Skip to content
Snippets Groups Projects
Select Git revision
  • 4bb1e8453093775981b05569b826f4e7eba70981
  • master default protected
  • v1.15.0
  • v1.14.7
  • v1.14.6
  • v1.14.5
  • v1.14.4
  • v1.14.3
  • v1.14.2
  • v1.14.1
  • v1.14.0
  • v1.13.2
  • v1.13.1
  • v1.13.0
  • v1.12.1
  • v1.12.0
  • v1.11.1
  • v1.11.0
  • v1.10.0
  • v1.9.2
  • v1.9.1
  • v1.9.0
22 results

ipaextras.py

Blame
  • ipahbacsvc.py 6.19 KiB
    #!/usr/bin/python
    # -*- coding: utf-8 -*-
    
    # Authors:
    #   Thomas Woerner <twoerner@redhat.com>
    #
    # Copyright (C) 2019 Red Hat
    # see file 'COPYING' for use and warranty information
    #
    # This program is free software; you can redistribute it and/or modify
    # it under the terms of the GNU General Public License as published by
    # the Free Software Foundation, either version 3 of the License, or
    # (at your option) any later version.
    #
    # This program is distributed in the hope that it will be useful,
    # but WITHOUT ANY WARRANTY; without even the implied warranty of
    # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    # GNU General Public License for more details.
    #
    # You should have received a copy of the GNU General Public License
    # along with this program.  If not, see <http://www.gnu.org/licenses/>.
    
    ANSIBLE_METADATA = {
        "metadata_version": "1.0",
        "supported_by": "community",
        "status": ["preview"],
    }
    
    DOCUMENTATION = """
    ---
    module: ipahbacsvc
    short description: Manage FreeIPA HBAC Services
    description: Manage FreeIPA HBAC Services
    options:
      ipaadmin_principal:
        description: The admin principal
        default: admin
      ipaadmin_password:
        description: The admin password
        required: false
      name:
        description: The group name
        required: false
        aliases: ["cn", "service"]
      description:
        description: The HBAC Service description
        required: false
      state:
        description: State to ensure
        default: present
        choices: ["present", "absent"]
    author:
        - Thomas Woerner
    """
    
    EXAMPLES = """
    # Ensure HBAC Service for http is present
    - ipahbacsvc:
        ipaadmin_password: SomeADMINpassword
        name: http
        description: Web service
    
    # Ensure HBAC Service for tftp is absent
    - ipahbacsvc:
        ipaadmin_password: SomeADMINpassword
        name: tftp
        state: absent
    """
    
    RETURN = """
    """
    
    from ansible.module_utils.basic import AnsibleModule
    from ansible.module_utils._text import to_text
    from ansible.module_utils.ansible_freeipa_module import temp_kinit, \
        temp_kdestroy, valid_creds, api_connect, api_command, compare_args_ipa
    
    
    def find_hbacsvc(module, name):
        _args = {
            "all": True,
            "cn": to_text(name),
        }
    
        _result = api_command(module, "hbacsvc_find", to_text(name), _args)
    
        if len(_result["result"]) > 1:
            module.fail_json(
                msg="There is more than one hbacsvc '%s'" % (name))
        elif len(_result["result"]) == 1:
            return _result["result"][0]
    
        return None
    
    
    def gen_args(description):
        _args = {}
        if description is not None:
            _args["description"] = to_text(description)
    
        return _args
    
    
    def main():
        ansible_module = AnsibleModule(
            argument_spec=dict(
                # general
                ipaadmin_principal=dict(type="str", default="admin"),
                ipaadmin_password=dict(type="str", required=False, no_log=True),
    
                name=dict(type="list", aliases=["cn", "service"], default=None,
                          required=True),
                # present
    
                description=dict(type="str", default=None),
    
                # state
                state=dict(type="str", default="present",
                           choices=["present", "absent"]),
            ),
            supports_check_mode=True,
        )
    
        ansible_module._ansible_debug = True
    
        # Get parameters
    
        # general
        ipaadmin_principal = ansible_module.params.get("ipaadmin_principal")
        ipaadmin_password = ansible_module.params.get("ipaadmin_password")
        names = ansible_module.params.get("name")
    
        # present
        description = ansible_module.params.get("description")
    
        # state
        state = ansible_module.params.get("state")
    
        # Check parameters
    
        if state == "present":
            if len(names) != 1:
                ansible_module.fail_json(
                    msg="Only one hbacsvc can be set at a time.")
    
        if state == "absent":
            if len(names) < 1:
                ansible_module.fail_json(
                    msg="No name given.")
            invalid = ["description"]
            for x in invalid:
                if vars()[x] is not None:
                    ansible_module.fail_json(
                        msg="Argument '%s' can not be used with state '%s'" %
                        (x, state))
    
        # Init
    
        changed = False
        exit_args = {}
        ccache_dir = None
        ccache_name = None
        try:
            if not valid_creds(ansible_module, ipaadmin_principal):
                ccache_dir, ccache_name = temp_kinit(ipaadmin_principal,
                                                     ipaadmin_password)
            api_connect()
    
            commands = []
    
            for name in names:
                # Try to find hbacsvc
                res_find = find_hbacsvc(ansible_module, name)
    
                # Create command
                if state == "present":
                    # Generate args
                    args = gen_args(description)
    
                    # Found the hbacsvc
                    if res_find is not None:
                        # For all settings is args, check if there are
                        # different settings in the find result.
                        # If yes: modify
                        if not compare_args_ipa(ansible_module, args,
                                                res_find):
                            commands.append([name, "hbacsvc_mod", args])
                    else:
                        commands.append([name, "hbacsvc_add", args])
    
                elif state == "absent":
                    if res_find is not None:
                        commands.append([name, "hbacsvc_del", {}])
    
                else:
                    ansible_module.fail_json(msg="Unkown state '%s'" % state)
    
            # Check mode exit
            if ansible_module.check_mode:
                ansible_module.exit_json(changed=len(commands) > 0, **exit_args)
    
            # Execute commands
    
            for name, command, args in commands:
                try:
                    api_command(ansible_module, command, to_text(name), args)
                    changed = True
                except Exception as e:
                    ansible_module.fail_json(msg="%s: %s: %s" % (command, name,
                                                                 str(e)))
    
        except Exception as e:
            ansible_module.fail_json(msg=str(e))
    
        finally:
            temp_kdestroy(ccache_dir, ccache_name)
    
        # Done
    
        ansible_module.exit_json(changed=changed, **exit_args)
    
    
    if __name__ == "__main__":
        main()