ipaadmin_variables are handled by IPAAnsibleModule,
ansible_module.params_get is used to get the parameters and
ansible_module.ipa_connect is used to simplify the module.

ipaadmin_variables are handled by IPAAnsibleModule,
ansible_module.params_get is used to get the parameters and
ansible_module.ipa_connect is used to simplify the module.

Use IPAAnsibleModule and ipamodule_base_docs in the templates of
utils/new_module.

ipaadmin_password lines in the examples have been added, ipaadmin_
variables are handled by IPAAnsibleModule, ansible_module.params_get is
used to get the parameters and ansible_module.ipa_connect is used to
simplify the module.

ipamodule+member.py.in is additionally using gen_add_list and
gen_intersection_list to reduce the command calls to the changes only.

This class is an extended version of the Ansible Module that provides
IPA specific methods to simplify module generation.

Simple example:

    from ansible.module_utils.ansible_freeipa_module import \
        IPAAnsibleModule

    def main():
        ansible_module = IPAAnsibleModule(
            argument_spec=dict(
                  name=dict(type="str", aliases=["cn"], default=None),
                  state=dict(type="str", default="present",
                             choices=["present", "absent"]),
            ),
        )

        # Get parameters
        name = ansible_module.params_get("name")
        state = ansible_module.params_get("state")

        # Connect to IPA API
        with ansible_module.ipa_connect():

            # Execute command
            if state == "present":
                ansible_module.ipa_command(["command_add", name, {}])
            else:
                ansible_module.ipa_command(["command_del", name, {}])

        # Done

        ansible_module.exit_json(changed=True)

    if __name__ == "__main__":
        main()

pylint: Upgrade to version 2.10.2.

This PR sets pylint to version 2.10.2 in all linter actions, and
fixes code in plugins so that this version new checks are either
satisfied or ignored if needed.

ipapermission: Add 'new_name' as an alias to 'rename'.

build_containers: build CI container images on Sundays.

tests/trust: Add ipaadmin_password to test playbooks.

Use Ansible fact "os_family" as fallback, when distro is not directly suppported.

When loading variables in all ansible-freeipa roles, it is expected
that a file with these variables is present for each supported Linux
distribution, and then, based on the information about the distribution
provided by Ansible, the correct file is loaded.

Previously, only the facts `distribution` and dinstribution version
related facts were used, which required specific files, or links to
files for distributions in the same "family", which will probably have
the same variables set.

This change adds searching for files based on the `os_family` fact,
allowing distributions that follow the same family rules to be
supported, without any changes to the codebase. It is still possible
that a specific distribution configuration overrides the default
behavior, as `os_family` has lower priority than `distribution`.

For example, distributions on the `RedHat` family, like Oracle Linux,
Alma Linux, and Rocky Linux, work withoutadding new files, or links to
files, to fill the `vars`.

Fix issue #573. Fix issue #523.

When loading variables in all ansible-freeipa roles, it is expected
that a file with these variables is present for each supported Linux
distribution, and then, based on the information about the distribution
provided by Ansible, the correct file is loaded.

Previously, only the facts `distribution` and dinstribution version
related facts were used, which required specific files, or links to
files for distributions in the same "family", which will probably have
the same variables set.

This change adds searching for files based on the `os_family` fact,
allowing distributions that follow the same family rules to be
supported, without any changes to the codebase. It is still possible
that a specific distribution configuration overrides the default
behavior, as `os_family` has lower priority than `distribution`.

For example, distributions on the `RedHat` family, like Oracle Linux,
Alma Linux, and Rocky Linux, work withoutadding new files, or links to
files, to fill the `vars`.

Fix issue #573. Fix issue #523.

When loading variables in all ansible-freeipa roles, it is expected
that a file with these variables is present for each supported Linux
distribution, and then, based on the information about the distribution
provided by Ansible, the correct file is loaded.

Previously, only the facts `distribution` and dinstribution version
related facts were used, which required specific files, or links to
files for distributions in the same "family", which will probably have
the same variables set.

This change adds searching for files based on the `os_family` fact,
allowing distributions that follow the same family rules to be
supported, without any changes to the codebase. It is still possible
that a specific distribution configuration overrides the default
behavior, as `os_family` has lower priority than `distribution`.

For example, distributions on the `RedHat` family, like Oracle Linux,
Alma Linux, and Rocky Linux, work withoutadding new files, or links to
files, to fill the `vars`.

Fix issue #573. Fix issue #523.

When loading variables in all ansible-freeipa roles, it is expected
that a file with these variables is present for each supported Linux
distribution, and then, based on the information about the distribution
provided by Ansible, the correct file is loaded.

Previously, only the facts `distribution` and dinstribution version
related facts were used, which required specific files, or links to
files for distributions in the same "family", which will probably have
the same variables set.

This change adds searching for files based on the `os_family` fact,
allowing distributions that follow the same family rules to be
supported, without any changes to the codebase. It is still possible
that a specific distribution configuration overrides the default
behavior, as `os_family` has lower priority than `distribution`.

For example, distributions on the `RedHat` family, like Oracle Linux,
Alma Linux, and Rocky Linux, work withoutadding new files, or links to
files, to fill the `vars`.

Fix issue #573. Fix issue #523.

New ipamodule_base_vars

ansible-lint: Add paths and files to exclude list.

Some YAML files used in the project are not Ansible playbooks and
should not be evaluated by ansible-lint. This change add the paths
and files that should not be evaluated to an exclude list, that
affects linter operations in CI and pre-commit scripts.

There are common parameters in all modules like ipaadmin_principal and
ipaadmin_password. As this list of common parameters will be extended
soon, there is a need to reduce the code and documentation duplicates.

A ModuleDocFragment is added to provide the module documentation for the
common parameters. This is used in the modules with
extends_documentation_fragment.

ansible_freeipa_module has additional ipamodule_base_spec and
get_ipamodule_base_vars. ipamodule_base_spec extends argument_spec in
the module and get_ipamodule_base_vars is used to return a dict
containing the common parameters.

sudorule: Reduce addition and deletion of members to changed only

pre-commit: Update version of pre-commit hooks.

Use gen_add_list and gen_intersection_list for host, hostgroup, user,
group, allow_sudocmd, allow_sudocmdgroup, deny_sudocmd, deny_sudocmdgroup,
sudooption, runasuser, runasgroup and res_find member handling.

The functions are used to reduce the add lists to the new entries
only and the delete lists to the entries that are in the user and
the show list result.

This enables to remove the ignores for "already a member" and
"not a member" errors..

hbacrule: Create FQDN from single hostnames

Single hostnames can be used for hbacrule_add_host and will match fqdn
in IPA internally. Simple host names have to be extended to be FQDN to
be able to compare them for _host_add and _host_remove.

Two new functions have been added to ansible_freeipa_module:

- api_get_domain - Get the domain from the api
- ensure_fqdn - Extend a single name with the domain

This fixes #617 - hbacrule_add_host: already a member

add module to create and manage automount locations

Fix task name in selfservice example playbook.

Replace json_query in tests/user/test_users_absent.yml

json_query is not part of Ansible Core. As this is the only used module
that is not in Core it has been replaced by constructig a new dict with
the needed user names from users dict using a loop and set_fact.

Modules that support `state: renamed` have `new_name` as an alias
for the `rename` variable. This patch makes ipapermission consistent
with other modules.

There is a new automount location management module placed in the plugins folder:

plugins/modules/ipaautomountlocation.py

This module allows to ensure presence and absence of automount locations
that act as containers for automount onjects in ipa.

Here is the documentation for the module:

README-automountlocation.md

New example playbooks have been added:

playbooks/automount/automount-location-absent.yml
playbooks/automount/automount-location-present.yml

New tests for the module:

tests/automount/test_automountlocation.yml

automember: Verify condition keys

New meta/runtime.yml for galaxy for requires_ansible

The automember_add_condition and automember_remove_condition commands
are not verifying condition keys in all cases. This is for example not
done in the removal case if a condition is not part of the automember
rule.

For consistent behaviour this needs to be done in the automember module
now. The condition keys are verified with the user and group aciattrs
returned by the API command json_metadata now.

Related: RHBZ#1976926

ipaautomember: Fix documentation.

Galaxy now requires meta/runtime.yml to define requires_ansible.

runtime.yml has been added with requires_ansible: ">=2.9"

Missing variable "action" added in the automember module documentation.

Test playbooks were missing ipaadmin_password.

Fix display of variables in ipaserver role README.