diff --git a/plugins/modules/iparole.py b/plugins/modules/iparole.py index 9952dd7db0..73136af26a 100644 --- a/plugins/modules/iparole.py +++ b/plugins/modules/iparole.py @@ -128,8 +128,8 @@ # pylint: disable=no-name-in-module from ansible.module_utils._text import to_text from ansible.module_utils.ansible_freeipa_module import \ - IPAAnsibleModule, gen_add_del_lists, compare_args_ipa, \ - gen_intersection_list, ensure_fqdn + IPAAnsibleModule, compare_args_ipa, \ + ensure_fqdn, gen_member_manage_commands from ansible.module_utils import six if six.PY3: @@ -144,7 +144,11 @@ def find_role(module, name): # An exception is raised if role name is not found. return None else: - return _result["result"] + _res = _result["result"] + for member in ["member_service", "memberof_privilege"]: + if member in _res: + _res[member] = [to_text(x).lower() for x in _res[member]] + return _res def gen_args(module): @@ -206,58 +210,6 @@ def get_member_host_with_fqdn_lowercase(module, mod_member): ) -def ensure_absent_state(module, name, action, res_find): - """Define commands to ensure absent state.""" - commands = [] - - if action == "role": - commands.append([name, 'role_del', {}]) - - if action == "member": - - _members = module.params_get_lowercase("privilege") - if _members is not None: - del_list = gen_intersection_list( - _members, - result_get_value_lowercase(res_find, "memberof_privilege") - ) - if del_list: - commands.append([name, "role_remove_privilege", - {"privilege": del_list}]) - - member_args = {} - for key in ['user', 'group', 'hostgroup']: - _members = module.params_get_lowercase(key) - if _members: - del_list = gen_intersection_list( - _members, - result_get_value_lowercase(res_find, "member_%s" % key) - ) - if del_list: - member_args[key] = del_list - - # ensure hosts are FQDN. - _members = get_member_host_with_fqdn_lowercase(module, "host") - if _members: - del_list = gen_intersection_list( - _members, res_find.get('member_host')) - if del_list: - member_args["host"] = del_list - - _services = get_service_param(module, "service") - if _services: - _existing = result_get_value_lowercase(res_find, "member_service") - items = gen_intersection_list(_services.keys(), _existing) - if items: - member_args["service"] = [_services[key] for key in items] - - # Only add remove command if there's at least one member no manage. - if member_args: - commands.append([name, "role_remove_member", member_args]) - - return commands - - def get_service_param(module, key): """ Retrieve dict of services, with realm, from the module parameters. @@ -301,77 +253,69 @@ def result_get_value_lowercase(res_find, key, default=None): return existing -def gen_services_add_del_lists(module, mod_member, res_find, res_member): - """Generate add/del lists for service principals.""" - add_list, del_list = None, None - _services = get_service_param(module, mod_member) - if _services is not None: - _existing = result_get_value_lowercase(res_find, res_member) - add_list, del_list = gen_add_del_lists(_services.keys(), _existing) - if add_list: - add_list = [_services[key] for key in add_list] - if del_list: - del_list = [to_text(item) for item in del_list] - return add_list, del_list - - -def ensure_role_with_members_is_present(module, name, res_find, action): - """Define commands to ensure member are present for action `role`.""" - commands = [] - - _members = module.params_get_lowercase("privilege") - if _members: - add_list, del_list = gen_add_del_lists( - _members, - result_get_value_lowercase(res_find, "memberof_privilege") +def manage_members(module, res_find, name): + _cmds = [] + + # result_get_value_lowercase(res_find, "memberof_privilege") + _cmds.extend( + gen_member_manage_commands( + module, + res_find, + name, + "role_add_privilege", + "role_remove_privilege", + ipa_params=dict( + privilege=dict( + param="privilege", + ldap="memberof_privilege", + values=module.params_get_lowercase("privilege") + ) + ) ) + ) - if add_list: - commands.append([name, "role_add_privilege", - {"privilege": add_list}]) - if action == "role" and del_list: - commands.append([name, "role_remove_privilege", - {"privilege": del_list}]) - - add_members = {} - del_members = {} - - for key in ["user", "group", "hostgroup"]: - _members = module.params_get_lowercase(key) - if _members is not None: - add_list, del_list = gen_add_del_lists( - _members, - result_get_value_lowercase(res_find, "member_%s" % key) + _cmds.extend( + gen_member_manage_commands( + module, + res_find, + name, + "role_add_member", + "role_remove_member", + ipa_params=dict( + host=dict( + param="host", + ldap="member_host", + values=get_member_host_with_fqdn_lowercase(module, "host") + ), + user=dict( + param="user", + ldap="member_user", + values=module.params_get_lowercase("user") + ), + group=dict( + param="group", + ldap="member_group", + values=module.params_get_lowercase("group") + ), + hostgroup=dict( + param="hostgroup", + ldap="member_hostgroup", + values=module.params_get_lowercase("hostgroup") + ), + service=dict( + param="service", + ldap="member_service", + values=[ + to_text(x).lower() for x in ( + get_service_param(module, "service") or {} + ).values() + ] + ), ) - if add_list: - add_members[key] = add_list - if del_list: - del_members[key] = del_list - - # ensure hosts are FQDN. - _members = get_member_host_with_fqdn_lowercase(module, "host") - if _members: - add_list, del_list = gen_add_del_lists( - _members, res_find.get('member_host')) - if add_list: - add_members["host"] = add_list - if del_list: - del_members["host"] = del_list - - (add_services, del_services) = gen_services_add_del_lists( - module, "service", res_find, "member_service") - if add_services: - add_members["service"] = add_services - if del_services: - del_members["service"] = del_services - - if add_members: - commands.append([name, "role_add_member", add_members]) - # Only remove members if ensuring role, not acting on members. - if action == "role" and del_members: - commands.append([name, "role_remove_member", del_members]) + ) + ) - return commands + return _cmds def role_commands_for_name(module, state, action, name): @@ -402,14 +346,14 @@ def role_commands_for_name(module, state, action, name): if res_find is None: module.fail_json(msg="No role '%s'" % name) - cmds = ensure_role_with_members_is_present( - module, name, res_find, action - ) - commands.extend(cmds) + if state == "absent": + if action == "role" and res_find is not None: + commands.append([name, 'role_del', {}]) + if action == "member" and res_find is None: + module.fail_json(msg="No role '%s'" % name) - if state == "absent" and res_find is not None: - cmds = ensure_absent_state(module, name, action, res_find) - commands.extend(cmds) + # Manage members + commands.extend(manage_members(module, res_find, name)) return commands