Add runasusercategory and runasgroupcategory parameters for ipa_sudo_rule module (#30421)

* Add runasusercategory and runasgroupcategory parameters

* Add "version_added" to docstring

* Remove redundant "required=False" argument specifications

1 files changed, 40 insertions, 13 deletions

diff --git a/lib/ansible/modules/identity/ipa/ipa_sudorule.py b/lib/ansible/modules/identity/ipa/ipa_sudorule.py
index fd8905b52d..eb5746b35c 100644
--- a/lib/ansible/modules/identity/ipa/ipa_sudorule.py
+++ b/lib/ansible/modules/identity/ipa/ipa_sudorule.py
@@ -52,6 +52,16 @@ options:
     - If an empty list is passed all host groups will be removed from the rule.
     - If option is omitted host groups will not be checked or changed.
     - Option C(hostcategory) must be omitted to assign host groups.
+  runasusercategory:
+    description:
+    - RunAs User category the rule applies to.
+    choices: ['all']
+    version_added: "2.5"
+  runasgroupcategory:
+    description:
+      - RunAs Group category the rule applies to.
+    choices: ['all']
+    version_added: "2.5"
   user:
     description:
     - List of users assigned to the rule.
@@ -190,7 +200,8 @@ class SudoRuleIPAClient(IPAClient):
         return self.sudorule_remove_user(name=name, item={'group': item})
 
 
-def get_sudorule_dict(cmdcategory=None, description=None, hostcategory=None, ipaenabledflag=None, usercategory=None):
+def get_sudorule_dict(cmdcategory=None, description=None, hostcategory=None, ipaenabledflag=None, usercategory=None,
+                      runasgroupcategory=None, runasusercategory=None):
     data = {}
     if cmdcategory is not None:
         data['cmdcategory'] = cmdcategory
@@ -202,6 +213,10 @@ def get_sudorule_dict(cmdcategory=None, description=None, hostcategory=None, ipa
         data['ipaenabledflag'] = ipaenabledflag
     if usercategory is not None:
         data['usercategory'] = usercategory
+    if runasusercategory is not None:
+        data['ipasudorunasusercategory'] = runasusercategory
+    if runasgroupcategory is not None:
+        data['ipasudorunasgroupcategory'] = runasgroupcategory
     return data
 
 
@@ -222,6 +237,8 @@ def ensure(module, client):
     host = module.params['host']
     hostcategory = module.params['hostcategory']
     hostgroup = module.params['hostgroup']
+    runasusercategory = module.params['runasusercategory']
+    runasgroupcategory = module.params['runasgroupcategory']
 
     if state in ['present', 'enabled']:
         ipaenabledflag = 'TRUE'
@@ -237,7 +254,9 @@ def ensure(module, client):
                                         description=module.params['description'],
                                         hostcategory=hostcategory,
                                         ipaenabledflag=ipaenabledflag,
-                                        usercategory=usercategory)
+                                        usercategory=usercategory,
+                                        runasusercategory=runasusercategory,
+                                        runasgroupcategory=runasgroupcategory)
     ipa_sudorule = client.sudorule_find(name=name)
 
     changed = False
@@ -265,6 +284,12 @@ def ensure(module, client):
             if not module.check_mode:
                 client.sudorule_add_allow_command(name=name, item=cmd)
 
+        if runasusercategory is not None:
+            changed = category_changed(module, client, 'iparunasusercategory', ipa_sudorule) or changed
+
+        if runasgroupcategory is not None:
+            changed = category_changed(module, client, 'iparunasgroupcategory', ipa_sudorule) or changed
+
         if host is not None:
             changed = category_changed(module, client, 'hostcategory', ipa_sudorule) or changed
             changed = client.modify_if_diff(name, ipa_sudorule.get('memberhost_host', []), host,
@@ -314,18 +339,20 @@ def ensure(module, client):
 
 def main():
     argument_spec = ipa_argument_spec()
-    argument_spec.update(cmd=dict(type='list', required=False),
-                         cmdcategory=dict(type='str', required=False, choices=['all']),
+    argument_spec.update(cmd=dict(type='list'),
+                         cmdcategory=dict(type='str', choices=['all']),
                          cn=dict(type='str', required=True, aliases=['name']),
-                         description=dict(type='str', required=False),
-                         host=dict(type='list', required=False),
-                         hostcategory=dict(type='str', required=False, choices=['all']),
-                         hostgroup=dict(type='list', required=False),
-                         sudoopt=dict(type='list', required=False),
-                         state=dict(type='str', required=False, default='present', choices=['present', 'absent', 'enabled', 'disabled']),
-                         user=dict(type='list', required=False),
-                         usercategory=dict(type='str', required=False, choices=['all']),
-                         usergroup=dict(type='list', required=False))
+                         description=dict(type='str'),
+                         host=dict(type='list'),
+                         hostcategory=dict(type='str', choices=['all']),
+                         hostgroup=dict(type='list'),
+                         runasusercategory=dict(type='str', choices=['all']),
+                         runasgroupcategory=dict(type='str', choices=['all']),
+                         sudoopt=dict(type='list'),
+                         state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']),
+                         user=dict(type='list'),
+                         usercategory=dict(type='str', choices=['all']),
+                         usergroup=dict(type='list'))
 
     module = AnsibleModule(argument_spec=argument_spec,
                            mutually_exclusive=[['cmdcategory', 'cmd'],