ipa: Implement host-add-principal functionality

ansible-collections / community.general

Ansible Community General Collection

https://galaxy.ansible.com/ui/repo/published/community/general/

GNU General Public License v3.0

814 stars 1.49k forks source link

ipa: Implement host-add-principal functionality #3952

Open ahambrick opened 2 years ago

ahambrick commented 2 years ago

Summary

It would be nice to have the capability to add a principal name to a host entry for the IPA suite.

Issue Type

Feature Idea

Component Name

ipa

Additional Information

The CLI equivalent: /usr/bin/ipa host-add-principal $server_host host/$ext_host

The REST API equivalent:

    {
        "id": 0, 
        "method": "host_add_principal/1", 
        "params": [
            [
                "blipblarp.foo.com", 
                [
                    "host/external.blipblarp.foo.com"
                ]
            ], 
            {
                "version": "2.237"
            }
        ]
    }

Code of Conduct

[X] I agree to follow the Ansible Code of Conduct

ansibullbot commented 2 years ago

Files identified in the description:

plugins/doc_fragments/ipa.py

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

ahambrick commented 2 years ago

This will sadly need to be another check outside of things like host_mod. While IPA documentation suggests that one can modify the principal name:

ipa help host-mod

...
  --krbprincipalname=PRINCIPAL
                        Principal alias
...

When attempting to execute this via host_mod:

ipa host-mod --krbprincipalname=host/external.barbaz.com,host/blipblarp.foo.com blipblarp.foo.com
ipa: ERROR: Insufficient access: Principal name already set, it is unchangeable.