Skip to content

Commit

Permalink
iparole: Use 'service' datatype
Browse files Browse the repository at this point in the history
Adapt plugin to use the 'service' datatype, instead of reimplementing
the required operations.
  • Loading branch information
rjeffman committed Dec 13, 2023
1 parent e727e61 commit 0d9cd90
Showing 1 changed file with 27 additions and 85 deletions.
112 changes: 27 additions & 85 deletions plugins/modules/iparole.py
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@
from ansible.module_utils._text import to_text
from ansible.module_utils.ansible_freeipa_module import \
IPAAnsibleModule, gen_add_del_lists, compare_args_ipa, \
gen_intersection_list, list_of, hostname
gen_intersection_list, ListOf, Hostname, Service
from ansible.module_utils import six

if six.PY3:
Expand Down Expand Up @@ -214,33 +214,24 @@ def ensure_absent_state(module, name, action, res_find):
{"privilege": del_list}])

member_args = {}
for key in ['user', 'group', 'hostgroup']:
_members = module.params_get_lowercase(key)
if _members:

member_types = [
("user", lambda value: value.lower()),
("group", lambda value: value.lower()),
("hostgroup", lambda value: value.lower()),
("host", Hostname(module.ipa_get_domain())),
("service", Service(module.ipa_get_realm())),
]
for key, datatype in member_types:
_members = module.params_get_with_type(key, ListOf(datatype))
if _members is not None:
del_list = gen_intersection_list(
_members,
result_get_value_lowercase(res_find, "member_%s" % key)
)
if del_list:
member_args[key] = del_list

# ensure hosts are FQDN.
_members = module.params_get_with_type(
"host",
list_of(hostname(module.ipa_get_domain())),
)
if _members:
del_list = gen_intersection_list(
_members, res_find.get('member_host'))
if del_list:
member_args["host"] = del_list

_services = get_service_param(module, "service")
if _services:
_existing = result_get_value_lowercase(res_find, "member_service")
items = gen_intersection_list(_services.keys(), _existing)
if items:
member_args["service"] = [_services[key] for key in items]
if del_list:
member_args[key] = [to_text(item) for item in del_list]

# Only add remove command if there's at least one member no manage.
if member_args:
Expand All @@ -249,28 +240,6 @@ def ensure_absent_state(module, name, action, res_find):
return commands


def get_service_param(module, key):
"""
Retrieve dict of services, with realm, from the module parameters.
As the services are compared in a case insensitive manner, but
are recorded in a case preserving way, a dict mapping the services
in lowercase to the provided module parameter is generated, so
that dict keys can be used for comparison and the values are used
with IPA API.
"""
_services = module.params_get(key)
if _services is not None:
ipa_realm = module.ipa_get_realm()
_services = [
to_text(svc) if '@' in svc else ('%s@%s' % (svc, ipa_realm))
for svc in _services
]
if _services:
_services = {svc.lower(): svc for svc in _services}
return _services


def result_get_value_lowercase(res_find, key, default=None):
"""
Retrieve a member of a dictionary converted to lowercase.
Expand All @@ -285,27 +254,13 @@ def result_get_value_lowercase(res_find, key, default=None):
if existing is not None:
if isinstance(existing, (list, tuple)):
existing = [to_text(item).lower() for item in existing]
if isinstance(existing, (str, unicode)):
existing = existing.lower()
else:
existing = to_text(existing).lower()
else:
existing = default
return existing


def gen_services_add_del_lists(module, mod_member, res_find, res_member):
"""Generate add/del lists for service principals."""
add_list, del_list = None, None
_services = get_service_param(module, mod_member)
if _services is not None:
_existing = result_get_value_lowercase(res_find, res_member)
add_list, del_list = gen_add_del_lists(_services.keys(), _existing)
if add_list:
add_list = [_services[key] for key in add_list]
if del_list:
del_list = [to_text(item) for item in del_list]
return add_list, del_list


def ensure_role_with_members_is_present(module, name, res_find, action):
"""Define commands to ensure member are present for action `role`."""
commands = []
Expand All @@ -327,37 +282,24 @@ def ensure_role_with_members_is_present(module, name, res_find, action):
add_members = {}
del_members = {}

for key in ["user", "group", "hostgroup"]:
_members = module.params_get_lowercase(key)
member_types = [
("user", lambda value: value.lower()),
("group", lambda value: value.lower()),
("hostgroup", lambda value: value.lower()),
("host", Hostname(module.ipa_get_domain())),
("service", Service(module.ipa_get_realm())),
]
for key, datatype in member_types:
_members = module.params_get_with_type(key, ListOf(datatype))
if _members is not None:
add_list, del_list = gen_add_del_lists(
_members,
result_get_value_lowercase(res_find, "member_%s" % key)
)
if add_list:
add_members[key] = add_list
add_members[key] = [to_text(item) for item in add_list]
if del_list:
del_members[key] = del_list

# ensure hosts are FQDN.
_members = module.params_get_with_type(
"host",
list_of(hostname(module.ipa_get_domain())),
)
if _members:
add_list, del_list = gen_add_del_lists(
_members, res_find.get('member_host'))
if add_list:
add_members["host"] = add_list
if del_list:
del_members["host"] = del_list

(add_services, del_services) = gen_services_add_del_lists(
module, "service", res_find, "member_service")
if add_services:
add_members["service"] = add_services
if del_services:
del_members["service"] = del_services
del_members[key] = [to_text(item) for item in del_list]

if add_members:
commands.append([name, "role_add_member", add_members])
Expand Down

0 comments on commit 0d9cd90

Please sign in to comment.