Skip to content
Snippets Groups Projects
Select Git revision
  • 42b24616acc85958575ffbbe3a333d110da4c8c8
  • master default protected
  • v2.28.0
  • v2.27.0
  • v2.25.1
  • v2.24.3
  • v2.26.0
  • v2.24.2
  • v2.25.0
  • v2.24.1
  • v2.22.2
  • v2.23.3
  • v2.24.0
  • v2.23.2
  • v2.23.1
  • v2.23.0
  • v2.22.1
  • v2.22.0
  • v2.21.0
  • v2.20.0
  • v2.19.1
  • v2.18.2
22 results

ansible.md

Blame
  • ipamodule+member.py.in 9.91 KiB
    #!/usr/bin/python
    # -*- coding: utf-8 -*-
    
    # Authors:
    #   $author <$email>
    #
    # Copyright (C) $year Red Hat
    # see file 'COPYING' for use and warranty information
    #
    # This program is free software; you can redistribute it and/or modify
    # it under the terms of the GNU General Public License as published by
    # the Free Software Foundation, either version 3 of the License, or
    # (at your option) any later version.
    #
    # This program is distributed in the hope that it will be useful,
    # but WITHOUT ANY WARRANTY; without even the implied warranty of
    # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    # GNU General Public License for more details.
    #
    # You should have received a copy of the GNU General Public License
    # along with this program.  If not, see <http://www.gnu.org/licenses/>.
    
    ANSIBLE_METADATA = {
        "metadata_version": "1.0",
        "supported_by": "community",
        "status": ["preview"],
    }
    
    DOCUMENTATION = """
    ---
    module: ipa$name
    short description: Manage FreeIPA $name
    description: Manage FreeIPA $name and $name members
    extends_documentation_fragment:
      - ipamodule_base_docs
    options:
      name:
        description: The list of $name name strings.
        required: true
        aliases: ["API_PARAMETER_NAME"]
      PARAMETER1:
        description: DESCRIPTION
        required: REQUIRED
        aliases: ["API_PARAMETER_NAME"]
      PARAMETER2:
        description: member DESCRIPTION
        required: REQUIRED
        aliases: ["API_PARAMETER_NAME"]
      action:
        description: Work on $name or member level.
        choices: ["$name", "member"]
        default: $name
        required: false
      state:
        description: The state to ensure.
        choices: ["present", "absent"]
        default: present
        required: true
    """
    
    EXAMPLES = """
    # Ensure $name NAME is present
    - ipa$name:
        ipaadmin_password: SomeADMINpassword
        name: NAME
        PARAMETERS
    
    # Ensure $name "NAME" member PARAMETER2 VALUE is present
    - ipa$name:
        ipaadmin_password: SomeADMINpassword
        name: NAME
        PARAMETER2: VALUE
        action: member
    
    # Ensure $name "NAME" member PARAMETER2 VALUE is absent
    - ipa$name:
        ipaadmin_password: SomeADMINpassword
        name: NAME
        PARAMETER2: VALUE
        action: member
        state: absent
    
    # Ensure $name NAME is absent
    - ipa$name:
        ipaadmin_password: SomeADMINpassword
        name: NAME
        state: absent
    
    # Ensure $name NAME ...
    - ipa$name:
        ipaadmin_password: SomeADMINpassword
        name: NAME
        CHANGE PARAMETERS
    """
    
    RETURN = """
    """
    
    
    from ansible.module_utils.ansible_freeipa_module import \
        IPAAnsibleModule, compare_args_ipa, gen_add_del_lists, gen_add_list, \
        gen_intersection_list
    
    import six
    
    if six.PY3:
        unicode = str
    
    
    def find_$name(module, name):
        """Find if a $name with the given name already exist."""
        try:
            _result = module.ipa_command("$name_show", name, {"all": True})
        except Exception:  # pylint: disable=broad-except
            # An exception is raised if $name name is not found.
            return None
        else:
            return _result["result"]
    
    
    def gen_args(PARAMETER1):
        _args = {}
        if PARAMETER1 is not None:
            _args["API_PARAMETER1_NAME"] = PARAMETER1
        return _args
    
    
    def gen_member_args(PARAMETER2):
        _args = {}
        if PARAMETER2 is not None:
            _args["API_PARAMETER2_NAME"] = PARAMETER2
        return _args
    
    
    def main():
        ansible_module = IPAAnsibleModule(
            argument_spec=dict(
                # general
                name=dict(type="list", aliases=["API_PARAMETER_NAME"],
                          default=None, required=True),
                # present
                PARAMETER1=dict(required=False, type='str',
                                aliases=["API_PARAMETER_NAME"], default=None),
                PARAMETER2=dict(required=False, type='list',
                                aliases=["API_PARAMETER_NAME"], default=None),
                action=dict(type="str", default="$name",
                            choices=["member", "$name"]),
                # state
                state=dict(type="str", default="present",
                           choices=["present", "absent"]),
            ),
            supports_check_mode=True,
        )
    
        ansible_module._ansible_debug = True
    
        # Get parameters
    
        # general
        names = ansible_module.params_get("name")
    
        # present
        PARAMETER1 = ansible_module.params_get("PARAMETER1")
        PARAMETER2 = ansible_module.params_get("PARAMETER2")
        action = ansible_module.params_get("action")
    
        # state
        state = ansible_module.params_get("state")
    
        # Check parameters
    
        invalid = []
    
        if state == "present":
            if len(names) != 1:
                ansible_module.fail_json(
                    msg="Only one $name can be added at a time.")
            if action == "member":
                invalid = ["PARAMETER1"]
    
        if state == "absent":
            if len(names) < 1:
                ansible_module.fail_json(msg="No name given.")
            invalid = ["PARAMETER1"]
            if action == "$name":
                invalid.append("PARAMETER2")
    
        ansible_module.params_fail_used_invalid(invalid, state, action)
    
        # Init
    
        changed = False
        exit_args = {}
    
        # Connect to IPA API
        with ansible_module.ipa_connect():
    
            commands = []
            for name in names:
                # Make sure $name exists
                res_find = find_$name(ansible_module, name)
    
                # Create command
                if state == "present":
    
                    # Generate args
                    args = gen_args(PARAMETER1)
    
                    if action == "$name":
                        # Found the $name
                        if res_find is not None:
                            # For all settings is args, check if there are
                            # different settings in the find result.
                            # If yes: modify
                            if not compare_args_ipa(ansible_module, args,
                                                    res_find):
                                commands.append([name, "$name_mod", args])
                        else:
                            commands.append([name, "$name_add", args])
    
                        member_args = gen_member_args(PARAMETER2)
                        if not compare_args_ipa(ansible_module, member_args,
                                                res_find):
    
                            # Generate addition and removal lists
                            PARAMETER2_add, PARAMETER2_del = gen_add_del_lists(
                                    PARAMETER2, res_find.get("member_PARAMETER2"))
    
                            # Add members
                            if len(PARAMETER2_add) > 0:
                                commands.append([name, "$name_add_member",
                                                 {
                                                     "PARAMETER2": PARAMETER2_add,
                                                 }])
                            # Remove members
                            if len(PARAMETER2_del) > 0:
                                commands.append([name, "$name_remove_member",
                                                 {
                                                     "PARAMETER2": PARAMETER2_del,
                                                 }])
    
                    elif action == "member":
                        if res_find is None:
                            ansible_module.fail_json(
                                msg="No $name '%s'" % name)
    
                        # Reduce add lists for PARAMETER2
                        # to new entries only that are not in res_find.
                        if PARAMETER2 is not None and \
                           "API_PARAMETER2_NAME" in res_find:
                            PARAMETER2 = gen_add_list(
                                PARAMETER2, res_find["API_PARAMETER2_NAME"])
    
                        if PARAMETER2 is not None:
                            commands.append([name, "$name_add_member",
                                             {
                                                 "PARAMETER2": PARAMETER2,
                                             }])
    
                elif state == "absent":
                    if action == "$name":
                        if res_find is not None:
                            commands.append([name, "$name_del", {}])
    
                    elif action == "member":
                        if res_find is None:
                            ansible_module.fail_json(
                                msg="No $name '%s'" % name)
    
                        # Reduce del lists of member_host and member_hostgroup,
                        # to the entries only that are in res_find.
                        if PARAMETER2 is not None:
                            PARAMETER2 = gen_intersection_list(
                                PARAMETER2, res_find.get("API_PARAMETER2_NAME"))
    
                        if PARAMETER2 is not None:
                            commands.append([name, "$name_remove_member",
                                             {
                                                 "PARAMETER2": PARAMETER2,
                                             }])
    
                else:
                    ansible_module.fail_json(msg="Unkown state '%s'" % state)
    
    
            # Execute commands
    
            #
            # To handle default member errors there is a static method
            # IPAAnsibleModule.handle_member_errors. It can be enabled with
            # fail_on_member_failures=True for execute_ipa_commands.
            # There might be cases in which this needs to be either done
            # manually or extended.
            #
            # Example:
            #
            # pylint: disable=unused-argument
            # def result_handler(module, result, command, name, args, errors):
            #     # Get all errors
            #     IPAAnsibleModule.handle_member_errors(module, result, command,
            #                                           name, args, errors)
            #     if "MY ERROR" in result.get("failed",[]):
            #         errors.append("My error")
            #
            # # Execute commands
            #
            # changed = ansible_module.execute_ipa_commands(commands,
            #                                               result_handler)
            #
    
            changed = ansible_module.execute_ipa_commands(
                commands, fail_on_member_failures=True)
    
        # Done
    
        ansible_module.exit_json(changed=changed, **exit_args)
    
    
    if __name__ == "__main__":
        main()