Vh8+ddlmZmZmZeZdZdZdZddl Z ddl m Z ddl m Z mZddlmZGd d e Zdd Zd Zd ZdZedk(reyy))absolute_importdivisionprint_functiona module: ipa_role author: Thomas Krahn (@Nosmoht) short_description: Manage FreeIPA role description: - Add, modify and delete a role within FreeIPA server using FreeIPA API. attributes: check_mode: support: full diff_mode: support: none options: cn: description: - Role name. - Can not be changed as it is the unique identifier. required: true aliases: ['name'] type: str description: description: - A description of this role-group. type: str group: description: - List of group names assign to this role. - If an empty list is passed all assigned groups will be unassigned from the role. - If option is omitted groups will not be checked or changed. - If option is passed all assigned groups that are not passed will be unassigned from the role. type: list elements: str host: description: - List of host names to assign. - If an empty list is passed all assigned hosts will be unassigned from the role. - If option is omitted hosts will not be checked or changed. - If option is passed all assigned hosts that are not passed will be unassigned from the role. type: list elements: str hostgroup: description: - List of host group names to assign. - If an empty list is passed all assigned host groups will be removed from the role. - If option is omitted host groups will not be checked or changed. - If option is passed all assigned hostgroups that are not passed will be unassigned from the role. type: list elements: str privilege: description: - List of privileges granted to the role. - If an empty list is passed all assigned privileges will be removed. - If option is omitted privileges will not be checked or changed. - If option is passed all assigned privileges that are not passed will be removed. type: list elements: str service: description: - List of service names to assign. - If an empty list is passed all assigned services will be removed from the role. - If option is omitted services will not be checked or changed. - If option is passed all assigned services that are not passed will be removed from the role. type: list elements: str state: description: State to ensure. default: "present" choices: ["absent", "present"] type: str user: description: - List of user names to assign. - If an empty list is passed all assigned users will be removed from the role. - If option is omitted users will not be checked or changed. type: list elements: str extends_documentation_fragment: - community.general.ipa.documentation - community.general.attributes a - name: Ensure role is present community.general.ipa_role: name: dba description: Database Administrators state: present user: - pinky - brain ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret - name: Ensure role with certain details community.general.ipa_role: name: another-role description: Just another role group: - editors host: - host01.example.com hostgroup: - hostgroup01 privilege: - Group Administrators - User Administrators service: - service01 - name: Ensure role is absent community.general.ipa_role: name: dba state: absent ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret zS role: description: Role as returned by IPA API. returned: always type: dict N) AnsibleModule) IPAClientipa_argument_spec) to_nativeceZdZfdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZdZdZdZdZdZdZxZS) RoleIPAClientc2tt| ||||yN)superr __init__)selfmodulehostportprotocol __class__s n/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/general/plugins/modules/ipa_role.pyrzRoleIPAClient.__init__s mT+FD$Ic0|jddd|dS)N role_findT)allcnmethodnameitem _post_jsonrrs rrzRoleIPAClient.role_findsk4W[C\]]rc*|jd||S)Nrole_addrr rrrs rr$zRoleIPAClient.role_addjt$GGrc*|jd||S)Nrole_modrr r%s rr(zRoleIPAClient.role_modr&rc(|jd|S)Nrole_del)rrr r"s rr*zRoleIPAClient.role_delsjt<rBrDrGrIrLrNrPrRrU __classcell__)rs@rr r stJ^HH=OEDIGDRHGLJGadrr ci}|||d<|S)N description)r[datas r get_role_dictr^s D)] Krc(|j||S)N)ipa_data module_data)get_diff)clientipa_role module_roles r get_role_diffrfs ??H+? FFrc|jd}|jd}|jd}|jd}|jd}|jd}|jd}|jd} t|jd  } |j| } d } |d k(r| s"d} |jsm|j || } nYt || | } t | dkDr>d} |js0i}| D]}| j|||<|j|||=|j|| jdg||j|jxs| } |=|j|| jdg||j|jxs| } |=|j|| jdg||j|jxs| } |=|j|| jdg||j |j"xs| } |=|j|| jdg||j$|j&xs| } | _|j|| jdg| |j(|j*xs| } n!| rd} |js|j-|| |j| fS)Nstaterr/rr9rSr=rAr[)r[)rFpresentTr0r member_group member_hostmember_hostgroupmemberof_privilegemember_service member_user)paramsr^r check_moder$rflengetr(modify_if_diffr2rGr5rIr:rLrRrUr>rNrBrPr*)rrcrhrr/rr9rSr=rArerdchangeddiffr]keys rensurerxs MM' "E == D MM' "E == D k*I k*ImmI&G == DFMM-,HIKT*HG G$$!??;?G ;?D4y1}((D#9$/OOC$8S 9OODO9  ++D(,,~r2RTY,2,A,A,2,D,DFQIP   ++D(,,}b2QSW,2,@,@,2,C,CEPHO   ++D(,,?QSU2VXa,2,E,E,2,H,HJUMT   ++D(,,?SUW2XZc,2,E,E,2,H,HJUMT   ++D(,,?OQS2TV],2,C,C,2,F,FHSKR   ++D(,,}b2QSW,2,@,@,2,C,CEPHO  G$$% F$$$$/ //rct}|jtdddgtdtddtddtddtddtddtdddd g tdd t|d }t ||j d |j d|j d} |j |j d|j dt||\}}|j||y#t$r8}|jt|tjYd}~yd}~wwxYw)NstrTr)typerequiredaliases)r{list)r{elementsriabsent)r{defaultchoices) rr[r/rr9rSr=rhrA) argument_specsupports_check_modeipa_hostipa_portipa_prot)rrrripa_useripa_pass)usernamepassword)rurole)msg exception)rupdatedictrr rploginrx exit_json Exception fail_jsonr traceback format_exc)rrrcrures rmainrsJ%'MDedVHM%)u%5#%@"?#'Ve#D#'Ve#D!%6E!B# IW_K`a"?A/35F& & j 9 & j 9$*MM*$=?F M fmmJ7$mmJ7  9vv. t4 MYq\Y5I5I5KLLMsAD E!).EE!__main__r ) __future__rrrr{ __metaclass__ DOCUMENTATIONEXAMPLESRETURNransible.module_utils.basicr>ansible_collections.community.general.plugins.module_utils.iparr+ansible.module_utils.common.text.convertersr r r^rfrxrrVr\rrrssA@ N `$ L 4gA8dI8dvG>0BM: zFr