forked from gcoop-libre/ansible_tools
-
Notifications
You must be signed in to change notification settings - Fork 0
/
awx-grant-filter
executable file
·128 lines (89 loc) · 2.79 KB
/
awx-grant-filter
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
#!/bin/bash
# This script comes with ABSOLUTELY NO WARRANTY, use at own risk
# Copyright (C) 2021 Osiris Alejandro Gomez <osiris@gcoop.coop>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# shellcheck disable=SC1090
# shellcheck disable=SC1091
# shellcheck source=/dev/null
DIR_BIN=$(dirname "$0") && source "$DIR_BIN/awx-common"
function usage()
{
cat << EOF
Usage:
\`\`\`bash
$BIN ROLE_FILE TEAM_NAME
\`\`\`
Filter grants from ROLE_FILE and generate awx-cli role grant
Example CSV:
\`\`\`
RESOURCE_TYPE RESOURCE_NAME TYPE
inventory wst admin
project ansible_wst_v1.6.0 use
job_template wst_upd_v1.6.0 execute
workflow wfw_pve_apt_v1.2.0 execute
\`\`\`
Example:
\`\`\`bash
$BIN role/devops.csv support
## inventory
awx-cli role grant -v --team support --type admin --inventory wst
## project
awx-cli role grant -v --team support --type use --project ansible_wst_v1.6.0
## job_template
awx-cli role grant -v --team support --type execute --job-template wst_upd_v1.6.0
## workflow
awx-cli role grant -v --team support --type execute --workflow wfw_pve_apt_v1.2.0
\`\`\`
EOF
exit 0
}
[[ "$1" =~ ^[-]+(h|help) ]] && usage
[[ -z "$1" ]] && die "EMPTY ROLE FILE"
[[ -z "$2" ]] && die "EMPTY TEAM NAME"
[[ -e "$1" ]] || die "NOT FOUND FILE $1"
TMP1="$(mktemp)"
TMP2="$(mktemp)"
ROLE="$1"
TEAM="$2"
CLI_PREFIX="awx-cli role grant -v --team $TEAM --type "
for i in credential inventory project job_template workflow
do
awk "/^$i/" "$ROLE" > "$TMP1"
REAL_PATH="$(realpath "$ROLE")"
DIR="$(dirname "$REAL_PATH")"
EXCLUDE="$DIR/$TEAM.$i.exclude"
if [[ -e "$EXCLUDE" ]]
then
grep -f "$EXCLUDE" "$TMP1" > "$TMP2"
else
cp -f "$TMP1" "$TMP2"
fi
PREVIOUS=''
while read -r RESOURCE_TYPE RESOURCE_NAME TYPE
do
[[ -z "$TYPE" ]] && TYPE='use'
if [[ "$RESOURCE_TYPE" != "$PREVIOUS" ]]
then
printf "\\n## %s\\n\\n" "$RESOURCE_TYPE"
fi
printf "%s %-10s %-15s %s\\n" \
"$CLI_PREFIX" "$TYPE" \
"--${RESOURCE_TYPE//job_template/job-template}" \
"$RESOURCE_NAME"
PREVIOUS="$RESOURCE_TYPE"
done < "$TMP2"
done
rm -f "$TMP1"
rm -f "$TMP2"