Merge branch 'devel' into fix_hub_checks

Author: ivarmu

.pre-commit-config.yaml

@@ -6,7 +6,7 @@ repos:
       - id: end-of-file-fixer
       - id: trailing-whitespace
   - repo: 'https://github.com/ansible-community/ansible-lint.git'
-    rev: v26.1.0
+    rev: v26.1.1
     hooks:
       # see discussions here about what arguments are used, and behavior
       # https://github.com/ansible/ansible-lint/issues/649
@@ -26,7 +26,7 @@ repos:
     hooks:
       - id: markdownlint-cli2
   - repo: https://github.com/ambv/black
-    rev: 25.12.0
+    rev: 26.1.0
     hooks:
       - id: black
         name: black

changelogs/fragments/filetree_create_gateway_role_definitions.yaml

@@ -0,0 +1,4 @@
+---
+bugfixes:
+  - Export only non-managed role_definitions.
+...

changelogs/fragments/filetree_create_hub_roles.yaml

@@ -0,0 +1,4 @@
+---
+bugfixes:
+  - Don't export hub roles (included into the role_definitions).
+...

changelogs/fragments/filetree_create_input_tags.yaml

@@ -0,0 +1,4 @@
+---
+minor_changes:
+  - Moved the valid_tags from role vars to defaults
+...

changelogs/fragments/filetree_read_enhancements.yaml

@@ -0,0 +1,5 @@
+---
+minor_changes:
+  - Don't read the files if they don't contains the corresponding variable
+  - No need to initialize the variables that have to be read from the input files
+...

roles/filetree_create/defaults/main.yml

@@ -59,10 +59,66 @@ controller_configuration_filetree_create_secure_logging: "{{ controller_configur
 eda_configuration_filetree_create_secure_logging: "{{ controller_configuration_secure_logging | default('false') }}"
 hub_configuration_filetree_create_secure_logging: "{{ controller_configuration_secure_logging | default('false') }}"
 
-input_tag:
-  - all
-organization: 'ORGANIZATIONLESS'
-
 secrets_as_variables: true
 secrets_as_variables_prefix: "vaulted"
+
+organization: 'ORGANIZATIONLESS'
+
+input_tag:
+  - all
+valid_tags:
+  - all
+  - controller
+  - controller_settings
+  - controller_credentials
+  - controller_credential_types
+  - controller_execution_environments
+  - controller_groups
+  - controller_hosts
+  - controller_inventories
+  - controller_inventory_sources
+  - controller_job_templates
+  - controller_notification_templates
+  - controller_organizations
+  - controller_projects
+  - controller_roles
+  - controller_teams
+  - controller_users
+  - controller_workflow_job_templates
+  - controller_instance_groups
+  - controller_applications
+  - controller_labels
+  - controller_schedules
+  - controller_gateway_authenticator
+  - controller_gateway_authenticator_maps
+  - gateway
+  - gateway_applications
+  - gateway_authenticator_maps
+  - gateway_authenticators
+  - gateway_http_ports
+  - gateway_organizations
+  - gateway_role_definitions
+  - gateway_role_user_assignments
+  - gateway_routes
+  - gateway_service_clusters
+  - gateway_service_keys
+  - gateway_service_nodes
+  - gateway_services
+  - gateway_settings
+  - gateway_teams
+  - gateway_users
+  - eda
+  - eda_credential_types
+  - eda_credentials
+  - eda_decision_environments
+  - eda_event_streams
+  - eda_projects
+  - eda_rulebook_activations
+  - hub
+  - hub_namespaces
+  - hub_collections
+  - hub_collection_remotes
+  - hub_collection_repositories
+  - hub_ee_registries
+  - hub_ee_repositories
 ...

roles/filetree_create/tasks/all.yml

@@ -79,6 +79,9 @@
     - name: "Export Controller Schedules"
       ansible.builtin.include_tasks: "controller_schedules.yml"
       when: "'controller_schedules' in input_tag or 'controller' in input_tag or 'all' in input_tag"
+    - name: "Export Gateway Roles Definitions"
+      ansible.builtin.include_tasks: "gateway_role_definitions.yml"
+      when: "'gateway_role_definitions' in input_tag or 'gateway' in input_tag or 'all' in input_tag"
     - name: "Export Gateway Applications"
       ansible.builtin.include_tasks: "gateway_applications.yml"
       when: "'gateway_applications' in input_tag or 'gateway' in input_tag or 'all' in input_tag"
@@ -164,7 +167,4 @@
         - name: "Export HUB EE Images"
           ansible.builtin.include_tasks: "hub_ee_images.yml"
           when: "'hub_ee_images' in input_tag or 'hub' in input_tag or 'all' in input_tag"
-        - name: "Export HUB Roles"
-          ansible.builtin.include_tasks: "hub_roles.yml"
-          when: "'hub_roles' in input_tag or 'hub' in input_tag or 'all' in input_tag"
 ...

roles/filetree_create/tasks/gateway_role_definitions.yml

@@ -0,0 +1,27 @@
+---
+- name: "Get current Gateway Role Definitions from the API"
+  ansible.builtin.set_fact:
+    gateway_role_definitions_lookvar: "{{ query('ansible.platform.gateway_api', '/api/gateway/v1/role_definitions/',
+                                                query_params=(query_params | combine({'name': gateway_role_definition_name} if gateway_role_definition_name is defined else {})),
+                                                host=aap_hostname, oauth_token=aap_oauthtoken, verify_ssl=aap_validate_certs,
+                                                return_all=true, max_objects=query_gateway_api_max_objects)
+                                       }}"
+  vars:
+    query_params:
+      managed: false
+  no_log: "{{ configuration_filetree_create_secure_logging }}"
+
+- name: "Create the output directory for Gateway Role Definitions: {{ output_path }}"
+  ansible.builtin.file:
+    path: "{{ output_path }}"
+    state: directory
+    mode: '0755'
+
+- name: "Add current Gateway Role Definitions to the gateway_role_definitions.yaml output file in {{ output_path }}"
+  ansible.builtin.template:
+    src: "templates/gateway_role_definitions.j2"
+    dest: "{{ output_path }}/gateway_role_definitions.yaml"
+    mode: '0644'
+  vars:
+    current_gateway_role_definitions_asset_value: "{{ gateway_role_definitions_lookvar }}"
+...

roles/filetree_create/tasks/hub_roles.yml

@@ -0,0 +1,15 @@
+---
+gateway_role_definitions: {{ [] if current_gateway_role_definitions_asset_value | length == 0 }}
+{% set __excluded_fields = ['id', 'url', 'related', 'summary_fields', 'modified', 'created', 'modified_by', 'created_by', 'managed'] %}
+{% set __excluded_values = ['Platform Auditor'] %}
+{% set __list_items = [] %}
+{% for current_role_definition in current_gateway_role_definitions_asset_value if current_role_definition.name not in __excluded_values %}
+{%   for __map_item in (current_role_definition | dict2items) if __map_item.key not in __excluded_fields %}
+{%     if loop.index == 1 %}
+  - {{ __map_item.key }}: {{ __map_item.value | default('""' if __map_item.key not in __list_items else [], true) | replace("\\'", "''") }}
+{%     else %}
+    {{ __map_item.key }}: {{ __map_item.value | default('""' if __map_item.key not in __list_items else [], true) | replace("\\'", "''") }}
+{%     endif %}
+{%-  endfor %}
+{% endfor %}
+...