This patch disables ansible-lint `always_run` flag, as this was
making patches that did not change any YAML file take longer in
the pre-commit step, as ansible-lint was executed with no parameter,
thus, searching and evaluating all YAML files in the repository.
With this change, if no YAML file is modified, ansible-lint is skipped.
warning[SC2044]: For loops over find output are fragile. Use find -exec
or a while read loop.
warning[SC2164]: Use 'cd ... || exit' or 'cd ... || return' in case cd
fails.
The function get_commit was using the global merge variable instead of
the local commit variable. Therefore it returned the wrong commit
subject for merges without subject.
The parameter options.no_dnssec_validation was set using a bad
parameter name. This lead to not beeing able to turn off dnssec
validation in the replica deployment.
Fixes: #456 (ipareplica_no_dnssec_validation)
With the parameter `args: ['.']`, yamllint would run over every
file during pre-commit, including those not being commited, and it
would allow for false negatives, not allowing a commit, even if
commited yaml files had no issues, but another file, not par of the
commit, had.
By changing the yamllint parameter to `files: \.(yaml|yml)$` it
will only check files being commited, preventing false negatives,
and allowing for faster commits.
This PR fixes the creation of sudocmdgroups when the sudocmds are
specified, allowing groups to be created with sudocmd members in a
single task.
Fix issue #440.
Currently the script is failing with The given path '...' is not valid
if a path is not handled by the script. This is resulting in issues if
module_utils and action plugins are updated for example.
The solution is to simply ignore paths that are not handled.
The common_check function in the replica installer code has been changed
for the new memory checker code. With this the server and replica command
line installers got the option --skip-mem-check.
The server and replica role now also support the memory cheker and there
are new variables for server and replica:
ipaserver_mem_check - for ipaserver
ipareplica_mem_check - for ipaserver
These bool values default to yes and can be turned off in the inventory
or playbook if needed.
Related to freeipa PR https://pagure.io/freeipa/issue/8404 (Detect and
fail if not enough memory is available for installation)
Fixes: #450 (IPA Replica Installation Fails)
Altough configuring DNS and KRA support on the testing server node
provides broad coverage support, it does not represent all scenarios
where ansible-freeipa can be used, for example without DNS support.
This documentation updates removes the requirement for DNS and KRA
support, and highlights what is expected with different configurations.
When using ipahost module with servers where DNS was not configured
it failed to add hosts due to an exception raised on `dnsrecord_show`
that was not being correctly handled.
As the exception was being handled twice, the This patch simply removes
one of the handlers, allowing the exception to propagate to the caller,
where it is handled.
Fixes issue #434.
This PR adds a document with information on how to contribute to
ansible-freeipa development, showing the environment configuration,
available tools, and some guidelines that should be followed.
There was a failure when NAPTR or DLV records where updated,
if the record name had multiple entries. This patch fixes this
behavior, by using the requested record, not the retrieved one.
Tests have been updated to test for this issue on
tests/dnsrecord/test_dnsrecord.yml
Due to an issue with FreeIPA, when modifying the SOA serial attribute
along with other attributes, the value is ignored. In order to have
the value provided, the attribute is set is a later call to dnszone-mod
allowing it to retain the desired value.
Ref: https://pagure.io/freeipa/issue/8489
Examples of dnsforwarzone were using a single string rather than a
dict of values to set attribute `forwarders`. Both source code and
README examples were fixed.
Fix issue #446
The file lookup is by default setting `rstrip=True` which could lead
into a stripped new line. This is not happening always but resulted in
failed tests sometimes with certificates pasted to the b64encode filter.
For calls of lookup in the certificae tests `rstrip=False` has been
added to make sure that this is not happening any more. Not in
test_dnsrecord as lookup(..., rstrip=False) is adding a new line if
there was not a new line and this is an issue for dnsrecord. The user
and host tests have also been simplified to create the base64 encoded
file in the beginning and use this file then later on in the tests
without the need to use the b64encode filter.
Ref: https://github.com/ansible/ansible/issues/57521#issuecomment-502238000
This patch adds another lever of linter checking for ansible-freeipa
by enabling linters to run on the developer machine, before pushing
changes to be evaluated on the CI, allowing code fixes without
wating for CI to run the linters on the repository.
To enable pre-commit hooks, `pre-commit` is used, and was added to
requirements-dev.txt, and can be installed with pip
(`pip install -r requirements-dev.txt`). Once installed, on every
commit, YAML and python files on the commit will be evaluated.
If one needs to bypass the pre-commit linters, `git commit` can be
issued with `--no-verify`.
The linters will not be removed from the CI, as a commit can be
performed without running the checks.
When modifying a record, depending on how the playbook tasks were
arranged, it was possible to end with more records than expected.
This behavior was fixed by modifying the way records are searched
when a modification is requested. This change also allows less calls
find_dnsrecord.
Tests were modified to reflect the changes, and a new test playbook
was added:
tests/dnsrecord/test_dnsrecord_modify_record.yml
