forked from cloudera-labs/cloudera.cloud
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathml_workspace_access.py
191 lines (169 loc) · 5.58 KB
/
ml_workspace_access.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Copyright 2021 Cloudera, Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from ansible.module_utils.basic import AnsibleModule
from ..module_utils.cdp_common import CdpModule
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = r'''
---
module: ml_workspace_access
short_description: Grant and revoke user access to CDP Machine Learning Workspaces
description:
- Grant and revoke user access to CDP Machine Learning Workspaces
author:
- "Webster Mudge (@wmudge)"
requirements:
- cdpy
options:
name:
description:
- The name of the ML Workspace
type: str
required: True
aliases:
- workspace
environment:
description:
- The name of the Environment for the ML Workspace
type: str
required: True
aliases:
- env
user:
description:
- The cloud provider identifier for the user.
- For C(AWS), this is the User ARN.
type: str
required: True
aliases:
- identifier
state:
description:
- The declarative state of the access to the ML Workspace
type: str
required: False
default: present
choices:
- present
- absent
extends_documentation_fragment:
- cloudera.cloud.cdp_sdk_options
- cloudera.cloud.cdp_auth_options
'''
EXAMPLES = r'''
# Note: These examples do not set authentication details.
# Grant access for user (and register the output to capture the kubeconfig)
- cloudera.cloud.ml_workspace_access:
name: ml-example
env: cdp-env
user: some-cloud-provider-specific-id
register: access_output
# Revoke access for user
- cloudera.cloud.ml_workspace_acces:
name: ml-k8s-example
env: cdp-env
user: some-cloud-provider-specific-id
state: absent
'''
RETURN = r'''
---
workspace:
description: The information about the user's access to the ML Workspace
type: dict
returned: on success
contains:
kubeconfig:
description: The kubeconfig file as a string
returned: always
type: str
sdk_out:
description: Returns the captured CDP SDK log.
returned: when supported
type: str
sdk_out_lines:
description: Returns a list of each line of the captured CDP SDK log.
returned: when supported
type: list
elements: str
'''
class MLWorkspaceAccess(CdpModule):
def __init__(self, module):
super().__init__(module)
# Set variables
self.name = self._get_param('name')
self.env = self._get_param('environment')
self.user = self._get_param('user')
self.state = self._get_param('state')
# Initialize return values
self.access = {}
# Execute logic process
self.process()
@CdpModule._Decorators.process_debug
def process(self):
existing = self.cdpy.ml.list_workspace_access(
name=self.name, env=self.env)
# If the access exists
if self.user in existing:
# Revoke
if self.state == 'absent':
if not self.module.check_mode:
self.changed = True
self.cdpy.ml.revoke_workspace_access(
name=self.name, env=self.env, identifier=self.user
)
# Reinstate to get the kubeconfig
else:
self.module.warn(
"Refreshing access for user %s in ML Workspace, %s" % (self.user, self.name))
if not self.module.check_mode:
self.changed = True
self.cdpy.ml.revoke_workspace_access(
name=self.name, env=self.env, identifier=self.user
)
self.access = self.cdpy.ml.grant_workspace_access(
name=self.name, env=self.env, identifier=self.user
)
# Else the access does not exist
else:
if self.state == 'absent':
self.module.log(
"User %s absent in ML Workspace %s" % (self.user, self.name))
# Grant
else:
if not self.module.check_mode:
self.changed = True
self.access = self.cdpy.ml.grant_workspace_access(
name=self.name, env=self.env, identifier=self.user
)
def main():
module = AnsibleModule(
argument_spec=CdpModule.argument_spec(
name=dict(required=True, type='str', aliases=['workspace']),
environment=dict(required=True, type='str', aliases=['env']),
user=dict(required=True, type='str', aliases=['identifier']),
state=dict(required=False, type='str', choices=[
'present', 'absent'], default='present')
),
supports_check_mode=True
)
result = MLWorkspaceAccess(module)
output = dict(changed=result.changed, workspace=result.access)
if result.debug:
output.update(sdk_out=result.log_out, sdk_out_lines=result.log_lines)
module.exit_json(**output)
if __name__ == '__main__':
main()