archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add runasusercategory and runasgroupcategory parameters for ipa_sudo_rule module (#30421)

Browse Source 
* Add runasusercategory and runasgroupcategory parameters

* Add "version_added" to docstring

* Remove redundant "required=False" argument specifications
pull/35427/head
cakepietoast 7 years ago committed by ansibot
parent ee2a8ff324
commit 85091e7a8e
1 changed files with 40 additions and 13 deletions
Show Stats Download Patch File Download Diff File

53
lib/ansible/modules/identity/ipa/ipa_sudorule.py
Unescape Escape View File

@ -52,6 +52,16 @@ options:
- If an empty list is passed all host groups will be removed from the rule. - If an empty list is passed all host groups will be removed from the rule.
- If option is omitted host groups will not be checked or changed. - If option is omitted host groups will not be checked or changed.
- Option C(hostcategory) must be omitted to assign host groups. - Option C(hostcategory) must be omitted to assign host groups.
runasusercategory:
description:
- RunAs User category the rule applies to.
choices: ['all']
version_added: "2.5"
runasgroupcategory:
description:
- RunAs Group category the rule applies to.
choices: ['all']
version_added: "2.5"
user: user:
description: description:
- List of users assigned to the rule. - List of users assigned to the rule.
@ -190,7 +200,8 @@ class SudoRuleIPAClient(IPAClient):
return self.sudorule_remove_user(name=name, item={'group': item}) return self.sudorule_remove_user(name=name, item={'group': item})
def get_sudorule_dict(cmdcategory=None, description=None, hostcategory=None, ipaenabledflag=None, usercategory=None): def get_sudorule_dict(cmdcategory=None, description=None, hostcategory=None, ipaenabledflag=None, usercategory=None,
runasgroupcategory=None, runasusercategory=None):
data = {} data = {}
if cmdcategory is not None: if cmdcategory is not None:
data['cmdcategory'] = cmdcategory data['cmdcategory'] = cmdcategory
@ -202,6 +213,10 @@ def get_sudorule_dict(cmdcategory=None, description=None, hostcategory=None, ipa
data['ipaenabledflag'] = ipaenabledflag data['ipaenabledflag'] = ipaenabledflag
if usercategory is not None: if usercategory is not None:
data['usercategory'] = usercategory data['usercategory'] = usercategory
if runasusercategory is not None:
data['ipasudorunasusercategory'] = runasusercategory
if runasgroupcategory is not None:
data['ipasudorunasgroupcategory'] = runasgroupcategory
return data return data
@ -222,6 +237,8 @@ def ensure(module, client):
host = module.params['host'] host = module.params['host']
hostcategory = module.params['hostcategory'] hostcategory = module.params['hostcategory']
hostgroup = module.params['hostgroup'] hostgroup = module.params['hostgroup']
runasusercategory = module.params['runasusercategory']
runasgroupcategory = module.params['runasgroupcategory']
if state in ['present', 'enabled']: if state in ['present', 'enabled']:
ipaenabledflag = 'TRUE' ipaenabledflag = 'TRUE'
@ -237,7 +254,9 @@ def ensure(module, client):
description=module.params['description'], description=module.params['description'],
hostcategory=hostcategory, hostcategory=hostcategory,
ipaenabledflag=ipaenabledflag, ipaenabledflag=ipaenabledflag,
usercategory=usercategory) usercategory=usercategory,
runasusercategory=runasusercategory,
runasgroupcategory=runasgroupcategory)
ipa_sudorule = client.sudorule_find(name=name) ipa_sudorule = client.sudorule_find(name=name)
changed = False changed = False
@ -265,6 +284,12 @@ def ensure(module, client):
if not module.check_mode: if not module.check_mode:
client.sudorule_add_allow_command(name=name, item=cmd) client.sudorule_add_allow_command(name=name, item=cmd)
if runasusercategory is not None:
changed = category_changed(module, client, 'iparunasusercategory', ipa_sudorule) or changed
if runasgroupcategory is not None:
changed = category_changed(module, client, 'iparunasgroupcategory', ipa_sudorule) or changed
if host is not None: if host is not None:
changed = category_changed(module, client, 'hostcategory', ipa_sudorule) or changed changed = category_changed(module, client, 'hostcategory', ipa_sudorule) or changed
changed = client.modify_if_diff(name, ipa_sudorule.get('memberhost_host', []), host, changed = client.modify_if_diff(name, ipa_sudorule.get('memberhost_host', []), host,
@ -314,18 +339,20 @@ def ensure(module, client):
def main(): def main():
argument_spec = ipa_argument_spec() argument_spec = ipa_argument_spec()
argument_spec.update(cmd=dict(type='list', required=False), argument_spec.update(cmd=dict(type='list'),
cmdcategory=dict(type='str', required=False, choices=['all']), cmdcategory=dict(type='str', choices=['all']),
cn=dict(type='str', required=True, aliases=['name']), cn=dict(type='str', required=True, aliases=['name']),
description=dict(type='str', required=False), description=dict(type='str'),
host=dict(type='list', required=False), host=dict(type='list'),
hostcategory=dict(type='str', required=False, choices=['all']), hostcategory=dict(type='str', choices=['all']),
hostgroup=dict(type='list', required=False), hostgroup=dict(type='list'),
sudoopt=dict(type='list', required=False), runasusercategory=dict(type='str', choices=['all']),
state=dict(type='str', required=False, default='present', choices=['present', 'absent', 'enabled', 'disabled']), runasgroupcategory=dict(type='str', choices=['all']),
user=dict(type='list', required=False), sudoopt=dict(type='list'),
usercategory=dict(type='str', required=False, choices=['all']), state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']),
usergroup=dict(type='list', required=False)) user=dict(type='list'),
usercategory=dict(type='str', choices=['all']),
usergroup=dict(type='list'))
module = AnsibleModule(argument_spec=argument_spec, module = AnsibleModule(argument_spec=argument_spec,
mutually_exclusive=[['cmdcategory', 'cmd'], mutually_exclusive=[['cmdcategory', 'cmd'],

Write Preview
Loading…
Cancel
Save