def main():
argument_spec = ipa_argument_spec()
argument_spec.update(
subca_name=dict(type='str', required=True, aliases=['name']),
subca_subject=dict(type='str', required=True),
subca_desc=dict(type='str'),
state=dict(type='str',
default='present',
choices=['present', 'absent', 'enabled', 'disabled']),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
client = SubCAIPAClient(module=module,
host=module.params['ipa_host'],
port=module.params['ipa_port'],
protocol=module.params['ipa_prot'])
try:
client.login(username=module.params['ipa_user'],
password=module.params['ipa_pass'])
changed, record = ensure(module, client)
module.exit_json(changed=changed, record=record)
except Exception as exc:
module.fail_json(msg=to_native(exc))
def main():
argument_spec = ipa_argument_spec()
argument_spec.update(
ipadefaultloginshell=dict(type='str', aliases=['loginshell']),
ipadefaultemaildomain=dict(type='str', aliases=['emaildomain']),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True
)
client = ConfigIPAClient(
module=module,
host=module.params['ipa_host'],
port=module.params['ipa_port'],
protocol=module.params['ipa_prot']
)
try:
client.login(
username=module.params['ipa_user'],
password=module.params['ipa_pass']
)
changed, user = ensure(module, client)
module.exit_json(changed=changed, user=user)
except Exception as e:
module.fail_json(msg=to_native(e), exception=traceback.format_exc())
def main():
record_types = [
'A', 'AAAA', 'A6', 'CNAME', 'DNAME', 'PTR', 'TXT', 'SRV', 'MX'
]
argument_spec = ipa_argument_spec()
argument_spec.update(
zone_name=dict(type='str', required=True),
record_name=dict(type='str', aliases=['name'], required=True),
record_type=dict(type='str', default='A', choices=record_types),
record_value=dict(type='str', required=True),
state=dict(type='str',
default='present',
choices=['present', 'absent']),
record_ttl=dict(type='int', required=False),
)
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True)
client = DNSRecordIPAClient(module=module,
host=module.params['ipa_host'],
port=module.params['ipa_port'],
protocol=module.params['ipa_prot'])
try:
client.login(username=module.params['ipa_user'],
password=module.params['ipa_pass'])
changed, record = ensure(module, client)
module.exit_json(changed=changed, record=record)
except Exception as e:
module.fail_json(msg=to_native(e), exception=traceback.format_exc())
def main():
argument_spec = ipa_argument_spec()
argument_spec.update(cn=dict(type='str', required=True, aliases=['name']),
description=dict(type='str'),
group=dict(type='list', elements='str'),
host=dict(type='list', elements='str'),
hostgroup=dict(type='list', elements='str'),
privilege=dict(type='list', elements='str'),
service=dict(type='list', elements='str'),
state=dict(type='str',
default='present',
choices=['present', 'absent']),
user=dict(type='list', elements='str'))
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True)
client = RoleIPAClient(module=module,
host=module.params['ipa_host'],
port=module.params['ipa_port'],
protocol=module.params['ipa_prot'])
try:
client.login(username=module.params['ipa_user'],
password=module.params['ipa_pass'])
changed, role = ensure(module, client)
module.exit_json(changed=changed, role=role)
except Exception as e:
module.fail_json(msg=to_native(e), exception=traceback.format_exc())
def main():
argument_spec = ipa_argument_spec()
argument_spec.update(description=dict(type='str'),
fqdn=dict(type='str', required=True, aliases=['name']),
force=dict(type='bool'),
ip_address=dict(type='str'),
ns_host_location=dict(type='str', aliases=['nshostlocation']),
ns_hardware_platform=dict(type='str', aliases=['nshardwareplatform']),
ns_os_version=dict(type='str', aliases=['nsosversion']),
user_certificate=dict(type='list', aliases=['usercertificate'], elements='str'),
mac_address=dict(type='list', aliases=['macaddress'], elements='str'),
update_dns=dict(type='bool'),
state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']),
random_password=dict(type='bool'),)
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True)
client = HostIPAClient(module=module,
host=module.params['ipa_host'],
port=module.params['ipa_port'],
protocol=module.params['ipa_prot'])
try:
client.login(username=module.params['ipa_user'],
password=module.params['ipa_pass'])
changed, host = ensure(module, client)
module.exit_json(changed=changed, host=host)
except Exception as e:
module.fail_json(msg=to_native(e), exception=traceback.format_exc())
def main():
argument_spec = ipa_argument_spec()
argument_spec.update(
zone_name=dict(type='str', required=True),
state=dict(type='str',
default='present',
choices=['present', 'absent']),
dynamicupdate=dict(type='str',
required=False,
default='false',
choices=['true', 'false']),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
client = DNSZoneIPAClient(module=module,
host=module.params['ipa_host'],
port=module.params['ipa_port'],
protocol=module.params['ipa_prot'])
try:
client.login(username=module.params['ipa_user'],
password=module.params['ipa_pass'])
changed, zone = ensure(module, client)
module.exit_json(changed=changed, zone=zone)
except Exception as e:
module.fail_json(msg=to_native(e))
def main():
argument_spec = ipa_argument_spec()
argument_spec.update(group=dict(type='str', aliases=['name']),
state=dict(type='str', default='present', choices=['present', 'absent']),
maxpwdlife=dict(type='str'),
minpwdlife=dict(type='str'),
historylength=dict(type='str'),
minclasses=dict(type='str'),
minlength=dict(type='str'),
priority=dict(type='str'),
maxfailcount=dict(type='str'),
failinterval=dict(type='str'),
lockouttime=dict(type='str'))
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True)
client = PwPolicyIPAClient(module=module,
host=module.params['ipa_host'],
port=module.params['ipa_port'],
protocol=module.params['ipa_prot'])
try:
client.login(username=module.params['ipa_user'],
password=module.params['ipa_pass'])
changed, pwpolicy = ensure(module, client)
except Exception as e:
module.fail_json(msg=to_native(e), exception=traceback.format_exc())
module.exit_json(changed=changed, pwpolicy=pwpolicy)
def main():
argument_spec = ipa_argument_spec()
argument_spec.update(krbcanonicalname=dict(type='str',
required=True,
aliases=['name']),
force=dict(type='bool', required=False),
hosts=dict(type='list',
required=False,
elements='str'),
state=dict(type='str',
required=False,
default='present',
choices=['present', 'absent']))
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True)
client = ServiceIPAClient(module=module,
host=module.params['ipa_host'],
port=module.params['ipa_port'],
protocol=module.params['ipa_prot'])
try:
client.login(username=module.params['ipa_user'],
password=module.params['ipa_pass'])
changed, host = ensure(module, client)
module.exit_json(changed=changed, host=host)
except Exception as e:
module.fail_json(msg=to_native(e), exception=traceback.format_exc())
def main():
argument_spec = ipa_argument_spec()
argument_spec.update(
ipatokentotpauthwindow=dict(type='int',
aliases=['totpauthwindow'],
no_log=False),
ipatokentotpsyncwindow=dict(type='int',
aliases=['totpsyncwindow'],
no_log=False),
ipatokenhotpauthwindow=dict(type='int',
aliases=['hotpauthwindow'],
no_log=False),
ipatokenhotpsyncwindow=dict(type='int',
aliases=['hotpsyncwindow'],
no_log=False),
)
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True)
client = OTPConfigIPAClient(module=module,
host=module.params['ipa_host'],
port=module.params['ipa_port'],
protocol=module.params['ipa_prot'])
try:
client.login(username=module.params['ipa_user'],
password=module.params['ipa_pass'])
changed, otpconfig = ensure(module, client)
except Exception as e:
module.fail_json(msg=to_native(e), exception=traceback.format_exc())
module.exit_json(changed=changed, otpconfig=otpconfig)
def main():
argument_spec = ipa_argument_spec()
argument_spec.update(cn=dict(type='str', required=True, aliases=['name']),
description=dict(type='str'),
ipavaulttype=dict(type='str', default='symmetric',
choices=['standard', 'symmetric', 'asymmetric'], aliases=['vault_type']),
ipavaultsalt=dict(type='str', aliases=['vault_salt']),
ipavaultpublickey=dict(type='str', aliases=['vault_public_key']),
service=dict(type='str'),
replace=dict(type='bool', default=False, choices=[True, False]),
state=dict(type='str', default='present', choices=['present', 'absent']),
username=dict(type='list', elements='str', aliases=['user']))
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True,
mutually_exclusive=[['username', 'service']])
client = VaultIPAClient(module=module,
host=module.params['ipa_host'],
port=module.params['ipa_port'],
protocol=module.params['ipa_prot'])
try:
client.login(username=module.params['ipa_user'],
password=module.params['ipa_pass'])
changed, vault = ensure(module, client)
module.exit_json(changed=changed, vault=vault)
except Exception as e:
module.fail_json(msg=to_native(e), exception=traceback.format_exc())
def main():
argument_spec = ipa_argument_spec()
argument_spec.update(cn=dict(type='str', required=True, aliases=['name']),
description=dict(type='str'),
external=dict(type='bool'),
gidnumber=dict(type='str', aliases=['gid']),
group=dict(type='list', elements='str'),
nonposix=dict(type='bool'),
state=dict(type='str',
default='present',
choices=['present', 'absent']),
user=dict(type='list', elements='str'),
append=dict(type='bool', default=False))
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
client = GroupIPAClient(module=module,
host=module.params['ipa_host'],
port=module.params['ipa_port'],
protocol=module.params['ipa_prot'])
try:
client.login(username=module.params['ipa_user'],
password=module.params['ipa_pass'])
changed, group = ensure(module, client)
module.exit_json(changed=changed, group=group)
except Exception as e:
module.fail_json(msg=to_native(e), exception=traceback.format_exc())
def main():
argument_spec = ipa_argument_spec()
argument_spec.update(
ipaconfigstring=dict(type='list',
elements='str',
choices=[
'AllowNThash', 'KDC:Disable Last Success',
'KDC:Disable Lockout',
'KDC:Disable Default Preauth for SPNs'
],
aliases=['configstring']),
ipadefaultloginshell=dict(type='str', aliases=['loginshell']),
ipadefaultemaildomain=dict(type='str', aliases=['emaildomain']),
ipadefaultprimarygroup=dict(type='str', aliases=['primarygroup']),
ipagroupsearchfields=dict(type='list',
elements='str',
aliases=['groupsearchfields']),
ipahomesrootdir=dict(type='str', aliases=['homesrootdir']),
ipakrbauthzdata=dict(type='list',
elements='str',
choices=['MS-PAC', 'PAD', 'nfs:NONE'],
aliases=['krbauthzdata']),
ipamaxusernamelength=dict(type='int', aliases=['maxusernamelength']),
ipapwdexpadvnotify=dict(type='int', aliases=['pwdexpadvnotify']),
ipasearchrecordslimit=dict(type='int', aliases=['searchrecordslimit']),
ipasearchtimelimit=dict(type='int', aliases=['searchtimelimit']),
ipaselinuxusermaporder=dict(type='list',
elements='str',
aliases=['selinuxusermaporder']),
ipauserauthtype=dict(type='list',
elements='str',
aliases=['userauthtype'],
choices=[
"password", "radius", "otp", "pkinit",
"hardened", "disabled"
]),
ipausersearchfields=dict(type='list',
elements='str',
aliases=['usersearchfields']),
)
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True)
client = ConfigIPAClient(module=module,
host=module.params['ipa_host'],
port=module.params['ipa_port'],
protocol=module.params['ipa_prot'])
try:
client.login(username=module.params['ipa_user'],
password=module.params['ipa_pass'])
changed, user = ensure(module, client)
module.exit_json(changed=changed, user=user)
except Exception as e:
module.fail_json(msg=to_native(e), exception=traceback.format_exc())
def main():
argument_spec = ipa_argument_spec()
argument_spec.update(
displayname=dict(type='str'),
givenname=dict(type='str'),
update_password=dict(type='str',
default="always",
choices=['always', 'on_create'],
no_log=False),
krbpasswordexpiration=dict(type='str', no_log=False),
loginshell=dict(type='str'),
mail=dict(type='list', elements='str'),
sn=dict(type='str'),
uid=dict(type='str', required=True, aliases=['name']),
gidnumber=dict(type='str'),
uidnumber=dict(type='str'),
password=dict(type='str', no_log=True),
sshpubkey=dict(type='list', elements='str'),
state=dict(type='str',
default='present',
choices=['present', 'absent', 'enabled', 'disabled']),
telephonenumber=dict(type='list', elements='str'),
title=dict(type='str'),
homedirectory=dict(type='str'),
userauthtype=dict(
type='str',
choices=['password', 'radius', 'otp', 'pkinit', 'hardened']))
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True)
client = UserIPAClient(module=module,
host=module.params['ipa_host'],
port=module.params['ipa_port'],
protocol=module.params['ipa_prot'])
# If sshpubkey is defined as None than module.params['sshpubkey'] is [None]. IPA itself returns None (not a list).
# Therefore a small check here to replace list(None) by None. Otherwise get_user_diff() would return sshpubkey
# as different which should be avoided.
if module.params['sshpubkey'] is not None:
if len(module.params['sshpubkey']
) == 1 and module.params['sshpubkey'][0] == "":
module.params['sshpubkey'] = None
try:
client.login(username=module.params['ipa_user'],
password=module.params['ipa_pass'])
changed, user = ensure(module, client)
module.exit_json(changed=changed, user=user)
except Exception as e:
module.fail_json(msg=to_native(e), exception=traceback.format_exc())
def main():
argument_spec = ipa_argument_spec()
argument_spec.update(uniqueid=dict(type='str',
aliases=['name'],
required=True),
newuniqueid=dict(type='str'),
otptype=dict(type='str', choices=['totp', 'hotp']),
secretkey=dict(type='str', no_log=True),
description=dict(type='str'),
owner=dict(type='str'),
enabled=dict(type='bool', default=True),
notbefore=dict(type='str'),
notafter=dict(type='str'),
vendor=dict(type='str'),
model=dict(type='str'),
serial=dict(type='str'),
state=dict(type='str',
choices=['present', 'absent'],
default='present'),
algorithm=dict(
type='str',
choices=['sha1', 'sha256', 'sha384', 'sha512']),
digits=dict(type='int', choices=[6, 8]),
offset=dict(type='int'),
interval=dict(type='int'),
counter=dict(type='int'))
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True)
client = OTPTokenIPAClient(module=module,
host=module.params['ipa_host'],
port=module.params['ipa_port'],
protocol=module.params['ipa_prot'])
try:
client.login(username=module.params['ipa_user'],
password=module.params['ipa_pass'])
changed, otptoken = ensure(module, client)
except Exception as e:
module.fail_json(msg=to_native(e), exception=traceback.format_exc())
module.exit_json(changed=changed, otptoken=otptoken)
def main():
argument_spec = ipa_argument_spec()
argument_spec.update(description=dict(type='str'),
state=dict(type='str', default='present', choices=['present', 'absent', 'enabled', 'disabled']),
sudocmd=dict(type='str', required=True, aliases=['name']))
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True)
client = SudoCmdIPAClient(module=module,
host=module.params['ipa_host'],
port=module.params['ipa_port'],
protocol=module.params['ipa_prot'])
try:
client.login(username=module.params['ipa_user'],
password=module.params['ipa_pass'])
changed, sudocmd = ensure(module, client)
module.exit_json(changed=changed, sudocmd=sudocmd)
except Exception as e:
module.fail_json(msg=to_native(e), exception=traceback.format_exc())
def main():
argument_spec = ipa_argument_spec()
argument_spec.update(
cmd=dict(type='list', elements='str'),
cmdgroup=dict(type='list', elements='str'),
cmdcategory=dict(type='str', choices=['all']),
cn=dict(type='str', required=True, aliases=['name']),
description=dict(type='str'),
host=dict(type='list', elements='str'),
hostcategory=dict(type='str', choices=['all']),
hostgroup=dict(type='list', elements='str'),
runasusercategory=dict(type='str', choices=['all']),
runasgroupcategory=dict(type='str', choices=['all']),
sudoopt=dict(type='list', elements='str'),
state=dict(type='str',
default='present',
choices=['present', 'absent', 'enabled', 'disabled']),
user=dict(type='list', elements='str'),
usercategory=dict(type='str', choices=['all']),
usergroup=dict(type='list', elements='str'),
runasextusers=dict(type='list', elements='str'))
module = AnsibleModule(argument_spec=argument_spec,
mutually_exclusive=[['cmdcategory', 'cmd'],
['cmdcategory', 'cmdgroup'],
['hostcategory', 'host'],
['hostcategory', 'hostgroup'],
['usercategory', 'user'],
['usercategory', 'usergroup']],
supports_check_mode=True)
client = SudoRuleIPAClient(module=module,
host=module.params['ipa_host'],
port=module.params['ipa_port'],
protocol=module.params['ipa_prot'])
try:
client.login(username=module.params['ipa_user'],
password=module.params['ipa_pass'])
changed, sudorule = ensure(module, client)
module.exit_json(changed=changed, sudorule=sudorule)
except Exception as e:
module.fail_json(msg=to_native(e), exception=traceback.format_exc())
