If a task with 'action: automember' tried to modify an automember rule
and did not provide either 'inclusive' or 'exclusive' parameters, the
regex for the missing arguments would be removed.
This patch fixes this behavior to only modify those parameters that
were set on the task, and leave the missing parameters in the state
they were before the task.
Tests have been updated to verify expected behavior.
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1976922
Update automember README file and add tests for executing plugin with
`ipaapi_context` set to `client`.
A new test playbook can be found at:
tests/automember/test_automember_client_context.yml
The new test file can be executed in a FreeIPA client host that is
not a server. In this case, it should be defined in the `ipaclients`
group, in the inventory file.
The automember_add_condition and automember_remove_condition commands
are not verifying condition keys in all cases. This is for example not
done in the removal case if a condition is not part of the automember
rule.
For consistent behaviour this needs to be done in the automember module
now. The condition keys are verified with the user and group aciattrs
returned by the API command json_metadata now.
Related: RHBZ#1976926
There is a new automember management module placed in the plugins folder:
plugins/modules/ipaautomember.py
The automember module allows to ensure presence or absence of automember rules
and manage automember rule conditions.
Here is the documentation for the module:
README-automember.md
New example playbooks have been added:
playbooks/automember/automember-group-absent.yml
playbooks/automember/automember-group-present.yml
playbooks/automember/automember-hostgroup-absent.yml
playbooks/automember/automember-hostgroup-present.yml
playbooks/automember/automember-hostgroup-rule-absent.yml
playbooks/automember/automember-hostgroup-rule-present.yml
New tests for the module:
tests/automember/test_automember.yml
