mono-infrastructure/ansible/playbooks/vars/ipa/ipaprivs.yml

---
# privileges
ipaprivileges:
  - privilege: Privileges - Kerberos Managers
    description: Kerberos Key Managers
    permissions:
      - "System: Manage Host Keytab"
      - "System: Manage Host Keytab Permissions"
      - "System: Manage Service Keytab"
      - "System: Manage Service Keytab Permissions"
      - "System: Manage User Principals"
    role: Kerberos Managers
    user:
      - kerbman

# Standalone Roles
iparoles:
  - role: IPA Client Managers
    description: IPA Client Managers
    privileges:
      - "DNS Administrators"
      - "DNS Servers"
      - "Host Administrators"
      - "Host Enrollment"
      - "Host Group Administrators"
      - "Netgroups Administrators"
    user:
      - hostman
  - role: Kerberos Managers
    description: Kerberos Key Managers
    privileges:
      - "Privileges - Kerberos Managers"
      - "Service Administrators"
    user:
      - kerbman
  - role: IPA User Managers
    description: Rocky IPA User Managers responsible for idm flow
    privileges:
      - "Group Administrators"
      - "Stage User Administrators"
      - "User Administrators"
      - "FAS Agreement Administrators"
...
IPA Privileges This release adds support for privileges and roles for the initial IPA team accounts. 2020-12-21 05:05:52 +00:00			`---`
			`# privileges`
			`ipaprivileges:`
			`- privilege: Privileges - Kerberos Managers`
			`description: Kerberos Key Managers`
			`permissions:`
			`- "System: Manage Host Keytab"`
			`- "System: Manage Host Keytab Permissions"`
			`- "System: Manage Service Keytab"`
			`- "System: Manage Service Keytab Permissions"`
			`- "System: Manage User Principals"`
			`role: Kerberos Managers`
			`user:`
			`- kerbman`

			`# Standalone Roles`
			`iparoles:`
			`- role: IPA Client Managers`
			`description: IPA Client Managers`
			`privileges:`
			`- "DNS Administrators"`
			`- "DNS Servers"`
			`- "Host Administrators"`
			`- "Host Enrollment"`
			`- "Host Group Administrators"`
			`- "Netgroups Administrators"`
			`user:`
			`- hostman`
service accounts 2021-01-23 22:51:55 +00:00			`- role: Kerberos Managers`
			`description: Kerberos Key Managers`
			`privileges:`
			`- "Privileges - Kerberos Managers"`
			`- "Service Administrators"`
			`user:`
			`- kerbman`
Add missing service account and privs 2021-01-02 03:50:00 +00:00			`- role: IPA User Managers`
			`description: Rocky IPA User Managers responsible for idm flow`
			`privileges:`
			`- "Group Administrators"`
			`- "Stage User Administrators"`
			`- "User Administrators"`
			`- "FAS Agreement Administrators"`
Linting and Formatting This commit appends the README.md to state that yaml files should start with `---` and end with `...`. This also addresses some linting warnings that were not appearing during pre-commit on local system. 2021-08-30 05:02:24 +00:00			`...`