Modify the plugin templates so that the code generated does not hide
errors when querying IPA wih *_show command by handlig only the exeption
where an object is not found.
ansible-freeipa roles do not work with Ansible 2.8 anymore, so the
minimum supported version is changed to 2.15, the oldest supported
Ansible version as of today.
Recent pylint versions warn against the use of an 'else' in a
'try-except' block if using a 'return' on the 'except' part is is the
idom used by ansible-freeipa when retrieving IPA data objects.
This change removes the usage of the 'else:' in such cases, and modify
the templates so that new modules do not have the same issue in the
future.
As ansible-freeipa roles do not support version 2.8 anymore, change the
minimum supported version to 2.13, which is the currently minimum
available and supported Ansible version.
This patch fixes documentation on all plugin READMEs, spec file and
module templates.
The usage of module_defaults allows to reduce the size of the tests and
to have the needed information in the tasks only. The default values for the
parameters are automatically passed to the module by Ansible.
It is not possible to use a module group for module_defaults as this could
only be done with Ansible Collections. The tests are also used upstream and
downstream without a collection.
Without groups of a collection it is needed to add the defaults for all
modules separately.
Simple example:
module_defaults:
ipahost:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
Several module example using YAML anchors and aliases:
module_defaults:
ipahost: &ipa_module_defaults
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
ipauser: *ipa_module_defaults
ipagroup: *ipa_module_defaults
The documentation for "become" and "gather_facts" has been updated to
make sure that these parameters are enabled only in new tests if it is
really needed.
ansible-test with ansible-2.14 is adding a lot of new tests to ensure
that the documentation section and the agument spec is complete.
To aid the creation of new_modules that follow these rules, the
'new_module' script and its templates were modified to use the new
ansible-test rules. The 'new_module' script now requires a new
argument, github_user, and the code templates provide the required
fields (like 'type' and 'elements') to the provide examples.
Before "short description" was used in most plugins, modules and also
in the new module templates.
ansible-doc was therefore not showing the short description. To fix the
issue the flag was renamed to short_description instead.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2121362
'ansible-doc' -l lists most idm modules as 'UNDOCUMENTED'
This patch add the lines necessary to allow the use of the attribute
`delete_continue`, as it is a commom attribute, and if newer commom
attributes are added to IPAAnsibleModule in the future, the usage will
be similar.
Some modules should be compared in a case insensitive manner, and this
patch adds an example of a call to IPAAnsibleModule.params_get_lowercase
and a note on its usage.
This patch refactors the module template for modules with member
management, in a way that the addition of member management command
logic is not duplicated in different states or actions.
This idiom has been applied recently along with other fixes to modules
with idempotence issues reducing the modules code size and centering
code logic in specific blocks.
The Variables and also the Return Variables sections contained an extra
header with the module name. This is only needed if there are more than
one module in the README.
All modules should use the same description for IPA API connection
variables. This change add description for ipaapi_context and
ipaapi_ldap_cache variable to the module README templates.
execute_ipa_commands replces the check mode exit, the loop over the
generated commands and also in the member failure handling for modules
with member support.
execute_ipa_commands replces the check mode exit, the loop over the
generated commands and also in the member failure handling for modules
with member support.
Use IPAAnsibleModule and ipamodule_base_docs in the templates of
utils/new_module.
ipaadmin_password lines in the examples have been added, ipaadmin_
variables are handled by IPAAnsibleModule, ansible_module.params_get is
used to get the parameters and ansible_module.ipa_connect is used to
simplify the module.
ipamodule+member.py.in is additionally using gen_add_list and
gen_intersection_list to reduce the command calls to the changes only.
ansible-freeipa modules should work without superuser privileges in
most cases, and to reflect this, the module tests should avoid using
`become: yes`.
This PR change the test playbook templates to use `become: no` by
default, so only modules that require superuser privileges will need
to change this variable.
Added code to the ipa* plugins to support Ansible's check_mode, by
means of a clean exit before the execution of the actual list of
commands that would otherwise create/update/delete IPA servers
and/or its resources.
The script will create the module in plugins/modules, the README, test and
playbook files.
Usage: new_module [options] <module name> <author name>
<author email address>
Create new ansible-freeipa module using templates.
Options:
-m Create module with member support
-f Force creation
-h Print this help
Example:
utils/new_module -m permission "My Name" myname@some.email
