Role Module Changes

playbooks/modules/info.yml

@@ -248,3 +248,12 @@
         api_password: "{{ api_password }}"
         gather_subset:
           - support_assist_settings
+
+    - name: Get auth roles from PowerScale cluster
+      dellemc.powerscale.info:
+        onefs_host: "{{ onefs_host }}"
+        verify_ssl: "{{ verify_ssl }}"
+        api_user: "{{ api_user }}"
+        api_password: "{{ api_password }}"
+        gather_subset:
+          - roles

playbooks/modules/role.yml

@@ -0,0 +1,95 @@
+---
+- name: Role Module Operations on PowerScale Storage
+  hosts: localhost
+  connection: local
+  vars:
+    onefs_host: "10.**.**.**"
+    port_no: "8080"
+    api_user: "******"
+    api_password: "p******"
+    verify_ssl: false
+    access_zone: "System"
+
+  tasks:
+    - name: Create Role
+      dellemc.powerscale.role:
+        onefs_host: "{{ onefs_host }}"
+        port_no: "{{ port_no }}"
+        api_user: "{{ api_user }}"
+        api_password: "{{ api_password }}"
+        verify_ssl: "{{ verify_ssl }}"
+        role_name: "Test_Role"
+        description: "Description"
+        access_zone: "System"
+        privileges:
+          - name: "Audit"
+            permission: "w"
+            state: "present"
+          - name: "Backup"
+            permission: "r"
+            state: "present"
+        members:
+          - name: "Everyone"
+            type: "wellknown"
+            state: "present"
+        state: "present"
+
+    - name: Copy Role
+      dellemc.powerscale.role:
+        onefs_host: "{{ onefs_host }}"
+        port_no: "{{ port_no }}"
+        api_user: "{{ api_user }}"
+        api_password: "{{ api_password }}"
+        verify_ssl: "{{ verify_ssl }}"
+        role_name: "Test_Role"
+        description: "Copy Role via Ansible"
+        copy_role: true
+        new_role_name: ""
+        access_zone: "{{ access_zone }}"
+        privileges:
+          - name: "Cluster"
+            permission: "r"
+            state: "present"
+        state: "present"
+
+    - name: Get role details
+      dellemc.powerscale.role:
+        onefs_host: "{{ onefs_host }}"
+        port_no: "{{ port_no }}"
+        api_user: "{{ api_user }}"
+        api_password: "{{ api_password }}"
+        verify_ssl: "{{ verify_ssl }}"
+        role_name: "Test_Role"
+        access_zone: "{{ access_zone }}"
+
+    - name: Modify Role
+      dellemc.powerscale.role:
+        onefs_host: "{{ onefs_host }}"
+        port_no: "{{ port_no }}"
+        api_user: "{{ api_user }}"
+        api_password: "{{ api_password }}"
+        verify_ssl: "{{ verify_ssl }}"
+        role_name: "Test_Role"
+        new_role_name: "Test_Copy_Modify"
+        description: "Test_Description_Modify12"
+        access_zone: "System"
+        privileges:
+          - name: "Audit"
+            permission: "w"
+            state: "present"
+        members:
+          - name: "esa"
+            provider_type: "local"
+            type: "user"
+            state: "absent"
+        state: "present"
+
+    - name: Delete Role
+      dellemc.powerscale.role:
+        onefs_host: "{{ onefs_host }}"
+        api_user: "{{ api_user }}"
+        api_password: "{{ api_password }}"
+        verify_ssl: "{{ verify_ssl }}"
+        role_name: "Test_Role"
+        state: "absent"
+        access_zone: "{{ access_zone }}"

plugins/module_utils/storage/dell/shared_library/auth.py

@@ -109,3 +109,18 @@ def get_group_user_id(self, persona, persona_type, zone):
                 zone=zone,
                 provider=persona['provider_type'])['groups'][0]['gid']
         return details
+
+    def get_auth_roles(self, zone):
+        """
+        Get details of the auth role
+        """
+        LOG.info("Getting auth role details.")
+        try:
+            resp = self.auth_api.list_auth_roles(zone=zone).to_dict()
+            return resp
+        except Exception as e:
+            error_msg = utils.determine_error(error_obj=e)
+            error_message = f'Failed to get the auth role list ' \
+                            f'due to error {error_msg}.'
+            LOG.error(error_message)
+            self.module.fail_json(msg=error_message)

plugins/module_utils/storage/dell/utils.py

@@ -549,3 +549,7 @@ def get_nfs_map_object():
 def is_email_address_valid(address):
     if address is not None and re.search(r'^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$', address) is None:
         return True
+
+
+def is_param_length_valid(item):
+    return len(item) <= 225

plugins/modules/info.py

@@ -131,6 +131,7 @@
     - Cluster owner C(cluster_owner)
     - SNMP settings - C(snmp_settings).
     - Server certificate - C(server_certificate).
+    - roles - C(roles).
     - Support assist settings- C(support_assist_settings).
     required: true
     choices: [attributes, access_zones, nodes, providers, users, groups,
@@ -140,7 +141,7 @@
               node_pools, storagepool_tiers, smb_files, user_mapping_rules, ldap,
               nfs_zone_settings, nfs_default_settings, nfs_global_settings, synciq_global_settings, s3_buckets,
               smb_global_settings, ntp_servers, email_settings, cluster_identity, cluster_owner, snmp_settings,
-              server_certificate, support_assist_settings]
+              server_certificate, roles, support_assist_settings]
     type: list
     elements: str
 notes:
@@ -2164,6 +2165,65 @@
             "status": "valid",
             "subject": "C=IN, ST=Karnataka, L=Bangalore, O=Dell, OU=ISG, CN=powerscale, emailAddress=contact@dell.com"
         }]
+roles:
+    description: List of auth roles.
+    type: dict
+    returned: Always
+    contains:
+        description:
+            description: Description of the auth role.
+            type: str
+        id:
+            description: id of the auth role.
+            type: str
+        name:
+            description: Name of the auth role.
+            type: str
+        members:
+            description: Specifies the members of auth role.
+            type: list
+            contains:
+                id:
+                    description: ID of the member.
+                    type: str
+                name:
+                    description: Name of the member.
+                    type: str
+                type:
+                    description: Specifies the type of the member.
+                    type: str
+        privileges:
+            description: Specifies the privileges of auth role.
+            type: list
+            contains:
+                id:
+                    description: ID of the privilege.
+                    type: str
+                name:
+                    description: Name of the privilege.
+                    type: str
+                permission:
+                    description: Specifies the permission of the privilege.
+                    type: str
+    sample:
+        {
+           "roles":
+           [{
+                "description" : "Test_Description",
+                "id" : "Test_Role",
+                "members" : [{
+                    "id" : "UID:2008",
+                    "name" : "esa",
+                    "type" : "user"
+                }],
+                "name" : "Test_Role",
+                "privileges" : [{
+                    "id" : "ISI_PRIV_LOGIN_PAPI",
+                    "name" : "Platform API",
+                    "permission" : "r"
+                }]
+            }]
+        }
 support_assist_settings:
     description: The support assist settings details.
     type: dict
@@ -2350,6 +2410,8 @@
     import Cluster
 from ansible_collections.dellemc.powerscale.plugins.module_utils.storage.dell.shared_library.certificate \
     import Certificate
+from ansible_collections.dellemc.powerscale.plugins.module_utils.storage.dell.shared_library.auth \
+    import Auth
 from ansible_collections.dellemc.powerscale.plugins.module_utils.storage.dell.shared_library.support_assist \
     import SupportAssist
 from ansible_collections.dellemc.powerscale.plugins.module_utils.storage.dell \
@@ -2964,6 +3026,7 @@ def perform_module_operation(self):
         cluster_owner = {}
         snmp_settings = {}
         server_certificate = []
+        roles = {}
         support_assist_settings = {}
 
         if 'attributes' in str(subset):
@@ -3042,6 +3105,8 @@ def perform_module_operation(self):
                 self.protocol_api, self.module).get_snmp_settings()
         if 'server_certificate' in str(subset):
             server_certificate = Certificate(self.certificate_api, self.module).get_server_certificate_with_default()
+        if 'roles' in str(subset):
+            roles = Auth(self.auth_api, self.module).get_auth_roles(access_zone)
         if 'support_assist_settings' in str(subset):
             support_assist_settings = SupportAssist(
                 self.support_assist_api, self.module).get_support_assist_settings()
@@ -3083,6 +3148,7 @@ def perform_module_operation(self):
             ClusterOwner=cluster_owner,
             SnmpSettings=snmp_settings,
             ServerCertificate=server_certificate,
+            roles=roles,
             support_assist_settings=support_assist_settings
         )
 
@@ -3153,6 +3219,7 @@ def get_info_parameters():
                                     'cluster_owner',
                                     'snmp_settings',
                                     'server_certificate',
+                                    'roles',
                                     'support_assist_settings'
                                     ]),
     )