Skip to content
  1. May 05, 2023
  2. Mar 02, 2023
    • Thomas Woerner's avatar
      ipauser: Make return value depending on users parameter · 61caa578
      Thomas Woerner authored
      The way how randompasswords are returned by the ipauser module depends
      so far on the number of users that are handled by the module.
      
      This is unexpected if for example a json file is provided with the users
      parameter. As it might be unknown how many users are in the json file,
      this behaviour is unexpected. The return should not vary in this case.
      
      This chamge makes the return simply depend on the use of the users
      paramater. As soon as this parameter is used, the return will always be:
      
      "user": { "<the user>": { "randompassword": "<the user random password>" } }
      
      In the simply case with one user it will be still
      
      "user": { "randompassword": "<the user random password>" }
      
      Fixes: #1052 (ipauser should consitently return randompasswords when
                    used with users)
      61caa578
  3. Feb 21, 2023
  4. Jan 17, 2023
  5. Dec 20, 2022
    • Thomas Woerner's avatar
      user: Use FQCN for ansible.builtin · 198298b2
      Thomas Woerner authored
      Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
      ansible.builtin.set_fact instead of set_fact for example and aplies for
      all actions that are part of ansible.builtin.
      
      All the replaced ansible.builtins:
        assert, command, copy, debug, fail, fetch, file, import_playbook,
        import_tasks, include_role, include_tasks, include_vars, package,
        set_fact, shell, slurp, stat, systemd
      198298b2
  6. Nov 17, 2022
    • Rafael Guterres Jeffman's avatar
      upstream tests: Removal of 'warn: no' from shell plugins · 6601ee3a
      Rafael Guterres Jeffman authored
      The parameter 'warn' from ansible.builtin.shell was deprecated in
      ansible-core version 2.11 and removed in version 2.14.
      
      This patch removes the usage of this parameter from ansible-freeipa
      tests, and adds 'deprecated-command-syntax' to the skip list of
      ansible-lint configuration to cope with the change in the linter.
      6601ee3a
  7. Apr 26, 2022
    • Rafael Guterres Jeffman's avatar
      ipauser: Refactor module due to fix on arguments comparison. · 70f4b7d6
      Rafael Guterres Jeffman authored
      Due to a change in 'ansible_freeipa_module.compare_args_ipa', playbook
      parameters using empty strings are correctly evaluated, and do not need
      to be removed before comparison is performed.
      
      A new test playbook, with tests for clearing attributes with an empty
      string ("") is available at:
      
          tests/user/test_user_empty_lists.yml
      70f4b7d6
  8. Feb 24, 2022
    • Thomas Woerner's avatar
      ipauser: Set allow_empty_string for userauthtype and sshpubkey · 03098c21
      Thomas Woerner authored
      The parameters userauthtype and sshpubkey allowing to use "" to reset to
      the default value.
      
      The new check in params_get is not allowing to use empty strings in lists,
      therefore allow_empty_string=True had to be added to the call.
      
      A test has been added to verify that the empty strings are supported and
      working. An idempotency issue with sshpubkey has been found with the test
      and fixed additionally.
      03098c21
  9. Jan 25, 2022
    • Rafael Guterres Jeffman's avatar
      ipauser: Fix idempotence issue when using 'preserved'. · 7f61e72a
      Rafael Guterres Jeffman authored
      When trying to ensure 'state: absent' with 'preserved: yes' in ipauser,
      after the first execution the playbook would fail with "user is already
      present". Similar idempotence issue would happen when 'state: undelete'
      was used.
      
      This PR fixes both issues, and improve tests for the states where user
      is preserved, enabled and disabled. The 'find_user' function now uses
      IPA API 'user_show' instead of 'user_find' so that only the requested
      user is actually returned.
      7f61e72a
  10. Jan 20, 2022
  11. Nov 24, 2021
  12. Oct 01, 2021
    • Rafael Guterres Jeffman's avatar
      Fix execution of client context tests. · 16db5039
      Rafael Guterres Jeffman authored
      When running the tests that can be executed either on server or client
      context, without defining 'ipa_context', the context is automatically
      identified.
      
      Currently, the tests in upstream CI run only on a server, and the
      context is identified as "server" context, and in order to run the test
      using a client context 'ipa_context' must be set to 'client'.
      
      This patch fixes all the client context tests by correctly setting
      ipa_context when running the client context tests in a server host.
      16db5039
  13. Sep 29, 2021
  14. Sep 28, 2021
    • Rafael Guterres Jeffman's avatar
      ipauser: Allow execution of plugin in client host. · 27b50957
      Rafael Guterres Jeffman authored
      Update user README file and add tests for executing plugin with
      `ipaapi_context` set to `client`.
      
      A new test playbook can be found at:
      
          tests/user/test_user_client_context.yml
      
      The new test file can be executed in a FreeIPA client host that is
      not a server. In this case, it should be defined in the `ipaclients`
      group, in the inventory file.
      27b50957
  15. Aug 11, 2021
  16. May 26, 2021
  17. Nov 19, 2020
    • Thomas Woerner's avatar
      Fix lookup for certicates in tests · b866c56e
      Thomas Woerner authored
      The file lookup is by default setting `rstrip=True` which could lead
      into a stripped new line. This is not happening always but resulted in
      failed tests sometimes with certificates pasted to the b64encode filter.
      
      For calls of lookup in the certificae tests `rstrip=False` has been
      added to make sure that this is not happening any more. Not in
      test_dnsrecord as lookup(..., rstrip=False) is adding a new line if
      there was not a new line and this is an issue for dnsrecord. The user
      and host tests have also been simplified to create the base64 encoded
      file in the beginning and use this file then later on in the tests
      without the need to use the b64encode filter.
      
      Ref: https://github.com/ansible/ansible/issues/57521#issuecomment-502238000
      b866c56e
  18. Sep 26, 2020
    • Rafael Guterres Jeffman's avatar
      Remove certificates used inline in module tests. · 9c138824
      Rafael Guterres Jeffman authored
      This patch adds Ansible tasks to create and remove self-signed
      certificates, instead of using previously created certificates.
      The certificates are then `lookup`, instead of being used inline
      in the playbooks.
      
      Playbooks are easier to read and maintain with this changes, and
      there is no need  to change the playbooks, if a certificate expires.
      9c138824
  19. Sep 04, 2020
  20. Aug 21, 2020
    • Thomas Woerner's avatar
      tests/user/test_users*.yml: Use extended dynamic users.json · b7e1a99b
      Thomas Woerner authored
      test_users_absent.yml was using users_absent.json. It has been adapted to
      use users.json instead with an additional json_query to get only the names
      from users_present.json.
      
      create_users_json.yml has been added to create users.json if it is missing
      containing 500 users. It is included by test_users_present.yml and
      test_users_absent.yml.
      
      users_present.sh has been renamed to users.sh and modified to create by
      default users.json with 1000 users and additional with password and
      passwordexpiration in two years.
      
      jmespath has been added to pip install list in
      tests/azure/templates/playbook_tests.yml to emable the use of json_query.
      
      The requirement for jmespath has been added to tests/README.md.
      b7e1a99b
  21. Jun 29, 2020
    • Thomas Woerner's avatar
      ipa[user,host]: Fail on duplucate names in the users and hosts lists · 1d7fb31b
      Thomas Woerner authored
      It was possible to have several entries for names with the hosts and users
      lists. This resulted sometimes in errors but also unexpected changes. A new
      check has been added to make sure that the names in the users and hosts
      lists are unique.
      
      New tests have been added to verify this in the existing files:
      - tests/host/test_hosts.yml
      - tests/user/test_users.yml
      1d7fb31b
  22. May 12, 2020
    • Thomas Woerner's avatar
      ipauser: Fix certmapdata, add missing certmapdata data option · ac61f597
      Thomas Woerner authored
      certmapdata was not processed properly. The certificate was not loaded and
      therefore the `issuer` and `subject` could not be compared to the
      certmapdata entries in the user record. The function `load_cert_from_str`
      from ansible_freeipa_moduleis used for this.
      
      Additionally there was no way to use the certmapdata data format. This
      is now possible with the `data` option in the certmapdata dict.
      
      Example: "data: X509:<I>dc=com,dc=example,CN=ca<S>dc=com,dc=example,CN=test"
      
      `data` may not be used together with `certificate`, `issuer` and `subject`
      in the same record.
      
      Given certmapdata for the ipauser module is now converted to the internal
      data representation using also the new function `DN_x500_text` from
      `ansible_freeipa_module`.
      
      New functions `convert_certmapdata` and `check_certmapdata` have been added
      to ipauser.
      
      tests/user/certmapdata/test_user_certmapdata.yml has been extended with
      additional tasks to verify more complex issuer and subjects and also using
      the data format.
      ac61f597
  23. May 06, 2020
    • Thomas Woerner's avatar
      Do not remove member attributes while updating others · 457050c6
      Thomas Woerner authored
      Because of a missing check member attributes (for use with action: member)
      are cleared when a non-member attribute is changed. The fix simply adds a
      check for None (parameter not set) to gen_add_del_lists in
      ansible_freeipa_module to make sure that the parameter is only changed if
      it should be changed.
      
      All places where the add and removal lists have been generated manually
      have been changed to also use gen_add_del_lists.
      
      Resolves: #252 (The "Manager" attribute is removed when updating any user
                      attribute)
      457050c6
  24. Feb 26, 2020
    • Thomas Woerner's avatar
      tests: Unite admin passwords · d3c6b976
      Thomas Woerner authored
      The tests have been using MyPassword123 and also SomeADMINpassword within
      the tasks of the tests. SomeADMINpassword should be used everywhere.
      d3c6b976
  25. Feb 11, 2020
    • Thomas Woerner's avatar
      tests: Fix top name tags in tests · 28d8896b
      Thomas Woerner authored
      Most tests have simply been using the Tests as name, but this there is a
      lack of information in automated runs. The name should be similar to the
      test file name.
      28d8896b
  26. Nov 20, 2019
    • Thomas Woerner's avatar
      ipauser: Return generated random password · b5f20922
      Thomas Woerner authored
      The random password is only returned if random is yes and user did not exist
      or update_password is yes.
      
      If only one user is handled by the module, the returned dict is containing
      this dict:
      
        { "randompassword": "<the user random password>" }
      
      If several users are handled by the module:
      
        { "<user>": { "randompassword": "<the user random password>" } }
      
      This is related to issue #134 (ipahost does not return the random password)
      b5f20922
  27. Nov 09, 2019
  28. Nov 08, 2019
  29. Oct 21, 2019
    • Thomas Woerner's avatar
      ipauser: User module extension · 40713e71
      Thomas Woerner authored
      The ipauser module now supports all user settings and additionally to ensure
      the presence of several users with the new users setting. The users setting
      can also be used with other states, but it has to be limited to only contain
      the name of the users.
      
      There updated user management module is placed in the plugins folder:
      
        plugins/modules/ipauser.py
      
      The user module now additionally allows to handle these user settings:
      
        initials
        principalexpiration
        random
        city
        userstate
        postalcode
        mobile
        pager
        fax
        orgunit
        manager
        carlicense
        sshpubkey
        userauthtype
        userclass
        radius
        radiususer
        departmentnumber
        employeenumber
        employeetype
        preferredlanguage
        certificate
        certmapdata
        noprivate
        nomembers
      
      Here is the updated documentation for the module:
      
        README-user.md
      
      New example playbooks have been added:
      
        playbooks/user/user_certificate_absent.yml
        playbooks/user/user_certificate_present.yml
        playbooks/user/user_present.yml
        playbooks/user/users_absent.yml
        playbooks/user/users_certificate_absent.yml
        playbooks/user/users_certificate_present.yml
        playbooks/user/users_present.yml
        plugins/modules/ipauser.py
      
      New tests added for ipauser:
      
        tests/user/certificate/cert1.der
        tests/user/certificate/cert1.pem
        tests/user/certificate/cert2.der
        tests/user/certificate/cert2.pem
        tests/user/certificate/cert3.der
        tests/user/certificate/cert3.pem
        tests/user/certificate/private1.key
        tests/user/certificate/private2.key
        tests/user/certificate/private3.key
        tests/user/certificate/test_user_certificate.yml
        tests/user/certificate/test_users_certificate.yml
        tests/user/certmapdata/test_user_certmapdata.yml
        tests/user/certmapdata/test_user_certmapdata_issuer_subject.yml
        tests/user/certmapdata/test_users_certmapdata.yml
        tests/user/test_user.yml
        tests/user/test_users.yml
        tests/user/test_users_absent.yml
        tests/user/test_users_invalid_cert.yml
        tests/user/test_users_present.yml
        tests/user/test_users_present_slice.yml
        tests/user/users_absent.json
        tests/user/users_absent.sh
        tests/user/users_present.json
        tests/user/users_present.sh
      40713e71
Loading