mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-26 21:33:05 +00:00
6ce1055bac
Update hbacsvcgroup README file and add tests for executing plugin with
`ipaapi_context` set to `client`.
A new test playbook can be found at:
tests/hbacsvcgroup/test_hbacsvcgroup_client_context.yml
The new test file can be executed in a FreeIPA client host that is
not a server. In this case, it should be defined in the `ipaclients`
group, in the inventory file.
3.4 KiB
3.4 KiB
HBACsvcgroup module
Description
The hbacsvcgroup (HBAC Service Group) module allows to ensure presence and absence of HBAC Service Groups and members of the groups.
Features
- HBAC Service Group management
Supported FreeIPA Versions
FreeIPA versions 4.4.0 and up are supported by the ipahbacsvcgroup module.
Requirements
Controller
- Ansible version: 2.8+
Node
- Supported FreeIPA version (see above)
Usage
Example inventory file
[ipaserver]
ipaserver.test.local
Example playbook to make sure HBAC Service Group login exists:
---
- name: Playbook to handle hbacsvcgroups
hbacsvcs: ipaserver
become: true
tasks:
# Ensure HBAC Service Group login is present
- ipahbacsvcgroup:
ipaadmin_password: SomeADMINpassword
name: login
Example playbook to make sure HBAC Service Group login exists with the only HBAC Service sshd:
---
- name: Playbook to handle hbacsvcgroups
hbacsvcs: ipaserver
become: true
tasks:
# Ensure HBAC Service Group login is present with the only HBAC Service sshd
- ipahbacsvcgroup:
ipaadmin_password: SomeADMINpassword
name: login
hbacsvc:
- sshd
Example playbook to make sure HBAC Service sshd is present in HBAC Service Group login:
---
- name: Playbook to handle hbacsvcgroups
hbacsvcs: ipaserver
become: true
tasks:
# Ensure HBAC Service sshd is present in HBAC Service Group login
- ipahbacsvcgroup:
ipaadmin_password: SomeADMINpassword
name: login
hbacsvc:
- sshd
action: member
Example playbook to make sure HBAC Service sshd is absent in HBAC Service Group login:
---
- name: Playbook to handle hbacsvcgroups
hbacsvcs: ipaserver
become: true
tasks:
# Ensure HBAC Service sshd is present in HBAC Service Group login
- ipahbacsvcgroup:
ipaadmin_password: SomeADMINpassword
name: login
hbacsvc:
- sshd
action: member
state: absent
Example playbook to make sure HBAC Service Group login is absent:
---
- name: Playbook to handle hbacsvcgroups
hbacsvcs: ipaserver
become: true
tasks:
# Ensure HBAC Service Group login is present
- ipahbacsvcgroup:
ipaadmin_password: SomeADMINpassword
name: login
state: absent
Variables
ipahbacsvcgroup
| Variable | Description | Required |
|---|---|---|
ipaadmin_principal |
The admin principal is a string and defaults to admin |
no |
ipaadmin_password |
The admin password is a string and is required if there is no admin ticket available on the node | no |
ipaapi_context |
The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. Valid values are server and client. |
no |
name | cn |
The list of hbacsvcgroup name strings. | no |
description |
The hbacsvcgroup description string. | no |
nomembers |
Suppress processing of membership attributes. (bool) | no |
hbacsvc |
List of hbacsvc name strings assigned to this hbacsvcgroup. | no |
action |
Work on hbacsvcgroup or member level. It can be on of member or hbacsvcgroup and defaults to hbacsvcgroup. |
no |
state |
The state to ensure. It can be one of present or absent, default: present. |
no |
Authors
Thomas Woerner