iparole: Use global member management method.

Change iparole to use the global member management method. NOTE: This changes modify the behavior of the 'service' memeber, without preserving case.
freeipa · Jan 22, 2023 · 65b9991 · 65b9991
1 parent c3a6f06
commit 65b9991
Showing 1 changed file with 73 additions and 129 deletions.
diff --git a/plugins/modules/iparole.py b/plugins/modules/iparole.py
@@ -128,8 +128,8 @@
 # pylint: disable=no-name-in-module
 from ansible.module_utils._text import to_text
 from ansible.module_utils.ansible_freeipa_module import \
-    IPAAnsibleModule, gen_add_del_lists, compare_args_ipa, \
-    gen_intersection_list, ensure_fqdn
+    IPAAnsibleModule, compare_args_ipa, \
+    ensure_fqdn, gen_member_manage_commands
 from ansible.module_utils import six
 
 if six.PY3:
@@ -144,7 +144,11 @@ def find_role(module, name):
         # An exception is raised if role name is not found.
         return None
     else:
-        return _result["result"]
+        _res = _result["result"]
+        for member in ["member_service", "memberof_privilege"]:
+            if member in _res:
+                _res[member] = [to_text(x).lower() for x in _res[member]]
+        return _res
 
 
 def gen_args(module):
@@ -206,58 +210,6 @@ def get_member_host_with_fqdn_lowercase(module, mod_member):
     )
 
 
-def ensure_absent_state(module, name, action, res_find):
-    """Define commands to ensure absent state."""
-    commands = []
-
-    if action == "role":
-        commands.append([name, 'role_del', {}])
-
-    if action == "member":
-
-        _members = module.params_get_lowercase("privilege")
-        if _members is not None:
-            del_list = gen_intersection_list(
-                _members,
-                result_get_value_lowercase(res_find, "memberof_privilege")
-            )
-            if del_list:
-                commands.append([name, "role_remove_privilege",
-                                 {"privilege": del_list}])
-
-        member_args = {}
-        for key in ['user', 'group', 'hostgroup']:
-            _members = module.params_get_lowercase(key)
-            if _members:
-                del_list = gen_intersection_list(
-                    _members,
-                    result_get_value_lowercase(res_find, "member_%s" % key)
-                )
-                if del_list:
-                    member_args[key] = del_list
-
-        # ensure hosts are FQDN.
-        _members = get_member_host_with_fqdn_lowercase(module, "host")
-        if _members:
-            del_list = gen_intersection_list(
-                _members, res_find.get('member_host'))
-            if del_list:
-                member_args["host"] = del_list
-
-        _services = get_service_param(module, "service")
-        if _services:
-            _existing = result_get_value_lowercase(res_find, "member_service")
-            items = gen_intersection_list(_services.keys(), _existing)
-            if items:
-                member_args["service"] = [_services[key] for key in items]
-
-        # Only add remove command if there's at least one member no manage.
-        if member_args:
-            commands.append([name, "role_remove_member", member_args])
-
-    return commands
-
-
 def get_service_param(module, key):
     """
     Retrieve dict of services, with realm, from the module parameters.
@@ -301,77 +253,69 @@ def result_get_value_lowercase(res_find, key, default=None):
     return existing
 
 
-def gen_services_add_del_lists(module, mod_member, res_find, res_member):
-    """Generate add/del lists for service principals."""
-    add_list, del_list = None, None
-    _services = get_service_param(module, mod_member)
-    if _services is not None:
-        _existing = result_get_value_lowercase(res_find, res_member)
-        add_list, del_list = gen_add_del_lists(_services.keys(), _existing)
-        if add_list:
-            add_list = [_services[key] for key in add_list]
-        if del_list:
-            del_list = [to_text(item) for item in del_list]
-    return add_list, del_list
-
-
-def ensure_role_with_members_is_present(module, name, res_find, action):
-    """Define commands to ensure member are present for action `role`."""
-    commands = []
-
-    _members = module.params_get_lowercase("privilege")
-    if _members:
-        add_list, del_list = gen_add_del_lists(
-            _members,
-            result_get_value_lowercase(res_find, "memberof_privilege")
+def manage_members(module, res_find, name):
+    _cmds = []
+
+    # result_get_value_lowercase(res_find, "memberof_privilege")
+    _cmds.extend(
+        gen_member_manage_commands(
+            module,
+            res_find,
+            name,
+            "role_add_privilege",
+            "role_remove_privilege",
+            ipa_params=dict(
+                privilege=dict(
+                    param="privilege",
+                    ldap="memberof_privilege",
+                    values=module.params_get_lowercase("privilege")
+                )
+            )
         )
+    )
 
-        if add_list:
-            commands.append([name, "role_add_privilege",
-                             {"privilege": add_list}])
-        if action == "role" and del_list:
-            commands.append([name, "role_remove_privilege",
-                             {"privilege": del_list}])
-
-    add_members = {}
-    del_members = {}
-
-    for key in ["user", "group", "hostgroup"]:
-        _members = module.params_get_lowercase(key)
-        if _members is not None:
-            add_list, del_list = gen_add_del_lists(
-                _members,
-                result_get_value_lowercase(res_find, "member_%s" % key)
+    _cmds.extend(
+        gen_member_manage_commands(
+            module,
+            res_find,
+            name,
+            "role_add_member",
+            "role_remove_member",
+            ipa_params=dict(
+                host=dict(
+                    param="host",
+                    ldap="member_host",
+                    values=get_member_host_with_fqdn_lowercase(module, "host")
+                ),
+                user=dict(
+                    param="user",
+                    ldap="member_user",
+                    values=module.params_get_lowercase("user")
+                ),
+                group=dict(
+                    param="group",
+                    ldap="member_group",
+                    values=module.params_get_lowercase("group")
+                ),
+                hostgroup=dict(
+                    param="hostgroup",
+                    ldap="member_hostgroup",
+                    values=module.params_get_lowercase("hostgroup")
+                ),
+                service=dict(
+                    param="service",
+                    ldap="member_service",
+                    values=[
+                        to_text(x).lower() for x in (
+                            get_service_param(module, "service") or {}
+                        ).values()
+                    ]
+                ),
             )
-            if add_list:
-                add_members[key] = add_list
-            if del_list:
-                del_members[key] = del_list
-
-    # ensure hosts are FQDN.
-    _members = get_member_host_with_fqdn_lowercase(module, "host")
-    if _members:
-        add_list, del_list = gen_add_del_lists(
-            _members, res_find.get('member_host'))
-        if add_list:
-            add_members["host"] = add_list
-        if del_list:
-            del_members["host"] = del_list
-
-    (add_services, del_services) = gen_services_add_del_lists(
-        module, "service", res_find, "member_service")
-    if add_services:
-        add_members["service"] = add_services
-    if del_services:
-        del_members["service"] = del_services
-
-    if add_members:
-        commands.append([name, "role_add_member", add_members])
-    # Only remove members if ensuring role, not acting on members.
-    if action == "role" and del_members:
-        commands.append([name, "role_remove_member", del_members])
+        )
+    )
 
-    return commands
+    return _cmds
 
 
 def role_commands_for_name(module, state, action, name):
@@ -402,14 +346,14 @@ def role_commands_for_name(module, state, action, name):
             if res_find is None:
                 module.fail_json(msg="No role '%s'" % name)
 
-        cmds = ensure_role_with_members_is_present(
-            module, name, res_find, action
-        )
-        commands.extend(cmds)
+    if state == "absent":
+        if action == "role" and res_find is not None:
+            commands.append([name, 'role_del', {}])
+        if action == "member" and res_find is None:
+            module.fail_json(msg="No role '%s'" % name)
 
-    if state == "absent" and res_find is not None:
-        cmds = ensure_absent_state(module, name, action, res_find)
-        commands.extend(cmds)
+    # Manage members
+    commands.extend(manage_members(module, res_find, name))
 
     return commands