Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

ipa/client: Split up shell access HBAC rule tasks

Browse source 
Need to create the rule, then add members to it.

Signed-off-by: Nils Philippsen <nils@redhat.com>
This commit is contained in:
Nils Philippsen 2021-02-12 18:26:05 +01:00
parent 193aefa78e
commit cd551a0f07
1 changed files with 11 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

14
roles/ipa/client/tasks/hbac.yml
View file

@ -92,16 +92,24 @@
- ipa_client_shell_groups - ipa_client_shell_groups
- ipa_client_sudo_groups - ipa_client_sudo_groups
- name: Give certain groups shell access per host group - name: Ensure shell access HBAC rule exists
delegate_to: "{{ item[0] }}" delegate_to: "{{ item[0] }}"
ipahbacrule: ipahbacrule:
name: "hostgroup/{{ item[1] }}/shell-access" name: "hostgroup/{{ item[1] }}/shell-access"
description: "Grant shell access on host group {{ item[1] }}" description: "Grant shell access on host group {{ item[1] }}"
ipaadmin_password: "{{ ipa_server_admin_passwords[item[0]] }}" ipaadmin_password: "{{ ipa_server_admin_passwords[item[0]] }}"
action: member
hbacsvcgroup: hbacsvcgroup:
- shell-access - shell-access
state: present state: present
group: "{{ ipa_server_host_groups_dict[item[0]][item[1]]['shell_groups'] }}"
hostgroup: "{{ item[1] }}" hostgroup: "{{ item[1] }}"
loop: "{{ ipa_server_host_groups }}" loop: "{{ ipa_server_host_groups }}"
- name: Give certain groups shell access per host group
delegate_to: "{{ item[0] }}"
ipahbacrule:
name: "hostgroup/{{ item[1] }}/shell-access"
ipaadmin_password: "{{ ipa_server_admin_passwords[item[0]] }}"
action: member
state: present
group: "{{ ipa_server_host_groups_dict[item[0]][item[1]]['shell_groups'] }}"
loop: "{{ ipa_server_host_groups }}"