Fix role issues in Debian based distros.

correct comment in example playbook

Login shell is called defaultshell and not defaultlogin

upstream ci: Build images for CentOS 9 Stream.

Insert "ensure maxlife is set to 49 in global policy" instead of the wrong comment from cut&paste.

The example didn't work for me with the following error (on freeipa 4.9.8):

TASK [display default login shell] **************************************************************************************************
fatal: [freeipa1.example.org]: FAILED! => {"msg": "
The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'defaultlogin'

Using the correct variable defaultshell works for me.

This patch add support for building testing images for CentOS 9 Stream.

When using ipaclient role under Debian 10 (Buster), it is required
that the python interpreter is set to Python 2.7 as freeipa-client
package pulls in Python 2.7 dependencies, and does not work with
Python 3.

This patch adds configuration to properly set python interpreter.

Based on the work by Marc Richter (@The-Judge on Github).

Fix issue #607.

Ubuntu Bionic Beaver must use python2 as Python interpreter due to
the way python-ipalib package is defined.

Before using the role for installation, one  must install package
python2.7 before executing this role.

Based on the work by Manuel Laurent (@mlaurent205 on Github).

ipaservice: Use IPAAnsibleModule member result handler.

ansible_module_utils: Add method to get parameters as lowercase.

Use IPAAnsibleModule default error handler for member arguments instead
of a custom one.

When managing ipaservice members, gen_add_del_lists, gen_add_list and
get_intersection_list should be used and the result tested for empty
sets so already existing or missing members are not added or removed
again.

This changes fixes this behavior, by applying these functions to all
ipaservice members.

CI: Add supoprt for Shellcheck

automember: Fix behavior of unused parameters.

Add shellcheck as an action to be executed on every PR.

`Shellcheck` is a linter tool for shell scripts that is also used in
Automation Hub.

This change adds a pre-commit hook to run shellcheck on shell scripts.
The hook uses a Docker image, which needs to be downloaded on the first
run. It works well  with `podman`.

build-galaxy-release: Cleanup of ipabackup_get_backup_dir.py link

CI: Test modules against Ansible core 2.11 and latest Ansible

The link for plugins/modules/ipabackup_get_backup_dir.py from
roles/ipabackup/library/ipabackup_get_backup_dir.py was left over
after the script finished.

Changes needed to pass Automation Hub tests

__metaclass__ is required for all plugins to be able to pass
Automation Hub tests.

This patch is needed to pass Automation Hub tests.

This patch is needed to pass Automation Hub tests.

This patch is needed to pass Automation Hub tests.

This patch is needed to pass Automation Hub tests.

This patch is needed to pass Automation Hub tests.

This patch is needed to pass Automation Hub tests.

This patch is needed to pass Automation Hub tests.

This patch is needed to pass Automation Hub tests.

This patch is needed to pass Automation Hub tests.

Currently, upstream CI test documentation against different Ansible
versions, but playbook tests are only executed with Ansible 2.9 series.
This patch add support for running playbook tests against Ansible 2.9,
ansible-core 2.11, and against latest version of Ansible.

As running all the tests for every PR would take too long, the tests
for every PR use only Anisble 2.9, and are executed on Fedora-latest
and CentOS 7 and 8.

A new pipeline for nightly tests was added, which runs the tests in the
same distros, using Ansible 2.9, latest and Ansible-core 2.11.

ipaprivilege: Fix permissions handling.

sudorule: Fix runas with external users and groups.

Many module member attributes must be handled in a case insensitive
manner. To ease handling these cases, a function and a method to get
the module parameters converted to lowercase is provided.

If a task with 'action: automember' tried to modify an automember rule
and did not provide either 'inclusive' or 'exclusive' parameters, the
regex for the missing arguments would be removed.

This patch fixes this behavior to only modify those parameters that
were set on the task, and leave the missing parameters in the state
they were before the task.

Tests have been updated to verify expected behavior.

Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1976922

When setting 'runasuser' or 'runasgroup' for a sudorule, either IPA or
external users and groups can be used, but only IPA users and groups
were being searched for when modifying the attributes, making this task
not idempotent if an external group or user was used..

This patch fixes this issue by comparing users and groups to the IPA
and external setting.

The IPA CLI commands are slightly confusing, as the sudorule-add and
sudorule-mod display separate options for internal and external users
and groups, but these options are deprecated and do not work anymore,
in favor of sudorule-add-runasuser and sudorule-add-runasgroup, which
don't diferentiate between internal and external users, from the CLI
user perspective.

ipaservice: Fix idempotent behavior for principal aliases.

This patch removes the custom command result handler in favor of the
IPAAnsibleModule default member handler and fixes creation of add and
del lists of permissions, fixing the behavior of the moudule execution
when 'check_mode: yes'.