- Feb 09, 2024
-
-
Thomas Woerner authored
ipahbacrule: Fix handling of hbacsvcgroup in members
-
- Feb 07, 2024
-
-
Rafael Guterres Jeffman authored
ipaclient_setup_automount with new install states
-
Thomas Woerner authored
ipaserver: Fix deployment after Bronze-bit fix
-
Rafael Guterres Jeffman authored
As FreeIPA now requires MS-PAC to be set in ipaKrbAuthzData to trigger PAC generation, there's a timing issue that causes API malfunction which is long enough to cause the client part insallation to fail. By restarting KDC after DS password is set, we force cached values to be refreshed, allowing the API to work correctly. Resolves: https://github.com/freeipa/ansible-freeipa/issues/1200
-
Thomas Woerner authored
The returned changed state was always True. changed is now only True if automount_location is set and configure_automount was called.
-
Thomas Woerner authored
This is "Fix ipa-client-automount install/uninstall with new install states" https://github.com/freeipa/freeipa/pull/7100 for ansible-freeipa: Issue 8384 introduced a new installation state for the statestore to identify when client/server installation is completely finished rather than relying on has_files(). The problem is that ipa-client-automount may be called during ipa-client-install and since installation is not complete at that point the automount install was failing with "IPA client not configured". Add a new state, 'automount', to designate that automount installation is in process. If check_client_configuration() fails it checks to see if [installation] automount is True. If so it continues with the installation. This also addresses an issue where the filestore and statestore are shared between the client and automount installers but the client wasn't refreshing state after automount completed. This resulted in an incomplete state and index file of backed-up files which caused files to not be restored on uninstall and the state file to be orphaned. Fixes: https://pagure.io/freeipa/issue/9487
-
Rafael Guterres Jeffman authored
ipaclient: Enable SELinux for SSSD
-
- Feb 06, 2024
-
-
Rafael Guterres Jeffman authored
FreeIPA provides a default hbacsvcgroup named "Sudo", with capital 'S', that is different from every other hbacsvcgroup, which are all represented by lower case letters. As data from IPA API was not modified, this causes an idempotence error when using different capitalization with the 'hbacsvcgroup' parameter. This patch fixes the issue by using the CaseInsensitive comparator to create the hbacsvcgroup list. Tests were update to make sure a regression is not included in the future.
-
Thomas Woerner authored
This is "ipa-client-install: enable SELinux for SSSD" https://github.com/freeipa/freeipa/pull/6978 for ansible-freeipa: For passkeys (FIDO2) support, SSSD uses libfido2 library which needs access to USB devices. Add SELinux booleans handling to ipa-client-install so that correct SELinux booleans can be enabled and disabled during install and uninstall. Ignore and record a warning when SELinux policy does not support the boolean. Fixes: https://pagure.io/freeipa/issue/9434
-
- Jan 25, 2024
-
-
Thomas Woerner authored
ipasudorule: Allow setting groups for runasuser.
-
- Jan 23, 2024
-
-
Rafael Guterres Jeffman authored
On IPA CLI sudorule-add/del-runasuser accept 'group' as a parameter, and this option was missing in ansible-freeipa ipasudorule module. This patch adds a new parameter 'runasuser_group' to allow setting Groups of RunAs Users, as allowed by CLI and WebUI. New example playboks can be found at: playbooks/sudorule/ensure-sudorule-runasusesr-group-is-absent.yml playbooks/sudorule/ensure-sudorule-runasusesr-group-is-present.yml
-
- Dec 21, 2023
-
-
Thomas Woerner authored
ipagroup: Add support for renaming groups
-
- Dec 20, 2023
-
-
Rafael Guterres Jeffman authored
Fixes for ansible-lint 6.22.1
-
Rafael Guterres Jeffman authored
FreeIPA suports renaming groupobjects with the CLI parameter "rename", and this parameter was missing in ansible-freeipa ipagroup module. This patch adds support for a new state 'renamed' and the 'rename' parameter. Tests were updated to cope with the changes.
-
Thomas Woerner authored
- Replace outdated noqa 503 with noqa no-handler - Drop outdated and not needed noqa 505 for include_vars - Drop outdated noqa deprecated-command-syntax for ansible.builtin.shell using cmd tag These warnings have been reported by utils/lint_check.sh using ansible-lint 6.22.1.
-
Rafael Guterres Jeffman authored
Use module_defaults to improve reading test cases.
-
Thomas Woerner authored
ipauser: Add support for renaming users
-
Thomas Woerner authored
ipadnszone: Add support for per-zone privilege delegation
-
- Dec 19, 2023
-
-
Rafael Guterres Jeffman authored
FreeIPA suports renaming user objects with the CLI parameter "rename", and this parameter was missing in ansible-freeipa ipauser module. This patch adds support for a new state 'renamed' and the 'rename' parameter. Tests were updated to cope with the changes. Related to RHBZ#2234379, RHBZ#2234380 Fixes #1103
-
Rafael Guterres Jeffman authored
IPA DNS Zones management can be delegated by adding a "Manage DNS zone" permission. The CLI commands that manage these permissions are dnszone-add-permission and dnszone-remove-permission. The ansible-freeipa module ipadnszone did not have this capability, and it now support dnszone per-zone management delegation by setting the module parameter 'permission'. If set to 'true' the permission will be assigned to the zone, if set to false the permission will be removed.
-
Rafael Guterres Jeffman authored
ipaclient: Properly name automount_location var and add documentation
-
Thomas Woerner authored
Handle data type or empty string in module_utils
-
- Dec 15, 2023
-
-
Rafael Guterres Jeffman authored
Use the commom parameter type handling method for parameters that accept a value or an empty string.
-
Rafael Guterres Jeffman authored
Use the commom parameter type handling method for parameters that accept a value or an empty string.
-
Rafael Guterres Jeffman authored
Use the commom parameter type handling method for parameters that accept a value or an empty string.
-
Rafael Guterres Jeffman authored
Some parameters, in modules, have a specific data type, but allow the use of an empty string to clear the parameter. By providing a method to retrieve the parameter with the correct data type, or optionally an empty string, allows for consistency of parameter handling between different modules.
-
- Dec 14, 2023
-
-
Thomas Woerner authored
ipauser: Do not try to modify user when not changing password
-
- Dec 08, 2023
-
-
Rafael Guterres Jeffman authored
The parameter 'allow_empty_string' in 'module_params_get' is used to allow an item in a list to be an empty string. The problem is that the naming is misleading, as it is checking a list item rather than a string. This patch rename the parameter to 'allow_empty_list_item' so that it more clearly refers to list itens instead of standalone strings, and do not collide with future parameters that may test for empty strings which are not part of lists.
-
Thomas Woerner authored
ipaclient: Fix OTP error reporting
-
- Dec 07, 2023
-
-
Rafael Guterres Jeffman authored
Revert "[TEMP] Enable only idp, service and user module tests"
-
Thomas Woerner authored
This reverts commit de3c6c0a.
-
Thomas Woerner authored
ipareplica: Support inventory groups.ipaserver
-
Thomas Woerner authored
upstream ci: Increase timeout for PR tests
-
Rafael Guterres Jeffman authored
After the change for a single job to run PR tests, and if there is any change to ansible_module_utils, all the playbook tests are executed, and the result is a failure due to timeout. This PR increases the timeout so that a PR with changes to ansible_module_utils can have the tests executed.
-
Rafael Guterres Jeffman authored
ipaidp: Fix validation and reset of parameters
-
Thomas Woerner authored
Bump minimum ansible-lint version to 6.22
-
- Dec 06, 2023
-
-
Rafael Guterres Jeffman authored
By the first quarter of 2024, all collections must pass ansible-lint tests run with version 6.22.x. This PR ensure that all ansible-freeipa tests depending on ansible-lint use a valid version of it.
-
Rafael Guterres Jeffman authored
Merge pull request #1186 from t-woerner/test_host_random_conditional_statements_no_jinja2_templating test_host_random: No jinja2 templating in conditional statements
-
Rafael Guterres Jeffman authored
When deploying an IPA client with ipaclient, if an error occured while getting an OTP, no error message is logged, as the task that logs the error is not excuted due to the previous taks failure. By adding a 'rescue' section to the code block and moving the error reporting to this new section, we ensure that the proper error messages will be reported.
-
Thomas Woerner authored
With ansible-core 2.14.12 using jinja2 templating in conditional statements with ansible_facts['fqdn'] is marked as unsafe and results in a failure. The issues with using jinja2 templating in conditional statements for asserts have been solved and a new server_fqdn fact has been added for ansible_facts['fqdn'].
-