VhKddlmZmZmZeZdZdZdZddl m Z ddl m Z m Z ddlmZddlmZGd d e Zdd Zd ZdZdZedk(rey y ))absolute_importdivisionprint_functionaY module: ipa_subca author: Abhijeet Kasurde (@Akasurde) short_description: Manage FreeIPA Lightweight Sub Certificate Authorities description: - Add, modify, enable, disable and delete an IPA Lightweight Sub Certificate Authorities using IPA API. attributes: check_mode: support: full diff_mode: support: none options: subca_name: description: - The Sub Certificate Authority name which needs to be managed. required: true aliases: ["name"] type: str subca_subject: description: - The Sub Certificate Authority's Subject, for example V(CN=SampleSubCA1,O=testrelm.test). required: true type: str subca_desc: description: - The Sub Certificate Authority's description. type: str state: description: - State to ensure. - States V(disable) and V(enable) are available for FreeIPA 4.4.2 version and onwards. required: false default: present choices: ["absent", "disabled", "enabled", "present"] type: str extends_documentation_fragment: - community.general.ipa.documentation - community.general.attributes aj - name: Ensure IPA Sub CA is present community.general.ipa_subca: ipa_host: spider.example.com ipa_pass: Passw0rd! state: present subca_name: AnsibleSubCA1 subca_subject: 'CN=AnsibleSubCA1,O=example.com' subca_desc: Ansible Sub CA - name: Ensure that IPA Sub CA is removed community.general.ipa_subca: ipa_host: spider.example.com ipa_pass: Passw0rd! state: absent subca_name: AnsibleSubCA1 - name: Ensure that IPA Sub CA is disabled community.general.ipa_subca: ipa_host: spider.example.com ipa_pass: Passw0rd! state: disable subca_name: AnsibleSubCA1 za subca: description: IPA Sub CA record as returned by IPA API. returned: always type: dict ) AnsibleModule) IPAClientipa_argument_spec) to_native) LooseVersioncLeZdZfdZdZddZddZd dZd dZd dZ xZ S) SubCAIPAClientc2tt| ||||yN)superr __init__)selfmodulehostportprotocol __class__s o/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/general/plugins/modules/ipa_subca.pyrzSubCAIPAClient.__init__Zs nd,VT4Jc*|jd|dS)Nca_findmethodnameitem _post_jsonr subca_names r subca_findzSubCAIPAClient.subca_find]sijtLLrct|}|jdd}||j||jd||S)N)ipacasubjectdn description)r&ca_addr)dictgetupdater )rr" subject_dndetailsr subca_descs r subca_addzSubCAIPAClient.subca_add`sE:.[[5  ! KKJK /hZdKKrct|}|D]K}t}|||jdj||||j d||My)Nz{0}={1})setattrca_modr)get_subca_dictr(r*formatr )rr"diffr,rchange update_details r subca_modzSubCAIPAClient.subca_modgsbg& VF FMF|'$$Y-=-=fd6l-S$Txj}U  Vrc(|jd|S)Nca_delrrrr!s r subca_delzSubCAIPAClient.subca_deloshZ@@rc(|jd|S)N ca_disabler:rr!s r subca_disablezSubCAIPAClient.subca_disablerslDDrc(|jd|S)N ca_enabler:rr!s r subca_enablezSubCAIPAClient.subca_enableusk CCr)NNNr) __name__ __module__ __qualname__rr#r.r7r;r>rA __classcell__)rs@rr r Ys-KMLVAEDrr NcNt}|d|d|d<|d|d|d<|S)Nr& subca_subjectr%)r()r, module_subcas rr2r2ysD6L})&-m&< ]#+)0)A %& rc>t|}|j||S)N)ipa_data module_data)r2get_diff)client ipa_subcarHr,s rget_subca_diffrOs\*G ??I7? CCrc|jd}|jd}|jd}|jd}|j|}t||}d}|dk(r~|s%d}|jsV|j ||| n@t |||} d | vr| j d |d=t| d kDr d}|js|j|| | n|d k(r#|rd}|js|j|n|dk(r\|j} t| tdkr|jd|rd}|jss|j|n`|dk(r[|j} t| tdkr|jd|r d}|js|j|||j|fS)Nr"rGr-state)r&rGFpresentT)r"r+r,r%r)r"r4r,absent)r"disablez4.4.2zuCurrent version of IPA server [%s] does not support 'CA disable' option. Please upgrade to version greater than 4.4.2msgenableztCurrent version of IPA server [%s] does not support 'CA enable' option. Please upgrade to version greater than 4.4.2)paramsr#r( check_moder.rOremovelenr7r;get_ipa_versionr fail_jsonr>rA) rrMr"subca_subject_dnr-rQrNrHchangedr4 ipa_versions rensureras|,J}}_5|,J MM' "E!!*-IJ&68LG G$$  JCS]i j!&)\BD 4' ,- 14y1}(($$ |$\ (  G$$  J 7 ) ,,.  $|G'< <   ">  ? G$$$$ $; ( ,,.  $|G'< <   ">  ? G$$##z#: F%%j1 11rc *t}|jtdddgtddtdtddgd  t|d }t ||j d |j d |j d} |j |j d|j dt||\}}|j||y#t$r%}|jt|Yd}~yd}~wwxYw)NstrTr)typerequiredaliases)rdre)rdrR)rRrSenableddisabled)rddefaultchoices)r"rGr-rQ) argument_specsupports_check_modeipa_hostipa_portipa_prot)rrrripa_useripa_pass)usernamepassword)r_recordrU) rr*r(rr rXloginra exit_json Exceptionr]r )rkrrMr_rtexcs rmainrys %'MDedVH$U'+'F$(e$4# ,X Z\ /36F6!'z!:!'z!:%+]]:%>@F - fmmJ7$mmJ7  9 08 -Ys^,,-sAC$$ D-D  D__main__r) __future__rrrrd __metaclass__ DOCUMENTATIONEXAMPLESRETURNansible.module_utils.basicr>ansible_collections.community.general.plugins.module_utils.iparr+ansible.module_utils.common.text.convertersr Bansible_collections.community.general.plugins.module_utils.versionr r r2rOraryrBrrrspA@ & P 2 5gA[DYD@D 52p-2 zFr