cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Update documentation of pamd module (#24712)

Browse source 
Updated explanation and documentation of new_module*
in pamd documentation

Fixes #24516

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
This commit is contained in:
Abhijeet Kasurde 2017-06-07 13:18:42 +05:30 committed by John R Barker
parent 577d01baa3
commit 5bd4e01533
2 changed files with 30 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

65
lib/ansible/modules/system/pamd.py
View file

@ -56,19 +56,15 @@ options:
- The module path of the PAM rule being modified. The type, - The module path of the PAM rule being modified. The type,
control and module_path all must match a rule to be modified. control and module_path all must match a rule to be modified.
new_type: new_type:
required: false
description: description:
- The type to assign to the new rule. - The new type to assign to the new rule.
new_control: new_control:
required: false
description: description:
- The control to assign to the new rule. - The new control to assign to the new rule.
new_module_path: new_module_path:
required: false
description: description:
- The control to assign to the new rule. - The new module path to be assigned to the new rule.
module_arguments: module_arguments:
required: false
description: description:
- When state is 'updated', the module_arguments will replace existing - When state is 'updated', the module_arguments will replace existing
module_arguments. When state is 'args_absent' args matching those module_arguments. When state is 'args_absent' args matching those
@ -78,7 +74,6 @@ options:
takes a value denoted by '=', the value will be changed to that specified takes a value denoted by '=', the value will be changed to that specified
in module_arguments. in module_arguments.
state: state:
required: false
default: updated default: updated
choices: choices:
- updated - updated
@ -96,7 +91,6 @@ options:
must all be specified. If state is 'args_absent' or 'args_present', must all be specified. If state is 'args_absent' or 'args_present',
new_type, new_control, and new_module_path will be ignored. new_type, new_control, and new_module_path will be ignored.
path: path:
required: false
default: /etc/pam.d/ default: /etc/pam.d/
description: description:
- This is the path to the PAM service files - This is the path to the PAM service files
@ -130,15 +124,16 @@ EXAMPLES = """
new_module_path: pam_faillock.so new_module_path: pam_faillock.so
state: before state: before
- name: Insert a new rule after an existing rule - name: Insert a new rule pam_wheel.so with argument 'use_uid' after an existing rule pam_rootok.so
pamd: pamd:
name: system-auth name: su
type: auth type: auth
control: required control: sufficient
module_path: pam_faillock.so module_path: pam_rootok.so
new_type: auth new_type: auth
new_control: sufficient new_control: required
new_module_path: pam_faillock.so new_module_path: pam_wheel.so
module_arguments: 'use_uid'
state: after state: after
- name: Remove module arguments from an existing rule - name: Remove module arguments from an existing rule
@ -233,7 +228,7 @@ class PamdRule(object):
if rule_control.startswith('['): if rule_control.startswith('['):
rule_control = stringline[stringline.index('['): rule_control = stringline[stringline.index('['):
stringline.index(']')+1] stringline.index(']') + 1]
if "]" in split_line[2]: if "]" in split_line[2]:
rule_module_path = split_line[3] rule_module_path = split_line[3]
@ -318,7 +313,7 @@ def update_rule(service, old_rule, new_rule):
except AttributeError: except AttributeError:
pass pass
if changed: if changed:
result['updated_rule_'+str(change_count)] = str(rule) result['updated_rule_' + str(change_count)] = str(rule)
result['new_rule'] = str(new_rule) result['new_rule'] = str(new_rule)
change_count += 1 change_count += 1
@ -340,16 +335,16 @@ def insert_before_rule(service, old_rule, new_rule):
if index == 0: if index == 0:
service.rules.insert(0, new_rule) service.rules.insert(0, new_rule)
changed = True changed = True
elif (new_rule.rule_type != service.rules[index-1].rule_type or elif (new_rule.rule_type != service.rules[index - 1].rule_type or
new_rule.rule_control != new_rule.rule_control !=
service.rules[index-1].rule_control or service.rules[index - 1].rule_control or
new_rule.rule_module_path != new_rule.rule_module_path !=
service.rules[index-1].rule_module_path): service.rules[index - 1].rule_module_path):
service.rules.insert(index, new_rule) service.rules.insert(index, new_rule)
changed = True changed = True
if changed: if changed:
result['new_rule'] = str(new_rule) result['new_rule'] = str(new_rule)
result['before_rule_'+str(change_count)] = str(rule) result['before_rule_' + str(change_count)] = str(rule)
change_count += 1 change_count += 1
index += 1 index += 1
result['change_count'] = change_count result['change_count'] = change_count
@ -365,16 +360,16 @@ def insert_after_rule(service, old_rule, new_rule):
if (old_rule.rule_type == rule.rule_type and if (old_rule.rule_type == rule.rule_type and
old_rule.rule_control == rule.rule_control and old_rule.rule_control == rule.rule_control and
old_rule.rule_module_path == rule.rule_module_path): old_rule.rule_module_path == rule.rule_module_path):
if (new_rule.rule_type != service.rules[index+1].rule_type or if (new_rule.rule_type != service.rules[index + 1].rule_type or
new_rule.rule_control != new_rule.rule_control !=
service.rules[index+1].rule_control or service.rules[index + 1].rule_control or
new_rule.rule_module_path != new_rule.rule_module_path !=
service.rules[index+1].rule_module_path): service.rules[index + 1].rule_module_path):
service.rules.insert(index+1, new_rule) service.rules.insert(index + 1, new_rule)
changed = True changed = True
if changed: if changed:
result['new_rule'] = str(new_rule) result['new_rule'] = str(new_rule)
result['after_rule_'+str(change_count)] = str(rule) result['after_rule_' + str(change_count)] = str(rule)
change_count += 1 change_count += 1
index += 1 index += 1
@ -396,8 +391,8 @@ def remove_module_arguments(service, old_rule, module_args):
if arg == arg_to_remove: if arg == arg_to_remove:
rule.rule_module_args.remove(arg) rule.rule_module_args.remove(arg)
changed = True changed = True
result['removed_arg_'+str(change_count)] = arg result['removed_arg_' + str(change_count)] = arg
result['from_rule_'+str(change_count)] = str(rule) result['from_rule_' + str(change_count)] = str(rule)
change_count += 1 change_count += 1
result['change_count'] = change_count result['change_count'] = change_count
@ -415,15 +410,15 @@ def add_module_arguments(service, old_rule, module_args):
old_rule.rule_module_path == rule.rule_module_path): old_rule.rule_module_path == rule.rule_module_path):
for arg_to_add in module_args: for arg_to_add in module_args:
if "=" in arg_to_add: if "=" in arg_to_add:
pre_string = arg_to_add[:arg_to_add.index('=')+1] pre_string = arg_to_add[:arg_to_add.index('=') + 1]
indicies = [i for i, arg indicies = [i for i, arg
in enumerate(rule.rule_module_args) in enumerate(rule.rule_module_args)
if arg.startswith(pre_string)] if arg.startswith(pre_string)]
if len(indicies) == 0: if len(indicies) == 0:
rule.rule_module_args.append(arg_to_add) rule.rule_module_args.append(arg_to_add)
changed = True changed = True
result['added_arg_'+str(change_count)] = arg_to_add result['added_arg_' + str(change_count)] = arg_to_add
result['to_rule_'+str(change_count)] = str(rule) result['to_rule_' + str(change_count)] = str(rule)
change_count += 1 change_count += 1
else: else:
for i in indicies: for i in indicies:
@ -438,8 +433,8 @@ def add_module_arguments(service, old_rule, module_args):
elif arg_to_add not in rule.rule_module_args: elif arg_to_add not in rule.rule_module_args:
rule.rule_module_args.append(arg_to_add) rule.rule_module_args.append(arg_to_add)
changed = True changed = True
result['added_arg_'+str(change_count)] = arg_to_add result['added_arg_' + str(change_count)] = arg_to_add
result['to_rule_'+str(change_count)] = str(rule) result['to_rule_' + str(change_count)] = str(rule)
change_count += 1 change_count += 1
result['change_count'] = change_count result['change_count'] = change_count
return changed, result return changed, result
@ -450,13 +445,13 @@ def write_rules(service):
f = open(service.fname, 'w') f = open(service.fname, 'w')
for amble in service.preamble: for amble in service.preamble:
f.write(amble+'\n') f.write(amble + '\n')
for rule in service.rules: for rule in service.rules:
if (previous_rule is not None and if (previous_rule is not None and
previous_rule.rule_type != rule.rule_type): previous_rule.rule_type != rule.rule_type):
f.write('\n') f.write('\n')
f.write(str(rule)+'\n') f.write(str(rule) + '\n')
previous_rule = rule previous_rule = rule
f.close() f.close()

1
test/sanity/pep8/legacy-files.txt
View file

@ -550,7 +550,6 @@ lib/ansible/modules/system/open_iscsi.py
lib/ansible/modules/system/openwrt_init.py lib/ansible/modules/system/openwrt_init.py
lib/ansible/modules/system/osx_defaults.py lib/ansible/modules/system/osx_defaults.py
lib/ansible/modules/system/pam_limits.py lib/ansible/modules/system/pam_limits.py
lib/ansible/modules/system/pamd.py
lib/ansible/modules/system/puppet.py lib/ansible/modules/system/puppet.py
lib/ansible/modules/system/runit.py lib/ansible/modules/system/runit.py
lib/ansible/modules/system/seboolean.py lib/ansible/modules/system/seboolean.py