|
|
@@ -196,9 +196,36 @@
|
|
|
copy:
|
|
|
dest: "{{ ansible_facts['user_dir'] }}/api-token"
|
|
|
content: "{{ api_token.json.token }}"
|
|
|
+ owner: "{{ ansible_user }}"
|
|
|
+ group: "{{ ansible_user }}"
|
|
|
+ mode: 0600
|
|
|
when: (api_token.skipped is not defined) or (not api_token.skipped)
|
|
|
|
|
|
-#- name: take a policy backup (for later)
|
|
|
-## XXX can't delete system policies XXX
|
|
|
-#
|
|
|
+- name: check if policies have been stored
|
|
|
+ stat:
|
|
|
+ path: "{{ ansible_facts['user_dir'] }}/api-policies"
|
|
|
+ register: default_policy_file
|
|
|
+
|
|
|
+- name: get a list of default policies for later reference
|
|
|
+ uri:
|
|
|
+ method: GET
|
|
|
+ return_content: true
|
|
|
+ validate_certs: false
|
|
|
+ url: "https://{{ central_ep }}/v1/policies"
|
|
|
+ headers:
|
|
|
+ Accept: application/json
|
|
|
+ Authorization: Bearer {{ api_token.json.token }}
|
|
|
+ register: default_policies
|
|
|
+ when:
|
|
|
+ - default_policy_file.stat is defined
|
|
|
+ - not default_policy_file.stat.exists
|
|
|
+
|
|
|
+- name: store default policies in a file
|
|
|
+ copy:
|
|
|
+ dest: "{{ ansible_facts['user_dir'] }}/api-policies"
|
|
|
+ content: "{{ default_policies.json }}"
|
|
|
+ owner: "{{ ansible_user }}"
|
|
|
+ group: "{{ ansible_user }}"
|
|
|
+ mode: 0600
|
|
|
+ when: (default_policies.skipped is not defined) or (not default_policies.skipped)
|
|
|
...
|
