internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-08 06:13:21 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #652 from rjeffman/ipaansiblemodule_fail_if_invalid

Browse Source 
Standardize algorithm to verify if invalid argument was used.
This commit is contained in:
Thomas Woerner
2021-10-04 16:37:04 +02:00
committed by GitHub
parent 4b77b274ae 0fac277ec8
commit ee2942598c
26 changed files with 95 additions and 204 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
plugins/module_utils/ansible_freeipa_module.py
View File

@@ -699,6 +699,30 @@ else:
"""
return module_params_get(self, name)
def params_fail_used_invalid(self, invalid_params, state, action=None):
"""
Fail module execution if one of the invalid parameters is not None.
Parameters
----------
invalid_params:
List of parameters that must value 'None'.
state:
State being tested.
action:
Action being tested (optional).
"""
if action is None:
msg = "Argument '{0}' can not be used with state '{1}'"
else:
msg = "Argument '{0}' can not be used with action "\
"'{2}' and state '{1}'"
for param in invalid_params:
if self.params.get(param) is not None:
self.fail_json(msg=msg.format(param, state, action))
def ipa_command(self, command, name, args):
"""
Execute an IPA API command with a required `name` argument.

17
plugins/modules/ipaautomember.py
View File

@@ -245,12 +245,17 @@ def main():
rebuild_users = ansible_module.params_get("users")
rebuild_hosts = ansible_module.params_get("hosts")
if (rebuild_hosts or rebuild_users) and state != "rebuild":
ansible_module.fail_json(
msg="'hosts' and 'users' are only valid with state: rebuild")
if not automember_type and state != "rebuild":
ansible_module.fail_json(
msg="'automember_type' is required unless state: rebuild")
# Check parameters
invalid = []
if state != "rebuild":
invalid = ["rebuild_hosts", "rebuild_users"]
if not automember_type and state != "rebuild":
ansible_module.fail_json(
msg="'automember_type' is required unless state: rebuild")
ansible_module.params_fail_used_invalid(invalid, state, action)
# Init
changed = False

14
plugins/modules/ipadelegation.py
View File

@@ -176,17 +176,14 @@ def main():
# Check parameters
invalid = []
if state == "present":
if len(names) != 1:
ansible_module.fail_json(
msg="Only one delegation be added at a time.")
if action == "member":
invalid = ["permission", "membergroup", "group"]
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with action "
"'%s' and state '%s'" % (x, action, state))
if state == "absent":
if len(names) < 1:
@@ -194,11 +191,8 @@ def main():
invalid = ["permission", "membergroup", "group"]
if action == "delegation":
invalid.append("attribute")
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with action "
"'%s' and state '%s'" % (x, action, state))
ansible_module.params_fail_used_invalid(invalid, state, action)
if permission is not None:
perm = [p for p in permission if p not in ("read", "write")]

6
plugins/modules/ipadnsconfig.py
View File

@@ -196,11 +196,7 @@ def main():
if state == 'absent':
invalid = ['forward_policy', 'allow_sync_ptr']
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with state '%s'" %
(x, state))
ansible_module.params_fail_used_invalid(invalid, state)
# Init

13
plugins/modules/ipadnsforwardzone.py
View File

@@ -229,6 +229,7 @@ def main():
else:
operation = "add"
invalid = []
if state in ["enabled", "disabled"]:
if action == "member":
ansible_module.fail_json(
@@ -237,22 +238,14 @@ def main():
invalid = [
"forwarders", "forwardpolicy", "skip_overlap_check", "permission"
]
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with action "
"'%s', state `%s`" % (x, action, state))
wants_enable = (state == "enabled")
if operation == "del":
invalid = [
"forwarders", "forwardpolicy", "skip_overlap_check", "permission"
]
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with action "
"'%s', state `%s`" % (x, action, state))
ansible_module.params_fail_used_invalid(invalid, state, action)
changed = False
exit_args = {}

6
plugins/modules/ipadnsrecord.py
View File

@@ -1201,11 +1201,7 @@ def check_parameters(module, state, zone_name, record):
invalid = list(_PART_MAP.keys())
invalid.extend(['create_reverse', 'dns_ttl'])
for x in invalid:
if x in record:
module.fail_json(
msg="Variable `%s` cannot be used in state `%s`" %
(x, state))
module.params_fail_used_invalid(invalid, state)
def get_entry_from_module(module, name):

11
plugins/modules/ipadnszone.py
View File

@@ -429,13 +429,10 @@ class DNSZoneModule(FreeIPABaseModule):
self.fail_json(
msg="Either `name` or `name_from_ip` must be provided."
)
if self.ipa_params.state != "present" and self.ipa_params.name_from_ip:
self.fail_json(
msg=(
"Cannot use argument `name_from_ip` with state `%s`."
% self.ipa_params.state
)
)
if self.ipa_params.state != "present":
invalid = ["name_from_ip"]
self.params_fail_used_invalid(invalid, self.ipa_params.state)
def define_ipa_commands(self):
for zone_name in self.get_zone_names():

13
plugins/modules/ipagroup.py
View File

@@ -314,6 +314,7 @@ def main():
state = ansible_module.params_get("state")
# Check parameters
invalid = []
if state == "present":
if len(names) != 1:
@@ -322,11 +323,6 @@ def main():
if action == "member":
invalid = ["description", "gid", "posix", "nonposix", "external",
"nomembers"]
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with action "
"'%s'" % (x, action))
if state == "absent":
if len(names) < 1:
@@ -336,11 +332,8 @@ def main():
"nomembers"]
if action == "group":
invalid.extend(["user", "group", "service", "externalmember"])
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with state '%s'" %
(x, state))
ansible_module.params_fail_used_invalid(invalid, state, action)
if external is False:
ansible_module.fail_json(

19
plugins/modules/ipahbacrule.py
View File

@@ -247,6 +247,8 @@ def main():
# Check parameters
invalid = []
if state == "present":
if len(names) != 1:
ansible_module.fail_json(
@@ -254,11 +256,6 @@ def main():
if action == "member":
invalid = ["description", "usercategory", "hostcategory",
"servicecategory", "nomembers"]
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with action "
"'%s'" % (x, action))
else:
if hostcategory == 'all' and any([host, hostgroup]):
ansible_module.fail_json(
@@ -278,11 +275,6 @@ def main():
if action == "hbacrule":
invalid.extend(["host", "hostgroup", "hbacsvc", "hbacsvcgroup",
"user", "group"])
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with state '%s'" %
(x, state))
elif state in ["enabled", "disabled"]:
if len(names) < 1:
@@ -294,14 +286,11 @@ def main():
invalid = ["description", "usercategory", "hostcategory",
"servicecategory", "nomembers", "host", "hostgroup",
"hbacsvc", "hbacsvcgroup", "user", "group"]
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with state '%s'" %
(x, state))
else:
ansible_module.fail_json(msg="Invalid state '%s'" % state)
ansible_module.params_fail_used_invalid(invalid, state, action)
# Init
changed = False

8
plugins/modules/ipahbacsvc.py
View File

@@ -127,6 +127,7 @@ def main():
# Check parameters
invalid = []
if state == "present":
if len(names) != 1:
ansible_module.fail_json(
@@ -137,11 +138,8 @@ def main():
ansible_module.fail_json(
msg="No name given.")
invalid = ["description"]
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with state '%s'" %
(x, state))
ansible_module.params_fail_used_invalid(invalid, state)
# Init

14
plugins/modules/ipahbacsvcgroup.py
View File

@@ -187,17 +187,14 @@ def main():
# Check parameters
invalid = []
if state == "present":
if len(names) != 1:
ansible_module.fail_json(
msg="Only one hbacsvcgroup can be added at a time.")
if action == "member":
invalid = ["description", "nomembers"]
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with action "
"'%s'" % (x, action))
if state == "absent":
if len(names) < 1:
@@ -206,11 +203,8 @@ def main():
invalid = ["description", "nomembers"]
if action == "hbacsvcgroup":
invalid.extend(["hbacsvc"])
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with state '%s'" %
(x, state))
ansible_module.params_fail_used_invalid(invalid, state, action)
# Init

18
plugins/modules/ipahost.py
View File

@@ -530,6 +530,7 @@ def check_parameters( # pylint: disable=unused-argument
userclass, auth_ind, requires_pre_auth, ok_as_delegate,
ok_to_auth_as_delegate, force, reverse, ip_address, update_dns,
update_password):
invalid = []
if state == "present":
if action == "member":
# certificate, managedby_host, principal,
@@ -539,11 +540,6 @@ def check_parameters( # pylint: disable=unused-argument
"userclass", "auth_ind", "requires_pre_auth",
"ok_as_delegate", "ok_to_auth_as_delegate", "force",
"reverse", "update_dns", "update_password"]
for x in invalid:
if vars()[x] is not None:
module.fail_json(
msg="Argument '%s' can not be used with action "
"'%s'" % (x, action))
if state == "absent":
invalid = ["description", "locality", "location", "platform", "os",
@@ -551,11 +547,6 @@ def check_parameters( # pylint: disable=unused-argument
"userclass", "auth_ind", "requires_pre_auth",
"ok_as_delegate", "ok_to_auth_as_delegate", "force",
"reverse", "update_password"]
for x in invalid:
if vars()[x] is not None:
module.fail_json(
msg="Argument '%s' can not be used with state '%s'" %
(x, state))
if action == "host":
invalid = [
"certificate", "managedby_host", "principal",
@@ -565,11 +556,8 @@ def check_parameters( # pylint: disable=unused-argument
"allow_retrieve_keytab_host",
"allow_retrieve_keytab_hostgroup"
]
for x in invalid:
if vars()[x] is not None:
module.fail_json(
msg="Argument '%s' can only be used with action "
"'member' for state '%s'" % (x, state))
module.params_fail_used_invalid(invalid, state, action)
# pylint: disable=unused-argument

18
plugins/modules/ipahostgroup.py
View File

@@ -224,6 +224,7 @@ def main():
# Check parameters
invalid = []
if state == "present":
if len(names) != 1:
ansible_module.fail_json(
@@ -231,11 +232,6 @@ def main():
invalid = ["rename"]
if action == "member":
invalid.extend(["description", "nomembers"])
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with action "
"'%s'" % (x, action))
if state == "renamed":
if len(names) != 1:
@@ -249,11 +245,6 @@ def main():
"description", "nomembers", "host", "hostgroup",
"membermanager_user", "membermanager_group"
]
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with state '%s'" %
(x, state))
if state == "absent":
if len(names) < 1:
@@ -262,11 +253,8 @@ def main():
invalid = ["description", "nomembers", "rename"]
if action == "hostgroup":
invalid.extend(["host", "hostgroup"])
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with state '%s'" %
(x, state))
ansible_module.params_fail_used_invalid(invalid, state, action)
# Init

9
plugins/modules/ipalocation.py
View File

@@ -116,7 +116,7 @@ def main():
state = ansible_module.params_get("state")
# Check parameters
invalid = []
if state == "present":
if len(names) != 1:
ansible_module.fail_json(
@@ -126,11 +126,8 @@ def main():
if len(names) < 1:
ansible_module.fail_json(msg="No name given.")
invalid = ["description"]
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with state '%s'" %
(x, state))
ansible_module.params_fail_used_invalid(invalid, state)
# Init

6
plugins/modules/ipapermission.py
View File

@@ -304,11 +304,7 @@ def main():
invalid += ["right", "attrs", "memberof",
"extra_target_filter", "rawfilter"]
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with action "
"'%s' and state '%s'" % (x, action, state))
ansible_module.params_fail_used_invalid(invalid, state, action)
if bindtype == "self" and ansible_module.ipa_check_version("<", "4.8.7"):
ansible_module.fail_json(

6
plugins/modules/ipaprivilege.py
View File

@@ -205,11 +205,7 @@ def main():
msg="Action '%s' can not be used with state '%s'"
% (action, state))
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with action "
"'%s' and state '%s'" % (x, action, state))
ansible_module.params_fail_used_invalid(invalid, state, action)
# Init

8
plugins/modules/ipapwpolicy.py
View File

@@ -210,6 +210,7 @@ def main():
state = ansible_module.params_get("state")
# Check parameters
invalid = []
if names is None:
names = [u"global_policy"]
@@ -228,11 +229,8 @@ def main():
invalid = ["maxlife", "minlife", "history", "minclasses",
"minlength", "priority", "maxfail", "failinterval",
"lockouttime"]
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with state '%s'" %
(x, state))
ansible_module.params_fail_used_invalid(invalid, state)
# Init

6
plugins/modules/iparole.py
View File

@@ -151,11 +151,7 @@ def check_parameters(module):
if action != "member":
invalid.extend(['privilege'])
for arg in invalid:
if module.params_get(arg) is not None:
module.fail_json(
msg="Argument '%s' can not be used with action '%s'" %
(arg, state))
module.params_fail_used_invalid(invalid, state, action)
def member_intersect(module, attr, memberof, res_find):

13
plugins/modules/ipaselfservice.py
View File

@@ -158,6 +158,7 @@ def main():
state = ansible_module.params_get("state")
# Check parameters
invalid = []
if state == "present":
if len(names) != 1:
@@ -165,11 +166,6 @@ def main():
msg="Only one selfservice be added at a time.")
if action == "member":
invalid = ["permission"]
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with action "
"'%s' and state '%s'" % (x, action, state))
if state == "absent":
if len(names) < 1:
@@ -177,11 +173,8 @@ def main():
invalid = ["permission"]
if action == "selfservice":
invalid.append("attribute")
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with action "
"'%s' and state '%s'" % (x, action, state))
ansible_module.params_fail_used_invalid(invalid, state, action)
if permission is not None:
perm = [p for p in permission if p not in ("read", "write")]

6
plugins/modules/ipaserver.py
View File

@@ -313,11 +313,7 @@ def main():
ansible_module.fail_json(msg="No name given.")
invalid = ["location", "service_weight", "hidden", "no_members"]
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with state '%s'" %
(x, state))
ansible_module.params_fail_used_invalid(invalid, state)
# Init

6
plugins/modules/ipaservice.py
View File

@@ -335,11 +335,7 @@ def check_parameters(module, state, action, names, parameters):
else:
module.fail_json(msg="Invalid state '%s'" % (state))
for _invalid in invalid:
if _invalid in parameters and parameters[_invalid] is not None:
module.fail_json(
msg="Argument '%s' can not be used with state '%s', "
"action '%s'" % (_invalid, state, action))
module.params_fail_used_invalid(invalid, state, action)
def init_ansible_module():

8
plugins/modules/ipasudocmd.py
View File

@@ -124,13 +124,11 @@ def main():
state = ansible_module.params_get("state")
# Check parameters
invalid = []
if state == "absent":
invalid = ["description"]
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with state '%s'" %
(x, state))
ansible_module.params_fail_used_invalid(invalid, state)
# Init

13
plugins/modules/ipasudocmdgroup.py
View File

@@ -168,6 +168,7 @@ def main():
state = ansible_module.params_get("state")
# Check parameters
invalid = []
if state == "present":
if len(names) != 1:
@@ -175,11 +176,6 @@ def main():
msg="Only one sudocmdgroup can be added at a time.")
if action == "member":
invalid = ["description", "nomembers"]
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with action "
"'%s'" % (x, action))
if state == "absent":
if len(names) < 1:
@@ -188,11 +184,8 @@ def main():
invalid = ["description", "nomembers"]
if action == "sudocmdgroup":
invalid.extend(["sudocmd"])
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with state '%s'" %
(x, state))
ansible_module.params_fail_used_invalid(invalid, state, action)
# Init

18
plugins/modules/ipasudorule.py
View File

@@ -311,6 +311,7 @@ def main():
state = ansible_module.params_get("state")
# Check parameters
invalid = []
if state == "present":
if len(names) != 1:
@@ -321,11 +322,6 @@ def main():
"cmdcategory", "runasusercategory",
"runasgroupcategory", "order", "nomembers"]
for arg in invalid:
if arg in vars() and vars()[arg] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with action "
"'%s'" % (arg, action))
else:
if hostcategory == 'all' and any([host, hostgroup]):
ansible_module.fail_json(
@@ -349,11 +345,6 @@ def main():
"runasuser", "runasgroup", "allow_sudocmd",
"allow_sudocmdgroup", "deny_sudocmd",
"deny_sudocmdgroup", "sudooption"])
for arg in invalid:
if vars()[arg] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with state '%s'" %
(arg, state))
elif state in ["enabled", "disabled"]:
if len(names) < 1:
@@ -368,14 +359,11 @@ def main():
"user", "group", "allow_sudocmd", "allow_sudocmdgroup",
"deny_sudocmd", "deny_sudocmdgroup", "runasuser",
"runasgroup", "order", "sudooption"]
for arg in invalid:
if vars()[arg] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with state '%s'" %
(arg, state))
else:
ansible_module.fail_json(msg="Invalid state '%s'" % state)
ansible_module.params_fail_used_invalid(invalid, state, action)
# Init
changed = False

13
plugins/modules/ipauser.py
View File

@@ -597,6 +597,7 @@ def check_parameters( # pylint: disable=unused-argument
userauthtype, userclass, radius, radiususer, departmentnumber,
employeenumber, employeetype, preferredlanguage, certificate,
certmapdata, noprivate, nomembers, preserve, update_password):
invalid = []
if state == "present":
if action == "member":
invalid = ["first", "last", "fullname", "displayname", "initials",
@@ -608,11 +609,6 @@ def check_parameters( # pylint: disable=unused-argument
"departmentnumber", "employeenumber", "employeetype",
"preferredlanguage", "noprivate", "nomembers",
"preserve", "update_password"]
for x in invalid:
if vars()[x] is not None:
module.fail_json(
msg="Argument '%s' can not be used with action "
"'%s'" % (x, action))
else:
invalid = ["first", "last", "fullname", "displayname", "initials",
@@ -628,16 +624,13 @@ def check_parameters( # pylint: disable=unused-argument
invalid.extend(["principal", "manager",
"certificate", "certmapdata",
])
for x in invalid:
if vars()[x] is not None:
module.fail_json(
msg="Argument '%s' can not be used with state '%s'" %
(x, state))
if state != "absent" and preserve is not None:
module.fail_json(
msg="Preserve is only possible for state=absent")
module.params_fail_used_invalid(invalid, state, action)
if certmapdata is not None:
for x in certmapdata:
certificate = x.get("certificate")

6
plugins/modules/ipavault.py
View File

@@ -483,11 +483,7 @@ def check_parameters( # pylint: disable=unused-argument
module.fail_json(
msg="State `retrieved` do not support action `member`.")
for arg in invalid:
if vars()[arg] is not None:
module.fail_json(
msg="Argument '%s' can not be used with state '%s', "
"action '%s'" % (arg, state, action))
module.params_fail_used_invalid(invalid, state, action)
def check_encryption_params( # pylint: disable=unused-argument