ipavault: Allow execution of plugin in client host.

Update vault README file and add tests for executing plugin with `ipaapi_context` set to `client`. A new test playbook can be found at: tests/vault/test_vault_client_context.yml As `ipavault` only works in client context, an error is raised if it is explicitly executed in a server context.
2026-05-07 22:03:18 +00:00 · 2021-09-03 13:31:57 -03:00
parent d9dcc8f5dc
commit 7e0624d836
5 changed files with 36 additions and 1 deletions
--- a/plugins/modules/ipavault.py
+++ b/plugins/modules/ipavault.py
@@ -443,6 +443,11 @@ def check_parameters(  # pylint: disable=unused-argument
        password, password_file, public_key, public_key_file, private_key,
        private_key_file, vault_data, datafile_in, datafile_out, new_password,
        new_password_file):
+    if module.params_get("ipaapi_context") == "server":
+        module.fail_json(
+            msg="Context 'server' for ipavault not yet supported."
+        )
+
    invalid = []
    if state == "present":
        invalid = ['datafile_out']
@@ -718,7 +723,7 @@ def main():
    changed = False
    exit_args = {}

-    with ansible_module.ipa_connect(context='ansible-freeipa') as ccache_name:
+    with ansible_module.ipa_connect(context="client") as ccache_name:
        if ccache_name is not None:
            os.environ["KRB5CCNAME"] = ccache_name