Skip to content

Commit

Permalink
Merge pull request #417 from automationiberia/protect_delete_org
Browse files Browse the repository at this point in the history 
Protect delete org
  • Loading branch information
@ivarmu
ivarmu authored Nov 22, 2022
2 parents 5b3eb8c + 709bb3b commit 8b57f80
Show file tree
Hide file tree
Showing 3 changed files with 55 additions and 12 deletions.
1 change: 1 addition & 0 deletions roles/object_diff/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ The following Variables set the organization where should be applied the configu
| `controller_api_plugin` | `ansible.controller` | yes | Full path for the controller_api_plugin to be used. <br/> Can have two possible values: <br/>&nbsp;&nbsp;- awx.awx.controller_api # For the community Collection version <br/>&nbsp;&nbsp;- ansible.controller.controller_api # For the Red Hat Certified Collection version|
| `drop_user_external_accounts` | `False` | no | When is true, all users will be taken to compare with SCM configuration as code |
| `drop_teams` | `False` | no | When is true, all teams will be taken to compare with SCM configuration as code |
| `protect_not_empty_orgs` | `N/A` | no | When is true, orgs which are not empty, will not be removed |

## Role Tags

Expand Down
2 changes: 2 additions & 0 deletions roles/object_diff/defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,4 +44,6 @@ controller_configuration_object_diff_tasks:

controller_configuration_object_diff_secure_logging: "{{ controller_configuration_secure_logging | default('false') }}"

controller_api_version: "v2"

...
64 changes: 52 additions & 12 deletions roles/object_diff/tasks/organizations.yml
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,57 @@
---
- name: "Gets current Organizations configured"
- name: "OBJECT DIFF: Get the current controller user to determine if it is super-admin"
ansible.builtin.set_fact:
__controller_api_organizations: "{{ query(controller_api_plugin, 'organizations',
host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}"
__controller_api_current_user_check_is_admin: "{{ lookup(controller_api_plugin, 'users',
query_params={'username': controller_username},
host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs)
}}"

- name: "OBJECT DIFF: Find the difference of Organizations between what is on the Controller versus curated list."
ansible.builtin.set_fact:
__organizations_difference: "{{ lookup('redhat_cop.controller_configuration.controller_object_diff',
api_list=__controller_api_organizations, compare_list=controller_organizations,
with_present=false, set_absent=true)
}}"
- name: "Role differences (block)"
when:
- __controller_api_current_user_check_is_admin.is_superuser
block:
- name: "Gets current Organizations configured"
ansible.builtin.set_fact:
__controller_api_organizations: "{{ query(controller_api_plugin, 'organizations',
host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs)
}}"

- name: "Sets Organization differences"
ansible.builtin.set_fact:
controller_organizations: "{{ __organizations_difference }}"
- name: "OBJECT DIFF: Find the difference of Organizations between what is on the Controller versus curated list."
ansible.builtin.set_fact:
__organizations_difference: "{{ lookup('redhat_cop.controller_configuration.controller_object_diff',
api_list=__controller_api_organizations, compare_list=controller_organizations,
with_present=false, set_absent=true)
}}"

- name: "Set list __list_orgs_empty when protect_not_empty_orgs"
ansible.builtin.set_fact:
__list_empty_orgs: "{{ __list_empty_orgs | default([]) + [__org.name] }}"
loop: "{{ __organizations_difference }}"
loop_control:
loop_var: __org
when:
- protect_not_empty_orgs is defined
- protect_not_empty_orgs
- query(controller_api_plugin, 'api/' + controller_api_version + '/organizations/' + (__org.name | urlencode) + '/users/',
host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) | length == 0
- query(controller_api_plugin, 'api/' + controller_api_version + '/organizations/' + (__org.name | urlencode) + '/admins/',
host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) | length == 0
- query(controller_api_plugin, 'api/' + controller_api_version + '/organizations/' + (__org.name | urlencode) + '/inventories/',
host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) | length == 0
- query(controller_api_plugin, 'api/' + controller_api_version + '/organizations/' + (__org.name | urlencode) + '/teams/',
host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) | length == 0
- query(controller_api_plugin, 'api/' + controller_api_version + '/organizations/' + (__org.name | urlencode) + '/projects/',
host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) | length == 0
- query(controller_api_plugin, 'api/' + controller_api_version + '/organizations/' + (__org.name | urlencode) + '/job_templates/',
host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) | length == 0
- query(controller_api_plugin, 'api/' + controller_api_version + '/organizations/' + (__org.name | urlencode) + '/workflow_job_templates/',
host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) | length == 0

- name: "Sets Organization differences"
ansible.builtin.set_fact:
controller_organizations: "{{ controller_organizations | combine(__org) }}"
loop: "{{ __organizations_difference }}"
loop_control:
loop_var: __org
when: protect_not_empty_orgs is not defined or not protect_not_empty_orgs or __org.name in __list_empty_orgs
...

0 comments on commit 8b57f80

Please sign in to comment.