Merge pull request #652 from rjeffman/ipaansiblemodule_fail_if_invalid

Standardize algorithm to verify if invalid argument was used.
freeipa · Oct 4, 2021 · ee29425 · ee29425
2 parents 4b77b27 + 0fac277
commit ee29425
Show file tree

Hide file tree

Showing 26 changed files with 95 additions and 204 deletions.
diff --git a/plugins/module_utils/ansible_freeipa_module.py b/plugins/module_utils/ansible_freeipa_module.py
@@ -699,6 +699,30 @@ def params_get(self, name):
             """
             return module_params_get(self, name)
 
+        def params_fail_used_invalid(self, invalid_params, state, action=None):
+            """
+            Fail module execution if one of the invalid parameters is not None.
+
+            Parameters
+            ----------
+            invalid_params:
+                List of parameters that must value 'None'.
+            state:
+                State being tested.
+            action:
+                Action being tested (optional).
+
+            """
+            if action is None:
+                msg = "Argument '{0}' can not be used with state '{1}'"
+            else:
+                msg = "Argument '{0}' can not be used with action "\
+                      "'{2}' and state '{1}'"
+
+            for param in invalid_params:
+                if self.params.get(param) is not None:
+                    self.fail_json(msg=msg.format(param, state, action))
+
         def ipa_command(self, command, name, args):
             """
             Execute an IPA API command with a required `name` argument.

diff --git a/plugins/modules/ipaautomember.py b/plugins/modules/ipaautomember.py
@@ -245,12 +245,17 @@ def main():
     rebuild_users = ansible_module.params_get("users")
     rebuild_hosts = ansible_module.params_get("hosts")
 
-    if (rebuild_hosts or rebuild_users) and state != "rebuild":
-        ansible_module.fail_json(
-            msg="'hosts' and 'users' are only valid with state: rebuild")
-    if not automember_type and state != "rebuild":
-        ansible_module.fail_json(
-            msg="'automember_type' is required unless state: rebuild")
+    # Check parameters
+    invalid = []
+
+    if state != "rebuild":
+        invalid = ["rebuild_hosts", "rebuild_users"]
+
+        if not automember_type and state != "rebuild":
+            ansible_module.fail_json(
+                msg="'automember_type' is required unless state: rebuild")
+
+    ansible_module.params_fail_used_invalid(invalid, state, action)
 
     # Init
     changed = False

diff --git a/plugins/modules/ipadelegation.py b/plugins/modules/ipadelegation.py
@@ -176,29 +176,23 @@ def main():
 
     # Check parameters
 
+    invalid = []
+
     if state == "present":
         if len(names) != 1:
             ansible_module.fail_json(
                 msg="Only one delegation be added at a time.")
         if action == "member":
             invalid = ["permission", "membergroup", "group"]
-            for x in invalid:
-                if vars()[x] is not None:
-                    ansible_module.fail_json(
-                        msg="Argument '%s' can not be used with action "
-                        "'%s' and state '%s'" % (x, action, state))
 
     if state == "absent":
         if len(names) < 1:
             ansible_module.fail_json(msg="No name given.")
         invalid = ["permission", "membergroup", "group"]
         if action == "delegation":
             invalid.append("attribute")
-        for x in invalid:
-            if vars()[x] is not None:
-                ansible_module.fail_json(
-                    msg="Argument '%s' can not be used with action "
-                    "'%s' and state '%s'" % (x, action, state))
+
+    ansible_module.params_fail_used_invalid(invalid, state, action)
 
     if permission is not None:
         perm = [p for p in permission if p not in ("read", "write")]

diff --git a/plugins/modules/ipadnsconfig.py b/plugins/modules/ipadnsconfig.py
@@ -196,11 +196,7 @@ def main():
     if state == 'absent':
         invalid = ['forward_policy', 'allow_sync_ptr']
 
-    for x in invalid:
-        if vars()[x] is not None:
-            ansible_module.fail_json(
-                msg="Argument '%s' can not be used with state '%s'" %
-                (x, state))
+    ansible_module.params_fail_used_invalid(invalid, state)
 
     # Init
 

diff --git a/plugins/modules/ipadnsforwardzone.py b/plugins/modules/ipadnsforwardzone.py
@@ -229,6 +229,7 @@ def main():
     else:
         operation = "add"
 
+    invalid = []
     if state in ["enabled", "disabled"]:
         if action == "member":
             ansible_module.fail_json(
@@ -237,22 +238,14 @@ def main():
         invalid = [
             "forwarders", "forwardpolicy", "skip_overlap_check", "permission"
         ]
-        for x in invalid:
-            if vars()[x] is not None:
-                ansible_module.fail_json(
-                    msg="Argument '%s' can not be used with action "
-                    "'%s', state `%s`" % (x, action, state))
         wants_enable = (state == "enabled")
 
     if operation == "del":
         invalid = [
             "forwarders", "forwardpolicy", "skip_overlap_check", "permission"
         ]
-        for x in invalid:
-            if vars()[x] is not None:
-                ansible_module.fail_json(
-                    msg="Argument '%s' can not be used with action "
-                    "'%s', state `%s`" % (x, action, state))
+
+    ansible_module.params_fail_used_invalid(invalid, state, action)
 
     changed = False
     exit_args = {}

diff --git a/plugins/modules/ipadnsrecord.py b/plugins/modules/ipadnsrecord.py
@@ -1201,11 +1201,7 @@ def check_parameters(module, state, zone_name, record):
         invalid = list(_PART_MAP.keys())
         invalid.extend(['create_reverse', 'dns_ttl'])
 
-    for x in invalid:
-        if x in record:
-            module.fail_json(
-                msg="Variable `%s` cannot be used in state `%s`" %
-                    (x, state))
+    module.params_fail_used_invalid(invalid, state)
 
 
 def get_entry_from_module(module, name):

diff --git a/plugins/modules/ipadnszone.py b/plugins/modules/ipadnszone.py
@@ -429,13 +429,10 @@ def check_ipa_params(self):
             self.fail_json(
                 msg="Either `name` or `name_from_ip` must be provided."
             )
-        if self.ipa_params.state != "present" and self.ipa_params.name_from_ip:
-            self.fail_json(
-                msg=(
-                    "Cannot use argument `name_from_ip` with state `%s`."
-                    % self.ipa_params.state
-                )
-            )
+        if self.ipa_params.state != "present":
+            invalid = ["name_from_ip"]
+
+            self.params_fail_used_invalid(invalid, self.ipa_params.state)
 
     def define_ipa_commands(self):
         for zone_name in self.get_zone_names():

diff --git a/plugins/modules/ipagroup.py b/plugins/modules/ipagroup.py
@@ -314,6 +314,7 @@ def main():
     state = ansible_module.params_get("state")
 
     # Check parameters
+    invalid = []
 
     if state == "present":
         if len(names) != 1:
@@ -322,11 +323,6 @@ def main():
         if action == "member":
             invalid = ["description", "gid", "posix", "nonposix", "external",
                        "nomembers"]
-            for x in invalid:
-                if vars()[x] is not None:
-                    ansible_module.fail_json(
-                        msg="Argument '%s' can not be used with action "
-                        "'%s'" % (x, action))
 
     if state == "absent":
         if len(names) < 1:
@@ -336,11 +332,8 @@ def main():
                    "nomembers"]
         if action == "group":
             invalid.extend(["user", "group", "service", "externalmember"])
-        for x in invalid:
-            if vars()[x] is not None:
-                ansible_module.fail_json(
-                    msg="Argument '%s' can not be used with state '%s'" %
-                    (x, state))
+
+    ansible_module.params_fail_used_invalid(invalid, state, action)
 
     if external is False:
         ansible_module.fail_json(

diff --git a/plugins/modules/ipahbacrule.py b/plugins/modules/ipahbacrule.py
@@ -247,18 +247,15 @@ def main():
 
     # Check parameters
 
+    invalid = []
+
     if state == "present":
         if len(names) != 1:
             ansible_module.fail_json(
                 msg="Only one hbacrule can be added at a time.")
         if action == "member":
             invalid = ["description", "usercategory", "hostcategory",
                        "servicecategory", "nomembers"]
-            for x in invalid:
-                if vars()[x] is not None:
-                    ansible_module.fail_json(
-                        msg="Argument '%s' can not be used with action "
-                        "'%s'" % (x, action))
         else:
             if hostcategory == 'all' and any([host, hostgroup]):
                 ansible_module.fail_json(
@@ -278,11 +275,6 @@ def main():
         if action == "hbacrule":
             invalid.extend(["host", "hostgroup", "hbacsvc", "hbacsvcgroup",
                             "user", "group"])
-        for x in invalid:
-            if vars()[x] is not None:
-                ansible_module.fail_json(
-                    msg="Argument '%s' can not be used with state '%s'" %
-                    (x, state))
 
     elif state in ["enabled", "disabled"]:
         if len(names) < 1:
@@ -294,14 +286,11 @@ def main():
         invalid = ["description", "usercategory", "hostcategory",
                    "servicecategory", "nomembers", "host", "hostgroup",
                    "hbacsvc", "hbacsvcgroup", "user", "group"]
-        for x in invalid:
-            if vars()[x] is not None:
-                ansible_module.fail_json(
-                    msg="Argument '%s' can not be used with state '%s'" %
-                    (x, state))
     else:
         ansible_module.fail_json(msg="Invalid state '%s'" % state)
 
+    ansible_module.params_fail_used_invalid(invalid, state, action)
+
     # Init
 
     changed = False

diff --git a/plugins/modules/ipahbacsvc.py b/plugins/modules/ipahbacsvc.py
@@ -127,6 +127,7 @@ def main():
 
     # Check parameters
 
+    invalid = []
     if state == "present":
         if len(names) != 1:
             ansible_module.fail_json(
@@ -137,11 +138,8 @@ def main():
             ansible_module.fail_json(
                 msg="No name given.")
         invalid = ["description"]
-        for x in invalid:
-            if vars()[x] is not None:
-                ansible_module.fail_json(
-                    msg="Argument '%s' can not be used with state '%s'" %
-                    (x, state))
+
+    ansible_module.params_fail_used_invalid(invalid, state)
 
     # Init
 

diff --git a/plugins/modules/ipahbacsvcgroup.py b/plugins/modules/ipahbacsvcgroup.py
@@ -187,17 +187,14 @@ def main():
 
     # Check parameters
 
+    invalid = []
+
     if state == "present":
         if len(names) != 1:
             ansible_module.fail_json(
                 msg="Only one hbacsvcgroup can be added at a time.")
         if action == "member":
             invalid = ["description", "nomembers"]
-            for x in invalid:
-                if vars()[x] is not None:
-                    ansible_module.fail_json(
-                        msg="Argument '%s' can not be used with action "
-                        "'%s'" % (x, action))
 
     if state == "absent":
         if len(names) < 1:
@@ -206,11 +203,8 @@ def main():
         invalid = ["description", "nomembers"]
         if action == "hbacsvcgroup":
             invalid.extend(["hbacsvc"])
-        for x in invalid:
-            if vars()[x] is not None:
-                ansible_module.fail_json(
-                    msg="Argument '%s' can not be used with state '%s'" %
-                    (x, state))
+
+    ansible_module.params_fail_used_invalid(invalid, state, action)
 
     # Init
 

diff --git a/plugins/modules/ipahost.py b/plugins/modules/ipahost.py
@@ -530,6 +530,7 @@ def check_parameters(   # pylint: disable=unused-argument
         userclass, auth_ind, requires_pre_auth, ok_as_delegate,
         ok_to_auth_as_delegate, force, reverse, ip_address, update_dns,
         update_password):
+    invalid = []
     if state == "present":
         if action == "member":
             # certificate, managedby_host, principal,
@@ -539,23 +540,13 @@ def check_parameters(   # pylint: disable=unused-argument
                        "userclass", "auth_ind", "requires_pre_auth",
                        "ok_as_delegate", "ok_to_auth_as_delegate", "force",
                        "reverse", "update_dns", "update_password"]
-            for x in invalid:
-                if vars()[x] is not None:
-                    module.fail_json(
-                        msg="Argument '%s' can not be used with action "
-                        "'%s'" % (x, action))
 
     if state == "absent":
         invalid = ["description", "locality", "location", "platform", "os",
                    "password", "random", "mac_address", "sshpubkey",
                    "userclass", "auth_ind", "requires_pre_auth",
                    "ok_as_delegate", "ok_to_auth_as_delegate", "force",
                    "reverse", "update_password"]
-        for x in invalid:
-            if vars()[x] is not None:
-                module.fail_json(
-                    msg="Argument '%s' can not be used with state '%s'" %
-                    (x, state))
         if action == "host":
             invalid = [
                 "certificate", "managedby_host", "principal",
@@ -565,11 +556,8 @@ def check_parameters(   # pylint: disable=unused-argument
                 "allow_retrieve_keytab_host",
                 "allow_retrieve_keytab_hostgroup"
             ]
-            for x in invalid:
-                if vars()[x] is not None:
-                    module.fail_json(
-                        msg="Argument '%s' can only be used with action "
-                        "'member' for state '%s'" % (x, state))
+
+    module.params_fail_used_invalid(invalid, state, action)
 
 
 # pylint: disable=unused-argument

diff --git a/plugins/modules/ipahostgroup.py b/plugins/modules/ipahostgroup.py
@@ -224,18 +224,14 @@ def main():
 
     # Check parameters
 
+    invalid = []
     if state == "present":
         if len(names) != 1:
             ansible_module.fail_json(
                 msg="Only one hostgroup can be added at a time.")
         invalid = ["rename"]
         if action == "member":
             invalid.extend(["description", "nomembers"])
-        for x in invalid:
-            if vars()[x] is not None:
-                ansible_module.fail_json(
-                    msg="Argument '%s' can not be used with action "
-                    "'%s'" % (x, action))
 
     if state == "renamed":
         if len(names) != 1:
@@ -249,11 +245,6 @@ def main():
             "description", "nomembers", "host", "hostgroup",
             "membermanager_user", "membermanager_group"
         ]
-        for x in invalid:
-            if vars()[x] is not None:
-                ansible_module.fail_json(
-                    msg="Argument '%s' can not be used with state '%s'" %
-                    (x, state))
 
     if state == "absent":
         if len(names) < 1:
@@ -262,11 +253,8 @@ def main():
         invalid = ["description", "nomembers", "rename"]
         if action == "hostgroup":
             invalid.extend(["host", "hostgroup"])
-        for x in invalid:
-            if vars()[x] is not None:
-                ansible_module.fail_json(
-                    msg="Argument '%s' can not be used with state '%s'" %
-                    (x, state))
+
+    ansible_module.params_fail_used_invalid(invalid, state, action)
 
     # Init