Skip to content

linuxfabrik.lfops.ipahbacrule

Manage FreeIPA HBAC rules

Synopsis

  • Manage FreeIPA HBAC rules

Available since LFOps 6.0.0.

Mandatory Parameters

name

  • The hbacrule name
  • Type: List.

Optional Parameters

action

  • Work on hbacrule or member level
  • Type: String. One of member, hbacrule.
  • Default: hbacrule

description

  • The hbacrule description
  • Type: String.

group

  • List of user groups assigned to this hbacrule.
  • Type: List.

hbacsvc

  • List of HBAC service names assigned to this hbacrule.
  • Type: List.

hbacsvcgroup

  • List of HBAC service names assigned to this hbacrule.
  • Type: List.

host

  • List of host names assigned to this hbacrule.
  • Type: List.

hostcategory

  • Host category the rule applies to
  • Type: String. One of all, ``.

hostgroup

  • List of host groups assigned to this hbacrule.
  • Type: List.

nomembers

  • Suppress processing of membership attributes
  • Type: Bool.

servicecategory

  • Service category the rule applies to
  • Type: String. One of all, ``.

state

  • State to ensure
  • Type: String. One of present, absent, enabled, disabled.
  • Default: present

user

  • List of user names assigned to this hbacrule.
  • Type: List.

usercategory

  • User category the rule applies to
  • Type: String. One of all, ``.

Examples

# Ensure HBAC Rule allhosts is present
- ipahbacrule:
    ipaadmin_password: SomeADMINpassword
    name: allhosts
    usercategory: all

# Ensure host server is present in HBAC Rule allhosts
- ipahbacrule:
    ipaadmin_password: SomeADMINpassword
    name: allhosts
    host: server
    action: member

# Ensure HBAC Rule sshd-pinky is present
- ipahbacrule:
    ipaadmin_password: SomeADMINpassword
    name: sshd-pinky
    hostcategory: all

# Ensure user pinky is present in HBAC Rule sshd-pinky
- ipahbacrule:
    ipaadmin_password: SomeADMINpassword
    name: sshd-pinky
    user: pinky
    action: member

# Ensure HBAC service sshd is present in HBAC Rule sshd-pinky
- ipahbacrule:
    ipaadmin_password: SomeADMINpassword
    name: sshd-pinky
    hbacsvc: sshd
    action: member

# Ensure HBAC Rule sshd-pinky is disabled
- ipahbacrule:
    ipaadmin_password: SomeADMINpassword
    name: sshd-pinky
    state: disabled

# Ensure HBAC Rule sshd-pinky is enabled
- ipahbacrule:
    ipaadmin_password: SomeADMINpassword
    name: sshd-pinky
    state: enabled

# Ensure HBAC Rule sshd-pinky is absent
- ipahbacrule:
    ipaadmin_password: SomeADMINpassword
    name: sshd-pinky
    state: absent

Authors

  • Thomas Woerner (@t-woerner)