- Mar 02, 2023
-
-
Thomas Woerner authored
The way how randompasswords are returned by the ipauser module depends so far on the number of users that are handled by the module. This is unexpected if for example a json file is provided with the users parameter. As it might be unknown how many users are in the json file, this behaviour is unexpected. The return should not vary in this case. This chamge makes the return simply depend on the use of the users paramater. As soon as this parameter is used, the return will always be: "user": { "<the user>": { "randompassword": "<the user random password>" } } In the simply case with one user it will be still "user": { "randompassword": "<the user random password>" } Fixes: #1052 (ipauser should consitently return randompasswords when used with users)
-
- Feb 21, 2023
-
-
Rafael Guterres Jeffman authored
ansible-lint is issuing an warning when using '# noqa 505' instead of '#noqa missing-import' on playbooks. This patch changes all occurrences of the tag to use the newer format.
-
- Jan 17, 2023
-
-
Thomas Woerner authored
This replaces double spaces by single spaces, fixes spaces in slices, adds spaces before brackets and fixes bracket placing in when clauses.
-
- Dec 20, 2022
-
-
Thomas Woerner authored
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is ansible.builtin.set_fact instead of set_fact for example and aplies for all actions that are part of ansible.builtin. All the replaced ansible.builtins: assert, command, copy, debug, fail, fetch, file, import_playbook, import_tasks, include_role, include_tasks, include_vars, package, set_fact, shell, slurp, stat, systemd
-
- Nov 17, 2022
-
-
Rafael Guterres Jeffman authored
The parameter 'warn' from ansible.builtin.shell was deprecated in ansible-core version 2.11 and removed in version 2.14. This patch removes the usage of this parameter from ansible-freeipa tests, and adds 'deprecated-command-syntax' to the skip list of ansible-lint configuration to cope with the change in the linter.
-
- Apr 26, 2022
-
-
Rafael Guterres Jeffman authored
Due to a change in 'ansible_freeipa_module.compare_args_ipa', playbook parameters using empty strings are correctly evaluated, and do not need to be removed before comparison is performed. A new test playbook, with tests for clearing attributes with an empty string ("") is available at: tests/user/test_user_empty_lists.yml
-
- Feb 24, 2022
-
-
Thomas Woerner authored
The parameters userauthtype and sshpubkey allowing to use "" to reset to the default value. The new check in params_get is not allowing to use empty strings in lists, therefore allow_empty_string=True had to be added to the call. A test has been added to verify that the empty strings are supported and working. An idempotency issue with sshpubkey has been found with the test and fixed additionally.
-
- Jan 25, 2022
-
-
Rafael Guterres Jeffman authored
When trying to ensure 'state: absent' with 'preserved: yes' in ipauser, after the first execution the playbook would fail with "user is already present". Similar idempotence issue would happen when 'state: undelete' was used. This PR fixes both issues, and improve tests for the states where user is preserved, enabled and disabled. The 'find_user' function now uses IPA API 'user_show' instead of 'user_find' so that only the requested user is actually returned.
-
- Jan 20, 2022
-
-
Thomas Woerner authored
The client context on server test is failing with a date that is expired. The server context on server test is not failing. Setting an expired date with the command line is possible though.
-
- Nov 24, 2021
-
-
Thomas Woerner authored
This patch is needed to pass Automation Hub tests.
-
- Oct 01, 2021
-
-
Rafael Guterres Jeffman authored
When running the tests that can be executed either on server or client context, without defining 'ipa_context', the context is automatically identified. Currently, the tests in upstream CI run only on a server, and the context is identified as "server" context, and in order to run the test using a client context 'ipa_context' must be set to 'client'. This patch fixes all the client context tests by correctly setting ipa_context when running the client context tests in a server host.
-
- Sep 29, 2021
-
-
Rafael Guterres Jeffman authored
Some tests for ipahost and ipauser modules, related to certificates had the verification part disabled. This patch enable these verifications.
-
Rafael Guterres Jeffman authored
This patch fixes yamllint's "line too long" (line-lenght) warnings by ensuring all lines in YAML files have, at most, 160 characters. If a line cannot be written as a multiline block, line-length rule evaluation is disabled for the specific line, both on yamllint and on ansible-lint.
-
Rafael Guterres Jeffman authored
-
Rafael Guterres Jeffman authored
This patch adds 'name' to all test playbook tasks that did not have it, fixing ansible-lint's error 'unnamed-task'.
-
- Sep 28, 2021
-
-
Rafael Guterres Jeffman authored
Update user README file and add tests for executing plugin with `ipaapi_context` set to `client`. A new test playbook can be found at: tests/user/test_user_client_context.yml The new test file can be executed in a FreeIPA client host that is not a server. In this case, it should be defined in the `ipaclients` group, in the inventory file.
-
- Aug 11, 2021
-
-
Thomas Woerner authored
json_query is not part of Ansible Core. As this is the only used module that is not in Core it has been replaced by constructig a new dict with the needed user names from users dict using a loop and set_fact.
-
- May 26, 2021
-
-
Thomas Woerner authored
For failed_when result.failed should be used to make sure that the task fails if there was an error.
-
Thomas Woerner authored
For failed_when result.failed should be used to make sure that the task fails if there was an error. For the "Duplicate names in users failure test" failed_when: not result.failed has been added as this test needs to fail.
-
Thomas Woerner authored
For failed_when result.failed should be used to make sure that the task fails if there was an error.
-
Thomas Woerner authored
For failed_when result.failed should be used to make sure that the task fails if there was an error.
-
Thomas Woerner authored
For failed_when result.failed should be used to make sure that the task fails if there was an error.
-
Thomas Woerner authored
For failed_when result.failed should be used to make sure that the task fails if there was an error.
-
Thomas Woerner authored
For failed_when result.failed should be used to make sure that the task fails if there was an error.
-
Thomas Woerner authored
For failed_when result.failed should be used to make sure that the task fails if there was an error.
-
Thomas Woerner authored
For failed_when result.failed should be used to make sure that the task fails if there was an error. Fixed also "User test cert members present again" task, it was failing due to also having first and last parameters with action: member.
-
- Nov 19, 2020
-
-
Thomas Woerner authored
The file lookup is by default setting `rstrip=True` which could lead into a stripped new line. This is not happening always but resulted in failed tests sometimes with certificates pasted to the b64encode filter. For calls of lookup in the certificae tests `rstrip=False` has been added to make sure that this is not happening any more. Not in test_dnsrecord as lookup(..., rstrip=False) is adding a new line if there was not a new line and this is an issue for dnsrecord. The user and host tests have also been simplified to create the base64 encoded file in the beginning and use this file then later on in the tests without the need to use the b64encode filter. Ref: https://github.com/ansible/ansible/issues/57521#issuecomment-502238000
-
- Sep 26, 2020
-
-
Rafael Guterres Jeffman authored
This patch adds Ansible tasks to create and remove self-signed certificates, instead of using previously created certificates. The certificates are then `lookup`, instead of being used inline in the playbooks. Playbooks are easier to read and maintain with this changes, and there is no need to change the playbooks, if a certificate expires.
-
- Sep 04, 2020
-
-
Thomas Woerner authored
users.json is generated for the tests and not part of the repo any more. This test was lacking the include to generate the file. Related to: b7e1a99b tests/user/test_users*.yml: Use extended dynamic users.json
-
- Aug 21, 2020
-
-
Thomas Woerner authored
test_users_absent.yml was using users_absent.json. It has been adapted to use users.json instead with an additional json_query to get only the names from users_present.json. create_users_json.yml has been added to create users.json if it is missing containing 500 users. It is included by test_users_present.yml and test_users_absent.yml. users_present.sh has been renamed to users.sh and modified to create by default users.json with 1000 users and additional with password and passwordexpiration in two years. jmespath has been added to pip install list in tests/azure/templates/playbook_tests.yml to emable the use of json_query. The requirement for jmespath has been added to tests/README.md.
-
- Jun 29, 2020
-
-
Thomas Woerner authored
It was possible to have several entries for names with the hosts and users lists. This resulted sometimes in errors but also unexpected changes. A new check has been added to make sure that the names in the users and hosts lists are unique. New tests have been added to verify this in the existing files: - tests/host/test_hosts.yml - tests/user/test_users.yml
-
- May 12, 2020
-
-
Thomas Woerner authored
certmapdata was not processed properly. The certificate was not loaded and therefore the `issuer` and `subject` could not be compared to the certmapdata entries in the user record. The function `load_cert_from_str` from ansible_freeipa_moduleis used for this. Additionally there was no way to use the certmapdata data format. This is now possible with the `data` option in the certmapdata dict. Example: "data: X509:<I>dc=com,dc=example,CN=ca<S>dc=com,dc=example,CN=test" `data` may not be used together with `certificate`, `issuer` and `subject` in the same record. Given certmapdata for the ipauser module is now converted to the internal data representation using also the new function `DN_x500_text` from `ansible_freeipa_module`. New functions `convert_certmapdata` and `check_certmapdata` have been added to ipauser. tests/user/certmapdata/test_user_certmapdata.yml has been extended with additional tasks to verify more complex issuer and subjects and also using the data format.
-
- May 06, 2020
-
-
Thomas Woerner authored
Because of a missing check member attributes (for use with action: member) are cleared when a non-member attribute is changed. The fix simply adds a check for None (parameter not set) to gen_add_del_lists in ansible_freeipa_module to make sure that the parameter is only changed if it should be changed. All places where the add and removal lists have been generated manually have been changed to also use gen_add_del_lists. Resolves: #252 (The "Manager" attribute is removed when updating any user attribute)
-
- Feb 26, 2020
-
-
Thomas Woerner authored
The tests have been using MyPassword123 and also SomeADMINpassword within the tasks of the tests. SomeADMINpassword should be used everywhere.
-
- Feb 11, 2020
-
-
Thomas Woerner authored
Most tests have simply been using the Tests as name, but this there is a lack of information in automated runs. The name should be similar to the test file name.
-
- Nov 20, 2019
-
-
Thomas Woerner authored
The random password is only returned if random is yes and user did not exist or update_password is yes. If only one user is handled by the module, the returned dict is containing this dict: { "randompassword": "<the user random password>" } If several users are handled by the module: { "<user>": { "randompassword": "<the user random password>" } } This is related to issue #134 (ipahost does not return the random password)
-
- Nov 09, 2019
-
-
Chris Chapman authored
-
- Nov 08, 2019
-
-
Chris Chapman authored
-
- Oct 21, 2019
-
-
Thomas Woerner authored
The ipauser module now supports all user settings and additionally to ensure the presence of several users with the new users setting. The users setting can also be used with other states, but it has to be limited to only contain the name of the users. There updated user management module is placed in the plugins folder: plugins/modules/ipauser.py The user module now additionally allows to handle these user settings: initials principalexpiration random city userstate postalcode mobile pager fax orgunit manager carlicense sshpubkey userauthtype userclass radius radiususer departmentnumber employeenumber employeetype preferredlanguage certificate certmapdata noprivate nomembers Here is the updated documentation for the module: README-user.md New example playbooks have been added: playbooks/user/user_certificate_absent.yml playbooks/user/user_certificate_present.yml playbooks/user/user_present.yml playbooks/user/users_absent.yml playbooks/user/users_certificate_absent.yml playbooks/user/users_certificate_present.yml playbooks/user/users_present.yml plugins/modules/ipauser.py New tests added for ipauser: tests/user/certificate/cert1.der tests/user/certificate/cert1.pem tests/user/certificate/cert2.der tests/user/certificate/cert2.pem tests/user/certificate/cert3.der tests/user/certificate/cert3.pem tests/user/certificate/private1.key tests/user/certificate/private2.key tests/user/certificate/private3.key tests/user/certificate/test_user_certificate.yml tests/user/certificate/test_users_certificate.yml tests/user/certmapdata/test_user_certmapdata.yml tests/user/certmapdata/test_user_certmapdata_issuer_subject.yml tests/user/certmapdata/test_users_certmapdata.yml tests/user/test_user.yml tests/user/test_users.yml tests/user/test_users_absent.yml tests/user/test_users_invalid_cert.yml tests/user/test_users_present.yml tests/user/test_users_present_slice.yml tests/user/users_absent.json tests/user/users_absent.sh tests/user/users_present.json tests/user/users_present.sh
-