stackhpc · m-bull · Dec 5, 2022 · Dec 5, 2022
@@ -1,24 +1,45 @@
 ---
 
-- name: Get group list
+- name: Get information for each group
   uri:
-    url: "{{ pulp_group_url }}"
+    url: "{{ pulp_group_url }}?name={{ item.name }}"
     user: "{{ pulp_username }}"
     password: "{{ pulp_password }}"
     method: GET
     status_code: 200
     force_basic_auth: true
-  register: groups_list_result
+  loop: "{{ pulp_groups }}"
+  register: groups_get_result
+
+- name: Reset groups facts
+  set_fact:
+    remove_groups: []
+    create_groups: []
+
+- name: Set groups to remove fact
+  set_fact:
+    remove_groups: "{{ remove_groups + [group.json.results[0]] }}"
+  loop: "{{ groups_get_result.results }}"
+  loop_control:
+    loop_var: "group"
+    label: "{{ group.item.name }}"
+  when:
+   - group.json.count == 1
+   - group.item.state is defined
+   - group.item.state == "absent"
 
-- name: Set fact remove_groups
+- name: Set groups to create fact
   set_fact:
-    remove_groups: "{{ (remove_groups | default([])) + [item.name] }}"
-  when: item.state is defined and item.state == 'absent'
-  with_items: "{{ pulp_groups }}"
+    create_groups: "{{ create_groups + [group.item] }}"
+  loop: "{{ groups_get_result.results }}"
+  loop_control:
+    loop_var: "group"
+    label: "{{ group.item.name }}"
+  when:
+   - group.json.count == 0
+   - group.item.state is not defined or group.item.state != "absent"
 
 - name: Create groups
-  vars:
-    groupnames: "{{ groups_list_result.json.results | map(attribute='name') | list }}"
   uri:
     url: "{{ pulp_group_url }}"
     user: "{{ pulp_username }}"
@@ -29,32 +50,21 @@
     body:
       name: "{{ item.name }}"
     body_format: form-urlencoded
-  loop: "{{ pulp_groups }}"
-  register: result
-  when:
-    - item.name not in groupnames
-    - item.state is not defined or item.state != 'absent'
-  changed_when: result.status == 201
-
-- name: Initialise hrefs
-  set_fact:
-    hrefs: []
-
-- name: Set fact hrefs
-  set_fact:
-    hrefs: "{{ (hrefs | default([])) + [item.pulp_href] }}"
-  when: item.name in (remove_groups | default([]))
-  with_items: "{{ groups_list_result.json.results }}"
+  loop: "{{ create_groups }}"
+  loop_control:
+    label: "{{ item.name }}"
+  changed_when: true
 
 - name: Remove groups
   uri:
-    url: "{{ pulp_url }}{{ item }}"
+    url: "{{ pulp_url }}{{ item.pulp_href }}"
     user: "{{ pulp_username }}"
     password: "{{ pulp_password }}"
     force_basic_auth: true
     method: DELETE
     status_code: 204
     body_format: form-urlencoded
-  loop: "{{ hrefs }}"
-  register: result
-  changed_when: result.status == 204
+  loop: "{{ remove_groups }}"
+  loop_control:
+    label: "{{ item.name }}"
+  changed_when: true
@@ -1,24 +1,56 @@
 ---
-
-- name: Get user list
+- name: Get information for each user
   uri:
-    url: "{{ pulp_user_url }}"
+    url: "{{ pulp_user_url }}?username={{ item.username }}"
     user: "{{ pulp_username }}"
     password: "{{ pulp_password }}"
     method: GET
     status_code: 200
     force_basic_auth: true
-  register: users_list_result
+  loop: "{{ pulp_users }}"
+  register: users_get_result
+
+- name: Reset users facts
+  set_fact:
+    remove_users: []
+    create_users: []
+    update_users: []
+
+- name: Set users to delete fact
+  set_fact:
+    remove_users: "{{ remove_users + [user.json.results[0]] }}"
+  loop: "{{ users_get_result.results }}"
+  loop_control:
+    loop_var: "user"
+    label: "{{ user.item.username }}"
+  when:
+    - user.json.count == 1
+    - user.item.state is defined
+    - user.item.state == "absent"
 
-- name: Set fact remove_users
+- name: Set users to create fact
   set_fact:
-    remove_users: "{{ (remove_users | default([])) + [item.username] }}"
-  when: item.state is defined and item.state == 'absent'
-  with_items: "{{ pulp_users }}"
+    create_users: "{{ create_users + [user.item] }}"
+  loop: "{{ users_get_result.results }}"
+  loop_control:
+    loop_var: "user"
+    label: "{{ user.item.username }}"
+  when:
+   - user.json.count == 0
+   - user.item.state is not defined or user.item.state != "absent"
+
+- name: Set users to update fact
+  set_fact:
+    update_users: "{{ update_users + [user.json.results[0] | combine(user.item) | combine({'existing_groups': user.json.results[0]['groups']}) ] }}"
+  loop: "{{ users_get_result.results }}"
+  loop_control:
+    loop_var: "user"
+    label: "{{ user.item.username }}"
+  when:
+   - user.json.count == 1
+   - user.item.state is not defined or user.item.state != "absent"
 
 - name: Create users
-  vars:
-    usernames: "{{ users_list_result.json.results | map(attribute='username') | list }}"
   uri:
     url: "{{ pulp_user_url }}"
     user: "{{ pulp_username }}"
@@ -35,21 +67,14 @@
       is_staff: "{{ item.is_staff | default(None) }}"
       is_active: "{{ item.is_active | default(None) }}"
     body_format: form-urlencoded
-  loop: "{{ pulp_users }}"
+  loop: "{{ create_users }}"
   loop_control:
     label: "{{ item.username }}"
-  register: result
-  when:
-    - item.username not in usernames
-    - item.state is not defined or item.state != 'absent'
-  changed_when: result.status == 201
+  changed_when: true
 
 - name: Update existing users
-  vars:
-    usernames: "{{ users_list_result.json.results | map(attribute='username') | list }}"
-    url_query: "[?username=='{{ item.username }}'].pulp_href"
   uri:
-    url: "{{ pulp_url }}{{ users_list_result.json.results | json_query(url_query) | first }}"
+    url: "{{ pulp_url }}{{ item.pulp_href }}"
     user: "{{ pulp_username }}"
     password: "{{ pulp_password }}"
     force_basic_auth: true
@@ -63,46 +88,30 @@
       is_staff: "{{ item.is_staff | default(None) }}"
       is_active: "{{ item.is_active | default(None) }}"
     body_format: form-urlencoded
-  loop: "{{ pulp_users }}"
+  loop: "{{ update_users }}"
   loop_control:
     label: "{{ item.username }}"
   register: result
-  when:
-    - item.username in usernames
-    - item.state is not defined or item.state != 'absent'
-  changed_when:
-  # The pulp API currently does not report when a change is made, so we must
-  # manually check
-    - result.json not in users_list_result.json.results
-    - result.status == 200
+  changed_when: true
 
 - name: Add or remove user from group(s)
   include_tasks: user_groups/add_or_remove_users.yml
-  # Noop if pulp_users is defined but empty
-  loop: "{{ pulp_users }}"
-  when: item.state is not defined or item.state != 'absent'
+  # All users that aren't state: absent are in play here
+  loop: "{{ create_users + update_users }}"
   loop_control:
     loop_var: user
-
-- name: Initialise hrefs
-  set_fact:
-    hrefs: []
-
-- name: Set fact hrefs
-  set_fact:
-    hrefs: "{{ (hrefs | default([])) + [item.pulp_href] }}"
-  when: item.username in (remove_users | default([]))
-  with_items: "{{ users_list_result.json.results }}"
+    label: "{{ user.username }}"
 
 - name: Delete users
   uri:
-    url: "{{ pulp_url }}{{ item }}"
+    url: "{{ pulp_url }}{{ item.pulp_href }}"
     user: "{{ pulp_username }}"
     password: "{{ pulp_password }}"
     force_basic_auth: true
     method: DELETE
     status_code: 204
     body_format: form-urlencoded
-  loop: "{{ hrefs }}"
-  register: result
-  changed_when: result.status == 204
+  loop: "{{ remove_users }}"
+  loop_control:
+    label: "{{ item.username }}"
+  changed_when: true
@@ -1,27 +1,14 @@
 ---
 
-- name: Get all groups that user belongs to
-  uri:
-    url: "{{ pulp_user_url }}?username={{ user.username }}"
-    user: "{{ pulp_username }}"
-    password: "{{ pulp_password }}"
-    method: GET
-    status_code: 200
-    force_basic_auth: true
-  register: user_group_result
-
-- name: Set current_group_membership fact
-  set_fact:
-    current_group_membership: "{{ user_group_result | json_query('json.results[*].groups') | flatten | map(attribute='name') | list }}"
-
 - name: Remove user from groups not defined in pulp_users
   include_tasks: remove_user_from_groups.yml
-  loop: "{{ current_group_membership | difference(user.groups | default([], true)) }}"
+  loop: "{{ user.existing_groups | map(attribute='name') | difference(user.groups | default([], true)) }}"
   loop_control:
     loop_var: remove_group
+  when: user.existing_groups is defined
 
 - name: Add user to groups defined in pulp_users
   include_tasks: add_user_to_groups.yml
-  loop: "{{ user.groups | default([], true) | difference(current_group_membership) }}"
+  loop: "{{ user.groups | default([], true) | difference(user.existing_groups | default([]) | map(attribute='name') ) }}"
   loop_control:
     loop_var: add_group
@@ -1,51 +1,11 @@
 ---
 # These user/group combinations definitely DO exist on pulp server
 
-- name: Get group href from Pulp API
-  uri:
-    url: "{{ pulp_add_group_user_url }}?name={{ remove_group }}"
-    user: "{{ pulp_username }}"
-    password: "{{ pulp_password }}"
-    method: GET
-    status_code: 200
-    force_basic_auth: true
-  register: group_href_result
-
-# We should only return a single group here because we've just queried
-# from pulp API
-- name: Fail when group cannot be unambiguosly returned from Pulp API
-  fail:
-    msg: >
-      "Pulp API query: GET '{{ group_href_result.url }}' did not return
-      exactly one group. Groupname '{{ remove_group }}' was found
-      '{{ group_href_result.json.count }}' times.
-      Groupnames should be unique and exist before associating users
-      with them"
-  when: group_href_result.json.count != 1
-
-- name: Get user id from Pulp API
-  uri:
-    url: "{{ pulp_user_url }}?username={{ user.username }}"
-    user: "{{ pulp_username }}"
-    password: "{{ pulp_password }}"
-    method: GET
-    status_code: 200
-    force_basic_auth: true
-  register: user_list_result
-
-- name: Fail when user id cannot be unambiguosly returned from Pulp API
-  fail:
-    msg: >
-     "Pulp API query: GET '{{ user_list_result.url }}' did not return
-     exactly one user id. User '{{ user.username }}' was found
-     '{{ user_list_result.json.count }}' times."
-  when: user_list_result.json.count != 1
-
 # Will fail before we get here if the group/user doesn't exist
 - name: Remove user from group
   # DELETE {{ pulp_url }}/pulp/api/v3/groups/880/users/11/
   uri:
-    url: "{{ pulp_url }}{{ group_href_result.json.results[0].pulp_href }}users/{{ user_list_result.json.results[0].id }}/"
+    url: "{{ pulp_url }}{{ user_group.pulp_href }}users/{{ user.id }}/"
     user: "{{ pulp_username }}"
     password: "{{ pulp_password }}"
     method: DELETE
@@ -54,3 +14,7 @@
     force_basic_auth: true
   # If we get here, we're always changing something
   changed_when: true
+  loop: "{{ user.existing_groups | selectattr('name', 'equalto', remove_group) }}"
+  loop_control:
+    loop_var: user_group
+    label: "{{ user.username }} {{ user_group.name }}"