|
|
|
@ -27,7 +27,6 @@ options:
|
|
|
|
|
aliases: ["name"]
|
|
|
|
|
description:
|
|
|
|
|
description: Description
|
|
|
|
|
required: false
|
|
|
|
|
host:
|
|
|
|
|
description:
|
|
|
|
|
- List of host names to assign.
|
|
|
|
@ -36,7 +35,6 @@ options:
|
|
|
|
|
required: false
|
|
|
|
|
hostcategory:
|
|
|
|
|
description: Host category
|
|
|
|
|
required: false
|
|
|
|
|
choices: ['all']
|
|
|
|
|
hostgroup:
|
|
|
|
|
description:
|
|
|
|
@ -50,7 +48,6 @@ options:
|
|
|
|
|
- If option is omitted services will not be checked or changed.
|
|
|
|
|
servicecategory:
|
|
|
|
|
description: Service category
|
|
|
|
|
required: false
|
|
|
|
|
choices: ['all']
|
|
|
|
|
servicegroup:
|
|
|
|
|
description:
|
|
|
|
@ -64,7 +61,6 @@ options:
|
|
|
|
|
- If option is omitted source hosts will not be checked or changed.
|
|
|
|
|
sourcehostcategory:
|
|
|
|
|
description: Source host category
|
|
|
|
|
required: false
|
|
|
|
|
choices: ['all']
|
|
|
|
|
sourcehostgroup:
|
|
|
|
|
description:
|
|
|
|
@ -73,7 +69,6 @@ options:
|
|
|
|
|
- If option is omitted source host groups will not be checked or changed.
|
|
|
|
|
state:
|
|
|
|
|
description: State to ensure
|
|
|
|
|
required: false
|
|
|
|
|
default: "present"
|
|
|
|
|
choices: ["present", "absent", "enabled", "disabled"]
|
|
|
|
|
user:
|
|
|
|
@ -83,40 +78,13 @@ options:
|
|
|
|
|
- If option is omitted users will not be checked or changed.
|
|
|
|
|
usercategory:
|
|
|
|
|
description: User category
|
|
|
|
|
required: false
|
|
|
|
|
choices: ['all']
|
|
|
|
|
usergroup:
|
|
|
|
|
description:
|
|
|
|
|
- List of user group names to assign.
|
|
|
|
|
- If an empty list if passed all assigned user groups will be removed from the rule.
|
|
|
|
|
- If option is omitted user groups will not be checked or changed.
|
|
|
|
|
ipa_port:
|
|
|
|
|
description: Port of IPA server
|
|
|
|
|
required: false
|
|
|
|
|
default: 443
|
|
|
|
|
ipa_host:
|
|
|
|
|
description: IP or hostname of IPA server
|
|
|
|
|
required: false
|
|
|
|
|
default: "ipa.example.com"
|
|
|
|
|
ipa_user:
|
|
|
|
|
description: Administrative account used on IPA server
|
|
|
|
|
required: false
|
|
|
|
|
default: "admin"
|
|
|
|
|
ipa_pass:
|
|
|
|
|
description: Password of administrative user
|
|
|
|
|
required: true
|
|
|
|
|
ipa_prot:
|
|
|
|
|
description: Protocol used by IPA server
|
|
|
|
|
required: false
|
|
|
|
|
default: "https"
|
|
|
|
|
choices: ["http", "https"]
|
|
|
|
|
validate_certs:
|
|
|
|
|
description:
|
|
|
|
|
- This only applies if C(ipa_prot) is I(https).
|
|
|
|
|
- If set to C(no), the SSL certificates will not be validated.
|
|
|
|
|
- This should only set to C(no) used on personally controlled sites using self-signed certificates.
|
|
|
|
|
required: false
|
|
|
|
|
default: true
|
|
|
|
|
extends_documentation_fragment: ipa.documentation
|
|
|
|
|
version_added: "2.3"
|
|
|
|
|
'''
|
|
|
|
|
|
|
|
|
@ -165,7 +133,7 @@ hbacrule:
|
|
|
|
|
import traceback
|
|
|
|
|
|
|
|
|
|
from ansible.module_utils.basic import AnsibleModule
|
|
|
|
|
from ansible.module_utils.ipa import IPAClient
|
|
|
|
|
from ansible.module_utils.ipa import IPAClient, ipa_argument_spec
|
|
|
|
|
from ansible.module_utils._text import to_native
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -329,32 +297,25 @@ def ensure(module, client):
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def main():
|
|
|
|
|
module = AnsibleModule(
|
|
|
|
|
argument_spec=dict(
|
|
|
|
|
cn=dict(type='str', required=True, aliases=['name']),
|
|
|
|
|
description=dict(type='str', required=False),
|
|
|
|
|
host=dict(type='list', required=False),
|
|
|
|
|
hostcategory=dict(type='str', required=False, choices=['all']),
|
|
|
|
|
hostgroup=dict(type='list', required=False),
|
|
|
|
|
service=dict(type='list', required=False),
|
|
|
|
|
servicecategory=dict(type='str', required=False, choices=['all']),
|
|
|
|
|
servicegroup=dict(type='list', required=False),
|
|
|
|
|
sourcehost=dict(type='list', required=False),
|
|
|
|
|
sourcehostcategory=dict(type='str', required=False, choices=['all']),
|
|
|
|
|
sourcehostgroup=dict(type='list', required=False),
|
|
|
|
|
state=dict(type='str', required=False, default='present',
|
|
|
|
|
choices=['present', 'absent', 'enabled', 'disabled']),
|
|
|
|
|
user=dict(type='list', required=False),
|
|
|
|
|
usercategory=dict(type='str', required=False, choices=['all']),
|
|
|
|
|
usergroup=dict(type='list', required=False),
|
|
|
|
|
ipa_prot=dict(type='str', required=False, default='https', choices=['http', 'https']),
|
|
|
|
|
ipa_host=dict(type='str', required=False, default='ipa.example.com'),
|
|
|
|
|
ipa_port=dict(type='int', required=False, default=443),
|
|
|
|
|
ipa_user=dict(type='str', required=False, default='admin'),
|
|
|
|
|
ipa_pass=dict(type='str', required=True, no_log=True),
|
|
|
|
|
validate_certs=dict(type='bool', required=False, default=True),
|
|
|
|
|
),
|
|
|
|
|
supports_check_mode=True,
|
|
|
|
|
argument_spec = ipa_argument_spec()
|
|
|
|
|
argument_spec.update(cn=dict(type='str', required=True, aliases=['name']),
|
|
|
|
|
description=dict(type='str'),
|
|
|
|
|
host=dict(type='list'),
|
|
|
|
|
hostcategory=dict(type='str', choices=['all']),
|
|
|
|
|
hostgroup=dict(type='list'),
|
|
|
|
|
service=dict(type='list'),
|
|
|
|
|
servicecategory=dict(type='str', choices=['all']),
|
|
|
|
|
servicegroup=dict(type='list'),
|
|
|
|
|
sourcehost=dict(type='list'),
|
|
|
|
|
sourcehostcategory=dict(type='str', choices=['all']),
|
|
|
|
|
sourcehostgroup=dict(type='list'),
|
|
|
|
|
state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']),
|
|
|
|
|
user=dict(type='list'),
|
|
|
|
|
usercategory=dict(type='str', choices=['all']),
|
|
|
|
|
usergroup=dict(type='list'))
|
|
|
|
|
|
|
|
|
|
module = AnsibleModule(argument_spec=argument_spec,
|
|
|
|
|
supports_check_mode=True
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
client = HBACRuleIPAClient(module=module,
|
|
|
|
|