freeipa / freeipa.ansible_freeipa / 1.11.1 / module / ipahbacrule Manage FreeIPA HBAC rules Authors: Thomas Woerner (@t-woerner) preview | supported by communityfreeipa.ansible_freeipa.ipahbacrule (1.11.1) — module
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1
collections: - name: freeipa.ansible_freeipa version: 1.11.1
Manage FreeIPA HBAC rules
# Ensure HBAC Rule allhosts is present - freeipa.ansible_freeipa.ipahbacrule: ipaadmin_password: SomeADMINpassword name: allhosts usercategory: all
# Ensure host server is present in HBAC Rule allhosts - freeipa.ansible_freeipa.ipahbacrule: ipaadmin_password: SomeADMINpassword name: allhosts host: server action: member
# Ensure HBAC Rule sshd-pinky is present - freeipa.ansible_freeipa.ipahbacrule: ipaadmin_password: SomeADMINpassword name: sshd-pinky hostcategory: all
# Ensure user pinky is present in HBAC Rule sshd-pinky - freeipa.ansible_freeipa.ipahbacrule: ipaadmin_password: SomeADMINpassword name: sshd-pinky user: pinky action: member
# Ensure HBAC service sshd is present in HBAC Rule sshd-pinky - freeipa.ansible_freeipa.ipahbacrule: ipaadmin_password: SomeADMINpassword name: sshd-pinky hbacsvc: sshd action: member
# Ensure HBAC Rule sshd-pinky is disabled - freeipa.ansible_freeipa.ipahbacrule: ipaadmin_password: SomeADMINpassword name: sshd-pinky state: disabled
# Ensure HBAC Rule sshd-pinky is enabled - freeipa.ansible_freeipa.ipahbacrule: ipaadmin_password: SomeADMINpassword name: sshd-pinky state: enabled
# Ensure HBAC Rule sshd-pinky is absent - freeipa.ansible_freeipa.ipahbacrule: ipaadmin_password: SomeADMINpassword name: sshd-pinky state: absent
host: description: List of host names assigned to this hbacrule. elements: str required: false type: list name: aliases: - cn description: The hbacrule name elements: str required: true type: list user: description: List of user names assigned to this hbacrule. elements: str required: false type: list group: description: List of user groups assigned to this hbacrule. elements: str required: false type: list state: choices: - present - absent - enabled - disabled default: present description: State to ensure type: str action: choices: - member - hbacrule default: hbacrule description: Work on hbacrule or member level type: str hbacsvc: description: List of HBAC service names assigned to this hbacrule. elements: str required: false type: list hostgroup: description: List of host groups assigned to this hbacrule. elements: str required: false type: list nomembers: description: Suppress processing of membership attributes required: false type: bool description: description: The hbacrule description required: false type: str hbacsvcgroup: description: List of HBAC service names assigned to this hbacrule. elements: str required: false type: list hostcategory: aliases: - hostcat choices: - all - '' description: Host category the rule applies to required: false type: str usercategory: aliases: - usercat choices: - all - '' description: User category the rule applies to required: false type: str ipaapi_context: choices: - server - client description: 'The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. ' required: false type: str servicecategory: aliases: - servicecat choices: - all - '' description: Service category the rule applies to required: false type: str ipaadmin_password: description: The admin password. required: false type: str ipaapi_ldap_cache: default: true description: Use LDAP cache for IPA connection. type: bool ipaadmin_principal: default: admin description: The admin principal. type: str