freeipa / freeipa.ansible_freeipa / 1.8.4 / module / ipasudorule Manage FreeIPA sudo rules Authors: Rafael Jeffman preview | supported by communityfreeipa.ansible_freeipa.ipasudorule (1.8.4) — module
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.8.4
collections: - name: freeipa.ansible_freeipa version: 1.8.4
Manage FreeIPA sudo rules
# Ensure Sudo Rule tesrule1 is present - freeipa.ansible_freeipa.ipasudorule: ipaadmin_password: SomeADMINpassword name: testrule1
# Ensure sudocmd is present in Sudo Rule - freeipa.ansible_freeipa.ipasudorule: ipaadmin_password: pass1234 name: testrule1 allow_sudocmd: - /sbin/ifconfig - /usr/bin/vim action: member state: absent
# Ensure host server is present in Sudo Rule - freeipa.ansible_freeipa.ipasudorule: ipaadmin_password: SomeADMINpassword name: testrule1 host: server action: member
# Ensure hostgroup cluster is present in Sudo Rule - freeipa.ansible_freeipa.ipasudorule: ipaadmin_password: SomeADMINpassword name: testrule1 hostgroup: cluster action: member
# Ensure sudo rule for usercategory "all" is enabled - freeipa.ansible_freeipa.ipasudorule: ipaadmin_password: SomeADMINpassword name: allusers usercategory: all state: enabled
# Ensure sudo rule for hostcategory "all" is enabled - freeipa.ansible_freeipa.ipasudorule: ipaadmin_password: SomeADMINpassword name: allhosts hostcategory: all state: enabled
# Ensure Sudo Rule tesrule1 is absent - freeipa.ansible_freeipa.ipasudorule: ipaadmin_password: SomeADMINpassword name: testrule1 state: absent
host: description: List of host names assigned to this sudorule. required: false type: list name: aliases: - cn description: The sudorule name required: true user: description: List of users assigned to the sudo rule. required: false group: description: List of user groups assigned to the sudo rule. required: false order: description: Order to apply this rule. required: false type: int state: choices: - present - absent - enabled - disabled default: present description: State to ensure action: choices: - member - sudorule default: sudorule description: Work on sudorule or member level hostgroup: description: List of host groups assigned to this sudorule. required: false type: list nomembers: description: Suppress processing of membership attributes required: false type: bool runasuser: description: List of users for Sudo to execute as. required: false type: list runasgroup: description: List of groups for Sudo to execute as. required: false type: list sudooption: aliases: - options description: List of sudo options. required: false type: list cmdcategory: aliases: - cmdcat choices: - all - '' description: Command category the sudo rule applies to required: false description: description: The sudorule description required: false deny_sudocmd: description: List of denied sudocmds assigned to this sudorule. required: false type: list hostcategory: aliases: - hostcat choices: - all - '' description: Host category the sudo rule applies to. required: false usercategory: aliases: - usercat choices: - all - '' description: User category the sudo rule applies to required: false allow_sudocmd: description: List of allowed sudocmds assigned to this sudorule. required: false type: list ipaapi_context: choices: - server - client description: 'The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. ' required: false deny_sudocmdgroup: description: List of denied sudocmd groups assigned to this sudorule. required: false type: list ipaadmin_password: description: The admin password. required: false ipaapi_ldap_cache: default: true description: Use LDAP cache for IPA connection. type: bool runasusercategory: aliases: - runasusercat choices: - all - '' description: RunAs User category applied to the sudorule. required: false allow_sudocmdgroup: description: List of allowed sudocmd groups assigned to this sudorule. required: false type: list ipaadmin_principal: default: admin description: The admin principal. runasgroupcategory: aliases: - runasgroupcat choices: - all - '' description: RunAs Group category applied to the sudo rule. required: false