library/maas_user.py

#!/usr/bin/python

DOCUMENTATION = '''
---
module: maas_user
short_description: Manage MAAS Clusters Interfaces
options:
  maas:
    description:
      - URL of MAAS server
    default: http://localhost/MAAS/api/1.0/
  key:
    description:
      - MAAS API key
    required: yes
  name:
    description:
      - name of the user
    required: yes
  email:
    description:
      - email address of the user
    required: no
  password:
    description:
      - password for the user
    required: no
  is_superuser:
    description:
      - does the user have priviledges
    default: no
  state:
    description:
      - possible states for this user
    choices: ['present', 'absent', 'query']
    default: present

requirements: [ipaddress, requests_oauthlib, maasclient]
author: David Bainbridge
'''

EXAMPLES = '''
examples:
  maas_user:
    maas: http://my.maas.server.com/MAAS/api/1.0/
    key: 'xBvr9dx5k7S52myufC:fqBXV7hJgXegNZDw9c:K8hsmL47XjAppfQy2pDVW7G49p6PELgp'
    name: MyUser
    email: user@company.com
    password: donttell
    is_superuser: no
    state: present

  maas_user:
    maas: http://my.maas.server.com/MAAS/api/1.0/
    key: 'xBvr9dx5k7S52myufC:fqBXV7hJgXegNZDw9c:K8hsmL47XjAppfQy2pDVW7G49p6PELgp'
    name: MyDeadUser
    state: absent
'''

import sys
import json
import ipaddress
import requests
from maasclient.auth import MaasAuth
from maasclient import MaasClient

# For some reason the maasclient doesn't provide a put method. So
# we will add it here
def put(client, url, params=None):
    return requests.put(url=client.auth.api_url + url,
                        auth=client._oauth(), data=params)

# Attempt to interpret the given value as a JSON object, if that fails
# just return it as a string
def string_or_object(val):
    try:
        return json.loads(val)
    except:
        return val

# Return a copy of the given dictionary with any `null` valued entries
# removed
def remove_null(d_in):
    d = d_in.copy()
    to_remove = []
    for k in d.keys():
        if d[k] == None:
            to_remove.append(k)
    for k in to_remove:
        del d[k]
    return d

# Deterine if two dictionaries are different
def different(have, want):
    have_keys = have.keys()
    for key in want.keys():
        if (key in have_keys and want[key] != have[key]) or key not in have_keys:
            return True
    return False

# Get an user from MAAS using its name, if not found return None
def get_user(maas, name):
    res = maas.get('/users/%s/' % name)
    if res.ok:
        return json.loads(res.text)
    return None

# Create an user based on the value given
def create_user(maas, user):
    merged = user.copy()
    # merged['op'] = 'new'
    res = maas.post('/users/', merged)
    if res.ok:
        return { 'error': False, 'status': get_user(maas, merged['username']) }
    return { 'error': True, 'status': string_or_object(res.text) }

# Delete an user based on the name
def delete_user(maas, name):
    res = maas.delete('/users/%s/' % name)
    if res.ok:
        return { 'error': False }
    return { 'error': True, 'status': string_or_object(res.text) }

def main():
    module = AnsibleModule(
        argument_spec = dict(
            maas=dict(default='http://localhost/MAAS/api/1.0/'),
            key=dict(required=True),
            name=dict(required=True),
            email=dict(required=False),
            password=dict(required=False),
            is_superuser=dict(default=False, type='bool'),
            state=dict(default='present', choices=['present', 'absent', 'query'])
        ),
        supports_check_mode = False
    )

    maas = module.params['maas']
    key = module.params['key']
    state = module.params['state']

    # Construct a sparsely populate desired state
    desired = remove_null({
        'username': module.params['name'],
        'email': module.params['email'],
        'password': module.params['password'],
        'is_superuser': 0 if not module.params['is_superuser'] else 1
    })

    # Authenticate into MAAS
    auth = MaasAuth(maas, key)
    maas = MaasClient(auth)

    # Attempt to get the user from MAAS
    user = get_user(maas, desired['username'])

    # Actions if the user does not currently exist
    if not user:
        if state == 'query':
            # If this is a query, returne it is not found
            module.exit_json(changed=False, found=False)
        elif state == 'present':
            # If this should be present, then attempt to create it
            res = create_user(maas, desired)
            if res['error']:
                module.fail_json(msg=res['status'])
            else:
                module.exit_json(changed=True, user=res['status'])
        else:
            # If this should be absent, then we are done and in the desired state
            module.exit_json(changed=False)

        # Done with users does not exists actions
        return

    # Actions if the user does exist
    if state == 'query':
        # If this is a query, return the user
        module.exit_json(changed=False, found=True, user=user)
    elif state == 'present':
        # If we want this to exists check to see if this is different and
        # needs updated
        if different(user, desired):
            module.fail_json(msg='Specified user, "%s", exists and MAAS does not allow the user to be modified programatically'
                    % user['username'])
        else:
            # No differences, to nothing to change
            module.exit_json(changed=False, user=user)
    else:
        # If we don't want this user, then delete it
        res = delete_user(maas, user['username'])
        if res['error']:
            module.fail_json(msg=res['status'])
        else:
            module.exit_json(changed=True, user=user)

# this is magic, see lib/ansible/module_common.py
#<<INCLUDE_ANSIBLE_MODULE_COMMON>>
if __name__ == '__main__':
    main()