- Mar 05, 2020
-
-
Rafael Guterres Jeffman authored
There is a new vaultcontainer management module placed in the plugins folder: plugins/modules/ipadnsconfig.py The dnsconfig module allows to modify global DNS configuration. Here is the documentation for the module: README-dnsconfig.md New example playbooks have been added: playbooks/dnsconfig/set_configuration.yml playbooks/dnsconfig/disable-global-forwarders.yml playbooks/dnsconfig/disallow-reverse-sync.yml New tests for the module: tests/dnsconfig/test_dnsconfig.yml
-
- Feb 28, 2020
-
-
Rafael Guterres Jeffman authored
Unite admin passwords
-
Thomas Woerner authored
test_pwpolicy: unite admin passwords
-
Thomas Woerner authored
New service management module.
-
Rafael Guterres Jeffman authored
There is a new service management module placed in the pluginsfolder: plugins/modules/ipaservice.py The service module allows to ensure presence and absence of services, and manage members and certificates of the service. Here is the documentation for the module: README-service.md New example playbooks have been added: playbooks/service/service-host-is-absent.yml playbooks/service/service-host-is-present.yml playbooks/service/service-is-absent.yml playbooks/service/service-is-disabled.yml playbooks/service/service-is-present-with-all-attributes.yml playbooks/service/service-is-present-without-host-object.yml playbooks/service/service-is-present.yml playbooks/service/service-member-allow_create_keytab-absent.yml playbooks/service/service-member-allow_create_keytab-present.yml playbooks/service/service-member-allow_retrieve_keytab-absent.yml playbooks/service/service-member-allow_retrieve_keytab-present.yml playbooks/service/service-member-certificate-absent.yml playbooks/service/service-member-certificate-present.yml playbooks/service/service-member-principal-absent.yml playbooks/service/service-member-principal-present.yml New tests added for the module: tests/service/test-service.yml
-
- Feb 26, 2020
-
-
Thomas Woerner authored
Properly handle certificates stored as bytes in encode_certificate.
-
Thomas Woerner authored
Use SomeADMINpassword as the admin password also in the examples in the management modules.
-
Thomas Woerner authored
Use SomeADMINpassword as the admin password everywhere, also in all playbooks.
-
Thomas Woerner authored
Use SomeADMINpassword as the admin password everywhere, also in the README files.
-
Thomas Woerner authored
The tests have been using MyPassword123 and also SomeADMINpassword within the tasks of the tests. SomeADMINpassword should be used everywhere.
-
Petr Vobornik authored
One test did not use the admin password as the rest of the tests. This caused the tests/pwpolicy/test_pwpolicy.yml suite to fail. Changing the password to the same as in others fixes the issue. Signed-off-by: Petr Vobornik <pvoborni@redhat.com>
-
- Feb 20, 2020
-
-
Rafael Guterres Jeffman authored
ipahost: Do not fail on missing DNS or zone when no IP address given
-
Thomas Woerner authored
For beeing able to catch ipalib.errors.NotFound errors in ipahost it is needed to import ipalib.errors. ipalib.errors is now imported as ipalib_errors to not have name conflicts with the errors list used in some of the modules. Related: https://bugzilla.redhat.com/show_bug.cgi?id=1804838
-
Thomas Woerner authored
If no IP address is given and either DNS is not configured or if the zone is not found then ipahost may not fail in dnsrecord_find. The error happened for example by ensuring the absence of a host that is not part of the domain or for a host that has been added with force and is using a domain that is not served by the DNS server in the domain. It also happened if there was no DNS server in the domain at all. A new test case has been added to test_host_ipaddresses.yml The fix requires ipalib_errors provided by ansible_freeipa_module. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1804838
-
- Feb 14, 2020
-
-
Varun Mylaraiah authored
ipahost: Fail on action member for new hosts, fix dnsrecord_add reverse flag
-
Thomas Woerner authored
The check to make sure that member can not be used on non existing hosts has bee missing. Also the reverse flag for the dnsrecord_add call was None if the varaible was not set. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1803026
-
Varun Mylaraiah authored
ipahost: Add support for several IP addresses and also to change them
-
- Feb 13, 2020
-
-
Rafael Guterres Jeffman authored
This change is needed to properly handle base64 encoding of certificates stored as bytes, under Python 3, as used by IPA service. It does not affect Python 2.7 as bytes are identical to str in this version of the language. When retireving certificates stored by FreeIPA service data is returned as bytes, under Python 3, and encoding then breaks, as there is no bytes.public_bytes method. In Python 3, encoding with base64 will be the same for strings and bytes.
-
Thomas Woerner authored
Modify roles README for consistency.
-
Thomas Woerner authored
host1 was used instead of host5 in the repeated host5 test. This lead to an error with the new IP address handling in ipahost. It was correctly reporting a change for host1 which resulted in a failed test.
-
Thomas Woerner authored
ipahost was so far ignoring IP addresses when the host already existed. This happened because host_mod is not providing functionality to do this. Now ipaddress is a list and it is possible to ensure a host with several IP addresses (these can be IPv4 and IPv6). Also it is possible to ensure presence and absence of IP addresses for an exising host using action member. There are no IP address conclict checks as this would lead into issues with updating an existing host that already is using a duplicate IP address for example for round-robin (RR). Also this might lead into issues with ensuring a new host with several IP addresses in this case. Also to ensure a list of hosts with changing the IP address of one host to another in the list would result in issues here. New example playbooks have been added: playbooks/host/host-present-with-several-ip-addresses.yml playbooks/host/host-member-ipaddresses-absent.yml playbooks/host/host-member-ipaddresses-present.yml A new test has been added for verification: tests/host/test_host_ipaddresses.yml Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1783976 https://bugzilla.redhat.com/show_bug.cgi?id=1783979
-
Rafael Guterres Jeffman authored
tests: Fix top name tags in tests
-
Rafael Guterres Jeffman authored
Modify examples in server and replica roles for consistency with client role, by defining language for code blocks.
-
- Feb 11, 2020
-
-
Varun Mylaraiah authored
ansible_freeipa_module: Fix comparison of bool parameters in compare_…
-
Thomas Woerner authored
Bool types are not iterable. Therefore the comparison using sets was failing with a TypeError. This prevented to change the bool parameters for hosts. A test for the host module has been added to verify that the bool parameters can be modified. New test: tests/host/test_host_bool_params.yml Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1784514
-
Thomas Woerner authored
Most tests have simply been using the Tests as name, but this there is a lack of information in automated runs. The name should be similar to the test file name.
-
- Feb 07, 2020
-
-
Rafael Guterres Jeffman authored
ipahbacrule: Fix handing of members with action hbacrule
-
Thomas Woerner authored
Changing members (host, hostgroup, hbacsvc, hbacsvcgroup, user, group) with action hbacrule was not working due to the use of the wrong parameter prefix. This has been fixed and the old members are removed correctly now. The test script has been reworked completely to verify the fix. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1787996
-
Rafael Guterres Jeffman authored
ipapwpolicy: Use global_policy if name is not set
-
- Feb 06, 2020
-
-
Thomas Woerner authored
If the name is not set, the policy global_policy is now used. It was needed before to explicitly name the global_policy. Also a check has been added to fail early if global_policy is used with state absent. The README for pwpolicy has been extended with an example for global_policy and also the description of the name variable. The test has also been extended to check a change of maxlife for global_policy and that global_policy can not be used with state: absent Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1797532
-
- Feb 04, 2020
-
-
Thomas Woerner authored
Add missing attributes to ipasudorule.
-
- Feb 03, 2020
-
-
Rafael Guterres Jeffman authored
ipareplica: Use ipaserver_realm as a fallback for realm
-
Rafael Guterres Jeffman authored
This patch adds the following attributes to ipasudorule: - order - sudooption - runasuser - runasgroup It also fixes behavior of sudocmd assigned to the the sudorule, with the adittion of the attributes: - allow_sudocmds - deny_sudocmds - allow_sudocmdgroups - deny_sudocmdgroups README-sudorule and tests have been updated to comply with the changes.
-
- Jan 23, 2020
-
-
Thomas Woerner authored
Use ipaserver_realm as a fallback if ipareplica_realm is not defined. This had been done for ipareplica_domain and ipaserver_domain, but was missing for ipareplica_realm and ipaserver_realm. Related: #114 (ipareplica 'Env' object has no attribute 'realm')
-
- Jan 17, 2020
-
-
Rafael Guterres Jeffman authored
Add missing validation in ipasudocmd
-
- Jan 16, 2020
-
-
Jesús Marín authored
This fixes the issue https://github.com/freeipa/ansible-freeipa/issues/185, where the python script was launching an exception There was a lack of verification that the input string (for the description) was a text string
-
- Dec 30, 2019
-
-
Varun Mylaraiah authored
-
- Dec 24, 2019
-
-
Rafael Guterres Jeffman authored
ipahost: Enhanced failure msg for member params used without member action.
-
Rafael Guterres Jeffman authored
ipahost: Fix choices of auth_ind parameter, allow to reset parameter
-
- Dec 23, 2019
-
-
Rafael Guterres Jeffman authored
ipauser: Allow reset of userauthtype, do not depend on first,last for…
-