collection 교체

collection/community/general/plugins/modules/ldap_attrs.py

@@ -1,11 +1,12 @@
 #!/usr/bin/python
 # -*- coding: utf-8 -*-
 
-# Copyright: (c) 2019, Maciej Delmanowski <drybjed@gmail.com>
-# Copyright: (c) 2017, Alexander Korinek <noles@a3k.net>
-# Copyright: (c) 2016, Peter Sagerson <psagers@ignorare.net>
-# Copyright: (c) 2016, Jiri Tyr <jiri.tyr@gmail.com>
-# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+# Copyright (c) 2019, Maciej Delmanowski <drybjed@gmail.com>
+# Copyright (c) 2017, Alexander Korinek <noles@a3k.net>
+# Copyright (c) 2016, Peter Sagerson <psagers@ignorare.net>
+# Copyright (c) 2016, Jiri Tyr <jiri.tyr@gmail.com>
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
 
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type
@@ -24,10 +25,10 @@ notes:
     bind over a UNIX domain socket. This works well with the default Ubuntu
     install for example, which includes a cn=peercred,cn=external,cn=auth ACL
     rule allowing root to modify the server configuration. If you need to use
-    a simple bind to access your server, pass the credentials in I(bind_dn)
-    and I(bind_pw).
-  - For I(state=present) and I(state=absent), all value comparisons are
-    performed on the server for maximum accuracy. For I(state=exact), values
+    a simple bind to access your server, pass the credentials in O(bind_dn)
+    and O(bind_pw).
+  - For O(state=present) and O(state=absent), all value comparisons are
+    performed on the server for maximum accuracy. For O(state=exact), values
     have to be compared in Python, which obviously ignores LDAP matching
     rules. This should work out in most cases, but it is theoretically
     possible to see spurious changes when target and actual values are
@@ -39,6 +40,11 @@ author:
   - Maciej Delmanowski (@drybjed)
 requirements:
   - python-ldap
+attributes:
+  check_mode:
+    support: full
+  diff_mode:
+    support: none
 options:
   state:
     required: false
@@ -46,28 +52,36 @@ options:
     choices: [present, absent, exact]
     default: present
     description:
-      - The state of the attribute values. If C(present), all given attribute
-        values will be added if they're missing. If C(absent), all given
-        attribute values will be removed if present. If C(exact), the set of
+      - The state of the attribute values. If V(present), all given attribute
+        values will be added if they're missing. If V(absent), all given
+        attribute values will be removed if present. If V(exact), the set of
         attribute values will be forced to exactly those provided and no others.
-        If I(state=exact) and the attribute I(value) is empty, all values for
+        If O(state=exact) and the attribute value is empty, all values for
         this attribute will be removed.
   attributes:
     required: true
     type: dict
     description:
-      - The attribute(s) and value(s) to add or remove. The complex argument format is required in order to pass
-        a list of strings (see examples).
+      - The attribute(s) and value(s) to add or remove.
+      - Each attribute value can be a string for single-valued attributes or
+        a list of strings for multi-valued attributes.
+      - If you specify values for this option in YAML, please note that you can improve
+        readability for long string values by using YAML block modifiers as seen in the
+        examples for this module.
+      - Note that when using values that YAML/ansible-core interprets as other types,
+        like V(yes), V(no) (booleans), or V(2.10) (float), make sure to quote them if
+        these are meant to be strings. Otherwise the wrong values may be sent to LDAP.
   ordered:
     required: false
     type: bool
-    default: 'no'
+    default: false
     description:
-      - If C(yes), prepend list values with X-ORDERED index numbers in all
+      - If V(true), prepend list values with X-ORDERED index numbers in all
         attributes specified in the current task. This is useful mostly with
-        I(olcAccess) attribute to easily manage LDAP Access Control Lists.
+        C(olcAccess) attribute to easily manage LDAP Access Control Lists.
 extends_documentation_fragment:
-- community.general.ldap.documentation
+  - community.general.ldap.documentation
+  - community.general.attributes
 
 '''
 
@@ -114,7 +128,7 @@ EXAMPLES = r'''
             to dn.base="dc=example,dc=com"
             by dn="cn=admin,dc=example,dc=com" write
             by * read
-    ordered: yes
+    ordered: true
     state: exact
 
 - name: Declare some indexes
@@ -160,19 +174,22 @@ modlist:
   description: list of modified parameters
   returned: success
   type: list
-  sample: '[[2, "olcRootDN", ["cn=root,dc=example,dc=com"]]]'
+  sample:
+    - [2, "olcRootDN", ["cn=root,dc=example,dc=com"]]
 '''
 
 import traceback
 
 from ansible.module_utils.basic import AnsibleModule, missing_required_lib
-from ansible.module_utils.common.text.converters import to_native, to_bytes
-from ansible_collections.community.general.plugins.module_utils.ldap import LdapGeneric, gen_specs
+from ansible.module_utils.common.text.converters import to_native, to_bytes, to_text
+from ansible_collections.community.general.plugins.module_utils.ldap import LdapGeneric, gen_specs, ldap_required_together
+
 import re
 
 LDAP_IMP_ERR = None
 try:
     import ldap
+    import ldap.filter
 
     HAS_LDAP = True
 except ImportError:
@@ -190,7 +207,7 @@ class LdapAttrs(LdapGeneric):
         self.ordered = self.module.params['ordered']
 
     def _order_values(self, values):
-        """ Preprend X-ORDERED index numbers to attribute's values. """
+        """ Prepend X-ORDERED index numbers to attribute's values. """
         ordered_values = []
 
         if isinstance(values, list):
@@ -261,9 +278,11 @@ class LdapAttrs(LdapGeneric):
     def _is_value_present(self, name, value):
         """ True if the target attribute has the given value. """
         try:
-            is_present = bool(
-                self.connection.compare_s(self.dn, name, value))
-        except ldap.NO_SUCH_ATTRIBUTE:
+            escaped_value = ldap.filter.escape_filter_chars(to_text(value))
+            filterstr = "(%s=%s)" % (name, escaped_value)
+            dns = self.connection.search_s(self.dn, ldap.SCOPE_BASE, filterstr)
+            is_present = len(dns) == 1
+        except ldap.NO_SUCH_OBJECT:
             is_present = False
 
         return is_present
@@ -281,6 +300,7 @@ def main():
             state=dict(type='str', default='present', choices=['absent', 'exact', 'present']),
         ),
         supports_check_mode=True,
+        required_together=ldap_required_together(),
     )
 
     if not HAS_LDAP: