Add missing attributes to ipasudorule.

This patch adds the following attributes to ipasudorule:

    - order
    - sudooption
    - runasuser
    - runasgroup

It also fixes behavior of sudocmd assigned to the the sudorule, with the
adittion of the attributes:

    - allow_sudocmds
    - deny_sudocmds
    - allow_sudocmdgroups
    - deny_sudocmdgroups

README-sudorule and tests have been updated to comply with the changes.

playbooks/sudorule/ensure-sudorule-does-not-have-sudooption.yml

@@ -0,0 +1,14 @@
+---
+- name: Tests
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure sudooption is absent in sudorule
+  - ipasudorule:
+      ipaadmin_password: MyPassword123
+      name: testrule1
+      sudooption: "!root"
+      action: member
+      state: absent

playbooks/sudorule/ensure-sudorule-has-sudooption.yml

@@ -0,0 +1,13 @@
+---
+- name: Tests
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure sudooption is present in sudorule
+  - ipasudorule:
+      ipaadmin_password: MyPassword123
+      name: testrule1
+      sudooption: "!root"
+      action: member

playbooks/sudorule/ensure-sudorule-is-present-with-order.yml

@@ -0,0 +1,12 @@
+---
+- name: Tests
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure sudorule is present with the given order.
+  - ipasudorule:
+      ipaadmin_password: MyPassword123
+      name: testrule1
+      order: 2

playbooks/sudorule/ensure-sudorule-is-present.yml

@@ -9,4 +9,6 @@
       ipaadmin_password: MyPassword123
       name: testrule1
       description: A test sudo rule.
+      allow_sudocmd: /bin/ls
+      deny_sudocmd: /bin/vim
       state: present

playbooks/sudorule/ensure-sudorule-runasuser-is-absent.yml

@@ -0,0 +1,14 @@
+---
+- name: Tests
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure sudorule is present with the given order.
+  - ipasudorule:
+      ipaadmin_password: MyPassword123
+      name: testrule1
+      runasuser: admin
+      action: member
+      state: absent

playbooks/sudorule/ensure-sudorule-runasuser-is-present.yml

@@ -0,0 +1,13 @@
+---
+- name: Tests
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure sudorule is present with the given order.
+  - ipasudorule:
+      ipaadmin_password: MyPassword123
+      name: testrule1
+      runasuser: admin
+      action: member

playbooks/sudorule/ensure-sudorule-sudocmd-is-absent.yml

@@ -8,8 +8,13 @@
   - ipasudorule:
       ipaadmin_password: MyPassword123
       name: testrule1
-      cmd:
+      allow_sudocmd:
       - /sbin/ifconfig
+      deny_sudocmd:
       - /usr/bin/vim
+      allow_sudocmdgroup:
+      - devops
+      deny_sudocmdgroup:
+      - users
       action: member
       state: absent

playbooks/sudorule/ensure-sudorule-sudocmd-is-present.yml

@@ -8,7 +8,12 @@
   - ipasudorule:
       ipaadmin_password: MyPassword123
       name: testrule1
-      cmd:
+      allow_sudocmd:
       - /sbin/ifconfig
+      deny_sudocmd:
       - /usr/bin/vim
+      allow_sudocmdgroup:
+      - devops
+      deny_sudocmdgroup:
+      - users
       action: member