From 42b0c967d0d14ea364de93bedbdc07314df7c6a9 Mon Sep 17 00:00:00 2001 From: Abhijeet Kasurde Date: Thu, 9 Jan 2020 15:32:26 +0530 Subject: [PATCH] FreeIPA: Fix documentation (#66194) * Add datatype whereever it is missing * Fix documentation Signed-off-by: Abhijeet Kasurde --- .../modules/identity/ipa/ipa_config.py | 16 ++-- .../modules/identity/ipa/ipa_dnsrecord.py | 44 ++++++----- .../modules/identity/ipa/ipa_dnszone.py | 23 +++--- lib/ansible/modules/identity/ipa/ipa_group.py | 36 +++++---- .../modules/identity/ipa/ipa_hbacrule.py | 58 ++++++++++----- lib/ansible/modules/identity/ipa/ipa_host.py | 53 ++++++++------ .../modules/identity/ipa/ipa_hostgroup.py | 31 +++++--- lib/ansible/modules/identity/ipa/ipa_role.py | 51 ++++++++----- .../modules/identity/ipa/ipa_service.py | 34 +++++---- lib/ansible/modules/identity/ipa/ipa_subca.py | 29 ++++---- .../modules/identity/ipa/ipa_sudocmd.py | 23 +++--- .../modules/identity/ipa/ipa_sudocmdgroup.py | 17 +++-- .../modules/identity/ipa/ipa_sudorule.py | 51 +++++++++---- lib/ansible/modules/identity/ipa/ipa_user.py | 73 ++++++++++++------- lib/ansible/modules/identity/ipa/ipa_vault.py | 42 ++++++----- lib/ansible/plugins/doc_fragments/ipa.py | 1 - test/sanity/ignore.txt | 30 -------- 17 files changed, 358 insertions(+), 254 deletions(-) diff --git a/lib/ansible/modules/identity/ipa/ipa_config.py b/lib/ansible/modules/identity/ipa/ipa_config.py index f28239159c0..8bb3a9a7118 100644 --- a/lib/ansible/modules/identity/ipa/ipa_config.py +++ b/lib/ansible/modules/identity/ipa/ipa_config.py @@ -11,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'supported_by': 'community'} -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: ipa_config author: Fran Fitzpatrick (@fxfitz) @@ -22,30 +22,32 @@ options: ipadefaultloginshell: description: Default shell for new users. aliases: ["loginshell"] + type: str ipadefaultemaildomain: description: Default e-mail domain for new users. aliases: ["emaildomain"] + type: str extends_documentation_fragment: ipa.documentation version_added: "2.7" ''' -EXAMPLES = ''' -# Ensure the default login shell is bash. -- ipa_config: +EXAMPLES = r''' +- name: Ensure the default login shell is bash. + ipa_config: ipadefaultloginshell: /bin/bash ipa_host: localhost ipa_user: admin ipa_pass: supersecret -# Ensure the default e-mail domain is ansible.com. -- ipa_config: +- name: Ensure the default e-mail domain is ansible.com. + ipa_config: ipadefaultemaildomain: ansible.com ipa_host: localhost ipa_user: admin ipa_pass: supersecret ''' -RETURN = ''' +RETURN = r''' config: description: Configuration as returned by IPA API. returned: always diff --git a/lib/ansible/modules/identity/ipa/ipa_dnsrecord.py b/lib/ansible/modules/identity/ipa/ipa_dnsrecord.py index 172cf8c52f6..63e08c75890 100644 --- a/lib/ansible/modules/identity/ipa/ipa_dnsrecord.py +++ b/lib/ansible/modules/identity/ipa/ipa_dnsrecord.py @@ -14,7 +14,7 @@ ANSIBLE_METADATA = { } -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: ipa_dnsrecord author: Abhijeet Kasurde (@Akasurde) @@ -26,11 +26,13 @@ options: description: - The DNS zone name to which DNS record needs to be managed. required: true + type: str record_name: description: - The DNS record name to manage. required: true aliases: ["name"] + type: str record_type: description: - The type of DNS record name. @@ -39,7 +41,8 @@ options: - "'SRV' and 'MX' are added in version 2.8." required: false default: 'A' - choices: ['A', 'AAAA', 'A6', 'CNAME', 'DNAME', 'PTR', 'TXT', 'SRV', 'MX'] + choices: ['A', 'AAAA', 'A6', 'CNAME', 'DNAME', 'MX', 'PTR', 'SRV', 'TXT'] + type: str record_value: description: - Manage DNS record name with this value. @@ -52,24 +55,27 @@ options: - In the case of 'SRV' record type, this will be a service record. - In the case of 'MX' record type, this will be a mail exchanger record. required: true + type: str record_ttl: description: - Set the TTL for the record. - Applies only when adding a new or changing the value of record_value. version_added: "2.7" required: false + type: int state: description: State to ensure required: false default: present - choices: ["present", "absent"] + choices: ["absent", "present"] + type: str extends_documentation_fragment: ipa.documentation version_added: "2.4" ''' -EXAMPLES = ''' -# Ensure dns record is present -- ipa_dnsrecord: +EXAMPLES = r''' +- name: Ensure dns record is present + ipa_dnsrecord: ipa_host: spider.example.com ipa_pass: Passw0rd! state: present @@ -78,8 +84,8 @@ EXAMPLES = ''' record_type: 'AAAA' record_value: '::1' -# Ensure that dns record exists with a TTL -- ipa_dnsrecord: +- name: Ensure that dns record exists with a TTL + ipa_dnsrecord: name: host02 zone_name: example.com record_type: 'AAAA' @@ -89,8 +95,8 @@ EXAMPLES = ''' ipa_pass: topsecret state: present -# Ensure a PTR record is present -- ipa_dnsrecord: +- name: Ensure a PTR record is present + ipa_dnsrecord: ipa_host: spider.example.com ipa_pass: Passw0rd! state: present @@ -99,8 +105,8 @@ EXAMPLES = ''' record_type: 'PTR' record_value: 'internal.ipa.example.com' -# Ensure a TXT record is present -- ipa_dnsrecord: +- name: Ensure a TXT record is present + ipa_dnsrecord: ipa_host: spider.example.com ipa_pass: Passw0rd! state: present @@ -109,8 +115,8 @@ EXAMPLES = ''' record_type: 'TXT' record_value: 'EXAMPLE.COM' -# Ensure an SRV record is present -- ipa_dnsrecord: +- name: Ensure an SRV record is present + ipa_dnsrecord: ipa_host: spider.example.com ipa_pass: Passw0rd! state: present @@ -119,8 +125,8 @@ EXAMPLES = ''' record_type: 'SRV' record_value: '10 50 88 ipa.example.com' -# Ensure an MX record is present -- ipa_dnsrecord: +- name: Ensure an MX record is present + ipa_dnsrecord: ipa_host: spider.example.com ipa_pass: Passw0rd! state: present @@ -129,8 +135,8 @@ EXAMPLES = ''' record_type: 'MX' record_value: '1 mailserver.example.com' -# Ensure that dns record is removed -- ipa_dnsrecord: +- name: Ensure that dns record is removed + ipa_dnsrecord: name: host01 zone_name: example.com record_type: 'AAAA' @@ -141,7 +147,7 @@ EXAMPLES = ''' state: absent ''' -RETURN = ''' +RETURN = r''' dnsrecord: description: DNS record as returned by IPA API. returned: always diff --git a/lib/ansible/modules/identity/ipa/ipa_dnszone.py b/lib/ansible/modules/identity/ipa/ipa_dnszone.py index f5a1bd45fbc..254bf154227 100644 --- a/lib/ansible/modules/identity/ipa/ipa_dnszone.py +++ b/lib/ansible/modules/identity/ipa/ipa_dnszone.py @@ -12,7 +12,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'supported_by': 'community'} -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: ipa_dnszone author: Fran Fitzpatrick (@fxfitz) @@ -24,39 +24,42 @@ options: description: - The DNS zone name to which needs to be managed. required: true + type: str state: description: State to ensure required: false default: present - choices: ["present", "absent"] + choices: ["absent", "present"] + type: str dynamicupdate: description: Apply dynamic update to zone required: false default: "false" choices: ["false", "true"] version_added: "2.9" + type: str extends_documentation_fragment: ipa.documentation version_added: "2.5" ''' -EXAMPLES = ''' -# Ensure dns zone is present -- ipa_dnszone: +EXAMPLES = r''' +- name: Ensure dns zone is present + ipa_dnszone: ipa_host: spider.example.com ipa_pass: Passw0rd! state: present zone_name: example.com -# Ensure dns zone is present and is dynamic update -- ipa_dnszone: +- name: Ensure dns zone is present and is dynamic update + ipa_dnszone: ipa_host: spider.example.com ipa_pass: Passw0rd! state: present zone_name: example.com dynamicupdate: true -# Ensure that dns zone is removed -- ipa_dnszone: +- name: Ensure that dns zone is removed + ipa_dnszone: zone_name: example.com ipa_host: localhost ipa_user: admin @@ -64,7 +67,7 @@ EXAMPLES = ''' state: absent ''' -RETURN = ''' +RETURN = r''' zone: description: DNS zone as returned by IPA API. returned: always diff --git a/lib/ansible/modules/identity/ipa/ipa_group.py b/lib/ansible/modules/identity/ipa/ipa_group.py index bdeee2cbeb0..66d1c37d4da 100644 --- a/lib/ansible/modules/identity/ipa/ipa_group.py +++ b/lib/ansible/modules/identity/ipa/ipa_group.py @@ -10,7 +10,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['preview'], 'supported_by': 'community'} -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: ipa_group author: Thomas Krahn (@Nosmoht) @@ -24,9 +24,11 @@ options: - Can not be changed as it is the unique identifier. required: true aliases: ['name'] + type: str description: description: - Description of the group. + type: str external: description: - Allow adding external non-IPA members from trusted domains. @@ -35,12 +37,15 @@ options: description: - GID (use this option to set it manually). aliases: ['gid'] + type: str group: description: - List of group names assigned to this group. - If an empty list is passed all groups will be removed from this group. - If option is omitted assigned groups will not be checked or changed. - Groups that are already assigned but not passed will be removed. + type: list + elements: str nonposix: description: - Create as a non-POSIX group. @@ -51,18 +56,21 @@ options: - If an empty list is passed all users will be removed from this group. - If option is omitted assigned users will not be checked or changed. - Users that are already assigned but not passed will be removed. + type: list + elements: str state: description: - State to ensure default: "present" - choices: ["present", "absent"] + choices: ["absent", "present"] + type: str extends_documentation_fragment: ipa.documentation version_added: "2.3" ''' -EXAMPLES = ''' -# Ensure group is present -- ipa_group: +EXAMPLES = r''' +- name: Ensure group is present + ipa_group: name: oinstall gidnumber: 54321 state: present @@ -70,8 +78,8 @@ EXAMPLES = ''' ipa_user: admin ipa_pass: topsecret -# Ensure that groups sysops and appops are assigned to ops but no other group -- ipa_group: +- name: Ensure that groups sysops and appops are assigned to ops but no other group + ipa_group: name: ops group: - sysops @@ -80,8 +88,8 @@ EXAMPLES = ''' ipa_user: admin ipa_pass: topsecret -# Ensure that users linus and larry are assign to the group, but no other user -- ipa_group: +- name: Ensure that users linus and larry are assign to the group, but no other user + ipa_group: name: sysops user: - linus @@ -90,8 +98,8 @@ EXAMPLES = ''' ipa_user: admin ipa_pass: topsecret -# Ensure group is absent -- ipa_group: +- name: Ensure group is absent + ipa_group: name: sysops state: absent ipa_host: ipa.example.com @@ -99,7 +107,7 @@ EXAMPLES = ''' ipa_pass: topsecret ''' -RETURN = ''' +RETURN = r''' group: description: Group as returned by IPA API returned: always @@ -228,10 +236,10 @@ def main(): description=dict(type='str'), external=dict(type='bool'), gidnumber=dict(type='str', aliases=['gid']), - group=dict(type='list'), + group=dict(type='list', elements='str'), nonposix=dict(type='bool'), state=dict(type='str', default='present', choices=['present', 'absent']), - user=dict(type='list')) + user=dict(type='list', elements='str')) module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True, diff --git a/lib/ansible/modules/identity/ipa/ipa_hbacrule.py b/lib/ansible/modules/identity/ipa/ipa_hbacrule.py index 6ddc4f7959a..11711597e62 100644 --- a/lib/ansible/modules/identity/ipa/ipa_hbacrule.py +++ b/lib/ansible/modules/identity/ipa/ipa_hbacrule.py @@ -11,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'supported_by': 'community'} -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: ipa_hbacrule author: Thomas Krahn (@Nosmoht) @@ -25,72 +25,94 @@ options: - Can not be changed as it is the unique identifier. required: true aliases: ["name"] + type: str description: description: Description + type: str host: description: - List of host names to assign. - If an empty list is passed all hosts will be removed from the rule. - If option is omitted hosts will not be checked or changed. required: false + type: list + elements: str hostcategory: description: Host category choices: ['all'] + type: str hostgroup: description: - List of hostgroup names to assign. - If an empty list is passed all hostgroups will be removed. from the rule - If option is omitted hostgroups will not be checked or changed. + type: list + elements: str service: description: - List of service names to assign. - If an empty list is passed all services will be removed from the rule. - If option is omitted services will not be checked or changed. + type: list + elements: str servicecategory: description: Service category choices: ['all'] + type: str servicegroup: description: - List of service group names to assign. - If an empty list is passed all assigned service groups will be removed from the rule. - If option is omitted service groups will not be checked or changed. + type: list + elements: str sourcehost: description: - List of source host names to assign. - If an empty list if passed all assigned source hosts will be removed from the rule. - If option is omitted source hosts will not be checked or changed. + type: list + elements: str sourcehostcategory: description: Source host category choices: ['all'] + type: str sourcehostgroup: description: - List of source host group names to assign. - If an empty list if passed all assigned source host groups will be removed from the rule. - If option is omitted source host groups will not be checked or changed. + type: list + elements: str state: description: State to ensure default: "present" - choices: ["present", "absent", "enabled", "disabled"] + choices: ["absent", "disabled", "enabled","present"] + type: str user: description: - List of user names to assign. - If an empty list if passed all assigned users will be removed from the rule. - If option is omitted users will not be checked or changed. + type: list + elements: str usercategory: description: User category choices: ['all'] + type: str usergroup: description: - List of user group names to assign. - If an empty list if passed all assigned user groups will be removed from the rule. - If option is omitted user groups will not be checked or changed. + type: list extends_documentation_fragment: ipa.documentation version_added: "2.3" ''' -EXAMPLES = ''' -# Ensure rule to allow all users to access any host from any host -- ipa_hbacrule: +EXAMPLES = r''' +- name: Ensure rule to allow all users to access any host from any host + ipa_hbacrule: name: allow_all description: Allow all users to access any host from any host hostcategory: all @@ -101,8 +123,8 @@ EXAMPLES = ''' ipa_user: admin ipa_pass: topsecret -# Ensure rule with certain limitations -- ipa_hbacrule: +- name: Ensure rule with certain limitations + ipa_hbacrule: name: allow_all_developers_access_to_db description: Allow all developers to access any database from any host hostgroup: @@ -114,8 +136,8 @@ EXAMPLES = ''' ipa_user: admin ipa_pass: topsecret -# Ensure rule is absent -- ipa_hbacrule: +- name: Ensure rule is absent + ipa_hbacrule: name: rule_to_be_deleted state: absent ipa_host: ipa.example.com @@ -123,7 +145,7 @@ EXAMPLES = ''' ipa_pass: topsecret ''' -RETURN = ''' +RETURN = r''' hbacrule: description: HBAC rule as returned by IPA API. returned: always @@ -300,19 +322,19 @@ def main(): argument_spec = ipa_argument_spec() argument_spec.update(cn=dict(type='str', required=True, aliases=['name']), description=dict(type='str'), - host=dict(type='list'), + host=dict(type='list', elements='str'), hostcategory=dict(type='str', choices=['all']), - hostgroup=dict(type='list'), - service=dict(type='list'), + hostgroup=dict(type='list', elements='str'), + service=dict(type='list', elements='str'), servicecategory=dict(type='str', choices=['all']), - servicegroup=dict(type='list'), - sourcehost=dict(type='list'), + servicegroup=dict(type='list', elements='str'), + sourcehost=dict(type='list', elements='str'), sourcehostcategory=dict(type='str', choices=['all']), - sourcehostgroup=dict(type='list'), + sourcehostgroup=dict(type='list', elements='str'), state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']), - user=dict(type='list'), + user=dict(type='list', elements='str'), usercategory=dict(type='str', choices=['all']), - usergroup=dict(type='list')) + usergroup=dict(type='list', elements='str')) module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True diff --git a/lib/ansible/modules/identity/ipa/ipa_host.py b/lib/ansible/modules/identity/ipa/ipa_host.py index be14c202bad..a5ad36dbcba 100644 --- a/lib/ansible/modules/identity/ipa/ipa_host.py +++ b/lib/ansible/modules/identity/ipa/ipa_host.py @@ -11,13 +11,13 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'supported_by': 'community'} -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: ipa_host author: Thomas Krahn (@Nosmoht) short_description: Manage FreeIPA host description: -- Add, modify and delete an IPA host using IPA API +- Add, modify and delete an IPA host using IPA API. options: fqdn: description: @@ -25,9 +25,11 @@ options: - Can not be changed as it is the unique identifier. required: true aliases: ["name"] + type: str description: description: - A description of this host. + type: str force: description: - Force host name even if not in DNS. @@ -36,6 +38,7 @@ options: ip_address: description: - Add the host to DNS with this IP address. + type: str mac_address: description: - List of Hardware MAC address(es) off this host. @@ -43,18 +46,23 @@ options: - If an empty list is passed all assigned MAC addresses will be removed. - MAC addresses that are already assigned but not passed will be removed. aliases: ["macaddress"] + type: list + elements: str ns_host_location: description: - Host location (e.g. "Lab 2") aliases: ["nshostlocation"] + type: str ns_hardware_platform: description: - Host hardware platform (e.g. "Lenovo T61") aliases: ["nshardwareplatform"] + type: str ns_os_version: description: - Host operating system and version (e.g. "Fedora 9") aliases: ["nsosversion"] + type: str user_certificate: description: - List of Base-64 encoded server certificates. @@ -62,10 +70,13 @@ options: - If an empty list is passed all assigned certificates will be removed. - Certificates already assigned but not passed will be removed. aliases: ["usercertificate"] + type: list + elements: str state: - description: State to ensure + description: State to ensure. default: present - choices: ["present", "absent", "enabled", "disabled"] + choices: ["absent", "disabled", "enabled", "present"] + type: str update_dns: description: - If set C("True") with state as C("absent"), then removes DNS records of the host managed by FreeIPA DNS. @@ -74,7 +85,7 @@ options: type: bool version_added: "2.5" random_password: - description: Generate a random password to be used in bulk enrollment + description: Generate a random password to be used in bulk enrollment. default: False type: bool version_added: '2.5' @@ -82,9 +93,9 @@ extends_documentation_fragment: ipa.documentation version_added: "2.3" ''' -EXAMPLES = ''' -# Ensure host is present -- ipa_host: +EXAMPLES = r''' +- name: Ensure host is present + ipa_host: name: host01.example.com description: Example host ip_address: 192.168.0.123 @@ -99,8 +110,8 @@ EXAMPLES = ''' ipa_user: admin ipa_pass: topsecret -# Generate a random password for bulk enrolment -- ipa_host: +- name: Generate a random password for bulk enrolment + ipa_host: name: host01.example.com description: Example host ip_address: 192.168.0.123 @@ -111,32 +122,32 @@ EXAMPLES = ''' validate_certs: False random_password: True -# Ensure host is disabled -- ipa_host: +- name: Ensure host is disabled + ipa_host: name: host01.example.com state: disabled ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret -# Ensure that all user certificates are removed -- ipa_host: +- name: Ensure that all user certificates are removed + ipa_host: name: host01.example.com user_certificate: [] ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret -# Ensure host is absent -- ipa_host: +- name: Ensure host is absent + ipa_host: name: host01.example.com state: absent ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret -# Ensure host and its DNS record is absent -- ipa_host: +- name: Ensure host and its DNS record is absent + ipa_host: name: host01.example.com state: absent ipa_host: ipa.example.com @@ -145,7 +156,7 @@ EXAMPLES = ''' update_dns: True ''' -RETURN = ''' +RETURN = r''' host: description: Host as returned by IPA API. returned: always @@ -275,8 +286,8 @@ def main(): ns_host_location=dict(type='str', aliases=['nshostlocation']), ns_hardware_platform=dict(type='str', aliases=['nshardwareplatform']), ns_os_version=dict(type='str', aliases=['nsosversion']), - user_certificate=dict(type='list', aliases=['usercertificate']), - mac_address=dict(type='list', aliases=['macaddress']), + user_certificate=dict(type='list', aliases=['usercertificate'], elements='str'), + mac_address=dict(type='list', aliases=['macaddress'], elements='str'), update_dns=dict(type='bool'), state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']), random_password=dict(type='bool'),) diff --git a/lib/ansible/modules/identity/ipa/ipa_hostgroup.py b/lib/ansible/modules/identity/ipa/ipa_hostgroup.py index 1291265b98f..a2c570ccf2b 100644 --- a/lib/ansible/modules/identity/ipa/ipa_hostgroup.py +++ b/lib/ansible/modules/identity/ipa/ipa_hostgroup.py @@ -11,13 +11,13 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'supported_by': 'community'} -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: ipa_hostgroup author: Thomas Krahn (@Nosmoht) short_description: Manage FreeIPA host-group description: -- Add, modify and delete an IPA host-group using IPA API +- Add, modify and delete an IPA host-group using IPA API. options: cn: description: @@ -25,33 +25,40 @@ options: - Can not be changed as it is the unique identifier. required: true aliases: ["name"] + type: str description: description: - - Description + - Description. + type: str host: description: - List of hosts that belong to the host-group. - If an empty list is passed all hosts will be removed from the group. - If option is omitted hosts will not be checked or changed. - If option is passed all assigned hosts that are not passed will be unassigned from the group. + type: list + elements: str hostgroup: description: - List of host-groups than belong to that host-group. - If an empty list is passed all host-groups will be removed from the group. - If option is omitted host-groups will not be checked or changed. - If option is passed all assigned hostgroups that are not passed will be unassigned from the group. + type: list + elements: str state: description: - State to ensure. default: "present" - choices: ["present", "absent", "enabled", "disabled"] + choices: ["absent", "disabled", "enabled", "present"] + type: str extends_documentation_fragment: ipa.documentation version_added: "2.3" ''' -EXAMPLES = ''' -# Ensure host-group databases is present -- ipa_hostgroup: +EXAMPLES = r''' +- name: Ensure host-group databases is present + ipa_hostgroup: name: databases state: present host: @@ -63,8 +70,8 @@ EXAMPLES = ''' ipa_user: admin ipa_pass: topsecret -# Ensure host-group databases is absent -- ipa_hostgroup: +- name: Ensure host-group databases is absent + ipa_hostgroup: name: databases state: absent ipa_host: ipa.example.com @@ -72,7 +79,7 @@ EXAMPLES = ''' ipa_pass: topsecret ''' -RETURN = ''' +RETURN = r''' hostgroup: description: Hostgroup as returned by IPA API. returned: always @@ -180,8 +187,8 @@ def main(): argument_spec = ipa_argument_spec() argument_spec.update(cn=dict(type='str', required=True, aliases=['name']), description=dict(type='str'), - host=dict(type='list'), - hostgroup=dict(type='list'), + host=dict(type='list', elements='str'), + hostgroup=dict(type='list', elements='str'), state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled'])) module = AnsibleModule(argument_spec=argument_spec, diff --git a/lib/ansible/modules/identity/ipa/ipa_role.py b/lib/ansible/modules/identity/ipa/ipa_role.py index 13d5c28f641..c32ec210c80 100644 --- a/lib/ansible/modules/identity/ipa/ipa_role.py +++ b/lib/ansible/modules/identity/ipa/ipa_role.py @@ -11,13 +11,13 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'supported_by': 'community'} -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: ipa_role author: Thomas Krahn (@Nosmoht) short_description: Manage FreeIPA role description: -- Add, modify and delete a role within FreeIPA server using FreeIPA API +- Add, modify and delete a role within FreeIPA server using FreeIPA API. options: cn: description: @@ -25,33 +25,43 @@ options: - Can not be changed as it is the unique identifier. required: true aliases: ['name'] + type: str description: description: - A description of this role-group. + type: str group: description: - List of group names assign to this role. - If an empty list is passed all assigned groups will be unassigned from the role. - If option is omitted groups will not be checked or changed. - If option is passed all assigned groups that are not passed will be unassigned from the role. + type: list + elements: str host: description: - List of host names to assign. - If an empty list is passed all assigned hosts will be unassigned from the role. - If option is omitted hosts will not be checked or changed. - If option is passed all assigned hosts that are not passed will be unassigned from the role. + type: list + elements: str hostgroup: description: - List of host group names to assign. - If an empty list is passed all assigned host groups will be removed from the role. - If option is omitted host groups will not be checked or changed. - If option is passed all assigned hostgroups that are not passed will be unassigned from the role. + type: list + elements: str privilege: description: - List of privileges granted to the role. - If an empty list is passed all assigned privileges will be removed. - If option is omitted privileges will not be checked or changed. - If option is passed all assigned privileges that are not passed will be removed. + type: list + elements: str version_added: "2.4" service: description: @@ -59,22 +69,27 @@ options: - If an empty list is passed all assigned services will be removed from the role. - If option is omitted services will not be checked or changed. - If option is passed all assigned services that are not passed will be removed from the role. + type: list + elements: str state: - description: State to ensure + description: State to ensure. default: "present" - choices: ["present", "absent"] + choices: ["absent", "present"] + type: str user: description: - List of user names to assign. - If an empty list is passed all assigned users will be removed from the role. - If option is omitted users will not be checked or changed. + type: list + elements: str extends_documentation_fragment: ipa.documentation version_added: "2.3" ''' -EXAMPLES = ''' -# Ensure role is present -- ipa_role: +EXAMPLES = r''' +- name: Ensure role is present + ipa_role: name: dba description: Database Administrators state: present @@ -85,8 +100,8 @@ EXAMPLES = ''' ipa_user: admin ipa_pass: topsecret -# Ensure role with certain details -- ipa_role: +- name: Ensure role with certain details + ipa_role: name: another-role description: Just another role group: @@ -101,8 +116,8 @@ EXAMPLES = ''' service: - service01 -# Ensure role is absent -- ipa_role: +- name: Ensure role is absent + ipa_role: name: dba state: absent ipa_host: ipa.example.com @@ -110,7 +125,7 @@ EXAMPLES = ''' ipa_pass: topsecret ''' -RETURN = ''' +RETURN = r''' role: description: Role as returned by IPA API. returned: always @@ -263,13 +278,13 @@ def main(): argument_spec = ipa_argument_spec() argument_spec.update(cn=dict(type='str', required=True, aliases=['name']), description=dict(type='str'), - group=dict(type='list'), - host=dict(type='list'), - hostgroup=dict(type='list'), - privilege=dict(type='list'), - service=dict(type='list'), + group=dict(type='list', elements='str'), + host=dict(type='list', elements='str'), + hostgroup=dict(type='list', elements='str'), + privilege=dict(type='list', elements='str'), + service=dict(type='list', elements='str'), state=dict(type='str', default='present', choices=['present', 'absent']), - user=dict(type='list')) + user=dict(type='list', elements='str')) module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) diff --git a/lib/ansible/modules/identity/ipa/ipa_service.py b/lib/ansible/modules/identity/ipa/ipa_service.py index 7e2cb009a62..fda2d61dbd8 100644 --- a/lib/ansible/modules/identity/ipa/ipa_service.py +++ b/lib/ansible/modules/identity/ipa/ipa_service.py @@ -11,57 +11,61 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'supported_by': 'community'} -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: ipa_service author: Cédric Parent (@cprh) short_description: Manage FreeIPA service description: -- Add and delete an IPA service using IPA API +- Add and delete an IPA service using IPA API. options: krbcanonicalname: description: - - principal of the service + - Principal of the service. - Can not be changed as it is the unique identifier. required: true aliases: ["name"] + type: str hosts: description: - - defines the list of 'ManagedBy' hosts + - Defines the list of 'ManagedBy' hosts. required: false + type: list + elements: str force: description: - Force principal name even if host is not in DNS. required: false type: bool state: - description: State to ensure + description: State to ensure. required: false default: present - choices: ["present", "absent"] + choices: ["absent", "present"] + type: str extends_documentation_fragment: ipa.documentation version_added: "2.5" ''' -EXAMPLES = ''' -# Ensure service is present -- ipa_service: +EXAMPLES = r''' +- name: Ensure service is present + ipa_service: name: http/host01.example.com state: present ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret -# Ensure service is absent -- ipa_service: +- name: Ensure service is absent + ipa_service: name: http/host01.example.com state: absent ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret -# Changing Managing hosts list -- ipa_service: +- name: Changing Managing hosts list + ipa_service: name: http/host01.example.com host: - host01.example.com @@ -71,7 +75,7 @@ EXAMPLES = ''' ipa_pass: topsecret ''' -RETURN = ''' +RETURN = r''' service: description: Service as returned by IPA API. returned: always @@ -183,7 +187,7 @@ def main(): argument_spec.update( krbcanonicalname=dict(type='str', required=True, aliases=['name']), force=dict(type='bool', required=False), - hosts=dict(type='list', required=False), + hosts=dict(type='list', required=False, elements='str'), state=dict(type='str', required=False, default='present', choices=['present', 'absent'])) diff --git a/lib/ansible/modules/identity/ipa/ipa_subca.py b/lib/ansible/modules/identity/ipa/ipa_subca.py index d61810b3887..d15921b1c1a 100644 --- a/lib/ansible/modules/identity/ipa/ipa_subca.py +++ b/lib/ansible/modules/identity/ipa/ipa_subca.py @@ -11,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'supported_by': 'community'} -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: ipa_subca author: Abhijeet Kasurde (@Akasurde) @@ -25,27 +25,30 @@ options: - The Sub Certificate Authority name which needs to be managed. required: true aliases: ["name"] + type: str subca_subject: description: - - The Sub Certificate Authority's Subject. e.g., 'CN=SampleSubCA1,O=testrelm.test' + - The Sub Certificate Authority's Subject. e.g., 'CN=SampleSubCA1,O=testrelm.test'. required: true + type: str subca_desc: description: - The Sub Certificate Authority's description. - required: true + type: str state: description: - - State to ensure - - State 'disable' and 'enable' is available for FreeIPA 4.4.2 version and onwards + - State to ensure. + - State 'disable' and 'enable' is available for FreeIPA 4.4.2 version and onwards. required: false default: present - choices: ["present", "absent", "enabled", "disabled"] + choices: ["absent", "disabled", "enabled", "present"] + type: str extends_documentation_fragment: ipa.documentation ''' EXAMPLES = ''' -# Ensure IPA Sub CA is present -- ipa_subca: +- name: Ensure IPA Sub CA is present + ipa_subca: ipa_host: spider.example.com ipa_pass: Passw0rd! state: present @@ -53,22 +56,22 @@ EXAMPLES = ''' subca_subject: 'CN=AnsibleSubCA1,O=example.com' subca_desc: Ansible Sub CA -# Ensure that IPA Sub CA is removed -- ipa_subca: +- name: Ensure that IPA Sub CA is removed + ipa_subca: ipa_host: spider.example.com ipa_pass: Passw0rd! state: absent subca_name: AnsibleSubCA1 -# Ensure that IPA Sub CA is disabled -- ipa_subca: +- name: Ensure that IPA Sub CA is disabled + ipa_subca: ipa_host: spider.example.com ipa_pass: Passw0rd! state: disable subca_name: AnsibleSubCA1 ''' -RETURN = ''' +RETURN = r''' subca: description: IPA Sub CA record as returned by IPA API. returned: always diff --git a/lib/ansible/modules/identity/ipa/ipa_sudocmd.py b/lib/ansible/modules/identity/ipa/ipa_sudocmd.py index 4e7a691e10c..e94ada6a062 100644 --- a/lib/ansible/modules/identity/ipa/ipa_sudocmd.py +++ b/lib/ansible/modules/identity/ipa/ipa_sudocmd.py @@ -11,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'supported_by': 'community'} -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: ipa_sudocmd author: Thomas Krahn (@Nosmoht) @@ -21,31 +21,34 @@ description: options: sudocmd: description: - - Sudo Command. + - Sudo command. aliases: ['name'] required: true + type: str description: description: - A description of this command. + type: str state: - description: State to ensure + description: State to ensure. default: present - choices: ['present', 'absent', 'enabled', 'disabled'] + choices: ['absent', 'disabled', 'enabled', 'present'] + type: str extends_documentation_fragment: ipa.documentation version_added: "2.3" ''' -EXAMPLES = ''' -# Ensure sudo command exists -- ipa_sudocmd: +EXAMPLES = r''' +- name: Ensure sudo command exists + ipa_sudocmd: name: su description: Allow to run su via sudo ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret -# Ensure sudo command does not exist -- ipa_sudocmd: +- name: Ensure sudo command does not exist + ipa_sudocmd: name: su state: absent ipa_host: ipa.example.com @@ -53,7 +56,7 @@ EXAMPLES = ''' ipa_pass: topsecret ''' -RETURN = ''' +RETURN = r''' sudocmd: description: Sudo command as return from IPA API returned: always diff --git a/lib/ansible/modules/identity/ipa/ipa_sudocmdgroup.py b/lib/ansible/modules/identity/ipa/ipa_sudocmdgroup.py index 9f386c68275..0a17c684b04 100644 --- a/lib/ansible/modules/identity/ipa/ipa_sudocmdgroup.py +++ b/lib/ansible/modules/identity/ipa/ipa_sudocmdgroup.py @@ -11,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'supported_by': 'community'} -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: ipa_sudocmdgroup author: Thomas Krahn (@Nosmoht) @@ -24,23 +24,28 @@ options: - Sudo Command Group. aliases: ['name'] required: true + type: str description: description: - Group description. + type: str state: - description: State to ensure + description: State to ensure. default: present - choices: ['present', 'absent', 'enabled', 'disabled'] + choices: ['absent', 'disabled', 'enabled', 'present'] + type: str sudocmd: description: - List of sudo commands to assign to the group. - If an empty list is passed all assigned commands will be removed from the group. - If option is omitted sudo commands will not be checked or changed. + type: list + elements: str extends_documentation_fragment: ipa.documentation version_added: "2.3" ''' -EXAMPLES = ''' +EXAMPLES = r''' - name: Ensure sudo command group exists ipa_sudocmdgroup: name: group01 @@ -60,7 +65,7 @@ EXAMPLES = ''' ipa_pass: topsecret ''' -RETURN = ''' +RETURN = r''' sudocmdgroup: description: Sudo command group as returned by IPA API returned: always @@ -156,7 +161,7 @@ def main(): argument_spec.update(cn=dict(type='str', required=True, aliases=['name']), description=dict(type='str'), state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']), - sudocmd=dict(type='list')) + sudocmd=dict(type='list', elements='str')) module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) diff --git a/lib/ansible/modules/identity/ipa/ipa_sudorule.py b/lib/ansible/modules/identity/ipa/ipa_sudorule.py index 20bd48ecf11..f6cb47c4c50 100644 --- a/lib/ansible/modules/identity/ipa/ipa_sudorule.py +++ b/lib/ansible/modules/identity/ipa/ipa_sudorule.py @@ -11,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'supported_by': 'community'} -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: ipa_sudorule author: Thomas Krahn (@Nosmoht) @@ -25,74 +25,94 @@ options: - Can not be changed as it is the unique identifier. required: true aliases: ['name'] + type: str cmdcategory: description: - Command category the rule applies to. choices: ['all'] + type: str cmd: description: - List of commands assigned to the rule. - If an empty list is passed all commands will be removed from the rule. - If option is omitted commands will not be checked or changed. + type: list + elements: str description: description: - Description of the sudo rule. + type: str host: description: - List of hosts assigned to the rule. - If an empty list is passed all hosts will be removed from the rule. - If option is omitted hosts will not be checked or changed. - Option C(hostcategory) must be omitted to assign hosts. + type: list + elements: str hostcategory: description: - Host category the rule applies to. - If 'all' is passed one must omit C(host) and C(hostgroup). - Option C(host) and C(hostgroup) must be omitted to assign 'all'. choices: ['all'] + type: str hostgroup: description: - List of host groups assigned to the rule. - If an empty list is passed all host groups will be removed from the rule. - If option is omitted host groups will not be checked or changed. - Option C(hostcategory) must be omitted to assign host groups. + type: list + elements: str runasusercategory: description: - RunAs User category the rule applies to. choices: ['all'] version_added: "2.5" + type: str runasgroupcategory: description: - RunAs Group category the rule applies to. choices: ['all'] version_added: "2.5" + type: str sudoopt: description: - List of options to add to the sudo rule. + type: list + elements: str user: description: - List of users assigned to the rule. - If an empty list is passed all users will be removed from the rule. - If option is omitted users will not be checked or changed. + type: list + elements: str usercategory: description: - User category the rule applies to. choices: ['all'] + type: str usergroup: description: - List of user groups assigned to the rule. - If an empty list is passed all user groups will be removed from the rule. - If option is omitted user groups will not be checked or changed. + type: list + elements: str state: - description: State to ensure + description: State to ensure. default: present - choices: ['present', 'absent', 'enabled', 'disabled'] + choices: ['absent', 'disabled', 'enabled', 'present'] + type: str extends_documentation_fragment: ipa.documentation version_added: "2.3" ''' -EXAMPLES = ''' -# Ensure sudo rule is present that's allows all every body to execute any command on any host without being asked for a password. -- ipa_sudorule: +EXAMPLES = r''' +- name: Ensure sudo rule is present that's allows all every body to execute any command on any host without being asked for a password. + ipa_sudorule: name: sudo_all_nopasswd cmdcategory: all description: Allow to run every command with sudo without password @@ -103,8 +123,9 @@ EXAMPLES = ''' ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret -# Ensure user group developers can run every command on host group db-server as well as on host db01.example.com. -- ipa_sudorule: + +- name: Ensure user group developers can run every command on host group db-server as well as on host db01.example.com. + ipa_sudorule: name: sudo_dev_dbserver description: Allow developers to run every command with sudo on all database server cmdcategory: all @@ -121,7 +142,7 @@ EXAMPLES = ''' ipa_pass: topsecret ''' -RETURN = ''' +RETURN = r''' sudorule: description: Sudorule as returned by IPA returned: always @@ -345,20 +366,20 @@ def ensure(module, client): def main(): argument_spec = ipa_argument_spec() - argument_spec.update(cmd=dict(type='list'), + argument_spec.update(cmd=dict(type='list', elements='str'), cmdcategory=dict(type='str', choices=['all']), cn=dict(type='str', required=True, aliases=['name']), description=dict(type='str'), - host=dict(type='list'), + host=dict(type='list', elements='str'), hostcategory=dict(type='str', choices=['all']), - hostgroup=dict(type='list'), + hostgroup=dict(type='list', elements='str'), runasusercategory=dict(type='str', choices=['all']), runasgroupcategory=dict(type='str', choices=['all']), - sudoopt=dict(type='list'), + sudoopt=dict(type='list', elements='str'), state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']), - user=dict(type='list'), + user=dict(type='list', elements='str'), usercategory=dict(type='str', choices=['all']), - usergroup=dict(type='list')) + usergroup=dict(type='list', elements='str')) module = AnsibleModule(argument_spec=argument_spec, mutually_exclusive=[['cmdcategory', 'cmd'], diff --git a/lib/ansible/modules/identity/ipa/ipa_user.py b/lib/ansible/modules/identity/ipa/ipa_user.py index f8e3db07264..0919b8a0745 100644 --- a/lib/ansible/modules/identity/ipa/ipa_user.py +++ b/lib/ansible/modules/identity/ipa/ipa_user.py @@ -11,16 +11,17 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'supported_by': 'community'} -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: ipa_user author: Thomas Krahn (@Nosmoht) short_description: Manage FreeIPA users description: -- Add, modify and delete user within IPA server +- Add, modify and delete user within IPA server. options: displayname: - description: Display name + description: Display name. + type: str update_password: description: - Set password for a user. @@ -29,52 +30,69 @@ options: choices: [ always, on_create ] version_added: 2.8 givenname: - description: First name + description: First name. + type: str krbpasswordexpiration: description: - - Date at which the user password will expire - - In the format YYYYMMddHHmmss - - e.g. 20180121182022 will expire on 21 January 2018 at 18:20:22 + - Date at which the user password will expire. + - In the format YYYYMMddHHmmss. + - e.g. 20180121182022 will expire on 21 January 2018 at 18:20:22. version_added: 2.5 + type: str loginshell: - description: Login shell + description: Login shell. + type: str mail: description: - List of mail addresses assigned to the user. - If an empty list is passed all assigned email addresses will be deleted. - If None is passed email addresses will not be checked or changed. + type: list + elements: str password: description: - - Password for a user. Will not be set for an existing user unless C(update_password) is set to C(always), which is the default. + - Password for a user. + - Will not be set for an existing user unless I(update_password=always), which is the default. + type: str sn: - description: Surname + description: Surname. + type: str sshpubkey: description: - List of public SSH key. - If an empty list is passed all assigned public keys will be deleted. - If None is passed SSH public keys will not be checked or changed. + type: list + elements: str state: - description: State to ensure + description: State to ensure. default: "present" - choices: ["present", "absent", "enabled", "disabled"] + choices: ["absent", "disabled", "enabled", "present"] + type: str telephonenumber: description: - List of telephone numbers assigned to the user. - If an empty list is passed all assigned telephone numbers will be deleted. - If None is passed telephone numbers will not be checked or changed. + type: list + elements: str title: - description: Title + description: Title. + type: str uid: - description: uid of the user + description: uid of the user. required: true aliases: ["name"] + type: str uidnumber: description: - - Account Settings UID/Posix User ID number + - Account Settings UID/Posix User ID number. + type: str version_added: 2.5 gidnumber: description: - - Posix Group ID + - Posix Group ID. + type: str version_added: 2.5 extends_documentation_fragment: ipa.documentation version_added: "2.3" @@ -83,9 +101,9 @@ requirements: - hashlib ''' -EXAMPLES = ''' -# Ensure pinky is present and always reset password -- ipa_user: +EXAMPLES = r''' +- name: Ensure pinky is present and always reset password + ipa_user: name: pinky state: present krbpasswordexpiration: 20200119235959 @@ -104,16 +122,16 @@ EXAMPLES = ''' ipa_user: admin ipa_pass: topsecret -# Ensure brain is absent -- ipa_user: +- name: Ensure brain is absent + ipa_user: name: brain state: absent ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret -# Ensure pinky is present but don't reset password if already exists -- ipa_user: +- name: Ensure pinky is present but don't reset password if already exists + ipa_user: name: pinky state: present givenname: Pinky @@ -123,10 +141,9 @@ EXAMPLES = ''' ipa_user: admin ipa_pass: topsecret update_password: on_create - ''' -RETURN = ''' +RETURN = r''' user: description: User as returned by IPA API returned: always @@ -311,16 +328,16 @@ def main(): choices=['always', 'on_create']), krbpasswordexpiration=dict(type='str'), loginshell=dict(type='str'), - mail=dict(type='list'), + mail=dict(type='list', elements='str'), sn=dict(type='str'), uid=dict(type='str', required=True, aliases=['name']), gidnumber=dict(type='str'), uidnumber=dict(type='str'), password=dict(type='str', no_log=True), - sshpubkey=dict(type='list'), + sshpubkey=dict(type='list', elements='str'), state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']), - telephonenumber=dict(type='list'), + telephonenumber=dict(type='list', elements='str'), title=dict(type='str')) module = AnsibleModule(argument_spec=argument_spec, diff --git a/lib/ansible/modules/identity/ipa/ipa_vault.py b/lib/ansible/modules/identity/ipa/ipa_vault.py index 77857cf684b..a0458f3a406 100644 --- a/lib/ansible/modules/identity/ipa/ipa_vault.py +++ b/lib/ansible/modules/identity/ipa/ipa_vault.py @@ -10,7 +10,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['preview'], 'supported_by': 'community'} -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: ipa_vault author: Juan Manuel Parrilla (@jparrill) @@ -25,38 +25,46 @@ options: - Can not be changed as it is the unique identifier. required: true aliases: ["name"] + type: str description: description: - Description. + type: str ipavaulttype: description: - Vault types are based on security level. default: "symmetric" - choices: ["standard", "symmetric", "asymmetric"] - required: true + choices: ["asymmetric", "standard", "symmetric"] aliases: ["vault_type"] + type: str ipavaultpublickey: description: - Public key. aliases: ["vault_public_key"] + type: str ipavaultsalt: description: - Vault Salt. aliases: ["vault_salt"] + type: str username: description: - Any user can own one or more user vaults. - Mutually exclusive with service. aliases: ["user"] + type: list + elements: str service: description: - Any service can own one or more service vaults. - Mutually exclusive with user. + type: str state: description: - State to ensure. default: "present" - choices: ["present", "absent"] + choices: ["absent", "present"] + type: str replace: description: - Force replace the existant vault on IPA server. @@ -72,9 +80,9 @@ extends_documentation_fragment: ipa.documentation version_added: "2.7" ''' -EXAMPLES = ''' -# Ensure vault is present -- ipa_vault: +EXAMPLES = r''' +- name: Ensure vault is present + ipa_vault: name: vault01 vault_type: standard user: user01 @@ -83,16 +91,16 @@ EXAMPLES = ''' ipa_pass: topsecret validate_certs: false -# Ensure vault is present for Admin user -- ipa_vault: +- name: Ensure vault is present for Admin user + ipa_vault: name: vault01 vault_type: standard ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret -# Ensure vault is absent -- ipa_vault: +- name: Ensure vault is absent + ipa_vault: name: vault01 vault_type: standard user: user01 @@ -101,8 +109,8 @@ EXAMPLES = ''' ipa_user: admin ipa_pass: topsecret -# Modify vault if already exists -- ipa_vault: +- name: Modify vault if already exists + ipa_vault: name: vault01 vault_type: standard description: "Vault for test" @@ -111,15 +119,15 @@ EXAMPLES = ''' ipa_pass: topsecret replace: True -# Get vault info if already exists -- ipa_vault: +- name: Get vault info if already exists + ipa_vault: name: vault01 ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret ''' -RETURN = ''' +RETURN = r''' vault: description: Vault as returned by IPA API returned: always @@ -221,7 +229,7 @@ def main(): service=dict(type='str'), replace=dict(type='bool', default=False, choices=[True, False]), state=dict(type='str', default='present', choices=['present', 'absent']), - username=dict(type='list', aliases=['user'])) + username=dict(type='list', elements='str', aliases=['user'])) module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True, diff --git a/lib/ansible/plugins/doc_fragments/ipa.py b/lib/ansible/plugins/doc_fragments/ipa.py index 0719a7a378f..1cee07f57ef 100644 --- a/lib/ansible/plugins/doc_fragments/ipa.py +++ b/lib/ansible/plugins/doc_fragments/ipa.py @@ -45,7 +45,6 @@ options: - If GSSAPI is not available, the usage of 'ipa_pass' is required. - Environment variable fallback mechanism is added in Ansible 2.5. type: str - required: true ipa_prot: description: - Protocol used by IPA server. diff --git a/test/sanity/ignore.txt b/test/sanity/ignore.txt index 06d23fd42fb..5c8e14140d9 100644 --- a/test/sanity/ignore.txt +++ b/test/sanity/ignore.txt @@ -1813,36 +1813,6 @@ lib/ansible/modules/files/synchronize.py validate-modules:undocumented-parameter lib/ansible/modules/files/unarchive.py validate-modules:nonexistent-parameter-documented lib/ansible/modules/files/xml.py validate-modules:doc-required-mismatch lib/ansible/modules/identity/cyberark/cyberark_authentication.py validate-modules:parameter-type-not-in-doc -lib/ansible/modules/identity/ipa/ipa_config.py validate-modules:doc-required-mismatch -lib/ansible/modules/identity/ipa/ipa_config.py validate-modules:parameter-type-not-in-doc -lib/ansible/modules/identity/ipa/ipa_dnsrecord.py validate-modules:doc-required-mismatch -lib/ansible/modules/identity/ipa/ipa_dnsrecord.py validate-modules:parameter-type-not-in-doc -lib/ansible/modules/identity/ipa/ipa_dnszone.py validate-modules:doc-required-mismatch -lib/ansible/modules/identity/ipa/ipa_dnszone.py validate-modules:parameter-type-not-in-doc -lib/ansible/modules/identity/ipa/ipa_group.py validate-modules:doc-required-mismatch -lib/ansible/modules/identity/ipa/ipa_group.py validate-modules:parameter-type-not-in-doc -lib/ansible/modules/identity/ipa/ipa_hbacrule.py validate-modules:doc-required-mismatch -lib/ansible/modules/identity/ipa/ipa_hbacrule.py validate-modules:parameter-type-not-in-doc -lib/ansible/modules/identity/ipa/ipa_host.py validate-modules:doc-required-mismatch -lib/ansible/modules/identity/ipa/ipa_host.py validate-modules:parameter-type-not-in-doc -lib/ansible/modules/identity/ipa/ipa_hostgroup.py validate-modules:doc-required-mismatch -lib/ansible/modules/identity/ipa/ipa_hostgroup.py validate-modules:parameter-type-not-in-doc -lib/ansible/modules/identity/ipa/ipa_role.py validate-modules:doc-required-mismatch -lib/ansible/modules/identity/ipa/ipa_role.py validate-modules:parameter-type-not-in-doc -lib/ansible/modules/identity/ipa/ipa_service.py validate-modules:doc-required-mismatch -lib/ansible/modules/identity/ipa/ipa_service.py validate-modules:parameter-type-not-in-doc -lib/ansible/modules/identity/ipa/ipa_subca.py validate-modules:doc-required-mismatch -lib/ansible/modules/identity/ipa/ipa_subca.py validate-modules:parameter-type-not-in-doc -lib/ansible/modules/identity/ipa/ipa_sudocmd.py validate-modules:doc-required-mismatch -lib/ansible/modules/identity/ipa/ipa_sudocmd.py validate-modules:parameter-type-not-in-doc -lib/ansible/modules/identity/ipa/ipa_sudocmdgroup.py validate-modules:doc-required-mismatch -lib/ansible/modules/identity/ipa/ipa_sudocmdgroup.py validate-modules:parameter-type-not-in-doc -lib/ansible/modules/identity/ipa/ipa_sudorule.py validate-modules:doc-required-mismatch -lib/ansible/modules/identity/ipa/ipa_sudorule.py validate-modules:parameter-type-not-in-doc -lib/ansible/modules/identity/ipa/ipa_user.py validate-modules:doc-required-mismatch -lib/ansible/modules/identity/ipa/ipa_user.py validate-modules:parameter-type-not-in-doc -lib/ansible/modules/identity/ipa/ipa_vault.py validate-modules:doc-required-mismatch -lib/ansible/modules/identity/ipa/ipa_vault.py validate-modules:parameter-type-not-in-doc lib/ansible/modules/identity/keycloak/keycloak_client.py validate-modules:doc-default-does-not-match-spec lib/ansible/modules/identity/keycloak/keycloak_client.py validate-modules:doc-missing-type lib/ansible/modules/identity/keycloak/keycloak_client.py validate-modules:doc-required-mismatch