Added code tested for Release 1.0.0 (#1)

README.md

@@ -0,0 +1,103 @@
+ocp_smmr
+=========
+
+This role implements tasks for add or delete a project as member in the Service Mesh Member Roll in Openshift, to be managed by Service Mesh.
+
+Also, it is **idempotent**, because if you try to add a role that is yet a member of Service Mesh Member Roll, the role will not perform any action. And the same to delete action.
+
+Requirements
+------------
+
+The below requirements are needed on the host that executes this role.
+
+Minimum Ansible version: 2.8.0
+
+Ansible modules:
+
+- k8s
+- k8s_auth
+- k8s_info / k8s_facts
+
+Python modules:
+
+- python >= 2.7
+- openshift >= 0.6
+- PyYAML >= 3.11
+- urllib3
+- requests
+- requests-oauthlib
+
+Role Variables
+--------------
+
+Roles needed to use this role:
+
+Variable | Description | Required | Choices/***Defaults***
+------------ | ------------- | ------------- | -------------
+api_url | Openshift API URL | yes | -
+ocp_username |  Openshift Username | no | -
+ocp_password | Openshift Password | no | - 
+ocp_token | Openshift Service Account Access Token | no | -
+ocp_verify_ssl | Verify SSL | no | ***true***, false
+project_name | Openshift Project Name | yes | -
+project_sm_name | Openshift project name of the Service Mesh Control Plane project | yes | -
+smmr_name | Service Mesh Member Roll object name | yes **\*** | ***default***
+action_smmr | Action to perform with project in Service Mesh Member Roll object | yes | ***add***, delete
+
+**\*** If the Service Mesh Member Roll object has a different name than ***default*** you need to set ``smmr_name`` variable with the right value.
+
+Dependencies
+------------
+
+No dependencies.
+
+Example Playbook
+----------------
+
+This is an example using an API token to authenticate to **add** a project as member of Service Mesh Member Roll:
+
+    - hosts: servers
+      roles:
+        - role: ocp_smmr
+          vars:
+            api_url: "https://openshift.example.com:6443"
+            ocp_token: "{{ service_account_token }}"
+            ocp_verify_ssl: false
+            project_name: "example-project"
+            project_sm_name: "istio-system"
+            smmr_name: "default"
+            action_smmr: "add"
+
+And this is an example using an user/password to authenticate to **delete** a project as member of Service Mesh Member Roll:
+
+    - hosts: servers
+      roles:
+        - role: ocp_smmr
+          vars:
+            api_url: "https://openshift.example.com:6443"
+            ocp_username: "clusteradmin"
+            ocp_password: "xxxxxxxxxxx"
+            ocp_verify_ssl: true
+            project_name: "example-project"
+            project_sm_name: "istio-system"
+            smmr_name: "default"
+            action_smmr: "delete"
+
+Platforms
+------------
+
+Tested on:
+
+- Red Hat Enterprise Linux 7.7
+- Red Hat Openshift Container Platform 4.2
+- Red Hat Openshift Service Mesh 1.0
+
+License
+-------
+
+GNU General Public License v3.0
+
+Author Information
+------------------
+
+This role was written in 2020 by Jesús Carmona Ampuero

defaults/main.yml

@@ -0,0 +1,11 @@
+---
+# defaults file for ocp_smmr
+
+# Variable to define the SSL verify for Openshift API calls
+ocp_verify_ssl: true
+
+# The Service Mesh Member Roll object name
+smmr_name: default
+
+# The action to perform with the project
+action_smmr: add

meta/main.yml

@@ -0,0 +1,58 @@
+galaxy_info:
+  author: Jesus Carmona Ampuero
+  description: Ansible role to manage Service Mesh Member Rolls in Openshift 
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Some suggested licenses:
+  # - BSD (default)
+  # - MIT
+  # - GPLv2
+  # - GPLv3
+  # - Apache
+  # - CC-BY
+  license: GPLv3
+
+  min_ansible_version: 2.8
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  # Optionally specify the branch Galaxy will use when accessing the GitHub
+  # repo for this role. During role install, if no tags are available,
+  # Galaxy will use this branch. During import Galaxy will access files on
+  # this branch. If Travis integration is configured, only notifications for this
+  # branch will be accepted. Otherwise, in all cases, the repo's default branch
+  # (usually master) will be used.
+  github_branch: 1.0.0
+
+  #
+  # platforms is a list of platforms, and each platform has a name and a list of versions.
+  #
+  platforms:
+  - name: EL
+    versions:
+    - 7
+
+  galaxy_tags:
+    - openshift
+    - ocp
+    - okd
+    - kubernetes
+    - k8s
+    - istio
+    - servicemesh
+    - servicemeshmemberroll
+    - memberroll
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.

tasks/main.yml

@@ -0,0 +1,25 @@
+---
+- name: OCP | ServiceMeshMemberRolls Role | Log in (obtain access token)
+  k8s_auth:
+    username: "{{ ocp_username }}"
+    password: "{{ ocp_password }}"
+    host: "{{ api_url }}"
+    verify_ssl: "{{ ocp_verify_ssl }}"
+  register: k8s_auth_results
+  when: (ocp_token is not defined or ocp_token == "")
+
+- name: OCP | ServiceMeshMemberRolls | Set the OCP API token value
+  set_fact:  
+    token: "{% if ocp_token is defined and ocp_token != '' %}{{ ocp_token }} {% else %}{{ k8s_auth_results.k8s_auth.api_key }}{% endif %}"
+  no_log: true
+
+- name: OCP | ServiceMeshMemberRolls | Try update SMMR until success
+  include_tasks: update_smmr.yml
+
+- name: OCP | ServiceMeshMemberRolls Role | Log out (revoke access token)
+  k8s_auth:
+    state: absent
+    api_key: "{{ token }}"
+    host: "{{ api_url }}"
+    verify_ssl: "{{ ocp_verify_ssl }}"
+  when: k8s_auth_results.k8s_auth.api_key is defined

tasks/update_smmr.yml

@@ -0,0 +1,80 @@
+- name: OCP | ServiceMeshMemberRolls Role | Block of tasks to retry Update SMMR until success
+  block:
+    - name: OCP | ServiceMeshMemberRolls Role | Get Members in ServiceMeshMemberRolls
+      k8s_facts:
+        api_version: maistra.io/v1
+        api_key: "{{ token }}"
+        host: "{{ api_url }}"
+        verify_ssl: "{{ ocp_verify_ssl }}"
+        kind: ServiceMeshMemberRoll
+        namespace: "{{ project_sm_name }}"
+        name: "{{ smmr_name }}"
+      register: get_smmr
+
+    - debug:
+        var: get_smmr.resources.0.spec.members
+
+    - name: OCP | ServiceMeshMemberRolls Role | Add Project to members list in ServiceMeshMemberRolls
+      set_fact:
+        smmr_members: "{{ get_smmr.resources.0.spec.members | unique | sort + [ project_name ] | list }}"
+        res_ver: "{{ get_smmr.resources.0.metadata.resourceVersion }}"
+      when:
+        - project_name not in (get_smmr.resources.0.spec.members)
+        - action_smmr == "add"
+        - smmr_members is not defined or smmr_members == ""
+
+    - name: OCP | ServiceMeshMemberRolls Role | Delete Project from members list in ServiceMeshMemberRolls
+      set_fact:
+        smmr_members: "{{ get_smmr.resources.0.spec.members | unique | sort | reject('search', project_name) | list }}"
+        res_ver: "{{ get_smmr.resources.0.metadata.resourceVersion }}"
+      when:
+        - project_name in (get_smmr.resources.0.spec.members)
+        - action_smmr == "delete"
+        - smmr_members is not defined or smmr_members == ""
+
+    - name: OCP | ServiceMeshMemberRolls Role | Update Members list in ServiceMeshMemberRolls
+      k8s:
+        api_version: maistra.io/v1
+        api_key: "{{ token }}"
+        host: "{{ api_url }}"
+        verify_ssl: "{{ ocp_verify_ssl }}"
+        kind: ServiceMeshMemberRoll
+        namespace: "{{ project_sm_name }}"
+        name: "{{ smmr_name }}"
+        state: present
+        definition: "{{ lookup('template', 'smmr.yml.j2') | from_yaml }}"
+        force: true
+      register: update_smmr
+      when: smmr_members is defined and smmr_members != ""
+
+    - name: OCP | ServiceMeshMemberRolls Role | Check if project is in ServiceMeshMemberRolls
+      fail:
+        msg: "ERROR: {{ project_name }} not in ServiceMeshMemberRolls"
+      when:
+        - update_smmr.result.spec.members is defined and project_name not in (update_smmr.result.spec.members)
+        - action_smmr == "add"
+        - smmr_members is defined and smmr_members != ""
+
+    - name: OCP | ServiceMeshMemberRolls Role | Check if project is not in ServiceMeshMemberRolls
+      fail:
+        msg: "ERROR: {{ project_name }} not in ServiceMeshMemberRolls"
+      when:
+        - update_smmr.result.spec.members is defined and project_name in (update_smmr.result.spec.members)
+        - action_smmr == "delete"
+        - smmr_members is defined and smmr_members != ""
+  rescue:
+    - name: OCP | ServiceMeshMemberRolls Role | Debug failed task
+      debug:
+        msg: "Failed tasks: {{ ansible_failed_task }} with error: {{ ansible_failed_result }}"
+
+    - name: OCP | ServiceMeshMemberRolls Role | Reset smmr_members variable
+      set_fact:
+        smmr_members: ""
+      when: smmr_members is defined and smmr_members != ""
+
+    - name: OCP | ServiceMeshMemberRolls Role | Retrying
+      debug:
+        msg: "Retrying to update SMMR..."
+
+    - name: OCP | ServiceMeshMemberRolls Role | Retry Update SMMR
+      include_tasks: update_smmr.yml

templates/smmr.yml.j2

@@ -0,0 +1,9 @@
+apiVersion: maistra.io/v1
+kind: ServiceMeshMemberRoll
+metadata:
+  name: {{ smmr_name }}
+  namespace: {{ project_sm_name }}
+  resourceVersion: "{{ res_ver }}"
+spec:
+  members:
+    {{ smmr_members | to_yaml }}

tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

tests/test.yml

@@ -0,0 +1,14 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - role: ocp_smmr
+      vars:
+        api_url: "https://openshift.example.com:6443"
+        ocp_username: "clusteradmin"
+        ocp_password: "xxxxxxxxxxx"
+        ocp_verify_ssl: true
+        project_name: "example-project"
+        project_sm_name: "istio-system"
+        smmr_name: "default"
+        action_smmr: "add"