internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-03-26 21:33:05 +00:00
Code Issues Projects Releases Wiki Activity

ipauser: Allow reset of userauthtype, do not depend on first,last for mod

Browse Source 
It was not possible to reset the userauthtype. The empty string has been
added to userauthtype for this.

Also ipauser will only depend on given first and last name if the user
does not exist yet. For the update operation these parameters are not
needed anymore.
This commit is contained in:
Thomas Woerner
2019-12-17 15:30:45 +01:00
parent 8da4b73b44
commit 36c1c83708
2 changed files with 27 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README-user.md
View File

@@ -408,7 +408,7 @@ Variable | Description | Required
`manager` | List of manager user names. | no
`carlicense` | List of car licenses. | no
`sshpubkey` \| `ipasshpubkey` | List of SSH public keys. | no
`userauthtype` | List of supported user authentication types. Choices: `password`, `radius` and `otp` | no
`userauthtype` | List of supported user authentication types. Choices: `password`, `radius`, `otp` and ``. Use empty string to reset userauthtype to the initial value. | no
`userclass` | User category. (semantics placed on this attribute are for local interpretation). | no
`radius` | RADIUS proxy configuration | no
`radiususer` | RADIUS proxy username | no

38
plugins/modules/ipauser.py
View File

@@ -153,9 +153,12 @@ options:
required: false
aliases: ["ipasshpubkey"]
userauthtype:
description: List of supported user authentication types
choices=['password', 'radius', 'otp']
description:
List of supported user authentication types
Use empty string to reset userauthtype to the initial value.
choices=['password', 'radius', 'otp', '']
required: false
aliases: ["ipauserauthtype"]
userclass:
description:
- User category
@@ -310,9 +313,12 @@ options:
required: false
aliases: ["ipasshpubkey"]
userauthtype:
description: List of supported user authentication types
choices=['password', 'radius', 'otp']
description:
List of supported user authentication types
Use empty string to reset userauthtype to the initial value.
choices=['password', 'radius', 'otp', '']
required: false
aliases: ["ipauserauthtype"]
userclass:
description:
- User category
@@ -701,7 +707,7 @@ def main():
default=None),
userauthtype=dict(type='list', aliases=["ipauserauthtype"],
default=None,
choices=['password', 'radius', 'otp']),
choices=['password', 'radius', 'otp', '']),
userclass=dict(type="list", aliases=["class"],
default=None),
radius=dict(type="str", aliases=["ipatokenradiusconfiglink"],
@@ -845,13 +851,6 @@ def main():
if names is not None and len(names) != 1:
ansible_module.fail_json(
msg="Only one user can be added at a time using name.")
if action != "member":
# Only check first and last here if names is set
if names is not None:
if first is None:
ansible_module.fail_json(msg="First name is needed")
if last is None:
ansible_module.fail_json(msg="Last name is needed")
check_parameters(
ansible_module, state, action,
@@ -1011,6 +1010,13 @@ def main():
if "noprivate" in args:
del args["noprivate"]
# Ignore userauthtype if it is empty (for resetting)
# and not set in for the user
if "ipauserauthtype" not in res_find and \
"ipauserauthtype" in args and \
args["ipauserauthtype"] == ['']:
del args["ipauserauthtype"]
# For all settings is args, check if there are
# different settings in the find result.
# If yes: modify
@@ -1019,6 +1025,14 @@ def main():
commands.append([name, "user_mod", args])
else:
# Make sure we have a first and last name
if first is None:
ansible_module.fail_json(
msg="First name is needed")
if last is None:
ansible_module.fail_json(
msg="Last name is needed")
commands.append([name, "user_add", args])
# Handle members: principal, manager, certificate and