From a9602431ce0b8174206e918b8116df88e4487d44 Mon Sep 17 00:00:00 2001
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
Date: Tue, 28 Jan 2025 23:57:43 -0300
Subject: [PATCH] ansible_freeipa_module_utils: Add functions to handle objects
SID
When managing AD objects the SID of the objects are stored in FreeIPA
database, but a user would still use the human readable values, like
"AD\\user" or "user@ad.domain". This can cause idempotence issues in
many cases, and prevent some actions to be performed, like ensure
absence of the object.
The methods added allow the conversion of one or multiple objects, and
will be used by any module that manages AD objects.
Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
---
.../module_utils/ansible_freeipa_module.py | 21 +++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/plugins/module_utils/ansible_freeipa_module.py b/plugins/module_utils/ansible_freeipa_module.py
index 3386cb8..2f861ef 100644
--- a/plugins/module_utils/ansible_freeipa_module.py
+++ b/plugins/module_utils/ansible_freeipa_module.py
@@ -589,6 +589,20 @@ def ensure_fqdn(name, domain):
return name
+def convert_to_sid(items):
+ """Convert all items to SID, if possible."""
+ def get_sid(data):
+ try:
+ return get_trusted_domain_object_sid(data)
+ except ipalib_errors.NotFound:
+ return data
+ if items is None:
+ return None
+ if not isinstance(items, (list, tuple)):
+ items = [items]
+ return [get_sid(item) for item in items]
+
+
def api_get_realm():
return api.env.realm
@@ -903,6 +917,13 @@ def get_trusted_domain_sid_from_name(dom_name):
return unicode(sid) if sid is not None else None
+def get_trusted_domain_object_sid(object_name):
+ """Given an object name, returns de object SID."""
+ domain_validator = __get_domain_validator()
+ sid = domain_validator.get_trusted_domain_object_sid(object_name)
+ return unicode(sid) if sid is not None else None
+
+
class IPAParamMapping(Mapping):
"""
Provides IPA API mapping to playbook parameters or computed values.
--
GitLab