diff --git a/.ansible-lint b/.ansible-lint index 5c40629f5..78211f557 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -17,6 +17,10 @@ skip_list: # Skipping fqcn[action] because this collection supports using either the awx.awx or ansible.controller collection # so a FQCN cannot be used in module names - fqcn[action] + - fqcn[keyword] + - meta-runtime # This collection with the appropriate awx.awx or ansible.controller still works with older ansible. + - role-name[path] + - sanity[cannot-ignore] # We're only ignoring sanity rules when we have to kinds: - playbooks: "**/examples/templates/*.{yml,yaml}" - playbooks: "**/examples/*.{yml,yaml}" diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 51321e9f4..cba376184 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -15,10 +15,10 @@ Python's pre-commit tool can be installed, and hooks installed, to cleanup white 1. Create a local virtual environment for controller_configurations (suggested, its your system!) 2. Use pip to install pre-commit in your environment of choice: `pip install pre-commit` -3. Install pre-commit hooks with `pre-commit install --install-hooks -c .github/workflow-config/.pre-commit-config.yml` +3. Install pre-commit hooks with `pre-commit install --install-hooks -c .pre-commit-config.yaml` 4. With hooks installed, they will be run automatically when you call `git commit`, blocking commit if any hooks fail. 5. [Optional] If you want to ignore hook failures and commit anyway, use `git commit -n` -6. [Optional] Run pre-commit checks at any time with `pre-commit run --all -c .github/workflow-config/.pre-commit-config.yml`. +6. [Optional] Run pre-commit checks at any time with `pre-commit run --all -c .pre-commit-config.yaml`. Please see pre-commit documentation for further explanation: [Pre-commit](https://pre-commit.com/) @@ -29,14 +29,14 @@ If you feel like getting your hands dirty, feel free to make the change yourself 1. Fork the repo on Github, and then clone it locally. 2. Create a branch named appropriately for the change you are going to make. 3. Make your code change. -4. If you are creating a new role, please add a test for it in our [testing playbook.](https://github.com/redhat-cop/controller_configuration/blob/devel/examples/configure_controller.yml) by adding a new role entry and adding the appropriate yaml file with test data in the controller_configs directory. +4. If you are creating a new role, please add a test for it in our [testing playbook.](https://github.com/redhat-cop/controller_configuration/blob/devel/tests/configure_controller.yml) by adding a new role entry and adding the appropriate yaml file with test data in the controller_configs directory. 5. Add a changelog fragment in `changelogs/fragments` as per 6. Push your code change up to your forked repo. 7. Open a Pull Request to merge your changes to this repo. The comment box will be filled in automatically via a template. 8. All Pull Requests will be subject to Ansible and Yaml Linting checks. Please make sure that your code complies and fix any warnings that arise. These are Checks that appear at the bottom of your Pull Request. 9. All Pull requests are subject to Testing against being used in controller. As above there is a check at the bottom of your pull request for this named integration. -See [Using Pull Requests](https://help.github.com/articles/using-pull-requests/) got more information on how to use GitHub PRs. +See [Using Pull Requests](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request) got more information on how to use GitHub PRs. For an in depth guide on how to contribute see [this article](https://opensource.com/article/19/7/create-pull-request-github) @@ -57,6 +57,6 @@ As with all Ansible projects, we have a [Code of Conduct]. [ansible announce](https://groups.google.com/forum/#!forum/ansible-announce) [ansible communication](https://docs.ansible.com/ansible/latest/community/communication.html) [code of conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html) -[creating your fork on github](https://guides.github.com/activities/forking/) +[creating your fork on github](https://docs.github.com/en/get-started/quickstart/fork-a-repo) [discussions](https://github.com/redhat-cop/controller_configuration/discussions) [supported ansible versions](https://docs.ansible.com/ansible-core/devel/reference_appendices/release_and_maintenance.html#ansible-core-release-cycle) diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index d02a1765f..451a12a00 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -8,6 +8,9 @@ contact_links: - name: Discussions url: https://github.com/redhat-cop/controller_configuration/discussions about: Any kind of questions should go on the forum. + - name: Matrix room + url: https://matrix.to/#/#aap_config_as_code:ansible.com + about: Matrix room for questions and discussion. - name: Ansible Code of Conduct url: https://docs.ansible.com/ansible/latest/community/code_of_conduct.html about: Be nice to other members of the community. Behave. diff --git a/.github/tests/collections/ansible_collections/redhat_cop/controller_configuration b/.github/tests/collections/ansible_collections/redhat_cop/controller_configuration deleted file mode 120000 index c866b8687..000000000 --- a/.github/tests/collections/ansible_collections/redhat_cop/controller_configuration +++ /dev/null @@ -1 +0,0 @@ -../../../.. \ No newline at end of file diff --git a/.github/tests/configs/instances.yml b/.github/tests/configs/instances.yml deleted file mode 100644 index dc0f39617..000000000 --- a/.github/tests/configs/instances.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -controller_instances: - - hostname: my-instance.prod.example.com - capacity_adjustment: 0.4 -... diff --git a/.github/tests/templates/tasks/manage_execution_environments.yml b/.github/tests/templates/tasks/manage_execution_environments.yml deleted file mode 100644 index aa25a7e35..000000000 --- a/.github/tests/templates/tasks/manage_execution_environments.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- name: Include EE vars - include_vars: ../vars/controller_ees.yml - tags: - - ees - - alltags - -- import_role: - name: redhat_cop.controller_configuration.execution_environments - tags: - - ees - - alltags -... diff --git a/.github/workflow-config/kube/kustomization.yaml b/.github/workflow-config/kube/kustomization.yaml index c275a2f94..a2db911d3 100644 --- a/.github/workflow-config/kube/kustomization.yaml +++ b/.github/workflow-config/kube/kustomization.yaml @@ -2,13 +2,13 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: # Find the latest tag here: https://github.com/ansible/awx-operator/releases - - github.com/ansible/awx-operator/config/default?ref=1.0.0 + - github.com/ansible/awx-operator/config/default?ref=1.1.3 - awx.yaml # Set the image tags to match the git version from above images: - name: quay.io/ansible/awx-operator - newTag: 1.0.0 + newTag: 1.1.3 # Specify a custom namespace in which to install AWX namespace: default diff --git a/.github/workflow-config/kustomization.yaml b/.github/workflow-config/kustomization.yaml index 528b8026b..4b434901f 100644 --- a/.github/workflow-config/kustomization.yaml +++ b/.github/workflow-config/kustomization.yaml @@ -2,12 +2,12 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: # Find the latest tag here: https://github.com/ansible/awx-operator/releases - - github.com/ansible/awx-operator/config/default?ref=1.0.0 + - github.com/ansible/awx-operator/config/default?ref=1.1.3 # Set the image tags to match the git version from above images: - name: quay.io/ansible/awx-operator - newTag: 1.0.0 + newTag: 1.1.3 # Specify a custom namespace in which to install AWX namespace: default diff --git a/.github/workflows/ci_standalone.yml b/.github/workflows/ci_standalone.yml new file mode 100644 index 000000000..a3722811b --- /dev/null +++ b/.github/workflows/ci_standalone.yml @@ -0,0 +1,29 @@ +--- +name: Test collection with AWX matrix +on: + push: + branches: + - '*_' + - devel + tags: + - '*_' # ending underscore for trying things + - 'v[0-9]+.[0-9]+.[0-9]+' # final version + - 'v[0-9]+.[0-9]+.[0-9]+[abrc]+[0-9]+' # alpha, beta, release candidate (rc) + - 'v[0-9]+.[0-9]+.[0-9]+.dev[0-9]+' # development versions + pull_request: + +jobs: + ci_standalone: + strategy: + fail-fast: false + matrix: + awx_version: + - devel + - 21.13.0 + - 21.12.0 + - 21.11.0 + # - 20.1.0 Diabled until working + # - 19.5.1 Diabled until working + uses: "./.github/workflows/ci_standalone_versioned.yml" + with: + awx_version: ${{ matrix.awx_version }} diff --git a/.github/workflows/ci_standalone_versioned.yml b/.github/workflows/ci_standalone_versioned.yml new file mode 100644 index 000000000..db5f369a4 --- /dev/null +++ b/.github/workflows/ci_standalone_versioned.yml @@ -0,0 +1,70 @@ +--- +name: Test collection with AWX + +on: + workflow_call: + inputs: + awx_version: + description: The version to pull of awx + required: true + type: string +env: + # Run docker-compose up in the background + COMPOSE_UP_OPTS: -d + +jobs: + integration: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: "Checkout galaxy_ng" + uses: actions/checkout@v2 + with: + repository: ansible/awx + path: awx + ref: ${{ inputs.awx_version }} + + - uses: actions/setup-python@v2 + with: + python-version: "3.8" + + - name: Update apt + run: sudo apt -y update + + - name: Install requirements + run: sudo apt-get install -y libsasl2-dev python3-dev libldap2-dev libssl-dev build-essential + + - name: Install docker-compose + run: pip3 install --upgrade docker-compose + + - name: collect system info + run: whoami; id; pwd; ls -al; uname -a ; df -h .; mount ; cat /etc/issue; docker --version ; ps aux | fgrep -i docker; ls -al /var/run/containerd/containerd.sock + + - name: set the awx password in the inventory + run: echo "admin_password='password'" >> awx/tools/docker-compose/inventory + + - name: build images + working-directory: awx + run: make docker-compose-build + + - name: build stack + working-directory: awx + run: make docker-compose up + continue-on-error: true + + - name: give some time to spin up + run: sleep 30 + + - name: Display Versions + run: which python && pip --version && ansible --version + + - name: "Install Galaxy dependencies" + run: ansible-galaxy collection install -r .github/collections/requirements.yml + + - name: "Perform playbook tests" + run: ansible-playbook tests/configure_controller.yml -e controller_hostname=localhost:8043 -v + + - name: "Perform export model playbook tests" + run: ansible-playbook tests/configure_controller_export_model.yml -e controller_hostname=localhost:8043 -v +... diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 322513689..65d7309c2 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -5,31 +5,26 @@ name: pre-commit tests on: - pull_request: push: + branches: + - '*_' # ending underscore for trying things + - devel + tags: + - '*_' # ending underscore for trying things + - 'v[0-9]+.[0-9]+.[0-9]+' # final version + - 'v[0-9]+.[0-9]+.[0-9]+[abrc]+[0-9]+' # alpha, beta, release candidate (rc) + - 'v[0-9]+.[0-9]+.[0-9]+.dev[0-9]+' # development versions + pull_request: schedule: - cron: "0 6 * * *" jobs: - pre-commit: - uses: sean-m-sullivan/infra_git_ci_cd/.github/workflows/pre-commit.yml@main - sanity: - uses: sean-m-sullivan/infra_git_ci_cd/.github/workflows/sanity.yml@main + pre-commit_and_sanity: + uses: "redhat-cop/ansible_collections_tooling/.github/workflows/pre_commit_and_sanity.yml@main" with: - collection_namespace: redhat_cop + collection_namespace: infra collection_name: controller_configuration - collection_version: 1.0.0 + collection_version: 2.0.0 collection_repo: https://github.com/redhat-cop/controller_configuration/ - all_green: - if: ${{ always() }} - needs: - - pre-commit - - sanity - runs-on: ubuntu-latest - steps: - - run: >- - python -c "assert set([ - '${{ needs.pre-commit.result }}', - '${{ needs.sanity.result }}', - ]) == {'success'}" + collection_dependencies: awx.awx ... diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f5f02dab6..f87e15ae0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,70 +9,35 @@ on: - published jobs: - pre-commit: - uses: sean-m-sullivan/infra_git_ci_cd/.github/workflows/pre-commit.yml@main - sanity: - uses: sean-m-sullivan/infra_git_ci_cd/.github/workflows/sanity.yml@main + ci_standalone: + strategy: + fail-fast: false + matrix: + awx_version: + - devel + - 21.13.0 + - 21.12.0 + - 21.11.0 + # - 20.1.0 Diabled until working + # - 19.5.1 Diabled until working + uses: "./.github/workflows/ci_standalone_versioned.yml" with: - collection_namespace: redhat_cop - collection_name: controller_configuration - collection_version: 1.0.0 - collection_repo: https://github.com/redhat-cop/controller_configuration/ - prechecks: - needs: - - pre-commit - - sanity - runs-on: ubuntu-latest - steps: - - run: >- - python -c "assert set([ - '${{ needs.pre-commit.result }}', - '${{ needs.sanity.result }}', - ]) == {'success'}" - cop_release: - needs: - - prechecks - uses: sean-m-sullivan/infra_git_ci_cd/.github/workflows/release.yml@main - with: - collection_namespace: redhat_cop - collection_name: controller_configuration - collection_version: ${{ github.ref_name }} - collection_repo: https://github.com/redhat-cop/controller_configuration/ - secrets: - api_key: ${{ secrets.ANSIBLE_GALAXY_APIKEY }} - token: ${{ secrets.GITHUB_TOKEN }} - infra_release: - needs: - - cop_release - uses: sean-m-sullivan/infra_git_ci_cd/.github/workflows/release.yml@main - with: - collection_namespace: infra - collection_name: controller_configuration - collection_version: ${{ github.ref_name }} - collection_repo: https://github.com/redhat-cop/controller_configuration/ - secrets: - api_key: ${{ secrets.GALAXY_INFRA_KEY }} - token: ${{ secrets.GITHUB_TOKEN }} - release_check: - needs: - - cop_release - - infra_release - runs-on: ubuntu-latest - steps: - - run: >- - python -c "assert set([ - '${{ needs.infra_release.result }}', - '${{ needs.cop_release.result }}', - ]) == {'success'}" - changelog: + awx_version: ${{ matrix.awx_version }} + release: needs: - - release_check - uses: sean-m-sullivan/infra_git_ci_cd/.github/workflows/create_changelog.yml@main + - ci_standalone + uses: "redhat-cop/ansible_collections_tooling/.github/workflows/release_pipeline.yml@main" with: collection_namespace: infra + collection_namespace_2: redhat_cop collection_name: controller_configuration collection_version: ${{ github.ref_name }} collection_repo: https://github.com/redhat-cop/controller_configuration/ + quay_username: redhat_cop + collection_dependencies: awx.awx secrets: + galaxy_api_key: ${{ secrets.ANSIBLE_GALAXY_APIKEY }} + infra_api_key: ${{ secrets.GALAXY_INFRA_KEY }} token: ${{ secrets.GITHUB_TOKEN }} + quay_token: ${{ secrets.quay_token }} ... diff --git a/.github/workflows/testing_minikube.yml b/.github/workflows/testing_minikube.yml deleted file mode 100644 index 45a556602..000000000 --- a/.github/workflows/testing_minikube.yml +++ /dev/null @@ -1,83 +0,0 @@ ---- -name: Run Test Playbooks Minikube - -on: [push, pull_request] - -jobs: - Integration-test: - name: Deploy Tower to Minikube and run tests - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v2 - - - name: "Install dependencies" - run: pip install -r .github/requirements.txt - - - name: Setup Minikube - uses: manusa/actions-setup-minikube@v2.4.2 - with: - minikube version: 'v1.21.0' - kubernetes version: 'v1.20.7' - start args: '--addons=ingress' - - - name: Wait / Sleep - uses: jakejarvis/wait-action@v0.1.0 - with: - time: '20s' - - - name: Setup awx operator - run: | - minikube kubectl create secret generic awx-admin-password -- --from-literal=password=password - minikube addons enable ingress - alias kubectl="minikube kubectl --" - - - name: kustomize awx operator - working-directory: .github/workflow-config - run: kustomize build . | kubectl apply -f - - - - name: Wait / Sleep - uses: jakejarvis/wait-action@v0.1.0 - with: - time: '30s' - - - name: kustomize awx - working-directory: .github/workflow-config/kube - run: kustomize build . | kubectl apply -f - - - - name: Wait / Sleep - uses: jakejarvis/wait-action@v0.1.0 - with: - time: '30s' - - - name: Check service URL - uses: nick-invision/retry@v2 - with: - timeout_minutes: 10 - max_attempts: 25 - retry_wait_seconds: 30 - command: minikube service awx-service --url - - - name: minikube kubectl get pods - run: minikube kubectl get pods - - - name: Set service url - run: echo '::set-output name=SERVICEURL::$(minikube service awx-service --url)' - id: service-url - - - name: Display service url - run: echo "Service URL is ${{ steps.service-url.outputs.SERVICEURL }}" - - - name: Display Versions - run: which python && pip --version && ansible --version - - - name: "Install Galaxy dependencies" - run: ansible-galaxy collection install -r .github/collections/requirements.yml - - - name: "Perform playbook tests" - run: ansible-playbook .github/tests/configure_controller.yml -e controller_hostname=${{ steps.service-url.outputs.SERVICEURL }} - - - name: "Perform export model playbook tests" - run: ansible-playbook .github/tests/configure_controller_export_model.yml -e controller_hostname=${{ steps.service-url.outputs.SERVICEURL }} -... diff --git a/.github/workflows/update_pre_commit.yml b/.github/workflows/update_pre_commit.yml new file mode 100644 index 000000000..edbd05279 --- /dev/null +++ b/.github/workflows/update_pre_commit.yml @@ -0,0 +1,18 @@ +--- +# This workflow action will run pre-commit, which will execute ansible and yaml linting +# See .pre-commit-config.yaml for what hooks are executed +name: Update pre-commit configuration + + +on: + schedule: + - cron: "0 5 * * *" + +jobs: + pre-commit: + uses: "redhat-cop/ansible_collections_tooling/.github/workflows/update_precommit.yml@main" + with: + github_actor: ${{ github.actor }} + secrets: + token: ${{ secrets.GITHUB_TOKEN }} +... diff --git a/.gitignore b/.gitignore index 8fbc38cb3..188a8aadc 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,6 @@ collections/* galaxy.yml *.tar.gz *.pyc +id_rsa* +test +tests/output diff --git a/.mlc_config.json b/.mlc_config.json new file mode 100644 index 000000000..12743e52d --- /dev/null +++ b/.mlc_config.json @@ -0,0 +1,10 @@ +{ + "httpHeaders": [ + { + "urls": ["https://github.com/", "https://guides.github.com/", "https://help.github.com/", "https://docs.github.com/"], + "headers": { + "Accept-Encoding": "zstd, br, gzip, deflate" + } + } + ] + } diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 88708d151..bc9f9cc01 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -14,7 +14,7 @@ repos: # types: # - yaml - repo: 'https://github.com/ansible-community/ansible-lint.git' - rev: v6.9.1 + rev: v6.14.3 hooks: # see discussions here about what arguments are used, and behavior # https://github.com/ansible/ansible-lint/issues/649 @@ -30,11 +30,11 @@ repos: - "ansible-core>=2.13" - "yamllint>=1.26,<2.0" - repo: https://github.com/DavidAnson/markdownlint-cli2 - rev: v0.5.1 + rev: v0.6.0 hooks: - id: markdownlint-cli2 - repo: https://github.com/ambv/black - rev: 22.10.0 + rev: 23.1.0 hooks: - id: black name: black diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 7ded1513f..85ada7f19 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,10 +1,71 @@ -================================================= -redhat_cop.controller_configuration Release Notes -================================================= +============================================ +infra.controller_configuration Release Notes +============================================ .. contents:: Topics +v2.3.1 +====== + +Bugfixes +-------- + +- Ensures vars get loaded properly by dispatch role +- Fixed issue in filetree_read where arg spec incorrect and caused failure (#550) + +v2.3.0 +====== + +Minor Changes +------------- + +- Adapt filetree_read role tests playbook config-controller-filetree.yml. +- Add new type of objects for object_diff role: applications, execution environments, instance groups, notifications and schedules +- Add no_log to all tasks that populates data to avoid exposing encrypted data +- Add task to add Galaxy credentials and Execution Environments to Organization. +- Set the variables to assign_galaxy_credentials_to_org and assign_default_ee_to_org to false in the task to run all roles at dispatch role. +- avoid to create orgs during drop_diff +- fixed an extra blank line in schedules readme that was breaking the table +- removed references to redhat_cop as a collection namespace in the readme files. + +Breaking Changes / Porting Guide +-------------------------------- + +- updated object_diff role to use the infra namespace, that means to use the role it requires the infra version of the collection. Previous version required the redhat_cop + +Bugfixes +-------- + +- Added argument_spec for all roles +- Fixed name of task for inventory source update +- Fixed variable definitions in readmes +- Removed master_role_example as no longer required (this wasn't a functional role) + +v2.2.5 +====== + +Minor Changes +------------- + +- Add max_forks, max_concurrent_jobs as options to instance_groups role +- Add no_log everywhere controller_api_plugin is used to avoid to expose sensitive information in case of crashes. +- Add no_log everywhere controller_api_plugin is used to avoid to expose sensitive information in case of crashes. +- Add or fix some variables or extra_vars exported from objects like notifications, inventory, inventory_source, hosts, groups, jt or wjt. +- Add roles object to object_diff role and controller_object_diff lookup plugin. +- Fix one query with controller_password to change it and set oauth_token=controller_oauthtoken. +- Fixed typos in README.md. +- Improve template to export settings with filetree_create role. Settings will be in yaml format. +- Renamed the field `update` to `update_project` to avoid colliding with the Python dict update method +- Renamed variable controller_workflow_job_templates to controller_workflows (the previos one was not used at all). +- Renamed variable controller_workflow_job_templates to controller_workflows (the previos one was not used at all). +- return_all: true has been added to return the maximum of max_objects=query_controller_api_max_objects objects. + +Bugfixes +-------- + +- Enable the ability to define simple_workflow_nodes on workflow_job_templates without the need to set the `state` on a workflow_job_template (https://github.com/redhat-cop/controller_configuration/issues/297). + v2.2.4 ====== diff --git a/EXPORT_README.md b/EXPORT_README.md index 407cce276..d02612d90 100644 --- a/EXPORT_README.md +++ b/EXPORT_README.md @@ -2,10 +2,12 @@ ## Description -This is documentation on how to use a the Automation Controller export commands in development. +This is documentation on how to use a the Automation Controller export commands in development. You can also look at the [filetree_create](roles/filetree_create/README.md) role as another method to export data. This command allows exporting all available endpoints for Automation Controller for use in importing, templates, backups and many other uses. +**NOTE:** If you use the awx export option it will NOT use the correct high level variable list naming that is expected by the rest of these roles you will need to correctly name them before being able to use the roles to import the data into your new Controller. See [#332](https://github.com/redhat-cop/controller_configuration/issues/332) for more details. + ## Installation ```console diff --git a/README.md b/README.md index 62b1cab07..2c0dbe853 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,15 @@ # Red Hat Communities of Practice Controller Configuration Collection -![Ansible Lint](https://github.com/redhat-cop/controller_configuration/workflows/Yaml%20and%20Ansible%20Lint/badge.svg) +![pre-commit tests](https://github.com/redhat-cop/controller_configuration/actions/workflows/pre-commit.yml/badge.svg) ![Galaxy Release](https://github.com/redhat-cop/controller_configuration/workflows/galaxy-release/badge.svg) + This Ansible collection allows for easy interaction with an AWX or Ansible Controller server via Ansible roles using the AWX/Controller collection modules. -## REQUIREMENTS +## Requirements -The AWX.AWX OR ANSIBLE.CONTROLLER collections MUST be installed in order for this collection to work. It is recommended they be invoked in the playbook in the following way. +The awx.awx or ansible.controller collections MUST be installed in order for this collection to work. It is recommended they be invoked in the playbook in the following way. ```yaml --- @@ -21,7 +22,7 @@ The AWX.AWX OR ANSIBLE.CONTROLLER collections MUST be installed in order for thi - awx.awx ``` -## Redhat Communities of Practice Configuration Collections Suite +## Red Hat Communities of Practice Configuration Collections Suite |Collection Name|Purpose| |:---:|:---:| @@ -37,10 +38,10 @@ Click the `Content` button to see the list of content included in this collectio ## Installing this collection -You can install the redhat_cop controller_configuration collection with the Ansible Galaxy CLI: +You can install the infra.controller_configuration.collection with the Ansible Galaxy CLI: ```console -ansible-galaxy collection install redhat_cop.controller_configuration +ansible-galaxy collection install infra.controller_configuration ``` You can also include it in a `requirements.yml` file and install it with `ansible-galaxy collection install -r requirements.yml`, using the format: @@ -48,7 +49,7 @@ You can also include it in a `requirements.yml` file and install it with `ansibl ```yaml --- collections: - - name: redhat_cop.controller_configuration + - name: infra.controller_configuration # If you need a specific version of the collection, you can specify like this: # version: ... ``` @@ -59,18 +60,12 @@ If you were using a version of redhat_cop.tower_configuration, please refer to o ## Using this collection -The awx.awx or ansible.controller collection must be invoked in the playbook in order for ansible to pick up the correct modules to use. +The awx.awx or ansible.controller collection must be invoked in the playbook in order for Ansible to pick up the correct modules to use. -The following command will invoke the playbook with the awx collection +The following command will invoke the collection playbook. This is considered a starting point for the collection. ```console -ansible-playbook redhat_cop.controller_configuration.configure_awx.yml -``` - -The following command will invoke the playbook with the ansible.controller collection - -```console -ansible-playbook redhat_cop.controller_configuration.configure_controller.yml +ansible-playbook infra.controller_configuration.configure_controller.yml ``` Otherwise it will look for the modules only in your base installation. If there are errors complaining about "couldn't resolve module/action" this is the most likely cause. @@ -94,7 +89,7 @@ You can also specify authentication by a combination of either: - `controller_hostname`, `controller_oauthtoken` The OAuth2 token is the preferred method. You can obtain the token through the preferred `controller_token` module, or through the -AWX CLI [login](https://docs.ansible.com/automation-controller/latest/html/controllercli/authentication.html) +AWX CLI [login](https://docs.ansible.com/automation-controller/latest/html/controllerapi/authentication.html) command. These can be specified via (from highest to lowest precedence): @@ -130,13 +125,13 @@ Controller token module would be invoked with this code: ### Automate the Automation -Every Ansible Controller instance has it's own particularities and needs. Every administrator team has it's own practices and costumes. This collection allows to addapt to every needs, from small to large scale, having the objects distributed across multiple environments and leveraging Automation Webhook that can be used to link a Git repository and Ansible automation natively. +Every Ansible Controller instance has it's own particularities and needs. Every administrator team has it's own practices and customs. This collection allows adaptation to every need, from small to large scale, having the objects distributed across multiple environments and leveraging Automation Webhook that can be used to link a Git repository and Ansible automation natively. A complete example of how to use all of the roles present in the collection is available at the following [README.md](roles/filetree_create/automatetheautomation.md), where all the phases to allow CI/CD for the Controller Configuration are provided. #### Scale at your needs -The input data can be organized in a very flexible way, letting the user to use from a single file to an entire file tree to store the controller objects definitions, which could be used as a logical segregation of different applications, as needed in real scenarios. +The input data can be organized in a very flexible way, letting the user use anything from a single file to an entire file tree to store the controller objects definitions, which could be used as a logical segregation of different applications, as needed in real scenarios. ### Controller Export @@ -155,6 +150,14 @@ A Template to use in order to start using the collections can be found [here](ht For details on changes between versions, please see [the changelog for this collection](CHANGELOG.rst). +## Releasing, Versioning and Deprecation + +This collection follows [Semantic Versioning](https://semver.org/). More details on versioning can be found [in the Ansible docs](https://docs.ansible.com/ansible/latest/dev_guide/developing_collections.html#collection-versions). + +We plan to regularly release new minor or bugfix versions once new features or bugfixes have been implemented. + +Releasing the current major version happens from the `devel` branch. + ## Roadmap Adding the ability to use direct output from the awx export command in the roles along with the current data model. @@ -164,6 +167,11 @@ Adding the ability to use direct output from the awx export command in the roles We welcome community contributions to this collection. If you find problems, please open an issue or create a PR against the [Controller Configuration collection repository](https://github.com/redhat-cop/controller_configuration). More information about contributing can be found in our [Contribution Guidelines.](https://github.com/redhat-cop/controller_configuration/blob/devel/.github/CONTRIBUTING.md) +We have a community meeting every 4 weeks. Find the agenda in the [issues](https://github.com/redhat-cop/controller_configuration/issues) and the calendar invitation below: + + + + ## Code of Conduct This collection follows the Ansible project's diff --git a/changelogs/.plugin-cache.yaml b/changelogs/.plugin-cache.yaml index 97d430d7e..7b116cc24 100644 --- a/changelogs/.plugin-cache.yaml +++ b/changelogs/.plugin-cache.yaml @@ -1,11 +1,154 @@ objects: - role: {} + role: + ad_hoc_command: + description: An Ansible Role to run a list of ad hoc commands on Ansible Controller. + name: ad_hoc_command + version_added: null + ad_hoc_command_cancel: + description: An Ansible Role to cancel a list of ad hoc commands on Ansible + Controller. + name: ad_hoc_command_cancel + version_added: null + applications: + description: An Ansible Role to create Applications on Ansible Controller. + name: applications + version_added: null + credential_input_sources: + description: An Ansible Role to create Credential Input Sources on Ansible Controller. + name: credential_input_sources + version_added: null + credential_types: + description: An Ansible Role to create credential types on Ansible Controller. + name: credential_types + version_added: null + credentials: + description: An Ansible Role to create credentials on Ansible Controller. + name: credentials + version_added: null + dispatch: + description: An Ansible Role to call other roles to create objects on Ansible + Controller. + name: dispatch + version_added: null + execution_environments: + description: An Ansible Role to create execution environment objects on Ansible + Controller. + name: execution_environments + version_added: null + filetree_create: + description: An Ansible Role to create a local file tree of objects existing + in Controller + name: filetree_create + version_added: null + filetree_read: + description: An Ansible Role to read from a local file tree and create objects + in Controller + name: filetree_read + version_added: null + groups: + description: An Ansible Role to create groups on Ansible Controller. + name: groups + version_added: null + hosts: + description: An Ansible Role to create hosts on Ansible Controller. + name: hosts + version_added: null + instance_groups: + description: An Ansible Role to create instance groups on Ansible Controller. + name: instance_groups + version_added: null + instances: + description: An Ansible Role to create instances on Ansible Controller. + name: instances + version_added: null + inventories: + description: An Ansible Role to create inventories on Ansible Controller. + name: inventories + version_added: null + inventory_source_update: + description: An Ansible Role to update inventory sources on Ansible Controller. + name: inventory_source_update + version_added: null + inventory_sources: + description: An Ansible Role to create inventory sources on Ansible Controller. + name: inventory_sources + version_added: null + job_launch: + description: An Ansible Role to launch jobs on Ansible Controller. + name: job_launch + version_added: null + job_templates: + description: An Ansible Role to create job templates on Ansible Controller. + name: job_templates + version_added: null + jobs_cancel: + description: An Ansible Role to cancel a list of jobs on Ansible Controller. + name: jobs_cancel + version_added: null + labels: + description: An Ansible Role to create labels on Ansible Controller. + name: labels + version_added: null + license: + description: An Ansible Role to deploy a license on Ansible Controller. + name: license + version_added: null + notification_templates: + description: An Ansible Role to create notification templates on Ansible Controller. + name: notification_templates + version_added: null + object_diff: + description: An Ansible Role to read from a local file tree and create objects + in Controller + name: object_diff + version_added: null + organizations: + description: An Ansible Role to create organizations on Ansible Controller. + name: organizations + version_added: null + project_update: + description: An Ansible Role to update projects on Ansible Controller. + name: project_update + version_added: null + projects: + description: An Ansible Role to create projects on Ansible Controller. + name: projects + version_added: null + roles: + description: An Ansible Role to create roles on Ansible Controller. + name: roles + version_added: null + schedules: + description: An Ansible Role to create schedules on Ansible Controller. + name: schedules + version_added: null + settings: + description: An Ansible Role to create settings on Ansible Controller. + name: settings + version_added: null + teams: + description: An Ansible Role to create teams on Ansible Controller. + name: teams + version_added: null + users: + description: An Ansible Role to create users on Ansible Controller. + name: users + version_added: null + workflow_job_templates: + description: An Ansible Role to create workflow job templates on Ansible Controller. + name: workflow_job_templates + version_added: null + workflow_launch: + description: An Ansible Role to launch workflows on Ansible Controller. + name: workflow_launch + version_added: null plugins: become: {} cache: {} callback: {} cliconf: {} connection: {} + filter: {} httpapi: {} inventory: {} lookup: @@ -17,5 +160,6 @@ plugins: netconf: {} shell: {} strategy: {} + test: {} vars: {} -version: 2.2.4 +version: 2.3.1 diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index 70dc24cfc..9241d55e4 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -346,3 +346,79 @@ releases: - remove_examples.yml - removed_ update_on_project_update.yml release_date: '2022-11-30' + 2.2.5: + changes: + bugfixes: + - Enable the ability to define simple_workflow_nodes on workflow_job_templates + without the need to set the `state` on a workflow_job_template (https://github.com/redhat-cop/controller_configuration/issues/297). + minor_changes: + - Add max_forks, max_concurrent_jobs as options to instance_groups role + - Add no_log everywhere controller_api_plugin is used to avoid to expose sensitive + information in case of crashes. + - Add no_log everywhere controller_api_plugin is used to avoid to expose sensitive + information in case of crashes. + - Add or fix some variables or extra_vars exported from objects like notifications, + inventory, inventory_source, hosts, groups, jt or wjt. + - Add roles object to object_diff role and controller_object_diff lookup plugin. + - Fix one query with controller_password to change it and set oauth_token=controller_oauthtoken. + - Fixed typos in README.md. + - Improve template to export settings with filetree_create role. Settings will + be in yaml format. + - Renamed the field `update` to `update_project` to avoid colliding with the + Python dict update method + - Renamed variable controller_workflow_job_templates to controller_workflows + (the previos one was not used at all). + - Renamed variable controller_workflow_job_templates to controller_workflows + (the previos one was not used at all). + - 'return_all: true has been added to return the maximum of max_objects=query_controller_api_max_objects + objects.' + fragments: + - filetree_create.yml + - instance_group.yml + - object_diff.yml + - object_diff_role_and_plugin.yml + - project_updates.yml + - typos.yml + - workflow_job_template_state_and_nodes.yml + release_date: '2023-01-26' + 2.3.0: + changes: + breaking_changes: + - updated object_diff role to use the infra namespace, that means to use the + role it requires the infra version of the collection. Previous version required + the redhat_cop + bugfixes: + - Fixed name of task for inventory source update + - Fixed variable definitions in readmes + - Removed master_role_example as no longer required (this wasn't a functional + role) + minor_changes: + - Added argument_spec for all roles + - Adapt filetree_read role tests playbook config-controller-filetree.yml. + - 'Add new type of objects for object_diff role: applications, execution environments, + instance groups, notifications and schedules' + - Add no_log to all tasks that populates data to avoid exposing encrypted data + - Add task to add Galaxy credentials and Execution Environments to Organization. + - Set the variables to assign_galaxy_credentials_to_org and assign_default_ee_to_org + to false in the task to run all roles at dispatch role. + - avoid to create orgs during drop_diff + - fixed an extra blank line in schedules readme that was breaking the table + - removed references to redhat_cop as a collection namespace in the readme files. + fragments: + - arg_spec.yml + - dispatch_creds_ee_orgs_creation.yml + - filetree_read.yml + - fixing_readme.yaml + - i_s_u_title.yml + - object_diff_role_and_plugin.yml + - redhat_to_infra_conversion.yml + release_date: '2023-03-16' + 2.3.1: + changes: + bugfixes: + - Added argument_spec for all roles + - Ensures vars get loaded properly by dispatch role + fragments: + - arg_spec.yml + - dispatch_fix.yml + release_date: '2023-03-24' diff --git a/changelogs/config.yaml b/changelogs/config.yaml index 936f16f05..01acf451b 100644 --- a/changelogs/config.yaml +++ b/changelogs/config.yaml @@ -28,7 +28,7 @@ sections: - Bugfixes - - known_issues - Known Issues -title: redhat_cop.controller_configuration +title: infra.controller_configuration trivial_section_name: trivial use_fqcn: true ... diff --git a/docs/CONVERSION_GUIDE.md b/docs/CONVERSION_GUIDE.md index 3e82e6727..166f12eb4 100644 --- a/docs/CONVERSION_GUIDE.md +++ b/docs/CONVERSION_GUIDE.md @@ -18,7 +18,7 @@ Otherwise it will look for the modules only in your base installation. If there controller_validate_certs: false collections: - awx.awx - - redhat_cop.controller_configuration + - infra.controller_configuration ``` ## Variable name changes diff --git a/docs/aap_config_as_code_public_meeting.ics b/docs/aap_config_as_code_public_meeting.ics new file mode 100644 index 000000000..8ae6c226e --- /dev/null +++ b/docs/aap_config_as_code_public_meeting.ics @@ -0,0 +1,39 @@ +BEGIN:VCALENDAR +CALSCALE:GREGORIAN +VERSION:2.0 +X-WR-CALNAME:AAP config as code Public meeting +METHOD:PUBLISH +PRODID:-//Apple Inc.//macOS 13.2.1//EN +BEGIN:VEVENT +TRANSP:OPAQUE +DTEND:20230412T160000Z +ORGANIZER;CN="ssulliva@redhat.com";EMAIL="ssulliva@redhat.com":mailto:ss + ulliva@redhat.com +UID:2k8fmfg2msr8lfi6k6g5upqt9a@google.com +DTSTAMP:20230316T155301Z +X-GOOGLE-CONFERENCE:https://meet.google.com/npj-fyzv-oyo +DESCRIPTION:https://github.com/redhat-cop/controller_configuration/i + ssues/475\n\n-::~:~::~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~ + :~:~:~:~:~:~:~:~:~:~:~:~::~:~::-\nJoin with Google Meet: https://meet.go + ogle.com/npj-fyzv-oyo\nOr dial: (US) +1 470-722-0265 PIN: 621302239#\n\n + Join using SIP\n1189446461569@gmeet.redhat.com (ID: 1189446461569)\nMore + joining options: https://tel.meet/npj-fyzv-oyo?pin=1189446461569&hs=7\n + \nLearn more about Meet at: https://support.google.com/a/users/answer/92 + 82720\n\nPlease do not edit this section.\n-::~:~::~:~:~:~:~:~:~:~:~:~:~ + :~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~::~:~::- +STATUS:CONFIRMED +SEQUENCE:2 +SUMMARY:AAP config as code Public meeting +DTSTART:20230412T150000Z +LAST-MODIFIED:20230316T155150Z +CREATED:20230123T211213Z +BEGIN:VALARM +UID:4555EBDE-771F-420A-9ED8-CB6C7540E67D +X-WR-ALARMUID:4555EBDE-771F-420A-9ED8-CB6C7540E67D +TRIGGER:-PT10M +DESCRIPTION:This is an event reminder +ACTION:DISPLAY +END:VALARM +END:VEVENT +END:VCALENDAR diff --git a/meta/runtime.yml b/meta/runtime.yml index 33947e1f5..e4bff6aec 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -1,3 +1,3 @@ --- -requires_ansible: '>=2.9.6' +requires_ansible: '>=2.9.27' ... diff --git a/plugins/lookup/controller_object_diff.py b/plugins/lookup/controller_object_diff.py index a65ec6c48..33e1a0b66 100644 --- a/plugins/lookup/controller_object_diff.py +++ b/plugins/lookup/controller_object_diff.py @@ -67,13 +67,13 @@ - name: "Find the difference of Project between what is on the Controller versus curated list." set_fact: - project_difference: "{{ lookup('redhat_cop.controller_configuration.controller_object_diff', + project_difference: "{{ lookup('infra.controller_configuration.controller_object_diff', api_list=controller_api_results, compare_list=differential_item.differential_test_items, with_present=true, set_absent=true ) }}" - name: Add Projects include_role: - name: redhat_cop.controller_configuration.projects + name: infra.controller_configuration.projects vars: controller_projects: "{{ project_difference }}" @@ -93,6 +93,7 @@ from ansible.errors import AnsibleError, AnsibleLookupError from ansible.module_utils._text import to_native from ansible.utils.display import Display +import copy class LookupModule(LookupBase): @@ -119,7 +120,7 @@ def run(self, terms, variables=None, **kwargs): return [api_list] # Set Keys to keep for each list. Depending on type - if api_list[0]["type"] == "organization" or api_list[0]["type"] == "credential_type": + if api_list[0]["type"] == "organization" or api_list[0]["type"] == "credential_type" or api_list[0]["type"] == "instance_group": keys_to_keep = ["name"] api_keys_to_keep = ["name"] elif api_list[0]["type"] == "user": @@ -131,6 +132,14 @@ def run(self, terms, variables=None, **kwargs): elif api_list[0]["type"] == "group" or api_list[0]["type"] == "host": keys_to_keep = ["name", "inventory"] api_keys_to_keep = ["name", "summary_fields"] + elif api_list[0]["type"] == "schedule": + keys_to_keep = ["name", "unified_job_template"] + api_keys_to_keep = ["name", "summary_fields"] + elif api_list[0]["type"] == "execution_environment": + keys_to_keep = ["name", "organization", "image"] + api_keys_to_keep = ["name", "summary_fields", "image"] + elif api_list[0]["type"] == "role": + pass else: keys_to_keep = ["name", "organization"] api_keys_to_keep = ["name", "summary_fields"] @@ -143,19 +152,27 @@ def run(self, terms, variables=None, **kwargs): keys_to_keep.append("inventory") api_keys_to_keep.append("inventory") - for item in compare_list: - for key in keys_to_keep: - if key not in item.keys(): - self.handle_error(msg="Key: '{0}' missing from item in compare_list item: {1}".format(key, item)) + if api_list[0]["type"] != "role": + for item in compare_list: + for key in keys_to_keep: + if key not in item.keys(): + self.handle_error(msg="Key: '{0}' missing from item in compare_list item: {1}".format(key, item)) - for item in api_list: - for key in api_keys_to_keep: - if key not in item.keys(): - self.handle_error(msg="Key: '{0}' missing from item in api_list. Does this object come from the api? item: {1}".format(key, item)) + for item in api_list: + for key in api_keys_to_keep: + if key not in item.keys(): + self.handle_error(msg="Key: '{0}' missing from item in api_list. Does this object come from the api? item: {1}".format(key, item)) # Reduce list to name and organization - compare_list_reduced = [{key: item[key] for key in keys_to_keep} for item in compare_list] - api_list_reduced = [{key: item[key] for key in api_keys_to_keep} for item in api_list] + if api_list[0]["type"] == "role": + compare_list_reduced = copy.deepcopy(compare_list) + api_list_reduced = copy.deepcopy(api_list) + elif api_list[0]["type"] == "instance_group": + compare_list_reduced = [{key: item[key] for key in keys_to_keep} for item in compare_list] + api_list_reduced = [{key: item[key] for key in api_keys_to_keep} for item in api_list if item["summary_fields"]["user_capabilities"]["delete"]] + else: + compare_list_reduced = [{key: item[key] for key in keys_to_keep} for item in compare_list] + api_list_reduced = [{key: item[key] for key in api_keys_to_keep} for item in api_list] # Convert summary field name into org name Only if not type organization if api_list[0]["type"] == "group" or api_list[0]["type"] == "host": @@ -177,16 +194,90 @@ def run(self, terms, variables=None, **kwargs): item.update({"unified_job_template": item["summary_fields"]["unified_job_template"]["name"]}) item.update({"workflow_job_template": item["summary_fields"]["workflow_job_template"]["name"]}) item.pop("summary_fields") - elif api_list[0]["type"] != "organization" and api_list[0]["type"] != "user" and api_list[0]["type"] != "credential_type": + elif api_list[0]["type"] == "schedule": + for item in api_list_reduced: + item.update({"unified_job_template": item["summary_fields"]["unified_job_template"]["name"]}) + item.pop("summary_fields") + elif api_list[0]["type"] == "role": + for item in api_list_reduced: + if item["resource_type"] == "organization": + item.update({"organizations": [item[item["resource_type"]]]}) + item.update({"role": item["name"].lower()}) + # Remove the extra fields + item.pop("users") + item.pop("teams") + item.pop("name") + item.pop("resource_type") + if "organization" in item: + item.pop("organization") + if "type" in item: + item.pop("type") + list_to_extend = [] + list_to_remove = [] + for item in compare_list_reduced: + target_teams_expanded = False + job_templates_expanded = False + workflows_expanded = False + if "target_teams" in item: + for team in item["target_teams"]: + new_item = copy.deepcopy(item) + new_item.update({"team": team}) + new_item.pop("target_teams") + if "job_templates" in new_item: + new_item.pop("job_templates") + if "workflows" in new_item: + new_item.pop("workflows") + list_to_extend.append(new_item) + target_teams_expanded = True + if "job_templates" in item: + for job_template in item["job_templates"]: + new_item = copy.deepcopy(item) + new_item.update({"job_template": job_template}) + new_item.pop("job_templates") + if "target_teams" in new_item: + new_item.pop("target_teams") + if "workflows" in new_item: + new_item.pop("workflows") + list_to_extend.append(new_item) + job_templates_expanded = True + if "workflows" in item: + for workflow in item["workflows"]: + new_item = copy.deepcopy(item) + new_item.update({"workflow_job_template": workflow}) + new_item.pop("workflows") + if "target_teams" in new_item: + new_item.pop("target_teams") + if "job_templates" in new_item: + new_item.pop("job_templates") + list_to_extend.append(new_item) + workflows_expanded = True + if target_teams_expanded or job_templates_expanded or workflows_expanded: + list_to_remove.append(item) + for item in list_to_remove: + compare_list_reduced.remove(item) + compare_list_reduced.extend(list_to_extend) + elif ( + api_list[0]["type"] != "organization" + and api_list[0]["type"] != "user" + and api_list[0]["type"] != "credential_type" + and api_list[0]["type"] != "schedule" + and api_list[0]["type"] != "instance_group" + ): for item in api_list_reduced: item.update({"organization": item["summary_fields"]["organization"]["name"]}) item.pop("summary_fields") - self.display.warning("compare_list_reduced: {0}".format(compare_list_reduced)) - self.display.warning("api_list_reduced: {0}".format(api_list_reduced)) + self.display.v("compare_list_reduced: {0}".format(compare_list_reduced)) + self.display.v("api_list_reduced: {0}".format(api_list_reduced)) # Find difference between lists - difference = [i for i in api_list_reduced if i not in compare_list_reduced] + if api_list[0]["type"] != "role": + difference = [i for i in api_list_reduced if i not in compare_list_reduced] + else: + difference = [] + for item in api_list_reduced: + if item not in compare_list_reduced: + difference.append(item) # Set if self.get_option("set_absent"): @@ -200,4 +291,12 @@ def run(self, terms, variables=None, **kwargs): # Return Compare list with difference attached difference = compare_list + if api_list[0]["type"] == "role": + difference_to_remove = [] + for item in difference: + if "no_resource_type" in item or len(item) <= 3: + difference_to_remove.append(item) + for item in difference_to_remove: + difference.remove(item) + return [difference] diff --git a/roles/ad_hoc_command/README.md b/roles/ad_hoc_command/README.md index 0625d5604..6b703cf87 100644 --- a/roles/ad_hoc_command/README.md +++ b/roles/ad_hoc_command/README.md @@ -45,7 +45,7 @@ controller_configuration_ad_hoc_command_secure_logging defaults to the value of |Variable Name|Default Value|Required|Type|Description| |:---:|:---:|:---:|:---:|:---:| |`job_type`|"run"|no|str|Job_type to use for the ad hoc command. Either run or check.| -|`inventory`|""|str|yes|Inventory to use for the ad hoc command.| +|`inventory`|""|yes|str|Inventory to use for the ad hoc command.| |`limit`|`False`|no|str|Limit to use for the ad hoc command.| |`credential`|""|yes|str|Credential to use for ad hoc command.| |`execution_environment`|""|no|str|Execution Environment to use for ad hoc command.| @@ -90,18 +90,18 @@ controller_ad_hoc_commands: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.ad_hoc_command, when: controller_ad_hoc_commands is defined} + - {role: infra.controller_configuration.ad_hoc_command, when: controller_ad_hoc_commands is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/ad_hoc_command/meta/argument_specs.yml b/roles/ad_hoc_command/meta/argument_specs.yml new file mode 100644 index 000000000..c2260a2d9 --- /dev/null +++ b/roles/ad_hoc_command/meta/argument_specs.yml @@ -0,0 +1,120 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to run a list of ad hoc commands on Ansible Controller. + options: + controller_ad_hoc_commands: + description: Data structure describing your ad hoc commands to run + type: list + elements: dict + # options: + # job_type: + # default: run + # required: false + # type: str + # description: Job_type to use for the ad hoc command. Either run or check. + # inventory: + # required: true + # type: str + # description: Inventory to use for the ad hoc command. + # limit: + # required: false + # type: str + # description: Limit to use for the ad hoc command. + # credential: + # required: true + # type: str + # description: Credential to use for ad hoc command. + # execution_environment: + # required: false + # type: str + # description: Execution Environment to use for ad hoc command. + # module_name: + # required: true + # type: str + # description: The Ansible module to execute. + # module_args: + # required: false + # type: str + # description: The arguments to pass to the module. + # forks: + # default: 0 + # required: false + # type: int + # description: The number of forks to use for this ad hoc execution. + # verbosity: + # default: 0 + # required: false + # type: int + # description: Verbosity level for this ad hoc command run + # extra_vars: + # required: false + # type: dict + # description: Extra variables to use for the ad hoc command. + # become_enabled: + # required: false + # type: bool + # description: If the become flag should be set. + # diff_mode: + # required: false + # type: bool + # description: Show the changes made by Ansible tasks where supported + # wait: + # default: false + # required: false + # type: bool + # description: Wait for the command to complete. + # interval: + # default: 2 + # required: false + # type: int + # description: The interval to request an update from controller. + # timeout: + # required: false + # type: int + # description: If waiting for the command to complete this will abort after this amount of seconds. + + # No_log variables + controller_configuration_ad_hoc_command_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive ad_hoc_command role tasks in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/ad_hoc_command/tests/test.yml b/roles/ad_hoc_command/tests/test.yml index d5d897ea3..9bcad1c09 100644 --- a/roles/ad_hoc_command/tests/test.yml +++ b/roles/ad_hoc_command/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/ad_hoc_command_cancel/README.md b/roles/ad_hoc_command_cancel/README.md index 9b0d7a9e6..c6e706543 100644 --- a/roles/ad_hoc_command_cancel/README.md +++ b/roles/ad_hoc_command_cancel/README.md @@ -35,7 +35,7 @@ controller_configuration_ad_hoc_command_secure_logging defaults to the value of |Variable Name|Default Value|Required|Description| |:---:|:---:|:---:|:---:| -|`controller_configuration_ad_hoc_command_secure_logging`|`False`|no|Whether or not to include the sensitive ad_hoc_command role tasks in the log. Set this value to `True` if you will be providing your sensitive values from elsewhere.| +|`controller_configuration_ad_hoc_command_cancel_secure_logging`|`False`|no|Whether or not to include the sensitive ad_hoc_command_cancel role tasks in the log. Set this value to `True` if you will be providing your sensitive values from elsewhere.| |`controller_configuration_secure_logging`|`False`|no|This variable enables secure logging as well, but is shared across multiple roles, see above.| ## Data Structure @@ -44,10 +44,10 @@ controller_configuration_ad_hoc_command_secure_logging defaults to the value of |Variable Name|Default Value|Required|Type|Description| |:---:|:---:|:---:|:---:|:---:| -|`id`|""|no|int|ID of the command to cancel Recommended to be in a separate list of ID's see example, defaults to output of ad_hoc_command_role of controller_ad_hoc_commands_output.| -|`fail_if_not_running`|""|no|bool|Fail loudly if the I(command_id) can not be canceled.| -|`interval`|2|no|int|Limit to use for the ad hoc command.| -|`timeout`|""|yes|int|Credential to use for ad hoc command.| +|`id`|""|yes|int|ID of the command to cancel Recommended to be in a separate list of ID's see example, defaults to output of ad_hoc_command_role of controller_ad_hoc_commands_output.| +|`fail_if_not_running`|`False`|no|bool|Fail loudly if the I(command_id) can not be canceled.| +|`interval`|1|no|int|The interval in seconds, to request an update from.| +|`timeout`|0|no|int|Maximum time in seconds to wait for a job to finish, 0 means wait until it is finished regardless.| ### Standard Project Data Structure @@ -82,17 +82,17 @@ controller_ad_hoc_commands_cancel: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.ad_hoc_command_cancel, when: controller_ad_hoc_commands is defined} + - {role: infra.controller_configuration.ad_hoc_command_cancel, when: controller_ad_hoc_commands is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/ad_hoc_command_cancel/meta/argument_specs.yml b/roles/ad_hoc_command_cancel/meta/argument_specs.yml new file mode 100644 index 000000000..55d0d6abc --- /dev/null +++ b/roles/ad_hoc_command_cancel/meta/argument_specs.yml @@ -0,0 +1,74 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to cancel a list of ad hoc commands on Ansible Controller. + options: + controller_ad_hoc_commands_cancel: + description: Data structure describing your ad hoc jobs to cancel + type: list + elements: dict + # options: + # id: + # required: true + # type: int + # description: ID of the command to cancel + # fail_if_not_running: + # default: false + # required: false + # type: bool + # description: Fail loudly if the command can not be canceled. + # interval: + # default: 0 + # required: false + # type: int + # description: The interval in seconds, to request an update from. + # timeout: + # default: 0 + # required: false + # type: int + # description: Maximum time in seconds to wait for a job to finish, 0 means wait until it is finished regardless. + + # No_log variables + controller_configuration_ad_hoc_command_cancel_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/ad_hoc_command_cancel/tests/test.yml b/roles/ad_hoc_command_cancel/tests/test.yml index fde1a56b3..3802c9362 100644 --- a/roles/ad_hoc_command_cancel/tests/test.yml +++ b/roles/ad_hoc_command_cancel/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/applications/README.md b/roles/applications/README.md index d18338d81..9ec9c71fd 100644 --- a/roles/applications/README.md +++ b/roles/applications/README.md @@ -113,17 +113,17 @@ controller_applications: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.applications, when: controller_applications is defined} + - {role: infra.controller_configuration.applications, when: controller_applications is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/applications/meta/argument_specs.yml b/roles/applications/meta/argument_specs.yml new file mode 100644 index 000000000..bc2524c7b --- /dev/null +++ b/roles/applications/meta/argument_specs.yml @@ -0,0 +1,110 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to create Applications on Ansible Controller. + options: + controller_applications: + description: Data structure describing your applications + type: list + elements: dict + # options: + # name: + # required: true + # type: str + # description: Name of application + # organization: + # required: true + # type: str + # description: Name of the organization for the application + # description: + # required: false + # type: str + # description: Description to use for the application. + # authorization_grant_type: + # default: password + # required: false + # type: str + # description: Grant type for tokens in this application, "password" or "authorization-code" + # client_type: + # default: public + # required: false + # type: str + # description: Application client type, "confidential" or "public" + # redirect_uris: + # required: false + # type: str + # description: Allowed urls list, space separated. Required with "authorization-code" grant type + # skip_authorization: + # default: false + # required: false + # type: bool + # description: Set True to skip authorization step for completely trusted applications. + # state: + # default: "{{ controller_state | default('present') }}" + # required: false + # type: str + # description: Desired state of the application. + + # Async variables + controller_configuration_applications_async_retries: + default: "{{ controller_configuration_async_retries | default(30) }}" + required: false + description: This variable sets the number of retries to attempt for the role. + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_applications_async_delay: + default: "{{ controller_configuration_async_delay | default(1) }}" + required: false + description: This variable sets delay between retries for the role. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + + # No_log variables + controller_configuration_applications_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/applications/tests/test.yml b/roles/applications/tests/test.yml index 44e36bdc1..eea09d7bd 100644 --- a/roles/applications/tests/test.yml +++ b/roles/applications/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/credential_input_sources/README.md b/roles/credential_input_sources/README.md index 4849a3939..cb76c5d45 100644 --- a/roles/credential_input_sources/README.md +++ b/roles/credential_input_sources/README.md @@ -60,9 +60,9 @@ This also speeds up the overall role. |:---:|:---:|:---:|:---:|:---:| |`target_credential`|""|yes|str|Name of credential to have the input source applied| |`input_field_name`|""|yes|str|Name of field which will be written by the input source| -|`source_credential`|""|str|no|Name of the source credential which points to a credential source| -|`metadata`|""|str|no|The metadata applied to the source.| -|`description`|`False`|no|str|Description to use for the credential input source.| +|`source_credential`|""|no|str|Name of the source credential which points to a credential source| +|`metadata`|""|no|dict|The metadata applied to the source.| +|`description`|""|no|str|Description to use for the credential input source.| |`state`|`present`|no|str|Desired state of the resource.| For further details on fields see @@ -117,17 +117,17 @@ controller_credential_input_sources: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.credential_input_sources, when: controller_credential_input_sources is defined} + - {role: infra.controller_configuration.credential_input_sources, when: controller_credential_input_sources is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/credential_input_sources/meta/argument_specs.yml b/roles/credential_input_sources/meta/argument_specs.yml new file mode 100644 index 000000000..ed3ec9e5e --- /dev/null +++ b/roles/credential_input_sources/meta/argument_specs.yml @@ -0,0 +1,99 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to create Credential Input Sources on Ansible Controller. + options: + controller_credential_input_sources: + description: Data structure describing your credential_input_sources + type: list + elements: dict + # options: + # target_credential: + # required: true + # type: str + # description: Name of credential to have the input source applied + # input_field_name: + # required: true + # type: str + # description: Name of field which will be written by the input source + # source_credential: + # required: false + # type: str + # description: Name of the source credential which points to a credential source + # metadata: + # required: false + # type: dict + # description: The metadata applied to the source. + # description: + # required: false + # type: str + # description: Description to use for the credential input source. + # state: + # default: "{{ controller_state | default('present') }}" + # required: false + # type: str + # description: Desired state of the resource. + + # Async variables + controller_configuration_credential_input_sources_async_retries: + default: "{{ controller_configuration_async_retries | default(30) }}" + required: false + description: This variable sets the number of retries to attempt for the role. + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_credential_input_sources_async_delay: + default: "{{ controller_configuration_async_delay | default(1) }}" + required: false + description: This variable sets delay between retries for the role. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + + # No_log variables + controller_configuration_credential_input_sources_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/credential_input_sources/tests/test.yml b/roles/credential_input_sources/tests/test.yml index 43f6862df..38b597cf0 100644 --- a/roles/credential_input_sources/tests/test.yml +++ b/roles/credential_input_sources/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/credential_types/README.md b/roles/credential_types/README.md index dc588981f..29b85821b 100644 --- a/roles/credential_types/README.md +++ b/roles/credential_types/README.md @@ -214,17 +214,17 @@ controller_credential_types: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.credential_types, when: controller_credential_types is defined} + - {role: infra.controller_configuration.credential_types, when: controller_credential_types is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/credential_types/meta/argument_specs.yml b/roles/credential_types/meta/argument_specs.yml new file mode 100644 index 000000000..01bb2400a --- /dev/null +++ b/roles/credential_types/meta/argument_specs.yml @@ -0,0 +1,107 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to create credential types on Ansible Controller. + options: + controller_credential_types: + description: Data structure describing your credential_types + type: list + elements: dict + # options: + # name: + # type: str + # required: true + # description: Name of Credential Type + # description: + # type: str + # required: false + # description: The description of the credential type to give more detail about it. + # injectors: + # type: dict + # required: false + # description: Enter injectors using either JSON or YAML syntax. Refer to the Ansible controller documentation for example syntax. See below on proper formatting. + # inputs: + # type: dict + # required: false + # description: Enter inputs using either JSON or YAML syntax. Refer to the Ansible controller documentation for example syntax. + # kind: + # default: cloud + # type: str + # required: false + # choices: + # - 'ssh' + # - 'vault' + # - 'net' + # - 'scm' + # - 'cloud' + # - 'insights' + # description: The type of credential type being added. Note that only cloud and net can be used for creating credential types. + # state: + # default: "{{ controller_state | default('present') }}" + # type: str + # required: false + # description: Desired state of the resource. + + # Async variables + controller_configuration_credential_types_async_retries: + default: "{{ controller_configuration_async_retries | default(30) }}" + required: false + description: This variable sets the number of retries to attempt for the role. + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_credential_types_async_delay: + default: "{{ controller_configuration_async_delay | default(1) }}" + required: false + description: This variable sets delay between retries for the role. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + + # No_log variables + controller_configuration_credential_types_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/credential_types/tests/test.yml b/roles/credential_types/tests/test.yml index 4099a10a6..76e89cb06 100644 --- a/roles/credential_types/tests/test.yml +++ b/roles/credential_types/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/credentials/README.md b/roles/credentials/README.md index 8929d84f6..c320bf656 100644 --- a/roles/credentials/README.md +++ b/roles/credentials/README.md @@ -150,17 +150,17 @@ controller_credentials: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.credentials, when: controller_credentials is defined} + - {role: infra.controller_configuration.credentials, when: controller_credentials is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/credentials/meta/argument_specs.yml b/roles/credentials/meta/argument_specs.yml new file mode 100644 index 000000000..a9c171c14 --- /dev/null +++ b/roles/credentials/meta/argument_specs.yml @@ -0,0 +1,120 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to create credentials on Ansible Controller. + options: + controller_credentials: + description: Data structure describing your credentials + type: list + elements: dict + # options: + # name: + # type: str + # required: true + # description: Name of Credential + # description: + # type: str + # required: false + # description: The description of the credential to give more detail about it. + # new_name: + # type: str + # required: false + # description: Setting this option will change the existing name (looked up via the name field). + # copy_from: + # type: str + # required: false + # description: Name or id to copy the credential from. This will copy an existing credential and change any parameters supplied. + # organization: + # type: str + # required: false + # description: Organization this Credential belongs to. If provided on creation, do not give either user or team. + # credential_type: + # type: str + # required: false + # description: Name of credential type. See below for list of options. More information in Ansible controller documentation. + # inputs: + # type: dict + # required: false + # description: Credential inputs where the keys are var names used in templating. Refer to the Ansible controller documentation for example syntax. Individual examples can be found at /api/v2/credential_types/ on an controller. + # user: + # type: str + # required: false + # description: User that should own this credential. If provided, do not give either team or organization. + # team: + # type: str + # required: false + # description: Team that should own this credential. If provided, do not give either user or organization. + # update_secrets: + # default: true + # type: bool + # required: false + # description: True will always change password if user specifies password, even if API gives $encrypted$ for password. False will only set the password if other values change too. + # state: + # default: "{{ controller_state | default('present') }}" + # type: str + # required: false + # description: Desired state of the resource. + + # Async variables + controller_configuration_credentials_async_retries: + default: "{{ controller_configuration_async_retries | default(30) }}" + required: false + description: This variable sets the number of retries to attempt for the role. + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_credentials_async_delay: + default: "{{ controller_configuration_async_delay | default(1) }}" + required: false + description: This variable sets delay between retries for the role. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + + # No_log variables + controller_configuration_credentials_secure_logging: + default: "{{ controller_configuration_secure_logging | default(true) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: true + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/credentials/tests/test.yml b/roles/credentials/tests/test.yml index 409e049a5..42409f5a2 100644 --- a/roles/credentials/tests/test.yml +++ b/roles/credentials/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/dispatch/README.md b/roles/dispatch/README.md index 0d2be4d6d..699755812 100644 --- a/roles/dispatch/README.md +++ b/roles/dispatch/README.md @@ -1,4 +1,4 @@ -# controller_configuration.projects +# controller_configuration.dispatch ## Description @@ -45,7 +45,7 @@ controller_configuration_dispatcher_roles: Note that each item has three elements: -- `role` which is the name of the role within redhat_cop.controller_configuration +- `role` which is the name of the role within infra.controller_configuration - `var` which is the variable which is used in that role. We use this to prevent the role being called if the variable is not set - `tags` the tags which are applied to the role so it is possible to apply tags to a playbook using the dispatcher with these tags. @@ -98,17 +98,17 @@ This also speeds up the overall role. Each individual role has its own variable # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - redhat_cop.controller_configuration.dispatch + - infra.controller_configuration.dispatch ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/dispatch/meta/argument_specs.yml b/roles/dispatch/meta/argument_specs.yml new file mode 100644 index 000000000..ade0c93f7 --- /dev/null +++ b/roles/dispatch/meta/argument_specs.yml @@ -0,0 +1,99 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to call other roles to create objects on Ansible Controller. + options: + controller_configuration_dispatcher_roles: + default: + - {role: settings, var: controller_settings, tags: settings} + - {role: organizations, var: controller_organizations, tags: organizations} + - {role: labels, var: controller_labels, tags: labels} + - {role: users, var: controller_user_accounts, tags: users} + - {role: teams, var: controller_teams, tags: teams} + - {role: credential_types, var: controller_credential_types, tags: credential_types} + - {role: credentials, var: controller_credentials, tags: credentials} + - {role: credential_input_sources, var: controller_credential_input_sources, tags: credential_input_sources} + - {role: notification_templates, var: controller_notifications, tags: notification_templates} + - {role: projects, var: controller_projects, tags: projects} + - {role: inventories, var: controller_inventories, tags: inventories} + - {role: inventory_sources, var: controller_inventory_sources, tags: inventory_sources} + - {role: inventory_source_update, var: controller_inventory_sources, tags: inventory_sources} + - {role: execution_environments, var: controller_execution_environments, tags: execution_environments} + - {role: applications, var: controller_applications, tags: applications} + - {role: instances, var: controller_instances, tags: instances} + - {role: instance_groups, var: controller_instance_groups, tags: instance_groups} + - {role: project_update, var: controller_projects, tags: projects} + - {role: hosts, var: controller_hosts, tags: hosts} + - {role: groups, var: controller_groups, tags: inventories} + - {role: job_templates, var: controller_templates, tags: job_templates} + - {role: workflow_job_templates, var: controller_workflows, tags: workflow_job_templates} + - {role: schedules, var: controller_schedules, tags: schedules} + - {role: roles, var: controller_roles, tags: roles} + required: false + description: List of roles, variables and tags to run through + type: list + elements: dict + options: + role: + required: true + description: Name of role from this collection to call + type: str + var: + required: true + description: Name of variable to be passed to the role + type: str + tags: + required: false + description: Tags to be applied to the role so tagging can be used to run only part of a playbook + + + # Async variables + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + + # No_log variables + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/dispatch/tasks/main.yml b/roles/dispatch/tasks/main.yml index da519e77e..472fd8a49 100644 --- a/roles/dispatch/tasks/main.yml +++ b/roles/dispatch/tasks/main.yml @@ -1,13 +1,22 @@ --- - -- name: "Run redhat_cop.controller_configuration.{{ __role.role }}" +- name: "Run infra.controller_configuration.{{ __role.role }}" ansible.builtin.include_role: name: "{{ __role.role }}" apply: tags: "{{ __role.tags }}" - when: hostvars[inventory_hostname][__role.var] is defined + when: vars[__role.var] is defined tags: always loop: "{{ controller_configuration_dispatcher_roles }}" loop_control: loop_var: __role + vars: + assign_galaxy_credentials_to_org: false + assign_default_ee_to_org: false + +- name: Include Tasks to add Galaxy credentials and Execution Environments to Organizations + ansible.builtin.include_role: + name: organizations + apply: + tags: + - organizations ... diff --git a/roles/dispatch/tests/test.yml b/roles/dispatch/tests/test.yml index 1bfa26a8a..d1502b046 100644 --- a/roles/dispatch/tests/test.yml +++ b/roles/dispatch/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] tags: always diff --git a/roles/execution_environments/README.md b/roles/execution_environments/README.md index 3b0436a2f..704a0ad7c 100644 --- a/roles/execution_environments/README.md +++ b/roles/execution_environments/README.md @@ -58,7 +58,7 @@ This also speeds up the overall role. |Variable Name|Default Value|Required|Type|Description| |:---:|:---:|:---:|:---:|:---:| -|`name`|""|yes|str|Name of Job Template| +|`name`|""|yes|str|Name of execution environment| |`description`|""|no|str|Description to use for the execution environment.| |`image`|""|yes|str|Container image to use for the execution environment| |`organization`|""|no|str|The organization the execution environment belongs to.| @@ -108,12 +108,12 @@ controller_execution_environments: tasks: - name: Add Execution Environments include_role: - name: redhat_cop.controller_configuration.execution_environments + name: infra.controller_configuration.execution_environments ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/execution_environments/meta/argument_specs.yml b/roles/execution_environments/meta/argument_specs.yml new file mode 100644 index 000000000..e8415a45f --- /dev/null +++ b/roles/execution_environments/meta/argument_specs.yml @@ -0,0 +1,108 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to create execution environment objects on Ansible Controller. + options: + controller_execution_environments: + description: Data structure describing your execution_environments + type: list + elements: dict + # options: + # name: + # required: true + # type: str + # description: Name of execution environment + # description: + # required: false + # type: str + # description: Description to use for the execution environment. + # image: + # required: true + # type: str + # description: Container image to use for the execution environment + # organization: + # required: false + # type: str + # description: The organization the execution environment belongs to. + # credential: + # required: false + # type: str + # description: Name of the credential to use for the execution environment. + # pull: + # default: missing + # required: false + # type: str + # choices: + # - always + # - missing + # - never + # description: Determine image pull behavior + # state: + # default: "{{ controller_state | default('present') }}" + # required: false + # type: str + # description: Desired state of the resource. + + # Async variables + controller_configuration_execution_environments_async_retries: + default: "{{ controller_configuration_async_retries | default(30) }}" + required: false + description: This variable sets the number of retries to attempt for the role. + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_execution_environments_async_delay: + default: "{{ controller_configuration_async_delay | default(1) }}" + required: false + description: This variable sets delay between retries for the role. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + + # No_log variables + controller_configuration_execution_environments_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/execution_environments/tests/test.yml b/roles/execution_environments/tests/test.yml index dd294be24..cedbc88d5 100644 --- a/roles/execution_environments/tests/test.yml +++ b/roles/execution_environments/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/filetree_create/README.md b/roles/filetree_create/README.md index 74036fa10..f84c5f150 100644 --- a/roles/filetree_create/README.md +++ b/roles/filetree_create/README.md @@ -12,10 +12,11 @@ That role requires the following: The following variables are required for that role to work properly: -| Variable Name | Default Value | Required | Description | -| :------------ | :-----------: | :------: | :---------- | -| `controller_api_plugin` | `ansible.controller` | yes | Full path for the controller_api_plugin to be used.
Can have two possible values:
  - awx.awx.controller_api # For the community Collection version
  - ansible.controller.controller_api # For the Red Hat Certified Collection version| -| `output_path` | `/tmp/filetree_output` | yes | The path to the output directory where all the generated `yaml` files with the corresponding Objects as code will be written to. | +| Variable Name | Default Value | Required | Type | Description | +| :------------ | :-----------: | :------: | :------: | :---------- | +| `controller_api_plugin` | `ansible.controller` | yes | str | Full path for the controller_api_plugin to be used.
Can have two possible values:
  - awx.awx.controller_api # For the community Collection version
  - ansible.controller.controller_api # For the Red Hat Certified Collection version| +| `output_path` | `/tmp/filetree_output` | yes | str | The path to the output directory where all the generated `yaml` files with the corresponding Objects as code will be written to. | +| `input_tag` | `['all']` | no | bool | The tags which are applied to the 'sub-roles'. If 'all' is in the list (the default value) then all roles will be called. | ## Dependencies @@ -59,7 +60,7 @@ A list of other roles hosted on Galaxy should go here, plus any details in regar roles: - - redhat_cop.controller_configuration.filetree_create + - infra.controller_configuration.filetree_create post_tasks: - name: "Delete the Authentication Token used" diff --git a/roles/filetree_create/automatetheautomation.md b/roles/filetree_create/automatetheautomation.md index 6296a6240..05c5c3914 100644 --- a/roles/filetree_create/automatetheautomation.md +++ b/roles/filetree_create/automatetheautomation.md @@ -10,7 +10,7 @@ Now that some concepts are clear, let's summarize what the collection will do. B - **filetree_read**: An ansible role which reads variables from a hierarchical and scalable directory structure which is grouped based on the configuration code life-cycle. It could be used to run the role filetree_read to load variables followed by dispatch role to apply the configuration. - **filetree_create**: The role filetree_create is intended to be used as the first step to begin using the Configuration as Code on Ansible Tower or Ansible Automation Controller, when you already have a running instance of any of them. Obviously, you also could start to write your objects as code from scratch, but the idea behind the creation of that role is to simplify your lives and make that task a little bit easier. -- **object_diff**: An ansible role to manage the object diff of the AWX or Automation Controller configuration. This role leverage the controller_object_diff.py lookup plugin of the redhat_cop.controller_configuration, comparing two lists, one taken directly from the API and the other one from the git repository, and it could be used to delete objects in the AWX or Automation Controller that are not defined in the git repository list. +- **object_diff**: An ansible role to manage the object diff of the AWX or Automation Controller configuration. This role leverage the controller_object_diff.py lookup plugin of the infra.controller_configuration, comparing two lists, one taken directly from the API and the other one from the git repository, and it could be used to delete objects in the AWX or Automation Controller that are not defined in the git repository list. - **dispatch**: An Ansible Role to run all roles on Ansible Controller. Automation Webhook can be used to link a Git repository and Ansible automation natively. Once a repo link is setup, Ansible catches events (commits: push, merge, jobs, etc) from the Git system (GitHub, GitHub Enterprise, GitLab) and uses them to automatically trigger automation jobs to update projects, inventories, and perform deployments, all without requiring yet another third-party tool such as Jenkins. @@ -21,7 +21,7 @@ Utilizing the Automation Webhook capabilities in Ansible Tower / Controller, you ## Automation Controller Workflow CasC -![Automation Controller Workflow CasC](pictures/AAP_CasC_Worflow.png) +![Automation Controller Workflow CasC](https://github.com/redhat-cop/controller_configuration/blob/devel/tests/automatetheautomation/pictures/AAP_CasC_Worflow.png) *Automation Controller Workflow CasC* The workflow will have the following steps: diff --git a/roles/filetree_create/defaults/main.yml b/roles/filetree_create/defaults/main.yml index 7d4f219a0..1e13a6a36 100644 --- a/roles/filetree_create/defaults/main.yml +++ b/roles/filetree_create/defaults/main.yml @@ -15,7 +15,7 @@ controller_schedules: [] controller_settings: [] controller_teams: [] controller_user_accounts: [] -controller_workflow_job_templates: [] +controller_workflows: [] # Output directory path output_path: "/tmp/filetree_output" @@ -25,4 +25,7 @@ query_controller_api_max_objects: 10000 controller_configuration_filetree_create_secure_logging: "{{ controller_configuration_secure_logging | default('false') }}" +input_tag: + - all + ... diff --git a/roles/filetree_create/meta/argument_specs.yml b/roles/filetree_create/meta/argument_specs.yml new file mode 100644 index 000000000..f3d6ec748 --- /dev/null +++ b/roles/filetree_create/meta/argument_specs.yml @@ -0,0 +1,79 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to create a local file tree of objects existing in Controller + options: + output_path: + default: "/tmp/filetree_output" + required: false + type: str + description: The path to the output directory where all the generated `yaml` files with the corresponding Objects as code will be written to. + input_tag: + default: + - all + required: false + type: list + elements: str + description: The tags which are applied to the 'sub-roles'. If 'all' is in the list (the default value) then all roles will be called. + query_controller_api_max_objects: + default: 10000 + required: false + type: int + description: Maximum number of objects to return from the list. If a list view returns more an max_objects an exception will be raised + + + # Async variables + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + + # No_log variables + controller_configuration_filetree_create_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/filetree_create/tasks/all.yml b/roles/filetree_create/tasks/all.yml index 081e5200e..900038000 100644 --- a/roles/filetree_create/tasks/all.yml +++ b/roles/filetree_create/tasks/all.yml @@ -4,6 +4,7 @@ is_aap: "{{ lookup(controller_api_plugin, 'ping', host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs).version is version('4.0.0', '>=') }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: Include tasks (block) when: "['all', 'labels', 'applications', 'instance_groups', 'settings', 'inventory', 'credentials', 'credential_types', 'notification_templates', 'users', 'teams', 'organizations', 'projects', 'execution_environments', 'job_templates', 'workflow_job_templates', 'workflow_job_template_nodes'] | intersect(input_tag) | length > 0" diff --git a/roles/filetree_create/tasks/applications.yml b/roles/filetree_create/tasks/applications.yml index ce66bdbf0..477902b17 100644 --- a/roles/filetree_create/tasks/applications.yml +++ b/roles/filetree_create/tasks/applications.yml @@ -5,7 +5,8 @@ query_params={'order_by': 'organization,id'}, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) - }}" + }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the /applications output directory for applications in {{ output_path }}" ansible.builtin.file: diff --git a/roles/filetree_create/tasks/credential_types.yml b/roles/filetree_create/tasks/credential_types.yml index f732c78fa..ac0291539 100644 --- a/roles/filetree_create/tasks/credential_types.yml +++ b/roles/filetree_create/tasks/credential_types.yml @@ -6,6 +6,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" when: is_aap - name: "Get current Credential Types from the API when Tower" @@ -15,6 +16,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" when: not is_aap - name: "Create the output directory for credential types: {{ output_path }}" diff --git a/roles/filetree_create/tasks/credentials.yml b/roles/filetree_create/tasks/credentials.yml index 5f1b7e0e8..3af85f91f 100644 --- a/roles/filetree_create/tasks/credentials.yml +++ b/roles/filetree_create/tasks/credentials.yml @@ -6,6 +6,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the /credentials output directory for credentials in {{ output_path }}" ansible.builtin.file: diff --git a/roles/filetree_create/tasks/execution_environments.yml b/roles/filetree_create/tasks/execution_environments.yml index 259a42d77..2fc737d3f 100644 --- a/roles/filetree_create/tasks/execution_environments.yml +++ b/roles/filetree_create/tasks/execution_environments.yml @@ -5,6 +5,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the output directory for execution environments: {{ output_path }}" ansible.builtin.file: diff --git a/roles/filetree_create/tasks/instance_groups.yml b/roles/filetree_create/tasks/instance_groups.yml index 6846941d9..41657a065 100644 --- a/roles/filetree_create/tasks/instance_groups.yml +++ b/roles/filetree_create/tasks/instance_groups.yml @@ -5,6 +5,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the output directory for instance groups: {{ output_path }}" ansible.builtin.file: diff --git a/roles/filetree_create/tasks/inventory.yml b/roles/filetree_create/tasks/inventory.yml index 3bf4a52a1..2c3e9ef64 100644 --- a/roles/filetree_create/tasks/inventory.yml +++ b/roles/filetree_create/tasks/inventory.yml @@ -6,6 +6,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the /inventories output directory for inventories in {{ output_path }}" ansible.builtin.file: @@ -50,6 +51,7 @@ loop_control: loop_var: current_inventory_sources label: "{{ inventory_sources_output_path }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Set the inventory's hosts" ansible.builtin.include_tasks: "hosts.yml" @@ -66,6 +68,7 @@ loop_control: loop_var: current_inventory_hosts label: "{{ hosts_output_path }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Set the inventory's groups" ansible.builtin.include_tasks: "groups.yml" @@ -82,4 +85,5 @@ loop_control: loop_var: current_inventory_groups label: "{{ groups_output_path }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" ... diff --git a/roles/filetree_create/tasks/job_templates.yml b/roles/filetree_create/tasks/job_templates.yml index a54e16e45..87617eaf1 100644 --- a/roles/filetree_create/tasks/job_templates.yml +++ b/roles/filetree_create/tasks/job_templates.yml @@ -6,6 +6,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the output directories for job templates in {{ output_path }}" ansible.builtin.file: @@ -47,4 +48,5 @@ loop_control: loop_var: current_job_templates_asset_value label: "{{ __dest }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" ... diff --git a/roles/filetree_create/tasks/labels.yml b/roles/filetree_create/tasks/labels.yml index 2cec4a266..f993c998f 100644 --- a/roles/filetree_create/tasks/labels.yml +++ b/roles/filetree_create/tasks/labels.yml @@ -6,6 +6,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the /labels output directory for labels in {{ output_path }}" ansible.builtin.file: diff --git a/roles/filetree_create/tasks/notification_templates.yml b/roles/filetree_create/tasks/notification_templates.yml index d42859d1d..d2517e90f 100644 --- a/roles/filetree_create/tasks/notification_templates.yml +++ b/roles/filetree_create/tasks/notification_templates.yml @@ -5,6 +5,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the /notification_templates output directory for notification templates in {{ output_path }}" ansible.builtin.file: diff --git a/roles/filetree_create/tasks/organizations.yml b/roles/filetree_create/tasks/organizations.yml index 1d889f1f8..ebbfed93c 100644 --- a/roles/filetree_create/tasks/organizations.yml +++ b/roles/filetree_create/tasks/organizations.yml @@ -6,6 +6,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the output directory for organizations: {{ output_path + '/' + current_organization_dir.name }}" ansible.builtin.file: @@ -42,4 +43,5 @@ loop_control: loop_var: current_organization label: "{{ __dest }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" ... diff --git a/roles/filetree_create/tasks/projects.yml b/roles/filetree_create/tasks/projects.yml index be873f744..0b96f126d 100644 --- a/roles/filetree_create/tasks/projects.yml +++ b/roles/filetree_create/tasks/projects.yml @@ -6,6 +6,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the /projects output directory for projects in {{ output_path }}" ansible.builtin.file: @@ -44,4 +45,5 @@ loop_control: loop_var: current_projects_asset_value label: "{{ __dest }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" ... diff --git a/roles/filetree_create/tasks/settings.yml b/roles/filetree_create/tasks/settings.yml index 88ae1d154..856a61c8c 100644 --- a/roles/filetree_create/tasks/settings.yml +++ b/roles/filetree_create/tasks/settings.yml @@ -5,6 +5,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the output directory for credential types: {{ output_path }}" ansible.builtin.file: diff --git a/roles/filetree_create/tasks/team_roles.yml b/roles/filetree_create/tasks/team_roles.yml index 76f0ab165..1db22c86d 100644 --- a/roles/filetree_create/tasks/team_roles.yml +++ b/roles/filetree_create/tasks/team_roles.yml @@ -5,17 +5,18 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the output directory for team roles: {{ output_path }}" ansible.builtin.file: - path: "{{ output_path }}" + path: "{{ output_path }}/team_roles" state: directory mode: '0755' - name: "Add current roles to the output yaml file" ansible.builtin.template: src: "templates/current_team_roles.j2" - dest: "{{ output_path }}/current_roles_{{ teamname | regex_replace('/', '_') }}.yaml" + dest: "{{ output_path }}/team_roles/current_roles_{{ teamname | regex_replace('/', '_') }}.yaml" mode: '0644' vars: current_team_roles_asset_value: "{{ team_roles_lookvar }}" diff --git a/roles/filetree_create/tasks/teams.yml b/roles/filetree_create/tasks/teams.yml index 0cf0a745e..ea20e6ae3 100644 --- a/roles/filetree_create/tasks/teams.yml +++ b/roles/filetree_create/tasks/teams.yml @@ -6,6 +6,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the /teams output directory for teams in {{ output_path }}" ansible.builtin.file: diff --git a/roles/filetree_create/tasks/user_roles.yml b/roles/filetree_create/tasks/user_roles.yml index fb36b088e..cd4335327 100644 --- a/roles/filetree_create/tasks/user_roles.yml +++ b/roles/filetree_create/tasks/user_roles.yml @@ -5,17 +5,18 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the output directory for user roles: {{ output_path }}" ansible.builtin.file: - path: "{{ output_path }}" + path: "{{ output_path }}/user_roles" state: directory mode: '0755' - name: "Add current roles to the output yaml file" ansible.builtin.template: src: "templates/current_user_roles.j2" - dest: "{{ output_path }}/current_roles_{{ username | regex_replace('/', '_') }}.yaml" + dest: "{{ output_path }}/user_roles/current_roles_{{ username | regex_replace('/', '_') }}.yaml" mode: '0644' vars: current_user_roles_asset_value: "{{ user_roles_lookvar }}" diff --git a/roles/filetree_create/tasks/users.yml b/roles/filetree_create/tasks/users.yml index 296d2715e..e99566e2f 100644 --- a/roles/filetree_create/tasks/users.yml +++ b/roles/filetree_create/tasks/users.yml @@ -5,16 +5,22 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" -- name: "Add the users the Organizations information" +- name: "Add the users the Organizations information" # noqa jinja[spacing] ansible.builtin.set_fact: current_users: "{{ (current_users | default([])) + [user_lookvar_item | combine({'organizations': user_lookvar_item_organizations})] }}" vars: - user_lookvar_item_organizations: "{{ query(controller_api_plugin, user_lookvar_item.related.organizations, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) | selectattr('name', 'defined') | map(attribute='name') }}" + user_lookvar_item_organizations: "{{ query(controller_api_plugin, user_lookvar_item.related.organizations, + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, + return_all=true, max_objects=query_controller_api_max_objects + ) | selectattr('name', 'defined') | map(attribute='name') + }}" loop: "{{ users_lookvar }}" loop_control: loop_var: user_lookvar_item label: "User {{ user_lookvar_item.username }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the output directory for users in {{ output_path }}" ansible.builtin.file: diff --git a/roles/filetree_create/tasks/workflow_job_templates.yml b/roles/filetree_create/tasks/workflow_job_templates.yml index 095ac0cc4..0f4655130 100644 --- a/roles/filetree_create/tasks/workflow_job_templates.yml +++ b/roles/filetree_create/tasks/workflow_job_templates.yml @@ -6,6 +6,7 @@ host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" - name: "Create the /workflow_job_templates output directory for workflow job templates in {{ output_path }}" ansible.builtin.file: @@ -50,4 +51,5 @@ loop_control: loop_var: current_workflow_job_templates_asset_value label: "{{ __dest }}" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" ... diff --git a/roles/filetree_create/templates/current_groups.j2 b/roles/filetree_create/templates/current_groups.j2 index 8a73de839..de8858bb5 100644 --- a/roles/filetree_create/templates/current_groups.j2 +++ b/roles/filetree_create/templates/current_groups.j2 @@ -1,9 +1,13 @@ --- -configure_tower_groups: +controller_groups: {% for group in current_groups_asset_value %} - name: "{{ group.name }}" description: "{{ group.description }}" inventory: "{{ group.summary_fields.inventory.name }}" +{% if group.variables and group.variables != '---' and group.variables != '' %} + variables: + {{ group.variables | from_yaml | to_nice_yaml(indent=2) | indent(width=6, first=False) | replace("'{{", "!unsafe \'{{") }} +{%- endif %} hosts: {{ query(controller_api_plugin, group.related.hosts, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, diff --git a/roles/filetree_create/templates/current_hosts.j2 b/roles/filetree_create/templates/current_hosts.j2 index 7708e10c1..3a3d4abef 100644 --- a/roles/filetree_create/templates/current_hosts.j2 +++ b/roles/filetree_create/templates/current_hosts.j2 @@ -4,5 +4,9 @@ controller_hosts: - name: "{{ host.name }}" description: "{{ host.description }}" inventory: "{{ host.summary_fields.inventory.name | default('ToDo: The host \'' + host.name + '\' must have an associated inventory') }}" +{% if host.variables and host.variables != '---' and host.variables != '' %} + variables: + {{ host.variables | from_yaml | to_nice_yaml(indent=2) | indent(width=6, first=False) | replace("'{{", "!unsafe \'{{") }} +{%- endif %} {% endfor %} ... diff --git a/roles/filetree_create/templates/current_inventories.j2 b/roles/filetree_create/templates/current_inventories.j2 index 1496a008a..fadc76324 100644 --- a/roles/filetree_create/templates/current_inventories.j2 +++ b/roles/filetree_create/templates/current_inventories.j2 @@ -9,8 +9,8 @@ controller_inventories: {% if current_inventories_asset_value.kind %} kind: "{{ current_inventories_asset_value.kind }}" {% endif %} -{% if current_inventories_asset_value.variables and current_inventories_asset_value.variables != '---' %} +{% if current_inventories_asset_value.variables and current_inventories_asset_value.variables != '---' and current_inventories_asset_value.variables != '' %} variables: - {{ current_inventories_asset_value.variables | from_yaml | to_nice_yaml(indent=2) | indent(width=6, first=False) }} + {{ current_inventories_asset_value.variables | from_yaml | to_nice_yaml(indent=2) | indent(width=6, first=False) | replace("'{{", "!unsafe \'{{") }} {%- endif %} ... diff --git a/roles/filetree_create/templates/current_inventory_sources.j2 b/roles/filetree_create/templates/current_inventory_sources.j2 index 6c0ca8aaf..f6d8f258b 100644 --- a/roles/filetree_create/templates/current_inventory_sources.j2 +++ b/roles/filetree_create/templates/current_inventory_sources.j2 @@ -3,6 +3,7 @@ controller_inventory_sources: {% for inventory_source in current_inventory_sources_asset_value %} - name: "{{ inventory_source.name }}" description: "{{ inventory_source.description }}" + organization: "{{ inventory_source.summary_fields.organization.name }}" source: "{{ inventory_source.source | default('ToDo: The source of the inventory_source was originally missing and must be specified',true) }}" {% if inventory_source.source_project %} source_project: "{{ inventory_source.summary_fields.source_project.name }}" @@ -10,7 +11,7 @@ controller_inventory_sources: {% if inventory_source.source_path %} source_path: "{{ inventory_source.source_path }}" {% endif %} -{% if inventory_source.source_vars and inventory_source.source_vars != '---' %} +{% if inventory_source.source_vars and inventory_source.source_vars != '---' and inventory_source.source_vars != '' %} source_vars: {{ inventory_source.source_vars | from_yaml | to_nice_yaml(indent=2) | indent(width=6, first=False) | replace("'{{", "!unsafe \'{{") }} {%- endif %} @@ -18,7 +19,7 @@ controller_inventory_sources: update_on_launch: "{{ inventory_source.update_on_launch }}" overwrite: "{{ inventory_source.overwrite }}" {% if inventory_source.credential %} - credential: "{{ inventory_source.credential }}" + credential: "{{ inventory_source.summary_fields.credential.name }}" {% endif %} {% set query_notification_error = query(controller_api_plugin, inventory_source.related.notification_templates_error, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, diff --git a/roles/filetree_create/templates/current_job_templates.j2 b/roles/filetree_create/templates/current_job_templates.j2 index 08b75b608..9e172c71f 100644 --- a/roles/filetree_create/templates/current_job_templates.j2 +++ b/roles/filetree_create/templates/current_job_templates.j2 @@ -21,14 +21,10 @@ controller_templates: ask_tags_on_launch: "{{ current_job_templates_asset_value.ask_tags_on_launch }}" ask_verbosity_on_launch: "{{ current_job_templates_asset_value.ask_verbosity_on_launch }}" ask_variables_on_launch: "{{ current_job_templates_asset_value.ask_variables_on_launch }}" -{% if (current_job_templates_asset_value.extra_vars | length) > 3 %} +{% if current_job_templates_asset_value.extra_vars and current_job_templates_asset_value.extra_vars != '---' and current_job_templates_asset_value.extra_vars != '' %} extra_vars: -{% if (current_job_templates_asset_value.extra_vars[0] is match('{')) %} -{{ current_job_templates_asset_value.extra_vars | from_json | to_nice_yaml(indent=2) | indent(width=6, first=True) }} -{% else %} -{{ current_job_templates_asset_value.extra_vars | from_yaml | to_nice_yaml(indent=2) | indent(width=6, first=True) }} -{% endif %} -{%- endif -%} + {{ current_job_templates_asset_value.extra_vars | from_yaml | to_nice_yaml(indent=2) | indent(width=6, first=False) | replace("'{{", "!unsafe \'{{") }} +{%- endif %} {% if is_aap %} execution_environment: "{{ current_job_templates_asset_value.summary_fields.execution_environment.name | default(omit) }}" {% endif %} diff --git a/roles/filetree_create/templates/current_notification_templates.j2 b/roles/filetree_create/templates/current_notification_templates.j2 index f4649d5ea..66e21f1ee 100644 --- a/roles/filetree_create/templates/current_notification_templates.j2 +++ b/roles/filetree_create/templates/current_notification_templates.j2 @@ -1,8 +1,6 @@ --- -controller_notification_templates: -- name: "{{ current_notification_templates_asset_value.name }}" - notification_template: - name: "{{ current_notification_templates_asset_value.name }}" +controller_notifications: + - name: "{{ current_notification_templates_asset_value.name }}" organization: "{{ current_notification_templates_asset_value.summary_fields.organization.name }}" notification_type: "{{ current_notification_templates_asset_value.notification_type }}" notification_configuration: diff --git a/roles/filetree_create/templates/current_settings.j2 b/roles/filetree_create/templates/current_settings.j2 index 6dd4c2f2b..484e44838 100644 --- a/roles/filetree_create/templates/current_settings.j2 +++ b/roles/filetree_create/templates/current_settings.j2 @@ -1,4 +1,5 @@ --- controller_settings: - - settings: "{{ changed_settings[0] | replace('\'AUTH_LDAP_GROUP_TYPE_PARAMS\': {}', '\'AUTH_LDAP_GROUP_TYPE_PARAMS\': {\'name_attr\': \'cn\', \'member_attr\': \'member\'}') }}" + - settings: +{{ changed_settings[0] | replace('\'AUTH_LDAP_GROUP_TYPE_PARAMS\': {}', '\'AUTH_LDAP_GROUP_TYPE_PARAMS\': {\'name_attr\': \'cn\', \'member_attr\': \'member\'}') | replace("'", '"') | replace(': True', ': true') | replace(': False', ': false') | replace(': None', ': null') | from_json | to_nice_yaml | indent(width=6, first=True) }} ... diff --git a/roles/filetree_create/templates/current_workflow_job_templates.j2 b/roles/filetree_create/templates/current_workflow_job_templates.j2 index c061adf6c..90fdb512f 100644 --- a/roles/filetree_create/templates/current_workflow_job_templates.j2 +++ b/roles/filetree_create/templates/current_workflow_job_templates.j2 @@ -41,6 +41,10 @@ controller_workflows: allow_simultaneous: "{{ current_workflow_job_templates_asset_value.allow_simultaneous }}" scm_branch: "{{ current_workflow_job_templates_asset_value.scm_branch }}" webhook_service: "{{ current_workflow_job_templates_asset_value.webhook_service }}" +{% if current_workflow_job_templates_asset_value.extra_vars and current_workflow_job_templates_asset_value.extra_vars != '---' and current_workflow_job_templates_asset_value.extra_vars != '' %} + extra_vars: + {{ current_workflow_job_templates_asset_value.extra_vars | from_yaml | to_nice_yaml(indent=2) | indent(width=6, first=False) | replace("'{{", "!unsafe \'{{") }} +{%- endif %} {% if query_labels | length > 0 %} labels: {% for label in query_labels %} diff --git a/roles/filetree_create/tests/filetree_create.yml b/roles/filetree_create/tests/filetree_create.yml index f9afd9b2a..e54608a39 100644 --- a/roles/filetree_create/tests/filetree_create.yml +++ b/roles/filetree_create/tests/filetree_create.yml @@ -1,5 +1,6 @@ --- -- hosts: all +- name: Filetree Create Test + hosts: all connection: local gather_facts: false vars: @@ -10,6 +11,10 @@ pre_tasks: - name: "Setup authentication (block)" + no_log: "{{ controller_configuration_filetree_create_secure_logging }}" + when: controller_oauthtoken is not defined + tags: + - always block: - name: "Get the Authentication Token for the future requests" ansible.builtin.uri: @@ -26,13 +31,9 @@ ansible.builtin.set_fact: controller_oauthtoken: "{{ authtoken_res.json.token }}" controller_oauthtoken_url: "{{ authtoken_res.json.url }}" - no_log: "{{ controller_configuration_filetree_create_secure_logging | default('false') }}" - when: controller_oauthtoken is not defined - tags: - - always roles: - - redhat_cop.controller_configuration.filetree_create + - infra.controller_configuration.filetree_create post_tasks: - name: "Delete the Authentication Token used" diff --git a/roles/filetree_read/README.md b/roles/filetree_read/README.md index 8175a01c9..253ad8870 100644 --- a/roles/filetree_read/README.md +++ b/roles/filetree_read/README.md @@ -4,7 +4,7 @@ An ansible role which reads variables from a hierarchical and scalable directory ## Requirements -ansible-galaxy collection install -r tests/collections/requirements.yml to be installed Currently: awx.awx or ansible.controller and redhat_cop.controller_configuration. +ansible-galaxy collection install -r tests/collections/requirements.yml to be installed Currently: awx.awx or ansible.controller and infra.controller_configuration. ## Role Variables @@ -12,39 +12,39 @@ ansible-galaxy collection install -r tests/collections/requirements.yml to be in The following Variables set the organization where should be applied the configuration, the absolute or relative of the directory structure where the variables will be stored and the life-cycle environment to use. -|Variable Name|Default Value|Required|Description| -|:---:|:---:|:---:|:---:| -|`orgs:`|Acme|yes|This variable sets the organization where should be applied the configuration.| -|`dir_orgs_vars:`|orgs_vars|yes|This variable sets the directory path where the variables will be store.| -|`env:`|dev|yes|This variable sets the life-cycle environment to use.| -|`controller_location:`|''|no|This variable sets object localtion. It is useful when the configuration need to be replicated in an active/passive sites architecture| -|`filetree_controller_settings`|{{ dir_orgs_vars }}/{{ orgs }}/env/{{ env }}/controller_settings.d/|yes|Directory path to load controller object variables| -|`filetree_controller_organizations`|{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_organizations.d/|yes|Directory path to load controller object variables| -|`filetree_controller_labels`|{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_labels.d/|yes|Directory path to load controller object variables| -|`filetree_controller_user_accounts`| {{ dir_orgs_vars }}/{{ orgs }}/env/{{ env }}/controller_users.d/| -|`filetree_controller_teams`| {{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_teams.d/|yes|Directory path to load controller object variables| -|`filetree_controller_credential_types`| {{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_credential_types.d/|yes|Directory path to load controller object variables| -|`filetree_controller_credentials`| {{ dir_orgs_vars }}/{{ orgs }}/env/{{ env }}/controller_credentials.d/|yes|Directory path to load controller object variables| -|`filetree_controller_credential_input_sources`| {{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_credential_input_sources.d/|yes|Directory path to load controller object variables| -|`filetree_controller_notifications`| {{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_notification_templates.d/|yes|Directory path to load controller object variables| -|`filetree_controller_projects`| {{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_projects.d/|yes|Directory path to load controller object variables| -|`filetree_controller_execution_environments`| {{ dir_orgs_vars }}/{{ orgs }}/env/{{ env }}/controller_execution_environments.d/|yes|Directory path to load controller object variables| -|`filetree_controller_applications`| {{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_applications.d/|yes|Directory path to load controller object variables| -|`filetree_controller_inventories`| {{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_inventories.d/|yes|Directory path to load controller object variables| -|`filetree_controller_inventory_sources`| {{ dir_orgs_vars }}/{{ orgs }}/env/{{ env }}/controller_inventory_sources.d/|yes|Directory path to load controller object variables| -|`filetree_controller_instance_groups`| {{ dir_orgs_vars }}/{{ orgs }}/env/{{ env }}/controller_instance_groups.d/|yes|Directory path to load controller object variables| -|`filetree_controller_hosts`| {{ dir_orgs_vars }}/{{ orgs }}/env/{{ env }}/controller_hosts.d/|yes|Directory path to load controller object variables| -|`filetree_controller_groups`| {{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_groups.d/|yes|Directory path to load controller object variables| -|`filetree_controller_templates`| {{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_job_templates.d/|yes|Directory path to load controller object variables| -|`filetree_controller_workflow_job_templates`| {{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_workflow_job_templates.d/|yes|Directory path to load controller object variables| -|`filetree_controller_schedules`| {{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_schedules.d/|yes|Directory path to load controller object variables| -|`filetree_controller_roles`| {{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_roles.d/|yes|Directory path to load controller object variables| +|Variable Name|Type|Default Value|Required|Description| +|:---:|:---:|:---:|:---:|:---:| +|`orgs`|String|Acme|yes|This variable sets the organization where should be applied the configuration.| +|`dir_orgs_vars`|String|orgs_vars|yes|This variable sets the directory path where the variables will be store.| +|`env:`|String|dev|yes|This variable sets the life-cycle environment to use.| +|`controller_location`|String|''|no|This variable sets object localtion. It is useful when the configuration need to be replicated in an active/passive sites architecture| +|`filetree_controller_settings`|String/List(String)|{{ dir_orgs_vars }}/{{ orgs }}/env/{{ env }}/controller_settings.d/|yes|Directory path to load controller object variables| +|`filetree_controller_organizations`|String/List(String)|{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_organizations.d/|yes|Directory path to load controller object variables| +|`filetree_controller_labels`|String/List(String)|{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_labels.d/|yes|Directory path to load controller object variables| +|`filetree_controller_user_accounts`|String/List(String)|{{ dir_orgs_vars }}/{{ orgs }}/env/{{ env }}/controller_users.d/|yes|Directory path to load controller object variables| +|`filetree_controller_teams`|String/List(String)|{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_teams.d/|yes|Directory path to load controller object variables| +|`filetree_controller_credential_types`|String/List(String)|{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_credential_types.d/|yes|Directory path to load controller object variables| +|`filetree_controller_credentials`|String/List(String)|{{ dir_orgs_vars }}/{{ orgs }}/env/{{ env }}/controller_credentials.d/|yes|Directory path to load controller object variables| +|`filetree_controller_credential_input_sources`|String/List(String)|{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_credential_input_sources.d/|yes|Directory path to load controller object variables| +|`filetree_controller_notifications`|String/List(String)|{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_notification_templates.d/|yes|Directory path to load controller object variables| +|`filetree_controller_projects`|String/List(String)|{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_projects.d/|yes|Directory path to load controller object variables| +|`filetree_controller_execution_environments`|String/List(String)|{{ dir_orgs_vars }}/{{ orgs }}/env/{{ env }}/controller_execution_environments.d/|yes|Directory path to load controller object variables| +|`filetree_controller_applications`|String/List(String)|{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_applications.d/|yes|Directory path to load controller object variables| +|`filetree_controller_inventories`|String/List(String)|{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_inventories.d/|yes|Directory path to load controller object variables| +|`filetree_controller_inventory_sources`|String/List(String)|{{ dir_orgs_vars }}/{{ orgs }}/env/{{ env }}/controller_inventory_sources.d/|yes|Directory path to load controller object variables| +|`filetree_controller_instance_groups`|String/List(String)|{{ dir_orgs_vars }}/{{ orgs }}/env/{{ env }}/controller_instance_groups.d/|yes|Directory path to load controller object variables| +|`filetree_controller_hosts`|String/List(String)|{{ dir_orgs_vars }}/{{ orgs }}/env/{{ env }}/controller_hosts.d/|yes|Directory path to load controller object variables| +|`filetree_controller_groups`|String/List(String)|{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_groups.d/|yes|Directory path to load controller object variables| +|`filetree_controller_templates`|String/List(String)|{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_job_templates.d/|yes|Directory path to load controller object variables| +|`filetree_controller_workflow_job_templates`|String/List(String)|{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_workflow_job_templates.d/|yes|Directory path to load controller object variables| +|`filetree_controller_schedules`|String/List(String)|{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_schedules.d/|yes|Directory path to load controller object variables| +|`filetree_controller_roles`|String/List(String)|{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_roles.d/|yes|Directory path to load controller object variables| ### Data Structure -- It accepts two data models as the roles in the redhat_cop.controller_configuration collection,a simple straightforward easy to maintain model, and another based on the controller api. +- It accepts two data models as the roles in the infra.controller_configuration collection,a simple straightforward easy to maintain model, and another based on the controller api. - Variables should be stored in yaml files. It could be used vault to encrypt sensitive data when needed. -- All variables should be taken from the awx or automation controller object roles from the redhat_cop.controller_configuration collection. +- All variables should be taken from the awx or automation controller object roles from the infra.controller_configuration collection. ```yaml --- @@ -139,14 +139,14 @@ orgs_vars/Organization1 │   │   ├── controller_projects_inventory_sourcea_prod.yml │   │   ├── controller_projects_inventory_sourceb_dev.yml │   │   └── controller_projects_inventory_sourceb_prod.yml - │   ├── controller_roles.d - │   │   ├── app-example - │   │   │   ├── controller_roles_cmdb_approvals.yml - │   │   │   ├── controller_roles_inventories.yml - │   │   │   ├── controller_roles_inventory_wf_update.yml - │   │   │   ├── controller_roles_teams.yml - │   │   │   └── controller_roles_users.yml - │   │   └── controller_roles.yml + │   ├── controller_roles.d (1) + │   │   ├── app-example (1) + │   │   │   ├── controller_roles_cmdb_approvals.yml (1) + │   │   │   ├── controller_roles_inventories.yml (1) + │   │   │   ├── controller_roles_inventory_wf_update.yml (1) + │   │   │   ├── controller_roles_teams.yml (1) + │   │   │   └── controller_roles_users.yml (1) + │   │   └── controller_roles.yml (1) │   ├── controller_schedules.d │   │   ├── app-casc │   │   │   └── controller_schedules_casc.yml @@ -207,13 +207,13 @@ orgs_vars/Organization1 │   │   │   ├── controller_inventory_sources_sourceb_dev.yml │   │   │   └── controller_inventory_sources_sourceb_prod.yml │   │   └── controller_inventory_sources.yml - │   └── controller_settings.d (1) - │   ├── app-examples (1) - │   │   ├── controller_settings_jobs.yml (1) - │   │   ├── controller_settings_ldap.yml (1) - │   │   ├── controller_settings_system.yml (1) - │   │   └── controller_settings_user_interface.yml (1) - │   └── controller_settings.yml (1) + │   └── controller_settings.d (2) + │   ├── app-examples (2) + │   │   ├── controller_settings_jobs.yml (2) + │   │   ├── controller_settings_ldap.yml (2) + │   │   ├── controller_settings_system.yml (2) + │   │   └── controller_settings_user_interface.yml (2) + │   └── controller_settings.yml (2) └── demo-prd ├── controller_credentials.d │   ├── app-examples @@ -255,16 +255,18 @@ orgs_vars/Organization1 │   │   ├── controller_inventory_sources_sourceb_dev.yml │   │   └── controller_inventory_sources_sourceb_prod.yml │   └── controller_inventory_sources.yml - └── controller_settings.d (1) - ├── app-examples (1) - │   ├── controller_settings_jobs.yml (1) - │   ├── controller_settings_ldap.yml (1) - │   ├── controller_settings_system.yml (1) - │   └── controller_settings_user_interface.yml (1) - └── controller_settings.yml (1) + └── controller_settings.d (2) + ├── app-examples (2) + │   ├── controller_settings_jobs.yml (2) + │   ├── controller_settings_ldap.yml (2) + │   ├── controller_settings_system.yml (2) + │   └── controller_settings_user_interface.yml (2) + └── controller_settings.yml (2) ``` -> **NOTE (1):** These directories and files must belong to SuperAdmin Organization ONLY, because must have admin super powers. +> **NOTE (1):** These directory and files may belong to SuperAdmin Organization ONLY. If any other organization defines it's own `roles`, they must duplicate the ones given by the SuperAdmin Organization or they will be dropped. +> +> **NOTE (2):** These directories and files must belong to SuperAdmin Organization ONLY, because must have admin super powers. ## Role Tags @@ -317,7 +319,7 @@ The role is designed to be used with tags, each tags correspond to an AWX or Aut - block: - name: Include Tasks to load Galaxy credentials to be added to Organizations ansible.builtin.include_role: - name: redhat_cop.controller_configuration.filetree_read + name: infra.controller_configuration.filetree_read tasks_from: "{{ create_orgs_credentials }}" loop: - organizations.yml @@ -327,7 +329,7 @@ The role is designed to be used with tags, each tags correspond to an AWX or Aut - name: Include Tasks to add Galaxy credentials to Organizations ansible.builtin.include_role: - name: redhat_cop.controller_configuration.dispatch + name: infra.controller_configuration.dispatch apply: tags: - organizations @@ -339,8 +341,8 @@ The role is designed to be used with tags, each tags correspond to an AWX or Aut - {role: credentials, var: controller_credentials, tags: credentials} roles: - - {role: redhat_cop.controller_configuration.filetree_read } - - {role: redhat_cop.controller_configuration.dispatch } + - {role: infra.controller_configuration.filetree_read } + - {role: infra.controller_configuration.dispatch } post_tasks: - name: "Delete the Authentication Token used" diff --git a/roles/filetree_read/defaults/main.yml b/roles/filetree_read/defaults/main.yml index a9d9e3892..e72a4ba1c 100644 --- a/roles/filetree_read/defaults/main.yml +++ b/roles/filetree_read/defaults/main.yml @@ -5,6 +5,7 @@ orgs: "Acme" dir_orgs_vars: orgs_vars env: dev +controller_configuration_filetree_read_secure_logging: "{{ controller_configuration_secure_logging | default(true) }}" # Controller lists @@ -26,7 +27,7 @@ controller_instance_groups: [] controller_hosts: [] controller_groups: [] controller_templates: [] -controller_workflow_job_templates: [] +controller_workflows: [] controller_schedules: [] controller_roles: [] diff --git a/roles/filetree_read/meta/argument_specs.yml b/roles/filetree_read/meta/argument_specs.yml new file mode 100644 index 000000000..3f155ee88 --- /dev/null +++ b/roles/filetree_read/meta/argument_specs.yml @@ -0,0 +1,184 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to read from a local file tree and create objects in Controller + options: + orgs: + type: str + required: true + description: This variable sets the organization where should be applied the configuration. + dir_orgs_vars: + type: str + required: true + description: This variable sets the directory path where the variables will be store. + env: + type: str + default: dev + required: false + description: This variable sets the life-cycle environment to use. + controller_location: + type: str + default: '' + required: false + description: This variable sets object location. It is useful when the configuration need to be replicated in an active/passive sites architecture + filetree_controller_settings: + type: raw + default: "{{ dir_orgs_vars }}/{{ orgs }}/env/{{ env }}/controller_settings.d/" + required: false + description: Directory path to load controller object variables + filetree_controller_organizations: + type: raw + default: "{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_organizations.d/" + required: false + description: Directory path to load controller object variables + filetree_controller_labels: + type: raw + default: "{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_labels.d/" + required: false + description: Directory path to load controller object variables + filetree_controller_user_accounts: + type: raw + default: "{{ dir_orgs_vars }}/{{ orgs }}/env/{{ env }}/controller_users.d/" + required: false + description: Directory path to load controller object variables + filetree_controller_teams: + type: raw + default: "{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_teams.d/" + required: false + description: Directory path to load controller object variables + filetree_controller_credential_types: + type: raw + default: "{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_credential_types.d/" + required: false + description: Directory path to load controller object variables + filetree_controller_credentials: + type: raw + default: "{{ dir_orgs_vars }}/{{ orgs }}/env/{{ env }}/controller_credentials.d/" + required: false + description: Directory path to load controller object variables + filetree_controller_credential_input_sources: + type: raw + default: "{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_credential_input_sources.d/" + required: false + description: Directory path to load controller object variables + filetree_controller_notifications: + type: raw + default: "{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_notification_templates.d/" + required: false + description: Directory path to load controller object variables + filetree_controller_projects: + type: raw + default: "{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_projects.d/" + required: false + description: Directory path to load controller object variables + filetree_controller_execution_environments: + type: raw + default: "{{ dir_orgs_vars }}/{{ orgs }}/env/{{ env }}/controller_execution_environments.d/" + required: false + description: Directory path to load controller object variables + filetree_controller_applications: + type: raw + default: "{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_applications.d/" + required: false + description: Directory path to load controller object variables + filetree_controller_inventories: + type: raw + default: "{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_inventories.d/" + required: false + description: Directory path to load controller object variables + filetree_controller_inventory_sources: + type: raw + default: "{{ dir_orgs_vars }}/{{ orgs }}/env/{{ env }}/controller_inventory_sources.d/" + required: false + description: Directory path to load controller object variables + filetree_controller_instance_groups: + type: raw + default: "{{ dir_orgs_vars }}/{{ orgs }}/env/{{ env }}/controller_instance_groups.d/" + required: false + description: Directory path to load controller object variables + filetree_controller_hosts: + type: raw + default: "{{ dir_orgs_vars }}/{{ orgs }}/env/{{ env }}/controller_hosts.d/" + required: false + description: Directory path to load controller object variables + filetree_controller_groups: + type: raw + default: "{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_groups.d/" + required: false + description: Directory path to load controller object variables + filetree_controller_templates: + type: raw + default: "{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_job_templates.d/" + required: false + description: Directory path to load controller object variables + filetree_controller_workflow_job_templates: + type: raw + default: "{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_workflow_job_templates.d/" + required: false + description: Directory path to load controller object variables + filetree_controller_schedules: + type: raw + default: "{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_schedules.d/" + required: false + description: Directory path to load controller object variables + filetree_controller_roles: + type: raw + default: "{{ dir_orgs_vars }}/{{ orgs }}/env/common/controller_roles.d/" + required: false + description: Directory path to load controller object variables + + # Async variables + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + + # No_log variables + controller_configuration_filetree_create_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/filetree_read/tasks/applications.yml b/roles/filetree_read/tasks/applications.yml index 9dbc9495a..ac5638e0c 100644 --- a/roles/filetree_read/tasks/applications.yml +++ b/roles/filetree_read/tasks/applications.yml @@ -20,10 +20,12 @@ loop: "{{ __contents_filetree_controller_applications.results }}" loop_control: loop_var: __populate_applications_list_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __contents_filetree_controller_applications.results is defined and __populate_applications_list_item.ansible_facts.controller_applications is defined - name: "Set Applications Data Structure" ansible.builtin.set_fact: controller_applications: "{{ __populate_controller_applications }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_applications is defined ... diff --git a/roles/filetree_read/tasks/credential_input_sources.yml b/roles/filetree_read/tasks/credential_input_sources.yml index 631bd7789..27201d47a 100644 --- a/roles/filetree_read/tasks/credential_input_sources.yml +++ b/roles/filetree_read/tasks/credential_input_sources.yml @@ -20,10 +20,12 @@ loop: "{{ __contents_filetree_controller_credential_input_sources.results }}" loop_control: loop_var: __populate_input_sources_list_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __contents_filetree_controller_credential_input_sources.results is defined and __populate_input_sources_list_item.ansible_facts.controller_credential_input_sources is defined - name: "Set Credential Input Sources Data Structure" ansible.builtin.set_fact: controller_credential_input_sources: "{{ __populate_controller_credential_input_sources }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_credential_input_sources is defined ... diff --git a/roles/filetree_read/tasks/credential_types.yml b/roles/filetree_read/tasks/credential_types.yml index abdf34864..90e51dde0 100644 --- a/roles/filetree_read/tasks/credential_types.yml +++ b/roles/filetree_read/tasks/credential_types.yml @@ -20,10 +20,12 @@ loop: "{{ __contents_filetree_controller_credential_types.results }}" loop_control: loop_var: __populate_credentials_list_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __contents_filetree_controller_credential_types.results is defined and __populate_credentials_list_item.ansible_facts.controller_credential_types is defined - name: "Set Projects Data Structure" ansible.builtin.set_fact: controller_credential_types: "{{ __populate_controller_credential_types }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_credential_types is defined ... diff --git a/roles/filetree_read/tasks/credentials.yml b/roles/filetree_read/tasks/credentials.yml index c3d6632a7..3ff5661bb 100644 --- a/roles/filetree_read/tasks/credentials.yml +++ b/roles/filetree_read/tasks/credentials.yml @@ -20,6 +20,7 @@ loop: "{{ __contents_filetree_controller_credentials.results }}" loop_control: loop_var: __populate_credentials_list_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __contents_filetree_controller_credentials.results is defined and __populate_credentials_list_item.ansible_facts.controller_credentials is defined - name: "Segregated Credentials list when controller_location is defined" @@ -31,6 +32,7 @@ loop: "{{ __populate_controller_credentials }}" loop_control: loop_var: __populate_credentials_list_common_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: "__populate_credentials_list_common_item.controller_location is not defined" - name: "Populate Credentials list by __site objects" @@ -39,20 +41,24 @@ loop: "{{ __populate_controller_credentials }}" loop_control: loop_var: __populate_credentials_list_site_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: "__populate_credentials_list_site_item.controller_location is defined and __populate_credentials_list_site_item.controller_location == controller_location" - name: "Concatenate Credentials list common + site" ansible.builtin.set_fact: __populate_controller_credentials_total: "{{ __populate_controller_credentials_common | default([]) + __populate_controller_credentials_site }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_credentials_site is defined - name: "Set Credentials Data Structure common + site concatenated" ansible.builtin.set_fact: __populate_controller_credentials: "{{ __populate_controller_credentials_total }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_credentials_total is defined - name: "Set Credentials Data Structure" ansible.builtin.set_fact: controller_credentials: "{{ __populate_controller_credentials }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_credentials is defined ... diff --git a/roles/filetree_read/tasks/execution_environments.yml b/roles/filetree_read/tasks/execution_environments.yml index 08adbf49d..8dd80a77c 100644 --- a/roles/filetree_read/tasks/execution_environments.yml +++ b/roles/filetree_read/tasks/execution_environments.yml @@ -20,6 +20,7 @@ loop: "{{ __contents_filetree_controller_execution_environments.results }}" loop_control: loop_var: __populate_execution_environments_list_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __contents_filetree_controller_execution_environments.results is defined and __populate_execution_environments_list_item.ansible_facts.controller_execution_environments is defined - name: "Segregated Execution Environments list when controller_location is defined" @@ -31,6 +32,7 @@ loop: "{{ __populate_controller_execution_environments }}" loop_control: loop_var: __populate_execution_environments_list_common_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: "__populate_execution_environments_list_common_item.controller_location is not defined" - name: "Populate Execution Environments list by __site objects" @@ -39,20 +41,24 @@ loop: "{{ __populate_controller_execution_environments }}" loop_control: loop_var: __populate_execution_environments_list_site_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: "__populate_execution_environments_list_site_item.controller_location is defined and __populate_execution_environments_list_site_item.controller_location == controller_location" - name: "Concatenate Execution Environments list common + site" ansible.builtin.set_fact: __populate_controller_execution_environments_total: "{{ __populate_controller_execution_environments_common | default([]) + __populate_controller_execution_environments_site }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_execution_environments_site is defined - name: "Set Execution Environments Data Structure common + site concatenated" ansible.builtin.set_fact: __populate_controller_execution_environments: "{{ __populate_controller_execution_environments_total }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_execution_environments_total is defined - name: "Set Execution Environments Data Structure" ansible.builtin.set_fact: controller_execution_environments: "{{ __populate_controller_execution_environments }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_execution_environments is defined ... diff --git a/roles/filetree_read/tasks/groups.yml b/roles/filetree_read/tasks/groups.yml index 578db97b7..6f17d6e80 100644 --- a/roles/filetree_read/tasks/groups.yml +++ b/roles/filetree_read/tasks/groups.yml @@ -20,10 +20,12 @@ loop: "{{ __contents_filetree_controller_groups.results }}" loop_control: loop_var: __populate_groups_list_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __contents_filetree_controller_groups.results is defined and __populate_groups_list_item.ansible_facts.controller_groups is defined - name: "Set Groups Data Structure" ansible.builtin.set_fact: controller_groups: "{{ __populate_controller_groups }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_groups is defined ... diff --git a/roles/filetree_read/tasks/hosts.yml b/roles/filetree_read/tasks/hosts.yml index 78470d497..ab7af5a2f 100644 --- a/roles/filetree_read/tasks/hosts.yml +++ b/roles/filetree_read/tasks/hosts.yml @@ -20,6 +20,7 @@ loop: "{{ __contents_filetree_controller_hosts.results }}" loop_control: loop_var: __populate_hosts_list_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __contents_filetree_controller_hosts.results is defined and __populate_hosts_list_item.ansible_facts.controller_hosts is defined - name: "Segregated Hosts list when controller_location is defined" @@ -31,6 +32,7 @@ loop: "{{ __populate_controller_hosts }}" loop_control: loop_var: __populate_hosts_list_common_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: "__populate_hosts_list_common_item.controller_location is not defined" - name: "Populate Hosts list by __site objects" @@ -39,20 +41,24 @@ loop: "{{ __populate_controller_hosts }}" loop_control: loop_var: __populate_hosts_list_site_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: "__populate_hosts_list_site_item.controller_location is defined and __populate_hosts_list_site_item.controller_location == controller_location" - name: "Concatenate Hosts list common + site" ansible.builtin.set_fact: __populate_controller_hosts_total: "{{ __populate_controller_hosts_common | default([]) + __populate_controller_hosts_site }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_hosts_site is defined - name: "Set Hosts Data Structure common + site concatenated" ansible.builtin.set_fact: __populate_controller_hosts: "{{ __populate_controller_hosts_total }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_hosts_total is defined - name: "Set Hosts Data Structure" ansible.builtin.set_fact: controller_hosts: "{{ __populate_controller_hosts }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_hosts is defined ... diff --git a/roles/filetree_read/tasks/instance_groups.yml b/roles/filetree_read/tasks/instance_groups.yml index be76abaa6..f5a1e113b 100644 --- a/roles/filetree_read/tasks/instance_groups.yml +++ b/roles/filetree_read/tasks/instance_groups.yml @@ -20,6 +20,7 @@ loop: "{{ __contents_filetree_controller_instance_groups.results }}" loop_control: loop_var: __populate_instance_groups_list_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __contents_filetree_controller_instance_groups.results is defined and __populate_instance_groups_list_item.ansible_facts.controller_instance_groups is defined - name: "Segregated Instance Groups list when controller_location is defined" @@ -31,6 +32,7 @@ loop: "{{ __populate_controller_instance_groups }}" loop_control: loop_var: __populate_instance_groups_list_common_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: "__populate_instance_groups_list_common_item.controller_location is not defined" - name: "Populate Instance Groups list by __site objects" @@ -39,20 +41,24 @@ loop: "{{ __populate_controller_instance_groups }}" loop_control: loop_var: __populate_instance_groups_list_site_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: "__populate_instance_groups_list_site_item.controller_location is defined and __populate_instance_groups_list_site_item.controller_location == controller_location" - name: "Concatenate Instance Groups list common + site" ansible.builtin.set_fact: __populate_controller_instance_groups_total: "{{ __populate_controller_instance_groups_common | default([]) + __populate_controller_instance_groups_site }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_instance_groups_site is defined - name: "Set Instance Groups Data Structure common + site concatenated" ansible.builtin.set_fact: __populate_controller_instance_groups: "{{ __populate_controller_instance_groups_total }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_instance_groups_total is defined - name: "Set Instance Groups Data Structure" ansible.builtin.set_fact: controller_instance_groups: "{{ __populate_controller_instance_groups }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_instance_groups is defined ... diff --git a/roles/filetree_read/tasks/inventories.yml b/roles/filetree_read/tasks/inventories.yml index 673cc2d26..6de650c3a 100644 --- a/roles/filetree_read/tasks/inventories.yml +++ b/roles/filetree_read/tasks/inventories.yml @@ -20,10 +20,12 @@ loop: "{{ __contents_filetree_controller_inventories.results }}" loop_control: loop_var: __populate_inventories_list_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __contents_filetree_controller_inventories.results is defined and __populate_inventories_list_item.ansible_facts.controller_inventories is defined - name: "Set Inventories Data Structure" ansible.builtin.set_fact: controller_inventories: "{{ __populate_controller_inventories }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_inventories is defined ... diff --git a/roles/filetree_read/tasks/inventory_sources.yml b/roles/filetree_read/tasks/inventory_sources.yml index a64814da6..1c5d457bd 100644 --- a/roles/filetree_read/tasks/inventory_sources.yml +++ b/roles/filetree_read/tasks/inventory_sources.yml @@ -20,6 +20,7 @@ loop: "{{ __contents_filetree_controller_inventory_sources.results }}" loop_control: loop_var: __populate_inventory_sources_list_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __contents_filetree_controller_inventory_sources.results is defined and __populate_inventory_sources_list_item.ansible_facts.controller_inventory_sources is defined - name: "Segregated Inventory Sources list when controller_location is defined" @@ -31,6 +32,7 @@ loop: "{{ __populate_controller_inventory_sources }}" loop_control: loop_var: __populate_inventory_sources_list_common_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: "__populate_inventory_sources_list_common_item.controller_location is not defined" - name: "Populate Inventory Sources list by __site objects" @@ -39,20 +41,24 @@ loop: "{{ __populate_controller_inventory_sources }}" loop_control: loop_var: __populate_inventory_sources_list_site_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: "__populate_inventory_sources_list_site_item.controller_location is defined and __populate_inventory_sources_list_site_item.controller_location == controller_location" - name: "Concatenate Inventory Sources list common + site" ansible.builtin.set_fact: __populate_controller_inventory_sources_total: "{{ __populate_controller_inventory_sources_common | default([]) + __populate_controller_inventory_sources_site }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_inventory_sources_site is defined - name: "Set Inventory Sources Data Structure common + site concatenated" ansible.builtin.set_fact: __populate_controller_inventory_sources: "{{ __populate_controller_inventory_sources_total }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_inventory_sources_total is defined - name: "Set Inventory Sources Data Structure" ansible.builtin.set_fact: controller_inventory_sources: "{{ __populate_controller_inventory_sources }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_inventory_sources is defined ... diff --git a/roles/filetree_read/tasks/job_templates.yml b/roles/filetree_read/tasks/job_templates.yml index b83bb0f9e..287998c11 100644 --- a/roles/filetree_read/tasks/job_templates.yml +++ b/roles/filetree_read/tasks/job_templates.yml @@ -20,10 +20,12 @@ loop: "{{ __contents_filetree_controller_templates.results }}" loop_control: loop_var: __populate_job_templates_list_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __contents_filetree_controller_templates.results is defined and __populate_job_templates_list_item.ansible_facts.controller_templates is defined - name: "Set Job Templates Data Structure" ansible.builtin.set_fact: controller_templates: "{{ __populate_controller_job_templates }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_job_templates is defined ... diff --git a/roles/filetree_read/tasks/labels.yml b/roles/filetree_read/tasks/labels.yml index d8e6b479d..16b8f51f9 100644 --- a/roles/filetree_read/tasks/labels.yml +++ b/roles/filetree_read/tasks/labels.yml @@ -20,10 +20,12 @@ loop: "{{ __contents_filetree_controller_labels.results }}" loop_control: loop_var: __populate_labels_list_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __contents_filetree_controller_labels.results is defined and __populate_labels_list_item.ansible_facts.controller_labels is defined - name: "Set Labels Data Structure" ansible.builtin.set_fact: controller_labels: "{{ __populate_controller_labels }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_labels is defined ... diff --git a/roles/filetree_read/tasks/main.yml b/roles/filetree_read/tasks/main.yml index a39b7e108..d69788658 100644 --- a/roles/filetree_read/tasks/main.yml +++ b/roles/filetree_read/tasks/main.yml @@ -20,7 +20,7 @@ controller_hosts: [] controller_groups: [] controller_templates: [] - controller_workflow_job_templates: [] + controller_workflows: [] controller_schedules: [] controller_roles: [] tags: always diff --git a/roles/filetree_read/tasks/notifications.yml b/roles/filetree_read/tasks/notifications.yml index c7c703748..f40c7db0f 100644 --- a/roles/filetree_read/tasks/notifications.yml +++ b/roles/filetree_read/tasks/notifications.yml @@ -20,10 +20,12 @@ loop: "{{ __contents_filetree_controller_notifications.results }}" loop_control: loop_var: __populate_notifications_list_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __contents_filetree_controller_notifications.results is defined and __populate_notifications_list_item.ansible_facts.controller_notifications is defined - name: "Set Notifications Data Structure" ansible.builtin.set_fact: controller_notifications: "{{ __populate_controller_notifications }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_notifications is defined ... diff --git a/roles/filetree_read/tasks/organizations.yml b/roles/filetree_read/tasks/organizations.yml index c1c55cfec..1fb04bd67 100644 --- a/roles/filetree_read/tasks/organizations.yml +++ b/roles/filetree_read/tasks/organizations.yml @@ -20,10 +20,12 @@ loop: "{{ __contents_filetree_controller_organizations.results }}" loop_control: loop_var: __populate_organizations_list_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __contents_filetree_controller_organizations.results is defined and __populate_organizations_list_item.ansible_facts.controller_organizations is defined - name: "Set Organization Data Structure" ansible.builtin.set_fact: controller_organizations: "{{ __populate_controller_organizations }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_organizations is defined ... diff --git a/roles/filetree_read/tasks/projects.yml b/roles/filetree_read/tasks/projects.yml index 32f9b138b..83d9038e3 100644 --- a/roles/filetree_read/tasks/projects.yml +++ b/roles/filetree_read/tasks/projects.yml @@ -20,10 +20,12 @@ loop: "{{ __contents_filetree_controller_projects.results }}" loop_control: loop_var: __populate_projects_list_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __contents_filetree_controller_projects.results is defined and __populate_projects_list_item.ansible_facts.controller_projects is defined - name: "Set Projects Data Structure" ansible.builtin.set_fact: controller_projects: "{{ __populate_controller_projects }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_projects is defined ... diff --git a/roles/filetree_read/tasks/roles.yml b/roles/filetree_read/tasks/roles.yml index ea8fd731f..3d9ec8c6c 100644 --- a/roles/filetree_read/tasks/roles.yml +++ b/roles/filetree_read/tasks/roles.yml @@ -20,10 +20,12 @@ loop: "{{ __contents_filetree_controller_roles.results }}" loop_control: loop_var: __populate_roles_list_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __contents_filetree_controller_roles.results is defined and __populate_roles_list_item.ansible_facts.controller_roles is defined - name: "Set Roles Data Structure" ansible.builtin.set_fact: controller_roles: "{{ __populate_controller_roles }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_roles is defined ... diff --git a/roles/filetree_read/tasks/schedules.yml b/roles/filetree_read/tasks/schedules.yml index df13b9e6e..a86d4df9b 100644 --- a/roles/filetree_read/tasks/schedules.yml +++ b/roles/filetree_read/tasks/schedules.yml @@ -20,10 +20,12 @@ loop: "{{ __contents_filetree_controller_schedules.results }}" loop_control: loop_var: __populate_schedules_list_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __contents_filetree_controller_schedules.results is defined and __populate_schedules_list_item.ansible_facts.controller_schedules is defined - name: "Set Schedules Data Structure" ansible.builtin.set_fact: controller_schedules: "{{ __populate_controller_schedules }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_schedules is defined ... diff --git a/roles/filetree_read/tasks/settings.yml b/roles/filetree_read/tasks/settings.yml index 25978994f..0c850634d 100644 --- a/roles/filetree_read/tasks/settings.yml +++ b/roles/filetree_read/tasks/settings.yml @@ -20,6 +20,7 @@ loop: "{{ __contents_filetree_controller_settings.results }}" loop_control: loop_var: __populate_settings_list_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __contents_filetree_controller_settings.results is defined and __populate_settings_list_item.ansible_facts.controller_settings is defined - name: "Segregated Settings list when controller_location is defined" @@ -31,6 +32,7 @@ loop: "{{ __populate_controller_settings }}" loop_control: loop_var: __populate_settings_list_common_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: "__populate_settings_list_common_item.controller_location is not defined" - name: "Populate Settings list by __site objects" @@ -39,20 +41,24 @@ loop: "{{ __populate_controller_settings }}" loop_control: loop_var: __populate_settings_list_site_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: "__populate_settings_list_site_item.controller_location is defined and __populate_settings_list_site_item.controller_location == controller_location" - name: "Concatenate Settings list common + site" ansible.builtin.set_fact: __populate_controller_settings_total: "{{ __populate_controller_settings_common | default([]) + __populate_controller_settings_site }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_settings_site is defined - name: "Set Settings Data Structure common + site concatenated" ansible.builtin.set_fact: __populate_controller_settings: "{{ __populate_controller_settings_total }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_settings_total is defined - name: "Set Settings Data Structure" ansible.builtin.set_fact: controller_settings: "{{ __populate_controller_settings }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_settings is defined ... diff --git a/roles/filetree_read/tasks/teams.yml b/roles/filetree_read/tasks/teams.yml index 9a0a95776..3b9a62b35 100644 --- a/roles/filetree_read/tasks/teams.yml +++ b/roles/filetree_read/tasks/teams.yml @@ -20,10 +20,12 @@ loop: "{{ __contents_filetree_controller_teams.results }}" loop_control: loop_var: __populate_teams_list_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __contents_filetree_controller_teams.results is defined and __populate_teams_list_item.ansible_facts.controller_teams is defined - name: "Set Teams Data Structure" ansible.builtin.set_fact: controller_teams: "{{ __populate_controller_teams }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_teams is defined ... diff --git a/roles/filetree_read/tasks/user_accounts.yml b/roles/filetree_read/tasks/user_accounts.yml index b56a31132..22b21711c 100644 --- a/roles/filetree_read/tasks/user_accounts.yml +++ b/roles/filetree_read/tasks/user_accounts.yml @@ -20,6 +20,7 @@ loop: "{{ __contents_filetree_controller_user_accounts.results }}" loop_control: loop_var: __populate_user_accounts_list_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __contents_filetree_controller_user_accounts.results is defined and __populate_user_accounts_list_item.ansible_facts.controller_user_accounts is defined - name: "Set User Accounts Data Structure" diff --git a/roles/filetree_read/tasks/workflow_job_templates.yml b/roles/filetree_read/tasks/workflow_job_templates.yml index d65686abe..baab23c38 100644 --- a/roles/filetree_read/tasks/workflow_job_templates.yml +++ b/roles/filetree_read/tasks/workflow_job_templates.yml @@ -20,10 +20,12 @@ loop: "{{ __contents_filetree_controller_workflow_job_templates.results }}" loop_control: loop_var: __populate_credentials_list_item + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __contents_filetree_controller_workflow_job_templates.results is defined and __populate_credentials_list_item.ansible_facts.controller_workflows is defined - name: "Set Job Templates Data Structure" ansible.builtin.set_fact: controller_workflows: "{{ __populate_controller_workflow_job_templates }}" + no_log: "{{ controller_configuration_filetree_read_secure_logging }}" when: __populate_controller_workflow_job_templates is defined ... diff --git a/roles/filetree_read/tests/config-controller-filetree.yml b/roles/filetree_read/tests/config-controller-filetree.yml index c87de6604..94992f6fe 100644 --- a/roles/filetree_read/tests/config-controller-filetree.yml +++ b/roles/filetree_read/tests/config-controller-filetree.yml @@ -1,5 +1,6 @@ --- -- hosts: all +- name: Filetree read test + hosts: all connection: local gather_facts: false vars: @@ -11,6 +12,10 @@ controller_validate_certs: "{{ vault_controller_validate_certs | default(lookup('env', 'CONTROLLER_VERIFY_SSL')) }}" pre_tasks: - name: "Setup authentication (block)" + no_log: "{{ controller_configuration_filetree_read_secure_logging | default('false') }}" + when: controller_oauthtoken is not defined + tags: + - always block: - name: "Get the Authentication Token for the future requests" ansible.builtin.uri: @@ -27,28 +32,11 @@ ansible.builtin.set_fact: controller_oauthtoken: "{{ authtoken_res.json.token }}" controller_oauthtoken_url: "{{ authtoken_res.json.url }}" - no_log: "{{ controller_configuration_filetree_read_secure_logging | default('false') }}" - when: controller_oauthtoken is not defined - tags: - - always roles: - - {role: redhat_cop.controller_configuration.filetree_read, assign_galaxy_credentials_to_org: false} - - {role: redhat_cop.controller_configuration.dispatch, assign_galaxy_credentials_to_org: false} + - infra.controller_configuration.filetree_read + - infra.controller_configuration.dispatch post_tasks: - - block: - - name: Include Tasks to add Galaxy credentials to Organizations - ansible.builtin.include_role: - name: redhat_cop.controller_configuration.dispatch - apply: - tags: - - organizations - vars: - controller_configuration_dispatcher_roles: - - {role: organizations, var: controller_organizations, tags: organizations} - tags: - - organizations - - name: "Delete the Authentication Token used" ansible.builtin.uri: url: "https://{{ controller_hostname }}{{ controller_oauthtoken_url }}" diff --git a/roles/groups/README.md b/roles/groups/README.md index 198e905c4..307f44027 100644 --- a/roles/groups/README.md +++ b/roles/groups/README.md @@ -76,16 +76,18 @@ The role will strip the double space between the curly bracket in order to provi ### Group Variables -|Variable Name|Default Value|Required|Description| -|:---:|:---:|:---:|:---:| -|`name`|""|yes|Name of Group| -|`new_name`|""|yes|Name of Group, used in updating a Group.| -|`description`|`False`|no|Description of of Group.| -|`inventory`|""|yes| Name of inventory| -|`variables`|{}|no| variables applicable to group.| -|`hosts`|""|no | hosts (list) in group| -|`children`|""|no| List of groups that should be nested inside in this group| -|`state`|`present`|no|Desired state of the resource.| +|Variable Name|Default Value|Required|Type|Description| +|:---:|:---:|:---:|:---:|:---:| +|`name`|""|yes|str|Name of Group| +|`new_name`|""|yes|str|Name of Group, used in updating a Group.| +|`description`|`False`|no|str|Description of the Group.| +|`inventory`|""|yes|str|Name of inventory the group should be made a member of.| +|`variables`|{}|no|dict|variables applicable to group.| +|`hosts`|""|no|list|hosts (list) in group| +|`children`|""|no|list|List of groups that should be nested inside in this group| +|`preserve_existing_hosts`|`False`|no|bool|Whether to preserve existing hosts in an existing group| +|`preserve_existing_children`|`False`|no|bool|Whether to preserve existing children in an existing group| +|`state`|`present`|no|str|Desired state of the resource.| ### Standard Organization Data Structure @@ -141,17 +143,17 @@ controller_groups: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.groups, when: controller_groups is defined} + - {role: infra.controller_configuration.groups, when: controller_groups is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/groups/meta/argument_specs.yml b/roles/groups/meta/argument_specs.yml new file mode 100644 index 000000000..8b0b2a0a9 --- /dev/null +++ b/roles/groups/meta/argument_specs.yml @@ -0,0 +1,119 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to create groups on Ansible Controller. + options: + controller_groups: + description: Data structure describing your groups + type: list + elements: dict + # options: + # name: + # required: true + # type: str + # description: Name of group + # new_name: + # required: false + # type: str + # description: Name of group, used in updating + # description: + # required: false + # type: str + # description: Description to use for the group. + # inventory: + # required: true + # type: str + # description: Name of inventory the group should be made a member of. + # variables: + # required: false + # type: dict + # description: variables applicable to group. + # hosts: + # required: false + # type: list + # elements: str + # description: hosts (list) in group + # children: + # required: false + # type: list + # elements: str + # description: List of groups that should be nested inside in this group + # preserve_existing_hosts: + # default: false + # required: false + # type: bool + # description: Whether to preserve existing hosts in an existing group + # preserve_existing_children: + # default: false + # required: false + # type: bool + # description: Whether to preserve existing children in an existing group + # state: + # default: "{{ controller_state | default('present') }}" + # required: false + # type: str + # description: Desired state of the resource. + + # Async variables + controller_configuration_groups_async_retries: + default: "{{ controller_configuration_async_retries | default(30) }}" + required: false + description: This variable sets the number of retries to attempt for the role. + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_groups_async_delay: + default: "{{ controller_configuration_async_delay | default(1) }}" + required: false + description: This variable sets delay between retries for the role. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + + # No_log variables + controller_configuration_groups_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/groups/tests/test.yml b/roles/groups/tests/test.yml index f8a2167ec..d13500f63 100644 --- a/roles/groups/tests/test.yml +++ b/roles/groups/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/hosts/README.md b/roles/hosts/README.md index e8f1fffe5..a97a5684f 100644 --- a/roles/hosts/README.md +++ b/roles/hosts/README.md @@ -131,17 +131,17 @@ controller_hosts: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.hosts, when: controller_hosts is defined} + - {role: infra.controller_configuration.hosts, when: controller_hosts is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/hosts/meta/argument_specs.yml b/roles/hosts/meta/argument_specs.yml new file mode 100644 index 000000000..234dba67d --- /dev/null +++ b/roles/hosts/meta/argument_specs.yml @@ -0,0 +1,104 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to create hosts on Ansible Controller. + options: + controller_hosts: + description: Data structure describing your hosts + type: list + elements: dict + # options: + # name: + # required: true + # type: str + # description: Name of host + # new_name: + # required: false + # type: str + # description: Name of host, used in updating + # description: + # required: false + # type: str + # description: Description to use for the host. + # inventory: + # required: true + # type: str + # description: Name of inventory the host should be made a member of. + # variables: + # required: false + # type: dict + # description: variables applicable to host. + # enabled: + # default: false + # required: false + # type: bool + # description: Whether the host is enabled + # state: + # default: "{{ controller_state | default('present') }}" + # required: false + # type: str + # description: Desired state of the resource. + + # Async variables + controller_configuration_hosts_async_retries: + default: "{{ controller_configuration_async_retries | default(30) }}" + required: false + description: This variable sets the number of retries to attempt for the role. + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_hosts_async_delay: + default: "{{ controller_configuration_async_delay | default(1) }}" + required: false + description: This variable sets delay between retries for the role. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + + # No_log variables + controller_configuration_hosts_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/hosts/tests/test.yml b/roles/hosts/tests/test.yml index 95b3bd5c8..b7a00793d 100644 --- a/roles/hosts/tests/test.yml +++ b/roles/hosts/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/instance_groups/README.md b/roles/instance_groups/README.md index 3e1699f13..421f83184 100644 --- a/roles/instance_groups/README.md +++ b/roles/instance_groups/README.md @@ -65,6 +65,8 @@ This also speeds up the overall role. |`policy_instance_percentage`|""|no|int|Minimum percentage of all instances that will be automatically assigned to this group when new instances come online.| |`policy_instance_minimum`|""|no|int|Static minimum number of Instances that will be automatically assign to this group when new instances come online.| |`policy_instance_list`|""|no|list|List of exact-match Instances that will be assigned to this group.| +|`max_concurrent_jobs`|0|no|int|Maximum number of concurrent jobs to run on this group. Zero means no limit.| +|`max_forks`|0|no|int|Max forks to execute on this group. Zero means no limit.| |`pod_spec_override`|""|no|str|A custom Kubernetes or OpenShift Pod specification.| |`instances`|""|no|list|The instances associated with this instance_group.| |`state`|`present`|no|str|Desired state of the resource.| @@ -94,17 +96,17 @@ controller_instance_groups: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.groups, when: controller_groups is defined} + - {role: infra.controller_configuration.groups, when: controller_groups is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/instance_groups/meta/argument_specs.yml b/roles/instance_groups/meta/argument_specs.yml new file mode 100644 index 000000000..a1a52dfc0 --- /dev/null +++ b/roles/instance_groups/meta/argument_specs.yml @@ -0,0 +1,128 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to create instance groups on Ansible Controller. + options: + controller_instance_groups: + description: Data structure describing your instance_groups + type: list + elements: dict + # options: + # name: + # required: true + # type: str + # description: Name of instance group + # new_name: + # required: false + # type: str + # description: Name of instance group, used in updating + # credential: + # required: false + # type: str + # description: Credential to authenticate with Kubernetes or OpenShift. Must be of type "Kubernetes/OpenShift API Bearer Token". Will make instance part of a Container Group. + # is_container_group: + # default: false + # required: false + # type: bool + # description: Signifies that this InstanceGroup should act as a ContainerGroup. If no credential is specified, the underlying Pod's ServiceAccount will be used. + # policy_instance_percentage: + # required: false + # type: int + # description: Minimum percentage of all instances that will be automatically assigned to this group when new instances come online. + # policy_instance_minimum: + # required: false + # type: int + # description: Static minimum number of Instances that will be automatically assign to this group when new instances come online. + # policy_instance_list: + # required: false + # type: list + # elements: str + # description: List of exact-match Instances that will be assigned to this group. + # max_concurrent_jobs: + # default: 0 + # required: false + # type: int + # description: Maximum number of concurrent jobs to run on this group. Zero means no limit. + # max_forks: + # default: 0 + # required: false + # type: int + # description: Max forks to execute on this group. Zero means no limit. + # pod_spec_override: + # required: false + # type: str + # description: A custom Kubernetes or OpenShift Pod specification. + # instances: + # required: false + # type: list + # elements: str + # description: The instances associated with this instance_group. + # state: + # default: "{{ controller_state | default('present') }}" + # required: false + # type: str + # description: Desired state of the resource. + + # Async variables + controller_configuration_instance_groups_async_retries: + default: "{{ controller_configuration_async_retries | default(30) }}" + required: false + description: This variable sets the number of retries to attempt for the role. + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_instance_groups_async_delay: + default: "{{ controller_configuration_async_delay | default(1) }}" + required: false + description: This variable sets delay between retries for the role. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + + # No_log variables + controller_configuration_instance_groups_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/instance_groups/tasks/main.yml b/roles/instance_groups/tasks/main.yml index 25d564a8e..38bf14270 100644 --- a/roles/instance_groups/tasks/main.yml +++ b/roles/instance_groups/tasks/main.yml @@ -9,6 +9,8 @@ policy_instance_percentage: "{{ __controller_instance_group_item.policy_instance_percentage | default(omit, true) }}" policy_instance_minimum: "{{ __controller_instance_group_item.policy_instance_minimum | default(omit, true) }}" policy_instance_list: "{{ __controller_instance_group_item.policy_instance_list | default(omit, true) }}" + max_concurrent_jobs: "{{ __controller_instance_group_item.max_concurrent_jobs | default(omit, true) }}" + max_forks: "{{ __controller_instance_group_item.max_forks | default(omit, true) }}" pod_spec_override: "{{ __controller_instance_group_item.pod_spec_override | default(omit, true) }}" instances: "{{ __controller_instance_group_item.instances | default(omit, true) }}" state: "{{ __controller_instance_group_item.state | default(controller_state | default('present')) }}" diff --git a/roles/instance_groups/tests/test.yml b/roles/instance_groups/tests/test.yml index 55921ab0e..640b8f963 100644 --- a/roles/instance_groups/tests/test.yml +++ b/roles/instance_groups/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/instances/README.md b/roles/instances/README.md index 95d055e98..eca33da09 100644 --- a/roles/instances/README.md +++ b/roles/instances/README.md @@ -93,17 +93,17 @@ controller_instances: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.instances, when: controller_instances is defined} + - {role: infra.controller_configuration.instances, when: controller_instances is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/instances/meta/argument_specs.yml b/roles/instances/meta/argument_specs.yml new file mode 100644 index 000000000..a68f53934 --- /dev/null +++ b/roles/instances/meta/argument_specs.yml @@ -0,0 +1,104 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to create instances on Ansible Controller. + options: + controller_instances: + description: Data structure describing your instances + type: list + elements: dict + # options: + # hostname: + # required: true + # type: str + # description: Hostname of this instance. + # capacity_adjustment: + # required: false + # type: float + # description: Capacity adjustment between 0 and 1. + # enabled: + # default: false + # required: false + # type: bool + # description: If true, the instance will be enabled and used. + # managed_by_policy: + # default: false + # required: false + # type: bool + # description: If true, will be managed by instance group policy. + # node_type: + # required: false + # type: str + # description: Role that this node plays in the mesh. Most likely Execution. Current options are 'execution'. + # node_state: + # required: false + # type: str + # description: Indicates the current life cycle stage of this instance. Current options are 'installed' and 'deprovisioning'. + # listener_port: + # required: false + # type: int + # description: Port that Receptor will listen for incoming connections on. + + # Async variables + controller_configuration_instances_async_retries: + default: "{{ controller_configuration_async_retries | default(30) }}" + required: false + description: This variable sets the number of retries to attempt for the role. + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_instances_async_delay: + default: "{{ controller_configuration_async_delay | default(1) }}" + required: false + description: This variable sets delay between retries for the role. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + + # No_log variables + controller_configuration_instances_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/instances/tests/test.yml b/roles/instances/tests/test.yml index 1cfc4e808..6c37843aa 100644 --- a/roles/instances/tests/test.yml +++ b/roles/instances/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/inventories/README.md b/roles/inventories/README.md index 5667562e1..fcbed202c 100644 --- a/roles/inventories/README.md +++ b/roles/inventories/README.md @@ -76,18 +76,18 @@ The role will strip the double space between the curly bracket in order to provi ### Inventory Variables -|Variable Name|Default Value|Required|Description| -|:---:|:---:|:---:|:---:| -|`name`|""|yes|Name of this inventory.| -|`copy_from`|""|no|Name or id to copy the inventory from. This will copy an existing inventory and change any parameters supplied.| -|`description`|""|no|Description of this inventory.| -|`organization`|`False`|no|Organization this inventory belongs to.| -|`instance_groups`|""|no|list of Instance Groups for this Inventory to run on.| -|`variables`|`False`|no|Variables for the inventory.| -|`kind`|`False`|no|The kind of inventory. Currently choices are '' and 'smart'| -|`host_filter`|`False`|no|The host filter field, useful only when 'kind=smart'| -|`prevent_instance_group_fallback`|`False`|no|Prevent falling back to instance groups set on the organization| -|`state`|`present`|no|Desired state of the resource.| +|Variable Name|Default Value|Required|type|Description| +|:---:|:---:|:---:|:---:|:---:| +|`name`|""|yes|str|Name of this inventory.| +|`copy_from`|""|no|str|Name or id to copy the inventory from. This will copy an existing inventory and change any parameters supplied.| +|`description`|""|no|str|Description of this inventory.| +|`organization`|""|yes|str|Organization this inventory belongs to.| +|`instance_groups`|""|no|list|list of Instance Groups for this Inventory to run on.| +|`variables`|`{}`|no|dict|Variables for the inventory.| +|`kind`|""|no|str|The kind of inventory. Currently choices are '' and 'smart'| +|`host_filter`|""|no|str|The host filter field, useful only when 'kind=smart'| +|`prevent_instance_group_fallback`|`False`|no|bool|Prevent falling back to instance groups set on the organization| +|`state`|`present`|no|str|Desired state of the resource.| ### Standard Inventory Data Structure @@ -144,17 +144,17 @@ controller_inventories: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.inventories, when: controller_inventories is defined} + - {role: infra.controller_configuration.inventories, when: controller_inventories is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/inventories/meta/argument_specs.yml b/roles/inventories/meta/argument_specs.yml new file mode 100644 index 000000000..72446a2e9 --- /dev/null +++ b/roles/inventories/meta/argument_specs.yml @@ -0,0 +1,122 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to create inventories on Ansible Controller. + options: + controller_inventories: + description: Data structure describing your inventories + type: list + elements: dict + # options: + # name: + # required: true + # type: str + # description: Name of inventory + # copy_from: + # required: false + # type: str + # description: Name or id to copy the inventory from. This will copy an existing inventory and change any parameters supplied. + # description: + # required: false + # type: str + # description: Description to use for the inventory. + # organization: + # required: false + # type: str + # description: Organization this inventory belongs to. + # instance_groups: + # required: false + # type: list + # elements: str + # description: list of Instance Groups for this Inventory to run on. + # variables: + # required: false + # type: dict + # description: Variables for the inventory. + # kind: + # default: "" + # required: false + # type: str + # choices: + # - "" + # - smart + # description: The kind of inventory. Currently choices are '' and 'smart' + # host_filter: + # default: false + # required: false + # type: str + # description: The host filter field, useful only when 'kind=smart' + # prevent_instance_group_fallback: + # default: false + # required: false + # type: bool + # description: Prevent falling back to instance groups set on the organization + # state: + # default: "{{ controller_state | default('present') }}" + # required: false + # type: str + # description: Desired state of the resource. + + # Async variables + controller_configuration_inventories_async_retries: + default: "{{ controller_configuration_async_retries | default(30) }}" + required: false + description: This variable sets the number of retries to attempt for the role. + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_inventories_async_delay: + default: "{{ controller_configuration_async_delay | default(1) }}" + required: false + description: This variable sets delay between retries for the role. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + + # No_log variables + controller_configuration_inventories_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/inventories/tests/test.yml b/roles/inventories/tests/test.yml index 2df3ea9e4..c78f4c92c 100644 --- a/roles/inventories/tests/test.yml +++ b/roles/inventories/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/inventory_source_update/README.md b/roles/inventory_source_update/README.md index 4aacab94f..5c0ed4b04 100644 --- a/roles/inventory_source_update/README.md +++ b/roles/inventory_source_update/README.md @@ -101,18 +101,18 @@ controller_inventory_sources: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.inventory_source_update, when: controller_inventory_sources is defined} + - {role: infra.controller_configuration.inventory_source_update, when: controller_inventory_sources is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/inventory_source_update/meta/argument_specs.yml b/roles/inventory_source_update/meta/argument_specs.yml new file mode 100644 index 000000000..dd07fada4 --- /dev/null +++ b/roles/inventory_source_update/meta/argument_specs.yml @@ -0,0 +1,198 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to update inventory sources on Ansible Controller. + options: + controller_inventory_sources: + description: Data structure describing your inventory_sources to update + type: list + elements: dict + # options: + # name: + # required: true + # type: str + # description: Name of inventory_source + # inventory: + # required: true + # type: str + # description: Name or id of the inventory that contains the inventory source(s) to update. + # organization: + # required: false + # type: str + # description: Name of the inventory source's inventory's organization. + # wait: + # required: false + # type: bool + # description: Wait for the job to complete. + # interval: + # default: "{{ controller_configuration_inventory_source_update_async_delay | default(controller_configuration_async_retries | default(30)) }}" + # required: false + # type: int + # description: The interval to request an update from controller. + # timeout: + # required: false + # type: int + # description: If waiting for the job to complete this will abort after this amount of seconds. + # new_name: + # required: false + # type: str + # description: Unused in this role + # description: + # required: false + # type: str + # description: Unused in this role + # source: + # required: false + # type: str + # choices: + # - scm + # - ec2 + # - gce + # - azure_rm + # - vmware + # - satellite6 + # - openstack + # - rhv + # - controller + # - insights + # description: Unused in this role + # source_path: + # required: false + # type: str + # description: Unused in this role + # source_vars: + # required: false + # type: dict + # description: Unused in this role + # enabled_var: + # required: false + # type: str + # description: Unused in this role + # enabled_value: + # required: false + # type: str + # description: Unused in this role + # host_filter: + # required: false + # type: str + # description: Unused in this role + # credential: + # required: false + # type: str + # description: Unused in this role + # execution_environment: + # required: false + # type: str + # description: Unused in this role + # overwrite: + # required: false + # type: bool + # description: Unused in this role + # overwrite_vars: + # required: false + # type: bool + # description: Unused in this role + # custom_virtualenv: + # required: false + # type: str + # description: Unused in this role + # verbosity: + # required: false + # type: int + # choices: + # - 0 + # - 1 + # - 2 + # description: Unused in this role + # update_on_launch: + # required: false + # type: bool + # description: Unused in this role + # update_cache_timeout: + # required: false + # type: bool + # description: Unused in this role + # source_project: + # required: false + # type: str + # description: Unused in this role + # notification_templates_started: + # required: false + # type: bool + # description: Unused in this role + # notification_templates_success: + # required: false + # type: str + # description: Unused in this role + # notification_templates_error: + # required: false + # type: str + # description: Unused in this role + # state: + # required: false + # type: str + # description: Unused in this role + + # Async variables + controller_configuration_inventory_source_updates_async_retries: + default: "{{ controller_configuration_async_retries | default(30) }}" + required: false + description: This variable sets the number of retries to attempt for the role. + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_inventory_source_updates_async_delay: + default: "{{ controller_configuration_async_delay | default(1) }}" + required: false + description: This variable sets delay between retries for the role. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + + # No_log variables + controller_configuration_inventory_source_updates_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/inventory_source_update/tasks/main.yml b/roles/inventory_source_update/tasks/main.yml index 66d11101e..dee6e34b2 100644 --- a/roles/inventory_source_update/tasks/main.yml +++ b/roles/inventory_source_update/tasks/main.yml @@ -30,7 +30,7 @@ vars: ansible_async_dir: '/tmp/.ansible_async' -- name: "Configure Inventory Source | Wait for finish the Inventory Source creation" +- name: "Controller inventory source update | Wait for finish of the inventory source update" ansible.builtin.async_status: jid: "{{ __inventory_source_update_async_results_item.ansible_job_id }}" register: __inventory_source_update_async_result diff --git a/roles/inventory_source_update/tests/test.yml b/roles/inventory_source_update/tests/test.yml index 7d695edef..e8ad47f16 100644 --- a/roles/inventory_source_update/tests/test.yml +++ b/roles/inventory_source_update/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/inventory_sources/README.md b/roles/inventory_sources/README.md index 06067fbc3..575790b66 100644 --- a/roles/inventory_sources/README.md +++ b/roles/inventory_sources/README.md @@ -157,17 +157,17 @@ controller_inventory_sources: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.inventory_sources, when: controller_inventory_sources is defined} + - {role: infra.controller_configuration.inventory_sources, when: controller_inventory_sources is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/inventory_sources/meta/argument_specs.yml b/roles/inventory_sources/meta/argument_specs.yml new file mode 100644 index 000000000..8d584c5e7 --- /dev/null +++ b/roles/inventory_sources/meta/argument_specs.yml @@ -0,0 +1,198 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to create inventory sources on Ansible Controller. + options: + controller_inventory_sources: + description: Data structure describing your inventory_sources + type: list + elements: dict + # options: + # name: + # required: true + # type: str + # description: Name of inventory_source + # new_name: + # required: false + # type: str + # description: Name of inventory_source, used in updating + # description: + # required: false + # type: str + # description: Description to use for the inventory_source. + # inventory: + # required: true + # type: str + # description: Name of inventory the inventory_source should be made a member of. + # organization: + # required: false + # type: str + # description: Organization the inventory belongs to. + # source: + # required: false + # type: str + # choices: + # - scm + # - ec2 + # - gce + # - azure_rm + # - vmware + # - satellite6 + # - openstack + # - rhv + # - controller + # - insights + # description: The source to use for this group. + # source_path: + # required: false + # type: str + # description: For an SCM based inventory source, the source path points to the file within the repo to use as an inventory. + # source_vars: + # required: false + # type: dict + # description: The variables or environment fields to apply to this source type. + # enabled_var: + # required: false + # type: str + # description: The variable to use to determine enabled state e.g., "status.power_state". + # enabled_value: + # required: false + # type: str + # description: Value when the host is considered enabled, e.g., "powered_on". + # host_filter: + # required: false + # type: str + # description: If specified, controller will only import hosts that match this regular expression. + # credential: + # required: false + # type: str + # description: Credential to use for the source. + # execution_environment: + # required: false + # type: str + # description: Execution Environment to use for the source. + # overwrite: + # required: false + # type: bool + # description: Delete child groups and hosts not found in source. + # overwrite_vars: + # required: false + # type: bool + # description: Override vars in child groups and hosts with those from external source. + # custom_virtualenv: + # required: false + # type: str + # description: Local absolute file path containing a custom Python virtualenv to use. + # timeout: + # required: false + # type: int + # description: The amount of time (in seconds) to run before the task is canceled. + # verbosity: + # required: false + # type: int + # choices: + # - 0 + # - 1 + # - 2 + # description: The verbosity level to run this inventory source under. + # update_on_launch: + # required: false + # type: bool + # description: Refresh inventory data from its source each time a job is run. + # update_cache_timeout: + # required: false + # type: bool + # description: Time in seconds to consider an inventory sync to be current. + # source_project: + # required: false + # type: str + # description: Project to use as source with scm option + # notification_templates_started: + # required: false + # type: bool + # description: The notifications on started to use for this inventory source in a list. + # notification_templates_success: + # required: false + # type: str + # description: The notifications on success to use for this inventory source in a list. + # notification_templates_error: + # required: false + # type: str + # description: The notifications on error to use for this inventory source in a list. + # wait: + # required: false + # type: bool + # description: Unused for this role + # interval: + # required: false + # type: int + # description: Unused for this role + # state: + # default: "{{ controller_state | default('present') }}" + # required: false + # type: str + # description: Desired state of the resource. + + # Async variables + controller_configuration_inventory_sources_async_retries: + default: "{{ controller_configuration_async_retries | default(30) }}" + required: false + description: This variable sets the number of retries to attempt for the role. + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_inventory_sources_async_delay: + default: "{{ controller_configuration_async_delay | default(1) }}" + required: false + description: This variable sets delay between retries for the role. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + + # No_log variables + controller_configuration_inventory_sources_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/inventory_sources/tests/test.yml b/roles/inventory_sources/tests/test.yml index 28f86a6aa..b71721ddb 100644 --- a/roles/inventory_sources/tests/test.yml +++ b/roles/inventory_sources/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/job_launch/README.md b/roles/job_launch/README.md index 5600d6fb6..1466bcc93 100644 --- a/roles/job_launch/README.md +++ b/roles/job_launch/README.md @@ -44,7 +44,7 @@ controller_configuration_job_launch_secure_logging defaults to the value of cont |Variable Name|Default Value|Required|Type|Description| |:---:|:---:|:---:|:---:|:---:| -|`name`|""|yes|str|The name or id of the project to update.| +|`name`|""|yes|str|The name or id of the job to launch.| |`job_type`|""|no|str|Job_type to use for the job, only used if prompt for job_type is set. Run or Check are the options.| |`inventory`|""|no|str|Inventory to use for the job, only used if prompt for inventory is set.| |`organization`|""|no|str|Organization the inventory belongs to.| @@ -93,17 +93,17 @@ controller_launch_jobs: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.job_launch, when: controller_launch_jobs is defined} + - {role: infra.controller_configuration.job_launch, when: controller_launch_jobs is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/job_launch/meta/argument_specs.yml b/roles/job_launch/meta/argument_specs.yml new file mode 100644 index 000000000..182c528a5 --- /dev/null +++ b/roles/job_launch/meta/argument_specs.yml @@ -0,0 +1,147 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to launch jobs on Ansible Controller. + options: + controller_launch_jobs: + description: Data structure describing your job_launches + type: list + elements: dict + # options: + # name: + # required: true + # type: str + # description: Name or ID of job to launch + # job_type: + # required: false + # type: str + # description: Job_type to use for the job, only used if prompt for job_type is set. Run or Check are the options. + # choices: + # - run + # - check + # inventory: + # required: false + # type: str + # description: Inventory to use for the job, only used if prompt for inventory is set. + # organization: + # required: false + # type: str + # description: Organization the inventory belongs to. + # credentials: + # required: false + # type: list + # description: TCredential to use for job, only used if prompt for credential is set. + # extra_vars: + # required: false + # type: dict + # description: extra_vars to use for the Job Template. ask_extra_vars needs to be set to True via controller_job_template module. + # limit: + # required: false + # type: str + # description: Limit to use for the job_template. + # tags: + # required: false + # type: str + # description: Specific tags to use for from playbook. + # scm_branch: + # required: false + # type: str + # description: A specific of the SCM project to run the template on. + # skip_tags: + # required: false + # type: str + # description: Specific tags to skip from the playbook. + # verbosity: + # required: false + # type: int + # description: Verbosity level for this job run. + # diff_mode: + # required: false + # type: bool + # description: Show the changes made by Ansible tasks where supported. + # credential_passwords: + # required: false + # type: str + # description: Passwords for credentials which are set to prompt on launch. + # execution_environment: + # required: false + # type: str + # description: Execution Environment applied as a prompt. Job Template default used if not set. Only allowed if `ask_execution_environment_on_launch` set to true on Job Template + # forks: + # required: false + # type: int + # description: Forks applied as a prompt. Job Template default used if not set. Only allowed if `ask_forks_on_launch` set to true on Job Template + # instance_groups: + # required: false + # type: str + # description: List of Instance Groups applied as a prompt. Job Template default used if not set. Only allowed if `ask_instance_groups_on_launch` set to true on Job Template + # job_slice_count: + # required: false + # type: int + # description: Job Slice Count to use in the job run. Job Template default used if not set. Only allowed if `ask_job_slice_count_on_launch` set to true on Job Template + # labels: + # required: false + # type: list + # description: List of labels to use in the job run. Job Template default used if not set. Only allowed if `ask_labels_on_launch` set to true on Job Template + # job_timeout: + # required: false + # type: int + # description: Timeout to use in the job run. Job Template default used if not set. Only allowed if `ask_timeout_on_launch` set to true on Job Template + # wait: + # required: false + # type: bool + # description: Wait for the job to complete. + # interval: + # default: 2 + # required: false + # type: float + # description: The interval to request an update from controller. + # timeout: + # required: false + # type: int + # description: If waiting for the job to complete this will abort after this amount of seconds. + + # No_log variables + controller_configuration_groups_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/job_launch/tests/test.yml b/roles/job_launch/tests/test.yml index 7a08f815c..69cf2cee4 100644 --- a/roles/job_launch/tests/test.yml +++ b/roles/job_launch/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/job_templates/README.md b/roles/job_templates/README.md index 0798f5622..a472d3e1e 100644 --- a/roles/job_templates/README.md +++ b/roles/job_templates/README.md @@ -108,7 +108,7 @@ This also speeds up the overall role. |`webhook_service`|""|no|str|Service that webhook requests will be accepted from (github, gitlab)| |`webhook_credential`|""|no|str|Personal Access Token for posting back the status to the service API| |`scm_branch`|""|no|str|Branch to use in job run. Project default used if blank. Only allowed if project allow_override field is set to true.| -|`labels`|""|no|list|The labels applied to this job template| +|`labels`|""|no|list|The labels applied to this job template. NOTE: Labels must be created with the [labels](https://github.com/redhat-cop/controller_configuration/tree/devel/roles/labels) role first, an error will occur if the label supplied to this role does not exist.| |`custom_virtualenv`|""|no|str|Local absolute file path containing a custom Python virtualenv to use.| |`notification_templates_started`|""|no|list|The notifications on started to use for this organization in a list.| |`notification_templates_success`|""|no|list|The notifications on success to use for this organization in a list.| @@ -185,6 +185,7 @@ controller_templates: - name: Survey Template with vars job_type: run inventory: Demo Inventory + execution_environment: my_exec_env survey_enabled: true survey: "{{ lookup('template', 'template_surveys/basic_survey.json') | regex_replace('\\n', '') }}" project: controller Config @@ -271,17 +272,17 @@ controller_templates: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.job_templates, when: controller_templates is defined} + - {role: infra.controller_configuration.job_templates, when: controller_templates is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/job_templates/meta/argument_specs.yml b/roles/job_templates/meta/argument_specs.yml new file mode 100644 index 000000000..d28f7b6fe --- /dev/null +++ b/roles/job_templates/meta/argument_specs.yml @@ -0,0 +1,313 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to create job templates on Ansible Controller. + options: + controller_job_templates: + description: Data structure describing your job_templates + type: list + elements: dict + # options: + # name: + # required: true + # type: str + # description: Name of job_template + # new_name: + # type: str + # required: false + # description: Setting this option will change the existing name (looked up via the name field). + # copy_from: + # required: false + # type: str + # description: Name or id to copy the job_template from. This will copy an existing job_template and change any parameters supplied. + # description: + # required: false + # type: str + # description: Description to use for the job_template. + # organization: + # required: false + # type: str + # description: Organization this job_template belongs to. + # execution_environment: + # required: false + # type: str + # description: Execution Environment to use for the job template. + # job_type: + # default: run + # required: false + # type: str + # description: The job type to use for the job template(run, check). + # inventory: + # required: false + # type: str + # description: Name of the inventory to use for the job template. + # project: + # required: false + # type: str + # description: Name of the project to use for the job template. + # playbook: + # required: false + # type: str + # description: Path to the playbook to use for the job template within the project provided. + # credentials: + # required: false + # type: list + # elements: str + # description: List of credentials to use for the job template. + # forks: + # required: false + # type: int + # description: The number of parallel or simultaneous processes to use while executing the playbook. + # limit: + # required: false + # type: str + # description: A host pattern to further constrain the list of hosts managed or affected by the playbook + # verbosity: + # required: false + # type: int + # description: Control the output level Ansible produces as the playbook runs. + # choices: + # - 0 + # - 1 + # - 2 + # - 3 + # - 4 + # - 5 + # extra_vars: + # required: false + # type: dict + # description: Specify extra_vars for the template. + # job_tags: + # required: false + # type: str + # description: Comma separated list of the tags to use for the job template. + # force_handlers: + # required: false + # type: bool + # description: Enable forcing playbook handlers to run even if a task fails. + # skip_tags: + # required: false + # type: str + # description: Comma separated list of the tags to skip for the job template. + # start_at_task: + # required: false + # type: str + # description: Start the playbook at the task matching this name. + # diff_mode: + # required: false + # type: bool + # description: Enable diff mode for the job template + # use_fact_cache: + # required: false + # type: bool + # description: Enable use of fact caching for the job template. + # host_config_key: + # required: false + # type: str + # description: Allow provisioning callbacks using this host config key. + # ask_scm_branch_on_launch: + # required: false + # type: bool + # description: Prompt user for scm branch on launch. + # ask_diff_mode_on_launch: + # required: false + # type: bool + # description: Prompt user to enable diff mode show changes to files when supported by modules. + # ask_variables_on_launch: + # required: false + # type: bool + # description: Prompt user for extra_vars on launch. + # ask_limit_on_launch: + # required: false + # type: bool + # description: Prompt user for a limit on launch. + # ask_tags_on_launch: + # required: false + # type: bool + # description: Prompt user for job tags on launch. + # ask_skip_tags_on_launch: + # required: false + # type: bool + # description: Prompt user for job tags to skip on launch. + # ask_job_type_on_launch: + # required: false + # type: bool + # description: Prompt user for job type on launch. + # ask_verbosity_on_launch: + # required: false + # type: bool + # description: Prompt user to choose a verbosity level on launch. + # ask_inventory_on_launch: + # required: false + # type: bool + # description: Prompt user for inventory on launch. + # ask_credential_on_launch: + # required: false + # type: bool + # description: Prompt user for credential on launch. + # ask_execution_environment_on_launch: + # required: false + # type: bool + # description: Prompt user for execution environment on launch. + # ask_forks_on_launch: + # required: false + # type: bool + # description: Prompt user for forks on launch. + # ask_instance_groups_on_launch: + # required: false + # type: bool + # description: Prompt user for instance groups on launch. + # ask_job_slice_count_on_launch: + # required: false + # type: bool + # description: Prompt user for job slice count on launch. + # ask_labels_on_launch: + # required: false + # type: bool + # description: Prompt user for labels on launch. + # ask_timeout_on_launch: + # required: false + # type: bool + # description: Prompt user for timeout on launch. + # prevent_instance_group_fallback: + # required: false + # type: bool + # description: Prevent falling back to instance groups set on the associated inventory or organization. + # survey_enabled: + # required: false + # type: bool + # description: Enable a survey on the job template. + # survey_spec: + # required: false + # type: dict + # description: JSON/YAML dict formatted survey definition. + # survey: + # required: false + # type: dict + # description: JSON/YAML dict formatted survey definition. Alias of survey_spec + # become_enabled: + # required: false + # type: bool + # description: Activate privilege escalation. + # allow_simultaneous: + # required: false + # type: bool + # description: Allow simultaneous runs of the job template. + # timeout: + # required: false + # type: int + # description: Maximum time in seconds to wait for a job to finish (server-side). + # instance_groups: + # required: false + # type: list + # elements: str + # description: list of Instance Groups for this Job Template to run on. + # job_slice_count: + # required: false + # type: int + # description: The number of jobs to slice into at runtime. Will cause the Job Template to launch a workflow if value is greater than 1. + # webhook_service: + # required: false + # type: str + # description: Service that webhook requests will be accepted from (github, gitlab) + # webhook_credential: + # required: false + # type: str + # description: Personal Access Token for posting back the status to the service API + # scm_branch: + # required: false + # type: str + # description: Branch to use in job run. Project default used if blank. Only allowed if project allow_override field is set to true. + # labels: + # required: false + # type: list + # elements: str + # description: The labels applied to this job template. + # custom_virtualenv: + # required: false + # type: str + # description: Local absolute file path containing a custom Python virtualenv to use. + # notification_templates_started: + # required: false + # type: list + # elements: str + # description: The notifications on started to use for this organization in a list. + # notification_templates_success: + # required: false + # type: list + # elements: str + # description: The notifications on success to use for this organization in a list. + # notification_templates_error: + # required: false + # type: list + # elements: str + # description: The notifications on error to use for this organization in a list. + # state: + # default: "{{ controller_state | default('present') }}" + # required: false + # type: str + # description: Desired state of the resource. + + # Async variables + controller_configuration_job_templates_async_retries: + default: "{{ controller_configuration_async_retries | default(30) }}" + required: false + description: This variable sets the number of retries to attempt for the role. + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_job_templates_async_delay: + default: "{{ controller_configuration_async_delay | default(1) }}" + required: false + description: This variable sets delay between retries for the role. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + + # No_log variables + controller_configuration_job_templates_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/job_templates/tasks/main.yml b/roles/job_templates/tasks/main.yml index d4a3d1320..3ac6f4292 100644 --- a/roles/job_templates/tasks/main.yml +++ b/roles/job_templates/tasks/main.yml @@ -52,7 +52,7 @@ webhook_service: "{{ __controller_template_item.webhook_service | default(omit, true) }}" webhook_credential: "{{ __controller_template_item.webhook_credential | default(omit, true) }}" scm_branch: "{{ __controller_template_item.scm_branch | default(omit, true) }}" - labels: "{{ __controller_template_item.labels | default(__controller_template_item.related.labels | default([]) | map(attribute='name') | list) | default(omit, true) }}" + labels: "{{ __controller_template_item.labels | default(__controller_template_item.related.labels | default([]) | map(attribute='name') | list if __controller_template_item.related.labels is defined else omit) }}" state: "{{ __controller_template_item.state | default(controller_state | default('present')) }}" notification_templates_started: "{{ __controller_template_item.notification_templates_started | default(__controller_template_item.related.notification_templates_started | default([]) | map(attribute='name') | list) | default(omit, true) }}" notification_templates_success: "{{ __controller_template_item.notification_templates_success | default(__controller_template_item.related.notification_templates_success | default([]) | map(attribute='name') | list) | default(omit, true) }}" diff --git a/roles/job_templates/tests/test.yml b/roles/job_templates/tests/test.yml index a9b8d29a3..ff7a743bb 100644 --- a/roles/job_templates/tests/test.yml +++ b/roles/job_templates/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/jobs_cancel/README.md b/roles/jobs_cancel/README.md index d3e2f9a3f..9c9c41e47 100644 --- a/roles/jobs_cancel/README.md +++ b/roles/jobs_cancel/README.md @@ -45,7 +45,7 @@ controller_configuration_jobs_cancel_secure_logging defaults to the value of con |Variable Name|Default Value|Required|Type|Description| |:---:|:---:|:---:|:---:|:---:| |`id`|""|yes|int|ID of the job to cancel.| -|`fail_if_not_running`|""|no|bool|Fail loudly if the job can not be canceled.| +|`fail_if_not_running`|`False`|no|bool|Fail loudly if the job can not be canceled.| ### Standard Project Data Structure @@ -73,17 +73,17 @@ controller_cancel_jobs: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.jobs_cancel, when: controller_cancel_jobs is defined} + - {role: infra.controller_configuration.jobs_cancel, when: controller_cancel_jobs is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/jobs_cancel/meta/argument_specs.yml b/roles/jobs_cancel/meta/argument_specs.yml new file mode 100644 index 000000000..6fa4c903b --- /dev/null +++ b/roles/jobs_cancel/meta/argument_specs.yml @@ -0,0 +1,64 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to cancel a list of jobs on Ansible Controller. + options: + controller_ad_hoc_commands_cancel: + description: Data structure describing your jobs to cancel + type: list + elements: dict + # options: + # id: + # required: true + # type: int + # description: ID of the job to cancel + # fail_if_not_running: + # default: false + # required: false + # type: bool + # description: Fail loudly if the job can not be canceled. + + # No_log variables + controller_configuration_ad_hoc_command_cancel_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/jobs_cancel/tests/test.yml b/roles/jobs_cancel/tests/test.yml index f92a2ef51..1cbbbdea3 100644 --- a/roles/jobs_cancel/tests/test.yml +++ b/roles/jobs_cancel/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/labels/README.md b/roles/labels/README.md index 1f0123d59..f64fcd9a1 100644 --- a/roles/labels/README.md +++ b/roles/labels/README.md @@ -54,12 +54,12 @@ This also speeds up the overall role. ### Labels Variables -|Variable Name|Default Value|Required|Description| -|:---:|:---:|:---:|:---:| -|`name`|""|yes|Name of this label.| -|`new_name`|""|no|Setting this option will change the existing name (looked up via the name field).| -|`organization`|`False`|no|Organization this label belongs to.| -|`state`|`present`|no|Desired state of the resource.| +|Variable Name|Default Value|Required|type|Description| +|:---:|:---:|:---:|:---:|:---:| +|`name`|""|yes|str|Name of this label.| +|`new_name`|""|no|str|Setting this option will change the existing name (looked up via the name field).| +|`organization`|`False`|no|str|Organization this label belongs to.| +|`state`|`present`|no|str|Desired state of the resource.| ### Standard Label Data Structure @@ -108,17 +108,17 @@ controller_labels: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.labels, when: controller_labels is defined} + - {role: infra.controller_configuration.labels, when: controller_labels is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/labels/meta/argument_specs.yml b/roles/labels/meta/argument_specs.yml new file mode 100644 index 000000000..16b7033e3 --- /dev/null +++ b/roles/labels/meta/argument_specs.yml @@ -0,0 +1,91 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to create labels on Ansible Controller. + options: + controller_labels: + description: Data structure describing your labels + type: list + elements: dict + # options: + # name: + # type: str + # required: true + # description: Name of label + # new_name: + # type: str + # required: false + # description: Setting this option will change the existing name (looked up via the name field). + # organization: + # type: str + # required: false + # description: Organization this label belongs to. + # state: + # default: "{{ controller_state | default('present') }}" + # type: str + # required: false + # description: Desired state of the resource. + + # Async variables + controller_configuration_labels_async_retries: + default: "{{ controller_configuration_async_retries | default(30) }}" + required: false + description: This variable sets the number of retries to attempt for the role. + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_labels_async_delay: + default: "{{ controller_configuration_async_delay | default(1) }}" + required: false + description: This variable sets delay between retries for the role. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + + # No_log variables + controller_configuration_labels_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/labels/tests/test.yml b/roles/labels/tests/test.yml index d5f71c1b2..776d50623 100644 --- a/roles/labels/tests/test.yml +++ b/roles/labels/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/license/README.md b/roles/license/README.md index 5d0e6f118..6775f1fd7 100644 --- a/roles/license/README.md +++ b/roles/license/README.md @@ -95,17 +95,17 @@ controller_license: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.license, when: controller_license is defined} + - {role: infra.controller_configuration.license, when: controller_license is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/license/meta/argument_specs.yml b/roles/license/meta/argument_specs.yml new file mode 100644 index 000000000..f0851624b --- /dev/null +++ b/roles/license/meta/argument_specs.yml @@ -0,0 +1,93 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to deploy a license on Ansible Controller. + + options: + controller_labels: + description: Data structure describing your license for Controller + type: list + elements: dict + # options: + # manifest_file: + # required: false + # type: str + # description: File path to a Red Hat subscription manifest (a .zip file) + # manifest_url: + # required: false + # type: str + # description: URL containing a Red Hat subscription manifest (a .zip file) + # manifest_content: + # required: false + # type: str + # description: Base64 encoded content of Red Hat subscription manifest + # manifest: + # required: false + # type: str + # description: DEPRECATED - changed to `manifest_file` (still works as an alias) + # manifest_username: + # required: false + # type: str + # description: Optional username for access to `manifest_url` + # manifest_password: + # required: false + # type: str + # description: Optional password for access to `manifest_url` + # pool_id: + # required: false + # type: str + # description: Red Hat or Red Hat Satellite pool_id to attach to + # eula_accepted: + # required: true + # type: bool + # description: DEPRECATED since Tower 3.8 - Whether to accept the End User License Agreement for Ansible controller + # force: + # default: false + # required: false + # type: bool + # description: By default, the license manifest will only be applied if controller is currently unlicensed or trial licensed. When force=true, the license is always applied. + + # No_log variables + controller_configuration_labels_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/license/tests/test.yml b/roles/license/tests/test.yml index 065b81b06..0f256fcba 100644 --- a/roles/license/tests/test.yml +++ b/roles/license/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./config extensions: ["yml"] diff --git a/roles/master_role_example/README.md b/roles/master_role_example/README.md deleted file mode 100644 index 5a1b12f84..000000000 --- a/roles/master_role_example/README.md +++ /dev/null @@ -1,113 +0,0 @@ -# controller_configuration.*********** - -## Description - -An Ansible Role to create******* on Ansible Controller. - -## Requirements - -ansible-galaxy collection install -r tests/collections/requirements.yml to be installed -Currently: - awx.awx - or - ansible.controller - -## Variables - -### Authentication - -|Variable Name|Default Value|Required|Description|Example| -|:---|:---:|:---:|:---|:---| -|`controller_state`|"present"|no|The state all objects will take unless overridden by object default|'absent'| -|`controller_hostname`|""|yes|URL to the Ansible Controller Server.|127.0.0.1| -|`controller_validate_certs`|`True`|no|Whether or not to validate the Ansible Controller Server's SSL certificate.|| -|`controller_username`|""|no|Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified.|| -|`controller_password`|""|no|Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified.|| -|`controller_oauthtoken`|""|no|Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified.||| -|`controller_************`|`see below`|yes|Data structure describing your organization or organizations Described below.|| - -### Secure Logging Variables - -The following Variables compliment each other. -If Both variables are not set, secure logging defaults to false. -The role defaults to False as normally the add ******* task does not include sensitive information. -controller_configuration_*******_secure_logging defaults to the value of controller_configuration_secure_logging if it is not explicitly called. This allows for secure logging to be toggled for the entire suite of controller configuration roles with a single variable, or for the user to selectively use it. - -|Variable Name|Default Value|Required|Description| -|:---:|:---:|:---:|:---:| -|`controller_configuration_*******_secure_logging`|`False`|no|Whether or not to include the sensitive ******* role tasks in the log. Set this value to `True` if you will be providing your sensitive values from elsewhere.| -|`controller_configuration_secure_logging`|`False`|no|This variable enables secure logging as well, but is shared across multiple roles, see above.| - -### Asynchronous Retry Variables - -The following Variables set asynchronous retries for the role. -If neither of the retries or delay or retries are set, they will default to their respective defaults. -This allows for all items to be created, then checked that the task finishes successfully. -This also speeds up the overall role. - -|Variable Name|Default Value|Required|Description| -|:---:|:---:|:---:|:---:| -|`controller_configuration_async_retries`|30|no|This variable sets the number of retries to attempt for the role globally.| -|`controller_configuration_*******_async_retries`|`{{ controller_configuration_async_retries }}`|no|This variable sets the number of retries to attempt for the role.| -|`controller_configuration_async_delay`|1|no|This sets the delay between retries for the role globally.| -|`controller_configuration_*******_async_delay`|`controller_configuration_async_delay`|no|This sets the delay between retries for the role.| - -## Data Structure - -### ************ Variables - -|Variable Name|Default Value|Required|Type|Description| -|:---:|:---:|:---:|:---:|:---:| -|`name`|""|yes|str|Name of Job Template| -|`new_name`|""|str|no|Setting this option will change the existing name (looked up via the name field).| -|`description`|`False`|no|str|Description to use for the job template.| - -|`state`|`present`|no|str|Desired state of the resource.| - -### Standard Project Data Structure - -#### Json Example - -```json -{ -} - -``` - -#### Yaml Example - -```yaml ---- - -``` - -## Playbook Examples - -### Standard Role Usage - -```yaml ---- -- name: Playbook to configure ansible controller post installation - hosts: localhost - connection: local - # Define following vars here, or in controller_configs/controller_auth.yml - # controller_hostname: ansible-controller-web-svc-test-project.example.com - # controller_username: admin - # controller_password: changeme - pre_tasks: - - name: Include vars from controller_configs directory - include_vars: - dir: ./yaml - ignore_files: [controller_config.yml.template] - extensions: ["yml"] - roles: - - {role: redhat_cop.controller_configuration.license, when: controller_license is defined} -``` - -## License - -[MIT](LICENSE) - -## Author - -[************](************) diff --git a/roles/master_role_example/defaults/main.yml b/roles/master_role_example/defaults/main.yml deleted file mode 100644 index 485ba84ba..000000000 --- a/roles/master_role_example/defaults/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -controller_configuration_*******_secure_logging: "{{controller_configuration_secure_logging | default('false')}}" -controller_configuration_***********_async_retries: "{{ controller_configuration_async_retries | default(30) }}" -controller_configuration_***********_async_delay: "{{ controller_configuration_async_delay | default(1) }}" -... diff --git a/roles/master_role_example/meta/main.yml b/roles/master_role_example/meta/main.yml deleted file mode 100644 index a7b559add..000000000 --- a/roles/master_role_example/meta/main.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -galaxy_info: - role_name: "**************" - author: "************" - description: "An Ansible Role to create ************ in Ansible Controller." - company: "Red Hat" - - # If the issue tracker for your role is not on github, uncomment the - # next line and provide a value - # issue_tracker_url: http://example.com/issue/tracker - license: "MIT" - - min_ansible_version: "2.8" - - # Optionally specify the branch Galaxy will use when accessing the GitHub - # repo for this role. During role install, if no tags are available, - # Galaxy will use this branch. During import Galaxy will access files on - # this branch. If Travis integration is configured, only notifications for this - # branch will be accepted. Otherwise, in all cases, the repo's default branch - # (usually master) will be used. - - # github_branch: - - # - # platforms is a list of platforms, and each platform has a name and a list of versions. - # - platforms: - - name: "EL" - versions: - - "all" - - galaxy_tags: - - "controller" - - "aap" - - "awx" - - "***************" - - "***************s" - -collections: - - ansible.controller - - awx.awx - -dependencies: [] -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -... diff --git a/roles/master_role_example/tasks/main.yml b/roles/master_role_example/tasks/main.yml deleted file mode 100644 index 541c28b07..000000000 --- a/roles/master_role_example/tasks/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Create Job Template -- name: Add Controller *********** - controller_***********: - name: "{{ ***********_item.name }}" - new_name: "{{ ***********_item.new_name | default(omit, true) }}" - description: "{{ ***********_item.description | default('') }}" - - # Role specific options - state: "{{ ***********_item.state | default(controller_state | default('present')) }}" - controller_username: "{{ controller_username | default(omit, true) }}" - controller_password: "{{ controller_password | default(omit, true) }}" - controller_oauthtoken: "{{ controller_oauthtoken | default(omit, true) }}" - controller_host: "{{ controller_hostname | default(omit, true) }}" - controller_config_file: "{{ controller_config_file | default(omit, true) }}" - validate_certs: "{{ controller_validate_certs | default(omit) }}" - loop: "{{ controller_************ }}" - loop_control: - loop_var: "__controller_***********_item" - no_log: "{{ controller_configuration_*******_secure_logging }}" - when: controller_************ is defined - async: 1000 - poll: 0 - register: __controller_***********_job_async - changed_when: not __controller_***********_job_async.changed - vars: - ansible_async_dir: '/tmp/.ansible_async' - -- name: "Configure *********** | Wait for finish the *********** creation" - async_status: - jid: "{{ __controller_***********_job_async_results_item.ansible_job_id }}" - register: __controller_***********_job_async_result - until: __controller_***********_job_async_result.finished - retries: "{{ controller_configuration_***********_async_retries }}" - delay: "{{ controller_configuration_***********_async_delay }}" - loop: "{{ __controller_***********_job_async.results }}" - loop_control: - loop_var: __controller_***********_job_async_results_item - when: __controller_***********_job_async_results_item.ansible_job_id is defined - no_log: "{{ controller_configuration_*******_secure_logging }}" - vars: - ansible_async_dir: '/tmp/.ansible_async' -... diff --git a/roles/master_role_example/tests/config/extra_vars.yml b/roles/master_role_example/tests/config/extra_vars.yml deleted file mode 100644 index 17f4894ac..000000000 --- a/roles/master_role_example/tests/config/extra_vars.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -empty_master_vars: - empty_var: "nothing" - -survey_extra_vars: - example_a: 127.0.0.1 - example_b: "text" -... diff --git a/roles/master_role_example/tests/test.yml b/roles/master_role_example/tests/test.yml deleted file mode 100644 index 2040626c8..000000000 --- a/roles/master_role_example/tests/test.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Add *********** to Controller - hosts: localhost - connection: local - gather_facts: false - vars: - controller_validate_certs: false - controller_hostname: controller.example.com - controller_username: admin - controller_password: changeme - - collections: - - awx.awx - - pre_tasks: - - name: Include vars from controller_configs directory - include_vars: - dir: ./configs - extensions: ["yml"] - - roles: - - {role: ../.., when: role_*********** is defined} -... diff --git a/roles/notification_templates/README.md b/roles/notification_templates/README.md index 4998b0f51..18de29298 100644 --- a/roles/notification_templates/README.md +++ b/roles/notification_templates/README.md @@ -168,17 +168,17 @@ controller_notifications: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.notification_templates, when: controller_notifications is defined} + - {role: infra.controller_configuration.notification_templates, when: controller_notifications is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/notification_templates/meta/argument_specs.yml b/roles/notification_templates/meta/argument_specs.yml new file mode 100644 index 000000000..9950fc4db --- /dev/null +++ b/roles/notification_templates/meta/argument_specs.yml @@ -0,0 +1,111 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to create notification templates on Ansible Controller. + options: + controller_notification_templates: + description: Data structure describing your notification_templates + type: list + elements: dict + # options: + # name: + # required: true + # type: str + # description: Name of notification_template + # new_name: + # required: false + # type: str + # description: Name of notification_template, used in updating + # copy_from: + # required: false + # type: str + # description: Name or id to copy the notification_template from. This will copy an existing notification_template and change any parameters supplied. + # description: + # required: false + # type: str + # description: Description to use for the notification_template. + # organization: + # required: false + # type: str + # description: Organization this notification_template belongs to. + # notification_type: + # required: false + # type: str + # description: The type of notification to be sent. + # notification_configuration: + # required: false + # type: str + # description: The notification configuration file. Note providing this field would disable all depreciated notification-configuration-related fields. + # messages: + # required: false + # type: list + # elements: str + # description: Optional custom messages for notification template. Assumes any instance of two space __ are used for adding variables and removes them. Does not effect single space. + # state: + # default: "{{ controller_state | default('present') }}" + # required: false + # type: str + # description: Desired state of the resource. + + # Async variables + controller_configuration_notification_templates_async_retries: + default: "{{ controller_configuration_async_retries | default(30) }}" + required: false + description: This variable sets the number of retries to attempt for the role. + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_notification_templates_async_delay: + default: "{{ controller_configuration_async_delay | default(1) }}" + required: false + description: This variable sets delay between retries for the role. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + # No_log variables + controller_configuration_notification_templates_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/notification_templates/tests/test.yml b/roles/notification_templates/tests/test.yml index 59ce13d9d..48f311ade 100644 --- a/roles/notification_templates/tests/test.yml +++ b/roles/notification_templates/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/object_diff/README.md b/roles/object_diff/README.md index 2128c2890..18b96cb5d 100644 --- a/roles/object_diff/README.md +++ b/roles/object_diff/README.md @@ -1,10 +1,10 @@ # controller_configuration.object_diff -An ansible role to manage the object diff of the AWX or Automation Controller configuration. This role leverage the controller_object_diff.py lookup plugin of the redhat_cop.controller_configuration, comparing two lists, one taken directly from the API and the other one from the git repository, and it could be used to delete objects in the AWX or Automation Controller that are not defined in the git repository list. +An ansible role to manage the object diff of the AWX or Automation Controller configuration. This role leverage the controller_object_diff.py lookup plugin of the infra.controller_configuration, comparing two lists, one taken directly from the API and the other one from the git repository, and it could be used to delete objects in the AWX or Automation Controller that are not defined in the git repository list. ## Requirements -`ansible-galaxy collection install -r tests/collections/requirements.yml` to be installed. Currently: `awx.awx` or `ansible.controller` and `redhat_cop.controller_configuration`. +`ansible-galaxy collection install -r tests/collections/requirements.yml` to be installed. Currently: `awx.awx` or `ansible.controller` and `infra.controller_configuration`. ## Role Variables @@ -14,10 +14,11 @@ The following Variables set the organization where should be applied the configu | Variable Name | Default Value | Required | Description | | :------------ | :-----------: | :------: | :---------- | -| `controller_api_plugin` | `ansible.controller` | yes | Full path for the controller_api_plugin to be used.
Can have two possible values:
  - awx.awx.controller_api # For the community Collection version
  - ansible.controller.controller_api # For the Red Hat Certified Collection version| +| `controller_api_plugin` | `ansible.controller` | yes | Full path for the controller_api_plugin to be used.
Can have two possible values:
  - awx.awx.controller_api # For the community Collection version
  - ansible.controller.controller_api # For the Red Hat Certified Collection version | | `drop_user_external_accounts` | `False` | no | When is true, all users will be taken to compare with SCM configuration as code | -| `drop_teams` | `False` | no | When is true, all teams will be taken to compare with SCM configuration as code | | `protect_not_empty_orgs` | `N/A` | no | When is true, orgs which are not empty, will not be removed | +| `query_controller_api_max_objects` | 10000 | no | Sets the maximum number of objects to be returned from the API | + ## Role Tags @@ -31,6 +32,10 @@ $ ansible-playbook object_diff.yml --list-tags ``` +## IMPORTANT + +To correctly manage `roles`, they can only be defined by a super-admin organization, so all the roles in the Ansible Controller instance are managed by only one organization. + ## Example Playbook ```bash @@ -68,8 +73,8 @@ $ ansible-playbook object_diff.yml --list-tags - always roles: - - role: redhat_cop.controller_configuration.filetree_read - - role: redhat_cop.controller_configuration.object_diff + - role: infra.controller_configuration.filetree_read + - role: infra.controller_configuration.object_diff vars: controller_configuration_object_diff_tasks: - {name: workflow_job_templates, var: controller_workflows, tags: workflow_job_templates} @@ -83,7 +88,7 @@ $ ansible-playbook object_diff.yml --list-tags - {name: credentials, var: controller_credentials, tags: credentials} - {name: credential_types, var: controller_credential_types, tags: credential_types} - {name: organizations, var: controller_organizations, tags: organizations} - - role: redhat_cop.controller_configuration.dispatch + - role: infra.controller_configuration.dispatch vars: controller_configuration_dispatcher_roles: - {role: workflow_job_templates, var: controller_workflows, tags: workflow_job_templates} @@ -123,6 +128,8 @@ GPLv3+ - [Ivan Aragonés](https://github.com/ivarmu) +- [Adonis García](https://github.com/adonisgarciac) + ## Important things to take into account - Issues: diff --git a/roles/object_diff/defaults/main.yml b/roles/object_diff/defaults/main.yml index cbf82e767..483b3c949 100644 --- a/roles/object_diff/defaults/main.yml +++ b/roles/object_diff/defaults/main.yml @@ -3,6 +3,7 @@ # populate_controller_api_user_accounts_without_external_accounts drop_user_external_accounts: false +query_controller_api_max_objects: 10000 # Automation Controller Object Lists controller_settings: [] @@ -23,26 +24,32 @@ controller_instance_groups: [] controller_hosts: [] controller_groups: [] controller_templates: [] -controller_workflow_job_templates: [] +controller_workflows: [] controller_schedules: [] controller_roles: [] # object_diff tasks name controller_configuration_object_diff_tasks: + - {name: schedules, var: controller_schedules, tags: schedules} - {name: workflow_job_templates, var: controller_workflows, tags: workflow_job_templates} - {name: job_templates, var: controller_templates, tags: job_templates} + - {name: roles, var: controller_roles, tags: roles} - {name: teams, var: controller_teams, tags: teams} - {name: user_accounts, var: controller_user_accounts, tags: users} - {name: groups, var: controller_groups, tags: groups} - {name: hosts, var: controller_hosts, tags: hosts} + - {name: instance_groups, var: controller_instance_groups, tags: instance_groups} + - {name: applications, var: controller_applications, tags: applications} + - {name: execution_environments, var: controller_execution_environments, tags: execution_environments} - {name: inventory_sources, var: controller_inventory_sources, tags: inventory_sources} - {name: inventories, var: controller_inventories, tags: inventories} - {name: projects, var: controller_projects, tags: projects} + - {name: notification_templates, var: controller_notification_templates, tags: notification_templates} - {name: credentials, var: controller_credentials, tags: credentials} - {name: credential_types, var: controller_credential_types, tags: credential_types} - {name: organizations, var: controller_organizations, tags: organizations} -controller_configuration_object_diff_secure_logging: "{{ controller_configuration_secure_logging | default('false') }}" +controller_configuration_object_diff_secure_logging: "{{ controller_configuration_secure_logging | default(true) }}" controller_api_version: "v2" diff --git a/roles/object_diff/meta/argument_specs.yml b/roles/object_diff/meta/argument_specs.yml new file mode 100644 index 000000000..6cdad4780 --- /dev/null +++ b/roles/object_diff/meta/argument_specs.yml @@ -0,0 +1,75 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to read from a local file tree and create objects in Controller + options: + drop_user_external_accounts: + default: false + required: false + type: bool + description: When is true, all users will be taken to compare with SCM configuration as code + query_controller_api_max_objects: + default: 10000 + required: false + type: int + description: Sets the maximum number of objects to be returned from the API + protect_not_empty_orgs: + required: false + type: bool + description: When is true, orgs which are not empty, will not be removed + + # Async variables + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + + # No_log variables + controller_configuration_filetree_create_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/object_diff/tasks/applications.yml b/roles/object_diff/tasks/applications.yml new file mode 100644 index 000000000..28bf86932 --- /dev/null +++ b/roles/object_diff/tasks/applications.yml @@ -0,0 +1,27 @@ +--- +- name: Get the organization ID + ansible.builtin.set_fact: + __controller_organization_id: "{{ lookup(controller_api_plugin, 'organizations', + query_params={'name': orgs}, + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) + }}" + +- name: "Get the API list of all Applications in Organization {{ orgs }}" + ansible.builtin.set_fact: + __controller_api_applications: "{{ query(controller_api_plugin, 'applications', + query_params={'organization': __controller_organization_id.id}, + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, + return_all=true, max_objects=query_controller_api_max_objects) + }}" + +- name: "Find the difference of Application between what is on the Controller versus CasC on SCM" + ansible.builtin.set_fact: + __applications_difference: "{{ lookup(controller_role_plugin, + api_list=__controller_api_applications, compare_list=controller_applications, + with_present=false, set_absent=true) + }}" + +- name: "Set application's list to be configured" + ansible.builtin.set_fact: + controller_applications: "{{ __applications_difference }}" +... diff --git a/roles/object_diff/tasks/credential_types.yml b/roles/object_diff/tasks/credential_types.yml index 3a9065838..5d800d013 100644 --- a/roles/object_diff/tasks/credential_types.yml +++ b/roles/object_diff/tasks/credential_types.yml @@ -3,20 +3,26 @@ - name: "Get the API list of all Credential Types" ansible.builtin.set_fact: __controller_api_credential_types: "{{ query(controller_api_plugin, 'credential_types', - query_params={'managed': false}, - host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + query_params={'managed': false}, + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, + return_all=true, max_objects=query_controller_api_max_objects) + }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" when: is_aap - name: "Get the API list of all Credential Types" ansible.builtin.set_fact: __controller_api_credential_types: "{{ query(controller_api_plugin, 'credential_types', - query_params={'managed_by_tower': false}, - host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + query_params={'managed_by_tower': false}, + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, + return_all=true, max_objects=query_controller_api_max_objects) + }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" when: not is_aap - name: "Find the difference of Credential Types between what is on the Controller versus CasC on SCM" ansible.builtin.set_fact: - __credential_types_difference: "{{ lookup('redhat_cop.controller_configuration.controller_object_diff', + __credential_types_difference: "{{ lookup(controller_role_plugin, api_list=__controller_api_credential_types, compare_list=controller_credential_types, with_present=false, set_absent=true) }}" diff --git a/roles/object_diff/tasks/credentials.yml b/roles/object_diff/tasks/credentials.yml index 1383f33bd..ca5321b3a 100644 --- a/roles/object_diff/tasks/credentials.yml +++ b/roles/object_diff/tasks/credentials.yml @@ -6,17 +6,20 @@ query_params={'name': orgs}, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Get the API list of all Credentials in Organization {{ orgs }}" ansible.builtin.set_fact: __controller_api_credentials: "{{ query(controller_api_plugin, 'credentials', query_params={'organization': __controller_organization_id.id}, - host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, + return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Find the difference of Credentials between what is on the Controller versus CasC on SCM" ansible.builtin.set_fact: - __credentials_difference: "{{ lookup('redhat_cop.controller_configuration.controller_object_diff', + __credentials_difference: "{{ lookup(controller_role_plugin, api_list=__controller_api_credentials, compare_list=controller_credentials, with_present=false, set_absent=true) }}" diff --git a/roles/object_diff/tasks/execution_environments.yml b/roles/object_diff/tasks/execution_environments.yml new file mode 100644 index 000000000..c63c24cb0 --- /dev/null +++ b/roles/object_diff/tasks/execution_environments.yml @@ -0,0 +1,27 @@ +--- +- name: Get the organization ID + ansible.builtin.set_fact: + __controller_organization_id: "{{ lookup(controller_api_plugin, 'organizations', + query_params={'name': orgs}, + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) + }}" + +- name: "Get the API list of all Execution Environments in Organization {{ orgs }}" + ansible.builtin.set_fact: + __controller_api_execution_environments: "{{ query(controller_api_plugin, 'execution_environments', + query_params={'organization': __controller_organization_id.id}, + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, + return_all=true, max_objects=query_controller_api_max_objects) + }}" + +- name: "Find the difference of Execution Environment between what is on the Controller versus CasC on SCM" + ansible.builtin.set_fact: + __execution_environments_difference: "{{ lookup(controller_role_plugin, + api_list=__controller_api_execution_environments, compare_list=controller_execution_environments, + with_present=false, set_absent=true) + }}" + +- name: "Set execution_environment's list to be configured" + ansible.builtin.set_fact: + controller_execution_environments: "{{ __execution_environments_difference }}" +... diff --git a/roles/object_diff/tasks/groups.yml b/roles/object_diff/tasks/groups.yml index ddce8f8c3..7104f3f37 100644 --- a/roles/object_diff/tasks/groups.yml +++ b/roles/object_diff/tasks/groups.yml @@ -2,9 +2,10 @@ - name: Get the organization ID ansible.builtin.set_fact: controller_organization_id: "{{ lookup(controller_api_plugin, 'organizations', - query_params={'name': orgs}, - host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) + query_params={'name': orgs}, + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Get the API list of all inventories" ansible.builtin.set_fact: @@ -13,25 +14,29 @@ 'has_inventory_sources': 'false', 'not__total_groups': '0', 'not__kind': 'smart'}, - host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, + return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Get the API list of all groups in the inventories at organization {{ orgs }}" ansible.builtin.set_fact: __controller_api_groups: "{{ (__controller_api_groups | default([])) + query(controller_api_plugin, 'groups', query_params={'inventory': current_inventory.id}, - host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, + return_all=true, max_objects=query_controller_api_max_objects) }}" loop: "{{ __controller_api_inventories }}" loop_control: loop_var: current_inventory + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Group differences (block)" when: __controller_api_groups is defined block: - name: "Find the difference of Groups between what is on the Controller versus CasC on SCM" ansible.builtin.set_fact: - __groups_difference: "{{ lookup('redhat_cop.controller_configuration.controller_object_diff', + __groups_difference: "{{ lookup(controller_role_plugin, query_params={'summary_fields.inventory.organization_id': controller_organization_id.id}, api_list=__controller_api_groups, compare_list=controller_groups, with_present=false, set_absent=true) diff --git a/roles/object_diff/tasks/hosts.yml b/roles/object_diff/tasks/hosts.yml index 39a07e50e..aeadd54e9 100644 --- a/roles/object_diff/tasks/hosts.yml +++ b/roles/object_diff/tasks/hosts.yml @@ -5,6 +5,7 @@ query_params={'name': orgs}, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Get the API list of all inventories" ansible.builtin.set_fact: @@ -14,15 +15,19 @@ 'not__total_hosts': '0', 'not__kind': 'smart'}, host=controller_hostname, username=controller_username, - password=controller_password, verify_ssl=controller_validate_certs) + oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, + return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Get the API list of all hosts in the inventories at organization {{ orgs }}" ansible.builtin.set_fact: __controller_api_hosts: "{{ (__controller_api_hosts | default([])) + query(controller_api_plugin, 'hosts', query_params={'inventory': current_inventory.id}, - host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, + return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" loop: "{{ __controller_api_inventories }}" loop_control: loop_var: current_inventory @@ -32,7 +37,7 @@ block: - name: "Find the difference of Hosts between what is on the Controller versus CasC on SCM" ansible.builtin.set_fact: - __hosts_difference: "{{ lookup('redhat_cop.controller_configuration.controller_object_diff', + __hosts_difference: "{{ lookup(controller_role_plugin, query_params={'summary_fields.inventory.organization_id': controller_organization_id.id}, api_list=__controller_api_hosts, compare_list=controller_hosts, with_present=false, set_absent=true) diff --git a/roles/object_diff/tasks/instance_groups.yml b/roles/object_diff/tasks/instance_groups.yml new file mode 100644 index 000000000..8acc1590f --- /dev/null +++ b/roles/object_diff/tasks/instance_groups.yml @@ -0,0 +1,32 @@ +--- +- name: "Get the current controller user to determine if it is super-admin" + ansible.builtin.set_fact: + __controller_api_current_user_check_is_admin: "{{ lookup(controller_api_plugin, 'users', + query_params={'username': controller_username}, + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) + }}" + +- name: "Instance Group differences (block)" + when: + - __controller_api_current_user_check_is_admin.is_superuser + block: + - name: "Get the API list of all instance_groups" + ansible.builtin.set_fact: + __controller_api_instance_groups: "{{ query(controller_api_plugin, 'instance_groups', + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, + return_all=true, max_objects=query_controller_api_max_objects) + }}" + + - name: "Find the difference of Instance Groups between what is on the Controller versus CasC on SCM" + ansible.builtin.set_fact: + __instance_groups_difference: "{{ lookup(controller_role_plugin, + api_list=__controller_api_instance_groups, + compare_list=controller_instance_groups, + with_present=false, + set_absent=true) + }}" + + - name: "Sets the difference of Instance Groups between what is on the Controller versus CasC on SCM" + ansible.builtin.set_fact: + controller_instance_groups: "{{ __instance_groups_difference }}" +... diff --git a/roles/object_diff/tasks/inventories.yml b/roles/object_diff/tasks/inventories.yml index 44ebc983d..f546e237b 100644 --- a/roles/object_diff/tasks/inventories.yml +++ b/roles/object_diff/tasks/inventories.yml @@ -5,17 +5,20 @@ query_params={'name': orgs}, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Get the API list of all Inventories" ansible.builtin.set_fact: __controller_api_inventories: "{{ query(controller_api_plugin, 'inventories', query_params={'organization': __controller_organization_id.id}, - host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, + return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Find the difference of Inventories between what is on the Controller versus CasC on SCM" ansible.builtin.set_fact: - __inventories_difference: "{{ lookup('redhat_cop.controller_configuration.controller_object_diff', + __inventories_difference: "{{ lookup(controller_role_plugin, api_list=__controller_api_inventories, compare_list=controller_inventories, with_present=false, set_absent=true) }}" diff --git a/roles/object_diff/tasks/inventory_sources.yml b/roles/object_diff/tasks/inventory_sources.yml index 36b1caf15..7e993f08a 100644 --- a/roles/object_diff/tasks/inventory_sources.yml +++ b/roles/object_diff/tasks/inventory_sources.yml @@ -5,17 +5,20 @@ query_params={'name': orgs}, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Get the API list of all Inventory Sources" ansible.builtin.set_fact: __controller_api_inventory_sources: "{{ query(controller_api_plugin, 'inventory_sources', query_params={'organization': __controller_organization_id.id}, - host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, + return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Find the difference of Inventory Sources between what is on the Controller versus CasC on SCM" ansible.builtin.set_fact: - __inventory_sources_difference: "{{ lookup('redhat_cop.controller_configuration.controller_object_diff', + __inventory_sources_difference: "{{ lookup(controller_role_plugin, api_list=__controller_api_inventory_sources, compare_list=controller_inventory_sources, with_present=false, set_absent=true) diff --git a/roles/object_diff/tasks/job_templates.yml b/roles/object_diff/tasks/job_templates.yml index 705d63e9b..9926f1e26 100644 --- a/roles/object_diff/tasks/job_templates.yml +++ b/roles/object_diff/tasks/job_templates.yml @@ -5,17 +5,20 @@ query_params={'name': orgs}, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Get the API list of all Job Templates in Organization {{ orgs }}" ansible.builtin.set_fact: __controller_api_job_templates: "{{ query(controller_api_plugin, 'job_templates', query_params={'organization': __controller_organization_id.id}, - host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, + return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Find the difference of Job Templates between what is on the Controller versus CasC on SCM" ansible.builtin.set_fact: - __job_templates_difference: "{{ lookup('redhat_cop.controller_configuration.controller_object_diff', + __job_templates_difference: "{{ lookup(controller_role_plugin, api_list=__controller_api_job_templates, compare_list=controller_templates, with_present=false, set_absent=true) }}" diff --git a/roles/object_diff/tasks/main.yml b/roles/object_diff/tasks/main.yml index 3ad3a5014..12d316a54 100644 --- a/roles/object_diff/tasks/main.yml +++ b/roles/object_diff/tasks/main.yml @@ -4,7 +4,7 @@ tags: - always block: - - name: "Check installed collections (block)" + - name: "Check installed module collections (block)" block: - name: "Check if the collection ansible.controller is installed" ansible.builtin.set_fact: @@ -27,11 +27,35 @@ ansible.builtin.debug: msg: "Using the 'controller_api' plugin from: {{ controller_api_plugin }}" + - name: "Check installed role collections (block)" + block: + - name: "Check if the collection infra.controller_configuration is installed" + ansible.builtin.set_fact: + infra_controller_collection_installed: "{{ lookup('ansible.builtin.pipe', 'ansible-galaxy collection list | grep -i infra.controller_configuration || echo NOTINSTALLED') }}" + failed_when: infra_controller_collection_installed is match('NOTINSTALLED') + rescue: + - name: "Check if the collection redhat_cop.controller_configuration is installed" + ansible.builtin.set_fact: + redhat_cop_collection_installed: "{{ lookup('ansible.builtin.pipe', 'ansible-galaxy collection list | grep -i redhat_cop.controller_configuration || echo NOTINSTALLED') }}" + failed_when: redhat_cop_collection_installed is match('NOTINSTALLED') + always: + - name: "Set the collection providing the controller_api lookup plugin" + ansible.builtin.set_fact: + controller_role_plugin: "{{ ('infra.controller_configuration.controller_object_diff' if infra_controller_collection_installed is defined) | default('redhat_cop.controller_configuration.controller_object_diff' if redhat_cop_collection_installed is defined) | default('NONE') }}" + - name: "Fail if no collection is detected" + ansible.builtin.fail: + msg: "One of the following collections is required to be installed: 'infra.controller_configuration' or 'redhat_cop.controller_configuration'." + when: controller_role_plugin is match('NONE') + - name: "Show the plugin we are using" + ansible.builtin.debug: + msg: "Using the 'controller_role' plugin from: {{ controller_role_plugin }}" + - name: "Check if the connection is to an Ansible Tower or to Automation Platform" ansible.builtin.set_fact: is_aap: "{{ lookup(controller_api_plugin, 'ping', host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs).version is version('4.0.0', '>=') }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" tags: - always diff --git a/roles/object_diff/tasks/notification_templates.yml b/roles/object_diff/tasks/notification_templates.yml new file mode 100644 index 000000000..b7ea000a5 --- /dev/null +++ b/roles/object_diff/tasks/notification_templates.yml @@ -0,0 +1,27 @@ +--- +- name: Get the organization ID + ansible.builtin.set_fact: + __controller_organization_id: "{{ lookup(controller_api_plugin, 'organizations', + query_params={'name': orgs}, + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) + }}" + +- name: "Get the API list of all Notification Templates in Organization {{ orgs }}" + ansible.builtin.set_fact: + __controller_api_notification_templates: "{{ query(controller_api_plugin, 'notification_templates', + query_params={'organization': __controller_organization_id.id}, + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, + return_all=true, max_objects=query_controller_api_max_objects) + }}" + +- name: "Find the difference of Notification Template between what is on the Controller versus CasC on SCM" + ansible.builtin.set_fact: + __notification_templates_difference: "{{ lookup(controller_role_plugin, + api_list=__controller_api_notification_templates, compare_list=controller_notifications, + with_present=false, set_absent=true) + }}" + +- name: "Set notification_template's list to be configured" + ansible.builtin.set_fact: + controller_notifications: "{{ __notification_templates_difference }}" +... diff --git a/roles/object_diff/tasks/organizations.yml b/roles/object_diff/tasks/organizations.yml index 7f0b0c004..e88c1666e 100644 --- a/roles/object_diff/tasks/organizations.yml +++ b/roles/object_diff/tasks/organizations.yml @@ -5,6 +5,7 @@ query_params={'username': controller_username}, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Role differences (block)" when: @@ -13,38 +14,41 @@ - name: "Gets current Organizations configured" ansible.builtin.set_fact: __controller_api_organizations: "{{ query(controller_api_plugin, 'organizations', - host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, + return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Find the difference of Organizations between what is on the Controller versus curated list." ansible.builtin.set_fact: - __organizations_difference: "{{ lookup('redhat_cop.controller_configuration.controller_object_diff', + __organizations_difference: "{{ lookup(controller_role_plugin, api_list=__controller_api_organizations, compare_list=controller_organizations, with_present=false, set_absent=true) }}" - - name: "Set list __list_orgs_empty when protect_not_empty_orgs" + - name: "Set list __list_empty_orgs when protect_not_empty_orgs" ansible.builtin.set_fact: __list_empty_orgs: "{{ __list_empty_orgs | default([]) + [__organizations_difference_list_empty_item.name] }}" loop: "{{ __organizations_difference }}" loop_control: loop_var: __organizations_difference_list_empty_item + no_log: "{{ controller_configuration_object_diff_secure_logging }}" when: - protect_not_empty_orgs is defined - protect_not_empty_orgs - - query(controller_api_plugin, 'api/' + controller_api_version + '/organizations/' + (__org.name | urlencode) + '/users/', + - query(controller_api_plugin, 'api/' + controller_api_version + '/organizations/' + (__organizations_difference_list_empty_item.name | urlencode) + '/users/', host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) | length == 0 - - query(controller_api_plugin, 'api/' + controller_api_version + '/organizations/' + (__org.name | urlencode) + '/admins/', + - query(controller_api_plugin, 'api/' + controller_api_version + '/organizations/' + (__organizations_difference_list_empty_item.name | urlencode) + '/admins/', host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) | length == 0 - - query(controller_api_plugin, 'api/' + controller_api_version + '/organizations/' + (__org.name | urlencode) + '/inventories/', + - query(controller_api_plugin, 'api/' + controller_api_version + '/organizations/' + (__organizations_difference_list_empty_item.name | urlencode) + '/inventories/', host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) | length == 0 - - query(controller_api_plugin, 'api/' + controller_api_version + '/organizations/' + (__org.name | urlencode) + '/teams/', + - query(controller_api_plugin, 'api/' + controller_api_version + '/organizations/' + (__organizations_difference_list_empty_item.name | urlencode) + '/teams/', host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) | length == 0 - - query(controller_api_plugin, 'api/' + controller_api_version + '/organizations/' + (__org.name | urlencode) + '/projects/', + - query(controller_api_plugin, 'api/' + controller_api_version + '/organizations/' + (__organizations_difference_list_empty_item.name | urlencode) + '/projects/', host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) | length == 0 - - query(controller_api_plugin, 'api/' + controller_api_version + '/organizations/' + (__org.name | urlencode) + '/job_templates/', + - query(controller_api_plugin, 'api/' + controller_api_version + '/organizations/' + (__organizations_difference_list_empty_item.name | urlencode) + '/job_templates/', host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) | length == 0 - - query(controller_api_plugin, 'api/' + controller_api_version + '/organizations/' + (__org.name | urlencode) + '/workflow_job_templates/', + - query(controller_api_plugin, 'api/' + controller_api_version + '/organizations/' + (__organizations_difference_list_empty_item.name | urlencode) + '/workflow_job_templates/', host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) | length == 0 - name: "Set Organization differences" @@ -53,10 +57,11 @@ loop: "{{ __organizations_difference }}" loop_control: loop_var: __organizations_difference_item - when: __organizations_difference is defined and (protect_not_empty_orgs is not defined or not protect_not_empty_orgs or __organizations_difference_item.name in __list_empty_orgs) + when: + - __organizations_difference is defined + - protect_not_empty_orgs is not defined or not protect_not_empty_orgs or (__list_empty_orgs is defined and __organizations_difference_item.name in __list_empty_orgs) - name: "Set organization's list to be configured" ansible.builtin.set_fact: - controller_organizations: "{{ __controller_organizations }}" - when: __controller_organizations is defined + controller_organizations: "{{ __controller_organizations | default([]) }}" ... diff --git a/roles/object_diff/tasks/projects.yml b/roles/object_diff/tasks/projects.yml index 957d9caa8..3b119ab6c 100644 --- a/roles/object_diff/tasks/projects.yml +++ b/roles/object_diff/tasks/projects.yml @@ -5,17 +5,20 @@ query_params={'name': orgs}, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Get the API list of all Projects in Organization {{ orgs }}" ansible.builtin.set_fact: __controller_api_projects: "{{ query(controller_api_plugin, 'projects', query_params={'organization': __controller_organization_id.id}, - host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, + return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Find the difference of Project between what is on the Controller versus CasC on SCM" ansible.builtin.set_fact: - __projects_difference: "{{ lookup('redhat_cop.controller_configuration.controller_object_diff', + __projects_difference: "{{ lookup(controller_role_plugin, api_list=__controller_api_projects, compare_list=controller_projects, with_present=false, set_absent=true) }}" diff --git a/roles/object_diff/tasks/roles.yml b/roles/object_diff/tasks/roles.yml index a9a3204b3..095161f21 100644 --- a/roles/object_diff/tasks/roles.yml +++ b/roles/object_diff/tasks/roles.yml @@ -5,22 +5,56 @@ query_params={'username': controller_username}, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Role differences (block)" when: - __controller_api_current_user_check_is_admin.is_superuser block: - - name: "Get the API list of all roles" + - name: "Get the API list of all roles" # noqa jinja[spacing] ansible.builtin.set_fact: - __controller_api_roles: "{{ query(controller_api_plugin, 'roles', - host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) + __controller_api_roles: "{{ (__controller_api_roles | default([])) + [{ + 'users': current_users, + 'teams': current_teams, + 'name': current_role.name, + 'role': current_role.name, + 'type': current_role.type, + 'resource_type': (current_role.summary_fields.resource_type|default('no_resource_type')), + (current_role.summary_fields.resource_type|default('no_resource_type')): (current_role.summary_fields.resource_name|default('no_resource_name')) + }] }}" + vars: + current_users: "{{ query(controller_api_plugin, current_role.related.users, + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, + return_all=true, max_objects=query_controller_api_max_objects) | map(attribute='username') + }}" + current_teams: "{{ query(controller_api_plugin, current_role.related.teams, + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, + return_all=true, max_objects=query_controller_api_max_objects) | map(attribute='name') + }}" + loop: "{{ query(controller_api_plugin, 'roles', + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, + return_all=true, max_objects=query_controller_api_max_objects) + }}" + loop_control: + loop_var: current_role + no_log: "{{ controller_configuration_object_diff_secure_logging }}" + + - name: "Explode the roles for users" + ansible.builtin.set_fact: + __full_controller_api_roles: "{{ (__full_controller_api_roles | default([])) + [item.0 | combine({'user': item.1})] }}" + loop: "{{ (__controller_api_roles | subelements('users')) }}" + + - name: "Explode the roles for teams" + ansible.builtin.set_fact: + __full_controller_api_roles: "{{ (__full_controller_api_roles | default([])) + [item.0 | combine({'team': item.1})] }}" + loop: "{{ (__controller_api_roles | subelements('teams')) }}" - name: "Find the difference of Roles between what is on the Controller versus CasC on SCM" ansible.builtin.set_fact: - __roles_difference: "{{ lookup('redhat_cop.controller_configuration.controller_object_diff', - api_list=__controller_api_roles, compare_list=controller_roles, + __roles_difference: "{{ lookup(controller_role_plugin, + api_list=__full_controller_api_roles, compare_list=controller_roles, with_present=false, set_absent=true) }}" diff --git a/roles/object_diff/tasks/schedules.yml b/roles/object_diff/tasks/schedules.yml new file mode 100644 index 000000000..fe2994186 --- /dev/null +++ b/roles/object_diff/tasks/schedules.yml @@ -0,0 +1,48 @@ +--- +- name: Get the organization ID + ansible.builtin.set_fact: + __controller_organization_id: "{{ lookup(controller_api_plugin, 'organizations', + query_params={'name': orgs}, + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) + }}" + +- name: "Get the API list of all WF and Job Templates in Organization {{ orgs }}" + ansible.builtin.set_fact: + __controller_api_job_templates: "{{ query(controller_api_plugin, 'job_templates', + query_params={'organization': __controller_organization_id.id}, + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, + return_all=true, max_objects=query_controller_api_max_objects) + }}" + __controller_api_workflow_job_templates: "{{ query(controller_api_plugin, 'workflow_job_templates', + query_params={'organization': __controller_organization_id.id}, + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, + return_all=true, max_objects=query_controller_api_max_objects) + }}" + + +- name: "Get WF and JT IDs" # noqa jinja[spacing] + ansible.builtin.set_fact: + __controller_api_templates_ids: '{{ __controller_api_job_templates | selectattr("id", "defined") | map(attribute="id") | flatten | unique + __controller_api_workflow_job_templates | selectattr("id", "defined") | map(attribute="id") | flatten | unique }}' + +- name: "Get the API list of all Schedules" + ansible.builtin.set_fact: + __controller_api_schedules_prefilter: "{{ query(controller_api_plugin, 'schedules', + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, + return_all=true, max_objects=query_controller_api_max_objects) + }}" + +- name: "Get the API list of all Schedules in Organization {{ orgs }}" + ansible.builtin.set_fact: + __controller_api_schedules: "{{ __controller_api_schedules_prefilter | selectattr('unified_job_template', 'in', __controller_api_templates_ids) }}" + +- name: "Find the difference of Schedule between what is on the Controller versus CasC on SCM" + ansible.builtin.set_fact: + __schedules_difference: "{{ lookup(controller_role_plugin, + api_list=__controller_api_schedules, compare_list=controller_schedules, + with_present=false, set_absent=true) + }}" + +- name: "Set schedule's list to be configured" + ansible.builtin.set_fact: + controller_schedules: "{{ __schedules_difference }}" +... diff --git a/roles/object_diff/tasks/teams.yml b/roles/object_diff/tasks/teams.yml index 7c7341d8c..d1abf599f 100644 --- a/roles/object_diff/tasks/teams.yml +++ b/roles/object_diff/tasks/teams.yml @@ -5,6 +5,7 @@ query_params={'username': controller_username}, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Team differences (block)" when: @@ -16,17 +17,20 @@ query_params={'name': orgs}, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Get the API list of all teams in Organization {{ orgs }}" ansible.builtin.set_fact: __controller_api_teams: "{{ query(controller_api_plugin, 'teams', query_params={'organization': __controller_organization_id.id}, - host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, + return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Find the difference of Teams between what is on the Controller versus CasC on SCM" ansible.builtin.set_fact: - __teams_difference: "{{ lookup('redhat_cop.controller_configuration.controller_object_diff', + __teams_difference: "{{ lookup(controller_role_plugin, api_list=__controller_api_teams, compare_list=controller_teams, with_present=false, diff --git a/roles/object_diff/tasks/user_accounts.yml b/roles/object_diff/tasks/user_accounts.yml index f8b19dd4b..1bfb32e5a 100644 --- a/roles/object_diff/tasks/user_accounts.yml +++ b/roles/object_diff/tasks/user_accounts.yml @@ -6,12 +6,15 @@ query_params={'username': controller_username}, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Get all users from the API" ansible.builtin.set_fact: __controller_api_user_accounts: "{{ query(controller_api_plugin, 'users', - host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, + return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Populate user accounts (block)" when: not drop_user_external_accounts @@ -19,10 +22,12 @@ - name: "Populate User Accounts list" ansible.builtin.set_fact: populate_controller_api_user_accounts_without_external_accounts: "{{ __controller_api_user_accounts | selectattr('external_account', 'none') | list }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Set User Accounts from API without External Accounts Data Structure" ansible.builtin.set_fact: __controller_api_user_accounts: "{{ populate_controller_api_user_accounts_without_external_accounts }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" when: populate_controller_api_user_accounts_without_external_accounts is defined - name: "User account differences (block)" @@ -31,12 +36,14 @@ block: - name: "Find the difference of User Accounts between what is on the Controller versus CasC on SCM" ansible.builtin.set_fact: - __user_accounts_difference: "{{ lookup('redhat_cop.controller_configuration.controller_object_diff', + __user_accounts_difference: "{{ lookup(controller_role_plugin, api_list=__controller_api_user_accounts, compare_list=controller_user_accounts, with_present=false, set_absent=true) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Sets the difference of User Accounts between what is on the Controller versus CasC on SCM" ansible.builtin.set_fact: controller_user_accounts: "{{ __user_accounts_difference }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" ... diff --git a/roles/object_diff/tasks/workflow_job_templates.yml b/roles/object_diff/tasks/workflow_job_templates.yml index 28e669df7..2f3c93c8a 100644 --- a/roles/object_diff/tasks/workflow_job_templates.yml +++ b/roles/object_diff/tasks/workflow_job_templates.yml @@ -5,17 +5,20 @@ query_params={'name': orgs}, host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Get the API list of all Workflow Job Templates" ansible.builtin.set_fact: __controller_api_workflow_job_templates: "{{ query(controller_api_plugin, 'workflow_job_templates', query_params={'organization': __controller_organization_id.id}, - host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs) + host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs, + return_all=true, max_objects=query_controller_api_max_objects) }}" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" - name: "Find the difference of Workflow Job Templates between what is on the Controller versus CasC on SCM" ansible.builtin.set_fact: - __workflow_job_templates_difference: "{{ lookup('redhat_cop.controller_configuration.controller_object_diff', + __workflow_job_templates_difference: "{{ lookup(controller_role_plugin, api_list=__controller_api_workflow_job_templates, compare_list=controller_workflows, with_present=false, set_absent=true) diff --git a/roles/object_diff/tests/drop_diff.yml b/roles/object_diff/tests/drop_diff.yml index 1f67063d1..d76a29a71 100644 --- a/roles/object_diff/tests/drop_diff.yml +++ b/roles/object_diff/tests/drop_diff.yml @@ -11,6 +11,10 @@ pre_tasks: - name: "Setup authentication (block)" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" + when: controller_oauthtoken is not defined + tags: + - always block: - name: "Get the Authentication Token for the future requests" ansible.builtin.uri: @@ -27,15 +31,11 @@ ansible.builtin.set_fact: controller_oauthtoken: "{{ authtoken_res.json.token }}" controller_oauthtoken_url: "{{ authtoken_res.json.url }}" - no_log: "{{ controller_configuration_object_diff_secure_logging }}" - when: controller_oauthtoken is not defined - tags: - - always roles: - - role: redhat_cop.controller_configuration.filetree_read - - role: redhat_cop.controller_configuration.object_diff - - role: redhat_cop.controller_configuration.dispatch + - role: infra.controller_configuration.filetree_read + - role: infra.controller_configuration.object_diff + - role: infra.controller_configuration.dispatch vars: controller_configuration_dispatcher_roles: - {role: workflow_job_templates, var: controller_workflows, tags: workflow_job_templates} diff --git a/roles/object_diff/tests/object_diff.yml b/roles/object_diff/tests/object_diff.yml index 498da6cb6..b6cd9efa7 100644 --- a/roles/object_diff/tests/object_diff.yml +++ b/roles/object_diff/tests/object_diff.yml @@ -11,6 +11,10 @@ pre_tasks: - name: "Setup authentication (block)" + no_log: "{{ controller_configuration_object_diff_secure_logging }}" + when: controller_oauthtoken is not defined + tags: + - always block: - name: "Get the Authentication Token for the future requests" ansible.builtin.uri: @@ -27,13 +31,9 @@ ansible.builtin.set_fact: controller_oauthtoken: "{{ authtoken_res.json.token }}" controller_oauthtoken_url: "{{ authtoken_res.json.url }}" - no_log: "{{ controller_configuration_object_diff_secure_logging }}" - when: controller_oauthtoken is not defined - tags: - - always roles: - - redhat_cop.controller_configuration.filetree_read - - redhat_cop.controller_configuration.object_diff + - infra.controller_configuration.filetree_read + - infra.controller_configuration.object_diff post_tasks: - name: "Delete the Authentication Token used" diff --git a/roles/organizations/README.md b/roles/organizations/README.md index e1e2ecbcc..9a43a43c1 100644 --- a/roles/organizations/README.md +++ b/roles/organizations/README.md @@ -58,22 +58,22 @@ This role accepts two data models. A simple straightforward easy to maintain mod ### Organization Variables -|Variable Name|Default Value|Required|Description| -|:---:|:---:|:---:|:---:| -|`name`|""|yes|Name of Organization| -|`description`|`False`|no|Description of of Organization.| -|`custom_virtualenv`|""|no|Local absolute file path containing a custom Python virtualenv to use.| -|`max_hosts`|""|no|The max hosts allowed in this organization.| -|`instance_groups`|""|no|list of Instance Groups for this Organization to run on.| -|`galaxy_credentials`|""|no|The credentials to use with private automationhub.| -|`default_environment`|""|no|Default Execution Environment to use for jobs owned by the Organization.| -|`notification_templates_started`|""|no|The notifications on started to use for this organization in a list.| -|`notification_templates_success`|""|no|The notifications on success to use for this organization in a list.| -|`notification_templates_error`|""|no|The notifications on error to use for this organization in a list.| -|`notification_templates_approvals`|""|no|The notifications for approval to use for this organization in a list.| -|`state`|`present`|no|Desired state of the resource.| -|`assign_galaxy_credentials_to_org`|`True`|no|Boolean to indicate whether credentials should be assigned or not. It should be noted that credentials must exist before adding it. | -|`assign_default_ee_to_org`|`True`|no|Boolean to indicate whether default execution environment should be assigned or not. It should be noted that execution environment must exist before adding it. | +|Variable Name|Default Value|Required|Type|Description| +|:---:|:---:|:---:|:---:|:---:| +|`name`|""|yes|str|Name of Organization| +|`description`|`False`|no|str|Description of of Organization.| +|`custom_virtualenv`|""|no|str|Local absolute file path containing a custom Python virtualenv to use.| +|`max_hosts`|""|no|int|The max hosts allowed in this organization.| +|`instance_groups`|""|no|list|list of Instance Groups for this Organization to run on.| +|`galaxy_credentials`|""|no|list|The credentials to use with private automationhub.| +|`default_environment`|""|no|str|Default Execution Environment to use for jobs owned by the Organization.| +|`notification_templates_started`|""|no|list|The notifications on started to use for this organization in a list.| +|`notification_templates_success`|""|no|list|The notifications on success to use for this organization in a list.| +|`notification_templates_error`|""|no|list|The notifications on error to use for this organization in a list.| +|`notification_templates_approvals`|""|no|list|The notifications for approval to use for this organization in a list.| +|`state`|`present`|no|str|Desired state of the resource.| +|`assign_galaxy_credentials_to_org`|`True`|no|bool|Boolean to indicate whether credentials should be assigned or not. It should be noted that credentials must exist before adding it. | +|`assign_default_ee_to_org`|`True`|no|bool|Boolean to indicate whether default execution environment should be assigned or not. It should be noted that execution environment must exist before adding it. | ### Standard Organization Data Structure model @@ -158,17 +158,17 @@ controller_organizations: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.organizations, when: controller_organizations is defined} + - {role: infra.controller_configuration.organizations, when: controller_organizations is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/organizations/meta/argument_specs.yml b/roles/organizations/meta/argument_specs.yml new file mode 100644 index 000000000..c3e91de82 --- /dev/null +++ b/roles/organizations/meta/argument_specs.yml @@ -0,0 +1,139 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to create organizations on Ansible Controller. + options: + controller_organizations: + description: Data structure describing your organizations + type: list + elements: dict + # options: + # name: + # required: true + # type: str + # description: Name of organization + # description: + # required: false + # type: str + # description: Description to use for the organization. + # custom_virtualenv: + # required: false + # type: str + # description: Local absolute file path containing a custom Python virtualenv to use. + # max_hosts: + # required: false + # type: int + # description: The max hosts allowed in this organization. + # instance_groups: + # required: false + # type: list + # elements: str + # description: list of Instance Groups for this Organization to run on. + # galaxy_credentials: + # required: false + # type: list + # elements: str + # description: The credentials to use with private automationhub. + # default_environment: + # required: false + # type: str + # description: Default Execution Environment to use for jobs owned by the Organization. + # notification_templates_started: + # required: false + # type: list + # elements: str + # description: The notifications on started to use for this organization in a list. + # notification_templates_success: + # required: false + # type: list + # elements: str + # description: The notifications on success to use for this organization in a list. + # notification_templates_error: + # required: false + # type: list + # elements: str + # description: The notifications on error to use for this organization in a list. + # notification_templates_approvals: + # required: false + # type: list + # elements: str + # description: The notifications for approval to use for this organization in a list. + # assign_galaxy_credentials_to_org: + # default: true + # required: false + # type: bool + # description: Boolean to indicate whether credentials should be assigned or not. It should be noted that credentials must exist before adding it. + # assign_default_ee_to_org: + # default: true + # required: false + # type: bool + # description: Boolean to indicate whether default execution environment should be assigned or not. It should be noted that execution environment must exist before adding it. + # state: + # default: "{{ controller_state | default('present') }}" + # required: false + # type: str + # description: Desired state of the resource. + + # Async variables + controller_configuration_organizations_async_retries: + default: "{{ controller_configuration_async_retries | default(30) }}" + required: false + description: This variable sets the number of retries to attempt for the role. + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_organizations_async_delay: + default: "{{ controller_configuration_async_delay | default(1) }}" + required: false + description: This variable sets delay between retries for the role. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + + # No_log variables + controller_configuration_organizations_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/organizations/tests/test.yml b/roles/organizations/tests/test.yml index bf2ffa8ce..9bdc016f9 100644 --- a/roles/organizations/tests/test.yml +++ b/roles/organizations/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/project_update/README.md b/roles/project_update/README.md index a6854cba5..202a9d2c5 100644 --- a/roles/project_update/README.md +++ b/roles/project_update/README.md @@ -63,6 +63,7 @@ This also speeds up the overall role. |`wait`|""|no|str|Wait for the project to complete.| |`interval`|`controller_configuration_project_update_async_delay`|no|str|The interval to request an update from controller.| |`timeout`|""|no|str|If waiting for the job to complete this will abort after this amount of seconds.| +|`update_project`|`False`|no|bool|If defined and true, the project update will be executed, otherwise it won't.| ### Standard Project Data Structure @@ -109,18 +110,18 @@ controller_projects: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.project_update, when: controller_projects is defined} + - {role: infra.controller_configuration.project_update, when: controller_projects is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/project_update/meta/argument_specs.yml b/roles/project_update/meta/argument_specs.yml new file mode 100644 index 000000000..cf2a6ad90 --- /dev/null +++ b/roles/project_update/meta/argument_specs.yml @@ -0,0 +1,186 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to update projects on Ansible Controller. + options: + controller_projects: + description: Data structure describing your project_updates + type: list + elements: dict + # options: + # name: + # required: true + # type: str + # description: Name of group + # organization: + # required: false + # type: str + # description: Organization the project belongs to. + # wait: + # required: false + # type: bool + # description: Wait for the job to complete. + # interval: + # default: "{{ controller_configuration_project_update_async_delay }}" + # required: false + # type: float + # description: The interval to request an update from controller. + # timeout: + # required: false + # type: int + # description: If waiting for the update to complete this will abort after this amount of seconds. + # update_project: + # default: false + # required: false + # type: bool + # description: If defined and true, the project update will be executed, otherwise it won't. + # copy_from: + # required: false + # type: str + # description: Unused in this role + # description: + # required: false + # type: str + # description: Unused in this role + # scm_type: + # required: false + # type: str + # description: Unused in this role + # scm_url: + # required: false + # type: str + # description: Unused in this role + # default_environment: + # required: false + # type: str + # description: Unused in this role + # local_path: + # required: false + # type: str + # description: Unused in this role + # scm_branch: + # required: false + # type: str + # description: Unused in this role + # scm_refspec: + # required: false + # type: str + # description: Unused in this role + # credential: + # required: false + # type: str + # description: Unused in this role + # signature_validation_credential: + # required: false + # type: str + # description: Unused in this role + # scm_clean: + # required: false + # type: bool + # description: Unused in this role + # scm_delete_on_update: + # required: false + # type: bool + # description: Unused in this role + # scm_track_submodules: + # required: false + # type: bool + # description: Unused in this role + # scm_update_on_launch: + # required: false + # type: bool + # description: Unused in this role + # scm_update_cache_timeout: + # required: false + # type: int + # description: Unused in this role + # allow_override: + # required: false + # type: bool + # description: Unused in this role + # custom_virtualenv: + # required: false + # type: str + # description: Unused in this role + # notification_templates_started: + # required: false + # type: list + # elements: str + # description: Unused in this role + # notification_templates_success: + # required: false + # type: list + # elements: str + # description: Unused in this role + # notification_templates_error: + # required: false + # type: list + # elements: str + # description: Unused in this role + # state: + # required: false + # type: str + # description: Unused in this role + + # Async variables + controller_configuration_project_update_async_retries: + default: "{{ controller_configuration_async_retries | default(30) }}" + required: false + description: This variable sets the number of retries to attempt for the role. + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_project_update_async_delay: + default: "{{ controller_configuration_async_delay | default(1) }}" + required: false + description: This variable sets delay between retries for the role. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + # No_log variables + controller_configuration_groups_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/project_update/tasks/main.yml b/roles/project_update/tasks/main.yml index 384ce69dd..dad71857d 100644 --- a/roles/project_update/tasks/main.yml +++ b/roles/project_update/tasks/main.yml @@ -21,7 +21,7 @@ no_log: "{{ controller_configuration_project_update_secure_logging }}" when: - controller_projects is defined - - __project_update_update_item.update + - __project_update_update_item.update_project | default(false) - __project_update_update_item.state | default('present') != "absent" async: 1000 poll: 0 diff --git a/roles/project_update/tests/configs/projects.yml b/roles/project_update/tests/configs/projects.yml index 183a1c44f..89fc9cfb0 100644 --- a/roles/project_update/tests/configs/projects.yml +++ b/roles/project_update/tests/configs/projects.yml @@ -7,7 +7,7 @@ controller_projects: scm_clean: true description: Test Project 1 organization: Satellite - update: true + update_project: true wait: true - name: Test Project 2 scm_type: git diff --git a/roles/project_update/tests/test.yml b/roles/project_update/tests/test.yml index a3f03362f..8c771034b 100644 --- a/roles/project_update/tests/test.yml +++ b/roles/project_update/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/projects/README.md b/roles/projects/README.md index 0587b4597..5a0a85e69 100644 --- a/roles/projects/README.md +++ b/roles/projects/README.md @@ -18,13 +18,13 @@ Currently: |Variable Name|Default Value|Required|Description|Example| |:---|:---:|:---:|:---|:---| -|`controller_state`|"present"|no|The state all objects will take unless overridden by object default|'absent'| -|`controller_hostname`|""|yes|URL to the Ansible Controller Server.|127.0.0.1| -|`controller_validate_certs`|`True`|no|Whether or not to validate the Ansible Controller Server's SSL certificate.|| -|`controller_username`|""|no|Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified.|| -|`controller_password`|""|no|Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified.|| -|`controller_oauthtoken`|""|no|Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified.||| -|`controller_projects`|`see below`|yes|Data structure describing your project or projects Described below.|| +|`controller_state`|"present"|no|str|The state all objects will take unless overridden by object default|'absent'| +|`controller_hostname`|""|yes|str|URL to the Ansible Controller Server.|127.0.0.1| +|`controller_validate_certs`|`True`|no|str|Whether or not to validate the Ansible Controller Server's SSL certificate.|| +|`controller_username`|""|no|str|Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified.|| +|`controller_password`|""|no|str|Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified.|| +|`controller_oauthtoken`|""|no|str|Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified.||| +|`controller_projects`|`see below`|yes|str|Data structure describing your project or projects Described below.|| ### Secure Logging Variables @@ -35,8 +35,8 @@ controller_configuration_projects_secure_logging defaults to the value of contro |Variable Name|Default Value|Required|Description| |:---:|:---:|:---:|:---:| -|`controller_configuration_projects_secure_logging`|`False`|no|Whether or not to include the sensitive Project role tasks in the log. Set this value to `True` if you will be providing your sensitive values from elsewhere.| -|`controller_configuration_secure_logging`|`False`|no|This variable enables secure logging as well, but is shared across multiple roles, see above.| +|`controller_configuration_projects_secure_logging`|`False`|no|str|Whether or not to include the sensitive Project role tasks in the log. Set this value to `True` if you will be providing your sensitive values from elsewhere.| +|`controller_configuration_secure_logging`|`False`|no|str|This variable enables secure logging as well, but is shared across multiple roles, see above.| ### Asynchronous Retry Variables @@ -47,44 +47,44 @@ This also speeds up the overall role. |Variable Name|Default Value|Required|Description| |:---:|:---:|:---:|:---:| -|`controller_configuration_async_retries`|30|no|This variable sets the number of retries to attempt for the role globally.| -|`controller_configuration_projects_async_retries`|`{{ controller_configuration_async_retries }}`|no|This variable sets the number of retries to attempt for the role.| -|`controller_configuration_async_delay`|1|no|This sets the delay between retries for the role globally.| -|`controller_configuration_projects_async_delay`|`controller_configuration_async_delay`|no|This sets the delay between retries for the role.| +|`controller_configuration_async_retries`|30|no|str|This variable sets the number of retries to attempt for the role globally.| +|`controller_configuration_projects_async_retries`|`{{ controller_configuration_async_retries }}`|no|str|This variable sets the number of retries to attempt for the role.| +|`controller_configuration_async_delay`|1|no|str|This sets the delay between retries for the role globally.| +|`controller_configuration_projects_async_delay`|`controller_configuration_async_delay`|no|str|This sets the delay between retries for the role.| ## Data Structure ### Project Variables -|Variable Name|Default Value|Required|Description| -|:---:|:---:|:---:|:---:| -|`name`|""|yes|Name of Project| -|`copy_from`|""|no|Name or id to copy the project from. This will copy an existing project and change any parameters supplied.| -|`description`|`False`|no|Description of the Project.| -|`organization`|`False`|yes|Name of organization for project.| -|`scm_type`|""|no|Type of SCM resource.| -|`scm_url`|""|no|URL of SCM resource.| -|`default_environment`|""|no|Default Execution Environment to use for jobs relating to the project.| -|`local_path`|""|no|The server playbook directory for manual projects.| -|`scm_branch`|""|no|The branch to use for the SCM resource.| -|`scm_refspec`|""|no|The refspec to use for the SCM resource.| -|`credential`|""|no|Name of the credential to use with this SCM resource.| -|`signature_validation_credential`|""|no|Name of the credential to use for signature validation. If signature validation credential is provided, signature validation will be enabled.| -|`scm_clean`|""|no|Remove local modifications before updating.| -|`scm_delete_on_update`|""|no|Remove the repository completely before updating.| -|`scm_track_submodules`|""|no|Track submodules latest commit on specified branch.| -|`scm_update_on_launch`|""|no|Before an update to the local repository before launching a job with this project.| -|`scm_update_cache_timeout`|""|no|Cache Timeout to cache prior project syncs for a certain number of seconds. Only valid if scm_update_on_launch is to True, otherwise ignored.| -|`allow_override`|""|no|Allow changing the SCM branch or revision in a job template that uses this project.| -|`timeout`|""|no|The amount of time (in seconds) to run before the SCM Update is canceled. A value of 0 means no timeout.| -|`custom_virtualenv`|""|no|Local absolute file path containing a custom Python virtualenv to use.| -|`notification_templates_started`|""|no|The notifications on started to use for this organization in a list.| -|`notification_templates_success`|""|no|The notifications on success to use for this organization in a list.| -|`notification_templates_error`|""|no|The notifications on error to use for this organization in a list.| -|`state`|`present`|no|Desired state of the resource.| -|`wait`|""|no|Provides option to wait for completed project sync before returning.| -|`update_project`|""|no|Force project to update after changes.Used in conjunction with wait, interval, and timeout.| -|`interval`|`controller_configuration_projects_async_delay`|no|The interval to request an update from controller. Requires wait.| +|Variable Name|Default Value|Required|Type|Description| +|:---:|:---:|:---:|:---:|:---:| +|`name`|""|yes|str|Name of Project| +|`copy_from`|""|no|str|Name or id to copy the project from. This will copy an existing project and change any parameters supplied.| +|`description`|`False`|no|str|Description of the Project.| +|`organization`|`False`|yes|str|Name of organization for project.| +|`scm_type`|""|no|str|Type of SCM resource.| +|`scm_url`|""|no|str|URL of SCM resource.| +|`default_environment`|""|no|str|Default Execution Environment to use for jobs relating to the project.| +|`local_path`|""|no|str|The server playbook directory for manual projects.| +|`scm_branch`|""|no|str|The branch to use for the SCM resource.| +|`scm_refspec`|""|no|str|The refspec to use for the SCM resource.| +|`credential`|""|no|str|Name of the credential to use with this SCM resource.| +|`signature_validation_credential`|""|no|str|Name of the credential to use for signature validation. If signature validation credential is provided, signature validation will be enabled.| +|`scm_clean`|""|no|bool|Remove local modifications before updating.| +|`scm_delete_on_update`|""|no|bool|Remove the repository completely before updating.| +|`scm_track_submodules`|""|no|bool|Track submodules latest commit on specified branch.| +|`scm_update_on_launch`|""|no|bool|Before an update to the local repository before launching a job with this project.| +|`scm_update_cache_timeout`|""|no|str|Cache Timeout to cache prior project syncs for a certain number of seconds. Only valid if scm_update_on_launch is to True, otherwise ignored.| +|`allow_override`|""|no|str|Allow changing the SCM branch or revision in a job template that uses this project.| +|`timeout`|""|no|int|The amount of time (in seconds) to run before the SCM Update is canceled. A value of 0 means no timeout.| +|`custom_virtualenv`|""|no|str|Local absolute file path containing a custom Python virtualenv to use.| +|`notification_templates_started`|""|no|list|The notifications on started to use for this organization in a list.| +|`notification_templates_success`|""|no|list|The notifications on success to use for this organization in a list.| +|`notification_templates_error`|""|no|list|The notifications on error to use for this organization in a list.| +|`state`|`present`|no|str|Desired state of the resource.| +|`wait`|""|no|bool|Provides option to wait for completed project sync before returning.| +|`update_project`|`False`|no|bool|Force project to update after changes.Used in conjunction with wait, interval, and timeout.| +|`interval`|`controller_configuration_projects_async_delay`|no|float|The interval to request an update from controller. Requires wait.| ### Standard Project Data Structure @@ -144,17 +144,17 @@ controller_projects: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.projects, when: controller_projects is defined} + - {role: infra.controller_configuration.projects, when: controller_projects is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/projects/meta/argument_specs.yml b/roles/projects/meta/argument_specs.yml new file mode 100644 index 000000000..67ec7bec2 --- /dev/null +++ b/roles/projects/meta/argument_specs.yml @@ -0,0 +1,195 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to create projects on Ansible Controller. + options: + controller_projects: + description: Data structure describing your projects + type: list + elements: dict + # options: + # name: + # required: true + # type: str + # description: Name of project + # copy_from: + # required: false + # type: str + # description: Name or id to copy the project from. This will copy an existing project and change any parameters supplied. + # description: + # required: false + # type: str + # description: Description to use for the project. + # organization: + # required: false + # type: str + # description: Organization this project belongs to. + # scm_type: + # required: false + # type: str + # choices: + # - manual + # - git + # - svn + # - insights + # - archive + # description: Type of SCM resource. + # scm_url: + # required: false + # type: str + # description: URL of SCM resource. + # default_environment: + # required: false + # type: str + # description: Default Execution Environment to use for jobs relating to the project. + # local_path: + # required: false + # type: str + # description: The server playbook directory for manual projects. + # scm_branch: + # required: false + # type: str + # description: The branch to use for the SCM resource. + # scm_refspec: + # required: false + # type: str + # description: The refspec to use for the SCM resource. + # credential: + # required: false + # type: str + # description: Name of the credential to use with this SCM resource. + # signature_validation_credential: + # required: false + # type: str + # description: Name of the credential to use for signature validation. If signature validation credential is provided, signature validation will be enabled. + # scm_clean: + # required: false + # type: bool + # description: Remove local modifications before updating. + # scm_delete_on_update: + # required: false + # type: bool + # description: Remove the repository completely before updating. + # scm_track_submodules: + # required: false + # type: bool + # description: Track submodules latest commit on specified branch. + # scm_update_on_launch: + # required: false + # type: bool + # description: Before an update to the local repository before launching a job with this project. + # scm_update_cache_timeout: + # required: false + # type: int + # description: Cache Timeout to cache prior project syncs for a certain number of seconds. Only valid if scm_update_on_launch is to True, otherwise ignored. + # allow_override: + # required: false + # type: bool + # description: Allow changing the SCM branch or revision in a job template that uses this project. + # timeout: + # required: false + # type: int + # description: The amount of time (in seconds) to run before the SCM Update is canceled. A value of 0 means no timeout. + # custom_virtualenv: + # required: false + # type: str + # description: Local absolute file path containing a custom Python virtualenv to use. + # notification_templates_started: + # required: false + # type: list + # elements: str + # description: The notifications on started to use for this organization in a list. + # notification_templates_success: + # required: false + # type: list + # elements: str + # description: The notifications on success to use for this organization in a list. + # notification_templates_error: + # required: false + # type: list + # elements: str + # description: The notifications on error to use for this organization in a list. + # wait: + # default: true + # required: false + # type: bool + # description: Provides option to wait for completed project sync before returning. + # update_project: + # default: false + # required: false + # type: str + # description: Force project to update after changes.Used in conjunction with wait, interval, and timeout. + # interval: + # default: "{{ controller_configuration_projects_async_delay }}" + # required: false + # type: float + # description: The interval to request an update from controller. Requires wait. + # state: + # default: "{{ controller_state | default('present') }}" + # required: false + # type: str + # description: Desired state of the resource. + + # Async variables + controller_configuration_projects_async_retries: + default: "{{ controller_configuration_async_retries | default(30) }}" + required: false + description: This variable sets the number of retries to attempt for the role. + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_projects_async_delay: + default: "{{ controller_configuration_async_delay | default(1) }}" + required: false + description: This variable sets delay between retries for the role. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + + # No_log variables + controller_configuration_projects_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/projects/tests/test.yml b/roles/projects/tests/test.yml index 147e4e3b5..8c877ea54 100644 --- a/roles/projects/tests/test.yml +++ b/roles/projects/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/roles/README.md b/roles/roles/README.md index c747e1dbb..dbd660fcf 100644 --- a/roles/roles/README.md +++ b/roles/roles/README.md @@ -146,17 +146,17 @@ controller_roles: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.roles, when: controller_roles is defined} + - {role: infra.controller_configuration.roles, when: controller_roles is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/roles/meta/argument_specs.yml b/roles/roles/meta/argument_specs.yml new file mode 100644 index 000000000..62edc84c6 --- /dev/null +++ b/roles/roles/meta/argument_specs.yml @@ -0,0 +1,158 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to create roles on Ansible Controller. + options: + controller_roles: + description: Data structure describing your roles + type: list + elements: dict + # options: + # user: + # required: false + # type: str + # description: The user for which the role applies + # team: + # required: false + # type: str + # description: The team for which the role applies + # role: + # required: false + # type: str + # description: The role which is applied to one of {`target_team`, `inventory`, `job_template`, `target_team`, `inventory`, `job_template`} for either `user` or `team` + # target_team: + # required: false + # type: str + # description: The team the role applies against + # target_teams: + # required: false + # type: list + # elements: str + # description: The teams the role applies against + # inventory: + # required: false + # type: str + # description: The inventory the role applies against + # inventories: + # required: false + # type: list + # elements: str + # description: The inventories the role applies against + # job_template: + # required: false + # type: str + # description: The job template the role applies against + # job_templates: + # required: false + # type: list + # elements: str + # description: The job templates the role applies against + # workflow: + # required: false + # type: str + # description: The workflow the role applies against + # workflows: + # required: false + # type: list + # elements: str + # description: The workflows the role applies against + # credential: + # required: false + # type: str + # description: The credential the role applies against + # credentials: + # required: false + # type: list + # elements: str + # description: The credentials the role applies against + # organization: + # required: false + # type: str + # description: The organization the role applies against + # organizations: + # required: false + # type: list + # elements: str + # description: The organizations the role applies against + # lookup_organization: + # required: false + # type: str + # description: Organization the inventories, job templates, projects, or workflows the items exists in. Used to help lookup the object, for organization roles see organization. If not provided, will lookup by name only, which does not work with duplicates. + # project: + # required: false + # type: str + # description: The project the role applies against + # projects: + # required: false + # type: list + # elements: str + # description: The project the role applies against + # state: + # default: "{{ controller_state | default('present') }}" + # required: false + # type: str + # description: Desired state of the resource. + + # Async variables + controller_configuration_roles_async_retries: + default: "{{ controller_configuration_async_retries | default(30) }}" + required: false + description: This variable sets the number of retries to attempt for the role. + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_roles_async_delay: + default: "{{ controller_configuration_async_delay | default(1) }}" + required: false + description: This variable sets delay between retries for the role. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + + # No_log variables + controller_configuration_roles_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/roles/tests/test.yml b/roles/roles/tests/test.yml index 03550ab8c..b36acf8a1 100644 --- a/roles/roles/tests/test.yml +++ b/roles/roles/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/schedules/README.md b/roles/schedules/README.md index 6a96dadf4..c1db6f125 100644 --- a/roles/schedules/README.md +++ b/roles/schedules/README.md @@ -72,7 +72,6 @@ This also speeds up the overall role. |`job_slice_count`|Job Template default|no|str|Job Slice Count to use in the job run. Job Template default used if not set. Only allowed if `ask_job_slice_count_on_launch` set to true on Job Template| |`labels`|Job Template default|no|list|List of labels to use in the job run. Job Template default used if not set. Only allowed if `ask_labels_on_launch` set to true on Job Template| |`timeout`|Job Template default|no|str|Timeout to use in the job run. Job Template default used if not set. Only allowed if `ask_timeout_on_launch` set to true on Job Template| - |`job_type`|Job template default|no|str|The job type used for the job template.| |`job_tags`|""|no|str|Comma separated list of tags to apply to the job| |`skip_tags`|""|no|str|Comma separated list of tags to skip for the job| @@ -133,17 +132,17 @@ controller_schedules: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.schedules, when: controller_schedules is defined} + - {role: infra.controller_configuration.schedules, when: controller_schedules is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/schedules/meta/argument_specs.yml b/roles/schedules/meta/argument_specs.yml new file mode 100644 index 000000000..39131cb00 --- /dev/null +++ b/roles/schedules/meta/argument_specs.yml @@ -0,0 +1,180 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to create schedules on Ansible Controller. + options: + controller_schedules: + description: Data structure describing your schedules + type: list + elements: dict + # options: + # name: + # required: true + # type: str + # description: Name of schedule + # new_name: + # type: str + # required: false + # description: Setting this option will change the existing name (looked up via the name field). + # description: + # required: false + # type: str + # description: Description to use for the schedule. + # rrule: + # required: true + # type: str + # description: A value representing the schedules iCal recurrence rule. See the awx.awx.schedule plugin for help constructing this value + # extra_data: + # required: false + # type: dict + # description: Extra vars for the job template. Only allowed if prompt on launch + # inventory: + # required: false + # type: str + # description: Inventory applied to job template, assuming the job template prompts for an inventory. + # credentials: + # required: false + # type: list + # description: List of credentials applied as a prompt, assuming job template prompts for credentials + # scm_branch: + # default: + # required: false + # type: str + # description: Branch to use in the job run. Project default used if not set. Only allowed if `allow_override` set to true on project + # execution_environment: + # required: false + # type: str + # description: Execution Environment applied as a prompt. used if not set. Only allowed if `ask_execution_environment_on_launch` set to true on Job Template + # forks: + # required: false + # type: str + # description: Forks applied as a prompt. used if not set. Only allowed if `ask_forks_on_launch` set to true on Job Template + # instance_groups: + # required: false + # type: str + # description: List of Instance Groups applied as a prompt. used if not set. Only allowed if `ask_instance_groups_on_launch` set to true on Job Template + # job_slice_count: + # required: false + # type: str + # description: Job Slice Count to use in the job run. used if not set. Only allowed if `ask_job_slice_count_on_launch` set to true on Job Template + # labels: + # required: false + # type: list + # description: List of labels to use in the job run. used if not set. Only allowed if `ask_labels_on_launch` set to true on Job Template + # timeout: + # required: false + # type: str + # description: Timeout to use in the job run. used if not set. Only allowed if `ask_timeout_on_launch` set to true on Job Template + # job_type: + # required: false + # type: str + # description: The job type used for the job template. + # job_tags: + # required: false + # type: str + # description: Comma separated list of tags to apply to the job + # skip_tags: + # required: false + # type: str + # description: Comma separated list of tags to skip for the job + # limit: + # required: false + # type: str + # description: A host pattern to constrain the list of hosts managed or affected by the playbook + # diff_mode: + # required: false + # type: bool + # description: Enable diff mode for the job template. + # verbosity: + # required: false + # type: int + # choices: + # - 0 + # - 1 + # - 2 + # - 3 + # - 4 + # - 5 + # description: Level of verbosity for the job. Only allowed if configured to prompt on launch + # unified_job_template: + # required: false + # type: str + # description: The name of object that is being targeted by the schedule. Example objects include projects, inventory sources, and templates. Required if state='present. + # organization: + # required: false + # type: str + # description: The organization the unified job template exists in. Used for looking up the unified job template, not a direct model field. + # enabled: + # default: true + # required: false + # type: bool + # description: Enabled processing of this job template + # state: + # default: "{{ controller_state | default('present') }}" + # required: false + # type: str + # description: Desired state of the resource. + + # Async variables + controller_configuration_schedules_async_retries: + default: "{{ controller_configuration_async_retries | default(30) }}" + required: false + description: This variable sets the number of retries to attempt for the role. + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_schedules_async_delay: + default: "{{ controller_configuration_async_delay | default(1) }}" + required: false + description: This variable sets delay between retries for the role. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + + # No_log variables + controller_configuration_schedules_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/schedules/tasks/main.yml b/roles/schedules/tasks/main.yml index 6c3db6357..4f9fd9192 100644 --- a/roles/schedules/tasks/main.yml +++ b/roles/schedules/tasks/main.yml @@ -13,7 +13,7 @@ forks: "{{ __controller_schedule_item.forks | default(omit, true) }}" instance_groups: "{{ __controller_schedule_item.instance_groups | default(omit, true) }}" job_slice_count: "{{ __controller_schedule_item.job_slice_count | default(omit, true) }}" - labels: "{{ __controller_schedule_item.labels | default(__controller_schedule_item.related.labels | default([]) | map(attribute='name') | list) | default(omit, true) }}" + labels: "{{ __controller_schedule_item.labels | default(__controller_schedule_item.related.labels | default([]) | map(attribute='name') | list if __controller_schedule_item.related.labels is defined else omit) }}" timeout: "{{ __controller_schedule_item.timeout | default(omit, true) }}" job_type: "{{ __controller_schedule_item.job_type | default(omit, true) }}" job_tags: "{{ __controller_schedule_item.job_tags | default(omit, true) }}" diff --git a/roles/schedules/tests/test.yml b/roles/schedules/tests/test.yml index 24ab8e259..f62efd482 100644 --- a/roles/schedules/tests/test.yml +++ b/roles/schedules/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/settings/README.md b/roles/settings/README.md index fd3b977c8..4ee4dea42 100644 --- a/roles/settings/README.md +++ b/roles/settings/README.md @@ -135,17 +135,17 @@ controller_settings: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.settings, when: controller_settings is defined} + - {role: infra.controller_configuration.settings, when: controller_settings is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/settings/meta/argument_specs.yml b/roles/settings/meta/argument_specs.yml new file mode 100644 index 000000000..d0a7738af --- /dev/null +++ b/roles/settings/meta/argument_specs.yml @@ -0,0 +1,86 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to create settings on Ansible Controller. + options: + controller_settings: + description: Data structure describing your settings. Type is list if providing name/value and type dict if providing settings. + type: raw + # options: + # settings: + # required: false + # type: dict + # description: Dict of multiple settings to set (This is the preferable method) + # name: + # required: false + # type: str + # description: Name of setting + # value: + # required: false + # type: str + # description: Value of the setting + + + # Async variables + controller_configuration_settings_async_retries: + default: "{{ controller_configuration_async_retries | default(30) }}" + required: false + description: This variable sets the number of retries to attempt for the role. + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_settings_async_delay: + default: "{{ controller_configuration_async_delay | default(1) }}" + required: false + description: This variable sets delay between retries for the role. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + + # No_log variables + controller_configuration_settings_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/settings/tests/test.yml b/roles/settings/tests/test.yml index 0209f429a..4b44866ed 100644 --- a/roles/settings/tests/test.yml +++ b/roles/settings/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/teams/README.md b/roles/teams/README.md index abfc93615..3b7805910 100644 --- a/roles/teams/README.md +++ b/roles/teams/README.md @@ -77,17 +77,17 @@ This also speeds up the overall role. # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.teams, when: controller_teams is defined} + - {role: infra.controller_configuration.teams, when: controller_teams is defined} ``` ## License -[MIT](License) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/teams/meta/argument_specs.yml b/roles/teams/meta/argument_specs.yml new file mode 100644 index 000000000..8758eb7ce --- /dev/null +++ b/roles/teams/meta/argument_specs.yml @@ -0,0 +1,95 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to create teams on Ansible Controller. + options: + controller_teams: + description: Data structure describing your teams + type: list + elements: dict + # options: + # name: + # required: true + # type: str + # description: Name of team + # new_name: + # type: str + # required: false + # description: Setting this option will change the existing name (looked up via the name field). + # description: + # required: false + # type: str + # description: Description to use for the team. + # organization: + # required: false + # type: str + # description: Organization this team belongs to. + # state: + # default: "{{ controller_state | default('present') }}" + # required: false + # type: str + # description: Desired state of the resource. + + # Async variables + controller_configuration_teams_async_retries: + default: "{{ controller_configuration_async_retries | default(30) }}" + required: false + description: This variable sets the number of retries to attempt for the role. + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_teams_async_delay: + default: "{{ controller_configuration_async_delay | default(1) }}" + required: false + description: This variable sets delay between retries for the role. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + + # No_log variables + controller_configuration_teams_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/teams/tests/test.yml b/roles/teams/tests/test.yml index 6803555c0..c06f49f27 100644 --- a/roles/teams/tests/test.yml +++ b/roles/teams/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/users/README.md b/roles/users/README.md index 2ee70cfe0..579846700 100644 --- a/roles/users/README.md +++ b/roles/users/README.md @@ -25,6 +25,7 @@ Currently: |`controller_password`|""|no|Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified.|| |`controller_oauthtoken`|""|no|Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified.||| |`controller_user_accounts`|`see below`|yes|Data structure describing your user entries described below.|| +|`controller_user_default_password`|""|no|Global variable to set the password for all users.|| ### Secure Logging Variables @@ -59,8 +60,7 @@ This also speeds up the overall role. |Variable Name|Default Value|Required|Type|Description| |:---:|:---:|:---:|:---:|:---:| |`username`|""|yes|str|The username of the user| -|`password`|""|no|str|The password of the user| -|`controller_user_default_password`|""|no|str|Global variable to set the password for all users.| +|`password`|"{{ controller_user_default_password }}"|no|str|The password of the user| |`email`|""|yes|str|The email of the user| |`first_name`|""|no|str|The first name of the user| |`last_name`|""|no|str|The last name of the user| @@ -112,17 +112,17 @@ controller_user_accounts: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.users, when: controller_user_accounts is defined} + - {role: infra.controller_configuration.users, when: controller_user_accounts is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/users/meta/argument_specs.yml b/roles/users/meta/argument_specs.yml new file mode 100644 index 000000000..8ca2d3cf5 --- /dev/null +++ b/roles/users/meta/argument_specs.yml @@ -0,0 +1,124 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to create users on Ansible Controller. + options: + controller_users: + description: Data structure describing your users + type: list + elements: dict + # options: + # username: + # required: true + # type: str + # description: Username of user + # password: + # required: true + # type: str + # description: Password of user, defaults to "{{ controller_user_default_password }}" if not set + # email: + # required: false + # type: str + # description: email of the user + # first_name: + # required: false + # type: str + # description: first_name of the user + # last_name: + # required: false + # type: str + # description: last_name of the user + # is_superuser: + # default: false + # required: false + # type: bool + # description: Whether the user is a superuser + # is_system_auditor: + # default: false + # required: false + # type: bool + # description: Whether the user is an auditor + # update_secrets: + # default: true + # required: false + # type: bool + # description: True will always change password if user specifies password, even if API gives $encrypted$ for password. False will only set the password if other values change too. + # organization: + # required: false + # type: str + # description: Organization this user belongs to. + # state: + # default: "{{ controller_state | default('present') }}" + # required: false + # type: str + # description: Desired state of the resource. + + controller_user_default_password: + default: None + required: false + type: str + description: Global variable to set the password for all users. + + # Async variables + controller_configuration_users_async_retries: + default: "{{ controller_configuration_async_retries | default(30) }}" + required: false + description: This variable sets the number of retries to attempt for the role. + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_users_async_delay: + default: "{{ controller_configuration_async_delay | default(1) }}" + required: false + description: This variable sets delay between retries for the role. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + + # No_log variables + controller_configuration_users_secure_logging: + default: "{{ controller_configuration_secure_logging | default(true) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: true + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/users/tests/test.yml b/roles/users/tests/test.yml index e8671378f..cc3110b28 100644 --- a/roles/users/tests/test.yml +++ b/roles/users/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/workflow_job_templates/README.md b/roles/workflow_job_templates/README.md index 767fa4487..79d7db395 100644 --- a/roles/workflow_job_templates/README.md +++ b/roles/workflow_job_templates/README.md @@ -71,7 +71,7 @@ This also speeds up the overall role. |`allow_simultaneous`|""|no|bool|Allow simultaneous runs of the workflow job template.| |`inventory`|""|no|str|Inventory applied as a prompt, assuming job template prompts for inventory| |`limit`|""|no|str|Limit applied as a prompt, assuming job template prompts for limit| -|`labels`|""|no|str|The labels applied to this job template| +|`labels`|""|no|str|The labels applied to this job template. NOTE: Labels must be created with the [labels](https://github.com/redhat-cop/controller_configuration/tree/devel/roles/labels) role first, an error will occur if the label supplied to this role does not exist.| |`ask_labels_on_launch`|""|no|bool|Prompt user for labels on launch.| |`job_tags`|""|no|str|Comma separated list of the tags to use for the workflow job template.| |`skip_tags`|""|no|str|Comma separated list of the tags to skip for the workflow job template.| @@ -103,7 +103,7 @@ This also speeds up the overall role. |`forks`|Job Template default|no|str|Forks applied as a prompt. Job Template default used if not set. Only allowed if `ask_forks_on_launch` set to true on Job Template| |`instance_groups`|Job Template default|no|str| List of Instance Groups applied as a prompt. Job Template default used if not set. Only allowed if `ask_instance_groups_on_launch` set to true on Job Template| |`job_slice_count`|Job Template default|no|str|Job Slice Count to use in the job run. Job Template default used if not set. Only allowed if `ask_job_slice_count_on_launch` set to true on Job Template| -|`labels`|Job Template default|no|list|List of labels to use in the job run. Job Template default used if not set. Only allowed if `ask_labels_on_launch` set to true on Job Template| +|`labels`|Job Template default|no|list|List of labels to use in the job run. Job Template default used if not set. Only allowed if `ask_labels_on_launch` set to true on Job Template. NOTE: Labels must be created with the [labels](https://github.com/redhat-cop/controller_configuration/tree/devel/roles/labels) role first, an error will occur if the label supplied to this role does not exist.| |`timeout`|Job Template default|no|str|Timeout to use in the job run. Job Template default used if not set. Only allowed if `ask_timeout_on_launch` set to true on Job Template| |`approval_node`|""|no|str|A dictionary of Name, description, and timeout values for the approval node. This parameter is mutually exclusive with unified_job_template.| |`organization`|""|no|str|The organization of the workflow job template the node exists in. Used for looking up the workflow, not a direct model field.| @@ -397,18 +397,18 @@ controller_workflows: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.workflow_job_templates, when: controller_workflows is defined} + - {role: infra.controller_configuration.workflow_job_templates, when: controller_workflows is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/workflow_job_templates/meta/argument_specs.yml b/roles/workflow_job_templates/meta/argument_specs.yml new file mode 100644 index 000000000..f302d9ea6 --- /dev/null +++ b/roles/workflow_job_templates/meta/argument_specs.yml @@ -0,0 +1,341 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to create workflow job templates on Ansible Controller. + options: + controller_workflow_job_templates: + description: Data structure describing your workflow_job_templates + type: list + elements: dict + # options: + # name: + # required: true + # type: str + # description: Name of workflow_job_template + # new_name: + # type: str + # required: false + # description: Setting this option will change the existing name (looked up via the name field). + # copy_from: + # required: false + # type: str + # description: Name or id to copy the workflow_job_template from. This will copy an existing workflow_job_template and change any parameters supplied. + # description: + # required: false + # type: str + # description: Description to use for the workflow_job_template. + # organization: + # required: false + # type: str + # description: Organization this workflow_job_template belongs to. + # inventory: + # required: false + # type: str + # description: Name of the inventory to use for the job template. + # limit: + # required: false + # type: str + # description: A host pattern to further constrain the list of hosts managed or affected by the playbook + # extra_vars: + # required: false + # type: dict + # description: Specify extra_vars for the template. + # job_tags: + # required: false + # type: str + # description: Comma separated list of the tags to use for the job template. + # ask_variables_on_launch: + # required: false + # type: bool + # description: Prompt user for extra_vars on launch. + # ask_limit_on_launch: + # required: false + # type: bool + # description: Prompt user for a limit on launch. + # ask_tags_on_launch: + # required: false + # type: bool + # description: Prompt user for job tags on launch. + # ask_skip_tags_on_launch: + # required: false + # type: bool + # description: Prompt user for job tags to skip on launch. + # ask_inventory_on_launch: + # required: false + # type: bool + # description: Prompt user for inventory on launch. + # ask_labels_on_launch: + # required: false + # type: bool + # description: Prompt user for labels on launch. + # ask_scm_branch_on_launch: + # required: false + # type: bool + # description: Prompt user for scm branch on launch. + # survey_enabled: + # required: false + # type: bool + # description: Enable a survey on the job template. + # survey_spec: + # required: false + # type: dict + # description: JSON/YAML dict formatted survey definition. + # survey: + # required: false + # type: dict + # description: JSON/YAML dict formatted survey definition. Alias of survey_spec + # allow_simultaneous: + # required: false + # type: bool + # description: Allow simultaneous runs of the job template. + # webhook_service: + # required: false + # type: str + # description: Service that webhook requests will be accepted from (github, gitlab) + # webhook_credential: + # required: false + # type: str + # description: Personal Access Token for posting back the status to the service API + # scm_branch: + # required: false + # type: str + # description: Branch to use in job run. Project default used if blank. Only allowed if project allow_override field is set to true. + # labels: + # required: false + # type: list + # elements: str + # description: The labels applied to this job template. + # notification_templates_approvals: + # required: false + # type: list + # elements: str + # description: The notifications on approval to use for this organization in a list. + # notification_templates_started: + # required: false + # type: list + # elements: str + # description: The notifications on started to use for this organization in a list. + # notification_templates_success: + # required: false + # type: list + # elements: str + # description: The notifications on success to use for this organization in a list. + # notification_templates_error: + # required: false + # type: list + # elements: str + # description: The notifications on error to use for this organization in a list. + # state: + # default: "{{ controller_state | default('present') }}" + # required: false + # type: str + # description: Desired state of the resource. + # simplified_workflow_nodes: + # required: false + # type: list + # elements: dict + # description: List of workflow nodes to apply + # options: + # workflow_job_template: + # default: None + # required: true + # type: str + # description: The workflow job template the node exists in. Used for looking up the node, cannot be modified after creation. + # identifier: + # default: None + # required: true + # type: str + # description: An identifier for this node that is unique within its workflow. It is copied to workflow job nodes corresponding to this node. This functions the same as the name field for other resources, however if it is not set, it will be set to a random UUID4 value. Recommended to use Column and row numbers for identifiers such as Node401. [Refer to this documentation for more](https://github.com/ansible/awx/blob/devel/docs/workflow.md) + # unified_job_template: + # default: None + # required: false + # type: str + # description: Name of unified job template to run in the workflow. Can be a job template, project, inventory source, etc. This parameter is mutually exclusive with approval_node. + # lookup_organization: + # default: None + # required: false + # type: str + # description: Organization the inventories, job templates, projects, or workflows the items exists in. Used to help lookup the object, for organization roles see organization. If not provided, will lookup by name only, which does not work with duplicates. + # execution_environment: + # default: job_template_default + # required: false + # type: str + # description: Execution Environment applied as a prompt. Job Template default used if not set. Only allowed if `ask_execution_environment_on_launch` set to true on Job Template + # forks: + # default: job_template_default + # required: false + # type: str + # description: Forks applied as a prompt. Job Template default used if not set. Only allowed if `ask_forks_on_launch` set to true on Job Template + # instance_groups: + # default: job_template_default + # required: false + # type: str + # description: List of Instance Groups applied as a prompt. Job Template default used if not set. Only allowed if `ask_instance_groups_on_launch` set to true on Job Template + # job_slice_count: + # default: job_template_default + # required: false + # type: str + # description: Job Slice Count to use in the job run. Job Template default used if not set. Only allowed if `ask_job_slice_count_on_launch` set to true on Job Template + # labels: + # default: job_template_default + # required: false + # type: list + # elements: str + # description: List of labels to use in the job run. Job Template default used if not set. Only allowed if `ask_labels_on_launch` set to true on Job Template. + # timeout: + # default: job_template_default + # required: false + # type: str + # description: Timeout to use in the job run. Job Template default used if not set. Only allowed if `ask_timeout_on_launch` set to true on Job Template + # approval_node: + # default: None + # required: false + # type: str + # description: A dictionary of Name, description, and timeout values for the approval node. This parameter is mutually exclusive with unified_job_template. + # organization: + # default: None + # required: false + # type: str + # description: The organization of the workflow job template the node exists in. Used for looking up the workflow, not a direct model field. + # all_parents_must_converge: + # default: None + # required: false + # type: bool + # description: If enabled then the node will only run if all of the parent nodes have met the criteria to reach this node + # always_nodes: + # default: None + # required: false + # type: list + # elements: str + # description: Nodes that will run after this node completes. + # failure_nodes: + # default: None + # required: false + # type: list + # elements: str + # description: Nodes that will run after this node completes. + # success_nodes: + # default: None + # required: false + # type: list + # elements: str + # description: Nodes that will run after this node completes. + # verbosity: + # default: None + # required: false + # type: str + # description: Verbosity applied as a prompt, if job template prompts for verbosity + # state: + # default: "{{ controller_state | default('present') }}" + # required: false + # type: str + # description: Desired state of the resource + # credentials: + # default: None + # required: false + # type: list + # description: Credentials to be applied to job as launch-time prompts. + # diff_mode: + # default: None + # required: false + # type: bool + # description: Run diff mode, applied as a prompt, if job template prompts for diff mode + # extra_data: + # default: None + # required: false + # type: dict + # description: Variables to apply at launch time. Will only be accepted if job template prompts for vars or has a survey asking for those vars. extra_data are extra_vars at the node level and named so to match the module and the API. These are only for "ask extra vars on prompt" on a given job template. + # inventory: + # default: None + # required: false + # type: str + # description: Inventory applied as a prompt, if job template prompts for inventory + # job_tags: + # default: None + # required: false + # type: str + # description: NJob tags applied as a prompt, if job template prompts for job tags + # job_type: + # default: None + # required: false + # type: str + # description: Job type applied as a prompt, if job template prompts for job type + # limit: + # default: None + # required: false + # type: str + # description: Limit to act on, applied as a prompt, if job template prompts for limit + # scm_branch: + # default: None + # required: false + # type: str + # description: SCM branch applied as a prompt, if job template prompts for SCM branch + # skip_tags: + # default: None + # required: false + # type: str + # description: Tags to skip, applied as a prompt, if job template prompts for job tags + + # Async variables + controller_configuration_workflow_job_templates_async_retries: + default: "{{ controller_configuration_async_retries | default(30) }}" + required: false + description: This variable sets the number of retries to attempt for the role. + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_workflow_job_templates_async_delay: + default: "{{ controller_configuration_async_delay | default(1) }}" + required: false + description: This variable sets delay between retries for the role. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + + # No_log variables + controller_configuration_workflow_job_templates_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/workflow_job_templates/tasks/add_workflows_schema.yml b/roles/workflow_job_templates/tasks/add_workflows_schema.yml index 7abf34995..86eb47cad 100644 --- a/roles/workflow_job_templates/tasks/add_workflows_schema.yml +++ b/roles/workflow_job_templates/tasks/add_workflows_schema.yml @@ -20,7 +20,7 @@ forks: "{{ __workflow_loop_node_item.forks | default(omit, true) }}" instance_groups: "{{ __workflow_loop_node_item.instance_groups | default(omit, true) }}" job_slice_count: "{{ __workflow_loop_node_item.job_slice_count | default(omit, true) }}" - labels: "{{ __workflow_loop_node_item.labels | default(__workflow_loop_node_item.related.labels | default([]) | map(attribute='name') | list) | default(omit, true) }}" + labels: "{{ __workflow_loop_node_item.labels | default(__workflow_loop_node_item.related.labels | default([]) | map(attribute='name') | list if __workflow_loop_node_item.related.labels is defined else omit) }}" timeout: "{{ __workflow_loop_node_item.timeout | default(omit, true) }}" approval_node: "{{ __workflow_loop_node_item.approval_node | default(omit, true) }}" workflow: "{{ __workflow_loop_item.name | mandatory }}" # Workflow job template name to associate with diff --git a/roles/workflow_job_templates/tasks/main.yml b/roles/workflow_job_templates/tasks/main.yml index 73f6adaeb..d2a05cd14 100644 --- a/roles/workflow_job_templates/tasks/main.yml +++ b/roles/workflow_job_templates/tasks/main.yml @@ -12,7 +12,7 @@ ask_variables_on_launch: "{{ __workflow_loop_item.ask_variables_on_launch | default(omit) }}" # only supported starting from Ansible 2.9 inventory: "{{ __workflow_loop_item.inventory.name | default(__workflow_loop_item.inventory | default(omit, true)) }}" limit: "{{ __workflow_loop_item.limit | default(omit, true) }}" - labels: "{{ __workflow_loop_item.labels | default(__workflow_loop_item.related.labels | default([]) | map(attribute='name') | list) | default(omit, true) }}" + labels: "{{ __workflow_loop_item.labels | default(__workflow_loop_item.related.labels | default([]) | map(attribute='name') | list if __workflow_loop_item.related.labels is defined else omit) }}" scm_branch: "{{ __workflow_loop_item.scm_branch | default(omit, true) }}" ask_inventory_on_launch: "{{ __workflow_loop_item.ask_inventory_on_launch | default(omit) }}" ask_scm_branch_on_launch: "{{ __workflow_loop_item.ask_scm_branch_on_launch | default(omit) }}" @@ -75,5 +75,5 @@ loop_var: __workflow_loop_item when: - __workflow_loop_item.simplified_workflow_nodes is defined - - __workflow_loop_item.state == "present" + - (__workflow_loop_item.state | default('present')) == "present" ... diff --git a/roles/workflow_job_templates/tests/test.yaml b/roles/workflow_job_templates/tests/test.yaml index fde8cf77e..bb0048b70 100644 --- a/roles/workflow_job_templates/tests/test.yaml +++ b/roles/workflow_job_templates/tests/test.yaml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/roles/workflow_launch/README.md b/roles/workflow_launch/README.md index d87318014..ca85e5ebe 100644 --- a/roles/workflow_launch/README.md +++ b/roles/workflow_launch/README.md @@ -80,18 +80,18 @@ controller_workflow_launch_jobs: # controller_password: changeme pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./yaml ignore_files: [controller_config.yml.template] extensions: ["yml"] roles: - - {role: redhat_cop.controller_configuration.workflow_launch, when: controller_workflow_launch_jobs is defined} + - {role: infra.controller_configuration.workflow_launch, when: controller_workflow_launch_jobs is defined} ``` ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author diff --git a/roles/workflow_launch/meta/argument_specs.yml b/roles/workflow_launch/meta/argument_specs.yml new file mode 100644 index 000000000..7c0444990 --- /dev/null +++ b/roles/workflow_launch/meta/argument_specs.yml @@ -0,0 +1,110 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to launch workflows on Ansible Controller. + options: + controller_projects: + description: Data structure describing your workflow_launch + type: list + elements: dict + # options: + # name: + # required: true + # type: str + # description: Name of group + # organization: + # required: false + # type: str + # description: Organization the project belongs to. + # inventory: + # required: false + # type: str + # description: Inventory to use for the job ran with this workflow, only used if prompt for inventory is set. + # limit: + # required: false + # type: str + # description: Limit to use for the job_template. + # scm_branch: + # required: false + # type: str + # description: A specific of the SCM project to run the template on. + # extra_vars: + # required: false + # type: dict + # description: Any extra vars required to launch the job. ask_extra_vars needs to be set to True via controller_job_template module. + # wait: + # required: false + # type: bool + # description: Wait for the job to complete. + # interval: + # default: "{{ controller_configuration_workflow_launch_async_delay }}" + # required: false + # type: float + # description: The interval to request an update from controller. + # timeout: + # required: false + # type: int + # description: If waiting for the update to complete this will abort after this amount of seconds. + + # Async variables + controller_configuration_workflow_launch_async_retries: + default: "{{ controller_configuration_async_retries | default(30) }}" + required: false + description: This variable sets the number of retries to attempt for the role. + controller_configuration_async_retries: + default: 30 + required: false + description: This variable sets number of retries across all roles as a default. + controller_configuration_workflow_launch_async_delay: + default: "{{ controller_configuration_async_delay | default(1) }}" + required: false + description: This variable sets delay between retries for the role. + controller_configuration_async_delay: + default: 1 + required: false + description: This variable sets delay between retries across all roles as a default. + + # No_log variables + controller_configuration_groups_secure_logging: + default: "{{ controller_configuration_secure_logging | default(false) }}" + required: false + type: bool + description: Whether or not to include the sensitive tasks from this role in the log. Set this value to `true` if you will be providing your sensitive values from elsewhere. + controller_configuration_secure_logging: + default: false + required: false + type: bool + description: This variable enables secure logging across all roles as a default. + + # Generic across all roles + controller_state: + default: present + required: false + description: The state all objects will take unless overridden by object default + type: str + controller_hostname: + default: None + required: false + description: URL to the Ansible Controller Server. + type: str + controller_validate_certs: + default: true + required: false + description: Whether or not to validate the Ansible Controller Server's SSL certificate. + type: str + controller_username: + default: None + required: false + description: Admin User on the Ansible Controller Server. Either username / password or oauthtoken need to be specified. + type: str + controller_password: + default: None + required: false + description: Controller Admin User's password on the Ansible Controller Server. This should be stored in an Ansible Vault at vars/controller-secrets.yml or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str + controller_oauthtoken: + default: None + required: false + description: Controller Admin User's token on the Ansible Controller Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. + type: str +... diff --git a/roles/workflow_launch/tests/test.yml b/roles/workflow_launch/tests/test.yml index 976a06c2a..adb835e04 100644 --- a/roles/workflow_launch/tests/test.yml +++ b/roles/workflow_launch/tests/test.yml @@ -14,7 +14,7 @@ pre_tasks: - name: Include vars from controller_configs directory - include_vars: + ansible.builtin.include_vars: dir: ./configs extensions: ["yml"] diff --git a/.github/tests/automatetheautomation/config-controller-filetree.yml b/tests/automatetheautomation/config-controller-filetree.yml similarity index 100% rename from .github/tests/automatetheautomation/config-controller-filetree.yml rename to tests/automatetheautomation/config-controller-filetree.yml diff --git a/.github/tests/automatetheautomation/drop_diff.yml b/tests/automatetheautomation/drop_diff.yml similarity index 100% rename from .github/tests/automatetheautomation/drop_diff.yml rename to tests/automatetheautomation/drop_diff.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_credential_types.d/app-example/controller_credential_types_aap_monitor.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_credential_types.d/app-example/controller_credential_types_aap_monitor.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_credential_types.d/app-example/controller_credential_types_aap_monitor.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_credential_types.d/app-example/controller_credential_types_aap_monitor.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_credential_types.d/app-example/controller_credential_types_acme_key.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_credential_types.d/app-example/controller_credential_types_acme_key.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_credential_types.d/app-example/controller_credential_types_acme_key.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_credential_types.d/app-example/controller_credential_types_acme_key.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_credential_types.d/app-example/controller_credential_types_cloudforms.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_credential_types.d/app-example/controller_credential_types_cloudforms.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_credential_types.d/app-example/controller_credential_types_cloudforms.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_credential_types.d/app-example/controller_credential_types_cloudforms.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_credential_types.d/app-example/controller_credential_types_multiple.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_credential_types.d/app-example/controller_credential_types_multiple.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_credential_types.d/app-example/controller_credential_types_multiple.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_credential_types.d/app-example/controller_credential_types_multiple.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_credential_types.d/app-example/controller_credential_types_servicenow.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_credential_types.d/app-example/controller_credential_types_servicenow.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_credential_types.d/app-example/controller_credential_types_servicenow.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_credential_types.d/app-example/controller_credential_types_servicenow.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_credential_types.d/controller_credential_types.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_credential_types.d/controller_credential_types.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_credential_types.d/controller_credential_types.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_credential_types.d/controller_credential_types.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_groups.d/controller_groups.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_groups.d/controller_groups.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_groups.d/controller_groups.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_groups.d/controller_groups.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_instance_groups.d/app-example/controller_instance_groups_otlc.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_instance_groups.d/app-example/controller_instance_groups_otlc.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_instance_groups.d/app-example/controller_instance_groups_otlc.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_instance_groups.d/app-example/controller_instance_groups_otlc.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_instance_groups.d/controller_instance_groups.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_instance_groups.d/controller_instance_groups.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_instance_groups.d/controller_instance_groups.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_instance_groups.d/controller_instance_groups.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_inventories.d/app-casc/controller_inventories_localhost.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_inventories.d/app-casc/controller_inventories_localhost.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_inventories.d/app-casc/controller_inventories_localhost.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_inventories.d/app-casc/controller_inventories_localhost.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_inventories.d/app-example/controller_inventories_excel.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_inventories.d/app-example/controller_inventories_excel.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_inventories.d/app-example/controller_inventories_excel.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_inventories.d/app-example/controller_inventories_excel.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_inventories.d/app-example/controller_inventories_smart_org1.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_inventories.d/app-example/controller_inventories_smart_org1.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_inventories.d/app-example/controller_inventories_smart_org1.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_inventories.d/app-example/controller_inventories_smart_org1.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_inventories.d/app-example/controller_inventories_smart_org2.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_inventories.d/app-example/controller_inventories_smart_org2.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_inventories.d/app-example/controller_inventories_smart_org2.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_inventories.d/app-example/controller_inventories_smart_org2.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_inventories.d/controller_inventories.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_inventories.d/controller_inventories.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_inventories.d/controller_inventories.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_inventories.d/controller_inventories.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_job_templates.d/app-casc/controller_job_templates_casc.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_job_templates.d/app-casc/controller_job_templates_casc.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_job_templates.d/app-casc/controller_job_templates_casc.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_job_templates.d/app-casc/controller_job_templates_casc.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_job_templates.d/app-example/controller_job_templates_container_groups.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_job_templates.d/app-example/controller_job_templates_container_groups.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_job_templates.d/app-example/controller_job_templates_container_groups.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_job_templates.d/app-example/controller_job_templates_container_groups.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_job_templates.d/app-example/controller_job_templates_demo_push.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_job_templates.d/app-example/controller_job_templates_demo_push.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_job_templates.d/app-example/controller_job_templates_demo_push.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_job_templates.d/app-example/controller_job_templates_demo_push.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_job_templates.d/controller_job_templates.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_job_templates.d/controller_job_templates.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_job_templates.d/controller_job_templates.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_job_templates.d/controller_job_templates.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_organizations.d/app-casc/controller_organizations_Global.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_organizations.d/app-casc/controller_organizations_Global.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_organizations.d/app-casc/controller_organizations_Global.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_organizations.d/app-casc/controller_organizations_Global.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_organizations.d/app-example/controller_organizations_ExampleOrg.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_organizations.d/app-example/controller_organizations_ExampleOrg.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_organizations.d/app-example/controller_organizations_ExampleOrg.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_organizations.d/app-example/controller_organizations_ExampleOrg.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_organizations.d/app-example/controller_organizations_OrgCrossTeams.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_organizations.d/app-example/controller_organizations_OrgCrossTeams.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_organizations.d/app-example/controller_organizations_OrgCrossTeams.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_organizations.d/app-example/controller_organizations_OrgCrossTeams.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_organizations.d/app-example/controller_organizations_Organizations1-2.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_organizations.d/app-example/controller_organizations_Organizations1-2.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_organizations.d/app-example/controller_organizations_Organizations1-2.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_organizations.d/app-example/controller_organizations_Organizations1-2.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_organizations.d/controller_organizations.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_organizations.d/controller_organizations.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_organizations.d/controller_organizations.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_organizations.d/controller_organizations.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/app-casc/controller_projects_casc.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/app-casc/controller_projects_casc.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/app-casc/controller_projects_casc.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/app-casc/controller_projects_casc.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/app-ocp/controller_projects_container_groups.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/app-ocp/controller_projects_container_groups.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/app-ocp/controller_projects_container_groups.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/app-ocp/controller_projects_container_groups.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/controller_projects.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/controller_projects.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/controller_projects.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/controller_projects.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/inventories/controller_projects_inventory_sourcea_dev.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/inventories/controller_projects_inventory_sourcea_dev.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/inventories/controller_projects_inventory_sourcea_dev.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/inventories/controller_projects_inventory_sourcea_dev.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/inventories/controller_projects_inventory_sourcea_prod.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/inventories/controller_projects_inventory_sourcea_prod.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/inventories/controller_projects_inventory_sourcea_prod.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/inventories/controller_projects_inventory_sourcea_prod.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/inventories/controller_projects_inventory_sourceb_dev.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/inventories/controller_projects_inventory_sourceb_dev.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/inventories/controller_projects_inventory_sourceb_dev.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/inventories/controller_projects_inventory_sourceb_dev.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/inventories/controller_projects_inventory_sourceb_prod.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/inventories/controller_projects_inventory_sourceb_prod.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/inventories/controller_projects_inventory_sourceb_prod.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_projects.d/inventories/controller_projects_inventory_sourceb_prod.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_roles.d/app-example/controller_roles_cmdb_approvals.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_roles.d/app-example/controller_roles_cmdb_approvals.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_roles.d/app-example/controller_roles_cmdb_approvals.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_roles.d/app-example/controller_roles_cmdb_approvals.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_roles.d/app-example/controller_roles_inventories.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_roles.d/app-example/controller_roles_inventories.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_roles.d/app-example/controller_roles_inventories.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_roles.d/app-example/controller_roles_inventories.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_roles.d/app-example/controller_roles_inventory_wf_update.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_roles.d/app-example/controller_roles_inventory_wf_update.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_roles.d/app-example/controller_roles_inventory_wf_update.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_roles.d/app-example/controller_roles_inventory_wf_update.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_roles.d/app-example/controller_roles_teams.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_roles.d/app-example/controller_roles_teams.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_roles.d/app-example/controller_roles_teams.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_roles.d/app-example/controller_roles_teams.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_roles.d/app-example/controller_roles_users.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_roles.d/app-example/controller_roles_users.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_roles.d/app-example/controller_roles_users.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_roles.d/app-example/controller_roles_users.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_roles.d/controller_roles.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_roles.d/controller_roles.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_roles.d/controller_roles.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_roles.d/controller_roles.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_schedules.d/app-casc/controller_schedules_casc.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_schedules.d/app-casc/controller_schedules_casc.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_schedules.d/app-casc/controller_schedules_casc.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_schedules.d/app-casc/controller_schedules_casc.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_schedules.d/app-example/controller_schedules_example.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_schedules.d/app-example/controller_schedules_example.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_schedules.d/app-example/controller_schedules_example.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_schedules.d/app-example/controller_schedules_example.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_schedules.d/controller_schedules.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_schedules.d/controller_schedules.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_schedules.d/controller_schedules.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_schedules.d/controller_schedules.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_teams.d/app-demo/controller_teams_org1.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_teams.d/app-demo/controller_teams_org1.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_teams.d/app-demo/controller_teams_org1.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_teams.d/app-demo/controller_teams_org1.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_teams.d/app-demo/controller_teams_org2.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_teams.d/app-demo/controller_teams_org2.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_teams.d/app-demo/controller_teams_org2.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_teams.d/app-demo/controller_teams_org2.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_teams.d/controller_teams.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_teams.d/controller_teams.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_teams.d/controller_teams.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_teams.d/controller_teams.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_workflow_job_templates.d/app-casc/controller_workflow_job_templates_casc.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_workflow_job_templates.d/app-casc/controller_workflow_job_templates_casc.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_workflow_job_templates.d/app-casc/controller_workflow_job_templates_casc.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_workflow_job_templates.d/app-casc/controller_workflow_job_templates_casc.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_workflow_job_templates.d/app-examples/controller_workflow_job_templates_InventoryUpdate.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_workflow_job_templates.d/app-examples/controller_workflow_job_templates_InventoryUpdate.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_workflow_job_templates.d/app-examples/controller_workflow_job_templates_InventoryUpdate.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_workflow_job_templates.d/app-examples/controller_workflow_job_templates_InventoryUpdate.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_workflow_job_templates.d/controller_workflow_job_templates.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_workflow_job_templates.d/controller_workflow_job_templates.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_workflow_job_templates.d/controller_workflow_job_templates.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/common/controller_workflow_job_templates.d/controller_workflow_job_templates.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_aap.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_aap.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_aap.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_aap.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_galaxy.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_galaxy.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_galaxy.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_galaxy.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_machine.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_machine.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_machine.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_machine.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_ocp.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_ocp.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_ocp.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_ocp.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_registry.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_registry.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_registry.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_registry.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_scm.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_scm.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_scm.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_scm.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_vault.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_vault.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_vault.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_credentials.d/app-examples/controller_credentials_vault.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_execution_environments.d/app-casc/controller_execution_environments_ee-casc.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_execution_environments.d/app-casc/controller_execution_environments_ee-casc.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_execution_environments.d/app-casc/controller_execution_environments_ee-casc.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_execution_environments.d/app-casc/controller_execution_environments_ee-casc.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_execution_environments.d/app-examples/controller_execution_environments_ee-xlsx.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_execution_environments.d/app-examples/controller_execution_environments_ee-xlsx.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_execution_environments.d/app-examples/controller_execution_environments_ee-xlsx.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_execution_environments.d/app-examples/controller_execution_environments_ee-xlsx.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_execution_environments.d/controller_execution_environments.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_execution_environments.d/controller_execution_environments.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_execution_environments.d/controller_execution_environments.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_execution_environments.d/controller_execution_environments.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_hosts.d/app-casc/controller_hosts_localhost.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_hosts.d/app-casc/controller_hosts_localhost.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_hosts.d/app-casc/controller_hosts_localhost.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_hosts.d/app-casc/controller_hosts_localhost.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_hosts.d/controller_hosts.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_hosts.d/controller_hosts.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_hosts.d/controller_hosts.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_hosts.d/controller_hosts.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourcea_dev.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourcea_dev.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourcea_dev.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourcea_dev.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourcea_prod.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourcea_prod.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourcea_prod.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourcea_prod.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourceb_dev.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourceb_dev.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourceb_dev.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourceb_dev.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourceb_prod.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourceb_prod.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourceb_prod.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourceb_prod.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_inventory_sources.d/controller_inventory_sources.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_inventory_sources.d/controller_inventory_sources.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_inventory_sources.d/controller_inventory_sources.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_inventory_sources.d/controller_inventory_sources.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_settings.d/app-examples/controller_settings_jobs.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_settings.d/app-examples/controller_settings_jobs.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_settings.d/app-examples/controller_settings_jobs.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_settings.d/app-examples/controller_settings_jobs.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_settings.d/app-examples/controller_settings_ldap.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_settings.d/app-examples/controller_settings_ldap.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_settings.d/app-examples/controller_settings_ldap.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_settings.d/app-examples/controller_settings_ldap.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_settings.d/app-examples/controller_settings_system.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_settings.d/app-examples/controller_settings_system.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_settings.d/app-examples/controller_settings_system.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_settings.d/app-examples/controller_settings_system.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_settings.d/app-examples/controller_settings_user_interface.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_settings.d/app-examples/controller_settings_user_interface.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_settings.d/app-examples/controller_settings_user_interface.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_settings.d/app-examples/controller_settings_user_interface.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_settings.d/controller_settings.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_settings.d/controller_settings.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_settings.d/controller_settings.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_settings.d/controller_settings.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_users.d/app-demo/controller_user_accounts_org1.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_users.d/app-demo/controller_user_accounts_org1.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_users.d/app-demo/controller_user_accounts_org1.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_users.d/app-demo/controller_user_accounts_org1.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_users.d/app-demo/controller_user_accounts_org2.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_users.d/app-demo/controller_user_accounts_org2.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_users.d/app-demo/controller_user_accounts_org2.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_users.d/app-demo/controller_user_accounts_org2.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_users.d/controller_user_accounts.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_users.d/controller_user_accounts.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_users.d/controller_user_accounts.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/dev/controller_users.d/controller_user_accounts.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_aap.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_aap.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_aap.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_aap.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_galaxy.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_galaxy.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_galaxy.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_galaxy.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_machine.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_machine.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_machine.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_machine.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_ocp.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_ocp.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_ocp.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_ocp.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_registry.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_registry.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_registry.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_registry.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_scm.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_scm.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_scm.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_scm.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_vault.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_vault.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_vault.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_credentials.d/app-examples/controller_credentials_vault.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_execution_environments.d/app-casc/controller_execution_environments_ee-casc.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_execution_environments.d/app-casc/controller_execution_environments_ee-casc.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_execution_environments.d/app-casc/controller_execution_environments_ee-casc.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_execution_environments.d/app-casc/controller_execution_environments_ee-casc.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_execution_environments.d/app-examples/controller_execution_environments_ee-xlsx.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_execution_environments.d/app-examples/controller_execution_environments_ee-xlsx.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_execution_environments.d/app-examples/controller_execution_environments_ee-xlsx.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_execution_environments.d/app-examples/controller_execution_environments_ee-xlsx.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_execution_environments.d/controller_execution_environments.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_execution_environments.d/controller_execution_environments.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_execution_environments.d/controller_execution_environments.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_execution_environments.d/controller_execution_environments.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_hosts.d/controller_hosts.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_hosts.d/controller_hosts.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_hosts.d/controller_hosts.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_hosts.d/controller_hosts.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourcea_dev.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourcea_dev.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourcea_dev.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourcea_dev.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourcea_prod.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourcea_prod.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourcea_prod.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourcea_prod.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourceb_dev.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourceb_dev.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourceb_dev.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourceb_dev.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourceb_prod.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourceb_prod.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourceb_prod.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_inventory_sources.d/app-examples/controller_inventory_sources_sourceb_prod.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_inventory_sources.d/controller_inventory_sources.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_inventory_sources.d/controller_inventory_sources.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_inventory_sources.d/controller_inventory_sources.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_inventory_sources.d/controller_inventory_sources.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_settings.d/app-examples/controller_settings_jobs.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_settings.d/app-examples/controller_settings_jobs.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_settings.d/app-examples/controller_settings_jobs.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_settings.d/app-examples/controller_settings_jobs.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_settings.d/app-examples/controller_settings_ldap.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_settings.d/app-examples/controller_settings_ldap.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_settings.d/app-examples/controller_settings_ldap.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_settings.d/app-examples/controller_settings_ldap.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_settings.d/app-examples/controller_settings_system.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_settings.d/app-examples/controller_settings_system.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_settings.d/app-examples/controller_settings_system.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_settings.d/app-examples/controller_settings_system.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_settings.d/app-examples/controller_settings_user_interface.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_settings.d/app-examples/controller_settings_user_interface.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_settings.d/app-examples/controller_settings_user_interface.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_settings.d/app-examples/controller_settings_user_interface.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_settings.d/controller_settings.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_settings.d/controller_settings.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_settings.d/controller_settings.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_settings.d/controller_settings.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_users.d/app-demo/controller_user_accounts_org1.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_users.d/app-demo/controller_user_accounts_org1.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_users.d/app-demo/controller_user_accounts_org1.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_users.d/app-demo/controller_user_accounts_org1.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_users.d/app-demo/controller_user_accounts_org2.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_users.d/app-demo/controller_user_accounts_org2.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_users.d/app-demo/controller_user_accounts_org2.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_users.d/app-demo/controller_user_accounts_org2.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_users.d/controller_user_accounts.yml b/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_users.d/controller_user_accounts.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_users.d/controller_user_accounts.yml rename to tests/automatetheautomation/orgs_vars/ExampleOrg/env/prod/controller_users.d/controller_user_accounts.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/env/dev/configure_connection_controller_credentials.yml b/tests/automatetheautomation/orgs_vars/env/dev/configure_connection_controller_credentials.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/env/dev/configure_connection_controller_credentials.yml rename to tests/automatetheautomation/orgs_vars/env/dev/configure_connection_controller_credentials.yml diff --git a/.github/tests/automatetheautomation/orgs_vars/env/prod/configure_connection_controller_credentials.yml b/tests/automatetheautomation/orgs_vars/env/prod/configure_connection_controller_credentials.yml similarity index 100% rename from .github/tests/automatetheautomation/orgs_vars/env/prod/configure_connection_controller_credentials.yml rename to tests/automatetheautomation/orgs_vars/env/prod/configure_connection_controller_credentials.yml diff --git a/.github/tests/automatetheautomation/pictures/AAP_CasC_Worflow.png b/tests/automatetheautomation/pictures/AAP_CasC_Worflow.png similarity index 100% rename from .github/tests/automatetheautomation/pictures/AAP_CasC_Worflow.png rename to tests/automatetheautomation/pictures/AAP_CasC_Worflow.png diff --git a/.github/tests/configs/ad_hoc_command_cancel_defaults.yml b/tests/configs/ad_hoc_command_cancel_defaults.yml similarity index 100% rename from .github/tests/configs/ad_hoc_command_cancel_defaults.yml rename to tests/configs/ad_hoc_command_cancel_defaults.yml diff --git a/.github/tests/configs/ad_hoc_commands.yml b/tests/configs/ad_hoc_commands.yml similarity index 100% rename from .github/tests/configs/ad_hoc_commands.yml rename to tests/configs/ad_hoc_commands.yml diff --git a/.github/tests/configs/applications.yml b/tests/configs/applications.yml similarity index 100% rename from .github/tests/configs/applications.yml rename to tests/configs/applications.yml diff --git a/.github/tests/configs/controller_auth.yml b/tests/configs/controller_auth.yml similarity index 100% rename from .github/tests/configs/controller_auth.yml rename to tests/configs/controller_auth.yml diff --git a/.github/tests/configs/credential_input_sources.yml b/tests/configs/credential_input_sources.yml similarity index 100% rename from .github/tests/configs/credential_input_sources.yml rename to tests/configs/credential_input_sources.yml diff --git a/.github/tests/configs/credential_types.yml b/tests/configs/credential_types.yml similarity index 100% rename from .github/tests/configs/credential_types.yml rename to tests/configs/credential_types.yml diff --git a/.github/tests/configs/credentials.yml b/tests/configs/credentials.yml similarity index 95% rename from .github/tests/configs/credentials.yml rename to tests/configs/credentials.yml index 2806e04f3..68f173466 100644 --- a/.github/tests/configs/credentials.yml +++ b/tests/configs/credentials.yml @@ -31,7 +31,7 @@ controller_credentials: organization: Satellite - description: CyberArk Lookup Credential name: "cyberark" - credential_type: CyberArk AIM Central Credential Provider Lookup + credential_type: CyberArk Central Credential Provider Lookup inputs: url: "https://cyberark.example.com" app_id: "My-App-ID" diff --git a/.github/tests/configs/differential_items.yml b/tests/configs/differential_items.yml similarity index 96% rename from .github/tests/configs/differential_items.yml rename to tests/configs/differential_items.yml index 1d0b2a1c4..3adeff41c 100644 --- a/.github/tests/configs/differential_items.yml +++ b/tests/configs/differential_items.yml @@ -71,7 +71,7 @@ differential_items: with_present: false differential_test_items: - name: "cyberark" - credential_type: "CyberArk AIM Central Credential Provider Lookup" + credential_type: CyberArk Central Credential Provider Lookup organization: Default expected_test_result: - name: gitlab @@ -138,4 +138,7 @@ differential_items: - name: Simple workflow schema2 organization: Default state: absent + - name: Simple workflow schema no state defined + organization: Default + state: absent ... diff --git a/.github/tests/configs/execution_environments.yml b/tests/configs/execution_environments.yml similarity index 100% rename from .github/tests/configs/execution_environments.yml rename to tests/configs/execution_environments.yml diff --git a/.github/tests/configs/groups.yml b/tests/configs/groups.yml similarity index 100% rename from .github/tests/configs/groups.yml rename to tests/configs/groups.yml diff --git a/.github/tests/configs/hosts.yml b/tests/configs/hosts.yml similarity index 100% rename from .github/tests/configs/hosts.yml rename to tests/configs/hosts.yml diff --git a/.github/tests/configs/instance_groups.yml b/tests/configs/instance_groups.yml similarity index 100% rename from .github/tests/configs/instance_groups.yml rename to tests/configs/instance_groups.yml diff --git a/tests/configs/instances.yml b/tests/configs/instances.yml new file mode 100644 index 000000000..ac562fff6 --- /dev/null +++ b/tests/configs/instances.yml @@ -0,0 +1,5 @@ +--- +# controller_instances: +# - hostname: my-instance.prod.example.com +# capacity_adjustment: 0.4 +... diff --git a/.github/tests/configs/inventories.yml b/tests/configs/inventories.yml similarity index 100% rename from .github/tests/configs/inventories.yml rename to tests/configs/inventories.yml diff --git a/.github/tests/configs/inventory_sources.yml b/tests/configs/inventory_sources.yml similarity index 100% rename from .github/tests/configs/inventory_sources.yml rename to tests/configs/inventory_sources.yml diff --git a/.github/tests/configs/labels.yml b/tests/configs/labels.yml similarity index 100% rename from .github/tests/configs/labels.yml rename to tests/configs/labels.yml diff --git a/.github/tests/configs/launch_jobs.yml b/tests/configs/launch_jobs.yml similarity index 100% rename from .github/tests/configs/launch_jobs.yml rename to tests/configs/launch_jobs.yml diff --git a/.github/tests/configs/notifications.yml b/tests/configs/notifications.yml similarity index 100% rename from .github/tests/configs/notifications.yml rename to tests/configs/notifications.yml diff --git a/.github/tests/configs/organizations.yml b/tests/configs/organizations.yml similarity index 100% rename from .github/tests/configs/organizations.yml rename to tests/configs/organizations.yml diff --git a/.github/tests/configs/projects.yml b/tests/configs/projects.yml similarity index 92% rename from .github/tests/configs/projects.yml rename to tests/configs/projects.yml index bf1b37d9f..287c551b2 100644 --- a/.github/tests/configs/projects.yml +++ b/tests/configs/projects.yml @@ -1,6 +1,6 @@ --- controller_configuration_projects_async_retries: 60 -controller_configuration_projects_async_delay: 2 +controller_configuration_projects_async_delay: 5 controller_projects: - name: Test Project scm_type: git @@ -10,7 +10,7 @@ controller_projects: description: Test Project 1 organization: Default wait: true - update: true + update_project: true - name: Demo Project scm_type: git scm_url: https://github.com/ansible/tower-example.git @@ -19,7 +19,7 @@ controller_projects: description: Test Project 1 organization: Default wait: true - update: true + update_project: true - name: Test Project 2 scm_type: git scm_url: https://github.com/ansible/ansible-examples.git diff --git a/.github/tests/configs/roles.yml b/tests/configs/roles.yml similarity index 100% rename from .github/tests/configs/roles.yml rename to tests/configs/roles.yml diff --git a/.github/tests/configs/schedule.yml b/tests/configs/schedule.yml similarity index 100% rename from .github/tests/configs/schedule.yml rename to tests/configs/schedule.yml diff --git a/.github/tests/configs/settings.yml b/tests/configs/settings.yml similarity index 100% rename from .github/tests/configs/settings.yml rename to tests/configs/settings.yml diff --git a/.github/tests/configs/settings_individuale.yml b/tests/configs/settings_individuale.yml similarity index 100% rename from .github/tests/configs/settings_individuale.yml rename to tests/configs/settings_individuale.yml diff --git a/.github/tests/configs/ssh_private_key.yml b/tests/configs/ssh_private_key.yml similarity index 100% rename from .github/tests/configs/ssh_private_key.yml rename to tests/configs/ssh_private_key.yml diff --git a/.github/tests/configs/teams.yml b/tests/configs/teams.yml similarity index 100% rename from .github/tests/configs/teams.yml rename to tests/configs/teams.yml diff --git a/.github/tests/configs/templates.yml b/tests/configs/templates.yml similarity index 100% rename from .github/tests/configs/templates.yml rename to tests/configs/templates.yml diff --git a/.github/tests/configs/user_accounts.yml b/tests/configs/user_accounts.yml similarity index 100% rename from .github/tests/configs/user_accounts.yml rename to tests/configs/user_accounts.yml diff --git a/.github/tests/configs/workflows.yml b/tests/configs/workflows.yml similarity index 63% rename from .github/tests/configs/workflows.yml rename to tests/configs/workflows.yml index 6c8bee677..acf4b1eaf 100644 --- a/.github/tests/configs/workflows.yml +++ b/tests/configs/workflows.yml @@ -73,4 +73,47 @@ controller_workflows: notification_templates_success: [] notification_templates_error: [] notification_templates_approvals: [] + - name: Simple workflow schema no state defined + description: a basic workflow + extra_vars: {} + survey_enabled: false + allow_simultaneous: false + ask_variables_on_launch: false + inventory: + limit: + job_tags: + - stuff + - stuff2 + skip_tags: + - stuff3 + ask_labels_on_launch: true + ask_skip_tags_on_launch: true + labels: + - Prod + scm_branch: + ask_inventory_on_launch: false + ask_scm_branch_on_launch: false + ask_limit_on_launch: false + organization: Default + schedules: [] + simplified_workflow_nodes: + - all_parents_must_converge: false + identifier: node101 + unified_job_template: RHVM-01 + success_nodes: + - node201 + - all_parents_must_converge: false + identifier: node201 + unified_job_template: test-template-1 + instance_groups: + - default + labels: + - differential + - differential2 + timeout: 165 + notification_templates_started: [] + notification_templates_success: [] + notification_templates_error: [] + notification_templates_approvals: [] + survey_spec: {} ... diff --git a/.github/tests/configs/workfows_launch.yml b/tests/configs/workfows_launch.yml similarity index 100% rename from .github/tests/configs/workfows_launch.yml rename to tests/configs/workfows_launch.yml diff --git a/.github/tests/configs_export_model/auth.yml b/tests/configs_export_model/auth.yml similarity index 100% rename from .github/tests/configs_export_model/auth.yml rename to tests/configs_export_model/auth.yml diff --git a/.github/tests/configs_export_model/credential_types_export.yml b/tests/configs_export_model/credential_types_export.yml similarity index 100% rename from .github/tests/configs_export_model/credential_types_export.yml rename to tests/configs_export_model/credential_types_export.yml diff --git a/.github/tests/configs_export_model/credentials_export.yml b/tests/configs_export_model/credentials_export.yml similarity index 100% rename from .github/tests/configs_export_model/credentials_export.yml rename to tests/configs_export_model/credentials_export.yml diff --git a/.github/tests/configs_export_model/inventory_export.yml b/tests/configs_export_model/inventory_export.yml similarity index 100% rename from .github/tests/configs_export_model/inventory_export.yml rename to tests/configs_export_model/inventory_export.yml diff --git a/.github/tests/configs_export_model/inventory_sources_export.yml b/tests/configs_export_model/inventory_sources_export.yml similarity index 100% rename from .github/tests/configs_export_model/inventory_sources_export.yml rename to tests/configs_export_model/inventory_sources_export.yml diff --git a/.github/tests/configs_export_model/job_templates_export.yml b/tests/configs_export_model/job_templates_export.yml similarity index 100% rename from .github/tests/configs_export_model/job_templates_export.yml rename to tests/configs_export_model/job_templates_export.yml diff --git a/.github/tests/configs_export_model/notifications_templates_export.yml b/tests/configs_export_model/notifications_templates_export.yml similarity index 100% rename from .github/tests/configs_export_model/notifications_templates_export.yml rename to tests/configs_export_model/notifications_templates_export.yml diff --git a/.github/tests/configs_export_model/organizations_export.yml b/tests/configs_export_model/organizations_export.yml similarity index 100% rename from .github/tests/configs_export_model/organizations_export.yml rename to tests/configs_export_model/organizations_export.yml diff --git a/.github/tests/configs_export_model/projects_export.yml b/tests/configs_export_model/projects_export.yml similarity index 100% rename from .github/tests/configs_export_model/projects_export.yml rename to tests/configs_export_model/projects_export.yml diff --git a/.github/tests/configs_export_model/teams_export.yml b/tests/configs_export_model/teams_export.yml similarity index 100% rename from .github/tests/configs_export_model/teams_export.yml rename to tests/configs_export_model/teams_export.yml diff --git a/.github/tests/configs_export_model/users_export.yml b/tests/configs_export_model/users_export.yml similarity index 100% rename from .github/tests/configs_export_model/users_export.yml rename to tests/configs_export_model/users_export.yml diff --git a/.github/tests/configs_export_model/workflows.yml b/tests/configs_export_model/workflows.yml similarity index 91% rename from .github/tests/configs_export_model/workflows.yml rename to tests/configs_export_model/workflows.yml index 890bf2166..2ad0680d9 100644 --- a/.github/tests/configs_export_model/workflows.yml +++ b/tests/configs_export_model/workflows.yml @@ -7,7 +7,6 @@ controller_workflows: survey_enabled: true allow_simultaneous: false ask_variables_on_launch: false - inventory: limit: scm_branch: ask_inventory_on_launch: false @@ -24,12 +23,7 @@ controller_workflows: name: Default type: organization workflow_nodes: - - inventory: - scm_branch: - job_tags: - skip_tags: - limit: - all_parents_must_converge: false + - all_parents_must_converge: false identifier: d9779889-cfdb-4a8c-8a11-1f54acf84aca workflow_job_template: organization: @@ -76,12 +70,7 @@ controller_workflows: type: workflow_job_template identifier: d9779889-cfdb-4a8c-8a11-1f54acf84aca type: workflow_job_template_node - - inventory: - scm_branch: - job_tags: - skip_tags: - limit: - all_parents_must_converge: false + - all_parents_must_converge: false identifier: f82f1c5f-c3b5-4bc4-9e1a-d8cd1ab44c44 workflow_job_template: organization: @@ -125,12 +114,7 @@ controller_workflows: type: workflow_job_template identifier: f82f1c5f-c3b5-4bc4-9e1a-d8cd1ab44c44 type: workflow_job_template_node - - inventory: - scm_branch: - job_tags: - skip_tags: - limit: - all_parents_must_converge: false + - all_parents_must_converge: false identifier: 28910097-e606-4252-8aa9-2c1a0b8b6c92 workflow_job_template: organization: @@ -158,12 +142,7 @@ controller_workflows: type: workflow_job_template identifier: 28910097-e606-4252-8aa9-2c1a0b8b6c92 type: workflow_job_template_node - - inventory: - scm_branch: - job_tags: - skip_tags: - limit: - all_parents_must_converge: true + - all_parents_must_converge: true identifier: ca7ffc3b-8401-4153-83bf-bb3dd918ca87 workflow_job_template: organization: @@ -191,12 +170,7 @@ controller_workflows: type: workflow_job_template identifier: ca7ffc3b-8401-4153-83bf-bb3dd918ca87 type: workflow_job_template_node - - inventory: - scm_branch: - job_tags: - skip_tags: - limit: - all_parents_must_converge: false + - all_parents_must_converge: false identifier: 046378e5-ff53-4168-afc2-a82d87327099 workflow_job_template: organization: @@ -295,9 +269,6 @@ controller_workflows: state: present allow_simultaneous: false ask_variables_on_launch: false - inventory: - limit: - scm_branch: ask_inventory_on_launch: false ask_scm_branch_on_launch: false ask_limit_on_launch: false @@ -308,12 +279,7 @@ controller_workflows: schedules: [] labels: [] workflow_nodes: - - inventory: - scm_branch: - job_tags: - skip_tags: - limit: - all_parents_must_converge: false + - all_parents_must_converge: false identifier: d9779889-cfdb-4a8c-8a11-1f54acf84aca workflow_job_template: organization: @@ -352,13 +318,7 @@ controller_workflows: type: workflow_job_template identifier: d9779889-cfdb-4a8c-8a11-1f54acf84aca type: workflow_job_template_node - - extra_data: {} - inventory: - scm_branch: - job_tags: - skip_tags: - limit: - all_parents_must_converge: false + - all_parents_must_converge: false identifier: f82f1c5f-c3b5-4bc4-9e1a-d8cd1ab44c44 workflow_job_template: organization: diff --git a/.github/tests/configure_controller.yml b/tests/configure_controller.yml similarity index 86% rename from .github/tests/configure_controller.yml rename to tests/configure_controller.yml index ad27c2b3c..efd00eea6 100644 --- a/.github/tests/configure_controller.yml +++ b/tests/configure_controller.yml @@ -4,13 +4,14 @@ connection: local vars: controller_validate_certs: false + controller_configuration_secure_logging: false # Define following vars here, or in configs/controller_auth.yml # controller_hostname: controller.example.com # controller_username: admin # controller_password: changeme collections: - awx.awx - - redhat_cop.controller_configuration + - infra.controller_configuration pre_tasks: @@ -37,6 +38,14 @@ ansible.builtin.debug: msg: "Using the 'controller_api' plugin from: {{ controller_api_plugin }}" + - name: Include vars from configs directory + ansible.builtin.include_vars: + dir: ./configs + ignore_files: [controller_config.yml.template] + extensions: ["yml"] + tags: + - always + - name: Wait for Controller to come up ansible.builtin.uri: url: "https://{{ controller_hostname }}/api/v2/ping" @@ -48,23 +57,30 @@ delay: 30 ignore_errors: true - - name: "Show result of ping" + - name: Wait for the controller node to be up + ansible.builtin.uri: + url: "https://{{ controller_hostname }}/api/v2/mesh_visualizer/" + user: "{{ controller_username }}" + password: "{{ controller_password }}" + method: GET + validate_certs: false + force_basic_auth: true + status_code: 200 + body_format: json + register: mesh_data + until: mesh_data.json is defined + retries: 80 + delay: 5 + + - name: "Show result of mesh_visualizer" ansible.builtin.debug: - var: result + var: mesh_data - name: Sleep for 60 seconds and allow awx to come up. ansible.builtin.wait_for: timeout: 60 delegate_to: localhost - - name: Include vars from configs directory - ansible.builtin.include_vars: - dir: ./configs - ignore_files: [controller_config.yml.template] - extensions: ["yml"] - tags: - - always - roles: - dispatch # The dispatch role calls all of the other roles. @@ -94,11 +110,17 @@ ansible.builtin.debug: var: launched_controller_jobs + - name: Combine id output with defaults temp + ansible.builtin.set_fact: + tmp_job: "{{ {'id': item.id} }}" + with_items: "{{ launched_controller_jobs.results }}" + register: tmp_jobs + - name: Cancel Controller Jobs ansible.builtin.include_role: name: jobs_cancel vars: - controller_cancel_jobs: "{{ launched_controller_jobs.results }}" + controller_cancel_jobs: "{{ tmp_jobs.results | map(attribute='ansible_facts.tmp_job') | list }}" when: launched_controller_jobs is defined - name: Launch Controller workflows diff --git a/.github/tests/configure_controller_export_model.yml b/tests/configure_controller_export_model.yml similarity index 88% rename from .github/tests/configure_controller_export_model.yml rename to tests/configure_controller_export_model.yml index eb1d003f6..ce881e141 100644 --- a/.github/tests/configure_controller_export_model.yml +++ b/tests/configure_controller_export_model.yml @@ -7,7 +7,7 @@ controller_validate_certs: false collections: - awx.awx - - redhat_cop.controller_configuration + - infra.controller_configuration # Define following vars here, or in configs/controller_auth.yml # controller_hostname: controller.example.com # controller_username: admin @@ -37,21 +37,28 @@ ansible.builtin.debug: msg: "Using the 'controller_api' plugin from: {{ controller_api_plugin }}" - - name: Wait for Controller to come up - ansible.builtin.uri: - url: "{{ controller_hostname }}/api/v2/ping" - status_code: 200 - register: result - until: result.status == 200 - retries: 20 - delay: 30 - - name: Include vars from controller_configs directory ansible.builtin.include_vars: dir: ./configs_export_model ignore_files: [README.md] extensions: ["yml"] + - name: Wait for the controller to be up + ansible.builtin.uri: + url: "https://{{ controller_hostname }}/api/v2/mesh_visualizer/" + user: "{{ controller_username }}" + password: "{{ controller_password }}" + method: GET + validate_certs: false + force_basic_auth: true + status_code: 200 + body_format: json + register: mesh_data + until: mesh_data.json is defined + retries: 120 + delay: 5 + + roles: - {role: organizations, when: controller_organizations is defined, tags: organizations} - {role: users, when: controller_user_accounts is defined, tags: users} diff --git a/.github/tests/playbooks/README.md b/tests/playbooks/README.md similarity index 94% rename from .github/tests/playbooks/README.md rename to tests/playbooks/README.md index 4b98e85e3..31de12208 100644 --- a/.github/tests/playbooks/README.md +++ b/tests/playbooks/README.md @@ -14,16 +14,10 @@ Currently: ## Usage -The following command will invoke the playbook with the awx collection - -```console -ansible-playbook redhat_cop.controller_configuration.configure_awx.yml -``` - The following command will invoke the playbook with the ansible.controller collection ```console -ansible-playbook redhat_cop.controller_configuration.configure_controller.yml +ansible-playbook infra.controller_configuration.configure_controller.yml ``` ## Examples @@ -132,14 +126,14 @@ This procedure has been tested with **gitlab** git server You have make the following configurations in order to configure CD integration: -1. Configure a Project and a job template with [webhook](https://docs.ansible.com/automation-controller/latest/html/userguide/webhooks.html#id2) property enabled in the Controller pointing to the playbook in charge of CD, you can find an example [here](cd-gitlab-webhook-trigger.yml). +1. Configure a Project and a job template with [webhook](https://docs.ansible.com/automation-controller/latest/html/userguide/webhooks.html#id2) property enabled in the Controller pointing to the playbook in charge of CD, you can find an example [here](https://github.com/redhat-cop/controller_configuration/blob/devel/tests/playbooks/cd_gitlab_webhook_trigger.yml). 2. Configure [project webhook](https://docs.gitlab.com/ee/user/project/integrations/webhook_events.html) on the project where defined configurations are hosted. ## License -[MIT](LICENSE) +[MIT](https://github.com/redhat-cop/controller_configuration#licensing) ## Author -[Sean Sullivan](https://github.com/sean-m-sullivan) +[Sean Sullivan](https://github.com/sean-m-sullivan/) diff --git a/.github/tests/playbooks/cd_gitlab_webhook_trigger.yml b/tests/playbooks/cd_gitlab_webhook_trigger.yml similarity index 96% rename from .github/tests/playbooks/cd_gitlab_webhook_trigger.yml rename to tests/playbooks/cd_gitlab_webhook_trigger.yml index 8dd3bc993..824cf231c 100644 --- a/.github/tests/playbooks/cd_gitlab_webhook_trigger.yml +++ b/tests/playbooks/cd_gitlab_webhook_trigger.yml @@ -27,7 +27,7 @@ - name: Configure Controller Job Launch | Launch launch_jobs Drop Diff (Delete) ansible.builtin.include_role: - name: redhat_cop.controller_configuration.job_launch + name: infra.controller_configuration.job_launch vars: controller_launch_jobs: - name: "{{ org_tags.key }} CasC_JobTemplates_AAP_Drop_Diff" @@ -48,7 +48,7 @@ - name: Configure Controller Job Launch | Launch launch_jobs creation ansible.builtin.include_role: - name: redhat_cop.controller_configuration.job_launch + name: infra.controller_configuration.job_launch vars: controller_launch_jobs: - name: "{{ org_tags.key }} CasC_JobTemplates_AAP_CD_Config_Controller" diff --git a/.github/tests/playbooks/configure_awx.yml b/tests/playbooks/configure_awx.yml similarity index 99% rename from .github/tests/playbooks/configure_awx.yml rename to tests/playbooks/configure_awx.yml index 852a2379f..31bbae543 100644 --- a/.github/tests/playbooks/configure_awx.yml +++ b/tests/playbooks/configure_awx.yml @@ -36,7 +36,7 @@ connection: local collections: - awx.awx - - redhat_cop.controller_configuration + - infra.controller_configuration pre_tasks: - name: Include vars from configs directory diff --git a/.github/tests/playbooks/configure_controller.yml b/tests/playbooks/configure_controller.yml similarity index 99% rename from .github/tests/playbooks/configure_controller.yml rename to tests/playbooks/configure_controller.yml index 5e65ce508..a41ed4e64 100644 --- a/.github/tests/playbooks/configure_controller.yml +++ b/tests/playbooks/configure_controller.yml @@ -36,7 +36,7 @@ connection: local collections: - ansible.controller - - redhat_cop.controller_configuration + - infra.controller_configuration pre_tasks: - name: Include vars from configs directory diff --git a/.github/tests/playbooks/tasks/ad_hoc_cancel.yml b/tests/playbooks/tasks/ad_hoc_cancel.yml similarity index 100% rename from .github/tests/playbooks/tasks/ad_hoc_cancel.yml rename to tests/playbooks/tasks/ad_hoc_cancel.yml diff --git a/tests/sanity/ignore-2.11.txt b/tests/sanity/ignore-2.11.txt new file mode 100644 index 000000000..b2ddbcad7 --- /dev/null +++ b/tests/sanity/ignore-2.11.txt @@ -0,0 +1 @@ +docs/aap_config_as_code_public_meeting.ics line-endings!skip diff --git a/tests/sanity/ignore-2.12.txt b/tests/sanity/ignore-2.12.txt new file mode 100644 index 000000000..b2ddbcad7 --- /dev/null +++ b/tests/sanity/ignore-2.12.txt @@ -0,0 +1 @@ +docs/aap_config_as_code_public_meeting.ics line-endings!skip diff --git a/tests/sanity/ignore-2.13.txt b/tests/sanity/ignore-2.13.txt new file mode 100644 index 000000000..b2ddbcad7 --- /dev/null +++ b/tests/sanity/ignore-2.13.txt @@ -0,0 +1 @@ +docs/aap_config_as_code_public_meeting.ics line-endings!skip diff --git a/tests/sanity/ignore-2.14.txt b/tests/sanity/ignore-2.14.txt new file mode 100644 index 000000000..b2ddbcad7 --- /dev/null +++ b/tests/sanity/ignore-2.14.txt @@ -0,0 +1 @@ +docs/aap_config_as_code_public_meeting.ics line-endings!skip diff --git a/tests/sanity/ignore-2.15.txt b/tests/sanity/ignore-2.15.txt new file mode 100644 index 000000000..b2ddbcad7 --- /dev/null +++ b/tests/sanity/ignore-2.15.txt @@ -0,0 +1 @@ +docs/aap_config_as_code_public_meeting.ics line-endings!skip diff --git a/.github/tests/tasks/ad_hoc_cancel.yml b/tests/tasks/ad_hoc_cancel.yml similarity index 85% rename from .github/tests/tasks/ad_hoc_cancel.yml rename to tests/tasks/ad_hoc_cancel.yml index 47ec7916a..49a05f3bf 100644 --- a/.github/tests/tasks/ad_hoc_cancel.yml +++ b/tests/tasks/ad_hoc_cancel.yml @@ -1,7 +1,7 @@ --- - name: Combine id output with defaults temp ansible.builtin.set_fact: - tmp_ad_hoc: "{{ item | combine(controller_ad_hoc_command_defaults) }}" + tmp_ad_hoc: "{{ {'id': item.id} | combine(controller_ad_hoc_command_defaults) }}" with_items: "{{ controller_ad_hoc_commands_output.results }}" register: tmp_ad_hocs diff --git a/.github/tests/tasks/differential.yml b/tests/tasks/differential.yml similarity index 100% rename from .github/tests/tasks/differential.yml rename to tests/tasks/differential.yml diff --git a/.github/tests/templates/README.md b/tests/templates/README.md similarity index 100% rename from .github/tests/templates/README.md rename to tests/templates/README.md diff --git a/.github/tests/templates/collections/requirements.yml b/tests/templates/collections/requirements.yml similarity index 66% rename from .github/tests/templates/collections/requirements.yml rename to tests/templates/collections/requirements.yml index d6273c44a..e5ca4903d 100644 --- a/.github/tests/templates/collections/requirements.yml +++ b/tests/templates/collections/requirements.yml @@ -3,5 +3,5 @@ collections: - name: awx.awx - name: ansible.tower - name: ansible.controller - - name: redhat_cop.controller_configuration + - name: infra.controller_configuration ... diff --git a/.github/tests/templates/controller_config.yml b/tests/templates/controller_config.yml similarity index 97% rename from .github/tests/templates/controller_config.yml rename to tests/templates/controller_config.yml index a0b816497..07564d3ff 100644 --- a/.github/tests/templates/controller_config.yml +++ b/tests/templates/controller_config.yml @@ -29,7 +29,7 @@ gather_facts: false collections: - ansible.controller - - redhat_cop.controller_configuration + - infra.controller_configuration vars: absent_present: "present" @@ -40,7 +40,7 @@ pre_tasks: - name: Include Vars - include_vars: "vars/controller_vars.yml" + ansible.builtin.include_vars: "vars/controller_vars.yml" tasks: - name: Include task for managing LDAP settings diff --git a/.github/tests/templates/tasks/manage_controller_settings.yml b/tests/templates/tasks/manage_controller_settings.yml similarity index 51% rename from .github/tests/templates/tasks/manage_controller_settings.yml rename to tests/templates/tasks/manage_controller_settings.yml index 000eeacad..0b541fa29 100644 --- a/.github/tests/templates/tasks/manage_controller_settings.yml +++ b/tests/templates/tasks/manage_controller_settings.yml @@ -1,24 +1,24 @@ --- - name: Include LDAP settings vars - include_vars: ../vars/controller_ldap_configuration.json + ansible.builtin.include_vars: ../vars/controller_ldap_configuration.json tags: - settings - alltags - import_role: - name: redhat_cop.controller_configuration.settings + name: infra.controller_configuration.settings tags: - settings - alltags - name: Include credential types vars - include_vars: ../vars/controller_ldap_configuration.json + ansible.builtin.include_vars: ../vars/controller_ldap_configuration.json tags: - settings - alltags - import_role: - name: redhat_cop.controller_configuration.settings + name: infra.controller_configuration.settings tags: - settings - alltags diff --git a/.github/tests/templates/tasks/manage_credential_types.yml b/tests/templates/tasks/manage_credential_types.yml similarity index 51% rename from .github/tests/templates/tasks/manage_credential_types.yml rename to tests/templates/tasks/manage_credential_types.yml index a86d457a2..a83c7e363 100644 --- a/.github/tests/templates/tasks/manage_credential_types.yml +++ b/tests/templates/tasks/manage_credential_types.yml @@ -1,12 +1,12 @@ --- - name: Include credential types vars - include_vars: ../vars/controller_credential_types.yml + ansible.builtin.include_vars: ../vars/controller_credential_types.yml tags: - credtypes - alltags - import_role: - name: redhat_cop.controller_configuration.credential_types + name: infra.controller_configuration.credential_types tags: - credtypes - alltags diff --git a/.github/tests/templates/tasks/manage_credentials.yml b/tests/templates/tasks/manage_credentials.yml similarity index 53% rename from .github/tests/templates/tasks/manage_credentials.yml rename to tests/templates/tasks/manage_credentials.yml index 1b61554b2..0dcc41282 100644 --- a/.github/tests/templates/tasks/manage_credentials.yml +++ b/tests/templates/tasks/manage_credentials.yml @@ -1,12 +1,12 @@ --- - name: Include credentials vars - include_vars: ../vars/controller_credentials.yml + ansible.builtin.include_vars: ../vars/controller_credentials.yml tags: - credentials - alltags - import_role: - name: redhat_cop.controller_configuration.credentials + name: infra.controller_configuration.credentials tags: - credentials - alltags diff --git a/tests/templates/tasks/manage_execution_environments.yml b/tests/templates/tasks/manage_execution_environments.yml new file mode 100644 index 000000000..aa68c734e --- /dev/null +++ b/tests/templates/tasks/manage_execution_environments.yml @@ -0,0 +1,13 @@ +--- +- name: Include EE vars + ansible.builtin.include_vars: ../vars/controller_ees.yml + tags: + - ees + - alltags + +- import_role: + name: infra.controller_configuration.execution_environments + tags: + - ees + - alltags +... diff --git a/.github/tests/templates/tasks/manage_groups.yml b/tests/templates/tasks/manage_groups.yml similarity index 52% rename from .github/tests/templates/tasks/manage_groups.yml rename to tests/templates/tasks/manage_groups.yml index 4908ec6bc..f6faa34f3 100644 --- a/.github/tests/templates/tasks/manage_groups.yml +++ b/tests/templates/tasks/manage_groups.yml @@ -1,12 +1,12 @@ --- - name: Include groups vars - include_vars: ../vars/controller_groups.yml + ansible.builtin.include_vars: ../vars/controller_groups.yml tags: - groups - alltags - import_role: - name: redhat_cop.controller_configuration.groups + name: infra.controller_configuration.groups tags: - groups - alltags diff --git a/.github/tests/templates/tasks/manage_hosts.yml b/tests/templates/tasks/manage_hosts.yml similarity index 52% rename from .github/tests/templates/tasks/manage_hosts.yml rename to tests/templates/tasks/manage_hosts.yml index d5b81346b..a4f6ea2de 100644 --- a/.github/tests/templates/tasks/manage_hosts.yml +++ b/tests/templates/tasks/manage_hosts.yml @@ -1,12 +1,12 @@ --- - name: Include hosts vars - include_vars: ../vars/controller_hosts.yml + ansible.builtin.include_vars: ../vars/controller_hosts.yml tags: - hosts - alltags - import_role: - name: redhat_cop.controller_configuration.hosts + name: infra.controller_configuration.hosts tags: - hosts - alltags diff --git a/.github/tests/templates/tasks/manage_instance_groups.yml b/tests/templates/tasks/manage_instance_groups.yml similarity index 53% rename from .github/tests/templates/tasks/manage_instance_groups.yml rename to tests/templates/tasks/manage_instance_groups.yml index 0ce7c6ab7..6669ef073 100644 --- a/.github/tests/templates/tasks/manage_instance_groups.yml +++ b/tests/templates/tasks/manage_instance_groups.yml @@ -1,12 +1,12 @@ --- - name: Include instance group vars - include_vars: ../vars/controller_instance_groups.yml + ansible.builtin.include_vars: ../vars/controller_instance_groups.yml tags: - instancegroups - alltags - import_role: - name: redhat_cop.controller_configuration.instance_groups + name: infra.controller_configuration.instance_groups tags: - instancegroups - alltags diff --git a/.github/tests/templates/tasks/manage_inventories.yml b/tests/templates/tasks/manage_inventories.yml similarity index 52% rename from .github/tests/templates/tasks/manage_inventories.yml rename to tests/templates/tasks/manage_inventories.yml index 50bfe538b..46c8bf43d 100644 --- a/.github/tests/templates/tasks/manage_inventories.yml +++ b/tests/templates/tasks/manage_inventories.yml @@ -1,12 +1,12 @@ --- - name: Include inventories vars - include_vars: ../vars/controller_inventories.yml + ansible.builtin.include_vars: ../vars/controller_inventories.yml tags: - inventory - alltags - import_role: - name: redhat_cop.controller_configuration.inventories + name: infra.controller_configuration.inventories tags: - inventory - alltags diff --git a/.github/tests/templates/tasks/manage_inventory_sources.yml b/tests/templates/tasks/manage_inventory_sources.yml similarity index 53% rename from .github/tests/templates/tasks/manage_inventory_sources.yml rename to tests/templates/tasks/manage_inventory_sources.yml index b917ecbcf..acafea87c 100644 --- a/.github/tests/templates/tasks/manage_inventory_sources.yml +++ b/tests/templates/tasks/manage_inventory_sources.yml @@ -1,12 +1,12 @@ --- - name: Include inventory sources vars - include_vars: ../vars/controller_inventory_sources.yml + ansible.builtin.include_vars: ../vars/controller_inventory_sources.yml tags: - inventorysources - alltags - include_role: - name: redhat_cop.controller_configuration.inventory_sources + name: infra.controller_configuration.inventory_sources tags: - inventorysources - alltags diff --git a/.github/tests/templates/tasks/manage_job_templates.yml b/tests/templates/tasks/manage_job_templates.yml similarity index 53% rename from .github/tests/templates/tasks/manage_job_templates.yml rename to tests/templates/tasks/manage_job_templates.yml index 3098adb9e..5939a9ca4 100644 --- a/.github/tests/templates/tasks/manage_job_templates.yml +++ b/tests/templates/tasks/manage_job_templates.yml @@ -1,12 +1,12 @@ --- - name: Include job templates vars - include_vars: ../vars/controller_job_templates.yml + ansible.builtin.include_vars: ../vars/controller_job_templates.yml tags: - jobtemplates - alltags - import_role: - name: redhat_cop.controller_configuration.job_templates + name: infra.controller_configuration.job_templates tags: - jobtemplates - alltags diff --git a/.github/tests/templates/tasks/manage_labels.yml b/tests/templates/tasks/manage_labels.yml similarity index 52% rename from .github/tests/templates/tasks/manage_labels.yml rename to tests/templates/tasks/manage_labels.yml index 3dd221d3d..bbbcfabf6 100644 --- a/.github/tests/templates/tasks/manage_labels.yml +++ b/tests/templates/tasks/manage_labels.yml @@ -1,12 +1,12 @@ --- - name: Include labels vars - include_vars: ../vars/controller_labels.yml + ansible.builtin.include_vars: ../vars/controller_labels.yml tags: - labels - alltags - import_role: - name: redhat_cop.controller_configuration.labels + name: infra.controller_configuration.labels tags: - labels - alltags diff --git a/.github/tests/templates/tasks/manage_notification_templates.yml b/tests/templates/tasks/manage_notification_templates.yml similarity index 51% rename from .github/tests/templates/tasks/manage_notification_templates.yml rename to tests/templates/tasks/manage_notification_templates.yml index d626b8a2b..b85a865ba 100644 --- a/.github/tests/templates/tasks/manage_notification_templates.yml +++ b/tests/templates/tasks/manage_notification_templates.yml @@ -1,12 +1,12 @@ --- - name: Include notification template vars - include_vars: ../vars/controller_notification_templates.yml + ansible.builtin.include_vars: ../vars/controller_notification_templates.yml tags: - notifications - alltags - import_role: - name: redhat_cop.controller_configuration.notification_templates + name: infra.controller_configuration.notification_templates tags: - notifications - alltags diff --git a/.github/tests/templates/tasks/manage_organizations.yml b/tests/templates/tasks/manage_organizations.yml similarity index 82% rename from .github/tests/templates/tasks/manage_organizations.yml rename to tests/templates/tasks/manage_organizations.yml index 74a4193e2..b46d79289 100644 --- a/.github/tests/templates/tasks/manage_organizations.yml +++ b/tests/templates/tasks/manage_organizations.yml @@ -25,7 +25,7 @@ - alltags - name: Include organizations vars - include_vars: ../vars/controller_organizations.yml + ansible.builtin.include_vars: ../vars/controller_organizations.yml when: - org_exists is not defined tags: @@ -33,7 +33,7 @@ - alltags - name: Include organizations vars - include_vars: ../vars/controller_organizations_with_hub.yml + ansible.builtin.include_vars: ../vars/controller_organizations_with_hub.yml when: - org_exists is defined - org_exists @@ -42,7 +42,7 @@ - alltags - include_role: - name: redhat_cop.controller_configuration.organizations + name: infra.controller_configuration.organizations tags: - orgs - alltags diff --git a/.github/tests/templates/tasks/manage_projects.yml b/tests/templates/tasks/manage_projects.yml similarity index 52% rename from .github/tests/templates/tasks/manage_projects.yml rename to tests/templates/tasks/manage_projects.yml index b617176f7..bc80ebb0a 100644 --- a/.github/tests/templates/tasks/manage_projects.yml +++ b/tests/templates/tasks/manage_projects.yml @@ -1,12 +1,12 @@ --- - name: Include projects vars - include_vars: ../vars/controller_projects.yml + ansible.builtin.include_vars: ../vars/controller_projects.yml tags: - projects - alltags - import_role: - name: redhat_cop.controller_configuration.projects + name: infra.controller_configuration.projects tags: - projects - alltags diff --git a/.github/tests/templates/tasks/manage_roles.yml b/tests/templates/tasks/manage_roles.yml similarity index 52% rename from .github/tests/templates/tasks/manage_roles.yml rename to tests/templates/tasks/manage_roles.yml index 68dce00ab..431fcde06 100644 --- a/.github/tests/templates/tasks/manage_roles.yml +++ b/tests/templates/tasks/manage_roles.yml @@ -1,12 +1,12 @@ --- - name: Include roles vars - include_vars: ../vars/controller_roles.yml + ansible.builtin.include_vars: ../vars/controller_roles.yml tags: - roles - alltags - import_role: - name: redhat_cop.controller_configuration.roles + name: infra.controller_configuration.roles tags: - roles - alltags diff --git a/.github/tests/templates/tasks/manage_schedules.yml b/tests/templates/tasks/manage_schedules.yml similarity index 53% rename from .github/tests/templates/tasks/manage_schedules.yml rename to tests/templates/tasks/manage_schedules.yml index 8585042ac..7b813feae 100644 --- a/.github/tests/templates/tasks/manage_schedules.yml +++ b/tests/templates/tasks/manage_schedules.yml @@ -1,12 +1,12 @@ --- - name: Include schedules vars - include_vars: ../vars/controller_schedules.yml + ansible.builtin.include_vars: ../vars/controller_schedules.yml tags: - schedules - alltags - import_role: - name: redhat_cop.controller_configuration.schedules + name: infra.controller_configuration.schedules tags: - schedules - alltags diff --git a/.github/tests/templates/tasks/manage_teams.yml b/tests/templates/tasks/manage_teams.yml similarity index 52% rename from .github/tests/templates/tasks/manage_teams.yml rename to tests/templates/tasks/manage_teams.yml index 6e8b91ab8..aafa45dc4 100644 --- a/.github/tests/templates/tasks/manage_teams.yml +++ b/tests/templates/tasks/manage_teams.yml @@ -1,12 +1,12 @@ --- - name: Include teams vars - include_vars: ../vars/controller_teams.yml + ansible.builtin.include_vars: ../vars/controller_teams.yml tags: - teams - alltags - import_role: - name: redhat_cop.controller_configuration.teams + name: infra.controller_configuration.teams tags: - teams - alltags diff --git a/.github/tests/templates/tasks/manage_users.yml b/tests/templates/tasks/manage_users.yml similarity index 52% rename from .github/tests/templates/tasks/manage_users.yml rename to tests/templates/tasks/manage_users.yml index 519aca9ca..ef806c48b 100644 --- a/.github/tests/templates/tasks/manage_users.yml +++ b/tests/templates/tasks/manage_users.yml @@ -1,12 +1,12 @@ --- - name: Include users vars - include_vars: ../vars/controller_users.yml + ansible.builtin.include_vars: ../vars/controller_users.yml tags: - users - alltags - import_role: - name: redhat_cop.controller_configuration.users + name: infra.controller_configuration.users tags: - users - alltags diff --git a/.github/tests/templates/tasks/manage_workflow_templates.yml b/tests/templates/tasks/manage_workflow_templates.yml similarity index 50% rename from .github/tests/templates/tasks/manage_workflow_templates.yml rename to tests/templates/tasks/manage_workflow_templates.yml index 10e637ceb..dc1648dbc 100644 --- a/.github/tests/templates/tasks/manage_workflow_templates.yml +++ b/tests/templates/tasks/manage_workflow_templates.yml @@ -1,12 +1,12 @@ --- - name: Include workflows vars - include_vars: ../vars/controller_workflows.yml + ansible.builtin.include_vars: ../vars/controller_workflows.yml tags: - workflows - alltags - import_role: - name: redhat_cop.controller_configuration.workflow_job_templates + name: infra.controller_configuration.workflow_job_templates tags: - workflows - alltags diff --git a/.github/tests/templates/vars/controller_credential_types.yml b/tests/templates/vars/controller_credential_types.yml similarity index 100% rename from .github/tests/templates/vars/controller_credential_types.yml rename to tests/templates/vars/controller_credential_types.yml diff --git a/.github/tests/templates/vars/controller_credentials.yml b/tests/templates/vars/controller_credentials.yml similarity index 100% rename from .github/tests/templates/vars/controller_credentials.yml rename to tests/templates/vars/controller_credentials.yml diff --git a/.github/tests/templates/vars/controller_execution_environments.yml b/tests/templates/vars/controller_execution_environments.yml similarity index 100% rename from .github/tests/templates/vars/controller_execution_environments.yml rename to tests/templates/vars/controller_execution_environments.yml diff --git a/.github/tests/templates/vars/controller_groups.yml b/tests/templates/vars/controller_groups.yml similarity index 100% rename from .github/tests/templates/vars/controller_groups.yml rename to tests/templates/vars/controller_groups.yml diff --git a/.github/tests/templates/vars/controller_hosts.yml b/tests/templates/vars/controller_hosts.yml similarity index 100% rename from .github/tests/templates/vars/controller_hosts.yml rename to tests/templates/vars/controller_hosts.yml diff --git a/.github/tests/templates/vars/controller_instance_groups.yml b/tests/templates/vars/controller_instance_groups.yml similarity index 100% rename from .github/tests/templates/vars/controller_instance_groups.yml rename to tests/templates/vars/controller_instance_groups.yml diff --git a/.github/tests/templates/vars/controller_inventories.yml b/tests/templates/vars/controller_inventories.yml similarity index 100% rename from .github/tests/templates/vars/controller_inventories.yml rename to tests/templates/vars/controller_inventories.yml diff --git a/.github/tests/templates/vars/controller_inventory_sources.yml b/tests/templates/vars/controller_inventory_sources.yml similarity index 100% rename from .github/tests/templates/vars/controller_inventory_sources.yml rename to tests/templates/vars/controller_inventory_sources.yml diff --git a/.github/tests/templates/vars/controller_job_templates.yml b/tests/templates/vars/controller_job_templates.yml similarity index 100% rename from .github/tests/templates/vars/controller_job_templates.yml rename to tests/templates/vars/controller_job_templates.yml diff --git a/.github/tests/templates/vars/controller_labels.yml b/tests/templates/vars/controller_labels.yml similarity index 100% rename from .github/tests/templates/vars/controller_labels.yml rename to tests/templates/vars/controller_labels.yml diff --git a/.github/tests/templates/vars/controller_ldap_configuration.json b/tests/templates/vars/controller_ldap_configuration.json similarity index 100% rename from .github/tests/templates/vars/controller_ldap_configuration.json rename to tests/templates/vars/controller_ldap_configuration.json diff --git a/.github/tests/templates/vars/controller_notification_templates.yml b/tests/templates/vars/controller_notification_templates.yml similarity index 100% rename from .github/tests/templates/vars/controller_notification_templates.yml rename to tests/templates/vars/controller_notification_templates.yml diff --git a/.github/tests/templates/vars/controller_organizations.yml b/tests/templates/vars/controller_organizations.yml similarity index 100% rename from .github/tests/templates/vars/controller_organizations.yml rename to tests/templates/vars/controller_organizations.yml diff --git a/.github/tests/templates/vars/controller_organizations_with_hub.yml b/tests/templates/vars/controller_organizations_with_hub.yml similarity index 100% rename from .github/tests/templates/vars/controller_organizations_with_hub.yml rename to tests/templates/vars/controller_organizations_with_hub.yml diff --git a/.github/tests/templates/vars/controller_projects.yml b/tests/templates/vars/controller_projects.yml similarity index 100% rename from .github/tests/templates/vars/controller_projects.yml rename to tests/templates/vars/controller_projects.yml diff --git a/.github/tests/templates/vars/controller_roles.yml b/tests/templates/vars/controller_roles.yml similarity index 100% rename from .github/tests/templates/vars/controller_roles.yml rename to tests/templates/vars/controller_roles.yml diff --git a/.github/tests/templates/vars/controller_schedules.yml b/tests/templates/vars/controller_schedules.yml similarity index 100% rename from .github/tests/templates/vars/controller_schedules.yml rename to tests/templates/vars/controller_schedules.yml diff --git a/.github/tests/templates/vars/controller_teams.yml b/tests/templates/vars/controller_teams.yml similarity index 100% rename from .github/tests/templates/vars/controller_teams.yml rename to tests/templates/vars/controller_teams.yml diff --git a/.github/tests/templates/vars/controller_users.yml b/tests/templates/vars/controller_users.yml similarity index 100% rename from .github/tests/templates/vars/controller_users.yml rename to tests/templates/vars/controller_users.yml diff --git a/.github/tests/templates/vars/controller_vars.yml b/tests/templates/vars/controller_vars.yml similarity index 100% rename from .github/tests/templates/vars/controller_vars.yml rename to tests/templates/vars/controller_vars.yml diff --git a/.github/tests/templates/vars/controller_workflows.yml b/tests/templates/vars/controller_workflows.yml similarity index 100% rename from .github/tests/templates/vars/controller_workflows.yml rename to tests/templates/vars/controller_workflows.yml