- Jul 17, 2024
-
-
Thomas Woerner authored
Truncate stdout and stderr in the way that it hopefully shows all important information. At least 15 lines of stdout (Ansible tasks) and remaining from stderr to fill up to maxlen size. The test log mostly only showed lines from stderr as the log was a concatenation of stdout and stderr and only the last 2500 chars of this have been used. This was hiding the test result from stdout and failures have not beeen visible.
-
- Jul 01, 2024
-
-
Thomas Woerner authored
-
- Jun 28, 2024
-
-
Thomas Woerner authored
setuptools might not be installed before importing and using galaxy_importer. This could result in a backtrace by disabling ANSIBLE_TEST_LOCAL_IMAGE in galaxy-importer.cfg to run latest tests.
-
- Jun 26, 2024
-
-
Thomas Woerner authored
The parameters - subtree (ipapermlocation) - target (ipapermtarget) - targetto (ipapermtargetto) - targetfrom (ipapermtargetfrom) have not been idempotent as the result returned from permission_show was a DN and not a string. The find_permission function has been exetended to convert the values for these parameters to strings. Fixes: #1257
-
- Mar 05, 2024
-
-
Thomas Woerner authored
The generated certificates have been X.509 v1. This is not supported any more. Only X.509 v3 is supported. A new certificates/extensions.conf file has been added to make v3 certificates. The existing certificates/pkinit/extensions.conf has been renamed to certificates/pkinit-extensions.conf with additional changes. For example "[kdc_cert]" had to be removed for v3. The extensions config files are using environment variables, which are set by the generate-certificates.sh script before calling openssl. The script generate-certificates.sh has been reworked for a simpler structure, also new options have been added: "ca" and "cleanup".
-
- Feb 12, 2024
-
-
Rafael Guterres Jeffman authored
This patch force processing of permission, attribute and group attributes in lower case, to match behavior of IPA CLI, transforming all of them into lowercase characters. The new behavior fixes idempotence issues when mixing different capitalization in different tasks for the same attribute. A new test playbook is avaiable at: tests/delegation/test_delegation_member_case_insensitive.yml
-
Rafael Guterres Jeffman authored
Some attributes for ipagroup objects are stored using lower case letters and should be converted upon retrieving parameter data. This patch adds the missing conversion and provides a new test playbook: tests/group/test_group_case_insensitive.yml
-
- Feb 10, 2024
-
-
Rafael Guterres Jeffman authored
ipahostgroup parameters 'host', 'hostgroup', 'membermanager_user' and 'membermanager_group' must be compared in a case insensitive manner and stored as lower case strings. This patch fixes the comparison and storage of this parameters, and change the handling of members to use the same structure as in newer modules. Two new tests files were added: tests/hostgroup/test_hostgroup_case_insensitive.yml tests/hostgroup/test_hostgroup_membermanager_case_insensitive.yml
-
- Feb 09, 2024
-
-
Thomas Woerner authored
The config tests are currently setting the pac type to empty or without MS-PAC type. This results in failed authorization for IPA API. An issue has been opened for FreeIPA to address this: https://pagure.io/freeipa/issue/9527
-
- Feb 06, 2024
-
-
Rafael Guterres Jeffman authored
FreeIPA provides a default hbacsvcgroup named "Sudo", with capital 'S', that is different from every other hbacsvcgroup, which are all represented by lower case letters. As data from IPA API was not modified, this causes an idempotence error when using different capitalization with the 'hbacsvcgroup' parameter. This patch fixes the issue by using the CaseInsensitive comparator to create the hbacsvcgroup list. Tests were update to make sure a regression is not included in the future.
-
- Jan 23, 2024
-
-
Rafael Guterres Jeffman authored
On IPA CLI sudorule-add/del-runasuser accept 'group' as a parameter, and this option was missing in ansible-freeipa ipasudorule module. This patch adds a new parameter 'runasuser_group' to allow setting Groups of RunAs Users, as allowed by CLI and WebUI. New example playboks can be found at: playbooks/sudorule/ensure-sudorule-runasusesr-group-is-absent.yml playbooks/sudorule/ensure-sudorule-runasusesr-group-is-present.yml
-
- Dec 20, 2023
-
-
Rafael Guterres Jeffman authored
FreeIPA suports renaming groupobjects with the CLI parameter "rename", and this parameter was missing in ansible-freeipa ipagroup module. This patch adds support for a new state 'renamed' and the 'rename' parameter. Tests were updated to cope with the changes.
-
Thomas Woerner authored
- Replace outdated noqa 503 with noqa no-handler - Drop outdated and not needed noqa 505 for include_vars - Drop outdated noqa deprecated-command-syntax for ansible.builtin.shell using cmd tag These warnings have been reported by utils/lint_check.sh using ansible-lint 6.22.1.
-
Rafael Guterres Jeffman authored
Use module_defaults to improve reading test cases.
-
- Dec 19, 2023
-
-
Rafael Guterres Jeffman authored
FreeIPA suports renaming user objects with the CLI parameter "rename", and this parameter was missing in ansible-freeipa ipauser module. This patch adds support for a new state 'renamed' and the 'rename' parameter. Tests were updated to cope with the changes. Related to RHBZ#2234379, RHBZ#2234380 Fixes #1103
-
Rafael Guterres Jeffman authored
IPA DNS Zones management can be delegated by adding a "Manage DNS zone" permission. The CLI commands that manage these permissions are dnszone-add-permission and dnszone-remove-permission. The ansible-freeipa module ipadnszone did not have this capability, and it now support dnszone per-zone management delegation by setting the module parameter 'permission'. If set to 'true' the permission will be assigned to the zone, if set to false the permission will be removed.
-
- Dec 07, 2023
-
-
Thomas Woerner authored
This reverts commit de3c6c0a.
-
Rafael Guterres Jeffman authored
After the change for a single job to run PR tests, and if there is any change to ansible_module_utils, all the playbook tests are executed, and the result is a failure due to timeout. This PR increases the timeout so that a PR with changes to ansible_module_utils can have the tests executed.
-
- Dec 06, 2023
-
-
Thomas Woerner authored
With ansible-core 2.14.12 using jinja2 templating in conditional statements with ansible_facts['fqdn'] is marked as unsafe and results in a failure. The issues with using jinja2 templating in conditional statements for asserts have been solved and a new server_fqdn fact has been added for ansible_facts['fqdn'].
-
- Dec 05, 2023
-
-
Thomas Woerner authored
-
Thomas Woerner authored
The uri parameters auth_uri, dev_auth_uri, token_uri, userinfo_uri and keys_uri have not been validated before. Also the base_url was not normalized. The auth_uri, dev_auth_uri, token_uri and userinfo_uri need to be set for new entries, but might be empty or empty string for reset or updates. The ipaidpclientsecret needs to be decoded from binary string in find_idp result to not trigger no change ipd_mod calls. The code for validate_uri and base_url normalization has been copied from the ipaserver idp plugin. ansible_freeipa_module: urlparse from urllib.parse with a fallback to six.moves.urllib.parse is imported and also exported. urlparse is needed for validate_uri in ipaidp module. Resolves: RHEL-17954, RHEL-17955, RHEL-17957 and RHEL-17958
-
- Nov 28, 2023
-
-
Rafael Guterres Jeffman authored
If a playbook to ensure the existence of a user contains 'random:false' and 'update_password: always' is executed twice, the second execution will raise an exception due to "No modifications to perform", as there is actually nothing to modify. The fix for the issue is to remove 'random' if it is not set to true, as setting it to 'false' would have no effect on the user object. Related: https://issues.redhat.com/browse/RHEL-4934
-
Thomas Woerner authored
The reset of the minlength parameter failed with an internal error so far. This has been fixed in IPA and therefore requires to fix the test in ansible-freeipa also. Related: https://pagure.io/freeipa/issue/9297
-
- Nov 16, 2023
-
-
Thomas Woerner authored
All tasks for idoverrideuser and idoverridegroup with state absent failed with "'continue' is required" when delete_continue was not set. This happended as delete_continue was internally None and continue: None was provided to the API. The fix is simply to use '"continue": delete_continue or False' so that continue is set to False in this case.
-
- Nov 11, 2023
-
-
Rafael Guterres Jeffman authored
When testing ipahost through the test playbooks, if there are previous DNS A/AAAA records, the test fails due to a false positive idempotence issue. This patch ensures that all DNS records for the test hosts are absent before test execution. This issue could be seen in the 2023-11-06 Azure Nightly pipeline execution.
-
- Oct 21, 2023
-
-
Thomas Woerner authored
The task to apply an unknown (invalid) host to an idview was not failing as expected and only reported no change. A new host verification step has been added to fail before trying to apply invalid hosts. unapplying an invalid host is not failing as the invalid host is indeed not applied.
-
Thomas Woerner authored
hbacsvcgroup names are converted to lower case while creation with hbacsvcgroup_add. The hbacsvcgroup for sudo is builtin with the name "Sudo" though. This breaks the lower case comparison. Therefore all memberservice_hbacsvcgroup items are converted to lower case if "Sudo" is in the list.
-
- Oct 20, 2023
-
-
Rafael Guterres Jeffman authored
In the current build container pipeline, all steps are serialized in a single job, and if one of the jobs fail to build, due to broken dependent image, or some Azure glitch, like slow connection, the only way to rebuild the failed container is to rebuild all containers. By building containers in parallel jobs, if a container fails to build it is possible to restart only the failed job.
-
- Oct 19, 2023
-
-
Rafael Guterres Jeffman authored
The usual scenario for PR checks is to execute only a few tests, and searching for the results in several jobs makes it harder to find issues. By using a single job run the tests would take some more time to complete, although not much, as only a small subset is executed, and test verification would be easier and less error prone.
-
Rafael Guterres Jeffman authored
Dependind on how long it took for the jobs to start, a different seed would be used to group tests and tests could either repeat or not be selected at all. By using a seed based on the day the test run reduces the chance of using different random seeds, and still allow for the tests to be executed in a different order. The execution in different order is important to identify tests that work or fail only if executed after other tests.
-
- Oct 17, 2023
-
-
Rafael Guterres Jeffman authored
Azure Ubuntu images have Python 3.12 available, and as we did not pin the requested Python version, the latest available one was used, causing image preparation and tests to fail. This patch pins Python version to 3.11 until test can be executed with Python 3.12 and later.
-
- Sep 27, 2023
-
-
Thomas Woerner authored
There is a new idp management module placed in the plugins folder: plugins/modules/ipaidp.py The idp module allows to ensure presence or absence of external Identity Providers. Here is the documentation for the module: README-idp.md New idp example playbooks: playbooks/idp/idp-present.yml playbooks/idp/idp-absent.yml New tests for the module: tests/idp/test_idp.yml tests/idp/test_idp_client_context.yml
-
- Sep 26, 2023
-
-
Rafael Guterres Jeffman authored
Most of our usptream CI test imagens do not handle Ansible 2.9 so, this cange is being reverted. This reverts commit 34654d10.
-
- Sep 19, 2023
-
-
Rafael Guterres Jeffman authored
Recently it was announced that Ansible 2.9 will be supported for some time, and this patch ensures that we run the nightly tests against this version of Ansible.
-
Rafael Guterres Jeffman authored
Recently, a change in the deployment roles forced the change to the minimum version of ansible-core, and the change was unnoticed until reported. With this patch, we ensure all PRs checks are executed against the minimun supported ansible-core version, so we can ensure that both documentation and role metadata are correct and still valid.
-
- Sep 18, 2023
-
-
Thomas Woerner authored
There is a new idoverridegroup management module placed in the plugins folder: plugins/modules/ipaidoverridegroup.py The idoverridegroup module allows to ensure presence and absence of idoverrides for groups. Here is the documentation for the module: README-idoverridegroup.md New example playbooks have been added: playbooks/idoverridegroup/idoverridegroup-absent.yml playbooks/idoverridegroup/idoverridegroup-present.yml New tests for the module can be found at: tests/idoverridegroup/test_idoverridegroup.yml tests/idoverridegroup/test_idoverridegroup_client_context.yml
-
- Sep 15, 2023
-
-
Thomas Woerner authored
There is a new idoverrideuser management module placed in the plugins folder: plugins/modules/ipaidoverrideuser.py The idoverrideuser module allows to ensure presence and absence of idoverrides for users and certificate members. Here is the documentation for the module: README-idoverrideuser.md New example playbooks have been added: playbooks/idoverrideuser/idoverrideuser-absent.yml playbooks/idoverrideuser/idoverrideuser-certificate-absent.yml playbooks/idoverrideuser/idoverrideuser-certificate-present.yml playbooks/idoverrideuser/idoverrideuser-present.yml New tests for the module can be found at: tests/idoverrideuser/test_idoverrideuser.yml tests/idoverrideuser/test_idoverrideuser_client_context.yml
-
- Sep 11, 2023
-
-
Rafael Guterres Jeffman authored
-
- Sep 06, 2023
-
-
Thomas Woerner authored
There is a new idview management module placed in the plugins folder: plugins/modules/ipaidview.py The idview module allows to ensure presence and absence of idviews and idview host members. Here is the documentation for the module: README-idview.md New example playbooks have been added: playbooks/idview/idview-absent.yml playbooks/idview/idview-host-applied.yml playbooks/idview/idview-host-unapplied.yml playbooks/idview/idview-present.yml New tests for the module can be found at: tests/idview/test_idview.yml tests/idview/test_idview_client_context.yml
-
- Sep 05, 2023
-
-
Rafael Guterres Jeffman authored
Currently, there is a hard coded timeout in galaxy-importer that prevents larger collections to execute the ansible-lint step [1]. This patch modifies the calls to ansible-lint on development tools and upstream CI to use the same arguments as galaxy-importer and disables the execution of the ansible-lint step for the Ansible's sanity test. Requested ansible-lint version for tools is also updated, as a more recent one is required. This change will not allow development using an environment using Python 2.7, due to newer ansible-lint requirements. Roles and modules tests against target nodes using Python 2.7 is still possible. [1]: https://github.com/ansible/galaxy-importer/pull/231
-