CiscoUcs · gumpcraca · Mar 5, 2018 · May 7, 2018 · May 7, 2018 · May 24, 2018
diff --git a/README.md b/README.md
diff --git a/examples/add_user.py b/examples/add_user.py
@@ -4,11 +4,60 @@
 import json
 import argparse
 from intersight.intersight_api_client import IntersightApiClient
-from intersight.apis import iam_account_api
-from intersight.apis import iam_user_api
-from intersight.apis import iam_role_api
-from intersight.apis import iam_end_point_role_api
 from intersight.apis import iam_permission_api
+from intersight.apis import iam_idp_reference_api
+from intersight.apis import iam_user_api
+
+
+def add_user(intersight_api_params, username, user_role='Account Administrator'):
+    # Create Intersight API instance
+    # ----------------------
+    api_instance = IntersightApiClient(
+        host=intersight_api_params['api_base_uri'],
+        private_key=intersight_api_params['api_private_key_file'],
+        api_key_id=intersight_api_params['api_key_id'],
+    )
+
+    # GET Permissions
+    permissions_handle = iam_permission_api.IamPermissionApi(api_instance)
+    kwargs = dict(filter="Name eq '%s'" % user_role)
+    permissions_result = permissions_handle.iam_permissions_get(**kwargs)
+
+    if permissions_result.results:
+        # GET IdpReference
+        idp_reference_handle = iam_idp_reference_api.IamIdpReferenceApi(api_instance)
+        idp_reference_name = 'Cisco'
+        kwargs = dict(filter="Name eq '%s'" % idp_reference_name)
+        idp_reference_result = idp_reference_handle.iam_idp_references_get(**kwargs)
+        if idp_reference_result.results:
+            user_matches = False
+            # GET Users
+            users_handle = iam_user_api.IamUserApi(api_instance)
+            kwargs = dict(filter="Email eq '%s'" % username)
+            users_result = users_handle.iam_users_get(**kwargs)
+            if (
+                    users_result.results and
+                    users_result.results[0].permissions[0].moid == permissions_result.results[0].moid and
+                    users_result.results[0].idpreference.moid == idp_reference_result.results[0].moid
+               ):
+                user_matches = True
+
+            if not user_matches:
+                # POST Users with Permissions and IdpReference
+                users_body = {
+                    'Email': username,
+                    'Idpreference': idp_reference_result.results[0].moid,
+                    'Permissions': [permissions_result.results[0].moid],
+                }
+                users_result = users_handle.iam_users_post(users_body)
+                result['changed'] = True
+            else:   # user exists and IdP/Permissions match
+                print('User exists with requested role:', username)
+        else:
+            print('Could not find IdP', idp_reference_name)
+    else:
+        print('Invalid user role', user_role)
+
 
 if __name__ == "__main__":
     result = dict(changed=False)
@@ -25,64 +74,7 @@
         with open(args.api_params, 'r') as api_file:
             intersight_api_params = json.load(api_file)
 
-        # Create Intersight API instance
-        # ----------------------
-        api_instance = IntersightApiClient(
-            host=intersight_api_params['api_base_uri'],
-            private_key=intersight_api_params['api_private_key_file'],
-            api_key_id=intersight_api_params['api_key_id'],
-        )
-
-        # GET Users
-        users_handle = iam_user_api.IamUserApi(api_instance)
-        kwargs = dict(filter="Name eq '%s'" % args.id)
-        users_result = users_handle.iam_users_get(**kwargs)
-        if users_result.results:
-            print("User already exists:", args.id)
-        else:
-            # GET Accounts
-            accounts_handle = iam_account_api.IamAccountApi(api_instance)
-            accounts_result = accounts_handle.iam_accounts_get()
-
-            # POST Users with Idpreference
-            users_body = {
-                'Name': args.id,
-                'Idpreference': accounts_result.results[0].idpreferences[0],
-            }
-            users_result = users_handle.iam_users_post(users_body)
-            result['changed'] = True
-
-            # GET Users
-            kwargs = dict(filter="Name eq '%s'" % args.id)
-            users_result = users_handle.iam_users_get(**kwargs)
-
-            # GET Roles
-            roles_handle = iam_role_api.IamRoleApi(api_instance)
-            roles_result = roles_handle.iam_roles_get()
-            for role in roles_result.results:
-                if role.name == args.role:
-                    # GET EndPointRoles
-                    end_point_roles_handle = iam_end_point_role_api.IamEndPointRoleApi(api_instance)
-                    endpoint_roles = {}
-                    endpoint_roles['Read-Only'] = 'endpoint-readonly'
-                    endpoint_roles['Account Administrator'] = 'endpoint-admin'
-                    kwargs = dict(filter="RoleType eq '%s'" % endpoint_roles[args.role])
-                    end_point_roles_result = end_point_roles_handle.iam_end_point_roles_get(**kwargs)
-
-                    # POST Permissions with EndPointRoles
-                    permissions_handle = iam_permission_api.IamPermissionApi(api_instance)
-                    permissions_body = {
-                        'Subject': users_result.results[0].moid,
-                        'Type': 'User',
-                        'Account': accounts_result.results[0].account_moid,
-                        'EndPointRoles': end_point_roles_result.results,
-                        'Roles': [role],
-                    }
-                    permissions_result = permissions_handle.iam_permissions_post(permissions_body)
-                    break
-            else:
-                # for loop completed without finding a role
-                print("Role not found:", args.role)
+        add_user(intersight_api_params, args.id, args.role)
 
     except Exception as err:
         print("Exception:", str(err))

diff --git a/examples/claim_device.py b/examples/claim_device.py
@@ -4,6 +4,7 @@
 import argparse
 import os.path
 import json
+from time import sleep
 from intersight.intersight_api_client import IntersightApiClient
 from intersight.apis import asset_device_claim_api
 import device_connector
@@ -33,20 +34,23 @@
             result = dict(changed=False)
             result['msg'] = "  Host: %s" % device['hostname']
             # default access mode to allow control (Read-only False) and set to a boolean value if a string
-            if device.get('read_only') == None:
+            if not device.get('read_only'):
                 device['read_only'] = False
             else:
                 if device['read_only'] == 'True' or device['read_only'] == 'true':
                     device['read_only'] = True
                 elif device['read_only'] == 'False' or device['read_only'] == 'false':
                     device['read_only'] = False
             # create device connector object based on device type
-            if device['device_type'] == 'ucsm' or device['device_type'] == 'ucspe':
+            if device['device_type'] == 'ucs' or device['device_type'] == 'ucsm' or device['device_type'] == 'ucspe':
                 dc_obj = device_connector.UcsDeviceConnector(device)
             elif device['device_type'] == 'hx':
                 dc_obj = device_connector.HxDeviceConnector(device)
             elif device['device_type'] == 'imc':
-                dc_obj = device_connector.ImcDeviceConnector(device)
+                # attempt ucs connection and if that doesn't login revert to older imc login
+                dc_obj = device_connector.UcsDeviceConnector(device)
+                if not dc_obj.logged_in:
+                    dc_obj = device_connector.ImcDeviceConnector(device)
             else:
                 result['msg'] += "  Unknown device_type %s" % device['device_type']
                 return_code = 1
@@ -59,16 +63,16 @@
                 print(json.dumps(result))
                 continue
 
-            ro_json = dc_obj.enable_connector()
-            if ro_json['AdminState'] is False:
+            ro_json = dc_obj.configure_connector()
+            if not ro_json['AdminState']:
                 return_code = 1
                 if ro_json.get('ApiError'):
                     result['msg'] += ro_json['ApiError']
                 print(json.dumps(result))
                 continue
 
             # set access mode (ReadOnlyMode True/False) to desired state
-            if (ro_json.get('ReadOnlyMode') != None) and (ro_json['ReadOnlyMode'] != device['read_only']):
+            if (ro_json.get('ReadOnlyMode') is not None) and (ro_json['ReadOnlyMode'] != device['read_only']):
                 ro_json = dc_obj.configure_access_mode(ro_json)
                 if ro_json.get('ApiError'):
                     result['msg'] += ro_json['ApiError']
@@ -77,23 +81,34 @@
                     continue
                 result['changed'] = True
 
-            # if not connected, configure proxy settings if proxy settings were provided
-            if ro_json['ConnectionState'] != 'Connected' and device.get('proxy_host') and device.get('proxy_port'):
-                ro_json = dc_obj.configure_proxy(ro_json)
-                if ro_json.get('ApiError'):
-                    result['msg'] += ro_json['ApiError']
-                    return_code = 1
-                    print(json.dumps(result))
-                    continue
-                result['changed'] = True
+            # configure proxy settings (changes reported in called function)
+            ro_json = dc_obj.configure_proxy(ro_json, result)
+            if ro_json.get('ApiError'):
+                result['msg'] += ro_json['ApiError']
+                return_code = 1
+                print(json.dumps(result))
+                continue
+
+            # wait for a connection to establish before checking claim state
+            for _ in range(10):
+                if ro_json['ConnectionState'] != 'Connected':
+                    sleep(1)
+                    ro_json = dc_obj.get_status()
+                else:
+                    break
 
             result['msg'] += "  AdminState: %s" % ro_json['AdminState']
             result['msg'] += "  ConnectionState: %s" % ro_json['ConnectionState']
             result['msg'] += "  Claimed state: %s" % ro_json['AccountOwnershipState']
 
-            # if connected and unclaimed, get device id and claim code
-            if ro_json['ConnectionState'] == 'Connected' and ro_json['AccountOwnershipState'] != 'Claimed':
-                (claim_resp, device_id, claim_code) = dc_obj.get_claim_info()
+            if ro_json['ConnectionState'] != 'Connected':
+                return_code = 1
+                print(json.dumps(result))
+                continue
+
+            if ro_json['AccountOwnershipState'] != 'Claimed':
+                # attempt to claim
+                (claim_resp, device_id, claim_code) = dc_obj.get_claim_info(ro_json)
                 if claim_resp.get('ApiError'):
                     result['msg'] += claim_resp['ApiError']
                     return_code = 1

diff --git a/examples/delete_user.py b/examples/delete_user.py
@@ -5,7 +5,6 @@
 import argparse
 from intersight.intersight_api_client import IntersightApiClient
 from intersight.apis import iam_user_api
-from intersight.apis import iam_permission_api
 
 if __name__ == "__main__":
     result = dict(changed=False)
@@ -30,20 +29,12 @@
 
         # GET Users
         users_handle = iam_user_api.IamUserApi(api_instance)
-        kwargs = dict(filter="Name eq '%s'" % args.id)
+        kwargs = dict(filter="Email eq '%s'" % args.id)
         users_result = users_handle.iam_users_get(**kwargs)
         if users_result.results:
-            # GET Permissions
-            permissions_handle = iam_permission_api.IamPermissionApi(api_instance)
-            kwargs = dict(filter="Subject eq '%s'" % users_result.results[0].moid)
-            permissions_result = permissions_handle.iam_permissions_get(**kwargs)
-
-            # DELETE Permissions
-            permissions_delete_result = permissions_handle.iam_permissions_moid_delete(moid=permissions_result.results[0].moid)
-            result['changed'] = True
-
             # DELETE Users
             users_delete_result = users_handle.iam_users_moid_delete(moid=users_result.results[0].moid)
+            result['changed'] = True
         else:
             print("User not found:", args.id)