Update Default system-defined DS Roles

exp-hc commented 6 days ago

SUMMARY

This change allows the module to update the default system-defined DS roles instead of trying to re-create them which is the current behavior.

Fixes #672

ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME

purefa_dsrole.py

Example of Fixed Environment

Purity/FA version: 6.6.11 Ansible Collection: purestorage.flasharray: 1.32.0

Playbook Task Example

    - purestorage.flasharray.purefa_dsrole:
        role: "{{ item.role }}"
        group_base: "{{ item.group_base }}"
        group: "{{ item.group }}"
        fa_url: "{{ mgmt_vip }}"
        api_token: "{{ token }}"
      delegate_to: localhost
      loop:
        - group: 'Pure Array Admin'
          group_base: 'OU=Security Groups,OU=Groups'
          role: array_admin
        - group: 'Pure Ops Admin'
          group_base: 'OU=Security Groups,OU=Groups'
          role: ops_admin
        - group: 'Pure Read Only'
          group_base: 'OU=Security Groups,OU=Groups'
          role: readonly
        - group: 'Pure Storage Admin'
          group_base: 'OU=Security Groups,OU=Groups'
          role: storage_admin

Before:

failed: [pure -> localhost] (item={'group': 'Pure Array Admin', 'group_base': 'OU=Security Groups,OU=Groups', 'role': 'array_admin'}) => {"ansible_loop_var": "item", "changed": false, "item": {"group": "Pure Array Admin", "group_base": "OU=Security Groups,OU=Groups", "role": "array_admin"}, "msg": "Update Directory Service Role array_admin failed.Error: Cannot modify role for system-defined role mapping."}
failed: [pure -> localhost] (item={'group': 'Pure Ops Admin', 'group_base': 'OU=Security Groups,OU=Groups', 'role': 'ops_admin'}) => {"ansible_loop_var": "item", "changed": false, "item": {"group": "Pure Ops Admin", "group_base": "OU=Security Groups,OU=Groups", "role": "ops_admin"}, "msg": "Update Directory Service Role ops_admin failed.Error: Cannot modify role for system-defined role mapping."}
failed: [pure -> localhost] (item={'group': 'Pure Read Only', 'group_base': 'OU=Security Groups,OU=Groups', 'role': 'readonly'}) => {"ansible_loop_var": "item", "changed": false, "item": {"group": "Pure Read Only", "group_base": "OU=Security Groups,OU=Groups", "role": "readonly"}, "msg": "Update Directory Service Role readonly failed.Error: Cannot modify role for system-defined role mapping."}
failed: [pure -> localhost] (item={'group': 'Pure Storage Admin', 'group_base': 'OU=Security Groups,OU=Groups', 'role': 'storage_admin'}) => {"ansible_loop_var": "item", "changed": false, "item": {"group": "Pure Storage Admin", "group_base": "OU=Security Groups,OU=Groups", "role": "storage_admin"}, "msg": "Update Directory Service Role storage_admin failed.Error: Cannot modify role for system-defined role mapping."}

After:

changed: [pure -> localhost] => (item={'group': 'Pure Array Admin', 'group_base': 'OU=Security Groups,OU=Groups', 'role': 'array_admin'})
changed: [pure -> localhost] => (item={'group': 'Pure Ops Admin', 'group_base': 'OU=Security Groups,OU=Groups', 'role': 'ops_admin'})
changed: [pure -> localhost] => (item={'group': 'Pure Read Only', 'group_base': 'OU=Security Groups,OU=Groups', 'role': 'readonly'})
changed: [pure -> localhost] => (item={'group': 'Pure Storage Admin', 'group_base': 'OU=Security Groups,OU=Groups', 'role': 'storage_admin'})

CLAassistant commented 6 days ago

All committers have signed the CLA.

sdodsley commented 6 days ago

@exp-hc lint is failing. We use black as our linter, so if you run the change through that you should be ok in the next push

sdodsley commented 6 days ago

@exp-hc can you sign the CLA and then we can merge this PR - I did a few mods to make it pass linting checks and added a release notes.

exp-hc commented 6 days ago

All set with the CLA, noted on using black.

Pure-Storage-Ansible / FlashArray-Collection