Try SpotterManage FreeIPA sudocmd groups
Authors: Rafael Guterres Jeffman (@rjeffman), Thomas Woerner (@t-woerner)
preview | supported by community
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1
collections:
- name: freeipa.ansible_freeipa
version: 1.11.1Manage FreeIPA sudocmd groups
# Ensure sudocmd-group 'network' is present
- freeipa.ansible_freeipa.ipasudocmdgroup:
ipaadmin_password: SomeADMINpassword
name: network
state: present
# Ensure sudocmdgroup and sudocmd are present in 'network' sudocmdgroup
- freeipa.ansible_freeipa.ipasudocmdgroup:
ipaadmin_password: SomeADMINpassword
name: network
sudocmd:
- /usr/sbin/ifconfig
- /usr/sbin/iwlist
action: member
# Ensure sudocmdgroup and sudocmd are absent in 'network' sudocmdgroup
- freeipa.ansible_freeipa.ipasudocmdgroup:
ipaadmin_password: SomeADMINpassword
name: network
sudocmd:
- /usr/sbin/ifconfig
- /usr/sbin/iwlist
action: member
state: absent
# Ensure sudocmd-group 'network' is absent
- freeipa.ansible_freeipa.ipasudocmdgroup:
ipaadmin_password: SomeADMINpassword
name: network
action: member
state: absent
name:
aliases:
- cn
description: The sudocmodgroup name
elements: str
required: true
type: list
state:
choices:
- present
- absent
default: present
description: State to ensure
type: str
action:
choices:
- member
- sudocmdgroup
default: sudocmdgroup
description: Work on sudocmdgroup or member level
type: str
sudocmd:
description: List of sudocmds assigned to this sudocmdgroup.
elements: str
required: false
type: list
nomembers:
description: Suppress processing of membership attributes
required: false
type: bool
description:
description: The sudocmdgroup description
required: false
type: str
ipaapi_context:
choices:
- server
- client
description: 'The context in which the module will execute. Executing in a
server context is preferred. If not provided context will be
determined by the execution environment.
'
required: false
type: str
ipaadmin_password:
description: The admin password.
required: false
type: str
ipaapi_ldap_cache:
default: true
description: Use LDAP cache for IPA connection.
type: bool
ipaadmin_principal:
default: admin
description: The admin principal.
type: str