- Feb 27, 2024
-
-
Thomas Woerner authored
README-dnszone: Fix yaml code block declaration.
-
- Feb 15, 2024
-
-
Rafael Guterres Jeffman authored
There was a space between the code block marker and the highlight hint in a playbook example.
-
- Feb 12, 2024
-
-
Thomas Woerner authored
ipadelegation: Fix idempotence issues due to capitalization.
-
Rafael Guterres Jeffman authored
This patch force processing of permission, attribute and group attributes in lower case, to match behavior of IPA CLI, transforming all of them into lowercase characters. The new behavior fixes idempotence issues when mixing different capitalization in different tasks for the same attribute. A new test playbook is avaiable at: tests/delegation/test_delegation_member_case_insensitive.yml
-
Thomas Woerner authored
ipagroup: Fix idempotence issues due to capitalization
-
Rafael Guterres Jeffman authored
Some attributes for ipagroup objects are stored using lower case letters and should be converted upon retrieving parameter data. This patch adds the missing conversion and provides a new test playbook: tests/group/test_group_case_insensitive.yml
-
Rafael Guterres Jeffman authored
Disable config tests for pac type without ms pac
-
Thomas Woerner authored
ipahostgroup: Fix idempotence issues due to capitalization
-
- Feb 10, 2024
-
-
Rafael Guterres Jeffman authored
ipahostgroup parameters 'host', 'hostgroup', 'membermanager_user' and 'membermanager_group' must be compared in a case insensitive manner and stored as lower case strings. This patch fixes the comparison and storage of this parameters, and change the handling of members to use the same structure as in newer modules. Two new tests files were added: tests/hostgroup/test_hostgroup_case_insensitive.yml tests/hostgroup/test_hostgroup_membermanager_case_insensitive.yml
-
- Feb 09, 2024
-
-
Thomas Woerner authored
ipahbacrule: Fix handling of hbacsvcgroup in members
-
Thomas Woerner authored
The config tests are currently setting the pac type to empty or without MS-PAC type. This results in failed authorization for IPA API. An issue has been opened for FreeIPA to address this: https://pagure.io/freeipa/issue/9527
-
- Feb 07, 2024
-
-
Rafael Guterres Jeffman authored
ipaclient_setup_automount with new install states
-
Thomas Woerner authored
ipaserver: Fix deployment after Bronze-bit fix
-
Rafael Guterres Jeffman authored
As FreeIPA now requires MS-PAC to be set in ipaKrbAuthzData to trigger PAC generation, there's a timing issue that causes API malfunction which is long enough to cause the client part insallation to fail. By restarting KDC after DS password is set, we force cached values to be refreshed, allowing the API to work correctly. Resolves: https://github.com/freeipa/ansible-freeipa/issues/1200
-
Thomas Woerner authored
The returned changed state was always True. changed is now only True if automount_location is set and configure_automount was called.
-
Thomas Woerner authored
This is "Fix ipa-client-automount install/uninstall with new install states" https://github.com/freeipa/freeipa/pull/7100 for ansible-freeipa: Issue 8384 introduced a new installation state for the statestore to identify when client/server installation is completely finished rather than relying on has_files(). The problem is that ipa-client-automount may be called during ipa-client-install and since installation is not complete at that point the automount install was failing with "IPA client not configured". Add a new state, 'automount', to designate that automount installation is in process. If check_client_configuration() fails it checks to see if [installation] automount is True. If so it continues with the installation. This also addresses an issue where the filestore and statestore are shared between the client and automount installers but the client wasn't refreshing state after automount completed. This resulted in an incomplete state and index file of backed-up files which caused files to not be restored on uninstall and the state file to be orphaned. Fixes: https://pagure.io/freeipa/issue/9487
-
Rafael Guterres Jeffman authored
ipaclient: Enable SELinux for SSSD
-
- Feb 06, 2024
-
-
Rafael Guterres Jeffman authored
FreeIPA provides a default hbacsvcgroup named "Sudo", with capital 'S', that is different from every other hbacsvcgroup, which are all represented by lower case letters. As data from IPA API was not modified, this causes an idempotence error when using different capitalization with the 'hbacsvcgroup' parameter. This patch fixes the issue by using the CaseInsensitive comparator to create the hbacsvcgroup list. Tests were update to make sure a regression is not included in the future.
-
Thomas Woerner authored
This is "ipa-client-install: enable SELinux for SSSD" https://github.com/freeipa/freeipa/pull/6978 for ansible-freeipa: For passkeys (FIDO2) support, SSSD uses libfido2 library which needs access to USB devices. Add SELinux booleans handling to ipa-client-install so that correct SELinux booleans can be enabled and disabled during install and uninstall. Ignore and record a warning when SELinux policy does not support the boolean. Fixes: https://pagure.io/freeipa/issue/9434
-
- Jan 25, 2024
-
-
Thomas Woerner authored
ipasudorule: Allow setting groups for runasuser.
-
- Jan 23, 2024
-
-
Rafael Guterres Jeffman authored
On IPA CLI sudorule-add/del-runasuser accept 'group' as a parameter, and this option was missing in ansible-freeipa ipasudorule module. This patch adds a new parameter 'runasuser_group' to allow setting Groups of RunAs Users, as allowed by CLI and WebUI. New example playboks can be found at: playbooks/sudorule/ensure-sudorule-runasusesr-group-is-absent.yml playbooks/sudorule/ensure-sudorule-runasusesr-group-is-present.yml
-
- Dec 21, 2023
-
-
Thomas Woerner authored
ipagroup: Add support for renaming groups
-
- Dec 20, 2023
-
-
Rafael Guterres Jeffman authored
Fixes for ansible-lint 6.22.1
-
Rafael Guterres Jeffman authored
FreeIPA suports renaming groupobjects with the CLI parameter "rename", and this parameter was missing in ansible-freeipa ipagroup module. This patch adds support for a new state 'renamed' and the 'rename' parameter. Tests were updated to cope with the changes.
-
Thomas Woerner authored
- Replace outdated noqa 503 with noqa no-handler - Drop outdated and not needed noqa 505 for include_vars - Drop outdated noqa deprecated-command-syntax for ansible.builtin.shell using cmd tag These warnings have been reported by utils/lint_check.sh using ansible-lint 6.22.1.
-
Rafael Guterres Jeffman authored
Use module_defaults to improve reading test cases.
-
Thomas Woerner authored
ipauser: Add support for renaming users
-
Thomas Woerner authored
ipadnszone: Add support for per-zone privilege delegation
-
- Dec 19, 2023
-
-
Rafael Guterres Jeffman authored
FreeIPA suports renaming user objects with the CLI parameter "rename", and this parameter was missing in ansible-freeipa ipauser module. This patch adds support for a new state 'renamed' and the 'rename' parameter. Tests were updated to cope with the changes. Related to RHBZ#2234379, RHBZ#2234380 Fixes #1103
-
Rafael Guterres Jeffman authored
IPA DNS Zones management can be delegated by adding a "Manage DNS zone" permission. The CLI commands that manage these permissions are dnszone-add-permission and dnszone-remove-permission. The ansible-freeipa module ipadnszone did not have this capability, and it now support dnszone per-zone management delegation by setting the module parameter 'permission'. If set to 'true' the permission will be assigned to the zone, if set to false the permission will be removed.
-
Rafael Guterres Jeffman authored
ipaclient: Properly name automount_location var and add documentation
-
Thomas Woerner authored
Handle data type or empty string in module_utils
-
- Dec 15, 2023
-
-
Rafael Guterres Jeffman authored
Use the commom parameter type handling method for parameters that accept a value or an empty string.
-
Rafael Guterres Jeffman authored
Use the commom parameter type handling method for parameters that accept a value or an empty string.
-
Rafael Guterres Jeffman authored
Use the commom parameter type handling method for parameters that accept a value or an empty string.
-
Rafael Guterres Jeffman authored
Some parameters, in modules, have a specific data type, but allow the use of an empty string to clear the parameter. By providing a method to retrieve the parameter with the correct data type, or optionally an empty string, allows for consistency of parameter handling between different modules.
-
- Dec 14, 2023
-
-
Thomas Woerner authored
ipauser: Do not try to modify user when not changing password
-
- Dec 08, 2023
-
-
Rafael Guterres Jeffman authored
The parameter 'allow_empty_string' in 'module_params_get' is used to allow an item in a list to be an empty string. The problem is that the naming is misleading, as it is checking a list item rather than a string. This patch rename the parameter to 'allow_empty_list_item' so that it more clearly refers to list itens instead of standalone strings, and do not collide with future parameters that may test for empty strings which are not part of lists.
-
Thomas Woerner authored
ipaclient: Fix OTP error reporting
-
- Dec 07, 2023
-
-
Rafael Guterres Jeffman authored
Revert "[TEMP] Enable only idp, service and user module tests"
-