- Jun 30, 2020
-
-
Sergio Oliveira authored
Fixes ipaservice disable tests.
-
Rafael Guterres Jeffman authored
Due to use of some shell commands that required a Kerberos ticket, the ipaservice test test_service_disable would no work if a ticket was not granted before it ran. This patch adresses this issue by acquiring a ticket for the `admin` user before it is needed, and destroying the tickets by the end of the test execution.
-
- Jun 29, 2020
-
-
Thomas Woerner authored
ipa[user,host]: Fail on duplucate names in the users and hosts lists
-
Rafael Guterres Jeffman authored
ipa[host]group: Fix membermanager unknow user issue
-
Thomas Woerner authored
If a unknown membermanager user presence will be ensured, the unknown user error was ignored. This has been fixed in ipagroup. The code for the error handling in ipagroup and ipahostgroup has been adapted because of this. New tests for tests/[host]group/test_[host]group_membermnager.yml have been added.
-
Sergio Oliveira authored
Add suppport for changing password of symmetric vaults.
-
Rafael Guterres Jeffman authored
Allows changing passwords of symmetric waults, using a new variable `new_password` (or the file-base version, `new_password_file`). The old password must be passed using the `password` or `password_file` variables that also received new aliases `old_password` and `old_password_file`, respectively. Tests were modyfied to reflect the changes.
-
Thomas Woerner authored
It was possible to have several entries for names with the hosts and users lists. This resulted sometimes in errors but also unexpected changes. A new check has been added to make sure that the names in the users and hosts lists are unique. New tests have been added to verify this in the existing files: - tests/host/test_hosts.yml - tests/user/test_users.yml
-
- Jun 27, 2020
-
-
Sergio Oliveira authored
Fixes service disable when service has no certificates attached.
-
Sergio Oliveira authored
Fix forwardzone issues
-
- Jun 26, 2020
-
-
Rafael Guterres Jeffman authored
-
Rafael Guterres Jeffman authored
This patch allows the modification of the forward zone policy in an existing DNS Forward Zone, and fixes some issues with `enable` and `disable` state that prevented correct behavior of `forwardpolicy`.
-
Rafael Guterres Jeffman authored
Adds missing attribute `permission to dnsforwardzone module, that enable setting `manageby` for the DNS Forwar Zone.
-
Rafael Guterres Jeffman authored
Services without certificates, but with keytabs were not being disabled. This change allows execution of service_disable if there is a certificate or if has_keytab is true. A new test was added to verify the issue: tests/service/test_service_disable.yml
-
- Jun 15, 2020
-
-
Rafael Guterres Jeffman authored
This patch modify the was forwarders are configured, using two attributes, `ip_address` and `port`, instead of IPA API internal string representation of `IP port PORT`.
-
Varun Mylaraiah authored
ipaserver/library/ipaserver_setup_ca.py: Fix bug introduced with ca-less PR
-
Thomas Woerner authored
The ca-less PR introduced a bug when http_ca_cert is not set. The test for loading the certificate is testing for None, but the string will only be empty in this case. Related: #298 (Install server and replicas without CA)
-
- Jun 11, 2020
-
-
Thomas Woerner authored
Galaxy refuses to import a collection that has license and license_file set in galaxy.yml. Therefore license_file has been removed.
-
Thomas Woerner authored
Fixes attempt to create rules with members when category is `all`.
-
Rafael Guterres Jeffman authored
Current implementation of hbacrule and sudorule allow for a new rule creation script to be partialy successful when a member is provided and the respective member category is set to `all` (either users, hosts, services, commands, and their group counterparts). Since the creation of the rule is independent of the adittion of members, the rule is succesfully created, but member addition fails, leaving with a created rule that has no members on it. This patch fixes both modules by verifying if user, host, service or commands (and groups of members) are being added if the corresponding category is set to `all`, when the state is `present` and the action is not `member`. If so, it fails before the rule is created.
-
Rafael Guterres Jeffman authored
Fix all tests entry point
-
Rafael Guterres Jeffman authored
-
Rafael Guterres Jeffman authored
Install server and replicas without CA
-
Thomas Woerner authored
Fixes error handling on dnsconfig module.
-
Rafael Guterres Jeffman authored
This fixes reporting errors on dnsconfig module and add some tests to verify that invalid IP addresses cannot be used as forwarders.
-
Thomas Woerner authored
add an ipaconfig module
-
Thomas Woerner authored
New dnsrecord management module.
-
Thomas Woerner authored
Vault add state retrieved
-
Rafael Guterres Jeffman authored
This patch add support for the attributes `maxtostname` and `ca_renewal_master_server` attributes that were missing and also provide a more complete set of tests.
-
Rafael Guterres Jeffman authored
This change split vault tests in several files, organized by vault type and operation (vault vs. member) so that it is easier to add new tests for issues and verify if tests are missing.
-
Rafael Guterres Jeffman authored
This patch adds support for retrieving data stored in an IPA vault by adding a new valid state for ipavault: `retrieved`. To allow the retrieval of data from assymetric vaults, the attributes `private_key`, `private_key_files` and `out` were also added to the module. The private key files, `private.pem`, should be paired with the already existing `public.pem` public key files. Tests were updated to reflect changes and two new playbooks were added: playbooks/vault/retrive-data-asymmetric-vault.yml playbooks/vault/retrive-data-symmetric-vault.yml
-
Rafael Guterres Jeffman authored
This patch fixes handling of password and public_key files, parameter validation depending on vault type, usage of `salt` attribute and data retrieval. Tests were updated to reflect the changes. New example playbooks are added: playbooks/vault/vault-is-present-with-password-file.yml playbooks/vault/vault-is-present-with-public-key-file.yml
-
Thomas Woerner authored
A group membership manager is a user or a group that can add members to a group or remove members from a hostgroup. This is related to https://pagure.io/freeipa/issue/8114 New parameters have been added to the module: - `membermanager_user`: List of member manager users assigned to this group. Only usable with IPA versions 4.8.4 and up. - `membermanager_group`: List of member manager groups assigned to this group. Only usable with IPA versions 4.8.4 and up. These parameters behave like member parameters. A new test has been added: - tests/hostgroup/test_hostgroup_membermanager.yml
-
Rafael Guterres Jeffman authored
There is a new dnsrecord managem module placed in the plugins folder: plugins/modules/ipadnsrecord.py The dnsrecord module allows management of DNS records and is as compatible as possible with the Ansible upstream `ipa_dnsrecord` module, but provide some other features like multiple record management in one execution, support for more DNS record types, and more. Here is the documentation for the module: README-dnsrecord New example playbooks have been added: playbooks/dnsrecord/ensure-dnsrecord-is-absent.yml playbooks/dnsrecord/ensure-dnsrecord-is-present.yml playbooks/dnsrecord/ensure-presence-multiple-records.yml playbooks/dnsrecord/ensure-dnsrecord-with-reverse-is-present.yml playbooks/dnsrecord/ensure-multiple-A-records-are-present.yml playbooks/dnsrecord/ensure-A-and-AAAA-records-are-absent.yml playbooks/dnsrecord/ensure-A-and-AAAA-records-are-present.yml playbooks/dnsrecord/ensure-CNAME-record-is-absent.yml playbooks/dnsrecord/ensure-CNAME-record-is-present.yml playbooks/dnsrecord/ensure-MX-record-is-present.yml playbooks/dnsrecord/ensure-PTR-record-is-present.yml playbooks/dnsrecord/ensure-SRV-record-is-present.yml playbooks/dnsrecord/ensure-SSHFP-record-is-present.yml playbooks/dnsrecord/ensure-TLSA-record-is-present.yml playbooks/dnsrecord/ensure-TXT-record-is-present.yml playbooks/dnsrecord/ensure-URI-record-is-present.yml New tests for the module can be found at: tests/dnsrecord/test_dnsrecord.yml tests/dnsrecord/test_compatibility_with_ansible_module.yml tests/dnsrecord/test_dnsrecord_full_records.yml
-
Rafael Guterres Jeffman authored
-
Rafael Guterres Jeffman authored
-
Rafael Guterres Jeffman authored
Use of the same password on all module tests ease test automation, and this change ensure that dnsforwardzone use the same password as other modules.
-
- Jun 10, 2020
-
-
Thomas Woerner authored
It should be `Playbook to handle server configuration` instead of `Playbook to handle users`.
-
- Jun 09, 2020
-
-
Samuel Veloso authored
-
Samuel Veloso authored
-