internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-15 14:02:02 +00:00
Code Issues Projects Releases Wiki Activity

ipahost: Add choice idp to auth_ind

Browse Source 
The parameter auth_ind has been updated in FreeIPA. The choice
idp have been missing and is now added.

An additional check was added to verify that the values of the
auth_ind list are valid for the used IPA version.
This commit is contained in:
Thomas Woerner
2023-07-18 16:02:13 +02:00
parent c089c010e6
commit 3ed0c229c4
1 changed files with 16 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
plugins/modules/ipahost.py
View File

@@ -184,7 +184,7 @@ options:
type: list type: list
elements: str elements: str
aliases: ["krbprincipalauthind"] aliases: ["krbprincipalauthind"]
choices: ["radius", "otp", "pkinit", "hardened", ""] choices: ["radius", "otp", "pkinit", "hardened", "idp", ""]
required: false required: false
requires_pre_auth: requires_pre_auth:
description: Pre-authentication is required for the service description: Pre-authentication is required for the service
@@ -356,7 +356,7 @@ options:
type: list type: list
elements: str elements: str
aliases: ["krbprincipalauthind"] aliases: ["krbprincipalauthind"]
choices: ["radius", "otp", "pkinit", "hardened", ""] choices: ["radius", "otp", "pkinit", "hardened", "idp", ""]
required: false required: false
requires_pre_auth: requires_pre_auth:
description: Pre-authentication is required for the service description: Pre-authentication is required for the service
@@ -667,6 +667,15 @@ def check_parameters( # pylint: disable=unused-argument
module.params_fail_used_invalid(invalid, state, action) module.params_fail_used_invalid(invalid, state, action)
def check_authind(module, auth_ind):
_invalid = module.ipa_command_invalid_param_choices(
"host_add", "krbprincipalauthind", auth_ind)
if _invalid:
module.fail_json(
msg="The use of krbprincipalauthind '%s' is not supported "
"by your IPA version" % "','".join(_invalid))
# pylint: disable=unused-argument # pylint: disable=unused-argument
def result_handler(module, result, command, name, args, errors, exit_args, def result_handler(module, result, command, name, args, errors, exit_args,
single_host): single_host):
@@ -776,7 +785,8 @@ def main():
default=None), default=None),
auth_ind=dict(type='list', elements="str", auth_ind=dict(type='list', elements="str",
aliases=["krbprincipalauthind"], default=None, aliases=["krbprincipalauthind"], default=None,
choices=['radius', 'otp', 'pkinit', 'hardened', '']), choices=["radius", "otp", "pkinit", "hardened", "idp",
""]),
requires_pre_auth=dict(type="bool", aliases=["ipakrbrequirespreauth"], requires_pre_auth=dict(type="bool", aliases=["ipakrbrequirespreauth"],
default=None), default=None),
ok_as_delegate=dict(type="bool", aliases=["ipakrbokasdelegate"], ok_as_delegate=dict(type="bool", aliases=["ipakrbokasdelegate"],
@@ -919,6 +929,8 @@ def main():
# Check version specific settings # Check version specific settings
check_authind(ansible_module, auth_ind)
server_realm = ansible_module.ipa_get_realm() server_realm = ansible_module.ipa_get_realm()
commands = [] commands = []
@@ -961,6 +973,7 @@ def main():
sshpubkey = host.get("sshpubkey") sshpubkey = host.get("sshpubkey")
userclass = host.get("userclass") userclass = host.get("userclass")
auth_ind = host.get("auth_ind") auth_ind = host.get("auth_ind")
check_authind(ansible_module, auth_ind)
requires_pre_auth = host.get("requires_pre_auth") requires_pre_auth = host.get("requires_pre_auth")
ok_as_delegate = host.get("ok_as_delegate") ok_as_delegate = host.get("ok_as_delegate")
ok_to_auth_as_delegate = host.get("ok_to_auth_as_delegate") ok_to_auth_as_delegate = host.get("ok_to_auth_as_delegate")