New module: azure_rm_adgroup

[coleneubauer]

SUMMARY

Addition of modules to read and modify azure ad groups.

ISSUE TYPE

• New Module Pull Request

COMPONENT NAME

azure_rm_adgroup
azure_rm_adgroup_info

ADDITIONAL INFORMATION

The changes allow a user to look up and modify ad groups. You can look up or modify using the object_id or a group's display_name and mail_nickname. Some of the actions now available through these modules are creating a group, deleting a group, modifying a group's owners, modifying a group's members, and getting a group's information.

Below are various examples that can be new be used by a user. None of these were available previously.

    - name: Create Group
      azure.azcollection.azure_rm_adgroup:
        tenant: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
        display_name: "Group-Name"
        mail_nickname: "Group-Mail-Nickname"
        state: 'present'

    - name: Delete Group using display_name and mail_nickname
      azure.azcollection.azure_rm_adgroup:
        tenant: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
        display_name: "Group-Name"
        mail_nickname: "Group-Mail-Nickname"
        state: 'absent'

    - name: Delete Group using object_id
      azure.azcollection.azure_rm_adgroup:
        tenant: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
        object_id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
        state: 'absent'

    - name: Ensure Users are Members of a Group using display_name and mail_nickname
      azure.azcollection.azure_rm_adgroup:
        tenant: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
        display_name: "Group-Name"
        mail_nickname: "Group-Mail-Nickname"
        state: 'present'
        present_members:
          - "https://graph.windows.net/{{ tenant_id }}/directoryObjects/{{ ad_object_1_object_id }}"
          - "https://graph.windows.net/{{ tenant_id }}/directoryObjects/{{ ad_object_2_object_id }}"

    - name: Ensure Users are Members of a Group using object_id
      azure.azcollection.azure_rm_adgroup:
        tenant: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
        object_id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
        state: 'present'
        present_members:
          - "https://graph.windows.net/{{ ad_object_1_tenant_id }}/directoryObjects/{{ ad_object_1_object_id }}"
          - "https://graph.windows.net/{{ ad_object_2_tenant_id }}/directoryObjects/{{ ad_object_2_object_id }}"

    - name: Ensure Users are not Members of a Group using display_name and mail_nickname
      azure.azcollection.azure_rm_adgroup:
        tenant: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
        display_name: "Group-Name"
        mail_nickname: "Group-Mail-Nickname"
        state: 'present'
        absent_members:
          - "{{ ad_object_1_object_id }}"

    - name: Ensure Users are Members of a Group using object_id
      azure.azcollection.azure_rm_adgroup:
        tenant: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
        object_id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
        state: 'present'
        absent_members:
          - "{{ ad_object_1_object_id }}"

    - name: Ensure Users are Owners of a Group using display_name and mail_nickname
      azure.azcollection.azure_rm_adgroup:
        tenant: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
        display_name: "Group-Name"
        mail_nickname: "Group-Mail-Nickname"
        state: 'present'
        present_owners:
          - "https://graph.windows.net/{{ tenant_id }}/directoryObjects/{{ ad_object_1_object_id }}"
          - "https://graph.windows.net/{{ tenant_id }}/directoryObjects/{{ ad_object_2_object_id }}"

    - name: Ensure Users are Owners of a Group using object_id
      azure.azcollection.azure_rm_adgroup:
        tenant: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
        object_id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
        state: 'present'
        present_owners:
          - "https://graph.windows.net/{{ ad_object_1_tenant_id }}/directoryObjects/{{ ad_object_1_object_id }}"
          - "https://graph.windows.net/{{ ad_object_2_tenant_id }}/directoryObjects/{{ ad_object_2_object_id }}"

    - name: Ensure Users are not Owners of a Group using display_name and mail_nickname
      azure.azcollection.azure_rm_adgroup:
        tenant: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
        display_name: "Group-Name"
        mail_nickname: "Group-Mail-Nickname"
        state: 'present'
        absent_owners:
          - "{{ ad_object_1_object_id }}"
          - "{{ ad_object_2_object_id }}"

    - name: Ensure Users are Owners of a Group using object_id
      azure.azcollection.azure_rm_adgroup:
        tenant: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
        object_id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
        state: 'present'
        absent_owners:
          - "{{ ad_object_1_object_id }}"
          - "{{ ad_object_2_object_id }}"

[coleneubauer]

@haiyuazhang The requested changes have been made

[coleneubauer]

@Fred-sun The metaclass line was added as suggested

[Fred-sun]

@Fred-sun The metaclass line was added as suggested

@coleneubauer Do you execute your tests/integration/the targets/azure_rm_adgroup/tasks/main.yml? Can you share your test results? Thank you very much!

[coleneubauer]

@Fred-sun The metaclass line was added as suggested

@coleneubauer Do you execute your tests/integration/the targets/azure_rm_adgroup/tasks/main.yml? Can you share your test results? Thank you very much!

@Fred-sun The tests were updated as suggested.

I don't know how to execute the tests directly. I could not find in documentation how this was done and made the assumption this was intentional. What I do for the tests is copy the test to a local playbook, write a task at the top defining existing vars, and run the playbook. When I do it this way the results are that all the tasks pass.

[coleneubauer]

@haiyuazhang
Handled merge conflicts and pulled in the latest dev.

[coleneubauer]

@Fred-sun @haiyuazhang Didn't think about the examples. Committed the suggestions and checked to make sure none were missed. Should be ready.

[Fred-sun]

@Fred-sun @haiyuazhang Didn't think about the examples. Committed the suggestions and checked to make sure none were missed. Should be ready.

@coleneubauer Thanks for your udpate! I will re-check it!

[coleneubauer]

@Fred-sun @haiyuazhang Didn't think about the examples. Committed the suggestions and checked to make sure none were missed. Should be ready.

@coleneubauer Thanks for your udpate! I will re-check it!

@Fred-sun Committed your latest suggestion, should be ready for another review.

[coleneubauer]

@Fred-sun committed the update to the tenant

[anikm1987]

When do you have plan to release it?

[anikm1987]

Hi @coleneubauer,
Thanks for developing this plugin. I am trying to use it in my development environment. As this module is not yet released, I have followed the below steps -

Copied azure_rm_adgroup.py and azure_rm_adgroup_info.py under plugins/modules/

Now if I execute the playbook getting error -

Using module file /home/aniket/.ansible/collections/ansible_collections/azure/azcollection/plugins/modules/azure_rm_adgroup.py
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/aniket/.ansible/tmp/ansible-tmp-1621852147.4581947-146-8079142539757/ > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
    "msg": "module (azure.azcollection.azure_rm_adgroup) is missing interpreter line"
}

Sample playbook -

---

- hosts: localhost
  connection: local
  gather_facts: false
  vars:
    service_principal_object_id: "4fawee3e7b-4112-4364-8800-93244353a0d3"
    group_object_id: "23423324a-01cc-4c213f6-a8df-d21312312344f0"
    tenant_id: "1231232123-fb3236c-32424-973b-23423423"
  tasks:
    - name: Ensure member is in group that is already present using object_id
      azure.azcollection.azure_rm_adgroup:
        tenant: "{{ tenant_id }}"
        object_id: "{{ group_object_id }}"
        state: 'present'
        present_members:
          - "https://graph.windows.net/{{ tenant_id }}/directoryObjects/{{ service_principal_object_id }}"
      register: add_member_to_group

    - debug:
        var: add_member_to_group

Am I missing any steps? Can you please help?
Many thanks