所有, 我为我的 ansible playbook 找到了一个有用的集合(下面的 git repo 链接),它简化了创建 mongo atlas 数据库用户的方式。该集合包含一组 Python 模块,并且仅支持使用密码创建数据库用户名。我一直在尝试做的是稍微更新脚本,以便我可以添加创建用户 AD 身份验证的用户组,因此修改了脚本以将额外的“ldapAuthType”参数添加到 atlas_user.py 模块。
https://github.com/T-Systems-MMS/ansible-collection-mongodb-atlas
但是,当我运行 ansible 任务时,它失败了
fatal: [127.0.0.1]: FAILED! => {"changed": false, "msg": "Unsupported parameters for (user) module: ldapAuthType Supported parameters include: apiPassword, apiUsername, databaseName, groupId, password roles, state, username"}
为了说明,我在 atlas_user.py 模块中也给出了下面的示例 ansible 任务片段 https://github.com/T-Systems-MMS/ansible-collection-mongodb-atlas/blob/master/plugins/modules/atlas_user.py#L93
- name: test user
atlas_user:
apiUsername: "API_user"
apiPassword: "API_passwort_or_token"
groupId: "GROUP_ID"
username: my_app_user
password: SuperSecret!
roles:
- databaseName: private_info
roleName: read
- databaseName: public_info
roleName: readWrite
我要实现的是一个以 ldapAuthType 作为参数的任务,如下所示。对于此身份验证类型,我不需要密码参数,因此已将其排除。
- name: atlas user
atlas_user:
apiUsername: "efewfwefef"
apiPassword: "efwef-wefwefwefwef-ewfwefwefwe-ewe"
groupId: "3241efdva2q4tqvaegq3488888"
databaseName: "admin"
ldapAuthType: "GROUP"
username: "CN=bro-grp,OU=ComDB,OU=Srv accts,OU=Cloud Atlas,DC=Com,DC=net"
roles:
- databaseName: mydb
roleName: readWrite
- databaseName: somedb
roleName: read
我一直在尝试在 atlas_user.py 模块中添加 ldapAuthType 参数,但在运行 ansible 任务时出现上述错误。我是一名 Python 新手,因此不胜感激。
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {
"metadata_version": "0.1",
"status": ["preview"],
"supported_by": "community",
}
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.t_systems_mms.mongodb_atlas.plugins.module_utils.atlas import (
AtlasAPIObject,
)
# ===========================================
# Module execution.
#
def main():
# add our own arguments
argument_spec = dict(
state=dict(default="present", choices=["absent", "present"]),
apiUsername=dict(required=True),
apiPassword=dict(required=True, no_log=True),
groupId=dict(required=True),
databaseName=dict(default="admin", choices=["admin", "$external"]),
==>>> ldapAuthType=dict(default="GROUP", choices=["GROUP","USER"]),
username=dict(required=True),
password=dict(required=False, no_log=True),
roles=dict(
required=True,
type="list",
options=dict(
databaseName=dict(required=True), roleName=dict(required=True),
),
),
)
# Define the main module
module = AnsibleModule(
argument_spec=argument_spec, supports_check_mode=True
)
data = {
"databaseName": module.params["databaseName"],
==>>> "ldapAuthType": module.params["ldapAuthType"],
"username": module.params["username"],
"password": module.params["password"],
"roles": module.params["roles"],
}
try:
atlas = AtlasAPIObject(
module=module,
path="/databaseUsers",
object_name="username",
groupId=module.params["groupId"],
data=data,
)
except Exception as e:
module.fail_json(
msg="unable to connect to Atlas API. Exception message: %s" % e
)
changed, diff = atlas.update(module.params["state"])
module.exit_json(
changed=changed, data=atlas.data, diff=diff,
)
# import module snippets
if __name__ == "__main__":
main()
答案 0 :(得分:0)
安装 ansible 星系集合时,它们默认“安装”在您的 ~/.ansible/collections 目录下。因此,如果对模块进行任何更改,最好在该目录下进行。我建议阅读以下有关安装集合的内容