From d332608aca3bd81f9cd0b5b50133176023d03d1d Mon Sep 17 00:00:00 2001 From: Yannik Sembritzki Date: Mon, 1 Jul 2024 23:33:46 +0200 Subject: [PATCH 01/11] Implement feature to flatten group members (closes #128) --- plugins/module_utils/_ADObject.psm1 | 27 +++++++++++++++++++++++---- plugins/modules/group.yml | 5 +++++ 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/plugins/module_utils/_ADObject.psm1 b/plugins/module_utils/_ADObject.psm1 index 693419a..9a21b8f 100644 --- a/plugins/module_utils/_ADObject.psm1 +++ b/plugins/module_utils/_ADObject.psm1 @@ -543,6 +543,9 @@ Function ConvertTo-AnsibleADDistinguishedName { [string] $Server, + [boolean] + $NestedGroupFlatten, + [PSCredential] $Credential, @@ -611,10 +614,17 @@ Function ConvertTo-AnsibleADDistinguishedName { continue } - $adDN = Get-AnsibleADObject @getParams | - Select-Object -ExpandProperty DistinguishedName - if ($adDN) { - $results.Add($adDN) + $object = Get-AnsibleADObject @getParams + if ($object) { + if ($NestedGroupFlatten -and $object.ObjectClass -eq "group") { + $dns = Get-ADGroupMember $object -Recursive | Select-Object -ExpandProperty DistinguishedName + } + else { + $dns = $object | Select-Object -ExpandProperty DistinguishedName + } + foreach ($dn in $dns) { + $results.Add($dn) + } } else { $invalidIdentities.Add($getParams.Identity) @@ -1043,6 +1053,12 @@ Function Invoke-AnsibleADObject { } ) + if ($ModuleNoun -eq "ADGroup") { + $spec.options['flatten'] = @{ + type = 'bool' + } + } + $module = [Ansible.Basic.AnsibleModule]::Create(@(), $spec) $module.Result.distinguished_name = $null $module.Result.object_guid = $null @@ -1364,6 +1380,9 @@ Function Invoke-AnsibleADObject { Context = "$($propInfo.Name).$($actionKvp.Key)" FailureAction = $propValue.lookup_failure_action } + if ($propInfo.Name -eq 'members' -and $module.Params.flatten) { + $convertParams['NestedGroupFlatten'] = $true + } $dns = $actionKvp.Value | ConvertTo-AnsibleADDistinguishedName @adParams @convertParams $compareParams[$actionKvp.Key] = @($dns) } diff --git a/plugins/modules/group.yml b/plugins/modules/group.yml index a57d3ee..fca291c 100644 --- a/plugins/modules/group.yml +++ b/plugins/modules/group.yml @@ -82,6 +82,11 @@ DOCUMENTATION: - Set this to an empty list to remove all members from a group. type: list elements: raw + flatten: + description: + - For nested groups, group members are added directly (nested groups are "flattened"). + type: bool + default: false sam_account_name: description: - The C(sAMAccountName) value to set for the group. From 32c8be5936e975d5468a2eb872872463a1d53e2f Mon Sep 17 00:00:00 2001 From: Yannik Sembritzki Date: Mon, 1 Jul 2024 23:55:52 +0200 Subject: [PATCH 02/11] Add tests --- .../integration/targets/group/tasks/tests.yml | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/tests/integration/targets/group/tasks/tests.yml b/tests/integration/targets/group/tasks/tests.yml index c9cb7d8..5f4935e 100644 --- a/tests/integration/targets/group/tasks/tests.yml +++ b/tests/integration/targets/group/tasks/tests.yml @@ -363,6 +363,42 @@ that: - not unset_member_again is changed + - name: create sub group and set members + group: + name: MySubGroup + members: + set: + - my_user_1 + - my_user_2 + register: sub_group + + - name: set members while flattening sub group + group: + name: MyGroup + flatten: true + members: + set: + - MySubGroup + - my_user_3 + register: set_member + + - name: get result of set members with flattening + object_info: + identity: '{{ object_identity }}' + properties: + - member + register: set_member_actual + + - name: assert set members with flattening + assert: + that: + - set_member is changed + - set_member_actual.objects[0].member | length == 3 + - test_users.results[0].distinguished_name in set_member_actual.objects[0].member + - test_users.results[1].distinguished_name in set_member_actual.objects[0].member + - test_users.results[2].distinguished_name in set_member_actual.objects[0].member + - sub_group.distinguished_name not in set_member_actual.objects[0].member + - name: remove group - check group: name: MyGroup From fdaf6165fc9f70abf66b3aa7e8f55c3ad8961197 Mon Sep 17 00:00:00 2001 From: Yannik Sembritzki Date: Tue, 2 Jul 2024 00:03:31 +0200 Subject: [PATCH 03/11] Attempt to fix pslint CI indentation issue --- plugins/module_utils/_ADObject.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/module_utils/_ADObject.psm1 b/plugins/module_utils/_ADObject.psm1 index 9a21b8f..6509926 100644 --- a/plugins/module_utils/_ADObject.psm1 +++ b/plugins/module_utils/_ADObject.psm1 @@ -1055,7 +1055,7 @@ Function Invoke-AnsibleADObject { if ($ModuleNoun -eq "ADGroup") { $spec.options['flatten'] = @{ - type = 'bool' + type = 'bool' } } From e0e6f11c6a9ba136fc4bc925fbc30bc3d028ea16 Mon Sep 17 00:00:00 2001 From: Yannik Sembritzki Date: Tue, 2 Jul 2024 00:09:58 +0200 Subject: [PATCH 04/11] Correctly set default value for flatten to false --- plugins/module_utils/_ADObject.psm1 | 1 + 1 file changed, 1 insertion(+) diff --git a/plugins/module_utils/_ADObject.psm1 b/plugins/module_utils/_ADObject.psm1 index 6509926..6e3e57d 100644 --- a/plugins/module_utils/_ADObject.psm1 +++ b/plugins/module_utils/_ADObject.psm1 @@ -1056,6 +1056,7 @@ Function Invoke-AnsibleADObject { if ($ModuleNoun -eq "ADGroup") { $spec.options['flatten'] = @{ type = 'bool' + default = $false } } From a74dd5c4695594deed82a314397d8a511ecbde59 Mon Sep 17 00:00:00 2001 From: Yannik Sembritzki Date: Tue, 2 Jul 2024 00:16:13 +0200 Subject: [PATCH 05/11] Another attempt to fix intendation and make pslint happy --- plugins/module_utils/_ADObject.psm1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/module_utils/_ADObject.psm1 b/plugins/module_utils/_ADObject.psm1 index 6e3e57d..a1fb348 100644 --- a/plugins/module_utils/_ADObject.psm1 +++ b/plugins/module_utils/_ADObject.psm1 @@ -1055,8 +1055,8 @@ Function Invoke-AnsibleADObject { if ($ModuleNoun -eq "ADGroup") { $spec.options['flatten'] = @{ - type = 'bool' - default = $false + type = 'bool' + default = $false } } From 530aa1120aacaa8f5badbc104552977d0229b842 Mon Sep 17 00:00:00 2001 From: Yannik Sembritzki Date: Tue, 2 Jul 2024 00:23:17 +0200 Subject: [PATCH 06/11] Improve variable naming --- tests/integration/targets/group/tasks/tests.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/integration/targets/group/tasks/tests.yml b/tests/integration/targets/group/tasks/tests.yml index 5f4935e..e3ac451 100644 --- a/tests/integration/targets/group/tasks/tests.yml +++ b/tests/integration/targets/group/tasks/tests.yml @@ -380,24 +380,24 @@ set: - MySubGroup - my_user_3 - register: set_member + register: set_member_flattened - name: get result of set members with flattening object_info: identity: '{{ object_identity }}' properties: - member - register: set_member_actual + register: set_member_flattened_actual - name: assert set members with flattening assert: that: - - set_member is changed - - set_member_actual.objects[0].member | length == 3 - - test_users.results[0].distinguished_name in set_member_actual.objects[0].member - - test_users.results[1].distinguished_name in set_member_actual.objects[0].member - - test_users.results[2].distinguished_name in set_member_actual.objects[0].member - - sub_group.distinguished_name not in set_member_actual.objects[0].member + - set_member_flattened is changed + - set_member_flattened_actual.objects[0].member | length == 3 + - test_users.results[0].distinguished_name in set_member_flattened_actual.objects[0].member + - test_users.results[1].distinguished_name in set_member_flattened_actual.objects[0].member + - test_users.results[2].distinguished_name in set_member_flattened_actual.objects[0].member + - sub_group.distinguished_name not in set_member_flattened_actual.objects[0].member - name: remove group - check group: From 8e641303cbd716b4535cfae5da51b7793def09ba Mon Sep 17 00:00:00 2001 From: Yannik Sembritzki Date: Tue, 2 Jul 2024 00:27:32 +0200 Subject: [PATCH 07/11] Improve flatten parameter description --- plugins/modules/group.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/group.yml b/plugins/modules/group.yml index fca291c..63c5cab 100644 --- a/plugins/modules/group.yml +++ b/plugins/modules/group.yml @@ -84,7 +84,7 @@ DOCUMENTATION: elements: raw flatten: description: - - For nested groups, group members are added directly (nested groups are "flattened"). + - Flattens nested groups. type: bool default: false sam_account_name: From 505c0982a05dc7270c68ce9ced7181ee806db7e0 Mon Sep 17 00:00:00 2001 From: Yannik Sembritzki Date: Tue, 2 Jul 2024 00:36:02 +0200 Subject: [PATCH 08/11] Fix test by adding missing scope to sub group --- tests/integration/targets/group/tasks/tests.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/integration/targets/group/tasks/tests.yml b/tests/integration/targets/group/tasks/tests.yml index e3ac451..6c69aca 100644 --- a/tests/integration/targets/group/tasks/tests.yml +++ b/tests/integration/targets/group/tasks/tests.yml @@ -366,6 +366,7 @@ - name: create sub group and set members group: name: MySubGroup + scope: global members: set: - my_user_1 From 16d4f46f78920ef5f54da04ecd4dd8651f48d630 Mon Sep 17 00:00:00 2001 From: Yannik Sembritzki Date: Tue, 2 Jul 2024 00:39:26 +0200 Subject: [PATCH 09/11] Improve task name --- plugins/module_utils/_ADObject.psm1 | 4 ++-- plugins/modules/group.yml | 1 + tests/integration/targets/group/tasks/tests.yml | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/plugins/module_utils/_ADObject.psm1 b/plugins/module_utils/_ADObject.psm1 index a1fb348..e29fc8e 100644 --- a/plugins/module_utils/_ADObject.psm1 +++ b/plugins/module_utils/_ADObject.psm1 @@ -543,7 +543,7 @@ Function ConvertTo-AnsibleADDistinguishedName { [string] $Server, - [boolean] + [Switch] $NestedGroupFlatten, [PSCredential] @@ -617,7 +617,7 @@ Function ConvertTo-AnsibleADDistinguishedName { $object = Get-AnsibleADObject @getParams if ($object) { if ($NestedGroupFlatten -and $object.ObjectClass -eq "group") { - $dns = Get-ADGroupMember $object -Recursive | Select-Object -ExpandProperty DistinguishedName + $dns = Get-ADGroupMember @getParams -Recursive $object | Select-Object -ExpandProperty DistinguishedName } else { $dns = $object | Select-Object -ExpandProperty DistinguishedName diff --git a/plugins/modules/group.yml b/plugins/modules/group.yml index 63c5cab..e8d7116 100644 --- a/plugins/modules/group.yml +++ b/plugins/modules/group.yml @@ -87,6 +87,7 @@ DOCUMENTATION: - Flattens nested groups. type: bool default: false + version_added: 1.7.0 sam_account_name: description: - The C(sAMAccountName) value to set for the group. diff --git a/tests/integration/targets/group/tasks/tests.yml b/tests/integration/targets/group/tasks/tests.yml index 6c69aca..0c835fe 100644 --- a/tests/integration/targets/group/tasks/tests.yml +++ b/tests/integration/targets/group/tasks/tests.yml @@ -373,7 +373,7 @@ - my_user_2 register: sub_group - - name: set members while flattening sub group + - name: set members with sub group flattening group: name: MyGroup flatten: true From e01ebe6617428559c23b9e9dfe1dde0a725c988d Mon Sep 17 00:00:00 2001 From: Yannik Sembritzki Date: Tue, 6 Aug 2024 00:10:28 +0200 Subject: [PATCH 10/11] Fix issue of @getParams splat containing Identity and setting Identity positional parameter --- plugins/module_utils/_ADObject.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/module_utils/_ADObject.psm1 b/plugins/module_utils/_ADObject.psm1 index e29fc8e..c0cce02 100644 --- a/plugins/module_utils/_ADObject.psm1 +++ b/plugins/module_utils/_ADObject.psm1 @@ -617,7 +617,7 @@ Function ConvertTo-AnsibleADDistinguishedName { $object = Get-AnsibleADObject @getParams if ($object) { if ($NestedGroupFlatten -and $object.ObjectClass -eq "group") { - $dns = Get-ADGroupMember @getParams -Recursive $object | Select-Object -ExpandProperty DistinguishedName + $dns = Get-ADGroupMember @getParams -Recursive | Select-Object -ExpandProperty DistinguishedName } else { $dns = $object | Select-Object -ExpandProperty DistinguishedName From 0f52c64a1f0ce5ac193bc2de02a8a7000959831d Mon Sep 17 00:00:00 2001 From: Yannik Sembritzki Date: Tue, 6 Aug 2024 00:56:43 +0200 Subject: [PATCH 11/11] ansible-lint fix --- plugins/modules/group.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/group.yml b/plugins/modules/group.yml index e8d7116..77c0f19 100644 --- a/plugins/modules/group.yml +++ b/plugins/modules/group.yml @@ -84,7 +84,7 @@ DOCUMENTATION: elements: raw flatten: description: - - Flattens nested groups. + - Flattens nested groups. type: bool default: false version_added: 1.7.0