From c96661573b3bcf8251c24f1abc2398120dec5937 Mon Sep 17 00:00:00 2001
From: przemkalit <przemyslaw.kalitowski@natek.eu>
Date: Tue, 6 Aug 2024 14:55:28 +0200
Subject: [PATCH] Roles import optimatization by modifying the export + 2 minor
 bugs (#884)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* misc: roles export optimization, fix approval role for users, fix admin roles

* fix: typo

* fix: add missing changelog

* fix: remove new lines

* fix: add missing new line

---------

Co-authored-by: Przemyslaw Kalitowski <przemyslaw@kalitowski.com>
Co-authored-by: Ivan Aragonés Muniesa <26822043+ivarmu@users.noreply.github.com>
Co-authored-by: David Danielsson <djdanielsson@users.noreply.github.com>
---
 ...letree_create_role_export_optimization.yml |  3 ++
 roles/filetree_create/tasks/team_roles.yml    | 33 +++++++++++++---
 roles/filetree_create/tasks/user_roles.yml    | 33 +++++++++++++---
 .../templates/current_team_roles.j2           | 39 ++++++++++---------
 .../templates/current_user_roles.j2           | 37 ++++++++++--------
 5 files changed, 100 insertions(+), 45 deletions(-)
 create mode 100644 changelogs/fragments/filetree_create_role_export_optimization.yml

diff --git a/changelogs/fragments/filetree_create_role_export_optimization.yml b/changelogs/fragments/filetree_create_role_export_optimization.yml
new file mode 100644
index 000000000..4d9829d34
--- /dev/null
+++ b/changelogs/fragments/filetree_create_role_export_optimization.yml
@@ -0,0 +1,3 @@
+minor_changes:
+  - filetree_create able export proper approval role (user roles)
+  - filetree_create able to bulk export role for objects
diff --git a/roles/filetree_create/tasks/team_roles.yml b/roles/filetree_create/tasks/team_roles.yml
index 19a003d6f..bb79ac87a 100644
--- a/roles/filetree_create/tasks/team_roles.yml
+++ b/roles/filetree_create/tasks/team_roles.yml
@@ -7,6 +7,32 @@
                          }}"
   no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 
+- name: "Map objects with roles (block)"
+  when: team_roles_lookvar | length > 0
+  block:
+    - name: "Get role and object types and define object_roles variable"
+      ansible.builtin.set_fact:
+        role_types: "{{ team_roles_lookvar | map(attribute='name') | unique }}"
+        object_types: "{{ team_roles_lookvar | map(attribute='summary_fields.resource_type') | unique }}"
+        object_roles: []
+
+    - name: "Match objects with roles"
+      when: (team_roles_lookvar | selectattr('name','equalto', item.0) | selectattr('summary_fields.resource_type','equalto', item.1) | map(attribute='summary_fields.resource_name')) | length > 0
+      ansible.builtin.set_fact:
+        object_roles: >-
+          {{ object_roles +
+            [{ item.0:
+              {
+                'resource_names': (team_roles_lookvar |
+                                  selectattr('name','equalto', item.0) |
+                                  selectattr('summary_fields.resource_type','equalto', item.1) |
+                                  map(attribute='summary_fields.resource_name')),
+                'resource_type': item.1,
+              }
+            }]
+          }}"
+      loop: "{{ role_types | product(object_types) | list }}"
+
 - name: "Block for to generate flatten output"
   when:
     - flatten_output is defined
@@ -28,9 +54,8 @@
         marker: ""
         block: "{{ lookup('template', 'templates/current_team_roles.j2') }}"
       vars:
-        current_team_roles_asset_value: "{{ team_roles_lookvar }}"
         first_team_role: "{{ not team_roles_file.stat.exists }}"
-      when: team_roles_lookvar | length > 0
+      when: object_roles | length > 0
 
     - name: "Remove all the blank lines introduced by the last task"
       ansible.builtin.lineinfile:
@@ -52,7 +77,5 @@
         src: "templates/current_team_roles.j2"
         dest: "{{ output_path }}/team_roles/current_roles_{{ teamname | regex_replace('/', '_') }}.yaml"
         mode: '0644'
-      vars:
-        current_team_roles_asset_value: "{{ team_roles_lookvar }}"
-      when: team_roles_lookvar | length > 0
+      when: object_roles | length > 0
 ...
diff --git a/roles/filetree_create/tasks/user_roles.yml b/roles/filetree_create/tasks/user_roles.yml
index 10b55613d..02fdde3de 100644
--- a/roles/filetree_create/tasks/user_roles.yml
+++ b/roles/filetree_create/tasks/user_roles.yml
@@ -11,6 +11,32 @@
                 }}"
   no_log: "{{ controller_configuration_filetree_create_secure_logging }}"
 
+- name: "Map objects with roles (block)"
+  when: user_roles_lookvar | length > 0
+  block:
+    - name: "Get role and object types and define object_roles variable"
+      ansible.builtin.set_fact:
+        role_types: "{{ user_roles_lookvar | selectattr('name', 'defined') | map(attribute='name') | unique }}"
+        object_types: "{{ user_roles_lookvar | selectattr('summary_fields.resource_type', 'defined') | map(attribute='summary_fields.resource_type') | unique }}"
+        object_roles: []
+
+    - name: "Match objects with roles"
+      when: (user_roles_lookvar | selectattr('name','equalto', item.0) | selectattr('summary_fields.resource_type', 'defined') | selectattr('summary_fields.resource_type','equalto', item.1) | map(attribute='summary_fields.resource_name')) | length > 0
+      ansible.builtin.set_fact:
+        object_roles: >-
+          {{ object_roles +
+            [{ item.0:
+              {
+                'resource_names': (user_roles_lookvar |
+                                   selectattr('name','equalto', item.0) |
+                                   selectattr('summary_fields.resource_type','equalto', item.1) |
+                                   map(attribute='summary_fields.resource_name')),
+                'resource_type': item.1,
+              }
+            }]
+          }}
+      loop: "{{ role_types | product(object_types) | list }}"
+
 - name: "Block for to generate flatten output"
   when:
     - flatten_output is defined
@@ -32,9 +58,8 @@
         marker: ""
         block: "{{ lookup('template', 'templates/current_user_roles.j2') }}"
       vars:
-        current_user_roles_asset_value: "{{ user_roles_lookvar }}"
         first_user_role: "{{ not user_roles_file.stat.exists }}"
-      when: user_roles_lookvar | length > 0
+      when: object_roles | length > 0
 
     - name: "Remove all the blank lines introduced by the last task"
       ansible.builtin.lineinfile:
@@ -56,7 +81,5 @@
         src: "templates/current_user_roles.j2"
         dest: "{{ output_path }}/user_roles/current_roles_{{ username | regex_replace('/', '_') }}.yaml"
         mode: '0644'
-      vars:
-        current_user_roles_asset_value: "{{ user_roles_lookvar }}"
-      when: user_roles_lookvar | length > 0
+      when: object_roles | length > 0
 ...
diff --git a/roles/filetree_create/templates/current_team_roles.j2 b/roles/filetree_create/templates/current_team_roles.j2
index 8de3b342a..a21f08293 100644
--- a/roles/filetree_create/templates/current_team_roles.j2
+++ b/roles/filetree_create/templates/current_team_roles.j2
@@ -2,27 +2,30 @@
 ---
 controller_roles:
 {% endif %}
-{% for role in team_roles_lookvar %}
-{% if role.summary_fields.resource_type is defined %}
-  - team: "{{ teamname }}"
-{% if role.summary_fields.resource_type is match('organization') %}
+{% for role in object_roles %}
+{% if (role|dict2items)[0].value.resource_type is defined %}
+  - team: "{{ (role|dict2items)[0].value.team_name }}"
+{% if (role|dict2items)[0].value.resource_names | length > 0 %}
+{% if (role|dict2items)[0].value.resource_type is match('organization') %}
     organizations:
-      - "{{ role.summary_fields.resource_name }}"
-{% elif role.summary_fields.resource_type is match('team') %}
+{% elif (role|dict2items)[0].value.resource_type is match('team') %}
     target_teams:
-      - "{{ role.summary_fields.resource_name }}"
-{% elif role.summary_fields.resource_type is match('job_template') %}
-    job_template: "{{ role.summary_fields.resource_name }}"
-{% elif role.summary_fields.resource_type is match('inventory') %}
-    inventory: "{{ role.summary_fields.resource_name }}"
-{% elif role.summary_fields.resource_type is match('workflow_job_template') %}
-    workflow_job_template: "{{ role.summary_fields.resource_name }}"
-{% elif role.summary_fields.resource_type is match('project') %}
-    project: "{{ role.summary_fields.resource_name }}"
-{% elif role.summary_fields.resource_type is match('credential') %}
-    credential: "{{ role.summary_fields.resource_name }}"
+{% elif (role|dict2items)[0].value.resource_type is match('job_template') %}
+    job_templates:
+{% elif (role|dict2items)[0].value.resource_type is match('inventory') %}
+    inventories:
+{% elif (role|dict2items)[0].value.resource_type is match('workflow_job_template') %}
+    workflow_job_templates:
+{% elif (role|dict2items)[0].value.resource_type is match('project') %}
+    projects:
+{% elif (role|dict2items)[0].value.resource_type is match('credential') %}
+    credentials:
 {% endif %}
-    role: "{% if role.name | lower == 'approve' %}approval{% else %}{{ role.name | lower }}{% endif %}"
+{% for object_name in (role|dict2items)[0].value.resource_names %}
+      - "{{ object_name }}"
+{% endfor %}
+{% endif %}
+    role: "{% if (role|dict2items)[0].key | lower == 'approve' %}approval{% else %}{{ (role|dict2items)[0].key | lower | regex_replace(' ', '_') }}{% endif %}"
 {% endif %}
 {% endfor %}
 {% if last_team_role | default(true) | bool %}
diff --git a/roles/filetree_create/templates/current_user_roles.j2 b/roles/filetree_create/templates/current_user_roles.j2
index 2170e99d6..c58104e25 100644
--- a/roles/filetree_create/templates/current_user_roles.j2
+++ b/roles/filetree_create/templates/current_user_roles.j2
@@ -2,27 +2,30 @@
 ---
 controller_roles:
 {% endif %}
-{% for role in user_roles_lookvar %}
-{% if role.summary_fields.resource_type is defined %}
+{% for role in object_roles %}
+{% if (role|dict2items)[0].value.resource_type is defined %}
   - user: "{{ username }}"
-{% if role.summary_fields.resource_type is match('organization') %}
+{% if (role|dict2items)[0].value.resource_names | length > 0 %}
+{% if (role|dict2items)[0].value.resource_type is match('organization') %}
     organizations:
-      - "{{ role.summary_fields.resource_name }}"
-{% elif role.summary_fields.resource_type is match('team') %}
+{% elif (role|dict2items)[0].value.resource_type is match('team') %}
     target_teams:
-      - "{{ role.summary_fields.resource_name }}"
-{% elif role.summary_fields.resource_type is match('job_template') %}
-    job_template: "{{ role.summary_fields.resource_name }}"
-{% elif role.summary_fields.resource_type is match('inventory') %}
-    inventory: "{{ role.summary_fields.resource_name }}"
-{% elif role.summary_fields.resource_type is match('workflow_job_template') %}
-    workflow_job_template: "{{ role.summary_fields.resource_name }}"
-{% elif role.summary_fields.resource_type is match('project') %}
-    project: "{{ role.summary_fields.resource_name }}"
-{% elif role.summary_fields.resource_type is match('credential') %}
-    credential: "{{ role.summary_fields.resource_name }}"
+{% elif (role|dict2items)[0].value.resource_type is match('job_template') %}
+    job_templates:
+{% elif (role|dict2items)[0].value.resource_type is match('inventory') %}
+    inventories:
+{% elif (role|dict2items)[0].value.resource_type is match('workflow_job_template') %}
+    workflow_job_templates:
+{% elif (role|dict2items)[0].value.resource_type is match('project') %}
+    projects:
+{% elif (role|dict2items)[0].value.resource_type is match('credential') %}
+    credentials:
 {% endif %}
-    role: "{{ role.name | lower }}"
+{% for object_name in (role|dict2items)[0].value.resource_names %}
+      - "{{ object_name }}"
+{% endfor %}
+{% endif %}
+    role: "{% if (role|dict2items)[0].key | lower == 'approve' %}approval{% else %}{{ (role|dict2items)[0].key | lower | regex_replace(' ', '_') }}{% endif %}"
 {% endif %}
 {% endfor %}
 {% if last_user_role | default(true) | bool %}