diff options
author | cakepietoast <tmac.se@gmail.com> | 2018-01-28 17:10:27 +1100 |
---|---|---|
committer | ansibot <ansibot@users.noreply.github.com> | 2018-01-28 01:10:27 -0500 |
commit | 85091e7a8e81b5dd89efcf4e141be85912307f39 (patch) | |
tree | a68a5a466675c7dd5b94fbdf371c51a8d850236c /lib/ansible/modules/identity | |
parent | ee2a8ff32452e93db68ace523e3dd8e044f02a3d (diff) | |
download | ansible-85091e7a8e81b5dd89efcf4e141be85912307f39.tar.gz |
Add runasusercategory and runasgroupcategory parameters for ipa_sudo_rule module (#30421)
* Add runasusercategory and runasgroupcategory parameters
* Add "version_added" to docstring
* Remove redundant "required=False" argument specifications
Diffstat (limited to 'lib/ansible/modules/identity')
-rw-r--r-- | lib/ansible/modules/identity/ipa/ipa_sudorule.py | 53 |
1 files changed, 40 insertions, 13 deletions
diff --git a/lib/ansible/modules/identity/ipa/ipa_sudorule.py b/lib/ansible/modules/identity/ipa/ipa_sudorule.py index fd8905b52d..eb5746b35c 100644 --- a/lib/ansible/modules/identity/ipa/ipa_sudorule.py +++ b/lib/ansible/modules/identity/ipa/ipa_sudorule.py @@ -52,6 +52,16 @@ options: - If an empty list is passed all host groups will be removed from the rule. - If option is omitted host groups will not be checked or changed. - Option C(hostcategory) must be omitted to assign host groups. + runasusercategory: + description: + - RunAs User category the rule applies to. + choices: ['all'] + version_added: "2.5" + runasgroupcategory: + description: + - RunAs Group category the rule applies to. + choices: ['all'] + version_added: "2.5" user: description: - List of users assigned to the rule. @@ -190,7 +200,8 @@ class SudoRuleIPAClient(IPAClient): return self.sudorule_remove_user(name=name, item={'group': item}) -def get_sudorule_dict(cmdcategory=None, description=None, hostcategory=None, ipaenabledflag=None, usercategory=None): +def get_sudorule_dict(cmdcategory=None, description=None, hostcategory=None, ipaenabledflag=None, usercategory=None, + runasgroupcategory=None, runasusercategory=None): data = {} if cmdcategory is not None: data['cmdcategory'] = cmdcategory @@ -202,6 +213,10 @@ def get_sudorule_dict(cmdcategory=None, description=None, hostcategory=None, ipa data['ipaenabledflag'] = ipaenabledflag if usercategory is not None: data['usercategory'] = usercategory + if runasusercategory is not None: + data['ipasudorunasusercategory'] = runasusercategory + if runasgroupcategory is not None: + data['ipasudorunasgroupcategory'] = runasgroupcategory return data @@ -222,6 +237,8 @@ def ensure(module, client): host = module.params['host'] hostcategory = module.params['hostcategory'] hostgroup = module.params['hostgroup'] + runasusercategory = module.params['runasusercategory'] + runasgroupcategory = module.params['runasgroupcategory'] if state in ['present', 'enabled']: ipaenabledflag = 'TRUE' @@ -237,7 +254,9 @@ def ensure(module, client): description=module.params['description'], hostcategory=hostcategory, ipaenabledflag=ipaenabledflag, - usercategory=usercategory) + usercategory=usercategory, + runasusercategory=runasusercategory, + runasgroupcategory=runasgroupcategory) ipa_sudorule = client.sudorule_find(name=name) changed = False @@ -265,6 +284,12 @@ def ensure(module, client): if not module.check_mode: client.sudorule_add_allow_command(name=name, item=cmd) + if runasusercategory is not None: + changed = category_changed(module, client, 'iparunasusercategory', ipa_sudorule) or changed + + if runasgroupcategory is not None: + changed = category_changed(module, client, 'iparunasgroupcategory', ipa_sudorule) or changed + if host is not None: changed = category_changed(module, client, 'hostcategory', ipa_sudorule) or changed changed = client.modify_if_diff(name, ipa_sudorule.get('memberhost_host', []), host, @@ -314,18 +339,20 @@ def ensure(module, client): def main(): argument_spec = ipa_argument_spec() - argument_spec.update(cmd=dict(type='list', required=False), - cmdcategory=dict(type='str', required=False, choices=['all']), + argument_spec.update(cmd=dict(type='list'), + cmdcategory=dict(type='str', choices=['all']), cn=dict(type='str', required=True, aliases=['name']), - description=dict(type='str', required=False), - host=dict(type='list', required=False), - hostcategory=dict(type='str', required=False, choices=['all']), - hostgroup=dict(type='list', required=False), - sudoopt=dict(type='list', required=False), - state=dict(type='str', required=False, default='present', choices=['present', 'absent', 'enabled', 'disabled']), - user=dict(type='list', required=False), - usercategory=dict(type='str', required=False, choices=['all']), - usergroup=dict(type='list', required=False)) + description=dict(type='str'), + host=dict(type='list'), + hostcategory=dict(type='str', choices=['all']), + hostgroup=dict(type='list'), + runasusercategory=dict(type='str', choices=['all']), + runasgroupcategory=dict(type='str', choices=['all']), + sudoopt=dict(type='list'), + state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']), + user=dict(type='list'), + usercategory=dict(type='str', choices=['all']), + usergroup=dict(type='list')) module = AnsibleModule(argument_spec=argument_spec, mutually_exclusive=[['cmdcategory', 'cmd'], |