ipaadmin_variables are handled by IPAAnsibleModule,
ansible_module.params_get is used to get the parameters and
ansible_module.ipa_connect is used to simplify the module.

ipaadmin_variables are handled by IPAAnsibleModule,
ansible_module.params_get is used to get the parameters and
ansible_module.ipa_connect is used to simplify the module.

This class is an extended version of the Ansible Module that provides
IPA specific methods to simplify module generation.

Simple example:

    from ansible.module_utils.ansible_freeipa_module import \
        IPAAnsibleModule

    def main():
        ansible_module = IPAAnsibleModule(
            argument_spec=dict(
                  name=dict(type="str", aliases=["cn"], default=None),
                  state=dict(type="str", default="present",
                             choices=["present", "absent"]),
            ),
        )

        # Get parameters
        name = ansible_module.params_get("name")
        state = ansible_module.params_get("state")

        # Connect to IPA API
        with ansible_module.ipa_connect():

            # Execute command
            if state == "present":
                ansible_module.ipa_command(["command_add", name, {}])
            else:
                ansible_module.ipa_command(["command_del", name, {}])

        # Done

        ansible_module.exit_json(changed=True)

    if __name__ == "__main__":
        main()

This PR sets pylint to version 2.10.2 in all linter actions, and
fixes code in plugins so that this version new checks are either
satisfied or ignored if needed.

There are common parameters in all modules like ipaadmin_principal and
ipaadmin_password. As this list of common parameters will be extended
soon, there is a need to reduce the code and documentation duplicates.

A ModuleDocFragment is added to provide the module documentation for the
common parameters. This is used in the modules with
extends_documentation_fragment.

ansible_freeipa_module has additional ipamodule_base_spec and
get_ipamodule_base_vars. ipamodule_base_spec extends argument_spec in
the module and get_ipamodule_base_vars is used to return a dict
containing the common parameters.

Use gen_add_list and gen_intersection_list for host, hostgroup, user,
group, allow_sudocmd, allow_sudocmdgroup, deny_sudocmd, deny_sudocmdgroup,
sudooption, runasuser, runasgroup and res_find member handling.

The functions are used to reduce the add lists to the new entries
only and the delete lists to the entries that are in the user and
the show list result.

This enables to remove the ignores for "already a member" and
"not a member" errors..

Single hostnames can be used for hbacrule_add_host and will match fqdn
in IPA internally. Simple host names have to be extended to be FQDN to
be able to compare them for _host_add and _host_remove.

Two new functions have been added to ansible_freeipa_module:

- api_get_domain - Get the domain from the api
- ensure_fqdn - Extend a single name with the domain

This fixes #617 - hbacrule_add_host: already a member

Modules that support `state: renamed` have `new_name` as an alias
for the `rename` variable. This patch makes ipapermission consistent
with other modules.

There is a new automount location management module placed in the plugins folder:

plugins/modules/ipaautomountlocation.py

This module allows to ensure presence and absence of automount locations
that act as containers for automount onjects in ipa.

Here is the documentation for the module:

README-automountlocation.md

New example playbooks have been added:

playbooks/automount/automount-location-absent.yml
playbooks/automount/automount-location-present.yml

New tests for the module:

tests/automount/test_automountlocation.yml

The automember_add_condition and automember_remove_condition commands
are not verifying condition keys in all cases. This is for example not
done in the removal case if a condition is not part of the automember
rule.

For consistent behaviour this needs to be done in the automember module
now. The condition keys are verified with the user and group aciattrs
returned by the API command json_metadata now.

Related: RHBZ#1976926

result["failed"] is used only for INCLUDE_RE, EXCLUDE_RE if entries could
not be added that are already there and it entries could not be removed
that are not there.

All other issues like invalid attributes etc. are handled as exceptions.
Therefore the error section is not here as in other modules.

Fixes RHBZ#1979626

Change, in the module documentation, the attribute named 'usergroup'
to 'group', as it is used in the code.

The parameters in the inclusive and exclusive dicts are not defined and
also not checked. Therefore it is possible to have parameters in the
dicts that are not used.

The dicts for the inclusive and exclusive parameters are now defined and
also added to the description.

The action is service and member for the module, but it needs to be the
module name and member.

    There is a new automember management module placed in the plugins folder:

        plugins/modules/ipaautomember.py

    The automember module allows to ensure presence or absence of automember rules
    and manage automember rule conditions.

    Here is the documentation for the module:

        README-automember.md

    New example playbooks have been added:

        playbooks/automember/automember-group-absent.yml
        playbooks/automember/automember-group-present.yml
        playbooks/automember/automember-hostgroup-absent.yml
        playbooks/automember/automember-hostgroup-present.yml
        playbooks/automember/automember-hostgroup-rule-absent.yml
        playbooks/automember/automember-hostgroup-rule-present.yml

    New tests for the module:

        tests/automember/test_automember.yml

Use gen_add_list and gen_intersection_list for host, hostgroup,
membermanager_user and membermanager_group member handling.

The functions are used to reduce the add lists to the new entries
only and the delete lists to the entries that are in the user and
the show list result.

This enables to remove the ignores for "already a member" and
"not a member" errors..

Use gen_add_list and gen_intersection_list for user, group, service,
externalmember, membermanager_user and membermanager_group member
handling.
The functions are used to reduce the add lists to the new entries
only and the delete lists to the entries that are in the user and
the show list result.

This enables to remove the ignores for "already a member" and
"not a member" errors..

We still need to support Python 2.

Fixed usage of `else` right after return, or disable pylint
evaluation when it would play against code readability.

In some places, disabling the warnings rather than fixing it required
less changes, without compromising readability.

The no_members parameter is added to args for the api command. But
no_members is never part of res_find from user-show, therefore this
parameter needs to be ignored in compare_args_ipa.

This is needed to prevent an error in the idempotency test where a
user is ensured again with the same settings.

The new argument ignore has been added to compare_args_ipa to ignore
attributes while comparing attributes of the user args and the object
args returned from IPA find or show command.

This code is using changes from
- Wolskie in PR #392
- jake2184 in PR #486

Currently user, group, host, hostgoup, hbacsvc and hbacsvcgroup members
are always added and removed with hbacrule_add_.. and hbacrule_remove_..
if they are given as parameters with action: member.

Now the module is using the new functions gen_intersection_list and
gen_add_list from ansible_freeipa_module to reduce the lists to the items
only that are needed to be added or removed.

The errors "already a member" and "not a member" are not ignored
anymore now while executing the comamnds.

Two new functions have been added for member management in plugins:

gen_add_list(user_list, res_list)
    Generate the add list for addition of new members.

gen_intersection_list(user_list, res_list)
    Generate the intersection list for removal of existing members.

gen_add_list should be used to add new members with action: members and
state: present. It is returning the difference of the user and res list
if the user list is not None.

gen_intersection_list should be used to remove existing members with
action: members and state: absent. It is returning the intersection of
the user and res list if the user list is not None.

Instead o importing ipalib.errors, modules must use
ansible_freeipa_module.ipalib_errors.