When retrieving data from a vault using `out` to store the data in a
file resulted is random characters being returned and logged. These
characters could generate a traceback print from Ansible's logger,
without breaking the script.
The reason for that is that the result from `vault_retrive` was being
processed when it was not needed, and data was beeing returned, when
it shouldn't.
This patch fixes this behavior by supressing the return data when `data`
is not available, and only raising an error if it should be available.
There is a new privilege management module placed in the plugins folder:
plugins/modules/ipaprivilege.py
The privilege module allows to ensure presence or absence of privilege
and manage privilege permission memebers.
Here is the documentation for the module:
README-privilege.md
New example playbooks have been added:
playbooks/privilege/privilege-absent.yml
playbooks/privilege/privilege-member-absent.yml
playbooks/privilege/privilege-member-present.yml
playbooks/privilege/privilege-present.yml
New tests for the module:
tests/privilege/test_privilege.yml
users.json is generated for the tests and not part of the repo any more.
This test was lacking the include to generate the file.
Related to: b7e1a99b6e
tests/user/test_users*.yml: Use extended dynamic users.json
There is a new trust management module placed in the plugins folder:
plugins/modules/trust.py
The trust module allows to ensure presence and absence of trusts.
Here is the documentation for the module:
README-trust.md
New example playbooks have been added:
playbooks/trust/add-trust.yml
playbooks/trust/del-trust.yml
New tests added for the module:
tests/hbacrule/test_trust.yml
In order to run the tests in idm-ci we need to configure the our pytest
tests environment variables. This PR configures that automatically if an
environment variable TWD is available and $TWD/config exists.
Until now ansible-freeipa repository only had playbook tests. This
commit introduces the ability of creating TestCase classes connected to
the master host. This connection can be used to run commands in the
managed host after the ansible playbook execution is the allowing the
verification of the machine state.
The ipagroup attribute `membermanager` requires the use of IPA
version 4.8.4 or later. This change ensure that the tests are
executed only if a required version is found.
The config attributte maxhostname is only available after IPA
version 4.8.0. The tests for this attribute are now protected to
not run if a previous IPA version is found.
test_users_absent.yml was using users_absent.json. It has been adapted to
use users.json instead with an additional json_query to get only the names
from users_present.json.
create_users_json.yml has been added to create users.json if it is missing
containing 500 users. It is included by test_users_present.yml and
test_users_absent.yml.
users_present.sh has been renamed to users.sh and modified to create by
default users.json with 1000 users and additional with password and
passwordexpiration in two years.
jmespath has been added to pip install list in
tests/azure/templates/playbook_tests.yml to emable the use of json_query.
The requirement for jmespath has been added to tests/README.md.
Added a pipeline file (tests/azure/build-containers.yml) to build test
containers and upload them to quay.io. The pipeline will create
containers with IPA pre-installed for testing proposes on three
different Linux containers: CentOS 7, CentOS 8 and Fedora Latest.
Some attributes are not present in all supported versions of FreeIPA,
and this might cause tests to fail due to unsupported versions.
This patch add the means to test if a test can be executed based on
the target host FreeIPA version.
IPA CLI has an option `name_from_ip` that provide a name for a zone
from the reverse IP address, so that it can be used to, for example,
manage PTR DNS records.
This patch adds a similar attribute to ipadnszone module, where it
will try to find the proper zone name, using DNS resolve, or provide
a sane default, if a the zone name cannot be resolved.
The option `name_from_ip` must be used instead of `name` in playbooks,
and it is a string, and not a list.
A new example playbook was added:
playbooks/dnszone/dnszone-reverse-from-ip.yml
A new test playbook was added:
tests/dnszone/test_dnszone_name_from_ip.yml
Tests for module ipalocation failed due to missing ipaadmin_password.
Added the variable to the playbooks, and also fixed the examples and
documentation. Some playbooks had identation fixed to two spaces
instead of one for consistency with other modules.
A test was failing due to use of old ipavault module return structure
and some places on the documentation were alse referring to it. All
ocurrences were fixed.
There is a new location management module placed in the plugins folder:
plugins/modules/ipalocation.py
The location module allows to ensure presence or absence of locations.
Here is the documentation for the module:
README-location.md
New example playbooks have been added:
playbooks/location/location-absent.yml
playbooks/location/location-present.yml
New tests for the module:
tests/location/test_location.yml
There is a new selfservice management module placed in the plugins folder:
plugins/modules/ipaselfservice.py
The selfservice module allows to ensure presence and absence of selfservices
and manage selfservice attributes.
Here is the documentation for the module:
README-selfservice.md
New example playbooks have been added:
playbooks/selfservice/selfservice-absent.yml
playbooks/selfservice/selfservice-present.yml
playbooks/selfservice/selfservice-member-absent.yml
playbooks/selfservice/selfservice-member-present.yml
New tests for the module:
tests/selfservice/test_selfservice.yml
There is a new delegation management module placed in the plugins folder:
plugins/modules/ipadelegation.py
The delegation module allows to ensure presence and absence of delegations
and manage delegation attributes.
Here is the documentation for the module:
README-delegation.md
New example playbooks have been added:
playbooks/delegation/delegation-absent.yml
playbooks/delegation/delegation-present.yml
playbooks/delegation/delegation-member-absent.yml
playbooks/delegation/delegation-member-present.yml
New tests for the module:
tests/delegation/test_delegation.yml
The attribute `allow_retrieve_keytab_host` was not working due to
wrong processing of the input and verification if the values should
be updated. Both the issues are fixed by this change.
Tests were added to better verify service keytab members.
The ipavault module was returning a single string value when retrieving
data. To keep consistency with other modules, it should return a dict
with the `data` variable in it.
This change modifies the result of ipavault to be a dict and also fixes
relevant tests, examples and documentation.
FreeIPA 4.8.7 introduced an option to rename an existing hostgroup.
This patch adds support for renaming hostgroups if the option is
available on installed IPA version.
A new state `renamed` and a new option `rename` (alias: `new_name`)
was added to module `ipahostgroup` to allow renaming of host groups.
The implemented behavior is:
* Rename if `name` exists and `rename` doesn't.
* Do nothing if `name` does not exist and `rename` does, or if
`name` equals to `rename`. (result.changed is False)
* Fail if neither or both `name` and `rename` exist.
This PR allow ipadnszone module to ensure that multiple dns zones
are absent at once, to be consistent with other ansible-freeipa
modules.
To fix this issue, it was required that custom arguents must be
passed using keyword arguments so that `get_ipa_command_args()`
is kept generic.
The name "www.ansible.com" was used as a host, but this required
that DNS forwarding is enabled and configured to test serivces
for hosts that have an IP address but are not host objects in IPA.
This change set a a host name that lies in the testing domain, and has
an IP address defined, buth is not added as a host object,
so the forwarding DNS configuration is not needed for this test.
Added comment about problem with no_log in Azure CI. While running on CI
using ansible 2.10a the content of attributes with no_log=True is
replaced by ***** on ansible causing test failures.
* Moved azure CI definitions from azure-pipelines.yml to
tests/azure/azure-pipelines.yml.
* Updated azure CI definitions to run playbook tests using docker
containers.
* Adapted tests/test_playbook_runs.py script to allow tests to be
executed from a docker container.
* Added molecule scenarios to create/destroy test containers and
respective documentation in tests/README.md.
In some case the tests needs to have the class A, B and C of reverse DNS
set in order to function properly. Those missing classes where
added/updated in dnsrecord, services and host tests.
