Skip to content
Snippets Groups Projects
Commit fc218878 authored by Thomas Woerner's avatar Thomas Woerner
Browse files

vault: Use IPAAnsibleModule class

ipaadmin_variables are handled by IPAAnsibleModule,
ansible_module.params_get is used to get the parameters and
ansible_module.ipa_connect is used to simplify the module.
parent af0b782f
No related branches found
No related tags found
No related merge requests found
......@@ -31,13 +31,9 @@ DOCUMENTATION = """
module: ipavault
short description: Manage vaults and secret vaults.
description: Manage vaults and secret vaults. KRA service must be enabled.
extends_documentation_fragment:
- ipamodule_base_docs
options:
ipaadmin_principal:
description: The admin principal
default: admin
ipaadmin_password:
description: The admin password
required: false
name:
description: The vault name
required: true
......@@ -317,12 +313,9 @@ vault:
import os
from base64 import b64decode
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils._text import to_text
from ansible.module_utils.ansible_freeipa_module import temp_kinit, \
temp_kdestroy, valid_creds, api_connect, api_command, \
gen_add_del_lists, compare_args_ipa, module_params_get, exit_raw_json, \
ipalib_errors
from ansible.module_utils.ansible_freeipa_module import IPAAnsibleModule, \
gen_add_del_lists, compare_args_ipa, exit_raw_json, ipalib_errors
def find_vault(module, name, username, service, shared):
......@@ -338,7 +331,7 @@ def find_vault(module, name, username, service, shared):
else:
_args['shared'] = shared
_result = api_command(module, "vault_find", name, _args)
_result = module.ipa_command("vault_find", name, _args)
if len(_result["result"]) > 1:
module.fail_json(
......@@ -579,7 +572,7 @@ def get_stored_data(module, res_find, args):
# retrieve vault stored data
try:
result = api_command(module, 'vault_retrieve', name, pwdargs)
result = module.ipa_command('vault_retrieve', name, pwdargs)
except ipalib_errors.NotFound:
return None
......@@ -587,12 +580,9 @@ def get_stored_data(module, res_find, args):
def main():
ansible_module = AnsibleModule(
ansible_module = IPAAnsibleModule(
argument_spec=dict(
# generalgroups
ipaadmin_principal=dict(type="str", default="admin"),
ipaadmin_password=dict(type="str", required=False, no_log=True),
name=dict(type="list", aliases=["cn"], default=None,
required=True),
......@@ -663,45 +653,40 @@ def main():
ansible_module._ansible_debug = True
# general
ipaadmin_principal = module_params_get(ansible_module,
"ipaadmin_principal")
ipaadmin_password = module_params_get(ansible_module, "ipaadmin_password")
names = module_params_get(ansible_module, "name")
names = ansible_module.params_get("name")
# present
description = module_params_get(ansible_module, "description")
username = module_params_get(ansible_module, "username")
service = module_params_get(ansible_module, "service")
shared = module_params_get(ansible_module, "shared")
users = module_params_get(ansible_module, "users")
groups = module_params_get(ansible_module, "groups")
services = module_params_get(ansible_module, "services")
owners = module_params_get(ansible_module, "owners")
ownergroups = module_params_get(ansible_module, "ownergroups")
ownerservices = module_params_get(ansible_module, "ownerservices")
vault_type = module_params_get(ansible_module, "vault_type")
salt = module_params_get(ansible_module, "vault_salt")
password = module_params_get(ansible_module, "vault_password")
password_file = module_params_get(ansible_module, "vault_password_file")
new_password = module_params_get(ansible_module, "new_password")
new_password_file = module_params_get(ansible_module, "new_password_file")
public_key = module_params_get(ansible_module, "vault_public_key")
public_key_file = module_params_get(ansible_module,
"vault_public_key_file")
private_key = module_params_get(ansible_module, "vault_private_key")
private_key_file = module_params_get(ansible_module,
"vault_private_key_file")
vault_data = module_params_get(ansible_module, "vault_data")
datafile_in = module_params_get(ansible_module, "datafile_in")
datafile_out = module_params_get(ansible_module, "datafile_out")
action = module_params_get(ansible_module, "action")
state = module_params_get(ansible_module, "state")
description = ansible_module.params_get("description")
username = ansible_module.params_get("username")
service = ansible_module.params_get("service")
shared = ansible_module.params_get("shared")
users = ansible_module.params_get("users")
groups = ansible_module.params_get("groups")
services = ansible_module.params_get("services")
owners = ansible_module.params_get("owners")
ownergroups = ansible_module.params_get("ownergroups")
ownerservices = ansible_module.params_get("ownerservices")
vault_type = ansible_module.params_get("vault_type")
salt = ansible_module.params_get("vault_salt")
password = ansible_module.params_get("vault_password")
password_file = ansible_module.params_get("vault_password_file")
new_password = ansible_module.params_get("new_password")
new_password_file = ansible_module.params_get("new_password_file")
public_key = ansible_module.params_get("vault_public_key")
public_key_file = ansible_module.params_get("vault_public_key_file")
private_key = ansible_module.params_get("vault_private_key")
private_key_file = ansible_module.params_get("vault_private_key_file")
vault_data = ansible_module.params_get("vault_data")
datafile_in = ansible_module.params_get("datafile_in")
datafile_out = ansible_module.params_get("datafile_out")
action = ansible_module.params_get("action")
state = ansible_module.params_get("state")
# Check parameters
......@@ -732,18 +717,11 @@ def main():
changed = False
exit_args = {}
ccache_dir = None
ccache_name = None
try:
if not valid_creds(ansible_module, ipaadmin_principal):
ccache_dir, ccache_name = temp_kinit(ipaadmin_principal,
ipaadmin_password)
# Need to set krb5 ccache name, due to context='ansible-freeipa'
with ansible_module.ipa_connect(context='ansible-freeipa') as ccache_name:
if ccache_name is not None:
os.environ["KRB5CCNAME"] = ccache_name
api_connect(context='ansible-freeipa')
commands = []
for name in names:
......@@ -970,7 +948,7 @@ def main():
errors = []
for name, command, args in commands:
try:
result = api_command(ansible_module, command, name, args)
result = ansible_module.ipa_command(command, name, args)
if command == 'vault_archive':
changed = 'Archived data into' in result['summary']
......@@ -1012,12 +990,6 @@ def main():
if len(errors) > 0:
ansible_module.fail_json(msg=", ".join(errors))
except Exception as exception:
ansible_module.fail_json(msg=str(exception))
finally:
temp_kdestroy(ccache_dir, ccache_name)
# Done
# exit_raw_json is a replacement for ansible_module.exit_json that
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment