-
Notifications
You must be signed in to change notification settings - Fork 230
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for ldap_cache and IPA API configuration. #645
Conversation
87431e5
to
a72aed0
Compare
@@ -605,13 +616,21 @@ def ipa_connect(self, context=None): | |||
ipaadmin_principal = self.params_get("ipaadmin_principal") | |||
ipaadmin_password = self.params_get("ipaadmin_password") | |||
|
|||
# Get set of parameters to override in api.bootstrap(). | |||
_inv_override = ["ipaapi_context"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure that we should allow to pass any parameter with ipaapi_
prefix to api_connect. In my opinion it would be good to have a allowed list also.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Having this open to any ipaapi_
variable would allow modules to specify their own connection variables using a "standardized" variable name.
Neither function that will use these parameters put any limit on them, and if they are not known to the function, they are passed along, or simply ignored.
a72aed0
to
9c53329
Compare
This change adds a keyword parameter to api_connect() which can be used to configure IPA API connection, for example, controlling the use of LDAP cache, by passing 'ldap_cache' as an argument. Also, IPAAnsibleModule is modified to automatically filter all parameters of the module starting with 'ipaapi_' to be used as arguments to configure api_connect(). The argument name will have the same name as the module parameter with 'ipaapi_' stripped off.
This patch adds support for configuring IPA API connection use of LDAP cache. It adds a new variable 'ipaapi_ldap_cache' to the base module, and provides the variable documentation in its doc fragment.
This patch adds documentation for ldap_cache variable to all modules.
9c53329
to
469fef1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
FreeIPA API
bootstrap()
offers a way to override the default configurationby providing arbitrary keyword arguments.
This PR extend this behavior to ansible-freeipa modules by allowing the use
of a keyword argument (
overrides
) to the functionapi_connect()
.IPAAnsibleModule method
ipa_correct()
is modified to extract all moduleparameters starting with
ipaapi_
and creates anoverrides
set, which ispassed to
api_connect
, allowing the module user to configure the connectionto the IPA API.
The variabel
ipaapi_ldap_cache
is added to IPAAnsibleModule and isavailable in all modules.