freeipa.ansible_freeipa.ipapermission (1.11.1) — module

Manage FreeIPA permission

Authors: Seth Kress (@kresss), Thomas Woerner (@t-woerner)

preview | supported by community

Install collection

Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1


Add to requirements.yml

  collections:
    - name: freeipa.ansible_freeipa
      version: 1.11.1

Description

Manage FreeIPA permission and permission members

Usage examples

1
  • Hint
    Tasks should always be named using the name parameter.
# Ensure permission NAME is present
- freeipa.ansible_freeipa.ipapermission:
    name: manage-my-hostgroup
    right: all
    bindtype: permission
    object_type: host
1
  • Hint
    Tasks should always be named using the name parameter.
# Ensure permission NAME is absent
- freeipa.ansible_freeipa.ipapermission:
    name: "Removed Permission Name"
    state: absent

Inputs

    
name:
    aliases:
    - cn
    description: The permission name string.
    elements: str
    required: true
    type: list

attrs:
    description: All attributes to which the permission applies
    elements: str
    required: false
    type: list

right:
    aliases:
    - ipapermright
    choices:
    - read
    - search
    - compare
    - write
    - add
    - delete
    - all
    description: Rights to grant
    elements: str
    required: false
    type: list

state:
    choices:
    - present
    - absent
    - renamed
    default: present
    description: The state to ensure.
    required: false
    type: str

action:
    choices:
    - permission
    - member
    default: permission
    description: Work on permission or member privilege level.
    required: false
    type: str

rename:
    aliases:
    - new_name
    description: Rename the permission object
    required: false
    type: str

target:
    aliases:
    - ipapermtarget
    description: Optional DN to apply the permission to
    required: false
    type: str

subtree:
    aliases:
    - ipapermlocation
    description: Subtree to apply permissions to
    required: false
    type: str

bindtype:
    aliases:
    - ipapermbindruletype
    choices:
    - permission
    - all
    - anonymous
    - self
    description: Bind rule type
    required: false
    type: str

memberof:
    description: Target members of a group (sets memberOf targetfilter)
    elements: str
    required: false
    type: list

targetto:
    aliases:
    - ipapermtargetto
    description: Optional DN subtree where an entry can be moved to
    required: false
    type: str

rawfilter:
    aliases:
    - ipapermtargetfilter
    description: All target filters
    elements: str
    required: false
    type: list

no_members:
    description: Suppress processing of membership
    required: false
    type: bool

targetfrom:
    aliases:
    - ipapermtargetfrom
    description: Optional DN subtree from where an entry can be moved
    required: false
    type: str

object_type:
    aliases:
    - type
    description: Type of IPA object (sets subtree and objectClass targetfilter)
    required: false
    type: str

targetgroup:
    aliases:
    - targetgroup
    description: User group to apply permissions to (sets target)
    required: false
    type: str

ipaapi_context:
    choices:
    - server
    - client
    description: 'The context in which the module will execute. Executing in a

      server context is preferred. If not provided context will be

      determined by the execution environment.

      '
    required: false
    type: str

ipaadmin_password:
    description: The admin password.
    required: false
    type: str

ipaapi_ldap_cache:
    default: true
    description: Use LDAP cache for IPA connection.
    type: bool

ipaadmin_principal:
    default: admin
    description: The admin principal.
    type: str

extra_target_filter:
    aliases:
    - filter
    - extratargetfilter
    description: Extra target filter
    elements: str
    required: false
    type: list