ipaclient: Do not fail on rmkeytab error #7

Due to commit f3f9672d527008dc741ac90aa465bac842eea08d (ipa-rmkeytab: Check
return value of krb5_kt_(start|end)_seq_get) in IPA 4.9.2 there is a new
error reported for ipa-rmkeytab in case of a non existing keytab file.
Using ipa-rmkeytab now results in the error #7 in this case.

The client role is using ipa-rmkeytab and needs to ignore error #7 also.

Fixes: #510 (ipa-client installation with OTP is failed with error code 7
             (keytab: /usr/sbin/ipa-rmkeytab returned 7))

example playbooks: ipaselfservice examples mentioned ipadelegation.

Fix ipapermission example playbooks

The example playbooks for ipaselfservice were using the wrong module,
ipadelegation. This patch changes the references from ipadelegation
to ipaselfservice on these example playbooks.

Also, the attributes were changed, so the same attributes are used
throughout the examples.

By using only one permission name, examples are easier to follow.

Example playbooks for ipapermission didn't have default password set.

ipapremission playbooks were using the invalid attribute `perm_right`.
The attribute was changed to `right`.

Fix container build.

Fixed names of member objects of sudorule

Building containers for CentOS and Fedora were failing due to image
download failure. The container build process was fixed by changing
the base images.

Without explicit installation, Ansible was failing to run on
Azure pipelines. This change explicitly install the latest
Ansible version available through `pip`.

In the near future, Github will use Ubuntu 20.04, for workflows, and
this change will keep the upstream CI environment consistent between
Github and Azure.

Fixed names of sudorule member objects, as they did not match the names provided by IdM.

From:			To:
member_host		memberhost_host
member_hostgroup	memberhost_hostgroup
member_user		memberuser_user
member_group		memberuser_group

Fixes: #500

Fix build-galaxy.sh execution and add running info.

This patch adds a missing argument to `read` and adds information
on which step is being executed.

A wrong variable was used inside of the while IFS read loops. This
prevented that the modules, playbooks, tasks, example playbooks and also
tests have been adapted for the galaxy release naming scheme.

Fix adding A/AAAA records with reverse in compatibility mode.

Improve ipapermission member management.

In `ipapermission` plugin, Some attributtes were not being managed
when `action: member` was enabled.

This patch enable member management for `right`, `rawfilter`,
`filter, and fixes management of `memberof`.

Fix issue #489

When adding A or AAAA records using the compatibility mode with
Ansible's community general plugin, the reverse (PTR) record was
added, but the A/AAAA record was not. This patch fixes the behavior.

Fix issue #491

Fix typo in README-permission.md

There is a typo "Eure" instead of "Ensure" in the rename task.

ipapermission: Fix attrs and drop privilege handling

ipadnszone: Fix values accepted by allow_transfer and allow_query.

Change test requirement testinfra to pytest-testinfra.

The attrs handling was not complete and did not support to ensure presence
or absence of attributes with action:member.

The includedattrs and excludedattrs parameters have not been added with
this change as the use of attrs will automatically set includedattrs and
excludedattrs. The includedattrs and excludedattrs parameters are only
usable for managed permissions and duplicating attrs.

The permission module may not handle privileges. An IPA internal only API
has been used for this. The prvilege variable and all related code paths
have been removed.

Fixes: #424 ([Permission Handling] Not able to add additional attributes
             with existing attributes)
Fixes: #425 ([Permission Handling] Not able to add member privilege while
             adding permission)

Fix changing the type of an existing Vault.

Fix handling members in ipa role.

Update modules to support check_mode

There are some issues using a combination of `lookup('file')` and the
`b64encode` filter in Ansible, making tests unstable. This change
removes the usage of b64encode when loading public and private keys
from files in the Vault test playbooks.

Added code to the ipa* plugins to support Ansible's check_mode, by
means of a clean exit before the execution of the actual list of
commands that would otherwise create/update/delete IPA servers
and/or its resources.

Current implementation does not allow the change of an existingi Vault
type. To allow it, data is retrieved from the current vault, the vault
is modifiend, and then, data is stored again in the new vault.

Due to changing the process of modifying a vault, this change also
fixes the update of asymmetric vault keys. To change the key used,
the task must provide the old private key, used to retrieve data,
and the new public_key, used to store the data again. A new alias
was added to public_key (new_public_key) and public_key_file
(new_public_key_file) so that the playbook better express the
intention of the tak.

Vault tests have been updated to better test against the new update
process, and a new test file has bee added:

    tests/vault/test_vault_change_type.

In FreeIPA CLI, The attributes `allow_query` and `allow_transfer` can
hold IPv4 or IPv6 address or network address, and the values `none` and
`any`.

This patch adds support for network addresses, `none` and `any`, which
were not supported.

Fix issue #475.

When adding new members to a role, the existing members were removed.
The correct behavior for the "member" action is to add those members,
and substitute the existing ones. This patch fixes this behavior.

Fix #409, #411, #412, #413

According to the testinfra changelog, since version 6.0.0, testinfra
is know as pytest-testinfra, and the use of testinfra is deprecated.
This change will prevent future isses when updating requirements using
`pip`.

Ref: https://testinfra.readthedocs.io/en/latest/changelog.html

Fix typo

Faster pre-commit by running ansible-lint only when necessary.

Tools flake8 bugbear