cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

FreeIPA: Fix documentation (#66194)

Browse source 
* Add datatype whereever it is missing
* Fix documentation

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
This commit is contained in:
Abhijeet Kasurde 2020-01-09 15:32:26 +05:30 committed by GitHub
parent 70bc351f31
commit 42b0c967d0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
17 changed files with 358 additions and 254 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
lib/ansible/modules/identity/ipa/ipa_config.py
View file

@ -11,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: ipa_config module: ipa_config
author: Fran Fitzpatrick (@fxfitz) author: Fran Fitzpatrick (@fxfitz)
@ -22,30 +22,32 @@ options:
ipadefaultloginshell: ipadefaultloginshell:
description: Default shell for new users. description: Default shell for new users.
aliases: ["loginshell"] aliases: ["loginshell"]
type: str
ipadefaultemaildomain: ipadefaultemaildomain:
description: Default e-mail domain for new users. description: Default e-mail domain for new users.
aliases: ["emaildomain"] aliases: ["emaildomain"]
type: str
extends_documentation_fragment: ipa.documentation extends_documentation_fragment: ipa.documentation
version_added: "2.7" version_added: "2.7"
''' '''
EXAMPLES = ''' EXAMPLES = r'''
# Ensure the default login shell is bash. - name: Ensure the default login shell is bash.
- ipa_config: ipa_config:
ipadefaultloginshell: /bin/bash ipadefaultloginshell: /bin/bash
ipa_host: localhost ipa_host: localhost
ipa_user: admin ipa_user: admin
ipa_pass: supersecret ipa_pass: supersecret
# Ensure the default e-mail domain is ansible.com. - name: Ensure the default e-mail domain is ansible.com.
- ipa_config: ipa_config:
ipadefaultemaildomain: ansible.com ipadefaultemaildomain: ansible.com
ipa_host: localhost ipa_host: localhost
ipa_user: admin ipa_user: admin
ipa_pass: supersecret ipa_pass: supersecret
''' '''
RETURN = ''' RETURN = r'''
config: config:
description: Configuration as returned by IPA API. description: Configuration as returned by IPA API.
returned: always returned: always

44
lib/ansible/modules/identity/ipa/ipa_dnsrecord.py
View file

@ -14,7 +14,7 @@ ANSIBLE_METADATA = {
} }
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: ipa_dnsrecord module: ipa_dnsrecord
author: Abhijeet Kasurde (@Akasurde) author: Abhijeet Kasurde (@Akasurde)
@ -26,11 +26,13 @@ options:
description: description:
- The DNS zone name to which DNS record needs to be managed. - The DNS zone name to which DNS record needs to be managed.
required: true required: true
type: str
record_name: record_name:
description: description:
- The DNS record name to manage. - The DNS record name to manage.
required: true required: true
aliases: ["name"] aliases: ["name"]
type: str
record_type: record_type:
description: description:
- The type of DNS record name. - The type of DNS record name.
@ -39,7 +41,8 @@ options:
- "'SRV' and 'MX' are added in version 2.8." - "'SRV' and 'MX' are added in version 2.8."
required: false required: false
default: 'A' default: 'A'
choices: ['A', 'AAAA', 'A6', 'CNAME', 'DNAME', 'PTR', 'TXT', 'SRV', 'MX'] choices: ['A', 'AAAA', 'A6', 'CNAME', 'DNAME', 'MX', 'PTR', 'SRV', 'TXT']
type: str
record_value: record_value:
description: description:
- Manage DNS record name with this value. - Manage DNS record name with this value.
@ -52,24 +55,27 @@ options:
- In the case of 'SRV' record type, this will be a service record. - In the case of 'SRV' record type, this will be a service record.
- In the case of 'MX' record type, this will be a mail exchanger record. - In the case of 'MX' record type, this will be a mail exchanger record.
required: true required: true
type: str
record_ttl: record_ttl:
description: description:
- Set the TTL for the record. - Set the TTL for the record.
- Applies only when adding a new or changing the value of record_value. - Applies only when adding a new or changing the value of record_value.
version_added: "2.7" version_added: "2.7"
required: false required: false
type: int
state: state:
description: State to ensure description: State to ensure
required: false required: false
default: present default: present
choices: ["present", "absent"] choices: ["absent", "present"]
type: str
extends_documentation_fragment: ipa.documentation extends_documentation_fragment: ipa.documentation
version_added: "2.4" version_added: "2.4"
''' '''
EXAMPLES = ''' EXAMPLES = r'''
# Ensure dns record is present - name: Ensure dns record is present
- ipa_dnsrecord: ipa_dnsrecord:
ipa_host: spider.example.com ipa_host: spider.example.com
ipa_pass: Passw0rd! ipa_pass: Passw0rd!
state: present state: present
@ -78,8 +84,8 @@ EXAMPLES = '''
record_type: 'AAAA' record_type: 'AAAA'
record_value: '::1' record_value: '::1'
# Ensure that dns record exists with a TTL - name: Ensure that dns record exists with a TTL
- ipa_dnsrecord: ipa_dnsrecord:
name: host02 name: host02
zone_name: example.com zone_name: example.com
record_type: 'AAAA' record_type: 'AAAA'
@ -89,8 +95,8 @@ EXAMPLES = '''
ipa_pass: topsecret ipa_pass: topsecret
state: present state: present
# Ensure a PTR record is present - name: Ensure a PTR record is present
- ipa_dnsrecord: ipa_dnsrecord:
ipa_host: spider.example.com ipa_host: spider.example.com
ipa_pass: Passw0rd! ipa_pass: Passw0rd!
state: present state: present
@ -99,8 +105,8 @@ EXAMPLES = '''
record_type: 'PTR' record_type: 'PTR'
record_value: 'internal.ipa.example.com' record_value: 'internal.ipa.example.com'
# Ensure a TXT record is present - name: Ensure a TXT record is present
- ipa_dnsrecord: ipa_dnsrecord:
ipa_host: spider.example.com ipa_host: spider.example.com
ipa_pass: Passw0rd! ipa_pass: Passw0rd!
state: present state: present
@ -109,8 +115,8 @@ EXAMPLES = '''
record_type: 'TXT' record_type: 'TXT'
record_value: 'EXAMPLE.COM' record_value: 'EXAMPLE.COM'
# Ensure an SRV record is present - name: Ensure an SRV record is present
- ipa_dnsrecord: ipa_dnsrecord:
ipa_host: spider.example.com ipa_host: spider.example.com
ipa_pass: Passw0rd! ipa_pass: Passw0rd!
state: present state: present
@ -119,8 +125,8 @@ EXAMPLES = '''
record_type: 'SRV' record_type: 'SRV'
record_value: '10 50 88 ipa.example.com' record_value: '10 50 88 ipa.example.com'
# Ensure an MX record is present - name: Ensure an MX record is present
- ipa_dnsrecord: ipa_dnsrecord:
ipa_host: spider.example.com ipa_host: spider.example.com
ipa_pass: Passw0rd! ipa_pass: Passw0rd!
state: present state: present
@ -129,8 +135,8 @@ EXAMPLES = '''
record_type: 'MX' record_type: 'MX'
record_value: '1 mailserver.example.com' record_value: '1 mailserver.example.com'
# Ensure that dns record is removed - name: Ensure that dns record is removed
- ipa_dnsrecord: ipa_dnsrecord:
name: host01 name: host01
zone_name: example.com zone_name: example.com
record_type: 'AAAA' record_type: 'AAAA'
@ -141,7 +147,7 @@ EXAMPLES = '''
state: absent state: absent
''' '''
RETURN = ''' RETURN = r'''
dnsrecord: dnsrecord:
description: DNS record as returned by IPA API. description: DNS record as returned by IPA API.
returned: always returned: always

23
lib/ansible/modules/identity/ipa/ipa_dnszone.py
View file

@ -12,7 +12,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: ipa_dnszone module: ipa_dnszone
author: Fran Fitzpatrick (@fxfitz) author: Fran Fitzpatrick (@fxfitz)
@ -24,39 +24,42 @@ options:
description: description:
- The DNS zone name to which needs to be managed. - The DNS zone name to which needs to be managed.
required: true required: true
type: str
state: state:
description: State to ensure description: State to ensure
required: false required: false
default: present default: present
choices: ["present", "absent"] choices: ["absent", "present"]
type: str
dynamicupdate: dynamicupdate:
description: Apply dynamic update to zone description: Apply dynamic update to zone
required: false required: false
default: "false" default: "false"
choices: ["false", "true"] choices: ["false", "true"]
version_added: "2.9" version_added: "2.9"
type: str
extends_documentation_fragment: ipa.documentation extends_documentation_fragment: ipa.documentation
version_added: "2.5" version_added: "2.5"
''' '''
EXAMPLES = ''' EXAMPLES = r'''
# Ensure dns zone is present - name: Ensure dns zone is present
- ipa_dnszone: ipa_dnszone:
ipa_host: spider.example.com ipa_host: spider.example.com
ipa_pass: Passw0rd! ipa_pass: Passw0rd!
state: present state: present
zone_name: example.com zone_name: example.com
# Ensure dns zone is present and is dynamic update - name: Ensure dns zone is present and is dynamic update
- ipa_dnszone: ipa_dnszone:
ipa_host: spider.example.com ipa_host: spider.example.com
ipa_pass: Passw0rd! ipa_pass: Passw0rd!
state: present state: present
zone_name: example.com zone_name: example.com
dynamicupdate: true dynamicupdate: true
# Ensure that dns zone is removed - name: Ensure that dns zone is removed
- ipa_dnszone: ipa_dnszone:
zone_name: example.com zone_name: example.com
ipa_host: localhost ipa_host: localhost
ipa_user: admin ipa_user: admin
@ -64,7 +67,7 @@ EXAMPLES = '''
state: absent state: absent
''' '''
RETURN = ''' RETURN = r'''
zone: zone:
description: DNS zone as returned by IPA API. description: DNS zone as returned by IPA API.
returned: always returned: always

36
lib/ansible/modules/identity/ipa/ipa_group.py
View file

@ -10,7 +10,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'], 'status': ['preview'],
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: ipa_group module: ipa_group
author: Thomas Krahn (@Nosmoht) author: Thomas Krahn (@Nosmoht)
@ -24,9 +24,11 @@ options:
- Can not be changed as it is the unique identifier. - Can not be changed as it is the unique identifier.
required: true required: true
aliases: ['name'] aliases: ['name']
type: str
description: description:
description: description:
- Description of the group. - Description of the group.
type: str
external: external:
description: description:
- Allow adding external non-IPA members from trusted domains. - Allow adding external non-IPA members from trusted domains.
@ -35,12 +37,15 @@ options:
description: description:
- GID (use this option to set it manually). - GID (use this option to set it manually).
aliases: ['gid'] aliases: ['gid']
type: str
group: group:
description: description:
- List of group names assigned to this group. - List of group names assigned to this group.
- If an empty list is passed all groups will be removed from this group. - If an empty list is passed all groups will be removed from this group.
- If option is omitted assigned groups will not be checked or changed. - If option is omitted assigned groups will not be checked or changed.
- Groups that are already assigned but not passed will be removed. - Groups that are already assigned but not passed will be removed.
type: list
elements: str
nonposix: nonposix:
description: description:
- Create as a non-POSIX group. - Create as a non-POSIX group.
@ -51,18 +56,21 @@ options:
- If an empty list is passed all users will be removed from this group. - If an empty list is passed all users will be removed from this group.
- If option is omitted assigned users will not be checked or changed. - If option is omitted assigned users will not be checked or changed.
- Users that are already assigned but not passed will be removed. - Users that are already assigned but not passed will be removed.
type: list
elements: str
state: state:
description: description:
- State to ensure - State to ensure
default: "present" default: "present"
choices: ["present", "absent"] choices: ["absent", "present"]
type: str
extends_documentation_fragment: ipa.documentation extends_documentation_fragment: ipa.documentation
version_added: "2.3" version_added: "2.3"
''' '''
EXAMPLES = ''' EXAMPLES = r'''
# Ensure group is present - name: Ensure group is present
- ipa_group: ipa_group:
name: oinstall name: oinstall
gidnumber: 54321 gidnumber: 54321
state: present state: present
@ -70,8 +78,8 @@ EXAMPLES = '''
ipa_user: admin ipa_user: admin
ipa_pass: topsecret ipa_pass: topsecret
# Ensure that groups sysops and appops are assigned to ops but no other group - name: Ensure that groups sysops and appops are assigned to ops but no other group
- ipa_group: ipa_group:
name: ops name: ops
group: group:
- sysops - sysops
@ -80,8 +88,8 @@ EXAMPLES = '''
ipa_user: admin ipa_user: admin
ipa_pass: topsecret ipa_pass: topsecret
# Ensure that users linus and larry are assign to the group, but no other user - name: Ensure that users linus and larry are assign to the group, but no other user
- ipa_group: ipa_group:
name: sysops name: sysops
user: user:
- linus - linus
@ -90,8 +98,8 @@ EXAMPLES = '''
ipa_user: admin ipa_user: admin
ipa_pass: topsecret ipa_pass: topsecret
# Ensure group is absent - name: Ensure group is absent
- ipa_group: ipa_group:
name: sysops name: sysops
state: absent state: absent
ipa_host: ipa.example.com ipa_host: ipa.example.com
@ -99,7 +107,7 @@ EXAMPLES = '''
ipa_pass: topsecret ipa_pass: topsecret
''' '''
RETURN = ''' RETURN = r'''
group: group:
description: Group as returned by IPA API description: Group as returned by IPA API
returned: always returned: always
@ -228,10 +236,10 @@ def main():
description=dict(type='str'), description=dict(type='str'),
external=dict(type='bool'), external=dict(type='bool'),
gidnumber=dict(type='str', aliases=['gid']), gidnumber=dict(type='str', aliases=['gid']),
group=dict(type='list'), group=dict(type='list', elements='str'),
nonposix=dict(type='bool'), nonposix=dict(type='bool'),
state=dict(type='str', default='present', choices=['present', 'absent']), state=dict(type='str', default='present', choices=['present', 'absent']),
user=dict(type='list')) user=dict(type='list', elements='str'))
module = AnsibleModule(argument_spec=argument_spec, module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True, supports_check_mode=True,

58
lib/ansible/modules/identity/ipa/ipa_hbacrule.py
View file

@ -11,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: ipa_hbacrule module: ipa_hbacrule
author: Thomas Krahn (@Nosmoht) author: Thomas Krahn (@Nosmoht)
@ -25,72 +25,94 @@ options:
- Can not be changed as it is the unique identifier. - Can not be changed as it is the unique identifier.
required: true required: true
aliases: ["name"] aliases: ["name"]
type: str
description: description:
description: Description description: Description
type: str
host: host:
description: description:
- List of host names to assign. - List of host names to assign.
- If an empty list is passed all hosts will be removed from the rule. - If an empty list is passed all hosts will be removed from the rule.
- If option is omitted hosts will not be checked or changed. - If option is omitted hosts will not be checked or changed.
required: false required: false
type: list
elements: str
hostcategory: hostcategory:
description: Host category description: Host category
choices: ['all'] choices: ['all']
type: str
hostgroup: hostgroup:
description: description:
- List of hostgroup names to assign. - List of hostgroup names to assign.
- If an empty list is passed all hostgroups will be removed. from the rule - If an empty list is passed all hostgroups will be removed. from the rule
- If option is omitted hostgroups will not be checked or changed. - If option is omitted hostgroups will not be checked or changed.
type: list
elements: str
service: service:
description: description:
- List of service names to assign. - List of service names to assign.
- If an empty list is passed all services will be removed from the rule. - If an empty list is passed all services will be removed from the rule.
- If option is omitted services will not be checked or changed. - If option is omitted services will not be checked or changed.
type: list
elements: str
servicecategory: servicecategory:
description: Service category description: Service category
choices: ['all'] choices: ['all']
type: str
servicegroup: servicegroup:
description: description:
- List of service group names to assign. - List of service group names to assign.
- If an empty list is passed all assigned service groups will be removed from the rule. - If an empty list is passed all assigned service groups will be removed from the rule.
- If option is omitted service groups will not be checked or changed. - If option is omitted service groups will not be checked or changed.
type: list
elements: str
sourcehost: sourcehost:
description: description:
- List of source host names to assign. - List of source host names to assign.
- If an empty list if passed all assigned source hosts will be removed from the rule. - If an empty list if passed all assigned source hosts will be removed from the rule.
- If option is omitted source hosts will not be checked or changed. - If option is omitted source hosts will not be checked or changed.
type: list
elements: str
sourcehostcategory: sourcehostcategory:
description: Source host category description: Source host category
choices: ['all'] choices: ['all']
type: str
sourcehostgroup: sourcehostgroup:
description: description:
- List of source host group names to assign. - List of source host group names to assign.
- If an empty list if passed all assigned source host groups will be removed from the rule. - If an empty list if passed all assigned source host groups will be removed from the rule.
- If option is omitted source host groups will not be checked or changed. - If option is omitted source host groups will not be checked or changed.
type: list
elements: str
state: state:
description: State to ensure description: State to ensure
default: "present" default: "present"
choices: ["present", "absent", "enabled", "disabled"] choices: ["absent", "disabled", "enabled","present"]
type: str
user: user:
description: description:
- List of user names to assign. - List of user names to assign.
- If an empty list if passed all assigned users will be removed from the rule. - If an empty list if passed all assigned users will be removed from the rule.
- If option is omitted users will not be checked or changed. - If option is omitted users will not be checked or changed.
type: list
elements: str
usercategory: usercategory:
description: User category description: User category
choices: ['all'] choices: ['all']
type: str
usergroup: usergroup:
description: description:
- List of user group names to assign. - List of user group names to assign.
- If an empty list if passed all assigned user groups will be removed from the rule. - If an empty list if passed all assigned user groups will be removed from the rule.
- If option is omitted user groups will not be checked or changed. - If option is omitted user groups will not be checked or changed.
type: list
extends_documentation_fragment: ipa.documentation extends_documentation_fragment: ipa.documentation
version_added: "2.3" version_added: "2.3"
''' '''
EXAMPLES = ''' EXAMPLES = r'''
# Ensure rule to allow all users to access any host from any host - name: Ensure rule to allow all users to access any host from any host
- ipa_hbacrule: ipa_hbacrule:
name: allow_all name: allow_all
description: Allow all users to access any host from any host description: Allow all users to access any host from any host
hostcategory: all hostcategory: all
@ -101,8 +123,8 @@ EXAMPLES = '''
ipa_user: admin ipa_user: admin
ipa_pass: topsecret ipa_pass: topsecret
# Ensure rule with certain limitations - name: Ensure rule with certain limitations
- ipa_hbacrule: ipa_hbacrule:
name: allow_all_developers_access_to_db name: allow_all_developers_access_to_db
description: Allow all developers to access any database from any host description: Allow all developers to access any database from any host
hostgroup: hostgroup:
@ -114,8 +136,8 @@ EXAMPLES = '''
ipa_user: admin ipa_user: admin
ipa_pass: topsecret ipa_pass: topsecret
# Ensure rule is absent - name: Ensure rule is absent
- ipa_hbacrule: ipa_hbacrule:
name: rule_to_be_deleted name: rule_to_be_deleted
state: absent state: absent
ipa_host: ipa.example.com ipa_host: ipa.example.com
@ -123,7 +145,7 @@ EXAMPLES = '''
ipa_pass: topsecret ipa_pass: topsecret
''' '''
RETURN = ''' RETURN = r'''
hbacrule: hbacrule:
description: HBAC rule as returned by IPA API. description: HBAC rule as returned by IPA API.
returned: always returned: always
@ -300,19 +322,19 @@ def main():
argument_spec = ipa_argument_spec() argument_spec = ipa_argument_spec()
argument_spec.update(cn=dict(type='str', required=True, aliases=['name']), argument_spec.update(cn=dict(type='str', required=True, aliases=['name']),
description=dict(type='str'), description=dict(type='str'),
host=dict(type='list'), host=dict(type='list', elements='str'),
hostcategory=dict(type='str', choices=['all']), hostcategory=dict(type='str', choices=['all']),
hostgroup=dict(type='list'), hostgroup=dict(type='list', elements='str'),
service=dict(type='list'), service=dict(type='list', elements='str'),
servicecategory=dict(type='str', choices=['all']), servicecategory=dict(type='str', choices=['all']),
servicegroup=dict(type='list'), servicegroup=dict(type='list', elements='str'),
sourcehost=dict(type='list'), sourcehost=dict(type='list', elements='str'),
sourcehostcategory=dict(type='str', choices=['all']), sourcehostcategory=dict(type='str', choices=['all']),
sourcehostgroup=dict(type='list'), sourcehostgroup=dict(type='list', elements='str'),
state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']), state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']),
user=dict(type='list'), user=dict(type='list', elements='str'),
usercategory=dict(type='str', choices=['all']), usercategory=dict(type='str', choices=['all']),
usergroup=dict(type='list')) usergroup=dict(type='list', elements='str'))
module = AnsibleModule(argument_spec=argument_spec, module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True supports_check_mode=True

53
lib/ansible/modules/identity/ipa/ipa_host.py
View file

@ -11,13 +11,13 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: ipa_host module: ipa_host
author: Thomas Krahn (@Nosmoht) author: Thomas Krahn (@Nosmoht)
short_description: Manage FreeIPA host short_description: Manage FreeIPA host
description: description:
- Add, modify and delete an IPA host using IPA API - Add, modify and delete an IPA host using IPA API.
options: options:
fqdn: fqdn:
description: description:
@ -25,9 +25,11 @@ options:
- Can not be changed as it is the unique identifier. - Can not be changed as it is the unique identifier.
required: true required: true
aliases: ["name"] aliases: ["name"]
type: str
description: description:
description: description:
- A description of this host. - A description of this host.
type: str
force: force:
description: description:
- Force host name even if not in DNS. - Force host name even if not in DNS.
@ -36,6 +38,7 @@ options:
ip_address: ip_address:
description: description:
- Add the host to DNS with this IP address. - Add the host to DNS with this IP address.
type: str
mac_address: mac_address:
description: description:
- List of Hardware MAC address(es) off this host. - List of Hardware MAC address(es) off this host.
@ -43,18 +46,23 @@ options:
- If an empty list is passed all assigned MAC addresses will be removed. - If an empty list is passed all assigned MAC addresses will be removed.
- MAC addresses that are already assigned but not passed will be removed. - MAC addresses that are already assigned but not passed will be removed.
aliases: ["macaddress"] aliases: ["macaddress"]
type: list
elements: str
ns_host_location: ns_host_location:
description: description:
- Host location (e.g. "Lab 2") - Host location (e.g. "Lab 2")
aliases: ["nshostlocation"] aliases: ["nshostlocation"]
type: str
ns_hardware_platform: ns_hardware_platform:
description: description:
- Host hardware platform (e.g. "Lenovo T61") - Host hardware platform (e.g. "Lenovo T61")
aliases: ["nshardwareplatform"] aliases: ["nshardwareplatform"]
type: str
ns_os_version: ns_os_version:
description: description:
- Host operating system and version (e.g. "Fedora 9") - Host operating system and version (e.g. "Fedora 9")
aliases: ["nsosversion"] aliases: ["nsosversion"]
type: str
user_certificate: user_certificate:
description: description:
- List of Base-64 encoded server certificates. - List of Base-64 encoded server certificates.
@ -62,10 +70,13 @@ options:
- If an empty list is passed all assigned certificates will be removed. - If an empty list is passed all assigned certificates will be removed.
- Certificates already assigned but not passed will be removed. - Certificates already assigned but not passed will be removed.
aliases: ["usercertificate"] aliases: ["usercertificate"]
type: list
elements: str
state: state:
description: State to ensure description: State to ensure.
default: present default: present
choices: ["present", "absent", "enabled", "disabled"] choices: ["absent", "disabled", "enabled", "present"]
type: str
update_dns: update_dns:
description: description:
- If set C("True") with state as C("absent"), then removes DNS records of the host managed by FreeIPA DNS. - If set C("True") with state as C("absent"), then removes DNS records of the host managed by FreeIPA DNS.
@ -74,7 +85,7 @@ options:
type: bool type: bool
version_added: "2.5" version_added: "2.5"
random_password: random_password:
description: Generate a random password to be used in bulk enrollment description: Generate a random password to be used in bulk enrollment.
default: False default: False
type: bool type: bool
version_added: '2.5' version_added: '2.5'
@ -82,9 +93,9 @@ extends_documentation_fragment: ipa.documentation
version_added: "2.3" version_added: "2.3"
''' '''
EXAMPLES = ''' EXAMPLES = r'''
# Ensure host is present - name: Ensure host is present
- ipa_host: ipa_host:
name: host01.example.com name: host01.example.com
description: Example host description: Example host
ip_address: 192.168.0.123 ip_address: 192.168.0.123
@ -99,8 +110,8 @@ EXAMPLES = '''
ipa_user: admin ipa_user: admin
ipa_pass: topsecret ipa_pass: topsecret
# Generate a random password for bulk enrolment - name: Generate a random password for bulk enrolment
- ipa_host: ipa_host:
name: host01.example.com name: host01.example.com
description: Example host description: Example host
ip_address: 192.168.0.123 ip_address: 192.168.0.123
@ -111,32 +122,32 @@ EXAMPLES = '''
validate_certs: False validate_certs: False
random_password: True random_password: True
# Ensure host is disabled - name: Ensure host is disabled
- ipa_host: ipa_host:
name: host01.example.com name: host01.example.com
state: disabled state: disabled
ipa_host: ipa.example.com ipa_host: ipa.example.com
ipa_user: admin ipa_user: admin
ipa_pass: topsecret ipa_pass: topsecret
# Ensure that all user certificates are removed - name: Ensure that all user certificates are removed
- ipa_host: ipa_host:
name: host01.example.com name: host01.example.com
user_certificate: [] user_certificate: []
ipa_host: ipa.example.com ipa_host: ipa.example.com
ipa_user: admin ipa_user: admin
ipa_pass: topsecret ipa_pass: topsecret
# Ensure host is absent - name: Ensure host is absent
- ipa_host: ipa_host:
name: host01.example.com name: host01.example.com
state: absent state: absent
ipa_host: ipa.example.com ipa_host: ipa.example.com
ipa_user: admin ipa_user: admin
ipa_pass: topsecret ipa_pass: topsecret
# Ensure host and its DNS record is absent - name: Ensure host and its DNS record is absent
- ipa_host: ipa_host:
name: host01.example.com name: host01.example.com
state: absent state: absent
ipa_host: ipa.example.com ipa_host: ipa.example.com
@ -145,7 +156,7 @@ EXAMPLES = '''
update_dns: True update_dns: True
''' '''
RETURN = ''' RETURN = r'''
host: host:
description: Host as returned by IPA API. description: Host as returned by IPA API.
returned: always returned: always
@ -275,8 +286,8 @@ def main():
ns_host_location=dict(type='str', aliases=['nshostlocation']), ns_host_location=dict(type='str', aliases=['nshostlocation']),
ns_hardware_platform=dict(type='str', aliases=['nshardwareplatform']), ns_hardware_platform=dict(type='str', aliases=['nshardwareplatform']),
ns_os_version=dict(type='str', aliases=['nsosversion']), ns_os_version=dict(type='str', aliases=['nsosversion']),
user_certificate=dict(type='list', aliases=['usercertificate']), user_certificate=dict(type='list', aliases=['usercertificate'], elements='str'),
mac_address=dict(type='list', aliases=['macaddress']), mac_address=dict(type='list', aliases=['macaddress'], elements='str'),
update_dns=dict(type='bool'), update_dns=dict(type='bool'),
state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']), state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']),
random_password=dict(type='bool'),) random_password=dict(type='bool'),)

31
lib/ansible/modules/identity/ipa/ipa_hostgroup.py
View file

@ -11,13 +11,13 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: ipa_hostgroup module: ipa_hostgroup
author: Thomas Krahn (@Nosmoht) author: Thomas Krahn (@Nosmoht)
short_description: Manage FreeIPA host-group short_description: Manage FreeIPA host-group
description: description:
- Add, modify and delete an IPA host-group using IPA API - Add, modify and delete an IPA host-group using IPA API.
options: options:
cn: cn:
description: description:
@ -25,33 +25,40 @@ options:
- Can not be changed as it is the unique identifier. - Can not be changed as it is the unique identifier.
required: true required: true
aliases: ["name"] aliases: ["name"]
type: str
description: description:
description: description:
- Description - Description.
type: str
host: host:
description: description:
- List of hosts that belong to the host-group. - List of hosts that belong to the host-group.
- If an empty list is passed all hosts will be removed from the group. - If an empty list is passed all hosts will be removed from the group.
- If option is omitted hosts will not be checked or changed. - If option is omitted hosts will not be checked or changed.
- If option is passed all assigned hosts that are not passed will be unassigned from the group. - If option is passed all assigned hosts that are not passed will be unassigned from the group.
type: list
elements: str
hostgroup: hostgroup:
description: description:
- List of host-groups than belong to that host-group. - List of host-groups than belong to that host-group.
- If an empty list is passed all host-groups will be removed from the group. - If an empty list is passed all host-groups will be removed from the group.
- If option is omitted host-groups will not be checked or changed. - If option is omitted host-groups will not be checked or changed.
- If option is passed all assigned hostgroups that are not passed will be unassigned from the group. - If option is passed all assigned hostgroups that are not passed will be unassigned from the group.
type: list
elements: str
state: state:
description: description:
- State to ensure. - State to ensure.
default: "present" default: "present"
choices: ["present", "absent", "enabled", "disabled"] choices: ["absent", "disabled", "enabled", "present"]
type: str
extends_documentation_fragment: ipa.documentation extends_documentation_fragment: ipa.documentation
version_added: "2.3" version_added: "2.3"
''' '''
EXAMPLES = ''' EXAMPLES = r'''
# Ensure host-group databases is present - name: Ensure host-group databases is present
- ipa_hostgroup: ipa_hostgroup:
name: databases name: databases
state: present state: present
host: host:
@ -63,8 +70,8 @@ EXAMPLES = '''
ipa_user: admin ipa_user: admin
ipa_pass: topsecret ipa_pass: topsecret
# Ensure host-group databases is absent - name: Ensure host-group databases is absent
- ipa_hostgroup: ipa_hostgroup:
name: databases name: databases
state: absent state: absent
ipa_host: ipa.example.com ipa_host: ipa.example.com
@ -72,7 +79,7 @@ EXAMPLES = '''
ipa_pass: topsecret ipa_pass: topsecret
''' '''
RETURN = ''' RETURN = r'''
hostgroup: hostgroup:
description: Hostgroup as returned by IPA API. description: Hostgroup as returned by IPA API.
returned: always returned: always
@ -180,8 +187,8 @@ def main():
argument_spec = ipa_argument_spec() argument_spec = ipa_argument_spec()
argument_spec.update(cn=dict(type='str', required=True, aliases=['name']), argument_spec.update(cn=dict(type='str', required=True, aliases=['name']),
description=dict(type='str'), description=dict(type='str'),
host=dict(type='list'), host=dict(type='list', elements='str'),
hostgroup=dict(type='list'), hostgroup=dict(type='list', elements='str'),
state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled'])) state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']))
module = AnsibleModule(argument_spec=argument_spec, module = AnsibleModule(argument_spec=argument_spec,

51
lib/ansible/modules/identity/ipa/ipa_role.py
View file

@ -11,13 +11,13 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: ipa_role module: ipa_role
author: Thomas Krahn (@Nosmoht) author: Thomas Krahn (@Nosmoht)
short_description: Manage FreeIPA role short_description: Manage FreeIPA role
description: description:
- Add, modify and delete a role within FreeIPA server using FreeIPA API - Add, modify and delete a role within FreeIPA server using FreeIPA API.
options: options:
cn: cn:
description: description:
@ -25,33 +25,43 @@ options:
- Can not be changed as it is the unique identifier. - Can not be changed as it is the unique identifier.
required: true required: true
aliases: ['name'] aliases: ['name']
type: str
description: description:
description: description:
- A description of this role-group. - A description of this role-group.
type: str
group: group:
description: description:
- List of group names assign to this role. - List of group names assign to this role.
- If an empty list is passed all assigned groups will be unassigned from the role. - If an empty list is passed all assigned groups will be unassigned from the role.
- If option is omitted groups will not be checked or changed. - If option is omitted groups will not be checked or changed.
- If option is passed all assigned groups that are not passed will be unassigned from the role. - If option is passed all assigned groups that are not passed will be unassigned from the role.
type: list
elements: str
host: host:
description: description:
- List of host names to assign. - List of host names to assign.
- If an empty list is passed all assigned hosts will be unassigned from the role. - If an empty list is passed all assigned hosts will be unassigned from the role.
- If option is omitted hosts will not be checked or changed. - If option is omitted hosts will not be checked or changed.
- If option is passed all assigned hosts that are not passed will be unassigned from the role. - If option is passed all assigned hosts that are not passed will be unassigned from the role.
type: list
elements: str
hostgroup: hostgroup:
description: description:
- List of host group names to assign. - List of host group names to assign.
- If an empty list is passed all assigned host groups will be removed from the role. - If an empty list is passed all assigned host groups will be removed from the role.
- If option is omitted host groups will not be checked or changed. - If option is omitted host groups will not be checked or changed.
- If option is passed all assigned hostgroups that are not passed will be unassigned from the role. - If option is passed all assigned hostgroups that are not passed will be unassigned from the role.
type: list
elements: str
privilege: privilege:
description: description:
- List of privileges granted to the role. - List of privileges granted to the role.
- If an empty list is passed all assigned privileges will be removed. - If an empty list is passed all assigned privileges will be removed.
- If option is omitted privileges will not be checked or changed. - If option is omitted privileges will not be checked or changed.
- If option is passed all assigned privileges that are not passed will be removed. - If option is passed all assigned privileges that are not passed will be removed.
type: list
elements: str
version_added: "2.4" version_added: "2.4"
service: service:
description: description:
@ -59,22 +69,27 @@ options:
- If an empty list is passed all assigned services will be removed from the role. - If an empty list is passed all assigned services will be removed from the role.
- If option is omitted services will not be checked or changed. - If option is omitted services will not be checked or changed.
- If option is passed all assigned services that are not passed will be removed from the role. - If option is passed all assigned services that are not passed will be removed from the role.
type: list
elements: str
state: state:
description: State to ensure description: State to ensure.
default: "present" default: "present"
choices: ["present", "absent"] choices: ["absent", "present"]
type: str
user: user:
description: description:
- List of user names to assign. - List of user names to assign.
- If an empty list is passed all assigned users will be removed from the role. - If an empty list is passed all assigned users will be removed from the role.
- If option is omitted users will not be checked or changed. - If option is omitted users will not be checked or changed.
type: list
elements: str
extends_documentation_fragment: ipa.documentation extends_documentation_fragment: ipa.documentation
version_added: "2.3" version_added: "2.3"
''' '''
EXAMPLES = ''' EXAMPLES = r'''
# Ensure role is present - name: Ensure role is present
- ipa_role: ipa_role:
name: dba name: dba
description: Database Administrators description: Database Administrators
state: present state: present
@ -85,8 +100,8 @@ EXAMPLES = '''
ipa_user: admin ipa_user: admin
ipa_pass: topsecret ipa_pass: topsecret
# Ensure role with certain details - name: Ensure role with certain details
- ipa_role: ipa_role:
name: another-role name: another-role
description: Just another role description: Just another role
group: group:
@ -101,8 +116,8 @@ EXAMPLES = '''
service: service:
- service01 - service01
# Ensure role is absent - name: Ensure role is absent
- ipa_role: ipa_role:
name: dba name: dba
state: absent state: absent
ipa_host: ipa.example.com ipa_host: ipa.example.com
@ -110,7 +125,7 @@ EXAMPLES = '''
ipa_pass: topsecret ipa_pass: topsecret
''' '''
RETURN = ''' RETURN = r'''
role: role:
description: Role as returned by IPA API. description: Role as returned by IPA API.
returned: always returned: always
@ -263,13 +278,13 @@ def main():
argument_spec = ipa_argument_spec() argument_spec = ipa_argument_spec()
argument_spec.update(cn=dict(type='str', required=True, aliases=['name']), argument_spec.update(cn=dict(type='str', required=True, aliases=['name']),
description=dict(type='str'), description=dict(type='str'),
group=dict(type='list'), group=dict(type='list', elements='str'),
host=dict(type='list'), host=dict(type='list', elements='str'),
hostgroup=dict(type='list'), hostgroup=dict(type='list', elements='str'),
privilege=dict(type='list'), privilege=dict(type='list', elements='str'),
service=dict(type='list'), service=dict(type='list', elements='str'),
state=dict(type='str', default='present', choices=['present', 'absent']), state=dict(type='str', default='present', choices=['present', 'absent']),
user=dict(type='list')) user=dict(type='list', elements='str'))
module = AnsibleModule(argument_spec=argument_spec, module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True) supports_check_mode=True)

34
lib/ansible/modules/identity/ipa/ipa_service.py
View file

@ -11,57 +11,61 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: ipa_service module: ipa_service
author: Cédric Parent (@cprh) author: Cédric Parent (@cprh)
short_description: Manage FreeIPA service short_description: Manage FreeIPA service
description: description:
- Add and delete an IPA service using IPA API - Add and delete an IPA service using IPA API.
options: options:
krbcanonicalname: krbcanonicalname:
description: description:
- principal of the service - Principal of the service.
- Can not be changed as it is the unique identifier. - Can not be changed as it is the unique identifier.
required: true required: true
aliases: ["name"] aliases: ["name"]
type: str
hosts: hosts:
description: description:
- defines the list of 'ManagedBy' hosts - Defines the list of 'ManagedBy' hosts.
required: false required: false
type: list
elements: str
force: force:
description: description:
- Force principal name even if host is not in DNS. - Force principal name even if host is not in DNS.
required: false required: false
type: bool type: bool
state: state:
description: State to ensure description: State to ensure.
required: false required: false
default: present default: present
choices: ["present", "absent"] choices: ["absent", "present"]
type: str
extends_documentation_fragment: ipa.documentation extends_documentation_fragment: ipa.documentation
version_added: "2.5" version_added: "2.5"
''' '''
EXAMPLES = ''' EXAMPLES = r'''
# Ensure service is present - name: Ensure service is present
- ipa_service: ipa_service:
name: http/host01.example.com name: http/host01.example.com
state: present state: present
ipa_host: ipa.example.com ipa_host: ipa.example.com
ipa_user: admin ipa_user: admin
ipa_pass: topsecret ipa_pass: topsecret
# Ensure service is absent - name: Ensure service is absent
- ipa_service: ipa_service:
name: http/host01.example.com name: http/host01.example.com
state: absent state: absent
ipa_host: ipa.example.com ipa_host: ipa.example.com
ipa_user: admin ipa_user: admin
ipa_pass: topsecret ipa_pass: topsecret
# Changing Managing hosts list - name: Changing Managing hosts list
- ipa_service: ipa_service:
name: http/host01.example.com name: http/host01.example.com
host: host:
- host01.example.com - host01.example.com
@ -71,7 +75,7 @@ EXAMPLES = '''
ipa_pass: topsecret ipa_pass: topsecret
''' '''
RETURN = ''' RETURN = r'''
service: service:
description: Service as returned by IPA API. description: Service as returned by IPA API.
returned: always returned: always
@ -183,7 +187,7 @@ def main():
argument_spec.update( argument_spec.update(
krbcanonicalname=dict(type='str', required=True, aliases=['name']), krbcanonicalname=dict(type='str', required=True, aliases=['name']),
force=dict(type='bool', required=False), force=dict(type='bool', required=False),
hosts=dict(type='list', required=False), hosts=dict(type='list', required=False, elements='str'),
state=dict(type='str', required=False, default='present', state=dict(type='str', required=False, default='present',
choices=['present', 'absent'])) choices=['present', 'absent']))

29
lib/ansible/modules/identity/ipa/ipa_subca.py
View file

@ -11,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: ipa_subca module: ipa_subca
author: Abhijeet Kasurde (@Akasurde) author: Abhijeet Kasurde (@Akasurde)
@ -25,27 +25,30 @@ options:
- The Sub Certificate Authority name which needs to be managed. - The Sub Certificate Authority name which needs to be managed.
required: true required: true
aliases: ["name"] aliases: ["name"]
type: str
subca_subject: subca_subject:
description: description:
- The Sub Certificate Authority's Subject. e.g., 'CN=SampleSubCA1,O=testrelm.test' - The Sub Certificate Authority's Subject. e.g., 'CN=SampleSubCA1,O=testrelm.test'.
required: true required: true
type: str
subca_desc: subca_desc:
description: description:
- The Sub Certificate Authority's description. - The Sub Certificate Authority's description.
required: true type: str
state: state:
description: description:
- State to ensure - State to ensure.
- State 'disable' and 'enable' is available for FreeIPA 4.4.2 version and onwards - State 'disable' and 'enable' is available for FreeIPA 4.4.2 version and onwards.
required: false required: false
default: present default: present
choices: ["present", "absent", "enabled", "disabled"] choices: ["absent", "disabled", "enabled", "present"]
type: str
extends_documentation_fragment: ipa.documentation extends_documentation_fragment: ipa.documentation
''' '''
EXAMPLES = ''' EXAMPLES = '''
# Ensure IPA Sub CA is present - name: Ensure IPA Sub CA is present
- ipa_subca: ipa_subca:
ipa_host: spider.example.com ipa_host: spider.example.com
ipa_pass: Passw0rd! ipa_pass: Passw0rd!
state: present state: present
@ -53,22 +56,22 @@ EXAMPLES = '''
subca_subject: 'CN=AnsibleSubCA1,O=example.com' subca_subject: 'CN=AnsibleSubCA1,O=example.com'
subca_desc: Ansible Sub CA subca_desc: Ansible Sub CA
# Ensure that IPA Sub CA is removed - name: Ensure that IPA Sub CA is removed
- ipa_subca: ipa_subca:
ipa_host: spider.example.com ipa_host: spider.example.com
ipa_pass: Passw0rd! ipa_pass: Passw0rd!
state: absent state: absent
subca_name: AnsibleSubCA1 subca_name: AnsibleSubCA1
# Ensure that IPA Sub CA is disabled - name: Ensure that IPA Sub CA is disabled
- ipa_subca: ipa_subca:
ipa_host: spider.example.com ipa_host: spider.example.com
ipa_pass: Passw0rd! ipa_pass: Passw0rd!
state: disable state: disable
subca_name: AnsibleSubCA1 subca_name: AnsibleSubCA1
''' '''
RETURN = ''' RETURN = r'''
subca: subca:
description: IPA Sub CA record as returned by IPA API. description: IPA Sub CA record as returned by IPA API.
returned: always returned: always

23
lib/ansible/modules/identity/ipa/ipa_sudocmd.py
View file

@ -11,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: ipa_sudocmd module: ipa_sudocmd
author: Thomas Krahn (@Nosmoht) author: Thomas Krahn (@Nosmoht)
@ -21,31 +21,34 @@ description:
options: options:
sudocmd: sudocmd:
description: description:
- Sudo Command. - Sudo command.
aliases: ['name'] aliases: ['name']
required: true required: true
type: str
description: description:
description: description:
- A description of this command. - A description of this command.
type: str
state: state:
description: State to ensure description: State to ensure.
default: present default: present
choices: ['present', 'absent', 'enabled', 'disabled'] choices: ['absent', 'disabled', 'enabled', 'present']
type: str
extends_documentation_fragment: ipa.documentation extends_documentation_fragment: ipa.documentation
version_added: "2.3" version_added: "2.3"
''' '''
EXAMPLES = ''' EXAMPLES = r'''
# Ensure sudo command exists - name: Ensure sudo command exists
- ipa_sudocmd: ipa_sudocmd:
name: su name: su
description: Allow to run su via sudo description: Allow to run su via sudo
ipa_host: ipa.example.com ipa_host: ipa.example.com
ipa_user: admin ipa_user: admin
ipa_pass: topsecret ipa_pass: topsecret
# Ensure sudo command does not exist - name: Ensure sudo command does not exist
- ipa_sudocmd: ipa_sudocmd:
name: su name: su
state: absent state: absent
ipa_host: ipa.example.com ipa_host: ipa.example.com
@ -53,7 +56,7 @@ EXAMPLES = '''
ipa_pass: topsecret ipa_pass: topsecret
''' '''
RETURN = ''' RETURN = r'''
sudocmd: sudocmd:
description: Sudo command as return from IPA API description: Sudo command as return from IPA API
returned: always returned: always

17
lib/ansible/modules/identity/ipa/ipa_sudocmdgroup.py
View file

@ -11,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: ipa_sudocmdgroup module: ipa_sudocmdgroup
author: Thomas Krahn (@Nosmoht) author: Thomas Krahn (@Nosmoht)
@ -24,23 +24,28 @@ options:
- Sudo Command Group. - Sudo Command Group.
aliases: ['name'] aliases: ['name']
required: true required: true
type: str
description: description:
description: description:
- Group description. - Group description.
type: str
state: state:
description: State to ensure description: State to ensure.
default: present default: present
choices: ['present', 'absent', 'enabled', 'disabled'] choices: ['absent', 'disabled', 'enabled', 'present']
type: str
sudocmd: sudocmd:
description: description:
- List of sudo commands to assign to the group. - List of sudo commands to assign to the group.
- If an empty list is passed all assigned commands will be removed from the group. - If an empty list is passed all assigned commands will be removed from the group.
- If option is omitted sudo commands will not be checked or changed. - If option is omitted sudo commands will not be checked or changed.
type: list
elements: str
extends_documentation_fragment: ipa.documentation extends_documentation_fragment: ipa.documentation
version_added: "2.3" version_added: "2.3"
''' '''
EXAMPLES = ''' EXAMPLES = r'''
- name: Ensure sudo command group exists - name: Ensure sudo command group exists
ipa_sudocmdgroup: ipa_sudocmdgroup:
name: group01 name: group01
@ -60,7 +65,7 @@ EXAMPLES = '''
ipa_pass: topsecret ipa_pass: topsecret
''' '''
RETURN = ''' RETURN = r'''
sudocmdgroup: sudocmdgroup:
description: Sudo command group as returned by IPA API description: Sudo command group as returned by IPA API
returned: always returned: always
@ -156,7 +161,7 @@ def main():
argument_spec.update(cn=dict(type='str', required=True, aliases=['name']), argument_spec.update(cn=dict(type='str', required=True, aliases=['name']),
description=dict(type='str'), description=dict(type='str'),
state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']), state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']),
sudocmd=dict(type='list')) sudocmd=dict(type='list', elements='str'))
module = AnsibleModule(argument_spec=argument_spec, module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True) supports_check_mode=True)

51
lib/ansible/modules/identity/ipa/ipa_sudorule.py
View file

@ -11,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: ipa_sudorule module: ipa_sudorule
author: Thomas Krahn (@Nosmoht) author: Thomas Krahn (@Nosmoht)
@ -25,74 +25,94 @@ options:
- Can not be changed as it is the unique identifier. - Can not be changed as it is the unique identifier.
required: true required: true
aliases: ['name'] aliases: ['name']
type: str
cmdcategory: cmdcategory:
description: description:
- Command category the rule applies to. - Command category the rule applies to.
choices: ['all'] choices: ['all']
type: str
cmd: cmd:
description: description:
- List of commands assigned to the rule. - List of commands assigned to the rule.
- If an empty list is passed all commands will be removed from the rule. - If an empty list is passed all commands will be removed from the rule.
- If option is omitted commands will not be checked or changed. - If option is omitted commands will not be checked or changed.
type: list
elements: str
description: description:
description: description:
- Description of the sudo rule. - Description of the sudo rule.
type: str
host: host:
description: description:
- List of hosts assigned to the rule. - List of hosts assigned to the rule.
- If an empty list is passed all hosts will be removed from the rule. - If an empty list is passed all hosts will be removed from the rule.
- If option is omitted hosts will not be checked or changed. - If option is omitted hosts will not be checked or changed.
- Option C(hostcategory) must be omitted to assign hosts. - Option C(hostcategory) must be omitted to assign hosts.
type: list
elements: str
hostcategory: hostcategory:
description: description:
- Host category the rule applies to. - Host category the rule applies to.
- If 'all' is passed one must omit C(host) and C(hostgroup). - If 'all' is passed one must omit C(host) and C(hostgroup).
- Option C(host) and C(hostgroup) must be omitted to assign 'all'. - Option C(host) and C(hostgroup) must be omitted to assign 'all'.
choices: ['all'] choices: ['all']
type: str
hostgroup: hostgroup:
description: description:
- List of host groups assigned to the rule. - List of host groups assigned to the rule.
- If an empty list is passed all host groups will be removed from the rule. - If an empty list is passed all host groups will be removed from the rule.
- If option is omitted host groups will not be checked or changed. - If option is omitted host groups will not be checked or changed.
- Option C(hostcategory) must be omitted to assign host groups. - Option C(hostcategory) must be omitted to assign host groups.
type: list
elements: str
runasusercategory: runasusercategory:
description: description:
- RunAs User category the rule applies to. - RunAs User category the rule applies to.
choices: ['all'] choices: ['all']
version_added: "2.5" version_added: "2.5"
type: str
runasgroupcategory: runasgroupcategory:
description: description:
- RunAs Group category the rule applies to. - RunAs Group category the rule applies to.
choices: ['all'] choices: ['all']
version_added: "2.5" version_added: "2.5"
type: str
sudoopt: sudoopt:
description: description:
- List of options to add to the sudo rule. - List of options to add to the sudo rule.
type: list
elements: str
user: user:
description: description:
- List of users assigned to the rule. - List of users assigned to the rule.
- If an empty list is passed all users will be removed from the rule. - If an empty list is passed all users will be removed from the rule.
- If option is omitted users will not be checked or changed. - If option is omitted users will not be checked or changed.
type: list
elements: str
usercategory: usercategory:
description: description:
- User category the rule applies to. - User category the rule applies to.
choices: ['all'] choices: ['all']
type: str
usergroup: usergroup:
description: description:
- List of user groups assigned to the rule. - List of user groups assigned to the rule.
- If an empty list is passed all user groups will be removed from the rule. - If an empty list is passed all user groups will be removed from the rule.
- If option is omitted user groups will not be checked or changed. - If option is omitted user groups will not be checked or changed.
type: list
elements: str
state: state:
description: State to ensure description: State to ensure.
default: present default: present
choices: ['present', 'absent', 'enabled', 'disabled'] choices: ['absent', 'disabled', 'enabled', 'present']
type: str
extends_documentation_fragment: ipa.documentation extends_documentation_fragment: ipa.documentation
version_added: "2.3" version_added: "2.3"
''' '''
EXAMPLES = ''' EXAMPLES = r'''
# Ensure sudo rule is present that's allows all every body to execute any command on any host without being asked for a password. - name: Ensure sudo rule is present that's allows all every body to execute any command on any host without being asked for a password.
- ipa_sudorule: ipa_sudorule:
name: sudo_all_nopasswd name: sudo_all_nopasswd
cmdcategory: all cmdcategory: all
description: Allow to run every command with sudo without password description: Allow to run every command with sudo without password
@ -103,8 +123,9 @@ EXAMPLES = '''
ipa_host: ipa.example.com ipa_host: ipa.example.com
ipa_user: admin ipa_user: admin
ipa_pass: topsecret ipa_pass: topsecret
# Ensure user group developers can run every command on host group db-server as well as on host db01.example.com.
- ipa_sudorule: - name: Ensure user group developers can run every command on host group db-server as well as on host db01.example.com.
ipa_sudorule:
name: sudo_dev_dbserver name: sudo_dev_dbserver
description: Allow developers to run every command with sudo on all database server description: Allow developers to run every command with sudo on all database server
cmdcategory: all cmdcategory: all
@ -121,7 +142,7 @@ EXAMPLES = '''
ipa_pass: topsecret ipa_pass: topsecret
''' '''
RETURN = ''' RETURN = r'''
sudorule: sudorule:
description: Sudorule as returned by IPA description: Sudorule as returned by IPA
returned: always returned: always
@ -345,20 +366,20 @@ def ensure(module, client):
def main(): def main():
argument_spec = ipa_argument_spec() argument_spec = ipa_argument_spec()
argument_spec.update(cmd=dict(type='list'), argument_spec.update(cmd=dict(type='list', elements='str'),
cmdcategory=dict(type='str', choices=['all']), cmdcategory=dict(type='str', choices=['all']),
cn=dict(type='str', required=True, aliases=['name']), cn=dict(type='str', required=True, aliases=['name']),
description=dict(type='str'), description=dict(type='str'),
host=dict(type='list'), host=dict(type='list', elements='str'),
hostcategory=dict(type='str', choices=['all']), hostcategory=dict(type='str', choices=['all']),
hostgroup=dict(type='list'), hostgroup=dict(type='list', elements='str'),
runasusercategory=dict(type='str', choices=['all']), runasusercategory=dict(type='str', choices=['all']),
runasgroupcategory=dict(type='str', choices=['all']), runasgroupcategory=dict(type='str', choices=['all']),
sudoopt=dict(type='list'), sudoopt=dict(type='list', elements='str'),
state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']), state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']),
user=dict(type='list'), user=dict(type='list', elements='str'),
usercategory=dict(type='str', choices=['all']), usercategory=dict(type='str', choices=['all']),
usergroup=dict(type='list')) usergroup=dict(type='list', elements='str'))
module = AnsibleModule(argument_spec=argument_spec, module = AnsibleModule(argument_spec=argument_spec,
mutually_exclusive=[['cmdcategory', 'cmd'], mutually_exclusive=[['cmdcategory', 'cmd'],

73
lib/ansible/modules/identity/ipa/ipa_user.py
View file

@ -11,16 +11,17 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: ipa_user module: ipa_user
author: Thomas Krahn (@Nosmoht) author: Thomas Krahn (@Nosmoht)
short_description: Manage FreeIPA users short_description: Manage FreeIPA users
description: description:
- Add, modify and delete user within IPA server - Add, modify and delete user within IPA server.
options: options:
displayname: displayname:
description: Display name description: Display name.
type: str
update_password: update_password:
description: description:
- Set password for a user. - Set password for a user.
@ -29,52 +30,69 @@ options:
choices: [ always, on_create ] choices: [ always, on_create ]
version_added: 2.8 version_added: 2.8
givenname: givenname:
description: First name description: First name.
type: str
krbpasswordexpiration: krbpasswordexpiration:
description: description:
- Date at which the user password will expire - Date at which the user password will expire.
- In the format YYYYMMddHHmmss - In the format YYYYMMddHHmmss.
- e.g. 20180121182022 will expire on 21 January 2018 at 18:20:22 - e.g. 20180121182022 will expire on 21 January 2018 at 18:20:22.
version_added: 2.5 version_added: 2.5
type: str
loginshell: loginshell:
description: Login shell description: Login shell.
type: str
mail: mail:
description: description:
- List of mail addresses assigned to the user. - List of mail addresses assigned to the user.
- If an empty list is passed all assigned email addresses will be deleted. - If an empty list is passed all assigned email addresses will be deleted.
- If None is passed email addresses will not be checked or changed. - If None is passed email addresses will not be checked or changed.
type: list
elements: str
password: password:
description: description:
- Password for a user. Will not be set for an existing user unless C(update_password) is set to C(always), which is the default. - Password for a user.
- Will not be set for an existing user unless I(update_password=always), which is the default.
type: str
sn: sn:
description: Surname description: Surname.
type: str
sshpubkey: sshpubkey:
description: description:
- List of public SSH key. - List of public SSH key.
- If an empty list is passed all assigned public keys will be deleted. - If an empty list is passed all assigned public keys will be deleted.
- If None is passed SSH public keys will not be checked or changed. - If None is passed SSH public keys will not be checked or changed.
type: list
elements: str
state: state:
description: State to ensure description: State to ensure.
default: "present" default: "present"
choices: ["present", "absent", "enabled", "disabled"] choices: ["absent", "disabled", "enabled", "present"]
type: str
telephonenumber: telephonenumber:
description: description:
- List of telephone numbers assigned to the user. - List of telephone numbers assigned to the user.
- If an empty list is passed all assigned telephone numbers will be deleted. - If an empty list is passed all assigned telephone numbers will be deleted.
- If None is passed telephone numbers will not be checked or changed. - If None is passed telephone numbers will not be checked or changed.
type: list
elements: str
title: title:
description: Title description: Title.
type: str
uid: uid:
description: uid of the user description: uid of the user.
required: true required: true
aliases: ["name"] aliases: ["name"]
type: str
uidnumber: uidnumber:
description: description:
- Account Settings UID/Posix User ID number - Account Settings UID/Posix User ID number.
type: str
version_added: 2.5 version_added: 2.5
gidnumber: gidnumber:
description: description:
- Posix Group ID - Posix Group ID.
type: str
version_added: 2.5 version_added: 2.5
extends_documentation_fragment: ipa.documentation extends_documentation_fragment: ipa.documentation
version_added: "2.3" version_added: "2.3"
@ -83,9 +101,9 @@ requirements:
- hashlib - hashlib
''' '''
EXAMPLES = ''' EXAMPLES = r'''
# Ensure pinky is present and always reset password - name: Ensure pinky is present and always reset password
- ipa_user: ipa_user:
name: pinky name: pinky
state: present state: present
krbpasswordexpiration: 20200119235959 krbpasswordexpiration: 20200119235959
@ -104,16 +122,16 @@ EXAMPLES = '''
ipa_user: admin ipa_user: admin
ipa_pass: topsecret ipa_pass: topsecret
# Ensure brain is absent - name: Ensure brain is absent
- ipa_user: ipa_user:
name: brain name: brain
state: absent state: absent
ipa_host: ipa.example.com ipa_host: ipa.example.com
ipa_user: admin ipa_user: admin
ipa_pass: topsecret ipa_pass: topsecret
# Ensure pinky is present but don't reset password if already exists - name: Ensure pinky is present but don't reset password if already exists
- ipa_user: ipa_user:
name: pinky name: pinky
state: present state: present
givenname: Pinky givenname: Pinky
@ -123,10 +141,9 @@ EXAMPLES = '''
ipa_user: admin ipa_user: admin
ipa_pass: topsecret ipa_pass: topsecret
update_password: on_create update_password: on_create
''' '''
RETURN = ''' RETURN = r'''
user: user:
description: User as returned by IPA API description: User as returned by IPA API
returned: always returned: always
@ -311,16 +328,16 @@ def main():
choices=['always', 'on_create']), choices=['always', 'on_create']),
krbpasswordexpiration=dict(type='str'), krbpasswordexpiration=dict(type='str'),
loginshell=dict(type='str'), loginshell=dict(type='str'),
mail=dict(type='list'), mail=dict(type='list', elements='str'),
sn=dict(type='str'), sn=dict(type='str'),
uid=dict(type='str', required=True, aliases=['name']), uid=dict(type='str', required=True, aliases=['name']),
gidnumber=dict(type='str'), gidnumber=dict(type='str'),
uidnumber=dict(type='str'), uidnumber=dict(type='str'),
password=dict(type='str', no_log=True), password=dict(type='str', no_log=True),
sshpubkey=dict(type='list'), sshpubkey=dict(type='list', elements='str'),
state=dict(type='str', default='present', state=dict(type='str', default='present',
choices=['present', 'absent', 'enabled', 'disabled']), choices=['present', 'absent', 'enabled', 'disabled']),
telephonenumber=dict(type='list'), telephonenumber=dict(type='list', elements='str'),
title=dict(type='str')) title=dict(type='str'))
module = AnsibleModule(argument_spec=argument_spec, module = AnsibleModule(argument_spec=argument_spec,

42
lib/ansible/modules/identity/ipa/ipa_vault.py
View file

@ -10,7 +10,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'], 'status': ['preview'],
'supported_by': 'community'} 'supported_by': 'community'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: ipa_vault module: ipa_vault
author: Juan Manuel Parrilla (@jparrill) author: Juan Manuel Parrilla (@jparrill)
@ -25,38 +25,46 @@ options:
- Can not be changed as it is the unique identifier. - Can not be changed as it is the unique identifier.
required: true required: true
aliases: ["name"] aliases: ["name"]
type: str
description: description:
description: description:
- Description. - Description.
type: str
ipavaulttype: ipavaulttype:
description: description:
- Vault types are based on security level. - Vault types are based on security level.
default: "symmetric" default: "symmetric"
choices: ["standard", "symmetric", "asymmetric"] choices: ["asymmetric", "standard", "symmetric"]
required: true
aliases: ["vault_type"] aliases: ["vault_type"]
type: str
ipavaultpublickey: ipavaultpublickey:
description: description:
- Public key. - Public key.
aliases: ["vault_public_key"] aliases: ["vault_public_key"]
type: str
ipavaultsalt: ipavaultsalt:
description: description:
- Vault Salt. - Vault Salt.
aliases: ["vault_salt"] aliases: ["vault_salt"]
type: str
username: username:
description: description:
- Any user can own one or more user vaults. - Any user can own one or more user vaults.
- Mutually exclusive with service. - Mutually exclusive with service.
aliases: ["user"] aliases: ["user"]
type: list
elements: str
service: service:
description: description:
- Any service can own one or more service vaults. - Any service can own one or more service vaults.
- Mutually exclusive with user. - Mutually exclusive with user.
type: str
state: state:
description: description:
- State to ensure. - State to ensure.
default: "present" default: "present"
choices: ["present", "absent"] choices: ["absent", "present"]
type: str
replace: replace:
description: description:
- Force replace the existant vault on IPA server. - Force replace the existant vault on IPA server.
@ -72,9 +80,9 @@ extends_documentation_fragment: ipa.documentation
version_added: "2.7" version_added: "2.7"
''' '''
EXAMPLES = ''' EXAMPLES = r'''
# Ensure vault is present - name: Ensure vault is present
- ipa_vault: ipa_vault:
name: vault01 name: vault01
vault_type: standard vault_type: standard
user: user01 user: user01
@ -83,16 +91,16 @@ EXAMPLES = '''
ipa_pass: topsecret ipa_pass: topsecret
validate_certs: false validate_certs: false
# Ensure vault is present for Admin user - name: Ensure vault is present for Admin user
- ipa_vault: ipa_vault:
name: vault01 name: vault01
vault_type: standard vault_type: standard
ipa_host: ipa.example.com ipa_host: ipa.example.com
ipa_user: admin ipa_user: admin
ipa_pass: topsecret ipa_pass: topsecret
# Ensure vault is absent - name: Ensure vault is absent
- ipa_vault: ipa_vault:
name: vault01 name: vault01
vault_type: standard vault_type: standard
user: user01 user: user01
@ -101,8 +109,8 @@ EXAMPLES = '''
ipa_user: admin ipa_user: admin
ipa_pass: topsecret ipa_pass: topsecret
# Modify vault if already exists - name: Modify vault if already exists
- ipa_vault: ipa_vault:
name: vault01 name: vault01
vault_type: standard vault_type: standard
description: "Vault for test" description: "Vault for test"
@ -111,15 +119,15 @@ EXAMPLES = '''
ipa_pass: topsecret ipa_pass: topsecret
replace: True replace: True
# Get vault info if already exists - name: Get vault info if already exists
- ipa_vault: ipa_vault:
name: vault01 name: vault01
ipa_host: ipa.example.com ipa_host: ipa.example.com
ipa_user: admin ipa_user: admin
ipa_pass: topsecret ipa_pass: topsecret
''' '''
RETURN = ''' RETURN = r'''
vault: vault:
description: Vault as returned by IPA API description: Vault as returned by IPA API
returned: always returned: always
@ -221,7 +229,7 @@ def main():
service=dict(type='str'), service=dict(type='str'),
replace=dict(type='bool', default=False, choices=[True, False]), replace=dict(type='bool', default=False, choices=[True, False]),
state=dict(type='str', default='present', choices=['present', 'absent']), state=dict(type='str', default='present', choices=['present', 'absent']),
username=dict(type='list', aliases=['user'])) username=dict(type='list', elements='str', aliases=['user']))
module = AnsibleModule(argument_spec=argument_spec, module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True, supports_check_mode=True,

1
lib/ansible/plugins/doc_fragments/ipa.py
View file

@ -45,7 +45,6 @@ options:
- If GSSAPI is not available, the usage of 'ipa_pass' is required. - If GSSAPI is not available, the usage of 'ipa_pass' is required.
- Environment variable fallback mechanism is added in Ansible 2.5. - Environment variable fallback mechanism is added in Ansible 2.5.
type: str type: str
required: true
ipa_prot: ipa_prot:
description: description:
- Protocol used by IPA server. - Protocol used by IPA server.

30
test/sanity/ignore.txt
View file

@ -1813,36 +1813,6 @@ lib/ansible/modules/files/synchronize.py validate-modules:undocumented-parameter
lib/ansible/modules/files/unarchive.py validate-modules:nonexistent-parameter-documented lib/ansible/modules/files/unarchive.py validate-modules:nonexistent-parameter-documented
lib/ansible/modules/files/xml.py validate-modules:doc-required-mismatch lib/ansible/modules/files/xml.py validate-modules:doc-required-mismatch
lib/ansible/modules/identity/cyberark/cyberark_authentication.py validate-modules:parameter-type-not-in-doc lib/ansible/modules/identity/cyberark/cyberark_authentication.py validate-modules:parameter-type-not-in-doc
lib/ansible/modules/identity/ipa/ipa_config.py validate-modules:doc-required-mismatch
lib/ansible/modules/identity/ipa/ipa_config.py validate-modules:parameter-type-not-in-doc
lib/ansible/modules/identity/ipa/ipa_dnsrecord.py validate-modules:doc-required-mismatch
lib/ansible/modules/identity/ipa/ipa_dnsrecord.py validate-modules:parameter-type-not-in-doc
lib/ansible/modules/identity/ipa/ipa_dnszone.py validate-modules:doc-required-mismatch
lib/ansible/modules/identity/ipa/ipa_dnszone.py validate-modules:parameter-type-not-in-doc
lib/ansible/modules/identity/ipa/ipa_group.py validate-modules:doc-required-mismatch
lib/ansible/modules/identity/ipa/ipa_group.py validate-modules:parameter-type-not-in-doc
lib/ansible/modules/identity/ipa/ipa_hbacrule.py validate-modules:doc-required-mismatch
lib/ansible/modules/identity/ipa/ipa_hbacrule.py validate-modules:parameter-type-not-in-doc
lib/ansible/modules/identity/ipa/ipa_host.py validate-modules:doc-required-mismatch
lib/ansible/modules/identity/ipa/ipa_host.py validate-modules:parameter-type-not-in-doc
lib/ansible/modules/identity/ipa/ipa_hostgroup.py validate-modules:doc-required-mismatch
lib/ansible/modules/identity/ipa/ipa_hostgroup.py validate-modules:parameter-type-not-in-doc
lib/ansible/modules/identity/ipa/ipa_role.py validate-modules:doc-required-mismatch
lib/ansible/modules/identity/ipa/ipa_role.py validate-modules:parameter-type-not-in-doc
lib/ansible/modules/identity/ipa/ipa_service.py validate-modules:doc-required-mismatch
lib/ansible/modules/identity/ipa/ipa_service.py validate-modules:parameter-type-not-in-doc
lib/ansible/modules/identity/ipa/ipa_subca.py validate-modules:doc-required-mismatch
lib/ansible/modules/identity/ipa/ipa_subca.py validate-modules:parameter-type-not-in-doc
lib/ansible/modules/identity/ipa/ipa_sudocmd.py validate-modules:doc-required-mismatch
lib/ansible/modules/identity/ipa/ipa_sudocmd.py validate-modules:parameter-type-not-in-doc
lib/ansible/modules/identity/ipa/ipa_sudocmdgroup.py validate-modules:doc-required-mismatch
lib/ansible/modules/identity/ipa/ipa_sudocmdgroup.py validate-modules:parameter-type-not-in-doc
lib/ansible/modules/identity/ipa/ipa_sudorule.py validate-modules:doc-required-mismatch
lib/ansible/modules/identity/ipa/ipa_sudorule.py validate-modules:parameter-type-not-in-doc
lib/ansible/modules/identity/ipa/ipa_user.py validate-modules:doc-required-mismatch
lib/ansible/modules/identity/ipa/ipa_user.py validate-modules:parameter-type-not-in-doc
lib/ansible/modules/identity/ipa/ipa_vault.py validate-modules:doc-required-mismatch
lib/ansible/modules/identity/ipa/ipa_vault.py validate-modules:parameter-type-not-in-doc
lib/ansible/modules/identity/keycloak/keycloak_client.py validate-modules:doc-default-does-not-match-spec lib/ansible/modules/identity/keycloak/keycloak_client.py validate-modules:doc-default-does-not-match-spec
lib/ansible/modules/identity/keycloak/keycloak_client.py validate-modules:doc-missing-type lib/ansible/modules/identity/keycloak/keycloak_client.py validate-modules:doc-missing-type
lib/ansible/modules/identity/keycloak/keycloak_client.py validate-modules:doc-required-mismatch lib/ansible/modules/identity/keycloak/keycloak_client.py validate-modules:doc-required-mismatch