Add pulp_content_guard role

markgoddard · markgoddard · commit 3609deffcbf0 · 2021-11-16T16:47:31.000Z
This role currently supports adding x509 cert guard content guards.
diff --git a/README.md b/README.md
@@ -11,6 +11,7 @@ Tested with the current Ansible 2.9-2.10 releases.
 
 ## Included content
 
+pulp_contentguard role
 pulp_repository role
 
 ## Using this collection
diff --git a/roles/pulp_content_guard/README.md b/roles/pulp_content_guard/README.md
@@ -0,0 +1,39 @@
+pulp_content_guard
+==================
+
+This role manages Pulp content guards.
+
+Role variables
+--------------
+
+* `pulp_url`: URL of Pulp server. Default is `https://localhost:8080`
+* `pulp_username`: Username used to access Pulp server. Default is `admin`
+* `pulp_password`: Password used to access Pulp server. Default is unset
+* `pulp_validate_certs`: Whether to validate Pulp server certificate. Default is `true`
+* `pulp_content_guard_x509_cert_guards`: List of x509 cert guards. Each item is
+  a dict with the following keys: `name`, `description`, `ca_certificate`,
+  `state`.
+
+
+Example playbook
+----------------
+
+```
+---
+- name: Create Pulp content guards
+  any_errors_fatal: True
+  gather_facts: True
+  hosts: all
+  roles:
+    - role: stackhpc.pulp.pulp_contentguard
+      pulp_username: admin
+      pulp_password: "{{ secrets_pulp_admin_password }}"
+      pulp_content_guard_x509_cert_guards:
+        - name: test_cert_guard
+          description: For testing
+          ca_certificate: |-
+            -----BEGIN CERTIFICATE-----
+            ...
+            -----END CERTIFICATE-----
+          state: present
+```
diff --git a/roles/pulp_content_guard/defaults/main.yml b/roles/pulp_content_guard/defaults/main.yml
@@ -0,0 +1,7 @@
+---
+pulp_url: https://localhost:8080
+pulp_username: admin
+pulp_password:
+pulp_validate_certs: true
+
+pulp_content_guard_x509_cert_guards: []
diff --git a/roles/pulp_content_guard/tasks/main.yml b/roles/pulp_content_guard/tasks/main.yml
@@ -0,0 +1,14 @@
+---
+- name: Ensure x509 cert guards exist
+  pulp.squeezer.x509_cert_guard:
+    pulp_url: "{{ pulp_url }}"
+    username: "{{ pulp_username }}"
+    password: "{{ pulp_password }}"
+    validate_certs: "{{ pulp_validate_certs | bool }}"
+    name: "{{ item.name }}"
+    description: "{{ item.description | default(omit) }}"
+    ca_certificate: "{{ item.ca_certificate | default(omit) }}"
+    state: "{{ item.state }}"
+  with_items: "{{ pulp_content_guard_x509_cert_guards }}"
+  loop_control:
+    label: "{{ item.name }}"
