ipamodule[+member].py.in: Use IPAAnsibleModule class, reduce calls

Use IPAAnsibleModule and ipamodule_base_docs in the templates of
utils/new_module.

ipaadmin_password lines in the examples have been added, ipaadmin_
variables are handled by IPAAnsibleModule, ansible_module.params_get is
used to get the parameters and ansible_module.ipa_connect is used to
simplify the module.

ipamodule+member.py.in is additionally using gen_add_list and
gen_intersection_list to reduce the command calls to the changes only.

utils/templates/ipamodule+member.py.in

@@ -31,13 +31,9 @@ DOCUMENTATION = """
 module: ipa$name
 short description: Manage FreeIPA $name
 description: Manage FreeIPA $name and $name members
+extends_documentation_fragment:
+  - ipamodule_base_docs
 options:
-  ipaadmin_principal:
-    description: The admin principal.
-    default: admin
-  ipaadmin_password:
-    description: The admin password.
-    required: false
   name:
     description: The list of $name name strings.
     required: true
@@ -65,17 +61,20 @@ options:
 EXAMPLES = """
 # Ensure $name NAME is present
 - ipa$name:
+    ipaadmin_password: SomeADMINpassword
     name: NAME
     PARAMETERS
 
 # Ensure $name "NAME" member PARAMETER2 VALUE is present
 - ipa$name:
+    ipaadmin_password: SomeADMINpassword
     name: NAME
     PARAMETER2: VALUE
     action: member
 
 # Ensure $name "NAME" member PARAMETER2 VALUE is absent
 - ipa$name:
+    ipaadmin_password: SomeADMINpassword
     name: NAME
     PARAMETER2: VALUE
     action: member
@@ -83,11 +82,13 @@ EXAMPLES = """
 
 # Ensure $name NAME is absent
 - ipa$name:
+    ipaadmin_password: SomeADMINpassword
     name: NAME
     state: absent
 
 # Ensure $name NAME ...
 - ipa$name:
+    ipaadmin_password: SomeADMINpassword
     name: NAME
     CHANGE PARAMETERS
 """
@@ -96,10 +97,10 @@ RETURN = """
 """
 
 
-from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_freeipa_module import \
-    temp_kinit, temp_kdestroy, valid_creds, api_connect, api_command, \
-    compare_args_ipa, module_params_get, gen_add_del_lists
+    IPAAnsibleModule, compare_args_ipa, gen_add_del_lists, gen_add_list, \
+    gen_intersection_list
+
 import six
 
 if six.PY3:
@@ -109,7 +110,7 @@ if six.PY3:
 def find_$name(module, name):
     """Find if a $name with the given name already exist."""
     try:
-        _result = api_command(module, "$name_show", name, {"all": True})
+        _result = module.ipa_command("$name_show", name, {"all": True})
     except Exception:  # pylint: disable=broad-except
         # An exception is raised if $name name is not found.
         return None
@@ -132,12 +133,9 @@ def gen_member_args(PARAMETER2):
 
 
 def main():
-    ansible_module = AnsibleModule(
+    ansible_module = IPAAnsibleModule(
         argument_spec=dict(
             # general
-            ipaadmin_principal=dict(type="str", default="admin"),
-            ipaadmin_password=dict(type="str", required=False, no_log=True),
-
             name=dict(type="list", aliases=["API_PARAMETER_NAME"],
                       default=None, required=True),
             # present
@@ -159,18 +157,15 @@ def main():
     # Get parameters
 
     # general
-    ipaadmin_principal = module_params_get(ansible_module,
-                                           "ipaadmin_principal")
-    ipaadmin_password = module_params_get(ansible_module, "ipaadmin_password")
-    names = module_params_get(ansible_module, "name")
+    names = ansible_module.params_get("name")
 
     # present
-    PARAMETER1 = module_params_get(ansible_module, "PARAMETER1")
-    PARAMETER2 = module_params_get(ansible_module, "PARAMETER2")
-    action = module_params_get(ansible_module, "action")
+    PARAMETER1 = ansible_module.params_get("PARAMETER1")
+    PARAMETER2 = ansible_module.params_get("PARAMETER2")
+    action = ansible_module.params_get("action")
 
     # state
-    state = module_params_get(ansible_module, "state")
+    state = ansible_module.params_get("state")
 
     # Check parameters
 
@@ -200,13 +195,9 @@ def main():
 
     changed = False
     exit_args = {}
-    ccache_dir = None
-    ccache_name = None
-    try:
-        if not valid_creds(ansible_module, ipaadmin_principal):
-            ccache_dir, ccache_name = temp_kinit(ipaadmin_principal,
-                                                 ipaadmin_password)
-        api_connect()
+
+    # Connect to IPA API
+    with ansible_module.ipa_connect():
 
         commands = []
         for name in names:
@@ -257,13 +248,18 @@ def main():
                         ansible_module.fail_json(
                             msg="No $name '%s'" % name)
 
-                    if PARAMETER2 is None:
-                        ansible_module.fail_json(msg="No PARAMETER2 given")
+                    # Reduce add lists for PARAMETER2
+                    # to new entries only that are not in res_find.
+                    if PARAMETER2 is not None and \
+                       "API_PARAMETER2_NAME" in res_find:
+                        PARAMETER2 = gen_add_list(
+                            PARAMETER2, res_find["API_PARAMETER2_NAME"])
 
-                    commands.append([name, "$name_add_member",
-                                     {
-                                         "PARAMETER2": PARAMETER2,
-                                     }])
+                    if PARAMETER2 is not None:
+                        commands.append([name, "$name_add_member",
+                                         {
+                                             "PARAMETER2": PARAMETER2,
+                                         }])
 
             elif state == "absent":
                 if action == "$name":
@@ -275,13 +271,17 @@ def main():
                         ansible_module.fail_json(
                             msg="No $name '%s'" % name)
 
-                    if PARAMETER2 is None:
-                        ansible_module.fail_json(msg="No PARAMETER2 given")
+                    # Reduce del lists of member_host and member_hostgroup,
+                    # to the entries only that are in res_find.
+                    if PARAMETER2 is not None:
+                        PARAMETER2 = gen_intersection_list(
+                            PARAMETER2, res_find.get("API_PARAMETER2_NAME"))
 
-                    commands.append([name, "$name_remove_member",
-                                     {
-                                         "PARAMETER2": PARAMETER2,
-                                     }])
+                    if PARAMETER2 is not None:
+                        commands.append([name, "$name_remove_member",
+                                         {
+                                             "PARAMETER2": PARAMETER2,
+                                         }])
 
             else:
                 ansible_module.fail_json(msg="Unkown state '%s'" % state)
@@ -294,8 +294,7 @@ def main():
 
         for name, command, args in commands:
             try:
-                result = api_command(ansible_module, command, name,
-                                     args)
+                result = ansible_module.ipa_command(command, name, args)
                 if "completed" in result:
                     if result["completed"] > 0:
                         changed = True
@@ -320,12 +319,6 @@ def main():
             if len(errors) > 0:
                 ansible_module.fail_json(msg=", ".join(errors))
 
-    except Exception as e:
-        ansible_module.fail_json(msg=str(e))
-
-    finally:
-        temp_kdestroy(ccache_dir, ccache_name)
-
     # Done
 
     ansible_module.exit_json(changed=changed, **exit_args)

utils/templates/ipamodule.py.in

@@ -31,13 +31,9 @@ DOCUMENTATION = """
 module: ipa$name
 short description: Manage FreeIPA $name
 description: Manage FreeIPA $name
+extends_documentation_fragment:
+  - ipamodule_base_docs
 options:
-  ipaadmin_principal:
-    description: The admin principal.
-    default: admin
-  ipaadmin_password:
-    description: The admin password.
-    required: false
   name:
     description: The list of $name name strings.
     required: true
@@ -60,16 +56,19 @@ options:
 EXAMPLES = """
 # Ensure $name NAME is present
 - ipa$name:
+    ipaadmin_password: SomeADMINpassword
     name: NAME
     PARAMETERS
 
 # Ensure $name NAME is absent
 - ipa$name:
+    ipaadmin_password: SomeADMINpassword
     name: NAME
     state: absent
 
 # Ensure $name NAME ...
 - ipa$name:
+    ipaadmin_password: SomeADMINpassword
     name: NAME
     CHANGE PARAMETERS
 """
@@ -78,10 +77,8 @@ RETURN = """
 """
 
 
-from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_freeipa_module import \
-    temp_kinit, temp_kdestroy, valid_creds, api_connect, api_command, \
-    compare_args_ipa, module_params_get
+    IPAAnsibleModule, compare_args_ipa
 import six
 
 if six.PY3:
@@ -91,7 +88,7 @@ if six.PY3:
 def find_$name(module, name):
     """Find if a $name with the given name already exist."""
     try:
-        _result = api_command(module, "$name_show", name, {"all": True})
+        _result = module.ipa_command("$name_show", name, {"all": True})
     except Exception:  # pylint: disable=broad-except
         # An exception is raised if $name name is not found.
         return None
@@ -109,12 +106,9 @@ def gen_args(PARAMETER1, PARAMETER2):
 
 
 def main():
-    ansible_module = AnsibleModule(
+    ansible_module = IPAAnsibleModule(
         argument_spec=dict(
             # general
-            ipaadmin_principal=dict(type="str", default="admin"),
-            ipaadmin_password=dict(type="str", required=False, no_log=True),
-
             name=dict(type="list", aliases=["API_PARAMETER_NAME"],
                       default=None, required=True),
             # present
@@ -134,17 +128,14 @@ def main():
     # Get parameters
 
     # general
-    ipaadmin_principal = module_params_get(ansible_module,
-                                           "ipaadmin_principal")
-    ipaadmin_password = module_params_get(ansible_module, "ipaadmin_password")
-    names = module_params_get(ansible_module, "name")
+    names = ansible_module.params_get("name")
 
     # present
-    PARAMETER1 = module_params_get(ansible_module, "PARAMETER1")
-    PARAMETER2 = module_params_get(ansible_module, "PARAMETER2")
+    PARAMETER1 = ansible_module.params_get("PARAMETER1")
+    PARAMETER2 = ansible_module.params_get("PARAMETER2")
 
     # state
-    state = module_params_get(ansible_module, "state")
+    state = ansible_module.params_get("state")
 
     # Check parameters
 
@@ -170,13 +161,9 @@ def main():
 
     changed = False
     exit_args = {}
-    ccache_dir = None
-    ccache_name = None
-    try:
-        if not valid_creds(ansible_module, ipaadmin_principal):
-            ccache_dir, ccache_name = temp_kinit(ipaadmin_principal,
-                                                 ipaadmin_password)
-        api_connect()
+
+    # Connect to IPA API
+    with ansible_module.ipa_connect():
 
         commands = []
         for name in names:
@@ -215,8 +202,7 @@ def main():
 
         for name, command, args in commands:
             try:
-                result = api_command(ansible_module, command, name,
-                                     args)
+                result = ansible_module.ipa_command(command, name, args)
                 if "completed" in result:
                     if result["completed"] > 0:
                         changed = True
@@ -226,12 +212,6 @@ def main():
                 ansible_module.fail_json(msg="%s: %s: %s" % (command, name,
                                                              str(e)))
 
-    except Exception as e:
-        ansible_module.fail_json(msg=str(e))
-
-    finally:
-        temp_kdestroy(ccache_dir, ccache_name)
-
     # Done
 
     ansible_module.exit_json(changed=changed, **exit_args)