internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-08 14:23:11 +00:00
Code Issues Projects Releases Wiki Activity

vault: Use IPAAnsibleModule class

Browse Source 
ipaadmin_variables are handled by IPAAnsibleModule,
ansible_module.params_get is used to get the parameters and
ansible_module.ipa_connect is used to simplify the module.
This commit is contained in:
Thomas Woerner
2021-08-26 20:45:38 +02:00
parent af0b782f73
commit fc21887868
1 changed files with 37 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
plugins/modules/ipavault.py
View File

@@ -31,13 +31,9 @@ DOCUMENTATION = """
module: ipavault module: ipavault
short description: Manage vaults and secret vaults. short description: Manage vaults and secret vaults.
description: Manage vaults and secret vaults. KRA service must be enabled. description: Manage vaults and secret vaults. KRA service must be enabled.
extends_documentation_fragment:
- ipamodule_base_docs
options: options:
ipaadmin_principal:
description: The admin principal
default: admin
ipaadmin_password:
description: The admin password
required: false
name: name:
description: The vault name description: The vault name
required: true required: true
@@ -317,12 +313,9 @@ vault:
import os import os
from base64 import b64decode from base64 import b64decode
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils._text import to_text from ansible.module_utils._text import to_text
from ansible.module_utils.ansible_freeipa_module import temp_kinit, \ from ansible.module_utils.ansible_freeipa_module import IPAAnsibleModule, \
temp_kdestroy, valid_creds, api_connect, api_command, \ gen_add_del_lists, compare_args_ipa, exit_raw_json, ipalib_errors
gen_add_del_lists, compare_args_ipa, module_params_get, exit_raw_json, \
ipalib_errors
def find_vault(module, name, username, service, shared): def find_vault(module, name, username, service, shared):
@@ -338,7 +331,7 @@ def find_vault(module, name, username, service, shared):
else: else:
_args['shared'] = shared _args['shared'] = shared
_result = api_command(module, "vault_find", name, _args) _result = module.ipa_command("vault_find", name, _args)
if len(_result["result"]) > 1: if len(_result["result"]) > 1:
module.fail_json( module.fail_json(
@@ -579,7 +572,7 @@ def get_stored_data(module, res_find, args):
# retrieve vault stored data # retrieve vault stored data
try: try:
result = api_command(module, 'vault_retrieve', name, pwdargs) result = module.ipa_command('vault_retrieve', name, pwdargs)
except ipalib_errors.NotFound: except ipalib_errors.NotFound:
return None return None
@@ -587,12 +580,9 @@ def get_stored_data(module, res_find, args):
def main(): def main():
ansible_module = AnsibleModule( ansible_module = IPAAnsibleModule(
argument_spec=dict( argument_spec=dict(
# generalgroups # generalgroups
ipaadmin_principal=dict(type="str", default="admin"),
ipaadmin_password=dict(type="str", required=False, no_log=True),
name=dict(type="list", aliases=["cn"], default=None, name=dict(type="list", aliases=["cn"], default=None,
required=True), required=True),
@@ -663,45 +653,40 @@ def main():
ansible_module._ansible_debug = True ansible_module._ansible_debug = True
# general # general
ipaadmin_principal = module_params_get(ansible_module, names = ansible_module.params_get("name")
"ipaadmin_principal")
ipaadmin_password = module_params_get(ansible_module, "ipaadmin_password")
names = module_params_get(ansible_module, "name")
# present # present
description = module_params_get(ansible_module, "description") description = ansible_module.params_get("description")
username = module_params_get(ansible_module, "username") username = ansible_module.params_get("username")
service = module_params_get(ansible_module, "service") service = ansible_module.params_get("service")
shared = module_params_get(ansible_module, "shared") shared = ansible_module.params_get("shared")
users = module_params_get(ansible_module, "users") users = ansible_module.params_get("users")
groups = module_params_get(ansible_module, "groups") groups = ansible_module.params_get("groups")
services = module_params_get(ansible_module, "services") services = ansible_module.params_get("services")
owners = module_params_get(ansible_module, "owners") owners = ansible_module.params_get("owners")
ownergroups = module_params_get(ansible_module, "ownergroups") ownergroups = ansible_module.params_get("ownergroups")
ownerservices = module_params_get(ansible_module, "ownerservices") ownerservices = ansible_module.params_get("ownerservices")
vault_type = module_params_get(ansible_module, "vault_type") vault_type = ansible_module.params_get("vault_type")
salt = module_params_get(ansible_module, "vault_salt") salt = ansible_module.params_get("vault_salt")
password = module_params_get(ansible_module, "vault_password") password = ansible_module.params_get("vault_password")
password_file = module_params_get(ansible_module, "vault_password_file") password_file = ansible_module.params_get("vault_password_file")
new_password = module_params_get(ansible_module, "new_password") new_password = ansible_module.params_get("new_password")
new_password_file = module_params_get(ansible_module, "new_password_file") new_password_file = ansible_module.params_get("new_password_file")
public_key = module_params_get(ansible_module, "vault_public_key") public_key = ansible_module.params_get("vault_public_key")
public_key_file = module_params_get(ansible_module, public_key_file = ansible_module.params_get("vault_public_key_file")
"vault_public_key_file") private_key = ansible_module.params_get("vault_private_key")
private_key = module_params_get(ansible_module, "vault_private_key") private_key_file = ansible_module.params_get("vault_private_key_file")
private_key_file = module_params_get(ansible_module,
"vault_private_key_file")
vault_data = module_params_get(ansible_module, "vault_data") vault_data = ansible_module.params_get("vault_data")
datafile_in = module_params_get(ansible_module, "datafile_in") datafile_in = ansible_module.params_get("datafile_in")
datafile_out = module_params_get(ansible_module, "datafile_out") datafile_out = ansible_module.params_get("datafile_out")
action = module_params_get(ansible_module, "action") action = ansible_module.params_get("action")
state = module_params_get(ansible_module, "state") state = ansible_module.params_get("state")
# Check parameters # Check parameters
@@ -732,17 +717,10 @@ def main():
changed = False changed = False
exit_args = {} exit_args = {}
ccache_dir = None
ccache_name = None
try:
if not valid_creds(ansible_module, ipaadmin_principal):
ccache_dir, ccache_name = temp_kinit(ipaadmin_principal,
ipaadmin_password)
# Need to set krb5 ccache name, due to context='ansible-freeipa'
if ccache_name is not None:
os.environ["KRB5CCNAME"] = ccache_name
api_connect(context='ansible-freeipa') with ansible_module.ipa_connect(context='ansible-freeipa') as ccache_name:
if ccache_name is not None:
os.environ["KRB5CCNAME"] = ccache_name
commands = [] commands = []
@@ -970,7 +948,7 @@ def main():
errors = [] errors = []
for name, command, args in commands: for name, command, args in commands:
try: try:
result = api_command(ansible_module, command, name, args) result = ansible_module.ipa_command(command, name, args)
if command == 'vault_archive': if command == 'vault_archive':
changed = 'Archived data into' in result['summary'] changed = 'Archived data into' in result['summary']
@@ -1012,12 +990,6 @@ def main():
if len(errors) > 0: if len(errors) > 0:
ansible_module.fail_json(msg=", ".join(errors)) ansible_module.fail_json(msg=", ".join(errors))
except Exception as exception:
ansible_module.fail_json(msg=str(exception))
finally:
temp_kdestroy(ccache_dir, ccache_name)
# Done # Done
# exit_raw_json is a replacement for ansible_module.exit_json that # exit_raw_json is a replacement for ansible_module.exit_json that