ansible-freeipa/ensure-sudorule-runasuser-group-is-present.yml at b7ccd8fed5453c982e2400838449bf45a2fc251d - ansible-freeipa - Gitea: Git with a cup of tea

internet/ansible-freeipa

mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-06-10 02:35:54 +00:00

Files

Rafael Guterres Jeffman 1fde1764af ipasudorule: Allow setting groups for runasuser.

On IPA CLI sudorule-add/del-runasuser accept 'group' as a parameter,
and this option was missing in ansible-freeipa ipasudorule module.

This patch adds a new parameter 'runasuser_group' to allow setting
Groups of RunAs Users, as allowed by CLI and WebUI.

New example playboks can be found at:

    playbooks/sudorule/ensure-sudorule-runasusesr-group-is-absent.yml
    playbooks/sudorule/ensure-sudorule-runasusesr-group-is-present.yml

2024-01-23 12:04:02 -03:00

14 lines

318 B

YAML

Raw Blame History

 ---
 - name: Playbook to manage sudorule member
   hosts: ipaserver
   become: no
   gather_facts: no
   tasks:
   - name: Ensure sudorule 'runasuser' has 'ipasuers' group as runas users.
     ipasudorule:
       ipaadmin_password: SomeADMINpassword
       name: testrule1
       runasuser_group: ipausers
       action: member