Vh7ddlmZmZmZeZdZdZdZddl Z ddl m Z ddl m Z mZddlmZdd lmZGd d e Z dd Zd ZdZdZedk(reyy))absolute_importdivisionprint_functiona module: ipa_hbacrule author: Thomas Krahn (@Nosmoht) short_description: Manage FreeIPA HBAC rule description: - Add, modify or delete an IPA HBAC rule using IPA API. attributes: check_mode: support: full diff_mode: support: none options: cn: description: - Canonical name. - Can not be changed as it is the unique identifier. required: true aliases: ["name"] type: str description: description: Description. type: str host: description: - List of host names to assign. - If an empty list is passed all hosts will be removed from the rule. - If option is omitted hosts will not be checked or changed. required: false type: list elements: str hostcategory: description: Host category. choices: ['all'] type: str hostgroup: description: - List of hostgroup names to assign. - If an empty list is passed all hostgroups will be removed from the rule. - If option is omitted hostgroups will not be checked or changed. type: list elements: str service: description: - List of service names to assign. - If an empty list is passed all services will be removed from the rule. - If option is omitted services will not be checked or changed. type: list elements: str servicecategory: description: Service category. choices: ['all'] type: str servicegroup: description: - List of service group names to assign. - If an empty list is passed all assigned service groups will be removed from the rule. - If option is omitted service groups will not be checked or changed. type: list elements: str sourcehost: description: - List of source host names to assign. - If an empty list if passed all assigned source hosts will be removed from the rule. - If option is omitted source hosts will not be checked or changed. type: list elements: str sourcehostcategory: description: Source host category. choices: ['all'] type: str sourcehostgroup: description: - List of source host group names to assign. - If an empty list if passed all assigned source host groups will be removed from the rule. - If option is omitted source host groups will not be checked or changed. type: list elements: str state: description: State to ensure. default: "present" choices: ["absent", "disabled", "enabled", "present"] type: str user: description: - List of user names to assign. - If an empty list if passed all assigned users will be removed from the rule. - If option is omitted users will not be checked or changed. type: list elements: str usercategory: description: User category. choices: ['all'] type: str usergroup: description: - List of user group names to assign. - If an empty list if passed all assigned user groups will be removed from the rule. - If option is omitted user groups will not be checked or changed. type: list elements: str extends_documentation_fragment: - community.general.ipa.documentation - community.general.attributes a - name: Ensure rule to allow all users to access any host from any host community.general.ipa_hbacrule: name: allow_all description: Allow all users to access any host from any host hostcategory: all servicecategory: all usercategory: all state: present ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret - name: Ensure rule with certain limitations community.general.ipa_hbacrule: name: allow_all_developers_access_to_db description: Allow all developers to access any database from any host hostgroup: - db-server usergroup: - developers state: present ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret - name: Ensure rule is absent community.general.ipa_hbacrule: name: rule_to_be_deleted state: absent ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret z\ hbacrule: description: HBAC rule as returned by IPA API. returned: always type: dict N) AnsibleModule) IPAClientipa_argument_spec) to_native) LooseVersioncfeZdZfdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZxZS)HBACRuleIPAClientc2tt| ||||y)N)superr __init__)selfmodulehostportprotocol __class__s r/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/general/plugins/modules/ipa_hbacrule.pyrzHBACRuleIPAClient.__init__s /dHMc0|jddd|dS)N hbacrule_findT)allcnmethodnameitem _post_jsonrrs rrzHBACRuleIPAClient.hbacrule_findsoDt[_G`aarc*|jd||S)N hbacrule_addrr rrrs rr$zHBACRuleIPAClient.hbacrule_addn4dKKrc*|jd||S)N hbacrule_modrr r%s rr(zHBACRuleIPAClient.hbacrule_modr&rc(|jd|S)N hbacrule_del)rrr r"s rr*zHBACRuleIPAClient.hbacrule_delsn4@@rc*|jd||S)Nhbacrule_add_hostrr r%s rr,z#HBACRuleIPAClient.hbacrule_add_host&94PPrc*|jd||S)Nhbacrule_remove_hostrr r%s rr/z&HBACRuleIPAClient.hbacrule_remove_host&<4dSSrc*|jd||S)Nhbacrule_add_servicerr r%s rr2z&HBACRuleIPAClient.hbacrule_add_servicer0rc*|jd||S)Nhbacrule_remove_servicerr r%s rr4z)HBACRuleIPAClient.hbacrule_remove_service&?dQUVVrc*|jd||S)Nhbacrule_add_userrr r%s rr7z#HBACRuleIPAClient.hbacrule_add_userr-rc*|jd||S)Nhbacrule_remove_userrr r%s rr9z&HBACRuleIPAClient.hbacrule_remove_userr0rc*|jd||S)Nhbacrule_add_sourcehostrr r%s rr;z)HBACRuleIPAClient.hbacrule_add_sourcehostr5rc*|jd||S)Nhbacrule_remove_sourcehostrr r%s rr=z,HBACRuleIPAClient.hbacrule_remove_sourcehosts&BTXYYr)__name__ __module__ __qualname__rrr$r(r*r,r/r2r4r7r9r;r= __classcell__)rs@rr r sQNbLLAQTTWQTWZrr c^i}|||d<|||d<|||d<|||d<|||d<|||d<|S)N description hostcategoryipaenabledflagservicecategorysourcehostcategory usercategory)rCrDrErFrGrHdatas rget_hbacrule_dictrKsq D)]+^!!/ ""1 %%7 !"+^ Krc(|j||S)N)ipa_data module_data)get_diff)client ipa_hbcarulemodule_hbcarules rget_hbcarule_diffrSs ??Lo? NNrc|jd}|jd}|j}|dvrt|tdkrd}nd}nt|tdkrd}nd}|jd }|jd }|jd }|jd } |jd } |jd} |jd} |jd} |jd}|jd}|jd}|jd}t|jd||| | |}|j |}d}|dvr~|s"d}|j sm|j ||}nYt|||}t|dkDr>d}|j s0i}|D]}|j|||<|j|||>|j||jdg||j|jd xs|}|>|j||jdg||j|jd xs|}| >|j||jdg| |j|jdxs|}| >|j||jdg| |j|jd xs|}| >|j||jd!g| |j |j"d xs|}|>|j||jd"g||j |j"d xs|}|>|j||jd#g||j$|j&dxs|}|a|j||jd$g||j$|j&d%xs|}n"|r d}|j s|j)|||j |fS)&Nrstate)presentenabledz4.9.10TRUETFALSEFrrD hostgroupservicerF servicegroup sourcehostrGsourcehostgroupuserrH usergrouprC)rCrDrErFrGrH)r)rVrWdisabled)rrrmemberhost_hostmemberhost_hostgroupmemberservice_hbacsvchbacsvcmemberservice_hbacsvcgroup hbacsvcgroupsourcehost_hostsourcehost_groupmemberuser_usermemberuser_groupgroup)paramsget_ipa_versionr rKr check_moder$rSlengetr(modify_if_diffr,r/r2r4r;r=r7r9r*)rrPrrU ipa_versionrErrDrZr[rFr\r]rGr^r_rHr`module_hbacrule ipa_hbacrulechangeddiffrJkeys rensurerys == D MM' "E((*K &&  $|H'= =#N!N  $|H'= =$N"N == D==0L k*ImmI&Gmm$56O==0L|,J';<mm$56O == D==0L k*I'FMM-4P5A7E8G;M5A CO ''T'2LG 22G$$%22?2S $V\?KD4y1}((D#=$3$7$7$<S =''T'=  ++D,2B2BCTVX2Y[_,2,D,D,2,G,GQ\T[   ++D,2B2BCY[]2^`i,2,D,D,2,G,GVaY`   ++D,2B2BCZ\^2_ah,2,G,G,2,J,JIWbZa   #++D,2B2BC_ac2d,8,2,G,G,2,J,JN\g`g   !++D,2B2BCTVX2Y[e,2,J,J,2,M,MvWbZa   &++D,2B2BCUWY2Z\k,2,J,J,2,M,M{\g_f   ++D,2B2BCTVX2Y[_,2,D,D,2,G,GQ\T[   ++D,2B2BCUWY2Z\e,2,D,D,2,G,GR]U\  G$$###. F((d(3 33rc`t}|jtdddgtdtddtddg tddtddtddg tddtddtddg tddtdd gd  tddtddg tdd t|d}t ||j d|j d|j d} |j |j d|j dt||\}}|j||y#t$r8}|jt|tjYd}~yd}~wwxYw)NstrTr)typerequiredaliases)r|list)r|elementsr)r|choicesrV)rVabsentrWra)r|defaultr)rrCrrDrZr[rFr\r]rGr^rUr_rHr`) argument_specsupports_check_modeipa_hostipa_portipa_prot)rrrripa_useripa_pass)usernamepassword)rvhbacrule)msg exception)rupdatedictrr rmloginry exit_json Exception fail_jsonr traceback format_exc)rrrPrvres rmainrKs%'MDedVHM%)u%5"?&*w&G#'Ve#D!%6E!B)-55')J&*&G$(fu$E,0eeW,M)-6E)J# Kwx"?&*w&G#'Ve#DF /3Ff$*MM*$=$*MM*$=(. j(ACF M fmmJ7$mmJ7  9"6628< MYq\Y5I5I5KLLMsAE,, F-5.F((F-__main__)NNNNNN) __future__rrrr| __metaclass__ DOCUMENTATIONEXAMPLESRETURNransible.module_utils.basicr>ansible_collections.community.general.plugins.module_utils.iparr+ansible.module_utils.common.text.convertersr Bansible_collections.community.general.plugins.module_utils.versionr r rKrSryrr>rIrrrsA@ g R! F 4gA[&Z &ZRae)-#'&Oc4L!MH zFr