Remove groups.allow and groups.deny from client_config role

The client_config role allowed the modification of groups.allow and groups.deny files. However there are no such config files of SAS...
OneIdentity · Feb 21, 2022 · 98395e6 · 98395e6
1 parent e8a7566
commit 98395e6
Show file tree

Hide file tree

Showing 8 changed files with 6 additions and 59 deletions.
diff --git a/roles/client_config/README.md b/roles/client_config/README.md
@@ -155,15 +155,15 @@ Please see top of the [Configuration Files](#configuration-files) section for th
         * Optional
         * Omitted if not set.  In the case of a `regex` match will insert `line` on the line before the match.
 
-#### users.allow, users.deny, groups.allow, and groups.deny
+#### users.allow, users.deny
 
-The `users.allow`, `users.deny`, `groups.allows` and `groups.deny` configuration files allow per-host, local control of allowed and denied users and groups.  See [Safeguard Authentication Services docs](https://support.oneidentity.com/technical-documents/authentication-services/4.2.4/administration-guide/31#TOPIC-1468068) for further information on the format of these files.
+The `users.allow`, `users.deny` configuration files allow per-host, local control of allowed and denied users.  See [Safeguard Authentication Services docs](https://support.oneidentity.com/technical-documents/authentication-services/4.2.4/administration-guide/31#TOPIC-1468068) for further information on the format of these files.
 
 The Ansible `lineinfile` module is used for formatting these files.  See [Ansible lineinfile module docs](https://docs.ansible.com/ansible/latest/modules/lineinfile_module.html#lineinfile-module) for details on this module.
 
 Please see top of the [Configuration Files](#configuration-files) section for the variables that control creation, backup and permissions of these files but not their content.  The variables that control their content are shown below.
 
-* `client_config_users_allow`, `client_config_users_deny`, `client_config_groups_allow` and `client_config_groups_deny` are a list of items to set or clear in `users.allow`, `users.deny`, `groups.allow` and `groups.deny`
+* `client_config_users_allow`, `client_config_users_deny` are a list of items to set or clear in `users.allow`, `users.deny`
 
     Each item in this list can contain the following fields:
 

diff --git a/roles/client_config/defaults/main.yml b/roles/client_config/defaults/main.yml
@@ -39,7 +39,7 @@ client_config_group_override_group: "{{ client_config_group }}"
 client_config_group_override_backup: "{{ client_config_backup }}"
 
 
-# users/groups.allow/deny settings
+# users.allow/deny settings
 # ------------------------------------------------------------------------------
 
 client_config_users_allow: []
@@ -56,20 +56,6 @@ client_config_users_deny_owner: "{{ client_config_owner }}"
 client_config_users_deny_group: "{{ client_config_group }}"
 client_config_users_deny_backup: "{{ client_config_backup }}"
 
-client_config_groups_allow: []
-client_config_groups_allow_create: "{{ client_config_create }}"
-client_config_groups_allow_mode: "{{ client_config_mode }}"
-client_config_groups_allow_owner: "{{ client_config_owner }}"
-client_config_groups_allow_group: "{{ client_config_group }}"
-client_config_groups_allow_backup: "{{ client_config_backup }}"
-
-client_config_groups_deny: []
-client_config_groups_deny_create: "{{ client_config_create }}"
-client_config_groups_deny_mode: "{{ client_config_mode }}"
-client_config_groups_deny_owner: "{{ client_config_owner }}"
-client_config_groups_deny_group: "{{ client_config_group }}"
-client_config_groups_deny_backup: "{{ client_config_backup }}"
-
 
 # users.starling settings
 # ------------------------------------------------------------------------------

diff --git a/roles/client_config/tasks/config_files/groups_allow.yml b/roles/client_config/tasks/config_files/groups_allow.yml
diff --git a/roles/client_config/tasks/config_files/groups_deny.yml b/roles/client_config/tasks/config_files/groups_deny.yml
diff --git a/roles/client_config/tasks/main.yml b/roles/client_config/tasks/main.yml
@@ -16,11 +16,9 @@
     - include_tasks: config_files/user_override.yml
     - include_tasks: config_files/group_override.yml
 
-    # users/groups.allow/deny
+    # users.allow/deny
     - include_tasks: config_files/users_allow.yml
     - include_tasks: config_files/users_deny.yml
-    - include_tasks: config_files/groups_allow.yml
-    - include_tasks: config_files/groups_deny.yml
 
     # users.starling
     - include_tasks: config_files/users_starling.yml

diff --git a/roles/client_config/templates/client_config_report.csv.j2 b/roles/client_config/templates/client_config_report.csv.j2
@@ -18,8 +18,6 @@ hostname,group,ip_address,os_distro,os_version,hw_arch,time,changed,unreachable,
 {% set group_override_raw = hostvars[host]['ansible_facts']['sas_client_config_group_override'] | default('') %}
 {% set users_allow_raw = hostvars[host]['ansible_facts']['sas_client_config_users_allow'] | default('') %}
 {% set users_deny_raw = hostvars[host]['ansible_facts']['sas_client_config_users_deny'] | default('') %}
-{% set groups_allow_raw = hostvars[host]['ansible_facts']['sas_client_config_groups_allow'] | default('') %}
-{% set groups_deny_raw = hostvars[host]['ansible_facts']['sas_client_config_groups_deny'] | default('') %}
 {% set users_starling_raw = hostvars[host]['ansible_facts']['sas_client_config_users_starling'] | default('') %}
 {# Details #}
 {% set details = {
@@ -34,8 +32,6 @@ hostname,group,ip_address,os_distro,os_version,hw_arch,time,changed,unreachable,
         'group-override': group_override_raw,
         'users.allow': users_allow_raw,
         'users.deny': users_deny_raw,
-        'groups.allow': groups_allow_raw,
-        'groups.deny': groups_deny_raw,
         'users.starling': users_starling_raw,
         }
     }
@@ -64,4 +60,4 @@ unreachable,
 failed,
 details
 )}}
-{% endfor %}
+{% endfor %}
diff --git a/roles/client_config/templates/client_config_report_common.html.j2 b/roles/client_config/templates/client_config_report_common.html.j2
@@ -118,8 +118,6 @@
         {% set group_override_raw = hostvars[host]['ansible_facts']['sas_client_config_group_override'] | default('') %}
         {% set users_allow_raw = hostvars[host]['ansible_facts']['sas_client_config_users_allow'] | default('') %}
         {% set users_deny_raw = hostvars[host]['ansible_facts']['sas_client_config_users_deny'] | default('') %}
-        {% set groups_allow_raw = hostvars[host]['ansible_facts']['sas_client_config_groups_allow'] | default('') %}
-        {% set groups_deny_raw = hostvars[host]['ansible_facts']['sas_client_config_groups_deny'] | default('') %}
         {% set users_starling_raw = hostvars[host]['ansible_facts']['sas_client_config_users_starling'] | default('') %}
         {# Details #}
         {% set details = {
@@ -134,8 +132,6 @@
                 'group-override': group_override_raw,
                 'users.allow': users_allow_raw,
                 'users.deny': users_deny_raw,
-                'groups.allow': groups_allow_raw,
-                'groups.deny': groups_deny_raw,
                 'users.starling': users_starling_raw,
                 }
             }

diff --git a/roles/client_config/vars/main.yml b/roles/client_config/vars/main.yml
@@ -10,7 +10,4 @@ client_config_group_override_path: "{{ client_config_base_path }}/group-override
 client_config_users_allow_path: "{{ client_config_base_path }}/users.allow"
 client_config_users_deny_path: "{{ client_config_base_path }}/users.deny"
 
-client_config_groups_allow_path: "{{ client_config_base_path }}/groups.allow"
-client_config_groups_deny_path: "{{ client_config_base_path }}/groups.deny"
-
 client_config_users_starling_path: "{{ client_config_base_path }}/users.starling"