New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds ipa_vault modules #44631

Open
wants to merge 8 commits into
base: devel
from

Conversation

Projects
None yet
3 participants
@schegi

schegi commented Aug 24, 2018

Adds additional ipa vault modules for member-management,
data archivation/retrieval and vault modifications (key, password,
type and description updates).
Adds additional module_utils for all common vault functionality.
Adds one modification to module_utils/ipa.py

SUMMARY

This change adds three new ansible modules:

  • ipa_vault_data: capable of archiving and retrieving data in/from ipa vaults of different type(standard, symmetric and asymmetric)
  • ipa_vault_member: capable of managing ipa vault members (user, groups and services)
  • ipa_vault_mod: capable of vault modifications (chaning keypairs, passwords, vault-types and descriptions.

Additionally, it contains a change to module_utils/ipa.py and a new module_utils/ipa_vault.py

ISSUE TYPE
  • New Module Pull Request
COMPONENT NAME

ipa_vault_data
ipa_vault_member
ipa_vault_mod

ANSIBLE VERSION
ansible 2.7.0.dev0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/schegi/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /home/schegi/git/ipa_vault_rebuild/.venv/lib/python2.7/site-packages/ansible
  executable location = /home/schegi/git/ipa_vault_rebuild/.venv/bin/ansible
  python version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
ADDITIONAL INFORMATION

DEPRECATED INFORMATION:
Additionally to this PR, i issued a PR against the ansible fork of jparrill which includes changes to jparrills initially added ipa_vault module (jparrill#1). Including changes which makes his module use the module_utils/ipa_vault and little fixes regaring service/user vault.

UPDATE:
Due to the fact that the PR of jparrill was merged and cannot be reopend i included all my changes into this PR.


schegi
Adds ipa_vault modules
Adds additional ipa vault modules for member-management,
data archivation/retrieval and vault modifications (key, password,
type and description updates).
Adds additional module_utils for all common vault functionality.
Adds one modification to module_utils/ipa.py
@ansibot

This comment has been minimized.

Contributor

ansibot commented Aug 24, 2018

@ansibot

This comment has been minimized.

Contributor

ansibot commented Aug 24, 2018

@schegi this PR contains more than one new module.

Please submit only one new module per pull request. For a detailed explanation, please read the grouped modules documentation

click here for bot help

@ansibot

This comment has been minimized.

Contributor

ansibot commented Aug 24, 2018

The test ansible-test sanity --test import --python 2.7 [explain] failed with 4 errors:

lib/ansible/module_utils/ipa_vault.py:14:0: ImportError: No module named cryptography.fernet
lib/ansible/modules/identity/ipa/ipa_vault_data.py:13:0: ImportError: No module named cryptography.fernet
lib/ansible/modules/identity/ipa/ipa_vault_member.py:13:0: ImportError: No module named cryptography.fernet
lib/ansible/modules/identity/ipa/ipa_vault_mod.py:14:0: ImportError: No module named cryptography.fernet

The test ansible-test sanity --test import --python 2.6 [explain] failed with 1 error:

lib/ansible/module_utils/ipa_vault.py:14:0: ImportError: No module named cryptography.fernet

The test ansible-test sanity --test import --python 3.5 [explain] failed with 4 errors:

lib/ansible/module_utils/ipa_vault.py:14:0: ImportError: No module named 'cryptography'
lib/ansible/modules/identity/ipa/ipa_vault_data.py:13:0: ImportError: No module named 'cryptography'
lib/ansible/modules/identity/ipa/ipa_vault_member.py:13:0: ImportError: No module named 'cryptography'
lib/ansible/modules/identity/ipa/ipa_vault_mod.py:14:0: ImportError: No module named 'cryptography'

The test ansible-test sanity --test import --python 3.6 [explain] failed with 4 errors:

lib/ansible/module_utils/ipa_vault.py:14:0: ModuleNotFoundError: No module named 'cryptography'
lib/ansible/modules/identity/ipa/ipa_vault_data.py:13:0: ModuleNotFoundError: No module named 'cryptography'
lib/ansible/modules/identity/ipa/ipa_vault_member.py:13:0: ModuleNotFoundError: No module named 'cryptography'
lib/ansible/modules/identity/ipa/ipa_vault_mod.py:14:0: ModuleNotFoundError: No module named 'cryptography'

The test ansible-test sanity --test import --python 3.7 [explain] failed with 4 errors:

lib/ansible/module_utils/ipa_vault.py:14:0: ModuleNotFoundError: No module named 'cryptography'
lib/ansible/modules/identity/ipa/ipa_vault_data.py:13:0: ModuleNotFoundError: No module named 'cryptography'
lib/ansible/modules/identity/ipa/ipa_vault_member.py:13:0: ModuleNotFoundError: No module named 'cryptography'
lib/ansible/modules/identity/ipa/ipa_vault_mod.py:14:0: ModuleNotFoundError: No module named 'cryptography'

The test ansible-test sanity --test no-underscore-variable [explain] failed with 3 errors:

lib/ansible/module_utils/ipa_vault.py:514:9: use `dummy` instead of `_` for a variable name
lib/ansible/module_utils/ipa_vault.py:621:9: use `dummy` instead of `_` for a variable name
lib/ansible/module_utils/ipa_vault.py:649:9: use `dummy` instead of `_` for a variable name

The test ansible-test sanity --test shebang [explain] failed with 1 error:

lib/ansible/module_utils/ipa_vault.py:0:0: should not have a shebang

The test ansible-test sanity --test validate-modules [explain] failed with 16 errors:

lib/ansible/modules/identity/ipa/ipa_vault_data.py:9:0: E106 Import found before documentation variables. All imports must appear below DOCUMENTATION/EXAMPLES/RETURN/ANSIBLE_METADATA.
lib/ansible/modules/identity/ipa/ipa_vault_data.py:9:0: E107 Imports should be directly below DOCUMENTATION/EXAMPLES/RETURN/ANSIBLE_METADATA.
lib/ansible/modules/identity/ipa/ipa_vault_member.py:0:0: E322 "vault_service" is listed in the argument_spec, but not documented in the module
lib/ansible/modules/identity/ipa/ipa_vault_member.py:0:0: E322 "vaultservice" is listed in the argument_spec, but not documented in the module
lib/ansible/modules/identity/ipa/ipa_vault_member.py:0:0: E323 "user" is listed in DOCUMENTATION.options, but not accepted by the module
lib/ansible/modules/identity/ipa/ipa_vault_member.py:9:0: E106 Import found before documentation variables. All imports must appear below DOCUMENTATION/EXAMPLES/RETURN/ANSIBLE_METADATA.
lib/ansible/modules/identity/ipa/ipa_vault_member.py:9:0: E107 Imports should be directly below DOCUMENTATION/EXAMPLES/RETURN/ANSIBLE_METADATA.
lib/ansible/modules/identity/ipa/ipa_vault_mod.py:0:0: E322 "description" is listed in the argument_spec, but not documented in the module
lib/ansible/modules/identity/ipa/ipa_vault_mod.py:0:0: E322 "new_vault_type" is listed in the argument_spec, but not documented in the module
lib/ansible/modules/identity/ipa/ipa_vault_mod.py:0:0: E322 "newtype" is listed in the argument_spec, but not documented in the module
lib/ansible/modules/identity/ipa/ipa_vault_mod.py:0:0: E322 "newvaulttype" is listed in the argument_spec, but not documented in the module
lib/ansible/modules/identity/ipa/ipa_vault_mod.py:0:0: E322 "vaultuser" is listed in the argument_spec, but not documented in the module
lib/ansible/modules/identity/ipa/ipa_vault_mod.py:0:0: E323 "vault_new_type" is listed in DOCUMENTATION.options, but not accepted by the module
lib/ansible/modules/identity/ipa/ipa_vault_mod.py:0:0: E323 "vaultuser"" is listed in DOCUMENTATION.options, but not accepted by the module
lib/ansible/modules/identity/ipa/ipa_vault_mod.py:10:0: E106 Import found before documentation variables. All imports must appear below DOCUMENTATION/EXAMPLES/RETURN/ANSIBLE_METADATA.
lib/ansible/modules/identity/ipa/ipa_vault_mod.py:10:0: E107 Imports should be directly below DOCUMENTATION/EXAMPLES/RETURN/ANSIBLE_METADATA.

click here for bot help

@ansibot ansibot added the ci_verified label Aug 24, 2018

@schegi

This comment has been minimized.

schegi commented Aug 24, 2018

I explicitely asked in the IRC if i should issue one or multiple pull requests for the modules. The answer was one. If if necessary i could alo split this request into three separate ones. The Rest i'll fix.

schegi
Fixes ansibot issues
Fixes ansibot issues expect multipl modules
and import issues.

@ansibot ansibot removed the ci_verified label Aug 24, 2018

@ansibot

This comment has been minimized.

Contributor

ansibot commented Aug 24, 2018

The test ansible-test sanity --test import --python 2.6 [explain] failed with 1 error:

lib/ansible/module_utils/ipa_vault.py:13:0: ImportError: No module named cryptography.fernet

The test ansible-test sanity --test import --python 2.7 [explain] failed with 4 errors:

lib/ansible/module_utils/ipa_vault.py:13:0: ImportError: No module named cryptography.fernet
lib/ansible/modules/identity/ipa/ipa_vault_data.py:156:0: ImportError: No module named cryptography.fernet
lib/ansible/modules/identity/ipa/ipa_vault_member.py:110:0: ImportError: No module named cryptography.fernet
lib/ansible/modules/identity/ipa/ipa_vault_mod.py:112:0: ImportError: No module named cryptography.fernet

The test ansible-test sanity --test import --python 3.5 [explain] failed with 4 errors:

lib/ansible/module_utils/ipa_vault.py:13:0: ImportError: No module named 'cryptography'
lib/ansible/modules/identity/ipa/ipa_vault_data.py:156:0: ImportError: No module named 'cryptography'
lib/ansible/modules/identity/ipa/ipa_vault_member.py:110:0: ImportError: No module named 'cryptography'
lib/ansible/modules/identity/ipa/ipa_vault_mod.py:112:0: ImportError: No module named 'cryptography'

The test ansible-test sanity --test import --python 3.6 [explain] failed with 4 errors:

lib/ansible/module_utils/ipa_vault.py:13:0: ModuleNotFoundError: No module named 'cryptography'
lib/ansible/modules/identity/ipa/ipa_vault_data.py:156:0: ModuleNotFoundError: No module named 'cryptography'
lib/ansible/modules/identity/ipa/ipa_vault_member.py:110:0: ModuleNotFoundError: No module named 'cryptography'
lib/ansible/modules/identity/ipa/ipa_vault_mod.py:112:0: ModuleNotFoundError: No module named 'cryptography'

The test ansible-test sanity --test import --python 3.7 [explain] failed with 4 errors:

lib/ansible/module_utils/ipa_vault.py:13:0: ModuleNotFoundError: No module named 'cryptography'
lib/ansible/modules/identity/ipa/ipa_vault_data.py:156:0: ModuleNotFoundError: No module named 'cryptography'
lib/ansible/modules/identity/ipa/ipa_vault_member.py:110:0: ModuleNotFoundError: No module named 'cryptography'
lib/ansible/modules/identity/ipa/ipa_vault_mod.py:112:0: ModuleNotFoundError: No module named 'cryptography'

The test ansible-test sanity --test pep8 [explain] failed with 1 error:

lib/ansible/modules/identity/ipa/ipa_vault_data.py:161:1: E302 expected 2 blank lines, found 1

click here for bot help

@ansibot ansibot added the ci_verified label Aug 24, 2018

schegi
Fixes ansibot import issues.
Fixes import issues within ansibot.
Fixes minor copyright issue.

@ansibot ansibot removed the ci_verified label Aug 24, 2018

@ansibot

This comment has been minimized.

Contributor

ansibot commented Aug 24, 2018

The test ansible-test sanity --test pylint [explain] failed with 1 error:

lib/ansible/module_utils/ipa_vault.py:39:8: bad-super-call Bad first argument 'self.__class__' given to super()

The test ansible-test sanity --test pep8 [explain] failed with 1 error:

lib/ansible/modules/identity/ipa/ipa_vault_data.py:161:1: E302 expected 2 blank lines, found 1

click here for bot help

@ansibot ansibot added the ci_verified label Aug 24, 2018

schegi
@ansibot

This comment has been minimized.

Contributor

ansibot commented Sep 20, 2018

@schegi This PR contains @ mentions in at least one commit message. Those mentions can cause cascading notifications through GitHub and need to be removed. Please squash or amend your commits to remove the mentions.

click here for bot help

@ansibot ansibot removed the stale_ci label Sep 20, 2018

Adds ipa_vault.py
Includes now the changes from my PR against jparrills
fork of ansible. jparrill#1
Jparrills PR is already merged and cannot be reopend,
so this PR now include all my changes made to ipa_vault module.
Will remove the reference to the other PR.

@schegi schegi force-pushed the schegi:feature/ipa_vault_additional_modules branch to b7f8fbe Sep 20, 2018

@ansibot

This comment has been minimized.

Contributor

ansibot commented Sep 20, 2018

The test ansible-test sanity --test validate-modules [explain] failed with 6 errors:

lib/ansible/modules/identity/ipa/ipa_vault.py:0:0: E309 version_added for new option (ipavaultpassword) should be 2.8. Currently 0.0
lib/ansible/modules/identity/ipa/ipa_vault.py:0:0: E309 version_added for new option (ipavaultpasswordfile) should be 2.8. Currently 0.0
lib/ansible/modules/identity/ipa/ipa_vault.py:0:0: E309 version_added for new option (ipavaultpublickeyfile) should be 2.8. Currently 0.0
lib/ansible/modules/identity/ipa/ipa_vault_data.py:0:0: E307 version_added should be 2.8. Currently 2.7
lib/ansible/modules/identity/ipa/ipa_vault_member.py:0:0: E307 version_added should be 2.8. Currently 2.7
lib/ansible/modules/identity/ipa/ipa_vault_mod.py:0:0: E307 version_added should be 2.8. Currently 2.7

click here for bot help

@ansibot ansibot added ci_verified and removed ci_verified labels Sep 20, 2018

@ansibot

This comment has been minimized.

Contributor

ansibot commented Sep 20, 2018

The test ansible-test sanity --test validate-modules [explain] failed with 3 errors:

lib/ansible/modules/identity/ipa/ipa_vault.py:0:0: E309 version_added for new option (ipavaultpassword) should be 2.8. Currently 0.0
lib/ansible/modules/identity/ipa/ipa_vault.py:0:0: E309 version_added for new option (ipavaultpasswordfile) should be 2.8. Currently 0.0
lib/ansible/modules/identity/ipa/ipa_vault.py:0:0: E309 version_added for new option (ipavaultpublickeyfile) should be 2.8. Currently 0.0

click here for bot help

@ansibot ansibot added the ci_verified label Sep 20, 2018

Fixes E307 version_added
Changes version_added to 2.8 in modules
ipa_vault_member, ipa_vault_data, ipa_vault_mod

@schegi schegi force-pushed the schegi:feature/ipa_vault_additional_modules branch to 8e13f5e Sep 20, 2018

Fixes E309 version_added
Adds version_added to newly added parameters

@ansibot ansibot removed the ci_verified label Sep 20, 2018

@ansibot

This comment has been minimized.

Contributor

ansibot commented Sep 20, 2018

The test ansible-test sanity --test ansible-doc --python 2.6 [explain] failed with 1 error:

lib/ansible/modules/identity/ipa/ipa_vault.py:0:0: has a documentation error formatting or is missing documentation.

The test ansible-test sanity --test ansible-doc --python 2.7 [explain] failed with 1 error:

lib/ansible/modules/identity/ipa/ipa_vault.py:0:0: has a documentation error formatting or is missing documentation.

The test ansible-test sanity --test ansible-doc --python 3.5 [explain] failed with 1 error:

lib/ansible/modules/identity/ipa/ipa_vault.py:0:0: has a documentation error formatting or is missing documentation.

The test ansible-test sanity --test ansible-doc --python 3.6 [explain] failed with 1 error:

lib/ansible/modules/identity/ipa/ipa_vault.py:0:0: has a documentation error formatting or is missing documentation.

The test ansible-test sanity --test ansible-doc --python 3.7 [explain] failed with 1 error:

lib/ansible/modules/identity/ipa/ipa_vault.py:0:0: has a documentation error formatting or is missing documentation.

The test ansible-test sanity --test docs-build [explain] failed with the error:

Command "/usr/bin/python test/sanity/code-smell/docs-build.py" returned exit status 1.
>>> Standard Error
Traceback (most recent call last):
  File "test/sanity/code-smell/docs-build.py", line 99, in <module>
    main()
  File "test/sanity/code-smell/docs-build.py", line 17, in main
    raise subprocess.CalledProcessError(sphinx.returncode, cmd, output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['make', 'singlehtmldocs']' returned non-zero exit status 2.

The test ansible-test sanity --test pep8 [explain] failed with 9 errors:

lib/ansible/modules/identity/ipa/ipa_vault.py:49:1: E101 indentation contains mixed spaces and tabs
lib/ansible/modules/identity/ipa/ipa_vault.py:49:1: W191 indentation contains tabs
lib/ansible/modules/identity/ipa/ipa_vault.py:50:1: E101 indentation contains mixed spaces and tabs
lib/ansible/modules/identity/ipa/ipa_vault.py:55:1: E101 indentation contains mixed spaces and tabs
lib/ansible/modules/identity/ipa/ipa_vault.py:55:1: W191 indentation contains tabs
lib/ansible/modules/identity/ipa/ipa_vault.py:56:1: E101 indentation contains mixed spaces and tabs
lib/ansible/modules/identity/ipa/ipa_vault.py:61:1: E101 indentation contains mixed spaces and tabs
lib/ansible/modules/identity/ipa/ipa_vault.py:61:1: W191 indentation contains tabs
lib/ansible/modules/identity/ipa/ipa_vault.py:62:1: E101 indentation contains mixed spaces and tabs

The test ansible-test sanity --test validate-modules [explain] failed with 13 errors:

lib/ansible/modules/identity/ipa/ipa_vault.py:0:0: E324 Value for "default" from the argument_spec ('admin') for "ipa_user" does not match the documentation (None)
lib/ansible/modules/identity/ipa/ipa_vault.py:0:0: E324 Value for "default" from the argument_spec ('https') for "ipa_prot" does not match the documentation (None)
lib/ansible/modules/identity/ipa/ipa_vault.py:0:0: E324 Value for "default" from the argument_spec ('ipa.example.com') for "ipa_host" does not match the documentation (None)
lib/ansible/modules/identity/ipa/ipa_vault.py:0:0: E324 Value for "default" from the argument_spec ('present') for "state" does not match the documentation (None)
lib/ansible/modules/identity/ipa/ipa_vault.py:0:0: E324 Value for "default" from the argument_spec ('standard') for "ipavaulttype" does not match the documentation (None)
lib/ansible/modules/identity/ipa/ipa_vault.py:0:0: E324 Value for "default" from the argument_spec (10) for "ipa_timeout" does not match the documentation (None)
lib/ansible/modules/identity/ipa/ipa_vault.py:0:0: E324 Value for "default" from the argument_spec (443) for "ipa_port" does not match the documentation (None)
lib/ansible/modules/identity/ipa/ipa_vault.py:0:0: E324 Value for "default" from the argument_spec (True) for "validate_certs" does not match the documentation (False)
lib/ansible/modules/identity/ipa/ipa_vault.py:0:0: E325 argument_spec for "validate_certs" defines type="bool" but documentation does not
lib/ansible/modules/identity/ipa/ipa_vault.py:0:0: E326 Value for "choices" from the argument_spec (['http', 'https']) for "ipa_prot" does not match the documentation ([])
lib/ansible/modules/identity/ipa/ipa_vault.py:0:0: E326 Value for "choices" from the argument_spec (['present', 'absent']) for "state" does not match the documentation ([])
lib/ansible/modules/identity/ipa/ipa_vault.py:0:0: E326 Value for "choices" from the argument_spec (['standard', 'symmetric', 'asymmetric']) for "ipavaulttype" does not match the documentation ([])
lib/ansible/modules/identity/ipa/ipa_vault.py:49:1: E302 DOCUMENTATION is not valid YAML

The test ansible-test sanity --test yamllint [explain] failed with 1 error:

lib/ansible/modules/identity/ipa/ipa_vault.py:49:1: error DOCUMENTATION: syntax error: found character '\t' that cannot start any token

click here for bot help

Fixes tabs in documentation yaml E302
Fixes wrongly updated version_added on ipa_vault.py

@ansibot ansibot added the stale_ci label Sep 28, 2018

@ansibot ansibot removed the support:core label Oct 6, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment