mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-05-14 05:22:05 +00:00
New sudorule (Sudo Rule) management module
There is a new sudorule (Sudo Rule) management module placed in the plugins
folder:
plugins/modules/ipasudorule.py
The sudorule module allows to ensure presence and absence of Sudo Rules.
Here is the documentation for the module:
README-sudorule.md
New example playbooks have been added:
playbooks/sudorule/ensure-sudorule-host-member-is-absent.yml
playbooks/sudorule/ensure-sudorule-host-member-is-present.yml
playbooks/sudorule/ensure-sudorule-hostgroup-member-is-absent.yml
playbooks/sudorule/ensure-sudorule-hostgroup-member-is-present.yml
playbooks/sudorule/ensure-sudorule-is-absent.yml
playbooks/sudorule/ensure-sudorule-is-disabled.yml
playbooks/sudorule/ensure-sudorule-is-enabled.yml
playbooks/sudorule/ensure-sudorule-is-present.yml
playbooks/sudorule/ensure-sudorule-sudocmd-is-absent.yml
playbooks/sudorule/ensure-sudorule-sudocmd-is-present.yml
New tests added for the module:
tests/hbacrule/test_sudorule.yml
This commit is contained in:
Rafael Guterres Jeffman
14
playbooks/sudorule/ensure-sudorule-host-member-is-absent.yml
Normal file
14
playbooks/sudorule/ensure-sudorule-host-member-is-absent.yml
Normal file
@@ -0,0 +1,14 @@
|
||||
---
|
||||
- name: Tests
|
||||
hosts: ipaserver
|
||||
become: true
|
||||
gather_facts: false
|
||||
|
||||
tasks:
|
||||
# Ensure host server is absent in Sudo Rule
|
||||
- ipasudorule:
|
||||
ipaadmin_password: MyPassword123
|
||||
name: testrule1
|
||||
host: server
|
||||
action: member
|
||||
state: absent
|
||||
@@ -0,0 +1,13 @@
|
||||
---
|
||||
- name: Tests
|
||||
hosts: ipaserver
|
||||
become: true
|
||||
gather_facts: false
|
||||
|
||||
tasks:
|
||||
# Ensure host server is present in Sudo Rule
|
||||
- ipasudorule:
|
||||
ipaadmin_password: MyPassword123
|
||||
name: testrule1
|
||||
host: server
|
||||
action: member
|
||||
@@ -0,0 +1,14 @@
|
||||
---
|
||||
- name: Tests
|
||||
hosts: ipaserver
|
||||
become: true
|
||||
gather_facts: false
|
||||
|
||||
tasks:
|
||||
# Ensure hostgroup cluster is absent in Sudo Rule
|
||||
- ipasudorule:
|
||||
ipaadmin_password: MyPassword123
|
||||
name: testrule1
|
||||
hostgroup: cluster
|
||||
action: member
|
||||
state: absent
|
||||
@@ -0,0 +1,13 @@
|
||||
---
|
||||
- name: Tests
|
||||
hosts: ipaserver
|
||||
become: true
|
||||
gather_facts: false
|
||||
|
||||
tasks:
|
||||
# Ensure hostgrep cluster is present in Sudo Rule
|
||||
- ipasudorule:
|
||||
ipaadmin_password: MyPassword123
|
||||
name: testrule1
|
||||
hostgroup: cluster
|
||||
action: member
|
||||
11
playbooks/sudorule/ensure-sudorule-is-absent.yml
Normal file
11
playbooks/sudorule/ensure-sudorule-is-absent.yml
Normal file
@@ -0,0 +1,11 @@
|
||||
---
|
||||
- name: Tests
|
||||
hosts: ipaserver
|
||||
become: true
|
||||
|
||||
tasks:
|
||||
# Ensure sudorule command is absent
|
||||
- ipasudorule:
|
||||
ipaadmin_password: pass1234
|
||||
name: testrule1
|
||||
state: absent
|
||||
11
playbooks/sudorule/ensure-sudorule-is-disabled.yml
Normal file
11
playbooks/sudorule/ensure-sudorule-is-disabled.yml
Normal file
@@ -0,0 +1,11 @@
|
||||
---
|
||||
- name: Tests
|
||||
hosts: ipaserver
|
||||
become: true
|
||||
|
||||
tasks:
|
||||
# Ensure sudorule command is disabled
|
||||
- ipasudorule:
|
||||
ipaadmin_password: MyPassword123
|
||||
name: testrule1
|
||||
state: disabled
|
||||
11
playbooks/sudorule/ensure-sudorule-is-enabled.yml
Normal file
11
playbooks/sudorule/ensure-sudorule-is-enabled.yml
Normal file
@@ -0,0 +1,11 @@
|
||||
---
|
||||
- name: Tests
|
||||
hosts: ipaserver
|
||||
become: true
|
||||
|
||||
tasks:
|
||||
# Ensure sudorule command is enabled
|
||||
- ipasudorule:
|
||||
ipaadmin_password: MyPassword123
|
||||
name: testrule1
|
||||
state: enabled
|
||||
12
playbooks/sudorule/ensure-sudorule-is-present.yml
Normal file
12
playbooks/sudorule/ensure-sudorule-is-present.yml
Normal file
@@ -0,0 +1,12 @@
|
||||
---
|
||||
- name: Tests
|
||||
hosts: ipaserver
|
||||
become: true
|
||||
|
||||
tasks:
|
||||
# Ensure sudorule command is present
|
||||
- ipasudorule:
|
||||
ipaadmin_password: MyPassword123
|
||||
name: testrule1
|
||||
description: A test sudo rule.
|
||||
state: present
|
||||
15
playbooks/sudorule/ensure-sudorule-sudocmd-is-absent.yml
Normal file
15
playbooks/sudorule/ensure-sudorule-sudocmd-is-absent.yml
Normal file
@@ -0,0 +1,15 @@
|
||||
---
|
||||
- name: Tests
|
||||
hosts: ipaserver
|
||||
become: true
|
||||
gather_facts: false
|
||||
|
||||
tasks:
|
||||
- ipasudorule:
|
||||
ipaadmin_password: MyPassword123
|
||||
name: testrule1
|
||||
cmd:
|
||||
- /sbin/ifconfig
|
||||
- /usr/bin/vim
|
||||
action: member
|
||||
state: absent
|
||||
14
playbooks/sudorule/ensure-sudorule-sudocmd-is-present.yml
Normal file
14
playbooks/sudorule/ensure-sudorule-sudocmd-is-present.yml
Normal file
@@ -0,0 +1,14 @@
|
||||
---
|
||||
- name: Tests
|
||||
hosts: ipaserver
|
||||
become: true
|
||||
gather_facts: false
|
||||
|
||||
tasks:
|
||||
- ipasudorule:
|
||||
ipaadmin_password: MyPassword123
|
||||
name: testrule1
|
||||
cmd:
|
||||
- /sbin/ifconfig
|
||||
- /usr/bin/vim
|
||||
action: member
|
||||
Reference in New Issue
Block a user