From ef0b83fdf127c4e6256777c63b2faa0218de4891 Mon Sep 17 00:00:00 2001 From: Rossen <2720787+rossengeorgiev@users.noreply.github.com> Date: Tue, 19 Oct 2021 12:36:08 +0100 Subject: [PATCH] ipa_group: add append option (#3545) * ipa: add append parameter to modify_if_diff * ipa_group: add state: append * ipa_group: rework append to an option instead of another state * ipa_group: append default=no * ipa_group: add change fragment for new append option * ipa_group: restore descriptions for group and user * ipa_group: re-add missed quotation mark * ipa_group: set default for append in argument_spec * ipa_group: add .yml ext to fragement file * ipa_group: corrections to append description * ipa_group: refine change fragement text Co-authored-by: Felix Fontein * ipa_group: use correct macros in option descriptions Co-authored-by: Felix Fontein * ipa_group: include append in user and group descriptions * ipa_group: add version_added Co-authored-by: Felix Fontein Co-authored-by: Felix Fontein --- .../3545-ipa_group-add-append-option.yml | 2 + plugins/module_utils/ipa.py | 4 +- plugins/modules/identity/ipa/ipa_group.py | 38 +++++++++++++++---- 3 files changed, 35 insertions(+), 9 deletions(-) create mode 100644 changelogs/fragments/3545-ipa_group-add-append-option.yml diff --git a/changelogs/fragments/3545-ipa_group-add-append-option.yml b/changelogs/fragments/3545-ipa_group-add-append-option.yml new file mode 100644 index 0000000000..5bf585b010 --- /dev/null +++ b/changelogs/fragments/3545-ipa_group-add-append-option.yml @@ -0,0 +1,2 @@ +minor_changes: + - "ipa_group - add ``append`` option for adding group and users members, instead of replacing the respective lists (https://github.com/ansible-collections/community.general/pull/3545)." \ No newline at end of file diff --git a/plugins/module_utils/ipa.py b/plugins/module_utils/ipa.py index 34cf9e7e0c..3d8c2580d8 100644 --- a/plugins/module_utils/ipa.py +++ b/plugins/module_utils/ipa.py @@ -179,10 +179,10 @@ class IPAClient(object): result.append(key) return result - def modify_if_diff(self, name, ipa_list, module_list, add_method, remove_method, item=None): + def modify_if_diff(self, name, ipa_list, module_list, add_method, remove_method, item=None, append=None): changed = False diff = list(set(ipa_list) - set(module_list)) - if len(diff) > 0: + if append is not True and len(diff) > 0: changed = True if not self.module.check_mode: if item: diff --git a/plugins/modules/identity/ipa/ipa_group.py b/plugins/modules/identity/ipa/ipa_group.py index f62d9f0a18..d6af57ba1f 100644 --- a/plugins/modules/identity/ipa/ipa_group.py +++ b/plugins/modules/identity/ipa/ipa_group.py @@ -14,6 +14,13 @@ short_description: Manage FreeIPA group description: - Add, modify and delete group within IPA server options: + append: + description: + - If C(yes), add the listed I(user) and I(group) to the group members. + - If C(no), only the listed I(user) and I(group) will be group members, removing any other members. + default: no + type: bool + version_added: 4.0.0 cn: description: - Canonical name. @@ -37,9 +44,10 @@ options: group: description: - List of group names assigned to this group. - - If an empty list is passed all groups will be removed from this group. - - If option is omitted assigned groups will not be checked or changed. + - If I(append=no) and an empty list is passed all groups will be removed from this group. - Groups that are already assigned but not passed will be removed. + - If I(append=yes) the listed groups will be assigned without removing other groups. + - If option is omitted assigned groups will not be checked or changed. type: list elements: str nonposix: @@ -49,9 +57,10 @@ options: user: description: - List of user names assigned to this group. - - If an empty list is passed all users will be removed from this group. - - If option is omitted assigned users will not be checked or changed. + - If I(append=no) and an empty list is passed all users will be removed from this group. - Users that are already assigned but not passed will be removed. + - If I(append=yes) the listed users will be assigned without removing other users. + - If option is omitted assigned users will not be checked or changed. type: list elements: str state: @@ -95,6 +104,17 @@ EXAMPLES = r''' ipa_user: admin ipa_pass: topsecret +- name: Ensure that new starter named john is member of the group, without removing other members + community.general.ipa_group: + name: developers + user: + - john + append: yes + state: present + ipa_host: ipa.example.com + ipa_user: admin + ipa_pass: topsecret + - name: Ensure group is absent community.general.ipa_group: name: sysops @@ -187,6 +207,7 @@ def ensure(module, client): name = module.params['cn'] group = module.params['group'] user = module.params['user'] + append = module.params['append'] module_group = get_group_dict(description=module.params['description'], external=module.params['external'], gid=module.params['gidnumber'], nonposix=module.params['nonposix']) @@ -211,12 +232,14 @@ def ensure(module, client): if group is not None: changed = client.modify_if_diff(name, ipa_group.get('member_group', []), group, client.group_add_member_group, - client.group_remove_member_group) or changed + client.group_remove_member_group, + append=append) or changed if user is not None: changed = client.modify_if_diff(name, ipa_group.get('member_user', []), user, client.group_add_member_user, - client.group_remove_member_user) or changed + client.group_remove_member_user, + append=append) or changed else: if ipa_group: @@ -236,7 +259,8 @@ def main(): group=dict(type='list', elements='str'), nonposix=dict(type='bool'), state=dict(type='str', default='present', choices=['present', 'absent']), - user=dict(type='list', elements='str')) + user=dict(type='list', elements='str'), + append=dict(type='bool', default=False)) module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True,