This patch is needed to pass Automation Hub tests.

This patch is needed to pass Automation Hub tests.

This patch is needed to pass Automation Hub tests.

This patch is needed to pass Automation Hub tests.

This patch is needed to pass Automation Hub tests.

This patch is needed to pass Automation Hub tests.

ipaprivilege: Fix permissions handling.

sudorule: Fix runas with external users and groups.

When setting 'runasuser' or 'runasgroup' for a sudorule, either IPA or
external users and groups can be used, but only IPA users and groups
were being searched for when modifying the attributes, making this task
not idempotent if an external group or user was used..

This patch fixes this issue by comparing users and groups to the IPA
and external setting.

The IPA CLI commands are slightly confusing, as the sudorule-add and
sudorule-mod display separate options for internal and external users
and groups, but these options are deprecated and do not work anymore,
in favor of sudorule-add-runasuser and sudorule-add-runasgroup, which
don't diferentiate between internal and external users, from the CLI
user perspective.

ipaservice: Fix idempotent behavior for principal aliases.

This patch removes the custom command result handler in favor of the
IPAAnsibleModule default member handler and fixes creation of add and
del lists of permissions, fixing the behavior of the moudule execution
when 'check_mode: yes'.

A wrong parameter 'member_permission' was being used to obtain the
existing permissions, and was changed to 'memberof_permission'.

When creating the lists to add/remove principal aliases, if the realm
was not specified, the alias would be used as it did not matched the
existing one, which has the realm part.

This patch fixes the add/del list creation by adding the current API
realm to each alias that does not have the realm part and then use
this modified list to be compared against the existing principal list.

This change also allows the use of the whole list in a single call to
the IPA API to add/remove the principals, instead of a call for every
one item in the list.

galaxyfy: Fix newline issue in module examples

The newlines in module examples have been removed due to wrong strip for
the input lines.

galaxyfy: Fix roles after vars

If roles have been used after vars, the name of the role was not changed
as the "vars:" section was turning off changeable. A "roles:" section is
now turning on changeable.

build-galaxy-release.sh: Use proper action plugins path plugins/action

The action plugins path was wrong. It was "plugins/action_plugins" and
should have been "plugins/action".

Fix module templates README and invalid parameter tests.

utils/build-galaxy-release: Fix doc_fragment prefix for galaxy

All modules should use the same description for IPA API connection
variables. This change add description for ipaapi_context and
ipaapi_ldap_cache variable to the module README templates.

Modify new module templates to use IPAAnsibleModule method
`params_fail_used_invalid` to check for invalid parameter use for
a given state/action.

The items in extends_documentation_fragments of the modules need to
have the proper galaxy prefix.

The documentation fragment

  - ipamodule_base_docs

needs to be changed to

  - ${collection_prefix}.ipamodule_base_docs

Standardize algorithm to verify if invalid argument was used.

Add support for ldap_cache and IPA API configuration.

This patch adds documentation for ldap_cache variable to all modules.

This patch adds support for configuring IPA API connection use of
LDAP cache. It adds a new variable 'ipaapi_ldap_cache' to the base
module, and provides the variable documentation in its doc fragment.

This change adds a keyword parameter to api_connect() which can be
used to configure IPA API connection, for example, controlling the
use of LDAP cache, by passing 'ldap_cache' as an argument.

Also, IPAAnsibleModule is modified to automatically filter all
parameters of the module starting with 'ipaapi_' to be used as
arguments to configure api_connect(). The argument name will have
the same name as the module parameter with 'ipaapi_' stripped off.

Use the IPAAnsibleModule.params_fail_if_used method to validate
arguments provided by user.

Use the IPAAnsibleModule.params_fail_if_used method to validate
arguments provided by user.

Use the IPAAnsibleModule.params_fail_if_used method to validate
arguments provided by user.

Use the IPAAnsibleModule.params_fail_if_used method to validate
arguments provided by user.

Use the IPAAnsibleModule.params_fail_if_used method to validate
arguments provided by user.

Use the IPAAnsibleModule.params_fail_if_used method to validate
arguments provided by user.

Use the IPAAnsibleModule.params_fail_if_used method to validate
arguments provided by user.

Use the IPAAnsibleModule.params_fail_if_used method to validate
arguments provided by user.

Use the IPAAnsibleModule.params_fail_if_used method to validate
arguments provided by user.

Use the IPAAnsibleModule.params_fail_if_used method to validate
arguments provided by user.

Use the IPAAnsibleModule.params_fail_if_used method to validate
arguments provided by user.