internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-13 21:12:02 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #287 from rjeffman/fix_hbac_sudo_rule_hostcategory

Browse Source 
Fixes attempt to create rules with members when category is `all`.
This commit is contained in:
Thomas Woerner
2020-06-11 16:55:28 +02:00
committed by GitHub
parent ae471de0bd cf54d139c2
commit 695ad6307d
4 changed files with 149 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
plugins/modules/ipahbacrule.py
View File

@@ -270,6 +270,16 @@ def main():
ansible_module.fail_json(
msg="Argument '%s' can not be used with action "
"'%s'" % (x, action))
else:
if hostcategory == 'all' and any([host, hostgroup]):
ansible_module.fail_json(
msg="Hosts cannot be added when host category='all'")
if usercategory == 'all' and any([user, group]):
ansible_module.fail_json(
msg="Users cannot be added when user category='all'")
if servicecategory == 'all' and any([hbacsvc, hbacsvcgroup]):
ansible_module.fail_json(
msg="Services cannot be added when service category='all'")
elif state == "absent":
if len(names) < 1:

11
plugins/modules/ipasudorule.py
View File

@@ -339,6 +339,17 @@ def main():
ansible_module.fail_json(
msg="Argument '%s' can not be used with action "
"'%s'" % (arg, action))
else:
if hostcategory == 'all' and any([host, hostgroup]):
ansible_module.fail_json(
msg="Hosts cannot be added when host category='all'")
if usercategory == 'all' and any([user, group]):
ansible_module.fail_json(
msg="Users cannot be added when user category='all'")
if cmdcategory == 'all' \
and any([allow_sudocmd, allow_sudocmdgroup]):
ansible_module.fail_json(
msg="Commands cannot be added when command category='all'")
elif state == "absent":
if len(names) < 1: