F OpenNebula/engineering#730: Sunstone views role (#176)

Signed-off-by: ArnauGabrielAtienza <agabriel@opennebula.io>
Signed-off-by: Michal Opala <sk4zuzu@gmail.com>
Co-authored-by: Michal Opala <sk4zuzu@gmail.com>

Author: ArnauGabrielAtienza

.gitignore

@@ -4,6 +4,7 @@ __pycache__/
 /ansible_collections/*
 !/ansible_collections/opennebula/deploy
 /inventory/.one-deploy/
+/inventory/views/
 /inventory/*.yml
 !/inventory/example.yml
 !/inventory/local.yml

roles/gui/README.md

@@ -11,16 +11,23 @@ N/A
 Role Variables
 --------------
 
-| Name                        | Type   | Default                                   | Example             | Description                                                                    |
-|-----------------------------|--------|-------------------------------------------|---------------------|--------------------------------------------------------------------------------|
-| `private_fireedge_endpoint` | `str`  | `http://localhost:2616`                   |                     | FireEdge URL used internally in Sunstone / reverse proxies.                    |
-| `one_token`                 | `str`  | undefined                                 | `asd123as:123asd12` | OpenNebula Enterprise Edition subscription token.                              |
-| `one_fqdn`                  | `str`  | undefined                                 | `nebula.example.io` | Fully qualified domain name of the OpenNebula instance.                        |
-| `one_vip`                   | `str`  | undefined                                 | `10.11.12.13`       | When OpenNebula is in HA mode it points to the Leader.                         |
-| `ssl.web_server`            | `enum` | `apache`                                  | (check below)       | Enable reverse proxy with SSL termination with Apache2 or nginx over HTTPS/443.|
-| `ssl.key`                   | `str`  | `/etc/ssl/private/opennebula-key.pem`     |                     | Private key path on the target Front-end (the file must be readable).          |
-| `ssl.certchain`             | `str`  | `/etc/ssl/certs/opennebula-certchain.pem` |                     | Certificate chain path on the target Front-end (the file must be readable).    |
-| `ssl.generate_cert`         | `bool` | `false`                                   | `true`              | Generate a CA and a certificate signed by that CA for the reverse proxy.       |
+| Name                           | Type   | Default                                                | Example             | Description                                                                      |
+|--------------------------------|--------|--------------------------------------------------------|---------------------|----------------------------------------------------------------------------------|
+| `private_fireedge_endpoint`    | `str`  | `http://localhost:2616`                                |                     | FireEdge URL used internally in Sunstone / reverse proxies.                      |
+| `one_token`                    | `str`  | undefined                                              | `asd123as:123asd12` | OpenNebula Enterprise Edition subscription token.                                |
+| `one_fqdn`                     | `str`  | undefined                                              | `nebula.example.io` | Fully qualified domain name of the OpenNebula instance.                          |
+| `one_vip`                      | `str`  | undefined                                              | `10.11.12.13`       | When OpenNebula is in HA mode it points to the Leader.                           |
+| `ssl.web_server`               | `enum` | `apache`                                               | (check below)       | Enable reverse proxy with SSL termination with Apache2 or nginx over HTTPS/443.  |
+| `ssl.key`                      | `str`  | `/etc/ssl/private/opennebula-key.pem`                  |                     | Private key path on the target Front-end (the file must be readable).            |
+| `ssl.certchain`                | `str`  | `/etc/ssl/certs/opennebula-certchain.pem`              |                     | Certificate chain path on the target Front-end (the file must be readable).      |
+| `ssl.generate_cert`            | `bool` | `false`                                                | `true`              | Generate a CA and a certificate signed by that CA for the reverse proxy.         |
+| `sunstone_views_base_dir`      | `str`  | `/etc/one/fireedge/sunstone/views/`                    |                     | Default destination for view definitions on OpenNebula Front-ends.               |
+| `sunstone_views_config_file`   | `str`  | `/etc/one/fireedge/sunstone/views/sunstone-views.yaml` |                     | Default sunstone-views.yaml file path on OpenNebula Front-ends.                  |
+| `sunstone_views[].name`        | `str`  | undefined                                              | `customview`        | A name of the view (a key inside sunstone_views.yml).                            |
+| `sunstone_views[].label`       | `str`  | undefined                                              | `Custom View`       | A label of the view (visible in Sunstone UI).                                    |
+| `sunstone_views[].description` | `str`  | undefined                                              | `A custom view`     | A description of the view.                                                       |
+| `sunstone_views[].groups`      | `list` | undefined                                              | `[users]`           | Members of these groups can use the view in Sunstone UI.                         |
+| `sunstone_views[].source_dir`  | `str`  | undefined                                              | `customview`        | A directory relative to "{{ inventory_dir }}/views/" containing view definition. |
 
 Dependencies
 ------------
@@ -39,6 +46,12 @@ Example Playbook
           web_server: nginx
           key: /etc/ssl/private/ssl-cert-snakeoil.key
           certchain: /etc/ssl/certs/ssl-cert-snakeoil.pem
+        sunstone_views:
+          - name: customview
+            label: Custom View
+            description: A custom view
+            groups: [oneadmin, users]
+            source_dir: customview/ # "{{ inventory_dir }}/views/customview/" -> "{{ sunstone_views_base_dir }}/customview/"
       roles:
         - role: opennebula.deploy.helper.facts
         - role: opennebula.deploy.gui

roles/gui/defaults/main.yml

@@ -5,3 +5,7 @@ ssl_defaults:
   web_server: apache # could be nginx
   key: /etc/ssl/private/opennebula-key.pem
   certchain: /etc/ssl/certs/opennebula-certchain.pem
+
+sunstone_views: []
+sunstone_views_base_dir: /etc/one/fireedge/sunstone/views/
+sunstone_views_config_file: "{{ sunstone_views_base_dir }}/sunstone-views.yaml"

roles/gui/tasks/main.yml

@@ -68,3 +68,7 @@
   ansible.builtin.include_tasks:
     file: "{{ role_path }}/tasks/{{ ssl.web_server }}.yml"
   when: ssl is defined
+
+- name: Deploy Sunstone Views
+  ansible.builtin.include_tasks:
+    file: "{{ role_path }}/tasks/sunstone_views.yml"

roles/gui/tasks/sunstone_views.yml

@@ -0,0 +1,70 @@
+---
+- when: _input | count > 0
+  vars:
+    _input: >-
+      {{ sunstone_views | d([]) }}
+
+    _values_loaded: >-
+      {{ cfgtool_groups_and_views['values'] }}
+
+    _groups_loaded: >-
+      {{ _values_loaded.0.0 }}
+
+    _views_loaded: >-
+      {{ _values_loaded.1.0 }}
+
+    _groups_updated: >-
+      {%- set output = _groups_loaded -%}
+      {%- for v in _input -%}
+        {%- for g in v.groups -%}
+          {{-
+            output.update({ g: (output.get(g, []) + [v.name]) | unique })
+          -}}
+        {%- endfor -%}
+      {%- endfor -%}
+      {{- output -}}
+
+    _views_updated: >-
+      {%- set output = _views_loaded -%}
+      {%- for v in _input -%}
+        {{-
+          output.update({ v.name: { "name": v.label, "description": v.description } })
+        -}}
+      {%- endfor -%}
+      {{- output -}}
+  block:
+    - name: Copy custom Sunstone views from inventory
+      ansible.builtin.copy:
+        dest: "{{ _dest | normpath }}/" # / is strictly required here
+        src: "{{ _src | normpath }}/"   # / is strictly required here
+        mode: u=rw,go=r
+      vars:
+        _dest: >-
+          {{ sunstone_views_base_dir }}/{{ item.name }}
+        _src: >-
+          {{ inventory_dir }}/views/{{ item.source_dir }}
+      loop: "{{ _input }}"
+      loop_control: { label: "{{ item.name }}" }
+
+    - name: Read 'groups' and 'views' from sunstone-views.yaml
+      opennebula.deploy.cfgtool:
+        dest: "{{ sunstone_views_config_file }}"
+        parser: Yaml
+        actions:
+          - get:
+              path: [groups]
+          - get:
+              path: [views]
+      register: cfgtool_groups_and_views
+
+    - name: Write updated 'groups' and 'views' into sunstone-views.yaml
+      opennebula.deploy.cfgtool:
+        dest: "{{ sunstone_views_config_file }}"
+        parser: Yaml
+        actions:
+          - put:
+              path: [groups]
+              value: "{{ _groups_updated }}"
+          - put:
+              path: [views]
+              value: "{{ _views_updated }}"