api_connect: Allow configuration of IPA API connection.

This change adds a keyword parameter to api_connect() which can be used to configure IPA API connection, for example, controlling the use of LDAP cache, by passing 'ldap_cache' as an argument. Also, IPAAnsibleModule is modified to automatically filter all parameters of the module starting with 'ipaapi_' to be used as arguments to configure api_connect(). The argument name will have the same name as the module parameter with 'ipaapi_' stripped off.
2026-03-26 21:33:05 +00:00 · 2021-09-23 15:36:03 -03:00
parent 742799f3e9
commit e4d2a7b353
1 changed files with 31 additions and 7 deletions
--- a/plugins/module_utils/ansible_freeipa_module.py
+++ b/plugins/module_utils/ansible_freeipa_module.py
@@ -201,18 +201,32 @@ else:
        if ccache_dir is not None:
            shutil.rmtree(ccache_dir, ignore_errors=True)

-    def api_connect(context=None):
+    def api_connect(context=None, **overrides):
        """
-        Initialize IPA API with the provided context.
+        Initialize IPA API with the provided configuration.
+
+        Parameters
+        ----------
+        context:
+            Set IPA API execution context. Valid values: "server", "client"
+
+        overrides:
+            Keyword argument dict containing arguments passed to
+            api.bootstrap() to configure API connection.
+            Valid overrides arguments include:
+                ldap_cache: Control use of LDAP cache layer. (bool)

-        `context` can be any of:
-            * `server` (default)
-            * `client`
        """
        env = Env()
        env._bootstrap()
        env._finalize_core(**dict(DEFAULT_CONFIG))

+        # Fail connection if an unexpected argument is passed in 'overrides'.
+        _allowed = set(["ldap_cache"])
+        _inv = set(overrides.keys()) - _allowed
+        if _inv:
+            raise ValueError("Cannot override parameters: %s" % ",".join(_inv))
+
        # If not set, context will be based on current API context.
        if context is None:
            context = "server" if is_ipa_configured() else "client"
@@ -227,7 +241,7 @@ else:
        if context == "client":
            context = "cli"

-        api.bootstrap(context=context, debug=env.debug, log=None)
+        api.bootstrap(context=context, debug=env.debug, log=None, **overrides)
        api.finalize()

        if api.env.in_server:
@@ -645,13 +659,23 @@ else:
            if context is None:
                context = self.params_get("ipaapi_context")

+            # Get set of parameters to override in api.bootstrap().
+            # Here, all 'ipaapi_*' params are allowed, and the control
+            # of invalid parameters is delegated to api_connect.
+            _excl_override = ["ipaapi_context"]
+            overrides = {
+                name[len("ipaapi_"):]: self.params_get(name)
+                for name in self.params
+                if name.startswith("ipaapi_") and name not in _excl_override
+            }
+
            ccache_dir = None
            ccache_name = None
            try:
                if not valid_creds(self, ipaadmin_principal):
                    ccache_dir, ccache_name = temp_kinit(
                        ipaadmin_principal, ipaadmin_password)
-                api_connect(context)
+                api_connect(context, **overrides)
            except Exception as e:
                self.fail_json(msg=str(e))
            else: