vault: Use IPAAnsibleModule class

ipaadmin_variables are handled by IPAAnsibleModule, ansible_module.params_get is used to get the parameters and ansible_module.ipa_connect is used to simplify the module.

vault: Use IPAAnsibleModule class
fc218878 · Thomas Woerner · af0b782f · fc218878
Commit fc218878 authored 3 years ago by Thomas Woerner
--- a/plugins/modules/ipavault.py
+++ b/plugins/modules/ipavault.py
@@ -31,13 +31,9 @@ DOCUMENTATION = """
 module: ipavault
 short description: Manage vaults and secret vaults.
 description: Manage vaults and secret vaults. KRA service must be enabled.
+extends_documentation_fragment:
+  - ipamodule_base_docs
 options:
-  ipaadmin_principal:
-    description: The admin principal
-    default: admin
-  ipaadmin_password:
-    description: The admin password
-    required: false
  name:
    description: The vault name
    required: true
@@ -317,12 +313,9 @@ vault:
 import os
 from base64 import b64decode
-from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils._text import to_text
-from ansible.module_utils.ansible_freeipa_module import temp_kinit, \
+from ansible.module_utils.ansible_freeipa_module import IPAAnsibleModule, \
-    temp_kdestroy, valid_creds, api_connect, api_command, \
+    gen_add_del_lists, compare_args_ipa, exit_raw_json, ipalib_errors
-    gen_add_del_lists, compare_args_ipa, module_params_get, exit_raw_json, \
-    ipalib_errors
 def find_vault(module, name, username, service, shared):
@@ -338,7 +331,7 @@ def find_vault(module, name, username, service, shared):
    else:
        _args['shared'] = shared
-    _result = api_command(module, "vault_find", name, _args)
+    _result = module.ipa_command("vault_find", name, _args)
    if len(_result["result"]) > 1:
        module.fail_json(
@@ -579,7 +572,7 @@ def get_stored_data(module, res_find, args):
    # retrieve vault stored data
    try:
-        result = api_command(module, 'vault_retrieve', name, pwdargs)
+        result = module.ipa_command('vault_retrieve', name, pwdargs)
    except ipalib_errors.NotFound:
        return None
@@ -587,12 +580,9 @@ def get_stored_data(module, res_find, args):
 def main():
-    ansible_module = AnsibleModule(
+    ansible_module = IPAAnsibleModule(
        argument_spec=dict(
            # generalgroups
-            ipaadmin_principal=dict(type="str", default="admin"),
-            ipaadmin_password=dict(type="str", required=False, no_log=True),
            name=dict(type="list", aliases=["cn"], default=None,
                      required=True),
@@ -663,45 +653,40 @@ def main():
    ansible_module._ansible_debug = True
    # general
-    ipaadmin_principal = module_params_get(ansible_module,
+    names = ansible_module.params_get("name")
-                                           "ipaadmin_principal")
-    ipaadmin_password = module_params_get(ansible_module, "ipaadmin_password")
-    names = module_params_get(ansible_module, "name")
    # present
-    description = module_params_get(ansible_module, "description")
+    description = ansible_module.params_get("description")
-    username = module_params_get(ansible_module, "username")
+    username = ansible_module.params_get("username")
-    service = module_params_get(ansible_module, "service")
+    service = ansible_module.params_get("service")
-    shared = module_params_get(ansible_module, "shared")
+    shared = ansible_module.params_get("shared")
-    users = module_params_get(ansible_module, "users")
+    users = ansible_module.params_get("users")
-    groups = module_params_get(ansible_module, "groups")
+    groups = ansible_module.params_get("groups")
-    services = module_params_get(ansible_module, "services")
+    services = ansible_module.params_get("services")
-    owners = module_params_get(ansible_module, "owners")
+    owners = ansible_module.params_get("owners")
-    ownergroups = module_params_get(ansible_module, "ownergroups")
+    ownergroups = ansible_module.params_get("ownergroups")
-    ownerservices = module_params_get(ansible_module, "ownerservices")
+    ownerservices = ansible_module.params_get("ownerservices")
-    vault_type = module_params_get(ansible_module, "vault_type")
+    vault_type = ansible_module.params_get("vault_type")
-    salt = module_params_get(ansible_module, "vault_salt")
+    salt = ansible_module.params_get("vault_salt")
-    password = module_params_get(ansible_module, "vault_password")
+    password = ansible_module.params_get("vault_password")
-    password_file = module_params_get(ansible_module, "vault_password_file")
+    password_file = ansible_module.params_get("vault_password_file")
-    new_password = module_params_get(ansible_module, "new_password")
+    new_password = ansible_module.params_get("new_password")
-    new_password_file = module_params_get(ansible_module, "new_password_file")
+    new_password_file = ansible_module.params_get("new_password_file")
-    public_key = module_params_get(ansible_module, "vault_public_key")
+    public_key = ansible_module.params_get("vault_public_key")
-    public_key_file = module_params_get(ansible_module,
+    public_key_file = ansible_module.params_get("vault_public_key_file")
-                                        "vault_public_key_file")
+    private_key = ansible_module.params_get("vault_private_key")
-    private_key = module_params_get(ansible_module, "vault_private_key")
+    private_key_file = ansible_module.params_get("vault_private_key_file")
-    private_key_file = module_params_get(ansible_module,
-                                         "vault_private_key_file")
+    vault_data = ansible_module.params_get("vault_data")
-    vault_data = module_params_get(ansible_module, "vault_data")
+    datafile_in = ansible_module.params_get("datafile_in")
+    datafile_out = ansible_module.params_get("datafile_out")
-    datafile_in = module_params_get(ansible_module, "datafile_in")
-    datafile_out = module_params_get(ansible_module, "datafile_out")
+    action = ansible_module.params_get("action")
+    state = ansible_module.params_get("state")
-    action = module_params_get(ansible_module, "action")
-    state = module_params_get(ansible_module, "state")
    # Check parameters
@@ -732,18 +717,11 @@ def main():
    changed = False
    exit_args = {}
-    ccache_dir = None
-    ccache_name = None
+    with ansible_module.ipa_connect(context='ansible-freeipa') as ccache_name:
-    try:
-        if not valid_creds(ansible_module, ipaadmin_principal):
-            ccache_dir, ccache_name = temp_kinit(ipaadmin_principal,
-                                                 ipaadmin_password)
-            # Need to set krb5 ccache name, due to context='ansible-freeipa'
        if ccache_name is not None:
            os.environ["KRB5CCNAME"] = ccache_name
-        api_connect(context='ansible-freeipa')
        commands = []
        for name in names:
@@ -970,7 +948,7 @@ def main():
        errors = []
        for name, command, args in commands:
            try:
-                result = api_command(ansible_module, command, name, args)
+                result = ansible_module.ipa_command(command, name, args)
                if command == 'vault_archive':
                    changed = 'Archived data into' in result['summary']
@@ -1012,12 +990,6 @@ def main():
        if len(errors) > 0:
            ansible_module.fail_json(msg=", ".join(errors))
-    except Exception as exception:
-        ansible_module.fail_json(msg=str(exception))
-    finally:
-        temp_kdestroy(ccache_dir, ccache_name)
    # Done
    # exit_raw_json is a replacement for ansible_module.exit_json that