Fully tested update (#956)

* update tests and few other fixes * Clean HEAD * Clean HEAD * Clean HEAD
redhat-cop · Oct 28, 2024 · bc04613 · bc04613
1 parent f230214
commit bc04613
Show file tree

Hide file tree

Showing 105 changed files with 1,268 additions and 284 deletions.
diff --git a/.gitignore b/.gitignore
@@ -7,3 +7,4 @@ test
 tests/output
 .vscode
 ansible.cfg
+tests/localtest.yml
diff --git a/roles/ansible_config/tests/vars/config.yml b/roles/ansible_config/tests/vars/config.yml
@@ -1,16 +1,15 @@
 ---
 ansible_config_list:
-  settings:
-    - header: galaxy
-      keypairs:
-        - key: ignore_certs
-          value: "{{ validate_certs | bool }}"
-        - key: server_list
-          value: "{{ automation_hub_list | map(attribute='name') | join(',') }}"
+  - header: galaxy
+    keypairs:
+      - key: ignore_certs
+        value: "{{ not (aap_validate_certs | bool) }}"
+      - key: server_list
+        value: "{{ automation_hub_list | map(attribute='name') | join(',') }}"
 
 automation_hub_list:
   - name: automation_hub
-    url: https://cloud.redhat.com/api/automation-hub/
+    url: "{{ ah_host }}/api/automation-hub/content/0000001-synclist/"
     auth_url: https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
     token: "{{ ah_token }}"
 ...
diff --git a/roles/controller_license/README.md b/roles/controller_license/README.md
@@ -136,6 +136,7 @@ controller_license:
     redhat_subscription_username: changeme
     redhat_subscription_password: changeme
     controller_license:
+      use_lookup: true
       filters:
         product_name: "Red Hat Ansible Automation Platform"
         support_level: "Self-Support"

diff --git a/roles/controller_license/tasks/manifest.yml b/roles/controller_license/tasks/manifest.yml
@@ -46,12 +46,12 @@
     state:                          "{{ controller_license.state | default(omit) }}"
 
     # Role Standard Options
-    aap_username:            "{{ aap_username | default(omit, true) }}"
-    aap_password:            "{{ aap_password | default(omit, true) }}"
-    controller_oauthtoken:          "{{ aap_token | default(omit, true) }}"
-    request_timeout:                "{{ aap_request_timeout | default(omit, true) }}"
-    controller_host:                "{{ aap_hostname | default(omit, true) }}"
-    validate_certs:                 "{{ aap_validate_certs | default(omit) }}"
+    controller_host: "{{ aap_hostname | default(omit, true) }}"
+    controller_username: "{{ aap_username | default(omit, true) }}"
+    controller_password: "{{ aap_password | default(omit, true) }}"
+    controller_oauthtoken: "{{ aap_token | default(omit, true) }}"
+    request_timeout: "{{ aap_request_timeout | default(omit, true) }}"
+    validate_certs: "{{ aap_validate_certs | default(omit) }}"
   no_log: "{{ controller_configuration_license_secure_logging }}"
   when: controller_license is defined
 ...
diff --git a/roles/controller_license/tasks/subscription.yml b/roles/controller_license/tasks/subscription.yml
@@ -7,12 +7,12 @@
     password: "{{ redhat_subscription_password }}"
     filters: "{{ controller_license.filters | default(_redhat_cop_license_filters) }}"
     # Role Standard Options
-    aap_username:         "{{ aap_username | default(omit, true) }}"
-    aap_password:            "{{ aap_password | default(omit, true) }}"
-    controller_oauthtoken:          "{{ aap_token | default(omit, true) }}"
-    request_timeout:                "{{ aap_request_timeout | default(omit, true) }}"
-    controller_host:                "{{ aap_hostname | default(omit, true) }}"
-    validate_certs:                 "{{ aap_validate_certs | default(omit) }}"
+    controller_host: "{{ aap_hostname | default(omit, true) }}"
+    controller_username: "{{ aap_username | default(omit, true) }}"
+    controller_password: "{{ aap_password | default(omit, true) }}"
+    controller_oauthtoken: "{{ aap_token | default(omit, true) }}"
+    request_timeout: "{{ aap_request_timeout | default(omit, true) }}"
+    validate_certs: "{{ aap_validate_certs | default(omit) }}"
   register: subscription
   when:
     - "'use_lookup' in controller_license"
@@ -25,12 +25,12 @@
     state:                          "{{ controller_license.state | default(omit) }}"
 
     # Role Standard Options
-    aap_username:            "{{ aap_username | default(omit, true) }}"
-    aap_password:            "{{ aap_password | default(omit, true) }}"
-    controller_oauthtoken:          "{{ aap_token | default(omit, true) }}"
-    request_timeout:                "{{ aap_request_timeout | default(omit, true) }}"
-    controller_host:                "{{ aap_hostname | default(omit, true) }}"
-    validate_certs:                 "{{ aap_validate_certs | default(omit) }}"
+    controller_host: "{{ aap_hostname | default(omit, true) }}"
+    controller_username: "{{ aap_username | default(omit, true) }}"
+    controller_password: "{{ aap_password | default(omit, true) }}"
+    controller_oauthtoken: "{{ aap_token | default(omit, true) }}"
+    request_timeout: "{{ aap_request_timeout | default(omit, true) }}"
+    validate_certs: "{{ aap_validate_certs | default(omit) }}"
   no_log: "{{ controller_configuration_license_secure_logging }}"
   when: controller_license is defined
 ...
diff --git a/roles/dispatch/defaults/main.yml b/roles/dispatch/defaults/main.yml
@@ -125,22 +125,37 @@ controller_configuration_dispatcher_roles:
     assign_notification_templates_to_org: true
   - role: controller_projects
     var: controller_projects
-    tags: projects
+    tags:
+      - inventories
+      - projects
   - role: controller_inventories
     var: controller_inventories
     tags: inventories
   - role: controller_inventory_sources
     var: controller_inventory_sources
-    tags: inventory_sources
+    tags:
+      - inventories
+      - inventory_sources
   - role: controller_inventory_source_update
     var: controller_inventory_sources
-    tags: inventory_sources
+    tags:
+      - inventories
+      - inventory_sources
   - role: controller_hosts
     var: controller_hosts
-    tags: hosts
+    tags:
+      - inventories
+      - hosts
   - role: controller_bulk_host_create
     var: controller_bulk_hosts
-    tags: bulk_hosts
+    tags:
+      - inventories
+      - bulk_hosts
+  - role: controller_host_groups
+    var: controller_groups
+    tags:
+      - inventories
+      - host_groups
   - role: controller_job_templates
     var: controller_templates
     tags: job_templates

diff --git a/roles/eda_controller_tokens/README.md b/roles/eda_controller_tokens/README.md
@@ -1,4 +1,4 @@
-# infra.eda_configuration.controller_token
+# infra.eda_configuration.eda_controller_tokens
 
 ## Description
 
@@ -8,27 +8,27 @@ Note that tokens cannot be updated, only created.
 ## Variables
 
 |Variable Name|Default Value|Required|Description|Example|
-|:---:|:---:|:---:|:---:|:---:|
-|`eda_host`|""|yes|URL to the EDA Controller (alias: `eda_hostname`)|127.0.0.1|
-|`aap_username`|""|yes|Admin User on the Ansible Automation Platform Server. Either username / password or oauthtoken need to be specified.||
-|`aap_password`|""|yes|Platform Admin User's password on the EDA Controller Server.  This should be stored in an Ansible Vault at vars/platform-secrets.yml or elsewhere and called from a parent playbook.||
-|`aap_validate_certs`|`False`|no|Whether or not to validate the Ansible Automation Platform Server's SSL certificate.||
-|`aap_request_timeout`|`10`|no|Specify the timeout Ansible should use in requests to the Automation Platform host.||
-|`aap_configuration_async_dir`|`null`|no|Sets the directory to write the results file for async tasks. The default value is set to `null` which uses the Ansible Default of `/root/.ansible_async/`.||
-|`aap_request_timeout`|`10`|no|Specify the timeout in seconds Ansible should use in requests to the Ansible Automation Platform host.||
-|`eda_controller_tokens`|`see below`|yes|Data structure describing your user tokens, described below.||
+|:---|:---:|:---:|:---|:---|
+|`platform_state`|"present"|no|The state all objects will take unless overridden by object default|'absent'|
+|`aap_hostname`|""|yes|URL to the Ansible Automation Platform Server.|127.0.0.1|
+|`aap_validate_certs`|`True`|no|Whether or not to validate the Ansible Automation Platform Server's SSL certificate.||
+|`aap_username`|""|no|Admin User on the Ansible Automation Platform Server. Either username / password or oauthtoken need to be specified.||
+|`aap_password`|""|no|Platform Admin User's password on the Server.  This should be stored in an Ansible Vault at vars/platform-secrets.yml or elsewhere and called from a parent playbook.||
+|`aap_token`|""|no|Controller Admin User's token on the Ansible Automation Platform Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified.||
+|`aap_request_timeout`|`10`|no|Specify the timeout in seconds Ansible should use in requests to the controller host.||
+|`eda_controller_tokens`|`see below`|yes|Data structure describing your users Described below.||
 
 ### Secure Logging Variables
 
-The following Variables complement each other.
+The following Variables compliment each other.
 If Both variables are not set, secure logging defaults to false.
-The role defaults to False as normally the add project task does not include sensitive information.
-eda_configuration_user_token_secure_logging defaults to the value of aap_configuration_secure_logging if it is not explicitly called. This allows for secure logging to be toggled for the entire suite of EDA Controller configuration roles with a single variable, or for the user to selectively use it.
+The role defaults to False as normally the add group_roles task does not include sensitive information.
+eda_configuration_users_secure_logging defaults to the value of aap_configuration_secure_logging if it is not explicitly called. This allows for secure logging to be toggled for the entire suite of automation hub configuration roles with a single variable, or for the user to selectively use it.
 
 |Variable Name|Default Value|Required|Description|
 |:---:|:---:|:---:|:---:|
-|`eda_configuration_user_token_secure_logging`|`False`|no|Whether or not to include the sensitive Project role tasks in the log.  Set this value to `True` if you will be providing your sensitive values from elsewhere.|
-|`aap_configuration_secure_logging`|`False`|no|This variable enables secure logging as well, but is shared across multiple roles, see above.|
+|`eda_configuration_users_secure_logging`|`False`|no|Whether or not to include the sensitive Registry role tasks in the log.  Set this value to `True` if you will be providing your sensitive values from elsewhere.|
+|`aap_configuration_secure_logging`|`False`|no|Whether or not to include the sensitive Registry role tasks in the log.  Set this value to `True` if you will be providing your sensitive values from elsewhere.|
 
 ### Asynchronous Retry Variables
 
@@ -40,9 +40,12 @@ This also speeds up the overall role.
 |Variable Name|Default Value|Required|Description|
 |:---:|:---:|:---:|:---:|
 |`aap_configuration_async_retries`|50|no|This variable sets the number of retries to attempt for the role globally.|
-|`eda_configuration_user_token_async_retries`|`aap_configuration_async_retries`|no|This variable sets the number of retries to attempt for the role.|
-|`eda_configuration_async_delay`|1|no|This sets the delay between retries for the role globally.|
-|`eda_configuration_user_token_async_delay`|`eda_configuration_async_delay`|no|This sets the delay between retries for the role.|
+|`eda_configuration_users_secure_logging`|`aap_configuration_async_retries`|no|This variable sets the number of retries to attempt for the role.|
+|`aap_configuration_async_delay`|1|no|This sets the delay between retries for the role globally.|
+|`eda_configuration_users_async_retries`|`aap_configuration_async_delay`|no|This sets the delay between retries for the role.|
+|`aap_configuration_loop_delay`|1000|no|This variable sets the loop_delay for the role globally.|
+|`eda_configuration_users_async_delay`|`aap_configuration_loop_delay`|no|This variable sets the loop_delay for the role.|
+|`aap_configuration_async_dir`|`null`|no|Sets the directory to write the results file for async tasks. The default value is set to `null` which uses the Ansible Default of `/root/.ansible_async/`.|
 
 ## Data Structure
 

diff --git a/roles/eda_controller_tokens/defaults/main.yml b/roles/eda_controller_tokens/defaults/main.yml
@@ -1,8 +1,8 @@
 ---
 eda_controller_tokens: []
 
-eda_configuration_user_token_secure_logging: "{{ aap_configuration_secure_logging | default(false) }}"
-eda_configuration_user_token_async_retries: "{{ aap_configuration_async_retries | default(50) }}"
-eda_configuration_user_token_async_delay: "{{ aap_configuration_async_delay| default(1) }}"
+eda_configuration_users_token_secure_logging: "{{ aap_configuration_secure_logging | default(false) }}"
+eda_configuration_users_token_async_retries: "{{ aap_configuration_async_retries | default(50) }}"
+eda_configuration_users_token_async_delay: "{{ aap_configuration_async_delay| default(1) }}"
 aap_configuration_async_dir: null
 ...
diff --git a/roles/eda_controller_tokens/meta/argument_specs.yml b/roles/eda_controller_tokens/meta/argument_specs.yml
@@ -11,15 +11,15 @@ argument_specs:
         elements: dict
 
       # Async variables
-      eda_configuration_user_token_async_retries:
+      eda_configuration_users_token_async_retries:
         default: "{{ aap_configuration_async_retries | default(50) }}"
         required: false
         description: This variable sets the number of retries to attempt for the role.
       aap_configuration_async_retries:
         default: 50
         required: false
         description: This variable sets number of retries across all roles as a default.
-      eda_configuration_user_token_async_delay:
+      eda_configuration_users_token_async_delay:
         default: "{{ aap_configuration_async_delay| default(1) }}"
         required: false
         description: This variable sets delay between retries for the role.
@@ -33,7 +33,7 @@ argument_specs:
         description: Sets the directory to write the results file for async tasks. The default value is set to  `null` which uses the Ansible Default of `/root/.ansible_async/`.
 
       # No_log variables
-      eda_configuration_user_token_secure_logging:
+      eda_configuration_users_token_secure_logging:
         default: "{{ aap_configuration_secure_logging | default(false) }}"
         required: false
         type: bool

diff --git a/roles/eda_controller_tokens/meta/main.yml b/roles/eda_controller_tokens/meta/main.yml
@@ -1,6 +1,6 @@
 ---
 galaxy_info:
-  role_name: controller_token
+  role_name: eda_controller_tokens
   author: "Derek Waters"
   description: "An Ansible Role to create a user token in EDA Controller."
   company: "Red Hat"

diff --git a/roles/eda_controller_tokens/tasks/main.yml b/roles/eda_controller_tokens/tasks/main.yml
@@ -6,34 +6,40 @@
     name:                "{{ __token_item.name }}"
     description:         "{{ __token_item.description | default(omit) }}"
     token:               "{{ __token_item.token | default(omit) }}"
-    controller_host:     "{{ aap_hostname}}"
-    eda_username: "{{ aap_username| default(omit) }}"
-    aap_password: "{{ aap_password | default(omit) }}"
-    validate_certs:      "{{ aap_validate_certs| default(omit) }}"
-    request_timeout:     "{{ aap_request_timeout | default(omit) }}"
+    controller_host: "{{ aap_hostname | default(omit, true) }}"
+    controller_username: "{{ aap_username | default(omit, true) }}"
+    controller_password: "{{ aap_password | default(omit, true) }}"
+    request_timeout: "{{ aap_request_timeout | default(omit, true) }}"
+    validate_certs: "{{ aap_validate_certs | default(omit) }}"
   loop: "{{ eda_controller_tokens }}"
   loop_control:
     loop_var: "__token_item"
-  no_log: "{{ eda_configuration_user_token_secure_logging }}"
+    label: "{{ __operation.verb }} the Controller token {{ __token_item.name }} to EDA"
+    pause: "{{ eda_configuration_users_token_async_delay }}"
+  no_log: "{{ eda_configuration_users_token_secure_logging }}"
   async: 1000
   poll: 0
   register: __controller_tokens_job_async
   changed_when: not __controller_tokens_job_async.changed
   vars:
+    __operation: "{{ operation_translate[__controller_tokens_job_async.state | default(platform_state) | default('present')] }}"
+
     ansible_async_dir: '{{ aap_configuration_async_dir }}'
 
 - name: "Create controller_token | Wait for finish the controller_token creation"
   ansible.builtin.async_status:
     jid: "{{ __controller_tokens_job_async_result_item.ansible_job_id }}"
   register: __controller_tokens_job_async_result
   until: __controller_tokens_job_async_result.finished
-  retries: "{{ eda_configuration_user_token_async_retries }}"
-  delay: "{{ eda_configuration_user_token_async_delay }}"
+  retries: "{{ eda_configuration_users_token_async_retries }}"
+  delay: "{{ eda_configuration_users_token_async_delay }}"
   loop: "{{ __controller_tokens_job_async.results }}"
   loop_control:
     loop_var: __controller_tokens_job_async_result_item
+    label: "{{ __operation.verb }} Controller token {{ __controller_tokens_job_async_result_item.__token_item.name }} | Wait for finish the Controller token {{ __operation.action }}"
   when: __controller_tokens_job_async_result_item.ansible_job_id is defined
-  no_log: "{{ eda_configuration_user_token_secure_logging }}"
+  no_log: "{{ eda_configuration_users_token_secure_logging }}"
   vars:
+    __operation: "{{ operation_translate[__controller_tokens_job_async_result_item.__controller_user_accounts_item.state | default(platform_state) | default('present')] }}"
     ansible_async_dir: '{{ aap_configuration_async_dir }}'
 ...