Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ipasudorule: Add support for batch mode and multiple sudorules #1290

Merged
merged 3 commits into from
Nov 19, 2024
Merged

ipasudorule: Add support for batch mode and multiple sudorules #1290

merged 3 commits into from
Nov 19, 2024

Conversation

rjeffman
Copy link
Member

@rjeffman rjeffman commented Sep 5, 2024

Currently, ipasudorule must add or modify a single sudorule at a time, incurring in more load in the server if there are many rules to be processed.

This patch adds suport for adding multiple sudorules in one playbook task by using the parameter 'sudorules' and defining a list of sudorules configurations to be ensured.

As multiple sudorules will be processed, the patch also enables batch mode processing of sudorules, trying to reduce the load on the server.

To be able to process parameter values in the 'sudorules' dictionary, the method to retrieve parameters from the module in lowercase was refactored, allowing any parameter value, either from the module or from a dict, to be converted.

Test 'tests/sudorule/test_sudorule_client_context.yml' was modified to include tasks with 'sudorules' to be executed both on the server or on the client context.

New tests were added to the sudorule test suite:

tests/sudorule/test_sudorules.yml
tests/sudorule/test_sudorules_member_case_insensitive.yml

@varunmylaraiah
Copy link
Collaborator

@rjeffman Is it possible to add multiple sudorules using a JSON file?

@rjeffman
Copy link
Member Author

@varunmylaraiah it should be, as this is handled by Ansible before ansible-freeipa kicks in.

@rjeffman
Copy link
Member Author

rjeffman commented Nov 4, 2024

/azp run CheckPR

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@rjeffman rjeffman marked this pull request as draft November 4, 2024 23:05
@rjeffman rjeffman added the DRAFT label Nov 4, 2024
@rjeffman rjeffman force-pushed the multiple_sudorule branch 6 times, most recently from 2cd75a9 to bb42267 Compare November 6, 2024 20:34
@rjeffman rjeffman removed the DRAFT label Nov 6, 2024
@rjeffman
Copy link
Member Author

rjeffman commented Nov 6, 2024

The pydocstyle check is failing due to a false positive, please, see PR #1310.

@varunmylaraiah
Copy link
Collaborator

Hi Rafael, I'm seeing an error and not sure what I might be missing here

# cat sudo1.yaml 
---
- name: Playbook to ensure a sudorule is present.
  hosts: ipaserver
  become: true

  tasks:
  - name: Test multiple sudo rules
    ipasudorule:
      ipaadmin_password: <xxxxxxx>
      sudorules:
        - name: sudorule1
        - name: sudorule2
        - name: sudorule3
      state: present

PLAY [Playbook to ensure a sudorule is present.] *******************************************************

TASK [Gathering Facts] *********************************************************************************
task path: /root/sudo1.yaml:2
ok: [master.ipadomain.test]

TASK [Test multiple sudo rules] ************************************************************************
task path: /root/sudo1.yaml:7
fatal: [master.ipadomain.test]: FAILED! => {"changed": false, "msg": "missing required arguments: name"}

PLAY RECAP *********************************************************************************************
master.ipadomain.test      : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

varunmylaraiah
varunmylaraiah approved these changes Nov 14, 2024
View reviewed changes
Copy link
Collaborator

@varunmylaraiah varunmylaraiah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR looks good to me, and downstream tests have passed with this PR

@rjeffman rjeffman marked this pull request as ready for review November 14, 2024 13:40
@rjeffman
ansible_freeipa_module_utils: Add EntryFactory class
da775a2 
This patch adds the class EntryFactory to the ansible-freeipa module
utils. This class allows the handling of modules with multiple object
entries as list of objects. When the multi-object parameter is not used,
it creates a list of a single object, allowing for the same code idiom
to be used.

The entries created can be used both as objects, by acessing the values
as properties, or as dictionaires, by accessing the elements as
key-value pairs.
@t-woerner
Copy link
Member

The tests are lacking the cleanup before the test items are created. This could lead to issues with existing, but conflicting items like for example external users.

@t-woerner t-woerner closed this Nov 18, 2024
@t-woerner t-woerner reopened this Nov 18, 2024
@rjeffman
ipasudorule: Add support for batch mode and multiple sudorules
4fa0621 
Currently, ipasudorule must add or modify a single sudorule at a time,
incurring in more load in the server if there are many rules to be
processed.

This patch adds suport for adding multiple sudorules in one playbook
task by using the parameter 'sudorules' and defining a list of sudorules
configurations to be ensured.

As multiple sudorules will be processed, the patch also enables batch
mode processing of sudorules, trying to reduce the load on the server.

Test 'tests/sudorule/test_sudorule_client_context.yml' was modified to
include tasks with 'sudorules' to be executed both on the server or on
the client context.

New tests were added to the sudorule test suite:

    tests/sudorule/test_sudorules.yml
    tests/sudorule/test_sudorules_member_case_insensitive.yml
@rjeffman
tests/sudorule: Don't become or gather_facts and use only true/false
6c94fe9 
Unless there's a real need to use privileged access or to gather Ansible
facts upfront, we should always set "become: false" and
"gather_facts: false". In the case that only a few Ansible facts are
required, 'ansible.builtin.setup' with 'gather_subset' should be used.

As the YAML 1.2 standard dictates, boolean values should only use 'true'
or 'false' values.

This patch fixes these issues in the 'sudorule' test suite.
@rjeffman
Copy link
Member Author

rjeffman commented Nov 18, 2024
edited
Loading

@t-woerner test were fixed and TEMP commit removed.

@rjeffman rjeffman mentioned this pull request Nov 18, 2024
Draft
t-woerner
t-woerner approved these changes Nov 19, 2024
View reviewed changes
Copy link
Member

@t-woerner t-woerner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@t-woerner t-woerner merged commit d580431 into freeipa:master Nov 19, 2024
15 of 17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@t-woerner t-woerner t-woerner approved these changes

@varunmylaraiah varunmylaraiah varunmylaraiah approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rjeffman @varunmylaraiah @t-woerner