use ipaadmin_principal for simplicity

adhoc-ipadnsrecord.yml

@@ -4,7 +4,7 @@
 #       provided.
 # What is expected:
 #  -> ipaadmin_password: This should be the password of the admin user
-#  -> ipa_admin: The admin user that has kerberos management capabilities (default is admin)
+#  -> ipaadmin_principal: The admin user that has kerberos management capabilities (default is admin)
 #  -> ipa_zone: The zone name (eg, rockylinux.org)
 #  -> ipa_name: The shortname (eg, buildbox instead of buildbox.rockylinux.org)
 #  -> ipa_name_type: Type of record (eg, CNAME, A, AAAA, PTR)
@@ -33,7 +33,7 @@
 
     - name: "Creating DNS Record"
       freeipa.ansible_freeipa.ipadnsrecord:
-        ipaadmin_principal: "{{ ipa_admin|default('admin') }}"
+        ipaadmin_principal: "{{ ipaadmin_principal|default('admin') }}"
         ipaadmin_password: "{{ ipaadmin_password }}"
         zone_name: "{{ ipa_zone }}"
         name: "{{ ipa_name }}"
@@ -48,7 +48,7 @@
     # host doesn't exist, we'll ignore it.
     - name: "Creating host object for CNAME"
       freeipa.ansible_freeipa.ipahost:
-        ipaadmin_principal: "{{ ipa_admin|default('admin') }}"
+        ipaadmin_principal: "{{ ipaadmin_principal|default('admin') }}"
         ipaadmin_password: "{{ ipaadmin_password }}"
         name: "{{ ipa_name }}.{{ ipa_zone }}"
         force: true

adhoc-ipadnszone.yml

@@ -14,7 +14,7 @@
     - name: "Checking for user variables"
       ansible.builtin.assert:
         that:
-          - ipa_admin | mandatory
+          - ipaadmin_principal | mandatory
           - ipaadmin_password | mandatory
           - ipa_zone | mandatory
         success_msg: "Required variables provided"
@@ -22,7 +22,7 @@
 
     - name: "Creating DNS Zone"
       freeipa.ansible_freeipa.ipadnszone:
-        ipaadmin_principal: "{{ ipa_admin }}"
+        ipaadmin_principal: "{{ ipaadmin_principal }}"
         ipaadmin_password: "{{ ipaadmin_password }}"
         name: "{{ ipa_zone }}"
         dynamicupdate: true

adhoc-ipagetkeytab.yml

@@ -10,7 +10,7 @@
 #  -> ipa_keytab_fullpath: The full path to the keytab. Example: /etc/gitlab/gitlab.keytab
 #  -> ipa_server: This needs to be one of the IPA servers
 #  -> ipa_owner: If applicable, the local account that can read this keytab (eg apache)
-#  -> ipa_admin: The admin user that has kerberos management capabilities (default is admin)
+#  -> ipaadmin_principal: The admin user that has kerberos management capabilities (default is admin)
 #  -> ipaadmin_password: This should be the password of the admin user
 
 - name: Pull keytab from IPA
@@ -24,7 +24,7 @@
     - name: "Checking for user variables"
       ansible.builtin.assert:
         that:
-          - ipa_admin | mandatory
+          - ipaadmin_principal | mandatory
           - ipaadmin_password | mandatory
           - ipa_service | mandatory
           - ipa_keytab_fullpath | mandatory
@@ -46,33 +46,33 @@
         success_msg: "Keytab doesn't exist, moving on..."
         fail_msg: "Keytab with that name already exists, skipping."
 
-    - name: "Grant {{ host }} and {{ ipa_admin }} access to the service keytab"
+    - name: "Grant {{ host }} and {{ ipaadmin_principal }} access to the service keytab"
       delegate_to: "{{ ipa_server }}"
       freeipa.ansible_freeipa.ipaservice:
-        ipaadmin_principal: "{{ ipa_admin }}"
+        ipaadmin_principal: "{{ ipaadmin_principal }}"
         ipaadmin_password: "{{ ipaadmin_password }}"
         name: "{{ ipa_service }}"
         allow_retrieve_keytab_user:
-          - "{{ ipa_admin }}"
+          - "{{ ipaadmin_principal }}"
         allow_retrieve_keytab_host:
           - "{{ host }}"
         action: member
 
-    - name: "Grant {{ host }} and {{ ipa_admin }} access to the host keytab"
+    - name: "Grant {{ host }} and {{ ipaadmin_principal }} access to the host keytab"
       delegate_to: "{{ ipa_server }}"
       freeipa.ansible_freeipa.ipahost:
-        ipaadmin_principal: "{{ ipa_admin }}"
+        ipaadmin_principal: "{{ ipaadmin_principal }}"
         ipaadmin_password: "{{ ipaadmin_password }}"
         name: "{{ host }}"
         state: present
         allow_retrieve_keytab_user:
-          - "{{ ipa_admin }}"
+          - "{{ ipaadmin_principal }}"
         managedby_host: "{{ host }}"
         action: member
 
     - name: "Get kerberos ticket"
       delegate_to: "{{ ipa_server }}"
-      ansible.builtin.shell: "set -o pipefail && echo \"{{ ipaadmin_password }}\" | kinit {{ ipa_admin }}"
+      ansible.builtin.shell: "set -o pipefail && echo \"{{ ipaadmin_password }}\" | kinit {{ ipaadmin_principal }}"
       check_mode: false
       changed_when: "1 != 1"
       when: not keytab_status.stat.exists

adhoc-ipagroup.yml

@@ -1,7 +1,7 @@
 ---
 # This playbook is meant to be used with callable variables, like adhoc or AWX.
 # What: Creates groups in the idm infrastructure based on the variables provided
-# You MUST provide an ipa_admin user to run this.
+# You MUST provide an ipaadmin_principal user to run this.
 # If group is going to be a fas group (exposed in noggin), ensure ipa_fas is
 # set to true.
 
@@ -18,7 +18,7 @@
     - name: "Checking for user variables"
       ansible.builtin.assert:
         that:
-          - ipa_admin | mandatory
+          - ipaadmin_principal | mandatory
           - ipaadmin_password | mandatory
           - ipa_group | mandatory
           - ipa_description | mandatory
@@ -28,7 +28,7 @@
 
     - name: "Creating New Group"
       freeipa.ansible_freeipa.ipagroup:
-        ipaadmin_principal: "{{ ipa_admin }}"
+        ipaadmin_principal: "{{ ipaadmin_principal }}"
         ipaadmin_password: "{{ ipaadmin_password }}"
         name: "{{ ipa_group }}"
         description: "{{ ipa_description }}"
@@ -39,7 +39,7 @@
         - groups
 
     - name: "Prepare FAS if required"
-      ansible.builtin.shell: "set -o pipefail && echo \"{{ ipaadmin_password  }}\" | kinit {{ ipa_admin }}"
+      ansible.builtin.shell: "set -o pipefail && echo \"{{ ipaadmin_password  }}\" | kinit {{ ipaadmin_principal }}"
       check_mode: false
       changed_when: "1 != 1"
       when: ipa_fas

adhoc-ipaservice.yml

@@ -13,7 +13,7 @@
     - name: "Checking for user variables"
       ansible.builtin.assert:
         that:
-          - ipa_admin | mandatory
+          - ipaadmin_principal | mandatory
           - ipaadmin_password | mandatory
           - ipa_service | mandatory
         success_msg: "Required variables provided"
@@ -21,7 +21,7 @@
 
     - name: "Creating Kerberos Service"
       freeipa.ansible_freeipa.ipaservice:
-        ipaadmin_principal: "{{ ipa_admin }}"
+        ipaadmin_principal: "{{ ipaadmin_principal }}"
         ipaadmin_password: "{{ ipaadmin_password }}"
         name: "{{ ipa_service }}"
         skip_host_check: "{{ ipa_skip_host_check | default(false) }}"

adhoc-ipauser-disable-pdr.yml

@@ -17,7 +17,7 @@
     - name: "Checking for user variables"
       ansible.builtin.assert:
         that:
-          - ipa_admin | mandatory
+          - ipaadmin_principal | mandatory
           - ipaadmin_password | mandatory
           - ipa_name | mandatory
           - ticket_id | mandatory
@@ -26,7 +26,7 @@
 
     - name: "Disabling User Account"
       freeipa.ansible_freeipa.ipauser:
-        ipaadmin_principal: "{{ ipa_admin }}"
+        ipaadmin_principal: "{{ ipaadmin_principal }}"
         ipaadmin_password: "{{ ipaadmin_password }}"
         name: "{{ ipa_name }}"
         state: disabled
@@ -40,7 +40,7 @@
         values: []
         state: exact
         server_uri: ldap://localhost/
-        bind_dn: "uid={{ ipa_admin }},cn=users,cn=accounts,dc=rockylinux,dc=org"
+        bind_dn: "uid={{ ipaadmin_principal }},cn=users,cn=accounts,dc=rockylinux,dc=org"
         bind_pw: "{{ ipaadmin_password }}"
       with_items:
         - fasGPGKeyId
@@ -70,7 +70,7 @@
         values: "Account Disabled: {{ ticket_id }}"
         state: exact
         server_uri: ldap://localhost/
-        bind_dn: "uid={{ ipa_admin }},cn=users,cn=accounts,dc=rockylinux,dc=org"
+        bind_dn: "uid={{ ipaadmin_principal }},cn=users,cn=accounts,dc=rockylinux,dc=org"
         bind_pw: "{{ ipaadmin_password }}"
 
     - name: "Set FAS Account Information to Private"
@@ -80,6 +80,6 @@
         values: "TRUE"
         state: exact
         server_uri: ldap://localhost/
-        bind_dn: "uid={{ ipa_admin }},cn=users,cn=accounts,dc=rockylinux,dc=org"
+        bind_dn: "uid={{ ipaadmin_principal }},cn=users,cn=accounts,dc=rockylinux,dc=org"
         bind_pw: "{{ ipaadmin_password }}"
 ...

adhoc-ipauser-disable.yml

@@ -13,7 +13,7 @@
     - name: "Checking for user variables"
       ansible.builtin.assert:
         that:
-          - ipa_admin | mandatory
+          - ipaadmin_principal | mandatory
           - ipaadmin_password | mandatory
           - ipa_name | mandatory
         success_msg: "Required variables provided"
@@ -21,7 +21,7 @@
 
     - name: "Disabling User Account"
       freeipa.ansible_freeipa.ipauser:
-        ipaadmin_principal: "{{ ipa_admin }}"
+        ipaadmin_principal: "{{ ipaadmin_principal }}"
         ipaadmin_password: "{{ ipaadmin_password }}"
         name: "{{ ipa_name }}"
         state: disabled

adhoc-ipauser-enable.yml

@@ -13,7 +13,7 @@
     - name: "Checking for user variables"
       ansible.builtin.assert:
         that:
-          - ipa_admin | mandatory
+          - ipaadmin_principal | mandatory
           - ipaadmin_password | mandatory
           - ipa_name | mandatory
         success_msg: "Required variables provided"
@@ -21,7 +21,7 @@
 
     - name: "Enabling User Account"
       freeipa.ansible_freeipa.ipauser:
-        ipaadmin_principal: "{{ ipa_admin }}"
+        ipaadmin_principal: "{{ ipaadmin_principal }}"
         ipaadmin_password: "{{ ipaadmin_password }}"
         name: "{{ ipa_name }}"
         state: enabled

adhoc-ipauser.yml

@@ -13,7 +13,7 @@
     - name: "Checking for user variables"
       ansible.builtin.assert:
         that:
-          - ipa_admin | mandatory
+          - ipaadmin_principal | mandatory
           - ipaadmin_password | mandatory
           - ipa_name | mandatory
           - ipa_first | mandatory
@@ -26,7 +26,7 @@
 
     - name: "Creating User Account"
       freeipa.ansible_freeipa.ipauser:
-        ipaadmin_principal: "{{ ipa_admin }}"
+        ipaadmin_principal: "{{ ipaadmin_principal }}"
         ipaadmin_password: "{{ ipaadmin_password }}"
         name: "{{ ipa_name }}"
         first: "{{ ipa_first }}"