Try SpotterManage FreeIPA permission
Authors: Seth Kress (@kresss), Thomas Woerner (@t-woerner)
preview | supported by community
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1
collections:
- name: freeipa.ansible_freeipa
version: 1.11.1Manage FreeIPA permission and permission members
# Ensure permission NAME is present
- freeipa.ansible_freeipa.ipapermission:
name: manage-my-hostgroup
right: all
bindtype: permission
object_type: host
# Ensure permission NAME is absent
- freeipa.ansible_freeipa.ipapermission:
name: "Removed Permission Name"
state: absent
name:
aliases:
- cn
description: The permission name string.
elements: str
required: true
type: list
attrs:
description: All attributes to which the permission applies
elements: str
required: false
type: list
right:
aliases:
- ipapermright
choices:
- read
- search
- compare
- write
- add
- delete
- all
description: Rights to grant
elements: str
required: false
type: list
state:
choices:
- present
- absent
- renamed
default: present
description: The state to ensure.
required: false
type: str
action:
choices:
- permission
- member
default: permission
description: Work on permission or member privilege level.
required: false
type: str
rename:
aliases:
- new_name
description: Rename the permission object
required: false
type: str
target:
aliases:
- ipapermtarget
description: Optional DN to apply the permission to
required: false
type: str
subtree:
aliases:
- ipapermlocation
description: Subtree to apply permissions to
required: false
type: str
bindtype:
aliases:
- ipapermbindruletype
choices:
- permission
- all
- anonymous
- self
description: Bind rule type
required: false
type: str
memberof:
description: Target members of a group (sets memberOf targetfilter)
elements: str
required: false
type: list
targetto:
aliases:
- ipapermtargetto
description: Optional DN subtree where an entry can be moved to
required: false
type: str
rawfilter:
aliases:
- ipapermtargetfilter
description: All target filters
elements: str
required: false
type: list
no_members:
description: Suppress processing of membership
required: false
type: bool
targetfrom:
aliases:
- ipapermtargetfrom
description: Optional DN subtree from where an entry can be moved
required: false
type: str
object_type:
aliases:
- type
description: Type of IPA object (sets subtree and objectClass targetfilter)
required: false
type: str
targetgroup:
aliases:
- targetgroup
description: User group to apply permissions to (sets target)
required: false
type: str
ipaapi_context:
choices:
- server
- client
description: 'The context in which the module will execute. Executing in a
server context is preferred. If not provided context will be
determined by the execution environment.
'
required: false
type: str
ipaadmin_password:
description: The admin password.
required: false
type: str
ipaapi_ldap_cache:
default: true
description: Use LDAP cache for IPA connection.
type: bool
ipaadmin_principal:
default: admin
description: The admin principal.
type: str
extra_target_filter:
aliases:
- filter
- extratargetfilter
description: Extra target filter
elements: str
required: false
type: list