internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-03-26 21:33:05 +00:00
Code Issues Projects Releases Wiki Activity

ipahostgroup: Add support for group membership management

Browse Source 
A group membership manager is a user or a group that can add members to
a group or remove members from a hostgroup.

This is related to https://pagure.io/freeipa/issue/8114

New parameters have been added to the module:
- `membermanager_user`: List of member manager users assigned to this
  group. Only usable with IPA versions 4.8.4 and up.
- `membermanager_group`: List of member manager groups assigned to this
  group. Only usable with IPA versions 4.8.4 and up.

These parameters behave like member parameters.

A new test has been added:
- tests/hostgroup/test_hostgroup_membermanager.yml
This commit is contained in:
Thomas Woerner
2020-06-08 16:08:14 +02:00
parent 46caacd0ae
commit fd7eb4f85f
3 changed files with 302 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README-hostgroup.md
View File

@@ -137,6 +137,8 @@ Variable | Description | Required
`nomembers` | Suppress processing of membership attributes. (bool) | no
`host` | List of host name strings assigned to this hostgroup. | no
`hostgroup` | List of hostgroup name strings assigned to this hostgroup. | no
`membermanager_user` | List of member manager users assigned to this hostgroup. Only usable with IPA versions 4.8.4 and up. | no
`membermanager_group` | List of member manager groups assigned to this hostgroup. Only usable with IPA versions 4.8.4 and up. | no
`action` | Work on hostgroup or member level. It can be on of `member` or `hostgroup` and defaults to `hostgroup`. | no
`state` | The state to ensure. It can be one of `present` or `absent`, default: `present`. | no

91
plugins/modules/ipahostgroup.py
View File

@@ -58,6 +58,18 @@ options:
description: List of hostgroup names assigned to this hostgroup.
required: false
type: list
membermanager_user:
description:
- List of member manager users assigned to this hostgroup.
- Only usable with IPA versions 4.8.4 and up.
required: false
type: list
membermanager_group:
description:
- List of member manager groups assigned to this hostgroup.
- Only usable with IPA versions 4.8.4 and up.
required: false
type: list
action:
description: Work on hostgroup or member level
default: hostgroup
@@ -117,7 +129,7 @@ RETURN = """
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_freeipa_module import temp_kinit, \
temp_kdestroy, valid_creds, api_connect, api_command, compare_args_ipa, \
module_params_get, gen_add_del_lists
module_params_get, gen_add_del_lists, api_check_command
def find_hostgroup(module, name):
@@ -171,6 +183,9 @@ def main():
nomembers=dict(required=False, type='bool', default=None),
host=dict(required=False, type='list', default=None),
hostgroup=dict(required=False, type='list', default=None),
membermanager_user=dict(required=False, type='list', default=None),
membermanager_group=dict(required=False, type='list',
default=None),
action=dict(type="str", default="hostgroup",
choices=["member", "hostgroup"]),
# state
@@ -196,6 +211,10 @@ def main():
nomembers = module_params_get(ansible_module, "nomembers")
host = module_params_get(ansible_module, "host")
hostgroup = module_params_get(ansible_module, "hostgroup")
membermanager_user = module_params_get(ansible_module,
"membermanager_user")
membermanager_group = module_params_get(ansible_module,
"membermanager_group")
action = module_params_get(ansible_module, "action")
# state
state = module_params_get(ansible_module, "state")
@@ -239,6 +258,15 @@ def main():
ipaadmin_password)
api_connect()
has_add_membermanager = api_check_command(
"hostgroup_add_member_manager")
if ((membermanager_user is not None or
membermanager_group is not None) and not has_add_membermanager):
ansible_module.fail_json(
msg="Managing a membermanager user or group is not supported "
"by your IPA version"
)
commands = []
for name in names:
@@ -288,6 +316,41 @@ def main():
"host": host_del,
"hostgroup": hostgroup_del,
}])
membermanager_user_add, membermanager_user_del = \
gen_add_del_lists(
membermanager_user,
res_find.get("membermanager_user")
)
membermanager_group_add, membermanager_group_del = \
gen_add_del_lists(
membermanager_group,
res_find.get("membermanager_group")
)
if has_add_membermanager:
# Add membermanager users and groups
if len(membermanager_user_add) > 0 or \
len(membermanager_group_add) > 0:
commands.append(
[name, "hostgroup_add_member_manager",
{
"user": membermanager_user_add,
"group": membermanager_group_add,
}]
)
# Remove member manager
if len(membermanager_user_del) > 0 or \
len(membermanager_group_del) > 0:
commands.append(
[name, "hostgroup_remove_member_manager",
{
"user": membermanager_user_del,
"group": membermanager_group_del,
}]
)
elif action == "member":
if res_find is None:
ansible_module.fail_json(
@@ -299,6 +362,19 @@ def main():
"host": host,
"hostgroup": hostgroup,
}])
if has_add_membermanager:
# Add membermanager users and groups
if membermanager_user is not None or \
membermanager_group is not None:
commands.append(
[name, "hostgroup_add_member_manager",
{
"user": membermanager_user,
"group": membermanager_group,
}]
)
elif state == "absent":
if action == "hostgroup":
if res_find is not None:
@@ -315,6 +391,19 @@ def main():
"host": host,
"hostgroup": hostgroup,
}])
if has_add_membermanager:
# Remove membermanager users and groups
if membermanager_user is not None or \
membermanager_group is not None:
commands.append(
[name, "hostgroup_remove_member_manager",
{
"user": membermanager_user,
"group": membermanager_group,
}]
)
else:
ansible_module.fail_json(msg="Unkown state '%s'" % state)

210
tests/hostgroup/test_hostgroup_membermanager.yml Normal file
View File

@@ -0,0 +1,210 @@
---
- name: Test hostgroup membermanagers
hosts: ipaserver
become: true
gather_facts: false
tasks:
- name: Ensure host-group testhostgroup is absent
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name:
- testhostgroup
state: absent
- name: Ensure user manangeruser1 and manageruser2 is absent
ipauser:
ipaadmin_password: SomeADMINpassword
name: manageruser1,manageruser2
state: absent
- name: Ensure group managergroup1 and managergroup2 are absent
ipagroup:
ipaadmin_password: SomeADMINpassword
name: managergroup1,managergroup2
state: absent
- name: Ensure host-group testhostgroup is present
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name:
- testhostgroup
- name: Ensure user manageruser1 and manageruser2 are present
ipauser:
ipaadmin_password: SomeADMINpassword
users:
- name: manageruser1
first: manageruser1
last: Last1
- name: manageruser2
first: manageruser2
last: Last2
register: result
failed_when: not result.changed
- name: Ensure managergroup1 is present
ipagroup:
ipaadmin_password: SomeADMINpassword
name: managergroup1
register: result
failed_when: not result.changed
- name: Ensure managergroup2 is present
ipagroup:
ipaadmin_password: SomeADMINpassword
name: managergroup2
register: result
failed_when: not result.changed
- name: Ensure membermanager user1 is present for testhostgroup
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser1
register: result
failed_when: not result.changed
- name: Ensure membermanager user1 is present for testhostgroup again
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser1
register: result
failed_when: result.changed
- name: Ensure membermanager group1 is present for testhostgroup
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_group: managergroup1
register: result
failed_when: not result.changed
- name: Ensure membermanager group1 is present for testhostgroup again
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_group: managergroup1
register: result
failed_when: result.changed
- name: Ensure membermanager user2 and group2 members are present for testhostgroup
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser2
membermanager_group: managergroup2
action: member
register: result
failed_when: not result.changed
- name: Ensure membermanager user2 and group2 members are present for testhostgroup again
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser2
membermanager_group: managergroup2
action: member
register: result
failed_when: result.changed
- name: Ensure membermanager user and group members are present for testhostgroup again
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser1,manageruser2
membermanager_group: managergroup1,managergroup2
action: member
register: result
failed_when: result.changed
- name: Ensure membermanager user1 and group1 members are absent for testhostgroup
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser1
membermanager_group: managergroup1
action: member
state: absent
register: result
failed_when: not result.changed
- name: Ensure membermanager user1 and group1 members are absent for testhostgroup again
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser1
membermanager_group: managergroup1
action: member
state: absent
register: result
failed_when: result.changed
- name: Ensure membermanager user1 and group1 members are present for testhostgroup
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser1
membermanager_group: managergroup1
action: member
register: result
failed_when: not result.changed
- name: Ensure membermanager user1 and group1 members are present for testhostgroup again
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser1
membermanager_group: managergroup1
action: member
register: result
failed_when: result.changed
- name: Ensure membermanager user and group members are absent for testhostgroup
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser1,manageruser2
membermanager_group: managergroup1,managergroup2
action: member
state: absent
register: result
failed_when: not result.changed
- name: Ensure membermanager user and group members are absent for testhostgroup again
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser1,manageruser2
membermanager_group: managergroup1,managergroup2
action: member
state: absent
register: result
failed_when: result.changed
- name: Ensure user manangeruser1 and manageruser2 is absent
ipauser:
ipaadmin_password: SomeADMINpassword
name: manageruser1,manageruser2
state: absent
register: result
failed_when: not result.changed
- name: Ensure group managergroup1 and managergroup2 are absent
ipagroup:
ipaadmin_password: SomeADMINpassword
name: managergroup1,managergroup2
state: absent
register: result
failed_when: not result.changed
- name: Ensure host-group testhostgroup is absent
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name:
- testhostgroup
state: absent
register: result
failed_when: not result.changed