internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-06-11 11:15:55 +00:00
Code Issues Projects Releases Wiki Activity

sudorule: Add support for 'hostmask' parameter

Browse Source 
The hostmask parameter allows matching a sudorule against a network
address, and was missing from ipasudorule module.

Documentation and tests were updated to reflect changes.

Two new example playbooks are available:

    playbooks/sudorule/ensure-sudorule-hostmask-member-is-absent.yml
    playbooks/sudorule/ensure-sudorule-hostmask-member-is-present.yml
This commit is contained in:
Rafael Guterres Jeffman
2022-09-26 16:09:15 -03:00
parent 9423eb81b7
commit d859ddc7fe
5 changed files with 188 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

112
tests/sudorule/test_sudorule.yml
View File

@@ -83,6 +83,7 @@
ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- test_upstream_issue_664
- testrule_hostmask
- testrule1
- allusers
- allhosts
@@ -1005,6 +1006,116 @@
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present with hostmask
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: testrule_hostmask
hostmask:
- 192.168.122.1/24
- 192.168.120.1/24
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present with hostmask, again
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: testrule_hostmask
hostmask:
- 192.168.122.1/24
- 192.168.120.1/24
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule hostmask member is absent
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: testrule_hostmask
hostmask: 192.168.122.0/24
action: member
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule hostmask member is absent, again
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: testrule_hostmask
hostmask: 192.168.122.0/24
action: member
state: absent
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule is present with another hostmask
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: testrule_hostmask
hostmask: 192.168.122.0/24
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present with another hostmask, again
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule_hostmask
hostmask: 192.168.122.0/24
register: result
failed_when: result.changed
- name: Check sudorule with hostmask is absent
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule_hostmask
hostmask: 192.168.120.0/24
action: member
register: result
check_mode: yes
failed_when: not result.changed or result.failed
- name: Ensure sudorule hostmask member is present
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule_hostmask
hostmask: 192.168.120.0/24
action: member
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule hostmask member is present, again
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule_hostmask
hostmask: 192.168.120.0/24
action: member
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule hostmask member is absent
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule_hostmask
hostmask: 192.168.120.0/24
action: member
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule hostmask member is absent, again
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule_hostmask
hostmask: 192.168.120.0/24
action: member
state: absent
register: result
failed_when: result.changed or result.failed
# cleanup
- name: Ensure sudocmdgroup is absent
ipasudocmdgroup:
@@ -1013,6 +1124,7 @@
name:
- test_sudorule
- test_sudorule2
- testrule_hostmask
state: absent
- name: Ensure sudocmds are absent