Skip to content
  1. Mar 26, 2020
  2. Mar 24, 2020
    • Sergio Oliveira Campos's avatar
      New IPADNSZone module · 2ed7e21c
      Sergio Oliveira Campos authored
          There is a new management module placed in the plugins folder:
      
          plugins/modules/ipadnszone.py
      
          The dnszone module allows to manage DNS zones.
      
          Here is the documentation for the module:
      
          README-dnszone.md
      
          New example playbooks have been added:
      
          playbooks/dnszone/disable-zone-forwarders.yml
          playbooks/dnszone/dnszone-absent.yml
          playbooks/dnszone/dnszone-all-params.yml
          playbooks/dnszone/dnszone-disable.yml
          playbooks/dnszone/dnszone-enable.yml
          playbooks/dnszone/dnszone-present.yml
      
          New tests for the module:
      
          tests/dnszone/test_dnszone.yml
          tests/dnszone/test_dnszone_mod.yml
      2ed7e21c
    • Sergio Oliveira Campos's avatar
  3. Mar 13, 2020
  4. Mar 10, 2020
  5. Mar 05, 2020
    • Rafael Guterres Jeffman's avatar
      New DNSConfig management module · e22bf295
      Rafael Guterres Jeffman authored
      There is a new vaultcontainer management module placed in the plugins folder:
      
      plugins/modules/ipadnsconfig.py
      
      The dnsconfig module allows to modify global DNS configuration.
      
      Here is the documentation for the module:
      
      README-dnsconfig.md
      
      New example playbooks have been added:
      
      playbooks/dnsconfig/set_configuration.yml
      playbooks/dnsconfig/disable-global-forwarders.yml
      playbooks/dnsconfig/disallow-reverse-sync.yml
      
      New tests for the module:
      
      tests/dnsconfig/test_dnsconfig.yml
      e22bf295
  6. Mar 04, 2020
  7. Feb 28, 2020
    • Rafael Guterres Jeffman's avatar
      New service management module. · 5a83c08f
      Rafael Guterres Jeffman authored
      There is a new service management module placed in the pluginsfolder:
      
        plugins/modules/ipaservice.py
      
      The service module allows to ensure presence and absence of services, and
      manage members and certificates of the service.
      
      Here is the documentation for the module:
      
        README-service.md
      
      New example playbooks have been added:
      
          playbooks/service/service-host-is-absent.yml
          playbooks/service/service-host-is-present.yml
          playbooks/service/service-is-absent.yml
          playbooks/service/service-is-disabled.yml
          playbooks/service/service-is-present-with-all-attributes.yml
          playbooks/service/service-is-present-without-host-object.yml
          playbooks/service/service-is-present.yml
          playbooks/service/service-member-allow_create_keytab-absent.yml
          playbooks/service/service-member-allow_create_keytab-present.yml
          playbooks/service/service-member-allow_retrieve_keytab-absent.yml
          playbooks/service/service-member-allow_retrieve_keytab-present.yml
          playbooks/service/service-member-certificate-absent.yml
          playbooks/service/service-member-certificate-present.yml
          playbooks/service/service-member-principal-absent.yml
          playbooks/service/service-member-principal-present.yml
      
      New tests added for the module:
      
        tests/service/test-service.yml
      5a83c08f
  8. Feb 26, 2020
  9. Feb 20, 2020
  10. Feb 14, 2020
  11. Feb 13, 2020
    • Rafael Guterres Jeffman's avatar
      Properly handle base64 enconding of certificates stored as bytes. · 1a3c9114
      Rafael Guterres Jeffman authored
      This change is needed to properly handle base64 encoding of certificates
      stored as bytes, under Python 3, as used by IPA service. It does not
      affect Python 2.7 as bytes are identical to str in this version of the
      language.
      
      When retireving certificates stored by FreeIPA service data is returned
      as bytes, under Python 3, and encoding then breaks, as there is no
      bytes.public_bytes method. In Python 3, encoding with base64 will be the
      same for strings and bytes.
      1a3c9114
    • Thomas Woerner's avatar
      ipahost: Add support for several IP addresses and also to change them · 167c7631
      Thomas Woerner authored
      ipahost was so far ignoring IP addresses when the host already existed.
      This happened because host_mod is not providing functionality to do this.
      Now ipaddress is a list and it is possible to ensure a host with several
      IP addresses (these can be IPv4 and IPv6). Also it is possible to ensure
      presence and absence of IP addresses for an exising host using action
      member.
      
      There are no IP address conclict checks as this would lead into issues with
      updating an existing host that already is using a duplicate IP address for
      example for round-robin (RR). Also this might lead into issues with ensuring
      a new host with several IP addresses in this case. Also to ensure a list of
      hosts with changing the IP address of one host to another in the list would
      result in issues here.
      
      New example playbooks have been added:
      
          playbooks/host/host-present-with-several-ip-addresses.yml
          playbooks/host/host-member-ipaddresses-absent.yml
          playbooks/host/host-member-ipaddresses-present.yml
      
      A new test has been added for verification:
      
          tests/host/test_host_ipaddresses.yml
      
      Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1783976
             https://bugzilla.redhat.com/show_bug.cgi?id=1783979
      167c7631
  12. Feb 11, 2020
  13. Feb 07, 2020
  14. Feb 06, 2020
    • Thomas Woerner's avatar
      ipapwpolicy: Use global_policy if name is not set · 4dd1d25e
      Thomas Woerner authored
      If the name is not set, the policy global_policy is now used. It was needed
      before to explicitly name the global_policy. Also a check has been added
      to fail early if global_policy is used with state absent.
      
      The README for pwpolicy has been extended with an example for global_policy
      and also the description of the name variable.
      
      The test has also been extended to check a change of maxlife for
      global_policy and that global_policy can not be used with state: absent
      
      Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1797532
      4dd1d25e
  15. Feb 03, 2020
    • Rafael Guterres Jeffman's avatar
      Add missing attributes to ipasudorule. · dc0a5585
      Rafael Guterres Jeffman authored
      This patch adds the following attributes to ipasudorule:
      
          - order
          - sudooption
          - runasuser
          - runasgroup
      
      It also fixes behavior of sudocmd assigned to the the sudorule, with the
      adittion of the attributes:
      
          - allow_sudocmds
          - deny_sudocmds
          - allow_sudocmdgroups
          - deny_sudocmdgroups
      
      README-sudorule and tests have been updated to comply with the changes.
      dc0a5585
  16. Jan 16, 2020
  17. Dec 18, 2019
  18. Dec 17, 2019
  19. Dec 16, 2019
    • Rafael Guterres Jeffman's avatar
      New vault management module. · af4e8432
      Rafael Guterres Jeffman authored
      There is a new vault management module placed in the plugins folder:
      
        plugins/modules/ipavault.py
      
      The vault module allows to ensure presence and absence of vaults, manage
      members and owner of the vault, and archive data in the vault.
      
      Here is the documentation for the module:
      
          README-vault.md
      
      New example playbooks have been added:
      
          playbooks/vault/data-archive-in-asymmetric-vault.yml
          playbooks/vault/data-archive-in-symmetric-vault.yml
          playbooks/vault/ensure-asymetric-vault-is-absent.yml
          playbooks/vault/ensure-asymetric-vault-is-present.yml
          playbooks/vault/ensure-service-vault-is-absent.yml
          playbooks/vault/ensure-service-vault-is-present.yml
          playbooks/vault/ensure-shared-vault-is-absent.yml
          playbooks/vault/ensure-shared-vault-is-present.yml
          playbooks/vault/ensure-standard-vault-is-absent.yml
          playbooks/vault/ensure-standard-vault-is-present.yml
          playbooks/vault/ensure-symetric-vault-is-absent.yml
          playbooks/vault/ensure-symetric-vault-is-present.yml
          playbooks/vault/ensure-vault-is-present-with-members.yml
          playbooks/vault/ensure-vault-member-group-is-absent.yml
          playbooks/vault/ensure-vault-member-group-is-present.yml
          playbooks/vault/ensure-vault-member-user-is-absent.yml
          playbooks/vault/ensure-vault-member-user-is-present.yml
          playbooks/vault/ensure-vault-owner-is-absent.yml
          playbooks/vault/ensure-vault-owner-is-present.yml
      
      New tests added for the module:
      
          tests/vault/test_vault.yml
      af4e8432
  20. Dec 13, 2019
  21. Dec 11, 2019
    • Rafael Guterres Jeffman's avatar
      Allow execution of API commands that do not require a name. · 0210899e
      Rafael Guterres Jeffman authored
      There are some commands in the IPA API that do not require
      arguments, and current implementation does not allow these
      commands to be execute.
      
      This patch adds api_command_no_name to allow the execution
      of such commands, which is required, for example, to create
      a vaultcontainer management module.
      0210899e
  22. Dec 02, 2019
    • Thomas Woerner's avatar
      ipahost: Extension to be able handle several hosts and all settings · 94b1f25b
      Thomas Woerner authored
      The ipahost management module was not able to add several hosts at once.
      Addtionally there have been settings missing.
      
      ansible_freeipa_module has been extended to provide two additional functions
      that are needed to simplify the extension of the ipahost module:
      
          gen_add_del_lists(user_list, res_list)
          encode_certificate(cert)
      
      gen_add_del_lists will generate the lists for the addition and removal of
      members using the provided user and ipa settings.
      
      encode_certificate will encode a certificate using base64 with also taking
      FreeIPA and Python versions into account.
      
      The missing settings in ipahost have been:
      
          certificate
          managedby_host
          principal
          create_keytab_[user,group,host,hostgroup]
          retrieve_keytab_[user,group,host,hostgroup]
          sshpubkey
          userclass
          auth_ind
          requires_pre_auth
          ok_as_delegate
          ok_to_auth_as_delegate
      
      The README-host.md file has been updated to provide information about the
      new settings and also the members. Also examples for the new things have
      been added.
      
      New example playbooks have been added:
      
          playbooks/host/add-host.yml
          playbooks/host/host-member-allow_create_keytab-absent.yml
          playbooks/host/host-member-allow_create_keytab-present.yml
          playbooks/host/host-member-allow_retrieve_keytab-absent.yml
          playbooks/host/host-member-allow_retrieve_keytab-present.yml
          playbooks/host/host-member-certificate-absent.yml
          playbooks/host/host-member-certificate-present.yml
          playbooks/host/host-member-managedby_host-absent.yml
          playbooks/host/host-member-managedby_host-present.yml
          playbooks/host/host-member-principal-absent.yml
          playbooks/host/host-member-principal-present.yml
          playbooks/host/host-present-with-allow_create_keytab.yml
          playbooks/host/host-present-with-allow_retrieve_keytab.yml
          playbooks/host/host-present-with-certificate.yml
          playbooks/host/host-present-with-managedby_host.yml
          playbooks/host/host-present-with-principal.yml
          playbooks/host/host-present-with-randompassword.yml
          playbooks/host/host-present.yml
          playbooks/host/hosts-member-certificate-absent.yml
          playbooks/host/hosts-member-certificate-present.yml
          playbooks/host/hosts-member-managedby_host-absent.yml
          playbooks/host/hosts-member-managedby_host-present.yml
          playbooks/host/hosts-member-principal-absent.yml
          playbooks/host/hosts-member-principal-present.yml
          playbooks/host/hosts-present-with-certificate.yml
          playbooks/host/hosts-present-with-managedby_host.yml
          playbooks/host/hosts-present-with-randompasswords.yml
      
      New tests have been added for the module:
      
          tests/host/certificate/cert1.der
          tests/host/certificate/cert1.pem
          tests/host/certificate/cert2.der
          tests/host/certificate/cert2.pem
          tests/host/certificate/cert3.der
          tests/host/certificate/cert3.pem
          tests/host/certificate/private1.key
          tests/host/certificate/private2.key
          tests/host/certificate/private3.key
          tests/host/certificate/test_host_certificate.yml
          tests/host/certificate/test_hosts_certificate.yml
          tests/host/test_host.yml
          tests/host/test_host_allow_create_keytab.yml
          tests/host/test_host_allow_retrieve_keytab.yml
          tests/host/test_host_managedby_host.yml
          tests/host/test_host_principal.yml
          tests/host/test_host_random.yml
          tests/host/test_hosts.yml
          tests/host/test_hosts_managedby_host.yml
          tests/host/test_hosts_principal.yml
      94b1f25b
    • Thomas Woerner's avatar
      ansible_freeipa_module: Better support for KRB5CCNAME environment variable · e77f4daa
      Thomas Woerner authored
      The use of gssapi.creds.Credentials is not good if krb5 ticket forwarding
      is used. It will fail. gssapi.Credentials with usage and store is the proper
      way to do this.
      e77f4daa
  23. Nov 29, 2019
  24. Nov 20, 2019
    • Thomas Woerner's avatar
      ipahost: Return generated random password · c36cb954
      Thomas Woerner authored
      The random password is only returned if random is yes and the host did
      not exist or update_password is yes.
      
      If only one host is handled by the module, the returned dict is containing
      this dict:
      
        { "randompassword": "<the host random password>" }
      
      If several hosts are handled by the module (future feature):
      
        { "<host>": { "randompassword": "<the host random password>" } }
      
      Fixes issue #134 (ipahost does not return the random password)
      c36cb954
    • Thomas Woerner's avatar
      ipauser: Return generated random password · b5f20922
      Thomas Woerner authored
      The random password is only returned if random is yes and user did not exist
      or update_password is yes.
      
      If only one user is handled by the module, the returned dict is containing
      this dict:
      
        { "randompassword": "<the user random password>" }
      
      If several users are handled by the module:
      
        { "<user>": { "randompassword": "<the user random password>" } }
      
      This is related to issue #134 (ipahost does not return the random password)
      b5f20922
  25. Nov 15, 2019
  26. Nov 08, 2019
  27. Nov 07, 2019
    • Rafael Guterres Jeffman's avatar
      New sudorule (Sudo Rule) management module · 2f621608
      Rafael Guterres Jeffman authored
      There is a new sudorule (Sudo Rule) management module placed in the plugins
      folder:
      
        plugins/modules/ipasudorule.py
      
      The sudorule module allows to ensure presence and absence of Sudo Rules.
      
      Here is the documentation for the module:
      
        README-sudorule.md
      
      New example playbooks have been added:
      
          playbooks/sudorule/ensure-sudorule-host-member-is-absent.yml
          playbooks/sudorule/ensure-sudorule-host-member-is-present.yml
          playbooks/sudorule/ensure-sudorule-hostgroup-member-is-absent.yml
          playbooks/sudorule/ensure-sudorule-hostgroup-member-is-present.yml
          playbooks/sudorule/ensure-sudorule-is-absent.yml
          playbooks/sudorule/ensure-sudorule-is-disabled.yml
          playbooks/sudorule/ensure-sudorule-is-enabled.yml
          playbooks/sudorule/ensure-sudorule-is-present.yml
          playbooks/sudorule/ensure-sudorule-sudocmd-is-absent.yml
          playbooks/sudorule/ensure-sudorule-sudocmd-is-present.yml
      
      New tests added for the module:
      
        tests/hbacrule/test_sudorule.yml
      2f621608
    • Thomas Woerner's avatar
      ipahostgroup: Fix changed flag, support IPA 4.6 on RHEL-7, new test cases · 0e64c80c
      Thomas Woerner authored
      The changed flag returned by ipahostgroup calls have not always been correct.
      The use of the module with IPA version 4.6 on RHEL-7 resulted in encoding
      errors. All this has been fixed.
      
      Addtitionally new test cases have been added to make sure that the issues
      are solved.
      0e64c80c
  28. Nov 05, 2019
    • Thomas Woerner's avatar
      New hbacrule (HBAC Rule) management module · d36d25d6
      Thomas Woerner authored
      There is a new hbacrule (HBAC Rule) management module placed in the plugins
      folder:
      
        plugins/modules/ipahbacrule.py
      
      The hbacrule module allows to ensure presence and absence of HBAC Rules.
      
      Here is the documentation for the module:
      
        README-hbacrule.md
      
      New example playbooks have been added:
      
        playbooks/hbacrule/ensure-hbarule-allhosts-absent.yml
        playbooks/hbacrule/ensure-hbarule-allhosts-disabled.yml
        playbooks/hbacrule/ensure-hbarule-allhosts-enabled.yml
        playbooks/hbacrule/ensure-hbarule-allhosts-present.yml
        playbooks/hbacrule/ensure-hbarule-allhosts-server-member-absent.yml
        playbooks/hbacrule/ensure-hbarule-allhosts-server-member-present.yml
      
      New tests added for the module:
      
        tests/hbacrule/test_hbacrule.yml
      d36d25d6
  29. Oct 31, 2019
  30. Oct 30, 2019
    • Thomas Woerner's avatar
      ipagroup: Fix changed flag, new test cases · ff9ce6b8
      Thomas Woerner authored
      The changed flag returned by ipagroup calls have not been correct. This
      change fixes this. Addtitionally new test cases have been added to make
      sure that the changed flag is correct.
      ff9ce6b8
    • Thomas Woerner's avatar
      ipagroup: Properly support IPA versions 4.6 and RHEL-7 · a4a15def
      Thomas Woerner authored
      group_add_member is only supporting services in more recent IPA versions.
      This is 4.7+. Code has been added to detect if services are supported by
      the used IPA version and used in the parameters of the module. In this case
      an error is printed.
      
      Additionally all parameters will be get from the module using
      module_params_get provided by ansible_freeipa_module. Additional to_text
      conversions have been removed as they are not needed anymore with this.
      a4a15def
  31. Oct 25, 2019
    • Thomas Woerner's avatar
      New hbacsvcgroup (HBAC Service Group) management module · 4b9860e1
      Thomas Woerner authored
      There is a new hbacsvcgroup (HBAC Service Group) management module placed
      in the plugins folder:
      
        plugins/modules/ipahbacsvcgroup.py
      
      The hbacsvc module allows to ensure presence and absence of HBAC Service
      Groups.
      
      Here is the documentation for the module:
      
        README-hbacsvcgroup.md
      
      New example playbooks have been added:
      
        playbooks/hbacsvcgroup/ensure-hbacsvcgroup-absent.yml
        playbooks/hbacsvcgroup/ensure-hbacsvcgroup-member-absent.yml
        playbooks/hbacsvcgroup/ensure-hbacsvcgroup-member-present.yml
        playbooks/hbacsvcgroup/ensure-hbacsvcgroup-present.yml
      
      New tests added for the module:
      
         tests/hbacsvcgroup/test_hbacsvcgroup.yml
      4b9860e1
Loading