ipahost: Extension to be able handle several hosts and all settings

The ipahost management module was not able to add several hosts at once. Addtionally there have been settings missing. ansible_freeipa_module has been extended to provide two additional functions that are needed to simplify the extension of the ipahost module: gen_add_del_lists(user_list, res_list) encode_certificate(cert) gen_add_del_lists will generate the lists for the addition and removal of members using the provided user and ipa settings. encode_certificate will encode a certificate using base64 with also taking FreeIPA and Python versions into account. The missing settings in ipahost have been: certificate managedby_host principal create_keytab_[user,group,host,hostgroup] retrieve_keytab_[user,group,host,hostgroup] sshpubkey userclass auth_ind requires_pre_auth ok_as_delegate ok_to_auth_as_delegate The README-host.md file has been updated to provide information about the new settings and also the members. Also examples for the new things have been added. New example playbooks have been added: playbooks/host/add-host.yml playbooks/host/host-member-allow_create_keytab-absent.yml playbooks/host/host-member-allow_create_keytab-present.yml playbooks/host/host-member-allow_retrieve_keytab-absent.yml playbooks/host/host-member-allow_retrieve_keytab-present.yml playbooks/host/host-member-certificate-absent.yml playbooks/host/host-member-certificate-present.yml playbooks/host/host-member-managedby_host-absent.yml playbooks/host/host-member-managedby_host-present.yml playbooks/host/host-member-principal-absent.yml playbooks/host/host-member-principal-present.yml playbooks/host/host-present-with-allow_create_keytab.yml playbooks/host/host-present-with-allow_retrieve_keytab.yml playbooks/host/host-present-with-certificate.yml playbooks/host/host-present-with-managedby_host.yml playbooks/host/host-present-with-principal.yml playbooks/host/host-present-with-randompassword.yml playbooks/host/host-present.yml playbooks/host/hosts-member-certificate-absent.yml playbooks/host/hosts-member-certificate-present.yml playbooks/host/hosts-member-managedby_host-absent.yml playbooks/host/hosts-member-managedby_host-present.yml playbooks/host/hosts-member-principal-absent.yml playbooks/host/hosts-member-principal-present.yml playbooks/host/hosts-present-with-certificate.yml playbooks/host/hosts-present-with-managedby_host.yml playbooks/host/hosts-present-with-randompasswords.yml New tests have been added for the module: tests/host/certificate/cert1.der tests/host/certificate/cert1.pem tests/host/certificate/cert2.der tests/host/certificate/cert2.pem tests/host/certificate/cert3.der tests/host/certificate/cert3.pem tests/host/certificate/private1.key tests/host/certificate/private2.key tests/host/certificate/private3.key tests/host/certificate/test_host_certificate.yml tests/host/certificate/test_hosts_certificate.yml tests/host/test_host.yml tests/host/test_host_allow_create_keytab.yml tests/host/test_host_allow_retrieve_keytab.yml tests/host/test_host_managedby_host.yml tests/host/test_host_principal.yml tests/host/test_host_random.yml tests/host/test_hosts.yml tests/host/test_hosts_managedby_host.yml tests/host/test_hosts_principal.yml
2026-05-08 06:13:21 +00:00 · 2019-12-02 14:02:59 +01:00
parent 8da4b73b44
commit 94b1f25b37
50 changed files with 3435 additions and 146 deletions
--- a/plugins/module_utils/ansible_freeipa_module.py
+++ b/plugins/module_utils/ansible_freeipa_module.py
@@ -38,6 +38,11 @@ from ipapython.ipautil import run
 from ipaplatform.paths import paths
 from ipalib.krb_utils import get_credentials_if_valid
 from ansible.module_utils._text import to_text
+try:
+    from ipalib.x509 import Encoding
+except ImportError:
+    from cryptography.hazmat.primitives.serialization import Encoding
+import base64
 import six


@@ -236,3 +241,28 @@ def module_params_get(module, name):

 def api_get_realm():
    return api.env.realm
+
+
+def gen_add_del_lists(user_list, res_list):
+    """
+    Generate the lists for the addition and removal of members using the
+    provided user and ipa settings
+    """
+    add_list = list(set(user_list or []) - set(res_list or []))
+    del_list = list(set(res_list or []) - set(user_list or []))
+
+    return add_list, del_list
+
+
+def encode_certificate(cert):
+    """
+    Encode a certificate using base64 with also taking FreeIPA and Python
+    versions into account
+    """
+    if isinstance(cert, str) or isinstance(cert, unicode):
+        encoded = base64.b64encode(cert)
+    else:
+        encoded = base64.b64encode(cert.public_bytes(Encoding.DER))
+    if not six.PY2:
+        encoded = encoded.decode('ascii')
+    return encoded