Merge pull request #48 from Tompage1994/license_update

Update license role

Author: Jonathan Lozada D

roles/license/README.md

@@ -1,38 +1,109 @@
-Role Name
-=========
+# tower_configuration.license
+## Description
+An Ansible Role to deploy a license to Ansible Tower.
 
-A brief description of the role goes here.
+## Requirements
+ansible-galaxy collection install -r tests/collections/requirements.yml to be installed
+Currently:
+  awx.awx
 
-Requirements
-------------
+## Variables
+|Variable Name|Default Value|Required|Description|Example|
+|:---:|:---:|:---:|:---:|:---:|
+|`tower_hostname`|""|yes|URL to the Ansible Tower Server.|127.0.0.1|
+|`validate_certs`|`False`|no|Whether or not to validate the Ansible Tower Server's SSL certificate.||
+|`tower_username`|""|yes|Admin User on the Ansible Tower Server.||
+|`tower_password`|""|yes|Tower Admin User's password on the Ansible Tower Server.  This should be stored in an Ansible Vault at vars/tower-secrets.yml or elsewhere and called from a parent playbook.||
+|`tower_oauthtoken`|""|yes|Tower Admin User's token on the Ansible Tower Server.  This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook.||
+|`tower_license`|`see below`|yes|Data structure describing your license for Tower, described below.||
 
-Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+### Secure Logging Variables
+The following Variables compliment each other.
+If Both variables are not set, secure logging defaults to false.
+The role defaults to False as normally the add credential input source task does not include sensative information.
+tower_configuration_credential_input_sources_secure_logging defaults to the value of tower_configuration_secure_logging if it is not explicitly called. This allows for secure logging to be toggled for the entire suite of tower configuration roles with a single variable, or for the user to selectively use it.
 
-Role Variables
---------------
+|Variable Name|Default Value|Required|Description|
+|:---:|:---:|:---:|:---:|
+|`tower_configuration_license_secure_logging`|`False`|no|Whether or not to include the sensative license role tasks in the log.  Set this value to `True` if you will be providing your sensitive values from elsewhere.|
+|`tower_configuration_secure_logging`|`False`|no|This variable enables secure logging as well, but is shared accross multiple roles, see above.|
 
-A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+## Data Structure
+### Varibles
+|Variable Name|Default Value|Required|Type|Description|
+|:---:|:---:|:---:|:---:|:---:|
+|`data`|""|yes|obj|The contents of the license file (Suggested usage with lookup plugin)|
+|`eula_accepted`|""|yes|bool|Whether to accept the End User License Agreement for Ansible Tower|
 
-Dependencies
-------------
+For further details on fields see https://docs.ansible.com/ansible-tower/latest/html/userguide/credential_plugins.html
 
-A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+### Standard Project Data Structure
+#### Json Example
+```json
+---
+{
+    "tower_license": {
+        "data": "{{ lookup('file', '/tmp/my_tower.license') }}",
+        "eula_accepted": true
+      }
+}
+```
+#### Yaml Example
+```yaml
+---
+tower_credential_input_sources:
+  data: "{{ lookup('file', '/tmp/my_tower.license') }}"
+  eula_accepted: true
+```
 
-Example Playbook
-----------------
+## Playbook Examples
+### Standard Role Usage
+```yaml
+---
+- name: Add License to Tower
+  hosts: localhost
+  gather_facts: false
+  connection: local
 
-Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+  # Bring in vaulted Ansible Tower secrets
+  vars_files:
+    - "../var/tower-secrets.yml"
 
-    - hosts: servers
-      roles:
-         - { role: username.rolename, x: 42 }
+  tasks:
 
-License
--------
+    - name: Get token for use during play
+      uri:
+        url: "https://{{ tower_hostname }}/api/v2/tokens/"
+        method: POST
+        user: "{{ tower_username }}"
+        password: "{{ tower_passname }}"
+        force_basic_auth: true
+        status_code: 201
+        validate_certs: false
+      register: user_token
+      no_log: true
 
-BSD
+    - name: Set Tower oath Token
+      set_fact:
+        tower_oauthtoken: "{{ user_token.json.token }}"
 
-Author Information
-------------------
+    - name: Import vars
+      include_vars:
+        file: "vars/extra_vars.yml"
 
-An optional section for the role authors to include contact information, or a website (HTML is not allowed).
+    - name: Import JSON
+      include_vars:
+        file: "json/license.json"
+        name: "license_json"
+
+    - name: Add License
+      include_role:
+        name: redhat_cop.tower_configuration.license
+      vars:
+        tower_credential_input_sources: "{{ license_json.tower_license }}"
+```
+## License
+[MIT](LICENSE)
+
+## Author
+[Tom Page](https://github.com/Tompage1994)

roles/license/defaults/main.yml

@@ -1,2 +1,10 @@
 ---
-# defaults file for license role
+tower_hostname: ""
+tower_oauthtoken: ""
+tower_validate_certs: false
+tower_configuration_license_secure_logging: "{{tower_configuration_secure_logging | default(false)}}"
+
+# Example license datastructure but no sensible default.
+# tower_license:
+#   data: "{{ lookup('file', '/tmp/my_tower.license') }}"
+#   eula_accepted: true

roles/license/meta/main.yml

@@ -33,13 +33,12 @@ galaxy_info:
       versions:
         - "all"
 
-  galaxy_tags: []
-  # List tags for your role here, one per line. A tag is a keyword that describes
-  # and categorizes the role. Users find roles by searching for tags. Be sure to
-  # remove the '[]' above, if you add tags to this list.
-  #
-  # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
-  #       Maximum 20 tags per role.
+  galaxy_tags:
+    - "ansibletower"
+    - "tower"
+    - "awx"
+    - "configuration"
+    - "license"
 
 dependencies: []
 # List your role dependencies here, one per line. Be sure to remove the '[]' above,

roles/license/tasks/main.yml

@@ -1,6 +1,20 @@
 ---
 # tasks file for license role
+- name: Ensure EULA Accepted
+  assert:
+    that:
+      - tower_license.eula_accepted
+    fail_msg: "You must accept the EULA by passing in the param eula_accepted as true"
+
 - name: Install the tower license
   awx.awx.tower_license:
-    data: "{{ lookup('file', '/tmp/my_tower.license') }}"
-    eula_accepted: true
+    data:                           "{{ tower_license.data }}"
+    eula_accepted:                  "{{ tower_license.eula_accepted }}"
+    tower_username:                 "{{ tower_username | default(omit) }}"
+    tower_password:                 "{{ tower_password | default(omit) }}"
+    tower_oauthtoken:               "{{ tower_oauthtoken | default(omit) }}"
+    tower_host:                     "{{ tower_hostname }}"
+    tower_config_file:              "{{ tower_config_file | default(omit) }}"
+    validate_certs:                 "{{ tower_validate_certs | default('true') }}"
+  no_log: "{{ tower_configuration_license_secure_logging }}"
+  when: tower_license is defined

roles/license/tests/collections/requirements.yml

@@ -0,0 +1,4 @@
+---
+collections:
+  - name: awx.awx
+    version: 13.0.0

roles/license/tests/inventory

@@ -0,0 +1,6 @@
+{
+  "tower_license": {
+    "data": "{{ lookup('file', '/tmp/my_tower.license') }}",
+    "eula_accepted": true
+  }
+}

roles/license/tests/json/license.json

@@ -1,5 +1,42 @@
 ---
-- hosts: localhost
-  remote_user: root
-  roles:
-    - license
+- name: Add License to Ttower
+  hosts: localhost
+  gather_facts: false
+  connection: local
+
+  # Bring in vaulted Ansible Tower secrets
+  vars_files:
+    - "../var/tower-secrets.yml"
+
+  tasks:
+
+    - name: Get token for use during play
+      uri:
+        url: "https://{{ tower_hostname }}/api/v2/tokens/"
+        method: POST
+        user: "{{ tower_username }}"
+        password: "{{ tower_passname }}"
+        force_basic_auth: true
+        status_code: 201
+        validate_certs: false
+      register: user_token
+      no_log: true
+
+    - name: Set Tower oath Token
+      set_fact:
+        tower_oauthtoken: "{{ user_token.json.token }}"
+
+    - name: Import vars
+      include_vars:
+        file: "vars/extra_vars.yml"
+
+    - name: Import JSON
+      include_vars:
+        file: "json/license.json"
+        name: "license_json"
+
+    - name: Add License
+      include_role:
+        name: redhat_cop.tower_configuration.license
+      vars:
+        tower_credential_input_sources: "{{ license_json.tower_license }}"

roles/license/tests/test.yml

@@ -0,0 +1,2 @@
+# Placeholder file
+# You should create an Ansible vault here when tower_secrets: true