Skip to content
  1. May 26, 2021
    • Mark Hahl's avatar
      New automember management module · 0e0bdf1f
      Mark Hahl authored
          There is a new automember management module placed in the plugins folder:
      
              plugins/modules/ipaautomember.py
      
          The automember module allows to ensure presence or absence of automember rules
          and manage automember rule conditions.
      
          Here is the documentation for the module:
      
              README-automember.md
      
          New example playbooks have been added:
      
              playbooks/automember/automember-group-absent.yml
              playbooks/automember/automember-group-present.yml
              playbooks/automember/automember-hostgroup-absent.yml
              playbooks/automember/automember-hostgroup-present.yml
              playbooks/automember/automember-hostgroup-rule-absent.yml
              playbooks/automember/automember-hostgroup-rule-present.yml
      
          New tests for the module:
      
              tests/automember/test_automember.yml
      0e0bdf1f
    • chrisp's avatar
      fix minor documentation typos in sudo modules · f51107e8
      chrisp authored
      f51107e8
  2. May 25, 2021
  3. May 24, 2021
  4. May 21, 2021
    • Rafael Guterres Jeffman's avatar
      ipaservice: Avoid clearing auth-ind when it is empty. · 7e826fce
      Rafael Guterres Jeffman authored
      When `auth-ind` was empty, and it was set to be cleared, it might have
      triggered an uncessary change. This change add a test so that `auth-ind`
      is set only if needed.
      7e826fce
    • Rafael Guterres Jeffman's avatar
      ipaservice: Handle smb services as other services. · debdef19
      Rafael Guterres Jeffman authored
      In current implementation, when using `smb: yes`, only a small subset
      of the attributes can be used in the playbook. This happened due the
      use of `service_add_smb`, which adds a new service and does not modify
      an existing one, and not coping with attributes not supported by this
      IPA API call.
      
      The implementation was modified so that a service with `smb: true` is
      treated like any other service, which, in effect, simplified and fixed
      service search, and allowed for the use of the same attributes as with
      any service. Although simplified, when using `smb: true` an extra
      query is done against the LDAP server, as a second `service_show` is
      performed.
      
      Tests have been updated to reflect the new imprlementation.
      debdef19
    • Thomas Woerner's avatar
      dnszone: Fix no modifications to be performed for serial · 445705fb
      Thomas Woerner authored
      A dnszone_mod call is always made to set the serial for a zone even if
      this serial is set already.
      
      A check is added to make sure that the serial is only set with
      dnszone_mod if there is no serial set or if the serial is different.
      445705fb
  5. May 20, 2021
    • Thomas Woerner's avatar
      host: Fix DNS resource record not found error · c8eb6d74
      Thomas Woerner authored
      The "DNS resource record not found" error occurs when a host arecord
      or aaaarecord member is ensured to be absent and no dnsrecord entry
      for the host exists.
      
      The arecord or aaaarecord item are removed from dnsrecord_args if the
      record is not defined in res_find_dnsrecord.
      c8eb6d74
    • Thomas Woerner's avatar
      ipasudorule: Fix category reset for idempotency · 34bd2562
      Thomas Woerner authored
      A repeated category reset of usercategory, hostcategory, cmdcaterory,
      runasusercategory and hostcategory is resulting in the error
      "no modifications to be performed".
      
      The empty categories are now removed from the args if the category is
      not set in the sudorule.
      34bd2562
  6. May 18, 2021
    • Thomas Woerner's avatar
      New server management module · 16795b8b
      Thomas Woerner authored
      There is a new server management module placed in the plugins folder:
      
          plugins/modules/ipaserver.py
      
      The server module allows to ensure presence and absence of servers. The
      module requires an existing server, the deployment of a new server can
      not be done with the module.
      
      DNSName has been added to ansible_freeipa_module in plugins/module_utils
      as this is used for locations.
      
      Here is the documentation for the module:
      
          README-server.md
      
      New example playbooks have been added:
      
          playbooks/server/server-absent-continue.yml
          playbooks/server/server-absent-force.yml
          playbooks/server/server-absent-ignore_last_of_role.yml
          playbooks/server/server-absent-ignore_topology_disconnect.yml
          playbooks/server/server-absent.yml
          playbooks/server/server-hidden.yml
          playbooks/server/server-location.yml
          playbooks/server/server-no-location.yml
          playbooks/server/server-no-service-weight.yml
          playbooks/server/server-not-hidden.yml
          playbooks/server/server-present.yml
          playbooks/server/server-service-weight.yml
      
      New tests for the module:
      
          tests/server/test_server.yml
      
      Change in module_utils/ansible_freeipa_module:
      
          DNSName is imported from ipapython.dnsutil and also added to __all__
      16795b8b
  7. May 05, 2021
    • Rafael Guterres Jeffman's avatar
      Fix creation of privilege with permissions. · f4a8cf4e
      Rafael Guterres Jeffman authored
      Module was raising exceptions when trying to create a new privilege
      with permissions. This change fixes the behavior and ensuure
      idempotence with trying to create a privilege with the same values.
      
      Tests for this behavior have been appended to:
      
          tests/privilege/test_privilege.yml
      f4a8cf4e
  8. Jan 26, 2021
    • Eric Nothen's avatar
      ipasudorule: Fix names of member objects. · 2cc4c27f
      Eric Nothen authored
      Fixed names of sudorule member objects, as they did not match the names provided by IdM.
      
      From:			To:
      member_host		memberhost_host
      member_hostgroup	memberhost_hostgroup
      member_user		memberuser_user
      member_group		memberuser_group
      
      Fixes: #500
      2cc4c27f
  9. Jan 12, 2021
  10. Jan 08, 2021
    • Thomas Woerner's avatar
      ipapermission: Fix attrs and drop privilege handling · 23829c5e
      Thomas Woerner authored
      The attrs handling was not complete and did not support to ensure presence
      or absence of attributes with action:member.
      
      The includedattrs and excludedattrs parameters have not been added with
      this change as the use of attrs will automatically set includedattrs and
      excludedattrs. The includedattrs and excludedattrs parameters are only
      usable for managed permissions and duplicating attrs.
      
      The permission module may not handle privileges. An IPA internal only API
      has been used for this. The prvilege variable and all related code paths
      have been removed.
      
      Fixes: #424 ([Permission Handling] Not able to add additional attributes
                   with existing attributes)
      Fixes: #425 ([Permission Handling] Not able to add member privilege while
                   adding permission)
      23829c5e
  11. Jan 06, 2021
    • Eric Nothen's avatar
      Enabled Ansible check_mode · 7bbb401b
      Eric Nothen authored
      Added code to the ipa* plugins to support Ansible's check_mode, by
      means of a clean exit before the execution of the actual list of
      commands that would otherwise create/update/delete IPA servers
      and/or its resources.
      7bbb401b
  12. Jan 04, 2021
    • Rafael Guterres Jeffman's avatar
      Fix changing the type of an existing Vault. · 7e04a46f
      Rafael Guterres Jeffman authored
      Current implementation does not allow the change of an existingi Vault
      type. To allow it, data is retrieved from the current vault, the vault
      is modifiend, and then, data is stored again in the new vault.
      
      Due to changing the process of modifying a vault, this change also
      fixes the update of asymmetric vault keys. To change the key used,
      the task must provide the old private key, used to retrieve data,
      and the new public_key, used to store the data again. A new alias
      was added to public_key (new_public_key) and public_key_file
      (new_public_key_file) so that the playbook better express the
      intention of the tak.
      
      Vault tests have been updated to better test against the new update
      process, and a new test file has bee added:
      
          tests/vault/test_vault_change_type.
      7e04a46f
  13. Dec 29, 2020
  14. Dec 22, 2020
    • Rafael Guterres Jeffman's avatar
      Fix handling members in ipa role. · 67179a8c
      Rafael Guterres Jeffman authored
      When adding new members to a role, the existing members were removed.
      The correct behavior for the "member" action is to add those members,
      and substitute the existing ones. This patch fixes this behavior.
      
      Fix #409, #411, #412, #413
      67179a8c
  15. Dec 16, 2020
  16. Nov 25, 2020
Loading