-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[microsoft.ad.user] Add parameter to fail, ignore or warn if the account performing the action does not have the permissions required to modify the AD Group #166
Conversation
This feature adds a new sub-parameter to the Groups section similar to lookup_failure_action to aid the scenario when the account used to add or remove the user from the specified AD Groups does not have appropriate permissions to perform the action. This is achieved through wrapping the add or remove attempts around a try/catch and handling the try/catch based on the parameters specified. Parameters accepted are fail, ignore, and warn Default action is: fail
Minor update to the wording of lookup_failure_action as well
Build failed. ❌ ansible-galaxy-importer FAILURE in 5m 22s |
Doc fix for linting
Build succeeded. ✔️ ansible-galaxy-importer SUCCESS in 3m 31s |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the fantastic PR. The only thing missing is the changelog fragment. Are you able to add one under changelogs/fragments
https://docs.ansible.com/ansible/latest/community/development_process.html#creating-changelog-fragments. Thist particular change would be under the minor_changes
key.
Something like
minor_changes:
- >-
microsoft.ad.user - Added ``groups.permissions_failure_action`` to control the behaviour when failing to modify the user's groups -
https://github.com/ansible-collections/microsoft.ad/issues/140
Feel free to modify the message in any way you prefer.
Build succeeded. ✔️ ansible-galaxy-importer SUCCESS in 3m 41s |
Conforming changelog fragment to Ansible Fragment standards
Thanks for this, I've added the changelogs fragment That official doc you linked doesn't feel very intuitive to read for newcomers, so I hope this is correct :) |
Build succeeded. ✔️ ansible-galaxy-importer SUCCESS in 2m 53s |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for working on this!
What you have looks good. I’ll try and pass along the feedback to the docs team. |
SUMMARY
Fixes #140
Adds sub-parameter to
groups
permissions_failure_action
Options:
Default:
fail
This feature prevents microsoft.ad.user from failing when attempting to add or remove a user from a group that the
domain_username
user does not have permissions to modify ifignore
orwarn
is specified.Similar to the
lookup_failure_action
feature that prevents failures when attempting to add a group that does not exist,ISSUE TYPE
COMPONENT NAME
groups:
permissions_failure_action:
ADDITIONAL INFORMATION