Add Account to Project Module

[sarabarora]

Hi,

Trying to code our existing cloud stack environment into ansible for better management. Noticed that there's no module to add the accounts to the projects. The existing module 'cs_project' works well for new projects but when try to add another user to the project, get the following error

"msg": "CloudStackException: HTTP 431 response from CloudStack, error: {'uuidList': [], 'errorcode': 431, 'cserrorcode': 4350, 'errortext': 'Project with name myTestProject already exists in domain id=1'}"

Was wondering if you could incorporate it into any of the existing modules or perhaps create one. Alternatively, if we can have a generic module that can honor all ad-hoc requests for which no module is present.
e.g.
https://docs.ansible.com/ansible/2.8/modules/netscaler_nitro_request_module.html
https://docs.ansible.com/ansible/2.8/modules/na_ontap_command_module.html

Thanks

Sarab

[rvalle]

@sarabarora do you need to add the users to the project of to the account?

I thought users are in fact using the account they belong to....

would that mean that:

user --> account --> project

let me review my playbooks, I think I did not find that limitation.

[resmo]

APIs:

• https://cloudstack.apache.org/api/apidocs-4.15/apis/addUserToProject.html
• https://cloudstack.apache.org/api/apidocs-4.15/apis/deleteUserFromProject.html

Did not find the API to list user of a project yet

[rvalle]

@resmo in the UI 4.15 I can see that it is possible to add an account to a project or an account/user to a project.

it looks to me that the purpose is to assign thin grained project roles to that particular user.

But then there is project role creation with specific api method enablement.

I dont think there is an ansible implementation for that is there?

[rvalle]

Did not find the API to list user of a project yet

I think it is: listProjectAccounts with a particular userId

[resmo]

I can't remember I implemented this. But the ACL, roles and stuff has been revamp in that time.

[resmo]

Did not find the API to list user of a project yet

I think it is: listProjectAccounts with a particular userId

Hmm expensive thing to make an separate api call per user to find the projects. Would be nice the have a thing like listProjectUsers with a project_id,

[rvalle]

I was not aware this functionality existed in this way.

When I add users to accounts they inherit the role of the account. The createUser API can provide an account, but no role.

However, in project context, it is possible. to add: account/user/project role.

[rvalle]

Hmm expensive thing to make an separate api call per user to find the projects. Would be nice the have a thing like listProjectUsers with a project_id,

yes, this looks very strange, perhaps leaving the userId empty returns all, but then the returned data does not show userId listed. It does not make sense.

This would require implementing cs_project_role and cs_project_role_permission modules.

@sarabarora you cannot code your existing environment without those, right?

[rvalle]

@resmo, I think what is happening is that listProjectAccounts returns the userId in the owner field. My guess is that not providing userId in the call will return all in one go.