From 2fb677053388764815a07b29a20d777124c1118d Mon Sep 17 00:00:00 2001 From: Przemyslaw Kalitowski Date: Wed, 31 Jul 2024 12:51:29 +0200 Subject: [PATCH 1/5] misc: roles export optimization, fix approval role for users, fix admin roles --- roles/filetree_create/tasks/team_roles.yml | 33 +++++++++++++--- roles/filetree_create/tasks/user_roles.yml | 33 +++++++++++++--- .../templates/current_team_roles.j2 | 39 ++++++++++--------- .../templates/current_user_roles.j2 | 39 +++++++++++-------- 4 files changed, 99 insertions(+), 45 deletions(-) diff --git a/roles/filetree_create/tasks/team_roles.yml b/roles/filetree_create/tasks/team_roles.yml index 19a003d6f..18b4f37cd 100644 --- a/roles/filetree_create/tasks/team_roles.yml +++ b/roles/filetree_create/tasks/team_roles.yml @@ -7,6 +7,32 @@ }}" no_log: "{{ controller_configuration_filetree_create_secure_logging }}" +- name: "Map objects with roles (block)" + when: team_roles_lookvar | length > 0 + block: + - name: "Get role and object types and define object_roles variable" + ansible.builtin.set_fact: + role_types: "{{ team_roles_lookvar | map(attribute='name') | unique }}" + object_types: "{{ team_roles_lookvar | map(attribute='summary_fields.resource_type') | unique }}" + object_roles: [] + + - name: "Match objects with roles" + when: (team_roles_lookvar | selectattr('name','equalto', item.0) | selectattr('summary_fields.resource_type','equalto', item.1) | map(attribute='summary_fields.resource_name')) | length > 0 + ansible.builtin.set_fact: + object_roles: >- + {{ object_roles + + [{ item.0: + { + 'resource_names': (team_roles_lookvar | + selectattr('name','equalto', item.0) | + selectattr('summary_fields.resource_type','equalto', item.1) | + map(attribute='summary_fields.resource_name')), + 'resource_type': item.1, + } + }] + }}" + loop: "{{ role_types | product(object_types) | list }}" + - name: "Block for to generate flatten output" when: - flatten_output is defined @@ -28,9 +54,8 @@ marker: "" block: "{{ lookup('template', 'templates/current_team_roles.j2') }}" vars: - current_team_roles_asset_value: "{{ team_roles_lookvar }}" first_team_role: "{{ not team_roles_file.stat.exists }}" - when: team_roles_lookvar | length > 0 + when: objects_role | length > 0 - name: "Remove all the blank lines introduced by the last task" ansible.builtin.lineinfile: @@ -52,7 +77,5 @@ src: "templates/current_team_roles.j2" dest: "{{ output_path }}/team_roles/current_roles_{{ teamname | regex_replace('/', '_') }}.yaml" mode: '0644' - vars: - current_team_roles_asset_value: "{{ team_roles_lookvar }}" - when: team_roles_lookvar | length > 0 + when: object_roles | length > 0 ... diff --git a/roles/filetree_create/tasks/user_roles.yml b/roles/filetree_create/tasks/user_roles.yml index 10b55613d..02fdde3de 100644 --- a/roles/filetree_create/tasks/user_roles.yml +++ b/roles/filetree_create/tasks/user_roles.yml @@ -11,6 +11,32 @@ }}" no_log: "{{ controller_configuration_filetree_create_secure_logging }}" +- name: "Map objects with roles (block)" + when: user_roles_lookvar | length > 0 + block: + - name: "Get role and object types and define object_roles variable" + ansible.builtin.set_fact: + role_types: "{{ user_roles_lookvar | selectattr('name', 'defined') | map(attribute='name') | unique }}" + object_types: "{{ user_roles_lookvar | selectattr('summary_fields.resource_type', 'defined') | map(attribute='summary_fields.resource_type') | unique }}" + object_roles: [] + + - name: "Match objects with roles" + when: (user_roles_lookvar | selectattr('name','equalto', item.0) | selectattr('summary_fields.resource_type', 'defined') | selectattr('summary_fields.resource_type','equalto', item.1) | map(attribute='summary_fields.resource_name')) | length > 0 + ansible.builtin.set_fact: + object_roles: >- + {{ object_roles + + [{ item.0: + { + 'resource_names': (user_roles_lookvar | + selectattr('name','equalto', item.0) | + selectattr('summary_fields.resource_type','equalto', item.1) | + map(attribute='summary_fields.resource_name')), + 'resource_type': item.1, + } + }] + }} + loop: "{{ role_types | product(object_types) | list }}" + - name: "Block for to generate flatten output" when: - flatten_output is defined @@ -32,9 +58,8 @@ marker: "" block: "{{ lookup('template', 'templates/current_user_roles.j2') }}" vars: - current_user_roles_asset_value: "{{ user_roles_lookvar }}" first_user_role: "{{ not user_roles_file.stat.exists }}" - when: user_roles_lookvar | length > 0 + when: object_roles | length > 0 - name: "Remove all the blank lines introduced by the last task" ansible.builtin.lineinfile: @@ -56,7 +81,5 @@ src: "templates/current_user_roles.j2" dest: "{{ output_path }}/user_roles/current_roles_{{ username | regex_replace('/', '_') }}.yaml" mode: '0644' - vars: - current_user_roles_asset_value: "{{ user_roles_lookvar }}" - when: user_roles_lookvar | length > 0 + when: object_roles | length > 0 ... diff --git a/roles/filetree_create/templates/current_team_roles.j2 b/roles/filetree_create/templates/current_team_roles.j2 index 8de3b342a..a21f08293 100644 --- a/roles/filetree_create/templates/current_team_roles.j2 +++ b/roles/filetree_create/templates/current_team_roles.j2 @@ -2,27 +2,30 @@ --- controller_roles: {% endif %} -{% for role in team_roles_lookvar %} -{% if role.summary_fields.resource_type is defined %} - - team: "{{ teamname }}" -{% if role.summary_fields.resource_type is match('organization') %} +{% for role in object_roles %} +{% if (role|dict2items)[0].value.resource_type is defined %} + - team: "{{ (role|dict2items)[0].value.team_name }}" +{% if (role|dict2items)[0].value.resource_names | length > 0 %} +{% if (role|dict2items)[0].value.resource_type is match('organization') %} organizations: - - "{{ role.summary_fields.resource_name }}" -{% elif role.summary_fields.resource_type is match('team') %} +{% elif (role|dict2items)[0].value.resource_type is match('team') %} target_teams: - - "{{ role.summary_fields.resource_name }}" -{% elif role.summary_fields.resource_type is match('job_template') %} - job_template: "{{ role.summary_fields.resource_name }}" -{% elif role.summary_fields.resource_type is match('inventory') %} - inventory: "{{ role.summary_fields.resource_name }}" -{% elif role.summary_fields.resource_type is match('workflow_job_template') %} - workflow_job_template: "{{ role.summary_fields.resource_name }}" -{% elif role.summary_fields.resource_type is match('project') %} - project: "{{ role.summary_fields.resource_name }}" -{% elif role.summary_fields.resource_type is match('credential') %} - credential: "{{ role.summary_fields.resource_name }}" +{% elif (role|dict2items)[0].value.resource_type is match('job_template') %} + job_templates: +{% elif (role|dict2items)[0].value.resource_type is match('inventory') %} + inventories: +{% elif (role|dict2items)[0].value.resource_type is match('workflow_job_template') %} + workflow_job_templates: +{% elif (role|dict2items)[0].value.resource_type is match('project') %} + projects: +{% elif (role|dict2items)[0].value.resource_type is match('credential') %} + credentials: {% endif %} - role: "{% if role.name | lower == 'approve' %}approval{% else %}{{ role.name | lower }}{% endif %}" +{% for object_name in (role|dict2items)[0].value.resource_names %} + - "{{ object_name }}" +{% endfor %} +{% endif %} + role: "{% if (role|dict2items)[0].key | lower == 'approve' %}approval{% else %}{{ (role|dict2items)[0].key | lower | regex_replace(' ', '_') }}{% endif %}" {% endif %} {% endfor %} {% if last_team_role | default(true) | bool %} diff --git a/roles/filetree_create/templates/current_user_roles.j2 b/roles/filetree_create/templates/current_user_roles.j2 index 2170e99d6..4ac9e537b 100644 --- a/roles/filetree_create/templates/current_user_roles.j2 +++ b/roles/filetree_create/templates/current_user_roles.j2 @@ -2,29 +2,34 @@ --- controller_roles: {% endif %} -{% for role in user_roles_lookvar %} -{% if role.summary_fields.resource_type is defined %} +{% for role in object_roles %} +{% if (role|dict2items)[0].value.resource_type is defined %} - user: "{{ username }}" -{% if role.summary_fields.resource_type is match('organization') %} +{% if (role|dict2items)[0].value.resource_names | length > 0 %} +{% if (role|dict2items)[0].value.resource_type is match('organization') %} organizations: - - "{{ role.summary_fields.resource_name }}" -{% elif role.summary_fields.resource_type is match('team') %} +{% elif (role|dict2items)[0].value.resource_type is match('team') %} target_teams: - - "{{ role.summary_fields.resource_name }}" -{% elif role.summary_fields.resource_type is match('job_template') %} - job_template: "{{ role.summary_fields.resource_name }}" -{% elif role.summary_fields.resource_type is match('inventory') %} - inventory: "{{ role.summary_fields.resource_name }}" -{% elif role.summary_fields.resource_type is match('workflow_job_template') %} - workflow_job_template: "{{ role.summary_fields.resource_name }}" -{% elif role.summary_fields.resource_type is match('project') %} - project: "{{ role.summary_fields.resource_name }}" -{% elif role.summary_fields.resource_type is match('credential') %} - credential: "{{ role.summary_fields.resource_name }}" +{% elif (role|dict2items)[0].value.resource_type is match('job_template') %} + job_templates: +{% elif (role|dict2items)[0].value.resource_type is match('inventory') %} + inventories: +{% elif (role|dict2items)[0].value.resource_type is match('workflow_job_template') %} + workflow_job_templates: +{% elif (role|dict2items)[0].value.resource_type is match('project') %} + projects: +{% elif (role|dict2items)[0].value.resource_type is match('credential') %} + credentials: {% endif %} - role: "{{ role.name | lower }}" +{% for object_name in (role|dict2items)[0].value.resource_names %} + - "{{ object_name }}" +{% endfor %} +{% endif %} + role: "{% if (role|dict2items)[0].key | lower == 'approve' %}approval{% else %}{{ (role|dict2items)[0].key | lower | regex_replace(' ', '_') }}{% endif %}" {% endif %} {% endfor %} {% if last_user_role | default(true) | bool %} ... {% endif %} + + From 9584546b477b9f7a4d775d5373d64365e13a64bf Mon Sep 17 00:00:00 2001 From: Przemyslaw Kalitowski Date: Wed, 31 Jul 2024 12:55:08 +0200 Subject: [PATCH 2/5] fix: typo --- roles/filetree_create/tasks/team_roles.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/filetree_create/tasks/team_roles.yml b/roles/filetree_create/tasks/team_roles.yml index 18b4f37cd..bb79ac87a 100644 --- a/roles/filetree_create/tasks/team_roles.yml +++ b/roles/filetree_create/tasks/team_roles.yml @@ -55,7 +55,7 @@ block: "{{ lookup('template', 'templates/current_team_roles.j2') }}" vars: first_team_role: "{{ not team_roles_file.stat.exists }}" - when: objects_role | length > 0 + when: object_roles | length > 0 - name: "Remove all the blank lines introduced by the last task" ansible.builtin.lineinfile: From de68c7cdffbabef14687329f48df938af9f75e6f Mon Sep 17 00:00:00 2001 From: Przemyslaw Kalitowski Date: Wed, 31 Jul 2024 13:11:51 +0200 Subject: [PATCH 3/5] fix: add missing changelog --- .../fragments/filetree_create_role_export_optimization.yml | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 changelogs/fragments/filetree_create_role_export_optimization.yml diff --git a/changelogs/fragments/filetree_create_role_export_optimization.yml b/changelogs/fragments/filetree_create_role_export_optimization.yml new file mode 100644 index 000000000..ca672e6b8 --- /dev/null +++ b/changelogs/fragments/filetree_create_role_export_optimization.yml @@ -0,0 +1,3 @@ +minor_changes: + - filetree_create able export proper approval role (user roles) + - filetree_create able to bulk export role for objects \ No newline at end of file From c607edf479d783ad1069286de69a3f3966b77784 Mon Sep 17 00:00:00 2001 From: Przemyslaw Kalitowski Date: Wed, 31 Jul 2024 13:15:01 +0200 Subject: [PATCH 4/5] fix: remove new lines --- roles/filetree_create/templates/current_user_roles.j2 | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/filetree_create/templates/current_user_roles.j2 b/roles/filetree_create/templates/current_user_roles.j2 index 4ac9e537b..c58104e25 100644 --- a/roles/filetree_create/templates/current_user_roles.j2 +++ b/roles/filetree_create/templates/current_user_roles.j2 @@ -31,5 +31,3 @@ controller_roles: {% if last_user_role | default(true) | bool %} ... {% endif %} - - From b35f69674d8e43fa77f9598946a5e871b73f4e93 Mon Sep 17 00:00:00 2001 From: Przemyslaw Kalitowski Date: Wed, 31 Jul 2024 13:18:05 +0200 Subject: [PATCH 5/5] fix: add missing new line --- .../fragments/filetree_create_role_export_optimization.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelogs/fragments/filetree_create_role_export_optimization.yml b/changelogs/fragments/filetree_create_role_export_optimization.yml index ca672e6b8..4d9829d34 100644 --- a/changelogs/fragments/filetree_create_role_export_optimization.yml +++ b/changelogs/fragments/filetree_create_role_export_optimization.yml @@ -1,3 +1,3 @@ minor_changes: - filetree_create able export proper approval role (user roles) - - filetree_create able to bulk export role for objects \ No newline at end of file + - filetree_create able to bulk export role for objects