From 3dd9855916a520e7459e4fa25732c8879b155eb2 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 30 Sep 2021 21:05:23 -0300 Subject: [PATCH 01/26] IPAAnsibleModule: Provide function to fail in param is invalid. Almost all modules require an algorithm ta validade if the user provided arguments for the playbook are valid for the requested state and/or action. This patch provides a function that tests if any of a list of arguments were set, and fail with a standardized message, making all modules fail in the same way. --- .../module_utils/ansible_freeipa_module.py | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/plugins/module_utils/ansible_freeipa_module.py b/plugins/module_utils/ansible_freeipa_module.py index fe5268046..2dfc1d370 100644 --- a/plugins/module_utils/ansible_freeipa_module.py +++ b/plugins/module_utils/ansible_freeipa_module.py @@ -674,6 +674,30 @@ def params_get(self, name): """ return module_params_get(self, name) + def params_fail_used_invalid(self, invalid_params, state, action=None): + """ + Fail module execution if one of the invalid parameters is not None. + + Parameters + ---------- + invalid_params: + List of parameters that must value 'None'. + state: + State being tested. + action: + Action being tested (optional). + + """ + if action is None: + msg = "Argument '{0}' can not be used with state '{1}'" + else: + msg = "Argument '{0}' can not be used with action "\ + "'{2}' and state '{1}'" + + for param in invalid_params: + if self.params.get(param) is not None: + self.fail_json(msg=msg.format(param, state, action)) + def ipa_command(self, command, name, args): """ Execute an IPA API command with a required `name` argument. From 23e38fae27f9dbe79497cc8030751d0dbf194c88 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 30 Sep 2021 21:12:03 -0300 Subject: [PATCH 02/26] automember: Use IPAAnsibleModule method to validate arguments. Use the IPAAnsibleModule.params_fail_if_used method to validate arguments provided by user. --- plugins/modules/ipaautomember.py | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/plugins/modules/ipaautomember.py b/plugins/modules/ipaautomember.py index 9a93cd23c..7230ea57f 100644 --- a/plugins/modules/ipaautomember.py +++ b/plugins/modules/ipaautomember.py @@ -245,12 +245,17 @@ def main(): rebuild_users = ansible_module.params_get("users") rebuild_hosts = ansible_module.params_get("hosts") - if (rebuild_hosts or rebuild_users) and state != "rebuild": - ansible_module.fail_json( - msg="'hosts' and 'users' are only valid with state: rebuild") - if not automember_type and state != "rebuild": - ansible_module.fail_json( - msg="'automember_type' is required unless state: rebuild") + # Check parameters + invalid = [] + + if state != "rebuild": + invalid = ["rebuild_hosts", "rebuild_users"] + + if not automember_type and state != "rebuild": + ansible_module.fail_json( + msg="'automember_type' is required unless state: rebuild") + + ansible_module.params_fail_used_invalid(invalid, state, action) # Init changed = False From 06ccc70c391cb06ede626d33871ea6b8595dd49f Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 30 Sep 2021 21:12:44 -0300 Subject: [PATCH 03/26] delegation: Use IPAAnsibleModule method to validate arguments. Use the IPAAnsibleModule.params_fail_if_used method to validate arguments provided by user. --- plugins/modules/ipadelegation.py | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/plugins/modules/ipadelegation.py b/plugins/modules/ipadelegation.py index 3ebbe88c0..335930568 100644 --- a/plugins/modules/ipadelegation.py +++ b/plugins/modules/ipadelegation.py @@ -176,17 +176,14 @@ def main(): # Check parameters + invalid = [] + if state == "present": if len(names) != 1: ansible_module.fail_json( msg="Only one delegation be added at a time.") if action == "member": invalid = ["permission", "membergroup", "group"] - for x in invalid: - if vars()[x] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with action " - "'%s' and state '%s'" % (x, action, state)) if state == "absent": if len(names) < 1: @@ -194,11 +191,8 @@ def main(): invalid = ["permission", "membergroup", "group"] if action == "delegation": invalid.append("attribute") - for x in invalid: - if vars()[x] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with action " - "'%s' and state '%s'" % (x, action, state)) + + ansible_module.params_fail_used_invalid(invalid, state, action) if permission is not None: perm = [p for p in permission if p not in ("read", "write")] From f34337962d047bdc887dfabb23f2bbff2adf48a4 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 30 Sep 2021 21:13:12 -0300 Subject: [PATCH 04/26] dnsconfig: : Use IPAAnsibleModule method to validate arguments. Use the IPAAnsibleModule.params_fail_if_used method to validate arguments provided by user. --- plugins/modules/ipadnsconfig.py | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/plugins/modules/ipadnsconfig.py b/plugins/modules/ipadnsconfig.py index 843237f02..889b7ee7c 100644 --- a/plugins/modules/ipadnsconfig.py +++ b/plugins/modules/ipadnsconfig.py @@ -196,11 +196,7 @@ def main(): if state == 'absent': invalid = ['forward_policy', 'allow_sync_ptr'] - for x in invalid: - if vars()[x] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with state '%s'" % - (x, state)) + ansible_module.params_fail_used_invalid(invalid, state) # Init From 67282b1a6a06ae3562840034de1af8d1d84b83a8 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 30 Sep 2021 21:13:33 -0300 Subject: [PATCH 05/26] dnsforwardzone: Use IPAAnsibleModule method to validate arguments. Use the IPAAnsibleModule.params_fail_if_used method to validate arguments provided by user. --- plugins/modules/ipadnsforwardzone.py | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/plugins/modules/ipadnsforwardzone.py b/plugins/modules/ipadnsforwardzone.py index 492a31732..09ff09b99 100644 --- a/plugins/modules/ipadnsforwardzone.py +++ b/plugins/modules/ipadnsforwardzone.py @@ -229,6 +229,7 @@ def main(): else: operation = "add" + invalid = [] if state in ["enabled", "disabled"]: if action == "member": ansible_module.fail_json( @@ -237,22 +238,14 @@ def main(): invalid = [ "forwarders", "forwardpolicy", "skip_overlap_check", "permission" ] - for x in invalid: - if vars()[x] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with action " - "'%s', state `%s`" % (x, action, state)) wants_enable = (state == "enabled") if operation == "del": invalid = [ "forwarders", "forwardpolicy", "skip_overlap_check", "permission" ] - for x in invalid: - if vars()[x] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with action " - "'%s', state `%s`" % (x, action, state)) + + ansible_module.params_fail_used_invalid(invalid, state, action) changed = False exit_args = {} From 6f7b514e02be283b57d88120430fa2c970f94667 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 30 Sep 2021 21:13:57 -0300 Subject: [PATCH 06/26] dnsrecord: Use IPAAnsibleModule method to validate arguments. Use the IPAAnsibleModule.params_fail_if_used method to validate arguments provided by user. --- plugins/modules/ipadnsrecord.py | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/plugins/modules/ipadnsrecord.py b/plugins/modules/ipadnsrecord.py index 69b9212ab..9f8d27720 100644 --- a/plugins/modules/ipadnsrecord.py +++ b/plugins/modules/ipadnsrecord.py @@ -1201,11 +1201,7 @@ def check_parameters(module, state, zone_name, record): invalid = list(_PART_MAP.keys()) invalid.extend(['create_reverse', 'dns_ttl']) - for x in invalid: - if x in record: - module.fail_json( - msg="Variable `%s` cannot be used in state `%s`" % - (x, state)) + module.params_fail_used_invalid(invalid, state) def get_entry_from_module(module, name): From 089400dbd0ed8c7788e7fc74a93841714eeb2c6a Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 30 Sep 2021 21:14:36 -0300 Subject: [PATCH 07/26] dnszone: Use IPAAnsibleModule method to validate arguments. Use the IPAAnsibleModule.params_fail_if_used method to validate arguments provided by user. --- plugins/modules/ipadnszone.py | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/plugins/modules/ipadnszone.py b/plugins/modules/ipadnszone.py index 30ceef271..c1354d3ac 100644 --- a/plugins/modules/ipadnszone.py +++ b/plugins/modules/ipadnszone.py @@ -429,13 +429,10 @@ def check_ipa_params(self): self.fail_json( msg="Either `name` or `name_from_ip` must be provided." ) - if self.ipa_params.state != "present" and self.ipa_params.name_from_ip: - self.fail_json( - msg=( - "Cannot use argument `name_from_ip` with state `%s`." - % self.ipa_params.state - ) - ) + if self.ipa_params.state != "present": + invalid = ["name_from_ip"] + + self.params_fail_used_invalid(invalid, self.ipa_params.state) def define_ipa_commands(self): for zone_name in self.get_zone_names(): From 602f3a0ff3c71da039039323e793dfd66d1c042b Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 30 Sep 2021 21:14:57 -0300 Subject: [PATCH 08/26] group: Use IPAAnsibleModule method to validate arguments. Use the IPAAnsibleModule.params_fail_if_used method to validate arguments provided by user. --- plugins/modules/ipagroup.py | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/plugins/modules/ipagroup.py b/plugins/modules/ipagroup.py index a502f935b..2815b460d 100644 --- a/plugins/modules/ipagroup.py +++ b/plugins/modules/ipagroup.py @@ -314,6 +314,7 @@ def main(): state = ansible_module.params_get("state") # Check parameters + invalid = [] if state == "present": if len(names) != 1: @@ -322,11 +323,6 @@ def main(): if action == "member": invalid = ["description", "gid", "posix", "nonposix", "external", "nomembers"] - for x in invalid: - if vars()[x] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with action " - "'%s'" % (x, action)) if state == "absent": if len(names) < 1: @@ -336,11 +332,8 @@ def main(): "nomembers"] if action == "group": invalid.extend(["user", "group", "service", "externalmember"]) - for x in invalid: - if vars()[x] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with state '%s'" % - (x, state)) + + ansible_module.params_fail_used_invalid(invalid, state, action) if external is False: ansible_module.fail_json( From 75642506143232e6b2202b9a8c293a15f28d4b16 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 30 Sep 2021 21:15:19 -0300 Subject: [PATCH 09/26] hbacrule: Use IPAAnsibleModule method to validate arguments. Use the IPAAnsibleModule.params_fail_if_used method to validate arguments provided by user. --- plugins/modules/ipahbacrule.py | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) diff --git a/plugins/modules/ipahbacrule.py b/plugins/modules/ipahbacrule.py index 1d6a3b2fe..3547b95af 100644 --- a/plugins/modules/ipahbacrule.py +++ b/plugins/modules/ipahbacrule.py @@ -247,6 +247,8 @@ def main(): # Check parameters + invalid = [] + if state == "present": if len(names) != 1: ansible_module.fail_json( @@ -254,11 +256,6 @@ def main(): if action == "member": invalid = ["description", "usercategory", "hostcategory", "servicecategory", "nomembers"] - for x in invalid: - if vars()[x] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with action " - "'%s'" % (x, action)) else: if hostcategory == 'all' and any([host, hostgroup]): ansible_module.fail_json( @@ -278,11 +275,6 @@ def main(): if action == "hbacrule": invalid.extend(["host", "hostgroup", "hbacsvc", "hbacsvcgroup", "user", "group"]) - for x in invalid: - if vars()[x] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with state '%s'" % - (x, state)) elif state in ["enabled", "disabled"]: if len(names) < 1: @@ -294,14 +286,11 @@ def main(): invalid = ["description", "usercategory", "hostcategory", "servicecategory", "nomembers", "host", "hostgroup", "hbacsvc", "hbacsvcgroup", "user", "group"] - for x in invalid: - if vars()[x] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with state '%s'" % - (x, state)) else: ansible_module.fail_json(msg="Invalid state '%s'" % state) + ansible_module.params_fail_used_invalid(invalid, state, action) + # Init changed = False From 43d1a06b86c0dc9c28bb96feb2cfe7f48db9fb12 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 30 Sep 2021 21:15:41 -0300 Subject: [PATCH 10/26] hbacsvc: Use IPAAnsibleModule method to validate arguments. Use the IPAAnsibleModule.params_fail_if_used method to validate arguments provided by user. --- plugins/modules/ipahbacsvc.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/plugins/modules/ipahbacsvc.py b/plugins/modules/ipahbacsvc.py index 12c8476d7..30e9fddec 100644 --- a/plugins/modules/ipahbacsvc.py +++ b/plugins/modules/ipahbacsvc.py @@ -127,6 +127,7 @@ def main(): # Check parameters + invalid = [] if state == "present": if len(names) != 1: ansible_module.fail_json( @@ -137,11 +138,8 @@ def main(): ansible_module.fail_json( msg="No name given.") invalid = ["description"] - for x in invalid: - if vars()[x] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with state '%s'" % - (x, state)) + + ansible_module.params_fail_used_invalid(invalid, state) # Init From 952f62cd838f4808b367c521532186013a4b76ba Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 30 Sep 2021 21:15:55 -0300 Subject: [PATCH 11/26] hbacsvcgroup: Use IPAAnsibleModule method to validate arguments. Use the IPAAnsibleModule.params_fail_if_used method to validate arguments provided by user. --- plugins/modules/ipahbacsvcgroup.py | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/plugins/modules/ipahbacsvcgroup.py b/plugins/modules/ipahbacsvcgroup.py index 1e6e3439b..60f05d2de 100644 --- a/plugins/modules/ipahbacsvcgroup.py +++ b/plugins/modules/ipahbacsvcgroup.py @@ -187,17 +187,14 @@ def main(): # Check parameters + invalid = [] + if state == "present": if len(names) != 1: ansible_module.fail_json( msg="Only one hbacsvcgroup can be added at a time.") if action == "member": invalid = ["description", "nomembers"] - for x in invalid: - if vars()[x] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with action " - "'%s'" % (x, action)) if state == "absent": if len(names) < 1: @@ -206,11 +203,8 @@ def main(): invalid = ["description", "nomembers"] if action == "hbacsvcgroup": invalid.extend(["hbacsvc"]) - for x in invalid: - if vars()[x] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with state '%s'" % - (x, state)) + + ansible_module.params_fail_used_invalid(invalid, state, action) # Init From c497c8c4e195f658618e85bb346e49c9860aa018 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 30 Sep 2021 21:16:18 -0300 Subject: [PATCH 12/26] host: Use IPAAnsibleModule method to validate arguments. Use the IPAAnsibleModule.params_fail_if_used method to validate arguments provided by user. --- plugins/modules/ipahost.py | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) diff --git a/plugins/modules/ipahost.py b/plugins/modules/ipahost.py index 934030014..aa94ccec1 100644 --- a/plugins/modules/ipahost.py +++ b/plugins/modules/ipahost.py @@ -530,6 +530,7 @@ def check_parameters( # pylint: disable=unused-argument userclass, auth_ind, requires_pre_auth, ok_as_delegate, ok_to_auth_as_delegate, force, reverse, ip_address, update_dns, update_password): + invalid = [] if state == "present": if action == "member": # certificate, managedby_host, principal, @@ -539,11 +540,6 @@ def check_parameters( # pylint: disable=unused-argument "userclass", "auth_ind", "requires_pre_auth", "ok_as_delegate", "ok_to_auth_as_delegate", "force", "reverse", "update_dns", "update_password"] - for x in invalid: - if vars()[x] is not None: - module.fail_json( - msg="Argument '%s' can not be used with action " - "'%s'" % (x, action)) if state == "absent": invalid = ["description", "locality", "location", "platform", "os", @@ -551,11 +547,6 @@ def check_parameters( # pylint: disable=unused-argument "userclass", "auth_ind", "requires_pre_auth", "ok_as_delegate", "ok_to_auth_as_delegate", "force", "reverse", "update_password"] - for x in invalid: - if vars()[x] is not None: - module.fail_json( - msg="Argument '%s' can not be used with state '%s'" % - (x, state)) if action == "host": invalid = [ "certificate", "managedby_host", "principal", @@ -565,11 +556,8 @@ def check_parameters( # pylint: disable=unused-argument "allow_retrieve_keytab_host", "allow_retrieve_keytab_hostgroup" ] - for x in invalid: - if vars()[x] is not None: - module.fail_json( - msg="Argument '%s' can only be used with action " - "'member' for state '%s'" % (x, state)) + + module.params_fail_used_invalid(invalid, state, action) # pylint: disable=unused-argument From 9bf2def20b3bab5ce7893c676134cdb0b6ef7d41 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 30 Sep 2021 21:16:31 -0300 Subject: [PATCH 13/26] hostgroup: Use IPAAnsibleModule method to validate arguments. Use the IPAAnsibleModule.params_fail_if_used method to validate arguments provided by user. --- plugins/modules/ipahostgroup.py | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) diff --git a/plugins/modules/ipahostgroup.py b/plugins/modules/ipahostgroup.py index b2f553f73..cf9ce90c7 100644 --- a/plugins/modules/ipahostgroup.py +++ b/plugins/modules/ipahostgroup.py @@ -224,6 +224,7 @@ def main(): # Check parameters + invalid = [] if state == "present": if len(names) != 1: ansible_module.fail_json( @@ -231,11 +232,6 @@ def main(): invalid = ["rename"] if action == "member": invalid.extend(["description", "nomembers"]) - for x in invalid: - if vars()[x] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with action " - "'%s'" % (x, action)) if state == "renamed": if len(names) != 1: @@ -249,11 +245,6 @@ def main(): "description", "nomembers", "host", "hostgroup", "membermanager_user", "membermanager_group" ] - for x in invalid: - if vars()[x] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with state '%s'" % - (x, state)) if state == "absent": if len(names) < 1: @@ -262,11 +253,8 @@ def main(): invalid = ["description", "nomembers", "rename"] if action == "hostgroup": invalid.extend(["host", "hostgroup"]) - for x in invalid: - if vars()[x] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with state '%s'" % - (x, state)) + + ansible_module.params_fail_used_invalid(invalid, state, action) # Init From fc3f64f0f11db9b6cb111df02552493eb8b1bd2d Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 30 Sep 2021 21:16:50 -0300 Subject: [PATCH 14/26] location: Use IPAAnsibleModule method to validate arguments. Use the IPAAnsibleModule.params_fail_if_used method to validate arguments provided by user. --- plugins/modules/ipalocation.py | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/plugins/modules/ipalocation.py b/plugins/modules/ipalocation.py index 7f10b9445..9b017cd03 100644 --- a/plugins/modules/ipalocation.py +++ b/plugins/modules/ipalocation.py @@ -116,7 +116,7 @@ def main(): state = ansible_module.params_get("state") # Check parameters - + invalid = [] if state == "present": if len(names) != 1: ansible_module.fail_json( @@ -126,11 +126,8 @@ def main(): if len(names) < 1: ansible_module.fail_json(msg="No name given.") invalid = ["description"] - for x in invalid: - if vars()[x] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with state '%s'" % - (x, state)) + + ansible_module.params_fail_used_invalid(invalid, state) # Init From 53defc9eec4b39fff7f9295edecd7d7466a16acb Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 30 Sep 2021 21:17:15 -0300 Subject: [PATCH 15/26] permission: Use IPAAnsibleModule method to validate arguments. Use the IPAAnsibleModule.params_fail_if_used method to validate arguments provided by user. --- plugins/modules/ipapermission.py | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/plugins/modules/ipapermission.py b/plugins/modules/ipapermission.py index 657d934ff..b10161336 100644 --- a/plugins/modules/ipapermission.py +++ b/plugins/modules/ipapermission.py @@ -304,11 +304,7 @@ def main(): invalid += ["right", "attrs", "memberof", "extra_target_filter", "rawfilter"] - for x in invalid: - if vars()[x] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with action " - "'%s' and state '%s'" % (x, action, state)) + ansible_module.params_fail_used_invalid(invalid, state, action) if bindtype == "self" and ansible_module.ipa_check_version("<", "4.8.7"): ansible_module.fail_json( From 08f925929593c4f99104079fb2af4cc8d8ff904d Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 30 Sep 2021 21:17:30 -0300 Subject: [PATCH 16/26] privilege: Use IPAAnsibleModule method to validate arguments. Use the IPAAnsibleModule.params_fail_if_used method to validate arguments provided by user. --- plugins/modules/ipaprivilege.py | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/plugins/modules/ipaprivilege.py b/plugins/modules/ipaprivilege.py index 7b32468fd..82d65c362 100644 --- a/plugins/modules/ipaprivilege.py +++ b/plugins/modules/ipaprivilege.py @@ -205,11 +205,7 @@ def main(): msg="Action '%s' can not be used with state '%s'" % (action, state)) - for x in invalid: - if vars()[x] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with action " - "'%s' and state '%s'" % (x, action, state)) + ansible_module.params_fail_used_invalid(invalid, state, action) # Init From efa67303acefc9e04d18b548d5f6ff7569b56aec Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 30 Sep 2021 21:17:44 -0300 Subject: [PATCH 17/26] pwpolicy: Use IPAAnsibleModule method to validate arguments. Use the IPAAnsibleModule.params_fail_if_used method to validate arguments provided by user. --- plugins/modules/ipapwpolicy.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/plugins/modules/ipapwpolicy.py b/plugins/modules/ipapwpolicy.py index 55bedd072..6f1fd06c8 100644 --- a/plugins/modules/ipapwpolicy.py +++ b/plugins/modules/ipapwpolicy.py @@ -210,6 +210,7 @@ def main(): state = ansible_module.params_get("state") # Check parameters + invalid = [] if names is None: names = [u"global_policy"] @@ -228,11 +229,8 @@ def main(): invalid = ["maxlife", "minlife", "history", "minclasses", "minlength", "priority", "maxfail", "failinterval", "lockouttime"] - for x in invalid: - if vars()[x] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with state '%s'" % - (x, state)) + + ansible_module.params_fail_used_invalid(invalid, state) # Init From 1ae2c1eb39ac1cdfeff3d9526a344abb42860020 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 30 Sep 2021 21:18:17 -0300 Subject: [PATCH 18/26] role: Use IPAAnsibleModule method to validate arguments. Use the IPAAnsibleModule.params_fail_if_used method to validate arguments provided by user. --- plugins/modules/iparole.py | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/plugins/modules/iparole.py b/plugins/modules/iparole.py index 55b1e1e32..63d674fd5 100644 --- a/plugins/modules/iparole.py +++ b/plugins/modules/iparole.py @@ -151,11 +151,7 @@ def check_parameters(module): if action != "member": invalid.extend(['privilege']) - for arg in invalid: - if module.params_get(arg) is not None: - module.fail_json( - msg="Argument '%s' can not be used with action '%s'" % - (arg, state)) + module.params_fail_used_invalid(invalid, state, action) def member_intersect(module, attr, memberof, res_find): From 970d6c12da3e14700f456161bffbd49b48985642 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 30 Sep 2021 21:18:32 -0300 Subject: [PATCH 19/26] selfservice: Use IPAAnsibleModule method to validate arguments. Use the IPAAnsibleModule.params_fail_if_used method to validate arguments provided by user. --- plugins/modules/ipaselfservice.py | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/plugins/modules/ipaselfservice.py b/plugins/modules/ipaselfservice.py index 53bd5b3b6..7bd26aff5 100644 --- a/plugins/modules/ipaselfservice.py +++ b/plugins/modules/ipaselfservice.py @@ -158,6 +158,7 @@ def main(): state = ansible_module.params_get("state") # Check parameters + invalid = [] if state == "present": if len(names) != 1: @@ -165,11 +166,6 @@ def main(): msg="Only one selfservice be added at a time.") if action == "member": invalid = ["permission"] - for x in invalid: - if vars()[x] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with action " - "'%s' and state '%s'" % (x, action, state)) if state == "absent": if len(names) < 1: @@ -177,11 +173,8 @@ def main(): invalid = ["permission"] if action == "selfservice": invalid.append("attribute") - for x in invalid: - if vars()[x] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with action " - "'%s' and state '%s'" % (x, action, state)) + + ansible_module.params_fail_used_invalid(invalid, state, action) if permission is not None: perm = [p for p in permission if p not in ("read", "write")] From f9851f0a33dfb9365a63faa9750d42108371c339 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 30 Sep 2021 21:18:48 -0300 Subject: [PATCH 20/26] server: Use IPAAnsibleModule method to validate arguments. Use the IPAAnsibleModule.params_fail_if_used method to validate arguments provided by user. --- plugins/modules/ipaserver.py | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/plugins/modules/ipaserver.py b/plugins/modules/ipaserver.py index 38e219f4f..ac52ca18d 100644 --- a/plugins/modules/ipaserver.py +++ b/plugins/modules/ipaserver.py @@ -313,11 +313,7 @@ def main(): ansible_module.fail_json(msg="No name given.") invalid = ["location", "service_weight", "hidden", "no_members"] - for x in invalid: - if vars()[x] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with state '%s'" % - (x, state)) + ansible_module.params_fail_used_invalid(invalid, state) # Init From 81672bdf624cb72a3d5c64f822cd5c5ab5c8137e Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 30 Sep 2021 21:19:03 -0300 Subject: [PATCH 21/26] service: Use IPAAnsibleModule method to validate arguments. Use the IPAAnsibleModule.params_fail_if_used method to validate arguments provided by user. --- plugins/modules/ipaservice.py | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/plugins/modules/ipaservice.py b/plugins/modules/ipaservice.py index 29ef992bb..b69a95cb7 100644 --- a/plugins/modules/ipaservice.py +++ b/plugins/modules/ipaservice.py @@ -335,11 +335,7 @@ def check_parameters(module, state, action, names, parameters): else: module.fail_json(msg="Invalid state '%s'" % (state)) - for _invalid in invalid: - if _invalid in parameters and parameters[_invalid] is not None: - module.fail_json( - msg="Argument '%s' can not be used with state '%s', " - "action '%s'" % (_invalid, state, action)) + module.params_fail_used_invalid(invalid, state, action) def init_ansible_module(): From 7f80a3f140465a7d3555da1368b07b620651573f Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 30 Sep 2021 21:19:20 -0300 Subject: [PATCH 22/26] sudocmd: Use IPAAnsibleModule method to validate arguments. Use the IPAAnsibleModule.params_fail_if_used method to validate arguments provided by user. --- plugins/modules/ipasudocmd.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/plugins/modules/ipasudocmd.py b/plugins/modules/ipasudocmd.py index 20548ecfb..614f45b41 100644 --- a/plugins/modules/ipasudocmd.py +++ b/plugins/modules/ipasudocmd.py @@ -124,13 +124,11 @@ def main(): state = ansible_module.params_get("state") # Check parameters + invalid = [] if state == "absent": invalid = ["description"] - for x in invalid: - if vars()[x] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with state '%s'" % - (x, state)) + + ansible_module.params_fail_used_invalid(invalid, state) # Init From 14c9f308d869275ad67bd9ab4c5bfa6ac549ff0c Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 30 Sep 2021 21:19:33 -0300 Subject: [PATCH 23/26] sudocmdgroup: Use IPAAnsibleModule method to validate arguments. Use the IPAAnsibleModule.params_fail_if_used method to validate arguments provided by user. --- plugins/modules/ipasudocmdgroup.py | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/plugins/modules/ipasudocmdgroup.py b/plugins/modules/ipasudocmdgroup.py index e260b699a..42f29fb87 100644 --- a/plugins/modules/ipasudocmdgroup.py +++ b/plugins/modules/ipasudocmdgroup.py @@ -168,6 +168,7 @@ def main(): state = ansible_module.params_get("state") # Check parameters + invalid = [] if state == "present": if len(names) != 1: @@ -175,11 +176,6 @@ def main(): msg="Only one sudocmdgroup can be added at a time.") if action == "member": invalid = ["description", "nomembers"] - for x in invalid: - if vars()[x] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with action " - "'%s'" % (x, action)) if state == "absent": if len(names) < 1: @@ -188,11 +184,8 @@ def main(): invalid = ["description", "nomembers"] if action == "sudocmdgroup": invalid.extend(["sudocmd"]) - for x in invalid: - if vars()[x] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with state '%s'" % - (x, state)) + + ansible_module.params_fail_used_invalid(invalid, state, action) # Init From 5a67aa7714862955b493e4ea7fc37a5212e3027d Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 30 Sep 2021 21:19:49 -0300 Subject: [PATCH 24/26] sudorule: Use IPAAnsibleModule method to validate arguments. Use the IPAAnsibleModule.params_fail_if_used method to validate arguments provided by user. --- plugins/modules/ipasudorule.py | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) diff --git a/plugins/modules/ipasudorule.py b/plugins/modules/ipasudorule.py index a149c75ce..8d72d893b 100644 --- a/plugins/modules/ipasudorule.py +++ b/plugins/modules/ipasudorule.py @@ -311,6 +311,7 @@ def main(): state = ansible_module.params_get("state") # Check parameters + invalid = [] if state == "present": if len(names) != 1: @@ -321,11 +322,6 @@ def main(): "cmdcategory", "runasusercategory", "runasgroupcategory", "order", "nomembers"] - for arg in invalid: - if arg in vars() and vars()[arg] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with action " - "'%s'" % (arg, action)) else: if hostcategory == 'all' and any([host, hostgroup]): ansible_module.fail_json( @@ -349,11 +345,6 @@ def main(): "runasuser", "runasgroup", "allow_sudocmd", "allow_sudocmdgroup", "deny_sudocmd", "deny_sudocmdgroup", "sudooption"]) - for arg in invalid: - if vars()[arg] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with state '%s'" % - (arg, state)) elif state in ["enabled", "disabled"]: if len(names) < 1: @@ -368,14 +359,11 @@ def main(): "user", "group", "allow_sudocmd", "allow_sudocmdgroup", "deny_sudocmd", "deny_sudocmdgroup", "runasuser", "runasgroup", "order", "sudooption"] - for arg in invalid: - if vars()[arg] is not None: - ansible_module.fail_json( - msg="Argument '%s' can not be used with state '%s'" % - (arg, state)) else: ansible_module.fail_json(msg="Invalid state '%s'" % state) + ansible_module.params_fail_used_invalid(invalid, state, action) + # Init changed = False From 2ec65e91dff432f37137f43610cd226ff5f316cf Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 30 Sep 2021 21:20:13 -0300 Subject: [PATCH 25/26] user: Use IPAAnsibleModule method to validate arguments. Use the IPAAnsibleModule.params_fail_if_used method to validate arguments provided by user. --- plugins/modules/ipauser.py | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/plugins/modules/ipauser.py b/plugins/modules/ipauser.py index 1ffee4480..f88e8d8fc 100644 --- a/plugins/modules/ipauser.py +++ b/plugins/modules/ipauser.py @@ -597,6 +597,7 @@ def check_parameters( # pylint: disable=unused-argument userauthtype, userclass, radius, radiususer, departmentnumber, employeenumber, employeetype, preferredlanguage, certificate, certmapdata, noprivate, nomembers, preserve, update_password): + invalid = [] if state == "present": if action == "member": invalid = ["first", "last", "fullname", "displayname", "initials", @@ -608,11 +609,6 @@ def check_parameters( # pylint: disable=unused-argument "departmentnumber", "employeenumber", "employeetype", "preferredlanguage", "noprivate", "nomembers", "preserve", "update_password"] - for x in invalid: - if vars()[x] is not None: - module.fail_json( - msg="Argument '%s' can not be used with action " - "'%s'" % (x, action)) else: invalid = ["first", "last", "fullname", "displayname", "initials", @@ -628,16 +624,13 @@ def check_parameters( # pylint: disable=unused-argument invalid.extend(["principal", "manager", "certificate", "certmapdata", ]) - for x in invalid: - if vars()[x] is not None: - module.fail_json( - msg="Argument '%s' can not be used with state '%s'" % - (x, state)) if state != "absent" and preserve is not None: module.fail_json( msg="Preserve is only possible for state=absent") + module.params_fail_used_invalid(invalid, state, action) + if certmapdata is not None: for x in certmapdata: certificate = x.get("certificate") From 0fac277ec8e04c25a039b2302df3aa85601aa71a Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Thu, 30 Sep 2021 21:20:25 -0300 Subject: [PATCH 26/26] vault: Use IPAAnsibleModule method to validate arguments. Use the IPAAnsibleModule.params_fail_if_used method to validate arguments provided by user. --- plugins/modules/ipavault.py | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/plugins/modules/ipavault.py b/plugins/modules/ipavault.py index abd5eddff..0274b705f 100644 --- a/plugins/modules/ipavault.py +++ b/plugins/modules/ipavault.py @@ -483,11 +483,7 @@ def check_parameters( # pylint: disable=unused-argument module.fail_json( msg="State `retrieved` do not support action `member`.") - for arg in invalid: - if vars()[arg] is not None: - module.fail_json( - msg="Argument '%s' can not be used with state '%s', " - "action '%s'" % (arg, state, action)) + module.params_fail_used_invalid(invalid, state, action) def check_encryption_params( # pylint: disable=unused-argument