From f28e2d0a1c949e9a83c8836940325acceff7c6b7 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Fri, 25 Feb 2022 18:09:47 +0100 Subject: [PATCH] ansible_freeipa_module.IPAAnsibleModule: New execute_query method This method enables to execute query state within IPAAnsibleModule. The parameter query_param canbe used to select the returned parameters. def execute_query(self, names, prefix, name_ipa_param, query_param, query_command, query_param_settings): """ Execute query state. Parameters ---------- names: The main items to return It names is not None and not an empty list then all items found with "item_find" are returned, else the items in names. prefix: The prefix for use with several main items The prefix is "users" for the "user" module. It is used if only the list of main items (example: users) is returned. name_ipa_param: The IPA param name of the name parameter This is for example "uid" that is used for the user name in the user module. query_param: The parameters to return The parameters that should be returned. If query_param is ["ALL"], all parameters in ipa_pram_names will be returned. query_param_settings: IPA base parameters, all and mapping The dict provides all parameters the "ALL" list and the mapping of the default module paramter name to IPA option name if it is not the same. Example: "uid" for user name of the user commands. query_command: The Query function This is a module function that returns the structure(s) from the show or find command. """ Add to DOCUMENTATION: query_param: description: The fields to query with state=query required: false state: description: State to ensure default: present choices: ["present", "absent", "query"] Add to the code: query_param_settings = { "ALL": [ "dn", "objectclass", "ipauniqueid", "ipantsecurityidentifier", "name", ... ], "BASE": [ "name", ... "disabled" ], "mapping": { "name": "uid", ... "disabled": "nsaccountock" } } def main(): ... invalid = [] if state == "present": ... else: ... if state == "query": if action == "member": module.fail_json( msg="Query is not possible with action=member") else: invalid.append("query_param") ... # Connect to IPA API with ansible_module.ipa_connect(): if state == "query": exit_args = ansible_module.execute_query( names, "users", "uid", query_param, user_find, query_param_settings) ansible_module.exit_json(changed=False, user=exit_args) # remainaing module code follows here --- .../module_utils/ansible_freeipa_module.py | 79 +++++++++++++++++++ 1 file changed, 79 insertions(+) diff --git a/plugins/module_utils/ansible_freeipa_module.py b/plugins/module_utils/ansible_freeipa_module.py index 354ed3cfaa..e405478bd3 100644 --- a/plugins/module_utils/ansible_freeipa_module.py +++ b/plugins/module_utils/ansible_freeipa_module.py @@ -1271,6 +1271,85 @@ def exception_handler(module, ex, exit_args, one_name): return changed + def execute_query(self, names, prefix, name_ipa_param, + query_param, query_command, query_param_settings): + """ + Execute query state. + + Parameters + ---------- + names: The main items to return + It names is not None and not an empty list then all items + found with "item_find" are returned, else the items in names. + prefix: The prefix for use with several main items + The prefix is "users" for the "user" module. It is used + if only the list of main items (example: users) is returned. + name_ipa_param: The IPA param name of the name parameter + This is for example "uid" that is used for the user name in + the user module. + query_param: The parameters to return + The parameters that should be returned. If query_param is + ["ALL"], all parameters in ipa_pram_names will be returned. + query_param_settings: IPA base parameters, all and mapping + The dict provides all parameters the "ALL" list and the + mapping of the default module paramter name to IPA option name + if it is not the same. + Example: "uid" for user name of the user commands. + query_command: The Query function + This is a module function that returns the structure(s) from + the show or find command. + + """ + + def store_params(exit_args, name, prefix, name_ipa_param, result, + params): + if params is None: + exit_args.setdefault(prefix, []).append( + result[name_ipa_param]) + return + for field in params: + if field not in query_param_settings["ALL"]: + self.fail_json( + msg="query_param '%s' is not supported" % field) + if "mapping" in query_param_settings and \ + field in query_param_settings["mapping"]: + ipa_field = query_param_settings["mapping"][field] + else: + ipa_field = field + + if ipa_field in result: + value = result[ipa_field] + if name is None: + exit_args[field] = value + else: + exit_args.setdefault(name, {})[field] = value + + # Create exit_args + exit_args = {} + + if query_param == ["BASE"]: + query_param = query_param_settings["BASE"] + elif query_param == ["ALL"]: + query_param = query_param_settings["ALL"] + + if names and isinstance(names, list): + with_name = len(names) > 1 + for name in names: + result = query_command(self, name) + if result: + store_params(exit_args, name if with_name else None, + prefix, name_ipa_param, result, + query_param) + else: + results = query_command(self, None) + if results is not None: + for result in results: + name = result[name_ipa_param] + store_params(exit_args, name, prefix, name_ipa_param, + result, query_param) + + return exit_args + class FreeIPABaseModule(IPAAnsibleModule): """ Base class for FreeIPA Ansible modules.