-line rule:line-length 7 | module_kind: "{{ user_kind }}" 8 | # yamllint disable-line rule:line-length 9 | module_api_group: "{{ user_api_group }}" 10 | # yamllint disable-line rule:line-length 11 | module_api_version: "{{ user_api_version }}" 12 | # yamllint disable-line rule:line-length 13 | module_finalize: "{{ user_finalize }}" 14 | # yamllint disable-line rule:line-length 15 | module_metadata_namespace: "{{ user_metadata_namespace }}" 16 | # yamllint disable-line rule:line-length 17 | module_metadata_name: "{{ user_metadata_name }}" 18 | # yamllint disable-line rule:line-length 19 | module_spec: "{{ user_spec }}" 20 | # yamllint disable-line rule:line-length 21 | module_spec_collection: "{{ user_spec_collection }}" 22 | # yamllint disable-line rule:line-length 23 | module_spec_name: "{{ user_module_name }}" 24 | # yamllint disable-line rule:line-length 25 | module_spec_parameters: "{{ user_spec_config }}" 26 | # yamllint disable-line rule:line-length 27 | module_spec_secret: "{{ user_spec_secret }}" 28 | -------------------------------------------------------------------------------- /roles/workflowjobtemplate/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, 10 | if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 11 | 12 | Role Variables 13 | -------------- 14 | 15 | A description of the settable variables for this role should go here, including any variables that are in 16 | defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables 17 | that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well 18 | 19 | Dependencies 20 | ------------ 21 | 22 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set 23 | for other roles, or variables that are used from other roles. 24 | 25 | Example Playbook 26 | ---------------- 27 | 28 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for 29 | users too: 30 | 31 | - hosts: servers 32 | roles: 33 | - { role: username.rolename, x: 42 } 34 | 35 | License 36 | ------- 37 | 38 | BSD 39 | 40 | Author Information 41 | ------------------ 42 | 43 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 44 | -------------------------------------------------------------------------------- /roles/workflowjobtemplate/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for WorkflowJobTemplate 3 | -------------------------------------------------------------------------------- /roles/workflowjobtemplate/files/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/victorock/ansible-operator-tower-config/202bc8957dcef340e98ae25a61cab77f6c1d2f95/roles/workflowjobtemplate/files/.placeholder -------------------------------------------------------------------------------- /roles/workflowjobtemplate/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for WorkflowJobTemplate 3 | -------------------------------------------------------------------------------- /roles/workflowjobtemplate/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for WorkflowJobTemplate 3 | -------------------------------------------------------------------------------- /roles/workflowjobtemplate/templates/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/victorock/ansible-operator-tower-config/202bc8957dcef340e98ae25a61cab77f6c1d2f95/roles/workflowjobtemplate/templates/.placeholder -------------------------------------------------------------------------------- /roles/workflowjobtemplate/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for WorkflowJobTemplate 3 | -------------------------------------------------------------------------------- /roles/workflowjobtemplatenode/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, 10 | if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 11 | 12 | Role Variables 13 | -------------- 14 | 15 | A description of the settable variables for this role should go here, including any variables that are in 16 | defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables 17 | that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well 18 | 19 | Dependencies 20 | ------------ 21 | 22 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set 23 | for other roles, or variables that are used from other roles. 24 | 25 | Example Playbook 26 | ---------------- 27 | 28 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for 29 | users too: 30 | 31 | - hosts: servers 32 | roles: 33 | - { role: username.rolename, x: 42 } 34 | 35 | License 36 | ------- 37 | 38 | BSD 39 | 40 | Author Information 41 | ------------------ 42 | 43 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 44 | -------------------------------------------------------------------------------- /roles/workflowjobtemplatenode/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for WorkflowJobTemplateNode 3 | -------------------------------------------------------------------------------- /roles/workflowjobtemplatenode/files/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/victorock/ansible-operator-tower-config/202bc8957dcef340e98ae25a61cab77f6c1d2f95/roles/workflowjobtemplatenode/files/.placeholder -------------------------------------------------------------------------------- /roles/workflowjobtemplatenode/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for WorkflowJobTemplateNode 3 | -------------------------------------------------------------------------------- /roles/workflowjobtemplatenode/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for WorkflowJobTemplateNode 3 | -------------------------------------------------------------------------------- /roles/workflowjobtemplatenode/templates/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/victorock/ansible-operator-tower-config/202bc8957dcef340e98ae25a61cab77f6c1d2f95/roles/workflowjobtemplatenode/templates/.placeholder -------------------------------------------------------------------------------- /roles/workflowjobtemplatenode/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for WorkflowJobTemplateNode 3 | -------------------------------------------------------------------------------- /roles/workflowtemplate/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, 10 | if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 11 | 12 | Role Variables 13 | -------------- 14 | 15 | A description of the settable variables for this role should go here, including any variables that are in 16 | defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables 17 | that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well 18 | 19 | Dependencies 20 | ------------ 21 | 22 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set 23 | for other roles, or variables that are used from other roles. 24 | 25 | Example Playbook 26 | ---------------- 27 | 28 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for 29 | users too: 30 | 31 | - hosts: servers 32 | roles: 33 | - { role: username.rolename, x: 42 } 34 | 35 | License 36 | ------- 37 | 38 | BSD 39 | 40 | Author Information 41 | ------------------ 42 | 43 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 44 | -------------------------------------------------------------------------------- /roles/workflowtemplate/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for WorkflowTemplate 3 | -------------------------------------------------------------------------------- /roles/workflowtemplate/files/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/victorock/ansible-operator-tower-config/202bc8957dcef340e98ae25a61cab77f6c1d2f95/roles/workflowtemplate/files/.placeholder -------------------------------------------------------------------------------- /roles/workflowtemplate/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for WorkflowTemplate 3 | -------------------------------------------------------------------------------- /roles/workflowtemplate/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: your name 4 | description: your description 5 | company: your company (optional) 6 | 7 | # If the issue tracker for your role is not on github, uncomment the 8 | # next line and provide a value 9 | # issue_tracker_url: http://example.com/issue/tracker 10 | 11 | # Some suggested licenses: 12 | # - BSD (default) 13 | # - MIT 14 | # - GPLv2 15 | # - GPLv3 16 | # - Apache 17 | # - CC-BY 18 | license: license (GPLv2, CC-BY, etc) 19 | 20 | min_ansible_version: 2.9 21 | 22 | # If this a Container Enabled role, provide the minimum Ansible Container version. 23 | # min_ansible_container_version: 24 | 25 | # Optionally specify the branch Galaxy will use when accessing the GitHub 26 | # repo for this role. During role install, if no tags are available, 27 | # Galaxy will use this branch. During import Galaxy will access files on 28 | # this branch. If Travis integration is configured, only notifications for this 29 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 30 | # (usually master) will be used. 31 | #github_branch: 32 | 33 | # 34 | # Provide a list of supported platforms, and for each platform a list of versions. 35 | # If you don't wish to enumerate all versions for a particular platform, use 'all'. 36 | # To view available platforms and versions (or releases), visit: 37 | # https://galaxy.ansible.com/api/v1/platforms/ 38 | # 39 | # platforms: 40 | # - name: Fedora 41 | # versions: 42 | # - all 43 | # - 25 44 | # - name: SomePlatform 45 | # versions: 46 | # - all 47 | # - 1.0 48 | # - 7 49 | # - 99.99 50 | 51 | galaxy_tags: [] 52 | # List tags for your role here, one per line. A tag is a keyword that describes 53 | # and categorizes the role. Users find roles by searching for tags. Be sure to 54 | # remove the '[]' above, if you add tags to this list. 55 | # 56 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters. 57 | # Maximum 20 tags per role. 58 | 59 | dependencies: [] 60 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 61 | # if you add dependencies to this list. 62 | collections: 63 | - operator_sdk.util 64 | - community.kubernetes 65 | -------------------------------------------------------------------------------- /roles/workflowtemplate/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for WorkflowTemplate 3 | -------------------------------------------------------------------------------- /roles/workflowtemplate/templates/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/victorock/ansible-operator-tower-config/202bc8957dcef340e98ae25a61cab77f6c1d2f95/roles/workflowtemplate/templates/.placeholder -------------------------------------------------------------------------------- /roles/workflowtemplate/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for WorkflowTemplate 3 | --------------------------------------------------------------------------------