An ansible role for administrating Secure Workload (formerly known as Tetration). Find a guided walkthrough of the Ansible modules here.
requests
package must be installed on the server.The following variables need to be explicitly imported in to the role OR can be set as environmental variables.
The api key and secret can be obtained from the Settings -> API Keys menu in Tetration.
The server endpoint is just the base URL of your Tetration, e.g. "https://acme.tetrationcloud.com".
requests
This role uses the Python requests
package to communicate via https with Tetration.
- name: Add User to Tetration
hosts: localhost
connection: local
roles:
- role: ansible-module
tasks:
- name: read variables from the environment to be explicit
set_fact:
ansible_host: "{{ lookup('env', 'TETRATION_SERVER_ENDPOINT') }}"
api_key: "{{ lookup('env', 'TETRATION_API_KEY') }}"
api_secret: "{{ lookup('env', 'TETRATION_API_SECRET') }}"
no_log: True
- name: put the variables in the required format
set_fact:
provider_info:
api_key: "{{ api_key }}"
api_secret: "{{ api_secret }}"
server_endpoint: "{{ ansible_host }}"
no_log: True
- name: Create or verify a test user exists in the system
tetration_user:
provider: "{{ provider_info }}"
email: test_user@test.com
first_name: "Test"
last_name: "User"
app_scope_name: "RootScope"
role_names:
- Execute
- Enforce
state: present
delegate_to: localhost
register: output
Python Testing is done via Pytest.
requirements.txt
pytest --cov=. --cov-report term-missing --cov-fail-under=80 tests/
Ansible Testing is done via Molecule
requirements.txt
molecule test -s tetration_user
to run the users scenario (check the molecule
directory for all scenarios)molecule test --all
to run all the scenariosThe scenarios are in the molecule folder. Each scenario is named after the module its tests are written for. Molecule is designed to do stuff to a VM/Container and then test the state of the container. Since this is not the case, instead we use the converge.yml
file to exercise the role.
Environmental variables are set in the molecule.yml
file. If you have an .env.yml
file set in the project root, when molecule runs, it will set the contents of that file as environmental variables. This way you can test both local and remote.
This is the process to install this role directly from GitHub into ansible
python3 -m venv venv
source venv/bin/activate
pip install --upgrade pip
pip install 'ansible==2.9.13'
pip install requests
ansible-galaxy
ansible-galaxy install git+https://<your github userid>:<your github token>@github.com/tetration-exchange/ansible-module.git
An option to setting an environmental variable is to use dotenv
to load them at run time. You can create a .env
file that can be excluded from source control. This section covers how to install and use it.
pip install "python-dotenv[cli]"
.env
at the root of the repo that looks like.env
TETRATION_API_KEY="my api key"
TETRATION_API_SECRET="my apy password"
TETRATION_SERVER_ENDPOINT="https://acme.tetrationcloud.com"
dotenv run ansible-playbook sample_play.yml
If you want to work on the module in a local environment, you'll need to create an ansible.cfg
file with the following contents:
ansible.cfg
[defaults]
Tetration modules
library = ./
module_utils = ./module_utils
doc_fragment_plugins = ./plugins/doc_fragments
Helps read debug outputs better
stdout_callback = debug
MIT
Cisco
This module is provided as-is with community support only.
Ansible’s simple automation framework paired with Cisco’s architectures and programmable platforms provide the optimal combination for open network automation. Cisco DevNet provides Ansible modules, use-case focused content, and Learning Labs to successfully deploy automation and implement DevOps into your network operations.
Ansible is a Deployment, Orchestration, and Configuration Management tool that is well known for its ease of use. It is open source, simple to work with and powerful enough to help automate complex solutions. It’s goal is to provide productivity gains to a wide variety of automation challenges.
One of the largest benefits of Ansible versus other configuration control software is that Ansible has no agent. This allows Ansible to be extremely lightweight compared to its competitors. Ansible works by having access to the end devices (usually through SSH or API calls) and executing a series of instructions on those devices through a range of methods, but commonly through the python programming language.
The Secure Workload Ansible module allows you to:
tetration_user
module to add, remove and validate Tetration users.tetration_scope_query
, tetration_scope
, and the tetration_scope_commit_query_changes
.roles
using the tetration_role
module. tetration_software_agent
and tetration_software_agent_query
. tetration_software_agent
and tetration_software_agent_query
modules to validate that an agent successfully installed and verify that workload has been registered to the Tetration manager.Owner
Contributors
Categories
Products
Secure WorkloadProgramming Languages
PythonLicense
Code Exchange Community
Get help, share code, and collaborate with other developers in the Code Exchange community.View Community