Skip to content
  1. Aug 03, 2020
    • Sergio Oliveira Campos's avatar
      Fixed error msgs on FreeIPABaseModule subclasses · 563a03d9
      Sergio Oliveira Campos authored
      When a fail_json is called a SystemExit exeception is raised.
      Since the FreeIPABaseModule has an internal context manager to deal
      with exceptions this ContextManager captures the SystemExit. After
      dealing destroying the kinit session the SystemExit must be raised again
      to allow the fail_json to work properly.
      563a03d9
  2. Jul 27, 2020
    • Rafael Guterres Jeffman's avatar
      Add support for IPA CLI option `posix`. · 8c889e9b
      Rafael Guterres Jeffman authored
      This patch adds suport for the IPA CLI option `posix` when modifying
      an existing group. Also, enhances verification of `external` and
      `posix/non-posix` groups to avoid unneded API failures (e.g. when
      no change to the posix/external status is needed).
      
      A new test was added:
      
          tests/group/test_group_external_nonposix.yml
      8c889e9b
  3. Jul 21, 2020
    • Rafael Guterres Jeffman's avatar
      New Role management module · b33c5a7b
      Rafael Guterres Jeffman authored
      There is a new role management module placed in the plugins folder:
      
          plugins/modules/iparole.py
      
      The role module allows to ensure presence or absence of roles and
      manage role members.
      
      Here is the documentation for the module:
      
          README-role.md
      
      New example playbooks have been added:
      
          playbooks/role/role-is-absent.yml
          playbooks/role/role-is-present.yml
          playbooks/role/role-member-group-absent.yml
          playbooks/role/role-member-group-present.yml
          playbooks/role/role-member-host-absent.yml
          playbooks/role/role-member-host-present.yml
          playbooks/role/role-member-hostgroup-absent.yml
          playbooks/role/role-member-hostgroup-present.yml
          playbooks/role/role-member-privilege-absent.yml
          playbooks/role/role-member-privilege-present.yml
          playbooks/role/role-member-service-absent.yml
          playbooks/role/role-member-service-present.yml
          playbooks/role/role-member-user-absent.yml
          playbooks/role/role-member-user-present.yml
          playbooks/role/role-members-absent.yml
          playbooks/role/role-members-present.yml
          playbooks/role/role-rename.yml
      
      New tests for the module:
      
          tests/role/test_role.yml
          tests/role/test_role_service_member.yml
      b33c5a7b
  4. Jun 29, 2020
    • Thomas Woerner's avatar
      ipa[host]group: Fix membermanager unknow user issue · 6132a947
      Thomas Woerner authored
      If a unknown membermanager user presence will be ensured, the unknown user
      error was ignored. This has been fixed in ipagroup. The code for the error
      handling in ipagroup and ipahostgroup has been adapted because of this.
      
      New tests for tests/[host]group/test_[host]group_membermnager.yml have been
      added.
      6132a947
    • Rafael Guterres Jeffman's avatar
      Add suppport for changing password of symmetric vaults. · 78b635ae
      Rafael Guterres Jeffman authored
      Allows changing passwords of symmetric waults, using a new variable
      `new_password` (or the file-base version, `new_password_file`). The
      old password must be passed using the `password` or `password_file`
      variables that also received new aliases `old_password` and
      `old_password_file`, respectively.
      
      Tests were modyfied to reflect the changes.
      78b635ae
    • Thomas Woerner's avatar
      ipa[user,host]: Fail on duplucate names in the users and hosts lists · 1d7fb31b
      Thomas Woerner authored
      It was possible to have several entries for names with the hosts and users
      lists. This resulted sometimes in errors but also unexpected changes. A new
      check has been added to make sure that the names in the users and hosts
      lists are unique.
      
      New tests have been added to verify this in the existing files:
      - tests/host/test_hosts.yml
      - tests/user/test_users.yml
      1d7fb31b
  5. Jun 26, 2020
  6. Jun 15, 2020
  7. Jun 11, 2020
    • Rafael Guterres Jeffman's avatar
      Fixes attempt to create rules with members when category is `all`. · cf54d139
      Rafael Guterres Jeffman authored
      Current implementation of hbacrule and sudorule allow for a new rule
      creation script to be partialy successful when a member is provided and
      the respective member category is set to `all` (either users, hosts,
      services, commands, and their group counterparts).
      
      Since the creation of the rule is independent of the adittion of members,
      the rule is succesfully created, but member addition fails, leaving with
      a created rule that has no members on it.
      
      This patch fixes both modules by verifying if user, host, service or
      commands (and groups of members) are being added if the corresponding
      category is set to `all`, when the state is `present` and the action is
      not `member`. If so, it fails before the rule is created.
      cf54d139
    • Rafael Guterres Jeffman's avatar
      Fixes error handling on dnsconfig module. · d73b6e39
      Rafael Guterres Jeffman authored
      This fixes reporting errors on dnsconfig module and add some tests
      to verify that invalid IP addresses cannot be used as forwarders.
      d73b6e39
    • Rafael Guterres Jeffman's avatar
      Add support for missing attributes, and enhance ipaconfig tests. · f7ca62e5
      Rafael Guterres Jeffman authored
      This patch add support for the attributes `maxtostname` and
      `ca_renewal_master_server` attributes that were missing and
      also provide a more complete set of tests.
      f7ca62e5
    • Rafael Guterres Jeffman's avatar
      Add state `retrieved` to ipavault to retrieve vault stored data. · 0bcb4eaf
      Rafael Guterres Jeffman authored
      This patch adds support for retrieving data stored in an IPA vault by
      adding a new valid state for ipavault: `retrieved`.
      
      To allow the retrieval of data from assymetric vaults, the attributes
      `private_key`, `private_key_files` and `out` were also added to the
      module.
      
      The private key files, `private.pem`, should be paired with the already
      existing `public.pem` public key files.
      
      Tests were updated to reflect changes and two new playbooks were added:
      
          playbooks/vault/retrive-data-asymmetric-vault.yml
          playbooks/vault/retrive-data-symmetric-vault.yml
      0bcb4eaf
    • Rafael Guterres Jeffman's avatar
      Fixes password behavior on Vault module. · 04564248
      Rafael Guterres Jeffman authored
      This patch fixes handling of password and public_key files, parameter
      validation depending on vault type, usage of `salt` attribute and data
      retrieval.
      
      Tests were updated to reflect the changes.
      
      New example playbooks are added:
      
          playbooks/vault/vault-is-present-with-password-file.yml
          playbooks/vault/vault-is-present-with-public-key-file.yml
      04564248
    • Thomas Woerner's avatar
      ipahostgroup: Add support for group membership management · ff03b315
      Thomas Woerner authored
      A group membership manager is a user or a group that can add members to
      a group or remove members from a hostgroup.
      
      This is related to https://pagure.io/freeipa/issue/8114
      
      New parameters have been added to the module:
      - `membermanager_user`: List of member manager users assigned to this
        group. Only usable with IPA versions 4.8.4 and up.
      - `membermanager_group`: List of member manager groups assigned to this
        group. Only usable with IPA versions 4.8.4 and up.
      
      These parameters behave like member parameters.
      
      A new test has been added:
      - tests/hostgroup/test_hostgroup_membermanager.yml
      ff03b315
    • Rafael Guterres Jeffman's avatar
      New dnsrecord management module. · 0abfe8ab
      Rafael Guterres Jeffman authored
      There is a new dnsrecord managem module placed in the plugins folder:
      
          plugins/modules/ipadnsrecord.py
      
      The dnsrecord module allows management of DNS records and is as compatible
      as possible with the Ansible upstream `ipa_dnsrecord` module, but provide
      some other features like multiple record management in one execution,
      support for more DNS record types, and more.
      
      Here is the documentation for the module:
      
          README-dnsrecord
      
      New example playbooks have been added:
      
          playbooks/dnsrecord/ensure-dnsrecord-is-absent.yml
          playbooks/dnsrecord/ensure-dnsrecord-is-present.yml
          playbooks/dnsrecord/ensure-presence-multiple-records.yml
          playbooks/dnsrecord/ensure-dnsrecord-with-reverse-is-present.yml
          playbooks/dnsrecord/ensure-multiple-A-records-are-present.yml
          playbooks/dnsrecord/ensure-A-and-AAAA-records-are-absent.yml
          playbooks/dnsrecord/ensure-A-and-AAAA-records-are-present.yml
          playbooks/dnsrecord/ensure-CNAME-record-is-absent.yml
          playbooks/dnsrecord/ensure-CNAME-record-is-present.yml
          playbooks/dnsrecord/ensure-MX-record-is-present.yml
          playbooks/dnsrecord/ensure-PTR-record-is-present.yml
          playbooks/dnsrecord/ensure-SRV-record-is-present.yml
          playbooks/dnsrecord/ensure-SSHFP-record-is-present.yml
          playbooks/dnsrecord/ensure-TLSA-record-is-present.yml
          playbooks/dnsrecord/ensure-TXT-record-is-present.yml
          playbooks/dnsrecord/ensure-URI-record-is-present.yml
      
      New tests for the module can be found at:
      
          tests/dnsrecord/test_dnsrecord.yml
          tests/dnsrecord/test_compatibility_with_ansible_module.yml
          tests/dnsrecord/test_dnsrecord_full_records.yml
      0abfe8ab
    • Rafael Guterres Jeffman's avatar
    • Rafael Guterres Jeffman's avatar
  8. Jun 09, 2020
    • Thomas Woerner's avatar
      ipagroup: Add support for group membership management · 0acf576d
      Thomas Woerner authored
      A group membership manager is a user or a group that can add members to
      a group or remove members from a group.
      
      This is related to https://pagure.io/freeipa/issue/8114
      
      New parameters have been added to the module:
      - `membermanager_user`: List of member manager users assigned to this
        group. Only usable with IPA versions 4.8.4 and up.
      - `membermanager_group`: List of member manager groups assigned to this
        group. Only usable with IPA versions 4.8.4 and up.
      
      These parameters behave like member parameters.
      
      A new test has been added:
      - tests/group/test_group_membermanager.yml
      0acf576d
    • Thomas Woerner's avatar
      ipahostgroup: Add support for group membership management · fd7eb4f8
      Thomas Woerner authored
      A group membership manager is a user or a group that can add members to
      a group or remove members from a hostgroup.
      
      This is related to https://pagure.io/freeipa/issue/8114
      
      New parameters have been added to the module:
      - `membermanager_user`: List of member manager users assigned to this
        group. Only usable with IPA versions 4.8.4 and up.
      - `membermanager_group`: List of member manager groups assigned to this
        group. Only usable with IPA versions 4.8.4 and up.
      
      These parameters behave like member parameters.
      
      A new test has been added:
      - tests/hostgroup/test_hostgroup_membermanager.yml
      fd7eb4f8
  9. Jun 08, 2020
  10. Jun 06, 2020
  11. Jun 05, 2020
    • Rafael Guterres Jeffman's avatar
      Fixes password behavior on Vault module. · 59cb7eeb
      Rafael Guterres Jeffman authored
      This patch fixes handling of password and public_key files, parameter
      validation depending on vault type, usage of `salt` attribute and data
      retrieval.
      
      Tests were updated to reflect the changes.
      
      New example playbooks are added:
      
          playbooks/vault/vault-is-present-with-password-file.yml
          playbooks/vault/vault-is-present-with-public-key-file.yml
          playbooks/vault/retrive-data-asymmetric-vault.yml
          playbooks/vault/retrive-data-symmetric-vault.yml
      59cb7eeb
    • chrisp's avatar
      There is a new config management module placed in the plugins folder: · 56b13684
      chrisp authored
        plugins/modules/ipaconfig.py
      
      The config module allows the user change global config settings.
      
      The config module is as compatible as possible to the Ansible upstream
      ipa_config module, but adds many extra variables.
      
      Here is the documentation for the module:
      
        README-config.md
      56b13684
  12. Jun 01, 2020
    • Rafael Guterres Jeffman's avatar
      Fixes host absent when DNS zone is not found. · 05a1aaed
      Rafael Guterres Jeffman authored
      Since ipahost uses dnsrecord-show, it raises an error when DNS zone is
      not found, but it should not be an ipahost concern.
      
      This patch fixes this behavior by returning no record if DNS zone is
      not found, so processing resumes as if there is no record for the host.
      It fixes behavior when `state: absent` and dnszone does not exist, so,
      host should not exist either, and the ipahost answer is correct and
      indifferent to DNS Zone state.
      05a1aaed
  13. May 28, 2020
    • Rafael Guterres Jeffman's avatar
      Fixes no_log warning for `update_password`. · 5b538628
      Rafael Guterres Jeffman authored
      This patch explicitly set `no_log` option for `update_password` attribute
      to `False`, so that the warning on `no_log` not being set is not issued
      anymore. Ansible incorrectly issued the warning, as `update_password` does
      not carry sensitive information.
      5b538628
Loading