|
Packit Service |
0a38ef |
# -*- coding: utf-8 -*-
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Authors:
|
|
Packit Service |
0a38ef |
# Chris Procter <cprocter@redhat.com>
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# Copyright (C) 2020 Red Hat
|
|
Packit Service |
0a38ef |
# see file 'COPYING' for use and warranty information
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# This program is free software; you can redistribute it and/or modify
|
|
Packit Service |
0a38ef |
# it under the terms of the GNU General Public License as published by
|
|
Packit Service |
0a38ef |
# the Free Software Foundation, either version 3 of the License, or
|
|
Packit Service |
0a38ef |
# (at your option) any later version.
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# This program is distributed in the hope that it will be useful,
|
|
Packit Service |
0a38ef |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
0a38ef |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
Packit Service |
0a38ef |
# GNU General Public License for more details.
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# You should have received a copy of the GNU General Public License
|
|
Packit Service |
0a38ef |
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
ANSIBLE_METADATA = {
|
|
Packit Service |
0a38ef |
"metadata_version": "1.0",
|
|
Packit Service |
0a38ef |
"supported_by": "community",
|
|
Packit Service |
0a38ef |
"status": ["preview"],
|
|
Packit Service |
0a38ef |
}
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
DOCUMENTATION = '''
|
|
Packit Service |
0a38ef |
---
|
|
Packit Service |
0a38ef |
module: ipa_config
|
|
Packit Service |
0a38ef |
author: chris procter
|
|
Packit Service |
0a38ef |
short_description: Modify IPA global config options
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
- Modify IPA global config options
|
|
Packit Service |
0a38ef |
options:
|
|
Packit Service |
0a38ef |
ipaadmin_principal:
|
|
Packit Service |
0a38ef |
description: The admin principal
|
|
Packit Service |
0a38ef |
default: admin
|
|
Packit Service |
0a38ef |
ipaadmin_password:
|
|
Packit Service |
0a38ef |
description: The admin password
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
maxusername:
|
|
Packit Service |
0a38ef |
description: Set the maximum username length between 1-255
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
aliases: ['ipamaxusernamelength']
|
|
Packit Service |
0a38ef |
maxhostname:
|
|
Packit Service |
0a38ef |
description: Set the maximum hostname length between 64-255
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
aliases: ['ipamaxhostnamelength']
|
|
Packit Service |
0a38ef |
homedirectory:
|
|
Packit Service |
0a38ef |
description: Set the default location of home directories
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
aliases: ['ipahomesrootdir']
|
|
Packit Service |
0a38ef |
defaultshell:
|
|
Packit Service |
0a38ef |
description: Set the default shell for new users
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
aliases: ['ipadefaultloginshell', 'loginshell']
|
|
Packit Service |
0a38ef |
defaultgroup:
|
|
Packit Service |
0a38ef |
description: Set the default group for new users
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
aliases: ['ipadefaultprimarygroup']
|
|
Packit Service |
0a38ef |
emaildomain:
|
|
Packit Service |
0a38ef |
description: Set the default e-mail domain
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
aliases: ['ipadefaultemaildomain']
|
|
Packit Service |
0a38ef |
searchtimelimit:
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
- Set maximum amount of time (seconds) for a search
|
|
Packit Service |
0a38ef |
- values -1 to 2147483647 (-1 or 0 is unlimited)
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
aliases: ['ipasearchtimelimit']
|
|
Packit Service |
0a38ef |
searchrecordslimit:
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
- Set maximum number of records to search
|
|
Packit Service |
0a38ef |
- values -1 to 2147483647 (-1 or 0 is unlimited)
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
aliases: ['ipasearchrecordslimit']
|
|
Packit Service |
0a38ef |
usersearch:
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
- Set comma-separated list of fields to search for user search
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
aliases: ['ipausersearchfields']
|
|
Packit Service |
0a38ef |
groupsearch:
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
- Set comma-separated list of fields to search for group search
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
aliases: ['ipagroupsearchfields']
|
|
Packit Service |
0a38ef |
enable_migration:
|
|
Packit Service |
0a38ef |
description: Enable migration mode
|
|
Packit Service |
0a38ef |
type: bool
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
aliases: ['ipamigrationenabled']
|
|
Packit Service |
0a38ef |
groupobjectclasses:
|
|
Packit Service |
0a38ef |
description: Set default group objectclasses (comma-separated list)
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
type: list
|
|
Packit Service |
0a38ef |
aliases: ['ipagroupobjectclasses']
|
|
Packit Service |
0a38ef |
userobjectclasses:
|
|
Packit Service |
0a38ef |
description: Set default user objectclasses (comma-separated list)
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
type: list
|
|
Packit Service |
0a38ef |
aliases: ['ipauserobjectclasses']
|
|
Packit Service |
0a38ef |
pwdexpnotify:
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
- Set number of days's notice of impending password expiration
|
|
Packit Service |
0a38ef |
- values 0 to 2147483647
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
aliases: ['ipapwdexpadvnotify']
|
|
Packit Service |
0a38ef |
configstring:
|
|
Packit Service |
0a38ef |
description: Set extra hashes to generate in password plug-in
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
type: list
|
|
Packit Service |
0a38ef |
choices:
|
|
Packit Service |
0a38ef |
- "AllowNThash"
|
|
Packit Service |
0a38ef |
- "KDC:Disable Last Success"
|
|
Packit Service |
0a38ef |
- "KDC:Disable Lockout"
|
|
Packit Service |
0a38ef |
- "KDC:Disable Default Preauth for SPNs"
|
|
Packit Service |
0a38ef |
- ""
|
|
Packit Service |
0a38ef |
aliases: ['ipaconfigstring']
|
|
Packit Service |
0a38ef |
selinuxusermaporder:
|
|
Packit Service |
0a38ef |
description: Set order in increasing priority of SELinux users
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
type: list
|
|
Packit Service |
0a38ef |
aliases: ['ipaselinuxusermaporder']
|
|
Packit Service |
0a38ef |
selinuxusermapdefault:
|
|
Packit Service |
0a38ef |
description: Set default SELinux user when no match found in map rule
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
aliases: ['ipaselinuxusermapdefault']
|
|
Packit Service |
0a38ef |
pac_type:
|
|
Packit Service |
0a38ef |
description: set default types of PAC supported for services
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
type: list
|
|
Packit Service |
0a38ef |
choices: ["MS-PAC", "PAD", "nfs:NONE", ""]
|
|
Packit Service |
0a38ef |
aliases: ["ipakrbauthzdata"]
|
|
Packit Service |
0a38ef |
user_auth_type:
|
|
Packit Service |
0a38ef |
description: set default types of supported user authentication
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
type: list
|
|
Packit Service |
0a38ef |
choices: ["password", "radius", "otp", "disabled", ""]
|
|
Packit Service |
0a38ef |
aliases: ["ipauserauthtype"]
|
|
Packit Service |
0a38ef |
ca_renewal_master_server:
|
|
Packit Service |
0a38ef |
description: Renewal master for IPA certificate authority.
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
type: string
|
|
Packit Service |
0a38ef |
domain_resolution_order:
|
|
Packit Service |
0a38ef |
description: set list of domains used for short name qualification
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
type: list
|
|
Packit Service |
0a38ef |
aliases: ["ipadomainresolutionorder"]
|
|
Packit Service |
0a38ef |
'''
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
EXAMPLES = '''
|
|
Packit Service |
0a38ef |
---
|
|
Packit Service |
0a38ef |
- name: Playbook to handle global configuration options
|
|
Packit Service |
0a38ef |
hosts: ipaserver
|
|
Packit Service |
0a38ef |
become: true
|
|
Packit Service |
0a38ef |
tasks:
|
|
Packit Service |
0a38ef |
- name: return current values of the global configuration options
|
|
Packit Service |
0a38ef |
ipaconfig:
|
|
Packit Service |
0a38ef |
ipaadmin_password: password
|
|
Packit Service |
0a38ef |
register: result
|
|
Packit Service |
0a38ef |
- name: display default login shell
|
|
Packit Service |
0a38ef |
debug:
|
|
Packit Service |
0a38ef |
msg: '{{result.config.defaultshell[0] }}'
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
- name: set defaultshell and maxusername
|
|
Packit Service |
0a38ef |
ipaconfig:
|
|
Packit Service |
0a38ef |
ipaadmin_password: password
|
|
Packit Service |
0a38ef |
defaultshell: /bin/bash
|
|
Packit Service |
0a38ef |
maxusername: 64
|
|
Packit Service |
0a38ef |
'''
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
RETURN = '''
|
|
Packit Service |
0a38ef |
config:
|
|
Packit Service |
0a38ef |
description: Dict of all global config options
|
|
Packit Service |
0a38ef |
returned: When no options are set
|
|
Packit Service |
0a38ef |
type: dict
|
|
Packit Service |
0a38ef |
options:
|
|
Packit Service |
0a38ef |
maxusername:
|
|
Packit Service |
0a38ef |
description: maximum username length
|
|
Packit Service |
0a38ef |
returned: always
|
|
Packit Service |
0a38ef |
maxhostname:
|
|
Packit Service |
0a38ef |
description: maximum hostname length
|
|
Packit Service |
0a38ef |
returned: always
|
|
Packit Service |
0a38ef |
homedirectory:
|
|
Packit Service |
0a38ef |
description: default location of home directories
|
|
Packit Service |
0a38ef |
returned: always
|
|
Packit Service |
0a38ef |
defaultshell:
|
|
Packit Service |
0a38ef |
description: default shell for new users
|
|
Packit Service |
0a38ef |
returned: always
|
|
Packit Service |
0a38ef |
defaultgroup:
|
|
Packit Service |
0a38ef |
description: default group for new users
|
|
Packit Service |
0a38ef |
returned: always
|
|
Packit Service |
0a38ef |
emaildomain:
|
|
Packit Service |
0a38ef |
description: default e-mail domain
|
|
Packit Service |
0a38ef |
returned: always
|
|
Packit Service |
0a38ef |
searchtimelimit:
|
|
Packit Service |
0a38ef |
description: maximum amount of time (seconds) for a search
|
|
Packit Service |
0a38ef |
returned: always
|
|
Packit Service |
0a38ef |
searchrecordslimit:
|
|
Packit Service |
0a38ef |
description: maximum number of records to search
|
|
Packit Service |
0a38ef |
returned: always
|
|
Packit Service |
0a38ef |
usersearch:
|
|
Packit Service |
0a38ef |
description: comma-separated list of fields to search in user search
|
|
Packit Service |
0a38ef |
type: list
|
|
Packit Service |
0a38ef |
returned: always
|
|
Packit Service |
0a38ef |
groupsearch:
|
|
Packit Service |
0a38ef |
description: comma-separated list of fields to search in group search
|
|
Packit Service |
0a38ef |
type: list
|
|
Packit Service |
0a38ef |
returned: always
|
|
Packit Service |
0a38ef |
enable_migration:
|
|
Packit Service |
0a38ef |
description: Enable migration mode
|
|
Packit Service |
0a38ef |
type: bool
|
|
Packit Service |
0a38ef |
returned: always
|
|
Packit Service |
0a38ef |
groupobjectclasses:
|
|
Packit Service |
0a38ef |
description: default group objectclasses (comma-separated list)
|
|
Packit Service |
0a38ef |
type: list
|
|
Packit Service |
0a38ef |
returned: always
|
|
Packit Service |
0a38ef |
userobjectclasses:
|
|
Packit Service |
0a38ef |
description: default user objectclasses (comma-separated list)
|
|
Packit Service |
0a38ef |
type: list
|
|
Packit Service |
0a38ef |
returned: always
|
|
Packit Service |
0a38ef |
pwdexpnotify:
|
|
Packit Service |
0a38ef |
description: number of days's notice of impending password expiration
|
|
Packit Service |
0a38ef |
returned: always
|
|
Packit Service |
0a38ef |
configstring:
|
|
Packit Service |
0a38ef |
description: extra hashes to generate in password plug-in
|
|
Packit Service |
0a38ef |
type: list
|
|
Packit Service |
0a38ef |
returned: always
|
|
Packit Service |
0a38ef |
selinuxusermaporder:
|
|
Packit Service |
0a38ef |
description: order in increasing priority of SELinux users
|
|
Packit Service |
0a38ef |
returned: always
|
|
Packit Service |
0a38ef |
selinuxusermapdefault:
|
|
Packit Service |
0a38ef |
description: default SELinux user when no match is found in map rule
|
|
Packit Service |
0a38ef |
returned: always
|
|
Packit Service |
0a38ef |
pac_type:
|
|
Packit Service |
0a38ef |
description: default types of PAC supported for services
|
|
Packit Service |
0a38ef |
type: list
|
|
Packit Service |
0a38ef |
returned: always
|
|
Packit Service |
0a38ef |
user_auth_type:
|
|
Packit Service |
0a38ef |
description: default types of supported user authentication
|
|
Packit Service |
0a38ef |
returned: always
|
|
Packit Service |
0a38ef |
ca_renewal_master_server:
|
|
Packit Service |
0a38ef |
description: master for IPA certificate authority.
|
|
Packit Service |
0a38ef |
returned: always
|
|
Packit Service |
0a38ef |
domain_resolution_order:
|
|
Packit Service |
0a38ef |
description: list of domains used for short name qualification
|
|
Packit Service |
0a38ef |
returned: always
|
|
Packit Service |
0a38ef |
'''
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
from ansible.module_utils.basic import AnsibleModule
|
|
Packit Service |
0a38ef |
from ansible.module_utils.ansible_freeipa_module import temp_kinit, \
|
|
Packit Service |
0a38ef |
temp_kdestroy, valid_creds, api_connect, api_command_no_name, \
|
|
Packit Service |
0a38ef |
compare_args_ipa, module_params_get
|
|
Packit Service |
0a38ef |
import ipalib.errors
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def config_show(module):
|
|
Packit Service |
0a38ef |
_result = api_command_no_name(module, "config_show", {})
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
return _result["result"]
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def gen_args(params):
|
|
Packit Service |
0a38ef |
_args = {}
|
|
Packit Service |
0a38ef |
for k, v in params.items():
|
|
Packit Service |
0a38ef |
if v is not None:
|
|
Packit Service |
0a38ef |
_args[k] = v
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
return _args
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def main():
|
|
Packit Service |
0a38ef |
ansible_module = AnsibleModule(
|
|
Packit Service |
0a38ef |
argument_spec=dict(
|
|
Packit Service |
0a38ef |
# general
|
|
Packit Service |
0a38ef |
ipaadmin_principal=dict(type="str", default="admin"),
|
|
Packit Service |
0a38ef |
ipaadmin_password=dict(type="str", required=False, no_log=True),
|
|
Packit Service |
0a38ef |
maxusername=dict(type="int", required=False,
|
|
Packit Service |
0a38ef |
aliases=['ipamaxusernamelength']),
|
|
Packit Service |
0a38ef |
maxhostname=dict(type="int", required=False,
|
|
Packit Service |
0a38ef |
aliases=['ipamaxhostnamelength']),
|
|
Packit Service |
0a38ef |
homedirectory=dict(type="str", required=False,
|
|
Packit Service |
0a38ef |
aliases=['ipahomesrootdir']),
|
|
Packit Service |
0a38ef |
defaultshell=dict(type="str", required=False,
|
|
Packit Service |
0a38ef |
aliases=['ipadefaultloginshell',
|
|
Packit Service |
0a38ef |
'loginshell']),
|
|
Packit Service |
0a38ef |
defaultgroup=dict(type="str", required=False,
|
|
Packit Service |
0a38ef |
aliases=['ipadefaultprimarygroup']),
|
|
Packit Service |
0a38ef |
emaildomain=dict(type="str", required=False,
|
|
Packit Service |
0a38ef |
aliases=['ipadefaultemaildomain']),
|
|
Packit Service |
0a38ef |
searchtimelimit=dict(type="int", required=False,
|
|
Packit Service |
0a38ef |
aliases=['ipasearchtimelimit']),
|
|
Packit Service |
0a38ef |
searchrecordslimit=dict(type="int", required=False,
|
|
Packit Service |
0a38ef |
aliases=['ipasearchrecordslimit']),
|
|
Packit Service |
0a38ef |
usersearch=dict(type="list", required=False,
|
|
Packit Service |
0a38ef |
aliases=['ipausersearchfields']),
|
|
Packit Service |
0a38ef |
groupsearch=dict(type="list", required=False,
|
|
Packit Service |
0a38ef |
aliases=['ipagroupsearchfields']),
|
|
Packit Service |
0a38ef |
enable_migration=dict(type="bool", required=False,
|
|
Packit Service |
0a38ef |
aliases=['ipamigrationenabled']),
|
|
Packit Service |
0a38ef |
groupobjectclasses=dict(type="list", required=False,
|
|
Packit Service |
0a38ef |
aliases=['ipagroupobjectclasses']),
|
|
Packit Service |
0a38ef |
userobjectclasses=dict(type="list", required=False,
|
|
Packit Service |
0a38ef |
aliases=['ipauserobjectclasses']),
|
|
Packit Service |
0a38ef |
pwdexpnotify=dict(type="int", required=False,
|
|
Packit Service |
0a38ef |
aliases=['ipapwdexpadvnotify']),
|
|
Packit Service |
0a38ef |
configstring=dict(type="list", required=False,
|
|
Packit Service |
0a38ef |
aliases=['ipaconfigstring'],
|
|
Packit Service |
0a38ef |
choices=["AllowNThash",
|
|
Packit Service |
0a38ef |
"KDC:Disable Last Success",
|
|
Packit Service |
0a38ef |
"KDC:Disable Lockout",
|
|
Packit Service |
0a38ef |
"KDC:Disable Default Preauth for SPNs",
|
|
Packit Service |
0a38ef |
""]), # noqa E128
|
|
Packit Service |
0a38ef |
selinuxusermaporder=dict(type="list", required=False,
|
|
Packit Service |
0a38ef |
aliases=['ipaselinuxusermaporder']),
|
|
Packit Service |
0a38ef |
selinuxusermapdefault=dict(type="str", required=False,
|
|
Packit Service |
0a38ef |
aliases=['ipaselinuxusermapdefault']),
|
|
Packit Service |
0a38ef |
pac_type=dict(type="list", required=False,
|
|
Packit Service |
0a38ef |
aliases=["ipakrbauthzdata"],
|
|
Packit Service |
0a38ef |
choices=["MS-PAC", "PAD", "nfs:NONE", ""]),
|
|
Packit Service |
0a38ef |
user_auth_type=dict(type="list", required=False,
|
|
Packit Service |
0a38ef |
choices=["password", "radius", "otp",
|
|
Packit Service |
0a38ef |
"disabled", ""],
|
|
Packit Service |
0a38ef |
aliases=["ipauserauthtype"]),
|
|
Packit Service |
0a38ef |
ca_renewal_master_server=dict(type="str", required=False),
|
|
Packit Service |
0a38ef |
domain_resolution_order=dict(type="list", required=False,
|
|
Packit Service |
0a38ef |
aliases=["ipadomainresolutionorder"])
|
|
Packit Service |
0a38ef |
),
|
|
Packit Service |
0a38ef |
supports_check_mode=True,
|
|
Packit Service |
0a38ef |
)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
ansible_module._ansible_debug = True
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Get parameters
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# general
|
|
Packit Service |
0a38ef |
ipaadmin_principal = module_params_get(ansible_module,
|
|
Packit Service |
0a38ef |
"ipaadmin_principal")
|
|
Packit Service |
0a38ef |
ipaadmin_password = module_params_get(ansible_module,
|
|
Packit Service |
0a38ef |
"ipaadmin_password")
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
field_map = {
|
|
Packit Service |
0a38ef |
"maxusername": "ipamaxusernamelength",
|
|
Packit Service |
0a38ef |
"maxhostname": "ipamaxhostnamelength",
|
|
Packit Service |
0a38ef |
"homedirectory": "ipahomesrootdir",
|
|
Packit Service |
0a38ef |
"defaultshell": "ipadefaultloginshell",
|
|
Packit Service |
0a38ef |
"defaultgroup": "ipadefaultprimarygroup",
|
|
Packit Service |
0a38ef |
"emaildomain": "ipadefaultemaildomain",
|
|
Packit Service |
0a38ef |
"searchtimelimit": "ipasearchtimelimit",
|
|
Packit Service |
0a38ef |
"searchrecordslimit": "ipasearchrecordslimit",
|
|
Packit Service |
0a38ef |
"usersearch": "ipausersearchfields",
|
|
Packit Service |
0a38ef |
"groupsearch": "ipagroupsearchfields",
|
|
Packit Service |
0a38ef |
"enable_migration": "ipamigrationenabled",
|
|
Packit Service |
0a38ef |
"groupobjectclasses": "ipagroupobjectclasses",
|
|
Packit Service |
0a38ef |
"userobjectclasses": "ipauserobjectclasses",
|
|
Packit Service |
0a38ef |
"pwdexpnotify": "ipapwdexpadvnotify",
|
|
Packit Service |
0a38ef |
"configstring": "ipaconfigstring",
|
|
Packit Service |
0a38ef |
"selinuxusermaporder": "ipaselinuxusermaporder",
|
|
Packit Service |
0a38ef |
"selinuxusermapdefault": "ipaselinuxusermapdefault",
|
|
Packit Service |
0a38ef |
"pac_type": "ipakrbauthzdata",
|
|
Packit Service |
0a38ef |
"user_auth_type": "ipauserauthtype",
|
|
Packit Service |
0a38ef |
"ca_renewal_master_server": "ca_renewal_master_server",
|
|
Packit Service |
0a38ef |
"domain_resolution_order": "ipadomainresolutionorder"
|
|
Packit Service |
0a38ef |
}
|
|
Packit Service |
0a38ef |
reverse_field_map = {v: k for k, v in field_map.items()}
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
params = {}
|
|
Packit Service |
0a38ef |
for x in field_map.keys():
|
|
Packit Service |
0a38ef |
val = module_params_get(ansible_module, x)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if val is not None:
|
|
Packit Service |
0a38ef |
params[field_map.get(x, x)] = val
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if params.get("ipamigrationenabled") is not None:
|
|
Packit Service |
0a38ef |
params["ipamigrationenabled"] = \
|
|
Packit Service |
0a38ef |
str(params["ipamigrationenabled"]).upper()
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if params.get("ipaselinuxusermaporder", None):
|
|
Packit Service |
0a38ef |
params["ipaselinuxusermaporder"] = \
|
|
Packit Service |
0a38ef |
"$".join(params["ipaselinuxusermaporder"])
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if params.get("ipadomainresolutionorder", None):
|
|
Packit Service |
0a38ef |
params["ipadomainresolutionorder"] = \
|
|
Packit Service |
0a38ef |
":".join(params["ipadomainresolutionorder"])
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if params.get("ipausersearchfields", None):
|
|
Packit Service |
0a38ef |
params["ipausersearchfields"] = \
|
|
Packit Service |
0a38ef |
",".join(params["ipausersearchfields"])
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if params.get("ipagroupsearchfields", None):
|
|
Packit Service |
0a38ef |
params["ipagroupsearchfields"] = \
|
|
Packit Service |
0a38ef |
",".join(params["ipagroupsearchfields"])
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# verify limits on INT values.
|
|
Packit Service |
0a38ef |
args_with_limits = [
|
|
Packit Service |
0a38ef |
("ipamaxusernamelength", 1, 255),
|
|
Packit Service |
0a38ef |
("ipamaxhostnamelength", 64, 255),
|
|
Packit Service |
0a38ef |
("ipasearchtimelimit", -1, 2147483647),
|
|
Packit Service |
0a38ef |
("ipasearchrecordslimit", -1, 2147483647),
|
|
Packit Service |
0a38ef |
("ipapwdexpadvnotify", 0, 2147483647),
|
|
Packit Service |
0a38ef |
]
|
|
Packit Service |
0a38ef |
for arg, min, max in args_with_limits:
|
|
Packit Service |
0a38ef |
if arg in params and (params[arg] > max or params[arg] < min):
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="Argument '%s' must be between %d and %d."
|
|
Packit Service |
0a38ef |
% (arg, min, max))
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
changed = False
|
|
Packit Service |
0a38ef |
exit_args = {}
|
|
Packit Service |
0a38ef |
ccache_dir = None
|
|
Packit Service |
0a38ef |
ccache_name = None
|
|
Packit Service |
0a38ef |
res_show = None
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
if not valid_creds(ansible_module, ipaadmin_principal):
|
|
Packit Service |
0a38ef |
ccache_dir, ccache_name = temp_kinit(ipaadmin_principal,
|
|
Packit Service |
0a38ef |
ipaadmin_password)
|
|
Packit Service |
0a38ef |
api_connect()
|
|
Packit Service |
0a38ef |
if params:
|
|
Packit Service |
0a38ef |
res_show = config_show(ansible_module)
|
|
Packit Service |
0a38ef |
params = {
|
|
Packit Service |
0a38ef |
k: v for k, v in params.items()
|
|
Packit Service |
0a38ef |
if k not in res_show or res_show[k] != v
|
|
Packit Service |
0a38ef |
}
|
|
Packit Service |
0a38ef |
if params \
|
|
Packit Service |
0a38ef |
and not compare_args_ipa(ansible_module, params, res_show):
|
|
Packit Service |
0a38ef |
changed = True
|
|
Packit Service |
0a38ef |
api_command_no_name(ansible_module, "config_mod", params)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
else:
|
|
Packit Service |
0a38ef |
rawresult = api_command_no_name(ansible_module, "config_show", {})
|
|
Packit Service |
0a38ef |
result = rawresult['result']
|
|
Packit Service |
0a38ef |
del result['dn']
|
|
Packit Service |
0a38ef |
for key, v in result.items():
|
|
Packit Service |
0a38ef |
k = reverse_field_map.get(key, key)
|
|
Packit Service |
0a38ef |
if ansible_module.argument_spec.get(k):
|
|
Packit Service |
0a38ef |
if k == 'ipaselinuxusermaporder':
|
|
Packit Service |
0a38ef |
exit_args['ipaselinuxusermaporder'] = \
|
|
Packit Service |
0a38ef |
result.get(key)[0].split('$')
|
|
Packit Service |
0a38ef |
elif k == 'domain_resolution_order':
|
|
Packit Service |
0a38ef |
exit_args['domain_resolution_order'] = \
|
|
Packit Service |
0a38ef |
result.get(key)[0].split('$')
|
|
Packit Service |
0a38ef |
elif k == 'usersearch':
|
|
Packit Service |
0a38ef |
exit_args['usersearch'] = \
|
|
Packit Service |
0a38ef |
result.get(key)[0].split(',')
|
|
Packit Service |
0a38ef |
elif k == 'groupsearch':
|
|
Packit Service |
0a38ef |
exit_args['groupsearch'] = \
|
|
Packit Service |
0a38ef |
result.get(key)[0].split(',')
|
|
Packit Service |
0a38ef |
elif isinstance(v, str) and \
|
|
Packit Service |
0a38ef |
ansible_module.argument_spec[k]['type'] == "list":
|
|
Packit Service |
0a38ef |
exit_args[k] = [v]
|
|
Packit Service |
0a38ef |
elif isinstance(v, list) and \
|
|
Packit Service |
0a38ef |
ansible_module.argument_spec[k]['type'] == "str":
|
|
Packit Service |
0a38ef |
exit_args[k] = ",".join(v)
|
|
Packit Service |
0a38ef |
elif isinstance(v, list) and \
|
|
Packit Service |
0a38ef |
ansible_module.argument_spec[k]['type'] == "int":
|
|
Packit Service |
0a38ef |
exit_args[k] = ",".join(v)
|
|
Packit Service |
0a38ef |
elif isinstance(v, list) and \
|
|
Packit Service |
0a38ef |
ansible_module.argument_spec[k]['type'] == "bool":
|
|
Packit Service |
0a38ef |
exit_args[k] = (v[0] == "TRUE")
|
|
Packit Service |
0a38ef |
else:
|
|
Packit Service |
0a38ef |
exit_args[k] = v
|
|
Packit Service |
0a38ef |
except ipalib.errors.EmptyModlist:
|
|
Packit Service |
0a38ef |
changed = False
|
|
Packit Service |
0a38ef |
except Exception as e:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(msg="%s %s" % (params, str(e)))
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
finally:
|
|
Packit Service |
0a38ef |
temp_kdestroy(ccache_dir, ccache_name)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Done
|
|
Packit Service |
0a38ef |
ansible_module.exit_json(changed=changed, config=exit_args)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if __name__ == "__main__":
|
|
Packit Service |
0a38ef |
main()
|