Source code for saltext.vmware.states.nsxt_compute_manager

"""
State module for NSX-T compute manager registration and de-registration
"""
import logging

log = logging.getLogger(__name__)

try:
    from saltext.vmware.modules import nsxt_compute_manager

    HAS_NSXT_COMPUTE_MANAGER = True
except ImportError:
    HAS_NSXT_COMPUTE_MANAGER = False


def __virtual__():
    if not HAS_NSXT_COMPUTE_MANAGER:
        return False, "'nsxt_compute_manager' binary not found on system"
    return "nsxt_compute_manager"


def _needs_update(
    existing_compute_manager, thumbprint, server_origin_type, **compute_manager_params
):
    if thumbprint and thumbprint != existing_compute_manager["credential"]["thumbprint"]:
        return True
    if server_origin_type and server_origin_type != existing_compute_manager["origin_type"]:
        return True

    optional_params = ("display_name", "description", "set_as_oidc_provider")
    for param in optional_params:
        param_val = compute_manager_params.get(param)
        if param_val and existing_compute_manager[param] != param_val:
            return True
    return False


[docs]def present( name, hostname, username, password, compute_manager_server, credential, server_origin_type="vCenter", verify_ssl=True, cert=None, cert_common_name=None, display_name=None, description=None, set_as_oidc_provider=None, ): """ Registers compute manager in NSX-T Manager or updates the registration CLI Example: .. code-block:: bash salt vm_minion nsxt_compute_manager.present hostname=nsxt-manager.local username=admin ... .. code-block:: yaml register_compute_manager: nsxt_compute_manager.present: - name: Registration hostname: {{ pillar['nsxt_manager_hostname'] }} username: {{ pillar['nsxt_manager_username'] }} password: {{ pillar['nsxt_manager_password'] }} cert: {{ pillar['nsxt_manager_certificate'] }} verify_ssl: <False/True> compute_manager_server: <compute manager IP address or FQDN> server_origin_type: <compute manager origin type> credential: credential_type: UsernamePasswordLoginCredential username: {{ pillar['compute manager username'] }} password: {{ pillar['compute manager password'] }} thumbprint: {{ pillar['compute manager thumbprint'] }} display_name: <compute manager name> description: <compute manager description> set_as_oidc_provider: <False/True> name name of the operation to perform hostname The host name of NSX-T manager username Username to connect to NSX-T manager password Password to connect to NSX-T manager compute_manager_server Compute manager server IP address or FQDN credential An object which contains credential details to validate compute manager Sample usage in sls file: .. code:: credential: credential_type: "UsernamePasswordLoginCredential" username: "user" password: "pass" thumbprint: "36:XX:XX:XX:XX:XX:XX66" credential_type Type of credential provided. For now only UsernamePasswordLoginCredential is supported. username Username of the compute manager password Password of the compute manager thumbprint Thumbprint of the compute manager server_origin_type (Optional) Server origin type of the compute manager. Default is vCenter display_name (Optional) Display name of the compute manager description (Optional) description for the compute manager set_as_oidc_provider (Optional) Specifies whether compute manager has been set as OIDC provider. Default is false. If the compute manager is VC and need to set set as OIDC provider for NSX then this flag should be set as true. verify_ssl (Optional) Option to enable/disable SSL verification. Enabled by default. If set to False, the certificate validation is skipped. cert (Optional) Path to the SSL certificate file to connect to NSX-T manager. The certificate can be retrieved from browser. cert_common_name (Optional) By default, the hostname parameter and the common name in certificate is compared for host name verification. If the client certificate common name and hostname do not match (in case of self-signed certificates), specify the certificate common name as part of this parameter. This value is then used to compare against certificate common name. For more information, see `VMware API docs for NSX-T <https://code.vmware.com/apis/1163/nsx-t>`_ """ ret = {"name": name, "result": True, "comment": "", "changes": {}} compute_managers_result = __salt__["nsxt_compute_manager.get"]( hostname=hostname, username=username, password=password, verify_ssl=verify_ssl, cert=cert, cert_common_name=cert_common_name, server=compute_manager_server, ) if "error" in compute_managers_result: ret["result"] = False ret["comment"] = "Failed to get compute managers from NSX-T Manager : {}".format( compute_managers_result["error"] ) return ret if compute_managers_result["result_count"] > 1: ret["result"] = False ret["comment"] = "Found multiple results for the provided compute manager in NSX-T" return ret else: existing_compute_manager = ( compute_managers_result["results"][0] if compute_managers_result["result_count"] == 1 else None ) if __opts__["test"]: if existing_compute_manager is None: ret["result"] = None ret["comment"] = "Compute manager would be registered to NSX-T Manager" else: ret["result"] = None ret["comment"] = "Compute manager registration would be updated" return ret if isinstance(credential, dict): thumbprint = credential.get("thumbprint", None) else: ret["result"] = False ret[ "comment" ] = "Parameter credential must be of type dictionary. Please refer documentation" return ret if existing_compute_manager is None: log.info("Going to register new compute manager, as no existing compute manager found") result = __salt__["nsxt_compute_manager.register"]( hostname=hostname, username=username, password=password, verify_ssl=verify_ssl, cert=cert, cert_common_name=cert_common_name, compute_manager_server=compute_manager_server, credential=credential, server_origin_type=server_origin_type, display_name=display_name, description=description, set_as_oidc_provider=set_as_oidc_provider, ) if "error" in result: ret["result"] = False ret["comment"] = "Failed to register compute manager with NSX-T Manager : {}".format( result["error"] ) return ret else: ret[ "comment" ] = "Compute manager {compute_manager_server} successfully registered with NSX-T".format( compute_manager_server=compute_manager_server ) ret["changes"]["new"] = result return ret else: log.info("Compute manager already exists. Going to check for updates") is_update_required = _needs_update( existing_compute_manager=existing_compute_manager, thumbprint=thumbprint, server_origin_type=server_origin_type, display_name=display_name, description=description, set_as_oidc_provider=set_as_oidc_provider, ) if is_update_required: result = __salt__["nsxt_compute_manager.update"]( hostname=hostname, username=username, password=password, verify_ssl=verify_ssl, cert=cert, cert_common_name=cert_common_name, compute_manager_server=compute_manager_server, credential=credential, server_origin_type=server_origin_type, display_name=display_name, description=description, set_as_oidc_provider=set_as_oidc_provider, compute_manager_id=existing_compute_manager["id"], compute_manager_revision=existing_compute_manager["_revision"], ) if "error" in result: ret["result"] = False ret[ "comment" ] = "Failed to update existing registration of compute manager with NSX-T Manager : {}".format( result["error"] ) return ret else: ret[ "comment" ] = "Compute manager {compute_manager_server} registration successfully updated with NSX-T".format( compute_manager_server=compute_manager_server ) ret["changes"]["old"] = existing_compute_manager ret["changes"]["new"] = result return ret else: ret["comment"] = ( "Compute manager registration for {compute_manager_server} already exists. " "Nothing to update. Modifiable fields:[display_name, description, set_as_oidc_provider, " "thumbprint, origin_type]".format(compute_manager_server=compute_manager_server) ) return ret
[docs]def absent( name, hostname, username, password, compute_manager_server=None, verify_ssl=True, cert=None, cert_common_name=None, ): """ De-Registers compute manager in NSX-T Manager if present. Requires either compute_manager_server or compute_manager_id to be provided CLI Example: .. code-block:: bash salt vm_minion nsxt_compute_manager.absent hostname=nsxt-manager.local username=admin ... .. code-block:: yaml register_compute_manager: nsxt_compute_manager.absent: - name: Registration hostname: {{ pillar['nsxt_manager_hostname'] }} username: {{ pillar['nsxt_manager_username'] }} password: {{ pillar['nsxt_manager_password'] }} cert: {{ pillar['nsxt_manager_certificate'] }} verify_ssl: <False/True> compute_manager_server: <compute manager IP address or FQDN> name Name of the operation to perform hostname The host name of NSX-T manager username Username to connect to NSX-T manager password Password to connect to NSX-T manager compute_manager_server (Optional) Compute manager server IP address or FQDN verify_ssl (Optional) Option to enable/disable SSL verification. Enabled by default. If set to False, the certificate validation is skipped. cert (Optional) Path to the SSL certificate file to connect to NSX-T manager. The certificate can be retrieved from browser. cert_common_name (Optional) By default, the hostname parameter and the common name in certificate is compared for host name verification. If the client certificate common name and hostname do not match (in case of self-signed certificates), specify the certificate common name as part of this parameter. This value is then used to compare against certificate common name. """ ret = {"name": name, "result": True, "comment": "", "changes": {}} compute_managers_result = __salt__["nsxt_compute_manager.get"]( hostname=hostname, username=username, password=password, verify_ssl=verify_ssl, cert=cert, cert_common_name=cert_common_name, server=compute_manager_server, ) compute_manager_to_delete = None if "error" in compute_managers_result: ret["result"] = False ret["comment"] = "Failed to get compute managers from NSX-T Manager : {}".format( compute_managers_result["error"] ) return ret if compute_managers_result["result_count"] == 1: compute_manager_to_delete = compute_managers_result["results"][0] elif compute_managers_result["result_count"] > 1: ret["result"] = False ret["comment"] = "Found multiple results for the provided compute manager in NSX-T" return ret if __opts__["test"]: if compute_manager_to_delete is not None: ret["result"] = None ret["comment"] = "Compute manager would be removed/de-registered from NSX-T Manager" else: ret["result"] = None ret["comment"] = "Compute manager registration does not exists" return ret if compute_manager_to_delete is None: ret["comment"] = "Compute manager server not present in NSX-T manager" return ret else: result = __salt__["nsxt_compute_manager.remove"]( hostname=hostname, username=username, password=password, compute_manager_id=compute_manager_to_delete["id"], verify_ssl=verify_ssl, cert=cert, ) if "error" in result: ret["result"] = False ret[ "comment" ] = "Failed to remove registration of compute manager with NSX-T Manager : {}".format( result["error"] ) return ret else: ret["comment"] = "Compute manager registration removed successfully from NSX-T manager" ret["changes"]["old"] = compute_manager_to_delete ret["changes"]["new"] = {} return ret