permission: Fix idempotency issues for DN parameters

README-service.md: Add multi service handling

Convert input certificates

ansible_freeipa_module: Fix errors in batch mode

Fixes for FreeIPA 4.12

The EXAMPLES section only contained a very simple example for multi
service handling. The examples from the README have been added.

The service READNE so far lacks the documentation of multi service
handling within a single task.

The alias for the continue parameter was also added.

Fixes: #1113

Bump minimum supported Ansible version

ansible-freeipa roles do not work with Ansible 2.8 anymore, so the
minimum supported version is changed to 2.15, the oldest supported
Ansible version as of today.

This patch updates the minimum supported Ansible version and the list
of available modules.

ansible-freeipa roles do not work with Ansible 2.8 anymore, so the
minimum supported version is changed to 2.15, the oldest supported
Ansible version as of today.

ansible-freeipa roles do not work with Ansible 2.8 anymore, so the
minimum supported version is changed to 2.15, the oldest supported
Ansible version as of today.

ansible-freeipa roles do not work with Ansible 2.8 anymore, so the
minimum supported version is changed to 2.15, the oldest supported
Ansible version as of today.

ansible-freeipa roles do not work with Ansible 2.8 anymore, so the
minimum supported version is changed to 2.15, the oldest supported
Ansible version as of today.

ansible-freeipa roles do not work with Ansible 2.8 anymore, so the
minimum supported version is changed to 2.15, the oldest supported
Ansible version as of today.

ansible-freeipa roles do not work with Ansible 2.8 anymore, so the
minimum supported version is changed to 2.15, the oldest supported
Ansible version as of today.

ansible-freeipa roles do not work with Ansible 2.8 anymore, so the
minimum supported version is changed to 2.15, the oldest supported
Ansible version as of today.

This patch includes the change to the version number in the collection
and all plugin README files. The collection README was also update to
remove text that related only to previous Ansible versions.

The parameters

- subtree (ipapermlocation)
- target (ipapermtarget)
- targetto (ipapermtargetto)
- targetfrom (ipapermtargetfrom)

have not been idempotent as the result returned from permission_show was
a DN and not a string.

The find_permission function has been exetended to convert the values
for these parameters to strings.

Fixes: #1257

The error string returned by execute_ipa_commands in batch mode
additionally contains the whole parameter list for the command. This is
different to non batch mode execution and breaks tests that are checking
the returned error message.

A left over debug message also have been removed from the error
processing.

Certificates given by ansible could have leading and trailing white
space, but also multi line input is possible that also could have
leading and training white space and newlines.

Certificates given by ansible could have leading and trailing white
space, but also multi line input is possible that also could have
leading and training white space and newlines.

Certificates given by ansible could have leading and trailing white
space, but also multi line input is possible that also could have
leading and training white space and newlines.

Certificates given by ansible could have leading and trailing white
space, but also multi line input is possible that also could have
leading and training white space and newlines.

Certificates given by ansible could have leading and trailing white
space, but also multi line input is possible that also could have
leading and training white space and newlines.

New function:
- convert_input_certificates(module, certs, state)

FreeIPA commit ea0bf4020ce0b1e32572e128e9323c5af60ec93d

    After an HSM replica install ensure all certs are visible

    If a certificate on a token does not have NSS trust set then
    it won't be visible in the softoken. This can be disconcerting
    for those used to seeing all the certificates.

    Loop through the possibilities and set no trust (or Peer) for
    all the certificates on the token.

    Also ensure that the CA certificate has the correct nickname.

    Related: https://pagure.io/freeipa/issue/9273

replicainstall.install_ca_cert has been removed, paths.IPA_CERTUPDATE is
called instead if the client was configured before deploying with
iparepica role.

FreeIPA commit 8f25b2a74a587548976f3d29f0b69d566d70125d

    Refactor CA file handling in replica installer

    Clean up and remove obsolete code from ipa-replica-install. For several
    versions replica installer first ensures that a host is an IPA client,
    then promotes the client to a replica. The client installer code sets up
    CA stores like IPA_CA_CRT already.

The config attributes config_master_host_name and also config_ca_host_name
are not changed within ipareplica_install_ca_certs, therefore it is not
needed to return them and also to use the returned values for following
tasks.

The HSM parameters

    token_name
    token_library_path
    token_password
    token_password_file

are set to None to enable deployment with IPA 4.12 as a workaround till
HSM can be fully supported by the ipaserver role.

utils/build-galaxy-release.sh: Fix unary operator expected (v2)

This fixes a bad tests if offline is not set:
utils/build-galaxy-release.sh: line 130: [: -ne: unary operator expected

Fixes f17f83d6

Bump linter tools versions an fix linter errors

Use batch command internally

pylint doesn't know that some functions may terminate execution, like,
AnsibleModule's fail_json, and assume that, depending on the code path,
some variables may not be initialized when used.

This change ensure that variables are always initialized independent of
the code path.

New versions of pylint ignore Python 2 functions and types, evaluating
'unicode' as "undefined". ansible-freeipa will always define 'unicode'
when running under Python 3, and it is always defined under Python 2.

This patch fixes these false positives.

Github actions checkout v3.1.0 and setup-python v4.3.0 use deprecated
Node.js 16.

Bumping version to checkout v4.1.1 and setup-python v5.1.0 fixes the
workflows, as both use the recommended Node.js 20.

The checkout depth has been set to 1 (shallow copy) for all tasks that
do not require git history to be available.

Bump version of ansible-lint, Flake8, Pylint and yamllint to newer
versions as used in Ansible tests.

The use of the batch command is enabled for execute_ipa_commands.

Additionally keeponly is set to ["randompassword"] as this is the only
parameter that is used from the data returned from the commands.

The use of the batch command is enabled for execute_ipa_commands.

Additionally keeponly is set to [] as nothing is used from the data returned
from the commands.

The use of the batch command is enabled for execute_ipa_commands.

Additionally keeponly is set to [] as nothing is used from the data returned
from the commands.