Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Standardize algorithm to verify if invalid argument was used. #652

Merged
merged 26 commits into from
Oct 4, 2021
Merged

Standardize algorithm to verify if invalid argument was used. #652

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
3dd9855
IPAAnsibleModule: Provide function to fail in param is invalid.
rjeffman Oct 1, 2021
23e38fa
automember: Use IPAAnsibleModule method to validate arguments.
rjeffman Oct 1, 2021
06ccc70
delegation: Use IPAAnsibleModule method to validate arguments.
rjeffman Oct 1, 2021
f343379
dnsconfig: : Use IPAAnsibleModule method to validate arguments.
rjeffman Oct 1, 2021
67282b1
dnsforwardzone: Use IPAAnsibleModule method to validate arguments.
rjeffman Oct 1, 2021
6f7b514
dnsrecord: Use IPAAnsibleModule method to validate arguments.
rjeffman Oct 1, 2021
089400d
dnszone: Use IPAAnsibleModule method to validate arguments.
rjeffman Oct 1, 2021
602f3a0
group: Use IPAAnsibleModule method to validate arguments.
rjeffman Oct 1, 2021
7564250
hbacrule: Use IPAAnsibleModule method to validate arguments.
rjeffman Oct 1, 2021
43d1a06
hbacsvc: Use IPAAnsibleModule method to validate arguments.
rjeffman Oct 1, 2021
952f62c
hbacsvcgroup: Use IPAAnsibleModule method to validate arguments.
rjeffman Oct 1, 2021
c497c8c
host: Use IPAAnsibleModule method to validate arguments.
rjeffman Oct 1, 2021
9bf2def
hostgroup: Use IPAAnsibleModule method to validate arguments.
rjeffman Oct 1, 2021
fc3f64f
location: Use IPAAnsibleModule method to validate arguments.
rjeffman Oct 1, 2021
53defc9
permission: Use IPAAnsibleModule method to validate arguments.
rjeffman Oct 1, 2021
08f9259
privilege: Use IPAAnsibleModule method to validate arguments.
rjeffman Oct 1, 2021
efa6730
pwpolicy: Use IPAAnsibleModule method to validate arguments.
rjeffman Oct 1, 2021
1ae2c1e
role: Use IPAAnsibleModule method to validate arguments.
rjeffman Oct 1, 2021
970d6c1
selfservice: Use IPAAnsibleModule method to validate arguments.
rjeffman Oct 1, 2021
f9851f0
server: Use IPAAnsibleModule method to validate arguments.
rjeffman Oct 1, 2021
81672bd
service: Use IPAAnsibleModule method to validate arguments.
rjeffman Oct 1, 2021
7f80a3f
sudocmd: Use IPAAnsibleModule method to validate arguments.
rjeffman Oct 1, 2021
14c9f30
sudocmdgroup: Use IPAAnsibleModule method to validate arguments.
rjeffman Oct 1, 2021
5a67aa7
sudorule: Use IPAAnsibleModule method to validate arguments.
rjeffman Oct 1, 2021
2ec65e9
user: Use IPAAnsibleModule method to validate arguments.
rjeffman Oct 1, 2021
0fac277
vault: Use IPAAnsibleModule method to validate arguments.
rjeffman Oct 1, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
24 changes: 24 additions & 0 deletions plugins/module_utils/ansible_freeipa_module.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -674,6 +674,30 @@ def params_get(self, name):
"""
return module_params_get(self, name)

def params_fail_used_invalid(self, invalid_params, state, action=None):
"""
Fail module execution if one of the invalid parameters is not None.

Parameters
----------
invalid_params:
List of parameters that must value 'None'.
state:
State being tested.
action:
Action being tested (optional).

"""
if action is None:
msg = "Argument '{0}' can not be used with state '{1}'"
else:
msg = "Argument '{0}' can not be used with action "\
"'{2}' and state '{1}'"

for param in invalid_params:
if self.params.get(param) is not None:
self.fail_json(msg=msg.format(param, state, action))

def ipa_command(self, command, name, args):
"""
Execute an IPA API command with a required `name` argument.
Expand Down
17 changes: 11 additions & 6 deletions plugins/modules/ipaautomember.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -245,12 +245,17 @@ def main():
rebuild_users = ansible_module.params_get("users")
rebuild_hosts = ansible_module.params_get("hosts")

if (rebuild_hosts or rebuild_users) and state != "rebuild":
ansible_module.fail_json(
msg="'hosts' and 'users' are only valid with state: rebuild")
if not automember_type and state != "rebuild":
ansible_module.fail_json(
msg="'automember_type' is required unless state: rebuild")
# Check parameters
invalid = []

if state != "rebuild":
invalid = ["rebuild_hosts", "rebuild_users"]

if not automember_type and state != "rebuild":
ansible_module.fail_json(
msg="'automember_type' is required unless state: rebuild")

ansible_module.params_fail_used_invalid(invalid, state, action)

# Init
changed = False
Expand Down
14 changes: 4 additions & 10 deletions plugins/modules/ipadelegation.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -176,29 +176,23 @@ def main():

# Check parameters

invalid = []

if state == "present":
if len(names) != 1:
ansible_module.fail_json(
msg="Only one delegation be added at a time.")
if action == "member":
invalid = ["permission", "membergroup", "group"]
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with action "
"'%s' and state '%s'" % (x, action, state))

if state == "absent":
if len(names) < 1:
ansible_module.fail_json(msg="No name given.")
invalid = ["permission", "membergroup", "group"]
if action == "delegation":
invalid.append("attribute")
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with action "
"'%s' and state '%s'" % (x, action, state))

ansible_module.params_fail_used_invalid(invalid, state, action)

if permission is not None:
perm = [p for p in permission if p not in ("read", "write")]
Expand Down
6 changes: 1 addition & 5 deletions plugins/modules/ipadnsconfig.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -196,11 +196,7 @@ def main():
if state == 'absent':
invalid = ['forward_policy', 'allow_sync_ptr']

for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with state '%s'" %
(x, state))
ansible_module.params_fail_used_invalid(invalid, state)

# Init

Expand Down
13 changes: 3 additions & 10 deletions plugins/modules/ipadnsforwardzone.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -229,6 +229,7 @@ def main():
else:
operation = "add"

invalid = []
if state in ["enabled", "disabled"]:
if action == "member":
ansible_module.fail_json(
Expand All @@ -237,22 +238,14 @@ def main():
invalid = [
"forwarders", "forwardpolicy", "skip_overlap_check", "permission"
]
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with action "
"'%s', state `%s`" % (x, action, state))
wants_enable = (state == "enabled")

if operation == "del":
invalid = [
"forwarders", "forwardpolicy", "skip_overlap_check", "permission"
]
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with action "
"'%s', state `%s`" % (x, action, state))

ansible_module.params_fail_used_invalid(invalid, state, action)

changed = False
exit_args = {}
Expand Down
6 changes: 1 addition & 5 deletions plugins/modules/ipadnsrecord.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1201,11 +1201,7 @@ def check_parameters(module, state, zone_name, record):
invalid = list(_PART_MAP.keys())
invalid.extend(['create_reverse', 'dns_ttl'])

for x in invalid:
if x in record:
module.fail_json(
msg="Variable `%s` cannot be used in state `%s`" %
(x, state))
module.params_fail_used_invalid(invalid, state)


def get_entry_from_module(module, name):
Expand Down
11 changes: 4 additions & 7 deletions plugins/modules/ipadnszone.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -429,13 +429,10 @@ def check_ipa_params(self):
self.fail_json(
msg="Either `name` or `name_from_ip` must be provided."
)
if self.ipa_params.state != "present" and self.ipa_params.name_from_ip:
self.fail_json(
msg=(
"Cannot use argument `name_from_ip` with state `%s`."
% self.ipa_params.state
)
)
if self.ipa_params.state != "present":
invalid = ["name_from_ip"]

self.params_fail_used_invalid(invalid, self.ipa_params.state)

def define_ipa_commands(self):
for zone_name in self.get_zone_names():
Expand Down
13 changes: 3 additions & 10 deletions plugins/modules/ipagroup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -314,6 +314,7 @@ def main():
state = ansible_module.params_get("state")

# Check parameters
invalid = []

if state == "present":
if len(names) != 1:
Expand All @@ -322,11 +323,6 @@ def main():
if action == "member":
invalid = ["description", "gid", "posix", "nonposix", "external",
"nomembers"]
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with action "
"'%s'" % (x, action))

if state == "absent":
if len(names) < 1:
Expand All @@ -336,11 +332,8 @@ def main():
"nomembers"]
if action == "group":
invalid.extend(["user", "group", "service", "externalmember"])
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with state '%s'" %
(x, state))

ansible_module.params_fail_used_invalid(invalid, state, action)

if external is False:
ansible_module.fail_json(
Expand Down
19 changes: 4 additions & 15 deletions plugins/modules/ipahbacrule.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -247,18 +247,15 @@ def main():

# Check parameters

invalid = []

if state == "present":
if len(names) != 1:
ansible_module.fail_json(
msg="Only one hbacrule can be added at a time.")
if action == "member":
invalid = ["description", "usercategory", "hostcategory",
"servicecategory", "nomembers"]
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with action "
"'%s'" % (x, action))
else:
if hostcategory == 'all' and any([host, hostgroup]):
ansible_module.fail_json(
Expand All @@ -278,11 +275,6 @@ def main():
if action == "hbacrule":
invalid.extend(["host", "hostgroup", "hbacsvc", "hbacsvcgroup",
"user", "group"])
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with state '%s'" %
(x, state))

elif state in ["enabled", "disabled"]:
if len(names) < 1:
Expand All @@ -294,14 +286,11 @@ def main():
invalid = ["description", "usercategory", "hostcategory",
"servicecategory", "nomembers", "host", "hostgroup",
"hbacsvc", "hbacsvcgroup", "user", "group"]
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with state '%s'" %
(x, state))
else:
ansible_module.fail_json(msg="Invalid state '%s'" % state)

ansible_module.params_fail_used_invalid(invalid, state, action)

# Init

changed = False
Expand Down
8 changes: 3 additions & 5 deletions plugins/modules/ipahbacsvc.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,7 @@ def main():

# Check parameters

invalid = []
if state == "present":
if len(names) != 1:
ansible_module.fail_json(
Expand All @@ -137,11 +138,8 @@ def main():
ansible_module.fail_json(
msg="No name given.")
invalid = ["description"]
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with state '%s'" %
(x, state))

ansible_module.params_fail_used_invalid(invalid, state)

# Init

Expand Down
14 changes: 4 additions & 10 deletions plugins/modules/ipahbacsvcgroup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,17 +187,14 @@ def main():

# Check parameters

invalid = []

if state == "present":
if len(names) != 1:
ansible_module.fail_json(
msg="Only one hbacsvcgroup can be added at a time.")
if action == "member":
invalid = ["description", "nomembers"]
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with action "
"'%s'" % (x, action))

if state == "absent":
if len(names) < 1:
Expand All @@ -206,11 +203,8 @@ def main():
invalid = ["description", "nomembers"]
if action == "hbacsvcgroup":
invalid.extend(["hbacsvc"])
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with state '%s'" %
(x, state))

ansible_module.params_fail_used_invalid(invalid, state, action)

# Init

Expand Down
18 changes: 3 additions & 15 deletions plugins/modules/ipahost.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -530,6 +530,7 @@ def check_parameters( # pylint: disable=unused-argument
userclass, auth_ind, requires_pre_auth, ok_as_delegate,
ok_to_auth_as_delegate, force, reverse, ip_address, update_dns,
update_password):
invalid = []
if state == "present":
if action == "member":
# certificate, managedby_host, principal,
Expand All @@ -539,23 +540,13 @@ def check_parameters( # pylint: disable=unused-argument
"userclass", "auth_ind", "requires_pre_auth",
"ok_as_delegate", "ok_to_auth_as_delegate", "force",
"reverse", "update_dns", "update_password"]
for x in invalid:
if vars()[x] is not None:
module.fail_json(
msg="Argument '%s' can not be used with action "
"'%s'" % (x, action))

if state == "absent":
invalid = ["description", "locality", "location", "platform", "os",
"password", "random", "mac_address", "sshpubkey",
"userclass", "auth_ind", "requires_pre_auth",
"ok_as_delegate", "ok_to_auth_as_delegate", "force",
"reverse", "update_password"]
for x in invalid:
if vars()[x] is not None:
module.fail_json(
msg="Argument '%s' can not be used with state '%s'" %
(x, state))
if action == "host":
invalid = [
"certificate", "managedby_host", "principal",
Expand All @@ -565,11 +556,8 @@ def check_parameters( # pylint: disable=unused-argument
"allow_retrieve_keytab_host",
"allow_retrieve_keytab_hostgroup"
]
for x in invalid:
if vars()[x] is not None:
module.fail_json(
msg="Argument '%s' can only be used with action "
"'member' for state '%s'" % (x, state))

module.params_fail_used_invalid(invalid, state, action)


# pylint: disable=unused-argument
Expand Down
18 changes: 3 additions & 15 deletions plugins/modules/ipahostgroup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -224,18 +224,14 @@ def main():

# Check parameters

invalid = []
if state == "present":
if len(names) != 1:
ansible_module.fail_json(
msg="Only one hostgroup can be added at a time.")
invalid = ["rename"]
if action == "member":
invalid.extend(["description", "nomembers"])
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with action "
"'%s'" % (x, action))

if state == "renamed":
if len(names) != 1:
Expand All @@ -249,11 +245,6 @@ def main():
"description", "nomembers", "host", "hostgroup",
"membermanager_user", "membermanager_group"
]
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with state '%s'" %
(x, state))

if state == "absent":
if len(names) < 1:
Expand All @@ -262,11 +253,8 @@ def main():
invalid = ["description", "nomembers", "rename"]
if action == "hostgroup":
invalid.extend(["host", "hostgroup"])
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with state '%s'" %
(x, state))

ansible_module.params_fail_used_invalid(invalid, state, action)

# Init

Expand Down