internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-14 13:32:10 +00:00
Code Issues Projects Releases Wiki Activity

ipaservice: Add choice idp to auth_ind

Browse Source 
The parameter auth_ind has been updated in FreeIPA. The choice
idp have been missing and is now added.

An additional check was added to verify that the values of the
auth_ind list are valid for the used IPA version.
This commit is contained in:
Thomas Woerner
2023-07-18 16:05:13 +02:00
parent 3ed0c229c4
commit 62d34d0a22
1 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
plugins/modules/ipaservice.py
View File

@@ -74,7 +74,7 @@ options:
type: list type: list
elements: str elements: str
required: false required: false
choices: ["otp", "radius", "pkinit", "hardened", ""] choices: ["otp", "radius", "pkinit", "hardened", "idp", ""]
aliases: ["krbprincipalauthind"] aliases: ["krbprincipalauthind"]
skip_host_check: skip_host_check:
description: Skip checking if host object exists. description: Skip checking if host object exists.
@@ -185,7 +185,7 @@ options:
type: list type: list
elements: str elements: str
required: false required: false
choices: ["otp", "radius", "pkinit", "hardened", ""] choices: ["otp", "radius", "pkinit", "hardened", "idp", ""]
aliases: ["krbprincipalauthind"] aliases: ["krbprincipalauthind"]
skip_host_check: skip_host_check:
description: Skip checking if host object exists. description: Skip checking if host object exists.
@@ -491,6 +491,15 @@ def check_parameters(module, state, action, names):
module.params_fail_used_invalid(invalid, state, action) module.params_fail_used_invalid(invalid, state, action)
def check_authind(module, auth_ind):
_invalid = module.ipa_command_invalid_param_choices(
"service_add", "krbprincipalauthind", auth_ind)
if _invalid:
module.fail_json(
msg="The use of krbprincipalauthind '%s' is not supported "
"by your IPA version" % "','".join(_invalid))
def init_ansible_module(): def init_ansible_module():
service_spec = dict( service_spec = dict(
# service attributesstr # service attributesstr
@@ -506,7 +515,8 @@ def init_ansible_module():
choices=["MS-PAC", "PAD", "NONE", ""]), choices=["MS-PAC", "PAD", "NONE", ""]),
auth_ind=dict(type="list", elements="str", auth_ind=dict(type="list", elements="str",
aliases=["krbprincipalauthind"], aliases=["krbprincipalauthind"],
choices=["otp", "radius", "pkinit", "hardened", ""]), choices=["otp", "radius", "pkinit", "hardened", "idp",
""]),
skip_host_check=dict(type="bool"), skip_host_check=dict(type="bool"),
force=dict(type="bool"), force=dict(type="bool"),
requires_pre_auth=dict( requires_pre_auth=dict(
@@ -642,6 +652,7 @@ def main():
if skip_host_check and not has_skip_host_check: if skip_host_check and not has_skip_host_check:
ansible_module.fail_json( ansible_module.fail_json(
msg="Skipping host check is not supported by your IPA version") msg="Skipping host check is not supported by your IPA version")
check_authind(ansible_module, auth_ind)
commands = [] commands = []
keytab_members = ["user", "group", "host", "hostgroup"] keytab_members = ["user", "group", "host", "hostgroup"]
@@ -664,6 +675,7 @@ def main():
certificate = [cert.strip() for cert in certificate] certificate = [cert.strip() for cert in certificate]
pac_type = service.get("pac_type") pac_type = service.get("pac_type")
auth_ind = service.get("auth_ind") auth_ind = service.get("auth_ind")
check_authind(ansible_module, auth_ind)
skip_host_check = service.get("skip_host_check") skip_host_check = service.get("skip_host_check")
if skip_host_check and not has_skip_host_check: if skip_host_check and not has_skip_host_check:
ansible_module.fail_json( ansible_module.fail_json(