mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
add external user support to ipa_group module (#5897)
* add external user support to ipa_group module * add changelog * fix style errors * remove trailing whitespace * Update plugins/modules/ipa_group.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/ipa_group.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/ipa_group.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/ipa_group.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update changelogs/fragments/5897-ipa_group-add-external-users.yml Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/ipa_group.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/ipa_group.py Co-authored-by: Felix Fontein <felix@fontein.de> --------- Co-authored-by: Yuriy Halytskyy <yuriy.halytskyy@nesi.org.nz> Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
parent
8818a6f242
commit
6c6de8fb90
2 changed files with 56 additions and 2 deletions
|
@ -0,0 +1,2 @@
|
||||||
|
minor_changes:
|
||||||
|
- ipa_group - allow to add and remove external users with the ``external_user`` option (https://github.com/ansible-collections/community.general/pull/5897).
|
|
@ -64,6 +64,17 @@ options:
|
||||||
- If option is omitted assigned users will not be checked or changed.
|
- If option is omitted assigned users will not be checked or changed.
|
||||||
type: list
|
type: list
|
||||||
elements: str
|
elements: str
|
||||||
|
external_user:
|
||||||
|
description:
|
||||||
|
- List of external users assigned to this group.
|
||||||
|
- Behaves identically to I(user) with respect to I(append) attribute.
|
||||||
|
- List entries can be in C(DOMAIN\\username) or SID format.
|
||||||
|
- Unless SIDs are provided, the module will always attempt to make changes even if the group already has all the users.
|
||||||
|
This is because only SIDs are returned by IPA query.
|
||||||
|
- I(external=true) is needed for this option to work.
|
||||||
|
type: list
|
||||||
|
elements: str
|
||||||
|
version_added: 6.3.0
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- State to ensure
|
- State to ensure
|
||||||
|
@ -116,6 +127,28 @@ EXAMPLES = r'''
|
||||||
ipa_user: admin
|
ipa_user: admin
|
||||||
ipa_pass: topsecret
|
ipa_pass: topsecret
|
||||||
|
|
||||||
|
- name: Add external user to a group
|
||||||
|
community.general.ipa_group:
|
||||||
|
name: developers
|
||||||
|
external: true
|
||||||
|
append: true
|
||||||
|
external_user:
|
||||||
|
- S-1-5-21-123-1234-12345-63421
|
||||||
|
ipa_host: ipa.example.com
|
||||||
|
ipa_user: admin
|
||||||
|
ipa_pass: topsecret
|
||||||
|
|
||||||
|
- name: Add a user from MYDOMAIN
|
||||||
|
community.general.ipa_group:
|
||||||
|
name: developers
|
||||||
|
external: true
|
||||||
|
append: true
|
||||||
|
external_user:
|
||||||
|
- MYDOMAIN\\john
|
||||||
|
ipa_host: ipa.example.com
|
||||||
|
ipa_user: admin
|
||||||
|
ipa_pass: topsecret
|
||||||
|
|
||||||
- name: Ensure group is absent
|
- name: Ensure group is absent
|
||||||
community.general.ipa_group:
|
community.general.ipa_group:
|
||||||
name: sysops
|
name: sysops
|
||||||
|
@ -164,6 +197,9 @@ class GroupIPAClient(IPAClient):
|
||||||
def group_add_member_user(self, name, item):
|
def group_add_member_user(self, name, item):
|
||||||
return self.group_add_member(name=name, item={'user': item})
|
return self.group_add_member(name=name, item={'user': item})
|
||||||
|
|
||||||
|
def group_add_member_externaluser(self, name, item):
|
||||||
|
return self.group_add_member(name=name, item={'ipaexternalmember': item})
|
||||||
|
|
||||||
def group_remove_member(self, name, item):
|
def group_remove_member(self, name, item):
|
||||||
return self._post_json(method='group_remove_member', name=name, item=item)
|
return self._post_json(method='group_remove_member', name=name, item=item)
|
||||||
|
|
||||||
|
@ -173,6 +209,9 @@ class GroupIPAClient(IPAClient):
|
||||||
def group_remove_member_user(self, name, item):
|
def group_remove_member_user(self, name, item):
|
||||||
return self.group_remove_member(name=name, item={'user': item})
|
return self.group_remove_member(name=name, item={'user': item})
|
||||||
|
|
||||||
|
def group_remove_member_externaluser(self, name, item):
|
||||||
|
return self.group_remove_member(name=name, item={'ipaexternalmember': item})
|
||||||
|
|
||||||
|
|
||||||
def get_group_dict(description=None, external=None, gid=None, nonposix=None):
|
def get_group_dict(description=None, external=None, gid=None, nonposix=None):
|
||||||
group = {}
|
group = {}
|
||||||
|
@ -208,12 +247,19 @@ def ensure(module, client):
|
||||||
name = module.params['cn']
|
name = module.params['cn']
|
||||||
group = module.params['group']
|
group = module.params['group']
|
||||||
user = module.params['user']
|
user = module.params['user']
|
||||||
|
external = module.params['external']
|
||||||
|
external_user = module.params['external_user']
|
||||||
append = module.params['append']
|
append = module.params['append']
|
||||||
|
|
||||||
module_group = get_group_dict(description=module.params['description'], external=module.params['external'],
|
module_group = get_group_dict(description=module.params['description'],
|
||||||
gid=module.params['gidnumber'], nonposix=module.params['nonposix'])
|
external=external,
|
||||||
|
gid=module.params['gidnumber'],
|
||||||
|
nonposix=module.params['nonposix'])
|
||||||
ipa_group = client.group_find(name=name)
|
ipa_group = client.group_find(name=name)
|
||||||
|
|
||||||
|
if (not (external or external_user is None)):
|
||||||
|
module.fail_json("external_user can only be set if external = True")
|
||||||
|
|
||||||
changed = False
|
changed = False
|
||||||
if state == 'present':
|
if state == 'present':
|
||||||
if not ipa_group:
|
if not ipa_group:
|
||||||
|
@ -242,6 +288,11 @@ def ensure(module, client):
|
||||||
client.group_remove_member_user,
|
client.group_remove_member_user,
|
||||||
append=append) or changed
|
append=append) or changed
|
||||||
|
|
||||||
|
if external_user is not None:
|
||||||
|
changed = client.modify_if_diff(name, ipa_group.get('ipaexternalmember', []), external_user,
|
||||||
|
client.group_add_member_externaluser,
|
||||||
|
client.group_remove_member_externaluser,
|
||||||
|
append=append) or changed
|
||||||
else:
|
else:
|
||||||
if ipa_group:
|
if ipa_group:
|
||||||
changed = True
|
changed = True
|
||||||
|
@ -256,6 +307,7 @@ def main():
|
||||||
argument_spec.update(cn=dict(type='str', required=True, aliases=['name']),
|
argument_spec.update(cn=dict(type='str', required=True, aliases=['name']),
|
||||||
description=dict(type='str'),
|
description=dict(type='str'),
|
||||||
external=dict(type='bool'),
|
external=dict(type='bool'),
|
||||||
|
external_user=dict(type='list', elements='str'),
|
||||||
gidnumber=dict(type='str', aliases=['gid']),
|
gidnumber=dict(type='str', aliases=['gid']),
|
||||||
group=dict(type='list', elements='str'),
|
group=dict(type='list', elements='str'),
|
||||||
nonposix=dict(type='bool'),
|
nonposix=dict(type='bool'),
|
||||||
|
|
Loading…
Reference in a new issue