From fc218878686e7cc52e8401ccc8a03ab2e06a22f2 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Thu, 26 Aug 2021 20:45:38 +0200
Subject: [PATCH] vault: Use IPAAnsibleModule class

ipaadmin_variables are handled by IPAAnsibleModule,
ansible_module.params_get is used to get the parameters and
ansible_module.ipa_connect is used to simplify the module.
---
 plugins/modules/ipavault.py | 114 ++++++++++++++----------------------
 1 file changed, 43 insertions(+), 71 deletions(-)

diff --git a/plugins/modules/ipavault.py b/plugins/modules/ipavault.py
index 5b8a5484..7af6c353 100644
--- a/plugins/modules/ipavault.py
+++ b/plugins/modules/ipavault.py
@@ -31,13 +31,9 @@ DOCUMENTATION = """
 module: ipavault
 short description: Manage vaults and secret vaults.
 description: Manage vaults and secret vaults. KRA service must be enabled.
+extends_documentation_fragment:
+  - ipamodule_base_docs
 options:
-  ipaadmin_principal:
-    description: The admin principal
-    default: admin
-  ipaadmin_password:
-    description: The admin password
-    required: false
   name:
     description: The vault name
     required: true
@@ -317,12 +313,9 @@ vault:
 
 import os
 from base64 import b64decode
-from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils._text import to_text
-from ansible.module_utils.ansible_freeipa_module import temp_kinit, \
-    temp_kdestroy, valid_creds, api_connect, api_command, \
-    gen_add_del_lists, compare_args_ipa, module_params_get, exit_raw_json, \
-    ipalib_errors
+from ansible.module_utils.ansible_freeipa_module import IPAAnsibleModule, \
+    gen_add_del_lists, compare_args_ipa, exit_raw_json, ipalib_errors
 
 
 def find_vault(module, name, username, service, shared):
@@ -338,7 +331,7 @@ def find_vault(module, name, username, service, shared):
     else:
         _args['shared'] = shared
 
-    _result = api_command(module, "vault_find", name, _args)
+    _result = module.ipa_command("vault_find", name, _args)
 
     if len(_result["result"]) > 1:
         module.fail_json(
@@ -579,7 +572,7 @@ def get_stored_data(module, res_find, args):
 
     # retrieve vault stored data
     try:
-        result = api_command(module, 'vault_retrieve', name, pwdargs)
+        result = module.ipa_command('vault_retrieve', name, pwdargs)
     except ipalib_errors.NotFound:
         return None
 
@@ -587,12 +580,9 @@ def get_stored_data(module, res_find, args):
 
 
 def main():
-    ansible_module = AnsibleModule(
+    ansible_module = IPAAnsibleModule(
         argument_spec=dict(
             # generalgroups
-            ipaadmin_principal=dict(type="str", default="admin"),
-            ipaadmin_password=dict(type="str", required=False, no_log=True),
-
             name=dict(type="list", aliases=["cn"], default=None,
                       required=True),
 
@@ -663,45 +653,40 @@ def main():
     ansible_module._ansible_debug = True
 
     # general
-    ipaadmin_principal = module_params_get(ansible_module,
-                                           "ipaadmin_principal")
-    ipaadmin_password = module_params_get(ansible_module, "ipaadmin_password")
-    names = module_params_get(ansible_module, "name")
+    names = ansible_module.params_get("name")
 
     # present
-    description = module_params_get(ansible_module, "description")
-
-    username = module_params_get(ansible_module, "username")
-    service = module_params_get(ansible_module, "service")
-    shared = module_params_get(ansible_module, "shared")
-
-    users = module_params_get(ansible_module, "users")
-    groups = module_params_get(ansible_module, "groups")
-    services = module_params_get(ansible_module, "services")
-    owners = module_params_get(ansible_module, "owners")
-    ownergroups = module_params_get(ansible_module, "ownergroups")
-    ownerservices = module_params_get(ansible_module, "ownerservices")
-
-    vault_type = module_params_get(ansible_module, "vault_type")
-    salt = module_params_get(ansible_module, "vault_salt")
-    password = module_params_get(ansible_module, "vault_password")
-    password_file = module_params_get(ansible_module, "vault_password_file")
-    new_password = module_params_get(ansible_module, "new_password")
-    new_password_file = module_params_get(ansible_module, "new_password_file")
-    public_key = module_params_get(ansible_module, "vault_public_key")
-    public_key_file = module_params_get(ansible_module,
-                                        "vault_public_key_file")
-    private_key = module_params_get(ansible_module, "vault_private_key")
-    private_key_file = module_params_get(ansible_module,
-                                         "vault_private_key_file")
-
-    vault_data = module_params_get(ansible_module, "vault_data")
-
-    datafile_in = module_params_get(ansible_module, "datafile_in")
-    datafile_out = module_params_get(ansible_module, "datafile_out")
-
-    action = module_params_get(ansible_module, "action")
-    state = module_params_get(ansible_module, "state")
+    description = ansible_module.params_get("description")
+
+    username = ansible_module.params_get("username")
+    service = ansible_module.params_get("service")
+    shared = ansible_module.params_get("shared")
+
+    users = ansible_module.params_get("users")
+    groups = ansible_module.params_get("groups")
+    services = ansible_module.params_get("services")
+    owners = ansible_module.params_get("owners")
+    ownergroups = ansible_module.params_get("ownergroups")
+    ownerservices = ansible_module.params_get("ownerservices")
+
+    vault_type = ansible_module.params_get("vault_type")
+    salt = ansible_module.params_get("vault_salt")
+    password = ansible_module.params_get("vault_password")
+    password_file = ansible_module.params_get("vault_password_file")
+    new_password = ansible_module.params_get("new_password")
+    new_password_file = ansible_module.params_get("new_password_file")
+    public_key = ansible_module.params_get("vault_public_key")
+    public_key_file = ansible_module.params_get("vault_public_key_file")
+    private_key = ansible_module.params_get("vault_private_key")
+    private_key_file = ansible_module.params_get("vault_private_key_file")
+
+    vault_data = ansible_module.params_get("vault_data")
+
+    datafile_in = ansible_module.params_get("datafile_in")
+    datafile_out = ansible_module.params_get("datafile_out")
+
+    action = ansible_module.params_get("action")
+    state = ansible_module.params_get("state")
 
     # Check parameters
 
@@ -732,17 +717,10 @@ def main():
 
     changed = False
     exit_args = {}
-    ccache_dir = None
-    ccache_name = None
-    try:
-        if not valid_creds(ansible_module, ipaadmin_principal):
-            ccache_dir, ccache_name = temp_kinit(ipaadmin_principal,
-                                                 ipaadmin_password)
-            # Need to set krb5 ccache name, due to context='ansible-freeipa'
-            if ccache_name is not None:
-                os.environ["KRB5CCNAME"] = ccache_name
 
-        api_connect(context='ansible-freeipa')
+    with ansible_module.ipa_connect(context='ansible-freeipa') as ccache_name:
+        if ccache_name is not None:
+            os.environ["KRB5CCNAME"] = ccache_name
 
         commands = []
 
@@ -970,7 +948,7 @@ def main():
         errors = []
         for name, command, args in commands:
             try:
-                result = api_command(ansible_module, command, name, args)
+                result = ansible_module.ipa_command(command, name, args)
 
                 if command == 'vault_archive':
                     changed = 'Archived data into' in result['summary']
@@ -1012,12 +990,6 @@ def main():
         if len(errors) > 0:
             ansible_module.fail_json(msg=", ".join(errors))
 
-    except Exception as exception:
-        ansible_module.fail_json(msg=str(exception))
-
-    finally:
-        temp_kdestroy(ccache_dir, ccache_name)
-
     # Done
 
     # exit_raw_json is a replacement for ansible_module.exit_json that
-- 
GitLab