New roles: hierarchy structured

New roles with hierarchy structure is introduced. The roles partially rely on each other

aac/configure_api_protection_clients/defaults/main.yml

@@ -0,0 +1,5 @@
+# Default variables for add or update of api protection clients
+api_protection: []
+
+# variables to control whether to configure one client at a time or everything from the configurations
+client_name: "{{ item.1.name }}"

aac/configure_api_protection_clients/meta/main.yml

@@ -0,0 +1,17 @@
+galaxy_info:
+  author: IBM
+  description: Role to add or update api protection clients
+  company: IBM
+
+  license: Apache
+
+  min_ansible_version: 2.2
+
+  galaxy_tags:
+  - isam
+  - ibm
+  - create
+  - api_protection_clients
+
+dependencies:
+  - start_config

aac/configure_api_protection_clients/tasks/main.yml

@@ -0,0 +1,40 @@
+# main task to add or update api protection definition
+#   Example:
+#     api_protection:
+#       definitions:
+#         - name: oauth-provider
+#           description: API protection for Signal Iduna OAuth service provider
+#           grantTypes:
+#             - AUTHORIZATION_CODE
+#           tcmBehavior: NEVER_PROMPT
+#           clients: 
+#             - name: TestApp
+#               companyName: IBM demo client for OAuth flows
+#               redirectUri: 
+#                 - https://localhost
+#               contractType: ADMINISTRATIVE
+#               definitionName: oauth-provider
+---
+- name: Configure api protection client
+  isam:
+    appliance: "{{ inventory_hostname }}"
+    adminProxyProtocol: "{{ adminProxyProtocol | default(omit) }}"
+    adminProxyHostname: "{{ adminProxyHostname | default(omit) }}"
+    adminProxyPort: "{{ adminProxyPort | default(omit) }}"
+    adminProxyApplianceShortName: "{{ adminProxyApplianceShortName | default(omit) }}"
+    omitAdminProxy: "{{ omitAdminProxy | default(omit) }}"
+    username:  "{{ username }}"
+    password:  "{{ password }}"
+    lmi_port:  "{{ port | default(omit) }}"
+    log:       "{{ log_level | default(omit) }}"
+    force:     "{{ force | default(omit) }}"
+    action: ibmsecurity.isam.aac.api_protection.clients.set
+    isamapi: "{{ item.1 | combine({ 'definitionName': item.0.name }) }}"
+  when: item.1.name == client_name
+  with_subelements: 
+    - "{{ api_protection.definitions | default([])}}"
+    - clients
+    - skip_missing: True
+  loop_control:
+    label: "{ 'definitionName': {{ item.0.name }}, 'client_name': {{ item.1.name }} }"
+  notify: Commit Changes

aac/configure_api_protection_definitions/defaults/main.yml

@@ -0,0 +1,2 @@
+# Default variables for configuration of api protection definitions
+api_protection: []

aac/configure_api_protection_definitions/meta/main.yml

@@ -0,0 +1,17 @@
+galaxy_info:
+  author: IBM
+  description: Role to create api protection definition
+  company: IBM
+
+  license: Apache
+
+  min_ansible_version: 2.2
+
+  galaxy_tags:
+  - isam
+  - ibm
+  - create
+  - api_protection_definition
+
+dependencies:
+  - start_config

aac/configure_api_protection_definitions/tasks/main.yml

@@ -0,0 +1,27 @@
+# main task to configure api protection definition
+#   Example:
+#     api_protection:
+#       definitions:
+#         - name: oauth-provider
+#           description: API protection for Signal Iduna OAuth service provider
+#           grantTypes:
+#             - AUTHORIZATION_CODE
+#           tcmBehavior: NEVER_PROMPT
+---
+- name: Configure api protection definitions
+  isam:
+    appliance: "{{ inventory_hostname }}"
+    adminProxyProtocol: "{{ adminProxyProtocol | default(omit) }}"
+    adminProxyHostname: "{{ adminProxyHostname | default(omit) }}"
+    adminProxyPort: "{{ adminProxyPort | default(omit) }}"
+    adminProxyApplianceShortName: "{{ adminProxyApplianceShortName | default(omit) }}"
+    omitAdminProxy: "{{ omitAdminProxy | default(omit) }}"
+    username:  "{{ username }}"
+    password:  "{{ password }}"
+    lmi_port:  "{{ port | default(omit) }}"
+    log:       "{{ log_level | default(omit) }}"
+    force:     "{{ force | default(omit) }}"
+    action: ibmsecurity.isam.aac.api_protection.definitions.set
+    isamapi: "{{ item | exclude('clients') | exclude('mapping_rules') }}"
+  with_items: "{{ api_protection.definitions | default() }}"
+  notify: Commit Changes

aac/configure_mapping_rules/defaults/main.yml

@@ -0,0 +1,6 @@
+# Default variables for configuration of mapping rules
+mapping_rules: []
+
+# Default variables to filter for configuration of specific mapping rules at runtime
+name: "{{ item.name }}"
+category: "{{ item.category }}"

aac/configure_mapping_rules/meta/main.yml

@@ -0,0 +1,17 @@
+galaxy_info:
+  author: IBM
+  description: Role to configure mapping rules
+  company: IBM
+
+  license: Apache
+
+  min_ansible_version: 2.2
+
+  galaxy_tags:
+  - isam
+  - ibm
+  - update
+  - mapping_rules
+
+dependencies:
+  - start_config

aac/configure_mapping_rules/tasks/main.yml

@@ -0,0 +1,23 @@
+# main task to configure mapping rules
+---
+- name: Configure mapping rules
+  isam:
+    appliance: "{{ inventory_hostname }}"
+    adminProxyProtocol: "{{ adminProxyProtocol | default(omit) }}"
+    adminProxyHostname: "{{ adminProxyHostname | default(omit) }}"
+    adminProxyPort: "{{ adminProxyPort | default(omit) }}"
+    adminProxyApplianceShortName: "{{ adminProxyApplianceShortName | default(omit) }}"
+    omitAdminProxy: "{{ omitAdminProxy | default(omit) }}"
+    username:  "{{ username }}"
+    password:  "{{ password }}"
+    lmi_port:  "{{ port | default(omit) }}"
+    log:       "{{ log_level | default(omit) }}"
+    force:     "{{ force | default(omit) }}"
+    action: ibmsecurity.isam.aac.mapping_rules.set
+    isamapi:
+      name: "{{ item.name }}"
+      category: "{{ item.category }}"
+      upload_filename: "{{ inventory_dir }}/{{ item.file }}"
+  when: item.name == name and item.category == category
+  with_items: "{{ mapping_rules }}"
+  notify: Commit Changes

aac/create_api_protection_clients/defaults/main.yml

@@ -0,0 +1,5 @@
+# Default variables for creation of api protection clients
+api_protection: []
+
+# variables to control whether to configure one client at a time or everything from the configurations
+client_name: "{{ item.1.name }}"

aac/create_api_protection_clients/meta/main.yml

@@ -0,0 +1,17 @@
+galaxy_info:
+  author: IBM
+  description: Role to create api protection clients
+  company: IBM
+
+  license: Apache
+
+  min_ansible_version: 2.2
+
+  galaxy_tags:
+  - isam
+  - ibm
+  - create
+  - api_protection_clients
+
+dependencies:
+  - start_config

aac/create_api_protection_clients/tasks/main.yml

@@ -0,0 +1,40 @@
+# main task to create api protection definition
+#   Example:
+#     api_protection:
+#       definitions:
+#         - name: oauth-provider
+#           description: API protection for Signal Iduna OAuth service provider
+#           grantTypes:
+#             - AUTHORIZATION_CODE
+#           tcmBehavior: NEVER_PROMPT
+#           clients: 
+#             - name: TestApp
+#               companyName: IBM demo client for OAuth flows
+#               redirectUri: 
+#                 - https://localhost
+#               contractType: ADMINISTRATIVE
+#               definitionName: oauth-provider
+---
+- name: Create api protection client
+  isam:
+    appliance: "{{ inventory_hostname }}"
+    adminProxyProtocol: "{{ adminProxyProtocol | default(omit) }}"
+    adminProxyHostname: "{{ adminProxyHostname | default(omit) }}"
+    adminProxyPort: "{{ adminProxyPort | default(omit) }}"
+    adminProxyApplianceShortName: "{{ adminProxyApplianceShortName | default(omit) }}"
+    omitAdminProxy: "{{ omitAdminProxy | default(omit) }}"
+    username:  "{{ username }}"
+    password:  "{{ password }}"
+    lmi_port:  "{{ port | default(omit) }}"
+    log:       "{{ log_level | default(omit) }}"
+    force:     "{{ force | default(omit) }}"
+    action: ibmsecurity.isam.aac.api_protection.clients.add
+    isamapi: "{{ item.1 | combine({ 'definitionName': item.0.name }) }}"
+  when: item.1.name == client_name
+  with_subelements: 
+    - "{{ api_protection.definitions | default([]) }}"
+    - clients
+    - skip_missing: True
+  loop_control:
+    label: "{ 'definitionName': {{ item.0.name }}, 'clients[i].name': {{ item.1.name }} }"
+  notify: Commit Changes

aac/create_api_protection_definitions/defaults/main.yml

@@ -0,0 +1,2 @@
+# Default variables for creation of api protection definitions
+api_protection: []

aac/create_api_protection_definitions/meta/main.yml

@@ -0,0 +1,17 @@
+galaxy_info:
+  author: IBM
+  description: Role to create api protection definition
+  company: IBM
+
+  license: Apache
+
+  min_ansible_version: 2.2
+
+  galaxy_tags:
+  - isam
+  - ibm
+  - create
+  - api_protection_definition
+
+dependencies:
+  - start_config

aac/create_api_protection_definitions/tasks/main.yml

@@ -0,0 +1,27 @@
+# main task to create api protection definition
+#   Example:
+#     api_protection:
+#       definitions:
+#         - name: oauth-provider
+#           description: API protection for Signal Iduna OAuth service provider
+#           grantTypes:
+#             - AUTHORIZATION_CODE
+#           tcmBehavior: NEVER_PROMPT
+---
+- name: Create api protection definition
+  isam:
+    appliance: "{{ inventory_hostname }}"
+    adminProxyProtocol: "{{ adminProxyProtocol | default(omit) }}"
+    adminProxyHostname: "{{ adminProxyHostname | default(omit) }}"
+    adminProxyPort: "{{ adminProxyPort | default(omit) }}"
+    adminProxyApplianceShortName: "{{ adminProxyApplianceShortName | default(omit) }}"
+    omitAdminProxy: "{{ omitAdminProxy | default(omit) }}"
+    username:  "{{ username }}"
+    password:  "{{ password }}"
+    lmi_port:  "{{ port | default(omit) }}"
+    log:       "{{ log_level | default(omit) }}"
+    force:     "{{ force | default(omit) }}"
+    action: ibmsecurity.isam.aac.api_protection.definitions.add
+    isamapi: "{{ item | exclude('clients') | exclude('mapping_rules') }}"
+  with_items: "{{ api_protection.definitions | default([]) }}"
+  notify: Commit Changes

aac/create_authentication_mechanisms/defaults/main.yml

@@ -0,0 +1,2 @@
+# Default variables for creation of authentication mechanisms
+authentication_mechanisms: []

aac/create_authentication_mechanisms/meta/main.yml

@@ -0,0 +1,17 @@
+galaxy_info:
+  author: IBM
+  description: Role to create authentication mechanisms
+  company: IBM
+
+  license: Apache
+
+  min_ansible_version: 2.2
+
+  galaxy_tags:
+  - isam
+  - ibm
+  - create
+  - authentication_mechanism
+
+dependencies:
+  - start_config

aac/create_authentication_mechanisms/tasks/main.yml

@@ -0,0 +1,37 @@
+# main task to create authentication mechanisms
+#   Example:
+#     authentication_mechanisms:
+#       - name: MappinRule1
+#         uri: "urn:ibm:security:authentication:asf:mechanism:mappingRule1"
+#         description: "Mapping Rule 1"
+#         typeName: InfoMapAuthenticationName
+#         properties:     
+#           - key: infoMap.HTMLPage
+#             value: ""
+#           - key: infoMap.JSRule
+#             value: MappingRule1
+---
+- name: Create authentication mechanisms
+  isam:
+    appliance: "{{ inventory_hostname }}"
+    adminProxyProtocol: "{{ adminProxyProtocol | default(omit) }}"
+    adminProxyHostname: "{{ adminProxyHostname | default(omit) }}"
+    adminProxyPort: "{{ adminProxyPort | default(omit) }}"
+    adminProxyApplianceShortName: "{{ adminProxyApplianceShortName | default(omit) }}"
+    omitAdminProxy: "{{ omitAdminProxy | default(omit) }}"
+    username:  "{{ username }}"
+    password:  "{{ password }}"
+    lmi_port:  "{{ port | default(omit) }}"
+    log:       "{{ log_level | default(omit) }}"
+    force:     "{{ force | default(omit) }}"
+    action: ibmsecurity.isam.aac.authentication.mechanisms.add
+    isamapi:
+      name:               "{{ item.name }}"
+      uri:                "{{ item.uri  }}"
+      description:        "{{ item.description | default('') }}"
+      attributes:         "{{ item.attributes | default([]) }}"
+      properties:         "{{ item.properties | default([]) }}"
+      predefined:         "{{ item.predefined | default('False') }}"
+      typeName:           "{{ item.typeName | default([]) }}"
+  with_items: "{{ authentication_mechanisms }}"
+  notify: Commit Changes

aac/create_authentication_policies/defaults/main.yml

@@ -0,0 +1,2 @@
+# Default variables for creation of authentication policies
+authentication_policies: []

aac/create_authentication_policies/meta/main.yml

@@ -0,0 +1,17 @@
+galaxy_info:
+  author: IBM
+  description: Role to create authentication policies
+  company: IBM
+
+  license: Apache
+
+  min_ansible_version: 2.2
+
+  galaxy_tags:
+  - isam
+  - ibm
+  - create
+  - authentication_policy
+
+dependencies:
+  - start_config