diff --git a/README-hostgroup.md b/README-hostgroup.md
index 857012443adb7ff7d9db7aa6e64187f76d4cac89..e021d89a444af71119b4abcf468f5a50b491eb59 100644
--- a/README-hostgroup.md
+++ b/README-hostgroup.md
@@ -137,6 +137,8 @@ Variable | Description | Required
`nomembers` | Suppress processing of membership attributes. (bool) | no
`host` | List of host name strings assigned to this hostgroup. | no
`hostgroup` | List of hostgroup name strings assigned to this hostgroup. | no
+`membermanager_user` | List of member manager users assigned to this hostgroup. Only usable with IPA versions 4.8.4 and up. | no
+`membermanager_group` | List of member manager groups assigned to this hostgroup. Only usable with IPA versions 4.8.4 and up. | no
`action` | Work on hostgroup or member level. It can be on of `member` or `hostgroup` and defaults to `hostgroup`. | no
`state` | The state to ensure. It can be one of `present` or `absent`, default: `present`. | no
diff --git a/plugins/modules/ipahostgroup.py b/plugins/modules/ipahostgroup.py
index 7e1891d318a02634b8644628869c518a13a84e77..4c18e940e61d481a2ac990f739178a19eaddc0c1 100644
--- a/plugins/modules/ipahostgroup.py
+++ b/plugins/modules/ipahostgroup.py
@@ -58,6 +58,18 @@ options:
description: List of hostgroup names assigned to this hostgroup.
required: false
type: list
+ membermanager_user:
+ description:
+ - List of member manager users assigned to this hostgroup.
+ - Only usable with IPA versions 4.8.4 and up.
+ required: false
+ type: list
+ membermanager_group:
+ description:
+ - List of member manager groups assigned to this hostgroup.
+ - Only usable with IPA versions 4.8.4 and up.
+ required: false
+ type: list
action:
description: Work on hostgroup or member level
default: hostgroup
@@ -117,7 +129,7 @@ RETURN = """
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_freeipa_module import temp_kinit, \
temp_kdestroy, valid_creds, api_connect, api_command, compare_args_ipa, \
- module_params_get, gen_add_del_lists
+ module_params_get, gen_add_del_lists, api_check_command
def find_hostgroup(module, name):
@@ -171,6 +183,9 @@ def main():
nomembers=dict(required=False, type='bool', default=None),
host=dict(required=False, type='list', default=None),
hostgroup=dict(required=False, type='list', default=None),
+ membermanager_user=dict(required=False, type='list', default=None),
+ membermanager_group=dict(required=False, type='list',
+ default=None),
action=dict(type="str", default="hostgroup",
choices=["member", "hostgroup"]),
# state
@@ -196,6 +211,10 @@ def main():
nomembers = module_params_get(ansible_module, "nomembers")
host = module_params_get(ansible_module, "host")
hostgroup = module_params_get(ansible_module, "hostgroup")
+ membermanager_user = module_params_get(ansible_module,
+ "membermanager_user")
+ membermanager_group = module_params_get(ansible_module,
+ "membermanager_group")
action = module_params_get(ansible_module, "action")
# state
state = module_params_get(ansible_module, "state")
@@ -239,6 +258,15 @@ def main():
ipaadmin_password)
api_connect()
+ has_add_membermanager = api_check_command(
+ "hostgroup_add_member_manager")
+ if ((membermanager_user is not None or
+ membermanager_group is not None) and not has_add_membermanager):
+ ansible_module.fail_json(
+ msg="Managing a membermanager user or group is not supported "
+ "by your IPA version"
+ )
+
commands = []
for name in names:
@@ -288,6 +316,41 @@ def main():
"host": host_del,
"hostgroup": hostgroup_del,
}])
+
+ membermanager_user_add, membermanager_user_del = \
+ gen_add_del_lists(
+ membermanager_user,
+ res_find.get("membermanager_user")
+ )
+
+ membermanager_group_add, membermanager_group_del = \
+ gen_add_del_lists(
+ membermanager_group,
+ res_find.get("membermanager_group")
+ )
+
+ if has_add_membermanager:
+ # Add membermanager users and groups
+ if len(membermanager_user_add) > 0 or \
+ len(membermanager_group_add) > 0:
+ commands.append(
+ [name, "hostgroup_add_member_manager",
+ {
+ "user": membermanager_user_add,
+ "group": membermanager_group_add,
+ }]
+ )
+ # Remove member manager
+ if len(membermanager_user_del) > 0 or \
+ len(membermanager_group_del) > 0:
+ commands.append(
+ [name, "hostgroup_remove_member_manager",
+ {
+ "user": membermanager_user_del,
+ "group": membermanager_group_del,
+ }]
+ )
+
elif action == "member":
if res_find is None:
ansible_module.fail_json(
@@ -299,6 +362,19 @@ def main():
"host": host,
"hostgroup": hostgroup,
}])
+
+ if has_add_membermanager:
+ # Add membermanager users and groups
+ if membermanager_user is not None or \
+ membermanager_group is not None:
+ commands.append(
+ [name, "hostgroup_add_member_manager",
+ {
+ "user": membermanager_user,
+ "group": membermanager_group,
+ }]
+ )
+
elif state == "absent":
if action == "hostgroup":
if res_find is not None:
@@ -315,6 +391,19 @@ def main():
"host": host,
"hostgroup": hostgroup,
}])
+
+ if has_add_membermanager:
+ # Remove membermanager users and groups
+ if membermanager_user is not None or \
+ membermanager_group is not None:
+ commands.append(
+ [name, "hostgroup_remove_member_manager",
+ {
+ "user": membermanager_user,
+ "group": membermanager_group,
+ }]
+ )
+
else:
ansible_module.fail_json(msg="Unkown state '%s'" % state)
diff --git a/tests/hostgroup/test_hostgroup_membermanager.yml b/tests/hostgroup/test_hostgroup_membermanager.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c32d1088ebf69367a24ce5a53bc4e164eabc1cee
--- /dev/null
+++ b/tests/hostgroup/test_hostgroup_membermanager.yml
@@ -0,0 +1,210 @@
+---
+- name: Test hostgroup membermanagers
+ hosts: ipaserver
+ become: true
+ gather_facts: false
+
+ tasks:
+ - name: Ensure host-group testhostgroup is absent
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - testhostgroup
+ state: absent
+
+ - name: Ensure user manangeruser1 and manageruser2 is absent
+ ipauser:
+ ipaadmin_password: SomeADMINpassword
+ name: manageruser1,manageruser2
+ state: absent
+
+ - name: Ensure group managergroup1 and managergroup2 are absent
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: managergroup1,managergroup2
+ state: absent
+
+ - name: Ensure host-group testhostgroup is present
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - testhostgroup
+
+ - name: Ensure user manageruser1 and manageruser2 are present
+ ipauser:
+ ipaadmin_password: SomeADMINpassword
+ users:
+ - name: manageruser1
+ first: manageruser1
+ last: Last1
+ - name: manageruser2
+ first: manageruser2
+ last: Last2
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure managergroup1 is present
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: managergroup1
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure managergroup2 is present
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: managergroup2
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure membermanager user1 is present for testhostgroup
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testhostgroup
+ membermanager_user: manageruser1
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure membermanager user1 is present for testhostgroup again
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testhostgroup
+ membermanager_user: manageruser1
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure membermanager group1 is present for testhostgroup
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testhostgroup
+ membermanager_group: managergroup1
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure membermanager group1 is present for testhostgroup again
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testhostgroup
+ membermanager_group: managergroup1
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure membermanager user2 and group2 members are present for testhostgroup
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testhostgroup
+ membermanager_user: manageruser2
+ membermanager_group: managergroup2
+ action: member
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure membermanager user2 and group2 members are present for testhostgroup again
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testhostgroup
+ membermanager_user: manageruser2
+ membermanager_group: managergroup2
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure membermanager user and group members are present for testhostgroup again
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testhostgroup
+ membermanager_user: manageruser1,manageruser2
+ membermanager_group: managergroup1,managergroup2
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure membermanager user1 and group1 members are absent for testhostgroup
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testhostgroup
+ membermanager_user: manageruser1
+ membermanager_group: managergroup1
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure membermanager user1 and group1 members are absent for testhostgroup again
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testhostgroup
+ membermanager_user: manageruser1
+ membermanager_group: managergroup1
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed
+
+
+ - name: Ensure membermanager user1 and group1 members are present for testhostgroup
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testhostgroup
+ membermanager_user: manageruser1
+ membermanager_group: managergroup1
+ action: member
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure membermanager user1 and group1 members are present for testhostgroup again
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testhostgroup
+ membermanager_user: manageruser1
+ membermanager_group: managergroup1
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure membermanager user and group members are absent for testhostgroup
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testhostgroup
+ membermanager_user: manageruser1,manageruser2
+ membermanager_group: managergroup1,managergroup2
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure membermanager user and group members are absent for testhostgroup again
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testhostgroup
+ membermanager_user: manageruser1,manageruser2
+ membermanager_group: managergroup1,managergroup2
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure user manangeruser1 and manageruser2 is absent
+ ipauser:
+ ipaadmin_password: SomeADMINpassword
+ name: manageruser1,manageruser2
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure group managergroup1 and managergroup2 are absent
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: managergroup1,managergroup2
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure host-group testhostgroup is absent
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - testhostgroup
+ state: absent
+ register: result
+ failed_when: not result.changed