- Jun 09, 2020
-
-
Samuel Veloso authored
-
- Jun 06, 2020
-
-
Sergio Oliveira authored
Fix service module
-
Rafael Guterres Jeffman authored
This patch adds variable `smb`, that can be used when adding a new service, and creates a SMB service (cifs) with an optional `netbiosname`.
-
Rafael Guterres Jeffman authored
-
Rafael Guterres Jeffman authored
-
Rafael Guterres Jeffman authored
-
Rafael Guterres Jeffman authored
-
Rafael Guterres Jeffman authored
This patch changes auth_ind variable to receive a list of values instead of a single one, so that more than one value can be set at once. Tests have been updated to reflect the change.
-
Rafael Guterres Jeffman authored
When using a variable that is invalid for a given action, the `action` was not being displayed in the error message, leading to a poor user experience.
-
Rafael Guterres Jeffman authored
This patch explicitly set `no_log` option for `update_password` attribute to `False`, so that the warning on `no_log` not being set is not issued anymore. Ansible incorrectly issued the warning, as `update_password` does not carry sensitive information.
-
- Jun 05, 2020
-
-
Sergio Oliveira authored
Fixes no_log warning for `update_password`.
-
Sergio Oliveira authored
Fixes password behavior on Vault module.
-
Rafael Guterres Jeffman authored
This patch fixes handling of password and public_key files, parameter validation depending on vault type, usage of `salt` attribute and data retrieval. Tests were updated to reflect the changes. New example playbooks are added: playbooks/vault/vault-is-present-with-password-file.yml playbooks/vault/vault-is-present-with-public-key-file.yml playbooks/vault/retrive-data-asymmetric-vault.yml playbooks/vault/retrive-data-symmetric-vault.yml
-
Thomas Woerner authored
Fixes host absent when DNS zone is not found.
-
Thomas Woerner authored
Add missing attribute `services` to vault module.
-
- Jun 04, 2020
-
-
Rafael Guterres Jeffman authored
Wrong variable names in the documentation
-
- Jun 01, 2020
-
-
Rafael Guterres Jeffman authored
Since ipahost uses dnsrecord-show, it raises an error when DNS zone is not found, but it should not be an ipahost concern. This patch fixes this behavior by returning no record if DNS zone is not found, so processing resumes as if there is no record for the host. It fixes behavior when `state: absent` and dnszone does not exist, so, host should not exist either, and the ipahost answer is correct and indifferent to DNS Zone state.
-
- May 28, 2020
-
-
Rafael Guterres Jeffman authored
This patch explicitly set `no_log` option for `update_password` attribute to `False`, so that the warning on `no_log` not being set is not issued anymore. Ansible incorrectly issued the warning, as `update_password` does not carry sensitive information.
-
Rafael Guterres Jeffman authored
The `services` member and ownership atttributes were missing from vault module. This change adds them. Handling of owner and ownergroups needed to be changed to fix `services` and, due to this, have also been fixed.
-
- May 27, 2020
-
-
Thomas Woerner authored
Fixes behavior of ipavault when no user, service or shared is given.
-
- May 20, 2020
-
-
Sergio Oliveira authored
Added pytests as test entrypoint
-
Sergio Oliveira Campos authored
-
- May 14, 2020
-
-
Ivan Aragonés Muniesa authored
Added useful notes and the missing variable ipaserver_no_pkinit.
-
Ivan Aragonés Muniesa authored
Corrected variable names and description
-
- May 13, 2020
-
-
Rafael Guterres Jeffman authored
IPA CLI allows the creation of vaults without specifying user, service or a shared vault, defaulting to create a user vault for the `admin` user. The vault module, required that one of user, service or shared was explicitly provided, and this patch makes the module behave like the CLI command. Tests were added to reflect this change.
-
- May 12, 2020
-
-
Rafael Guterres Jeffman authored
ipauser: Fix certmapdata, add missing certmapdata data option
-
Thomas Woerner authored
certmapdata was not processed properly. The certificate was not loaded and therefore the `issuer` and `subject` could not be compared to the certmapdata entries in the user record. The function `load_cert_from_str` from ansible_freeipa_moduleis used for this. Additionally there was no way to use the certmapdata data format. This is now possible with the `data` option in the certmapdata dict. Example: "data: X509:<I>dc=com,dc=example,CN=ca<S>dc=com,dc=example,CN=test" `data` may not be used together with `certificate`, `issuer` and `subject` in the same record. Given certmapdata for the ipauser module is now converted to the internal data representation using also the new function `DN_x500_text` from `ansible_freeipa_module`. New functions `convert_certmapdata` and `check_certmapdata` have been added to ipauser. tests/user/certmapdata/test_user_certmapdata.yml has been extended with additional tasks to verify more complex issuer and subjects and also using the data format.
-
Thomas Woerner authored
This function can be used to check if a command is available in the API. This is used in ipauser module to check if user_add_certmapdata is available in the API.
-
Thomas Woerner authored
This function is needed to properly convert issuer and subject from a certificate or the issuer and subject parameters in ipauser for certmapdata to the data representation where the items in DN are reversed. The function additionally provides a fallback solution for IPA < 4.5. Certmapdata is not supported for IPA < 4.5, but the conversion is done before the API version can be checked.
-
Thomas Woerner authored
For certmapdata processing in ipauser it is needed to be able to load a cert from a string given in the task to be able to get the issuer and subject of the certificate. The format of the certifiacte here is lacking the markers for the begin and end of the certificate. Therefore load_pem_x509_certificate can not be used directly. Also in IPA < 4.5 it is needed to load the certificate with load_certificate instead of load_pem_x509_certificate. The function is implementing this properly.
-
Thomas Woerner authored
Fixes removal of `all` from categories in sudorule and hbacrule modules.
-
Rafael Guterres Jeffman authored
ipauser: Use encode_certificate for certificates in find_user result
-
Rafael Guterres Jeffman authored
ipagroup: Add lacking service check for group_remove_member with old IPA
-
Rafael Guterres Jeffman authored
tests/host/test_hosts_principal.yml: Remove dudplicate hosts tag
-
Rafael Guterres Jeffman authored
ipahost: Use dnsrecord_show instead of dnsrecord_find command
-
Rafael Guterres Jeffman authored
ipahost: Honour update_password also for random
-
- May 11, 2020
-
-
Thomas Woerner authored
group_remove_member is not able to handle services in old IPA releases. In one case the check was missing and the removal of a user from a group failed because of this with an older IPA version. The missing check has been added. Fixes #257 (ipagroup fails to remove user from group ipausers)
-
Thomas Woerner authored
The hosts tag is used twice in some tests. This leads to a warning in Ansible. The commit removes the duplicate tags.
-
Thomas Woerner authored
The host_find command had to be replaced to get the "has_password" and "has_keytab" return values. This commit replaces the dnsrecord_find with the dnsrecord_show command to have consistent find functions in the module.
-
Thomas Woerner authored
If random is enabled and update_password is limited to "create_only", the random password may only be changed if the host does not exist yet. Additionally the generation of the random password will fail, if the host is already enrolled if update_password is "always" (default value). An error will be reported early in this case now. The command host_show is now used instead of host_find, as `has_password` and `has_keytab` are only returned by host_show, but not by host_find. The find_host function has been adapated for this change. Resolves: #253 (ipahost is not idempotent)
-