- May 25, 2021
-
-
Rafael Guterres Jeffman authored
-
Thomas Woerner authored
The new argument ignore has been added to compare_args_ipa to ignore attributes while comparing attributes of the user args and the object args returned from IPA find or show command. This code is using changes from - Wolskie in PR #392 - jake2184 in PR #486
-
Thomas Woerner authored
Currently user, group, host, hostgoup, hbacsvc and hbacsvcgroup members are always added and removed with hbacrule_add_.. and hbacrule_remove_.. if they are given as parameters with action: member. Now the module is using the new functions gen_intersection_list and gen_add_list from ansible_freeipa_module to reduce the lists to the items only that are needed to be added or removed. The errors "already a member" and "not a member" are not ignored anymore now while executing the comamnds.
-
Thomas Woerner authored
Two new functions have been added for member management in plugins: gen_add_list(user_list, res_list) Generate the add list for addition of new members. gen_intersection_list(user_list, res_list) Generate the intersection list for removal of existing members. gen_add_list should be used to add new members with action: members and state: present. It is returning the difference of the user and res list if the user list is not None. gen_intersection_list should be used to remove existing members with action: members and state: absent. It is returning the intersection of the user and res list if the user list is not None.
-
- May 24, 2021
-
-
Rafael Guterres Jeffman authored
Instead o importing ipalib.errors, modules must use ansible_freeipa_module.ipalib_errors.
-
Rafael Guterres Jeffman authored
Instead o importing ipalib.errors, modules must use ansible_freeipa_module.ipalib_errors.
-
Rafael Guterres Jeffman authored
Instead o importing ipalib.errors, modules must use ansible_freeipa_module.ipalib_errors.
-
Rafael Guterres Jeffman authored
Instead o importing ipalib.errors, modules must use ansible_freeipa_module.ipalib_errors.
-
Rafael Guterres Jeffman authored
Instead o importing ipalib.errors, modules must use ansible_freeipa_module.ipalib_errors.
-
Rafael Guterres Jeffman authored
Instead o importing ipalib.errors, modules must use ansible_freeipa_module.ipalib_errors.
-
- May 21, 2021
-
-
Rafael Guterres Jeffman authored
When `auth-ind` was empty, and it was set to be cleared, it might have triggered an uncessary change. This change add a test so that `auth-ind` is set only if needed.
-
Rafael Guterres Jeffman authored
In current implementation, when using `smb: yes`, only a small subset of the attributes can be used in the playbook. This happened due the use of `service_add_smb`, which adds a new service and does not modify an existing one, and not coping with attributes not supported by this IPA API call. The implementation was modified so that a service with `smb: true` is treated like any other service, which, in effect, simplified and fixed service search, and allowed for the use of the same attributes as with any service. Although simplified, when using `smb: true` an extra query is done against the LDAP server, as a second `service_show` is performed. Tests have been updated to reflect the new imprlementation.
-
Thomas Woerner authored
A dnszone_mod call is always made to set the serial for a zone even if this serial is set already. A check is added to make sure that the serial is only set with dnszone_mod if there is no serial set or if the serial is different.
-
- May 20, 2021
-
-
Thomas Woerner authored
The "DNS resource record not found" error occurs when a host arecord or aaaarecord member is ensured to be absent and no dnsrecord entry for the host exists. The arecord or aaaarecord item are removed from dnsrecord_args if the record is not defined in res_find_dnsrecord.
-
Thomas Woerner authored
A repeated category reset of usercategory, hostcategory, cmdcaterory, runasusercategory and hostcategory is resulting in the error "no modifications to be performed". The empty categories are now removed from the args if the category is not set in the sudorule.
-
- May 18, 2021
-
-
Thomas Woerner authored
There is a new server management module placed in the plugins folder: plugins/modules/ipaserver.py The server module allows to ensure presence and absence of servers. The module requires an existing server, the deployment of a new server can not be done with the module. DNSName has been added to ansible_freeipa_module in plugins/module_utils as this is used for locations. Here is the documentation for the module: README-server.md New example playbooks have been added: playbooks/server/server-absent-continue.yml playbooks/server/server-absent-force.yml playbooks/server/server-absent-ignore_last_of_role.yml playbooks/server/server-absent-ignore_topology_disconnect.yml playbooks/server/server-absent.yml playbooks/server/server-hidden.yml playbooks/server/server-location.yml playbooks/server/server-no-location.yml playbooks/server/server-no-service-weight.yml playbooks/server/server-not-hidden.yml playbooks/server/server-present.yml playbooks/server/server-service-weight.yml New tests for the module: tests/server/test_server.yml Change in module_utils/ansible_freeipa_module: DNSName is imported from ipapython.dnsutil and also added to __all__
-
- May 11, 2021
-
-
Thomas Woerner authored
Line too long and too many blank line errors and a trailing whitespace have been fixed.
-
- May 05, 2021
-
-
Rafael Guterres Jeffman authored
Module was raising exceptions when trying to create a new privilege with permissions. This change fixes the behavior and ensuure idempotence with trying to create a privilege with the same values. Tests for this behavior have been appended to: tests/privilege/test_privilege.yml
-
Rafael Guterres Jeffman authored
There were no test for the arguments of compare_args_ipa() to check if they were `None`, and they were used in contexts where `None` would raise exceptions. A test was added to return `False` if only one of the parameters is `None`, and `True` if both are None.
-
- May 04, 2021
-
-
Rafael Guterres Jeffman authored
IPA translates exception messages and Ansible uses controller's language to execute plugins on target hosts, and since ansible-freeipa uses Exceptions messages to detect some errors and/or states, using any language that has a translation for the required messages may cause the plugin to misbehave. This patch modifies ansible_freeipa_module in plugin/module_utils to force the use of "C" as the language by setting the environment variable LANGUAGE. Tests were added to verify the correct behavior: tests/environment/test_locale.yml The first test will fail, if ansible_freeipa_module is not patched, with the message: host_show failed: nonexistent: host nicht gefunden This issue is not present if the language selected does not provide a translation for the eror message. This patch does not fix encoding issues that might occur in certain releases (e.g.: CentOS 8.3). Fix #516
-
- Feb 16, 2021
-
-
Matt Davis authored
* prevents failures on Ansible 2.9 during module build due to https://github.com/ansible/ansible/issues/68361 * fixes https://github.com/freeipa/ansible-freeipa/issues/315
-
- Jan 26, 2021
-
-
Eric Nothen authored
Fixed names of sudorule member objects, as they did not match the names provided by IdM. From: To: member_host memberhost_host member_hostgroup memberhost_hostgroup member_user memberuser_user member_group memberuser_group Fixes: #500
-
- Jan 12, 2021
-
-
Rafael Guterres Jeffman authored
In `ipapermission` plugin, Some attributtes were not being managed when `action: member` was enabled. This patch enable member management for `right`, `rawfilter`, `filter, and fixes management of `memberof`. Fix issue #489
-
Rafael Guterres Jeffman authored
When adding A or AAAA records using the compatibility mode with Ansible's community general plugin, the reverse (PTR) record was added, but the A/AAAA record was not. This patch fixes the behavior. Fix issue #491
-
- Jan 08, 2021
-
-
Thomas Woerner authored
The attrs handling was not complete and did not support to ensure presence or absence of attributes with action:member. The includedattrs and excludedattrs parameters have not been added with this change as the use of attrs will automatically set includedattrs and excludedattrs. The includedattrs and excludedattrs parameters are only usable for managed permissions and duplicating attrs. The permission module may not handle privileges. An IPA internal only API has been used for this. The prvilege variable and all related code paths have been removed. Fixes: #424 ([Permission Handling] Not able to add additional attributes with existing attributes) Fixes: #425 ([Permission Handling] Not able to add member privilege while adding permission)
-
- Jan 06, 2021
-
-
Eric Nothen authored
Added code to the ipa* plugins to support Ansible's check_mode, by means of a clean exit before the execution of the actual list of commands that would otherwise create/update/delete IPA servers and/or its resources.
-
- Jan 04, 2021
-
-
Rafael Guterres Jeffman authored
Current implementation does not allow the change of an existingi Vault type. To allow it, data is retrieved from the current vault, the vault is modifiend, and then, data is stored again in the new vault. Due to changing the process of modifying a vault, this change also fixes the update of asymmetric vault keys. To change the key used, the task must provide the old private key, used to retrieve data, and the new public_key, used to store the data again. A new alias was added to public_key (new_public_key) and public_key_file (new_public_key_file) so that the playbook better express the intention of the tak. Vault tests have been updated to better test against the new update process, and a new test file has bee added: tests/vault/test_vault_change_type.
-
- Dec 29, 2020
-
-
Rafael Guterres Jeffman authored
In FreeIPA CLI, The attributes `allow_query` and `allow_transfer` can hold IPv4 or IPv6 address or network address, and the values `none` and `any`. This patch adds support for network addresses, `none` and `any`, which were not supported. Fix issue #475.
-
- Dec 22, 2020
-
-
Rafael Guterres Jeffman authored
When adding new members to a role, the existing members were removed. The correct behavior for the "member" action is to add those members, and substitute the existing ones. This patch fixes this behavior. Fix #409, #411, #412, #413
-
- Dec 16, 2020
-
-
Rafael Guterres Jeffman authored
Running flake8 with bugbear enable found an extra for-loop that is not needed. The for-loop was removed, fixing bubear's warning.
-
- Nov 25, 2020
-
-
Rafael Guterres Jeffman authored
Remove an unused attribute that has no parallel in IPA API.
-
Rafael Guterres Jeffman authored
This PR fixes the creation of sudocmdgroups when the sudocmds are specified, allowing groups to be created with sudocmd members in a single task. Fix issue #440.
-
- Nov 24, 2020
-
-
Rafael Guterres Jeffman authored
When using ipahost module with servers where DNS was not configured it failed to add hosts due to an exception raised on `dnsrecord_show` that was not being correctly handled. As the exception was being handled twice, the This patch simply removes one of the handlers, allowing the exception to propagate to the caller, where it is handled. Fixes issue #434.
-
- Nov 21, 2020
-
-
Rafael Guterres Jeffman authored
There was a failure when NAPTR or DLV records where updated, if the record name had multiple entries. This patch fixes this behavior, by using the requested record, not the retrieved one. Tests have been updated to test for this issue on tests/dnsrecord/test_dnsrecord.yml
-
- Nov 20, 2020
-
-
Rafael Guterres Jeffman authored
Due to an issue with FreeIPA, when modifying the SOA serial attribute along with other attributes, the value is ignored. In order to have the value provided, the attribute is set is a later call to dnszone-mod allowing it to retain the desired value. Ref: https://pagure.io/freeipa/issue/8489
-
- Nov 19, 2020
-
-
Rafael Guterres Jeffman authored
Examples of dnsforwarzone were using a single string rather than a dict of values to set attribute `forwarders`. Both source code and README examples were fixed. Fix issue #446
-
- Nov 18, 2020
-
-
Rafael Guterres Jeffman authored
-
Rafael Guterres Jeffman authored
This change fixes retrieval of CERT values from server data, that was failing due to wrong attribute name.
-
Rafael Guterres Jeffman authored
When modifying a record, depending on how the playbook tasks were arranged, it was possible to end with more records than expected. This behavior was fixed by modifying the way records are searched when a modification is requested. This change also allows less calls find_dnsrecord. Tests were modified to reflect the changes, and a new test playbook was added: tests/dnsrecord/test_dnsrecord_modify_record.yml
-
- Nov 16, 2020
-
-
Rafael Guterres Jeffman authored
FreeIPA 4.8.7 has introduced bind type 'self' as a valid value, and this PR adds checks so the module fails early if the value is used with an unsupported version. Tests and documentation have been updated to reflect the changes.
-