Skip to content
Snippets Groups Projects
Commit 2aaabc77 authored by Rafael Guterres Jeffman's avatar Rafael Guterres Jeffman
Browse files

Add FreeIPA version check to module_utils.ansible_freeipa_module.

Some attribute values are only accepted for specific FreeIPA versions,
for example `self` for permission's `bindtype`. Although there are
options to check for command and parameter availability, there is no
check for verifying if a value should be accepted.

This patch add a function to evaluate the target FreeIPA host version,
by comparing a giver version to the current installed one.

The version evaluation uses Python packaging's version comparision,
which is compatible with PEP 440, if available. If not available, it
falls back to a string split, that will work for the most common cases,
but might fail for versions including strings with `rc` or `dev`, for
example.
parent 0e642245
No related branches found
No related tags found
No related merge requests found
...@@ -23,6 +23,7 @@ ...@@ -23,6 +23,7 @@
import sys import sys
import operator
import os import os
import uuid import uuid
import tempfile import tempfile
...@@ -30,6 +31,25 @@ import shutil ...@@ -30,6 +31,25 @@ import shutil
import gssapi import gssapi
from datetime import datetime from datetime import datetime
from pprint import pformat from pprint import pformat
try:
from packaging import version
except ImportError:
# If `packaging` not found, split version string for creating version
# object. Although it is not PEP 440 compliant, it will work for stable
# FreeIPA releases.
import re
class version:
@staticmethod
def parse(version_str):
"""
Split a version string A.B.C, into a tuple.
This will not work for `rc`, `dev` or similar version string.
"""
return tuple(re.split("[-_\.]", version_str)) # noqa: W605
from ipalib import api from ipalib import api
from ipalib import errors as ipalib_errors # noqa from ipalib import errors as ipalib_errors # noqa
from ipalib.config import Env from ipalib.config import Env
...@@ -41,6 +61,7 @@ except ImportError: ...@@ -41,6 +61,7 @@ except ImportError:
from ipapython.ipautil import kinit_password, kinit_keytab from ipapython.ipautil import kinit_password, kinit_keytab
from ipapython.ipautil import run from ipapython.ipautil import run
from ipapython.dn import DN from ipapython.dn import DN
from ipapython.version import VERSION
from ipaplatform.paths import paths from ipaplatform.paths import paths
from ipalib.krb_utils import get_credentials_if_valid from ipalib.krb_utils import get_credentials_if_valid
from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.basic import AnsibleModule
...@@ -187,6 +208,26 @@ def api_check_param(command, name): ...@@ -187,6 +208,26 @@ def api_check_param(command, name):
return name in api.Command[command].params return name in api.Command[command].params
def api_check_ipa_version(oper, requested_version):
"""
Compare the installed IPA version against a requested version.
The valid operators are: <, <=, >, >=, ==, !=
"""
oper_map = {
"<": operator.lt,
"<=": operator.le,
">": operator.gt,
">=": operator.ge,
"==": operator.eq,
"!=": operator.ne,
}
operation = oper_map.get(oper)
if not(operation):
raise NotImplementedError("Invalid operator: %s" % oper)
return operation(version.parse(VERSION), version.parse(requested_version))
def execute_api_command(module, principal, password, command, name, args): def execute_api_command(module, principal, password, command, name, args):
""" """
Execute an API command. Execute an API command.
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment