ansible-freeipa-0.3.2

Changes since 0.3.1

• Fix adding A/AAAA records with reverse in compatibility mode. (#493)
• Improve ipapermission member management. (#492)
• Fix typo in README-permission.md (#490)
• ipapermission: Fix attrs and drop privilege handling (#484)
• Update modules to support check_mode (#478)
• ipadnszone: Fix values accepted by allow_transfer and allow_query. (#476)
• Fix typo (#473)
• Change test requirement testinfra to pytest-testinfra. (#472)
• Tools flake8 bugbear (#471)
• Faster pre-commit by running ansible-lint only when necessary. (#470)
• Fix handling members in ipa role. (#469)
• Fix changing the type of an existing Vault. (#468)
• covscan error[SC2068]: Fix unquoted array expansions. (#466)
• utils/gen_modules_docs.sh: Fix covscan findings (#465)
• utils/new_module: Fix covscan findings (#464)
• utils/build-galaxy-release.sh: Fix covscan findings (#463)
• yamllint: Run yaml linter only on modified files in pre-commit. (#455)

Detailed changelog since 0.3.1 by author

4 authors, 21 commits

Eric Nothen (1)

• Enabled Ansible check_mode

Nils Philippsen (1)

• Fix typo

Rafael Guterres Jeffman (14)

• Improve ipapermission member management.
• Fix adding A/AAAA records with reverse in compatibility mode.
• Remove usage of b64encode in lookup from Vault tests.
• Fix changing the type of an existing Vault.
• ipadnszone: Fix values accepted by allow_transfer and allow_query.
• Fix handling members in ipa role.
• Change test requirement testinfra to pytest-testinfra.
• Update configuration to use flake8-bugbear.
• Use Python Linter action with support for flake8's bugbear.
• [flake8-bugbear] Fix unused loop variable.
• [flake8-bugbear] Fix unused loop variable.
• Faster pre-commit by running ansible-lint only when necessary.
• covscan error[SC2068]: Fix unquoted array expansions.
• yamllint: Run yaml linter only on modified files in pre-commit.

Thomas Woerner (5)

• Fix typo in README-permission.md
• ipapermission: Fix attrs and drop privilege handling
• utils/gen_modules_docs.sh: Fix covscan findings
• utils/new_module: Fix covscan findings
• utils/build-galaxy-release.sh: Fix covscan findings

ansible-freeipa-0.3.1

Changes since 0.3.0

• ipabackup: Fix undefined vars for conditions in shell tasks without else (#461)
• utils/build-galaxy-release.sh: Fix default namespace and collection name (#460)
• utils/changelog: Fix get_commit to use proper variable (#459)
• ipareplica: Fix no_dnssec_validation handling in prepare and setup_dns (#458)

Detailed changelog since 0.3.0 by author

1 authors, 4 commits

Thomas Woerner (4)

• ipabackup: Fix undefined vars for conditions in shell tasks without else
• utils/build-galaxy-release.sh: Fix default namespace and collection name
• utils/changelog: Fix get_commit to use proper variable
• ipareplica: Fix no_dnssec_validation handling in prepare and setup_dns

ansible-freeipa-0.3.0

Changes since 0.2.1

• ipareplica README.md: Fix typo, add hidden replica parameter (#453)
• ipa[server,replica]: Support memory check from command line installers (#452)
• ansible-doc-test: Ignore unhandled paths (#451)
• ipadnszone: Fix modification o SOA serial with other attributes. (#449)
• ipadnsforwardzone: Fix documentation for forwarders usage. (#448)
• ipasudocmdgroup: Fix creation of sudocmdgroups with sudocmds. (#445)
• Fix lookup for certicates in tests (#444)
• ipaserver: copy_external_cert should use basename on server only (#443)
• README.md: Add missing roles and modules (#442)
• Support namespace and name in utils/build-galaxy-release.sh as args (#441)
• ipadnsrecord: fix record modification behavior. (#438)
• build-galaxy-release: Galaxyfy READMEs, module EXAMPLES and tests (#437)
• Fix ipahost module when adding hosts to a server without DNS support. (#435)
• ipadnsrecord: fix record update when multiple records exist. (#433)
• Fix utils/changelog for merge commits without subject (#431)
• New backup role (#430)
• Add KRA requirement to test documentation. (#429)
• Add CONTRIBUTING.md file. (#428)
• Add action to verify Ansible documentation on each commit or PR. (#427)
• Fix ipapermission documentation issue with ansible-doc. (#426)
• Add support for adding external members to ipagroup. (#420)
• Add FreeIPA version check to module_utils.ansible_freeipa_module. (#419)
• New script utils/changelog (#416)
• New script utils/ansible-doc-test (#415)
• Remove inline certificates from module test playbooks. (#403)
• Bypass Ansible filtering on data returned by the module. (#396)
• Fix symmetric vault password change when using password_files. (#395)
• Add pre-commit configuration for linters. (#393)
• New permission module (#387)
• Add note about no_log use on vault data retrieve. (#386)

Detailed changelog since 0.2.1 by author

3 authors, 37 commits

Rafael Guterres Jeffman (24)

• ipasudocmdgroup: Remove unused sudocmdgroup.
• ipasudocmdgroup: Fix creation of sudocmdgroups with sudocmds.
• Update ipaserver requirements for testing.
• ipahost: fix adding host for servers without DNS configuration.
• Add CONTRIBUTING.md file.
• ipadnsrecord: fix record update when multiple records exist.
• ipadnszone: Fix modification o SOA serial with other attributes.
• ipadnsforwardzone: Fix documentation for forwarders usage.
• Add pre-commit configuration for linters.
• ipadnsrecord: Fix attribute documentation.
• ipadnsrecord: Fix CERT record attribute name.
• ipadnsrecord: fix record modification behavior.
• ansible-doc-test: Ignore role if library directory does not exist.
• Add action to verify Ansible documentation on each commit or PR.
• ipapermission: add version check for bind type 'self'
• Add FreeIPA version check to module_utils.ansible_freeipa_module.
• Bypass Ansible filtering on data returned by the module.
• Add KRA requirement to test documentation.
• Fix ipapermission documentation issue with ansible-doc.
• Add note about no_log use on vault data retrieve.
• Add support for adding external members to ipagroup.
• Remove Vault public/private keys after testing.
• Remove certificates used inline in module tests.
• Fix symmetric vault password change when using password_files.

Seth Kress (1)

• New Permission management module

Thomas Woerner (12)

• ansible-doc-test: Ignore unhandled paths
• ipareplica README.md: Fix typo, add hidden replica parameter
• ipa[server,replica]: Support memory check from command line installers
• Fix lookup for certicates in tests
• ipaserver: copy_external_cert should use basename on server only
• README.md: Add missing roles and modules
• Support namespace and name in utils/build-galaxy-release.sh as args
• build-galaxy-release: Galaxyfy READMEs, module EXAMPLES and tests
• Fix utils/changelog for merge commits without subject
• New backup role
• New script utils/changelog
• New script utils/ansible-doc-test

ansible-freeipa-0.2.1

Changes since 0.2.0

• Fix module documentation (#399)

Detailed changelog since 0.2.0 by author

2 authors, 2 commits

Thomas Woerner (1)

• Fix module documentation

Varun Mylaraiah (1)

• Update README-role.md

ansible-freeipa-0.2.0

Changes since 0.1.12

• ipa[server,replica,client]: Fix moved sysrestore and is_ipa_configured (#398)
• ipa[server,replica,client]: Drop deactivated Python2/3 test (#390)
• ipa[server,replica]: New variables to set firewalld zone (#389)
• tests/user/test_users_present_slice.yml: Fix missing users.json (#388)
• Fixed log of vault data return when retrieving to a file. (#385)
• ipaserver/module_utils/ansible_ipa_server: IPA_MODULES moved to ipalib.facts (#384)
• Added helpers to config tests for execution on idm-ci (#382)
• Update README-dnszone.md (#381)
• Added ability to add pytest tests (#380)
• Add commonly used virtual environment paths to gitignore. (#379)
• Fix host's module managedby_host playbooks. (#378)
• Add support for ansible-lint and yamllint as Github actions. (#376)
• Fix domain not being passed for configuring firefox (#373)
• Fix invalid return value from vault module in README.md. (#370)
• Adding auto COPR builds (#368)
• Fix ipavault vault_type under Python 2.7 (#367)
• Add missing example playbooks for dnsforwardzone module. (#366)
• Fixed note about specific IPA version for attributes. (#365)
• Fix tests that require specific IPA versions. (#364)
• Prevent Azure pipelines to build containers on PRs (#363)
• tests/user/test_users*.yml: Use extended dynamic users.json (#362)
• Added comments to molecule prepare playbooks. (#361)
• Add azure test build matrix (#360)
• Added Azure pipelines to build test containers (#358)
• New privilege management module (#357)
• New script utils/build-srpm.sh to build SRPM (#356)
• Add support for running pytest tests with ssh password. (#353)
• Missing admin passwords in location module. (#351)
• Add FreeIPA version as Ansible facts for testing. (#350)
• New location management module (#349)
• New utils script to generate new modules using templates (#348)
• Fixed symlinks to be not absolute (#347)
• Fix allow_create_keytab_host in service module. (#345)
• New selfservice management module (#344)
• New delegation management module (#343)
• Modified return value for ipavault module. (#342)
• Replace host to user in module ipauser on return value documentation (#341)
• Fix some documentation issues. (#339)
• Add support for option name_from_ip in ipadnszone module. (#338)
• Added cleanup to the end of dnszone tests (#336)
• Allow to manage multiple dnszone entries. (#335)
• Fix ipavault salt update. (#334)
• Fixed error msgs on FreeIPABaseModule subclasses (#333)
• Add support for IPA CLI option posix. (#327)
• Fix service tests. (#326)
• Fix invalid forwarder list due to not using Unicode text. (#324)
• tests/external-signed-ca-../external-ca.sh: Password too weak in FIPS… (#323)
• ipareplica: Fix missing parameters for several modules (#317)
• Terminology improvements: use allow list. (#316)
• ipa[server,replica]: Fix pkcs12 info regressions introduced with CA-less (#313)
• action_plugins/ipaclient_get_otp: Discovered python needed in task_vars (#312)
• Fixes ipaservice disable tests. (#311)
• ipa[user,host]: Fail on duplucate names in the users and hosts lists (#310)
• ipa[host]group: Fix membermanager unknow user issue (#309)
• Fixes service disable when service has no certificates attached. (#308)
• Running upstream tests on Azure pipelines (#307)
• Add suppport for changing password of symmetric vaults. (#306)
• Fix variable name error (#305)
• Fix forwardzone issues (#304)
• Add support for parameter rename on ipahostgroup. (#301)
• ipa[server,replica,client]: New OracleLinux vars files (#300)
• New Role management module (#288)
• added trust module and docs (#205)

Detailed changelog since 0.1.12 by author

Ary Kleinerman (1)

• Fix variable name

Francisco Trivino (1)

• Adding auto COPR builds

Jeffrey van Pelt (1)

• Fixed symlinks to be not absolute, which confuses 'ansible-galaxy collection build' on other systems

Josh (2)

• Update README-dnszone.md
• Update README-dnszone.md

Rafael Guterres Jeffman (57)

• Fixed log of vault data return when retrieving to a file.
• New privilege management module
• Add script to run linters.
• Disable Python linters on Azure pipelines.
• Enable Python linters as Github Actions
• Fix ansible-lint warning on molecule playbooks.
• Enable yaml-lint Github action on push/pull-requests.
• Enable ansible-lint Github action on every push.
• Fix host's module managedby_host playbooks.
• Fix host's module managedby_host playbooks.
• Add commonly used virtual environment paths to gitignore.
• Add missing example playbooks for dnsforwardzone module.
• Add support for running pytest tests with ssh password.
• Fix invalid return value from vault module in README.md.
• Add verification of IPA version for ipagroup's membermanager.
• Fix IPA version evaluation to test ipaservice with skip_host_check.
• Add IPA version verification for ipaconfig's maxhostname tests.
• Fix ipavault vault_type under Python 2.7.
• Fix invalid forwarder list due to not using Unicode text.
• Fixed note about specific IPA version for attributes.
• Add FreeIPA version as Ansible facts for testing.
• Document usage of name_from_ip.
• Return the zone_name when adding a zone with name_from_ip.
• Added support for client defined result data in FReeIPABaseModule
• Add support for option name_from_ip in ipadnszone module.
• Missing admin passwords in location module.
• Fixed Vault return value usage from data to vault.data.
• Modified and added tests to verify correct salt update behavior.
• Modify tests to verify password was changed correctly.
• Fix verification of parameters for modifying salt attribute.
• Fix random salt generation.
• Fix identification of existing vault type.
• Reorganize service module tests.
• Fix allow_retrieve_keytab_host in service module.
• Modified return value for ipavault module.
• Replace host to user in module ipauser on return value documentation.
• Add support for parameter rename on ipahostgroup.
• Fix documentation for iparole module.
• Fix README for ipaservice module.
• Updated documentation for ipavault module in the source code.
• Remove usage of external host name.
• Add test to verify service disable idempotency.
• Add an ip address required for SMB service test.
• Standardize passwords used in tests and examples.
• Added information about Ansible 2.10.0a1 bug on Azure.
• Add support for IPA CLI option posix.
• New Role management module
• Terminology improvements: use allow list.
• Fixes ipaservice disable tests.
• Add suppport for changing password of symmetric vaults.
• Change password values in README to keep consistency with other modules.
• Allows modification of forward policy in existing DNS Forward Zone.
• Add support for attribute permission on dnsforwardzone module.
• Fixes service disable when service has no certificates attached.
• Add support for attributes ip_address and port to forwarders.
• Fix error message when adding dnsforwardzone without forwarders.
• Allow processing of multiple names for deleting dnsforwardzones.

Rob Verduijn (1)

• New trust management module

ergio Oliveira Campos (15)

• Added helpers to config tests for execution on idm-ci.
• Added ability to add pytest tests
• Added comments to molecule prepare playbooks.
• Testing build matrix
• Prevent Azure pipelines to build containers on PRs
• Added Azure pipelines to build test containers
• Reorg tests setup and add teardown/cleanup
• Allow multiple dns zones to be absent.
• Fixed error msgs on FreeIPABaseModule subclasses
• Added upstream tests to azure pipelines
• Allow to run tests in Docker
• Fixed broken host address.
• Added missing reverse zones tests setup
• Fixed wrong/missing ipaadmin_password in tests
• Replaced groups.ipaserver[0] by ansible_fqdn.

Thomas Woerner (18)

• ipa[server,replica,client]: Fix moved sysrestore and is_ipa_configured
• ipa[server,replica,client]: Drop deactivated Python2/3 test
• ipa[server,replica]: New variables to set firewalld zone
• tests/user/test_users_present_slice.yml: Fix missing users.json
• ipaserver/module_utils/ansible_ipa_server: IPA_MODULES moved to ipalib.facts
• tests/user/test_users*.yml: Use extended dynamic users.json
• New utils script to generate new modules using templates
• New script utils/build-srpm.sh to build SRPM
• New location management module
• New selfservice management module
• New delegation management module
• ipa[server,replica,client]: New OracleLinux vars files
• tests/external-signed-ca-../external-ca.sh: Password too weak in FIPS mode
• ipareplica: Fix missing parameters for several modules
• ipa[server,replica]: Fix pkcs12 info regressions introduced with CA-less
• action_plugins/ipaclient_get_otp: Discovered python needed in task_vars
• ipa[host]group: Fix membermanager unknow user issue
• ipa[user,host]: Fail on duplucate names in the users and hosts lists

uumas (2)

• Fix ipaclient_setup_firefox doumentation
• Fix domain not being passed for configuring firefox

ansible-freeipa-0.1.12

Changes in 0.1.12:

• ipaserver/library/ipaserver_setup_ca.py: Fix bug introduced with ca-less PR

ansible-freeipa-0.1.11

Changes in 0.1.11:

• Fixes attempt to create rules with members when category is all.
• Reformatted README for better presentation on 80 column terminals.
• Fixes error handling on dnsconfig module.
• Add support for missing attributes, and enhance ipaconfig tests.
• Split vault tests in different files.
• Add state retrieved to ipavault to retrieve vault stored data.
• Fixes password behavior on Vault module.
• ipahostgroup: Add support for group membership management
• New dnsrecord management module.
• tests/config/test_config.yml: Fix main name
• Fix KDC certificate permissions
• Test ipaserver installation without CA
• Test ipareplicas installation without CA
• Remove temporary certificates after installation is completed
• Install iparelicas without CA
• ipagroup: Add support for group membership management
• ipahostgroup: Add support for group membership management
• Add support for service-add-smb.
• Add support for FreeIPA API service_del continue option.
• Removed invalid state enabled from available choices.
• Allow clearing auth_ind by using "" as input value.
• Fix error message when adding a service without principal.
• Allow the use of multiple values with auth_ind variable.
• Fixes message when variable cannot be used in a given state action.
• Add support for service-add-smb.
• Add support for FreeIPA API service_del continue option.
• Removed invalid state enabled from available choices.
• Allow clearing auth_ind by using "" as input value.
• Fix error message when adding a service without principal.
• Allow the use of multiple values with auth_ind variable.
• Fixes message when variable cannot be used in a given state action.
• Fixes no_log warning for update_password.
• Fixes password behavior on Vault module.
• There is a new config management module placed in the plugins folder:
• library/ipaserver_setup_ca: Use x509 IPA upstream code for pkcs12 files
• ipaserver/tasks/install.yml: Always remove temporary pkcs12 copies
• library/ipaserver_test: Revert to IPA upstream code for pkcs12 files
• ansible_ipa_server: New functions encode_certificate and decode_certificate
• ca-less: No pre-generated certificates, generate them for each run
• Generate mock certificates for ca-less installation
• Install ipaserver without ca
• Fixes host absent when DNS zone is not found.
• Fixes no_log warning for update_password.
• Add missing attribute services to vault module.
• Fix all tests entry point
• Added pytests as test entrypoint
• Update README.md
• Update README.md
• Fixes behavior of ipavault when no user, service or shared is given.
• ipauser: Fix certmapdata, add missing certmapdata data option
• ansible_freeipa_module: New function api_check_command
• ansible_freeipa_module: New function DN_x500_text
• ansible_freeipa_module: New function load_cert_from_str
• ipagroup: Add lacking service check for group_remove_member with old IPA
• tests/host/test_hosts_principal.yml: Remove dudplicate hosts tag
• ipahost: Use dnsrecord_show instead of dnsrecord_find command
• ipahost: Honour update_password also for random
• ipauser: Use encode_certificate for certificates in find_user result
• Do not remove member attributes while updating others
• Fixes usage of Kerberos credentials on Vault module.
• Doc string improvements
• Added azure-pipelines check
• Fixed typo
• Adjusted doc strings to follow PEP 257.
• Made code flake8 friendly
• ansible_freeipa_module: Set KRB5CCNAME for api_connect (non root)
• Fixes removal of all from HBAC rule categories.
• Fixes removal of all from sudorule categories.

ansible-freeipa-0.1.10

Changes in 0.1.10:

• ipaclient: Not delete keytab when ipaclient_on_master is true
• New module to manage dns forwarder zones in ipa
• Enhancements of sudorule module tests
• Gracefully handle RuntimeError raised during parameter validation in fail_jso
• ipareplica_prepare: Fix module DOCUMENTATION
• ipa[server,replica,client]: setup_logging wrapper for standard_logging_setup
• Created FreeIPABaseModule class to facilitate creation of new modules
• New IPADNSZone module
• Add admin password to the ipadnsconfig module tests
• Added alias module arguments in dnszone module
• Fixed a bug in AnsibleFreeIPAParams
• utils/build-galaxy-release: Do not add release tag to version for galaxy
• ipaserver docs: Calm down module linter
• galaxy.yml: Add system tag
• ipareplica_setup_kra: Remove unused ccache parameter
• ipareplica_setup_krb: krb is assigned to but never used
• utils/galaxy: Make galaxy scripts more generic
• galaxyfy-playbook.py: Fixed script name

ansible-freeipa-0.1.9

Changes in 0.1.9:

• New vault management module.
• ipahost: Fix choices of auth_ind parameter, allow to reset parameter
• ipauser: Allow reset of userauthtype, do not depend on first,last for mod
• ipahost: Enhanced failure msg for member params used without member action
• Update README-hbacsvcgroup.md
• Update README-sudorule.md
• Add missing validation in ipasudocmd
• ipareplica: Use ipaserver_realm as a fallback for realm
• ipapwpolicy: Use global_policy if name is not set
• ipahbacrule: Fix handing of members with action hbacrule
• tests: Fix top name tags in tests
• ansible_freeipa_module: Fix comparison of bool parameters in compare_args_ipa
• Modify roles README for consistency
• ipahost: Add support for several IP addresses and also to change them
• tests/host/test_host: Fix use of wrong host in the host5 test
• Properly handle base64 enconding of certificates stored as bytes
• ipahost: Fail on action member for new hosts, fix dnsrecord_add reverse flag
• ipahost: Do not fail on missing DNS or zone when no IP address given
• ansible_freeipa_module: Import ipalib.errors as ipalib_errors
• test_pwpolicy: unite admin passwords
• Unite admin passwords in tests, plugins and READMEs
• New service management module
• Removed trailling space on README.md
• Fixes documentation for module ipaservice
• Add documentation of missing variables for sudorule
• New DNSConfig management module
• README-group: Fix description of external parameter
• Fixes behavior for host module attribute reverse

ansible-freeipa-0.1.8

Changes in 0.1.8:

• roles/ipaclient/README.md: Add information about ipaclient_otp
• Install and enable firewalld if it is configured for ipaserver and ipareplica roles
• ipaserver_test: Do not use zone_overlap_check for domain name validation
• Allow execution of API commands that do not require a name
• Update README-host: Drop options from allow_*keytab parameters docs
• ipauser: Extend email addresses with default email domain if no domain is given
• Update galaxy.yml: Add empty dependencies to calm down ansible-agalxy
• utils/build-galaxy-release.sh: Use ansible-galaxy instead of mazer