- Jul 22, 2020
-
-
Sergio Oliveira authored
New Role management module
-
- Jul 21, 2020
-
-
Rafael Guterres Jeffman authored
There is a new role management module placed in the plugins folder: plugins/modules/iparole.py The role module allows to ensure presence or absence of roles and manage role members. Here is the documentation for the module: README-role.md New example playbooks have been added: playbooks/role/role-is-absent.yml playbooks/role/role-is-present.yml playbooks/role/role-member-group-absent.yml playbooks/role/role-member-group-present.yml playbooks/role/role-member-host-absent.yml playbooks/role/role-member-host-present.yml playbooks/role/role-member-hostgroup-absent.yml playbooks/role/role-member-hostgroup-present.yml playbooks/role/role-member-privilege-absent.yml playbooks/role/role-member-privilege-present.yml playbooks/role/role-member-service-absent.yml playbooks/role/role-member-service-present.yml playbooks/role/role-member-user-absent.yml playbooks/role/role-member-user-present.yml playbooks/role/role-members-absent.yml playbooks/role/role-members-present.yml playbooks/role/role-rename.yml New tests for the module: tests/role/test_role.yml tests/role/test_role_service_member.yml
-
Thomas Woerner authored
tests/external-signed-ca-../external-ca.sh: Password too weak in FIPS…
-
Thomas Woerner authored
The password that is used in the script to generate the CA and also sign the CSR is not strong enough in FIPS mode. In normal mode the password was ok, though. In FIPS mode the password needs to have at least one upper, lower, digit and a special char.
-
- Jul 16, 2020
-
-
Sergio Oliveira authored
Fix variable name error
-
Sergio Oliveira authored
Terminology improvements: use allow list.
-
- Jul 09, 2020
-
-
Rafael Guterres Jeffman authored
ipareplica: Fix missing parameters for several modules
-
- Jul 07, 2020
-
-
Thomas Woerner authored
The parameters master_host_name, config_setup_ca, dirman_password have not been set for some modules. Also there was no ldap2 connection within ipareplica_setup_kra. All this resulted in improper configuration where for example KRA deployment failed in the end. A conversion warning in ipareplica_setup_adtrust has also been fixed for the setup_ca parameter. Fixes #314 (IPA replica installation failure - DS enabled SSL - second part)
-
Rafael Guterres Jeffman authored
Adhere to recent changes on FreeIPA CLI help messages. Also, see: https://tools.ietf.org/id/draft-knodel-terminology-01.html
-
- Jul 02, 2020
-
-
Rafael Guterres Jeffman authored
ipa[server,replica]: Fix pkcs12 info regressions introduced with CA-less
-
Thomas Woerner authored
With the CA-less patches the types for the pkcs12 infos have been changed to lists in the modules. This is resulting in a bad conversion from None to [''] for the parameters. Because of this a normal replica deployment is failing as [''] is not a valid value. The install.yml files for ipareplica and also ipaserver have been changed in the way that the pkcs12 values are checked if they are None. The parameter will simply be omitted in this case and the parameter in the module will become None by default.
-
- Jul 01, 2020
-
-
Varun Mylaraiah authored
action_plugins/ipaclient_get_otp: Discovered python needed in task_vars
-
- Jun 30, 2020
-
-
Thomas Woerner authored
Ansible is now also supporting discovered_python_interpreter for action_plugins. task_vars needs to be non Null and contain a setting for discovered_python_interpreter. The ipaclient_get_otp action_plugin therefore needed to be adapted.
-
Sergio Oliveira authored
Fixes ipaservice disable tests.
-
Rafael Guterres Jeffman authored
Due to use of some shell commands that required a Kerberos ticket, the ipaservice test test_service_disable would no work if a ticket was not granted before it ran. This patch adresses this issue by acquiring a ticket for the `admin` user before it is needed, and destroying the tickets by the end of the test execution.
-
- Jun 29, 2020
-
-
Thomas Woerner authored
ipa[user,host]: Fail on duplucate names in the users and hosts lists
-
Rafael Guterres Jeffman authored
ipa[host]group: Fix membermanager unknow user issue
-
Thomas Woerner authored
If a unknown membermanager user presence will be ensured, the unknown user error was ignored. This has been fixed in ipagroup. The code for the error handling in ipagroup and ipahostgroup has been adapted because of this. New tests for tests/[host]group/test_[host]group_membermnager.yml have been added.
-
Sergio Oliveira authored
Add suppport for changing password of symmetric vaults.
-
Rafael Guterres Jeffman authored
Allows changing passwords of symmetric waults, using a new variable `new_password` (or the file-base version, `new_password_file`). The old password must be passed using the `password` or `password_file` variables that also received new aliases `old_password` and `old_password_file`, respectively. Tests were modyfied to reflect the changes.
-
Thomas Woerner authored
It was possible to have several entries for names with the hosts and users lists. This resulted sometimes in errors but also unexpected changes. A new check has been added to make sure that the names in the users and hosts lists are unique. New tests have been added to verify this in the existing files: - tests/host/test_hosts.yml - tests/user/test_users.yml
-
- Jun 27, 2020
-
-
Sergio Oliveira authored
Fixes service disable when service has no certificates attached.
-
Sergio Oliveira authored
Fix forwardzone issues
-
- Jun 26, 2020
-
-
Rafael Guterres Jeffman authored
-
Rafael Guterres Jeffman authored
This patch allows the modification of the forward zone policy in an existing DNS Forward Zone, and fixes some issues with `enable` and `disable` state that prevented correct behavior of `forwardpolicy`.
-
Rafael Guterres Jeffman authored
Adds missing attribute `permission to dnsforwardzone module, that enable setting `manageby` for the DNS Forwar Zone.
-
Rafael Guterres Jeffman authored
Services without certificates, but with keytabs were not being disabled. This change allows execution of service_disable if there is a certificate or if has_keytab is true. A new test was added to verify the issue: tests/service/test_service_disable.yml
-
- Jun 22, 2020
-
-
Ary Kleinerman authored
-
- Jun 15, 2020
-
-
Rafael Guterres Jeffman authored
This patch modify the was forwarders are configured, using two attributes, `ip_address` and `port`, instead of IPA API internal string representation of `IP port PORT`.
-
Varun Mylaraiah authored
ipaserver/library/ipaserver_setup_ca.py: Fix bug introduced with ca-less PR
-
Thomas Woerner authored
The ca-less PR introduced a bug when http_ca_cert is not set. The test for loading the certificate is testing for None, but the string will only be empty in this case. Related: #298 (Install server and replicas without CA)
-
- Jun 11, 2020
-
-
Thomas Woerner authored
Galaxy refuses to import a collection that has license and license_file set in galaxy.yml. Therefore license_file has been removed.
-
Thomas Woerner authored
Fixes attempt to create rules with members when category is `all`.
-
Rafael Guterres Jeffman authored
Current implementation of hbacrule and sudorule allow for a new rule creation script to be partialy successful when a member is provided and the respective member category is set to `all` (either users, hosts, services, commands, and their group counterparts). Since the creation of the rule is independent of the adittion of members, the rule is succesfully created, but member addition fails, leaving with a created rule that has no members on it. This patch fixes both modules by verifying if user, host, service or commands (and groups of members) are being added if the corresponding category is set to `all`, when the state is `present` and the action is not `member`. If so, it fails before the rule is created.
-
Rafael Guterres Jeffman authored
Fix all tests entry point
-
Rafael Guterres Jeffman authored
-
Rafael Guterres Jeffman authored
Install server and replicas without CA
-
Thomas Woerner authored
Fixes error handling on dnsconfig module.
-
Rafael Guterres Jeffman authored
This fixes reporting errors on dnsconfig module and add some tests to verify that invalid IP addresses cannot be used as forwarders.
-
Thomas Woerner authored
add an ipaconfig module
-