Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Role handling] Not able to add additional privileges with existing privilege. #409

Closed
varunmylaraiah opened this issue Oct 5, 2020 · 1 comment · Fixed by #469
Closed

[Role handling] Not able to add additional privileges with existing privilege. #409

varunmylaraiah opened this issue Oct 5, 2020 · 1 comment · Fixed by #469
Labels
bug pr-avaiable

Comments

@varunmylaraiah
Copy link
Collaborator

Not able to add additional privileges with existing privilege.

[root@master ~]# ipa role-show newrole
  Role name: newrole
  Privileges: Automember Readers, ADTrust Agents


[root@ansible ~]# cat newrole.yaml
---
- name: "Update an existing role with the additional privileges"
  hosts: ipaserver

  tasks:
  - iparole:
      ipaadmin_password: <password>
      name: newrole
      privilege: 
        - DNS Servers
        - Host Administrators
        - DNS Administrators
        - Group Administrators
      action: member

[root@ansible ~]# ansible-playbook -vv -i inventory/server.hosts newrole.yaml 
ansible-playbook 2.9.11
  config file = /root/ansible.cfg
  configured module search path = ['/root/ansible-freeipa/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.8/site-packages/ansible
  executable location = /usr/bin/ansible-playbook
  python version = 3.8.5 (default, Aug 12 2020, 00:00:00) [GCC 10.2.1 20200723 (Red Hat 10.2.1-1)]
Using /root/ansible.cfg as config file

PLAYBOOK: newrole.yaml ***********************************************************************************************
1 plays in newrole.yaml

PLAY [9.Update an existing role with the additional privilege] *******************************************************

TASK [Gathering Facts] ***********************************************************************************************
task path: /root/newrole.yaml:2
[DEPRECATION WARNING]: Distribution fedora 32 on host master.ipadomain.test should use /usr/bin/python3, but is using
 /usr/bin/python for backward compatibility with prior Ansible releases. A future Ansible release will default to 
using the discovered platform python for this host. See 
https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information. This 
feature will be removed in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False 
in ansible.cfg.
ok: [master.ipadomain.test]
META: ran handlers

TASK [iparole] *******************************************************************************************************
task path: /root/newrole.yaml:6
changed: [master.ipadomain.test] => {"changed": true}
META: ran handlers
META: ran handlers

PLAY RECAP ***********************************************************************************************************
master.ipadomain.test      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0 

[root@master ~]# ipa role-show newrole
  Role name: newrole
  Privileges: Group Administrators, Host Administrators, DNS Administrators, DNS Servers

CLI Console output

[root@master ~]# ipa role-add-privilege newrole --privileges="User Administrators"
  Role name: newrole
  Privileges: User Administrators, Group Administrators, Host Administrators, DNS Administrators, DNS Servers
----------------------------
Number of privileges added 1
----------------------------
@rjeffman rjeffman added the bug label Oct 5, 2020
@varunmylaraiah
Copy link
Collaborator Author

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1893678

rjeffman added a commit to rjeffman/ansible-freeipa that referenced this issue Dec 15, 2020
@rjeffman
Fix handling members in ipa role.
0287a0a 
When adding new members to a role, the existing members were removed.
The correct behavior for the "member" action is to add those members,
and substitute the existing ones. This patch fixes this behavior.

Fix freeipa#409, freeipa#411, freeipa#412, freeipa#413
@rjeffman rjeffman mentioned this issue Dec 15, 2020
Merged
rjeffman added a commit to rjeffman/ansible-freeipa that referenced this issue Dec 15, 2020
@rjeffman
Fix handling members in ipa role.
048d7a7 
When adding new members to a role, the existing members were removed.
The correct behavior for the "member" action is to add those members,
and substitute the existing ones. This patch fixes this behavior.

Fix freeipa#409, freeipa#411, freeipa#412, freeipa#413
rjeffman added a commit to rjeffman/ansible-freeipa that referenced this issue Dec 22, 2020
@rjeffman
Fix handling members in ipa role.
67179a8 
When adding new members to a role, the existing members were removed.
The correct behavior for the "member" action is to add those members,
and substitute the existing ones. This patch fixes this behavior.

Fix freeipa#409, freeipa#411, freeipa#412, freeipa#413
rjeffman added a commit to rjeffman/ansible-freeipa that referenced this issue Jan 13, 2021
@rjeffman
Fix handling members in ipa role.
3344221 
When adding new members to a role, the existing members were removed.
The correct behavior for the "member" action is to add those members,
and substitute the existing ones. This patch fixes this behavior.

Fix freeipa#409, freeipa#411, freeipa#412, freeipa#413
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug pr-avaiable
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix handling members in ipa role. rjeffman/ansible-freeipa
2 participants
@varunmylaraiah @rjeffman