From 1414d725014f7c55e23a21714ed3512fbcec556e Mon Sep 17 00:00:00 2001 From: Jake Reynolds Date: Tue, 19 Jan 2021 14:02:27 +0000 Subject: [PATCH] ipaautomember: Resolve comments from review on #486 --- playbooks/automember/automember-absent.yml | 18 --- .../automember/automember-group-absent.yml | 11 ++ .../automember/automember-group-present.yml | 11 ++ .../automember-hostgroup-absent.yml | 11 ++ .../automember-hostgroup-present.yml | 11 ++ playbooks/automember/automember-present.yml | 18 --- plugins/modules/ipaautomember.py | 24 ++-- tests/automember/test_automember.yml | 120 +++++++++++------- 8 files changed, 128 insertions(+), 96 deletions(-) delete mode 100644 playbooks/automember/automember-absent.yml create mode 100644 playbooks/automember/automember-group-absent.yml create mode 100644 playbooks/automember/automember-group-present.yml create mode 100644 playbooks/automember/automember-hostgroup-absent.yml create mode 100644 playbooks/automember/automember-hostgroup-present.yml delete mode 100644 playbooks/automember/automember-present.yml diff --git a/playbooks/automember/automember-absent.yml b/playbooks/automember/automember-absent.yml deleted file mode 100644 index 571ccbb579..0000000000 --- a/playbooks/automember/automember-absent.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: Automember absent example - hosts: ipaserver - become: true - tasks: - - name: Ensure group automember rule admins is absent - ipaautomember: - ipaadmin_password: SomeADMINpassword - name: admins - type: group - state: absent - - - name: Ensure hostgroup automember rule ipaservers is absent - ipaautomember: - ipaadmin_password: SomeADMINpassword - name: ipaservers - type: hostgroup - state: absent \ No newline at end of file diff --git a/playbooks/automember/automember-group-absent.yml b/playbooks/automember/automember-group-absent.yml new file mode 100644 index 0000000000..853fd2dc70 --- /dev/null +++ b/playbooks/automember/automember-group-absent.yml @@ -0,0 +1,11 @@ +--- +- name: Automember group absent example + hosts: ipaserver + become: true + tasks: + - name: Ensure group automember rule admins is absent + ipaautomember: + ipaadmin_password: SomeADMINpassword + name: admins + automember_type: group + state: absent diff --git a/playbooks/automember/automember-group-present.yml b/playbooks/automember/automember-group-present.yml new file mode 100644 index 0000000000..a62532add2 --- /dev/null +++ b/playbooks/automember/automember-group-present.yml @@ -0,0 +1,11 @@ +--- +- name: Automember group present example + hosts: ipaserver + become: true + tasks: + - name: Ensure group automember rule admins is present + ipaautomember: + ipaadmin_password: SomeADMINpassword + name: admins + automember_type: group + state: present diff --git a/playbooks/automember/automember-hostgroup-absent.yml b/playbooks/automember/automember-hostgroup-absent.yml new file mode 100644 index 0000000000..5afeb583ed --- /dev/null +++ b/playbooks/automember/automember-hostgroup-absent.yml @@ -0,0 +1,11 @@ +--- +- name: Automember hostgroup absent example + hosts: ipaserver + become: true + tasks: + - name: Ensure hostgroup automember rule ipaservers is absent + ipaautomember: + ipaadmin_password: SomeADMINpassword + name: ipaservers + automember_type: hostgroup + state: absent diff --git a/playbooks/automember/automember-hostgroup-present.yml b/playbooks/automember/automember-hostgroup-present.yml new file mode 100644 index 0000000000..05eb7e41a7 --- /dev/null +++ b/playbooks/automember/automember-hostgroup-present.yml @@ -0,0 +1,11 @@ +--- +- name: Automember hostgroup present example + hosts: ipaserver + become: true + tasks: + - name: Ensure hostgroup automember rule ipaservers is absent + ipaautomember: + ipaadmin_password: SomeADMINpassword + name: ipaservers + automember_type: hostgroup + state: present diff --git a/playbooks/automember/automember-present.yml b/playbooks/automember/automember-present.yml deleted file mode 100644 index d0dcdfc615..0000000000 --- a/playbooks/automember/automember-present.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: Automember present example - hosts: ipaserver - become: true - tasks: - - name: Ensure group automember rule admins is present - ipaautomember: - ipaadmin_password: SomeADMINpassword - name: admins - type: group - state: present - - - name: Ensure hostgroup automember rule ipaservers is absent - ipaautomember: - ipaadmin_password: SomeADMINpassword - name: ipaservers - type: hostgroup - state: present \ No newline at end of file diff --git a/plugins/modules/ipaautomember.py b/plugins/modules/ipaautomember.py index ef0fab05ba..d488fe8367 100644 --- a/plugins/modules/ipaautomember.py +++ b/plugins/modules/ipaautomember.py @@ -22,14 +22,10 @@ from ansible.module_utils._text import to_text -from ansible.module_utils.ansible_freeipa_module import (api_command, - api_command_no_name, - api_connect, - compare_args_ipa, - gen_add_del_lists, - temp_kdestroy, - temp_kinit, - valid_creds) +from ansible.module_utils.ansible_freeipa_module import ( + api_command, api_command_no_name, api_connect, compare_args_ipa, + gen_add_del_lists, temp_kdestroy, temp_kinit, valid_creds +) from ansible.module_utils.basic import AnsibleModule ANSIBLE_METADATA = { @@ -59,7 +55,7 @@ description: description: A description of this auto member rule required: false - type: + automember_type: description: - Grouping to which the rule applies required: true @@ -95,7 +91,7 @@ ipaadmin_password: SomeADMINpassword name: admins description: "example description" - type: group + automember_type: group state: present inclusive: - key: "mail" @@ -195,7 +191,7 @@ def main(): name=dict(type="list", aliases=["cn"], default=None, required=True), description=dict(type="str", default=None), - type=dict(type='str', required=True, + automember_type=dict(type='str', required=True, choices=['group', 'hostgroup']), action=dict(type="str", default="service", choices=["member", "service"]), @@ -227,7 +223,7 @@ def main(): state = ansible_module.params.get("state") # grouping/type - grouping = ansible_module.params.get("type") + grouping = ansible_module.params.get("automember_type") # Init changed = False @@ -346,6 +342,10 @@ def main(): commands.append([None, 'automember_rebuild', {"type": to_text(grouping)}]) + # Check mode exit + if ansible_module.check_mode: + ansible_module.exit_json(changed=len(commands) > 0, **exit_args) + errors = [] for name, command, args in commands: try: diff --git a/tests/automember/test_automember.yml b/tests/automember/test_automember.yml index 1393d5015b..4f254ddcb4 100644 --- a/tests/automember/test_automember.yml +++ b/tests/automember/test_automember.yml @@ -7,56 +7,68 @@ # CLEANUP TEST ITEMS - - name: Ensure group automember rule admins is absent + - name: Ensure group testgroup is absent + ipagroup: + ipaadmin_password: SomeADMINpassword + name: testgroup + state: absent + + - name: Ensure hostgroup testhostgroup is absent + ipahostgroup: + ipaadmin_password: SomeADMINpassword + name: testhostgroup + state: absent + + - name: Ensure group automember rule testgroup is absent ipaautomember: ipaadmin_password: SomeADMINpassword - name: admins + name: testgroup state: absent - type: group + automember_type: group - - name: Ensure hostgroup automember rule ipaservers is absent + - name: Ensure hostgroup automember rule testhostgroup is absent ipaautomember: ipaadmin_password: SomeADMINpassword - name: ipaservers + name: testhostgroup state: absent - type: hostgroup + automember_type: hostgroup # CREATE TEST ITEMS # TESTS - - name: Ensure admins group automember rule is present + - name: Ensure testgroup group automember rule is present ipaautomember: ipaadmin_password: SomeADMINpassword - name: admins - description: Admins automember rule. - type: group + name: testgroup + description: testgroup automember rule. + automember_type: group register: result failed_when: not result.changed or result.failed - - name: Ensure admins group automember rule is present again + - name: Ensure testgroup group automember rule is present again ipaautomember: ipaadmin_password: SomeADMINpassword - name: admins - description: Admins automember rule. - type: group + name: testgroup + description: testgroup automember rule. + automember_type: group register: result failed_when: result.changed or result.failed - - name: Change admins group automember rule description + - name: Change testgroup group automember rule description ipaautomember: ipaadmin_password: SomeADMINpassword - name: admins - description: Admins automember rule description. - type: group + name: testgroup + description: testgroup automember rule description. + automember_type: group register: result failed_when: not result.changed or result.failed - - name: Ensure admins group automember rule has conditions + - name: Ensure testgroup group automember rule has conditions ipaautomember: ipaadmin_password: SomeADMINpassword - name: admins - type: group + name: testgroup + automember_type: group inclusive: - key: 'uid' expression: 'uid' @@ -68,11 +80,11 @@ register: result failed_when: not result.changed or result.failed - - name: Ensure admins group automember rule has conditions again + - name: Ensure testgroup group automember rule has conditions again ipaautomember: ipaadmin_password: SomeADMINpassword - name: admins - type: group + name: testgroup + automember_type: group inclusive: - key: 'uid' expression: 'uid' @@ -86,38 +98,38 @@ ###### - - name: Ensure ipaservers hostgroup automember rule is present + - name: Ensure testhostgroup hostgroup automember rule is present ipaautomember: ipaadmin_password: SomeADMINpassword - name: ipaservers - description: ipaservers automember rule - type: hostgroup + name: testhostgroup + description: testhostgroup automember rule + automember_type: hostgroup register: result failed_when: not result.changed or result.failed - - name: Ensure ipaservers hostgroup automember rule is present again + - name: Ensure testhostgroup hostgroup automember rule is present again ipaautomember: ipaadmin_password: SomeADMINpassword - name: ipaservers - description: ipaservers automember rule - type: hostgroup + name: testhostgroup + description: testhostgroup automember rule + automember_type: hostgroup register: result failed_when: result.changed or result.failed - - name: Change ipaservers hostgroup automember rule description + - name: Change testhostgroup hostgroup automember rule description ipaautomember: ipaadmin_password: SomeADMINpassword - name: ipaservers - description: ipaservers test automember rule - type: hostgroup + name: testhostgroup + description: testhostgroup test automember rule + automember_type: hostgroup register: result failed_when: not result.changed or result.failed - - name: Ensure ipaservers hostgroup automember rule has conditions + - name: Ensure testhostgroup hostgroup automember rule has conditions ipaautomember: ipaadmin_password: SomeADMINpassword - name: ipaservers - type: hostgroup + name: testhostgroup + automember_type: hostgroup inclusive: - key: 'description' expression: 'description' @@ -129,11 +141,11 @@ register: result failed_when: not result.changed or result.failed - - name: Ensure ipaservers hostgroup automember rule has conditions again + - name: Ensure testhostgroup hostgroup automember rule has conditions again ipaautomember: ipaadmin_password: SomeADMINpassword - name: ipaservers - type: hostgroup + name: testhostgroup + automember_type: hostgroup inclusive: - key: 'description' expression: 'description' @@ -147,16 +159,28 @@ # CLEANUP TEST ITEMS - - name: Ensure group automember rule admins is absent + - name: Ensure group testgroup is absent + ipagroup: + ipaadmin_password: SomeADMINpassword + name: testgroup + state: absent + + - name: Ensure hostgroup testhostgroup is absent + ipahostgroup: + ipaadmin_password: SomeADMINpassword + name: testhostgroup + state: absent + + - name: Ensure group automember rule testgroup is absent ipaautomember: ipaadmin_password: SomeADMINpassword - type: group - name: admins + automember_type: group + name: testgroup state: absent - - name: Ensure hostgroup automember rule ipaservers is absent + - name: Ensure hostgroup automember rule testhostgroup is absent ipaautomember: ipaadmin_password: SomeADMINpassword - type: hostgroup - name: ipaservers + automember_type: hostgroup + name: testhostgroup state: absent