Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ipa_sudorule; cmdgroup and runas functionality #64837

Closed
wants to merge 6 commits into from
Closed

ipa_sudorule; cmdgroup and runas functionality #64837

wants to merge 6 commits into from

Conversation

halberom
Copy link
Contributor

@halberom halberom commented Nov 14, 2019
edited
Loading

SUMMARY

Extends ipa_sudorule module with

  • cmdgroup param; This allows referencing a command group created with ipa_sudocmdgroup.
  • runasuser param
  • runasgroupofuser param
  • runasgroup param

Fixes the changed logic for cmd to correctly report when the list changes.
Enhances the parameter descriptions with mutually exclusive details.

ISSUE TYPE
  • Feature Pull Request
COMPONENT NAME

ipa_sudorule

ADDITIONAL INFORMATION

It's possible to add individual sudo cmds to a sudo rule, or a command group:

ipa sudorule-add-allow-command has 2 sub parameters, sudocmd and sudocmdgroup. This extends the module to add support for the second parameter, and makes the first more explicit.

See also https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/identity_management_guide/defining-sudorules

It's possible to specify whether a user may sudo as another user, or group - using runasuser (either entered individually or via groups) or and runasgroup.

@ansibot
Copy link
Contributor

ansibot commented Nov 14, 2019

cc @Akasurde @Nosmoht @fxfitz
click here for bot help

@ansibot ansibot added affects_2.10 This issue/PR affects Ansible v2.10 community_review In order to be merged, this PR must follow the community review workflow. feature This issue/PR relates to a feature request. identity Identity category ipa IPA community module This issue/PR relates to a module. needs_triage Needs a first human triage before being processed. support:community This issue/PR relates to code supported by the Ansible community. labels Nov 14, 2019
@halberom halberom changed the title add sudocmdgroup functionality to ipa_sudorule extend ipa_sudorule Nov 15, 2019
@halberom halberom changed the title extend ipa_sudorule ipa_sudorule; cmdgroup and runas functionality Nov 15, 2019
@ansibot
Copy link
Contributor

ansibot commented Nov 15, 2019

The test ansible-test sanity --test pep8 [explain] failed with 1 error:

lib/ansible/modules/identity/ipa/ipa_sudorule.py:266:1: E302: expected 2 blank lines, found 1

click here for bot help

@ansibot ansibot added ci_verified Changes made in this PR are causing tests to fail. needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. and removed community_review In order to be merged, this PR must follow the community review workflow. labels Nov 15, 2019
@ansibot ansibot added community_review In order to be merged, this PR must follow the community review workflow. and removed ci_verified Changes made in this PR are causing tests to fail. needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. labels Nov 15, 2019
@ansibot ansibot added the stale_ci This PR has been tested by CI more than one week ago. Close and re-open this PR to get it retested. label Nov 28, 2019
@ansibot ansibot added needs_rebase https://docs.ansible.com/ansible/devel/dev_guide/developing_rebasing.html needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. and removed community_review In order to be merged, this PR must follow the community review workflow. labels Jan 15, 2020
@ansibot ansibot added collection Related to Ansible Collections work collection:community.general labels Apr 29, 2020
@ansibot ansibot added the needs_collection_redirect https://github.com/ansible/ansibullbot/blob/master/docs/collection_migration.md label Apr 29, 2020
@ansibot
Copy link
Contributor

ansibot commented Aug 16, 2020

Thank you very much for your interest in Ansible. Ansible has migrated much of the content into separate repositories to allow for more rapid, independent development. We are closing this issue/PR because this content has been moved to one or more collection repositories.

For further information, please see:
https://github.com/ansible/ansibullbot/blob/master/docs/collection_migration.md

@ansibot ansibot closed this Aug 16, 2020
@sivel sivel removed the needs_triage Needs a first human triage before being processed. label Aug 17, 2020
@ansible ansible locked and limited conversation to collaborators Sep 13, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
affects_2.10 This issue/PR affects Ansible v2.10 bot_closed collection:community.general collection Related to Ansible Collections work feature This issue/PR relates to a feature request. identity Identity category ipa IPA community module This issue/PR relates to a module. needs_collection_redirect https://github.com/ansible/ansibullbot/blob/master/docs/collection_migration.md needs_rebase https://docs.ansible.com/ansible/devel/dev_guide/developing_rebasing.html needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. stale_ci This PR has been tested by CI more than one week ago. Close and re-open this PR to get it retested. support:community This issue/PR relates to code supported by the Ansible community.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@halberom @ansibot @sivel