ansible-freeipa-1.8.1

Highlights in version 1.8.1

• Support for FreeIPA 4.9.10
• Support for ansible 2.13
• Support for Python 3.11

Changes since 1.8.0

• tests/server/test_server.yml: Fix generation of ipaserver_domain (#857)
• Provide own getargspec for roles and modules with Python 3.11 (#856)
• ipaserver: Use jinja for list concatenation (#853)
• ipaserver,ipareplica: Add random_serial_numbers to options (#852)
• Fix handling of boolean values for FreeIPA 4.9.10+ (#851)

Detailed changelog since 1.8.0 by author

2 authors, 8 commits

Rafael Guterres Jeffman (4)

• pytests/test_dnszone: Fix evaluation of boolean values
• pytest tests: Enhanced assertion for check_* methods.
• api_check_ipa_version: Fix version comparison for more than one digit
• Fix handling of boolean values for FreeIPA 4.9.10+

Thomas Woerner (4)

• tests/server/test_server.yml: Fix generation of ipaserver_domain
• Provide own getargspec for roles and modules with Python 3.11
• ipaserver,ipareplica: Add random_serial_numbers to options
• ipaserver: Use jinja for list concatenation

ansible-freeipa-1.8.0

Highlights in version 1.8.0

• New roles for smartcard server and client setup
• idrange module fixes
• Upstream CI enhancements

Changes since 1.7.0

• upstream CI: Update nightly Ansible versions. (#844)
• utils/changelog: Fixed --tag option, new --galaxy option (#842)
• requirements-dev: Update requirements for virtual environments (#841)
• New roles for smartcard server and client setup (#838)
• idrange: Fix typo in test comments. (#833)
• idrange: Fix list of invalid parameters for 'state:absent'. (#832)
• idrange: Fix usage of dom_name when idrange doesn't exist. (#831)
• Fix ansible-test sanity missing CHANGELOG.rst. (#830)
• utils/build-galaxy-release.sh: Add "-i" to install generated collection (#829)
• Upstream CI updates. (#827)
• upstream CI: Add support for testing ansible-freeipa as a collection. (#825)
• Add support to define which playbook tests to execute with pytest. (#354)

Detailed changelog since 1.7.0 by author

2 authors, 21 commits

Rafael Guterres Jeffman (18)

• upstream CI: Enable tests using ansible-core 2.12.
• upstream CI: Remove Ansible 2.9 from test matrix
• idrange: Fix list of invalid parameters for 'state:absent'.
• upstream CI: Add support for testing ansible-freeipa as a collection.
• pylint: Ignore module ipaserver.dcerpc errors.
• idrange: Fix addition of idrange with dom_name.
• ansible_module_utils: add method to retrive SID from dom_name.
• requirements-dev: Update requirements for virtual environments
• fixup! Add support to define which playbook tests to execute with pytest.
• upstream tests: Disable dnsconfig and dnsforwardzone
• tests/utils.py: Fix pylint issues.
• Add support to define which playbook tests to execute with pytest.
• build-galaxy-release: Automatically create CHANGELOG.
• idrange: Fix typo in test comments.
• upstream CI: Update default ansible-core version to 2.12.
• upstream CI: Allow the use of latest ansible-core.
• upstream CI: removed all CentOS 8 support.
• upstream CI: Relabel upstream PR pipeline jobs.

Thomas Woerner (3)

• New roles for smartcard server and client setup
• utils/changelog: Fixed --tag option, new --galaxy option
• utils/build-galaxy-release.sh: Add "-i" to install generated collection

ansible-freeipa-1.7.0

Highlights in version 1.7.0

---

• New idrange management module.
• New servicedelegationrule management module.
• New servicedelegationtarget management module.
• Add support for managing idoverrideusers in ipagroup.
• hbacrule: Allow clearing members with empty lists.
• Fail on empty strings for list parameters with choices that do not contain empty strings.

Changes since 1.6.3

---

• ipaautomountmap: Fix parameter evaluation. (#820)
• ansible-lint: Identify env_.yml and tasks_.yml as task files. (#818)
• New idrange management module (#813)
• ipatrust: fix range_type and test enhancement. (#810)
• ipatrust: Set valid choices for trust_type. (#808)
• DNS forward policy: ensure consistency between module parameters. (#807)
• utils/new_module templates: Add missing password to example playbooks. (#805)
• Update README-group.md (#799)
• Ensure example playbooks have ipaadmin_password and it is the standard one. (#793)
• Update pylint to version 2.12.2 (#791)
• automember: Remove debug output (#783)
• module_utils: Fix comparison of elements not in IPA object. (#780)
• module_params_get*: Fail on empty string in string list parameters (#779)
• upstream ci: Fix scenario for Centos 8 Stream with Ansible 2.11. (#777)
• ansible-lint: Remove warning on 'ignore_errors'. (#776)
• upstream CI: Fix container builds in face of Ansible and CentOS changes. (#775)
• molecule: Disable prerun for normal tests (#774)
• servicedelegation: Do not fail for not existing members with state absent (#773)
• Fix new ansible-lint findings (#772)
• build-galaxy-release: Fix refs for all doc_fragments in plugins/doc_fragments (#771)
• upstream ci: Rename CentOS 9 pipelines jobs to c9s. (#770)
• test_servicedelegationtarget.yml: Added list tests (#769)
• New servicedelegationrule management module (#766)
• IPAAnsibleModule: Provide base configuration for delete_continue. (#761)
• upstream ci: enable ansible-core 2.12 for CentOS 9 Stream. (#758)
• Update module templates to current practices. (#757)
• New servicedelegationtarget management module (#756)
• Fixes no_log warning for ipahost module (#755)
• hbacrule: Allow clearing members with empty lists. (#752)
• upstream CI: Enable CentOS 8 Stream for PR and nightly tests. (#732)
• Add support for managing idoverrideusers in ipagroup. (#487)

Detailed changelog since 1.6.3 by author

4 authors, 55 commits

Austin (1)

• Fixes no_log warning for ipahost module

Rafael Guterres Jeffman (35)

• New idrange management module
• ipaautomountmap: Fix error messages for invalid 'name' sizes.
• ipaautomountmap: Force setting automountmapname in IPA API calls.
• Add support for managing idoverrideusers in ipagroup.
• ipatrust: Fix support for range_type.
• tests/trust: Improved test coverage and execution.
• tests/ipatrust: Modify AD realm name to an invalid name.
• ipatrust: Updated ipatrust documentation.
• ipatrust: Set valid choices for trust_type.
• ipaautomountmap: Allows clearing description attribute with "".
• ipauser: Refactor module due to fix on arguments comparison.
• module_utils: Fix comparison of elements not in IPA object.
• ansible-lint: Identify env_.yml and tasks_.yml as task files.
• DNS forward policy: ensure consistency between module parameters.
• utils/new_module templates: Add missing password to example playbooks.
• example playbooks: ipaadmin_password is used and consistent.
• Removed vim swap file from the repository.
• pylint: Bump version to 2.12.2.
• pylint: Ignore global-variable-not-assigned
• pylint: Ignore consider-using-f-string.
• module templates: Add delete_commit code template.
• module templates: Add example and note for case insensitive members.
• module templates: Refactor member management.
• IPAAnsibleModule: Provide base configuration for delete_continue.
• upstream ci: Fix scenario for Centos 8 Stream with Ansible 2.11.
• upstream ci: Rename CentOS 9 pipelines jobs to c9s.
• ansible-lint: Remove warning on 'ignore_errors'.
• upstream CI: Use fedora-latest as default test container.
• upstream CI: Update Python version when building containers.
• upstream CI: Enable CentOS 8 Stream for PR and nightly tests.
• ci images: Fix creation of CentOS 9 stream test container.
• molecule: Disable prerun for build containers.
• build containers: Allow setting of Python version used.
• hbacrule: Allow clearing members with empty lists.
• upstream ci: enable ansible-core 2.12 for CentOS 9 Stream.

Thomas Woerner (18)

• automember: Remove debug output
• ipaconfig: Set allow_empty_string for user_auth_type, pac_type, configstring
• ipahost: Set allow_empty_string for auth_ind
• ipaservice: Set allow_empty_string for auth_ind and pac_type
• ipauser: Set allow_empty_string for userauthtype and sshpubkey
• module_params_get*: Fail on empty string in string list parameters
• molecule: Disable prerun for normal tests
• servicedelegation: Do not fail for not existing members with state absent
• tests/vault/test_vault_change_type.yml: Use lower case var names
• tests/role/test_role_lists_handling.yml: Use lower case var names
• tests/env_freeipa_facts.yml: Use lower case var names
• tests/config/test_config.yml: Use named tasks
• ipaclient install.yml: Use named tasks
• build-galaxy-release: Fix refs for all doc_fragments in plugins/doc_fragments
• test_servicedelegationtarget.yml: Added list tests
• New servicedelegationrule management module
• New servicedelegationtarget management module
• ansible_freeipa_module: New function servicedelegation_normalize_principals

vjs2174 (1)

• Update README-group.md

ansible-freeipa-1.6.3

Changes since 1.6.2

• group test: Enable ansible_facts, fix service hostname (#753)

Detailed changelog since 1.6.2 by author

1 authors, 1 commits

Thomas Woerner (1)

• group test: Enable ansible_facts, fix service hostname

ansible-freeipa-1.6.2

Changes since 1.6.1

• ipauser: Fix idempotence issue when using 'preserved'. (#749)
• dnsconfig: Add 'action: member' to dnsconfig example playbooks. (#748)
• sudorule: Fix management of deny_sudocmdgroup. (#744)
• group: Services are ipapython.kerberos.Principal and case insensitive (#742)

Detailed changelog since 1.6.1 by author

2 authors, 5 commits

Rafael Guterres Jeffman (4)

• ipauser: Make 'no user' messages consistent.
• ipauser: Fix idempotence issue when using 'preserved'.
• dnsconfig: Add 'action: member' to dnsconfig example playbooks.
• sudorule: Fix management of deny_sudocmdgroup.

Thomas Woerner (1)

• group: Services are ipapython.kerberos.Principal and case insensitive

ansible-freeipa-1.6.1

Highlights in version 1.6.1

• No gssapi use in ipaclient_get_keytab. The requirement for gssapi on the controller is therefore not needed anymore for OTP with keytab.
• Idempotency fixes in sudorule, dnsconfig and hostgroup management modules.
• Member support for forwarders in dnsconfig management module.

Changes since 1.6.0

• automountmap: Add client context test playbook. (#741)
• User tests: Extend expiration dates for client on server test (#739)
• sudorule: fix idempotence issues and refactor. (#738)
• dnsconfig: add support for 'action: member'. (#737)
• ipahostgroup: Ensure host members are lowercase and FQDN (#736)
• dnsconfig: Fix management of forwarders. (#735)
• README test: Also check role readme files (#734)
• ipaclient_get_keytab: Do not use gssapi for kinit_keytab (#733)
• README.md: Add automount key and map, fix ref to hbacsvcgroup and test (#731)

Detailed changelog since 1.6.0 by author

2 authors, 9 commits

Rafael Guterres Jeffman (4)

• automountmap: Add client context test playbook.
• dnsconfig: add support for 'action: member'.
• sudorule: fix idempotence issues and refactor.
• dnsconfig: Fix management of forwarders.

Thomas Woerner (5)

• User tests: Extend expiration dates for client on server test
• ipahostgroup: Ensure host members are lowercase and FQDN
• README test: Also check role readme files
• ipaclient_get_keytab: Do not use gssapi for kinit_keytab
• README.md: Add automount key and map, fix ref to hbacsvcgroup and test

ansible-freeipa-1.6.0

Highlights in version 1.6.0

• New managament modules for automount keys and maps. Indirect automount maps are not supported yet.
• The sudorule and role management modules are now creating FQDN lowercase from all hostnames to fix idempotency issues with single names, mixed case names and FQDN.
• The idempotency issues with members in role, hbacsvcgroup and hbacrule management modules have been fixed. The modules are now comparing members lowercase.
• The role management module is now supporting the state renamed for role renaming in the same way as other modules do.
• The group management module is now properly handling lists of members, where some are already part or not part of the group.
• The build-galaxy-release.sh script has been extended and fixed. It is now using a build directory and is not resetting uncommitted changes anymore.
• ansible-test is now also used in the upstream tests.
• Several fixes to pre-commit, upstream tests and workflows.

Changes since 1.5.3

• ansible-test: Fix new findings (#729)
• pre-commit: Update ansible-lint version to v5.3.2 (#728)
• pre-commit: Use system shellcheck. (#727)
• Github Workflows: Run ansible-lint without an action. (#726)
• ansible-test fixes (#725)
• build-galaxy-release.sh: Use build dir, new options, checks, no reset (#724)
• Enable ansible-test in github workflow (#723)
• ipagroup: Refactor and fix group member management. (#721)
• upstream CI: Wait for KDC to be available. (#717)
• iparole: Add state 'renamed'. (#716)
• Enable pylint for ansible-freeipa roles. (#708)
• upstream CI: Enable nightly tests using ansible-core 2.12. (#706)
• upstream CI: Enable ansible-doc-test for ansible-core 2.12. (#704)
• upstrem CI: Fix Ansible version in pytest playbooks. (#697)
• upstream CI: Add support for CentOS 9 stream. (#696)
• hbacrule: Fix member management idempotence issues. (#686)
• hbacsvcgroup: Fix member management idempotence issues. (#685)
• iparole: Fix idempotence issues (#684)
• sudorule: Create FQDN from single hostnames (#674)
• add module to create and manage automount keys (#498)
• add module to create and manage automount maps (#497)

Detailed changelog since 1.5.3 by author

3 authors, 34 commits

Rafael Guterres Jeffman (27)

• iparole: Skip ansible-test verifications for Python 2.6.
• hbacrule: Fix member management idempotence issues.
• test playbooks: Add fact to define ipaserver_domain if not set.
• pre-commit: Use system shellcheck.
• Github Workflows: Run ansible-lint without an action.
• iparole: Add tests to verify if capitalisation is ignored.
• iparole: rename function get_lowercase to result_get_value_lowercase
• iparole: Fix idempotence issues with members.
• iparole: Ensure host members are lowercase and FQDN.
• IPAAnsibleModule: cache IPA domain.
• iparole: Case insensitive comparison of service members.
• iparole: Remove custom code in favor of commom functions.
• iparole: Removed unused code.
• pylint: Enable pylint for ansible-freeipa roles.
• pylint: Fix pylint issues with modules.
• pylint: Add modules and names that should be ignored by linter.
• Fixed automountkey code review issues.
• Adapt automount to IPAAnsibleModule and add code review modifications.
• ipagroup: Refactor and fix group member management.
• upstream CI: Wait for KDC to be available.
• iparole: Add state 'renamed'.
• sudorule: Create FQDN from single hostnames
• upstream CI: Enable ansible-doc-test for ansible-core 2.12.
• upstream CI: Enable nightly tests using ansible-core 2.12.
• hbacsvcgroup: Fix member management idempotence issues.
• ci: Add support for CentOS 9 Stream on upstream CI.
• upstrem CI: Fix Ansible version in pytest playbooks.

Thomas Woerner (5)

• ansible-test: Fix new findings
• pre-commit: Update ansible-lint version to v5.3.2
• ansible-test fixes
• Enable ansible-test in github workflow
• build-galaxy-release.sh: Use build dir, new options, checks, no reset

chrisp (2)

• New automount key management module
• New automount map management module.

ansible-freeipa-1.5.3

Changes since 1.5.2

• galaxy.yml: Add linux tag for AH (#714)
• Remove unused, old example of ipaclient deploy. (#713)
• Readme fixes (#712)

Detailed changelog since 1.5.2 by author

2 authors, 4 commits

Rafael Guterres Jeffman (1)

• Remove unused, old example of ipaclient deploy.

Thomas Woerner (3)

• galaxy.yml: Add linux tag for AH
• module README files: Drop extra module header in Variables section
• README.md: Add automount location, fix some README links

ansible-freeipa-1.5.2

Changes since 1.5.1

• Automember fixes (#711)
• ipaservice: code refactor (#694)

Detailed changelog since 1.5.1 by author

2 authors, 6 commits

Rafael Guterres Jeffman (2)

• Fix automember test
• ipaservice: code refactor.

Thomas Woerner (4)

• automember: Add support for action: orphans_removed
• automember: Add automember default group handling
• automember: Add automember state: rebuilt
• ansible_freeipa_module: New api_get_basedn, IPAAnsibleModule.ipa_get_basedn

ansible-freeipa-1.5.1

Highlights in version 1.5.1

• More changes related to Automation Hub tests.
• Deprecation of FreeIPABaseModule in favor of IPAAnsibleModule.
• Ubuntu 18.04 deployment fixes.
• Documentation fixes.

Changes since 1.5.0

• More Automation Hub fixes (#709)
• yamllint: Fix missing document start. (#705)
• correct comment in example playbook (#703)
• Login shell is called defaultshell and not defaultlogin (#702)
• Fix role issues in Debian based distros. (#699)
• upstream ci: Build images for CentOS 9 Stream. (#698)
• Deprecate FreeIPABaseModule in favor of IPAAnsibleModule. (#671)

Detailed changelog since 1.5.0 by author

3 authors, 15 commits

Rafael Guterres Jeffman (7)

• yamllint: Fix missing document start.
• upstream ci: Build images for CentOS 9 Stream.
• Debian Buster: Fix "No module named 'ipapython'".
• Ubuntu 18.04: Fix role instalation for Ubuntu Bionic Beaver.
• DNSZone: Use IPAAnsibleModule.
• automountlocation: Use IPAAnsibleModule.
• Deprecate FreeIPABaseModule in favor of IPAAnsibleModule.

Thomas Woerner (6)

• Fix ansible-test reported pep8 errors
• ipabackup_get_backup_dir.py: Add missing ":" in example
• Ignore file for ansible-test sanity 2.12
• utils/gen_module_docs.py: Drop duplicate setup_adtrust key
• Add version for ansible deprecated calls
• build-galaxy-release: Real cleanup of ipabackup_get_backup_dir.py link

jh23453 (2)

• correct comment in example playbook
• Login shell is called defaultshell and not defaultlogin