Merge pull request #295 from t-woerner/ipahostgroup_membermanager

ipahostgroup: Add support for group membership management

Merge pull request #295 from t-woerner/ipahostgroup_membermanager
02705c9e · Rafael Guterres Jeffman · GitHub · 10e7b409 · fd7eb4f8 · 02705c9e
Unverified Commit 02705c9e authored Jun 9, 2020 by Rafael Guterres Jeffman Committed by GitHub Jun 9, 2020
--- a/README-hostgroup.md
+++ b/README-hostgroup.md
@@ -137,6 +137,8 @@ Variable | Description | Required
 `nomembers` | Suppress processing of membership attributes. (bool) | no
 `host` | List of host name strings assigned to this hostgroup. | no
 `hostgroup` | List of hostgroup name strings assigned to this hostgroup. | no
+`membermanager_user` | List of member manager users assigned to this hostgroup. Only usable with IPA versions 4.8.4 and up. | no
+`membermanager_group` | List of member manager groups assigned to this hostgroup. Only usable with IPA versions 4.8.4 and up. | no
 `action` | Work on hostgroup or member level. It can be on of `member` or `hostgroup` and defaults to `hostgroup`. | no
 `state` | The state to ensure. It can be one of `present` or `absent`, default: `present`. | no


--- a/plugins/modules/ipahostgroup.py
+++ b/plugins/modules/ipahostgroup.py
@@ -58,6 +58,18 @@ options:
    description: List of hostgroup names assigned to this hostgroup.
    required: false
    type: list
+  membermanager_user:
+    description:
+    - List of member manager users assigned to this hostgroup.
+    - Only usable with IPA versions 4.8.4 and up.
+    required: false
+    type: list
+  membermanager_group:
+    description:
+    - List of member manager groups assigned to this hostgroup.
+    - Only usable with IPA versions 4.8.4 and up.
+    required: false
+    type: list
  action:
    description: Work on hostgroup or member level
    default: hostgroup
@@ -117,7 +129,7 @@ RETURN = """
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_freeipa_module import temp_kinit, \
    temp_kdestroy, valid_creds, api_connect, api_command, compare_args_ipa, \
-    module_params_get, gen_add_del_lists
+    module_params_get, gen_add_del_lists, api_check_command


 def find_hostgroup(module, name):
@@ -171,6 +183,9 @@ def main():
            nomembers=dict(required=False, type='bool', default=None),
            host=dict(required=False, type='list', default=None),
            hostgroup=dict(required=False, type='list', default=None),
+            membermanager_user=dict(required=False, type='list', default=None),
+            membermanager_group=dict(required=False, type='list',
+                                     default=None),
            action=dict(type="str", default="hostgroup",
                        choices=["member", "hostgroup"]),
            # state
@@ -196,6 +211,10 @@ def main():
    nomembers = module_params_get(ansible_module, "nomembers")
    host = module_params_get(ansible_module, "host")
    hostgroup = module_params_get(ansible_module, "hostgroup")
+    membermanager_user = module_params_get(ansible_module,
+                                           "membermanager_user")
+    membermanager_group = module_params_get(ansible_module,
+                                            "membermanager_group")
    action = module_params_get(ansible_module, "action")
    # state
    state = module_params_get(ansible_module, "state")
@@ -239,6 +258,15 @@ def main():
                                                 ipaadmin_password)
        api_connect()

+        has_add_membermanager = api_check_command(
+            "hostgroup_add_member_manager")
+        if ((membermanager_user is not None or
+             membermanager_group is not None) and not has_add_membermanager):
+            ansible_module.fail_json(
+                msg="Managing a membermanager user or group is not supported "
+                "by your IPA version"
+            )
+
        commands = []

        for name in names:
@@ -288,6 +316,41 @@ def main():
                                                 "host": host_del,
                                                 "hostgroup": hostgroup_del,
                                             }])
+
+                    membermanager_user_add, membermanager_user_del = \
+                        gen_add_del_lists(
+                            membermanager_user,
+                            res_find.get("membermanager_user")
+                        )
+
+                    membermanager_group_add, membermanager_group_del = \
+                        gen_add_del_lists(
+                            membermanager_group,
+                            res_find.get("membermanager_group")
+                        )
+
+                    if has_add_membermanager:
+                        # Add membermanager users and groups
+                        if len(membermanager_user_add) > 0 or \
+                           len(membermanager_group_add) > 0:
+                            commands.append(
+                                [name, "hostgroup_add_member_manager",
+                                 {
+                                     "user": membermanager_user_add,
+                                     "group": membermanager_group_add,
+                                 }]
+                            )
+                        # Remove member manager
+                        if len(membermanager_user_del) > 0 or \
+                           len(membermanager_group_del) > 0:
+                            commands.append(
+                                [name, "hostgroup_remove_member_manager",
+                                 {
+                                     "user": membermanager_user_del,
+                                     "group": membermanager_group_del,
+                                 }]
+                            )
+
                elif action == "member":
                    if res_find is None:
                        ansible_module.fail_json(
@@ -299,6 +362,19 @@ def main():
                                         "host": host,
                                         "hostgroup": hostgroup,
                                     }])
+
+                    if has_add_membermanager:
+                        # Add membermanager users and groups
+                        if membermanager_user is not None or \
+                           membermanager_group is not None:
+                            commands.append(
+                                [name, "hostgroup_add_member_manager",
+                                 {
+                                     "user": membermanager_user,
+                                     "group": membermanager_group,
+                                 }]
+                            )
+
            elif state == "absent":
                if action == "hostgroup":
                    if res_find is not None:
@@ -315,6 +391,19 @@ def main():
                                         "host": host,
                                         "hostgroup": hostgroup,
                                     }])
+
+                    if has_add_membermanager:
+                        # Remove membermanager users and groups
+                        if membermanager_user is not None or \
+                           membermanager_group is not None:
+                            commands.append(
+                                [name, "hostgroup_remove_member_manager",
+                                 {
+                                     "user": membermanager_user,
+                                     "group": membermanager_group,
+                                 }]
+                            )
+
            else:
                ansible_module.fail_json(msg="Unkown state '%s'" % state)


--- a/tests/hostgroup/test_hostgroup_membermanager.yml
+++ b/tests/hostgroup/test_hostgroup_membermanager.yml
+---
+- name: Test hostgroup membermanagers
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  - name: Ensure host-group testhostgroup is absent
+    ipahostgroup:
+      ipaadmin_password: SomeADMINpassword
+      name:
+      - testhostgroup
+      state: absent
+
+  - name: Ensure user manangeruser1 and manageruser2 is absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: manageruser1,manageruser2
+      state: absent
+
+  - name: Ensure group managergroup1 and managergroup2 are absent
+    ipagroup:
+      ipaadmin_password: SomeADMINpassword
+      name: managergroup1,managergroup2
+      state: absent
+
+  - name: Ensure host-group testhostgroup is present
+    ipahostgroup:
+      ipaadmin_password: SomeADMINpassword
+      name:
+      - testhostgroup
+
+  - name: Ensure user manageruser1 and manageruser2 are present
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      users:
+      - name: manageruser1
+        first: manageruser1
+        last: Last1
+      - name: manageruser2
+        first: manageruser2
+        last: Last2
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure managergroup1 is present
+    ipagroup:
+      ipaadmin_password: SomeADMINpassword
+      name: managergroup1
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure managergroup2 is present
+    ipagroup:
+      ipaadmin_password: SomeADMINpassword
+      name: managergroup2
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure membermanager user1 is present for testhostgroup
+    ipahostgroup:
+      ipaadmin_password: SomeADMINpassword
+      name: testhostgroup
+      membermanager_user: manageruser1
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure membermanager user1 is present for testhostgroup again
+    ipahostgroup:
+      ipaadmin_password: SomeADMINpassword
+      name: testhostgroup
+      membermanager_user: manageruser1
+    register: result
+    failed_when: result.changed
+
+  - name: Ensure membermanager group1 is present for testhostgroup
+    ipahostgroup:
+      ipaadmin_password: SomeADMINpassword
+      name: testhostgroup
+      membermanager_group: managergroup1
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure membermanager group1 is present for testhostgroup again
+    ipahostgroup:
+      ipaadmin_password: SomeADMINpassword
+      name: testhostgroup
+      membermanager_group: managergroup1
+    register: result
+    failed_when: result.changed
+
+  - name: Ensure membermanager user2 and group2 members are present for testhostgroup
+    ipahostgroup:
+      ipaadmin_password: SomeADMINpassword
+      name: testhostgroup
+      membermanager_user: manageruser2
+      membermanager_group: managergroup2
+      action: member
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure membermanager user2 and group2 members are present for testhostgroup again
+    ipahostgroup:
+      ipaadmin_password: SomeADMINpassword
+      name: testhostgroup
+      membermanager_user: manageruser2
+      membermanager_group: managergroup2
+      action: member
+    register: result
+    failed_when: result.changed
+
+  - name: Ensure membermanager user and group members are present for testhostgroup again
+    ipahostgroup:
+      ipaadmin_password: SomeADMINpassword
+      name: testhostgroup
+      membermanager_user: manageruser1,manageruser2
+      membermanager_group: managergroup1,managergroup2
+      action: member
+    register: result
+    failed_when: result.changed
+
+  - name: Ensure membermanager user1 and group1 members are absent for testhostgroup
+    ipahostgroup:
+      ipaadmin_password: SomeADMINpassword
+      name: testhostgroup
+      membermanager_user: manageruser1
+      membermanager_group: managergroup1
+      action: member
+      state: absent
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure membermanager user1 and group1 members are absent for testhostgroup again
+    ipahostgroup:
+      ipaadmin_password: SomeADMINpassword
+      name: testhostgroup
+      membermanager_user: manageruser1
+      membermanager_group: managergroup1
+      action: member
+      state: absent
+    register: result
+    failed_when: result.changed
+
+
+  - name: Ensure membermanager user1 and group1 members are present for testhostgroup
+    ipahostgroup:
+      ipaadmin_password: SomeADMINpassword
+      name: testhostgroup
+      membermanager_user: manageruser1
+      membermanager_group: managergroup1
+      action: member
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure membermanager user1 and group1 members are present for testhostgroup again
+    ipahostgroup:
+      ipaadmin_password: SomeADMINpassword
+      name: testhostgroup
+      membermanager_user: manageruser1
+      membermanager_group: managergroup1
+      action: member
+    register: result
+    failed_when: result.changed
+
+  - name: Ensure membermanager user and group members are absent for testhostgroup
+    ipahostgroup:
+      ipaadmin_password: SomeADMINpassword
+      name: testhostgroup
+      membermanager_user: manageruser1,manageruser2
+      membermanager_group: managergroup1,managergroup2
+      action: member
+      state: absent
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure membermanager user and group members are absent for testhostgroup again
+    ipahostgroup:
+      ipaadmin_password: SomeADMINpassword
+      name: testhostgroup
+      membermanager_user: manageruser1,manageruser2
+      membermanager_group: managergroup1,managergroup2
+      action: member
+      state: absent
+    register: result
+    failed_when: result.changed
+
+  - name: Ensure user manangeruser1 and manageruser2 is absent
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: manageruser1,manageruser2
+      state: absent
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure group managergroup1 and managergroup2 are absent
+    ipagroup:
+      ipaadmin_password: SomeADMINpassword
+      name: managergroup1,managergroup2
+      state: absent
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure host-group testhostgroup is absent
+    ipahostgroup:
+      ipaadmin_password: SomeADMINpassword
+      name:
+      - testhostgroup
+      state: absent
+    register: result
+    failed_when: not result.changed