Added modules to retrieve policy group and security policy objects

.gitignore

@@ -4,3 +4,12 @@
 .DS_Store
 # test output
 *.retry
+# Eclipse IDE and Pydev Stuff
+.project
+org.eclipse.*
+.settings/*
+.pydevproject
+.project
+#tests/pydbg/*
+Pipfile*
+tests/pydbg

galaxy.yml

@@ -2,20 +2,16 @@ namespace: vmware
 
 name: ansible_for_nsxt
 
-version: 1.0.0
+version: 1.0.3
 
 readme: README.md
 
 authors:
-- Gautam Verma @ggverma (https://vmware.slack.com/archives/CTE293BSS)
-- Rahul Raghuvanshi @r-raghu (https://vmware.slack.com/archives/CTE293BSS)
+- Gautam Verma 
+- Rahul Raghuvanshi 
 
 description: Ansible Modules for NSX-t
 
-license:
-- GPL-3.0-only
-- BSD-2-Clause-FreeBSD
-
 license_file: LICENSE.txt 
 
 tags: [vmware, ansible, nsxt]

plugins/module_utils/common_utils.py

@@ -164,3 +164,82 @@ def get_upgrade_orchestrator_node(module, mgr_hostname, mgr_username, mgr_passwo
         module.fail_json(changed=True, msg='Error getting ip address of the upgrade'
                         ' orchestrator node. Error: {}'.format(err))
     return resp['service_properties']['enabled_on'];
+
+def build_url_query_string(parm_dict):
+    '''
+    This function just builds up a URL query string of the form:
+    
+    ?parm1=val1&bool1=True&bool2=False
+    
+    '''
+    qstring = ""
+    qlist = list()
+    for dkey in parm_dict.keys():
+        if parm_dict[dkey] is not None:
+            if type(parm_dict[dkey]) is bool:
+                qlist.append("{}={}".format(dkey,str(parm_dict[dkey])))
+            else:
+                qlist.append("{}={}".format(dkey,parm_dict[dkey]))
+    if qlist:
+        qstring = "?{}".format("&".join(qlist))
+    return qstring
+
+def build_url_query_dict(params,query_keys):
+    '''
+    The params dict in many of the modules contains a lot of keys. Some keys pertain
+    to the URL path, some to things like credentials, certificates etc.
+    We only want to process the ones relating to the query section of a URL. So the whole set of params is passed here
+    along with a filter defined as the set of keys pertaining to the query section.
+    The fields are filtered down
+    '''
+    query_params_dict = { k:v for (k,v) in params.items() if k in query_keys }
+    return query_params_dict
+
+def do_objects_get(module,manager_url,module_params,
+                        headers=dict(Accept='application/json'), validate_certs=True, ignore_errors=False):
+
+    mgr_username = module_params["username"]
+    mgr_password = module_params["password"]
+    nsx_cert_path = module_params["nsx_cert_path"]
+    nsx_key_path = module_params["nsx_key_path"]
+    # If a cursor was provided, or a page size then we are making a single call
+    # If we test for a key that doesn't exist and trap
+    mp_keys = module_params.keys()
+    if ('cursor' in mp_keys and module_params['cursor'] is not None ) or ('page_size' in mp_keys  and module_params['page_size'] is not None):
+        try:
+            (rc, resp) = request(manager_url, headers=dict(Accept='application/json'),
+                        url_username=mgr_username, url_password=mgr_password, validate_certs=validate_certs, ignore_errors=True)
+        except Exception as err:
+            module.fail_json(msg='Error retrieving groups. Error [%s]' % (to_native(err)))
+    else:
+        # No cursor parameter was provided so all data is being fetched
+        # This might still require multiple calls if there are more objects than are allowed to be returned in a single call
+        still_more_groups = True
+        cursor = None
+        all_group_data = dict()
+    #        all_group_data["results"] = list()
+        while still_more_groups:
+            if cursor:
+                # Add the cursor to the URL
+                url_with_cursor = "{}&cursor={}".format(manager_url,cursor)
+            else:
+                url_with_cursor = manager_url
+            try:
+                (rc, resp) = request(url_with_cursor, headers=dict(Accept='application/json'),
+                        url_username=mgr_username, url_password=mgr_password, validate_certs=validate_certs, ignore_errors=True)
+            except Exception as err:
+                module.fail_json(msg='Error retrieving groups. Error [%s]' % (to_native(err)))
+            if not "cursor" in resp:
+                still_more_groups = False
+            else:
+                cursor = resp["cursor"]
+            # Add new results to existing results
+            # If this is the first add, all the other data besides the "results" needs to be added
+            if not "results" in all_group_data:
+                all_group_data = resp
+            else:
+                # JUst add the additionally fetched results
+                all_group_data["results"] += resp["results"]
+        resp = all_group_data
+    return resp
+

plugins/module_utils/nsxt_resource_urls.py

@@ -67,3 +67,6 @@
 BFD_PROFILE_URL = '/infra/bfd-profiles'
 
 GATEWAY_POLICY_URL = _DOMAIN_URL + '/{}/gateway-policies'
+
+LOCAL_POLICY_URL = '/policy/api/v1/infra'
+GLOBAL_POLICY_URL = '/global-manager/api/v1/global-infra'

plugins/modules/nsxt_policy_domain_deployment_maps_info.py

@@ -0,0 +1,180 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+                    'status': ['preview'],
+                    'supported_by': 'community'}
+
+
+DOCUMENTATION = '''
+---
+module: nsxt_policy_domain_deployment_maps_info
+short_description: List deployment maps for policy domain
+description: Returns paginated list of policy domain deployment maps
+             Deployment maps relate to the local manager sites associated with a domain
+
+
+version_added: "X.Y"
+author: Ed McGuigan <[email protected]>
+options:
+    hostname:
+        description: Deployed NSX manager hostname.
+        required: true
+        type: str
+    username:
+        description: The username to authenticate with the NSX manager.
+        required: true
+        type: str
+    password:
+        description: The password to authenticate with the NSX manager.
+        required: true
+        type: str
+    ca_path:
+        description: Path to the CA bundle to be used to verify host's SSL
+                     certificate
+        type: str
+    nsx_cert_path:
+        description: Path to the certificate created for the Principal
+                     Identity using which the CRUD operations should be
+                     performed
+        type: str
+    nsx_key_path:
+        description:
+            - Path to the certificate key created for the Principal Identity
+              using which the CRUD operations should be performed
+            - Must be specified if nsx_cert_path is specified
+        type: str        
+
+    global_infra:
+        description: Flag set to True when targeting a Global NSX Manager (Federation)
+        required: false
+        type: bool
+
+    domain_id:
+        description: domain id for domain for which deployment maps 
+        required: true
+        type: string
+
+    page_size:
+        description: if there is a desire to fetch the data in chunks rather than all at
+                     once, an integer specifying the maximum number of objects to fetch
+        required: false
+        type: integer
+
+    cursor:
+        description: when a page_size is specified, the returned data includes a "cursor" that
+                     must be provided in a subsequent call in order to carry on where the prior call
+                     left off. User would need to capture the cursor value from one call and provide it
+                     in the next call
+        required: false
+        type: string
+
+    include_mark_for_delete_objects:
+        description: Show groups marked for deletion
+        required: false
+        type: bool
+        default: False
+
+    included_fields:
+        description: Show groups marked for deletion
+        required: Comma separated list of fields that should be included in query result
+        type: string
+        default: False
+
+    sort_ascending:
+        description: Used to reverse sort order by setting it to False
+        required: false
+        type: bool
+        default: True
+
+    sort_by:
+        description: Field to sort on
+        required: false
+        type: string
+        default: 
+
+'''
+
+EXAMPLES = '''
+     - name: List domain deployment maps
+        vmware.ansible_for_nsxt.nsxt_policy_domain_deployment_maps:
+          hostname: "{{ inventory_hostname }}"
+          "username": "{{ username }}"
+          "password": "{{ password }}"
+          validate_certs: False
+          domain_id: "{{ nsxt_domain }}"
+        register: nsxt_domain_deployment_maps
+        delegate_to: 127.0.0.1
+'''
+
+RETURN = '''# '''
+import json
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.vmware.ansible_for_nsxt.plugins.module_utils.vmware_nsxt import vmware_argument_spec, request
+from ansible_collections.vmware.ansible_for_nsxt.plugins.module_utils.policy_communicator import PolicyCommunicator
+from ansible_collections.vmware.ansible_for_nsxt.plugins.module_utils.common_utils import build_url_query_dict, build_url_query_string, do_objects_get
+from ansible.module_utils._text import to_native
+from ansible_collections.vmware.ansible_for_nsxt.plugins.module_utils.nsxt_resource_urls import GLOBAL_POLICY_URL, LOCAL_POLICY_URL
+
+def main():
+    # Fetch the specification of the absolute basic arguments needed to connect to the NSX Manager
+    argument_spec = PolicyCommunicator.get_vmware_argument_spec()
+    # The URL will need to be specified as being non-global or global and we will need a domain
+    URL_path_spec = dict(
+        global_infra=dict(type='bool', required=False, default=False),
+        domain_id=dict(type='str', required=False, default='default')
+        )
+    '''
+    Now add the arguments relating to query field in the URL for this GET method
+    All the options from the API are offered, including paging. Not sure when a user
+    might want to use paging but the option is provided.
+    If no paging specification is provided, I need to make sure that 
+    all data is retrieved, looking for a returned cursor in the response
+    indicating that there is more data to fetch.
+
+    NOTE: I suspect that the member_types filter parameter is not actually valid
+    for a Policy Group where membership is described by a series of expressions
+    and this may be an error when converting from MP ( Management Plane ) Groups
+    to Policy Groups
+    '''
+    URL_query_spec = dict(
+                            include_mark_for_delete_objects=dict(type='bool', required=False),
+                            included_fields=dict(type='str', required=False),
+                            sort_ascending=dict(type='bool', required=False, default=True),
+                            sort_by=dict(type='str', required=False),
+                            page_size=dict(type='int'   , required=False ),
+                            cursor=dict(type='str', required=False )
+                            )
+    # Combine the base URL, URL path spec and URL query argument specs
+    URL_path_spec.update(URL_query_spec)
+    argument_spec.update(URL_path_spec)
+    # Some code to validate the arguments provided with the invocation of the module
+    # in a playbook versus the defined argument spec.
+    module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+    mgr_hostname = module.params['hostname']
+    validate_certs = module.params['validate_certs']
+    domain_id = module.params['domain_id']
+    if module.params['global_infra']:
+        url_path_root = GLOBAL_POLICY_URL
+    else:
+        url_path_root = LOCAL_POLICY_URL
+
+    # Need to build up a query string
+    url_query_string = build_url_query_string( build_url_query_dict(module.params, URL_query_spec.keys() ) )
+    manager_url = 'https://{}{}/domains/{}/domain-deployment-maps'.format(mgr_hostname,url_path_root,domain_id,url_query_string)
+
+    changed = False
+    '''
+    We potentially need to loop to fetch all data the code here will be the same for
+    any object we are doing a GET on, not just Policy Groups, so I have put it into a function and put the function
+    in the common_utils package.
+    '''
+    resp = do_objects_get(module,manager_url,module.params,
+                        headers=dict(Accept='application/json'),validate_certs=validate_certs, ignore_errors=True)     
+
+    module.exit_json(changed=changed, **resp)
+if __name__ == '__main__':
+    main()