Skip to content
Snippets Groups Projects
Unverified Commit cae2a8b9 authored by Thomas Woerner's avatar Thomas Woerner Committed by GitHub
Browse files

Merge pull request #445 from rjeffman/fix_ipasudocmdgroup_create_sudocmds

ipasudocmdgroup: Fix creation of sudocmdgroups with sudocmds.
parents 3a8b2ebb c542fb9f
Branches
Tags
No related merge requests found
...@@ -50,10 +50,6 @@ options: ...@@ -50,10 +50,6 @@ options:
description: Suppress processing of membership attributes description: Suppress processing of membership attributes
required: false required: false
type: bool type: bool
sudocmdgroup:
description: List of sudocmdgroup names assigned to this sudocmdgroup.
required: false
type: list
sudocmd: sudocmd:
description: List of sudocmds assigned to this sudocmdgroup. description: List of sudocmds assigned to this sudocmdgroup.
required: false required: false
...@@ -113,22 +109,18 @@ from ansible.module_utils.ansible_freeipa_module import temp_kinit, \ ...@@ -113,22 +109,18 @@ from ansible.module_utils.ansible_freeipa_module import temp_kinit, \
temp_kdestroy, valid_creds, api_connect, api_command, compare_args_ipa, \ temp_kdestroy, valid_creds, api_connect, api_command, compare_args_ipa, \
gen_add_del_lists gen_add_del_lists
import ipalib
def find_sudocmdgroup(module, name):
_args = {
"all": True,
"cn": to_text(name),
}
_result = api_command(module, "sudocmdgroup_find", to_text(name), _args) def find_sudocmdgroup(module, name):
args = {"all": True}
if len(_result["result"]) > 1: try:
module.fail_json( _result = api_command(module, "sudocmdgroup_show", to_text(name), args)
msg="There is more than one sudocmdgroup '%s'" % (name)) except ipalib.errors.NotFound:
elif len(_result["result"]) == 1:
return _result["result"][0]
else:
return None return None
else:
return _result["result"]
def gen_args(description, nomembers): def gen_args(description, nomembers):
...@@ -141,10 +133,10 @@ def gen_args(description, nomembers): ...@@ -141,10 +133,10 @@ def gen_args(description, nomembers):
return _args return _args
def gen_member_args(sudocmdgroup): def gen_member_args(sudocmd):
_args = {} _args = {}
if sudocmdgroup is not None: if sudocmd is not None:
_args["member_sudocmdgroup"] = sudocmdgroup _args["member_sudocmd"] = sudocmd
return _args return _args
...@@ -161,7 +153,6 @@ def main(): ...@@ -161,7 +153,6 @@ def main():
# present # present
description=dict(type="str", default=None), description=dict(type="str", default=None),
nomembers=dict(required=False, type='bool', default=None), nomembers=dict(required=False, type='bool', default=None),
sudocmdgroup=dict(required=False, type='list', default=None),
sudocmd=dict(required=False, type='list', default=None), sudocmd=dict(required=False, type='list', default=None),
action=dict(type="str", default="sudocmdgroup", action=dict(type="str", default="sudocmdgroup",
choices=["member", "sudocmdgroup"]), choices=["member", "sudocmdgroup"]),
...@@ -184,7 +175,6 @@ def main(): ...@@ -184,7 +175,6 @@ def main():
# present # present
description = ansible_module.params.get("description") description = ansible_module.params.get("description")
nomembers = ansible_module.params.get("nomembers") nomembers = ansible_module.params.get("nomembers")
sudocmdgroup = ansible_module.params.get("sudocmdgroup")
sudocmd = ansible_module.params.get("sudocmd") sudocmd = ansible_module.params.get("sudocmd")
action = ansible_module.params.get("action") action = ansible_module.params.get("action")
# state # state
...@@ -258,28 +248,28 @@ def main(): ...@@ -258,28 +248,28 @@ def main():
if not compare_args_ipa(ansible_module, member_args, if not compare_args_ipa(ansible_module, member_args,
res_find): res_find):
# Generate addition and removal lists # Generate addition and removal lists
sudocmdgroup_add, sudocmdgroup_del = \ sudocmd_add, sudocmd_del = \
gen_add_del_lists( gen_add_del_lists(
sudocmdgroup, sudocmd,
res_find.get("member_sudocmdgroup")) res_find.get("member_sudocmd"))
# Add members # Add members
if len(sudocmdgroup_add) > 0: if len(sudocmd_add) > 0:
commands.append([name, "sudocmdgroup_add_member", commands.append([name, "sudocmdgroup_add_member",
{ {
"sudocmd": [to_text(c) "sudocmd": [to_text(c)
for c in for c in
sudocmdgroup_add] sudocmd_add]
} }
]) ])
# Remove members # Remove members
if len(sudocmdgroup_del) > 0: if len(sudocmd_del) > 0:
commands.append([name, commands.append([name,
"sudocmdgroup_remove_member", "sudocmdgroup_remove_member",
{ {
"sudocmd": [to_text(c) "sudocmd": [to_text(c)
for c in for c in
sudocmdgroup_del] sudocmd_del]
} }
]) ])
elif action == "member": elif action == "member":
......
--- ---
- name: Test sudocmdgroup - name: Test sudocmdgroup
hosts: ipaserver hosts: ipaserver
become: true become: true
...@@ -53,6 +52,52 @@ ...@@ -53,6 +52,52 @@
register: result register: result
failed_when: result.changed failed_when: result.changed
- name: Ensure sudocmdgroup is present, with sudocmds.
ipasudocmdgroup:
ipaadmin_password: SomeADMINpassword
name: network
sudocmd:
- /usr/sbin/ifconfig
- /usr/sbin/iwlist
state: present
register: result
failed_when: not result.changed
- name: Ensure sudocmdgroup is present, with sudocmds, again.
ipasudocmdgroup:
ipaadmin_password: SomeADMINpassword
name: network
sudocmd:
- /usr/sbin/ifconfig
- /usr/sbin/iwlist
state: present
register: result
failed_when: result.changed
- name: Verify sudocmdgroup creation with sudocmds
shell: |
echo SomeADMINpassword | kinit -c verify_sudocmdgroup admin
KRB5CCNAME="verify_sudocmdgroup" ipa sudocmdgroup-show network --all
kdestroy -A -q -c verify_sudocmdgroup
register: result
failed_when: result.failed or not("/usr/sbin/ifconfig" in result.stdout and "/usr/sbin/iwlist" in result.stdout)
- name: Ensure sudocmdgroup, with sudocmds, is absent
ipasudocmdgroup:
ipaadmin_password: SomeADMINpassword
name: network
state: absent
register: result
failed_when: not result.changed
- name: Ensure sudocmdgroup, with sudocmds, is absent again
ipasudocmdgroup:
ipaadmin_password: SomeADMINpassword
name: network
state: absent
register: result
failed_when: result.changed
- name: Ensure testing sudocmdgroup is present - name: Ensure testing sudocmdgroup is present
ipasudocmdgroup: ipasudocmdgroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment