Add missing attribute `services` to vault module.

The `services` member and ownership atttributes were missing from vault module. This change adds them. Handling of owner and ownergroups needed to be changed to fix `services` and, due to this, have also been fixed.

Add missing attribute `services` to vault module.
7ca6c15f · Rafael Guterres Jeffman · 84d8fc0c · 7ca6c15f · 7ca6c15f · 7ca6c15f
Commit 7ca6c15f authored May 7, 2020 by Rafael Guterres Jeffman
--- a/README-vault.md
+++ b/README-vault.md
@@ -186,6 +186,7 @@ Variable | Description | Required
 `shared` | Vault is shared. Default to false. (bool) | no
 `users` | Users that are members of the vault. | no
 `groups` | Groups that are member of the vault. | no
+`services` | Services that are member of the vault. | no
 `vault_data` \| `ipavaultdata` | Data to be stored in the vault. | no
 `action` | Work on vault or member level. It can be on of `member` or `vault` and defaults to `vault`. | no
 `state` | The state to ensure. It can be one of `present` or `absent`, default: `present`. | no

--- a/plugins/modules/ipavault.py
+++ b/plugins/modules/ipavault.py
@@ -96,6 +96,10 @@ options:
    description: Groups that are member of the container.
    required: false
    type: list
+  services:
+    description: Services that are member of the container.
+    required: false
+    type: list
  action:
    description: Work on vault or member level.
    default: vault
@@ -284,7 +288,7 @@ def gen_args(description, username, service, shared, vault_type, salt,
    return _args
-def gen_member_args(args, users, groups):
+def gen_member_args(args, users, groups, services):
    _args = args.copy()
    for arg in ['ipavaulttype', 'description', 'ipavaultpublickey',
@@ -292,8 +296,12 @@ def gen_member_args(args, users, groups):
        if arg in _args:
            del _args[arg]
+    if users is not None:
        _args['user'] = users
+    if groups is not None:
        _args['group'] = groups
+    if services is not None:
+        _args['services'] = services
    return _args
@@ -317,8 +325,9 @@ def data_storage_args(args, data, password):
 def check_parameters(module, state, action, description, username, service,
-                     shared, users, groups, owners, ownergroups, vault_type,
+                     shared, users, groups, services, owners, ownergroups,
-                     salt, password, public_key, vault_data):
+                     ownerservices, vault_type, salt, password, public_key,
+                     vault_data):
    invalid = []
    if state == "present":
        if action == "member":
@@ -334,8 +343,9 @@ def check_parameters(module, state, action, description, username, service,
        invalid = ['description', 'salt']
        if action == "vault":
-            invalid.extend(['users', 'groups', 'owners', 'ownergroups',
+            invalid.extend(['users', 'groups', 'services', 'owners',
-                            'password', 'public_key'])
+                            'ownergroups', 'ownerservices', 'password',
+                            'public_key'])
        for arg in invalid:
            if vars()[arg] is not None:
@@ -386,9 +396,11 @@ def main():
            users=dict(required=False, type='list', default=None),
            groups=dict(required=False, type='list', default=None),
-            owners=dict(required=False, type='list', default=None),
+            services=dict(required=False, type='list', default=None),
+            owners=dict(required=False, type='list', default=None,
+                        aliases=['ownerusers']),
            ownergroups=dict(required=False, type='list', default=None),
+            ownerservices=dict(required=False, type='list', default=None),
            vault_data=dict(type="str", required=False, default=None,
                            aliases=['ipavaultdata']),
            vault_password=dict(type="str", required=False, default=None,
@@ -422,8 +434,10 @@ def main():
    users = module_params_get(ansible_module, "users")
    groups = module_params_get(ansible_module, "groups")
+    services = module_params_get(ansible_module, "services")
    owners = module_params_get(ansible_module, "owners")
    ownergroups = module_params_get(ansible_module, "ownergroups")
+    ownerservices = module_params_get(ansible_module, "ownerservices")
    vault_type = module_params_get(ansible_module, "vault_type")
    salt = module_params_get(ansible_module, "vault_salt")
@@ -451,8 +465,9 @@ def main():
        ansible_module.fail_json(msg="Invalid state '%s'" % state)
    check_parameters(ansible_module, state, action, description, username,
-                     service, shared, users, groups, owners, ownergroups,
+                     service, shared, users, groups, services, owners,
-                     vault_type, salt, password, public_key, vault_data)
+                     ownergroups, ownerservices, vault_type, salt, password,
+                     public_key, vault_data)
    # Init
    changed = False
@@ -520,48 +535,54 @@ def main():
                    group_add, group_del = \
                        gen_add_del_lists(groups,
                                          res_find.get('member_group', []))
+                    service_add, service_del = \
+                        gen_add_del_lists(services,
+                                          res_find.get('member_service', []))
                    owner_add, owner_del = \
                        gen_add_del_lists(owners,
                                          res_find.get('owner_user', []))
                    ownergroups_add, ownergroups_del = \
                        gen_add_del_lists(ownergroups,
                                          res_find.get('owner_group', []))
+                    ownerservice_add, ownerservice_del = \
+                        gen_add_del_lists(ownerservices,
+                                          res_find.get('owner_service', []))
                    # Add users and groups
-                    if len(user_add) > 0 or len(group_add) > 0:
                    user_add_args = gen_member_args(args, user_add,
-                                                        group_add)
+                                                    group_add, service_add)
-                        commands.append([name, 'vault_add_member',
+                    commands.append([name, 'vault_add_member', user_add_args])
-                                         user_add_args])
                    # Remove users and groups
-                    if len(user_del) > 0 or len(group_del) > 0:
                    user_del_args = gen_member_args(args, user_del,
-                                                        group_del)
+                                                    group_del, service_del)
-                        commands.append([name, 'vault_remove_member',
+                    commands.append(
-                                         user_del_args])
+                        [name, 'vault_remove_member', user_del_args])
                    # Add owner users and groups
-                    if len(user_add) > 0 or len(group_add) > 0:
+                    owner_add_args = gen_member_args(
-                        owner_add_args = gen_member_args(args, owner_add,
+                        args, owner_add, ownergroups_add, ownerservice_add)
-                                                         ownergroups_add)
+                    commands.append(
-                        commands.append([name, 'vault_add_owner',
+                        [name, 'vault_add_owner', owner_add_args])
-                                         owner_add_args])
                    # Remove owner users and groups
-                    if len(user_del) > 0 or len(group_del) > 0:
+                    owner_del_args = gen_member_args(
-                        owner_del_args = gen_member_args(args, owner_del,
+                        args, owner_del, ownergroups_del, ownerservice_del)
-                                                         ownergroups_del)
+                    commands.append(
-                        commands.append([name, 'vault_remove_owner',
+                        [name, 'vault_remove_owner', owner_del_args])
-                                         owner_del_args])
                elif action in "member":
                    # Add users and groups
-                    if users is not None or groups is not None:
+                    if any([users, groups, services]):
-                        user_args = gen_member_args(args, users, groups)
+                        user_args = gen_member_args(args, users, groups,
+                                                    services)
                        commands.append([name, 'vault_add_member', user_args])
-                    if owners is not None or ownergroups is not None:
+                    if any([owners, ownergroups, ownerservices]):
-                        owner_args = gen_member_args(args, owners, ownergroups)
+                        owner_args = gen_member_args(args, owners, ownergroups,
+                                                     ownerservices)
                        commands.append([name, 'vault_add_owner', owner_args])
                    if vault_data is not None:
@@ -579,15 +600,17 @@ def main():
                elif action == "member":
                    # remove users and groups
-                    if users is not None or groups is not None:
+                    if any([users, groups, services]):
-                        user_args = gen_member_args(args, users, groups)
+                        user_args = gen_member_args(
-                        commands.append([name, 'vault_remove_member',
+                            args, users, groups, services)
-                                         user_args])
+                        commands.append(
+                            [name, 'vault_remove_member', user_args])
-                    if owners is not None or ownergroups is not None:
-                        owner_args = gen_member_args(args, owners, ownergroups)
+                    if any([owners, ownergroups, ownerservices]):
-                        commands.append([name, 'vault_remove_owner',
+                        owner_args = gen_member_args(
-                                         owner_args])
+                            args, owners, ownergroups, ownerservices)
+                        commands.append(
+                            [name, 'vault_remove_owner', owner_args])
                else:
                    ansible_module.fail_json(
                        msg="Invalid action '%s' for state '%s'" %

--- a/tests/vault/test_vault.yml
+++ b/tests/vault/test_vault.yml
@@ -348,6 +348,48 @@
    register: result
    failed_when: result.changed
+  - name: Ensure vault member service is present.
+    ipavault:
+      ipaadmin_password: SomeADMINpassword
+      name: stdvault
+      username: user01
+      action: member
+      services: "HTTP/{{ groups.ipaserver[0] }}"
+    register: result
+    failed_when: not result.changed
+  - name: Ensure vault member service is present, again.
+    ipavault:
+      ipaadmin_password: SomeADMINpassword
+      name: stdvault
+      username: user01
+      action: member
+      services: "HTTP/{{ groups.ipaserver[0] }}"
+    register: result
+    failed_when: result.changed
+  - name: Ensure vault member service is absent.
+    ipavault:
+      ipaadmin_password: SomeADMINpassword
+      name: stdvault
+      username: user01
+      action: member
+      services: "HTTP/{{ groups.ipaserver[0] }}"
+      state: absent
+    register: result
+    failed_when: not result.changed
+  - name: Ensure vault member service is absent, again.
+    ipavault:
+      ipaadmin_password: SomeADMINpassword
+      name: stdvault
+      username: user01
+      action: member
+      services: "HTTP/{{ groups.ipaserver[0] }}"
+      state: absent
+    register: result
+    failed_when: result.changed
  - name: Ensure vault is absent.
    ipavault:
      ipaadmin_password: SomeADMINpassword
@@ -514,6 +556,90 @@
    register: result
    failed_when: result.changed
+  - name: Ensure vaultgroup is owner of stdvault.
+    ipavault:
+      ipaadmin_password: SomeADMINpassword
+      name: stdvault
+      username: user01
+      ownergroups: vaultgroup
+      action: member
+    register: result
+    failed_when: not result.changed
+  - name: Ensure vaultgroup is owner of stdvault, again.
+    ipavault:
+      ipaadmin_password: SomeADMINpassword
+      name: stdvault
+      username: user01
+      ownergroups: vaultgroup
+      action: member
+    register: result
+    failed_when: result.changed
+  - name: Ensure vaultgroup is not owner of stdvault.
+    ipavault:
+      ipaadmin_password: SomeADMINpassword
+      name: stdvault
+      username: user01
+      ownergroups: vaultgroup
+      state: absent
+      action: member
+    register: result
+    failed_when: not result.changed
+  - name: Ensure vaultgroup is not owner of stdvault, again.
+    ipavault:
+      ipaadmin_password: SomeADMINpassword
+      name: stdvault
+      username: user01
+      ownergroups: vaultgroup
+      state: absent
+      action: member
+    register: result
+    failed_when: result.changed
+  - name: Ensure vault is owned by HTTP service.
+    ipavault:
+      ipaadmin_password: SomeADMINpassword
+      name: stdvault
+      username: user01
+      ownerservices: "HTTP/{{ groups.ipaserver[0] }}"
+      action: member
+    register: result
+    failed_when: not result.changed
+  - name: Ensure vault is owned by HTTP service, again.
+    ipavault:
+      ipaadmin_password: SomeADMINpassword
+      name: stdvault
+      username: user01
+      ownerservices: "HTTP/{{ groups.ipaserver[0] }}"
+      action: member
+    register: result
+    failed_when: result.changed
+  - name: Ensure vault is not owned by HTTP service.
+    ipavault:
+      ipaadmin_password: SomeADMINpassword
+      name: stdvault
+      username: user01
+      ownerservices: "HTTP/{{ groups.ipaserver[0] }}"
+      state: absent
+      action: member
+    register: result
+    failed_when: not result.changed
+  - name: Ensure vault is not owned by HTTP service, again.
+    ipavault:
+      ipaadmin_password: SomeADMINpassword
+      name: stdvault
+      username: user01
+      ownerservices: "HTTP/{{ groups.ipaserver[0] }}"
+      state: absent
+      action: member
+    register: result
+    failed_when: result.changed
  - name: Ensure vault is absent.
    ipavault:
      ipaadmin_password: SomeADMINpassword