Vh7!~ddlmZmZmZeZdZdZddlZddl m Z ddl m Z m Z GddeZd Zed k(reyy) )absolute_importdivisionprint_functiona7 module: ipa_getkeytab short_description: Manage keytab file in FreeIPA version_added: 9.5.0 description: - Manage keytab file with C(ipa-getkeytab) utility. - See U(https://manpages.ubuntu.com/manpages/jammy/man1/ipa-getkeytab.1.html) for reference. author: "Alexander Bakanovskii (@abakanovskii)" attributes: check_mode: support: full diff_mode: support: none options: path: description: - The base path where to put generated keytab file. type: path aliases: ["keytab"] required: true principal: description: - The non-realm part of the full principal name. type: str required: true ipa_host: description: - The IPA server to retrieve the keytab from (FQDN). type: str ldap_uri: description: - LDAP URI. If V(ldap://) is specified, STARTTLS is initiated by default. - Can not be used with the O(ipa_host) option. type: str bind_dn: description: - The LDAP DN to bind as when retrieving a keytab without Kerberos credentials. - Generally used with the O(bind_pw) option. type: str bind_pw: description: - The LDAP password to use when not binding with Kerberos. type: str password: description: - Use this password for the key instead of one randomly generated. type: str ca_cert: description: - The path to the IPA CA certificate used to validate LDAPS/STARTTLS connections. type: path sasl_mech: description: - SASL mechanism to use if O(bind_dn) and O(bind_pw) are not specified. choices: ["GSSAPI", "EXTERNAL"] type: str retrieve_mode: description: - Retrieve an existing key from the server instead of generating a new one. - This is incompatible with the O(password), and will work only against a IPA server more recent than version 3.3. - The user requesting the keytab must have access to the keys for this operation to succeed. - Be aware that if set V(true), a new keytab will be generated. - This invalidates all previously retrieved keytabs for this service principal. type: bool encryption_types: description: - The list of encryption types to use to generate keys. - It will use local client defaults if not provided. - Valid values depend on the Kerberos library version and configuration. type: str state: description: - The state of the keytab file. - V(present) only check for existence of a file, if you want to recreate keytab with other parameters you should set O(force=true). type: str default: present choices: ["present", "absent"] force: description: - Force recreation if exists already. type: bool requirements: - freeipa-client - Managed host is FreeIPA client extends_documentation_fragment: - community.general.attributes a - name: Get Kerberos ticket using default principal community.general.krb_ticket: password: "{{ aldpro_admin_password }}" - name: Create keytab community.general.ipa_getkeytab: path: /etc/ipa/test.keytab principal: HTTP/freeipa-dc02.ipa.test ipa_host: freeipa-dc01.ipa.test - name: Retrieve already existing keytab community.general.ipa_getkeytab: path: /etc/ipa/test.keytab principal: HTTP/freeipa-dc02.ipa.test ipa_host: freeipa-dc01.ipa.test retrieve_mode: true - name: Force keytab recreation community.general.ipa_getkeytab: path: /etc/ipa/test.keytab principal: HTTP/freeipa-dc02.ipa.test ipa_host: freeipa-dc01.ipa.test force: true N) AnsibleModule) CmdRunnercmd_runner_fmtceZdZdZddZy) IPAKeytabc ||_|d|_|d|_|d|_|d|_|d|_|d|_|d|_|d|_|d |_ |d |_ |d |_ |d |_ t|d ttj dtj"dtj"dtj"dtj"dtj"dtj"dtj"dtj"dtj"dtj"d |_y)Npathstate principalipa_hostldap_uribind_dnbind_pwpasswordca_cert sasl_mech retrieve_modeencryption_typesz ipa-getkeytabz --retrievez--keytabz--serverz --principalz --ldapuriz--binddnz--bindpwz --passwordz--cacertz--mechz --enctypes) rr rrrrrrrrr)command arg_formats)moduler r rrrrrrrrrrrdictras_bool as_opt_valrunner)selfrkwargss s/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/general/plugins/modules/ipa_getkeytab.py__init__zIPAKeytab.__init__sN 6N G_  ,z* z* i( i( z* i(  ,#O4 &'9 : #,44\B#..z:'22:>(33MB'22;?&11*=&11*='22<@&11*=(33H=!/!:!:rrrrrrrrrr) r r rrrrrrrrrrFzError deleting: z - .)msg)changed)rrparamsr osr exists check_moderemoveOSError fail_jsonfilenamestrerrorr+ exit_json)arg_specrr r r>r1rDes r!mainrQs vxj A9y(.CDED15!5!% % 5.&!EHj+AB'5)H46ST F == D MM' "E MM' "E v "!'{!; & j 9 & j 9%}}Y7%}}Y7 & j 9%}}Y7!'{!;%+]]?%C(. 6H(I FG  77>>$ V..`IIdO **G LLN  77>>$ G$$`IIdO W%'`$$qzzSTS]S])^$__` `$$qzzSTS]S])^$__`s02I/J J -JJ K#-KK__main__) __future__rrrr2 __metaclass__ DOCUMENTATIONEXAMPLESrFansible.module_utils.basicrEansible_collections.community.general.plugins.module_utils.cmd_runnerrrobjectr rQr,r/r#r!rZsVA@ W r 4 4k((VB&J zFr#