Try SpotterManage FreeIPA HBAC rules
Authors: Thomas Woerner (@t-woerner)
preview | supported by community
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1
collections:
- name: freeipa.ansible_freeipa
version: 1.11.1Manage FreeIPA HBAC rules
# Ensure HBAC Rule allhosts is present
- freeipa.ansible_freeipa.ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: allhosts
usercategory: all
# Ensure host server is present in HBAC Rule allhosts
- freeipa.ansible_freeipa.ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: allhosts
host: server
action: member
# Ensure HBAC Rule sshd-pinky is present
- freeipa.ansible_freeipa.ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: sshd-pinky
hostcategory: all
# Ensure user pinky is present in HBAC Rule sshd-pinky
- freeipa.ansible_freeipa.ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: sshd-pinky
user: pinky
action: member
# Ensure HBAC service sshd is present in HBAC Rule sshd-pinky
- freeipa.ansible_freeipa.ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: sshd-pinky
hbacsvc: sshd
action: member
# Ensure HBAC Rule sshd-pinky is disabled
- freeipa.ansible_freeipa.ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: sshd-pinky
state: disabled
# Ensure HBAC Rule sshd-pinky is enabled
- freeipa.ansible_freeipa.ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: sshd-pinky
state: enabled
# Ensure HBAC Rule sshd-pinky is absent
- freeipa.ansible_freeipa.ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: sshd-pinky
state: absent
host:
description: List of host names assigned to this hbacrule.
elements: str
required: false
type: list
name:
aliases:
- cn
description: The hbacrule name
elements: str
required: true
type: list
user:
description: List of user names assigned to this hbacrule.
elements: str
required: false
type: list
group:
description: List of user groups assigned to this hbacrule.
elements: str
required: false
type: list
state:
choices:
- present
- absent
- enabled
- disabled
default: present
description: State to ensure
type: str
action:
choices:
- member
- hbacrule
default: hbacrule
description: Work on hbacrule or member level
type: str
hbacsvc:
description: List of HBAC service names assigned to this hbacrule.
elements: str
required: false
type: list
hostgroup:
description: List of host groups assigned to this hbacrule.
elements: str
required: false
type: list
nomembers:
description: Suppress processing of membership attributes
required: false
type: bool
description:
description: The hbacrule description
required: false
type: str
hbacsvcgroup:
description: List of HBAC service names assigned to this hbacrule.
elements: str
required: false
type: list
hostcategory:
aliases:
- hostcat
choices:
- all
- ''
description: Host category the rule applies to
required: false
type: str
usercategory:
aliases:
- usercat
choices:
- all
- ''
description: User category the rule applies to
required: false
type: str
ipaapi_context:
choices:
- server
- client
description: 'The context in which the module will execute. Executing in a
server context is preferred. If not provided context will be
determined by the execution environment.
'
required: false
type: str
servicecategory:
aliases:
- servicecat
choices:
- all
- ''
description: Service category the rule applies to
required: false
type: str
ipaadmin_password:
description: The admin password.
required: false
type: str
ipaapi_ldap_cache:
default: true
description: Use LDAP cache for IPA connection.
type: bool
ipaadmin_principal:
default: admin
description: The admin principal.
type: str