From 0327cc4436277aa689f4bbcd5e4ddefe63ca1c6f Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Wed, 1 Jul 2020 11:38:29 +0800 Subject: [PATCH 01/29] add new file --- .../targets/azure_rm_password/aliases | 3 ++ .../targets/azure_rm_password/meta/main.yml | 2 + .../targets/azure_rm_password/tasks/main.yml | 45 +++++++++++++++++ .../targets/azure_rm_serviceprincipal/aliases | 3 ++ .../azure_rm_serviceprincipal/meta/main.yml | 2 + .../azure_rm_serviceprincipal/tasks/main.yml | 49 +++++++++++++++++++ 6 files changed, 104 insertions(+) create mode 100644 tests/integration/targets/azure_rm_password/aliases create mode 100644 tests/integration/targets/azure_rm_password/meta/main.yml create mode 100644 tests/integration/targets/azure_rm_password/tasks/main.yml create mode 100644 tests/integration/targets/azure_rm_serviceprincipal/aliases create mode 100644 tests/integration/targets/azure_rm_serviceprincipal/meta/main.yml create mode 100644 tests/integration/targets/azure_rm_serviceprincipal/tasks/main.yml diff --git a/tests/integration/targets/azure_rm_password/aliases b/tests/integration/targets/azure_rm_password/aliases new file mode 100644 index 000000000..5d29c6c4d --- /dev/null +++ b/tests/integration/targets/azure_rm_password/aliases @@ -0,0 +1,3 @@ +cloud/azure +shippable/azure/group10 +destructive diff --git a/tests/integration/targets/azure_rm_password/meta/main.yml b/tests/integration/targets/azure_rm_password/meta/main.yml new file mode 100644 index 000000000..95e1952f9 --- /dev/null +++ b/tests/integration/targets/azure_rm_password/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - setup_azure diff --git a/tests/integration/targets/azure_rm_password/tasks/main.yml b/tests/integration/targets/azure_rm_password/tasks/main.yml new file mode 100644 index 000000000..9344c9d5f --- /dev/null +++ b/tests/integration/targets/azure_rm_password/tasks/main.yml @@ -0,0 +1,45 @@ +- name: create ad password + azure_rm_password: + app_id: "{{ app_id }}" + value: "Password@032900001" + tenant: "{{ tenant_id }}" + state: present + register: ad_fact + +- assert: + that: + - ad_fact.changed + +- name: can't update ad password + azure_rm_password: + app_id: "{{ app_id }}" + value: "Password@032900002" + tenant: "{{ tenant_id }}" + key_id: "{{ ad_fact.key_id }}" + state: present + register: output + ignore_errors: True + +- name: Get ad password info + azure_rm_password_info: + app_id: "{{ app_id }}" + tenant: "{{ tenant_id }}" + key_id: "{{ ad_fact.key_id }}" + register: ad_info + +- assert: + that: + - ad_info.passwords[0].start_date == ad_fact.start_date + - ad_info.passwords[0].end_date == ad_fact.end_date + +- name: delete all ad password + azure_rm_password: + app_id: "{{ app_id }}" + tenant: "{{ tenant_id }}" + state: absent + register: output + +- assert: + that: + - output.changed + diff --git a/tests/integration/targets/azure_rm_serviceprincipal/aliases b/tests/integration/targets/azure_rm_serviceprincipal/aliases new file mode 100644 index 000000000..5d29c6c4d --- /dev/null +++ b/tests/integration/targets/azure_rm_serviceprincipal/aliases @@ -0,0 +1,3 @@ +cloud/azure +shippable/azure/group10 +destructive diff --git a/tests/integration/targets/azure_rm_serviceprincipal/meta/main.yml b/tests/integration/targets/azure_rm_serviceprincipal/meta/main.yml new file mode 100644 index 000000000..95e1952f9 --- /dev/null +++ b/tests/integration/targets/azure_rm_serviceprincipal/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - setup_azure diff --git a/tests/integration/targets/azure_rm_serviceprincipal/tasks/main.yml b/tests/integration/targets/azure_rm_serviceprincipal/tasks/main.yml new file mode 100644 index 000000000..320990e02 --- /dev/null +++ b/tests/integration/targets/azure_rm_serviceprincipal/tasks/main.yml @@ -0,0 +1,49 @@ +- name: delete ad service principal + azure_rm_serviceprincipal: + app_id: "{{ app_id }}" + tenant: "{{ tenant_id }}" + state: absent + +- name: create ad service principal + azure_rm_serviceprincipal: + app_id: "{{ app_id }}" + tenant: "{{ tenant_id }}" + state: present + register: ad_fact + +- assert: + that: + - ad_fact.changed + +- name: create ad service principal (idempontent) + azure_rm_serviceprincipal: + app_id: "{{ app_id }}" + tenant: "{{ tenant_id }}" + state: present + register: output + +- assert: + that: + - not output.changed + +- name: Get ad service principal info + azure_rm_serviceprincipal_info: + app_id: "{{ app_id }}" + tenant: "{{ tenant_id }}" + register: ad_info + +- assert: + that: + - ad_info.service_principals[0].app_display_name == ad_fact.app_display_name + - ad_info.service_principals[0].app_role_assignment_required == ad_fact.app_role_assignment_required + +- name: delete ad service principal + azure_rm_serviceprincipal: + app_id: "{{ app_id }}" + tenant: "{{ tenant_id }}" + state: absent + register: output + +- assert: + that: + - output.changed From e6dfbc65c60a586103d78f20ed5196725ac9a306 Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Wed, 1 Jul 2020 11:43:40 +0800 Subject: [PATCH 02/29] add new file 002 --- plugins/modules/azure_rm_password.py | 285 ++++++++++++++++++ plugins/modules/azure_rm_password_info.py | 214 +++++++++++++ plugins/modules/azure_rm_serviceprincipal.py | 218 ++++++++++++++ .../modules/azure_rm_serviceprincipal_info.py | 147 +++++++++ 4 files changed, 864 insertions(+) create mode 100644 plugins/modules/azure_rm_password.py create mode 100644 plugins/modules/azure_rm_password_info.py create mode 100644 plugins/modules/azure_rm_serviceprincipal.py create mode 100644 plugins/modules/azure_rm_serviceprincipal_info.py diff --git a/plugins/modules/azure_rm_password.py b/plugins/modules/azure_rm_password.py new file mode 100644 index 000000000..7dd0bad16 --- /dev/null +++ b/plugins/modules/azure_rm_password.py @@ -0,0 +1,285 @@ +#!/usr/bin/python +# +# Copyright (c) 2020 Haiyuan Zhang, +# +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +import datetime +from dateutil.relativedelta import relativedelta + +__metaclass__ = type + + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: azure_rm_password + +version_added: "2.10" + +short_description: Manage application with AAD Graph + +description: + - Manage application with AAD Graph. + +options: + app_id: + description: + - The application ID. + type: str + service_principal_id: + description: + - The service principal ID. + type: str + key_id: + description: + - Password key ID. + type: str + tenant: + description: + - The tenant ID. + type: str + required: True + end_date: + description: + - Date or datemtime after which credentials expire. + - Default value is one year after current time. + type: str + value: + description: + - Application password value. + - Length greater than 18 characters. + type: str + state: + description: + - Assert the state of Active Dirctory Password. + - Use C(present) to create or update a Password and use C(absent) to delete. + - Update is not supported, if I(state=absent) and I(key_id=None), then all passwords of the application will be deleted. + default: present + choices: + - absent + - present + type: str + +extends_documentation_fragment: + - azure.azcollection.azure + - azure.azcollection.azure_tags + +author: + haiyuan_zhang (@haiyuazhang) + Fred-sun (@Fred-sun) + +''' + +EXAMPLES = ''' + - name: create ad password + azure_rm_password: + app_id: "{{ app_id }}" + state: present + value: "$abc12345678" + tenant: "{{ tenant_id }}" +''' + +RETURN = ''' +end_date: + description: + - Date or datemtime after which credentials expire. + - Default value is one year after current time. + type: datetime + returned: always + sample: 2021-06-28T06:00:32.637070+00:00 +key_id: + description: + - Password key ID + type: str + returned: always + sample: 512f259c-c397-4ec6-8598-4f940d411970 +start_date: + description: + - Date or datetime at which credentials become valid. + - Default value is current time. + type: datetime + returned: always + sample: 2020-06-28T06:00:32.637070+00:00 + +''' + +from ansible.module_utils.azure_rm_common import AzureRMModuleBase + +try: + from msrestazure.azure_exceptions import CloudError + from azure.graphrbac.models import GraphErrorException + from azure.graphrbac.models import PasswordCredential + from azure.graphrbac.models import ApplicationUpdateParameters +except ImportError: + # This is handled in azure_rm_common + pass + + +class AzureADPassword(AzureRMModuleBase): + def __init__(self): + + self.module_arg_spec = dict( + app_id=dict(type='str'), + service_principal_id=dict(type='str'), + key_id=dict(type='str'), + tenant=dict(type='str', required=True), + value=dict(type='str'), + end_date=dict(type='str'), + state=dict(type='str', default='present', choices=['present', 'absent']), + ) + + self.state = None + self.tenant = None + self.app_id = None + self.service_principal_id = None + self.app_object_id = None + self.key_id = None + self.value = None + self.end_date = None + self.results = dict(changed=False) + + self.client = None + + super(AzureADPassword, self).__init__(derived_arg_spec=self.module_arg_spec, + supports_check_mode=False, + supports_tags=False, + is_ad_resource=True) + + def exec_module(self, **kwargs): + + for key in list(self.module_arg_spec.keys()): + setattr(self, key, kwargs[key]) + + self.client = self.get_graphrbac_client(self.tenant) + self.resolve_app_obj_id() + passwords = self.get_all_passwords() + + if self.state == 'present': + if self.key_id and self.key_exists(passwords): + self.fail("It can't update existing password") + else: + self.create_password(passwords) + else: + if self.key_id is None: + self.delete_all_passwords(passwords) + else: + self.delete_password(passwords) + + return self.results + + def key_exists(self, old_passwords): + for pd in old_passwords: + if pd.key_id == self.key_id: + return True + return False + + def resolve_app_obj_id(self): + try: + if self.app_object_id is not None: + return + elif self.app_id or self.service_principal_object_id: + if not self.app_id: + sp = self.client.service_principals.get(self.service_principal_id) + self.app_id = sp.app_id + if not self.app_id: + self.fail("can't resolve app via service principal object id {0}".format(self.service_principal_object_id)) + + result = list(self.client.applications.list(filter="appId eq '{}'".format(self.app_id))) + if result: + self.app_object_id = result[0].object_id + else: + self.fail("can't resolve app via app id {0}".format(self.app_id)) + else: + self.fail("one of the [app_id, app_object_id, service_principal_id] must be set") + + except GraphErrorException as ge: + self.fail("error in resolve app_object_id {0}".format(str(ge))) + + def get_all_passwords(self): + + try: + return list(self.client.applications.list_password_credentials(self.app_object_id)) + except GraphErrorException as ge: + self.fail("failed to fetch passwords for app {0}: {1}".format(self.app_object_id,str(ge))) + + def delete_all_passwords(self, old_passwords): + + if len(old_passwords) == 0: + self.results['changed'] = False + return + try: + self.client.applications.patch(self.app_object_id, ApplicationUpdateParameters(password_credentials=[])) + self.results['changed'] = True + except GraphErrorException as ge: + self.fail("fail to purge all passwords for app: {0} - {1}".format(self.app_object_id, str(ge))) + + def delete_password(self, old_passwords): + if not self.key_exists(old_passwords): + self.results['changed'] = False + return + + num_of_passwords_before_delete = len(old_passwords) + + for pd in old_passwords: + if pd.key_id == self.key_id: + old_passwords.remove(pd) + break + try: + self.client.applications.patch(self.app_object_id, ApplicationUpdateParameters(password_credentials=old_passwords)) + num_of_passwords_after_delete = len(self.get_all_passwords()) + if num_of_passwords_after_delete != num_of_passwords_before_delete: + self.results['changed'] = True + self.results['num_of_passwords_before_delete'] = num_of_passwords_before_delete + self.results['num_of_passwords_after_delete'] = num_of_passwords_after_delete + + except GraphErrorException as ge: + self.fail("failed to delete password with key id {0} - {1}".format(self.app_id, str(ge))) + + def create_password(self, old_passwords): + def gen_guid(): + import uuid + return uuid.uuid4() + + if self.value is None: + self.fail("when creating a new password, module parameter value can't be None") + + start_date = datetime.datetime.now(datetime.timezone.utc) + end_date = self.end_date or start_date + relativedelta(years=1) + value = self.value + key_id = self.key_id or str(gen_guid()) + + new_password = PasswordCredential(start_date=start_date, end_date=end_date, key_id=key_id, + value=value, custom_key_identifier=None) + old_passwords.append(new_password) + + try: + client = self.get_graphrbac_client(self.tenant) + app_patch_parameters = ApplicationUpdateParameters(password_credentials=old_passwords) + client.applications.patch(self.app_object_id, app_patch_parameters) + + new_passwords = self.get_all_passwords() + for pd in new_passwords: + if pd.key_id == key_id: + self.results['changed'] = True + self.results.update(self.to_dict(pd)) + except GraphErrorException as ge: + self.fail("failed to create new password: {0}".format(str(ge))) + + @staticmethod + def to_dict(pd): + return dict( + end_date=pd.end_date, + start_date=pd.start_date, + key_id=pd.key_id + ) + +def main(): + AzureADPassword() + +if __name__ == '__main__': + main() diff --git a/plugins/modules/azure_rm_password_info.py b/plugins/modules/azure_rm_password_info.py new file mode 100644 index 000000000..354018ce8 --- /dev/null +++ b/plugins/modules/azure_rm_password_info.py @@ -0,0 +1,214 @@ +#!/usr/bin/python +# +# Copyright (c) 2020 Haiyuan Zhang, +# +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +import datetime +from dateutil.relativedelta import relativedelta + +__metaclass__ = type + + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +module: azure_rm_password_info + +version_added: "2.10" + +short_description: Get application info + +description: + - Get application info. + +options: + app_id: + description: + - The application ID. + type: str + service_principal_object_id: + description: + - The service principal object ID. + type: str + key_id: + description: + - Password key ID. + type: str + tenant: + description: + - The tenant ID. + type: str + required: True + end_date: + description: + - Date or datemtime after which credentials expire. + - Default value is one year after current time. + type: str + value: + description: + - Application password value. + - Length greater than 18 characters. + type: str + app_object_id: + description: + - The application object ID. + type: str + +extends_documentation_fragment: + - azure.azcollection.azure + - azure.azcollection.azure_tags + +author: + haiyuan_zhang (@haiyuazhang) + Fred-sun (@Fred-sun) +''' + +EXAMPLES = ''' + - name: get ad password info + azure_rm_password_info: + app_id: "{{ app_id }}" + tenant: "{{ tenant_id }}" + key_id: "{{ key_id }}" +''' + +RETURN = ''' +passwords: + description: + - Password info. + returned: success + type: complex + contains: + custom_key_identifier: + description: + - Custom key identifier. + type: str + returned: always + sample: None + end_date: + description: + - Date or datemtime after which credentials expire. + - Default value is one year after current time. + type: datetime + returned: always + sample: 2021-06-18T06:51:25.508304+00:00 + key_id: + description: + - Password key ID. + type: str + returned: always + sample: d33d730d-63e6-45f9-b165-eb723dfa10cd + start_date: + description: + - Date or datetime at which credentials become valid. + - Default value is current time + type: datetime + returned: always + sample: 2020-06-18T06:51:25.508304+00:00 + +''' + +from ansible.module_utils.azure_rm_common import AzureRMModuleBase + +try: + from msrestazure.azure_exceptions import CloudError + from azure.graphrbac.models import GraphErrorException + from azure.graphrbac.models import PasswordCredential + from azure.graphrbac.models import ApplicationUpdateParameters +except ImportError: + # This is handled in azure_rm_common + pass + + +class AzureADPasswordInfo(AzureRMModuleBase): + def __init__(self): + + self.module_arg_spec = dict( + app_id=dict(type='str'), + app_object_id=dict(type='str'), + service_principal_object_id=dict(type='str'), + key_id=dict(type='str'), + tenant=dict(type='str', required=True), + value=dict(type='str'), + end_date=dict(type='str'), + ) + + self.tenant = None + self.app_id = None + self.service_principal_object_id = None + self.app_object_id = None + self.key_id = None + self.value = None + self.end_date = None + self.results = dict(changed=False) + + self.client = None + + super(AzureADPasswordInfo, self).__init__(derived_arg_spec=self.module_arg_spec, + supports_check_mode=False, + supports_tags=False, + is_ad_resource=True) + + def exec_module(self, **kwargs): + + for key in list(self.module_arg_spec.keys()): + setattr(self, key, kwargs[key]) + + self.client = self.get_graphrbac_client(self.tenant) + self.resolve_app_obj_id() + passwords = self.get_all_passwords() + + if self.key_id: + filtered = [ pd for pd in passwords if pd.key_id == self.key_id] + self.results['passwords'] = [ self.to_dict(pd) for pd in filtered] + else: + self.results['passwords'] = [ self.to_dict(pd) for pd in passwords] + + return self.results + + def resolve_app_obj_id(self): + try: + if self.app_object_id is not None: + return + elif self.app_id or self.service_principal_object_id: + if not self.app_id: + sp = self.client.service_principals.get(self.service_principal_id) + self.app_id = sp.app_id + if not self.app_id: + self.fail("can't resolve app via service principal object id {0}".format(self.service_principal_object_id)) + + result = list(self.client.applications.list(filter="appId eq '{}'".format(self.app_id))) + if result: + self.app_object_id = result[0].object_id + else: + self.fail("can't resolve app via app id {0}".format(self.app_id)) + else: + self.fail("one of the [app_id, app_object_id, service_principal_id] must be set") + + except GraphErrorException as ge: + self.fail("error in resolve app_object_id {0}".format(str(ge))) + + def get_all_passwords(self): + + try: + return list(self.client.applications.list_password_credentials(self.app_object_id)) + except GraphErrorException as ge: + self.fail("failed to fetch passwords for app {0}: {1".format(self.app_object_id,str(ge))) + + @staticmethod + def to_dict(pd): + return dict( + end_date=pd.end_date, + start_date=pd.start_date, + key_id=pd.key_id, + custom_key_identifier=str(pd.custom_key_identifier) + ) + +def main(): + AzureADPasswordInfo() + +if __name__ == '__main__': + main() diff --git a/plugins/modules/azure_rm_serviceprincipal.py b/plugins/modules/azure_rm_serviceprincipal.py new file mode 100644 index 000000000..babd3e928 --- /dev/null +++ b/plugins/modules/azure_rm_serviceprincipal.py @@ -0,0 +1,218 @@ +#!/usr/bin/python +# +# Copyright (c) 2020 Haiyuan Zhang, +# +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: azure_rm_serviceprincipal + +version_added: "2.10" + +short_description: Manage Azure Active Directory service principal + +description: + - Manage Azure Active Directory service principal. + +options: + app_id: + description: + - The application ID. + type: str + required: True + tenant: + description: + - The tenant ID. + type: str + required: True + app_role_assignment_required: + description: + - Whether the Role of the Service Principal is set. + type: bool + state: + description: + - Assert the state of Active Dirctory service principal. + - Use C(present) to create or update a Password and use C(absent) to delete. + default: present + choices: + - absent + - present + type: str + +extends_documentation_fragment: + - azure.azcollection.azure + - azure.azcollection.azure_tags + +author: + haiyuan_zhang (@haiyuazhang) + Fred-sun (@Fred-sun) +''' + +EXAMPLES = ''' + - name: create ad sp + azure_rm_serviceprincipal: + app_id: "{{ app_id }}" + state: present + tenant: "{{ tenant_id }}" +''' + +RETURN = ''' +app_display_name: + description: + - Object's display name or its prefix. + type: str + returned: always + sample: fredAKSCluster +app_id: + description: + - The application ID. + returned: always + type: str + sample: b6d3cf80-a95d-4c0c-bfc5-a63f08a1c301 +app_role_assignment_required: + description: + - Whether the Role of the Service Principal is set. + returned: always + type: bool + sample: false +object_id: + description: + - Object ID of the associated application. + returned: always + type: str + sample: c45fae27-41ef-43c1-a2de-99f507247c13 + +''' + +from ansible.module_utils.azure_rm_common_ext import AzureRMModuleBaseExt + +try: + from msrestazure.azure_exceptions import CloudError + from azure.graphrbac.models import GraphErrorException +except ImportError: + # This is handled in azure_rm_common + pass + +class Actions: + NoAction, Create, Update, Delete = range(4) + + +class AzureRMServicePrincipal(AzureRMModuleBaseExt): + def __init__(self): + + self.module_arg_spec = dict( + app_id=dict(type='str', required=True), + tenant=dict(type='str', required=True), + state=dict(type='str', default='present', choices=['present', 'absent']), + app_role_assignment_required=dict(type='bool') + ) + + self.state = None + self.tenant = None + self.app_id = None + self.app_role_assignment_required = None + self.object_id = None + self.results = dict(changed=False) + + super(AzureRMServicePrincipal, self).__init__(derived_arg_spec=self.module_arg_spec, + supports_check_mode=False, + supports_tags=False, + is_ad_resource=True) + + def exec_module(self, **kwargs): + + for key in list(self.module_arg_spec.keys()): + setattr(self, key, kwargs[key]) + + response = self.get_resource() + + if response: + if self.state == 'present': + if self.check_update(response): + self.update_resource(response) + elif self.state == 'absent': + self.delete_resource(response) + else: + if self.state == 'present': + self.create_resource() + elif self.state == 'absent': + self.log("try to delete non exist resource") + + return self.results + + def create_resource(self): + from azure.graphrbac.models import ServicePrincipalCreateParameters + try: + client = self.get_graphrbac_client(self.tenant) + response = client.service_principals.create(ServicePrincipalCreateParameters(app_id=self.app_id, account_enabled=True)) + self.results['changed'] = True + self.results.update(self.to_dict(response)) + return response + except GraphErrorException as ge: + self.fail("Error creating service principle, app id {0} - {1}".format(self.app_id), str(ge)) + + def update_resource(self, old_response): + try: + from azure.graphrbac.models import ServicePrincipalUpdateParameters + client = self.get_graphrbac_client(self.tenant) + to_update = {} + if self.app_role_assignment_required is not None: + to_update['app_role_assignment_required'] = self.app_role_assignment_required + + client.service_principals.update(old_response['object_id'], to_update) + self.results['changed'] = True + self.results.update(self.get_resource()) + + except GraphErrorException as ge: + self.fail("Error deleting service principal app_id {0} - {1}".format(self.app_id, str(ge))) + + def delete_resource(self, response): + try: + client = self.get_graphrbac_client(self.tenant) + client.service_principals.delete(response.get('object_id')) + self.results['changed'] = True + return True + except GraphErrorException as ge: + self.fail("Error deleting service principal app_id {0} - {1}".format(self.app_id, str(ge))) + + def get_resource(self): + try: + client = self.get_graphrbac_client(self.tenant) + result = list(client.service_principals.list(filter="servicePrincipalNames/any(c:c eq '{}')".format(self.app_id))) + if not result: + return False + result = result[0] + return self.to_dict(result) + except GraphErrorException as ge: + self.log("Did not find the graph instance instance {0} - {1}".format(self.app_id, str(ge))) + return False + + def check_update(self, response): + app_assignment_changed = self.app_role_assignment_required is not None and self.app_role_assignment_required != response.get('app_role_assignment_required', None) + to_be_update = False or app_assignment_changed + + return to_be_update + + def to_dict(self, object): + return dict( + app_id = object.app_id, + object_id = object.object_id, + app_display_name = object.display_name, + app_role_assignment_required= object.app_role_assignment_required + ) + + +def main(): + AzureRMServicePrincipal() + +if __name__ == '__main__': + main() diff --git a/plugins/modules/azure_rm_serviceprincipal_info.py b/plugins/modules/azure_rm_serviceprincipal_info.py new file mode 100644 index 000000000..5f69c7eaa --- /dev/null +++ b/plugins/modules/azure_rm_serviceprincipal_info.py @@ -0,0 +1,147 @@ +#!/usr/bin/python +# +# Copyright (c) 2020 Haiyuan Zhang, +# +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +module: azure_rm_serviceprincipal_info + +version_added: "2.10" + +short_description: Get Azure Active Directory service principal info + +description: + - Get Azure Active Directory service principal info. + +options: + app_id: + description: + - The application ID. + type: str + tenant: + description: + - The tenant ID. + type: str + required: True + object_id: + description: + - It's service principal's object ID. + type: str + +extends_documentation_fragment: + - azure.azcollection.azure + - azure.azcollection.azure_tags + +author: + haiyuan_zhang (@haiyuazhang) + Fred-sun (@Fred-sun) +''' + +EXAMPLES = ''' + - name: get ad sp info + azure_rm_serviceprincipal_info: + app_id: "{{ app_id }}" + tenant: "{{ tenant_id }}" + +''' + +RETURN = ''' +app_display_name: + description: + - Object's display name or its prefix. + type: str + returned: always + sample: fredAKSCluster +app_id: + description: + - The application ID. + returned: always + type: str + sample: b6d3cf80-a95d-4c0c-bfc5-a63f08a1c301 +app_role_assignment_required: + description: + - Whether the Role of the Service Principal is set. + type: bool + returned: always + sample: false +object_id: + description: + - It's service principal's object ID. + returned: always + type: str + sample: c45fae27-41ef-43c1-a2de-99f507247c13 + +''' + +from ansible.module_utils.azure_rm_common_ext import AzureRMModuleBase + +try: + from msrestazure.azure_exceptions import CloudError + from azure.graphrbac.models import GraphErrorException +except ImportError: + # This is handled in azure_rm_common + pass + + +class AzureRMServicePrincipalInfo(AzureRMModuleBase): + def __init__(self): + + self.module_arg_spec = dict( + app_id=dict(type='str'), + object_id=dict(type='str'), + tenant=dict(type='str', required=True), + ) + + self.tenant = None + self.app_id = None + self.object_id = None + self.results = dict(changed=False) + + super(AzureRMServicePrincipalInfo, self).__init__(derived_arg_spec=self.module_arg_spec, + supports_check_mode=False, + supports_tags=False, + is_ad_resource=True) + + def exec_module(self, **kwargs): + + for key in list(self.module_arg_spec.keys()): + setattr(self, key, kwargs[key]) + + service_principals = [] + + try: + client = self.get_graphrbac_client(self.tenant) + if self.object_id is None: + service_principals = list(client.service_principals.list(filter="servicePrincipalNames/any(c:c eq '{}')".format(self.app_id))) + else: + service_principals = [client.service_principals.get(self.object_id)] + + self.results['service_principals'] = [self.to_dict(sp) for sp in service_principals] + except GraphErrorException as ge: + self.fail("failed to get service principal info {0}".format(str(ge))) + + return self.results + + def to_dict(self, object): + return dict( + app_id = object.app_id, + object_id = object.object_id, + app_display_name = object.display_name, + app_role_assignment_required= object.app_role_assignment_required + ) + + +def main(): + AzureRMServicePrincipalInfo() + +if __name__ == '__main__': + main() From 4b642b326474fd163d0b07dc25659e11856511ef Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Wed, 1 Jul 2020 13:36:51 +0800 Subject: [PATCH 03/29] update --- plugins/modules/azure_rm_password.py | 2 +- plugins/modules/azure_rm_password_info.py | 2 +- plugins/modules/azure_rm_serviceprincipal.py | 2 +- plugins/modules/azure_rm_serviceprincipal_info.py | 2 +- pr-pipelines.yml | 2 ++ 5 files changed, 6 insertions(+), 4 deletions(-) diff --git a/plugins/modules/azure_rm_password.py b/plugins/modules/azure_rm_password.py index 7dd0bad16..cd607ed95 100644 --- a/plugins/modules/azure_rm_password.py +++ b/plugins/modules/azure_rm_password.py @@ -108,7 +108,7 @@ ''' -from ansible.module_utils.azure_rm_common import AzureRMModuleBase +from ansible_collections.azure.azcollection.plugins.module_utils.azure_rm_common import AzureRMModuleBase try: from msrestazure.azure_exceptions import CloudError diff --git a/plugins/modules/azure_rm_password_info.py b/plugins/modules/azure_rm_password_info.py index 354018ce8..cd70ecada 100644 --- a/plugins/modules/azure_rm_password_info.py +++ b/plugins/modules/azure_rm_password_info.py @@ -111,7 +111,7 @@ ''' -from ansible.module_utils.azure_rm_common import AzureRMModuleBase +from ansible_collections.azure.azcollection.plugins.module_utils.azure_rm_common import AzureRMModuleBase try: from msrestazure.azure_exceptions import CloudError diff --git a/plugins/modules/azure_rm_serviceprincipal.py b/plugins/modules/azure_rm_serviceprincipal.py index babd3e928..3cc321e09 100644 --- a/plugins/modules/azure_rm_serviceprincipal.py +++ b/plugins/modules/azure_rm_serviceprincipal.py @@ -93,7 +93,7 @@ ''' -from ansible.module_utils.azure_rm_common_ext import AzureRMModuleBaseExt +from ansible_collections.azure.azcollection.plugins.module_utils.azure_rm_common_ext import AzureRMModuleBaseExt try: from msrestazure.azure_exceptions import CloudError diff --git a/plugins/modules/azure_rm_serviceprincipal_info.py b/plugins/modules/azure_rm_serviceprincipal_info.py index 5f69c7eaa..b3cfbbd82 100644 --- a/plugins/modules/azure_rm_serviceprincipal_info.py +++ b/plugins/modules/azure_rm_serviceprincipal_info.py @@ -82,7 +82,7 @@ ''' -from ansible.module_utils.azure_rm_common_ext import AzureRMModuleBase +from ansible_collections.azure.azcollection.plugins.module_utils.azure_rm_common_ext import AzureRMModuleBase try: from msrestazure.azure_exceptions import CloudError diff --git a/pr-pipelines.yml b/pr-pipelines.yml index 744123069..acf21662e 100644 --- a/pr-pipelines.yml +++ b/pr-pipelines.yml @@ -52,6 +52,8 @@ parameters: - "azure_rm_postgresqlserver" - "azure_rm_privatednszone" - "azure_rm_publicipaddress" + - "azure_rm_password" + - "azure_rm_serviceprincipal" - "azure_rm_rediscache" - "azure_rm_resource" - "azure_rm_resourcegroup" From 26251ace0be47cffd2eddaaf926584e51a4b7760 Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Wed, 1 Jul 2020 14:11:56 +0800 Subject: [PATCH 04/29] reverse file --- .../{azure_rm_password.py => azure_ad_password.py} | 6 +++--- ..._password_info.py => azure_ad_password_info.py} | 6 +++--- ...ceprincipal.py => azure_ad_serviceprincipal.py} | 6 +++--- ...l_info.py => azure_ad_serviceprincipal_info.py} | 6 +++--- pr-pipelines.yml | 4 ++-- .../aliases | 0 .../meta/main.yml | 0 .../tasks/main.yml | 12 ++++++++---- .../aliases | 0 .../meta/main.yml | 0 .../tasks/main.yml | 14 +++++++++----- 11 files changed, 31 insertions(+), 23 deletions(-) rename plugins/modules/{azure_rm_password.py => azure_ad_password.py} (98%) rename plugins/modules/{azure_rm_password_info.py => azure_ad_password_info.py} (97%) rename plugins/modules/{azure_rm_serviceprincipal.py => azure_ad_serviceprincipal.py} (97%) rename plugins/modules/{azure_rm_serviceprincipal_info.py => azure_ad_serviceprincipal_info.py} (95%) rename tests/integration/targets/{azure_rm_password => azure_ad_password}/aliases (100%) rename tests/integration/targets/{azure_rm_password => azure_ad_password}/meta/main.yml (100%) rename tests/integration/targets/{azure_rm_password => azure_ad_password}/tasks/main.yml (81%) rename tests/integration/targets/{azure_rm_serviceprincipal => azure_ad_serviceprincipal}/aliases (100%) rename tests/integration/targets/{azure_rm_serviceprincipal => azure_ad_serviceprincipal}/meta/main.yml (100%) rename tests/integration/targets/{azure_rm_serviceprincipal => azure_ad_serviceprincipal}/tasks/main.yml (79%) diff --git a/plugins/modules/azure_rm_password.py b/plugins/modules/azure_ad_password.py similarity index 98% rename from plugins/modules/azure_rm_password.py rename to plugins/modules/azure_ad_password.py index cd607ed95..d9184d5b9 100644 --- a/plugins/modules/azure_rm_password.py +++ b/plugins/modules/azure_ad_password.py @@ -17,7 +17,7 @@ DOCUMENTATION = ''' --- -module: azure_rm_password +module: azure_ad_password version_added: "2.10" @@ -77,7 +77,7 @@ EXAMPLES = ''' - name: create ad password - azure_rm_password: + azure_ad_password: app_id: "{{ app_id }}" state: present value: "$abc12345678" @@ -108,7 +108,7 @@ ''' -from ansible_collections.azure.azcollection.plugins.module_utils.azure_rm_common import AzureRMModuleBase +from ansible.module_utils.azure_rm_common import AzureRMModuleBase try: from msrestazure.azure_exceptions import CloudError diff --git a/plugins/modules/azure_rm_password_info.py b/plugins/modules/azure_ad_password_info.py similarity index 97% rename from plugins/modules/azure_rm_password_info.py rename to plugins/modules/azure_ad_password_info.py index cd70ecada..1760e3401 100644 --- a/plugins/modules/azure_rm_password_info.py +++ b/plugins/modules/azure_ad_password_info.py @@ -16,7 +16,7 @@ 'supported_by': 'community'} DOCUMENTATION = ''' -module: azure_rm_password_info +module: azure_ad_password_info version_added: "2.10" @@ -69,7 +69,7 @@ EXAMPLES = ''' - name: get ad password info - azure_rm_password_info: + azure_ad_password_info: app_id: "{{ app_id }}" tenant: "{{ tenant_id }}" key_id: "{{ key_id }}" @@ -111,7 +111,7 @@ ''' -from ansible_collections.azure.azcollection.plugins.module_utils.azure_rm_common import AzureRMModuleBase +from ansible.module_utils.azure_rm_common import AzureRMModuleBase try: from msrestazure.azure_exceptions import CloudError diff --git a/plugins/modules/azure_rm_serviceprincipal.py b/plugins/modules/azure_ad_serviceprincipal.py similarity index 97% rename from plugins/modules/azure_rm_serviceprincipal.py rename to plugins/modules/azure_ad_serviceprincipal.py index 3cc321e09..8318fb779 100644 --- a/plugins/modules/azure_rm_serviceprincipal.py +++ b/plugins/modules/azure_ad_serviceprincipal.py @@ -14,7 +14,7 @@ DOCUMENTATION = ''' --- -module: azure_rm_serviceprincipal +module: azure_ad_serviceprincipal version_added: "2.10" @@ -59,7 +59,7 @@ EXAMPLES = ''' - name: create ad sp - azure_rm_serviceprincipal: + azure_ad_serviceprincipal: app_id: "{{ app_id }}" state: present tenant: "{{ tenant_id }}" @@ -93,7 +93,7 @@ ''' -from ansible_collections.azure.azcollection.plugins.module_utils.azure_rm_common_ext import AzureRMModuleBaseExt +from ansible.module_utils.azure_rm_common_ext import AzureRMModuleBaseExt try: from msrestazure.azure_exceptions import CloudError diff --git a/plugins/modules/azure_rm_serviceprincipal_info.py b/plugins/modules/azure_ad_serviceprincipal_info.py similarity index 95% rename from plugins/modules/azure_rm_serviceprincipal_info.py rename to plugins/modules/azure_ad_serviceprincipal_info.py index b3cfbbd82..57c7c2f86 100644 --- a/plugins/modules/azure_rm_serviceprincipal_info.py +++ b/plugins/modules/azure_ad_serviceprincipal_info.py @@ -13,7 +13,7 @@ 'supported_by': 'community'} DOCUMENTATION = ''' -module: azure_rm_serviceprincipal_info +module: azure_ad_serviceprincipal_info version_added: "2.10" @@ -48,7 +48,7 @@ EXAMPLES = ''' - name: get ad sp info - azure_rm_serviceprincipal_info: + azure_ad_serviceprincipal_info: app_id: "{{ app_id }}" tenant: "{{ tenant_id }}" @@ -82,7 +82,7 @@ ''' -from ansible_collections.azure.azcollection.plugins.module_utils.azure_rm_common_ext import AzureRMModuleBase +from ansible.module_utils.azure_rm_common_ext import AzureRMModuleBase try: from msrestazure.azure_exceptions import CloudError diff --git a/pr-pipelines.yml b/pr-pipelines.yml index acf21662e..33f1e130d 100644 --- a/pr-pipelines.yml +++ b/pr-pipelines.yml @@ -52,8 +52,6 @@ parameters: - "azure_rm_postgresqlserver" - "azure_rm_privatednszone" - "azure_rm_publicipaddress" - - "azure_rm_password" - - "azure_rm_serviceprincipal" - "azure_rm_rediscache" - "azure_rm_resource" - "azure_rm_resourcegroup" @@ -74,6 +72,8 @@ parameters: - "azure_rm_virtualnetworkeepring" - "azure_rm_webapp" - "azure_rm_workspace" + - "azure_ad_password" + - "azure_ad_serviceprincipal" - "inventory_azure" - "setup_azure" diff --git a/tests/integration/targets/azure_rm_password/aliases b/tests/integration/targets/azure_ad_password/aliases similarity index 100% rename from tests/integration/targets/azure_rm_password/aliases rename to tests/integration/targets/azure_ad_password/aliases diff --git a/tests/integration/targets/azure_rm_password/meta/main.yml b/tests/integration/targets/azure_ad_password/meta/main.yml similarity index 100% rename from tests/integration/targets/azure_rm_password/meta/main.yml rename to tests/integration/targets/azure_ad_password/meta/main.yml diff --git a/tests/integration/targets/azure_rm_password/tasks/main.yml b/tests/integration/targets/azure_ad_password/tasks/main.yml similarity index 81% rename from tests/integration/targets/azure_rm_password/tasks/main.yml rename to tests/integration/targets/azure_ad_password/tasks/main.yml index 9344c9d5f..dbb43ef66 100644 --- a/tests/integration/targets/azure_rm_password/tasks/main.yml +++ b/tests/integration/targets/azure_ad_password/tasks/main.yml @@ -1,5 +1,9 @@ +- set_fact: + app_id: "5d1e77d2-fc51-428d-ab67-4322e9544814" + tenant_id: "72f988bf-86f1-41af-91ab-2d7cd011db47" + - name: create ad password - azure_rm_password: + azure_ad_password: app_id: "{{ app_id }}" value: "Password@032900001" tenant: "{{ tenant_id }}" @@ -11,7 +15,7 @@ - ad_fact.changed - name: can't update ad password - azure_rm_password: + azure_ad_password: app_id: "{{ app_id }}" value: "Password@032900002" tenant: "{{ tenant_id }}" @@ -21,7 +25,7 @@ ignore_errors: True - name: Get ad password info - azure_rm_password_info: + azure_ad_password_info: app_id: "{{ app_id }}" tenant: "{{ tenant_id }}" key_id: "{{ ad_fact.key_id }}" @@ -33,7 +37,7 @@ - ad_info.passwords[0].end_date == ad_fact.end_date - name: delete all ad password - azure_rm_password: + azure_ad_password: app_id: "{{ app_id }}" tenant: "{{ tenant_id }}" state: absent diff --git a/tests/integration/targets/azure_rm_serviceprincipal/aliases b/tests/integration/targets/azure_ad_serviceprincipal/aliases similarity index 100% rename from tests/integration/targets/azure_rm_serviceprincipal/aliases rename to tests/integration/targets/azure_ad_serviceprincipal/aliases diff --git a/tests/integration/targets/azure_rm_serviceprincipal/meta/main.yml b/tests/integration/targets/azure_ad_serviceprincipal/meta/main.yml similarity index 100% rename from tests/integration/targets/azure_rm_serviceprincipal/meta/main.yml rename to tests/integration/targets/azure_ad_serviceprincipal/meta/main.yml diff --git a/tests/integration/targets/azure_rm_serviceprincipal/tasks/main.yml b/tests/integration/targets/azure_ad_serviceprincipal/tasks/main.yml similarity index 79% rename from tests/integration/targets/azure_rm_serviceprincipal/tasks/main.yml rename to tests/integration/targets/azure_ad_serviceprincipal/tasks/main.yml index 320990e02..bb50dc4ae 100644 --- a/tests/integration/targets/azure_rm_serviceprincipal/tasks/main.yml +++ b/tests/integration/targets/azure_ad_serviceprincipal/tasks/main.yml @@ -1,11 +1,15 @@ +- set_fact: + app_id: "5d1e77d2-fc51-428d-ab67-4322e9544814" + tenant_id: "72f988bf-86f1-41af-91ab-2d7cd011db47" + - name: delete ad service principal - azure_rm_serviceprincipal: + azure_ad_serviceprincipal: app_id: "{{ app_id }}" tenant: "{{ tenant_id }}" state: absent - name: create ad service principal - azure_rm_serviceprincipal: + azure_ad_serviceprincipal: app_id: "{{ app_id }}" tenant: "{{ tenant_id }}" state: present @@ -16,7 +20,7 @@ - ad_fact.changed - name: create ad service principal (idempontent) - azure_rm_serviceprincipal: + azure_ad_serviceprincipal: app_id: "{{ app_id }}" tenant: "{{ tenant_id }}" state: present @@ -27,7 +31,7 @@ - not output.changed - name: Get ad service principal info - azure_rm_serviceprincipal_info: + azure_ad_serviceprincipal_info: app_id: "{{ app_id }}" tenant: "{{ tenant_id }}" register: ad_info @@ -38,7 +42,7 @@ - ad_info.service_principals[0].app_role_assignment_required == ad_fact.app_role_assignment_required - name: delete ad service principal - azure_rm_serviceprincipal: + azure_ad_serviceprincipal: app_id: "{{ app_id }}" tenant: "{{ tenant_id }}" state: absent From 5adb64a664079941f87c9ba815012fc74e284030 Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Wed, 1 Jul 2020 14:33:08 +0800 Subject: [PATCH 05/29] udpate format --- plugins/modules/azure_ad_password.py | 8 +++++--- plugins/modules/azure_ad_password_info.py | 16 +++++++++------- plugins/modules/azure_ad_serviceprincipal.py | 17 ++++++++++------- .../modules/azure_ad_serviceprincipal_info.py | 13 +++++++------ .../targets/azure_ad_password/tasks/main.yml | 1 - 5 files changed, 31 insertions(+), 24 deletions(-) diff --git a/plugins/modules/azure_ad_password.py b/plugins/modules/azure_ad_password.py index d9184d5b9..7b112998d 100644 --- a/plugins/modules/azure_ad_password.py +++ b/plugins/modules/azure_ad_password.py @@ -6,7 +6,7 @@ from __future__ import absolute_import, division, print_function import datetime -from dateutil.relativedelta import relativedelta +from dateutil.relativedelta import relativedelta __metaclass__ = type @@ -149,7 +149,7 @@ def __init__(self): supports_check_mode=False, supports_tags=False, is_ad_resource=True) - + def exec_module(self, **kwargs): for key in list(self.module_arg_spec.keys()): @@ -205,7 +205,7 @@ def get_all_passwords(self): try: return list(self.client.applications.list_password_credentials(self.app_object_id)) except GraphErrorException as ge: - self.fail("failed to fetch passwords for app {0}: {1}".format(self.app_object_id,str(ge))) + self.fail("failed to fetch passwords for app {0}: {1}".format(self.app_object_id, str(ge))) def delete_all_passwords(self, old_passwords): @@ -278,8 +278,10 @@ def to_dict(pd): key_id=pd.key_id ) + def main(): AzureADPassword() + if __name__ == '__main__': main() diff --git a/plugins/modules/azure_ad_password_info.py b/plugins/modules/azure_ad_password_info.py index 1760e3401..50154eb3e 100644 --- a/plugins/modules/azure_ad_password_info.py +++ b/plugins/modules/azure_ad_password_info.py @@ -6,7 +6,7 @@ from __future__ import absolute_import, division, print_function import datetime -from dateutil.relativedelta import relativedelta +from dateutil.relativedelta import relativedelta __metaclass__ = type @@ -42,7 +42,7 @@ description: - The tenant ID. type: str - required: True + required: True end_date: description: - Date or datemtime after which credentials expire. @@ -151,7 +151,7 @@ def __init__(self): supports_check_mode=False, supports_tags=False, is_ad_resource=True) - + def exec_module(self, **kwargs): for key in list(self.module_arg_spec.keys()): @@ -162,10 +162,10 @@ def exec_module(self, **kwargs): passwords = self.get_all_passwords() if self.key_id: - filtered = [ pd for pd in passwords if pd.key_id == self.key_id] - self.results['passwords'] = [ self.to_dict(pd) for pd in filtered] + filtered = [pd for pd in passwords if pd.key_id == self.key_id] + self.results['passwords'] = [self.to_dict(pd) for pd in filtered] else: - self.results['passwords'] = [ self.to_dict(pd) for pd in passwords] + self.results['passwords'] = [self.to_dict(pd) for pd in passwords] return self.results @@ -196,7 +196,7 @@ def get_all_passwords(self): try: return list(self.client.applications.list_password_credentials(self.app_object_id)) except GraphErrorException as ge: - self.fail("failed to fetch passwords for app {0}: {1".format(self.app_object_id,str(ge))) + self.fail("failed to fetch passwords for app {0}: {1".format(self.app_object_id, str(ge))) @staticmethod def to_dict(pd): @@ -207,8 +207,10 @@ def to_dict(pd): custom_key_identifier=str(pd.custom_key_identifier) ) + def main(): AzureADPasswordInfo() + if __name__ == '__main__': main() diff --git a/plugins/modules/azure_ad_serviceprincipal.py b/plugins/modules/azure_ad_serviceprincipal.py index 8318fb779..754dfb705 100644 --- a/plugins/modules/azure_ad_serviceprincipal.py +++ b/plugins/modules/azure_ad_serviceprincipal.py @@ -102,6 +102,7 @@ # This is handled in azure_rm_common pass + class Actions: NoAction, Create, Update, Delete = range(4) @@ -127,7 +128,7 @@ def __init__(self): supports_check_mode=False, supports_tags=False, is_ad_resource=True) - + def exec_module(self, **kwargs): for key in list(self.module_arg_spec.keys()): @@ -140,7 +141,7 @@ def exec_module(self, **kwargs): if self.check_update(response): self.update_resource(response) elif self.state == 'absent': - self.delete_resource(response) + self.delete_resource(response) else: if self.state == 'present': self.create_resource() @@ -197,22 +198,24 @@ def get_resource(self): return False def check_update(self, response): - app_assignment_changed = self.app_role_assignment_required is not None and self.app_role_assignment_required != response.get('app_role_assignment_required', None) + app_assignment_changed = self.app_role_assignment_required is not None and + self.app_role_assignment_required != response.get('app_role_assignment_required', None) to_be_update = False or app_assignment_changed return to_be_update def to_dict(self, object): return dict( - app_id = object.app_id, - object_id = object.object_id, - app_display_name = object.display_name, - app_role_assignment_required= object.app_role_assignment_required + app_id=object.app_id, + object_id=object.object_id, + app_display_name=object.display_name, + app_role_assignment_required=object.app_role_assignment_required ) def main(): AzureRMServicePrincipal() + if __name__ == '__main__': main() diff --git a/plugins/modules/azure_ad_serviceprincipal_info.py b/plugins/modules/azure_ad_serviceprincipal_info.py index 57c7c2f86..c45731e9d 100644 --- a/plugins/modules/azure_ad_serviceprincipal_info.py +++ b/plugins/modules/azure_ad_serviceprincipal_info.py @@ -110,7 +110,7 @@ def __init__(self): supports_check_mode=False, supports_tags=False, is_ad_resource=True) - + def exec_module(self, **kwargs): for key in list(self.module_arg_spec.keys()): @@ -129,19 +129,20 @@ def exec_module(self, **kwargs): except GraphErrorException as ge: self.fail("failed to get service principal info {0}".format(str(ge))) - return self.results + return self.results def to_dict(self, object): return dict( - app_id = object.app_id, - object_id = object.object_id, - app_display_name = object.display_name, - app_role_assignment_required= object.app_role_assignment_required + app_id=object.app_id, + object_id=object.object_id, + app_display_name=object.display_name, + app_role_assignment_required=object.app_role_assignment_required ) def main(): AzureRMServicePrincipalInfo() + if __name__ == '__main__': main() diff --git a/tests/integration/targets/azure_ad_password/tasks/main.yml b/tests/integration/targets/azure_ad_password/tasks/main.yml index dbb43ef66..eccfca9ed 100644 --- a/tests/integration/targets/azure_ad_password/tasks/main.yml +++ b/tests/integration/targets/azure_ad_password/tasks/main.yml @@ -46,4 +46,3 @@ - assert: that: - output.changed - From 1718b8d6d7e003a1e5e9ee43accb3bb5e0a20f2f Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Wed, 1 Jul 2020 15:41:40 +0800 Subject: [PATCH 06/29] change new 002 --- plugins/modules/azure_ad_password.py | 7 +++---- plugins/modules/azure_ad_password_info.py | 2 +- plugins/modules/azure_ad_serviceprincipal.py | 4 ++-- plugins/modules/azure_ad_serviceprincipal_info.py | 2 +- tests/integration/targets/azure_ad_password/tasks/main.yml | 4 ++-- .../targets/azure_ad_serviceprincipal/tasks/main.yml | 4 ++-- 6 files changed, 11 insertions(+), 12 deletions(-) diff --git a/plugins/modules/azure_ad_password.py b/plugins/modules/azure_ad_password.py index 7b112998d..9369bae96 100644 --- a/plugins/modules/azure_ad_password.py +++ b/plugins/modules/azure_ad_password.py @@ -89,7 +89,7 @@ description: - Date or datemtime after which credentials expire. - Default value is one year after current time. - type: datetime + type: str returned: always sample: 2021-06-28T06:00:32.637070+00:00 key_id: @@ -102,7 +102,7 @@ description: - Date or datetime at which credentials become valid. - Default value is current time. - type: datetime + type: str returned: always sample: 2020-06-28T06:00:32.637070+00:00 @@ -151,7 +151,6 @@ def __init__(self): is_ad_resource=True) def exec_module(self, **kwargs): - for key in list(self.module_arg_spec.keys()): setattr(self, key, kwargs[key]) @@ -189,7 +188,7 @@ def resolve_app_obj_id(self): if not self.app_id: self.fail("can't resolve app via service principal object id {0}".format(self.service_principal_object_id)) - result = list(self.client.applications.list(filter="appId eq '{}'".format(self.app_id))) + result = list(self.client.applications.list(filter="appId eq {0}".format(self.app_id))) if result: self.app_object_id = result[0].object_id else: diff --git a/plugins/modules/azure_ad_password_info.py b/plugins/modules/azure_ad_password_info.py index 50154eb3e..d356fbdd4 100644 --- a/plugins/modules/azure_ad_password_info.py +++ b/plugins/modules/azure_ad_password_info.py @@ -151,7 +151,7 @@ def __init__(self): supports_check_mode=False, supports_tags=False, is_ad_resource=True) - + def exec_module(self, **kwargs): for key in list(self.module_arg_spec.keys()): diff --git a/plugins/modules/azure_ad_serviceprincipal.py b/plugins/modules/azure_ad_serviceprincipal.py index 754dfb705..4708e8ca4 100644 --- a/plugins/modules/azure_ad_serviceprincipal.py +++ b/plugins/modules/azure_ad_serviceprincipal.py @@ -198,8 +198,8 @@ def get_resource(self): return False def check_update(self, response): - app_assignment_changed = self.app_role_assignment_required is not None and - self.app_role_assignment_required != response.get('app_role_assignment_required', None) + app_assignment_changed = self.app_role_assignment_required is not None and\ + self.app_role_assignment_required != response.get('app_role_assignment_required', None) to_be_update = False or app_assignment_changed return to_be_update diff --git a/plugins/modules/azure_ad_serviceprincipal_info.py b/plugins/modules/azure_ad_serviceprincipal_info.py index c45731e9d..79f4b50fa 100644 --- a/plugins/modules/azure_ad_serviceprincipal_info.py +++ b/plugins/modules/azure_ad_serviceprincipal_info.py @@ -121,7 +121,7 @@ def exec_module(self, **kwargs): try: client = self.get_graphrbac_client(self.tenant) if self.object_id is None: - service_principals = list(client.service_principals.list(filter="servicePrincipalNames/any(c:c eq '{}')".format(self.app_id))) + service_principals = list(client.service_principals.list(filter="servicePrincipalNames/any(c:c eq {0})".format(self.app_id))) else: service_principals = [client.service_principals.get(self.object_id)] diff --git a/tests/integration/targets/azure_ad_password/tasks/main.yml b/tests/integration/targets/azure_ad_password/tasks/main.yml index eccfca9ed..6f23b83df 100644 --- a/tests/integration/targets/azure_ad_password/tasks/main.yml +++ b/tests/integration/targets/azure_ad_password/tasks/main.yml @@ -1,6 +1,6 @@ - set_fact: - app_id: "5d1e77d2-fc51-428d-ab67-4322e9544814" - tenant_id: "72f988bf-86f1-41af-91ab-2d7cd011db47" + app_id: "5d1e77d2-fc51-428d-ab67-4322e9544814" + tenant_id: "72f988bf-86f1-41af-91ab-2d7cd011db47" - name: create ad password azure_ad_password: diff --git a/tests/integration/targets/azure_ad_serviceprincipal/tasks/main.yml b/tests/integration/targets/azure_ad_serviceprincipal/tasks/main.yml index bb50dc4ae..e4ea4c94c 100644 --- a/tests/integration/targets/azure_ad_serviceprincipal/tasks/main.yml +++ b/tests/integration/targets/azure_ad_serviceprincipal/tasks/main.yml @@ -1,6 +1,6 @@ - set_fact: - app_id: "5d1e77d2-fc51-428d-ab67-4322e9544814" - tenant_id: "72f988bf-86f1-41af-91ab-2d7cd011db47" + app_id: "5d1e77d2-fc51-428d-ab67-4322e9544814" + tenant_id: "72f988bf-86f1-41af-91ab-2d7cd011db47" - name: delete ad service principal azure_ad_serviceprincipal: From 100f6be1beb56a95ada6ce795e0e64e6b2a71398 Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Wed, 1 Jul 2020 17:58:27 +0800 Subject: [PATCH 07/29] udpate new --- plugins/module_utils/azure_rm_common.py | 23 ++++++++++++++----- plugins/modules/azure_ad_password.py | 4 ++-- plugins/modules/azure_ad_password_info.py | 2 +- plugins/modules/azure_ad_serviceprincipal.py | 2 +- .../modules/azure_ad_serviceprincipal_info.py | 4 ++-- requirements-azure.txt | 2 +- tests/utils/ado/ado.sh | 2 ++ 7 files changed, 26 insertions(+), 13 deletions(-) diff --git a/plugins/module_utils/azure_rm_common.py b/plugins/module_utils/azure_rm_common.py index 5eeb5b382..6c3924dd8 100644 --- a/plugins/module_utils/azure_rm_common.py +++ b/plugins/module_utils/azure_rm_common.py @@ -351,7 +351,7 @@ class AzureRMModuleBase(object): def __init__(self, derived_arg_spec, bypass_checks=False, no_log=False, check_invalid_arguments=None, mutually_exclusive=None, required_together=None, required_one_of=None, add_file_common_args=False, supports_check_mode=False, - required_if=None, supports_tags=True, facts_module=False, skip_exec=False): + required_if=None, supports_tags=True, facts_module=False, skip_exec=False, is_ad_resource=False): merged_arg_spec = dict() merged_arg_spec.update(AZURE_COMMON_ARGS) @@ -418,7 +418,7 @@ def __init__(self, derived_arg_spec, bypass_checks=False, no_log=False, # self.debug = self.module.params.get('debug') # delegate auth to AzureRMAuth class (shared with all plugin types) - self.azure_auth = AzureRMAuth(fail_impl=self.fail, **self.module.params) + self.azure_auth = AzureRMAuth(fail_impl=self.fail, is_ad_resource=is_ad_resource, **self.module.params) # common parameter validation if self.module.params.get('tags'): @@ -827,6 +827,14 @@ def get_api_profile(self, client_type_name, api_profile_name): # wrap basic strings in a dict that just defines the default return dict(default_api_version=profile_raw) + def get_graphrbac_client(self, tenant_id): + from azure.graphrbac import GraphRbacManagementClient + cred = self.azure_auth.azure_credentials + base_url = self.azure_auth._cloud_environment.endpoints.active_directory_graph_resource_id + client = GraphRbacManagementClient(cred, tenant_id, base_url) + + return client + def get_mgmt_svc_client(self, client_type, base_url=None, api_version=None): self.log('Getting management service client {0}'.format(client_type.__name__)) self.check_client_version(client_type) @@ -1225,7 +1233,7 @@ class AzureRMAuthException(Exception): class AzureRMAuth(object): def __init__(self, auth_source='auto', profile=None, subscription_id=None, client_id=None, secret=None, tenant=None, ad_user=None, password=None, cloud_environment='AzureCloud', cert_validation_mode='validate', - api_profile='latest', adfs_authority_url=None, fail_impl=None, **kwargs): + api_profile='latest', adfs_authority_url=None, fail_impl=None, is_ad_resource=False, **kwargs): if fail_impl: self._fail_impl = fail_impl @@ -1234,9 +1242,10 @@ def __init__(self, auth_source='auto', profile=None, subscription_id=None, clien self._cloud_environment = None self._adfs_authority_url = None + self.is_ad_resource = is_ad_resource # authenticate - self.credentials = self._get_credentials( + self.credentials = self._get_credentials(params= dict(auth_source=auth_source, profile=profile, subscription_id=subscription_id, client_id=client_id, secret=secret, tenant=tenant, ad_user=ad_user, password=password, cloud_environment=cloud_environment, cert_validation_mode=cert_validation_mode, api_profile=api_profile, adfs_authority_url=adfs_authority_url)) @@ -1379,8 +1388,10 @@ def _get_msi_credentials(self, subscription_id_param=None, **kwargs): 'subscription_id': subscription_id } - def _get_azure_cli_credentials(self): - credentials, subscription_id = get_azure_cli_credentials() + def _get_azure_cli_credentials(self, resource=None): + if self.is_ad_resource: + resource = 'https://graph.windows.net/' + credentials, subscription_id = get_azure_cli_credentials(resource) cloud_environment = get_cli_active_cloud() cli_credentials = { diff --git a/plugins/modules/azure_ad_password.py b/plugins/modules/azure_ad_password.py index 9369bae96..f8716989d 100644 --- a/plugins/modules/azure_ad_password.py +++ b/plugins/modules/azure_ad_password.py @@ -108,7 +108,7 @@ ''' -from ansible.module_utils.azure_rm_common import AzureRMModuleBase +from ansible_collections.azure.azcollection.plugins.module_utils.azure_rm_common import AzureRMModuleBase try: from msrestazure.azure_exceptions import CloudError @@ -197,7 +197,7 @@ def resolve_app_obj_id(self): self.fail("one of the [app_id, app_object_id, service_principal_id] must be set") except GraphErrorException as ge: - self.fail("error in resolve app_object_id {0}".format(str(ge))) + self.fail("error in resolve app_object_id '{}'".format(str(ge))) def get_all_passwords(self): diff --git a/plugins/modules/azure_ad_password_info.py b/plugins/modules/azure_ad_password_info.py index d356fbdd4..703676d76 100644 --- a/plugins/modules/azure_ad_password_info.py +++ b/plugins/modules/azure_ad_password_info.py @@ -111,7 +111,7 @@ ''' -from ansible.module_utils.azure_rm_common import AzureRMModuleBase +from ansible_collections.azure.azcollection.plugins.module_utils.azure_rm_common import AzureRMModuleBase try: from msrestazure.azure_exceptions import CloudError diff --git a/plugins/modules/azure_ad_serviceprincipal.py b/plugins/modules/azure_ad_serviceprincipal.py index 4708e8ca4..eb45d117a 100644 --- a/plugins/modules/azure_ad_serviceprincipal.py +++ b/plugins/modules/azure_ad_serviceprincipal.py @@ -93,7 +93,7 @@ ''' -from ansible.module_utils.azure_rm_common_ext import AzureRMModuleBaseExt +from ansible_collections.azure.azcollection.plugins.module_utils.azure_rm_common_ext import AzureRMModuleBaseExt try: from msrestazure.azure_exceptions import CloudError diff --git a/plugins/modules/azure_ad_serviceprincipal_info.py b/plugins/modules/azure_ad_serviceprincipal_info.py index 79f4b50fa..6cc5c41c5 100644 --- a/plugins/modules/azure_ad_serviceprincipal_info.py +++ b/plugins/modules/azure_ad_serviceprincipal_info.py @@ -82,7 +82,7 @@ ''' -from ansible.module_utils.azure_rm_common_ext import AzureRMModuleBase +from ansible_collections.azure.azcollection.plugins.module_utils.azure_rm_common_ext import AzureRMModuleBase try: from msrestazure.azure_exceptions import CloudError @@ -121,7 +121,7 @@ def exec_module(self, **kwargs): try: client = self.get_graphrbac_client(self.tenant) if self.object_id is None: - service_principals = list(client.service_principals.list(filter="servicePrincipalNames/any(c:c eq {0})".format(self.app_id))) + service_principals = list(client.service_principals.list(filter="servicePrincipalNames/any(c:c eq '{}')".format(self.app_id))) else: service_principals = [client.service_principals.get(self.object_id)] diff --git a/requirements-azure.txt b/requirements-azure.txt index f1e75b537..c80f02f8d 100644 --- a/requirements-azure.txt +++ b/requirements-azure.txt @@ -31,7 +31,7 @@ azure-storage==0.35.1 msrest==0.6.10 msrestazure==0.6.2 azure-keyvault==1.0.0a1 -azure-graphrbac==0.40.0 +azure-graphrbac==0.61.1 azure-mgmt-cosmosdb==0.5.2 azure-mgmt-hdinsight==0.1.0 azure-mgmt-devtestlabs==3.0.0 diff --git a/tests/utils/ado/ado.sh b/tests/utils/ado/ado.sh index b17ca76c8..bd86118f1 100755 --- a/tests/utils/ado/ado.sh +++ b/tests/utils/ado/ado.sh @@ -64,8 +64,10 @@ mkdir -p shippable/testresults if [ "$2" = "2.7" ] then pip install -I -r "${TEST_DIR}/requirements-azure.txt" + pip list else pip3 install -I -r "${TEST_DIR}/requirements-azure.txt" + pip3 list fi timeout=60 From 4f6648346a7d67f286b87a82f8daf7c13fb29c1f Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Wed, 1 Jul 2020 18:42:41 +0800 Subject: [PATCH 08/29] udpate new 02 --- plugins/module_utils/azure_rm_common.py | 2 +- plugins/modules/azure_ad_password.py | 2 +- plugins/modules/azure_ad_password_info.py | 4 ++-- plugins/modules/azure_ad_serviceprincipal.py | 8 ++++---- plugins/modules/azure_ad_serviceprincipal_info.py | 2 +- tests/sanity/ignore-2.11.txt | 15 +++++++++++++++ tests/sanity/ignore-2.9.txt | 12 ++++++++++++ 7 files changed, 36 insertions(+), 9 deletions(-) diff --git a/plugins/module_utils/azure_rm_common.py b/plugins/module_utils/azure_rm_common.py index 6c3924dd8..f9f3e6b04 100644 --- a/plugins/module_utils/azure_rm_common.py +++ b/plugins/module_utils/azure_rm_common.py @@ -1245,7 +1245,7 @@ def __init__(self, auth_source='auto', profile=None, subscription_id=None, clien self.is_ad_resource = is_ad_resource # authenticate - self.credentials = self._get_credentials(params= + self.credentials = self._get_credentials( dict(auth_source=auth_source, profile=profile, subscription_id=subscription_id, client_id=client_id, secret=secret, tenant=tenant, ad_user=ad_user, password=password, cloud_environment=cloud_environment, cert_validation_mode=cert_validation_mode, api_profile=api_profile, adfs_authority_url=adfs_authority_url)) diff --git a/plugins/modules/azure_ad_password.py b/plugins/modules/azure_ad_password.py index f8716989d..cabf0053b 100644 --- a/plugins/modules/azure_ad_password.py +++ b/plugins/modules/azure_ad_password.py @@ -197,7 +197,7 @@ def resolve_app_obj_id(self): self.fail("one of the [app_id, app_object_id, service_principal_id] must be set") except GraphErrorException as ge: - self.fail("error in resolve app_object_id '{}'".format(str(ge))) + self.fail("error in resolve app_object_id {}".format(str(ge))) def get_all_passwords(self): diff --git a/plugins/modules/azure_ad_password_info.py b/plugins/modules/azure_ad_password_info.py index 703676d76..1ae8ad2f9 100644 --- a/plugins/modules/azure_ad_password_info.py +++ b/plugins/modules/azure_ad_password_info.py @@ -180,7 +180,7 @@ def resolve_app_obj_id(self): if not self.app_id: self.fail("can't resolve app via service principal object id {0}".format(self.service_principal_object_id)) - result = list(self.client.applications.list(filter="appId eq '{}'".format(self.app_id))) + result = list(self.client.applications.list(filter="appId eq {}".format(self.app_id))) if result: self.app_object_id = result[0].object_id else: @@ -196,7 +196,7 @@ def get_all_passwords(self): try: return list(self.client.applications.list_password_credentials(self.app_object_id)) except GraphErrorException as ge: - self.fail("failed to fetch passwords for app {0}: {1".format(self.app_object_id, str(ge))) + self.fail("failed to fetch passwords for app {0}: {1}".format(self.app_object_id, str(ge))) @staticmethod def to_dict(pd): diff --git a/plugins/modules/azure_ad_serviceprincipal.py b/plugins/modules/azure_ad_serviceprincipal.py index eb45d117a..f19f708fa 100644 --- a/plugins/modules/azure_ad_serviceprincipal.py +++ b/plugins/modules/azure_ad_serviceprincipal.py @@ -159,7 +159,7 @@ def create_resource(self): self.results.update(self.to_dict(response)) return response except GraphErrorException as ge: - self.fail("Error creating service principle, app id {0} - {1}".format(self.app_id), str(ge)) + self.fail("Error creating service principle, app id {0} - {1}".format(self.app_id, str(ge))) def update_resource(self, old_response): try: @@ -188,7 +188,7 @@ def delete_resource(self, response): def get_resource(self): try: client = self.get_graphrbac_client(self.tenant) - result = list(client.service_principals.list(filter="servicePrincipalNames/any(c:c eq '{}')".format(self.app_id))) + result = list(client.service_principals.list(filter="servicePrincipalNames/any(c:c eq {})".format(self.app_id))) if not result: return False result = result[0] @@ -198,8 +198,8 @@ def get_resource(self): return False def check_update(self, response): - app_assignment_changed = self.app_role_assignment_required is not None and\ - self.app_role_assignment_required != response.get('app_role_assignment_required', None) + app_assignment_changed = self.app_role_assignment_required is not None and \ + self.app_role_assignment_required != response.get('app_role_assignment_required', None) to_be_update = False or app_assignment_changed return to_be_update diff --git a/plugins/modules/azure_ad_serviceprincipal_info.py b/plugins/modules/azure_ad_serviceprincipal_info.py index 6cc5c41c5..808876fa6 100644 --- a/plugins/modules/azure_ad_serviceprincipal_info.py +++ b/plugins/modules/azure_ad_serviceprincipal_info.py @@ -121,7 +121,7 @@ def exec_module(self, **kwargs): try: client = self.get_graphrbac_client(self.tenant) if self.object_id is None: - service_principals = list(client.service_principals.list(filter="servicePrincipalNames/any(c:c eq '{}')".format(self.app_id))) + service_principals = list(client.service_principals.list(filter="servicePrincipalNames/any(c:c eq {})".format(self.app_id))) else: service_principals = [client.service_principals.get(self.object_id)] diff --git a/tests/sanity/ignore-2.11.txt b/tests/sanity/ignore-2.11.txt index 9113b6329..0377b2d49 100644 --- a/tests/sanity/ignore-2.11.txt +++ b/tests/sanity/ignore-2.11.txt @@ -874,5 +874,20 @@ plugins/modules/azure_rm_privatednszone_info.py validate-modules:deprecation-eit plugins/modules/azure_rm_privatednszone_info.py validate-modules:parameter-list-no-elements plugins/modules/azure_rm_privatednszone_info.py validate-modules:required_if-requirements-unknown plugins/modules/azure_rm_privatednszone_info.py validate-modules:required_if-unknown-key +plugins/modules/azure_rm_password.py validate-modules:deprecation-either-date-or-version +plugins/modules/azure_rm_password.py validate-modules:return-syntax-error +plugins/modules/azure_rm_password.py validate-modules:mport-before-documentation +plugins/modules/azure_rm_password_info.py validate-modules:deprecation-either-date-or-version +plugins/modules/azure_rm_password_info.py validate-modules:import-error +plugins/modules/azure_rm_password_info.py validate-modules:return-syntax-error +plugins/modules/azure_rm_password_info.py validate-modules:import-before-documentation +plugins/modules/azure_rm_serviceprincipal.py validate-modules:deprecation-either-date-or-version +plugins/modules/azure_rm_serviceprincipal.py validate-modules:nonexistent-parameter-documented +plugins/modules/azure_rm_serviceprincipal.py validate-modules:required_if-requirements-unknown +plugins/modules/azure_rm_serviceprincipal.py validate-modules:required_if-unknown-key +plugins/modules/azure_rm_serviceprincipal_info.py validate-modules:deprecation-either-date-or-version +plugins/modules/azure_rm_serviceprincipal_info.py validate-modules:nonexistent-parameter-documented +plugins/modules/azure_rm_serviceprincipal_info.py validate-modules:required_if-requirements-unknown +plugins/modules/azure_rm_serviceprincipal_info.py validate-modules:required_if-unknown-key tests/utils/shippable/check_matrix.py replace-urlopen tests/utils/shippable/timing.py shebang diff --git a/tests/sanity/ignore-2.9.txt b/tests/sanity/ignore-2.9.txt index 9cb04a767..5e909cc71 100644 --- a/tests/sanity/ignore-2.9.txt +++ b/tests/sanity/ignore-2.9.txt @@ -299,5 +299,17 @@ plugins/modules/azure_rm_trafficmanager.py validate-modules:missing-module-utils plugins/modules/azure_rm_trafficmanagerprofile.py validate-modules:missing-module-utils-import plugins/modules/azure_rm_virtualnetworkpeering.py validate-modules:missing-module-utils-import plugins/modules/azure_rm_virtualnetworkpeering_info.py validate-modules:missing-module-utils-import +plugins/modules/azure_ad_password.py validate-modules:missing-module-utils-import +plugins/modules/azure_ad_password.py validate-modules:nonexistent-parameter-documented +plugins/modules/azure_ad_password.py validate-modules:return-syntax-error +plugins/modules/azure_ad_password.py validate-modules:import-before-documentation +plugins/modules/azure_ad_password_info.py validate-modules:missing-module-utils-import +plugins/modules/azure_ad_password_info.py validate-modules:nonexistent-parameter-documented +plugins/modules/azure_ad_password_info.py validate-modules:import-before-documentation +plugins/modules/azure_ad_serviceprincipal.py validate-modules:missing-module-utils-import +plugins/modules/azure_ad_serviceprincipal.py validate-modules:nonexistent-parameter-documented +plugins/modules/azure_ad_serviceprincipal_info.py validate-modules:missing-module-utils-import +plugins/modules/azure_ad_serviceprincipal_info.py validate-modules:nonexistent-parameter-documented +plugins/modules/azure_ad_serviceprincipal_info.py validate-modules: tests/utils/shippable/check_matrix.py replace-urlopen tests/utils/shippable/timing.py shebang From f85a7ba8e02ae2bf383322ce75cdf4dd5851e9fe Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Wed, 1 Jul 2020 18:53:01 +0800 Subject: [PATCH 09/29] update new 03 --- tests/sanity/ignore-2.11.txt | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/tests/sanity/ignore-2.11.txt b/tests/sanity/ignore-2.11.txt index 0377b2d49..02e2793ce 100644 --- a/tests/sanity/ignore-2.11.txt +++ b/tests/sanity/ignore-2.11.txt @@ -874,20 +874,20 @@ plugins/modules/azure_rm_privatednszone_info.py validate-modules:deprecation-eit plugins/modules/azure_rm_privatednszone_info.py validate-modules:parameter-list-no-elements plugins/modules/azure_rm_privatednszone_info.py validate-modules:required_if-requirements-unknown plugins/modules/azure_rm_privatednszone_info.py validate-modules:required_if-unknown-key -plugins/modules/azure_rm_password.py validate-modules:deprecation-either-date-or-version -plugins/modules/azure_rm_password.py validate-modules:return-syntax-error -plugins/modules/azure_rm_password.py validate-modules:mport-before-documentation -plugins/modules/azure_rm_password_info.py validate-modules:deprecation-either-date-or-version -plugins/modules/azure_rm_password_info.py validate-modules:import-error -plugins/modules/azure_rm_password_info.py validate-modules:return-syntax-error -plugins/modules/azure_rm_password_info.py validate-modules:import-before-documentation -plugins/modules/azure_rm_serviceprincipal.py validate-modules:deprecation-either-date-or-version -plugins/modules/azure_rm_serviceprincipal.py validate-modules:nonexistent-parameter-documented -plugins/modules/azure_rm_serviceprincipal.py validate-modules:required_if-requirements-unknown -plugins/modules/azure_rm_serviceprincipal.py validate-modules:required_if-unknown-key -plugins/modules/azure_rm_serviceprincipal_info.py validate-modules:deprecation-either-date-or-version -plugins/modules/azure_rm_serviceprincipal_info.py validate-modules:nonexistent-parameter-documented -plugins/modules/azure_rm_serviceprincipal_info.py validate-modules:required_if-requirements-unknown -plugins/modules/azure_rm_serviceprincipal_info.py validate-modules:required_if-unknown-key +plugins/modules/azure_ad_password.py validate-modules:deprecation-either-date-or-version +plugins/modules/azure_ad_password.py validate-modules:return-syntax-error +plugins/modules/azure_ad_password.py validate-modules:mport-before-documentation +plugins/modules/azure_ad_password_info.py validate-modules:deprecation-either-date-or-version +plugins/modules/azure_ad_password_info.py validate-modules:import-error +plugins/modules/azure_ad_password_info.py validate-modules:return-syntax-error +plugins/modules/azure_ad_password_info.py validate-modules:import-before-documentation +plugins/modules/azure_ad_serviceprincipal.py validate-modules:deprecation-either-date-or-version +plugins/modules/azure_ad_serviceprincipal.py validate-modules:nonexistent-parameter-documented +plugins/modules/azure_ad_serviceprincipal.py validate-modules:required_if-requirements-unknown +plugins/modules/azure_ad_serviceprincipal.py validate-modules:required_if-unknown-key +plugins/modules/azure_ad_serviceprincipal_info.py validate-modules:deprecation-either-date-or-version +plugins/modules/azure_ad_serviceprincipal_info.py validate-modules:nonexistent-parameter-documented +plugins/modules/azure_ad_serviceprincipal_info.py validate-modules:required_if-requirements-unknown +plugins/modules/azure_ad_serviceprincipal_info.py validate-modules:required_if-unknown-key tests/utils/shippable/check_matrix.py replace-urlopen tests/utils/shippable/timing.py shebang From 001c5292409da143ec72fb33ee0753e8860dd5c1 Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Wed, 1 Jul 2020 19:06:25 +0800 Subject: [PATCH 10/29] add new 003 --- plugins/modules/azure_ad_password.py | 5 ++++- plugins/modules/azure_ad_password_info.py | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/plugins/modules/azure_ad_password.py b/plugins/modules/azure_ad_password.py index cabf0053b..abceeb32f 100644 --- a/plugins/modules/azure_ad_password.py +++ b/plugins/modules/azure_ad_password.py @@ -6,7 +6,10 @@ from __future__ import absolute_import, division, print_function import datetime -from dateutil.relativedelta import relativedelta +try: + from dateutil.relativedelta import relativedelta +except ImportError: + pass __metaclass__ = type diff --git a/plugins/modules/azure_ad_password_info.py b/plugins/modules/azure_ad_password_info.py index 1ae8ad2f9..b7f34ae1d 100644 --- a/plugins/modules/azure_ad_password_info.py +++ b/plugins/modules/azure_ad_password_info.py @@ -6,7 +6,10 @@ from __future__ import absolute_import, division, print_function import datetime -from dateutil.relativedelta import relativedelta +try: + from dateutil.relativedelta import relativedelta +except ImportError: + pass __metaclass__ = type From 4e7ad568fef73c9cd3a6e2effa8ddee1dec3756e Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Wed, 1 Jul 2020 19:30:39 +0800 Subject: [PATCH 11/29] change small --- plugins/modules/azure_ad_password.py | 6 +++--- plugins/modules/azure_ad_password_info.py | 2 +- plugins/modules/azure_ad_serviceprincipal_info.py | 2 +- tests/utils/ado/ado.sh | 2 -- 4 files changed, 5 insertions(+), 7 deletions(-) diff --git a/plugins/modules/azure_ad_password.py b/plugins/modules/azure_ad_password.py index abceeb32f..d3ff7ea02 100644 --- a/plugins/modules/azure_ad_password.py +++ b/plugins/modules/azure_ad_password.py @@ -24,10 +24,10 @@ version_added: "2.10" -short_description: Manage application with AAD Graph +short_description: Manage application password description: - - Manage application with AAD Graph. + - Manage application password. options: app_id: @@ -200,7 +200,7 @@ def resolve_app_obj_id(self): self.fail("one of the [app_id, app_object_id, service_principal_id] must be set") except GraphErrorException as ge: - self.fail("error in resolve app_object_id {}".format(str(ge))) + self.fail("error in resolve app_object_id {0}".format(str(ge))) def get_all_passwords(self): diff --git a/plugins/modules/azure_ad_password_info.py b/plugins/modules/azure_ad_password_info.py index b7f34ae1d..b0eebecf7 100644 --- a/plugins/modules/azure_ad_password_info.py +++ b/plugins/modules/azure_ad_password_info.py @@ -183,7 +183,7 @@ def resolve_app_obj_id(self): if not self.app_id: self.fail("can't resolve app via service principal object id {0}".format(self.service_principal_object_id)) - result = list(self.client.applications.list(filter="appId eq {}".format(self.app_id))) + result = list(self.client.applications.list(filter="appId eq {0}".format(self.app_id))) if result: self.app_object_id = result[0].object_id else: diff --git a/plugins/modules/azure_ad_serviceprincipal_info.py b/plugins/modules/azure_ad_serviceprincipal_info.py index 808876fa6..14b307b4b 100644 --- a/plugins/modules/azure_ad_serviceprincipal_info.py +++ b/plugins/modules/azure_ad_serviceprincipal_info.py @@ -121,7 +121,7 @@ def exec_module(self, **kwargs): try: client = self.get_graphrbac_client(self.tenant) if self.object_id is None: - service_principals = list(client.service_principals.list(filter="servicePrincipalNames/any(c:c eq {})".format(self.app_id))) + service_principals = list(client.service_principals.list(filter="servicePrincipalNames/any(c:c eq {0})".format(self.app_id))) else: service_principals = [client.service_principals.get(self.object_id)] diff --git a/tests/utils/ado/ado.sh b/tests/utils/ado/ado.sh index bd86118f1..b17ca76c8 100755 --- a/tests/utils/ado/ado.sh +++ b/tests/utils/ado/ado.sh @@ -64,10 +64,8 @@ mkdir -p shippable/testresults if [ "$2" = "2.7" ] then pip install -I -r "${TEST_DIR}/requirements-azure.txt" - pip list else pip3 install -I -r "${TEST_DIR}/requirements-azure.txt" - pip3 list fi timeout=60 From ac835046c148af449a10e47d58cfc702cb1ce863 Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Thu, 2 Jul 2020 08:58:04 +0800 Subject: [PATCH 12/29] update new 001 --- plugins/modules/azure_ad_password.py | 7 +------ plugins/modules/azure_ad_password_info.py | 10 +++------- plugins/modules/azure_ad_serviceprincipal.py | 2 +- tests/sanity/ignore-2.9.txt | 1 - 4 files changed, 5 insertions(+), 15 deletions(-) diff --git a/plugins/modules/azure_ad_password.py b/plugins/modules/azure_ad_password.py index d3ff7ea02..42f76cb35 100644 --- a/plugins/modules/azure_ad_password.py +++ b/plugins/modules/azure_ad_password.py @@ -6,10 +6,6 @@ from __future__ import absolute_import, division, print_function import datetime -try: - from dateutil.relativedelta import relativedelta -except ImportError: - pass __metaclass__ = type @@ -118,6 +114,7 @@ from azure.graphrbac.models import GraphErrorException from azure.graphrbac.models import PasswordCredential from azure.graphrbac.models import ApplicationUpdateParameters + from dateutil.relativedelta import relativedelta except ImportError: # This is handled in azure_rm_common pass @@ -236,8 +233,6 @@ def delete_password(self, old_passwords): num_of_passwords_after_delete = len(self.get_all_passwords()) if num_of_passwords_after_delete != num_of_passwords_before_delete: self.results['changed'] = True - self.results['num_of_passwords_before_delete'] = num_of_passwords_before_delete - self.results['num_of_passwords_after_delete'] = num_of_passwords_after_delete except GraphErrorException as ge: self.fail("failed to delete password with key id {0} - {1}".format(self.app_id, str(ge))) diff --git a/plugins/modules/azure_ad_password_info.py b/plugins/modules/azure_ad_password_info.py index b0eebecf7..2c01d8daf 100644 --- a/plugins/modules/azure_ad_password_info.py +++ b/plugins/modules/azure_ad_password_info.py @@ -6,10 +6,6 @@ from __future__ import absolute_import, division, print_function import datetime -try: - from dateutil.relativedelta import relativedelta -except ImportError: - pass __metaclass__ = type @@ -23,10 +19,10 @@ version_added: "2.10" -short_description: Get application info +short_description: Get application password info description: - - Get application info. + - Get application password info. options: app_id: @@ -83,7 +79,7 @@ description: - Password info. returned: success - type: complex + type: dict contains: custom_key_identifier: description: diff --git a/plugins/modules/azure_ad_serviceprincipal.py b/plugins/modules/azure_ad_serviceprincipal.py index f19f708fa..69ba3a647 100644 --- a/plugins/modules/azure_ad_serviceprincipal.py +++ b/plugins/modules/azure_ad_serviceprincipal.py @@ -174,7 +174,7 @@ def update_resource(self, old_response): self.results.update(self.get_resource()) except GraphErrorException as ge: - self.fail("Error deleting service principal app_id {0} - {1}".format(self.app_id, str(ge))) + self.fail("Error updating the service principal app_id {0} - {1}".format(self.app_id, str(ge))) def delete_resource(self, response): try: diff --git a/tests/sanity/ignore-2.9.txt b/tests/sanity/ignore-2.9.txt index 5e909cc71..7dca9470f 100644 --- a/tests/sanity/ignore-2.9.txt +++ b/tests/sanity/ignore-2.9.txt @@ -310,6 +310,5 @@ plugins/modules/azure_ad_serviceprincipal.py validate-modules:missing-module-uti plugins/modules/azure_ad_serviceprincipal.py validate-modules:nonexistent-parameter-documented plugins/modules/azure_ad_serviceprincipal_info.py validate-modules:missing-module-utils-import plugins/modules/azure_ad_serviceprincipal_info.py validate-modules:nonexistent-parameter-documented -plugins/modules/azure_ad_serviceprincipal_info.py validate-modules: tests/utils/shippable/check_matrix.py replace-urlopen tests/utils/shippable/timing.py shebang From 0bb6db6940187fb2c083129aac441c511396b1fa Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Thu, 2 Jul 2020 09:37:26 +0800 Subject: [PATCH 13/29] update new 003 --- plugins/modules/azure_ad_serviceprincipal.py | 5 ++--- tests/sanity/ignore-2.11.txt | 9 +++++++-- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/plugins/modules/azure_ad_serviceprincipal.py b/plugins/modules/azure_ad_serviceprincipal.py index 69ba3a647..193915234 100644 --- a/plugins/modules/azure_ad_serviceprincipal.py +++ b/plugins/modules/azure_ad_serviceprincipal.py @@ -188,7 +188,7 @@ def delete_resource(self, response): def get_resource(self): try: client = self.get_graphrbac_client(self.tenant) - result = list(client.service_principals.list(filter="servicePrincipalNames/any(c:c eq {})".format(self.app_id))) + result = list(client.service_principals.list(filter="servicePrincipalNames/any(c:c eq {0})".format(self.app_id))) if not result: return False result = result[0] @@ -200,9 +200,8 @@ def get_resource(self): def check_update(self, response): app_assignment_changed = self.app_role_assignment_required is not None and \ self.app_role_assignment_required != response.get('app_role_assignment_required', None) - to_be_update = False or app_assignment_changed - return to_be_update + return False or self.app_role_assignment_required def to_dict(self, object): return dict( diff --git a/tests/sanity/ignore-2.11.txt b/tests/sanity/ignore-2.11.txt index 02e2793ce..9eb05e9da 100644 --- a/tests/sanity/ignore-2.11.txt +++ b/tests/sanity/ignore-2.11.txt @@ -876,9 +876,14 @@ plugins/modules/azure_rm_privatednszone_info.py validate-modules:required_if-req plugins/modules/azure_rm_privatednszone_info.py validate-modules:required_if-unknown-key plugins/modules/azure_ad_password.py validate-modules:deprecation-either-date-or-version plugins/modules/azure_ad_password.py validate-modules:return-syntax-error -plugins/modules/azure_ad_password.py validate-modules:mport-before-documentation +plugins/modules/azure_ad_password.py validate-modules:import-before-documentation +plugins/modules/azure_ad_password.py validate-modules:nonexistent-parameter-documented +plugins/modules/azure_ad_password.py validate-modules:required_if-requirements-unknown +plugins/modules/azure_ad_password.py validate-modules:required_if-unknown-key +plugins/modules/azure_ad_password_info.py validate-modules:nonexistent-parameter-documented +plugins/modules/azure_ad_password_info.py validate-modules:required_if-requirements-unknown +plugins/modules/azure_ad_password_info.py validate-modules:required_if-unknown-key plugins/modules/azure_ad_password_info.py validate-modules:deprecation-either-date-or-version -plugins/modules/azure_ad_password_info.py validate-modules:import-error plugins/modules/azure_ad_password_info.py validate-modules:return-syntax-error plugins/modules/azure_ad_password_info.py validate-modules:import-before-documentation plugins/modules/azure_ad_serviceprincipal.py validate-modules:deprecation-either-date-or-version From ab8c948f57bc2a50cc8be8f0079ada560938cfe5 Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Thu, 2 Jul 2020 10:05:21 +0800 Subject: [PATCH 14/29] resolve tasks fail --- plugins/modules/azure_ad_password.py | 5 +++++ tests/integration/targets/azure_ad_password/tasks/main.yml | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/plugins/modules/azure_ad_password.py b/plugins/modules/azure_ad_password.py index 42f76cb35..5636262d8 100644 --- a/plugins/modules/azure_ad_password.py +++ b/plugins/modules/azure_ad_password.py @@ -53,6 +53,10 @@ - Application password value. - Length greater than 18 characters. type: str + app_object_id: + description: + - The application object ID. + type: str state: description: - Assert the state of Active Dirctory Password. @@ -126,6 +130,7 @@ def __init__(self): self.module_arg_spec = dict( app_id=dict(type='str'), service_principal_id=dict(type='str'), + app_object_id=dict(type='str'), key_id=dict(type='str'), tenant=dict(type='str', required=True), value=dict(type='str'), diff --git a/tests/integration/targets/azure_ad_password/tasks/main.yml b/tests/integration/targets/azure_ad_password/tasks/main.yml index 6f23b83df..1deab668e 100644 --- a/tests/integration/targets/azure_ad_password/tasks/main.yml +++ b/tests/integration/targets/azure_ad_password/tasks/main.yml @@ -1,12 +1,14 @@ - set_fact: app_id: "5d1e77d2-fc51-428d-ab67-4322e9544814" tenant_id: "72f988bf-86f1-41af-91ab-2d7cd011db47" + app_object_id: "b52e8275-a1ee-4c4a-86ff-15992e0920ed" - name: create ad password azure_ad_password: app_id: "{{ app_id }}" value: "Password@032900001" tenant: "{{ tenant_id }}" + app_object_id: "{{ app_object_id }}" state: present register: ad_fact @@ -20,6 +22,7 @@ value: "Password@032900002" tenant: "{{ tenant_id }}" key_id: "{{ ad_fact.key_id }}" + app_object_id: "{{ app_object_id }}" state: present register: output ignore_errors: True @@ -29,6 +32,7 @@ app_id: "{{ app_id }}" tenant: "{{ tenant_id }}" key_id: "{{ ad_fact.key_id }}" + app_object_id: "{{ app_object_id }}" register: ad_info - assert: @@ -40,6 +44,7 @@ azure_ad_password: app_id: "{{ app_id }}" tenant: "{{ tenant_id }}" + app_object_id: "{{ app_object_id }}" state: absent register: output From 11c8cdd64889fac8e8bbad07fe152ec044f849b1 Mon Sep 17 00:00:00 2001 From: haiyuazhang Date: Thu, 2 Jul 2020 10:38:50 +0800 Subject: [PATCH 15/29] update --- plugins/modules/azure_ad_password.py | 10 +++++++--- plugins/modules/azure_ad_serviceprincipal.py | 4 ---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/plugins/modules/azure_ad_password.py b/plugins/modules/azure_ad_password.py index 5636262d8..e9cfe7750 100644 --- a/plugins/modules/azure_ad_password.py +++ b/plugins/modules/azure_ad_password.py @@ -165,7 +165,7 @@ def exec_module(self, **kwargs): if self.state == 'present': if self.key_id and self.key_exists(passwords): - self.fail("It can't update existing password") + self.update(passwords) else: self.create_password(passwords) else: @@ -272,8 +272,12 @@ def gen_guid(): except GraphErrorException as ge: self.fail("failed to create new password: {0}".format(str(ge))) - @staticmethod - def to_dict(pd): + def update_password(self, old_passwords): + self.fail("update existing password is not supported") + + + + def to_dict(self, pd): return dict( end_date=pd.end_date, start_date=pd.start_date, diff --git a/plugins/modules/azure_ad_serviceprincipal.py b/plugins/modules/azure_ad_serviceprincipal.py index 193915234..7d56cb606 100644 --- a/plugins/modules/azure_ad_serviceprincipal.py +++ b/plugins/modules/azure_ad_serviceprincipal.py @@ -103,10 +103,6 @@ pass -class Actions: - NoAction, Create, Update, Delete = range(4) - - class AzureRMServicePrincipal(AzureRMModuleBaseExt): def __init__(self): From d55226b2fff30454bf185459bb3b58cc718bae3f Mon Sep 17 00:00:00 2001 From: haiyuazhang Date: Thu, 2 Jul 2020 10:41:27 +0800 Subject: [PATCH 16/29] update --- plugins/modules/azure_ad_password.py | 1 - plugins/modules/azure_ad_password_info.py | 3 +-- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/plugins/modules/azure_ad_password.py b/plugins/modules/azure_ad_password.py index e9cfe7750..fbcb00b60 100644 --- a/plugins/modules/azure_ad_password.py +++ b/plugins/modules/azure_ad_password.py @@ -276,7 +276,6 @@ def update_password(self, old_passwords): self.fail("update existing password is not supported") - def to_dict(self, pd): return dict( end_date=pd.end_date, diff --git a/plugins/modules/azure_ad_password_info.py b/plugins/modules/azure_ad_password_info.py index 2c01d8daf..24db24ea9 100644 --- a/plugins/modules/azure_ad_password_info.py +++ b/plugins/modules/azure_ad_password_info.py @@ -197,8 +197,7 @@ def get_all_passwords(self): except GraphErrorException as ge: self.fail("failed to fetch passwords for app {0}: {1}".format(self.app_object_id, str(ge))) - @staticmethod - def to_dict(pd): + def to_dict(self, pd): return dict( end_date=pd.end_date, start_date=pd.start_date, From 0d1b1605ecf7db8c4adf311c5e9d1b69ea7d4450 Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Thu, 2 Jul 2020 11:08:14 +0800 Subject: [PATCH 17/29] update according comment --- plugins/modules/azure_ad_password.py | 6 +++--- plugins/modules/azure_ad_password_info.py | 8 ++++---- .../integration/targets/azure_ad_password/tasks/main.yml | 2 +- .../targets/azure_ad_serviceprincipal/tasks/main.yml | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/plugins/modules/azure_ad_password.py b/plugins/modules/azure_ad_password.py index fbcb00b60..d88c28cdc 100644 --- a/plugins/modules/azure_ad_password.py +++ b/plugins/modules/azure_ad_password.py @@ -36,7 +36,7 @@ type: str key_id: description: - - Password key ID. + - The password key ID. type: str tenant: description: @@ -50,7 +50,7 @@ type: str value: description: - - Application password value. + - The application password value. - Length greater than 18 characters. type: str app_object_id: @@ -97,7 +97,7 @@ sample: 2021-06-28T06:00:32.637070+00:00 key_id: description: - - Password key ID + - The password key ID type: str returned: always sample: 512f259c-c397-4ec6-8598-4f940d411970 diff --git a/plugins/modules/azure_ad_password_info.py b/plugins/modules/azure_ad_password_info.py index 24db24ea9..b26325aeb 100644 --- a/plugins/modules/azure_ad_password_info.py +++ b/plugins/modules/azure_ad_password_info.py @@ -35,7 +35,7 @@ type: str key_id: description: - - Password key ID. + - The password key ID. type: str tenant: description: @@ -49,7 +49,7 @@ type: str value: description: - - Application password value. + - The application password value. - Length greater than 18 characters. type: str app_object_id: @@ -77,7 +77,7 @@ RETURN = ''' passwords: description: - - Password info. + - The password info. returned: success type: dict contains: @@ -96,7 +96,7 @@ sample: 2021-06-18T06:51:25.508304+00:00 key_id: description: - - Password key ID. + - The password key ID. type: str returned: always sample: d33d730d-63e6-45f9-b165-eb723dfa10cd diff --git a/tests/integration/targets/azure_ad_password/tasks/main.yml b/tests/integration/targets/azure_ad_password/tasks/main.yml index 1deab668e..f4baefb35 100644 --- a/tests/integration/targets/azure_ad_password/tasks/main.yml +++ b/tests/integration/targets/azure_ad_password/tasks/main.yml @@ -1,5 +1,5 @@ - set_fact: - app_id: "5d1e77d2-fc51-428d-ab67-4322e9544814" + app_id: "e0a62513-1d81-480e-a6dc-5c99cdd58d9a" tenant_id: "72f988bf-86f1-41af-91ab-2d7cd011db47" app_object_id: "b52e8275-a1ee-4c4a-86ff-15992e0920ed" diff --git a/tests/integration/targets/azure_ad_serviceprincipal/tasks/main.yml b/tests/integration/targets/azure_ad_serviceprincipal/tasks/main.yml index e4ea4c94c..53577826e 100644 --- a/tests/integration/targets/azure_ad_serviceprincipal/tasks/main.yml +++ b/tests/integration/targets/azure_ad_serviceprincipal/tasks/main.yml @@ -1,5 +1,5 @@ - set_fact: - app_id: "5d1e77d2-fc51-428d-ab67-4322e9544814" + app_id: "e0a62513-1d81-480e-a6dc-5c99cdd58d9a" tenant_id: "72f988bf-86f1-41af-91ab-2d7cd011db47" - name: delete ad service principal From 15074cd0979819b4408f445b1ae5af5773e98c12 Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Thu, 2 Jul 2020 14:07:30 +0800 Subject: [PATCH 18/29] reverse change --- plugins/modules/azure_ad_serviceprincipal.py | 2 +- plugins/modules/azure_ad_serviceprincipal_info.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/modules/azure_ad_serviceprincipal.py b/plugins/modules/azure_ad_serviceprincipal.py index 7d56cb606..3e88db177 100644 --- a/plugins/modules/azure_ad_serviceprincipal.py +++ b/plugins/modules/azure_ad_serviceprincipal.py @@ -184,7 +184,7 @@ def delete_resource(self, response): def get_resource(self): try: client = self.get_graphrbac_client(self.tenant) - result = list(client.service_principals.list(filter="servicePrincipalNames/any(c:c eq {0})".format(self.app_id))) + result = list(client.service_principals.list(filter="servicePrincipalNames/any(c:c eq '{}')".format(self.app_id))) if not result: return False result = result[0] diff --git a/plugins/modules/azure_ad_serviceprincipal_info.py b/plugins/modules/azure_ad_serviceprincipal_info.py index 14b307b4b..6cc5c41c5 100644 --- a/plugins/modules/azure_ad_serviceprincipal_info.py +++ b/plugins/modules/azure_ad_serviceprincipal_info.py @@ -121,7 +121,7 @@ def exec_module(self, **kwargs): try: client = self.get_graphrbac_client(self.tenant) if self.object_id is None: - service_principals = list(client.service_principals.list(filter="servicePrincipalNames/any(c:c eq {0})".format(self.app_id))) + service_principals = list(client.service_principals.list(filter="servicePrincipalNames/any(c:c eq '{}')".format(self.app_id))) else: service_principals = [client.service_principals.get(self.object_id)] From 818147a0c94120af61bb07b11d8fbaf2f3885527 Mon Sep 17 00:00:00 2001 From: haiyuazhang Date: Thu, 2 Jul 2020 14:28:05 +0800 Subject: [PATCH 19/29] update --- ...zure_ad_password.py => azure_rm_adpassword.py} | 8 ++++---- ...ssword_info.py => azure_rm_adpassword_info.py} | 8 ++++---- ...rincipal.py => azure_rm_adserviceprincipal.py} | 6 +++--- ...nfo.py => azure_rm_adserviceprincipal_info.py} | 15 ++++++++------- pr-pipelines.yml | 4 ++-- .../aliases | 0 .../meta/main.yml | 0 .../tasks/main.yml | 0 .../aliases | 0 .../meta/main.yml | 0 .../tasks/main.yml | 0 11 files changed, 21 insertions(+), 20 deletions(-) rename plugins/modules/{azure_ad_password.py => azure_rm_adpassword.py} (98%) rename plugins/modules/{azure_ad_password_info.py => azure_rm_adpassword_info.py} (97%) rename plugins/modules/{azure_ad_serviceprincipal.py => azure_rm_adserviceprincipal.py} (98%) rename plugins/modules/{azure_ad_serviceprincipal_info.py => azure_rm_adserviceprincipal_info.py} (92%) rename tests/integration/targets/{azure_ad_password => azure_rm_adpassword}/aliases (100%) rename tests/integration/targets/{azure_ad_password => azure_rm_adpassword}/meta/main.yml (100%) rename tests/integration/targets/{azure_ad_password => azure_rm_adpassword}/tasks/main.yml (100%) rename tests/integration/targets/{azure_ad_serviceprincipal => azure_rm_adserviceprincipal}/aliases (100%) rename tests/integration/targets/{azure_ad_serviceprincipal => azure_rm_adserviceprincipal}/meta/main.yml (100%) rename tests/integration/targets/{azure_ad_serviceprincipal => azure_rm_adserviceprincipal}/tasks/main.yml (100%) diff --git a/plugins/modules/azure_ad_password.py b/plugins/modules/azure_rm_adpassword.py similarity index 98% rename from plugins/modules/azure_ad_password.py rename to plugins/modules/azure_rm_adpassword.py index d88c28cdc..35049179f 100644 --- a/plugins/modules/azure_ad_password.py +++ b/plugins/modules/azure_rm_adpassword.py @@ -16,7 +16,7 @@ DOCUMENTATION = ''' --- -module: azure_ad_password +module: azure_rm_adpassword version_added: "2.10" @@ -80,7 +80,7 @@ EXAMPLES = ''' - name: create ad password - azure_ad_password: + azure_rm_adpassword: app_id: "{{ app_id }}" state: present value: "$abc12345678" @@ -124,7 +124,7 @@ pass -class AzureADPassword(AzureRMModuleBase): +class AzureRMADPassword(AzureRMModuleBase): def __init__(self): self.module_arg_spec = dict( @@ -285,7 +285,7 @@ def to_dict(self, pd): def main(): - AzureADPassword() + AzureRMADPassword() if __name__ == '__main__': diff --git a/plugins/modules/azure_ad_password_info.py b/plugins/modules/azure_rm_adpassword_info.py similarity index 97% rename from plugins/modules/azure_ad_password_info.py rename to plugins/modules/azure_rm_adpassword_info.py index b26325aeb..fb16ea731 100644 --- a/plugins/modules/azure_ad_password_info.py +++ b/plugins/modules/azure_rm_adpassword_info.py @@ -15,7 +15,7 @@ 'supported_by': 'community'} DOCUMENTATION = ''' -module: azure_ad_password_info +module: azure_rm_adpassword_info version_added: "2.10" @@ -68,7 +68,7 @@ EXAMPLES = ''' - name: get ad password info - azure_ad_password_info: + azure_rm_adpassword_info: app_id: "{{ app_id }}" tenant: "{{ tenant_id }}" key_id: "{{ key_id }}" @@ -122,7 +122,7 @@ pass -class AzureADPasswordInfo(AzureRMModuleBase): +class AzureRMADPasswordInfo(AzureRMModuleBase): def __init__(self): self.module_arg_spec = dict( @@ -207,7 +207,7 @@ def to_dict(self, pd): def main(): - AzureADPasswordInfo() + AzureRMADPasswordInfo() if __name__ == '__main__': diff --git a/plugins/modules/azure_ad_serviceprincipal.py b/plugins/modules/azure_rm_adserviceprincipal.py similarity index 98% rename from plugins/modules/azure_ad_serviceprincipal.py rename to plugins/modules/azure_rm_adserviceprincipal.py index 3e88db177..050da11ef 100644 --- a/plugins/modules/azure_ad_serviceprincipal.py +++ b/plugins/modules/azure_rm_adserviceprincipal.py @@ -14,7 +14,7 @@ DOCUMENTATION = ''' --- -module: azure_ad_serviceprincipal +module: azure_rm_adserviceprincipal version_added: "2.10" @@ -103,7 +103,7 @@ pass -class AzureRMServicePrincipal(AzureRMModuleBaseExt): +class AzureRMADServicePrincipal(AzureRMModuleBaseExt): def __init__(self): self.module_arg_spec = dict( @@ -209,7 +209,7 @@ def to_dict(self, object): def main(): - AzureRMServicePrincipal() + AzureRMADServicePrincipal() if __name__ == '__main__': diff --git a/plugins/modules/azure_ad_serviceprincipal_info.py b/plugins/modules/azure_rm_adserviceprincipal_info.py similarity index 92% rename from plugins/modules/azure_ad_serviceprincipal_info.py rename to plugins/modules/azure_rm_adserviceprincipal_info.py index 6cc5c41c5..0f1780e60 100644 --- a/plugins/modules/azure_ad_serviceprincipal_info.py +++ b/plugins/modules/azure_rm_adserviceprincipal_info.py @@ -13,7 +13,7 @@ 'supported_by': 'community'} DOCUMENTATION = ''' -module: azure_ad_serviceprincipal_info +module: azure_rm_adserviceprincipal_info version_added: "2.10" @@ -48,7 +48,7 @@ EXAMPLES = ''' - name: get ad sp info - azure_ad_serviceprincipal_info: + azure_rm_adserviceprincipal_info: app_id: "{{ app_id }}" tenant: "{{ tenant_id }}" @@ -60,13 +60,13 @@ - Object's display name or its prefix. type: str returned: always - sample: fredAKSCluster + sample: sp app_id: description: - The application ID. returned: always type: str - sample: b6d3cf80-a95d-4c0c-bfc5-a63f08a1c301 + sample: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx app_role_assignment_required: description: - Whether the Role of the Service Principal is set. @@ -78,7 +78,8 @@ - It's service principal's object ID. returned: always type: str - sample: c45fae27-41ef-43c1-a2de-99f507247c13 + sample: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx + ''' @@ -92,7 +93,7 @@ pass -class AzureRMServicePrincipalInfo(AzureRMModuleBase): +class AzureRMADServicePrincipalInfo(AzureRMModuleBase): def __init__(self): self.module_arg_spec = dict( @@ -141,7 +142,7 @@ def to_dict(self, object): def main(): - AzureRMServicePrincipalInfo() + AzureRMADServicePrincipalInfo() if __name__ == '__main__': diff --git a/pr-pipelines.yml b/pr-pipelines.yml index 33f1e130d..cd550d17e 100644 --- a/pr-pipelines.yml +++ b/pr-pipelines.yml @@ -72,8 +72,8 @@ parameters: - "azure_rm_virtualnetworkeepring" - "azure_rm_webapp" - "azure_rm_workspace" - - "azure_ad_password" - - "azure_ad_serviceprincipal" + - "azure_rm_adpassword" + - "azure_rm_adserviceprincipal" - "inventory_azure" - "setup_azure" diff --git a/tests/integration/targets/azure_ad_password/aliases b/tests/integration/targets/azure_rm_adpassword/aliases similarity index 100% rename from tests/integration/targets/azure_ad_password/aliases rename to tests/integration/targets/azure_rm_adpassword/aliases diff --git a/tests/integration/targets/azure_ad_password/meta/main.yml b/tests/integration/targets/azure_rm_adpassword/meta/main.yml similarity index 100% rename from tests/integration/targets/azure_ad_password/meta/main.yml rename to tests/integration/targets/azure_rm_adpassword/meta/main.yml diff --git a/tests/integration/targets/azure_ad_password/tasks/main.yml b/tests/integration/targets/azure_rm_adpassword/tasks/main.yml similarity index 100% rename from tests/integration/targets/azure_ad_password/tasks/main.yml rename to tests/integration/targets/azure_rm_adpassword/tasks/main.yml diff --git a/tests/integration/targets/azure_ad_serviceprincipal/aliases b/tests/integration/targets/azure_rm_adserviceprincipal/aliases similarity index 100% rename from tests/integration/targets/azure_ad_serviceprincipal/aliases rename to tests/integration/targets/azure_rm_adserviceprincipal/aliases diff --git a/tests/integration/targets/azure_ad_serviceprincipal/meta/main.yml b/tests/integration/targets/azure_rm_adserviceprincipal/meta/main.yml similarity index 100% rename from tests/integration/targets/azure_ad_serviceprincipal/meta/main.yml rename to tests/integration/targets/azure_rm_adserviceprincipal/meta/main.yml diff --git a/tests/integration/targets/azure_ad_serviceprincipal/tasks/main.yml b/tests/integration/targets/azure_rm_adserviceprincipal/tasks/main.yml similarity index 100% rename from tests/integration/targets/azure_ad_serviceprincipal/tasks/main.yml rename to tests/integration/targets/azure_rm_adserviceprincipal/tasks/main.yml From 7e42707c9b07ceb5d9515047dde7a49a67447c9b Mon Sep 17 00:00:00 2001 From: haiyuazhang Date: Thu, 2 Jul 2020 14:38:18 +0800 Subject: [PATCH 20/29] update --- .../targets/azure_rm_adserviceprincipal/tasks/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/integration/targets/azure_rm_adserviceprincipal/tasks/main.yml b/tests/integration/targets/azure_rm_adserviceprincipal/tasks/main.yml index 53577826e..4e86b0abd 100644 --- a/tests/integration/targets/azure_rm_adserviceprincipal/tasks/main.yml +++ b/tests/integration/targets/azure_rm_adserviceprincipal/tasks/main.yml @@ -3,13 +3,13 @@ tenant_id: "72f988bf-86f1-41af-91ab-2d7cd011db47" - name: delete ad service principal - azure_ad_serviceprincipal: + azure_rm_adserviceprincipal: app_id: "{{ app_id }}" tenant: "{{ tenant_id }}" state: absent - name: create ad service principal - azure_ad_serviceprincipal: + azure_rm_adserviceprincipal: app_id: "{{ app_id }}" tenant: "{{ tenant_id }}" state: present @@ -20,7 +20,7 @@ - ad_fact.changed - name: create ad service principal (idempontent) - azure_ad_serviceprincipal: + azure_rm_adserviceprincipal: app_id: "{{ app_id }}" tenant: "{{ tenant_id }}" state: present @@ -31,7 +31,7 @@ - not output.changed - name: Get ad service principal info - azure_ad_serviceprincipal_info: + azure_rm_adserviceprincipal_info: app_id: "{{ app_id }}" tenant: "{{ tenant_id }}" register: ad_info @@ -42,7 +42,7 @@ - ad_info.service_principals[0].app_role_assignment_required == ad_fact.app_role_assignment_required - name: delete ad service principal - azure_ad_serviceprincipal: + azure_rm_adserviceprincipal: app_id: "{{ app_id }}" tenant: "{{ tenant_id }}" state: absent From 2e8fe7f1cd7e7dd0de6e97ee7bcb3e5355f5e97d Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Thu, 2 Jul 2020 14:45:29 +0800 Subject: [PATCH 21/29] update --- plugins/modules/azure_rm_adpassword.py | 3 +-- plugins/modules/azure_rm_adpassword_info.py | 2 +- plugins/modules/azure_rm_adserviceprincipal.py | 4 ++-- tests/sanity/ignore-2.11.txt | 2 ++ tests/sanity/ignore-2.9.txt | 2 ++ 5 files changed, 8 insertions(+), 5 deletions(-) diff --git a/plugins/modules/azure_rm_adpassword.py b/plugins/modules/azure_rm_adpassword.py index 35049179f..9664a578d 100644 --- a/plugins/modules/azure_rm_adpassword.py +++ b/plugins/modules/azure_rm_adpassword.py @@ -100,7 +100,7 @@ - The password key ID type: str returned: always - sample: 512f259c-c397-4ec6-8598-4f940d411970 + sample: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx start_date: description: - Date or datetime at which credentials become valid. @@ -275,7 +275,6 @@ def gen_guid(): def update_password(self, old_passwords): self.fail("update existing password is not supported") - def to_dict(self, pd): return dict( end_date=pd.end_date, diff --git a/plugins/modules/azure_rm_adpassword_info.py b/plugins/modules/azure_rm_adpassword_info.py index fb16ea731..35bd44c34 100644 --- a/plugins/modules/azure_rm_adpassword_info.py +++ b/plugins/modules/azure_rm_adpassword_info.py @@ -99,7 +99,7 @@ - The password key ID. type: str returned: always - sample: d33d730d-63e6-45f9-b165-eb723dfa10cd + sample: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx start_date: description: - Date or datetime at which credentials become valid. diff --git a/plugins/modules/azure_rm_adserviceprincipal.py b/plugins/modules/azure_rm_adserviceprincipal.py index 050da11ef..8c2afd796 100644 --- a/plugins/modules/azure_rm_adserviceprincipal.py +++ b/plugins/modules/azure_rm_adserviceprincipal.py @@ -77,7 +77,7 @@ - The application ID. returned: always type: str - sample: b6d3cf80-a95d-4c0c-bfc5-a63f08a1c301 + sample: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx app_role_assignment_required: description: - Whether the Role of the Service Principal is set. @@ -89,7 +89,7 @@ - Object ID of the associated application. returned: always type: str - sample: c45fae27-41ef-43c1-a2de-99f507247c13 + sample: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx ''' diff --git a/tests/sanity/ignore-2.11.txt b/tests/sanity/ignore-2.11.txt index 9eb05e9da..34e0aed91 100644 --- a/tests/sanity/ignore-2.11.txt +++ b/tests/sanity/ignore-2.11.txt @@ -890,6 +890,8 @@ plugins/modules/azure_ad_serviceprincipal.py validate-modules:deprecation-either plugins/modules/azure_ad_serviceprincipal.py validate-modules:nonexistent-parameter-documented plugins/modules/azure_ad_serviceprincipal.py validate-modules:required_if-requirements-unknown plugins/modules/azure_ad_serviceprincipal.py validate-modules:required_if-unknown-key +plugins/modules/azure_ad_serviceprincipal.py validate-modules:ansible-format-automatic-specification +plugins/modules/azure_ad_serviceprincipal_info.py validate-modules:ansible-format-automatic-specification plugins/modules/azure_ad_serviceprincipal_info.py validate-modules:deprecation-either-date-or-version plugins/modules/azure_ad_serviceprincipal_info.py validate-modules:nonexistent-parameter-documented plugins/modules/azure_ad_serviceprincipal_info.py validate-modules:required_if-requirements-unknown diff --git a/tests/sanity/ignore-2.9.txt b/tests/sanity/ignore-2.9.txt index 7dca9470f..30c5df4b3 100644 --- a/tests/sanity/ignore-2.9.txt +++ b/tests/sanity/ignore-2.9.txt @@ -308,6 +308,8 @@ plugins/modules/azure_ad_password_info.py validate-modules:nonexistent-parameter plugins/modules/azure_ad_password_info.py validate-modules:import-before-documentation plugins/modules/azure_ad_serviceprincipal.py validate-modules:missing-module-utils-import plugins/modules/azure_ad_serviceprincipal.py validate-modules:nonexistent-parameter-documented +plugins/modules/azure_ad_serviceprincipal.py validate-modules:ansible-format-automatic-specification +plugins/modules/azure_ad_serviceprincipal_info.py validate-modules:ansible-format-automatic-specification plugins/modules/azure_ad_serviceprincipal_info.py validate-modules:missing-module-utils-import plugins/modules/azure_ad_serviceprincipal_info.py validate-modules:nonexistent-parameter-documented tests/utils/shippable/check_matrix.py replace-urlopen From d355f82a8e0ac1e84c9e0bc618df3ac4ad9100b9 Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Thu, 2 Jul 2020 15:15:18 +0800 Subject: [PATCH 22/29] fix doc error --- plugins/modules/azure_rm_adpassword.py | 2 +- plugins/modules/azure_rm_adpassword_info.py | 2 +- .../modules/azure_rm_adserviceprincipal.py | 2 +- .../azure_rm_adserviceprincipal_info.py | 2 +- tests/sanity/ignore-2.11.txt | 44 +++++++++---------- tests/sanity/ignore-2.9.txt | 26 +++++------ 6 files changed, 39 insertions(+), 39 deletions(-) diff --git a/plugins/modules/azure_rm_adpassword.py b/plugins/modules/azure_rm_adpassword.py index 9664a578d..18abee364 100644 --- a/plugins/modules/azure_rm_adpassword.py +++ b/plugins/modules/azure_rm_adpassword.py @@ -150,7 +150,7 @@ def __init__(self): self.client = None - super(AzureADPassword, self).__init__(derived_arg_spec=self.module_arg_spec, + super(AzureRMADPassword, self).__init__(derived_arg_spec=self.module_arg_spec, supports_check_mode=False, supports_tags=False, is_ad_resource=True) diff --git a/plugins/modules/azure_rm_adpassword_info.py b/plugins/modules/azure_rm_adpassword_info.py index 35bd44c34..436a7c82e 100644 --- a/plugins/modules/azure_rm_adpassword_info.py +++ b/plugins/modules/azure_rm_adpassword_info.py @@ -146,7 +146,7 @@ def __init__(self): self.client = None - super(AzureADPasswordInfo, self).__init__(derived_arg_spec=self.module_arg_spec, + super(AzureRMADPasswordInfo, self).__init__(derived_arg_spec=self.module_arg_spec, supports_check_mode=False, supports_tags=False, is_ad_resource=True) diff --git a/plugins/modules/azure_rm_adserviceprincipal.py b/plugins/modules/azure_rm_adserviceprincipal.py index 8c2afd796..a5d576f58 100644 --- a/plugins/modules/azure_rm_adserviceprincipal.py +++ b/plugins/modules/azure_rm_adserviceprincipal.py @@ -120,7 +120,7 @@ def __init__(self): self.object_id = None self.results = dict(changed=False) - super(AzureRMServicePrincipal, self).__init__(derived_arg_spec=self.module_arg_spec, + super(AzureRMADServicePrincipal, self).__init__(derived_arg_spec=self.module_arg_spec, supports_check_mode=False, supports_tags=False, is_ad_resource=True) diff --git a/plugins/modules/azure_rm_adserviceprincipal_info.py b/plugins/modules/azure_rm_adserviceprincipal_info.py index 0f1780e60..f9dbf6334 100644 --- a/plugins/modules/azure_rm_adserviceprincipal_info.py +++ b/plugins/modules/azure_rm_adserviceprincipal_info.py @@ -107,7 +107,7 @@ def __init__(self): self.object_id = None self.results = dict(changed=False) - super(AzureRMServicePrincipalInfo, self).__init__(derived_arg_spec=self.module_arg_spec, + super(AzureRMADServicePrincipalInfo, self).__init__(derived_arg_spec=self.module_arg_spec, supports_check_mode=False, supports_tags=False, is_ad_resource=True) diff --git a/tests/sanity/ignore-2.11.txt b/tests/sanity/ignore-2.11.txt index 34e0aed91..d368343ff 100644 --- a/tests/sanity/ignore-2.11.txt +++ b/tests/sanity/ignore-2.11.txt @@ -874,27 +874,27 @@ plugins/modules/azure_rm_privatednszone_info.py validate-modules:deprecation-eit plugins/modules/azure_rm_privatednszone_info.py validate-modules:parameter-list-no-elements plugins/modules/azure_rm_privatednszone_info.py validate-modules:required_if-requirements-unknown plugins/modules/azure_rm_privatednszone_info.py validate-modules:required_if-unknown-key -plugins/modules/azure_ad_password.py validate-modules:deprecation-either-date-or-version -plugins/modules/azure_ad_password.py validate-modules:return-syntax-error -plugins/modules/azure_ad_password.py validate-modules:import-before-documentation -plugins/modules/azure_ad_password.py validate-modules:nonexistent-parameter-documented -plugins/modules/azure_ad_password.py validate-modules:required_if-requirements-unknown -plugins/modules/azure_ad_password.py validate-modules:required_if-unknown-key -plugins/modules/azure_ad_password_info.py validate-modules:nonexistent-parameter-documented -plugins/modules/azure_ad_password_info.py validate-modules:required_if-requirements-unknown -plugins/modules/azure_ad_password_info.py validate-modules:required_if-unknown-key -plugins/modules/azure_ad_password_info.py validate-modules:deprecation-either-date-or-version -plugins/modules/azure_ad_password_info.py validate-modules:return-syntax-error -plugins/modules/azure_ad_password_info.py validate-modules:import-before-documentation -plugins/modules/azure_ad_serviceprincipal.py validate-modules:deprecation-either-date-or-version -plugins/modules/azure_ad_serviceprincipal.py validate-modules:nonexistent-parameter-documented -plugins/modules/azure_ad_serviceprincipal.py validate-modules:required_if-requirements-unknown -plugins/modules/azure_ad_serviceprincipal.py validate-modules:required_if-unknown-key -plugins/modules/azure_ad_serviceprincipal.py validate-modules:ansible-format-automatic-specification -plugins/modules/azure_ad_serviceprincipal_info.py validate-modules:ansible-format-automatic-specification -plugins/modules/azure_ad_serviceprincipal_info.py validate-modules:deprecation-either-date-or-version -plugins/modules/azure_ad_serviceprincipal_info.py validate-modules:nonexistent-parameter-documented -plugins/modules/azure_ad_serviceprincipal_info.py validate-modules:required_if-requirements-unknown -plugins/modules/azure_ad_serviceprincipal_info.py validate-modules:required_if-unknown-key +plugins/modules/azure_rm_adpassword.py validate-modules:deprecation-either-date-or-version +plugins/modules/azure_rm_adpassword.py validate-modules:return-syntax-error +plugins/modules/azure_rm_adpassword.py validate-modules:import-before-documentation +plugins/modules/azure_rm_adpassword.py validate-modules:nonexistent-parameter-documented +plugins/modules/azure_rm_adpassword.py validate-modules:required_if-requirements-unknown +plugins/modules/azure_rm_adpassword.py validate-modules:required_if-unknown-key +plugins/modules/azure_rm_adpassword_info.py validate-modules:nonexistent-parameter-documented +plugins/modules/azure_rm_adpassword_info.py validate-modules:required_if-requirements-unknown +plugins/modules/azure_rm_adpassword_info.py validate-modules:required_if-unknown-key +plugins/modules/azure_rm_adpassword_info.py validate-modules:deprecation-either-date-or-version +plugins/modules/azure_rm_adpassword_info.py validate-modules:return-syntax-error +plugins/modules/azure_rm_adpassword_info.py validate-modules:import-before-documentation +plugins/modules/azure_rm_adserviceprincipal.py validate-modules:deprecation-either-date-or-version +plugins/modules/azure_rm_adserviceprincipal.py validate-modules:nonexistent-parameter-documented +plugins/modules/azure_rm_adserviceprincipal.py validate-modules:required_if-requirements-unknown +plugins/modules/azure_rm_adserviceprincipal.py validate-modules:required_if-unknown-key +plugins/modules/azure_rm_adserviceprincipal.py validate-modules:ansible-format-automatic-specification +plugins/modules/azure_rm_adserviceprincipal_info.py validate-modules:ansible-format-automatic-specification +plugins/modules/azure_rm_adserviceprincipal_info.py validate-modules:deprecation-either-date-or-version +plugins/modules/azure_rm_adserviceprincipal_info.py validate-modules:nonexistent-parameter-documented +plugins/modules/azure_rm_adserviceprincipal_info.py validate-modules:required_if-requirements-unknown +plugins/modules/azure_rm_adserviceprincipal_info.py validate-modules:required_if-unknown-key tests/utils/shippable/check_matrix.py replace-urlopen tests/utils/shippable/timing.py shebang diff --git a/tests/sanity/ignore-2.9.txt b/tests/sanity/ignore-2.9.txt index 30c5df4b3..0cf167c2e 100644 --- a/tests/sanity/ignore-2.9.txt +++ b/tests/sanity/ignore-2.9.txt @@ -299,18 +299,18 @@ plugins/modules/azure_rm_trafficmanager.py validate-modules:missing-module-utils plugins/modules/azure_rm_trafficmanagerprofile.py validate-modules:missing-module-utils-import plugins/modules/azure_rm_virtualnetworkpeering.py validate-modules:missing-module-utils-import plugins/modules/azure_rm_virtualnetworkpeering_info.py validate-modules:missing-module-utils-import -plugins/modules/azure_ad_password.py validate-modules:missing-module-utils-import -plugins/modules/azure_ad_password.py validate-modules:nonexistent-parameter-documented -plugins/modules/azure_ad_password.py validate-modules:return-syntax-error -plugins/modules/azure_ad_password.py validate-modules:import-before-documentation -plugins/modules/azure_ad_password_info.py validate-modules:missing-module-utils-import -plugins/modules/azure_ad_password_info.py validate-modules:nonexistent-parameter-documented -plugins/modules/azure_ad_password_info.py validate-modules:import-before-documentation -plugins/modules/azure_ad_serviceprincipal.py validate-modules:missing-module-utils-import -plugins/modules/azure_ad_serviceprincipal.py validate-modules:nonexistent-parameter-documented -plugins/modules/azure_ad_serviceprincipal.py validate-modules:ansible-format-automatic-specification -plugins/modules/azure_ad_serviceprincipal_info.py validate-modules:ansible-format-automatic-specification -plugins/modules/azure_ad_serviceprincipal_info.py validate-modules:missing-module-utils-import -plugins/modules/azure_ad_serviceprincipal_info.py validate-modules:nonexistent-parameter-documented +plugins/modules/azure_rm_adpassword.py validate-modules:missing-module-utils-import +plugins/modules/azure_rm_adpassword.py validate-modules:nonexistent-parameter-documented +plugins/modules/azure_rm_adpassword.py validate-modules:return-syntax-error +plugins/modules/azure_rm_adpassword.py validate-modules:import-before-documentation +plugins/modules/azure_rm_adpassword_info.py validate-modules:missing-module-utils-import +plugins/modules/azure_rm_adpassword_info.py validate-modules:nonexistent-parameter-documented +plugins/modules/azure_rm_adpassword_info.py validate-modules:import-before-documentation +plugins/modules/azure_rm_adserviceprincipal.py validate-modules:missing-module-utils-import +plugins/modules/azure_rm_adserviceprincipal.py validate-modules:nonexistent-parameter-documented +plugins/modules/azure_rm_adserviceprincipal.py validate-modules:ansible-format-automatic-specification +plugins/modules/azure_rm_adserviceprincipal_info.py validate-modules:ansible-format-automatic-specification +plugins/modules/azure_rm_adserviceprincipal_info.py validate-modules:missing-module-utils-import +plugins/modules/azure_rm_adserviceprincipal_info.py validate-modules:nonexistent-parameter-documented tests/utils/shippable/check_matrix.py replace-urlopen tests/utils/shippable/timing.py shebang From 47e4bcbf95641b36295523dd8b9b08914748e202 Mon Sep 17 00:00:00 2001 From: haiyuazhang Date: Thu, 2 Jul 2020 16:49:32 +0800 Subject: [PATCH 23/29] update --- plugins/modules/azure_rm_adserviceprincipal.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/azure_rm_adserviceprincipal.py b/plugins/modules/azure_rm_adserviceprincipal.py index a5d576f58..65c3a8470 100644 --- a/plugins/modules/azure_rm_adserviceprincipal.py +++ b/plugins/modules/azure_rm_adserviceprincipal.py @@ -86,7 +86,7 @@ sample: false object_id: description: - - Object ID of the associated application. + - Object ID of the associated service principal. returned: always type: str sample: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx From 713e1824da89b566fbf1e20b8129726cd59cbf84 Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Thu, 2 Jul 2020 16:51:01 +0800 Subject: [PATCH 24/29] new change --- .../azure_rm_adpassword/tasks/main.yml | 28 ++++++++++++++++++- .../tasks/main.yml | 25 +++++++++++++++-- tests/sanity/ignore-2.11.txt | 2 -- tests/sanity/ignore-2.9.txt | 2 -- 4 files changed, 50 insertions(+), 7 deletions(-) diff --git a/tests/integration/targets/azure_rm_adpassword/tasks/main.yml b/tests/integration/targets/azure_rm_adpassword/tasks/main.yml index f4baefb35..dc9e484d8 100644 --- a/tests/integration/targets/azure_rm_adpassword/tasks/main.yml +++ b/tests/integration/targets/azure_rm_adpassword/tasks/main.yml @@ -16,11 +16,24 @@ that: - ad_fact.changed -- name: can't update ad password +- name: create second ad password azure_ad_password: app_id: "{{ app_id }}" value: "Password@032900002" tenant: "{{ tenant_id }}" + app_object_id: "{{ app_object_id }}" + state: present + register: ad_fact02 + +- assert: + that: + - ad_fact02.changed + +- name: can't update ad password + azure_ad_password: + app_id: "{{ app_id }}" + value: "Password@032900003" + tenant: "{{ tenant_id }}" key_id: "{{ ad_fact.key_id }}" app_object_id: "{{ app_object_id }}" state: present @@ -40,6 +53,19 @@ - ad_info.passwords[0].start_date == ad_fact.start_date - ad_info.passwords[0].end_date == ad_fact.end_date +- name: delete one ad password + azure_ad_password: + app_id: "{{ app_id }}" + key_id: "{{ ad_fact.key_id }}" + tenant: "{{ tenant_id }}" + app_object_id: "{{ app_object_id }}" + state: absent + register: output + +- assert: + that: + - output.changed + - name: delete all ad password azure_ad_password: app_id: "{{ app_id }}" diff --git a/tests/integration/targets/azure_rm_adserviceprincipal/tasks/main.yml b/tests/integration/targets/azure_rm_adserviceprincipal/tasks/main.yml index 4e86b0abd..7338a9c43 100644 --- a/tests/integration/targets/azure_rm_adserviceprincipal/tasks/main.yml +++ b/tests/integration/targets/azure_rm_adserviceprincipal/tasks/main.yml @@ -1,6 +1,7 @@ - set_fact: app_id: "e0a62513-1d81-480e-a6dc-5c99cdd58d9a" tenant_id: "72f988bf-86f1-41af-91ab-2d7cd011db47" + object_id: "b52e8275-a1ee-4c4a-86ff-15992e0920ed" - name: delete ad service principal azure_rm_adserviceprincipal: @@ -30,7 +31,7 @@ that: - not output.changed -- name: Get ad service principal info +- name: Get ad service principal info by app_id azure_rm_adserviceprincipal_info: app_id: "{{ app_id }}" tenant: "{{ tenant_id }}" @@ -39,7 +40,27 @@ - assert: that: - ad_info.service_principals[0].app_display_name == ad_fact.app_display_name - - ad_info.service_principals[0].app_role_assignment_required == ad_fact.app_role_assignment_required + - ad_info.service_principals[0].app_role_assignment_required == False + +- name: update ad service principal app_role_assignmentrequired to True + azure_rm_adserviceprincipal: + app_id: "{{ app_id }}" + tenant: "{{ tenant_id }}" + app_role_assignment_required: True + state: present + register: output + +- name: Get ad service principal info + azure_rm_adserviceprincipal_info: + #app_id: "{{ app_id }}" + tenant: "{{ tenant_id }}" + object_id: "{{ object_id }}" + register: ad_info + +- assert: + that: + - ad_info.service_principals[0].app_display_name == ad_fact.app_display_name + - ad_info.service_principals[0].app_role_assignment_required == True - name: delete ad service principal azure_rm_adserviceprincipal: diff --git a/tests/sanity/ignore-2.11.txt b/tests/sanity/ignore-2.11.txt index d368343ff..6bcb55434 100644 --- a/tests/sanity/ignore-2.11.txt +++ b/tests/sanity/ignore-2.11.txt @@ -890,8 +890,6 @@ plugins/modules/azure_rm_adserviceprincipal.py validate-modules:deprecation-eith plugins/modules/azure_rm_adserviceprincipal.py validate-modules:nonexistent-parameter-documented plugins/modules/azure_rm_adserviceprincipal.py validate-modules:required_if-requirements-unknown plugins/modules/azure_rm_adserviceprincipal.py validate-modules:required_if-unknown-key -plugins/modules/azure_rm_adserviceprincipal.py validate-modules:ansible-format-automatic-specification -plugins/modules/azure_rm_adserviceprincipal_info.py validate-modules:ansible-format-automatic-specification plugins/modules/azure_rm_adserviceprincipal_info.py validate-modules:deprecation-either-date-or-version plugins/modules/azure_rm_adserviceprincipal_info.py validate-modules:nonexistent-parameter-documented plugins/modules/azure_rm_adserviceprincipal_info.py validate-modules:required_if-requirements-unknown diff --git a/tests/sanity/ignore-2.9.txt b/tests/sanity/ignore-2.9.txt index 0cf167c2e..e4da58048 100644 --- a/tests/sanity/ignore-2.9.txt +++ b/tests/sanity/ignore-2.9.txt @@ -308,8 +308,6 @@ plugins/modules/azure_rm_adpassword_info.py validate-modules:nonexistent-paramet plugins/modules/azure_rm_adpassword_info.py validate-modules:import-before-documentation plugins/modules/azure_rm_adserviceprincipal.py validate-modules:missing-module-utils-import plugins/modules/azure_rm_adserviceprincipal.py validate-modules:nonexistent-parameter-documented -plugins/modules/azure_rm_adserviceprincipal.py validate-modules:ansible-format-automatic-specification -plugins/modules/azure_rm_adserviceprincipal_info.py validate-modules:ansible-format-automatic-specification plugins/modules/azure_rm_adserviceprincipal_info.py validate-modules:missing-module-utils-import plugins/modules/azure_rm_adserviceprincipal_info.py validate-modules:nonexistent-parameter-documented tests/utils/shippable/check_matrix.py replace-urlopen From 0e27591e0d4341bf0f56fdec8ad022f11842b22b Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Thu, 2 Jul 2020 17:07:16 +0800 Subject: [PATCH 25/29] fix test --- .../targets/azure_rm_adserviceprincipal/tasks/main.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tests/integration/targets/azure_rm_adserviceprincipal/tasks/main.yml b/tests/integration/targets/azure_rm_adserviceprincipal/tasks/main.yml index 7338a9c43..4e4b50161 100644 --- a/tests/integration/targets/azure_rm_adserviceprincipal/tasks/main.yml +++ b/tests/integration/targets/azure_rm_adserviceprincipal/tasks/main.yml @@ -1,7 +1,6 @@ - set_fact: app_id: "e0a62513-1d81-480e-a6dc-5c99cdd58d9a" tenant_id: "72f988bf-86f1-41af-91ab-2d7cd011db47" - object_id: "b52e8275-a1ee-4c4a-86ff-15992e0920ed" - name: delete ad service principal azure_rm_adserviceprincipal: @@ -50,11 +49,10 @@ state: present register: output -- name: Get ad service principal info +- name: Get ad service principal info by object_id azure_rm_adserviceprincipal_info: - #app_id: "{{ app_id }}" tenant: "{{ tenant_id }}" - object_id: "{{ object_id }}" + object_id: "{{ ad_info.service_principals[0].object_id }}" register: ad_info - assert: From e704da868e47ec3d7a4b88cf54c3019d688ab6e3 Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Thu, 2 Jul 2020 17:57:28 +0800 Subject: [PATCH 26/29] fix doc error --- plugins/modules/azure_rm_adpassword.py | 6 +++--- plugins/modules/azure_rm_adpassword_info.py | 6 +++--- plugins/modules/azure_rm_adserviceprincipal.py | 6 +++--- plugins/modules/azure_rm_adserviceprincipal_info.py | 6 +++--- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/plugins/modules/azure_rm_adpassword.py b/plugins/modules/azure_rm_adpassword.py index 18abee364..a0ee0db10 100644 --- a/plugins/modules/azure_rm_adpassword.py +++ b/plugins/modules/azure_rm_adpassword.py @@ -151,9 +151,9 @@ def __init__(self): self.client = None super(AzureRMADPassword, self).__init__(derived_arg_spec=self.module_arg_spec, - supports_check_mode=False, - supports_tags=False, - is_ad_resource=True) + supports_check_mode=False, + supports_tags=False, + is_ad_resource=True) def exec_module(self, **kwargs): for key in list(self.module_arg_spec.keys()): diff --git a/plugins/modules/azure_rm_adpassword_info.py b/plugins/modules/azure_rm_adpassword_info.py index 436a7c82e..0520e9864 100644 --- a/plugins/modules/azure_rm_adpassword_info.py +++ b/plugins/modules/azure_rm_adpassword_info.py @@ -147,9 +147,9 @@ def __init__(self): self.client = None super(AzureRMADPasswordInfo, self).__init__(derived_arg_spec=self.module_arg_spec, - supports_check_mode=False, - supports_tags=False, - is_ad_resource=True) + supports_check_mode=False, + supports_tags=False, + is_ad_resource=True) def exec_module(self, **kwargs): diff --git a/plugins/modules/azure_rm_adserviceprincipal.py b/plugins/modules/azure_rm_adserviceprincipal.py index 65c3a8470..732892f42 100644 --- a/plugins/modules/azure_rm_adserviceprincipal.py +++ b/plugins/modules/azure_rm_adserviceprincipal.py @@ -121,9 +121,9 @@ def __init__(self): self.results = dict(changed=False) super(AzureRMADServicePrincipal, self).__init__(derived_arg_spec=self.module_arg_spec, - supports_check_mode=False, - supports_tags=False, - is_ad_resource=True) + supports_check_mode=False, + supports_tags=False, + is_ad_resource=True) def exec_module(self, **kwargs): diff --git a/plugins/modules/azure_rm_adserviceprincipal_info.py b/plugins/modules/azure_rm_adserviceprincipal_info.py index f9dbf6334..745af6cce 100644 --- a/plugins/modules/azure_rm_adserviceprincipal_info.py +++ b/plugins/modules/azure_rm_adserviceprincipal_info.py @@ -108,9 +108,9 @@ def __init__(self): self.results = dict(changed=False) super(AzureRMADServicePrincipalInfo, self).__init__(derived_arg_spec=self.module_arg_spec, - supports_check_mode=False, - supports_tags=False, - is_ad_resource=True) + supports_check_mode=False, + supports_tags=False, + is_ad_resource=True) def exec_module(self, **kwargs): From af1a3d414fbf2ebc0a2ffbc696ebf00b31c5ee97 Mon Sep 17 00:00:00 2001 From: zhy Date: Fri, 3 Jul 2020 01:14:21 +0800 Subject: [PATCH 27/29] update test case --- .../targets/azure_rm_adpassword/tasks/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/integration/targets/azure_rm_adpassword/tasks/main.yml b/tests/integration/targets/azure_rm_adpassword/tasks/main.yml index dc9e484d8..bf792b5d6 100644 --- a/tests/integration/targets/azure_rm_adpassword/tasks/main.yml +++ b/tests/integration/targets/azure_rm_adpassword/tasks/main.yml @@ -4,7 +4,7 @@ app_object_id: "b52e8275-a1ee-4c4a-86ff-15992e0920ed" - name: create ad password - azure_ad_password: + azure_rm_adpassword: app_id: "{{ app_id }}" value: "Password@032900001" tenant: "{{ tenant_id }}" @@ -17,7 +17,7 @@ - ad_fact.changed - name: create second ad password - azure_ad_password: + azure_rm_adpassword: app_id: "{{ app_id }}" value: "Password@032900002" tenant: "{{ tenant_id }}" @@ -30,7 +30,7 @@ - ad_fact02.changed - name: can't update ad password - azure_ad_password: + azure_rm_adpassword: app_id: "{{ app_id }}" value: "Password@032900003" tenant: "{{ tenant_id }}" @@ -54,7 +54,7 @@ - ad_info.passwords[0].end_date == ad_fact.end_date - name: delete one ad password - azure_ad_password: + azure_rm_adpassword: app_id: "{{ app_id }}" key_id: "{{ ad_fact.key_id }}" tenant: "{{ tenant_id }}" @@ -67,7 +67,7 @@ - output.changed - name: delete all ad password - azure_ad_password: + azure_rm_adpassword: app_id: "{{ app_id }}" tenant: "{{ tenant_id }}" app_object_id: "{{ app_object_id }}" From 3bfa0fd1bf4fc78594d0b52cd9ce6f47872e4ccd Mon Sep 17 00:00:00 2001 From: zhy Date: Fri, 3 Jul 2020 01:26:41 +0800 Subject: [PATCH 28/29] update test case --- .idea/.gitignore | 2 ++ .idea/azure.iml | 10 ++++++++++ .idea/inspectionProfiles/profiles_settings.xml | 6 ++++++ .idea/misc.xml | 4 ++++ .idea/modules.xml | 8 ++++++++ .idea/vcs.xml | 6 ++++++ src/ansible_collections/azure/azcollection/plugins | 1 + .../targets/azure_rm_adpassword/tasks/main.yml | 2 +- 8 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 .idea/.gitignore create mode 100644 .idea/azure.iml create mode 100644 .idea/inspectionProfiles/profiles_settings.xml create mode 100644 .idea/misc.xml create mode 100644 .idea/modules.xml create mode 100644 .idea/vcs.xml create mode 120000 src/ansible_collections/azure/azcollection/plugins diff --git a/.idea/.gitignore b/.idea/.gitignore new file mode 100644 index 000000000..5c98b4288 --- /dev/null +++ b/.idea/.gitignore @@ -0,0 +1,2 @@ +# Default ignored files +/workspace.xml \ No newline at end of file diff --git a/.idea/azure.iml b/.idea/azure.iml new file mode 100644 index 000000000..5ec00fe76 --- /dev/null +++ b/.idea/azure.iml @@ -0,0 +1,10 @@ + + + + + + + + + + \ No newline at end of file diff --git a/.idea/inspectionProfiles/profiles_settings.xml b/.idea/inspectionProfiles/profiles_settings.xml new file mode 100644 index 000000000..105ce2da2 --- /dev/null +++ b/.idea/inspectionProfiles/profiles_settings.xml @@ -0,0 +1,6 @@ + + + + \ No newline at end of file diff --git a/.idea/misc.xml b/.idea/misc.xml new file mode 100644 index 000000000..5136e9e1a --- /dev/null +++ b/.idea/misc.xml @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/.idea/modules.xml b/.idea/modules.xml new file mode 100644 index 000000000..716adf06b --- /dev/null +++ b/.idea/modules.xml @@ -0,0 +1,8 @@ + + + + + + + + \ No newline at end of file diff --git a/.idea/vcs.xml b/.idea/vcs.xml new file mode 100644 index 000000000..94a25f7f4 --- /dev/null +++ b/.idea/vcs.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file diff --git a/src/ansible_collections/azure/azcollection/plugins b/src/ansible_collections/azure/azcollection/plugins new file mode 120000 index 000000000..2cdf59af9 --- /dev/null +++ b/src/ansible_collections/azure/azcollection/plugins @@ -0,0 +1 @@ +../../../../plugins \ No newline at end of file diff --git a/tests/integration/targets/azure_rm_adpassword/tasks/main.yml b/tests/integration/targets/azure_rm_adpassword/tasks/main.yml index bf792b5d6..19e2551c9 100644 --- a/tests/integration/targets/azure_rm_adpassword/tasks/main.yml +++ b/tests/integration/targets/azure_rm_adpassword/tasks/main.yml @@ -41,7 +41,7 @@ ignore_errors: True - name: Get ad password info - azure_ad_password_info: + azure_rm_passwordinfo: app_id: "{{ app_id }}" tenant: "{{ tenant_id }}" key_id: "{{ ad_fact.key_id }}" From e19bcc573e4477937c1d4579cf1a9c6d43f3cfa0 Mon Sep 17 00:00:00 2001 From: zhy Date: Fri, 3 Jul 2020 01:53:49 +0800 Subject: [PATCH 29/29] update --- tests/integration/targets/azure_rm_adpassword/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/targets/azure_rm_adpassword/tasks/main.yml b/tests/integration/targets/azure_rm_adpassword/tasks/main.yml index 19e2551c9..ba7946377 100644 --- a/tests/integration/targets/azure_rm_adpassword/tasks/main.yml +++ b/tests/integration/targets/azure_rm_adpassword/tasks/main.yml @@ -41,7 +41,7 @@ ignore_errors: True - name: Get ad password info - azure_rm_passwordinfo: + azure_rm_adpasswordinfo: app_id: "{{ app_id }}" tenant: "{{ tenant_id }}" key_id: "{{ ad_fact.key_id }}"