This script gets version and release from git describe --tags. It uses
utils/ansible-freeipa.spec.in and the variables to generate
ansible-freeipa.spec in the top folder.
An archive not including the spec file is created to generate the SRPM from.
There is a new location management module placed in the plugins folder:
plugins/modules/ipalocation.py
The location module allows to ensure presence or absence of locations.
Here is the documentation for the module:
README-location.md
New example playbooks have been added:
playbooks/location/location-absent.yml
playbooks/location/location-present.yml
New tests for the module:
tests/location/test_location.yml
There is a new selfservice management module placed in the plugins folder:
plugins/modules/ipaselfservice.py
The selfservice module allows to ensure presence and absence of selfservices
and manage selfservice attributes.
Here is the documentation for the module:
README-selfservice.md
New example playbooks have been added:
playbooks/selfservice/selfservice-absent.yml
playbooks/selfservice/selfservice-present.yml
playbooks/selfservice/selfservice-member-absent.yml
playbooks/selfservice/selfservice-member-present.yml
New tests for the module:
tests/selfservice/test_selfservice.yml
There is a new delegation management module placed in the plugins folder:
plugins/modules/ipadelegation.py
The delegation module allows to ensure presence and absence of delegations
and manage delegation attributes.
Here is the documentation for the module:
README-delegation.md
New example playbooks have been added:
playbooks/delegation/delegation-absent.yml
playbooks/delegation/delegation-present.yml
playbooks/delegation/delegation-member-absent.yml
playbooks/delegation/delegation-member-present.yml
New tests for the module:
tests/delegation/test_delegation.yml
The ipavault module was returning a single string value when retrieving
data. To keep consistency with other modules, it should return a dict
with the `data` variable in it.
This change modifies the result of ipavault to be a dict and also fixes
relevant tests, examples and documentation.
FreeIPA 4.8.7 introduced an option to rename an existing hostgroup.
This patch adds support for renaming hostgroups if the option is
available on installed IPA version.
A new state `renamed` and a new option `rename` (alias: `new_name`)
was added to module `ipahostgroup` to allow renaming of host groups.
The implemented behavior is:
* Rename if `name` exists and `rename` doesn't.
* Do nothing if `name` does not exist and `rename` does, or if
`name` equals to `rename`. (result.changed is False)
* Fail if neither or both `name` and `rename` exist.
This PR allow ipadnszone module to ensure that multiple dns zones
are absent at once, to be consistent with other ansible-freeipa
modules.
To fix this issue, it was required that custom arguents must be
passed using keyword arguments so that `get_ipa_command_args()`
is kept generic.
The attribute `skip_host_check` was using dashes instead of
underscores, and the certificate examples could not be used
directly due to formatting. These changes fix both issues.
This change fixes a wrong parameter name in the documentation of
RESULT_VALUES, and also provide a correct YAML snippet to ensure
presence of an asymmetric vault with a formatted private key.
When a fail_json is called a SystemExit exeception is raised.
Since the FreeIPABaseModule has an internal context manager to deal
with exceptions this ContextManager captures the SystemExit. After
dealing destroying the kinit session the SystemExit must be raised again
to allow the fail_json to work properly.
The name "www.ansible.com" was used as a host, but this required
that DNS forwarding is enabled and configured to test serivces
for hosts that have an IP address but are not host objects in IPA.
This change set a a host name that lies in the testing domain, and has
an IP address defined, buth is not added as a host object,
so the forwarding DNS configuration is not needed for this test.
Added comment about problem with no_log in Azure CI. While running on CI
using ansible 2.10a the content of attributes with no_log=True is
replaced by ***** on ansible causing test failures.
* Moved azure CI definitions from azure-pipelines.yml to
tests/azure/azure-pipelines.yml.
* Updated azure CI definitions to run playbook tests using docker
containers.
* Adapted tests/test_playbook_runs.py script to allow tests to be
executed from a docker container.
* Added molecule scenarios to create/destroy test containers and
respective documentation in tests/README.md.
In some case the tests needs to have the class A, B and C of reverse DNS
set in order to function properly. Those missing classes where
added/updated in dnsrecord, services and host tests.
This patch adds suport for the IPA CLI option `posix` when modifying
an existing group. Also, enhances verification of `external` and
`posix/non-posix` groups to avoid unneded API failures (e.g. when
no change to the posix/external status is needed).
A new test was added:
tests/group/test_group_external_nonposix.yml
There is a new role management module placed in the plugins folder:
plugins/modules/iparole.py
The role module allows to ensure presence or absence of roles and
manage role members.
Here is the documentation for the module:
README-role.md
New example playbooks have been added:
playbooks/role/role-is-absent.yml
playbooks/role/role-is-present.yml
playbooks/role/role-member-group-absent.yml
playbooks/role/role-member-group-present.yml
playbooks/role/role-member-host-absent.yml
playbooks/role/role-member-host-present.yml
playbooks/role/role-member-hostgroup-absent.yml
playbooks/role/role-member-hostgroup-present.yml
playbooks/role/role-member-privilege-absent.yml
playbooks/role/role-member-privilege-present.yml
playbooks/role/role-member-service-absent.yml
playbooks/role/role-member-service-present.yml
playbooks/role/role-member-user-absent.yml
playbooks/role/role-member-user-present.yml
playbooks/role/role-members-absent.yml
playbooks/role/role-members-present.yml
playbooks/role/role-rename.yml
New tests for the module:
tests/role/test_role.yml
tests/role/test_role_service_member.yml
The password that is used in the script to generate the CA and also sign
the CSR is not strong enough in FIPS mode. In normal mode the password was
ok, though.
In FIPS mode the password needs to have at least one upper, lower, digit
and a special char.
The parameters master_host_name, config_setup_ca, dirman_password have not
been set for some modules. Also there was no ldap2 connection within
ipareplica_setup_kra. All this resulted in improper configuration where
for example KRA deployment failed in the end.
A conversion warning in ipareplica_setup_adtrust has also been fixed for
the setup_ca parameter.
Fixes#314 (IPA replica installation failure - DS enabled SSL - second part)
With the CA-less patches the types for the pkcs12 infos have been changed
to lists in the modules. This is resulting in a bad conversion from None
to [''] for the parameters. Because of this a normal replica deployment is
failing as [''] is not a valid value.
The install.yml files for ipareplica and also ipaserver have been changed
in the way that the pkcs12 values are checked if they are None. The
parameter will simply be omitted in this case and the parameter in the
module will become None by default.
