ipasudorule: Allow execution of plugin in client host.

Update sudorule README file and add tests for executing plugin with `ipaapi_context` set to `client`. A new test playbook can be found at: tests/sudorule/test_sudorule_client_context.yml The new test file can be executed in a FreeIPA client host that is not a server. In this case, it should be defined in the `ipaclients` group, in the inventory file.
rjeffman · Sep 28, 2021 · 829f105 · 829f105
1 parent 3cd9978
commit 829f105
Show file tree

Hide file tree

Showing 3 changed files with 120 additions and 1 deletion.
diff --git a/README-sudorule.md b/README-sudorule.md
@@ -120,6 +120,7 @@ Variable | Description | Required
 -------- | ----------- | --------
 `ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
 `ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
+`ipaapi_context` | The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. Valid values are `server` and `client`. | no
 `name` \| `cn` | The list of sudorule name strings. | yes
 `description` | The sudorule description string. | no
 `usercategory` \| `usercat` | User category the rule applies to. Choices: ["all", ""] | no