Add support for ldap_cache and IPA API configuration. #645
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rjeffman
force-pushed
the
baseclass_ldapcache
branch
from
87431e5
to
a72aed0
Compare
t-woerner
reviewed
Sep 27, 2021
t-woerner
reviewed
Sep 27, 2021
t-woerner
reviewed
Sep 27, 2021
| @@ -605,13 +616,21 @@ def ipa_connect(self, context=None): | |||
| ipaadmin_principal = self.params_get("ipaadmin_principal") | |||
| ipaadmin_password = self.params_get("ipaadmin_password") | |||
|
|
|||
| # Get set of parameters to override in api.bootstrap(). | |||
| _inv_override = ["ipaapi_context"] | |||
There was a problem hiding this comment.
I am not sure that we should allow to pass any parameter with ipaapi_ prefix to api_connect. In my opinion it would be good to have a allowed list also.
There was a problem hiding this comment.
Having this open to any ipaapi_ variable would allow modules to specify their own connection variables using a "standardized" variable name.
Neither function that will use these parameters put any limit on them, and if they are not known to the function, they are passed along, or simply ignored.
rjeffman
force-pushed
the
baseclass_ldapcache
branch
from
a72aed0
to
9c53329
Compare
This change adds a keyword parameter to api_connect() which can be used to configure IPA API connection, for example, controlling the use of LDAP cache, by passing 'ldap_cache' as an argument. Also, IPAAnsibleModule is modified to automatically filter all parameters of the module starting with 'ipaapi_' to be used as arguments to configure api_connect(). The argument name will have the same name as the module parameter with 'ipaapi_' stripped off.
This patch adds support for configuring IPA API connection use of LDAP cache. It adds a new variable 'ipaapi_ldap_cache' to the base module, and provides the variable documentation in its doc fragment.
This patch adds documentation for ldap_cache variable to all modules.
rjeffman
force-pushed
the
baseclass_ldapcache
branch
from
9c53329
to
469fef1
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
FreeIPA API
bootstrap()offers a way to override the default configurationby providing arbitrary keyword arguments.
This PR extend this behavior to ansible-freeipa modules by allowing the use
of a keyword argument (
overrides) to the functionapi_connect().IPAAnsibleModule method
ipa_correct()is modified to extract all moduleparameters starting with
ipaapi_and creates anoverridesset, which ispassed to
api_connect, allowing the module user to configure the connectionto the IPA API.
The variabel
ipaapi_ldap_cacheis added to IPAAnsibleModule and isavailable in all modules.