Roles import optimatization by modifying the export + 2 minor bugs (r…

…edhat-cop#884) * misc: roles export optimization, fix approval role for users, fix admin roles * fix: typo * fix: add missing changelog * fix: remove new lines * fix: add missing new line --------- Co-authored-by: Przemyslaw Kalitowski <[email protected]> Co-authored-by: Ivan Aragonés Muniesa <[email protected]> Co-authored-by: David Danielsson <[email protected]>
przemkalit · Aug 6, 2024 · f4ffa9c · f4ffa9c
1 parent baad7e6
commit f4ffa9c
Show file tree

Hide file tree

Showing 4 changed files with 97 additions and 45 deletions.
diff --git a/roles/filetree_create/tasks/team_roles.yml b/roles/filetree_create/tasks/team_roles.yml
@@ -7,6 +7,32 @@
                          }}"
   no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 
+- name: "Map objects with roles (block)"
+  when: team_roles_lookvar | length > 0
+  block:
+    - name: "Get role and object types and define object_roles variable"
+      ansible.builtin.set_fact:
+        role_types: "{{ team_roles_lookvar | map(attribute='name') | unique }}"
+        object_types: "{{ team_roles_lookvar | map(attribute='summary_fields.resource_type') | unique }}"
+        object_roles: []
+
+    - name: "Match objects with roles"
+      when: (team_roles_lookvar | selectattr('name','equalto', item.0) | selectattr('summary_fields.resource_type','equalto', item.1) | map(attribute='summary_fields.resource_name')) | length > 0
+      ansible.builtin.set_fact:
+        object_roles: >-
+          {{ object_roles +
+            [{ item.0:
+              {
+                'resource_names': (team_roles_lookvar |
+                                  selectattr('name','equalto', item.0) |
+                                  selectattr('summary_fields.resource_type','equalto', item.1) |
+                                  map(attribute='summary_fields.resource_name')),
+                'resource_type': item.1,
+              }
+            }]
+          }}"
+      loop: "{{ role_types | product(object_types) | list }}"
+
 - name: "Block for to generate flatten output"
   when:
     - flatten_output is defined
@@ -28,9 +54,8 @@
         marker: ""
         block: "{{ lookup('template', 'templates/current_team_roles.j2') }}"
       vars:
-        current_team_roles_asset_value: "{{ team_roles_lookvar }}"
         first_team_role: "{{ not team_roles_file.stat.exists }}"
-      when: team_roles_lookvar | length > 0
+      when: object_roles | length > 0
 
     - name: "Remove all the blank lines introduced by the last task"
       ansible.builtin.lineinfile:
@@ -52,7 +77,5 @@
         src: "templates/current_team_roles.j2"
         dest: "{{ output_path }}/team_roles/current_roles_{{ teamname | regex_replace('/', '_') }}.yaml"
         mode: '0644'
-      vars:
-        current_team_roles_asset_value: "{{ team_roles_lookvar }}"
-      when: team_roles_lookvar | length > 0
+      when: object_roles | length > 0
 ...
diff --git a/roles/filetree_create/tasks/user_roles.yml b/roles/filetree_create/tasks/user_roles.yml
@@ -11,6 +11,32 @@
                 }}"
   no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 
+- name: "Map objects with roles (block)"
+  when: user_roles_lookvar | length > 0
+  block:
+    - name: "Get role and object types and define object_roles variable"
+      ansible.builtin.set_fact:
+        role_types: "{{ user_roles_lookvar | selectattr('name', 'defined') | map(attribute='name') | unique }}"
+        object_types: "{{ user_roles_lookvar | selectattr('summary_fields.resource_type', 'defined') | map(attribute='summary_fields.resource_type') | unique }}"
+        object_roles: []
+
+    - name: "Match objects with roles"
+      when: (user_roles_lookvar | selectattr('name','equalto', item.0) | selectattr('summary_fields.resource_type', 'defined') | selectattr('summary_fields.resource_type','equalto', item.1) | map(attribute='summary_fields.resource_name')) | length > 0
+      ansible.builtin.set_fact:
+        object_roles: >-
+          {{ object_roles +
+            [{ item.0:
+              {
+                'resource_names': (user_roles_lookvar |
+                                   selectattr('name','equalto', item.0) |
+                                   selectattr('summary_fields.resource_type','equalto', item.1) |
+                                   map(attribute='summary_fields.resource_name')),
+                'resource_type': item.1,
+              }
+            }]
+          }}
+      loop: "{{ role_types | product(object_types) | list }}"
+
 - name: "Block for to generate flatten output"
   when:
     - flatten_output is defined
@@ -32,9 +58,8 @@
         marker: ""
         block: "{{ lookup('template', 'templates/current_user_roles.j2') }}"
       vars:
-        current_user_roles_asset_value: "{{ user_roles_lookvar }}"
         first_user_role: "{{ not user_roles_file.stat.exists }}"
-      when: user_roles_lookvar | length > 0
+      when: object_roles | length > 0
 
     - name: "Remove all the blank lines introduced by the last task"
       ansible.builtin.lineinfile:
@@ -56,7 +81,5 @@
         src: "templates/current_user_roles.j2"
         dest: "{{ output_path }}/user_roles/current_roles_{{ username | regex_replace('/', '_') }}.yaml"
         mode: '0644'
-      vars:
-        current_user_roles_asset_value: "{{ user_roles_lookvar }}"
-      when: user_roles_lookvar | length > 0
+      when: object_roles | length > 0
 ...
diff --git a/roles/filetree_create/templates/current_team_roles.j2 b/roles/filetree_create/templates/current_team_roles.j2
@@ -2,27 +2,30 @@
 ---
 controller_roles:
 {% endif %}
-{% for role in team_roles_lookvar %}
-{% if role.summary_fields.resource_type is defined %}
-  - team: "{{ teamname }}"
-{% if role.summary_fields.resource_type is match('organization') %}
+{% for role in object_roles %}
+{% if (role|dict2items)[0].value.resource_type is defined %}
+  - team: "{{ (role|dict2items)[0].value.team_name }}"
+{% if (role|dict2items)[0].value.resource_names | length > 0 %}
+{% if (role|dict2items)[0].value.resource_type is match('organization') %}
     organizations:
-      - "{{ role.summary_fields.resource_name }}"
-{% elif role.summary_fields.resource_type is match('team') %}
+{% elif (role|dict2items)[0].value.resource_type is match('team') %}
     target_teams:
-      - "{{ role.summary_fields.resource_name }}"
-{% elif role.summary_fields.resource_type is match('job_template') %}
-    job_template: "{{ role.summary_fields.resource_name }}"
-{% elif role.summary_fields.resource_type is match('inventory') %}
-    inventory: "{{ role.summary_fields.resource_name }}"
-{% elif role.summary_fields.resource_type is match('workflow_job_template') %}
-    workflow_job_template: "{{ role.summary_fields.resource_name }}"
-{% elif role.summary_fields.resource_type is match('project') %}
-    project: "{{ role.summary_fields.resource_name }}"
-{% elif role.summary_fields.resource_type is match('credential') %}
-    credential: "{{ role.summary_fields.resource_name }}"
+{% elif (role|dict2items)[0].value.resource_type is match('job_template') %}
+    job_templates:
+{% elif (role|dict2items)[0].value.resource_type is match('inventory') %}
+    inventories:
+{% elif (role|dict2items)[0].value.resource_type is match('workflow_job_template') %}
+    workflow_job_templates:
+{% elif (role|dict2items)[0].value.resource_type is match('project') %}
+    projects:
+{% elif (role|dict2items)[0].value.resource_type is match('credential') %}
+    credentials:
 {% endif %}
-    role: "{% if role.name | lower == 'approve' %}approval{% else %}{{ role.name | lower }}{% endif %}"
+{% for object_name in (role|dict2items)[0].value.resource_names %}
+      - "{{ object_name }}"
+{% endfor %}
+{% endif %}
+    role: "{% if (role|dict2items)[0].key | lower == 'approve' %}approval{% else %}{{ (role|dict2items)[0].key | lower | regex_replace(' ', '_') }}{% endif %}"
 {% endif %}
 {% endfor %}
 {% if last_team_role | default(true) | bool %}

diff --git a/roles/filetree_create/templates/current_user_roles.j2 b/roles/filetree_create/templates/current_user_roles.j2
@@ -2,27 +2,30 @@
 ---
 controller_roles:
 {% endif %}
-{% for role in user_roles_lookvar %}
-{% if role.summary_fields.resource_type is defined %}
+{% for role in object_roles %}
+{% if (role|dict2items)[0].value.resource_type is defined %}
   - user: "{{ username }}"
-{% if role.summary_fields.resource_type is match('organization') %}
+{% if (role|dict2items)[0].value.resource_names | length > 0 %}
+{% if (role|dict2items)[0].value.resource_type is match('organization') %}
     organizations:
-      - "{{ role.summary_fields.resource_name }}"
-{% elif role.summary_fields.resource_type is match('team') %}
+{% elif (role|dict2items)[0].value.resource_type is match('team') %}
     target_teams:
-      - "{{ role.summary_fields.resource_name }}"
-{% elif role.summary_fields.resource_type is match('job_template') %}
-    job_template: "{{ role.summary_fields.resource_name }}"
-{% elif role.summary_fields.resource_type is match('inventory') %}
-    inventory: "{{ role.summary_fields.resource_name }}"
-{% elif role.summary_fields.resource_type is match('workflow_job_template') %}
-    workflow_job_template: "{{ role.summary_fields.resource_name }}"
-{% elif role.summary_fields.resource_type is match('project') %}
-    project: "{{ role.summary_fields.resource_name }}"
-{% elif role.summary_fields.resource_type is match('credential') %}
-    credential: "{{ role.summary_fields.resource_name }}"
+{% elif (role|dict2items)[0].value.resource_type is match('job_template') %}
+    job_templates:
+{% elif (role|dict2items)[0].value.resource_type is match('inventory') %}
+    inventories:
+{% elif (role|dict2items)[0].value.resource_type is match('workflow_job_template') %}
+    workflow_job_templates:
+{% elif (role|dict2items)[0].value.resource_type is match('project') %}
+    projects:
+{% elif (role|dict2items)[0].value.resource_type is match('credential') %}
+    credentials:
 {% endif %}
-    role: "{{ role.name | lower }}"
+{% for object_name in (role|dict2items)[0].value.resource_names %}
+      - "{{ object_name }}"
+{% endfor %}
+{% endif %}
+    role: "{% if (role|dict2items)[0].key | lower == 'approve' %}approval{% else %}{{ (role|dict2items)[0].key | lower | regex_replace(' ', '_') }}{% endif %}"
 {% endif %}
 {% endfor %}
 {% if last_user_role | default(true) | bool %}