From 57c303d816c9a3bd493c8fe533b66c38575a1ab4 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Tue, 8 Nov 2022 16:50:07 +0100
Subject: [PATCH] ipaserver_test: Fix documentation sections and agument spec
ansible-test with ansible-2.14 is adding a lot of new tests to ensure
that the documentation section and the agument spec is complete. Needed
changes:
DOCUMENTATION section
- `type: str` needs to be set for string parameters
- `type: list` needs to be set for list parameters
- `elements: str` needs to be given for list of string parameters
- `required` tags need to be fixed according to the `argument_spec`
- `type` tag needs to match `argument_spec`
- `default` tag needs to match `argument_spec`
- `author` needs to be given with the github user also: `Name (@user)`
- `choices` needs to match `argument_spec`
argument_spec
- `type='str'` needs to be set for string parameters
- `elements='str'` needs to be added to all list of string parameters
supports_check_mode is turned off as it is not supported.
A call to ansible_ipa_server.check_imports has been added to check for import
errors.
The `copyright` date is extended with `-2022`.
---
roles/ipaserver/library/ipaserver_test.py | 253 +++++++++++++++-------
1 file changed, 170 insertions(+), 83 deletions(-)
diff --git a/roles/ipaserver/library/ipaserver_test.py b/roles/ipaserver/library/ipaserver_test.py
index f830f37d..cf5b7c8f 100644
--- a/roles/ipaserver/library/ipaserver_test.py
+++ b/roles/ipaserver/library/ipaserver_test.py
@@ -5,7 +5,7 @@
#
# Based on ipa-client-install code
#
-# Copyright (C) 2017 Red Hat
+# Copyright (C) 2017-2022 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
@@ -39,169 +39,246 @@ description: IPA server test
options:
force:
description: Installer force parameter
- required: yes
+ type: bool
+ default: no
+ required: no
dm_password:
description: Directory Manager password
- required: no
+ type: str
+ required: yes
password:
description: Admin user kerberos password
- required: no
+ type: str
+ required: yes
master_password:
description: kerberos master password (normally autogenerated)
- required: yes
+ type: str
+ required: no
domain:
description: Primary DNS domain of the IPA deployment
- required: yes
+ type: str
+ required: no
realm:
description: Kerberos realm name of the IPA deployment
- required: yes
+ type: str
+ required: no
hostname:
description: Fully qualified name of this host
- required: yes
+ type: str
+ required: no
ca_cert_files:
description:
List of files containing CA certificates for the service certificate
files
- required: yes
+ type: list
+ elements: str
+ required: no
no_host_dns:
description: Do not use DNS for hostname lookup during installation
- required: yes
+ type: bool
+ default: no
+ required: no
pki_config_override:
description: Path to ini file with config overrides
- required: yes
+ type: str
+ required: no
skip_mem_check:
description: Skip checking for minimum required memory
- required: yes
+ type: bool
+ default: no
+ required: no
setup_adtrust:
description: Configure AD trust capability
- required: yes
+ type: bool
+ default: no
+ required: no
setup_kra:
description: Configure a dogtag KRA
- required: yes
+ type: bool
+ default: no
+ required: no
setup_dns:
description: Configure bind with our zone
- required: yes
+ type: bool
+ default: no
+ required: no
idstart:
description: The starting value for the IDs range (default random)
- required: yes
+ type: int
+ required: no
idmax:
description: The max value for the IDs range (default idstart+199999)
- required: yes
+ type: int
+ required: no
no_pkinit:
description: Disable pkinit setup steps
- required: yes
+ type: bool
+ default: no
+ required: no
dirsrv_config_file:
description:
The path to LDIF file that will be used to modify configuration of
dse.ldif during installation of the directory server instance
- required: yes
+ type: str
+ required: no
dirsrv_cert_files:
description:
Files containing the Directory Server SSL certificate and private key
- required: yes
+ type: list
+ elements: str
+ required: no
http_cert_files:
description:
File containing the Apache Server SSL certificate and private key
- required: yes
+ type: list
+ elements: str
+ required: no
pkinit_cert_files:
description:
File containing the Kerberos KDC SSL certificate and private key
- required: yes
+ type: list
+ elements: str
+ required: no
dirsrv_pin:
description: The password to unlock the Directory Server private key
- required: yes
+ type: str
+ required: no
http_pin:
description: The password to unlock the Apache Server private key
- required: yes
+ type: str
+ required: no
pkinit_pin:
description: The password to unlock the Kerberos KDC private key
- required: yes
+ type: str
+ required: no
dirsrv_cert_name:
description: Name of the Directory Server SSL certificate to install
- required: yes
+ type: str
+ required: no
http_cert_name:
description: Name of the Apache Server SSL certificate to install
- required: yes
+ type: str
+ required: no
pkinit_cert_name:
description: Name of the Kerberos KDC SSL certificate to install
- required: yes
+ type: str
+ required: no
ntp_servers:
description: ntp servers to use
- required: yes
+ type: list
+ elements: str
+ required: no
ntp_pool:
description: ntp server pool to use
- required: yes
+ type: str
+ required: no
no_ntp:
description: Do not configure ntp
- required: yes
+ type: bool
+ default: no
+ required: no
external_ca:
description: External ca setting
- required: yes
+ type: bool
+ default: no
+ required: no
external_ca_type:
description: Type of the external CA
- required: yes
+ type: str
+ required: no
external_ca_profile:
description:
Specify the certificate profile/template to use at the external CA
- required: yes
+ type: str
+ required: no
external_cert_files:
description:
File containing the IPA CA certificate and the external CA certificate
chain
- required: yes
+ type: list
+ elements: str
+ required: no
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
- required: yes
+ type: str
+ required: no
ca_subject:
description: The installer ca_subject setting
- required: yes
+ type: str
+ required: no
allow_zone_overlap:
description: Create DNS zone even if it already exists
- required: yes
+ type: bool
+ default: no
+ required: no
reverse_zones:
description: The reverse DNS zones to use
- required: yes
+ type: list
+ elements: str
+ required: no
no_reverse:
description: Do not create new reverse DNS zone
- required: yes
+ type: bool
+ default: no
+ required: no
auto_reverse:
description: Create necessary reverse zones
- required: yes
+ type: bool
+ default: no
+ required: no
zonemgr:
description: DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN
- required: yes
+ type: str
+ required: no
forwarders:
description: Add DNS forwarders
- required: yes
+ type: list
+ elements: str
+ required: no
no_forwarders:
description: Do not add any DNS forwarders, use root servers instead
- required: yes
+ type: bool
+ default: no
+ required: no
auto_forwarders:
description: Use DNS forwarders configured in /etc/resolv.conf
- required: yes
+ type: bool
+ default: no
+ required: no
forward_policy:
description: DNS forwarding policy for global forwarders
- required: yes
+ type: str
+ choices: ['first', 'only']
+ required: no
no_dnssec_validation:
description: Disable DNSSEC validation
- required: yes
+ type: bool
+ default: no
+ required: no
enable_compat:
description: Enable support for trusted domains for old clients
- required: yes
+ type: bool
+ default: no
+ required: no
netbios_name:
description: NetBIOS name of the IPA domain
- required: yes
+ type: str
+ required: no
rid_base:
description: Start value for mapping UIDs and GIDs to RIDs
- required: yes
+ type: int
+ default: 1000
+ required: no
secondary_rid_base:
description:
Start value of the secondary range for mapping UIDs and GIDs to RIDs
- required: yes
+ type: int
+ default: 100000000
+ required: no
author:
- - Thomas Woerner
+ - Thomas Woerner (@t-woerner)
'''
EXAMPLES = '''
@@ -218,6 +295,7 @@ from shutil import copyfile
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils._text import to_native
from ansible.module_utils.ansible_ipa_server import (
+ check_imports,
AnsibleModuleLog, setup_logging, options, adtrust_imported, kra_imported,
PKIIniLoader, MIN_DOMAIN_LEVEL, MAX_DOMAIN_LEVEL, check_zone_overlap,
redirect_stdout, validate_dm_password, validate_admin_password,
@@ -239,15 +317,16 @@ def main():
argument_spec=dict(
# basic
force=dict(required=False, type='bool', default=False),
- dm_password=dict(required=True, no_log=True),
- password=dict(required=True, no_log=True),
- master_password=dict(required=False, no_log=True),
- domain=dict(required=False),
- realm=dict(required=False),
- hostname=dict(required=False),
- ca_cert_files=dict(required=False, type='list', default=[]),
+ dm_password=dict(required=True, type='str', no_log=True),
+ password=dict(required=True, type='str', no_log=True),
+ master_password=dict(required=False, type='str', no_log=True),
+ domain=dict(required=False, type='str'),
+ realm=dict(required=False, type='str'),
+ hostname=dict(required=False, type='str'),
+ ca_cert_files=dict(required=False, type='list', elements='str',
+ default=[]),
no_host_dns=dict(required=False, type='bool', default=False),
- pki_config_override=dict(required=False),
+ pki_config_override=dict(required=False, type='str'),
skip_mem_check=dict(required=False, type='bool', default=False),
# server
setup_adtrust=dict(required=False, type='bool', default=False),
@@ -258,21 +337,25 @@ def main():
# no_hbac_allow
no_pkinit=dict(required=False, type='bool', default=False),
# no_ui_redirect
- dirsrv_config_file=dict(required=False),
+ dirsrv_config_file=dict(required=False, type='str'),
# ssl certificate
- dirsrv_cert_files=dict(required=False, type='list', default=None),
- http_cert_files=dict(required=False, type='list', default=None),
- pkinit_cert_files=dict(required=False, type='list', default=None),
- dirsrv_pin=dict(required=False),
- http_pin=dict(required=False),
- pkinit_pin=dict(required=False),
- dirsrv_cert_name=dict(required=False),
- http_cert_name=dict(required=False),
- pkinit_cert_name=dict(required=False),
+ dirsrv_cert_files=dict(required=False, type='list', elements='str',
+ default=None),
+ http_cert_files=dict(required=False, type='list', elements='str',
+ default=None),
+ pkinit_cert_files=dict(required=False, type='list', elements='str',
+ default=None),
+ dirsrv_pin=dict(required=False, type='str'),
+ http_pin=dict(required=False, type='str'),
+ pkinit_pin=dict(required=False, type='str'),
+ dirsrv_cert_name=dict(required=False, type='str'),
+ http_cert_name=dict(required=False, type='str'),
+ pkinit_cert_name=dict(required=False, type='str'),
# client
# mkhomedir
- ntp_servers=dict(required=False, type='list', default=None),
- ntp_pool=dict(required=False, default=None),
+ ntp_servers=dict(required=False, type='list', elements='str',
+ default=None),
+ ntp_pool=dict(required=False, type='str', default=None),
no_ntp=dict(required=False, type='bool', default=False),
# ssh_trust_dns
# no_ssh
@@ -280,38 +363,42 @@ def main():
# no_dns_sshfp
# certificate system
external_ca=dict(required=False, type='bool', default=False),
- external_ca_type=dict(required=False),
- external_ca_profile=dict(required=False),
+ external_ca_type=dict(required=False, type='str'),
+ external_ca_profile=dict(required=False, type='str'),
external_cert_files=dict(required=False, type='list',
- default=None),
- subject_base=dict(required=False),
- ca_subject=dict(required=False),
+ elements='str', default=None),
+ subject_base=dict(required=False, type='str'),
+ ca_subject=dict(required=False, type='str'),
# ca_signing_algorithm
# dns
allow_zone_overlap=dict(required=False, type='bool',
default=False),
- reverse_zones=dict(required=False, type='list', default=[]),
+ reverse_zones=dict(required=False, type='list', elements='str',
+ default=[]),
no_reverse=dict(required=False, type='bool', default=False),
auto_reverse=dict(required=False, type='bool', default=False),
- zonemgr=dict(required=False),
- forwarders=dict(required=False, type='list', default=[]),
+ zonemgr=dict(required=False, type='str'),
+ forwarders=dict(required=False, type='list', elements='str',
+ default=[]),
no_forwarders=dict(required=False, type='bool', default=False),
auto_forwarders=dict(required=False, type='bool', default=False),
- forward_policy=dict(default=None, choices=['first', 'only']),
+ forward_policy=dict(required=False, type='str',
+ choices=['first', 'only'], default=None),
no_dnssec_validation=dict(required=False, type='bool',
default=False),
# ad trust
enable_compat=dict(required=False, type='bool', default=False),
- netbios_name=dict(required=False),
+ netbios_name=dict(required=False, type='str'),
rid_base=dict(required=False, type='int', default=1000),
secondary_rid_base=dict(required=False, type='int',
default=100000000),
# additional
),
- supports_check_mode=True,
+ supports_check_mode=False,
)
ansible_module._ansible_debug = True
+ check_imports(ansible_module)
setup_logging()
ansible_log = AnsibleModuleLog(ansible_module)
--
GitLab