From 4a73390823bfe0f1bc6c1a548bb77e9af07e4673 Mon Sep 17 00:00:00 2001 From: Abhijeet Kasurde Date: Fri, 8 Sep 2017 00:37:15 +0530 Subject: [PATCH] shared argument spec for FreeIPA (#28950) Adds unified argument spec and documentation updates for FreeIPA modules. Signed-off-by: Abhijeet Kasurde --- lib/ansible/module_utils/ipa.py | 11 +++ .../modules/identity/ipa/ipa_dnsrecord.py | 57 +++--------- lib/ansible/modules/identity/ipa/ipa_group.py | 66 ++++---------- .../modules/identity/ipa/ipa_hbacrule.py | 83 +++++------------ lib/ansible/modules/identity/ipa/ipa_host.py | 74 ++++----------- .../modules/identity/ipa/ipa_hostgroup.py | 60 +++---------- lib/ansible/modules/identity/ipa/ipa_role.py | 70 ++++----------- .../modules/identity/ipa/ipa_sudocmd.py | 54 ++--------- .../modules/identity/ipa/ipa_sudocmdgroup.py | 56 +++--------- .../modules/identity/ipa/ipa_sudorule.py | 89 +++++-------------- lib/ansible/modules/identity/ipa/ipa_user.py | 81 ++++------------- .../utils/module_docs_fragments/ipa.py | 33 +++++++ 12 files changed, 197 insertions(+), 537 deletions(-) create mode 100644 lib/ansible/utils/module_docs_fragments/ipa.py diff --git a/lib/ansible/module_utils/ipa.py b/lib/ansible/module_utils/ipa.py index ab5ffa9f78..b03ddc16e4 100644 --- a/lib/ansible/module_utils/ipa.py +++ b/lib/ansible/module_utils/ipa.py @@ -155,3 +155,14 @@ class IPAClient(object): add_method(name=name, item=diff) return changed + + +def ipa_argument_spec(): + return dict( + ipa_prot=dict(type='str', default='https', choices=['http', 'https']), + ipa_host=dict(type='str', default='ipa.example.com'), + ipa_port=dict(type='int', default=443), + ipa_user=dict(type='str', default='admin'), + ipa_pass=dict(type='str', required=True, no_log=True), + validate_certs=dict(type='bool', default=True), + ) diff --git a/lib/ansible/modules/identity/ipa/ipa_dnsrecord.py b/lib/ansible/modules/identity/ipa/ipa_dnsrecord.py index 102a433af3..2633f439f2 100644 --- a/lib/ansible/modules/identity/ipa/ipa_dnsrecord.py +++ b/lib/ansible/modules/identity/ipa/ipa_dnsrecord.py @@ -46,33 +46,7 @@ options: required: false default: present choices: ["present", "absent"] - ipa_port: - description: Port of IPA server - required: false - default: 443 - ipa_host: - description: IP or hostname of IPA server - required: false - default: ipa.example.com - ipa_user: - description: Administrative account used on IPA server - required: false - default: admin - ipa_pass: - description: Password of administrative user - required: true - ipa_prot: - description: Protocol used by IPA server - required: false - default: https - choices: ["http", "https"] - validate_certs: - description: - - This only applies if C(ipa_prot) is I(https). - - If set to C(no), the SSL certificates will not be validated. - - This should only set to C(no) used on personally controlled sites using self-signed certificates. - required: false - default: true +extends_documentation_fragment: ipa.documentation version_added: "2.4" ''' @@ -119,7 +93,7 @@ dnsrecord: import traceback from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.ipa import IPAClient +from ansible.module_utils.ipa import IPAClient, ipa_argument_spec from ansible.module_utils._text import to_native @@ -206,22 +180,17 @@ def ensure(module, client): def main(): record_types = ['A', 'AAAA', 'PTR'] - module = AnsibleModule( - argument_spec=dict( - zone_name=dict(type='str', required=True), - record_name=dict(type='str', required=True, aliases=['name']), - record_type=dict(type='str', required=False, default='A', choices=record_types), - record_value=dict(type='str', required=True), - state=dict(type='str', required=False, default='present', choices=['present', 'absent']), - ipa_prot=dict(type='str', required=False, default='https', choices=['http', 'https']), - ipa_host=dict(type='str', required=False, default='ipa.example.com'), - ipa_port=dict(type='int', required=False, default=443), - ipa_user=dict(type='str', required=False, default='admin'), - ipa_pass=dict(type='str', required=True, no_log=True), - validate_certs=dict(type='bool', required=False, default=True), - ), - supports_check_mode=True, - ) + argument_spec = ipa_argument_spec() + argument_spec.update(zone_name=dict(type='str', required=True), + record_name=dict(type='str', aliases=['name'], required=True), + record_type=dict(type='str', default='A', choices=record_types), + record_value=dict(type='str', required=True), + state=dict(type='str', default='present', choices=['present', 'absent']), + ) + + module = AnsibleModule(argument_spec=argument_spec, + supports_check_mode=True + ) client = DNSRecordIPAClient(module=module, host=module.params['ipa_host'], diff --git a/lib/ansible/modules/identity/ipa/ipa_group.py b/lib/ansible/modules/identity/ipa/ipa_group.py index 6d1b65cf7f..0e21c71164 100644 --- a/lib/ansible/modules/identity/ipa/ipa_group.py +++ b/lib/ansible/modules/identity/ipa/ipa_group.py @@ -27,11 +27,9 @@ options: external: description: - Allow adding external non-IPA members from trusted domains. - required: false gidnumber: description: - GID (use this option to set it manually). - required: false group: description: - List of group names assigned to this group. @@ -41,7 +39,6 @@ options: nonposix: description: - Create as a non-POSIX group. - required: false user: description: - List of user names assigned to this group. @@ -51,36 +48,9 @@ options: state: description: - State to ensure - required: false default: "present" choices: ["present", "absent"] - ipa_port: - description: Port of IPA server - required: false - default: 443 - ipa_host: - description: IP or hostname of IPA server - required: false - default: "ipa.example.com" - ipa_user: - description: Administrative account used on IPA server - required: false - default: "admin" - ipa_pass: - description: Password of administrative user - required: true - ipa_prot: - description: Protocol used by IPA server - required: false - default: "https" - choices: ["http", "https"] - validate_certs: - description: - - This only applies if C(ipa_prot) is I(https). - - If set to C(no), the SSL certificates will not be validated. - - This should only set to C(no) used on personally controlled sites using self-signed certificates. - required: false - default: true +extends_documentation_fragment: ipa.documentation version_added: "2.3" ''' @@ -133,7 +103,7 @@ group: import traceback from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.ipa import IPAClient +from ansible.module_utils.ipa import IPAClient, ipa_argument_spec from ansible.module_utils._text import to_native @@ -247,25 +217,19 @@ def ensure(module, client): def main(): - module = AnsibleModule( - argument_spec=dict( - cn=dict(type='str', required=True, aliases=['name']), - description=dict(type='str', required=False), - external=dict(type='bool', required=False), - gidnumber=dict(type='str', required=False, aliases=['gid']), - group=dict(type='list', required=False), - nonposix=dict(type='bool', required=False), - state=dict(type='str', required=False, default='present', choices=['present', 'absent']), - user=dict(type='list', required=False), - ipa_prot=dict(type='str', required=False, default='https', choices=['http', 'https']), - ipa_host=dict(type='str', required=False, default='ipa.example.com'), - ipa_port=dict(type='int', required=False, default=443), - ipa_user=dict(type='str', required=False, default='admin'), - ipa_pass=dict(type='str', required=True, no_log=True), - validate_certs=dict(type='bool', required=False, default=True), - ), - supports_check_mode=True, - ) + argument_spec = ipa_argument_spec() + argument_spec.update(cn=dict(type='str', required=True, aliases=['name']), + description=dict(type='str'), + external=dict(type='bool'), + gidnumber=dict(type='str', aliases=['gid']), + group=dict(type='list'), + nonposix=dict(type='bool'), + state=dict(type='str', default='present', choices=['present', 'absent']), + user=dict(type='list')) + + module = AnsibleModule(argument_spec=argument_spec, + supports_check_mode=True, + ) client = GroupIPAClient(module=module, host=module.params['ipa_host'], diff --git a/lib/ansible/modules/identity/ipa/ipa_hbacrule.py b/lib/ansible/modules/identity/ipa/ipa_hbacrule.py index f4c97687cc..6ddc4f7959 100644 --- a/lib/ansible/modules/identity/ipa/ipa_hbacrule.py +++ b/lib/ansible/modules/identity/ipa/ipa_hbacrule.py @@ -27,7 +27,6 @@ options: aliases: ["name"] description: description: Description - required: false host: description: - List of host names to assign. @@ -36,7 +35,6 @@ options: required: false hostcategory: description: Host category - required: false choices: ['all'] hostgroup: description: @@ -50,7 +48,6 @@ options: - If option is omitted services will not be checked or changed. servicecategory: description: Service category - required: false choices: ['all'] servicegroup: description: @@ -64,7 +61,6 @@ options: - If option is omitted source hosts will not be checked or changed. sourcehostcategory: description: Source host category - required: false choices: ['all'] sourcehostgroup: description: @@ -73,7 +69,6 @@ options: - If option is omitted source host groups will not be checked or changed. state: description: State to ensure - required: false default: "present" choices: ["present", "absent", "enabled", "disabled"] user: @@ -83,40 +78,13 @@ options: - If option is omitted users will not be checked or changed. usercategory: description: User category - required: false choices: ['all'] usergroup: description: - List of user group names to assign. - If an empty list if passed all assigned user groups will be removed from the rule. - If option is omitted user groups will not be checked or changed. - ipa_port: - description: Port of IPA server - required: false - default: 443 - ipa_host: - description: IP or hostname of IPA server - required: false - default: "ipa.example.com" - ipa_user: - description: Administrative account used on IPA server - required: false - default: "admin" - ipa_pass: - description: Password of administrative user - required: true - ipa_prot: - description: Protocol used by IPA server - required: false - default: "https" - choices: ["http", "https"] - validate_certs: - description: - - This only applies if C(ipa_prot) is I(https). - - If set to C(no), the SSL certificates will not be validated. - - This should only set to C(no) used on personally controlled sites using self-signed certificates. - required: false - default: true +extends_documentation_fragment: ipa.documentation version_added: "2.3" ''' @@ -165,7 +133,7 @@ hbacrule: import traceback from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.ipa import IPAClient +from ansible.module_utils.ipa import IPAClient, ipa_argument_spec from ansible.module_utils._text import to_native @@ -329,33 +297,26 @@ def ensure(module, client): def main(): - module = AnsibleModule( - argument_spec=dict( - cn=dict(type='str', required=True, aliases=['name']), - description=dict(type='str', required=False), - host=dict(type='list', required=False), - hostcategory=dict(type='str', required=False, choices=['all']), - hostgroup=dict(type='list', required=False), - service=dict(type='list', required=False), - servicecategory=dict(type='str', required=False, choices=['all']), - servicegroup=dict(type='list', required=False), - sourcehost=dict(type='list', required=False), - sourcehostcategory=dict(type='str', required=False, choices=['all']), - sourcehostgroup=dict(type='list', required=False), - state=dict(type='str', required=False, default='present', - choices=['present', 'absent', 'enabled', 'disabled']), - user=dict(type='list', required=False), - usercategory=dict(type='str', required=False, choices=['all']), - usergroup=dict(type='list', required=False), - ipa_prot=dict(type='str', required=False, default='https', choices=['http', 'https']), - ipa_host=dict(type='str', required=False, default='ipa.example.com'), - ipa_port=dict(type='int', required=False, default=443), - ipa_user=dict(type='str', required=False, default='admin'), - ipa_pass=dict(type='str', required=True, no_log=True), - validate_certs=dict(type='bool', required=False, default=True), - ), - supports_check_mode=True, - ) + argument_spec = ipa_argument_spec() + argument_spec.update(cn=dict(type='str', required=True, aliases=['name']), + description=dict(type='str'), + host=dict(type='list'), + hostcategory=dict(type='str', choices=['all']), + hostgroup=dict(type='list'), + service=dict(type='list'), + servicecategory=dict(type='str', choices=['all']), + servicegroup=dict(type='list'), + sourcehost=dict(type='list'), + sourcehostcategory=dict(type='str', choices=['all']), + sourcehostgroup=dict(type='list'), + state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']), + user=dict(type='list'), + usercategory=dict(type='str', choices=['all']), + usergroup=dict(type='list')) + + module = AnsibleModule(argument_spec=argument_spec, + supports_check_mode=True + ) client = HBACRuleIPAClient(module=module, host=module.params['ipa_host'], diff --git a/lib/ansible/modules/identity/ipa/ipa_host.py b/lib/ansible/modules/identity/ipa/ipa_host.py index dbf92f2841..d3903e9d9b 100644 --- a/lib/ansible/modules/identity/ipa/ipa_host.py +++ b/lib/ansible/modules/identity/ipa/ipa_host.py @@ -28,7 +28,6 @@ options: description: description: - A description of this host. - required: false force: description: - Force host name even if not in DNS. @@ -36,29 +35,24 @@ options: ip_address: description: - Add the host to DNS with this IP address. - required: false mac_address: description: - List of Hardware MAC address(es) off this host. - If option is omitted MAC addresses will not be checked or changed. - If an empty list is passed all assigned MAC addresses will be removed. - MAC addresses that are already assigned but not passed will be removed. - required: false aliases: ["macaddress"] ns_host_location: description: - Host location (e.g. "Lab 2") - required: false aliases: ["nshostlocation"] ns_hardware_platform: description: - Host hardware platform (e.g. "Lenovo T61") - required: false aliases: ["nshardwareplatform"] ns_os_version: description: - Host operating system and version (e.g. "Fedora 9") - required: false aliases: ["nsosversion"] user_certificate: description: @@ -66,40 +60,12 @@ options: - If option is omitted certificates will not be checked or changed. - If an empty list is passed all assigned certificates will be removed. - Certificates already assigned but not passed will be removed. - required: false aliases: ["usercertificate"] state: description: State to ensure - required: false default: present choices: ["present", "absent", "disabled"] - ipa_port: - description: Port of IPA server - required: false - default: 443 - ipa_host: - description: IP or hostname of IPA server - required: false - default: ipa.example.com - ipa_user: - description: Administrative account used on IPA server - required: false - default: admin - ipa_pass: - description: Password of administrative user - required: true - ipa_prot: - description: Protocol used by IPA server - required: false - default: https - choices: ["http", "https"] - validate_certs: - description: - - This only applies if C(ipa_prot) is I(https). - - If set to C(no), the SSL certificates will not be validated. - - This should only set to C(no) used on personally controlled sites using self-signed certificates. - required: false - default: true +extends_documentation_fragment: ipa.documentation version_added: "2.3" ''' @@ -159,7 +125,7 @@ host_diff: import traceback from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.ipa import IPAClient +from ansible.module_utils.ipa import IPAClient, ipa_argument_spec from ansible.module_utils._text import to_native @@ -252,28 +218,20 @@ def ensure(module, client): def main(): - module = AnsibleModule( - argument_spec=dict( - description=dict(type='str', required=False), - fqdn=dict(type='str', required=True, aliases=['name']), - force=dict(type='bool', required=False), - ip_address=dict(type='str', required=False), - ns_host_location=dict(type='str', required=False, aliases=['nshostlocation']), - ns_hardware_platform=dict(type='str', required=False, aliases=['nshardwareplatform']), - ns_os_version=dict(type='str', required=False, aliases=['nsosversion']), - user_certificate=dict(type='list', required=False, aliases=['usercertificate']), - mac_address=dict(type='list', required=False, aliases=['macaddress']), - state=dict(type='str', required=False, default='present', - choices=['present', 'absent', 'enabled', 'disabled']), - ipa_prot=dict(type='str', required=False, default='https', choices=['http', 'https']), - ipa_host=dict(type='str', required=False, default='ipa.example.com'), - ipa_port=dict(type='int', required=False, default=443), - ipa_user=dict(type='str', required=False, default='admin'), - ipa_pass=dict(type='str', required=True, no_log=True), - validate_certs=dict(type='bool', required=False, default=True), - ), - supports_check_mode=True, - ) + argument_spec = ipa_argument_spec() + argument_spec.update(description=dict(type='str'), + fqdn=dict(type='str', required=True, aliases=['name']), + force=dict(type='bool'), + ip_address=dict(type='str'), + ns_host_location=dict(type='str', aliases=['nshostlocation']), + ns_hardware_platform=dict(type='str', aliases=['nshardwareplatform']), + ns_os_version=dict(type='str', aliases=['nsosversion']), + user_certificate=dict(type='list', aliases=['usercertificate']), + mac_address=dict(type='list', aliases=['macaddress']), + state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled'])) + + module = AnsibleModule(argument_spec=argument_spec, + supports_check_mode=True) client = HostIPAClient(module=module, host=module.params['ipa_host'], diff --git a/lib/ansible/modules/identity/ipa/ipa_hostgroup.py b/lib/ansible/modules/identity/ipa/ipa_hostgroup.py index 7fca88cf0d..b60bbc9285 100644 --- a/lib/ansible/modules/identity/ipa/ipa_hostgroup.py +++ b/lib/ansible/modules/identity/ipa/ipa_hostgroup.py @@ -28,54 +28,24 @@ options: description: description: - Description - required: false host: description: - List of hosts that belong to the host-group. - If an empty list is passed all hosts will be removed from the group. - If option is omitted hosts will not be checked or changed. - If option is passed all assigned hosts that are not passed will be unassigned from the group. - required: false hostgroup: description: - List of host-groups than belong to that host-group. - If an empty list is passed all host-groups will be removed from the group. - If option is omitted host-groups will not be checked or changed. - If option is passed all assigned hostgroups that are not passed will be unassigned from the group. - required: false state: description: - State to ensure. - required: false default: "present" choices: ["present", "absent"] - ipa_port: - description: Port of IPA server - required: false - default: 443 - ipa_host: - description: IP or hostname of IPA server - required: false - default: "ipa.example.com" - ipa_user: - description: Administrative account used on IPA server - required: false - default: "admin" - ipa_pass: - description: Password of administrative user - required: true - ipa_prot: - description: Protocol used by IPA server - required: false - default: "https" - choices: ["http", "https"] - validate_certs: - description: - - This only applies if C(ipa_prot) is I(https). - - If set to C(no), the SSL certificates will not be validated. - - This should only set to C(no) used on personally controlled sites using self-signed certificates. - required: false - default: true +extends_documentation_fragment: ipa.documentation version_added: "2.3" ''' @@ -112,7 +82,7 @@ hostgroup: import traceback from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.ipa import IPAClient +from ansible.module_utils.ipa import IPAClient, ipa_argument_spec from ansible.module_utils._text import to_native @@ -207,23 +177,15 @@ def ensure(module, client): def main(): - module = AnsibleModule( - argument_spec=dict( - cn=dict(type='str', required=True, aliases=['name']), - description=dict(type='str', required=False), - host=dict(type='list', required=False), - hostgroup=dict(type='list', required=False), - state=dict(type='str', required=False, default='present', - choices=['present', 'absent', 'enabled', 'disabled']), - ipa_prot=dict(type='str', required=False, default='https', choices=['http', 'https']), - ipa_host=dict(type='str', required=False, default='ipa.example.com'), - ipa_port=dict(type='int', required=False, default=443), - ipa_user=dict(type='str', required=False, default='admin'), - ipa_pass=dict(type='str', required=True, no_log=True), - validate_certs=dict(type='bool', required=False, default=True), - ), - supports_check_mode=True, - ) + argument_spec = ipa_argument_spec() + argument_spec.update(cn=dict(type='str', required=True, aliases=['name']), + description=dict(type='str'), + host=dict(type='list'), + hostgroup=dict(type='list'), + state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled'])) + + module = AnsibleModule(argument_spec=argument_spec, + supports_check_mode=True) client = HostGroupIPAClient(module=module, host=module.params['ipa_host'], diff --git a/lib/ansible/modules/identity/ipa/ipa_role.py b/lib/ansible/modules/identity/ipa/ipa_role.py index 820749cfec..053492af9c 100644 --- a/lib/ansible/modules/identity/ipa/ipa_role.py +++ b/lib/ansible/modules/identity/ipa/ipa_role.py @@ -28,7 +28,6 @@ options: description: description: - A description of this role-group. - required: false group: description: - List of group names assign to this role. @@ -41,21 +40,18 @@ options: - If an empty list is passed all assigned hosts will be unassigned from the role. - If option is omitted hosts will not be checked or changed. - If option is passed all assigned hosts that are not passed will be unassigned from the role. - required: false hostgroup: description: - List of host group names to assign. - If an empty list is passed all assigned host groups will be removed from the role. - If option is omitted host groups will not be checked or changed. - If option is passed all assigned hostgroups that are not passed will be unassigned from the role. - required: false privilege: description: - List of privileges granted to the role. - If an empty list is passed all assigned privileges will be removed. - If option is omitted privileges will not be checked or changed. - If option is passed all assigned privileges that are not passed will be removed. - required: false default: None version_added: "2.4" service: @@ -64,10 +60,8 @@ options: - If an empty list is passed all assigned services will be removed from the role. - If option is omitted services will not be checked or changed. - If option is passed all assigned services that are not passed will be removed from the role. - required: false state: description: State to ensure - required: false default: "present" choices: ["present", "absent"] user: @@ -75,34 +69,7 @@ options: - List of user names to assign. - If an empty list is passed all assigned users will be removed from the role. - If option is omitted users will not be checked or changed. - required: false - ipa_port: - description: Port of IPA server - required: false - default: 443 - ipa_host: - description: IP or hostname of IPA server - required: false - default: "ipa.example.com" - ipa_user: - description: Administrative account used on IPA server - required: false - default: "admin" - ipa_pass: - description: Password of administrative user - required: true - ipa_prot: - description: Protocol used by IPA server - required: false - default: "https" - choices: ["http", "https"] - validate_certs: - description: - - This only applies if C(ipa_prot) is I(https). - - If set to C(no), the SSL certificates will not be validated. - - This should only set to C(no) used on personally controlled sites using self-signed certificates. - required: false - default: true +extends_documentation_fragment: ipa.documentation version_added: "2.3" ''' @@ -154,7 +121,7 @@ role: import traceback from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.ipa import IPAClient +from ansible.module_utils.ipa import IPAClient, ipa_argument_spec from ansible.module_utils._text import to_native @@ -294,26 +261,19 @@ def ensure(module, client): def main(): - module = AnsibleModule( - argument_spec=dict( - cn=dict(type='str', required=True, aliases=['name']), - description=dict(type='str', required=False), - group=dict(type='list', required=False), - host=dict(type='list', required=False), - hostgroup=dict(type='list', required=False), - privilege=dict(type='list', required=False), - service=dict(type='list', required=False), - state=dict(type='str', required=False, default='present', choices=['present', 'absent']), - user=dict(type='list', required=False), - ipa_prot=dict(type='str', required=False, default='https', choices=['http', 'https']), - ipa_host=dict(type='str', required=False, default='ipa.example.com'), - ipa_port=dict(type='int', required=False, default=443), - ipa_user=dict(type='str', required=False, default='admin'), - ipa_pass=dict(type='str', required=True, no_log=True), - validate_certs=dict(type='bool', required=False, default=True), - ), - supports_check_mode=True, - ) + argument_spec = ipa_argument_spec() + argument_spec.update(cn=dict(type='str', required=True, aliases=['name']), + description=dict(type='str'), + group=dict(type='list'), + host=dict(type='list'), + hostgroup=dict(type='list'), + privilege=dict(type='list'), + service=dict(type='list'), + state=dict(type='str', default='present', choices=['present', 'absent']), + user=dict(type='list')) + + module = AnsibleModule(argument_spec=argument_spec, + supports_check_mode=True) client = RoleIPAClient(module=module, host=module.params['ipa_host'], diff --git a/lib/ansible/modules/identity/ipa/ipa_sudocmd.py b/lib/ansible/modules/identity/ipa/ipa_sudocmd.py index 84f3d4e588..859d323a2f 100644 --- a/lib/ansible/modules/identity/ipa/ipa_sudocmd.py +++ b/lib/ansible/modules/identity/ipa/ipa_sudocmd.py @@ -27,39 +27,11 @@ options: description: description: - A description of this command. - required: false state: description: State to ensure - required: false default: present choices: ['present', 'absent'] - ipa_port: - description: Port of IPA server - required: false - default: 443 - ipa_host: - description: IP or hostname of IPA server - required: false - default: "ipa.example.com" - ipa_user: - description: Administrative account used on IPA server - required: false - default: "admin" - ipa_pass: - description: Password of administrative user - required: true - ipa_prot: - description: Protocol used by IPA server - required: false - default: "https" - choices: ["http", "https"] - validate_certs: - description: - - This only applies if C(ipa_prot) is I(https). - - If set to C(no), the SSL certificates will not be validated. - - This should only set to C(no) used on personally controlled sites using self-signed certificates. - required: false - default: true +extends_documentation_fragment: ipa.documentation version_added: "2.3" ''' @@ -91,7 +63,7 @@ sudocmd: import traceback from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.ipa import IPAClient +from ansible.module_utils.ipa import IPAClient, ipa_argument_spec from ansible.module_utils._text import to_native @@ -155,21 +127,13 @@ def ensure(module, client): def main(): - module = AnsibleModule( - argument_spec=dict( - description=dict(type='str', required=False), - state=dict(type='str', required=False, default='present', - choices=['present', 'absent', 'enabled', 'disabled']), - sudocmd=dict(type='str', required=True, aliases=['name']), - ipa_prot=dict(type='str', required=False, default='https', choices=['http', 'https']), - ipa_host=dict(type='str', required=False, default='ipa.example.com'), - ipa_port=dict(type='int', required=False, default=443), - ipa_user=dict(type='str', required=False, default='admin'), - ipa_pass=dict(type='str', required=True, no_log=True), - validate_certs=dict(type='bool', required=False, default=True), - ), - supports_check_mode=True, - ) + argument_spec = ipa_argument_spec() + argument_spec.update(description=dict(type='str'), + state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']), + sudocmd=dict(type='str', required=True, aliases=['name'])) + + module = AnsibleModule(argument_spec=argument_spec, + supports_check_mode=True) client = SudoCmdIPAClient(module=module, host=module.params['ipa_host'], diff --git a/lib/ansible/modules/identity/ipa/ipa_sudocmdgroup.py b/lib/ansible/modules/identity/ipa/ipa_sudocmdgroup.py index ac05c162c4..12af2642c5 100644 --- a/lib/ansible/modules/identity/ipa/ipa_sudocmdgroup.py +++ b/lib/ansible/modules/identity/ipa/ipa_sudocmdgroup.py @@ -29,7 +29,6 @@ options: - Group description. state: description: State to ensure - required: false default: present choices: ['present', 'absent'] sudocmd: @@ -37,34 +36,7 @@ options: - List of sudo commands to assign to the group. - If an empty list is passed all assigned commands will be removed from the group. - If option is omitted sudo commands will not be checked or changed. - required: false - ipa_port: - description: Port of IPA server - required: false - default: 443 - ipa_host: - description: IP or hostname of IPA server - required: false - default: "ipa.example.com" - ipa_user: - description: Administrative account used on IPA server - required: false - default: "admin" - ipa_pass: - description: Password of administrative user - required: true - ipa_prot: - description: Protocol used by IPA server - required: false - default: "https" - choices: ["http", "https"] - validate_certs: - description: - - This only applies if C(ipa_prot) is I(https). - - If set to C(no), the SSL certificates will not be validated. - - This should only set to C(no) used on personally controlled sites using self-signed certificates. - required: false - default: true +extends_documentation_fragment: ipa.documentation version_added: "2.3" ''' @@ -98,7 +70,7 @@ sudocmdgroup: import traceback from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.ipa import IPAClient +from ansible.module_utils.ipa import IPAClient, ipa_argument_spec from ansible.module_utils._text import to_native @@ -180,22 +152,14 @@ def ensure(module, client): def main(): - module = AnsibleModule( - argument_spec=dict( - cn=dict(type='str', required=True, aliases=['name']), - description=dict(type='str', required=False), - state=dict(type='str', required=False, default='present', - choices=['present', 'absent', 'enabled', 'disabled']), - sudocmd=dict(type='list', required=False), - ipa_prot=dict(type='str', required=False, default='https', choices=['http', 'https']), - ipa_host=dict(type='str', required=False, default='ipa.example.com'), - ipa_port=dict(type='int', required=False, default=443), - ipa_user=dict(type='str', required=False, default='admin'), - ipa_pass=dict(type='str', required=True, no_log=True), - validate_certs=dict(type='bool', required=False, default=True), - ), - supports_check_mode=True, - ) + argument_spec = ipa_argument_spec() + argument_spec.update(cn=dict(type='str', required=True, aliases=['name']), + description=dict(type='str'), + state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']), + sudocmd=dict(type='list')) + + module = AnsibleModule(argument_spec=argument_spec, + supports_check_mode=True) client = SudoCmdGroupIPAClient(module=module, host=module.params['ipa_host'], diff --git a/lib/ansible/modules/identity/ipa/ipa_sudorule.py b/lib/ansible/modules/identity/ipa/ipa_sudorule.py index 4b91f1b946..c5e3e6f1b5 100644 --- a/lib/ansible/modules/identity/ipa/ipa_sudorule.py +++ b/lib/ansible/modules/identity/ipa/ipa_sudorule.py @@ -29,83 +29,48 @@ options: description: - Command category the rule applies to. choices: ['all'] - required: false cmd: description: - List of commands assigned to the rule. - If an empty list is passed all commands will be removed from the rule. - If option is omitted commands will not be checked or changed. - required: false host: description: - List of hosts assigned to the rule. - If an empty list is passed all hosts will be removed from the rule. - If option is omitted hosts will not be checked or changed. - Option C(hostcategory) must be omitted to assign hosts. - required: false hostcategory: description: - Host category the rule applies to. - If 'all' is passed one must omit C(host) and C(hostgroup). - Option C(host) and C(hostgroup) must be omitted to assign 'all'. choices: ['all'] - required: false hostgroup: description: - List of host groups assigned to the rule. - If an empty list is passed all host groups will be removed from the rule. - If option is omitted host groups will not be checked or changed. - Option C(hostcategory) must be omitted to assign host groups. - required: false user: description: - List of users assigned to the rule. - If an empty list is passed all users will be removed from the rule. - If option is omitted users will not be checked or changed. - required: false usercategory: description: - User category the rule applies to. choices: ['all'] - required: false usergroup: description: - List of user groups assigned to the rule. - If an empty list is passed all user groups will be removed from the rule. - If option is omitted user groups will not be checked or changed. - required: false state: description: State to ensure - required: false default: present choices: ['present', 'absent', 'enabled', 'disabled'] - ipa_port: - description: Port of IPA server - required: false - default: 443 - ipa_host: - description: IP or hostname of IPA server - required: false - default: "ipa.example.com" - ipa_user: - description: Administrative account used on IPA server - required: false - default: "admin" - ipa_pass: - description: Password of administrative user - required: true - ipa_prot: - description: Protocol used by IPA server - required: false - default: "https" - choices: ["http", "https"] - validate_certs: - description: - - This only applies if C(ipa_prot) is I(https). - - If set to C(no), the SSL certificates will not be validated. - - This should only set to C(no) used on personally controlled sites using self-signed certificates. - required: false - default: true +extends_documentation_fragment: ipa.documentation version_added: "2.3" ''' @@ -150,7 +115,7 @@ sudorule: import traceback from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.ipa import IPAClient +from ansible.module_utils.ipa import IPAClient, ipa_argument_spec from ansible.module_utils._text import to_native @@ -335,35 +300,27 @@ def ensure(module, client): def main(): - module = AnsibleModule( - argument_spec=dict( - cmd=dict(type='list', required=False), - cmdcategory=dict(type='str', required=False, choices=['all']), - cn=dict(type='str', required=True, aliases=['name']), - description=dict(type='str', required=False), - host=dict(type='list', required=False), - hostcategory=dict(type='str', required=False, choices=['all']), - hostgroup=dict(type='list', required=False), - sudoopt=dict(type='list', required=False), - state=dict(type='str', required=False, default='present', - choices=['present', 'absent', 'enabled', 'disabled']), - user=dict(type='list', required=False), - usercategory=dict(type='str', required=False, choices=['all']), - usergroup=dict(type='list', required=False), - ipa_prot=dict(type='str', required=False, default='https', choices=['http', 'https']), - ipa_host=dict(type='str', required=False, default='ipa.example.com'), - ipa_port=dict(type='int', required=False, default=443), - ipa_user=dict(type='str', required=False, default='admin'), - ipa_pass=dict(type='str', required=True, no_log=True), - validate_certs=dict(type='bool', required=False, default=True), - ), - mutually_exclusive=[['cmdcategory', 'cmd'], - ['hostcategory', 'host'], - ['hostcategory', 'hostgroup'], - ['usercategory', 'user'], - ['usercategory', 'usergroup']], - supports_check_mode=True, - ) + argument_spec = ipa_argument_spec() + argument_spec.update(cmd=dict(type='list', required=False), + cmdcategory=dict(type='str', required=False, choices=['all']), + cn=dict(type='str', required=True, aliases=['name']), + description=dict(type='str', required=False), + host=dict(type='list', required=False), + hostcategory=dict(type='str', required=False, choices=['all']), + hostgroup=dict(type='list', required=False), + sudoopt=dict(type='list', required=False), + state=dict(type='str', required=False, default='present', choices=['present', 'absent', 'enabled', 'disabled']), + user=dict(type='list', required=False), + usercategory=dict(type='str', required=False, choices=['all']), + usergroup=dict(type='list', required=False)) + + module = AnsibleModule(argument_spec=argument_spec, + mutually_exclusive=[['cmdcategory', 'cmd'], + ['hostcategory', 'host'], + ['hostcategory', 'hostgroup'], + ['usercategory', 'user'], + ['usercategory', 'usergroup']], + supports_check_mode=True) client = SudoRuleIPAClient(module=module, host=module.params['ipa_host'], diff --git a/lib/ansible/modules/identity/ipa/ipa_user.py b/lib/ansible/modules/identity/ipa/ipa_user.py index 9278eab7a2..48a779c6f4 100644 --- a/lib/ansible/modules/identity/ipa/ipa_user.py +++ b/lib/ansible/modules/identity/ipa/ipa_user.py @@ -21,35 +21,27 @@ description: options: displayname: description: Display name - required: false givenname: description: First name - required: false loginshell: description: Login shell - required: false mail: description: - List of mail addresses assigned to the user. - If an empty list is passed all assigned email addresses will be deleted. - If None is passed email addresses will not be checked or changed. - required: false password: description: - - Password - required: false + - Password for new user sn: description: Surname - required: false sshpubkey: description: - List of public SSH key. - If an empty list is passed all assigned public keys will be deleted. - If None is passed SSH public keys will not be checked or changed. - required: false state: description: State to ensure - required: false default: "present" choices: ["present", "absent", "enabled", "disabled"] telephonenumber: @@ -57,41 +49,13 @@ options: - List of telephone numbers assigned to the user. - If an empty list is passed all assigned telephone numbers will be deleted. - If None is passed telephone numbers will not be checked or changed. - required: false title: description: Title - required: false uid: description: uid of the user required: true aliases: ["name"] - ipa_port: - description: Port of IPA server - required: false - default: 443 - ipa_host: - description: IP or hostname of IPA server - required: false - default: "ipa.example.com" - ipa_user: - description: Administrative account used on IPA server - required: false - default: "admin" - ipa_pass: - description: Password of administrative user - required: true - ipa_prot: - description: Protocol used by IPA server - required: false - default: "https" - choices: ["http", "https"] - validate_certs: - description: - - This only applies if C(ipa_prot) is I(https). - - If set to C(no), the SSL certificates will not be validated. - - This should only set to C(no) used on personally controlled sites using self-signed certificates. - required: false - default: true +extends_documentation_fragment: ipa.documentation version_added: "2.3" requirements: - base64 @@ -137,7 +101,7 @@ import hashlib import traceback from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.ipa import IPAClient +from ansible.module_utils.ipa import IPAClient, ipa_argument_spec from ansible.module_utils._text import to_native @@ -279,29 +243,22 @@ def ensure(module, client): def main(): - module = AnsibleModule( - argument_spec=dict( - displayname=dict(type='str', required=False), - givenname=dict(type='str', required=False), - loginshell=dict(type='str', required=False), - mail=dict(type='list', required=False), - sn=dict(type='str', required=False), - uid=dict(type='str', required=True, aliases=['name']), - password=dict(type='str', required=False, no_log=True), - sshpubkey=dict(type='list', required=False), - state=dict(type='str', required=False, default='present', - choices=['present', 'absent', 'enabled', 'disabled']), - telephonenumber=dict(type='list', required=False), - title=dict(type='str', required=False), - ipa_prot=dict(type='str', required=False, default='https', choices=['http', 'https']), - ipa_host=dict(type='str', required=False, default='ipa.example.com'), - ipa_port=dict(type='int', required=False, default=443), - ipa_user=dict(type='str', required=False, default='admin'), - ipa_pass=dict(type='str', required=True, no_log=True), - validate_certs=dict(type='bool', required=False, default=True), - ), - supports_check_mode=True, - ) + argument_spec = ipa_argument_spec() + argument_spec.update(displayname=dict(type='str'), + givenname=dict(type='str'), + loginshell=dict(type='str'), + mail=dict(type='list'), + sn=dict(type='str'), + uid=dict(type='str', required=True, aliases=['name']), + password=dict(type='str', no_log=True), + sshpubkey=dict(type='list'), + state=dict(type='str', default='present', + choices=['present', 'absent', 'enabled', 'disabled']), + telephonenumber=dict(type='list'), + title=dict(type='str')) + + module = AnsibleModule(argument_spec=argument_spec, + supports_check_mode=True) client = UserIPAClient(module=module, host=module.params['ipa_host'], diff --git a/lib/ansible/utils/module_docs_fragments/ipa.py b/lib/ansible/utils/module_docs_fragments/ipa.py new file mode 100644 index 0000000000..6597b9491a --- /dev/null +++ b/lib/ansible/utils/module_docs_fragments/ipa.py @@ -0,0 +1,33 @@ +# Copyright (c) 2017, Ansible Project +# Copyright (c) 2017, Abhijeet Kasurde (akasurde@redhat.com) +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + + +class ModuleDocFragment(object): + # Parameters for FreeIPA/IPA modules + DOCUMENTATION = ''' +options: + ipa_port: + description: Port of IPA server + default: 443 + ipa_host: + description: IP or hostname of IPA server + default: ipa.example.com + ipa_user: + description: Administrative account used on IPA server + default: admin + ipa_pass: + description: Password of administrative user + required: true + ipa_prot: + description: Protocol used by IPA server + default: https + choices: ["http", "https"] + validate_certs: + description: + - This only applies if C(ipa_prot) is I(https). + - If set to C(no), the SSL certificates will not be validated. + - This should only set to C(no) used on personally controlled sites using self-signed certificates. + default: true + +'''