Vh .ddlmZmZmZeZdZdZdZddl Z ddl m Z ddl m Z mZddlmZGd d e Zdd Zd Zd ZdZedk(reyy))absolute_importdivisionprint_functiona module: ipa_group author: Thomas Krahn (@Nosmoht) short_description: Manage FreeIPA group description: - Add, modify and delete group within IPA server. attributes: check_mode: support: full diff_mode: support: none options: append: description: - If V(true), add the listed O(user) and O(group) to the group members. - If V(false), only the listed O(user) and O(group) will be group members, removing any other members. default: false type: bool version_added: 4.0.0 cn: description: - Canonical name. - Can not be changed as it is the unique identifier. required: true aliases: ['name'] type: str description: description: - Description of the group. type: str external: description: - Allow adding external non-IPA members from trusted domains. type: bool gidnumber: description: - GID (use this option to set it manually). aliases: ['gid'] type: str group: description: - List of group names assigned to this group. - If O(append=false) and an empty list is passed all groups will be removed from this group. - Groups that are already assigned but not passed will be removed. - If O(append=true) the listed groups will be assigned without removing other groups. - If option is omitted assigned groups will not be checked or changed. type: list elements: str nonposix: description: - Create as a non-POSIX group. type: bool user: description: - List of user names assigned to this group. - If O(append=false) and an empty list is passed all users will be removed from this group. - Users that are already assigned but not passed will be removed. - If O(append=true) the listed users will be assigned without removing other users. - If option is omitted assigned users will not be checked or changed. type: list elements: str external_user: description: - List of external users assigned to this group. - Behaves identically to O(user) with respect to O(append) attribute. - List entries can be in V(DOMAIN\\\\username) or SID format. - Unless SIDs are provided, the module will always attempt to make changes even if the group already has all the users. This is because only SIDs are returned by IPA query. - O(external=true) is needed for this option to work. type: list elements: str version_added: 6.3.0 state: description: - State to ensure. default: "present" choices: ["absent", "present"] type: str extends_documentation_fragment: - community.general.ipa.documentation - community.general.attributes ai - name: Ensure group is present community.general.ipa_group: name: oinstall gidnumber: '54321' state: present ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret - name: Ensure that groups sysops and appops are assigned to ops but no other group community.general.ipa_group: name: ops group: - sysops - appops ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret - name: Ensure that users linus and larry are assign to the group, but no other user community.general.ipa_group: name: sysops user: - linus - larry ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret - name: Ensure that new starter named john is member of the group, without removing other members community.general.ipa_group: name: developers user: - john append: true state: present ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret - name: Add external user to a group community.general.ipa_group: name: developers external: true append: true external_user: - S-1-5-21-123-1234-12345-63421 ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret - name: Add a user from MYDOMAIN community.general.ipa_group: name: developers external: true append: true external_user: - MYDOMAIN\\john ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret - name: Ensure group is absent community.general.ipa_group: name: sysops state: absent ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret zU group: description: Group as returned by IPA API. returned: always type: dict N) AnsibleModule) IPAClientipa_argument_spec) to_nativecfeZdZfdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZxZS)GroupIPAClientc2tt| ||||y)N)superr __init__)selfmodulehostportprotocol __class__s o/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/general/plugins/modules/ipa_group.pyrzGroupIPAClient.__init__s nd,VT4Jc0|jddd|dS)N group_findT)allcnmethodnameitem _post_jsonrrs rrzGroupIPAClient.group_findslDX\D]^^rc*|jd||S)N group_addrrrrrs rr#zGroupIPAClient.group_addk4HHrc*|jd||S)N group_modrrr$s rr'zGroupIPAClient.group_modr%rc(|jd|S)N group_del)rrrr!s rr)zGroupIPAClient.group_delsk==rc*|jd||S)Ngroup_add_memberrrr$s rr+zGroupIPAClient.group_add_members&8t$OOrc,|j|d|iSNgrouprrr+r$s rgroup_add_member_groupz%GroupIPAClient.group_add_member_groups$$$gt_$EErc,|j|d|iSNuserr/r0r$s rgroup_add_member_userz$GroupIPAClient.group_add_member_users$$$fd^$DDrc,|j|d|iSNipaexternalmemberr/r0r$s rgroup_add_member_externaluserz,GroupIPAClient.group_add_member_externalusers$$$6I45P$QQrc*|jd||S)Ngroup_remove_memberrrr$s rr;z"GroupIPAClient.group_remove_members&;$TRRrc,|j|d|iSr-r;r$s rgroup_remove_member_groupz(GroupIPAClient.group_remove_member_groups''T$'HHrc,|j|d|iSr3r=r$s rgroup_remove_member_userz'GroupIPAClient.group_remove_member_users''T'GGrc,|j|d|iSr7r=r$s r group_remove_member_externaluserz/GroupIPAClient.group_remove_member_externalusers''T9Ld8S'TTr)__name__ __module__ __qualname__rrr#r'r)r+r1r5r9r;r>r@rB __classcell__)rs@rr r sPK_II>PFERSIHUrr cBi}|||d<|||d<|||d<|||d<|S)N descriptionexternal gidnumbernonposix)rHrIgidrKr.s rget_group_dictrNsK E*m$j  k$j Lrcg}d|vr|ds|jdrd|d<|d=d|vr|drd|jdvr|d=|j||S)NrKTposixrIipaexternalgroup objectclass)ipa_data module_data)getget_diff)client ipa_group module_groupdatas rget_group_diffr[sp D\!J'IMM*,E$(L !  $\!  #(:immM>Z(ZZ( ??Id} |js0i} | D]}| j|| |<|j|| |?|j|| jdg||j|j|xs| } |?|j|| jdg||j|j|xs| } |a|j|| jdg||j|j |xs| } n!| rd} |js|j#|| |j| fS)Nstaterr.r4rI external_userappendrHrJrK)rHrIrMrK)rz0external_user can only be set if external = TrueFpresentT)rrr/ member_group)r_ member_userr8)paramsrNr fail_json check_moder#r[lenrUr'modify_if_diffr1r>r5r@r9rBr))rrWr]rr.r4rIr^r_rYrXchangeddiffrZkeys rensurerks MM' "E == D MM' "E == D}}Z(HMM/2M ]]8 $F!fmmM.J+3&,mmK&@+1==+DFL!!t!,I .KLG G$$",,T ,E !&)\BD4y1}((D#:$0$4$4S$9S :$$$T$:  ++D)--PR2SUZ,2,I,I,2,L,L39,;F?F   ++D)-- r2RTX,2,H,H,2,K,K39,;F?F   $++D)--@SUW2XZg,2,P,P,2,S,S39,;F?F  G$$  & F%%4%0 00rct}|jtdddgtdtdtddtdd g tddtdtdd d d g tddtdd t|d}t ||j d|j d|j d} |j |j d|j dt||\}}|j||y#t$r8}|jt|tjYd}~yd}~wwxYw)NstrTr)typerequiredaliases)rnboollist)rnelementsrM)rnrpr`absent)rndefaultchoicesF)rnru) rrHrIr^rJr.rKr]r4r_) argument_specsupports_check_modeipa_hostipa_portipa_prot)rrrripa_useripa_pass)usernamepassword)rhr.)msg exception)rupdatedictrr rcloginrk exit_json Exceptionrdr traceback format_exc)rwrrWrhr.es rmainr5sS%'MDedVHM%)u%5"&F"3'+%'H#'UUG#D#%@"&F"3# IW_K`a"? $&% @ B/3F6!'z!:!'z!:%+]]:%>@FM fmmJ7$mmJ7  9/6 MYq\Y5I5I5KLLMsAD++ E,4.E''E,__main__)NNNN) __future__rrrrn __metaclass__ DOCUMENTATIONEXAMPLESRETURNransible.module_utils.basicr>ansible_collections.community.general.plugins.module_utils.iparr+ansible.module_utils.common.text.convertersr r rNr[rkrrCrLrrrstA@ Q fF P 4gA&UY&UR  I 91xM< zFr