Skip to content
Snippets Groups Projects
Commit 62d34d0a authored by Thomas Woerner's avatar Thomas Woerner
Browse files

ipaservice: Add choice idp to auth_ind

The parameter auth_ind has been updated in FreeIPA. The choice
idp have been missing and is now added.

An additional check was added to verify that the values of the
auth_ind list are valid for the used IPA version.
parent 3ed0c229
No related branches found
No related tags found
No related merge requests found
...@@ -74,7 +74,7 @@ options: ...@@ -74,7 +74,7 @@ options:
type: list type: list
elements: str elements: str
required: false required: false
choices: ["otp", "radius", "pkinit", "hardened", ""] choices: ["otp", "radius", "pkinit", "hardened", "idp", ""]
aliases: ["krbprincipalauthind"] aliases: ["krbprincipalauthind"]
skip_host_check: skip_host_check:
description: Skip checking if host object exists. description: Skip checking if host object exists.
...@@ -185,7 +185,7 @@ options: ...@@ -185,7 +185,7 @@ options:
type: list type: list
elements: str elements: str
required: false required: false
choices: ["otp", "radius", "pkinit", "hardened", ""] choices: ["otp", "radius", "pkinit", "hardened", "idp", ""]
aliases: ["krbprincipalauthind"] aliases: ["krbprincipalauthind"]
skip_host_check: skip_host_check:
description: Skip checking if host object exists. description: Skip checking if host object exists.
...@@ -491,6 +491,15 @@ def check_parameters(module, state, action, names): ...@@ -491,6 +491,15 @@ def check_parameters(module, state, action, names):
module.params_fail_used_invalid(invalid, state, action) module.params_fail_used_invalid(invalid, state, action)
def check_authind(module, auth_ind):
_invalid = module.ipa_command_invalid_param_choices(
"service_add", "krbprincipalauthind", auth_ind)
if _invalid:
module.fail_json(
msg="The use of krbprincipalauthind '%s' is not supported "
"by your IPA version" % "','".join(_invalid))
def init_ansible_module(): def init_ansible_module():
service_spec = dict( service_spec = dict(
# service attributesstr # service attributesstr
...@@ -506,7 +515,8 @@ def init_ansible_module(): ...@@ -506,7 +515,8 @@ def init_ansible_module():
choices=["MS-PAC", "PAD", "NONE", ""]), choices=["MS-PAC", "PAD", "NONE", ""]),
auth_ind=dict(type="list", elements="str", auth_ind=dict(type="list", elements="str",
aliases=["krbprincipalauthind"], aliases=["krbprincipalauthind"],
choices=["otp", "radius", "pkinit", "hardened", ""]), choices=["otp", "radius", "pkinit", "hardened", "idp",
""]),
skip_host_check=dict(type="bool"), skip_host_check=dict(type="bool"),
force=dict(type="bool"), force=dict(type="bool"),
requires_pre_auth=dict( requires_pre_auth=dict(
...@@ -642,6 +652,7 @@ def main(): ...@@ -642,6 +652,7 @@ def main():
if skip_host_check and not has_skip_host_check: if skip_host_check and not has_skip_host_check:
ansible_module.fail_json( ansible_module.fail_json(
msg="Skipping host check is not supported by your IPA version") msg="Skipping host check is not supported by your IPA version")
check_authind(ansible_module, auth_ind)
commands = [] commands = []
keytab_members = ["user", "group", "host", "hostgroup"] keytab_members = ["user", "group", "host", "hostgroup"]
...@@ -664,6 +675,7 @@ def main(): ...@@ -664,6 +675,7 @@ def main():
certificate = [cert.strip() for cert in certificate] certificate = [cert.strip() for cert in certificate]
pac_type = service.get("pac_type") pac_type = service.get("pac_type")
auth_ind = service.get("auth_ind") auth_ind = service.get("auth_ind")
check_authind(ansible_module, auth_ind)
skip_host_check = service.get("skip_host_check") skip_host_check = service.get("skip_host_check")
if skip_host_check and not has_skip_host_check: if skip_host_check and not has_skip_host_check:
ansible_module.fail_json( ansible_module.fail_json(
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment