internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-03-26 21:33:05 +00:00
Code Issues Projects Releases Wiki Activity

ipaconfig: Add support for 'passkey' in 'user_auth_type'

Browse Source 
The value 'passkey' was missing as a valid value for user_auth_type
attribute.

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
This commit is contained in:
Rafael Guterres Jeffman
2025-07-04 17:43:18 -03:00
parent ff1a026ef4
commit a733c031b0
3 changed files with 38 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README-config.md
View File

@@ -145,7 +145,7 @@ Variable | Description | Required
`selinuxusermaporder` \| `ipaselinuxusermaporder`| Set ordered list in increasing priority of SELinux users | no `selinuxusermaporder` \| `ipaselinuxusermaporder`| Set ordered list in increasing priority of SELinux users | no
`selinuxusermapdefault`\| `ipaselinuxusermapdefault` | Set default SELinux user when no match is found in SELinux map rule | no `selinuxusermapdefault`\| `ipaselinuxusermapdefault` | Set default SELinux user when no match is found in SELinux map rule | no
`pac_type` \| `ipakrbauthzdata` | set default types of PAC supported for services (choices: `MS-PAC`, `PAD`, `nfs:NONE`). Use `""` to clear this variable. | no `pac_type` \| `ipakrbauthzdata` | set default types of PAC supported for services (choices: `MS-PAC`, `PAD`, `nfs:NONE`). Use `""` to clear this variable. | no
`user_auth_type` \| `ipauserauthtype` | set default types of supported user authentication (choices: `password`, `radius`, `otp`, `pkinit`, `hardened`, `idp`, `disabled`, `""`). An additional check ensures that only types can be used that are supported by the IPA version. Use `""` to clear this variable. | no `user_auth_type` \| `ipauserauthtype` | set default types of supported user authentication (choices: `password`, `radius`, `otp`, `pkinit`, `hardened`, `idp`, `passkey`, `disabled`, `""`). An additional check ensures that only types can be used that are supported by the IPA version. Use `""` to clear this variable. | no
`domain_resolution_order` \| `ipadomainresolutionorder` | Set list of domains used for short name qualification | no `domain_resolution_order` \| `ipadomainresolutionorder` | Set list of domains used for short name qualification | no
`ca_renewal_master_server` \| `ipacarenewalmasterserver`| Renewal master for IPA certificate authority. | no `ca_renewal_master_server` \| `ipacarenewalmasterserver`| Renewal master for IPA certificate authority. | no
`enable_sid` | New users and groups automatically get a SID assigned. Cannot be deactivated once activated. Requires IPA 4.9.8+. (bool) | no `enable_sid` | New users and groups automatically get a SID assigned. Cannot be deactivated once activated. Requires IPA 4.9.8+. (bool) | no

4
plugins/modules/ipaconfig.py
View File

@@ -161,7 +161,7 @@ options:
type: list type: list
elements: str elements: str
choices: ["password", "radius", "otp", "pkinit", "hardened", "idp", choices: ["password", "radius", "otp", "pkinit", "hardened", "idp",
"disabled", ""] "passkey", "disabled", ""]
aliases: ["ipauserauthtype"] aliases: ["ipauserauthtype"]
ca_renewal_master_server: ca_renewal_master_server:
description: Renewal master for IPA certificate authority. description: Renewal master for IPA certificate authority.
@@ -426,7 +426,7 @@ def main():
user_auth_type=dict(type="list", elements="str", required=False, user_auth_type=dict(type="list", elements="str", required=False,
choices=["password", "radius", "otp", choices=["password", "radius", "otp",
"pkinit", "hardened", "idp", "pkinit", "hardened", "idp",
"disabled", ""], "passkey", "disabled", ""],
aliases=["ipauserauthtype"]), aliases=["ipauserauthtype"]),
ca_renewal_master_server=dict(type="str", required=False), ca_renewal_master_server=dict(type="str", required=False),
domain_resolution_order=dict(type="list", elements="str", domain_resolution_order=dict(type="list", elements="str",

38
tests/config/test_config_empty_string_params.yml
View File

@@ -5,6 +5,8 @@
gather_facts: no gather_facts: no
tasks: tasks:
- name: Include tasks ../env_freeipa_facts.yml
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
# GET CURRENT CONFIG # GET CURRENT CONFIG
@@ -80,6 +82,36 @@
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed or result.failed
- name: Ensure config with user_auth_type passkey
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
user_auth_type:
- passkey
register: result
failed_when: not result.changed or result.failed
when: passkey_is_supported
- name: Ensure config with user_auth_type passkey, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
user_auth_type:
- passkey
register: result
failed_when: result.changed or result.failed
when: passkey_is_supported
- name: Check if correct message is given if passkey is not supported.
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
user_auth_type:
- passkey
register: result
failed_when: not result.failed or "'passkey' is not supported" not in result.msg
when: not passkey_is_supported
- name: Ensure config with empty user_auth_type - name: Ensure config with empty user_auth_type
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
@@ -138,6 +170,6 @@
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}" ipaapi_context: "{{ ipa_context | default(omit) }}"
pac_type: '{{ previousconfig.config.pac_type }}' pac_type: '{{ previousconfig.config.pac_type | default("") }}'
user_auth_type: '{{ previousconfig.config.user_auth_type }}' user_auth_type: '{{ previousconfig.config.user_auth_type | default("") }}'
configstring: '{{ previousconfig.config.configstring }}' configstring: '{{ previousconfig.config.configstring | default("") }}'