collection 교체

2024-02-23 16:37:40 +09:00
parent b494779b5b
commit 3fd554eee9
38862 changed files with 220204 additions and 6600073 deletions
--- a/collection/community/general/plugins/modules/ldap_entry.py
+++ b/collection/community/general/plugins/modules/ldap_entry.py
@@ -1,10 +1,11 @@
 #!/usr/bin/python
 # -*- coding: utf-8 -*-

-# Copyright: (c) 2016, Peter Sagerson <psagers@ignorare.net>
-# Copyright: (c) 2016, Jiri Tyr <jiri.tyr@gmail.com>
+# Copyright (c) 2016, Peter Sagerson <psagers@ignorare.net>
+# Copyright (c) 2016, Jiri Tyr <jiri.tyr@gmail.com>
 #
-# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later

 from __future__ import absolute_import, division, print_function
 __metaclass__ = type
@@ -13,7 +14,7 @@ __metaclass__ = type
 DOCUMENTATION = '''
 ---
 module: ldap_entry
-short_description: Add or remove LDAP entries.
+short_description: Add or remove LDAP entries
 description:
  - Add or remove LDAP entries. This module only asserts the existence or
    non-existence of an LDAP entry, not its attributes. To assert the
@@ -23,22 +24,36 @@ notes:
    bind over a UNIX domain socket. This works well with the default Ubuntu
    install for example, which includes a cn=peercred,cn=external,cn=auth ACL
    rule allowing root to modify the server configuration. If you need to use
-    a simple bind to access your server, pass the credentials in I(bind_dn)
-    and I(bind_pw).
+    a simple bind to access your server, pass the credentials in O(bind_dn)
+    and O(bind_pw).
 author:
  - Jiri Tyr (@jtyr)
 requirements:
  - python-ldap
+attributes:
+  check_mode:
+    support: full
+  diff_mode:
+    support: none
 options:
  attributes:
    description:
-      - If I(state=present), attributes necessary to create an entry. Existing
+      - If O(state=present), attributes necessary to create an entry. Existing
        entries are never modified. To assert specific attribute values on an
        existing entry, use M(community.general.ldap_attrs) module instead.
+      - Each attribute value can be a string for single-valued attributes or
+        a list of strings for multi-valued attributes.
+      - If you specify values for this option in YAML, please note that you can improve
+        readability for long string values by using YAML block modifiers as seen in the
+        examples for this module.
+      - Note that when using values that YAML/ansible-core interprets as other types,
+        like V(yes), V(no) (booleans), or V(2.10) (float), make sure to quote them if
+        these are meant to be strings. Otherwise the wrong values may be sent to LDAP.
    type: dict
+    default: {}
  objectClass:
    description:
-      - If I(state=present), value or list of values to use when creating
+      - If O(state=present), value or list of values to use when creating
        the entry. It can either be a string or an actual list of
        strings.
    type: list
@@ -51,13 +66,14 @@ options:
    type: str
  recursive:
    description:
-      - If I(state=delete), a flag indicating whether a single entry or the
+      - If O(state=delete), a flag indicating whether a single entry or the
        whole branch must be deleted.
    type: bool
    default: false
    version_added: 4.6.0
 extends_documentation_fragment:
- community.general.ldap.documentation
+  - community.general.ldap.documentation
+  - community.general.attributes

 '''

@@ -78,6 +94,29 @@ EXAMPLES = """
      description: An LDAP administrator
      userPassword: "{SSHA}tabyipcHzhwESzRaGA7oQ/SDoBZQOGND"

+- name: Set possible values for attributes elements
+  community.general.ldap_entry:
+    dn: cn=admin,dc=example,dc=com
+    objectClass:
+      - simpleSecurityObject
+      - organizationalRole
+    attributes:
+      description: An LDAP Administrator
+      roleOccupant:
+      - cn=Chocs Puddington,ou=Information Technology,dc=example,dc=com
+      - cn=Alice Stronginthebrain,ou=Information Technology,dc=example,dc=com
+      olcAccess:
+      - >-
+        {0}to attrs=userPassword,shadowLastChange
+        by self write
+        by anonymous auth
+        by dn="cn=admin,dc=example,dc=com" write
+        by * none'
+      - >-
+        {1}to dn.base="dc=example,dc=com"
+        by dn="cn=admin,dc=example,dc=com" write
+        by * read
+
 - name: Get rid of an old entry
  community.general.ldap_entry:
    dn: ou=stuff,dc=example,dc=com
@@ -112,7 +151,7 @@ import traceback

 from ansible.module_utils.basic import AnsibleModule, missing_required_lib
 from ansible.module_utils.common.text.converters import to_native, to_bytes
-from ansible_collections.community.general.plugins.module_utils.ldap import LdapGeneric, gen_specs
+from ansible_collections.community.general.plugins.module_utils.ldap import LdapGeneric, gen_specs, ldap_required_together

 LDAP_IMP_ERR = None
 try:
@@ -174,7 +213,7 @@ class LdapEntry(LdapGeneric):
            self.connection.delete_s(self.dn)

        def _delete_recursive():
-            """ Attempt recurive deletion using the subtree-delete control.
+            """ Attempt recursive deletion using the subtree-delete control.
            If that fails, do it manually. """
            try:
                subtree_delete = ldap.controls.ValueLessRequestControl('1.2.840.113556.1.4.805')
@@ -216,6 +255,7 @@ def main():
        ),
        required_if=[('state', 'present', ['objectClass'])],
        supports_check_mode=True,
+        required_together=ldap_required_together(),
    )

    if not HAS_LDAP: