ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2026-02-04 16:01:55 +00:00
Code Activity
community.general/plugins/modules/vertica_schema.py
Felix Fontein 236b9c0e04
Sort imports with ruff check --fix (#11400) 
Sort imports with ruff check --fix.
2026-01-09 07:40:58 +01:00

333 lines
11 KiB
Python
Raw Blame History

#!/usr/bin/python
# Copyright Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
from __future__ import annotations
DOCUMENTATION = r"""
module: vertica_schema
short_description: Adds or removes Vertica database schema and roles
description:
- Adds or removes Vertica database schema and, optionally, roles with schema access privileges.
- A schema is not removed until all the objects have been dropped.
- In such a situation, if the module tries to remove the schema it fails and only remove roles created for the schema if
they have no dependencies.
extends_documentation_fragment:
- community.general.attributes
attributes:
check_mode:
support: full
diff_mode:
support: none
options:
schema:
description:
- Name of the schema to add or remove.
required: true
aliases: ['name']
type: str
usage_roles:
description:
- Comma separated list of roles to create and grant usage access to the schema.
aliases: ['usage_role']
type: str
create_roles:
description:
- Comma separated list of roles to create and grant usage and create access to the schema.
aliases: ['create_role']
type: str
owner:
description:
- Name of the user to set as owner of the schema.
type: str
state:
description:
- Whether to create V(present), or drop V(absent) a schema.
default: present
choices: ['present', 'absent']
type: str
db:
description:
- Name of the Vertica database.
type: str
cluster:
description:
- Name of the Vertica cluster.
default: localhost
type: str
port:
description:
- Vertica cluster port to connect to.
default: '5433'
type: str
login_user:
description:
- The username used to authenticate with.
default: dbadmin
type: str
login_password:
description:
- The password used to authenticate with.
type: str
notes:
- The default authentication assumes that you are either logging in as or sudo'ing to the C(dbadmin) account on the host.
- This module uses C(pyodbc), a Python ODBC database adapter. You must ensure that C(unixODBC) and C(pyodbc) is installed
on the host and properly configured.
- Configuring C(unixODBC) for Vertica requires C(Driver = /opt/vertica/lib64/libverticaodbc.so) to be added to the C(Vertica)
section of either C(/etc/odbcinst.ini) or C($HOME/.odbcinst.ini) and both C(ErrorMessagesPath = /opt/vertica/lib64) and
C(DriverManagerEncoding = UTF-16) to be added to the C(Driver) section of either C(/etc/vertica.ini) or C($HOME/.vertica.ini).
requirements: ['unixODBC', 'pyodbc']
author: "Dariusz Owczarek (@dareko)"
"""
EXAMPLES = r"""
- name: Creating a new vertica schema
community.general.vertica_schema: name=schema_name db=db_name state=present
- name: Creating a new schema with specific schema owner
community.general.vertica_schema: name=schema_name owner=dbowner db=db_name state=present
- name: Creating a new schema with roles
community.general.vertica_schema: name=schema_name create_roles=schema_name_all usage_roles=schema_name_ro,schema_name_rw
db=db_name state=present
"""
import traceback
PYODBC_IMP_ERR = None
try:
import pyodbc
except ImportError:
PYODBC_IMP_ERR = traceback.format_exc()
pyodbc_found = False
else:
pyodbc_found = True
from ansible.module_utils.basic import AnsibleModule, missing_required_lib
class NotSupportedError(Exception):
pass
class CannotDropError(Exception):
pass
# module specific functions
def get_schema_facts(cursor, schema=""):
facts = {}
cursor.execute(
"""
select schema_name, schema_owner, create_time
from schemata
where not is_system_schema and schema_name not in ('public', 'TxtIndex')
and (? = '' or schema_name ilike ?)
""",
schema,
schema,
)
while True:
rows = cursor.fetchmany(100)
if not rows:
break
for row in rows:
facts[row.schema_name.lower()] = {
"name": row.schema_name,
"owner": row.schema_owner,
"create_time": str(row.create_time),
"usage_roles": [],
"create_roles": [],
}
cursor.execute(
"""
select g.object_name as schema_name, r.name as role_name,
lower(g.privileges_description) privileges_description
from roles r join grants g
on g.grantee_id = r.role_id and g.object_type='SCHEMA'
and g.privileges_description like '%USAGE%'
and g.grantee not in ('public', 'dbadmin')
and (? = '' or g.object_name ilike ?)
""",
schema,
schema,
)
while True:
rows = cursor.fetchmany(100)
if not rows:
break
for row in rows:
schema_key = row.schema_name.lower()
if "create" in row.privileges_description:
facts[schema_key]["create_roles"].append(row.role_name)
else:
facts[schema_key]["usage_roles"].append(row.role_name)
return facts
def update_roles(schema_facts, cursor, schema, existing, required, create_existing, create_required):
for role in set(existing + create_existing) - set(required + create_required):
cursor.execute(f"drop role {role} cascade")
for role in set(create_existing) - set(create_required):
cursor.execute(f"revoke create on schema {schema} from {role}")
for role in set(required + create_required) - set(existing + create_existing):
cursor.execute(f"create role {role}")
cursor.execute(f"grant usage on schema {schema} to {role}")
for role in set(create_required) - set(create_existing):
cursor.execute(f"grant create on schema {schema} to {role}")
def check(schema_facts, schema, usage_roles, create_roles, owner):
schema_key = schema.lower()
if schema_key not in schema_facts:
return False
if owner and owner.lower() == schema_facts[schema_key]["owner"].lower():
return False
if sorted(usage_roles) != sorted(schema_facts[schema_key]["usage_roles"]):
return False
return sorted(create_roles) == sorted(schema_facts[schema_key]["create_roles"])
def present(schema_facts, cursor, schema, usage_roles, create_roles, owner):
schema_key = schema.lower()
if schema_key not in schema_facts:
query_fragments = [f"create schema {schema}"]
if owner:
query_fragments.append(f"authorization {owner}")
cursor.execute(" ".join(query_fragments))
update_roles(schema_facts, cursor, schema, [], usage_roles, [], create_roles)
schema_facts.update(get_schema_facts(cursor, schema))
return True
else:
changed = False
if owner and owner.lower() != schema_facts[schema_key]["owner"].lower():
raise NotSupportedError(
f"Changing schema owner is not supported. Current owner: {schema_facts[schema_key]['owner']}."
)
if sorted(usage_roles) != sorted(schema_facts[schema_key]["usage_roles"]) or sorted(create_roles) != sorted(
schema_facts[schema_key]["create_roles"]
):
update_roles(
schema_facts,
cursor,
schema,
schema_facts[schema_key]["usage_roles"],
usage_roles,
schema_facts[schema_key]["create_roles"],
create_roles,
)
changed = True
if changed:
schema_facts.update(get_schema_facts(cursor, schema))
return changed
def absent(schema_facts, cursor, schema, usage_roles, create_roles):
schema_key = schema.lower()
if schema_key in schema_facts:
update_roles(
schema_facts,
cursor,
schema,
schema_facts[schema_key]["usage_roles"],
[],
schema_facts[schema_key]["create_roles"],
[],
)
try:
cursor.execute(f"drop schema {schema_facts[schema_key]['name']} restrict")
except pyodbc.Error as e:
raise CannotDropError("Dropping schema failed due to dependencies.") from e
del schema_facts[schema_key]
return True
else:
return False
# module logic
def main():
module = AnsibleModule(
argument_spec=dict(
schema=dict(required=True, aliases=["name"]),
usage_roles=dict(aliases=["usage_role"]),
create_roles=dict(aliases=["create_role"]),
owner=dict(),
state=dict(default="present", choices=["absent", "present"]),
db=dict(),
cluster=dict(default="localhost"),
port=dict(default="5433"),
login_user=dict(default="dbadmin"),
login_password=dict(no_log=True),
),
supports_check_mode=True,
)
if not pyodbc_found:
module.fail_json(msg=missing_required_lib("pyodbc"), exception=PYODBC_IMP_ERR)
schema = module.params["schema"]
usage_roles = []
if module.params["usage_roles"]:
usage_roles = module.params["usage_roles"].split(",")
usage_roles = [_f for _f in usage_roles if _f]
create_roles = []
if module.params["create_roles"]:
create_roles = module.params["create_roles"].split(",")
create_roles = [_f for _f in create_roles if _f]
owner = module.params["owner"]
state = module.params["state"]
db = ""
if module.params["db"]:
db = module.params["db"]
changed = False
try:
dsn = (
"Driver=Vertica;"
f"Server={module.params['cluster']};"
f"Port={module.params['port']};"
f"Database={db};"
f"User={module.params['login_user']};"
f"Password={module.params['login_password']};"
f"ConnectionLoadBalance=true"
)
db_conn = pyodbc.connect(dsn, autocommit=True)
cursor = db_conn.cursor()
except Exception as e:
module.fail_json(msg=f"Unable to connect to database: {e}.")
try:
schema_facts = get_schema_facts(cursor)
if module.check_mode:
changed = not check(schema_facts, schema, usage_roles, create_roles, owner)
elif state == "absent":
try:
changed = absent(schema_facts, cursor, schema, usage_roles, create_roles)
except pyodbc.Error as e:
module.fail_json(msg=f"{e}", exception=traceback.format_exc())
elif state == "present":
try:
changed = present(schema_facts, cursor, schema, usage_roles, create_roles, owner)
except pyodbc.Error as e:
module.fail_json(msg=f"{e}", exception=traceback.format_exc())
except NotSupportedError as e:
module.fail_json(msg=f"{e}", ansible_facts={"vertica_schemas": schema_facts})
except CannotDropError as e:
module.fail_json(msg=f"{e}", ansible_facts={"vertica_schemas": schema_facts})
except SystemExit:
# avoid catching this on python 2.4
raise
except Exception as e:
module.fail_json(msg=f"{e}", exception=traceback.format_exc())
module.exit_json(changed=changed, schema=schema, ansible_facts={"vertica_schemas": schema_facts})
if __name__ == "__main__":
main()
View git blame Copy permalink