From ae2f452c60001d3e24ec2059a832a0def036adf7 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Mon, 13 Sep 2021 14:13:58 -0300 Subject: [PATCH 1/3] sudocmd: Use execute_ipa_commands execute_ipa_commands replces the check mode exit, the loop over the generated commands and also in the member failure handling for modules with member support. --- plugins/modules/ipasudocmd.py | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) diff --git a/plugins/modules/ipasudocmd.py b/plugins/modules/ipasudocmd.py index 1785e78e..20548ecf 100644 --- a/plugins/modules/ipasudocmd.py +++ b/plugins/modules/ipasudocmd.py @@ -167,22 +167,7 @@ def main(): else: ansible_module.fail_json(msg="Unkown state '%s'" % state) - # Check mode exit - if ansible_module.check_mode: - ansible_module.exit_json(changed=len(commands) > 0, **exit_args) - - # Execute commands - for name, command, args in commands: - try: - result = ansible_module.ipa_command(command, name, args) - # Check if any changes were made by any command - if command == 'sudocmd_del': - changed |= "Deleted" in result['summary'] - elif command == 'sudocmd_add': - changed |= "Added" in result['summary'] - except Exception as e: - ansible_module.fail_json(msg="%s: %s: %s" % (command, name, - str(e))) + changed = ansible_module.execute_ipa_commands(commands) # Done From 8723aafd4f8cc844e7bea1550362dc09269b80d1 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Tue, 14 Sep 2021 10:39:47 -0300 Subject: [PATCH 2/3] sudocmdgroup: Reduce addition and deletion of members to changed only Use gen_add_list and gen_intersection_list for sudocmd member handling, to reduce the add lists to only the new and del lists only to existing entries. This enables to remove the ignores for "already a member" and "not a member" errors. --- plugins/modules/ipasudocmdgroup.py | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/plugins/modules/ipasudocmdgroup.py b/plugins/modules/ipasudocmdgroup.py index 8a77596e..a2a196bf 100644 --- a/plugins/modules/ipasudocmdgroup.py +++ b/plugins/modules/ipasudocmdgroup.py @@ -100,7 +100,8 @@ RETURN = """ """ from ansible.module_utils.ansible_freeipa_module import \ - IPAAnsibleModule, compare_args_ipa, gen_add_del_lists, ipalib_errors + IPAAnsibleModule, compare_args_ipa, gen_add_del_lists, \ + gen_add_list, gen_intersection_list, ipalib_errors def find_sudocmdgroup(module, name): @@ -255,10 +256,12 @@ def main(): ansible_module.fail_json( msg="No sudocmdgroup '%s'" % name) - # Ensure members are present - commands.append([name, "sudocmdgroup_add_member", - {"sudocmd": sudocmd} - ]) + sudocmd = gen_add_list( + sudocmd, res_find.get("member_sudocmd") or []) + if sudocmd: + commands.append([name, "sudocmdgroup_add_member", + {"sudocmd": sudocmd} + ]) elif state == "absent": if action == "sudocmdgroup": if res_find is not None: @@ -270,9 +273,12 @@ def main(): msg="No sudocmdgroup '%s'" % name) # Ensure members are absent - commands.append([name, "sudocmdgroup_remove_member", - {"sudocmd": sudocmd} - ]) + sudocmd = gen_intersection_list( + sudocmd, res_find.get("member_sudocmd") or []) + if sudocmd: + commands.append([name, "sudocmdgroup_remove_member", + {"sudocmd": sudocmd} + ]) else: ansible_module.fail_json(msg="Unkown state '%s'" % state) @@ -303,10 +309,8 @@ def main(): failed = result["failed"]["member"] for member_type in failed: for member, failure in failed[member_type]: - if "already a member" not in failure \ - and "not a member" not in failure: - errors.append("%s: %s %s: %s" % ( - command, member_type, member, failure)) + errors.append("%s: %s %s: %s" % ( + command, member_type, member, failure)) if len(errors) > 0: ansible_module.fail_json(msg=", ".join(errors)) From 1615f59f12e232837da7773c87954eda48396c30 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Mon, 13 Sep 2021 14:15:08 -0300 Subject: [PATCH 3/3] sudocmdgroup: Use execute_ipa_commands execute_ipa_commands replces the check mode exit, the loop over the generated commands and also in the member failure handling for modules with member support. --- plugins/modules/ipasudocmdgroup.py | 35 +++--------------------------- 1 file changed, 3 insertions(+), 32 deletions(-) diff --git a/plugins/modules/ipasudocmdgroup.py b/plugins/modules/ipasudocmdgroup.py index a2a196bf..e260b699 100644 --- a/plugins/modules/ipasudocmdgroup.py +++ b/plugins/modules/ipasudocmdgroup.py @@ -256,6 +256,7 @@ def main(): ansible_module.fail_json( msg="No sudocmdgroup '%s'" % name) + # Ensure members are present sudocmd = gen_add_list( sudocmd, res_find.get("member_sudocmd") or []) if sudocmd: @@ -272,7 +273,6 @@ def main(): ansible_module.fail_json( msg="No sudocmdgroup '%s'" % name) - # Ensure members are absent sudocmd = gen_intersection_list( sudocmd, res_find.get("member_sudocmd") or []) if sudocmd: @@ -282,37 +282,8 @@ def main(): else: ansible_module.fail_json(msg="Unkown state '%s'" % state) - # Check mode exit - if ansible_module.check_mode: - ansible_module.exit_json(changed=len(commands) > 0, **exit_args) - - # Execute commands - for name, command, args in commands: - try: - result = ansible_module.ipa_command(command, name, args) - if action == "member": - if "completed" in result and result["completed"] > 0: - changed = True - else: - if command == "sudocmdgroup_del": - changed |= "Deleted" in result['summary'] - elif command == "sudocmdgroup_add": - changed |= "Added" in result['summary'] - except Exception as e: - ansible_module.fail_json(msg="%s: %s: %s" % (command, name, - str(e))) - # Get all errors - # All "already a member" and "not a member" failures in the - # result are ignored. All others are reported. - errors = [] - if "failed" in result and "member" in result["failed"]: - failed = result["failed"]["member"] - for member_type in failed: - for member, failure in failed[member_type]: - errors.append("%s: %s %s: %s" % ( - command, member_type, member, failure)) - if len(errors) > 0: - ansible_module.fail_json(msg=", ".join(errors)) + changed = ansible_module.execute_ipa_commands( + commands, fail_on_member_errors=True) # Done