ipasudorule: Add support for batch mode and multiple sudorules

Currently, ipasudorule must add or modify a single sudorule at a time, incurring in more load in the server if there are many rules to be processed. This patch adds suport for adding multiple sudorules in one playbook task by using the parameter 'sudorules' and defining a list of sudorules configurations to be ensured. As multiple sudorules will be processed, the patch also enables batch mode processing of sudorules, trying to reduce the load on the server. Test 'tests/sudorule/test_sudorule_client_context.yml' was modified to include tasks with 'sudorules' to be executed both on the server or on the client context. New tests were added to the sudorule test suite: tests/sudorule/test_sudorules.yml tests/sudorule/test_sudorules_member_case_insensitive.yml
rjeffman · Nov 4, 2024 · 908107b · 908107b
1 parent d6b7d38
commit 908107b
Show file tree

Hide file tree

Showing 5 changed files with 1,142 additions and 273 deletions.
diff --git a/README-sudorule.md b/README-sudorule.md
@@ -129,6 +129,24 @@ Example playbook to make sure Sudo Rule is absent:
       state: absent
 ```
 
+Example playbook to ensure multiple Sudo Rule are present using batch mode:
+
+```yaml
+---
+- name: Playbook to handle sudorules
+  hosts: ipaserver
+  become: true
+
+- name: Ensure multiple Sudo Rules are present using batch mode.
+  ipasudorule:
+    ipaadmin_password: SomeADMINpassword
+    sudorules:
+      - name: testrule1
+        hostmask:
+          - 192.168.122.1/24
+      - name: testrule2
+        hostcategory: all
+```
 
 Variables
 =========