- Dec 20, 2023
-
-
Thomas Woerner authored
ipadnszone: Add support for per-zone privilege delegation
-
- Dec 19, 2023
-
-
Rafael Guterres Jeffman authored
IPA DNS Zones management can be delegated by adding a "Manage DNS zone" permission. The CLI commands that manage these permissions are dnszone-add-permission and dnszone-remove-permission. The ansible-freeipa module ipadnszone did not have this capability, and it now support dnszone per-zone management delegation by setting the module parameter 'permission'. If set to 'true' the permission will be assigned to the zone, if set to false the permission will be removed.
-
Rafael Guterres Jeffman authored
ipaclient: Properly name automount_location var and add documentation
-
Thomas Woerner authored
Handle data type or empty string in module_utils
-
- Dec 15, 2023
-
-
Rafael Guterres Jeffman authored
Use the commom parameter type handling method for parameters that accept a value or an empty string.
-
Rafael Guterres Jeffman authored
Use the commom parameter type handling method for parameters that accept a value or an empty string.
-
Rafael Guterres Jeffman authored
Use the commom parameter type handling method for parameters that accept a value or an empty string.
-
Rafael Guterres Jeffman authored
Some parameters, in modules, have a specific data type, but allow the use of an empty string to clear the parameter. By providing a method to retrieve the parameter with the correct data type, or optionally an empty string, allows for consistency of parameter handling between different modules.
-
- Dec 14, 2023
-
-
Thomas Woerner authored
ipauser: Do not try to modify user when not changing password
-
- Dec 08, 2023
-
-
Rafael Guterres Jeffman authored
The parameter 'allow_empty_string' in 'module_params_get' is used to allow an item in a list to be an empty string. The problem is that the naming is misleading, as it is checking a list item rather than a string. This patch rename the parameter to 'allow_empty_list_item' so that it more clearly refers to list itens instead of standalone strings, and do not collide with future parameters that may test for empty strings which are not part of lists.
-
Thomas Woerner authored
ipaclient: Fix OTP error reporting
-
- Dec 07, 2023
-
-
Rafael Guterres Jeffman authored
Revert "[TEMP] Enable only idp, service and user module tests"
-
Thomas Woerner authored
This reverts commit de3c6c0a.
-
Thomas Woerner authored
ipareplica: Support inventory groups.ipaserver
-
Thomas Woerner authored
upstream ci: Increase timeout for PR tests
-
Rafael Guterres Jeffman authored
After the change for a single job to run PR tests, and if there is any change to ansible_module_utils, all the playbook tests are executed, and the result is a failure due to timeout. This PR increases the timeout so that a PR with changes to ansible_module_utils can have the tests executed.
-
Rafael Guterres Jeffman authored
ipaidp: Fix validation and reset of parameters
-
Thomas Woerner authored
Bump minimum ansible-lint version to 6.22
-
- Dec 06, 2023
-
-
Rafael Guterres Jeffman authored
By the first quarter of 2024, all collections must pass ansible-lint tests run with version 6.22.x. This PR ensure that all ansible-freeipa tests depending on ansible-lint use a valid version of it.
-
Rafael Guterres Jeffman authored
Merge pull request #1186 from t-woerner/test_host_random_conditional_statements_no_jinja2_templating test_host_random: No jinja2 templating in conditional statements
-
Rafael Guterres Jeffman authored
When deploying an IPA client with ipaclient, if an error occured while getting an OTP, no error message is logged, as the task that logs the error is not excuted due to the previous taks failure. By adding a 'rescue' section to the code block and moving the error reporting to this new section, we ensure that the proper error messages will be reported.
-
Thomas Woerner authored
With ansible-core 2.14.12 using jinja2 templating in conditional statements with ansible_facts['fqdn'] is marked as unsafe and results in a failure. The issues with using jinja2 templating in conditional statements for asserts have been solved and a new server_fqdn fact has been added for ansible_facts['fqdn'].
-
- Dec 05, 2023
-
-
Thomas Woerner authored
-
Thomas Woerner authored
The uri parameters auth_uri, dev_auth_uri, token_uri, userinfo_uri and keys_uri have not been validated before. Also the base_url was not normalized. The auth_uri, dev_auth_uri, token_uri and userinfo_uri need to be set for new entries, but might be empty or empty string for reset or updates. The ipaidpclientsecret needs to be decoded from binary string in find_idp result to not trigger no change ipd_mod calls. The code for validate_uri and base_url normalization has been copied from the ipaserver idp plugin. ansible_freeipa_module: urlparse from urllib.parse with a fallback to six.moves.urllib.parse is imported and also exported. urlparse is needed for validate_uri in ipaidp module. Resolves: RHEL-17954, RHEL-17955, RHEL-17957 and RHEL-17958
-
- Nov 28, 2023
-
-
Rafael Guterres Jeffman authored
If a playbook to ensure the existence of a user contains 'random:false' and 'update_password: always' is executed twice, the second execution will raise an exception due to "No modifications to perform", as there is actually nothing to modify. The fix for the issue is to remove 'random' if it is not set to true, as setting it to 'false' would have no effect on the user object. Related: https://issues.redhat.com/browse/RHEL-4934
-
Rafael Guterres Jeffman authored
test_pwpolicy: minlength parameter can be reset with empty string now
-
Thomas Woerner authored
The reset of the minlength parameter failed with an internal error so far. This has been fixed in IPA and therefore requires to fix the test in ansible-freeipa also. Related: https://pagure.io/freeipa/issue/9297
-
- Nov 24, 2023
-
-
Thomas Woerner authored
Reproduce upstream CI groups in developer's machine
-
Thomas Woerner authored
upstream CI: Build containers in parallel jobs
-
Thomas Woerner authored
Update ansible-lint and pylint versions
-
Thomas Woerner authored
ipahost: Remove dangling dns records during test setup
-
Rafael Guterres Jeffman authored
idoverride{user,group}: Fix delete_continue with state absent
-
- Nov 16, 2023
-
-
Thomas Woerner authored
All tasks for idoverrideuser and idoverridegroup with state absent failed with "'continue' is required" when delete_continue was not set. This happended as delete_continue was internally None and continue: None was provided to the API. The fix is simply to use '"continue": delete_continue or False' so that continue is set to False in this case.
-
- Nov 11, 2023
-
-
Rafael Guterres Jeffman authored
When testing ipahost through the test playbooks, if there are previous DNS A/AAAA records, the test fails due to a false positive idempotence issue. This patch ensures that all DNS records for the test hosts are absent before test execution. This issue could be seen in the 2023-11-06 Azure Nightly pipeline execution.
-
- Nov 09, 2023
-
-
Rafael Guterres Jeffman authored
When running ansible-freeipa's Azure pipelines for nightly and weekly tests, due to the amount of tests to execute, tests are grouped and executed in parallel jobs. Due to a still unkonwn issue, depending on the order the tests are executed, some random failures may occur and debugging them is hard due to current implementation of the tests. This patch adds support for replicating the tests of a specific Azure test group once the seed used to create groups and the group number are provided, allowing the test failures to be replicated on the developer's workstation where it can be more easily debugged. A new option is added to 'utils/run-tests.sh', '-A SEED.G' that is used to define the seed and group to replicate the tests. The seed is a date, with the format "YYYYMMDD", so, for example '-A 20230611.2' would execute the same tests, in the same order as the second group of tests for date 2023-06-11. To aid in usability 'YYYY-MM-DD' may also be used. When using '-A' neither '-s' (test suites) or specific tests (positional arguments) can be used. Also, to help fixing tests, an option to stop the tests on the first test failure ('-x') was added to the script.
-
- Nov 08, 2023
-
-
Rafael Guterres Jeffman authored
ansible-lint 6.21+ and pylint 3.0+ will be required for Ansible collections to be approved on Ansible Galaxy. This patch updates pre-commit and upstream linters to use the required versions.
-
Thomas Woerner authored
The ipaclient_automount_location variable was badly named as ipaautomount_location. Additionally it was not documented in the role README file. Fixes: #1166 (.. automount-location to the ipa-client role)
-
- Oct 23, 2023
-
-
Rafael Guterres Jeffman authored
ipaidview: Fail to apply unknown (invalid) hosts
-
Rafael Guterres Jeffman authored
hbacsvcgroup: Remove obsolete result_handler
-
Rafael Guterres Jeffman authored
hbacrule: Fix use of builtin sudo hbacsvcgroup
-