freeipa / freeipa.ansible_freeipa / 1.11.1 / module / ipapermission Manage FreeIPA permission Authors: Seth Kress (@kresss), Thomas Woerner (@t-woerner) preview | supported by communityfreeipa.ansible_freeipa.ipapermission (1.11.1) — module
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1
collections: - name: freeipa.ansible_freeipa version: 1.11.1
Manage FreeIPA permission and permission members
# Ensure permission NAME is present - freeipa.ansible_freeipa.ipapermission: name: manage-my-hostgroup right: all bindtype: permission object_type: host
# Ensure permission NAME is absent - freeipa.ansible_freeipa.ipapermission: name: "Removed Permission Name" state: absent
name: aliases: - cn description: The permission name string. elements: str required: true type: list attrs: description: All attributes to which the permission applies elements: str required: false type: list right: aliases: - ipapermright choices: - read - search - compare - write - add - delete - all description: Rights to grant elements: str required: false type: list state: choices: - present - absent - renamed default: present description: The state to ensure. required: false type: str action: choices: - permission - member default: permission description: Work on permission or member privilege level. required: false type: str rename: aliases: - new_name description: Rename the permission object required: false type: str target: aliases: - ipapermtarget description: Optional DN to apply the permission to required: false type: str subtree: aliases: - ipapermlocation description: Subtree to apply permissions to required: false type: str bindtype: aliases: - ipapermbindruletype choices: - permission - all - anonymous - self description: Bind rule type required: false type: str memberof: description: Target members of a group (sets memberOf targetfilter) elements: str required: false type: list targetto: aliases: - ipapermtargetto description: Optional DN subtree where an entry can be moved to required: false type: str rawfilter: aliases: - ipapermtargetfilter description: All target filters elements: str required: false type: list no_members: description: Suppress processing of membership required: false type: bool targetfrom: aliases: - ipapermtargetfrom description: Optional DN subtree from where an entry can be moved required: false type: str object_type: aliases: - type description: Type of IPA object (sets subtree and objectClass targetfilter) required: false type: str targetgroup: aliases: - targetgroup description: User group to apply permissions to (sets target) required: false type: str ipaapi_context: choices: - server - client description: 'The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. ' required: false type: str ipaadmin_password: description: The admin password. required: false type: str ipaapi_ldap_cache: default: true description: Use LDAP cache for IPA connection. type: bool ipaadmin_principal: default: admin description: The admin principal. type: str extra_target_filter: aliases: - filter - extratargetfilter description: Extra target filter elements: str required: false type: list