Commits · da5dc0c4723966a4f10f495228080e9989b7e989 · Mirror / Ansible FreeIPA

Jul 31, 2020
- Merge pull request #326 from rjeffman/fix_service_tests · da5dc0c4
  Sergio Oliveira authored Jul 31, 2020
```
Fix service tests.
```
  da5dc0c4
Jul 30, 2020
- Remove usage of external host name. · 70e3e1a5
  Rafael Guterres Jeffman authored Jul 30, 2020
```
The name "www.ansible.com" was used as a host, but this required
that DNS forwarding is enabled and configured to test serivces
for hosts that have an IP address but are not host objects in IPA. 
This change set a a host name that lies in the testing domain, and has 
an IP address defined, buth is not added as a host object,
so the forwarding DNS configuration is not needed for this test.
```
  70e3e1a5
- Add test to verify service disable idempotency. · 8852fa6e
  Rafael Guterres Jeffman authored Jul 22, 2020
  
  8852fa6e
- Add an ip address required for SMB service test. · 19058f13
  Rafael Guterres Jeffman authored Jul 22, 2020
  
  19058f13
- Standardize passwords used in tests and examples. · 46427d10
  Rafael Guterres Jeffman authored Jul 22, 2020
  
  46427d10
- Merge pull request #307 from seocam/molecule-tests · 3633ba5a
  Thomas Woerner authored Jul 30, 2020
```
Running upstream tests on Azure pipelines
```
  3633ba5a
Jul 28, 2020

Added information about Ansible 2.10.0a1 bug on Azure. · 627c6441

Rafael Guterres Jeffman authored Jul 03, 2020

Added comment about problem with no_log in Azure CI. While running on CI
using ansible 2.10a the content of attributes with no_log=True is
replaced by ***** on ansible causing test failures.

627c6441

Added upstream tests to azure pipelines · 5a5fbfb2

Sergio Oliveira Campos authored Jun 24, 2020

* Moved azure CI definitions from azure-pipelines.yml to
  tests/azure/azure-pipelines.yml.
* Updated azure CI definitions to run playbook tests using docker
  containers.

5a5fbfb2

Allow to run tests in Docker · 8e08868e

Sergio Oliveira Campos authored Jun 24, 2020

* Adapted tests/test_playbook_runs.py script to allow tests to be
  executed from a docker container.
* Added molecule scenarios to create/destroy test containers and
  respective documentation in tests/README.md.

8e08868e

Fixed broken host address. · b8f96c62
Sergio Oliveira Campos authored Jul 24, 2020

b8f96c62

Added missing reverse zones tests setup · fd28559e

Sergio Oliveira Campos authored Jul 24, 2020

In some case the tests needs to have the class A, B and C of reverse DNS
set in order to function properly. Those missing classes where
added/updated in dnsrecord, services and host tests.

fd28559e

Fixed wrong/missing ipaadmin_password in tests · 5d6adee1
Sergio Oliveira Campos authored Jul 24, 2020

5d6adee1

Replaced groups.ipaserver[0] by ansible_fqdn. · 7a6036f7

Sergio Oliveira Campos authored Jul 24, 2020

Since we are using docker for running the tests we can no longer rely on
groups.ipaserver[0] as the managed host hostname.

7a6036f7

Jul 27, 2020

Merge pull request #300 from t-woerner/oel-support · 4e89da85
Rafael Guterres Jeffman authored Jul 27, 2020
```
ipa[server,replica,client]: New OracleLinux vars files
```
4e89da85
Merge pull request #327 from rjeffman/fix_ipagroup_nonposix_external · 5b5cce19
Thomas Woerner authored Jul 27, 2020
```
Add support for IPA CLI option `posix`.
```
5b5cce19

Add support for IPA CLI option `posix`. · 8c889e9b

Rafael Guterres Jeffman authored Jul 23, 2020

This patch adds suport for the IPA CLI option `posix` when modifying
an existing group. Also, enhances verification of `external` and
`posix/non-posix` groups to avoid unneded API failures (e.g. when
no change to the posix/external status is needed).

A new test was added:

    tests/group/test_group_external_nonposix.yml

8c889e9b

ipa[server,replica,client]: New OracleLinux vars files · 643b3f95
Thomas Woerner authored Jun 10, 2020
```
These are links to the Red Hat Enterprise linux files.
```
643b3f95

Jul 22, 2020
- Merge pull request #288 from rjeffman/iparole · 0f369197
  Sergio Oliveira authored Jul 21, 2020
```
New Role management module
```
  0f369197
Jul 21, 2020

New Role management module · b33c5a7b

Rafael Guterres Jeffman authored Apr 16, 2020

There is a new role management module placed in the plugins folder:

    plugins/modules/iparole.py

The role module allows to ensure presence or absence of roles and
manage role members.

Here is the documentation for the module:

    README-role.md

New example playbooks have been added:

    playbooks/role/role-is-absent.yml
    playbooks/role/role-is-present.yml
    playbooks/role/role-member-group-absent.yml
    playbooks/role/role-member-group-present.yml
    playbooks/role/role-member-host-absent.yml
    playbooks/role/role-member-host-present.yml
    playbooks/role/role-member-hostgroup-absent.yml
    playbooks/role/role-member-hostgroup-present.yml
    playbooks/role/role-member-privilege-absent.yml
    playbooks/role/role-member-privilege-present.yml
    playbooks/role/role-member-service-absent.yml
    playbooks/role/role-member-service-present.yml
    playbooks/role/role-member-user-absent.yml
    playbooks/role/role-member-user-present.yml
    playbooks/role/role-members-absent.yml
    playbooks/role/role-members-present.yml
    playbooks/role/role-rename.yml

New tests for the module:

    tests/role/test_role.yml
    tests/role/test_role_service_member.yml

b33c5a7b

Merge pull request #323 from t-woerner/external_ca_password_with_FIPS · 97601ceb
Thomas Woerner authored Jul 21, 2020
```
tests/external-signed-ca-../external-ca.sh: Password too weak in FIPS…
```
97601ceb

tests/external-signed-ca-../external-ca.sh: Password too weak in FIPS mode · ffba096d

Thomas Woerner authored Jul 21, 2020

The password that is used in the script to generate the CA and also sign
the CSR is not strong enough in FIPS mode. In normal mode the password was
ok, though.

In FIPS mode the password needs to have at least one upper, lower, digit
and a special char.

ffba096d

Jul 16, 2020
- Merge pull request #305 from aryklein/master · 5364cf80
  Sergio Oliveira authored Jul 16, 2020
```
Fix variable name error
```
  5364cf80
- Merge pull request #316 from rjeffman/terminology · ab1b2457
  Sergio Oliveira authored Jul 16, 2020
```
Terminology improvements: use allow list.
```
  ab1b2457
Jul 09, 2020
- Merge pull request #317 from t-woerner/ipareplica_fix_missing_parameters · 22ec1c50
  Rafael Guterres Jeffman authored Jul 09, 2020
```
ipareplica: Fix missing parameters for several modules
```
  22ec1c50
Jul 07, 2020

ipareplica: Fix missing parameters for several modules · 7a2eaa6f

Thomas Woerner authored Jul 07, 2020

The parameters master_host_name, config_setup_ca, dirman_password have not
been set for some modules. Also there was no ldap2 connection within
ipareplica_setup_kra. All this resulted in improper configuration where
for example KRA deployment failed in the end.

A conversion warning in ipareplica_setup_adtrust has also been fixed for
the setup_ca parameter.

Fixes #314 (IPA replica installation failure - DS enabled SSL - second part)

7a2eaa6f

Terminology improvements: use allow list. · c8ae3c3a

Rafael Guterres Jeffman authored Jul 07, 2020

Adhere to recent changes on FreeIPA CLI help messages.
Also, see: https://tools.ietf.org/id/draft-knodel-terminology-01.html

c8ae3c3a

Jul 02, 2020

Merge pull request #313 from t-woerner/fix_ca_less_pkcs12_info_regressions · 4d8a4a14
Rafael Guterres Jeffman authored Jul 02, 2020
```
ipa[server,replica]: Fix pkcs12 info regressions introduced with CA-less
```
4d8a4a14

ipa[server,replica]: Fix pkcs12 info regressions introduced with CA-less · 8ce5fd14

Thomas Woerner authored Jul 02, 2020

With the CA-less patches the types for the pkcs12 infos have been changed
to lists in the modules. This is resulting in a bad conversion from None
to [''] for the parameters. Because of this a normal replica deployment is
failing as [''] is not a valid value.

The install.yml files for ipareplica and also ipaserver have been changed
in the way that the pkcs12 values are checked if they are None. The
parameter will simply be omitted in this case and the parameter in the
module will become None by default.

8ce5fd14

Jul 01, 2020
- Merge pull request #312 from t-woerner/ansible_action_module_discovered_python · ffa0c6ee
  Varun Mylaraiah authored Jul 01, 2020
```
action_plugins/ipaclient_get_otp: Discovered python needed in task_vars
```
  ffa0c6ee
Jun 30, 2020

action_plugins/ipaclient_get_otp: Discovered python needed in task_vars · 80aac15d

Thomas Woerner authored Jun 30, 2020

Ansible is now also supporting discovered_python_interpreter for
action_plugins. task_vars needs to be non Null and contain a setting for
discovered_python_interpreter. The ipaclient_get_otp action_plugin
therefore needed to be adapted.

80aac15d

Merge pull request #311 from rjeffman/service_fix_krb5_ticket · 097a3426
Sergio Oliveira authored Jun 29, 2020
```
Fixes ipaservice disable tests.
```
097a3426

Fixes ipaservice disable tests. · 957b5910

Rafael Guterres Jeffman authored Jun 29, 2020

Due to use of some shell commands that required a Kerberos ticket,
the ipaservice test test_service_disable would no work if a ticket
was not granted before it ran. This patch adresses this issue by
acquiring a ticket for the `admin` user before it is needed, and
destroying the tickets by the end of the test execution.

957b5910

Jun 29, 2020

Merge pull request #310 from t-woerner/fail_on_duplicate_names · 464eae16
Thomas Woerner authored Jun 29, 2020
```
ipa[user,host]: Fail on duplucate names in the users and hosts lists
```
464eae16
Merge pull request #309 from t-woerner/fix_membermanager_unknown_user_issue · 0303f153
Rafael Guterres Jeffman authored Jun 29, 2020
```
ipa[host]group: Fix membermanager unknow user issue
```
0303f153

ipa[host]group: Fix membermanager unknow user issue · 6132a947

Thomas Woerner authored Jun 29, 2020

If a unknown membermanager user presence will be ensured, the unknown user
error was ignored. This has been fixed in ipagroup. The code for the error
handling in ipagroup and ipahostgroup has been adapted because of this.

New tests for tests/[host]group/test_[host]group_membermnager.yml have been
added.

6132a947

Merge pull request #306 from rjeffman/vault_change_password · c97a15f8
Sergio Oliveira authored Jun 29, 2020
```
Add suppport for changing password of symmetric vaults.
```
c97a15f8

Add suppport for changing password of symmetric vaults. · 78b635ae

Rafael Guterres Jeffman authored Jun 23, 2020

Allows changing passwords of symmetric waults, using a new variable
`new_password` (or the file-base version, `new_password_file`). The
old password must be passed using the `password` or `password_file`
variables that also received new aliases `old_password` and
`old_password_file`, respectively.

Tests were modyfied to reflect the changes.

78b635ae

ipa[user,host]: Fail on duplucate names in the users and hosts lists · 1d7fb31b

Thomas Woerner authored Jun 29, 2020

It was possible to have several entries for names with the hosts and users
lists. This resulted sometimes in errors but also unexpected changes. A new
check has been added to make sure that the names in the users and hosts
lists are unique.

New tests have been added to verify this in the existing files:
- tests/host/test_hosts.yml
- tests/user/test_users.yml

1d7fb31b

Jun 27, 2020
- Merge pull request #308 from rjeffman/ipaservice_fix_service_disable · 34f1a456
  Sergio Oliveira authored Jun 26, 2020
```
Fixes service disable when service has no certificates attached.
```
  34f1a456
- Merge pull request #304 from rjeffman/fix_forwardzone_issues · 9b69caff
  Sergio Oliveira authored Jun 26, 2020
```
Fix forwardzone issues
```
  9b69caff