- Nov 12, 2019
-
-
Thomas Woerner authored
Add command and information about ansible-galaxy collection install. Installing collections using the ansible-galaxy command is only supported with ansible 2.9+. The mazer tool can be used for to install the collection for ansible 2.8:
-
- Nov 07, 2019
-
-
Rafael Guterres Jeffman authored
ipahostgroup: Fix changed flag, support IPA 4.6 on RHEL-7, new test cases
-
Thomas Woerner authored
New sudorule (Sudo Rule) management module
-
Rafael Guterres Jeffman authored
There is a new sudorule (Sudo Rule) management module placed in the plugins folder: plugins/modules/ipasudorule.py The sudorule module allows to ensure presence and absence of Sudo Rules. Here is the documentation for the module: README-sudorule.md New example playbooks have been added: playbooks/sudorule/ensure-sudorule-host-member-is-absent.yml playbooks/sudorule/ensure-sudorule-host-member-is-present.yml playbooks/sudorule/ensure-sudorule-hostgroup-member-is-absent.yml playbooks/sudorule/ensure-sudorule-hostgroup-member-is-present.yml playbooks/sudorule/ensure-sudorule-is-absent.yml playbooks/sudorule/ensure-sudorule-is-disabled.yml playbooks/sudorule/ensure-sudorule-is-enabled.yml playbooks/sudorule/ensure-sudorule-is-present.yml playbooks/sudorule/ensure-sudorule-sudocmd-is-absent.yml playbooks/sudorule/ensure-sudorule-sudocmd-is-present.yml New tests added for the module: tests/hbacrule/test_sudorule.yml
-
Thomas Woerner authored
Added support for predefining client OTP using ipaclient_otp
-
Thomas Woerner authored
The changed flag returned by ipahostgroup calls have not always been correct. The use of the module with IPA version 4.6 on RHEL-7 resulted in encoding errors. All this has been fixed. Addtitionally new test cases have been added to make sure that the issues are solved.
-
- Nov 05, 2019
-
-
Thomas Woerner authored
New hbacrule (HBAC Rule) management module
-
Thomas Woerner authored
There is a new hbacrule (HBAC Rule) management module placed in the plugins folder: plugins/modules/ipahbacrule.py The hbacrule module allows to ensure presence and absence of HBAC Rules. Here is the documentation for the module: README-hbacrule.md New example playbooks have been added: playbooks/hbacrule/ensure-hbarule-allhosts-absent.yml playbooks/hbacrule/ensure-hbarule-allhosts-disabled.yml playbooks/hbacrule/ensure-hbarule-allhosts-enabled.yml playbooks/hbacrule/ensure-hbarule-allhosts-present.yml playbooks/hbacrule/ensure-hbarule-allhosts-server-member-absent.yml playbooks/hbacrule/ensure-hbarule-allhosts-server-member-present.yml New tests added for the module: tests/hbacrule/test_hbacrule.yml
-
- Oct 31, 2019
-
-
Thomas Woerner authored
ipauser: Add info about version limitation of passwordexpiration
-
Thomas Woerner authored
The information about the version limitation of the passwordexpiration parameter has been missing. The parameter is only usable for IPA versions 4.7 and up.
-
Thomas Woerner authored
ipagroup: Fix changed flag, new test cases
-
Thomas Woerner authored
ipagroup: Properly support IPA versions 4.6 and RHEL-7
-
- Oct 30, 2019
-
-
Thomas Woerner authored
The changed flag returned by ipagroup calls have not been correct. This change fixes this. Addtitionally new test cases have been added to make sure that the changed flag is correct.
-
Thomas Woerner authored
group_add_member is only supporting services in more recent IPA versions. This is 4.7+. Code has been added to detect if services are supported by the used IPA version and used in the parameters of the module. In this case an error is printed. Additionally all parameters will be get from the module using module_params_get provided by ansible_freeipa_module. Additional to_text conversions have been removed as they are not needed anymore with this.
-
- Oct 25, 2019
-
-
Varun Mylaraiah authored
New hbacsvcgroup (HBAC Service Group) management module
-
Thomas Woerner authored
There is a new hbacsvcgroup (HBAC Service Group) management module placed in the plugins folder: plugins/modules/ipahbacsvcgroup.py The hbacsvc module allows to ensure presence and absence of HBAC Service Groups. Here is the documentation for the module: README-hbacsvcgroup.md New example playbooks have been added: playbooks/hbacsvcgroup/ensure-hbacsvcgroup-absent.yml playbooks/hbacsvcgroup/ensure-hbacsvcgroup-member-absent.yml playbooks/hbacsvcgroup/ensure-hbacsvcgroup-member-present.yml playbooks/hbacsvcgroup/ensure-hbacsvcgroup-present.yml New tests added for the module: tests/hbacsvcgroup/test_hbacsvcgroup.yml
-
Thomas Woerner authored
Updated requirements for python3-gssapi
-
- Oct 24, 2019
-
-
Varun Mylaraiah authored
New hbacsvc (HBAC Service) management module
-
Thomas Woerner authored
There is a new hbacsvc (HBAC Service) management module placed in the plugins folder: plugins/modules/ipahbacsvc.py The hbacsvc module allows to ensure presence and absence of HBAC Services. Here is the documentation for the module: README-hbacsvc.md New example playbooks have been added: playbooks/hbacsvc/ensure-hbacsvc-absent.yml playbooks/hbacsvc/ensure-hbacsvc-present.yml New tests added for pwpolicy: tests/hbacsvc/test_hbacsvc.yml
-
- Oct 22, 2019
-
-
Thomas Woerner authored
Ipapwpolicy
-
Thomas Woerner authored
There is a new pwpolicy management module placed in the plugins folder: plugins/modules/ipapwpolicy.py The pwpolicy module allows to ensure presence and absence of pwpolicies for groups. Here is the documentation for the module: README-pwpolicy.md New example playbooks have been added: playbooks/pwpolicy/pwpolicy_absent.yml playbooks/pwpolicy/pwpolicy_present.yml New tests added for pwpolicy: tests/pwpolicy/test_pwpolicy.yml
-
Thomas Woerner authored
With IPA 4.5 integers for examle in pwpolicy_find are returned as integer values. The internally generated value will be converted from integer to string (using to_text) if the value from find call result is a string (or unicode for Python2).
-
Thomas Woerner authored
New sudocmdgroup management module.
-
Rafael Guterres Jeffman authored
There is a new sudocmdgroup management module placed in the plugins folder: plugins/modules/ipasudocmdgroup.py The sudocmdgroup module allows to add or remove sudo command groups.. The sudocmdgroup module is as compatible as possible to the Ansible upstream ipa_sudocmdgroup module, and additionally offers to ensure member presence and absence. Here is the documentation for the module: README-sudocmdgroup.md New example playbooks have been added: playbooks/sudocmd/ensure-sudocmdgroup-is-absent.yml playbooks/sudocmd/ensure-sudocmdgroup-is-present.yml playbooks/sudocmd/ensure-sudocmd-is-absent-in-sudocmdgroup.yml playbooks/sudocmd/ensure-sudocmd-is-present-in-sudocmdgroup.yml A test playbook is provided in: tests/sudocmdgroup/test_sudocmdgroup.yml Signed-off-by:
Rafael Guterres Jeffman <rjeffman@redhat.com>
-
Thomas Woerner authored
New sudocmd management module.
-
Rafael Guterres Jeffman authored
There is a new sudocmd management module placed in the plugins folder: plugins/modules/ipasudocmd.py The sudocmd module allows to add or remove sudo commands. The sudocmd module is as compatible as possible to the Ansible upstream ipa_sudocmd module. Here is the documentation for the module: README-sudocmd.md New example playbooks have been added: playbooks/sudocmd/ensure-sudocmd-is-absent.yml playbooks/sudocmd/ensure-sudocmd-is-present.yml Signed-off-by:
Rafael Guterres Jeffman <rjeffman@redhat.com>
-
Thomas Woerner authored
Ipauser rework
-
- Oct 21, 2019
-
-
Thomas Woerner authored
The ipauser module now supports all user settings and additionally to ensure the presence of several users with the new users setting. The users setting can also be used with other states, but it has to be limited to only contain the name of the users. There updated user management module is placed in the plugins folder: plugins/modules/ipauser.py The user module now additionally allows to handle these user settings: initials principalexpiration random city userstate postalcode mobile pager fax orgunit manager carlicense sshpubkey userauthtype userclass radius radiususer departmentnumber employeenumber employeetype preferredlanguage certificate certmapdata noprivate nomembers Here is the updated documentation for the module: README-user.md New example playbooks have been added: playbooks/user/user_certificate_absent.yml playbooks/user/user_certificate_present.yml playbooks/user/user_present.yml playbooks/user/users_absent.yml playbooks/user/users_certificate_absent.yml playbooks/user/users_certificate_present.yml playbooks/user/users_present.yml plugins/modules/ipauser.py New tests added for ipauser: tests/user/certificate/cert1.der tests/user/certificate/cert1.pem tests/user/certificate/cert2.der tests/user/certificate/cert2.pem tests/user/certificate/cert3.der tests/user/certificate/cert3.pem tests/user/certificate/private1.key tests/user/certificate/private2.key tests/user/certificate/private3.key tests/user/certificate/test_user_certificate.yml tests/user/certificate/test_users_certificate.yml tests/user/certmapdata/test_user_certmapdata.yml tests/user/certmapdata/test_user_certmapdata_issuer_subject.yml tests/user/certmapdata/test_users_certmapdata.yml tests/user/test_user.yml tests/user/test_users.yml tests/user/test_users_absent.yml tests/user/test_users_invalid_cert.yml tests/user/test_users_present.yml tests/user/test_users_present_slice.yml tests/user/users_absent.json tests/user/users_absent.sh tests/user/users_present.json tests/user/users_present.sh
-
Thomas Woerner authored
The function api_get_realm is returning the realm of a connected FreeIPA api. This is needed for proper principal checks in the extended ipauser module that supports principals now.
-
Thomas Woerner authored
The conversion is needed because older FreeIPA versions are returning tuples in some cases instead of lists. To be able to compare them the conversion to a list is needed.
-
- Oct 18, 2019
-
-
Thomas Woerner authored
to_text has not been imported from ansible.module_utils._text but it was used in _afm_convert. The import has been added.
-
- Oct 09, 2019
-
-
Thomas Woerner authored
The module_params_get function can and should be used as a replacement of ansible_module.params.get. For Python2 it is needed to convert parameters to unicode. Otherwise there will be an error in the FreeIPA API command. The private function _afm_convert has been added to do the conversion recursively.
-
Thomas Woerner authored
api_check_param can be used to verify if params are available for a command in the used FreeIPA version. The function has been added as api is normally not imported into modules.
-
Thomas Woerner authored
The order of lists returned by find commands is not guaranteed. Therefore lists are now converted to sets to compare them properly.
-
Thomas Woerner authored
api_command is always used within try clause, therefore it is not needed to have an extra try clause within api_command. Additionally it is needed to get the dofferent errors in the next level.
-
- Oct 07, 2019
-
-
Thomas Woerner authored
fix various typos in README files
-
Thorsten Scherf authored
-
- Oct 02, 2019
-
-
Varun Mylaraiah authored
ipagroup: Rework to use same mechanisms as ipahostgroup module
-
- Oct 01, 2019
-
-
Thomas Woerner authored
The ipagroup module was not using the failed and completed items in the dict that is returned with api_command. But it was creating add and remove lists for users, groups and services. This is not needed if the failures "already a member" and "not a member" in the result failures are ignored. Only other failures are reported.
-
- Sep 27, 2019
-
-
Varun Mylaraiah authored
tests/external-signed-ca tests: Fix external-ca.sh to use proper serials
-