In some places, disabling the warnings rather than fixing it required
less changes, without compromising readability.

Protected access is required for AnsibleModule.

Although both warnings are relevant, the code style choosen for
ansible-freeipa currently require them to be disable.

This should be enabled in the future, but currently, nearly all
modules rely on `Exception`, and the changes would be too invasive.

Although it is an interesting setup, it currently has too many false
positives, disable comments are not working for duplicate-code, and
there are some expected duplications in the modules.

Fix usage of ipalib errors.

Various spelling/style fixes in README.md

Enhance ipaservice tests.

ansible_freeipa_module.py: Add ignore argument to compare_args_ipa

Hbacrule only make required member changes

The new argument ignore has been added to compare_args_ipa to ignore
attributes while comparing attributes of the user args and the object
args returned from IPA find or show command.

This code is using changes from
- Wolskie in PR #392
- jake2184 in PR #486

Currently user, group, host, hostgoup, hbacsvc and hbacsvcgroup members
are always added and removed with hbacrule_add_.. and hbacrule_remove_..
if they are given as parameters with action: member.

Now the module is using the new functions gen_intersection_list and
gen_add_list from ansible_freeipa_module to reduce the lists to the items
only that are needed to be added or removed.

The errors "already a member" and "not a member" are not ignored
anymore now while executing the comamnds.

Two new functions have been added for member management in plugins:

gen_add_list(user_list, res_list)
    Generate the add list for addition of new members.

gen_intersection_list(user_list, res_list)
    Generate the intersection list for removal of existing members.

gen_add_list should be used to add new members with action: members and
state: present. It is returning the difference of the user and res list
if the user list is not None.

gen_intersection_list should be used to remove existing members with
action: members and state: absent. It is returning the intersection of
the user and res list if the user list is not None.

tests/azure: Install community.docker Ansible collection

The test preparation failed with "the connection plugin
'community.docker.docker' was not found" in "Setup test container".

"ansible-galaxy collection install community.docker" has been added
to

  tests/azure/templates/playbook_tests.yml and
  tests/azure/templates/pytest_tests.yml

Instead o importing ipalib.errors, modules must use
ansible_freeipa_module.ipalib_errors.

Instead o importing ipalib.errors, modules must use
ansible_freeipa_module.ipalib_errors.

Instead o importing ipalib.errors, modules must use
ansible_freeipa_module.ipalib_errors.

Instead o importing ipalib.errors, modules must use
ansible_freeipa_module.ipalib_errors.

Instead o importing ipalib.errors, modules must use
ansible_freeipa_module.ipalib_errors.

Instead o importing ipalib.errors, modules must use
ansible_freeipa_module.ipalib_errors.

Signed-off-by: Robbie Harwood <rharwood@redhat.com>

When `auth-ind` was empty, and it was set to be cleared, it might have
triggered an uncessary change. This change add a test so that `auth-ind`
is set only if needed.

In current implementation, when using `smb: yes`, only a small subset
of the attributes can be used in the playbook. This happened due the
use of `service_add_smb`, which adds a new service and does not modify
an existing one, and not coping with attributes not supported by this
IPA API call.

The implementation was modified so that a service with `smb: true` is
treated like any other service, which, in effect, simplified and fixed
service search, and allowed for the use of the same attributes as with
any service. Although simplified, when using `smb: true` an extra
query is done against the LDAP server, as a second `service_show` is
performed.

Tests have been updated to reflect the new imprlementation.

This patch enables test failure report when result.failed is set,
and make tests more robust against environment differences.

dnszone: Fix no modifications to be performed for serial

host: Fix DNS resource record not found error

A dnszone_mod call is always made to set the serial for a zone even if
this serial is set already.

A check is added to make sure that the serial is only set with
dnszone_mod if there is no serial set or if the serial is different.

ipasudorule: Fix category reset for idempotency

The "DNS resource record not found" error occurs when a host arecord
or aaaarecord member is ensured to be absent and no dnsrecord entry
for the host exists.

The arecord or aaaarecord item are removed from dnsrecord_args if the
record is not defined in res_find_dnsrecord.

A repeated category reset of usercategory, hostcategory, cmdcaterory,
runasusercategory and hostcategory is resulting in the error
"no modifications to be performed".

The empty categories are now removed from the args if the category is
not set in the sudorule.

ansible-doc-test: ANSIBLE_LIBRARY needs to be set internally

Currently ansible-doc-test is run silently. There is no output about
the checked files in the test results. Therefore verbose mode has been
enabled.

ANSIBLE_LIBRARY needs to be set properly for new Ansible version 4.0.0
to make sure that it is able to find the module that is checked.

For every file that needs to be checked, there is a separate ansible-doc
call. ANSIBLE_LIBRARY is set using os.path.dirname on the module_path.

Currently ansible-doc-test is run silently. There is no output about
the checked files in the test results. Therefore verbose mode has been
enabled.

With latest Ansible (4.0.0) it is needed to have a complete path for
ANSIBLE_LIBRARY. It is not good to hard code this in the
.pre-commit-config.yaml file for plugins and also all roles. Instead
it will be set in ansible-doc-test as it knows the path for each file
that is checked.