system-config/playbooks/library/cloud_user_group_assignment.py

#!/usr/bin/python
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

DOCUMENTATION = '''
module: cloud_user_group_assignment
extends_documentation_fragment: opentelekomcloud.cloud.otc
description:
  - Batch user group assignment
options:
  group:
    description: Group name
    type: str
    required: true
  users:
    description: List of user names
    type: list
    elements: str
  state:
    description: Assignment state
    type: str
    choice: [present, absent]
    default: present
'''

RETURN = '''
'''

EXAMPLES = '''
'''

import itertools

from ansible_collections.opentelekomcloud.cloud.plugins.module_utils.otc import OTCModule


class CloudUserGroupAssignmentModule(OTCModule):
    argument_spec = dict(
        group=dict(required=True, type='str'),
        users=dict(required=True, type='list', elements='str'),
        state=dict(type=str, choice=['present', 'absent'], default='present')
    )

    module_kwargs = dict(
        supports_check_mode=True
    )

    def run(self):
        group = self.conn.identity.find_group(name_or_id=self.params['group'])
        changed = False

        for user in self.params['users']:
            usr = self.conn.identity.find_user(
                name_or_id=user
            )
            is_in = self.conn.is_user_in_group(usr.id, group)
            if self.params['state'] == 'present':
                if not is_in:
                    changed=True
                    if not self.ansible.check_mode:
                        self.conn.add_user_to_group(usr.id, group.id)
            else:
                if is_in:
                    changed=True
                    if not self.ansible.check_mode:
                        self.conn.remove_user_from_group(usr.id, group.id)

        self.exit_json(
            changed=changed
        )


def main():
    module = CloudUserGroupAssignmentModule()
    module()


if __name__ == '__main__':
    main()