archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

shared argument spec for FreeIPA (#28950)

Browse Source 
Adds unified argument spec and documentation updates for FreeIPA modules.

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
pull/29103/head
Abhijeet Kasurde 7 years ago committed by René Moser
parent 67c7bd8745
commit 4a73390823
12 changed files with 197 additions and 537 deletions
Show Stats Download Patch File Download Diff File

11
lib/ansible/module_utils/ipa.py
Unescape Escape View File

@ -155,3 +155,14 @@ class IPAClient(object):
add_method(name=name, item=diff)
return changed
def ipa_argument_spec():
return dict(
ipa_prot=dict(type='str', default='https', choices=['http', 'https']),
ipa_host=dict(type='str', default='ipa.example.com'),
ipa_port=dict(type='int', default=443),
ipa_user=dict(type='str', default='admin'),
ipa_pass=dict(type='str', required=True, no_log=True),
validate_certs=dict(type='bool', default=True),
)

57
lib/ansible/modules/identity/ipa/ipa_dnsrecord.py
Unescape Escape View File

@ -46,33 +46,7 @@ options:
required: false
default: present
choices: ["present", "absent"]
ipa_port:
description: Port of IPA server
required: false
default: 443
ipa_host:
description: IP or hostname of IPA server
required: false
default: ipa.example.com
ipa_user:
description: Administrative account used on IPA server
required: false
default: admin
ipa_pass:
description: Password of administrative user
required: true
ipa_prot:
description: Protocol used by IPA server
required: false
default: https
choices: ["http", "https"]
validate_certs:
description:
- This only applies if C(ipa_prot) is I(https).
- If set to C(no), the SSL certificates will not be validated.
- This should only set to C(no) used on personally controlled sites using self-signed certificates.
required: false
default: true
extends_documentation_fragment: ipa.documentation
version_added: "2.4"
'''
@ -119,7 +93,7 @@ dnsrecord:
import traceback
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ipa import IPAClient
from ansible.module_utils.ipa import IPAClient, ipa_argument_spec
from ansible.module_utils._text import to_native
@ -206,22 +180,17 @@ def ensure(module, client):
def main():
record_types = ['A', 'AAAA', 'PTR']
module = AnsibleModule(
argument_spec=dict(
zone_name=dict(type='str', required=True),
record_name=dict(type='str', required=True, aliases=['name']),
record_type=dict(type='str', required=False, default='A', choices=record_types),
record_value=dict(type='str', required=True),
state=dict(type='str', required=False, default='present', choices=['present', 'absent']),
ipa_prot=dict(type='str', required=False, default='https', choices=['http', 'https']),
ipa_host=dict(type='str', required=False, default='ipa.example.com'),
ipa_port=dict(type='int', required=False, default=443),
ipa_user=dict(type='str', required=False, default='admin'),
ipa_pass=dict(type='str', required=True, no_log=True),
validate_certs=dict(type='bool', required=False, default=True),
),
supports_check_mode=True,
)
argument_spec = ipa_argument_spec()
argument_spec.update(zone_name=dict(type='str', required=True),
record_name=dict(type='str', aliases=['name'], required=True),
record_type=dict(type='str', default='A', choices=record_types),
record_value=dict(type='str', required=True),
state=dict(type='str', default='present', choices=['present', 'absent']),
)
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True
)
client = DNSRecordIPAClient(module=module,
host=module.params['ipa_host'],

66
lib/ansible/modules/identity/ipa/ipa_group.py
Unescape Escape View File

@ -27,11 +27,9 @@ options:
external:
description:
- Allow adding external non-IPA members from trusted domains.
required: false
gidnumber:
description:
- GID (use this option to set it manually).
required: false
group:
description:
- List of group names assigned to this group.
@ -41,7 +39,6 @@ options:
nonposix:
description:
- Create as a non-POSIX group.
required: false
user:
description:
- List of user names assigned to this group.
@ -51,36 +48,9 @@ options:
state:
description:
- State to ensure
required: false
default: "present"
choices: ["present", "absent"]
ipa_port:
description: Port of IPA server
required: false
default: 443
ipa_host:
description: IP or hostname of IPA server
required: false
default: "ipa.example.com"
ipa_user:
description: Administrative account used on IPA server
required: false
default: "admin"
ipa_pass:
description: Password of administrative user
required: true
ipa_prot:
description: Protocol used by IPA server
required: false
default: "https"
choices: ["http", "https"]
validate_certs:
description:
- This only applies if C(ipa_prot) is I(https).
- If set to C(no), the SSL certificates will not be validated.
- This should only set to C(no) used on personally controlled sites using self-signed certificates.
required: false
default: true
extends_documentation_fragment: ipa.documentation
version_added: "2.3"
'''
@ -133,7 +103,7 @@ group:
import traceback
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ipa import IPAClient
from ansible.module_utils.ipa import IPAClient, ipa_argument_spec
from ansible.module_utils._text import to_native
@ -247,25 +217,19 @@ def ensure(module, client):
def main():
module = AnsibleModule(
argument_spec=dict(
cn=dict(type='str', required=True, aliases=['name']),
description=dict(type='str', required=False),
external=dict(type='bool', required=False),
gidnumber=dict(type='str', required=False, aliases=['gid']),
group=dict(type='list', required=False),
nonposix=dict(type='bool', required=False),
state=dict(type='str', required=False, default='present', choices=['present', 'absent']),
user=dict(type='list', required=False),
ipa_prot=dict(type='str', required=False, default='https', choices=['http', 'https']),
ipa_host=dict(type='str', required=False, default='ipa.example.com'),
ipa_port=dict(type='int', required=False, default=443),
ipa_user=dict(type='str', required=False, default='admin'),
ipa_pass=dict(type='str', required=True, no_log=True),
validate_certs=dict(type='bool', required=False, default=True),
),
supports_check_mode=True,
)
argument_spec = ipa_argument_spec()
argument_spec.update(cn=dict(type='str', required=True, aliases=['name']),
description=dict(type='str'),
external=dict(type='bool'),
gidnumber=dict(type='str', aliases=['gid']),
group=dict(type='list'),
nonposix=dict(type='bool'),
state=dict(type='str', default='present', choices=['present', 'absent']),
user=dict(type='list'))
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True,
)
client = GroupIPAClient(module=module,
host=module.params['ipa_host'],

83
lib/ansible/modules/identity/ipa/ipa_hbacrule.py
Unescape Escape View File

@ -27,7 +27,6 @@ options:
aliases: ["name"]
description:
description: Description
required: false
host:
description:
- List of host names to assign.
@ -36,7 +35,6 @@ options:
required: false
hostcategory:
description: Host category
required: false
choices: ['all']
hostgroup:
description:
@ -50,7 +48,6 @@ options:
- If option is omitted services will not be checked or changed.
servicecategory:
description: Service category
required: false
choices: ['all']
servicegroup:
description:
@ -64,7 +61,6 @@ options:
- If option is omitted source hosts will not be checked or changed.
sourcehostcategory:
description: Source host category
required: false
choices: ['all']
sourcehostgroup:
description:
@ -73,7 +69,6 @@ options:
- If option is omitted source host groups will not be checked or changed.
state:
description: State to ensure
required: false
default: "present"
choices: ["present", "absent", "enabled", "disabled"]
user:
@ -83,40 +78,13 @@ options:
- If option is omitted users will not be checked or changed.
usercategory:
description: User category
required: false
choices: ['all']
usergroup:
description:
- List of user group names to assign.
- If an empty list if passed all assigned user groups will be removed from the rule.
- If option is omitted user groups will not be checked or changed.
ipa_port:
description: Port of IPA server
required: false
default: 443
ipa_host:
description: IP or hostname of IPA server
required: false
default: "ipa.example.com"
ipa_user:
description: Administrative account used on IPA server
required: false
default: "admin"
ipa_pass:
description: Password of administrative user
required: true
ipa_prot:
description: Protocol used by IPA server
required: false
default: "https"
choices: ["http", "https"]
validate_certs:
description:
- This only applies if C(ipa_prot) is I(https).
- If set to C(no), the SSL certificates will not be validated.
- This should only set to C(no) used on personally controlled sites using self-signed certificates.
required: false
default: true
extends_documentation_fragment: ipa.documentation
version_added: "2.3"
'''
@ -165,7 +133,7 @@ hbacrule:
import traceback
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ipa import IPAClient
from ansible.module_utils.ipa import IPAClient, ipa_argument_spec
from ansible.module_utils._text import to_native
@ -329,33 +297,26 @@ def ensure(module, client):
def main():
module = AnsibleModule(
argument_spec=dict(
cn=dict(type='str', required=True, aliases=['name']),
description=dict(type='str', required=False),
host=dict(type='list', required=False),
hostcategory=dict(type='str', required=False, choices=['all']),
hostgroup=dict(type='list', required=False),
service=dict(type='list', required=False),
servicecategory=dict(type='str', required=False, choices=['all']),
servicegroup=dict(type='list', required=False),
sourcehost=dict(type='list', required=False),
sourcehostcategory=dict(type='str', required=False, choices=['all']),
sourcehostgroup=dict(type='list', required=False),
state=dict(type='str', required=False, default='present',
choices=['present', 'absent', 'enabled', 'disabled']),
user=dict(type='list', required=False),
usercategory=dict(type='str', required=False, choices=['all']),
usergroup=dict(type='list', required=False),
ipa_prot=dict(type='str', required=False, default='https', choices=['http', 'https']),
ipa_host=dict(type='str', required=False, default='ipa.example.com'),
ipa_port=dict(type='int', required=False, default=443),
ipa_user=dict(type='str', required=False, default='admin'),
ipa_pass=dict(type='str', required=True, no_log=True),
validate_certs=dict(type='bool', required=False, default=True),
),
supports_check_mode=True,
)
argument_spec = ipa_argument_spec()
argument_spec.update(cn=dict(type='str', required=True, aliases=['name']),
description=dict(type='str'),
host=dict(type='list'),
hostcategory=dict(type='str', choices=['all']),
hostgroup=dict(type='list'),
service=dict(type='list'),
servicecategory=dict(type='str', choices=['all']),
servicegroup=dict(type='list'),
sourcehost=dict(type='list'),
sourcehostcategory=dict(type='str', choices=['all']),
sourcehostgroup=dict(type='list'),
state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']),
user=dict(type='list'),
usercategory=dict(type='str', choices=['all']),
usergroup=dict(type='list'))
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True
)
client = HBACRuleIPAClient(module=module,
host=module.params['ipa_host'],

74
lib/ansible/modules/identity/ipa/ipa_host.py
Unescape Escape View File

@ -28,7 +28,6 @@ options:
description:
description:
- A description of this host.
required: false
force:
description:
- Force host name even if not in DNS.
@ -36,29 +35,24 @@ options:
ip_address:
description:
- Add the host to DNS with this IP address.
required: false
mac_address:
description:
- List of Hardware MAC address(es) off this host.
- If option is omitted MAC addresses will not be checked or changed.
- If an empty list is passed all assigned MAC addresses will be removed.
- MAC addresses that are already assigned but not passed will be removed.
required: false
aliases: ["macaddress"]
ns_host_location:
description:
- Host location (e.g. "Lab 2")
required: false
aliases: ["nshostlocation"]
ns_hardware_platform:
description:
- Host hardware platform (e.g. "Lenovo T61")
required: false
aliases: ["nshardwareplatform"]
ns_os_version:
description:
- Host operating system and version (e.g. "Fedora 9")
required: false
aliases: ["nsosversion"]
user_certificate:
description:
@ -66,40 +60,12 @@ options:
- If option is omitted certificates will not be checked or changed.
- If an empty list is passed all assigned certificates will be removed.
- Certificates already assigned but not passed will be removed.
required: false
aliases: ["usercertificate"]
state:
description: State to ensure
required: false
default: present
choices: ["present", "absent", "disabled"]
ipa_port:
description: Port of IPA server
required: false
default: 443
ipa_host:
description: IP or hostname of IPA server
required: false
default: ipa.example.com
ipa_user:
description: Administrative account used on IPA server
required: false
default: admin
ipa_pass:
description: Password of administrative user
required: true
ipa_prot:
description: Protocol used by IPA server
required: false
default: https
choices: ["http", "https"]
validate_certs:
description:
- This only applies if C(ipa_prot) is I(https).
- If set to C(no), the SSL certificates will not be validated.
- This should only set to C(no) used on personally controlled sites using self-signed certificates.
required: false
default: true
extends_documentation_fragment: ipa.documentation
version_added: "2.3"
'''
@ -159,7 +125,7 @@ host_diff:
import traceback
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ipa import IPAClient
from ansible.module_utils.ipa import IPAClient, ipa_argument_spec
from ansible.module_utils._text import to_native
@ -252,28 +218,20 @@ def ensure(module, client):
def main():
module = AnsibleModule(
argument_spec=dict(
description=dict(type='str', required=False),
fqdn=dict(type='str', required=True, aliases=['name']),
force=dict(type='bool', required=False),
ip_address=dict(type='str', required=False),
ns_host_location=dict(type='str', required=False, aliases=['nshostlocation']),
ns_hardware_platform=dict(type='str', required=False, aliases=['nshardwareplatform']),
ns_os_version=dict(type='str', required=False, aliases=['nsosversion']),
user_certificate=dict(type='list', required=False, aliases=['usercertificate']),
mac_address=dict(type='list', required=False, aliases=['macaddress']),
state=dict(type='str', required=False, default='present',
choices=['present', 'absent', 'enabled', 'disabled']),
ipa_prot=dict(type='str', required=False, default='https', choices=['http', 'https']),
ipa_host=dict(type='str', required=False, default='ipa.example.com'),
ipa_port=dict(type='int', required=False, default=443),
ipa_user=dict(type='str', required=False, default='admin'),
ipa_pass=dict(type='str', required=True, no_log=True),
validate_certs=dict(type='bool', required=False, default=True),
),
supports_check_mode=True,
)
argument_spec = ipa_argument_spec()
argument_spec.update(description=dict(type='str'),
fqdn=dict(type='str', required=True, aliases=['name']),
force=dict(type='bool'),
ip_address=dict(type='str'),
ns_host_location=dict(type='str', aliases=['nshostlocation']),
ns_hardware_platform=dict(type='str', aliases=['nshardwareplatform']),
ns_os_version=dict(type='str', aliases=['nsosversion']),
user_certificate=dict(type='list', aliases=['usercertificate']),
mac_address=dict(type='list', aliases=['macaddress']),
state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']))
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True)
client = HostIPAClient(module=module,
host=module.params['ipa_host'],

60
lib/ansible/modules/identity/ipa/ipa_hostgroup.py
Unescape Escape View File

@ -28,54 +28,24 @@ options:
description:
description:
- Description
required: false
host:
description:
- List of hosts that belong to the host-group.
- If an empty list is passed all hosts will be removed from the group.
- If option is omitted hosts will not be checked or changed.
- If option is passed all assigned hosts that are not passed will be unassigned from the group.
required: false
hostgroup:
description:
- List of host-groups than belong to that host-group.
- If an empty list is passed all host-groups will be removed from the group.
- If option is omitted host-groups will not be checked or changed.
- If option is passed all assigned hostgroups that are not passed will be unassigned from the group.
required: false
state:
description:
- State to ensure.
required: false
default: "present"
choices: ["present", "absent"]
ipa_port:
description: Port of IPA server
required: false
default: 443
ipa_host:
description: IP or hostname of IPA server
required: false
default: "ipa.example.com"
ipa_user:
description: Administrative account used on IPA server
required: false
default: "admin"
ipa_pass:
description: Password of administrative user
required: true
ipa_prot:
description: Protocol used by IPA server
required: false
default: "https"
choices: ["http", "https"]
validate_certs:
description:
- This only applies if C(ipa_prot) is I(https).
- If set to C(no), the SSL certificates will not be validated.
- This should only set to C(no) used on personally controlled sites using self-signed certificates.
required: false
default: true
extends_documentation_fragment: ipa.documentation
version_added: "2.3"
'''
@ -112,7 +82,7 @@ hostgroup:
import traceback
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ipa import IPAClient
from ansible.module_utils.ipa import IPAClient, ipa_argument_spec
from ansible.module_utils._text import to_native
@ -207,23 +177,15 @@ def ensure(module, client):
def main():
module = AnsibleModule(
argument_spec=dict(
cn=dict(type='str', required=True, aliases=['name']),
description=dict(type='str', required=False),
host=dict(type='list', required=False),
hostgroup=dict(type='list', required=False),
state=dict(type='str', required=False, default='present',
choices=['present', 'absent', 'enabled', 'disabled']),
ipa_prot=dict(type='str', required=False, default='https', choices=['http', 'https']),
ipa_host=dict(type='str', required=False, default='ipa.example.com'),
ipa_port=dict(type='int', required=False, default=443),
ipa_user=dict(type='str', required=False, default='admin'),
ipa_pass=dict(type='str', required=True, no_log=True),
validate_certs=dict(type='bool', required=False, default=True),
),
supports_check_mode=True,
)
argument_spec = ipa_argument_spec()
argument_spec.update(cn=dict(type='str', required=True, aliases=['name']),
description=dict(type='str'),
host=dict(type='list'),
hostgroup=dict(type='list'),
state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']))
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True)
client = HostGroupIPAClient(module=module,
host=module.params['ipa_host'],

70
lib/ansible/modules/identity/ipa/ipa_role.py
Unescape Escape View File

@ -28,7 +28,6 @@ options:
description:
description:
- A description of this role-group.
required: false
group:
description:
- List of group names assign to this role.
@ -41,21 +40,18 @@ options:
- If an empty list is passed all assigned hosts will be unassigned from the role.
- If option is omitted hosts will not be checked or changed.
- If option is passed all assigned hosts that are not passed will be unassigned from the role.
required: false
hostgroup:
description:
- List of host group names to assign.
- If an empty list is passed all assigned host groups will be removed from the role.
- If option is omitted host groups will not be checked or changed.
- If option is passed all assigned hostgroups that are not passed will be unassigned from the role.
required: false
privilege:
description:
- List of privileges granted to the role.
- If an empty list is passed all assigned privileges will be removed.
- If option is omitted privileges will not be checked or changed.
- If option is passed all assigned privileges that are not passed will be removed.
required: false
default: None
version_added: "2.4"
service:
@ -64,10 +60,8 @@ options:
- If an empty list is passed all assigned services will be removed from the role.
- If option is omitted services will not be checked or changed.
- If option is passed all assigned services that are not passed will be removed from the role.
required: false
state:
description: State to ensure
required: false
default: "present"
choices: ["present", "absent"]
user:
@ -75,34 +69,7 @@ options:
- List of user names to assign.
- If an empty list is passed all assigned users will be removed from the role.
- If option is omitted users will not be checked or changed.
required: false
ipa_port:
description: Port of IPA server
required: false
default: 443
ipa_host:
description: IP or hostname of IPA server
required: false
default: "ipa.example.com"
ipa_user:
description: Administrative account used on IPA server
required: false
default: "admin"
ipa_pass:
description: Password of administrative user
required: true
ipa_prot:
description: Protocol used by IPA server
required: false
default: "https"
choices: ["http", "https"]
validate_certs:
description:
- This only applies if C(ipa_prot) is I(https).
- If set to C(no), the SSL certificates will not be validated.
- This should only set to C(no) used on personally controlled sites using self-signed certificates.
required: false
default: true
extends_documentation_fragment: ipa.documentation
version_added: "2.3"
'''
@ -154,7 +121,7 @@ role:
import traceback
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ipa import IPAClient
from ansible.module_utils.ipa import IPAClient, ipa_argument_spec
from ansible.module_utils._text import to_native
@ -294,26 +261,19 @@ def ensure(module, client):
def main():
module = AnsibleModule(
argument_spec=dict(
cn=dict(type='str', required=True, aliases=['name']),
description=dict(type='str', required=False),
group=dict(type='list', required=False),
host=dict(type='list', required=False),
hostgroup=dict(type='list', required=False),
privilege=dict(type='list', required=False),
service=dict(type='list', required=False),
state=dict(type='str', required=False, default='present', choices=['present', 'absent']),
user=dict(type='list', required=False),
ipa_prot=dict(type='str', required=False, default='https', choices=['http', 'https']),
ipa_host=dict(type='str', required=False, default='ipa.example.com'),
ipa_port=dict(type='int', required=False, default=443),
ipa_user=dict(type='str', required=False, default='admin'),
ipa_pass=dict(type='str', required=True, no_log=True),
validate_certs=dict(type='bool', required=False, default=True),
),
supports_check_mode=True,
)
argument_spec = ipa_argument_spec()
argument_spec.update(cn=dict(type='str', required=True, aliases=['name']),
description=dict(type='str'),
group=dict(type='list'),
host=dict(type='list'),
hostgroup=dict(type='list'),
privilege=dict(type='list'),
service=dict(type='list'),
state=dict(type='str', default='present', choices=['present', 'absent']),
user=dict(type='list'))
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True)
client = RoleIPAClient(module=module,
host=module.params['ipa_host'],

54
lib/ansible/modules/identity/ipa/ipa_sudocmd.py
Unescape Escape View File

@ -27,39 +27,11 @@ options:
description:
description:
- A description of this command.
required: false
state:
description: State to ensure
required: false
default: present
choices: ['present', 'absent']
ipa_port:
description: Port of IPA server
required: false
default: 443
ipa_host:
description: IP or hostname of IPA server
required: false
default: "ipa.example.com"
ipa_user:
description: Administrative account used on IPA server
required: false
default: "admin"
ipa_pass:
description: Password of administrative user
required: true
ipa_prot:
description: Protocol used by IPA server
required: false
default: "https"
choices: ["http", "https"]
validate_certs:
description:
- This only applies if C(ipa_prot) is I(https).
- If set to C(no), the SSL certificates will not be validated.
- This should only set to C(no) used on personally controlled sites using self-signed certificates.
required: false
default: true
extends_documentation_fragment: ipa.documentation
version_added: "2.3"
'''
@ -91,7 +63,7 @@ sudocmd:
import traceback
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ipa import IPAClient
from ansible.module_utils.ipa import IPAClient, ipa_argument_spec
from ansible.module_utils._text import to_native
@ -155,21 +127,13 @@ def ensure(module, client):
def main():
module = AnsibleModule(
argument_spec=dict(
description=dict(type='str', required=False),
state=dict(type='str', required=False, default='present',
choices=['present', 'absent', 'enabled', 'disabled']),
sudocmd=dict(type='str', required=True, aliases=['name']),
ipa_prot=dict(type='str', required=False, default='https', choices=['http', 'https']),
ipa_host=dict(type='str', required=False, default='ipa.example.com'),
ipa_port=dict(type='int', required=False, default=443),
ipa_user=dict(type='str', required=False, default='admin'),
ipa_pass=dict(type='str', required=True, no_log=True),
validate_certs=dict(type='bool', required=False, default=True),
),
supports_check_mode=True,
)
argument_spec = ipa_argument_spec()
argument_spec.update(description=dict(type='str'),
state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']),
sudocmd=dict(type='str', required=True, aliases=['name']))
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True)
client = SudoCmdIPAClient(module=module,
host=module.params['ipa_host'],

56
lib/ansible/modules/identity/ipa/ipa_sudocmdgroup.py
Unescape Escape View File

@ -29,7 +29,6 @@ options:
- Group description.
state:
description: State to ensure
required: false
default: present
choices: ['present', 'absent']
sudocmd:
@ -37,34 +36,7 @@ options:
- List of sudo commands to assign to the group.
- If an empty list is passed all assigned commands will be removed from the group.
- If option is omitted sudo commands will not be checked or changed.
required: false
ipa_port:
description: Port of IPA server
required: false
default: 443
ipa_host:
description: IP or hostname of IPA server
required: false
default: "ipa.example.com"
ipa_user:
description: Administrative account used on IPA server
required: false
default: "admin"
ipa_pass:
description: Password of administrative user
required: true
ipa_prot:
description: Protocol used by IPA server
required: false
default: "https"
choices: ["http", "https"]
validate_certs:
description:
- This only applies if C(ipa_prot) is I(https).
- If set to C(no), the SSL certificates will not be validated.
- This should only set to C(no) used on personally controlled sites using self-signed certificates.
required: false
default: true
extends_documentation_fragment: ipa.documentation
version_added: "2.3"
'''
@ -98,7 +70,7 @@ sudocmdgroup:
import traceback
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ipa import IPAClient
from ansible.module_utils.ipa import IPAClient, ipa_argument_spec
from ansible.module_utils._text import to_native
@ -180,22 +152,14 @@ def ensure(module, client):
def main():
module = AnsibleModule(
argument_spec=dict(
cn=dict(type='str', required=True, aliases=['name']),
description=dict(type='str', required=False),
state=dict(type='str', required=False, default='present',
choices=['present', 'absent', 'enabled', 'disabled']),
sudocmd=dict(type='list', required=False),
ipa_prot=dict(type='str', required=False, default='https', choices=['http', 'https']),
ipa_host=dict(type='str', required=False, default='ipa.example.com'),
ipa_port=dict(type='int', required=False, default=443),
ipa_user=dict(type='str', required=False, default='admin'),
ipa_pass=dict(type='str', required=True, no_log=True),
validate_certs=dict(type='bool', required=False, default=True),
),
supports_check_mode=True,
)
argument_spec = ipa_argument_spec()
argument_spec.update(cn=dict(type='str', required=True, aliases=['name']),
description=dict(type='str'),
state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']),
sudocmd=dict(type='list'))
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True)
client = SudoCmdGroupIPAClient(module=module,
host=module.params['ipa_host'],

89
lib/ansible/modules/identity/ipa/ipa_sudorule.py
Unescape Escape View File

@ -29,83 +29,48 @@ options:
description:
- Command category the rule applies to.
choices: ['all']
required: false
cmd:
description:
- List of commands assigned to the rule.
- If an empty list is passed all commands will be removed from the rule.
- If option is omitted commands will not be checked or changed.
required: false
host:
description:
- List of hosts assigned to the rule.
- If an empty list is passed all hosts will be removed from the rule.
- If option is omitted hosts will not be checked or changed.
- Option C(hostcategory) must be omitted to assign hosts.
required: false
hostcategory:
description:
- Host category the rule applies to.
- If 'all' is passed one must omit C(host) and C(hostgroup).
- Option C(host) and C(hostgroup) must be omitted to assign 'all'.
choices: ['all']
required: false
hostgroup:
description:
- List of host groups assigned to the rule.
- If an empty list is passed all host groups will be removed from the rule.
- If option is omitted host groups will not be checked or changed.
- Option C(hostcategory) must be omitted to assign host groups.
required: false
user:
description:
- List of users assigned to the rule.
- If an empty list is passed all users will be removed from the rule.
- If option is omitted users will not be checked or changed.
required: false
usercategory:
description:
- User category the rule applies to.
choices: ['all']
required: false
usergroup:
description:
- List of user groups assigned to the rule.
- If an empty list is passed all user groups will be removed from the rule.
- If option is omitted user groups will not be checked or changed.
required: false
state:
description: State to ensure
required: false
default: present
choices: ['present', 'absent', 'enabled', 'disabled']
ipa_port:
description: Port of IPA server
required: false
default: 443
ipa_host:
description: IP or hostname of IPA server
required: false
default: "ipa.example.com"
ipa_user:
description: Administrative account used on IPA server
required: false
default: "admin"
ipa_pass:
description: Password of administrative user
required: true
ipa_prot:
description: Protocol used by IPA server
required: false
default: "https"
choices: ["http", "https"]
validate_certs:
description:
- This only applies if C(ipa_prot) is I(https).
- If set to C(no), the SSL certificates will not be validated.
- This should only set to C(no) used on personally controlled sites using self-signed certificates.
required: false
default: true
extends_documentation_fragment: ipa.documentation
version_added: "2.3"
'''
@ -150,7 +115,7 @@ sudorule:
import traceback
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ipa import IPAClient
from ansible.module_utils.ipa import IPAClient, ipa_argument_spec
from ansible.module_utils._text import to_native
@ -335,35 +300,27 @@ def ensure(module, client):
def main():
module = AnsibleModule(
argument_spec=dict(
cmd=dict(type='list', required=False),
cmdcategory=dict(type='str', required=False, choices=['all']),
cn=dict(type='str', required=True, aliases=['name']),
description=dict(type='str', required=False),
host=dict(type='list', required=False),
hostcategory=dict(type='str', required=False, choices=['all']),
hostgroup=dict(type='list', required=False),
sudoopt=dict(type='list', required=False),
state=dict(type='str', required=False, default='present',
choices=['present', 'absent', 'enabled', 'disabled']),
user=dict(type='list', required=False),
usercategory=dict(type='str', required=False, choices=['all']),
usergroup=dict(type='list', required=False),
ipa_prot=dict(type='str', required=False, default='https', choices=['http', 'https']),
ipa_host=dict(type='str', required=False, default='ipa.example.com'),
ipa_port=dict(type='int', required=False, default=443),
ipa_user=dict(type='str', required=False, default='admin'),
ipa_pass=dict(type='str', required=True, no_log=True),
validate_certs=dict(type='bool', required=False, default=True),
),
mutually_exclusive=[['cmdcategory', 'cmd'],
['hostcategory', 'host'],
['hostcategory', 'hostgroup'],
['usercategory', 'user'],
['usercategory', 'usergroup']],
supports_check_mode=True,
)
argument_spec = ipa_argument_spec()
argument_spec.update(cmd=dict(type='list', required=False),
cmdcategory=dict(type='str', required=False, choices=['all']),
cn=dict(type='str', required=True, aliases=['name']),
description=dict(type='str', required=False),
host=dict(type='list', required=False),
hostcategory=dict(type='str', required=False, choices=['all']),
hostgroup=dict(type='list', required=False),
sudoopt=dict(type='list', required=False),
state=dict(type='str', required=False, default='present', choices=['present', 'absent', 'enabled', 'disabled']),
user=dict(type='list', required=False),
usercategory=dict(type='str', required=False, choices=['all']),
usergroup=dict(type='list', required=False))
module = AnsibleModule(argument_spec=argument_spec,
mutually_exclusive=[['cmdcategory', 'cmd'],
['hostcategory', 'host'],
['hostcategory', 'hostgroup'],
['usercategory', 'user'],
['usercategory', 'usergroup']],
supports_check_mode=True)
client = SudoRuleIPAClient(module=module,
host=module.params['ipa_host'],

81
lib/ansible/modules/identity/ipa/ipa_user.py
Unescape Escape View File

@ -21,35 +21,27 @@ description:
options:
displayname:
description: Display name
required: false
givenname:
description: First name
required: false
loginshell:
description: Login shell
required: false
mail:
description:
- List of mail addresses assigned to the user.
- If an empty list is passed all assigned email addresses will be deleted.
- If None is passed email addresses will not be checked or changed.
required: false
password:
description:
- Password
required: false
- Password for new user
sn:
description: Surname
required: false
sshpubkey:
description:
- List of public SSH key.
- If an empty list is passed all assigned public keys will be deleted.
- If None is passed SSH public keys will not be checked or changed.
required: false
state:
description: State to ensure
required: false
default: "present"
choices: ["present", "absent", "enabled", "disabled"]
telephonenumber:
@ -57,41 +49,13 @@ options:
- List of telephone numbers assigned to the user.
- If an empty list is passed all assigned telephone numbers will be deleted.
- If None is passed telephone numbers will not be checked or changed.
required: false
title:
description: Title
required: false
uid:
description: uid of the user
required: true
aliases: ["name"]
ipa_port:
description: Port of IPA server
required: false
default: 443
ipa_host:
description: IP or hostname of IPA server
required: false
default: "ipa.example.com"
ipa_user:
description: Administrative account used on IPA server
required: false
default: "admin"
ipa_pass:
description: Password of administrative user
required: true
ipa_prot:
description: Protocol used by IPA server
required: false
default: "https"
choices: ["http", "https"]
validate_certs:
description:
- This only applies if C(ipa_prot) is I(https).
- If set to C(no), the SSL certificates will not be validated.
- This should only set to C(no) used on personally controlled sites using self-signed certificates.
required: false
default: true
extends_documentation_fragment: ipa.documentation
version_added: "2.3"
requirements:
- base64
@ -137,7 +101,7 @@ import hashlib
import traceback
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ipa import IPAClient
from ansible.module_utils.ipa import IPAClient, ipa_argument_spec
from ansible.module_utils._text import to_native
@ -279,29 +243,22 @@ def ensure(module, client):
def main():
module = AnsibleModule(
argument_spec=dict(
displayname=dict(type='str', required=False),
givenname=dict(type='str', required=False),
loginshell=dict(type='str', required=False),
mail=dict(type='list', required=False),
sn=dict(type='str', required=False),
uid=dict(type='str', required=True, aliases=['name']),
password=dict(type='str', required=False, no_log=True),
sshpubkey=dict(type='list', required=False),
state=dict(type='str', required=False, default='present',
choices=['present', 'absent', 'enabled', 'disabled']),
telephonenumber=dict(type='list', required=False),
title=dict(type='str', required=False),
ipa_prot=dict(type='str', required=False, default='https', choices=['http', 'https']),
ipa_host=dict(type='str', required=False, default='ipa.example.com'),
ipa_port=dict(type='int', required=False, default=443),
ipa_user=dict(type='str', required=False, default='admin'),
ipa_pass=dict(type='str', required=True, no_log=True),
validate_certs=dict(type='bool', required=False, default=True),
),
supports_check_mode=True,
)
argument_spec = ipa_argument_spec()
argument_spec.update(displayname=dict(type='str'),
givenname=dict(type='str'),
loginshell=dict(type='str'),
mail=dict(type='list'),
sn=dict(type='str'),
uid=dict(type='str', required=True, aliases=['name']),
password=dict(type='str', no_log=True),
sshpubkey=dict(type='list'),
state=dict(type='str', default='present',
choices=['present', 'absent', 'enabled', 'disabled']),
telephonenumber=dict(type='list'),
title=dict(type='str'))
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True)
client = UserIPAClient(module=module,
host=module.params['ipa_host'],

33
lib/ansible/utils/module_docs_fragments/ipa.py
Unescape Escape View File

@ -0,0 +1,33 @@
# Copyright (c) 2017, Ansible Project
# Copyright (c) 2017, Abhijeet Kasurde (akasurde@redhat.com)
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
class ModuleDocFragment(object):
# Parameters for FreeIPA/IPA modules
DOCUMENTATION = '''
options:
ipa_port:
description: Port of IPA server
default: 443
ipa_host:
description: IP or hostname of IPA server
default: ipa.example.com
ipa_user:
description: Administrative account used on IPA server
default: admin
ipa_pass:
description: Password of administrative user
required: true
ipa_prot:
description: Protocol used by IPA server
default: https
choices: ["http", "https"]
validate_certs:
description:
- This only applies if C(ipa_prot) is I(https).
- If set to C(no), the SSL certificates will not be validated.
- This should only set to C(no) used on personally controlled sites using self-signed certificates.
default: true
'''
Write Preview
Loading…
Cancel
Save