New sudocmdgroup management module.

There is a new sudocmdgroup management module placed in the plugins folder: plugins/modules/ipasudocmdgroup.py The sudocmdgroup module allows to add or remove sudo command groups.. The sudocmdgroup module is as compatible as possible to the Ansible upstream ipa_sudocmdgroup module, and additionally offers to ensure member presence and absence. Here is the documentation for the module: README-sudocmdgroup.md New example playbooks have been added: playbooks/sudocmd/ensure-sudocmdgroup-is-absent.yml playbooks/sudocmd/ensure-sudocmdgroup-is-present.yml playbooks/sudocmd/ensure-sudocmd-is-absent-in-sudocmdgroup.yml playbooks/sudocmd/ensure-sudocmd-is-present-in-sudocmdgroup.yml A test playbook is provided in: tests/sudocmdgroup/test_sudocmdgroup.yml Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
2026-05-14 05:22:05 +00:00 · 2019-10-21 22:32:05 -03:00
parent 12c4227385
commit fce3935d03
8 changed files with 722 additions and 0 deletions
--- a/playbooks/sudocmdgroup/ensure-sudocmd-are-absent-in-sudocmdgroup.yml
+++ b/playbooks/sudocmdgroup/ensure-sudocmd-are-absent-in-sudocmdgroup.yml
@@ -0,0 +1,15 @@
+---
+- name: Playbook to handle sudocmdgroups
+  hosts: ipaserver
+  become: true
+
+  tasks:
+  # Ensure sudocmds are absent in sudocmdgroup
+  - ipasudocmdgroup:
+      ipaadmin_password: MyPassword123
+      name: network
+      sudocmd:
+      - /usr/sbin/ifconfig
+      - /usr/sbin/iwlist
+      action: member
+      state: absent
--- a/playbooks/sudocmdgroup/ensure-sudocmd-are-present-in-sudocmdgroup.yml
+++ b/playbooks/sudocmdgroup/ensure-sudocmd-are-present-in-sudocmdgroup.yml
@@ -0,0 +1,22 @@
+---
+- name: Playbook to handle sudocmdgroups
+  hosts: ipaserver
+  become: true
+
+  tasks:
+  # Ensure sudo commands are present
+  - ipasudocmd:
+     ipaadmin_password: MyPassword123
+     name:
+     - /usr/sbin/ifconfig
+     - /usr/sbin/iwlist
+     state: present
+
+  # Ensure sudo commands are present in existing sudocmdgroup
+  - ipasudocmdgroup:
+     ipaadmin_password: MyPassword123
+     name: network
+     sudocmd:
+     - /usr/sbin/ifconfig
+     - /usr/sbin/iwlist
+     action: member
--- a/playbooks/sudocmdgroup/ensure-sudocmdgroup-is-absent.yml
+++ b/playbooks/sudocmdgroup/ensure-sudocmdgroup-is-absent.yml
@@ -0,0 +1,12 @@
+---
+- name: Playbook to handle sudocmdgroups
+  hosts: ipaserver
+  become: true
+
+  tasks:
+  # Ensure sudocmdgroup is absent
+  - ipasudocmdgroup:
+     ipaadmin_password: pass1234
+     name: network
+     state: absent
+     action: sudocmdgroup
--- a/playbooks/sudocmdgroup/ensure-sudocmdgroup-is-present.yml
+++ b/playbooks/sudocmdgroup/ensure-sudocmdgroup-is-present.yml
@@ -0,0 +1,15 @@
+---
+- name: Playbook to handle sudocmdgroups
+  hosts: ipaserver
+  become: true
+
+  tasks:
+  # Ensure sudocmdgroup sudocmds are present
+  - ipasudocmdgroup:
+      ipaadmin_password: pass1234
+      name: network
+      description: Group of important commands.
+      sudocmd:
+      - /usr/sbin/ifconfig
+      - /usr/sbin/iwlist
+      state: present