orjan · September 4, 2020 20:26
diff --git a/create-role.yml b/create-role.yml
 ---

 - name: "Get role by id: {{ role.id }}"
  uri:
    url: "{{ nexus_base_url }}/beta/security/roles/{{ role.id }}"
    force_basic_auth: yes
    user: "{{ nexus_user }}"
    password: "{{ nexus_password }}"
    body_format: json
    status_code: [ 200, 404 ]
  register: existing_role

 - name: "Debug get role request by id: {{ role.id }}"
  debug:
    var: existing_role
    verbosity: 1

 - name: Create role {{ role.id }}
  uri:
    url: "{{ nexus_base_url }}/beta/security/roles" # required. HTTP or HTTPS URL in the form (http|https)://host.domain[:port]/path
    force_basic_auth: yes
    user: "{{ nexus_user }}"
    password: "{{ nexus_password }}"
    method: POST
    body_format: json
    body:
      id: "{{ role.id }}"
      name: "{{ role.name | default(role.id) }}"
      description: "{{ role.description | default('') }}"
      privileges: "{{ role.privileges | default([]) }}"
      roles: "{{ role.roles | default([]) }}"
  when: existing_role.status == 404

 - name: Update role {{ role.id }}
  uri:
    url: "{{ nexus_base_url }}/beta/security/roles/{{ role.id }}"
    force_basic_auth: yes
    user: "{{ nexus_user }}"
    password: "{{ nexus_password }}"
    method: PUT
    body_format: json
    status_code: [ 204 ]
    body:
      id: "{{ role.id }}"
      name: "{{ role.name | default(role.id) }}"
      description: "{{ role.description | default('') }}"
      privileges: "{{ role.privileges | default([]) }}"
      roles: "{{ role.roles | default([]) }}"
  when: existing_role.status != 404
diff --git a/main.yml b/main.yml
 ---
 - name: "Create CI/CD roles"
  include_tasks: create-role.yml
  vars:
    role:
      id: "cicd-{{ item }}"
      # Optional
      name: "custom-name-cicd-{{ item }}"                       # Defaults to role.id
      description: "CI/CD role for application id: {{ item }}"  # Defaults to ""
      privileges: [ nx-all ]                                    # Defaults to []
      roles: [ nx-admin ]                                       # Defaults to []
  with_items:
    - aa01
    - aa02
    - aa03
    
 - name: "Update user"
  include_tasks: update-user.yml
  vars:
    user:
      id: svc_nexus_aa01
      roles: [ cicd-aa01, nx-anonymous ]
diff --git a/update-user.yml b/update-user.yml
 ---
 - name: Get user
  uri:
    url: "{{ nexus_base_url }}/v1/security/users/?userId={{ user.id }}&source=default"
    force_basic_auth: yes
    user: "{{ nexus_user }}"
    password: "{{ nexus_password }}"
    method: GET
    body_format: json
  register: current_user

 - name: Debug current user
  debug:
    var: current_user

 - name: Update user roles {{ user.id }}
  uri:
    url: "{{ nexus_base_url }}/v1/security/users/{{ user.id }}"
    force_basic_auth: yes
    user: "{{ nexus_user }}"
    password: "{{ nexus_password }}"
    method: PUT
    body_format: json
    status_code: [ 204 ]
    body: '{{ current_user.json | combine({ "roles": user.roles }) }}'
	---

	- name: "Get role by id: {{ role.id }}"
	uri:
	url: "{{ nexus_base_url }}/beta/security/roles/{{ role.id }}"
	force_basic_auth: yes
	user: "{{ nexus_user }}"
	password: "{{ nexus_password }}"
	body_format: json
	status_code: [ 200, 404 ]
	register: existing_role

	- name: "Debug get role request by id: {{ role.id }}"
	debug:
	var: existing_role
	verbosity: 1

	- name: Create role {{ role.id }}
	uri:
	url: "{{ nexus_base_url }}/beta/security/roles" # required. HTTP or HTTPS URL in the form (http\|https)://host.domain[:port]/path
	force_basic_auth: yes
	user: "{{ nexus_user }}"
	password: "{{ nexus_password }}"
	method: POST
	body_format: json
	body:
	id: "{{ role.id }}"
	name: "{{ role.name \| default(role.id) }}"
	description: "{{ role.description \| default('') }}"
	privileges: "{{ role.privileges \| default([]) }}"
	roles: "{{ role.roles \| default([]) }}"
	when: existing_role.status == 404

	- name: Update role {{ role.id }}
	uri:
	url: "{{ nexus_base_url }}/beta/security/roles/{{ role.id }}"
	force_basic_auth: yes
	user: "{{ nexus_user }}"
	password: "{{ nexus_password }}"
	method: PUT
	body_format: json
	status_code: [ 204 ]
	body:
	id: "{{ role.id }}"
	name: "{{ role.name \| default(role.id) }}"
	description: "{{ role.description \| default('') }}"
	privileges: "{{ role.privileges \| default([]) }}"
	roles: "{{ role.roles \| default([]) }}"
	when: existing_role.status != 404
	---
	- name: "Create CI/CD roles"
	include_tasks: create-role.yml
	vars:
	role:
	id: "cicd-{{ item }}"
	# Optional
	name: "custom-name-cicd-{{ item }}" # Defaults to role.id
	description: "CI/CD role for application id: {{ item }}" # Defaults to ""
	privileges: [ nx-all ] # Defaults to []
	roles: [ nx-admin ] # Defaults to []
	with_items:
	- aa01
	- aa02
	- aa03

	- name: "Update user"
	include_tasks: update-user.yml
	vars:
	user:
	id: svc_nexus_aa01
	roles: [ cicd-aa01, nx-anonymous ]
	---
	- name: Get user
	uri:
	url: "{{ nexus_base_url }}/v1/security/users/?userId={{ user.id }}&source=default"
	force_basic_auth: yes
	user: "{{ nexus_user }}"
	password: "{{ nexus_password }}"
	method: GET
	body_format: json
	register: current_user

	- name: Debug current user
	debug:
	var: current_user

	- name: Update user roles {{ user.id }}
	uri:
	url: "{{ nexus_base_url }}/v1/security/users/{{ user.id }}"
	force_basic_auth: yes
	user: "{{ nexus_user }}"
	password: "{{ nexus_password }}"
	method: PUT
	body_format: json
	status_code: [ 204 ]
	body: '{{ current_user.json \| combine({ "roles": user.roles }) }}'