internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-06 05:13:08 +00:00
Code Issues Projects Releases Wiki Activity
1,062 Commits 12 Branches 63 Tags
b598470c2bba5e7cb0792074792e1aa5ff67f6fa
Commit Graph

8 Commits

Author SHA1 Message Date
Rafael Guterres Jeffman
71c0972b69 Improve ipapermission member management. 
In `ipapermission` plugin, Some attributtes were not being managed
when `action: member` was enabled.

This patch enable member management for `right`, `rawfilter`,
`filter, and fixes management of `memberof`.

Fix issue #489
 2021-01-12 11:38:40 -03:00
Rafael Guterres Jeffman
17c7872a8b Merge pull request #484 from t-woerner/permission_fix_attrs_drop_privilege 
ipapermission: Fix attrs and drop privilege handling
 2021-01-08 16:12:01 -03:00
Thomas Woerner
23829c5ec4 ipapermission: Fix attrs and drop privilege handling 
The attrs handling was not complete and did not support to ensure presence
or absence of attributes with action:member.

The includedattrs and excludedattrs parameters have not been added with
this change as the use of attrs will automatically set includedattrs and
excludedattrs. The includedattrs and excludedattrs parameters are only
usable for managed permissions and duplicating attrs.

The permission module may not handle privileges. An IPA internal only API
has been used for this. The prvilege variable and all related code paths
have been removed.

Fixes: #424 ([Permission Handling] Not able to add additional attributes
             with existing attributes)
Fixes: #425 ([Permission Handling] Not able to add member privilege while
             adding permission)
 2021-01-08 13:49:34 +01:00
Eric Nothen
7bbb401b9b Enabled Ansible check_mode 
Added code to the ipa* plugins to support Ansible's check_mode, by
means of a clean exit before the execution of the actual list of
commands that would otherwise create/update/delete IPA servers
and/or its resources.
 2021-01-06 12:18:35 +01:00
Thomas Woerner
23310e5032 Merge pull request #426 from rjeffman/doc_fix_ansible_doc_ipapermission 
Fix ipapermission documentation issue with ansible-doc.
 2020-11-16 18:04:12 +01:00
Rafael Guterres Jeffman
b6cf3e5f51 ipapermission: add version check for bind type 'self' 
FreeIPA 4.8.7 has introduced bind type 'self' as a valid value, and
this PR adds checks so the module fails early if the value is used
with an unsupported version.

Tests and documentation have been updated to reflect the changes.
 2020-11-16 11:15:37 -03:00
Rafael Guterres Jeffman
b9d49184e4 Fix ipapermission documentation issue with ansible-doc. 2020-10-29 10:25:57 -03:00
Seth Kress
8a8487ed6e New Permission management module 
There is a new permission management module placed in the plugins folder:

    plugins/modules/ipapermission.py

The permission module allows to ensure presence of absence of permissions
and manage permission members.

Here is the documentation for the module:

    README-permission.md

New example plabooks have been added:

    playbooks/permission/permission-absent.yml
    playbooks/permission/permission-allow-read-employeenum.yml
    playbooks/permission/permission-member-absent.yml
    playbooks/permission/permission-member-present.yml
    playbooks/permission/permission-present.yml
    playbooks/permission/permission-renamed.yml

New tests for the module:

    tests/permission/test_permission.yml
 2020-10-23 09:10:15 -03:00