New sudocmdgroup management module.

There is a new sudocmdgroup management module placed in the plugins folder: plugins/modules/ipasudocmdgroup.py The sudocmdgroup module allows to add or remove sudo command groups.. The sudocmdgroup module is as compatible as possible to the Ansible upstream ipa_sudocmdgroup module, and additionally offers to ensure member presence and absence. Here is the documentation for the module: README-sudocmdgroup.md New example playbooks have been added: playbooks/sudocmd/ensure-sudocmdgroup-is-absent.yml playbooks/sudocmd/ensure-sudocmdgroup-is-present.yml playbooks/sudocmd/ensure-sudocmd-is-absent-in-sudocmdgroup.yml playbooks/sudocmd/ensure-sudocmd-is-present-in-sudocmdgroup.yml A test playbook is provided in: tests/sudocmdgroup/test_sudocmdgroup.yml Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
2026-05-07 13:53:23 +00:00 · 2019-10-21 22:32:05 -03:00
parent 12c4227385
commit fce3935d03
8 changed files with 722 additions and 0 deletions
--- a/tests/sudocmdgroup/test_sudocmdgroup.yml
+++ b/tests/sudocmdgroup/test_sudocmdgroup.yml
@@ -0,0 +1,164 @@
+---
+
+- name: Tests
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  - name: Ensure sudocmds are present
+    ipasudocmd:
+      ipaadmin_password: MyPassword123
+      name:
+      - /usr/bin/su
+      - /usr/sbin/ifconfig
+      - /usr/sbin/iwlist
+      state: present
+
+  - name: Ensure sudocmdgroup is absent
+    ipasudocmdgroup:
+      ipaadmin_password: MyPassword123
+      name: network
+      state: absent
+
+  - name: Ensure sudocmdgroup is present
+    ipasudocmdgroup:
+      ipaadmin_password: MyPassword123
+      name: network
+      state: present
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure sudocmdgroup is present again
+    ipasudocmdgroup:
+      ipaadmin_password: MyPassword123
+      name: network
+      state: present
+    register: result
+    failed_when: result.changed
+
+  - name: Ensure sudocmdgroup is absent
+    ipasudocmdgroup:
+      ipaadmin_password: MyPassword123
+      name: network
+      state: absent
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure sudocmdgroup is absent again
+    ipasudocmdgroup:
+      ipaadmin_password: MyPassword123
+      name: network
+      state: absent
+    register: result
+    failed_when: result.changed
+
+  - name: Ensure testing sudocmdgroup is present
+    ipasudocmdgroup:
+      ipaadmin_password: MyPassword123
+      name: network
+      state: present
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure sudo commands are present in existing sudocmdgroup
+    ipasudocmdgroup:
+      ipaadmin_password: MyPassword123
+      name: network
+      sudocmd:
+      - /usr/sbin/ifconfig
+      - /usr/sbin/iwlist
+      action: member
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure sudo commands are present in existing sudocmdgroup, again
+    ipasudocmdgroup:
+      ipaadmin_password: MyPassword123
+      name: network
+      sudocmd:
+      - /usr/sbin/ifconfig
+      - /usr/sbin/iwlist
+      action: member
+    register: result
+    failed_when: result.changed
+
+  - name: Ensure sudo commands are absent in existing sudocmdgroup
+    ipasudocmdgroup:
+      ipaadmin_password: MyPassword123
+      name: network
+      sudocmd:
+      - /usr/sbin/ifconfig
+      - /usr/sbin/iwlist
+      action: member
+      state: absent
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure sudo commands are absent in existing sudocmdgroup, again
+    ipasudocmdgroup:
+      ipaadmin_password: MyPassword123
+      name: network
+      sudocmd:
+      - /usr/sbin/ifconfig
+      - /usr/sbin/iwlist
+      action: member
+      state: absent
+    register: result
+    failed_when: result.changed
+
+  - name: Ensure sudo commands are present in sudocmdgroup
+    ipasudocmdgroup:
+      ipaadmin_password: MyPassword123
+      name: network
+      sudocmd:
+      - /usr/sbin/ifconfig
+      - /usr/sbin/iwlist
+      action: member
+      state: present
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure one sudo command is not present in sudocmdgroup
+    ipasudocmdgroup:
+      ipaadmin_password: MyPassword123
+      name: network
+      sudocmd:
+      - /usr/sbin/ifconfig
+      action: member
+      state: absent
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure one sudo command is present in sudocmdgroup
+    ipasudocmdgroup:
+      ipaadmin_password: MyPassword123
+      name: network
+      sudocmd:
+      - /usr/sbin/ifconfig
+      action: member
+      state: present
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure the other sudo command is not present in sudocmdgroup
+    ipasudocmdgroup:
+      ipaadmin_password: MyPassword123
+      name: network
+      sudocmd:
+      - /usr/sbin/iwlist
+      action: member
+      state: absent
+    register: result
+    failed_when: not result.changed
+
+  - name: Ensure the other sudo commandsis not present in sudocmdgroup, again
+    ipasudocmdgroup:
+      ipaadmin_password: MyPassword123
+      name: network
+      sudocmd:
+      - /usr/sbin/iwlist
+      action: member
+      state: absent
+    register: result
+    failed_when: result.changed