Add module to configure Pure Storage FlashArray Directory Services

[sdodsley]

SUMMARY

Add a new module to configure the Directory Service settings on a Pure
Storage FlashArray.
Create, enable, disable and delete are enabled.
There is no facility to set SSL certs in this modules

ISSUE TYPE

• New Module Pull Request

COMPONENT NAME

storage/purestorage/purefa_ds

ANSIBLE VERSION

2.5

[theraggedcoder]

Looks good. Does what it says. Thanks for this @sdodsley

[maxamillion]

This function doesn't appear to do anything.

[sdodsley]

This is here as a placeholder for future functionality

[abadger]

I think things like this will traceback in check-mode because changed hasn't been set to a default value (Should default to True).

Also, for this particular module, check_mode doesn't seem to be doing anything so you probably just want to say supports_check_mode=False when creating the AnsibleModule.

[abadger]

When a module does not support check mode, ansible always reports that it would have changed something which is the safest assumption for the user.

[abadger]

Do we really want to catch any exception here and hide it from the user? It seems like we'd need to see the exception messages in order to debug problems rather than silently thinking that the module succeeded and did not have to make any changes.

[sdodsley]

There is no exception to show. It's a flag that we are setting. If it fails then something else is wrong in the configuration, however the configuration has been validated as much as possible at creation time in the create_ds function. We can't say what would be wrong with the config as it could be a typo with a password, username, password etc.

[abadger]

Right. So we probably want to module.fail_json() here so that the user

can fix whatever is wrong. If we don't do that, then they think that the flag has been successfully set when it hasn't been updated.

…

[sdodsley]

@abadger Good idea. Thanks. Implemented

[abadger]

I think it should look like this:

from ansible.module_utils._text import to_native
[...]

def enable_ds(module, array):
    """Enable Directory Service"""
    try:
        array.enable_directory_service()
        changed = True
    except Exception as e:
        module.fail_json(msg='Enable Directory Service failed: Check configuration: %s' % to_native(e))
    module.exit_json(changed=changed)

One thing I'm not sure about is how we tell if array.enable_directory_service() made a change or not. Our users generally define Ansible's idempotence as:

• they describe the state they want in a playbook task
• the module makes the state match what is in the playbook
• the module returns changed=True if something had to be changed to achieve the desired state or changed=False if the state was already as desired.

This code probably does the first two but it's not doing the last one. I'm not sure how to fix it because I don't know what array.enable_directory_service() does. If it returns a specifc exception if the directory_service was already enabled, then we catch that specific exception and set changed=True for that. If it returns a status code telling whether it had to make a change or not, then we can use that to set changed. If neither of those, we would have to query the current state of the toggle first. If the toggle is already enabled, then set changed=False and call module.exit_json(). If the toggle is not yet enabled, call array.enable_directory_service(), set changed=True, and then call module.exit_json().

(Also note, these notes on changes also apply to the other verbs you have in this module: disable_ds, delete_ds, and create_ds)

[sdodsley]

This is all checked for in the main() function. It can't get into these functions if the DS isn't already in the correct state for these functions to operate on.