Fix handling members in ipa role.

[rjeffman]

When adding new members to a role, the existing members were removed.
The correct behavior for the "member" action is to add those members,
and substitute the existing ones. This patch fixes this behavior.

Fix #409, #411, #412, #413

[varunmylaraiah]

#411 issue fixed

Console output

Before
[root@master ~]# ipa role-show testnonexistingmember
  Role name: testnonexistingmember
  Member users: rbacuser01
  Member groups: rbacgroup01
  Member hosts: mytesthost1.ipadomain.test
  Member host-groups: hostgroup02
  Member services: HTTP/master.ipadomain.test@IPADOMAIN.TEST

[root@ansible ~]# cat rbac_role_add_nonexisting_user_as_a_member.yaml
---
- name: "Playbook to ensure not able to add nonexisting user members in role"
  hosts: ipaserver

  tasks:
  - iparole:
      ipaadmin_password: <xxxxxxxx>
      name: "test-negative-role"
      user: nouser

Error:
TASK [iparole] *****************************************************************
task path: /root/rbac_role_add_nonexisting_user_as_a_member.yaml:6
fatal: [master.ipadomain.test]: FAILED! => {"changed": false, "msg": "role_add_member: user nouser: no such entry"}

After:
[root@master ~]# ipa role-show testnonexistingmember
  Role name: testnonexistingmember
  Member users: rbacuser01
  Member groups: rbacgroup01
  Member hosts: mytesthost1.ipadomain.test
  Member host-groups: hostgroup02
  Member services: HTTP/master.ipadomain.test@IPADOMAIN.TEST

[varunmylaraiah]

#409 issue has been fixed.

Console-output:
Before:
[root@master ~]# ipa role-show Admin-role
  Role name: Admin-role
  Description: test role in IPA.
  Privileges: Group Administrators

[root@ansible ~]# cat rbac_role_update_with_additional_privileges.yaml
---
- name: "Playbook to ensure role is present with the additional privilege."
  hosts: ipaserver

  tasks:
  - iparole:
      ipaadmin_password: <xxxxxxxx>
      name: Admin-role
      privilege: 
        - "DNS Administrators"
        - "DNS Servers"
        - "Host Administrators"
      action: member

After:
[root@master ~]# ipa role-show Admin-role
  Role name: Admin-role
  Description: test role in IPA.
  Privileges: Group Administrators, Host Administrators, DNS
              Administrators, DNS Servers

[varunmylaraiah]

#412 issue has been fixed.

Console-output:
Before:
[root@master ~]# ipa role-show memberrole
  Role name: memberrole
  Member users: rbacuser02, rbacuser03, rbacuser01
  Member groups: rbacgroup02
  Member hosts: mytesthost2.ipadomain.test,
                mytesthost1.ipadomain.test,
                mytesthost3.ipadomain.test
  Member host-groups: hostgroup01, hostgroup03


[root@ansible ~]# cat rbac_role_update_with_multiple_group_member.yaml
---
- name: "Playbook to ensure additional hostgroup member is updated in the existing role."
  hosts: ipaserver

  tasks:
  - iparole:
      ipaadmin_password: <xxxxx>
      name: memberrole
      group: 
         - rbacgroup01
         - rbacgroup03
      action: member

After:
[root@master ~]# ipa role-show memberrole
  Role name: memberrole
  Member users: rbacuser02, rbacuser03, rbacuser01
  Member groups: rbacgroup02, rbacgroup01, rbacgroup03
  Member hosts: mytesthost2.ipadomain.test,
                mytesthost1.ipadomain.test,
                mytesthost3.ipadomain.test
  Member host-groups: hostgroup01, hostgroup03
  Privileges: Certificate Administrators

[varunmylaraiah]

#413 issue has been fixed.

Console-output
Before:
[root@master ~]# ipa role-show svcrole
  Role name: svcrole
  Member services: HTTP/master.ipadomain.test@IPADOMAIN.TEST,
                   dogtag/master.ipadomain.test@IPADOMAIN.TEST


[root@ansible ~]# cat test.yaml
---
- name: "Add host member to the role"
  hosts: ipaserver

  tasks:
  - iparole:
      ipaadmin_password: <xxxxxxxx>
      name: svcrole
      host: mytesthost2.ipadomain.test
      action: member

After:
[root@master ~]# ipa role-show svcrole
  Role name: svcrole
  Member hosts: mytesthost2.ipadomain.test
  Member services: HTTP/master.ipadomain.test@IPADOMAIN.TEST,
                   dogtag/master.ipadomain.test@IPADOMAIN.TEST

[varunmylaraiah]

All changes LGTM.
Thanks @rjeffman

[varunmylaraiah]

@t-woerner We can merge this PR