diff --git a/plugins/doc_fragments/ipamodule_base_docs.py b/plugins/doc_fragments/ipamodule_base_docs.py index 97aaffdd..59d95ca4 100644 --- a/plugins/doc_fragments/ipamodule_base_docs.py +++ b/plugins/doc_fragments/ipamodule_base_docs.py @@ -56,5 +56,5 @@ options: Continuous mode. Don't stop on errors. Valid only if `state` is `absent`. aliases: ["continue"] type: bool - default: True + default: true """ diff --git a/plugins/inventory/freeipa.py b/plugins/inventory/freeipa.py index f17421be..8cb2ec5b 100644 --- a/plugins/inventory/freeipa.py +++ b/plugins/inventory/freeipa.py @@ -32,8 +32,7 @@ ANSIBLE_METADATA = { DOCUMENTATION = """ --- name: freeipa -plugin_type: inventory -version_added: "1.13" +version_added: "1.13.0" short_description: Compiles a dynamic inventory from IPA domain description: | Compiles a dynamic inventory from IPA domain, filters servers by role(s). diff --git a/plugins/modules/ipacert.py b/plugins/modules/ipacert.py index c88d4d1e..6c9b760d 100644 --- a/plugins/modules/ipacert.py +++ b/plugins/modules/ipacert.py @@ -34,7 +34,7 @@ ANSIBLE_METADATA = { DOCUMENTATION = """ --- module: ipacert -short description: Manage FreeIPA certificates +short_description: Manage FreeIPA certificates description: Manage FreeIPA certificates extends_documentation_fragment: - ipamodule_base_docs @@ -67,6 +67,10 @@ options: description: Name of the issuing certificate authority. type: str required: false + chain: + description: Include certificate chain in output. + type: bool + required: false serial_number: description: | Certificate serial number. Cannot be used with `state: requested`. @@ -102,7 +106,6 @@ options: required: true type: str author: -authors: - Sam Morris (@yrro) - Rafael Guterres Jeffman (@rjeffman) """ diff --git a/plugins/modules/ipaidoverrideuser.py b/plugins/modules/ipaidoverrideuser.py index 49412ebd..9bae4c93 100644 --- a/plugins/modules/ipaidoverrideuser.py +++ b/plugins/modules/ipaidoverrideuser.py @@ -87,7 +87,7 @@ options: sshpubkey: description: List of SSH public keys type: list - element: str + elements: str required: False aliases: ["ipasshpubkey"] certificate: @@ -113,7 +113,7 @@ options: description: | Suppress processing of membership attributes. Valid only if `state` is `absent`. - type: str + type: bool required: False aliases: ["no_members"] action: diff --git a/plugins/modules/ipaidp.py b/plugins/modules/ipaidp.py index 8c0aea6b..b30d60aa 100644 --- a/plugins/modules/ipaidp.py +++ b/plugins/modules/ipaidp.py @@ -82,7 +82,6 @@ options: description: OAuth 2.0 client secret required: false type: str - no_log: true aliases: ["ipaidpclientsecret"] scope: description: OAuth 2.0 scope. Multiple scopes separated by space @@ -362,11 +361,11 @@ def main(): dev_auth_uri=dict(required=False, type="str", default=None, aliases=["ipaidpdevauthendpoint"]), token_uri=dict(required=False, type="str", default=None, - aliases=["ipaidptokenendpoint"]), + aliases=["ipaidptokenendpoint"], no_log=False), userinfo_uri=dict(required=False, type="str", default=None, aliases=["ipaidpuserinfoendpoint"]), keys_uri=dict(required=False, type="str", default=None, - aliases=["ipaidpkeysendpoint"]), + aliases=["ipaidpkeysendpoint"], no_log=False), issuer_url=dict(required=False, type="str", default=None, aliases=["ipaidpissuerurl"]), client_id=dict(required=False, type="str", default=None, diff --git a/plugins/modules/ipaservice.py b/plugins/modules/ipaservice.py index a9bcb2d9..1e270b5e 100644 --- a/plugins/modules/ipaservice.py +++ b/plugins/modules/ipaservice.py @@ -44,7 +44,7 @@ options: description: The service to manage type: list elements: str - required: true + required: false aliases: ["service"] services: description: The list of service dicts. @@ -167,6 +167,13 @@ options: type: list elements: str aliases: ["ipaallowedtoperform_read_keys_hostgroup"] + delete_continue: + description: + Continuous mode. Don't stop on errors. + Valid only if `state` is `absent`. + required: false + type: bool + aliases: ["continue"] certificate: description: Base-64 encoded service certificate. required: false diff --git a/roles/ipaclient/library/ipaclient_setup_nss.py b/roles/ipaclient/library/ipaclient_setup_nss.py index 0bee3b5f..052ac450 100644 --- a/roles/ipaclient/library/ipaclient_setup_nss.py +++ b/roles/ipaclient/library/ipaclient_setup_nss.py @@ -156,6 +156,7 @@ options: description: True if selinux status check passed required: false type: bool + default: false krb_name: description: The krb5 config file name type: str diff --git a/roles/ipareplica/library/ipareplica_create_ipa_conf.py b/roles/ipareplica/library/ipareplica_create_ipa_conf.py index 582a4124..84ba5556 100644 --- a/roles/ipareplica/library/ipareplica_create_ipa_conf.py +++ b/roles/ipareplica/library/ipareplica_create_ipa_conf.py @@ -51,6 +51,7 @@ options: type: list elements: str required: no + default: [] domain: description: Primary DNS domain of the IPA deployment type: str @@ -70,6 +71,7 @@ options: type: list elements: str required: no + default: [] no_host_dns: description: Do not use DNS for hostname lookup during installation type: bool @@ -97,6 +99,7 @@ options: type: list elements: str required: no + default: [] force_join: description: Force client enrollment even if already enrolled type: bool diff --git a/roles/ipareplica/library/ipareplica_install_ca_certs.py b/roles/ipareplica/library/ipareplica_install_ca_certs.py index db0fb54a..8aba576a 100644 --- a/roles/ipareplica/library/ipareplica_install_ca_certs.py +++ b/roles/ipareplica/library/ipareplica_install_ca_certs.py @@ -51,6 +51,7 @@ options: type: list elements: str required: no + default: [] domain: description: Primary DNS domain of the IPA deployment type: str @@ -70,6 +71,7 @@ options: type: list elements: str required: no + default: [] no_host_dns: description: Do not use DNS for hostname lookup during installation type: bool @@ -97,6 +99,7 @@ options: type: list elements: str required: no + default: [] force_join: description: Force client enrollment even if already enrolled type: bool @@ -156,6 +159,7 @@ options: type: list elements: str required: no + default: [] author: - Thomas Woerner (@t-woerner) ''' diff --git a/roles/ipareplica/library/ipareplica_prepare.py b/roles/ipareplica/library/ipareplica_prepare.py index d4464a93..ab772f73 100644 --- a/roles/ipareplica/library/ipareplica_prepare.py +++ b/roles/ipareplica/library/ipareplica_prepare.py @@ -53,6 +53,7 @@ options: type: list elements: str required: no + default: [] domain: description: Primary DNS domain of the IPA deployment type: str @@ -77,6 +78,7 @@ options: type: list elements: str required: no + default: [] no_host_dns: description: Do not use DNS for hostname lookup during installation type: bool @@ -104,6 +106,7 @@ options: type: list elements: str required: no + default: [] dirsrv_cert_name: description: Name of the Directory Server SSL certificate to install type: str @@ -118,6 +121,7 @@ options: type: list elements: str required: no + default: [] http_cert_name: description: Name of the Apache Server SSL certificate to install type: str @@ -132,6 +136,7 @@ options: type: list elements: str required: no + default: [] pkinit_cert_name: description: Name of the Kerberos KDC SSL certificate to install type: str @@ -182,6 +187,7 @@ options: type: list elements: str required: no + default: [] no_reverse: description: Do not create new reverse DNS zone type: bool @@ -197,6 +203,7 @@ options: type: list elements: str required: no + default: [] no_forwarders: description: Do not add any DNS forwarders, use root servers instead type: bool @@ -250,7 +257,7 @@ options: type: bool default: no required: no - client_configured: + ipa_client_installed: description: Was client configured already type: bool required: yes diff --git a/roles/ipareplica/library/ipareplica_setup_ca.py b/roles/ipareplica/library/ipareplica_setup_ca.py index cbecd797..3323daa7 100644 --- a/roles/ipareplica/library/ipareplica_setup_ca.py +++ b/roles/ipareplica/library/ipareplica_setup_ca.py @@ -127,6 +127,7 @@ options: type: list elements: str required: no + default: [] author: - Thomas Woerner (@t-woerner) ''' diff --git a/roles/ipareplica/library/ipareplica_setup_dns.py b/roles/ipareplica/library/ipareplica_setup_dns.py index 7dadafca..d8c643e5 100644 --- a/roles/ipareplica/library/ipareplica_setup_dns.py +++ b/roles/ipareplica/library/ipareplica_setup_dns.py @@ -61,6 +61,7 @@ options: type: list elements: str required: no + default: [] forward_policy: description: DNS forwarding policy for global forwarders type: str diff --git a/roles/ipareplica/library/ipareplica_setup_ds.py b/roles/ipareplica/library/ipareplica_setup_ds.py index 67e73a7e..64f5a61b 100644 --- a/roles/ipareplica/library/ipareplica_setup_ds.py +++ b/roles/ipareplica/library/ipareplica_setup_ds.py @@ -51,6 +51,7 @@ options: type: list elements: str required: no + default: [] domain: description: Primary DNS domain of the IPA deployment type: str @@ -70,6 +71,7 @@ options: type: list elements: str required: no + default: [] no_host_dns: description: Do not use DNS for hostname lookup during installation type: bool @@ -108,6 +110,7 @@ options: type: list elements: str required: no + default: [] force_join: description: Force client enrollment even if already enrolled type: bool @@ -176,6 +179,7 @@ options: type: list elements: str required: no + default: [] author: - Thomas Woerner (@t-woerner) ''' diff --git a/roles/ipareplica/library/ipareplica_setup_kra.py b/roles/ipareplica/library/ipareplica_setup_kra.py index 92fdfec5..866b4bc6 100644 --- a/roles/ipareplica/library/ipareplica_setup_kra.py +++ b/roles/ipareplica/library/ipareplica_setup_kra.py @@ -51,6 +51,7 @@ options: type: list elements: str required: no + default: [] domain: description: Primary DNS domain of the IPA deployment type: str @@ -70,6 +71,7 @@ options: type: list elements: str required: no + default: [] no_host_dns: description: Do not use DNS for hostname lookup during installation type: bool @@ -101,6 +103,7 @@ options: type: list elements: str required: no + default: [] force_join: description: Force client enrollment even if already enrolled type: bool diff --git a/roles/ipareplica/library/ipareplica_test.py b/roles/ipareplica/library/ipareplica_test.py index fabb52aa..a29368e7 100644 --- a/roles/ipareplica/library/ipareplica_test.py +++ b/roles/ipareplica/library/ipareplica_test.py @@ -42,6 +42,7 @@ options: type: list elements: str required: no + default: [] domain: description: Primary DNS domain of the IPA deployment type: str @@ -51,6 +52,7 @@ options: type: list elements: str required: no + default: [] realm: description: Kerberos realm name of the IPA deployment type: str @@ -66,6 +68,7 @@ options: type: list elements: str required: no + default: [] hidden_replica: description: Install a hidden replica type: bool @@ -112,18 +115,21 @@ options: type: list elements: str required: no + default: [] http_cert_files: description: File containing the Apache Server SSL certificate and private key type: list elements: str required: no + default: [] pkinit_cert_files: description: File containing the Kerberos KDC SSL certificate and private key type: list elements: str required: no + default: [] no_ntp: description: Do not configure ntp type: bool @@ -134,6 +140,7 @@ options: type: list elements: str required: no + default: [] ntp_pool: description: ntp server pool to use type: str @@ -153,6 +160,7 @@ options: type: list elements: str required: no + default: [] no_forwarders: description: Do not add any DNS forwarders, use root servers instead type: bool diff --git a/roles/ipaserver/library/ipaserver_prepare.py b/roles/ipaserver/library/ipaserver_prepare.py index 24eccf23..1276729f 100644 --- a/roles/ipaserver/library/ipaserver_prepare.py +++ b/roles/ipaserver/library/ipaserver_prepare.py @@ -55,6 +55,7 @@ options: type: list elements: str required: no + default: [] domain: description: Primary DNS domain of the IPA deployment type: str @@ -74,6 +75,7 @@ options: type: list elements: str required: no + default: [] no_host_dns: description: Do not use DNS for hostname lookup during installation type: bool @@ -114,6 +116,7 @@ options: type: list elements: str required: no + default: [] subject_base: description: The certificate subject base (default O=). @@ -134,6 +137,7 @@ options: type: list elements: str required: no + default: [] no_reverse: description: Do not create new reverse DNS zone type: bool @@ -149,6 +153,7 @@ options: type: list elements: str required: no + default: [] no_forwarders: description: Do not add any DNS forwarders, use root servers instead type: bool diff --git a/roles/ipaserver/library/ipaserver_set_ds_password.py b/roles/ipaserver/library/ipaserver_set_ds_password.py index 2dd9a783..b23c777e 100644 --- a/roles/ipaserver/library/ipaserver_set_ds_password.py +++ b/roles/ipaserver/library/ipaserver_set_ds_password.py @@ -96,6 +96,7 @@ options: type: list elements: str required: no + default: [] subject_base: description: The certificate subject base (default O=). @@ -113,6 +114,7 @@ options: type: list elements: str required: no + default: [] domainlevel: description: The domain level type: int diff --git a/roles/ipaserver/library/ipaserver_setup_ca.py b/roles/ipaserver/library/ipaserver_setup_ca.py index 1a453e49..b71cd618 100644 --- a/roles/ipaserver/library/ipaserver_setup_ca.py +++ b/roles/ipaserver/library/ipaserver_setup_ca.py @@ -54,6 +54,7 @@ options: type: list elements: str required: no + default: [] domain: description: Primary DNS domain of the IPA deployment type: str @@ -182,6 +183,7 @@ options: type: list elements: str required: no + default: [] no_reverse: description: Do not create new reverse DNS zone type: bool diff --git a/roles/ipaserver/library/ipaserver_setup_dns.py b/roles/ipaserver/library/ipaserver_setup_dns.py index cf31eda9..b06246c4 100644 --- a/roles/ipaserver/library/ipaserver_setup_dns.py +++ b/roles/ipaserver/library/ipaserver_setup_dns.py @@ -42,6 +42,7 @@ options: type: list elements: str required: no + default: [] domain: description: Primary DNS domain of the IPA deployment type: str diff --git a/roles/ipaserver/library/ipaserver_setup_ds.py b/roles/ipaserver/library/ipaserver_setup_ds.py index 4479daaa..f97770f3 100644 --- a/roles/ipaserver/library/ipaserver_setup_ds.py +++ b/roles/ipaserver/library/ipaserver_setup_ds.py @@ -87,6 +87,7 @@ options: type: list elements: str required: no + default: [] _dirsrv_pkcs12_info: description: The installer _dirsrv_pkcs12_info setting type: list @@ -99,6 +100,7 @@ options: type: list elements: str required: no + default: [] subject_base: description: The certificate subject base (default O=). diff --git a/roles/ipaserver/library/ipaserver_setup_http.py b/roles/ipaserver/library/ipaserver_setup_http.py index cd6478ee..3aa4b21b 100644 --- a/roles/ipaserver/library/ipaserver_setup_http.py +++ b/roles/ipaserver/library/ipaserver_setup_http.py @@ -66,17 +66,20 @@ options: type: list elements: str required: no + default: [] reverse_zones: description: The reverse DNS zones to use type: list elements: str required: no + default: [] http_cert_files: description: File containing the Apache Server SSL certificate and private key type: list elements: str required: no + default: [] setup_adtrust: description: Configure AD trust capability type: bool @@ -124,6 +127,7 @@ options: type: list elements: str required: no + default: [] subject_base: description: The certificate subject base (default O=). @@ -166,6 +170,7 @@ options: type: list elements: str required: no + default: [] no_reverse: description: Do not create new reverse DNS zone type: bool diff --git a/roles/ipaserver/library/ipaserver_setup_krb.py b/roles/ipaserver/library/ipaserver_setup_krb.py index df37ed31..9a66107a 100644 --- a/roles/ipaserver/library/ipaserver_setup_krb.py +++ b/roles/ipaserver/library/ipaserver_setup_krb.py @@ -66,11 +66,13 @@ options: type: list elements: str required: no + default: [] reverse_zones: description: The reverse DNS zones to use type: list elements: str required: no + default: [] setup_adtrust: description: Configure AD trust capability type: bool @@ -113,6 +115,7 @@ options: type: list elements: str required: no + default: [] subject_base: description: The certificate subject base (default O=). diff --git a/roles/ipaserver/library/ipaserver_test.py b/roles/ipaserver/library/ipaserver_test.py index bf8d3b4c..06df1b70 100644 --- a/roles/ipaserver/library/ipaserver_test.py +++ b/roles/ipaserver/library/ipaserver_test.py @@ -73,6 +73,7 @@ options: type: list elements: str required: no + default: [] no_host_dns: description: Do not use DNS for hostname lookup during installation type: bool @@ -223,6 +224,7 @@ options: type: list elements: str required: no + default: [] no_reverse: description: Do not create new reverse DNS zone type: bool @@ -242,6 +244,7 @@ options: type: list elements: str required: no + default: [] no_forwarders: description: Do not add any DNS forwarders, use root servers instead type: bool diff --git a/roles/ipasmartcard_client/library/ipasmartcard_client_validate_ca_certs.py b/roles/ipasmartcard_client/library/ipasmartcard_client_validate_ca_certs.py index 0501d388..3765e334 100644 --- a/roles/ipasmartcard_client/library/ipasmartcard_client_validate_ca_certs.py +++ b/roles/ipasmartcard_client/library/ipasmartcard_client_validate_ca_certs.py @@ -44,6 +44,7 @@ options: type: list elements: str required: no + default: [] author: - Thomas Woerner (@t-woerner) ''' diff --git a/roles/ipasmartcard_server/library/ipasmartcard_server_validate_ca_certs.py b/roles/ipasmartcard_server/library/ipasmartcard_server_validate_ca_certs.py index b776e584..af67ec3c 100644 --- a/roles/ipasmartcard_server/library/ipasmartcard_server_validate_ca_certs.py +++ b/roles/ipasmartcard_server/library/ipasmartcard_server_validate_ca_certs.py @@ -44,6 +44,7 @@ options: type: list elements: str required: no + default: [] author: - Thomas Woerner (@t-woerner) ''' diff --git a/tests/utils.py b/tests/utils.py index 9e3d5e83..666af7ed 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -306,14 +306,14 @@ class AnsibleFreeIPATestCase(TestCase): if res.rc != 0: for output in expected_output: assert self.__is_text_on_data(output, res.stderr), ( - f"\n{'='*40}\nExpected: {output}\n{'='*40}\n" - + f"Output:\n{res.stderr}{'='*40}\n" + f"\n{'=' * 40}\nExpected: {output}\n{'=' * 40}\n" + + f"Output:\n{res.stderr}{'=' * 40}\n" ) else: for output in expected_output: assert self.__is_text_on_data(output, res.stdout), ( - f"\n{'='*40}\nExpected: {output}\n{'='*40}\n" - + f"Output:\n{res.stdout}{'='*40}\n" + f"\n{'=' * 40}\nExpected: {output}\n{'=' * 40}\n" + + f"Output:\n{res.stdout}{'=' * 40}\n" ) kdestroy(self.master) @@ -325,8 +325,8 @@ class AnsibleFreeIPATestCase(TestCase): res = self.master.run(cmd) for member in members: assert not self.__is_text_on_data(member, res.stdout), ( - f"\n{'='*40}\nExpected: {member}\n{'='*40}\n" - + f"Output:\n{res.stdout}{'='*40}\n" + f"\n{'=' * 40}\nExpected: {member}\n{'=' * 40}\n" + + f"Output:\n{res.stdout}{'=' * 40}\n" ) kdestroy(self.master)