Skip to content

Commit

Permalink
Crypto: Added inverted domain config to result; other changes
Browse files Browse the repository at this point in the history 
Details:

* Added the "inverted" crypto config to the result, e.g.:

  "control_domains": [0, 1, 2, 3, ...]
  "usage_domains": [0, 1, 2, 3, ...]

* Renamed the "domains" key in the result to "domain_config".

* Changed the "adapters" key in the result to be a dict of adapter
  names / adapter properties.

* Now, an empty crypto config still produces the (empty) keys in the
  result, instead of omitting them.

Signed-off-by: Andreas Maier <maiera@de.ibm.com>
  • Loading branch information
@andy-maier
andy-maier committed Nov 8, 2018
1 parent 0dec50e commit 60b4384
Show file tree
Hide file tree
Showing 2 changed files with 96 additions and 49 deletions.
36 changes: 16 additions & 20 deletions docs/gen/zhmc_crypto_attachment_module.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,8 @@ Synopsis
--------

* Gathers facts about the attachment of crypto adapters and domains to a partition.
* Attaches crypto domains and crypto adapters to a partition.
* Attaches a range of crypto domains and a number of crypto adapters to a partition.
* Detaches all crypto domains and all crypto adapters from a partition.


Requirements (on host that executes module)
Expand Down Expand Up @@ -47,7 +48,7 @@ Options
<td>usage</td>
<td><ul><li>usage</li><li>control</li></ul></td>
<td>
<div>Only for <code>state=attach</code>: The access mode in which the crypto domains need to be attached.</div>
<div>Only for <code>state=attach</code>: The access mode in which the crypto domains specified in <code>domain_range</code> need to be attached.</div>
</td>
</tr>

Expand Down Expand Up @@ -87,7 +88,7 @@ Options
<td>(0, -1)</td>
<td></td>
<td>
<div>Only for <code>state=attach</code>: The domain range the partition needs to have attached, as a tuple of integers (min, max) that specify the inclusive range of domain index numbers. The special value -1 for the max item means the maximum supported domain index number.</div>
<div>Only for <code>state=attach</code>: The domain range the partition needs to have attached, as a tuple of integers (min, max) that specify the inclusive range of domain index numbers. Other domains attached to the partition remain unchanged. The special value -1 for the max item means the maximum supported domain index number.</div>
</td>
</tr>

Expand All @@ -101,16 +102,6 @@ Options
</td>
</tr>

<tr>
<td>force<br/><div style="font-size: small;"></div></td>
<td>no</td>
<td></td>
<td></td>
<td>
<div>Only for <code>state=attach</code>: Boolean controlling force mode. In force mode, the attaching of domains will change their access mode, if needed. In non-force mode, a change of access mode will be rejected.</div>
</td>
</tr>

<tr>
<td rowspan="2">hmc_auth<br/><div style="font-size: small;"></div></td>
<td>yes</td>
Expand Down Expand Up @@ -197,7 +188,7 @@ Options
<td><ul><li>attached</li><li>detached</li><li>facts</li></ul></td>
<td>
<div>The desired state for the attachment:</div>
<div>* <code>attached</code>: Ensures that the specified number of crypto adapters and the specified range of domain index numbers in the specified access mode are attached to the partition.</div>
<div>* <code>attached</code>: Ensures that the specified number of crypto adapters of the specified crypto type, and the specified range of domain index numbers in the specified access mode are attached to the partition.</div>
<div>* <code>detached</code>: Ensures that no crypto adapter and no crypto domains are attached to the partition.</div>
<div>* <code>facts</code>: Does not change anything on the attachment and returns the crypto configuration of the partition.</div>
</td>
Expand Down Expand Up @@ -233,7 +224,6 @@ Examples
cpc_name: "{{ my_cpc_name }}"
partition_name: "{{ my_first_partition_name }}"
state: attached
force: true
crypto_type: ep11
adapter_count: -1
domain_range: 0,0
Expand All @@ -246,7 +236,6 @@ Examples
cpc_name: "{{ my_cpc_name }}"
partition_name: "{{ my_first_partition_name }}"
state: attached
force: true
crypto_type: ep11
adapter_count: -1
domain_range: 1,-1
Expand Down Expand Up @@ -285,18 +274,25 @@ Common return values are documented here :doc:`common_return_values`, the follow
<tr>
<td>crypto_configuration</td>
<td>
<div>For <code>state=detached|attached|facts</code>, a dictionary with the crypto configuration of the partition after the changes applied by the module. Key is the partition name, and value is a dictionary with key 'adapters' which is a list of adapter names, and key 'domains' which is a dictionary of domain: access mode.</div>
<div>For <code>state=detached|attached|facts</code>, a dictionary with the crypto configuration of the partition after the changes applied by the module. Key is the partition name, and value is a dictionary with keys: - 'adapters': attached adapters, as a dict of key: adapter name, value: dict of adapter properties; - 'domain_config': attached domains, as a dict of key: domain index, value: access mode ('control' or 'usage'); - 'usage_domains': domains attached in usage mode, as a list of domain index numbers; - 'control_domains': domains attached in control mode, as a list of domain index numbers.</div>
</td>
<td align=center>success</td>
<td align=center>dict</td>
<td align=center><code>{
"part-1": {
"adapters": ["adapter 1", "adapter 2"],
"domains": {
"adapters": {
"adapter 1": {
"type": "crypto",
...
}
},
"domain_config": {
"0": "usage",
"1": "control",
...
"2": "control"
}
"usage_domains": [0],
"control_domains": [1, 2]
}
}</code>
</td>
Expand Down
109 changes: 80 additions & 29 deletions zhmc_ansible_modules/zhmc_crypto_attachment.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,9 @@
description:
- Gathers facts about the attachment of crypto adapters and domains to a
partition.
- Attaches crypto domains and crypto adapters to a partition.
- Attaches a range of crypto domains and a number of crypto adapters to a
partition.
- Detaches all crypto domains and all crypto adapters from a partition.
notes:
- The CPC of the target partition must be in the
Dynamic Partition Manager (DPM) operational mode.
Expand Down Expand Up @@ -107,14 +109,15 @@
- "Only for C(state=attach): The domain range the partition needs to have
attached, as a tuple of integers (min, max) that specify the inclusive
range of domain index numbers.
Other domains attached to the partition remain unchanged.
The special value -1 for the max item means the maximum supported
domain index number."
required: false
default: (0, -1)
access_mode:
description:
- "Only for C(state=attach): The access mode in which the crypto domains
need to be attached."
specified in C(domain_range) need to be attached."
required: false
default: 'usage'
choices: ['usage', 'control']
Expand Down Expand Up @@ -197,19 +200,33 @@
- "For C(state=detached|attached|facts), a
dictionary with the crypto configuration of the partition after the
changes applied by the module. Key is the partition name, and value
is a dictionary with key 'adapters' which is a list of adapter names,
and key 'domains' which is a dictionary of domain: access mode."
is a dictionary with keys:
- 'adapters': attached adapters, as a dict of key: adapter name, value:
dict of adapter properties;
- 'domain_config': attached domains, as a dict of key: domain index,
value: access mode ('control' or 'usage');
- 'usage_domains': domains attached in usage mode, as a list of domain
index numbers;
- 'control_domains': domains attached in control mode, as a list of
domain index numbers."
returned: success
type: dict
sample: |
C({
"part-1": {
"adapters": ["adapter 1", "adapter 2"],
"domains": {
"adapters": {
"adapter 1": {
"type": "crypto",
...
}
},
"domain_config": {
"0": "usage",
"1": "control",
...
"2": "control"
}
"usage_domains": [0],
"control_domains": [1, 2]
}
})
changes:
Expand Down Expand Up @@ -272,25 +289,49 @@ def log(log_file, msg):


def get_partition_config(partition, all_adapters):
result = dict()
result[partition.name] = dict()
partition_result = result[partition.name]
partition.pull_full_properties()
"""
Return the result of the module by inspecting the current crypto
config. Used for all 'state' parameter values.
Parameters:
partition: Partition object for target partition
all_adapters: Dict of Adapter objects for all crypto adapters in the CPC
"""

# result items
adapters = dict() # adapter name: adapter properties
domain_config = dict() # domain index: access mode
usage_domains = list() # domains attached in usage mode
control_domains = list() # domains attached in control mode

partition.pull_full_properties() # Make sure it contains the changes
partition_config = partition.get_property('crypto-configuration')
if partition_config:
adapter_uris = partition_config['crypto-adapter-uris']
adapter_names = []
for a_uri in all_adapters:
a = all_adapters[a_uri]
if a.uri in adapter_uris:
adapter_names.append(a.name)
domains_dict = dict() # domain_index: access_mode
adapters[a.name] = a.properties
for dc in partition_config['crypto-domain-configurations']:
di = int(dc['domain-index'])
am = ACCESS_MODES_HMC2MOD[dc['access-mode']]
domains_dict[di] = am
partition_result['adapters'] = adapter_names
partition_result['domains'] = domains_dict
domain_config[di] = am
if am == 'control':
control_domains.append(di)
else:
assert am == 'usage', \
"am={}".format(am)
usage_domains.append(di)

result = dict()
result[partition.name] = dict()
partition_result = result[partition.name]
partition_result['adapters'] = adapters
partition_result['domain_config'] = domain_config
partition_result['usage_domains'] = usage_domains
partition_result['control_domains'] = control_domains
return result


Expand Down Expand Up @@ -318,7 +359,8 @@ def ensure_attached(params, check_mode):
faked_session = params.get('faked_session', None) # No default specified

try:
assert len(domain_range) == 2
assert len(domain_range) == 2, \
"len(domain_range)={}".format(len(domain_range))
domain_range_lo = int(domain_range[0])
domain_range_hi = int(domain_range[1])
except (ValueError, AssertionError):
Expand All @@ -345,7 +387,8 @@ def ensure_attached(params, check_mode):
'adapter-family': 'crypto',
'crypto-type': hmc_crypto_type,
}
all_adapters = cpc.adapters.list(filter_args=filter_args)
all_adapters = cpc.adapters.list(filter_args=filter_args,
full_properties=True)
if not all_adapters:
raise Error("No crypto adapters of type {!r} found on CPC {!r} ".
format(crypto_type, cpc_name))
Expand Down Expand Up @@ -522,7 +565,9 @@ def ensure_attached(params, check_mode):
result_changes['added-adapters'] = []
result_changes['added-domains'] = []
missing_count = adapter_count - len(attached_adapters)
assert missing_count <= len(detached_adapters)
assert missing_count <= len(detached_adapters), \
"missing_count={}, len(detached_adapters)={}".\
format(missing_count, len(detached_adapters))
if missing_count <= 0 and add_domain_config:
# Adapters already sufficient, but domains to be attached

Expand All @@ -545,11 +590,6 @@ def ensure_attached(params, check_mode):
conflicting_domains = dict()
if adapter.uri in all_crypto_config:
domains_dict = all_crypto_config[adapter.uri]
# log(log_file,
# "Debug: Checking adapter {!r} for availability of "
# "domains {!r}. Currently attached domains of that "
# "adapter: {!r}".
# format(adapter.name, new_domains, domains_dict))
for di in new_domains:
if di in domains_dict:
# The domain is already attached to some partition
Expand All @@ -559,7 +599,8 @@ def ensure_attached(params, check_mode):
# An attachment in control mode does not
# prevent additional attachments
continue
if p_uri == partition.uri and am == hmc_access_mode:
if p_uri == partition.uri and \
am == hmc_access_mode:
# This is our target partition, and the domain
# is already attached in the desired mode.
continue
Expand Down Expand Up @@ -602,6 +643,10 @@ def ensure_attached(params, check_mode):
format(missing_count))

if not check_mode:
# This is not optimal because it does not produce a result
# in check mode, but because the actual config is determined,
# instead of the artificially calculated one, it seems better
# to return no config than the unchanged actual config.
result.update(get_partition_config(partition, all_adapters))

return changed, result, result_changes
Expand All @@ -612,7 +657,7 @@ def ensure_attached(params, check_mode):

def ensure_detached(params, check_mode):
"""
Ensure that the partition has no adapters or domains attached.
Ensure that the target partition has no adapters and no domains attached.
Raises:
ParameterError: An issue with the module parameters.
Expand Down Expand Up @@ -643,7 +688,8 @@ def ensure_detached(params, check_mode):
filter_args = {
'adapter-family': 'crypto',
}
all_adapters = cpc.adapters.list(filter_args=filter_args)
all_adapters = cpc.adapters.list(filter_args=filter_args,
full_properties=True)

# Convert the adapter list into a dict:
# key: adapter URI
Expand Down Expand Up @@ -690,6 +736,10 @@ def ensure_detached(params, check_mode):
result_changes['removed-domains'] = remove_domains

if not check_mode:
# This is not optimal because it does not produce a result
# in check mode, but because the actual config is determined,
# instead of the artificially calculated one, it seems better
# to return no config than the unchanged actual config.
result.update(get_partition_config(partition, all_adapters))

return changed, result, result_changes
Expand Down Expand Up @@ -725,7 +775,8 @@ def facts(params, check_mode):
filter_args = {
'adapter-family': 'crypto',
}
all_adapters = cpc.adapters.list(filter_args=filter_args)
all_adapters = cpc.adapters.list(filter_args=filter_args,
full_properties=True)

# Convert the adapter list into a dict:
# key: adapter URI
Expand Down

0 comments on commit 60b4384

Please sign in to comment.