diff --git a/plugins/doc_fragments/ipamodule_base_docs.py b/plugins/doc_fragments/ipamodule_base_docs.py
index 97aaffddb51e4d7cf54f95f5616433d1501ea19a..59d95ca49ff5498625e2c63913d7ad329581eadb 100644
--- a/plugins/doc_fragments/ipamodule_base_docs.py
+++ b/plugins/doc_fragments/ipamodule_base_docs.py
@@ -56,5 +56,5 @@ options:
Continuous mode. Don't stop on errors. Valid only if `state` is `absent`.
aliases: ["continue"]
type: bool
- default: True
+ default: true
"""
diff --git a/plugins/inventory/freeipa.py b/plugins/inventory/freeipa.py
index f17421be5516f62c338b0eba9641f00c41e8bf2e..8cb2ec5b4df40a08763bca2afdb0ec061590d322 100644
--- a/plugins/inventory/freeipa.py
+++ b/plugins/inventory/freeipa.py
@@ -32,8 +32,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
name: freeipa
-plugin_type: inventory
-version_added: "1.13"
+version_added: "1.13.0"
short_description: Compiles a dynamic inventory from IPA domain
description: |
Compiles a dynamic inventory from IPA domain, filters servers by role(s).
diff --git a/plugins/modules/ipacert.py b/plugins/modules/ipacert.py
index c88d4d1e476822ef6ad1b11f5013fe352cf55226..6c9b760d4afddd4e7ccf661eb157e612aacfec45 100644
--- a/plugins/modules/ipacert.py
+++ b/plugins/modules/ipacert.py
@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipacert
-short description: Manage FreeIPA certificates
+short_description: Manage FreeIPA certificates
description: Manage FreeIPA certificates
extends_documentation_fragment:
- ipamodule_base_docs
@@ -67,6 +67,10 @@ options:
description: Name of the issuing certificate authority.
type: str
required: false
+ chain:
+ description: Include certificate chain in output.
+ type: bool
+ required: false
serial_number:
description: |
Certificate serial number. Cannot be used with `state: requested`.
@@ -102,7 +106,6 @@ options:
required: true
type: str
author:
-authors:
- Sam Morris (@yrro)
- Rafael Guterres Jeffman (@rjeffman)
"""
diff --git a/plugins/modules/ipaidoverrideuser.py b/plugins/modules/ipaidoverrideuser.py
index 49412ebd908d660a17eb6a6b9fd20d530acf3e53..9bae4c93128d2ca86c514ac9ebe8a2ba5c24f06a 100644
--- a/plugins/modules/ipaidoverrideuser.py
+++ b/plugins/modules/ipaidoverrideuser.py
@@ -87,7 +87,7 @@ options:
sshpubkey:
description: List of SSH public keys
type: list
- element: str
+ elements: str
required: False
aliases: ["ipasshpubkey"]
certificate:
@@ -113,7 +113,7 @@ options:
description: |
Suppress processing of membership attributes.
Valid only if `state` is `absent`.
- type: str
+ type: bool
required: False
aliases: ["no_members"]
action:
diff --git a/plugins/modules/ipaidp.py b/plugins/modules/ipaidp.py
index 8c0aea6b61d6708e96acf2b29e6cc9180c607da0..b30d60aabf4479a486f581c36ea847bdb6bae2af 100644
--- a/plugins/modules/ipaidp.py
+++ b/plugins/modules/ipaidp.py
@@ -82,7 +82,6 @@ options:
description: OAuth 2.0 client secret
required: false
type: str
- no_log: true
aliases: ["ipaidpclientsecret"]
scope:
description: OAuth 2.0 scope. Multiple scopes separated by space
@@ -362,11 +361,11 @@ def main():
dev_auth_uri=dict(required=False, type="str", default=None,
aliases=["ipaidpdevauthendpoint"]),
token_uri=dict(required=False, type="str", default=None,
- aliases=["ipaidptokenendpoint"]),
+ aliases=["ipaidptokenendpoint"], no_log=False),
userinfo_uri=dict(required=False, type="str", default=None,
aliases=["ipaidpuserinfoendpoint"]),
keys_uri=dict(required=False, type="str", default=None,
- aliases=["ipaidpkeysendpoint"]),
+ aliases=["ipaidpkeysendpoint"], no_log=False),
issuer_url=dict(required=False, type="str", default=None,
aliases=["ipaidpissuerurl"]),
client_id=dict(required=False, type="str", default=None,
diff --git a/plugins/modules/ipaservice.py b/plugins/modules/ipaservice.py
index a9bcb2d9a5ff7fb2e4849006355f9ae1b097cafc..1e270b5efab8733cb68f3a3d88c6bd74d5146c2c 100644
--- a/plugins/modules/ipaservice.py
+++ b/plugins/modules/ipaservice.py
@@ -44,7 +44,7 @@ options:
description: The service to manage
type: list
elements: str
- required: true
+ required: false
aliases: ["service"]
services:
description: The list of service dicts.
@@ -167,6 +167,13 @@ options:
type: list
elements: str
aliases: ["ipaallowedtoperform_read_keys_hostgroup"]
+ delete_continue:
+ description:
+ Continuous mode. Don't stop on errors.
+ Valid only if `state` is `absent`.
+ required: false
+ type: bool
+ aliases: ["continue"]
certificate:
description: Base-64 encoded service certificate.
required: false
diff --git a/roles/ipaclient/library/ipaclient_setup_nss.py b/roles/ipaclient/library/ipaclient_setup_nss.py
index 0bee3b5f890af4b3fcce7c3acc4204ac84393d13..052ac4506edd5cff2d4e9129814bb89328b6e251 100644
--- a/roles/ipaclient/library/ipaclient_setup_nss.py
+++ b/roles/ipaclient/library/ipaclient_setup_nss.py
@@ -156,6 +156,7 @@ options:
description: True if selinux status check passed
required: false
type: bool
+ default: false
krb_name:
description: The krb5 config file name
type: str
diff --git a/roles/ipareplica/library/ipareplica_create_ipa_conf.py b/roles/ipareplica/library/ipareplica_create_ipa_conf.py
index 582a4124bf3c0429fe71addad2737720d9eebbdb..84ba55562c20df31b191d4da364d7b75ca63ba6e 100644
--- a/roles/ipareplica/library/ipareplica_create_ipa_conf.py
+++ b/roles/ipareplica/library/ipareplica_create_ipa_conf.py
@@ -51,6 +51,7 @@ options:
type: list
elements: str
required: no
+ default: []
domain:
description: Primary DNS domain of the IPA deployment
type: str
@@ -70,6 +71,7 @@ options:
type: list
elements: str
required: no
+ default: []
no_host_dns:
description: Do not use DNS for hostname lookup during installation
type: bool
@@ -97,6 +99,7 @@ options:
type: list
elements: str
required: no
+ default: []
force_join:
description: Force client enrollment even if already enrolled
type: bool
diff --git a/roles/ipareplica/library/ipareplica_install_ca_certs.py b/roles/ipareplica/library/ipareplica_install_ca_certs.py
index db0fb54ad7f76688436e0956c08181ab735e03c1..8aba576a45573e676e5ae70d4bb421b15e9aa3eb 100644
--- a/roles/ipareplica/library/ipareplica_install_ca_certs.py
+++ b/roles/ipareplica/library/ipareplica_install_ca_certs.py
@@ -51,6 +51,7 @@ options:
type: list
elements: str
required: no
+ default: []
domain:
description: Primary DNS domain of the IPA deployment
type: str
@@ -70,6 +71,7 @@ options:
type: list
elements: str
required: no
+ default: []
no_host_dns:
description: Do not use DNS for hostname lookup during installation
type: bool
@@ -97,6 +99,7 @@ options:
type: list
elements: str
required: no
+ default: []
force_join:
description: Force client enrollment even if already enrolled
type: bool
@@ -156,6 +159,7 @@ options:
type: list
elements: str
required: no
+ default: []
author:
- Thomas Woerner (@t-woerner)
'''
diff --git a/roles/ipareplica/library/ipareplica_prepare.py b/roles/ipareplica/library/ipareplica_prepare.py
index d4464a9389c3a5ce24cea700e42fdf6c9f9ae7cb..ab772f73004dc5fed19d450a98989f9d9ce1bcfe 100644
--- a/roles/ipareplica/library/ipareplica_prepare.py
+++ b/roles/ipareplica/library/ipareplica_prepare.py
@@ -53,6 +53,7 @@ options:
type: list
elements: str
required: no
+ default: []
domain:
description: Primary DNS domain of the IPA deployment
type: str
@@ -77,6 +78,7 @@ options:
type: list
elements: str
required: no
+ default: []
no_host_dns:
description: Do not use DNS for hostname lookup during installation
type: bool
@@ -104,6 +106,7 @@ options:
type: list
elements: str
required: no
+ default: []
dirsrv_cert_name:
description: Name of the Directory Server SSL certificate to install
type: str
@@ -118,6 +121,7 @@ options:
type: list
elements: str
required: no
+ default: []
http_cert_name:
description: Name of the Apache Server SSL certificate to install
type: str
@@ -132,6 +136,7 @@ options:
type: list
elements: str
required: no
+ default: []
pkinit_cert_name:
description: Name of the Kerberos KDC SSL certificate to install
type: str
@@ -182,6 +187,7 @@ options:
type: list
elements: str
required: no
+ default: []
no_reverse:
description: Do not create new reverse DNS zone
type: bool
@@ -197,6 +203,7 @@ options:
type: list
elements: str
required: no
+ default: []
no_forwarders:
description: Do not add any DNS forwarders, use root servers instead
type: bool
@@ -250,7 +257,7 @@ options:
type: bool
default: no
required: no
- client_configured:
+ ipa_client_installed:
description: Was client configured already
type: bool
required: yes
diff --git a/roles/ipareplica/library/ipareplica_setup_ca.py b/roles/ipareplica/library/ipareplica_setup_ca.py
index cbecd797c6137543df125e05096a7d88afbd6d63..3323daa74b162b399e0b4d194922138864209b4b 100644
--- a/roles/ipareplica/library/ipareplica_setup_ca.py
+++ b/roles/ipareplica/library/ipareplica_setup_ca.py
@@ -127,6 +127,7 @@ options:
type: list
elements: str
required: no
+ default: []
author:
- Thomas Woerner (@t-woerner)
'''
diff --git a/roles/ipareplica/library/ipareplica_setup_dns.py b/roles/ipareplica/library/ipareplica_setup_dns.py
index 7dadafca8f4dbb781dd3776e4ce0e968df085bdb..d8c643e5ad6b776ca5d32815315286390c4dc424 100644
--- a/roles/ipareplica/library/ipareplica_setup_dns.py
+++ b/roles/ipareplica/library/ipareplica_setup_dns.py
@@ -61,6 +61,7 @@ options:
type: list
elements: str
required: no
+ default: []
forward_policy:
description: DNS forwarding policy for global forwarders
type: str
diff --git a/roles/ipareplica/library/ipareplica_setup_ds.py b/roles/ipareplica/library/ipareplica_setup_ds.py
index 67e73a7eb0ddc56dd8730f4eb7987dc8f6e55f16..64f5a61b7b2473aa1ca0bde43d9cb5a694b6ffa6 100644
--- a/roles/ipareplica/library/ipareplica_setup_ds.py
+++ b/roles/ipareplica/library/ipareplica_setup_ds.py
@@ -51,6 +51,7 @@ options:
type: list
elements: str
required: no
+ default: []
domain:
description: Primary DNS domain of the IPA deployment
type: str
@@ -70,6 +71,7 @@ options:
type: list
elements: str
required: no
+ default: []
no_host_dns:
description: Do not use DNS for hostname lookup during installation
type: bool
@@ -108,6 +110,7 @@ options:
type: list
elements: str
required: no
+ default: []
force_join:
description: Force client enrollment even if already enrolled
type: bool
@@ -176,6 +179,7 @@ options:
type: list
elements: str
required: no
+ default: []
author:
- Thomas Woerner (@t-woerner)
'''
diff --git a/roles/ipareplica/library/ipareplica_setup_kra.py b/roles/ipareplica/library/ipareplica_setup_kra.py
index 92fdfec58d2ca4bea8bca4966eff99597200d6db..866b4bc658d0af4edd9bcae6f437615c1c1a322f 100644
--- a/roles/ipareplica/library/ipareplica_setup_kra.py
+++ b/roles/ipareplica/library/ipareplica_setup_kra.py
@@ -51,6 +51,7 @@ options:
type: list
elements: str
required: no
+ default: []
domain:
description: Primary DNS domain of the IPA deployment
type: str
@@ -70,6 +71,7 @@ options:
type: list
elements: str
required: no
+ default: []
no_host_dns:
description: Do not use DNS for hostname lookup during installation
type: bool
@@ -101,6 +103,7 @@ options:
type: list
elements: str
required: no
+ default: []
force_join:
description: Force client enrollment even if already enrolled
type: bool
diff --git a/roles/ipareplica/library/ipareplica_test.py b/roles/ipareplica/library/ipareplica_test.py
index fabb52aa376b7923d2c964f8cdac801277db6a05..a29368e7cb1342422dfa334535ac276d06d0d8fb 100644
--- a/roles/ipareplica/library/ipareplica_test.py
+++ b/roles/ipareplica/library/ipareplica_test.py
@@ -42,6 +42,7 @@ options:
type: list
elements: str
required: no
+ default: []
domain:
description: Primary DNS domain of the IPA deployment
type: str
@@ -51,6 +52,7 @@ options:
type: list
elements: str
required: no
+ default: []
realm:
description: Kerberos realm name of the IPA deployment
type: str
@@ -66,6 +68,7 @@ options:
type: list
elements: str
required: no
+ default: []
hidden_replica:
description: Install a hidden replica
type: bool
@@ -112,18 +115,21 @@ options:
type: list
elements: str
required: no
+ default: []
http_cert_files:
description:
File containing the Apache Server SSL certificate and private key
type: list
elements: str
required: no
+ default: []
pkinit_cert_files:
description:
File containing the Kerberos KDC SSL certificate and private key
type: list
elements: str
required: no
+ default: []
no_ntp:
description: Do not configure ntp
type: bool
@@ -134,6 +140,7 @@ options:
type: list
elements: str
required: no
+ default: []
ntp_pool:
description: ntp server pool to use
type: str
@@ -153,6 +160,7 @@ options:
type: list
elements: str
required: no
+ default: []
no_forwarders:
description: Do not add any DNS forwarders, use root servers instead
type: bool
diff --git a/roles/ipaserver/library/ipaserver_prepare.py b/roles/ipaserver/library/ipaserver_prepare.py
index 24eccf2389a6c95ea245cb12aefa23fc5ced0109..1276729fe1fcb24e1577116f9cb73099d72c770b 100644
--- a/roles/ipaserver/library/ipaserver_prepare.py
+++ b/roles/ipaserver/library/ipaserver_prepare.py
@@ -55,6 +55,7 @@ options:
type: list
elements: str
required: no
+ default: []
domain:
description: Primary DNS domain of the IPA deployment
type: str
@@ -74,6 +75,7 @@ options:
type: list
elements: str
required: no
+ default: []
no_host_dns:
description: Do not use DNS for hostname lookup during installation
type: bool
@@ -114,6 +116,7 @@ options:
type: list
elements: str
required: no
+ default: []
subject_base:
description:
The certificate subject base (default O=<realm-name>).
@@ -134,6 +137,7 @@ options:
type: list
elements: str
required: no
+ default: []
no_reverse:
description: Do not create new reverse DNS zone
type: bool
@@ -149,6 +153,7 @@ options:
type: list
elements: str
required: no
+ default: []
no_forwarders:
description: Do not add any DNS forwarders, use root servers instead
type: bool
diff --git a/roles/ipaserver/library/ipaserver_set_ds_password.py b/roles/ipaserver/library/ipaserver_set_ds_password.py
index 2dd9a7839785ecb6f9b1e5d3d285833efab1e98f..b23c777ec09bd267df28ff4ab1dee8f7c0758047 100644
--- a/roles/ipaserver/library/ipaserver_set_ds_password.py
+++ b/roles/ipaserver/library/ipaserver_set_ds_password.py
@@ -96,6 +96,7 @@ options:
type: list
elements: str
required: no
+ default: []
subject_base:
description:
The certificate subject base (default O=<realm-name>).
@@ -113,6 +114,7 @@ options:
type: list
elements: str
required: no
+ default: []
domainlevel:
description: The domain level
type: int
diff --git a/roles/ipaserver/library/ipaserver_setup_ca.py b/roles/ipaserver/library/ipaserver_setup_ca.py
index 1a453e49ad792110c89f56d1d32e32b649b1d449..b71cd6185d60cba5ccce4569c140ba92379a7f8f 100644
--- a/roles/ipaserver/library/ipaserver_setup_ca.py
+++ b/roles/ipaserver/library/ipaserver_setup_ca.py
@@ -54,6 +54,7 @@ options:
type: list
elements: str
required: no
+ default: []
domain:
description: Primary DNS domain of the IPA deployment
type: str
@@ -182,6 +183,7 @@ options:
type: list
elements: str
required: no
+ default: []
no_reverse:
description: Do not create new reverse DNS zone
type: bool
diff --git a/roles/ipaserver/library/ipaserver_setup_dns.py b/roles/ipaserver/library/ipaserver_setup_dns.py
index cf31eda93ae163544912ed84ae560017ba32c62e..b06246c48275ac8dedf86b5a06bb6b6a3aff62fc 100644
--- a/roles/ipaserver/library/ipaserver_setup_dns.py
+++ b/roles/ipaserver/library/ipaserver_setup_dns.py
@@ -42,6 +42,7 @@ options:
type: list
elements: str
required: no
+ default: []
domain:
description: Primary DNS domain of the IPA deployment
type: str
diff --git a/roles/ipaserver/library/ipaserver_setup_ds.py b/roles/ipaserver/library/ipaserver_setup_ds.py
index 4479daaaf8248e21112e2e8065a4dd71adb44ba1..f97770f3811eca829e8bc8d89f0987a728c61214 100644
--- a/roles/ipaserver/library/ipaserver_setup_ds.py
+++ b/roles/ipaserver/library/ipaserver_setup_ds.py
@@ -87,6 +87,7 @@ options:
type: list
elements: str
required: no
+ default: []
_dirsrv_pkcs12_info:
description: The installer _dirsrv_pkcs12_info setting
type: list
@@ -99,6 +100,7 @@ options:
type: list
elements: str
required: no
+ default: []
subject_base:
description:
The certificate subject base (default O=<realm-name>).
diff --git a/roles/ipaserver/library/ipaserver_setup_http.py b/roles/ipaserver/library/ipaserver_setup_http.py
index cd6478eeb8d951f8aa2568cf563ca3659e022118..3aa4b21b630fee0aa912fe2f092d091614a97a02 100644
--- a/roles/ipaserver/library/ipaserver_setup_http.py
+++ b/roles/ipaserver/library/ipaserver_setup_http.py
@@ -66,17 +66,20 @@ options:
type: list
elements: str
required: no
+ default: []
reverse_zones:
description: The reverse DNS zones to use
type: list
elements: str
required: no
+ default: []
http_cert_files:
description:
File containing the Apache Server SSL certificate and private key
type: list
elements: str
required: no
+ default: []
setup_adtrust:
description: Configure AD trust capability
type: bool
@@ -124,6 +127,7 @@ options:
type: list
elements: str
required: no
+ default: []
subject_base:
description:
The certificate subject base (default O=<realm-name>).
@@ -166,6 +170,7 @@ options:
type: list
elements: str
required: no
+ default: []
no_reverse:
description: Do not create new reverse DNS zone
type: bool
diff --git a/roles/ipaserver/library/ipaserver_setup_krb.py b/roles/ipaserver/library/ipaserver_setup_krb.py
index df37ed31a50f9845482a9d68dff808148b8761ff..9a66107ae8dca2fd349bf990a86a1e971e348f44 100644
--- a/roles/ipaserver/library/ipaserver_setup_krb.py
+++ b/roles/ipaserver/library/ipaserver_setup_krb.py
@@ -66,11 +66,13 @@ options:
type: list
elements: str
required: no
+ default: []
reverse_zones:
description: The reverse DNS zones to use
type: list
elements: str
required: no
+ default: []
setup_adtrust:
description: Configure AD trust capability
type: bool
@@ -113,6 +115,7 @@ options:
type: list
elements: str
required: no
+ default: []
subject_base:
description:
The certificate subject base (default O=<realm-name>).
diff --git a/roles/ipaserver/library/ipaserver_test.py b/roles/ipaserver/library/ipaserver_test.py
index bf8d3b4c701f450c9c63acb7105290ca8cd561b5..06df1b7052cccee00a97eb8d186136499157ab47 100644
--- a/roles/ipaserver/library/ipaserver_test.py
+++ b/roles/ipaserver/library/ipaserver_test.py
@@ -73,6 +73,7 @@ options:
type: list
elements: str
required: no
+ default: []
no_host_dns:
description: Do not use DNS for hostname lookup during installation
type: bool
@@ -223,6 +224,7 @@ options:
type: list
elements: str
required: no
+ default: []
no_reverse:
description: Do not create new reverse DNS zone
type: bool
@@ -242,6 +244,7 @@ options:
type: list
elements: str
required: no
+ default: []
no_forwarders:
description: Do not add any DNS forwarders, use root servers instead
type: bool
diff --git a/roles/ipasmartcard_client/library/ipasmartcard_client_validate_ca_certs.py b/roles/ipasmartcard_client/library/ipasmartcard_client_validate_ca_certs.py
index 0501d38896948e800007fa7aaef90d80e50d3786..3765e334c1d4512a62dec52a7c1fc9fb2d6714a0 100644
--- a/roles/ipasmartcard_client/library/ipasmartcard_client_validate_ca_certs.py
+++ b/roles/ipasmartcard_client/library/ipasmartcard_client_validate_ca_certs.py
@@ -44,6 +44,7 @@ options:
type: list
elements: str
required: no
+ default: []
author:
- Thomas Woerner (@t-woerner)
'''
diff --git a/roles/ipasmartcard_server/library/ipasmartcard_server_validate_ca_certs.py b/roles/ipasmartcard_server/library/ipasmartcard_server_validate_ca_certs.py
index b776e58479ee6338fc8a3eb26aafd42a1e3caaa1..af67ec3c4f6dc01e6e45fa9116bc1570e3802c68 100644
--- a/roles/ipasmartcard_server/library/ipasmartcard_server_validate_ca_certs.py
+++ b/roles/ipasmartcard_server/library/ipasmartcard_server_validate_ca_certs.py
@@ -44,6 +44,7 @@ options:
type: list
elements: str
required: no
+ default: []
author:
- Thomas Woerner (@t-woerner)
'''
diff --git a/tests/utils.py b/tests/utils.py
index 9e3d5e83be0d7a1858fea9b29a58ef9b9ec5209b..666af7edb7aab928f2d70132fec261446405560a 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -306,14 +306,14 @@ class AnsibleFreeIPATestCase(TestCase):
if res.rc != 0:
for output in expected_output:
assert self.__is_text_on_data(output, res.stderr), (
- f"\n{'='*40}\nExpected: {output}\n{'='*40}\n"
- + f"Output:\n{res.stderr}{'='*40}\n"
+ f"\n{'=' * 40}\nExpected: {output}\n{'=' * 40}\n"
+ + f"Output:\n{res.stderr}{'=' * 40}\n"
)
else:
for output in expected_output:
assert self.__is_text_on_data(output, res.stdout), (
- f"\n{'='*40}\nExpected: {output}\n{'='*40}\n"
- + f"Output:\n{res.stdout}{'='*40}\n"
+ f"\n{'=' * 40}\nExpected: {output}\n{'=' * 40}\n"
+ + f"Output:\n{res.stdout}{'=' * 40}\n"
)
kdestroy(self.master)
@@ -325,8 +325,8 @@ class AnsibleFreeIPATestCase(TestCase):
res = self.master.run(cmd)
for member in members:
assert not self.__is_text_on_data(member, res.stdout), (
- f"\n{'='*40}\nExpected: {member}\n{'='*40}\n"
- + f"Output:\n{res.stdout}{'='*40}\n"
+ f"\n{'=' * 40}\nExpected: {member}\n{'=' * 40}\n"
+ + f"Output:\n{res.stdout}{'=' * 40}\n"
)
kdestroy(self.master)