Merge remote-tracking branch 'origin/master'

README-group.md

@@ -4,9 +4,9 @@ Group module
 Description
 -----------
 
-The group module allows to add, remove, enable, disable, unlock und undelete groups.
+The group module allows to ensure presence and absence of groups and members of groups.
 
-The group module is as compatible as possible to the Ansible upstream `ipa_group` module, but addtionally offers to add users to a group and also to remove users from a group.
+The group module is as compatible as possible to the Ansible upstream `ipa_group` module, but additionally offers to add users to a group and also to remove users from a group.
 
 
 Features
@@ -142,9 +142,9 @@ Variable | Description | Required
 `nomembers` | Suppress processing of membership attributes. (bool) | no
 `user` | List of user name strings assigned to this group. | no
 `group` | List of group name strings assigned to this group. | no
-`service` | List of service name strings assigned to this group | no
+`service` | List of service name strings assigned to this group. Only usable with IPA versions 4.7 and up. | no
 `action` | Work on group or member level. It can be on of `member` or `group` and defaults to `group`. | no
-`state` | The state to ensure. It can be one of `present` or `absent`, defauilt: `present`. | yes
+`state` | The state to ensure. It can be one of `present` or `absent`, default: `present`. | yes
 
 
 Authors

README-hbacrule.md

@@ -0,0 +1,158 @@
+HBACrule module
+===============
+
+Description
+-----------
+
+The hbacrule (HBAC Rule) module allows to ensure presence and absence of HBAC Rules and host, hostgroups, HBAC Services, HBAC Service Groups, users, and user groups as members of HBAC Rule.
+
+
+Features
+--------
+* HBAC Rule management
+
+
+Supported FreeIPA Versions
+--------------------------
+
+FreeIPA versions 4.4.0 and up are supported by the ipahbacrule module.
+
+
+Requirements
+------------
+
+**Controller**
+* Ansible version: 2.8+
+
+**Node**
+* Supported FreeIPA version (see above)
+
+
+Usage
+=====
+
+Example inventory file
+
+```ini
+[ipaserver]
+ipaserver.test.local
+```
+
+
+Example playbook to make sure HBAC Rule login exists:
+
+```yaml
+---
+- name: Playbook to handle hbacrules
+  hbacsvcs: ipaserver
+  become: true
+
+  tasks:
+  # Ensure HBAC Rule login is present
+  - ipahbacrule:
+      ipaadmin_password: MyPassword123
+      name: login
+```
+
+
+Example playbook to make sure HBAC Rule login exists with the only HBAC Service sshd:
+
+```yaml
+---
+- name: Playbook to handle hbacrules
+  hbacsvcs: ipaserver
+  become: true
+
+  tasks:
+  # Ensure HBAC Rule login is present with the only HBAC Service sshd
+  - ipahbacrule:
+      ipaadmin_password: MyPassword123
+      name: login
+      hbacsvc:
+      - sshd
+```
+
+Example playbook to make sure HBAC Service sshd is present in HBAC Rule login:
+
+```yaml
+---
+- name: Playbook to handle hbacrules
+  hbacsvcs: ipaserver
+  become: true
+
+  tasks:
+  # Ensure HBAC Service sshd is present in HBAC Rule login
+  - ipahbacrule:
+      ipaadmin_password: MyPassword123
+      name: login
+      hbacsvc:
+      - sshd
+      action: member
+```
+
+Example playbook to make sure HBAC Service sshd is absent in HBAC Rule login:
+
+```yaml
+---
+- name: Playbook to handle hbacrules
+  hbacsvcs: ipaserver
+  become: true
+
+  tasks:
+  # Ensure HBAC Service sshd is present in HBAC Rule login
+  - ipahbacrule:
+      ipaadmin_password: MyPassword123
+      name: login
+      hbacsvc:
+      - sshd
+      action: member
+      state: absent
+```
+
+Example playbook to make sure HBAC Rule login is absent:
+
+```yaml
+---
+- name: Playbook to handle hbacrules
+  hbacsvcs: ipaserver
+  become: true
+
+  tasks:
+  # Ensure HBAC Rule login is present
+  - ipahbacrule:
+      ipaadmin_password: MyPassword123
+      name: login
+      state: absent
+```
+
+
+Variables
+=========
+
+ipahbacrule
+---------------
+
+Variable | Description | Required
+-------- | ----------- | --------
+`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
+`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
+`name` \| `cn` | The list of hbacrule name strings. | yes
+`description` | The hbacrule description string. | no
+`usercategory` \| `usercat` | User category the rule applies to. Choices: ["all"] | no
+`hostcategory` \| `hostcat` | Host category the rule applies to. Choices: ["all"] | no
+`servicecategory` \| `servicecat` | HBAC service category the rule applies to. Choices: ["all"] | no
+`nomembers` | Suppress processing of membership attributes. (bool) | no
+`host` | List of host name strings assigned to this hbacrule. | no
+`hostgroup` | List of host group name strings assigned to this hbacrule. | no
+`hbacsvc` | List of HBAC Service name strings assigned to this hbacrule. | no
+`hbacsvcgroup` | List of HBAC Service Group name strings assigned to this hbacrule. | no
+`user` | List of user name strings assigned to this hbacrule. | no
+`group` | List of user group name strings assigned to this hbacrule. | no
+`action` | Work on hbacrule or member level. It can be on of `member` or `hbacrule` and defaults to `hbacrule`. | no
+`state` | The state to ensure. It can be one of `present`, `absent`, `enabled` or `disabled`, default: `present`. | no
+
+
+Authors
+=======
+
+Thomas Woerner

README-hbacsvc.md

@@ -0,0 +1,109 @@
+HBACsvc module
+==============
+
+Description
+-----------
+
+The hbacsvc (HBAC Service) module allows to ensure presence and absence of HBAC Services.
+
+
+Features
+--------
+* HBACsvc management
+
+
+Supported FreeIPA Versions
+--------------------------
+
+FreeIPA versions 4.4.0 and up are supported by the ipahbacsvc module.
+
+
+Requirements
+------------
+
+**Controller**
+* Ansible version: 2.8+
+
+**Node**
+* Supported FreeIPA version (see above)
+
+
+Usage
+=====
+
+Example inventory file
+
+```ini
+[ipaserver]
+ipaserver.test.local
+```
+
+
+Example playbook to make sure HBAC Service for http is present
+
+```yaml
+---
+- name: Playbook to handle HBAC Services
+  hosts: ipaserver
+  become: true
+
+  tasks:
+  # Ensure HBAC Service for http is present
+  - ipahbacsvc:
+      ipaadmin_password: MyPassword123
+      name: http
+      description: Web service
+```
+
+Example playbook to make sure HBAC Service for tftp is present
+
+```yaml
+---
+- name: Playbook to handle HBAC Services
+  hosts: ipaserver
+  become: true
+
+  tasks:
+  # Ensure HBAC Service for tftp is present
+  - ipahbacsvc:
+      ipaadmin_password: MyPassword123
+      name: tftp
+      description: TFTPWeb service
+```
+
+Example playbook to make sure HBAC Services for http and tftp are absent
+
+```yaml
+---
+- name: Playbook to handle HBAC Services
+  hosts: ipaserver
+  become: true
+
+  tasks:
+  # Ensure HBAC Service for http and tftp are absent
+  - ipahbacsvc:
+      ipaadmin_password: MyPassword123
+      name: http,tftp
+      state: absent
+```
+
+
+Variables
+=========
+
+ipahbacsvc
+----------
+
+Variable | Description | Required
+-------- | ----------- | --------
+`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
+`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
+`name` \| `cn` \| `service` | The list of hbacsvc name strings. | no
+`description` | The hbacsvc description string. | no
+`state` | The state to ensure. It can be one of `present` or `absent`, default: `present`. | no
+
+
+Authors
+=======
+
+Thomas Woerner