From 82f9fc9e77bfd20374f20354626481e98041172f Mon Sep 17 00:00:00 2001
From: Johanna Dorothea Reichmann <transcaffeine@finallycoffee.eu>
Date: Wed, 24 Aug 2022 12:03:27 +0200
Subject: [PATCH] feat(realm_sync): add plugin for triggering realm
 synchronizations

---
 .../module_utils/proxmox_datacenter_realm.py  |   5 +
 plugins/modules/realm_sync.py                 | 135 ++++++++++++++++++
 2 files changed, 140 insertions(+)
 create mode 100644 plugins/modules/realm_sync.py

diff --git a/plugins/module_utils/proxmox_datacenter_realm.py b/plugins/module_utils/proxmox_datacenter_realm.py
index 3bb19f0..2cad127 100644
--- a/plugins/module_utils/proxmox_datacenter_realm.py
+++ b/plugins/module_utils/proxmox_datacenter_realm.py
@@ -53,3 +53,8 @@ def set_realm_data(auth_info: ProxmoxAuthInfo, realm: str, config: dict[str, str
             new_realm_data = None
     return existing_realm_data, new_realm_data
 
+
+def do_realm_sync(auth_info: ProxmoxAuthInfo, realm: str, config: dict[str, str], dry_run: bool):
+    sync_config = config | {"dry-run": dry_run}
+    realm_sync = _proxmox_request('post', f"/access/domains/{realm}/sync", auth_info, data=sync_config)
+    return realm_sync.ok
diff --git a/plugins/modules/realm_sync.py b/plugins/modules/realm_sync.py
new file mode 100644
index 0000000..0530770
--- /dev/null
+++ b/plugins/modules/realm_sync.py
@@ -0,0 +1,135 @@
+#!/usr/bin/python
+# coding: utf-8
+
+# (c) 2022, Johanna Dorothea Reichmann <transcaffeine@finally.coffee>
+
+__metaclass__ = type
+
+import traceback
+
+from ansible.module_utils.basic import AnsibleModule
+
+from ansible_collections.finallycoffee.proxmox.plugins.module_utils.common import *
+from ansible_collections.finallycoffee.proxmox.plugins.module_utils.proxmox_datacenter_realm import *
+
+
+LIB_IMP_ERR = None
+try:
+    from ansible_collections.finallycoffee.proxmox.plugins.module_utils.proxmox_datacenter_realm import do_realm_sync
+    HAS_LIB = True
+except:
+    HAS_LIB = False
+    LIB_IMP_ERR = traceback.format_exc()
+
+
+DOCUMENTATION = r'''
+---
+module: realm_sync
+author:
+- Johanna Dorothea Reichmann (transcaffeine@finally.coffee)
+requirements:
+    - python >= 3.9
+short_description: Ensures a realm is synchronized
+description:
+    - "Allows synchronizing users, groups or both using the realm sync mechanism"
+options:
+    proxmox_instance:
+        description: Location of the proxmox API with scheme, domain name/ip and port, e.g. https://localhost:8006
+        type: str
+        required: true
+    proxmox_api_token_id:
+        description: The token ID containing username, realm and token name (format: user@realm!name)
+        type: str
+        required: true
+    proxmox_api_secret:
+        description: The secret
+        type: str
+        required: true
+    proxmox_api_verify_cert:
+        description: If the certificate presented for `proxmox_instance_url` should be verified
+        type: bool
+        required: false
+        default: true
+    name:
+        description: Realm to schedule synchronize job for
+        type: str
+        required: true
+    config:
+        description: >-
+          Configuration for the synchronization. See
+          https://pve.proxmox.com/pve-docs/api-viewer/index.html#/access/domains/{realm}/sync
+          for a list of parameters
+        type: dict[str, str]
+        required: true
+'''
+
+EXAMPLES = r'''
+- name: Sync only users on realm 'org_ldap', deleting users who can't be found amymore
+  finallycoffee.proxmox.realm_sync:
+    proxmox_instance: https://my.proxmox-node.local:8006
+    promox_api_token_id: root@pam!token
+    proxmox_api_secret: supersecuretokencontent
+    realms: org_ldap
+    config:
+      enable-new: true
+      remove-vanished: entry
+      scope: users
+
+- name: Sync groups and users and delete all ACLs on vanished groups and/or users
+  finallycoffee.proxmox.realm_sync:
+    proxmox_instance: https://my.proxmox-node.local:8006
+    promox_api_token_id: root@pam!token
+    proxmox_api_secret: supersecuretokencontent
+    realm: org_ldap
+    config:
+      enable-new: true
+      remove-vanished: acl;properties;entry
+      scope: both
+'''
+
+RETURN = r'''
+
+'''
+
+
+def main():
+    _ = dict
+    module = AnsibleModule(
+        argument_spec=_(
+            proxmox_instance=_(required=True, type='str'),
+            proxmox_api_token_id=_(required=True, type='str'),
+            proxmox_api_secret=_(type='str', required=True, no_log=True),
+            proxmox_api_verify_cert=_(type='bool', required=False, default=True),
+            name=_(required=True, type='str'),
+            config=_(required=True, type='dict')
+        ),
+        supports_check_mode=True
+    )
+
+    result = _(
+        changed=False,
+        diff={},
+        message=''
+    )
+
+    try:
+        do_realm_sync(ProxmoxAuthInfo(
+            module.params['proxmox_instance'],
+            module.params['proxmox_api_token_id'],
+            module.params['proxmox_api_secret'],
+            module.params['proxmox_api_verify_cert'],
+        ),
+        module.params['name'],
+        module.params['config'],
+        module.check_mode)
+    except IOError as owie:
+        result['msg'] = owie
+        module.exit_json(**result)
+
+    result['changed'] = True
+
+    module.exit_json(**result)
+
+
+if __name__ == '__main__':
+    main()