mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-08-04 05:04:22 -07:00
Add runasusercategory and runasgroupcategory parameters for ipa_sudo_rule module (#30421)
* Add runasusercategory and runasgroupcategory parameters * Add "version_added" to docstring * Remove redundant "required=False" argument specifications
This commit is contained in:
parent
ee2a8ff324
commit
85091e7a8e
1 changed files with 40 additions and 13 deletions
|
@ -52,6 +52,16 @@ options:
|
||||||
- If an empty list is passed all host groups will be removed from the rule.
|
- If an empty list is passed all host groups will be removed from the rule.
|
||||||
- If option is omitted host groups will not be checked or changed.
|
- If option is omitted host groups will not be checked or changed.
|
||||||
- Option C(hostcategory) must be omitted to assign host groups.
|
- Option C(hostcategory) must be omitted to assign host groups.
|
||||||
|
runasusercategory:
|
||||||
|
description:
|
||||||
|
- RunAs User category the rule applies to.
|
||||||
|
choices: ['all']
|
||||||
|
version_added: "2.5"
|
||||||
|
runasgroupcategory:
|
||||||
|
description:
|
||||||
|
- RunAs Group category the rule applies to.
|
||||||
|
choices: ['all']
|
||||||
|
version_added: "2.5"
|
||||||
user:
|
user:
|
||||||
description:
|
description:
|
||||||
- List of users assigned to the rule.
|
- List of users assigned to the rule.
|
||||||
|
@ -190,7 +200,8 @@ class SudoRuleIPAClient(IPAClient):
|
||||||
return self.sudorule_remove_user(name=name, item={'group': item})
|
return self.sudorule_remove_user(name=name, item={'group': item})
|
||||||
|
|
||||||
|
|
||||||
def get_sudorule_dict(cmdcategory=None, description=None, hostcategory=None, ipaenabledflag=None, usercategory=None):
|
def get_sudorule_dict(cmdcategory=None, description=None, hostcategory=None, ipaenabledflag=None, usercategory=None,
|
||||||
|
runasgroupcategory=None, runasusercategory=None):
|
||||||
data = {}
|
data = {}
|
||||||
if cmdcategory is not None:
|
if cmdcategory is not None:
|
||||||
data['cmdcategory'] = cmdcategory
|
data['cmdcategory'] = cmdcategory
|
||||||
|
@ -202,6 +213,10 @@ def get_sudorule_dict(cmdcategory=None, description=None, hostcategory=None, ipa
|
||||||
data['ipaenabledflag'] = ipaenabledflag
|
data['ipaenabledflag'] = ipaenabledflag
|
||||||
if usercategory is not None:
|
if usercategory is not None:
|
||||||
data['usercategory'] = usercategory
|
data['usercategory'] = usercategory
|
||||||
|
if runasusercategory is not None:
|
||||||
|
data['ipasudorunasusercategory'] = runasusercategory
|
||||||
|
if runasgroupcategory is not None:
|
||||||
|
data['ipasudorunasgroupcategory'] = runasgroupcategory
|
||||||
return data
|
return data
|
||||||
|
|
||||||
|
|
||||||
|
@ -222,6 +237,8 @@ def ensure(module, client):
|
||||||
host = module.params['host']
|
host = module.params['host']
|
||||||
hostcategory = module.params['hostcategory']
|
hostcategory = module.params['hostcategory']
|
||||||
hostgroup = module.params['hostgroup']
|
hostgroup = module.params['hostgroup']
|
||||||
|
runasusercategory = module.params['runasusercategory']
|
||||||
|
runasgroupcategory = module.params['runasgroupcategory']
|
||||||
|
|
||||||
if state in ['present', 'enabled']:
|
if state in ['present', 'enabled']:
|
||||||
ipaenabledflag = 'TRUE'
|
ipaenabledflag = 'TRUE'
|
||||||
|
@ -237,7 +254,9 @@ def ensure(module, client):
|
||||||
description=module.params['description'],
|
description=module.params['description'],
|
||||||
hostcategory=hostcategory,
|
hostcategory=hostcategory,
|
||||||
ipaenabledflag=ipaenabledflag,
|
ipaenabledflag=ipaenabledflag,
|
||||||
usercategory=usercategory)
|
usercategory=usercategory,
|
||||||
|
runasusercategory=runasusercategory,
|
||||||
|
runasgroupcategory=runasgroupcategory)
|
||||||
ipa_sudorule = client.sudorule_find(name=name)
|
ipa_sudorule = client.sudorule_find(name=name)
|
||||||
|
|
||||||
changed = False
|
changed = False
|
||||||
|
@ -265,6 +284,12 @@ def ensure(module, client):
|
||||||
if not module.check_mode:
|
if not module.check_mode:
|
||||||
client.sudorule_add_allow_command(name=name, item=cmd)
|
client.sudorule_add_allow_command(name=name, item=cmd)
|
||||||
|
|
||||||
|
if runasusercategory is not None:
|
||||||
|
changed = category_changed(module, client, 'iparunasusercategory', ipa_sudorule) or changed
|
||||||
|
|
||||||
|
if runasgroupcategory is not None:
|
||||||
|
changed = category_changed(module, client, 'iparunasgroupcategory', ipa_sudorule) or changed
|
||||||
|
|
||||||
if host is not None:
|
if host is not None:
|
||||||
changed = category_changed(module, client, 'hostcategory', ipa_sudorule) or changed
|
changed = category_changed(module, client, 'hostcategory', ipa_sudorule) or changed
|
||||||
changed = client.modify_if_diff(name, ipa_sudorule.get('memberhost_host', []), host,
|
changed = client.modify_if_diff(name, ipa_sudorule.get('memberhost_host', []), host,
|
||||||
|
@ -314,18 +339,20 @@ def ensure(module, client):
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
argument_spec = ipa_argument_spec()
|
argument_spec = ipa_argument_spec()
|
||||||
argument_spec.update(cmd=dict(type='list', required=False),
|
argument_spec.update(cmd=dict(type='list'),
|
||||||
cmdcategory=dict(type='str', required=False, choices=['all']),
|
cmdcategory=dict(type='str', choices=['all']),
|
||||||
cn=dict(type='str', required=True, aliases=['name']),
|
cn=dict(type='str', required=True, aliases=['name']),
|
||||||
description=dict(type='str', required=False),
|
description=dict(type='str'),
|
||||||
host=dict(type='list', required=False),
|
host=dict(type='list'),
|
||||||
hostcategory=dict(type='str', required=False, choices=['all']),
|
hostcategory=dict(type='str', choices=['all']),
|
||||||
hostgroup=dict(type='list', required=False),
|
hostgroup=dict(type='list'),
|
||||||
sudoopt=dict(type='list', required=False),
|
runasusercategory=dict(type='str', choices=['all']),
|
||||||
state=dict(type='str', required=False, default='present', choices=['present', 'absent', 'enabled', 'disabled']),
|
runasgroupcategory=dict(type='str', choices=['all']),
|
||||||
user=dict(type='list', required=False),
|
sudoopt=dict(type='list'),
|
||||||
usercategory=dict(type='str', required=False, choices=['all']),
|
state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']),
|
||||||
usergroup=dict(type='list', required=False))
|
user=dict(type='list'),
|
||||||
|
usercategory=dict(type='str', choices=['all']),
|
||||||
|
usergroup=dict(type='list'))
|
||||||
|
|
||||||
module = AnsibleModule(argument_spec=argument_spec,
|
module = AnsibleModule(argument_spec=argument_spec,
|
||||||
mutually_exclusive=[['cmdcategory', 'cmd'],
|
mutually_exclusive=[['cmdcategory', 'cmd'],
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue