eigenstate.ipa Documentation

eigenstate.ipa

IdM-native Ansible collection for inventory, vault, Kerberos, certificates, OTP, policy, AAP workflows, and temporary access boundaries.

Reference

Find exact inventory, lookup, module, role, playbook, authentication, return, schema, support, and release details.

Boundary
Read-only
Authority
collection
Evidence
ansible-doc

Reference

Use reference pages when you already know the surface and need exact facts. Reference pages should be terse, source-verified, and free of broad architecture prose.

Inventory

Surface Page Source
eigenstate.ipa.idm IdM inventory plugin plugins/inventory/idm.py

Lookups

Surface Page Source
eigenstate.ipa.vault Vault lookup plugins/lookup/vault.py
eigenstate.ipa.principal Principal lookup plugins/lookup/principal.py
eigenstate.ipa.keytab Keytab lookup plugins/lookup/keytab.py
eigenstate.ipa.cert Certificate lookup plugins/lookup/cert.py
eigenstate.ipa.otp OTP lookup plugins/lookup/otp.py
eigenstate.ipa.dns DNS lookup plugins/lookup/dns.py
eigenstate.ipa.selinuxmap SELinux map lookup plugins/lookup/selinuxmap.py
eigenstate.ipa.sudo Sudo lookup plugins/lookup/sudo.py
eigenstate.ipa.hbacrule HBAC rule lookup plugins/lookup/hbacrule.py

Modules

Surface Page Boundary
eigenstate.ipa.vault_write Vault write module Mutates IdM vault lifecycle.
eigenstate.ipa.vault_health KRA-aware vault health Reads IdM and vault/KRA readiness.
eigenstate.ipa.vault_artifact Vault artifact custody Writes, reads, digests, and verifies opaque vault artifacts.
eigenstate.ipa.access_path Access-path summary Reads principal, HBAC, sudo, and SELinux map readiness.
eigenstate.ipa.keytab_manage Keytab manage module Retrieves or explicitly rotates keytabs.
eigenstate.ipa.cert_request Certificate request module Requests certificates from CSRs; private keys stay outside the module.
eigenstate.ipa.user_lease User lease module Sets, clears, or expires IdM user access attributes.

Filters

Surface Page Boundary
eigenstate.ipa.ensure_list Inventory attribute normalization Normalizes raw values to list form.
eigenstate.ipa.normalize_attribute Inventory attribute normalization Returns normalized value, raw value, type, and warnings.
eigenstate.ipa.attribute_type Inventory attribute normalization Classifies raw attribute shape.
eigenstate.ipa.sudo_risk Sudo risk classification Classifies sudo policy risk without mutation.
eigenstate.ipa.classify_sudo_rule Sudo risk classification Classifies sudo policy risk with optional custom patterns.

Roles

Area Page
AAP execution environment AAP execution environment role
OpenShift and Keycloak identity validation OpenShift identity roles
Workload Secret, TLS, keytab, and sealed artifact delivery Workload Secret delivery roles
Temporary access Temporary access roles
Read-only reports Report roles

Playbooks And Runtime

Topic Page
Wrapper playbooks Playbook reference
Kerberos, password, keytab, ipalib, and execution-environment dependencies Authentication reference
Common lookup return shapes Return shapes
Report output schemas Report schemas
AAP execution environment scaffold Execution environment reference

Support And Release

Topic Page
Supported ansible-core, Python, RHEL, IdM, and AAP boundaries Support matrix
Validation lanes, fixture boundaries, and publish gates Test strategy
Release validation and publication gates Release process