IBM-Security / isam-ansible-roles

DEPRECATED Ansible Custom Modules, Handlers and Tasks for ISAM. Requires "ibmsecurity" python package.
Apache License 2.0
24 stars 43 forks source link

Make registered variable name configurable in search_mapping_rule #24

Open Ardun21 opened 7 years ago

Ardun21 commented 7 years ago

The search_mapping_rule role currently registers the resulting mapping rule ID in a variable which is always called "search_mapping_rule". This causes issues if you need to lookup multiple mapping rule IDs for a single task (i.e. if you are creating a module chain which uses more than one mapping rule, as we frequently do). I have shown in my local environment that by making the name of the registered variable configurable, it is possible to lookup multiple mapping rules within a single task.

Example of the modification to the search_mapping_rule role:

- name: Search for a Mapping Rule
  isam:
    appliance: "{{ inventory_hostname }}"
    username:  "{{ username }}"
    password:  "{{ password }}"
    lmi_port:  "{{ lmi_port }}"
    log:       "{{ log_level }}"
    force:     "{{ force }}"
    action: ibmsecurity.isam.aac.mapping_rules.search
    isamapi:
      name: "{{ search_mapping_rule_name }}"
  when: search_mapping_rule_name is defined
  register: "{{ search_mapping_rule_register }}"

Example task from playbook:

- name: Add Module Chains
  hosts: all
  connection: local
  roles:
    - role: search_mapping_rule
      search_mapping_rule_name: mapping-rule-1
      search_mapping_rule_register: map1

    - role: search_mapping_rule
      search_mapping_rule_name: mapping-rule-2
      search_mapping_rule_register: map2

    - role: add_module_chain
      module_chain_name: test-chain
      module_chain_template_name: test-chain-template
      module_chain_request_type: "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue"
      module_chain_description: "Test"
      module_chain_token_type: "*"
      module_chain_issuer:
        address: "REGEXP: (.*/test-chain)"
      module_chain_applies_to:
        address: "REGEXP: (.*)"
      module_chain_properties:
        self:
          - name: map-01.map.rule.reference.ids
            value:
              - "{{ map1['data'] }}"
          - name: map-02.map.rule.reference.ids
            value:
              - "{{ map2['data'] }}
# OMITTED...

If this is acceptable, I will submit a pull request for this update.

ram-ibm commented 7 years ago

This is a cool idea - please submit a pull request. Thanks.

henrikt99 commented 5 years ago

Hello, It seems that the search_mapping_rule role is not working anymore with ansible 2.8 version. I always get [WARNING]: "register" is not templatable, but we found: {{ search_mapping_rule_register }}, it will not be templated and will be used "as is". When I try to use the variable that I had set for search_mapping_rule_register, it is not defined. This works fine in version 2.6 for example.

ram-ibm commented 5 years ago

I don't find any documentation that register has changed. I suspect there maybe a bug in ansible in the latest release. We are not invoking template in this role - I don't have a way to test with v2.8 yet.