New hbacrule (HBAC Rule) management module

There is a new hbacrule (HBAC Rule) management module placed in the plugins folder: plugins/modules/ipahbacrule.py The hbacrule module allows to ensure presence and absence of HBAC Rules. Here is the documentation for the module: README-hbacrule.md New example playbooks have been added: playbooks/hbacrule/ensure-hbarule-allhosts-absent.yml playbooks/hbacrule/ensure-hbarule-allhosts-disabled.yml playbooks/hbacrule/ensure-hbarule-allhosts-enabled.yml playbooks/hbacrule/ensure-hbarule-allhosts-present.yml playbooks/hbacrule/ensure-hbarule-allhosts-server-member-absent.yml playbooks/hbacrule/ensure-hbarule-allhosts-server-member-present.yml New tests added for the module: tests/hbacrule/test_hbacrule.yml
2026-05-14 13:32:10 +00:00 · 2019-11-04 13:14:36 +01:00
parent 6af0d9b7c7
commit d36d25d62a
10 changed files with 1129 additions and 0 deletions
--- a/playbooks/hbacrule/ensure-hbarule-allhosts-absent.yml
+++ b/playbooks/hbacrule/ensure-hbarule-allhosts-absent.yml
@@ -0,0 +1,12 @@
+---
+- name: Tests
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  - name: Ensure HBAC Rule allhosts is absent
+    ipahbacrule:
+      ipaadmin_password: MyPassword123
+      name: allhosts
+      state: absent
--- a/playbooks/hbacrule/ensure-hbarule-allhosts-disabled.yml
+++ b/playbooks/hbacrule/ensure-hbarule-allhosts-disabled.yml
@@ -0,0 +1,12 @@
+---
+- name: Tests
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  - name: Ensure HBAC Rule allhosts is disabled
+    ipahbacrule:
+      ipaadmin_password: MyPassword123
+      name: allhosts
+      state: disabled
--- a/playbooks/hbacrule/ensure-hbarule-allhosts-enabled.yml
+++ b/playbooks/hbacrule/ensure-hbarule-allhosts-enabled.yml
@@ -0,0 +1,12 @@
+---
+- name: Tests
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  - name: Ensure HBAC Rule allhosts is enabled
+    ipahbacrule:
+      ipaadmin_password: MyPassword123
+      name: allhosts
+      state: enabled
--- a/playbooks/hbacrule/ensure-hbarule-allhosts-present.yml
+++ b/playbooks/hbacrule/ensure-hbarule-allhosts-present.yml
@@ -0,0 +1,12 @@
+---
+- name: Tests
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  - name: Ensure HBAC Rule allhosts is present
+    ipahbacrule:
+      ipaadmin_password: MyPassword123
+      name: allhosts
+      usercategory: all
--- a/playbooks/hbacrule/ensure-hbarule-allhosts-server-member-absent.yml
+++ b/playbooks/hbacrule/ensure-hbarule-allhosts-server-member-absent.yml
@@ -0,0 +1,14 @@
+---
+- name: Tests
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  - name: Ensure host server is absent in HBAC Rule allhosts
+    ipahbacrule:
+      ipaadmin_password: MyPassword123
+      name: allhosts
+      host: server
+      action: member
+      state: absent
--- a/playbooks/hbacrule/ensure-hbarule-allhosts-server-member-present.yml
+++ b/playbooks/hbacrule/ensure-hbarule-allhosts-server-member-present.yml
@@ -0,0 +1,13 @@
+---
+- name: Tests
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  - name: Ensure host server is present in HBAC Rule allhosts
+    ipahbacrule:
+      ipaadmin_password: MyPassword123
+      name: allhosts
+      host: server
+      action: member