automember: Add automember default group handling

The fallback group and hostgroup for unmached entries can be set and unset using default_group. If default_group is empty, then the default group will be unset. DN and ipa_get_based provided by ansible_freeipa_module are used in the code. New parameters: - default_group: Default (fallback) group for all unmatched entries. New parameters and examples have been added to README-automember.md New playbooks: - playbooks/automember/automember-default-group-not-set.yml - playbooks/automember/automember-default-group-set.yml - playbooks/automember/automember-default-hostgroup-not-set.yml - playbooks/automember/automember-default-hostgroup-set.yml New tests: - tests/automember/test_automember_default_group.yml
2026-03-26 21:33:05 +00:00 · 2021-12-22 13:12:14 +01:00
parent 67e192242c
commit d2648b142a
7 changed files with 354 additions and 3 deletions
--- a/README-automember.md
+++ b/README-automember.md
@@ -172,6 +172,64 @@ Example playbook to ensure hostgroup membership for given hosts has been rebuilt
        state: rebuilt
 ```

+Example playbook to ensure default group fallback_group for all unmatched group entries is set
+
+```yaml
+- name: Playbook to ensure default group fallback_group for all unmatched group entries is set
+  hosts: ipaserver
+  become: yes
+  gather_facts: no
+  tasks:
+    - ipaautomember:
+        ipaadmin_password: SomeADMINpassword
+        automember_type: group
+        default_group: fallback_group
+```
+
+Example playbook to ensure default group for all unmatched group entries is not set
+
+```yaml
+- name: Playbook to ensure default group for all unmatched group entries is not set
+  hosts: ipaserver
+  become: yes
+  gather_facts: no
+  tasks:
+    - ipaautomember:
+        ipaadmin_password: SomeADMINpassword
+        default_group: ""
+        automember_type: group
+        state: absent
+```
+
+Example playbook to ensure default hostgroup fallback_hostgroup for all unmatched group entries
+
+```yaml
+- name: Playbook to ensure default hostgroup fallback_hostgroup for all unmatched group entries
+  hosts: ipaserver
+  become: yes
+  gather_facts: no
+  tasks:
+    - ipaautomember:
+        ipaadmin_password: SomeADMINpassword
+        automember_type: hostgroup
+        default_group: fallback_hostgroup
+```
+
+Example playbook to ensure default hostgroup for all unmatched group entries is not set
+
+```yaml
+- name: Playbook to ensure default hostgroup for all unmatched group entries is not set
+  hosts: ipaserver
+  become: yes
+  gather_facts: no
+  tasks:
+    - ipaautomember:
+        ipaadmin_password: SomeADMINpassword
+        automember_type: hostgroup
+        default_group: ""
+        state: absent
+```
+

 Variables
 ---------
@@ -193,6 +251,7 @@ Variable | Description | Required
 `users` | Users to rebuild membership for. | no
 `hosts` | Hosts to rebuild membership for. | no
 `no_wait` | Don't wait for rebuilding membership. | no
+`default_group` | Default (fallback) group for all unmatched entries. Use the empty string "" for ensuring the default group is not set. | no
 `action` | Work on automember or member level. It can be one of `member` or `automember` and defaults to `automember`. | no
 `state` | The state to ensure. It can be one of `present`, `absent`, 'rebuilt'. default: `present`. | no