Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add new module azure_rm_afdorigingroup to support Azure Frontdoor Standard and Premium #1590

Open
wants to merge 9 commits into
base: dev
Choose a base branch
from
36 changes: 0 additions & 36 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,41 +1,5 @@
# Change Log

## v2.6.0 (2024-07-01)

### FEATURE ENHANCEMENT
- Minimum supported Ansible core version to v2.15 - Ansible v2.15 EOL(https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-community-changelogs)

## v2.5.0 (2024-06-28)

### NEW MODULES
- azure_rm_capacityreservationgroup: Add support for managed capacity reservation group ([#1557](https://github.com/ansible-collections/azure/pull/1557))
- azure_rm_capacityreservationgroup_info: Add support for get capacity reservation group ([#1557](https://github.com/ansible-collections/azure/pull/1557))
- azure_rm_networkwatcher: Add support for managed network watcher ([#1576](https://github.com/ansible-collections/azure/pull/1576))
- azure_rm_networkwatcher_info: Add support for get network watcher facts ([#1576](https://github.com/ansible-collections/azure/pull/1576))
- azure_rm_networkflowlogs: Add support for managed network flow logs ([#1576](https://github.com/ansible-collections/azure/pull/1576))
- azure_rm_networkflowlogs_info: Add support for get network flow logs ([#1576](https://github.com/ansible-collections/azure/pull/1576))

### FEATURE ENHANCEMENT
- azure_rm_webapp: Add support for `identity` ([#1566](https://github.com/ansible-collections/azure/pull/1566))
- azure_rm_webapp_info: Add support for `identity` ([#1566](https://github.com/ansible-collections/azure/pull/1566))
- azure_rm_galleryimageversion: Allow creating gallery image versions from storage accounts ([#1466](https://github.com/ansible-collections/azure/pull/1466))
- requirements.txt:
- Bump `azure-storage-blob` from 12.11.0 to 12.13.0 ([#1572](https://github.com/ansible-collections/azure/pull/1572))
- Update `azure-cli-core` to 2.61.0 ([#1593](https://github.com/ansible-collections/azure/pull/1593))
- Bump `azure-identity` from 1.14.0 to 1.16.1 ([#1596](https://github.com/ansible-collections/azure/pull/1596))
- Limit `azure-iot-hub` to `x86_64 platforms` ([#1609](https://github.com/ansible-collections/azure/pull/1609))
- azure_rm_containerinstance: Add support for `identity` ([#1581](https://github.com/ansible-collections/azure/pull/1581))
- azure_rm_containerinstance_info: Add support for `identity` ([#1581](https://github.com/ansible-collections/azure/pull/1581))
- azure_rm_storageaccount: Add support for `allow_shared_key_access` ([#1583](https://github.com/ansible-collections/azure/pull/1583))
- azure_rm_virtualmachinescaleset: Add support for `identity` ([#1585](https://github.com/ansible-collections/azure/pull/1585))
- azure_rm_virtualmachinescaleset_info: Add support for `identity` ([#1585](https://github.com/ansible-collections/azure/pull/1585))

### BUG FIXING
- azure_rm_webapp: Delete the imported logging module ([#1567](https://github.com/ansible-collections/azure/pull/1567))
- azure_rm_postgresqlflexiblefirewallrule: Delete the imported logging module ([#1567](https://github.com/ansible-collections/azure/pull/1567))
- azure_rm_adgroup_info: Return None if not a member of the group ([#1579](https://github.com/ansible-collections/azure/pull/1579))


## v2.4.0 (2024-05-30)

### NEW MODULES
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ It is recommended to run ansible in [Virtualenv](https://virtualenv.pypa.io/en/l

## Requirements

- ansible version >= 2.15
- ansible version >= 2.14

To install Azure collection hosted in Galaxy:

Expand Down
2 changes: 1 addition & 1 deletion galaxy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ namespace: azure
name: azcollection

# The version of the collection. Must be compatible with semantic versioning
version: 2.6.0
version: 2.4.0

# The path to the Markdown (.md) readme file. This path is relative to the root of the collection
readme: README.md
Expand Down
2 changes: 2 additions & 0 deletions meta/runtime.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ action_groups:
- azure.azcollection.azure_rm_adserviceprincipal_info
- azure.azcollection.azure_rm_aduser
- azure.azcollection.azure_rm_aduser_info
- azure.azcollection.azure_rm_afdorigingroup
- azure.azcollection.azure_rm_afdorigingroup_info
- azure.azcollection.azure_rm_afdendpoint
- azure.azcollection.azure_rm_afdendpoint_info
- azure.azcollection.azure_rm_aks
Expand Down
8 changes: 4 additions & 4 deletions plugins/inventory/azure_rm.py
Original file line number Diff line number Diff line change
Expand Up @@ -101,18 +101,18 @@
exclude_host_filters:
# excludes hosts in the eastus region
- location in ['eastus']
- tags['tagkey'] is defined and tags['tagkey'] == 'tagvalue'
- tags['tagkey2'] is defined and tags['tagkey2'] == 'tagvalue2'
- tags['tagkey'] is defined and tags['tagkey'] == 'tagkey'
- tags['tagkey2'] is defined and tags['tagkey2'] == 'tagkey2'
# excludes hosts that are powered off
- powerstate != 'running'

# includes a host to the inventory when any of these expressions is true, can refer to any vars defined on the host
include_host_filters:
# includes hosts that in the eastus region and power on
- location in ['eastus'] and powerstate == 'running'
# includes hosts in the eastus region and power on OR includes hosts in the eastus2 region and tagkey value is tagvalue
# includes hosts in the eastus region and power on OR includes hosts in the eastus2 region and tagkey is tagkey
- location in ['eastus'] and powerstate == 'running'
- location in ['eastus2'] and tags['tagkey'] is defined and tags['tagkey'] == 'tagvalue'
- location in ['eastus2'] and tags['tagkey'] is defined and tags['tagkey'] == 'tagkey'
'''

# FUTURE: do we need a set of sane default filters, separate from the user-defineable ones?
Expand Down
4 changes: 2 additions & 2 deletions plugins/module_utils/azure_rm_common.py
Original file line number Diff line number Diff line change
Expand Up @@ -700,8 +700,8 @@ def get_blob_service_client(self, resource_group_name, storage_account_name, aut
try:
self.log("Getting storage account detail")
account = self.storage_client.storage_accounts.get_properties(resource_group_name=resource_group_name, account_name=storage_account_name)
if auth_mode == 'login' and self.azure_auth.credentials.get('credentials'):
credential = self.azure_auth.credentials['credentials']
if auth_mode == 'login' and self.azure_auth.credentials.get('credential'):
credential = self.azure_auth.credentials['credential']
elif (auth_mode == 'login' and self.azure_auth.credentials.get('tenant')
and self.azure_auth.credentials.get('client_id')
and self.azure_auth.credentials.get('secret')):
Expand Down
121 changes: 30 additions & 91 deletions plugins/module_utils/azure_rm_common_ext.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,50 +13,6 @@

class AzureRMModuleBaseExt(AzureRMModuleBase):

# This schema should be used when users can add more than one user assigned identity
# Also this schema allows the option to append identities in update
managed_identity_multiple_spec = dict(
type=dict(
type='str',
choices=['SystemAssigned',
'UserAssigned',
'SystemAssigned, UserAssigned',
'None'],
default='None'
),
user_assigned_identities=dict(
type='dict',
options=dict(
id=dict(
type='list',
default=[],
elements='str'
),
append=dict(
type='bool',
default=True
)
),
default={}
),
)

# This schema should be used when users can add only one user assigned identity
managed_identity_single_spec = dict(
type=dict(
type="str",
choices=[
"SystemAssigned",
"UserAssigned",
"None"
],
default="None"
),
user_assigned_identity=dict(
type="str",
),
)

def inflate_parameters(self, spec, body, level):
if isinstance(body, list):
for item in body:
Expand Down Expand Up @@ -257,61 +213,44 @@ def default_compare(self, modifiers, new, old, path, result):
else:
return True

def update_single_managed_identity(self, curr_identity, new_identity):
# Converting from single_managed_identity_spec to managed_identity_spec
new_identity = new_identity or dict()
new_identity_converted = {
'type': new_identity.get('type', 'None'),
}
user_assigned_identity = new_identity.get('user_assigned_identity', None)
if user_assigned_identity is not None:
new_identity_converted['user_assigned_identities'] = {
'id': [user_assigned_identity]
}
return self.update_managed_identity(curr_identity=curr_identity, new_identity=new_identity_converted, allow_identities_append=False)

def update_managed_identity(self, curr_identity=None, new_identity=None, allow_identities_append=True):
def update_identities(self, curr_identity):
curr_identity = curr_identity or dict()
# TODO need to remove self.module.params.get('identity', {})
# after changing all modules to provide the "new_identity" parameter
# curr_identity and new_identity need to be mandatory parameters
new_identity = new_identity or self.module.params.get('identity', {}) or dict()
curr_managed_type = curr_identity.get('type', 'None')
new_managed_type = new_identity.get('type', 'None')
# If type set to None, and Resource has None, nothing to do
if new_managed_type == 'None' and curr_managed_type == 'None':
return False, None

changed = False
current_managed_type = curr_identity.get('type', 'None')
current_managed_identities = set(curr_identity.get('user_assigned_identities', {}).keys())
param_identity = self.module.params.get('identity', {})
param_identities = set(param_identity.get('user_assigned_identities', {}).get('id', []))
external_identities = param_identities

# If type set to None, and Resource has None, nothing to do
if 'None' in param_identity.get('type', 'None') and current_managed_type == 'None':
pass
# If type set to None, and Resource has current identities, remove UserAssigned identities
# Or
elif param_identity.get('type', 'None') == 'None':
changed = True
# If type in module args different from current type, update identities
if new_managed_type == 'None' or curr_managed_type != new_managed_type:
elif current_managed_type != param_identity.get('type', 'None'):
changed = True

curr_user_assigned_identities = set(curr_identity.get('user_assigned_identities', {}).keys())
new_user_assigned_identities = set(new_identity.get('user_assigned_identities', {}).get('id', []))
result_user_assigned_identities = new_user_assigned_identities

# If type in module args contains 'UserAssigned'
if allow_identities_append and \
'UserAssigned' in new_managed_type and \
new_identity.get('user_assigned_identities', {}).get('append', True) is True:
result_user_assigned_identities = new_user_assigned_identities.union(curr_user_assigned_identities)

# Check if module args identities are different as current ones
if result_user_assigned_identities.difference(curr_user_assigned_identities) != set():
changed = True
if 'UserAssigned' in param_identity.get('type', 'None'):
if param_identity.get('user_assigned_identities', {}).get('append', False) is True:
external_identities = param_identities.union(current_managed_identities)
if len(current_managed_identities) != len(external_identities):
# update identities
changed = True
# If new identities have to overwrite current identities
else:
# Check if module args identities are different as current ones
if current_managed_identities.difference(external_identities) != set():
changed = True

result_identity = self.managed_identity['identity'](type=new_managed_type)
new_identity = self.managed_identity['identity'](type=param_identity.get('type'))

# Append identities to the model
if len(result_user_assigned_identities) > 0:
result_identity.user_assigned_identities = {}
for identity in result_user_assigned_identities:
result_identity.user_assigned_identities[identity] = self.managed_identity['user_assigned']()

return changed, result_identity
if external_identities:
new_identity.user_assigned_identities = {}
for identity in external_identities:
new_identity.user_assigned_identities[identity] = self.managed_identity['user_assigned']()

# TODO need to be removed after all modules changed to use the new name
update_identities = update_managed_identity
return changed, new_identity
9 changes: 3 additions & 6 deletions plugins/modules/azure_rm_adgroup_info.py
Original file line number Diff line number Diff line change
Expand Up @@ -380,12 +380,9 @@ async def get_transitive_group_members(self, group_id, filters=None):
)
if filters:
request_configuration.query_parameters.filter = filters
try:
response = await self._client.groups.by_group_id(group_id).transitive_members.get(
request_configuration=request_configuration)
return response.value
except Exception:
return
response = await self._client.groups.by_group_id(group_id).transitive_members.get(
request_configuration=request_configuration)
return response.value

async def get_raw_group_members(self, group_id, filters=None):
request_configuration = GroupItemRequestBuilder.GroupItemRequestBuilderGetRequestConfiguration(
Expand Down
46 changes: 13 additions & 33 deletions plugins/modules/azure_rm_aduser.py
Original file line number Diff line number Diff line change
Expand Up @@ -75,17 +75,6 @@
- The password for the user.
- Used when either creating or updating a user account.
type: str
password_force_change:
description:
- Whether or not the user will be forced to change their password at next logon.
- If unspecified, Azure defaults this to true for new users.
- Used when either creating or updating a user account.
type: bool
password_force_change_mfa:
description:
- Identical behavior to password_force_change except multi-factor authentication (MFA) must be performed prior to changing the password.
- Used when either creating or updating a user account.
type: bool
usage_location:
description:
- A two letter country code, ISO standard 3166.
Expand Down Expand Up @@ -271,8 +260,6 @@ def __init__(self):
account_enabled=dict(type='bool'),
display_name=dict(type='str'),
password_profile=dict(type='str', no_log=True),
password_force_change=dict(type='bool', no_log=False),
password_force_change_mfa=dict(type='bool', no_log=False),
mail_nickname=dict(type='str'),
on_premises_immutable_id=dict(type='str', aliases=['immutable_id']),
usage_location=dict(type='str'),
Expand All @@ -293,8 +280,6 @@ def __init__(self):
self.account_enabled = None
self.display_name = None
self.password_profile = None
self.password_force_change = None
self.password_force_change_mfa = None
self.mail_nickname = None
self.on_premises_immutable_id = None
self.usage_location = None
Expand Down Expand Up @@ -342,11 +327,12 @@ def exec_module(self, **kwargs):

if ad_user: # Update, changed

password_profile = PasswordProfile(
password=self.password_profile,
force_change_password_next_sign_in=self.password_force_change,
force_change_password_next_sign_in_with_mfa=self.password_force_change_mfa
)
password = None

if self.password_profile:
password = PasswordProfile(
password=self.password_profile,
)

should_update = False
if self.on_premises_immutable_id and ad_user.on_premises_immutable_id != self.on_premises_immutable_id:
Expand All @@ -363,11 +349,7 @@ def exec_module(self, **kwargs):
should_update = True
if should_update or self.display_name and ad_user.display_name != self.display_name:
should_update = True
if should_update or self.password_profile is not None:
should_update = True
if should_update or self.password_force_change is not None:
should_update = True
if should_update or self.password_force_change_mfa is not None:
if should_update or password:
should_update = True
if should_update or self.user_principal_name and ad_user.user_principal_name != self.user_principal_name:
should_update = True
Expand All @@ -380,7 +362,7 @@ def exec_module(self, **kwargs):
self.on_premises_extension_attributes_to_dict(ad_user.on_premises_extension_attributes) != self.on_premises_extension_attributes):
should_update = True
if should_update:
asyncio.get_event_loop().run_until_complete(self.update_user(ad_user, password_profile, extension_attributes))
asyncio.get_event_loop().run_until_complete(self.update_user(ad_user, password, extension_attributes))

self.results['changed'] = True

Expand Down Expand Up @@ -471,7 +453,7 @@ def to_dict(self, object):
on_premises_extension_attributes=self.on_premises_extension_attributes_to_dict(object.on_premises_extension_attributes)
)

async def update_user(self, ad_user, password_profile, extension_attributes):
async def update_user(self, ad_user, password, extension_attributes):
request_body = User(
on_premises_immutable_id=self.on_premises_immutable_id,
usage_location=self.usage_location,
Expand All @@ -480,7 +462,7 @@ async def update_user(self, ad_user, password_profile, extension_attributes):
user_type=self.user_type,
account_enabled=self.account_enabled,
display_name=self.display_name,
password_profile=password_profile,
password_profile=password,
user_principal_name=self.user_principal_name,
mail_nickname=self.mail_nickname,
company_name=self.company_name,
Expand All @@ -489,15 +471,13 @@ async def update_user(self, ad_user, password_profile, extension_attributes):
return await self._client.users.by_user_id(ad_user.id).patch(body=request_body)

async def create_user(self, extension_attributes):
password_profile = PasswordProfile(
password=self.password_profile,
force_change_password_next_sign_in=self.password_force_change,
force_change_password_next_sign_in_with_mfa=self.password_force_change_mfa
password = PasswordProfile(
password=self.password_profile
)
request_body = User(
account_enabled=self.account_enabled,
display_name=self.display_name,
password_profile=password_profile,
password_profile=password,
user_principal_name=self.user_principal_name,
mail_nickname=self.mail_nickname,
on_premises_immutable_id=self.on_premises_immutable_id,
Expand Down
Loading