utils/ansible-freeipa.spec.in: Sync with Fedora rawhide spec file

ipaconfig: Fix example playbook titles.

ipaconfig: Add support for SID related attributes.

Since FreeIPA 4.9.8 the 'config_mod' command has parameters to enable
and configure SIDs, and set the Netbios name.

This patch adds the following parameters to ipaconfig plugin:
    enable_sids: New users and groups automatically get a SID assigned
    add_sids: Add SIDs for existing users and groups
    netbios_name: NetBIOS name of the IPA domain

Both add_sids and netbios_name requires 'enable_sid: yes'.

'enable_sid' and 'netbios_name' are returned when querying IPA
configuration.

'add_sids' always generate SIDs for users and groups, so, muiltiple
executions of the playbook with 'add_sids: yes' will return 'changed',
even if users and groups SIDs are not modified.

A new test playbook is available:

    tests/config/test_config_sid.yml

New examples playbooks are available:

    playbooks/config/change-ipa-domain-netbios-name.yml
    playbooks/config/generate-users-groups-sids.yml

Fixes: #781
Related: https://bugzilla.redhat.com/show_bug.cgi?id=2069174
Related: https://bugzilla.redhat.com/show_bug.cgi?id=2069184

ipabackup: Fix order of ipabackup_name parameter evaluation.

upstream CI: Force retrieval of ansible-freeipa master.

This patch forces the addition of a remote repository pointing to the
main ansible-freeipa repo, and fetch its contents before confaring the
modified files. The remote repository is removed after the modified
file list is generated.

This patch forces the addition of a remote repository pointing to the
main ansible-freeipa repo, and fetch its contents before confaring the
modified files. The remote repository is removed after the modified
file list is generated.

When performing a backup with 'state:present', if 'ipabackup_name' is
provided, the backup will be performed, but the role with return an
error since 'ipabackup_name' should not be set for this state.

This patch moves the parameter evaluation to be performed before the
actual backup is performed, so that the backup is not performed and an
error is reported.

The spec file was updated and was lacking several updates.

ipabackup: Add playbook tests for ipabackup.

upstream CI: Ensure 'master' branch is available for set_test_modules

If the repository is setup in a way that master branch is not available
for comparing the current HEAD against it, the comparison will fail and
not module/role will be scheduled for testing.

This patch forces fetching 'master' from ansible-freeipa repository,
allowing the comparison to be performed.

upstream CI: run PR tests only for affected plugins

A new test playbook for ipabackup role can be found at:

    tests/role_backup/test_backup.yml

The test is not yet complete, as 'state: restored' is not tested.

ipaserver/ipareplica: Add isatty method to AnsibleModuleLog

In some cases ipa code is using sys.stdout.isatty. As stdout is mapped
to AnsibleModuleLog this call will lead in a traceback as it was not
defined.

The staticmethod isatty has been added to AnsibleModuleLog in ipaserver
role module_utils/ansible_ipa_server.py and in ipareplica role
module_utils/ansible_ipa_repica.py.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2120415
       ansible-freeipa Replica Install Setup DNS fails
Fixes: #251 - 'AnsibleModuleLog' object has no attribute 'isatty'
Fixes: #117 - 'AnsibleModuleLog' object has no attribute 'isatty'

The current workflow for bug fixing or new enhancements in
ansible-freeipa includes running Ansible playbooks tests for all the
available plugins for every pull request, even for contained
modifications.

This patch creates a new workflow for pull requests where only the
affected plugins are tested in the PR. Changes that might affect other
parts of the code will trigger tests for the parts affected.

A utility script, utils/filter_tests, is used to set the variables
IPA_ENABLED_MODULES and IPA_ENABLED_TESTS before executing the tests,
effectively limiting which tests are executed. The script uses the
python plugin 'utils/filter_plugins.py' which lists all test modules
that should be executed for a list of modified source files.

Tests are selected for execution based on the plugin name. For example,
a change to 'plugins/modules/ipalocation.py' would trigger all playbook
tests under 'tests/location'. If a test playbook is modified, it is
scheduled to be executed. Changes to any file under
'plugins/module_utils' will force the execution of all tests, since any
module might be affected by that change.

The nature of the change is not evaluated, so a simple typo fix of a
comment in a file under 'plugins/module_utils' would still schedule all
test playbooks to be executed.

For roles, any file changed under the role directory would set the role
to be included in the tests. Playbook tests for roles must be created
under 'tests/<rolename>_role', where role name in the name of the role
without 'ipa', for example, the 'ipabackup' role test playbooks would
be stored under 'tests/backup_role'.

Since there is the possibility that the list of tests to be executed
might be less than the number of tests groups used (3), a new pytest
dependency was added, pytest-custom_exit_code, so that having no tests
to run isn't a test failure.

A new pipeline on Azure needs to be created to use the new test script.

This patch adds support for IPA_ENABLED_* and IPA_DISABLED_* environment
variables as existing global configuration for the tests.

The plugin pytest-split-tests is used to split the tests in several
groups so that the tests can be executed in parallel is upstream CI.

The issue is thet pytest-split-tests last release was more that a
year ago, upstream developers have not been responsive, and there is
a bug when the number of tests to be executed by a group is zero.
The patch to fix this issue has been open for a year.

This patch deprecates the use of pytest-split-tests, changing the
plugin used to split the tests to pytest-split, which is actively
mainatined.

Run tests locally with upstream CI images.

ipaserver: Add missing idstart check

The idstart needs to be larger than UID_MAX or GID_MAX from /etc/login.defs.
This is "Require idstart to be larger than UID_MAX" for freeipa.

Fixes: #896 (Invalid RID/SID SSSD backtrace after deployment)

This patch allows local execution of playbook tests using ustream CI
testing images. Either 'podman' or 'docker' can be used to execute the
tests.

ipaserver: ipaclient part does not need to install packages

fedora rawhide: Temporarily disable failing DNS tests

upstream CI: Fix list evaluation in IPA_ENABLED/IPA_DISABLED tests

Some DNS tests have been disabled for Fedora latest, but not for Fedora
Rawhide. Therefore these tests are filin still in nighty:

- dnsforwardzone
- test_dnsconfig_forwarders_ports

The client part installation is checking for the client packages. These
packages are part of the server packages that have been installed with
the server role and therefore the task is not needed.

This is helping to reduce the deployment time of a server.

Fix short_description flag in plugins, role modules and templates

Before "short description" was used in most plugins, modules and also
in the new module templates.

ansible-doc was therefore not showing the short description. To fix the
issue the flag was renamed to short_description instead.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2121362
       'ansible-doc' -l lists most idm modules as 'UNDOCUMENTED'

When enabling or disabling multiple tests, a comma separated list must
be used, but current code is using a colon to split the list.

This patch fixes this behavior.

Merge pull request #876 from t-woerner/ipareplica_do_not_overwrite_ipaclient_no_ntp_for_client_part_deployment

ipareplica: Do not overwrite ipaclient_no_ntp for client part deployment

ipauser: Add note on attributes 'first' and 'last' requirements

upstream CI: enable/disable tests based on test image

Attributes 'first' and 'last' are required if user does not exist, but
current documentation doesn't make it clear. This patch adds a note on
both attributes to make clear the cases where the attribute is required

Since test configuration can vary in different scenarios (test images)
this patch adds a script to list the scenarios configuration, and a
step to the playbook test jobs to display the scenario configuration.

Currently, all tests are scheduled to execution, even those that are
not executed due to being absent from the list of enabled tests
configured in the IPA_ENABLED_* variables. The tests that are not
executed are marked 'skipped'.

This patch change this behavior by not scheduling tests that are not
configured to be executed. It means that tests not the IPA_DISABLED_*
lists are not skipped anymore, but not scheduled to be executed. If
any test is in IPA_ENABLED_* lists, only those tests are marked for
execution. A side effect is that there is no visual feedback on which
tests were not executed, as disabled tests are not evaluated anymore.

Also, when IPA_SERVER_HOST was not set, all tests were skipped, but
an error should raised in this case, as there are no hosts to run the
tests against.

This patch modifies this behavior to fail the test with an exception if
IPA_SERVER_HOST is not set.

Sometimes, mostly due do differences in package versions, there are
some tests that fail on a single distribution which cannot be fixed
by ansible-freeipa, requiring that the offending package is fixed.

To keep tests running succesfully we have options to disable the
failing tests, but this changes are globally applied, meaning that, by
disabling a test, it is disable in all tested distributions.

This patch allows tests to be enabled or disabled for a specific
distribution, by setting the configuration on the 'variable' template
for the specific testing scenario.