sysaccounts can now be used as a member for roles.
Example:
- name: Ensure role my-app role has sysaccount member my-app
iparole:
name: my-app role
sysaccount: my-app
action: member
New tests for the module:
tests/role/test_role_sysaccount_member.yml
When searching for objects with *_show IPA API command, most plugins
were hiding errors other than "ipalib_errors.NotFound" by handling the
broad exception Exception instead.
This patch uses "ipalib_errors.NotFound" whenever "*_show" is used so
that the only exception handled is when an object is not found. Other
errors will not be handled making the module break as expected.
New versions of pylint ignore Python 2 functions and types, evaluating
'unicode' as "undefined". ansible-freeipa will always define 'unicode'
when running under Python 3, and it is always defined under Python 2.
This patch fixes these false positives.
Recent pylint versions warn against the use of an 'else' in a
'try-except' block if using a 'return' on the 'except' part is is the
idom used by ansible-freeipa when retrieving IPA data objects.
This change removes the usage of the 'else:' in such cases, and modify
the templates so that new modules do not have the same issue in the
future.
ansible-test with ansible-2.14 is adding a lot of new tests to ensure
that the documentation section and the agument spec is complete. Needed
changes:
DOCUMENTATION section
- `type: str` needs to be set for string parameters
- `type: list` needs to be set for list parameters
- `elements: str` needs to be given for list of string parameters
- `required` tags need to be fixed according to the `argument_spec`
- all parameters need to be defined
- `author` needs to be given with the github user also: `Name (@user)`
argument_spec
- `elements="str"` needs to be added to all list of string parameters
The `copyright` date is extended with `-2022`.
Before "short description" was used in most plugins, modules and also
in the new module templates.
ansible-doc was therefore not showing the short description. To fix the
issue the flag was renamed to short_description instead.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2121362
'ansible-doc' -l lists most idm modules as 'UNDOCUMENTED'
IPA role members users, groups, hostgroups and privilege must be
compared in a case insensitive way, and either are stored in lowercase
or IPA API fixes the value for proper representation.
This patch forces all comparisons of this values to be performed in
lowercase, and also only modify the values if it is really needed.
Service members in IPA role objects must be compared ignoring character
capitalization, but are stored in a case preserving manner.
This patch modifies the way service members are handled, creating a map
between a lowercase version of the service parameter and the parameter
itself, and using the map key to compare against existing services. The
mapped value is then added as role member, if necessary.
Removed custom code used to create add/del lists in iparole in favor
of ansible_freeipa_module functions, and custom result_handler, to
reduce code duplication, as these methods have equivalent shared
versions.
All ansible-freeipa modules which allow object renaming should support
'state: renamed'.
This patch adds suport for the missing state, and fixes cases where a
user could try to rename the object and set its members, which would
fail depending on the operation order.
Fix#566
These are indent issues, one item per line for argument_specs items
containing options dicts and missing or overflow spaces for comments
and dict delimiters.
execute_ipa_commands replces the check mode exit, the loop over the
generated commands and also in the member failure handling for modules
with member support.
ipaadmin_variables are handled by IPAAnsibleModule,
ansible_module.params_get is used to get the parameters and
ansible_module.ipa_connect is used to simplify the module.
Added code to the ipa* plugins to support Ansible's check_mode, by
means of a clean exit before the execution of the actual list of
commands that would otherwise create/update/delete IPA servers
and/or its resources.
When adding new members to a role, the existing members were removed.
The correct behavior for the "member" action is to add those members,
and substitute the existing ones. This patch fixes this behavior.
Fix#409, #411, #412, #413
ansible-doc is reporting several issues in modules. Most of them have benn
due to misspelled description key word or due to use of multi line text
without the | in the description line.
There is a new role management module placed in the plugins folder:
plugins/modules/iparole.py
The role module allows to ensure presence or absence of roles and
manage role members.
Here is the documentation for the module:
README-role.md
New example playbooks have been added:
playbooks/role/role-is-absent.yml
playbooks/role/role-is-present.yml
playbooks/role/role-member-group-absent.yml
playbooks/role/role-member-group-present.yml
playbooks/role/role-member-host-absent.yml
playbooks/role/role-member-host-present.yml
playbooks/role/role-member-hostgroup-absent.yml
playbooks/role/role-member-hostgroup-present.yml
playbooks/role/role-member-privilege-absent.yml
playbooks/role/role-member-privilege-present.yml
playbooks/role/role-member-service-absent.yml
playbooks/role/role-member-service-present.yml
playbooks/role/role-member-user-absent.yml
playbooks/role/role-member-user-present.yml
playbooks/role/role-members-absent.yml
playbooks/role/role-members-present.yml
playbooks/role/role-rename.yml
New tests for the module:
tests/role/test_role.yml
tests/role/test_role_service_member.yml
