From e4d2a7b3538afe5b8a0441fe820e8b245ae9130e Mon Sep 17 00:00:00 2001
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
Date: Thu, 23 Sep 2021 15:36:03 -0300
Subject: [PATCH] api_connect: Allow configuration of IPA API connection.

This change adds a keyword parameter to api_connect() which can be
used to configure IPA API connection, for example, controlling the
use of LDAP cache, by passing 'ldap_cache' as an argument.

Also, IPAAnsibleModule is modified to automatically filter all
parameters of the module starting with 'ipaapi_' to be used as
arguments to configure api_connect(). The argument name will have
the same name as the module parameter with 'ipaapi_' stripped off.
---
 .../module_utils/ansible_freeipa_module.py    | 38 +++++++++++++++----
 1 file changed, 31 insertions(+), 7 deletions(-)

diff --git a/plugins/module_utils/ansible_freeipa_module.py b/plugins/module_utils/ansible_freeipa_module.py
index fe526804..6c67fe25 100644
--- a/plugins/module_utils/ansible_freeipa_module.py
+++ b/plugins/module_utils/ansible_freeipa_module.py
@@ -201,18 +201,32 @@ else:
         if ccache_dir is not None:
             shutil.rmtree(ccache_dir, ignore_errors=True)
 
-    def api_connect(context=None):
+    def api_connect(context=None, **overrides):
         """
-        Initialize IPA API with the provided context.
+        Initialize IPA API with the provided configuration.
+
+        Parameters
+        ----------
+        context:
+            Set IPA API execution context. Valid values: "server", "client"
+
+        overrides:
+            Keyword argument dict containing arguments passed to
+            api.bootstrap() to configure API connection.
+            Valid overrides arguments include:
+                ldap_cache: Control use of LDAP cache layer. (bool)
 
-        `context` can be any of:
-            * `server` (default)
-            * `client`
         """
         env = Env()
         env._bootstrap()
         env._finalize_core(**dict(DEFAULT_CONFIG))
 
+        # Fail connection if an unexpected argument is passed in 'overrides'.
+        _allowed = set(["ldap_cache"])
+        _inv = set(overrides.keys()) - _allowed
+        if _inv:
+            raise ValueError("Cannot override parameters: %s" % ",".join(_inv))
+
         # If not set, context will be based on current API context.
         if context is None:
             context = "server" if is_ipa_configured() else "client"
@@ -227,7 +241,7 @@ else:
         if context == "client":
             context = "cli"
 
-        api.bootstrap(context=context, debug=env.debug, log=None)
+        api.bootstrap(context=context, debug=env.debug, log=None, **overrides)
         api.finalize()
 
         if api.env.in_server:
@@ -645,13 +659,23 @@ else:
             if context is None:
                 context = self.params_get("ipaapi_context")
 
+            # Get set of parameters to override in api.bootstrap().
+            # Here, all 'ipaapi_*' params are allowed, and the control
+            # of invalid parameters is delegated to api_connect.
+            _excl_override = ["ipaapi_context"]
+            overrides = {
+                name[len("ipaapi_"):]: self.params_get(name)
+                for name in self.params
+                if name.startswith("ipaapi_") and name not in _excl_override
+            }
+
             ccache_dir = None
             ccache_name = None
             try:
                 if not valid_creds(self, ipaadmin_principal):
                     ccache_dir, ccache_name = temp_kinit(
                         ipaadmin_principal, ipaadmin_password)
-                api_connect(context)
+                api_connect(context, **overrides)
             except Exception as e:
                 self.fail_json(msg=str(e))
             else:
-- 
GitLab