Merge pull request #866 from t-woerner/sid_generation_always

ipaserver/ipareplica: Always generate SIDs

roles/ipareplica/library/ipareplica_prepare.py

@@ -182,6 +182,9 @@ options:
   skip_conncheck:
     description: Skip connection check to remote master
     required: yes
+  sid_generation_always:
+    description: Enable SID generation always
+    required: yes
 author:
     - Thomas Woerner
 '''
@@ -275,6 +278,8 @@ def main():
             # additional
             server=dict(required=True),
             skip_conncheck=dict(required=False, type='bool'),
+            sid_generation_always=dict(required=False, type='bool',
+                                       default=False),
         ),
         supports_check_mode=True,
     )
@@ -350,6 +355,7 @@ def main():
     #     '_hostname_overridden')
     options.server = ansible_module.params.get('server')
     options.skip_conncheck = ansible_module.params.get('skip_conncheck')
+    sid_generation_always = ansible_module.params.get('sid_generation_always')
 
     # random serial numbers are master_only, therefore setting to False
     options.random_serial_numbers = False
@@ -761,7 +767,7 @@ def main():
 
         ansible_log.debug("-- CHECK ADTRUST --")
 
-        if options.setup_adtrust:
+        if options.setup_adtrust or sid_generation_always:
             adtrust.install_check(False, options, remote_api)
 
     except errors.ACIError:

roles/ipareplica/library/ipareplica_setup_adtrust.py

@@ -71,6 +71,9 @@ options:
   setup_ca:
     description: Configure a dogtag CA
     required: no
+  setup_adtrust:
+    description: Configure AD trust capability
+    required: yes
   config_master_host_name:
     description: The config master_host_name setting
     required: no
@@ -112,6 +115,7 @@ def main():
             ccache=dict(required=True),
             _top_dir=dict(required=True),
             setup_ca=dict(required=True, type='bool'),
+            setup_adtrust=dict(required=True, type='bool'),
             config_master_host_name=dict(required=True),
         ),
         supports_check_mode=True,
@@ -140,6 +144,7 @@ def main():
     os.environ['KRB5CCNAME'] = ccache
     options._top_dir = ansible_module.params.get('_top_dir')
     options.setup_ca = ansible_module.params.get('setup_ca')
+    options.setup_adtrust = ansible_module.params.get('setup_adtrust')
     config_master_host_name = ansible_module.params.get(
         'config_master_host_name')
     adtrust.netbios_name = ansible_module.params.get('adtrust_netbios_name')

roles/ipareplica/library/ipareplica_test.py

@@ -143,7 +143,7 @@ from ansible.module_utils.ansible_ipa_replica import (
     ansible_module_get_parsed_ip_addresses, service,
     redirect_stdout, create_ipa_conf, ipautil,
     x509, validate_domain_name, common_check,
-    IPA_PYTHON_VERSION, getargspec
+    IPA_PYTHON_VERSION, getargspec, adtrustinstance
 )
 
 
@@ -270,6 +270,14 @@ def main():
     #    #  options.setup_adtrust = False
     #    #  ansible_module.warn(msg="adtrust is not supported, disabling")
 
+    sid_generation_always = False
+    if not options.setup_adtrust:
+        # pylint: disable=deprecated-method
+        argspec = getargspec(adtrustinstance.ADTRUSTInstance.__init__)
+        # pylint: enable=deprecated-method
+        if "fulltrust" in argspec.args:
+            sid_generation_always = True
+
     # if options.setup_kra and not kra_imported:
     #    # if "kra" not in options._allow_missing:
     #    ansible_module.fail_json(msg="kra can not be imported")
@@ -471,6 +479,7 @@ def main():
         # additional
         client_enrolled=client_enrolled,
         change_master_for_certmonger=change_master_for_certmonger,
+        sid_generation_always=sid_generation_always
     )