Skip to content
Snippets Groups Projects
Commit 5e734e84 authored by Rafael Guterres Jeffman's avatar Rafael Guterres Jeffman
Browse files

Fixes removal of `all` from HBAC rule categories. 

This patch allows the removal of option `all` from user, host, and
service categories, by allowing an empty string as a valid choice
for each option.
parent 9d348cb3
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
README-hbacrule.md
+ 3
3
View file @ 5e734e84
......@@ -138,9 +138,9 @@ Variable | Description | Required
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
`name` \| `cn` | The list of hbacrule name strings. | yes
`description` | The hbacrule description string. | no
`usercategory` \| `usercat` | User category the rule applies to. Choices: ["all"] | no
`hostcategory` \| `hostcat` | Host category the rule applies to. Choices: ["all"] | no
`servicecategory` \| `servicecat` | HBAC service category the rule applies to. Choices: ["all"] | no
`usercategory` \| `usercat` | User category the rule applies to. Choices: ["all", ""] | no
`hostcategory` \| `hostcat` | Host category the rule applies to. Choices: ["all", ""] | no
`servicecategory` \| `servicecat` | HBAC service category the rule applies to. Choices: ["all", ""] | no
`nomembers` | Suppress processing of membership attributes. (bool) | no
`host` | List of host name strings assigned to this hbacrule. | no
`hostgroup` | List of host group name strings assigned to this hbacrule. | no
......
plugins/modules/ipahbacrule.py
+ 6
6
View file @ 5e734e84
......@@ -49,17 +49,17 @@ options:
description: User category the rule applies to
required: false
aliases: ["usercat"]
choices: ["all"]
choices: ["all", ""]
hostcategory:
description: Host category the rule applies to
required: false
aliases: ["hostcat"]
choices: ["all"]
choices: ["all", ""]
servicecategory:
description: Service category the rule applies to
required: false
aliases: ["servicecat"]
choices: ["all"]
choices: ["all", ""]
nomembers:
description: Suppress processing of membership attributes
required: false
......@@ -208,11 +208,11 @@ def main():
# present
description=dict(type="str", default=None),
usercategory=dict(type="str", default=None,
aliases=["usercat"], choices=["all"]),
aliases=["usercat"], choices=["all", ""]),
hostcategory=dict(type="str", default=None,
aliases=["hostcat"], choices=["all"]),
aliases=["hostcat"], choices=["all", ""]),
servicecategory=dict(type="str", default=None,
aliases=["servicecat"], choices=["all"]),
aliases=["servicecat"], choices=["all", ""]),
nomembers=dict(required=False, type='bool', default=None),
host=dict(required=False, type='list', default=None),
hostgroup=dict(required=False, type='list', default=None),
......
tests/hbacrule/test_hbacrule_categories.yml 0 → 100644
+ 117
0
View file @ 5e734e84
---
- name: Test HBAC rule user category
hosts: ipaserver
become: true
gather_facts: false
tasks:
- name: Ensure HBAC rules are absent
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name:
- testrule
state: absent
- name: Ensure HBAC rule is present, with usercategory 'all'
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: testrule
usercategory: all
register: result
failed_when: not result.changed
- name: Ensure HBAC rule is present, with usercategory 'all', again.
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: testrule
usercategory: all
register: result
failed_when: result.changed
- name: Ensure HBAC rule is present, with no usercategory.
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: testrule
usercategory: ""
register: result
failed_when: not result.changed
- name: Ensure HBAC rule is present, with no usercategory, again.
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: testrule
usercategory: ""
register: result
failed_when: result.changed
- name: Ensure HBAC rule is present, with hostcategory 'all'
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: testrule
hostcategory: all
register: result
failed_when: not result.changed
- name: Ensure HBAC rule is present, with hostcategory 'all', again.
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: testrule
hostcategory: all
register: result
failed_when: result.changed
- name: Ensure HBAC rule is present, with no hostcategory.
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: testrule
hostcategory: ""
register: result
failed_when: not result.changed
- name: Ensure HBAC rule is present, with no hostcategory, again.
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: testrule
hostcategory: ""
register: result
failed_when: result.changed
- name: Ensure HBAC rule is present, with servicecategory 'all'
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: testrule
servicecategory: all
register: result
failed_when: not result.changed
- name: Ensure HBAC rule is present, with servicecategory 'all', again.
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: testrule
servicecategory: all
register: result
failed_when: result.changed
- name: Ensure HBAC rule is present, with no servicecategory.
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: testrule
servicecategory: ""
register: result
failed_when: not result.changed
- name: Ensure HBAC rule is present, with no servicecategory, again.
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: testrule
servicecategory: ""
register: result
failed_when: result.changed
- name: Ensure HBAC rules are absent
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name:
- testrule
state: absent
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment