From 7bbb401b9b3405a60f782f6eac08d8c657368c34 Mon Sep 17 00:00:00 2001
From: Eric Nothen <eric.nothen@payback.net>
Date: Tue, 5 Jan 2021 14:33:39 +0100
Subject: [PATCH] Enabled Ansible check_mode Added code to the ipa* plugins to
support Ansible's check_mode, by means of a clean exit before the execution
of the actual list of commands that would otherwise create/update/delete IPA
servers and/or its resources.
---
plugins/modules/ipaconfig.py | 3 ++-
plugins/modules/ipadelegation.py | 4 ++++
plugins/modules/ipadnsconfig.py | 3 ++-
plugins/modules/ipadnsforwardzone.py | 6 ++++++
plugins/modules/ipadnsrecord.py | 4 ++++
plugins/modules/ipagroup.py | 4 ++++
plugins/modules/ipahbacrule.py | 4 ++++
plugins/modules/ipahbacsvc.py | 4 ++++
plugins/modules/ipahbacsvcgroup.py | 4 ++++
plugins/modules/ipahost.py | 4 ++++
plugins/modules/ipahostgroup.py | 4 ++++
plugins/modules/ipalocation.py | 4 ++++
plugins/modules/ipapermission.py | 4 ++++
plugins/modules/ipaprivilege.py | 4 ++++
plugins/modules/ipapwpolicy.py | 4 ++++
plugins/modules/iparole.py | 5 +++++
plugins/modules/ipaselfservice.py | 4 ++++
plugins/modules/ipaservice.py | 4 ++++
plugins/modules/ipasudocmd.py | 4 ++++
plugins/modules/ipasudocmdgroup.py | 4 ++++
plugins/modules/ipasudorule.py | 4 ++++
plugins/modules/ipatopologysegment.py | 4 ++++
plugins/modules/ipatrust.py | 6 ++++--
plugins/modules/ipauser.py | 4 ++++
plugins/modules/ipavault.py | 4 ++++
utils/templates/ipamodule+member.py.in | 4 ++++
utils/templates/ipamodule.py.in | 4 ++++
27 files changed, 107 insertions(+), 4 deletions(-)
diff --git a/plugins/modules/ipaconfig.py b/plugins/modules/ipaconfig.py
index 41a6d0a8..9b4a9625 100644
--- a/plugins/modules/ipaconfig.py
+++ b/plugins/modules/ipaconfig.py
@@ -428,7 +428,8 @@ def main():
if params \
and not compare_args_ipa(ansible_module, params, res_show):
changed = True
- api_command_no_name(ansible_module, "config_mod", params)
+ if not ansible_module.check_mode:
+ api_command_no_name(ansible_module, "config_mod", params)
else:
rawresult = api_command_no_name(ansible_module, "config_show", {})
diff --git a/plugins/modules/ipadelegation.py b/plugins/modules/ipadelegation.py
index 098bd5de..a5f54699 100644
--- a/plugins/modules/ipadelegation.py
+++ b/plugins/modules/ipadelegation.py
@@ -310,6 +310,10 @@ def main():
else:
ansible_module.fail_json(msg="Unkown state '%s'" % state)
+ # Check mode exit
+ if ansible_module.check_mode:
+ ansible_module.exit_json(changed=len(commands) > 0, **exit_args)
+
# Execute commands
for name, command, args in commands:
diff --git a/plugins/modules/ipadnsconfig.py b/plugins/modules/ipadnsconfig.py
index b89344da..a0f2bc56 100644
--- a/plugins/modules/ipadnsconfig.py
+++ b/plugins/modules/ipadnsconfig.py
@@ -233,7 +233,8 @@ def main():
# Execute command only if configuration changes.
if not compare_args_ipa(ansible_module, args, res_find):
try:
- api_command_no_name(ansible_module, 'dnsconfig_mod', args)
+ if not ansible_module.check_mode:
+ api_command_no_name(ansible_module, 'dnsconfig_mod', args)
# If command did not fail, something changed.
changed = True
diff --git a/plugins/modules/ipadnsforwardzone.py b/plugins/modules/ipadnsforwardzone.py
index 69ee040f..ffebc3d2 100644
--- a/plugins/modules/ipadnsforwardzone.py
+++ b/plugins/modules/ipadnsforwardzone.py
@@ -380,6 +380,12 @@ def main():
[name, 'dnsforwardzone_remove_permission', {}]
)
+ # Check mode exit
+ if ansible_module.check_mode:
+ ansible_module.exit_json(changed=len(commands) > 0,
+ **exit_args)
+
+ # Execute commands
for name, command, args in commands:
api_command(ansible_module, command, name, args)
changed = True
diff --git a/plugins/modules/ipadnsrecord.py b/plugins/modules/ipadnsrecord.py
index 4de8a949..6c20c5da 100644
--- a/plugins/modules/ipadnsrecord.py
+++ b/plugins/modules/ipadnsrecord.py
@@ -1496,6 +1496,10 @@ def main():
if cmds:
commands.extend(cmds)
+ # Check mode exit
+ if ansible_module.check_mode:
+ ansible_module.exit_json(changed=len(commands) > 0, **exit_args)
+
# Execute commands
for name, command, args in commands:
try:
diff --git a/plugins/modules/ipagroup.py b/plugins/modules/ipagroup.py
index b88f651b..e7072f08 100644
--- a/plugins/modules/ipagroup.py
+++ b/plugins/modules/ipagroup.py
@@ -616,6 +616,10 @@ def main():
else:
ansible_module.fail_json(msg="Unkown state '%s'" % state)
+ # Check mode exit
+ if ansible_module.check_mode:
+ ansible_module.exit_json(changed=len(commands) > 0, **exit_args)
+
# Execute commands
for name, command, args in commands:
diff --git a/plugins/modules/ipahbacrule.py b/plugins/modules/ipahbacrule.py
index 12725c70..4be82693 100644
--- a/plugins/modules/ipahbacrule.py
+++ b/plugins/modules/ipahbacrule.py
@@ -500,6 +500,10 @@ def main():
else:
ansible_module.fail_json(msg="Unkown state '%s'" % state)
+ # Check mode exit
+ if ansible_module.check_mode:
+ ansible_module.exit_json(changed=len(commands) > 0, **exit_args)
+
# Execute commands
errors = []
diff --git a/plugins/modules/ipahbacsvc.py b/plugins/modules/ipahbacsvc.py
index 969a62ef..1ead6d53 100644
--- a/plugins/modules/ipahbacsvc.py
+++ b/plugins/modules/ipahbacsvc.py
@@ -195,6 +195,10 @@ def main():
else:
ansible_module.fail_json(msg="Unkown state '%s'" % state)
+ # Check mode exit
+ if ansible_module.check_mode:
+ ansible_module.exit_json(changed=len(commands) > 0, **exit_args)
+
# Execute commands
for name, command, args in commands:
diff --git a/plugins/modules/ipahbacsvcgroup.py b/plugins/modules/ipahbacsvcgroup.py
index d55dc138..6676bca7 100644
--- a/plugins/modules/ipahbacsvcgroup.py
+++ b/plugins/modules/ipahbacsvcgroup.py
@@ -300,6 +300,10 @@ def main():
else:
ansible_module.fail_json(msg="Unkown state '%s'" % state)
+ # Check mode exit
+ if ansible_module.check_mode:
+ ansible_module.exit_json(changed=len(commands) > 0, **exit_args)
+
# Execute commands
errors = []
for name, command, args in commands:
diff --git a/plugins/modules/ipahost.py b/plugins/modules/ipahost.py
index ccec5d79..6fc31766 100644
--- a/plugins/modules/ipahost.py
+++ b/plugins/modules/ipahost.py
@@ -1347,6 +1347,10 @@ def main():
del host_set
+ # Check mode exit
+ if ansible_module.check_mode:
+ ansible_module.exit_json(changed=len(commands) > 0, **exit_args)
+
# Execute commands
errors = []
diff --git a/plugins/modules/ipahostgroup.py b/plugins/modules/ipahostgroup.py
index 79b92b14..8c594353 100644
--- a/plugins/modules/ipahostgroup.py
+++ b/plugins/modules/ipahostgroup.py
@@ -463,6 +463,10 @@ def main():
else:
ansible_module.fail_json(msg="Unkown state '%s'" % state)
+ # Check mode exit
+ if ansible_module.check_mode:
+ ansible_module.exit_json(changed=len(commands) > 0, **exit_args)
+
# Execute commands
for name, command, args in commands:
try:
diff --git a/plugins/modules/ipalocation.py b/plugins/modules/ipalocation.py
index a7439df4..14066296 100644
--- a/plugins/modules/ipalocation.py
+++ b/plugins/modules/ipalocation.py
@@ -190,6 +190,10 @@ def main():
else:
ansible_module.fail_json(msg="Unkown state '%s'" % state)
+ # Check mode exit
+ if ansible_module.check_mode:
+ ansible_module.exit_json(changed=len(commands) > 0, **exit_args)
+
# Execute commands
for name, command, args in commands:
diff --git a/plugins/modules/ipapermission.py b/plugins/modules/ipapermission.py
index f613cba3..39e79d51 100644
--- a/plugins/modules/ipapermission.py
+++ b/plugins/modules/ipapermission.py
@@ -466,6 +466,10 @@ def main():
else:
ansible_module.fail_json(msg="Unknown state '%s'" % state)
+ # Check mode exit
+ if ansible_module.check_mode:
+ ansible_module.exit_json(changed=len(commands) > 0, **exit_args)
+
# Execute commands
for name, command, args in commands:
diff --git a/plugins/modules/ipaprivilege.py b/plugins/modules/ipaprivilege.py
index 355e2ca5..18074f58 100644
--- a/plugins/modules/ipaprivilege.py
+++ b/plugins/modules/ipaprivilege.py
@@ -312,6 +312,10 @@ def main():
else:
ansible_module.fail_json(msg="Unkown state '%s'" % state)
+ # Check mode exit
+ if ansible_module.check_mode:
+ ansible_module.exit_json(changed=len(commands) > 0, **exit_args)
+
# Execute commands
for name, command, args in commands:
diff --git a/plugins/modules/ipapwpolicy.py b/plugins/modules/ipapwpolicy.py
index 0d68fb1c..77fa023d 100644
--- a/plugins/modules/ipapwpolicy.py
+++ b/plugins/modules/ipapwpolicy.py
@@ -284,6 +284,10 @@ def main():
else:
ansible_module.fail_json(msg="Unkown state '%s'" % state)
+ # Check mode exit
+ if ansible_module.check_mode:
+ ansible_module.exit_json(changed=len(commands) > 0, **exit_args)
+
# Execute commands
for name, command, args in commands:
diff --git a/plugins/modules/iparole.py b/plugins/modules/iparole.py
index 1fbf6718..a833149a 100644
--- a/plugins/modules/iparole.py
+++ b/plugins/modules/iparole.py
@@ -355,6 +355,11 @@ def process_commands(module, commands):
errors = []
exit_args = {}
changed = False
+
+ # Check mode exit
+ if module.check_mode:
+ return len(commands) > 0, exit_args
+
for name, command, args in commands:
try:
result = api_command(module, command, name, args)
diff --git a/plugins/modules/ipaselfservice.py b/plugins/modules/ipaselfservice.py
index 9a900bd3..801a8f54 100644
--- a/plugins/modules/ipaselfservice.py
+++ b/plugins/modules/ipaselfservice.py
@@ -293,6 +293,10 @@ def main():
else:
ansible_module.fail_json(msg="Unkown state '%s'" % state)
+ # Check mode exit
+ if ansible_module.check_mode:
+ ansible_module.exit_json(changed=len(commands) > 0, **exit_args)
+
# Execute commands
for name, command, args in commands:
diff --git a/plugins/modules/ipaservice.py b/plugins/modules/ipaservice.py
index af293513..a72a48e6 100644
--- a/plugins/modules/ipaservice.py
+++ b/plugins/modules/ipaservice.py
@@ -824,6 +824,10 @@ def main():
else:
ansible_module.fail_json(msg="Unkown state '%s'" % state)
+ # Check mode exit
+ if ansible_module.check_mode:
+ ansible_module.exit_json(changed=len(commands) > 0, **exit_args)
+
# Execute commands
errors = []
for name, command, args in commands:
diff --git a/plugins/modules/ipasudocmd.py b/plugins/modules/ipasudocmd.py
index 74947933..ca484ba9 100644
--- a/plugins/modules/ipasudocmd.py
+++ b/plugins/modules/ipasudocmd.py
@@ -182,6 +182,10 @@ def main():
else:
ansible_module.fail_json(msg="Unkown state '%s'" % state)
+ # Check mode exit
+ if ansible_module.check_mode:
+ ansible_module.exit_json(changed=len(commands) > 0, **exit_args)
+
# Execute commands
for name, command, args in commands:
try:
diff --git a/plugins/modules/ipasudocmdgroup.py b/plugins/modules/ipasudocmdgroup.py
index f1204fdb..c4d8830e 100644
--- a/plugins/modules/ipasudocmdgroup.py
+++ b/plugins/modules/ipasudocmdgroup.py
@@ -298,6 +298,10 @@ def main():
else:
ansible_module.fail_json(msg="Unkown state '%s'" % state)
+ # Check mode exit
+ if ansible_module.check_mode:
+ ansible_module.exit_json(changed=len(commands) > 0, **exit_args)
+
# Execute commands
for name, command, args in commands:
try:
diff --git a/plugins/modules/ipasudorule.py b/plugins/modules/ipasudorule.py
index 354b9e48..171ec9ab 100644
--- a/plugins/modules/ipasudorule.py
+++ b/plugins/modules/ipasudorule.py
@@ -686,6 +686,10 @@ def main():
else:
ansible_module.fail_json(msg="Unkown state '%s'" % state)
+ # Check mode exit
+ if ansible_module.check_mode:
+ ansible_module.exit_json(changed=len(commands) > 0, **exit_args)
+
# Execute commands
errors = []
diff --git a/plugins/modules/ipatopologysegment.py b/plugins/modules/ipatopologysegment.py
index 5b63e8b1..4d522bda 100644
--- a/plugins/modules/ipatopologysegment.py
+++ b/plugins/modules/ipatopologysegment.py
@@ -326,6 +326,10 @@ def main():
else:
ansible_module.fail_json(msg="Unkown state '%s'" % state)
+ # Check mode exit
+ if ansible_module.check_mode:
+ ansible_module.exit_json(changed=len(commands) > 0, **exit_args)
+
# Execute command
for command, args, _suffix in commands:
diff --git a/plugins/modules/ipatrust.py b/plugins/modules/ipatrust.py
index 4dc144fd..c48dcb41 100644
--- a/plugins/modules/ipatrust.py
+++ b/plugins/modules/ipatrust.py
@@ -244,7 +244,8 @@ def main():
if state == "absent":
if res_find is not None:
- del_trust(ansible_module, realm)
+ if not ansible_module.check_mode:
+ del_trust(ansible_module, realm)
changed = True
elif res_find is None:
if admin is None and trust_secret is None:
@@ -256,7 +257,8 @@ def main():
trust_secret, base_id, range_size, range_type,
two_way, external)
- add_trust(ansible_module, realm, args)
+ if not ansible_module.check_mode:
+ add_trust(ansible_module, realm, args)
changed = True
except Exception as e:
diff --git a/plugins/modules/ipauser.py b/plugins/modules/ipauser.py
index c5f0afdb..52463abb 100644
--- a/plugins/modules/ipauser.py
+++ b/plugins/modules/ipauser.py
@@ -1377,6 +1377,10 @@ def main():
del user_set
+ # Check mode exit
+ if ansible_module.check_mode:
+ ansible_module.exit_json(changed=len(commands) > 0, **exit_args)
+
# Execute commands
errors = []
diff --git a/plugins/modules/ipavault.py b/plugins/modules/ipavault.py
index f1d68256..9d2e1be5 100644
--- a/plugins/modules/ipavault.py
+++ b/plugins/modules/ipavault.py
@@ -910,6 +910,10 @@ def main():
else:
ansible_module.fail_json(msg="Unknown state '%s'" % state)
+ # Check mode exit
+ if ansible_module.check_mode:
+ ansible_module.exit_json(changed=len(commands) > 0, **exit_args)
+
# Execute commands
errors = []
diff --git a/utils/templates/ipamodule+member.py.in b/utils/templates/ipamodule+member.py.in
index 78197351..bd637398 100644
--- a/utils/templates/ipamodule+member.py.in
+++ b/utils/templates/ipamodule+member.py.in
@@ -286,6 +286,10 @@ def main():
else:
ansible_module.fail_json(msg="Unkown state '%s'" % state)
+ # Check mode exit
+ if ansible_module.check_mode:
+ ansible_module.exit_json(changed=len(commands) > 0, **exit_args)
+
# Execute commands
for name, command, args in commands:
diff --git a/utils/templates/ipamodule.py.in b/utils/templates/ipamodule.py.in
index 24243a2f..233c5985 100644
--- a/utils/templates/ipamodule.py.in
+++ b/utils/templates/ipamodule.py.in
@@ -207,6 +207,10 @@ def main():
else:
ansible_module.fail_json(msg="Unkown state '%s'" % state)
+ # Check mode exit
+ if ansible_module.check_mode:
+ ansible_module.exit_json(changed=len(commands) > 0, **exit_args)
+
# Execute commands
for name, command, args in commands:
--
GitLab