ansible-freeipa-1.14.5

Changes since 1.14.4

• ipa* deployment roles: Hotfix for dns_over_tls (Freeipa#7343) (#1340)

Detailed changelog since 1.14.4 by author

1 authors, 1 commits

Thomas Woerner (1)

• ipa* deployment roles: Hotfix for dns_over_tls (Freeipa#7343)

ansible-freeipa-1.14.4

Changes since 1.14.3

• ipagroup: Fix test for externalmember use in client context (#1337)

Detailed changelog since 1.14.3 by author

1 authors, 1 commits

Thomas Woerner (1)

• ipagroup: Fix test for externalmember use in client context

ansible-freeipa-1.14.3

Highlights in 1.14.3

• Fix management of AD objects for ipagroup

Changes since 1.14.2

• tests/idoverrideuser: Fix client context test when running on client (#1336)
• ipagroup: Fix management of AD objects (#1335)
• Update c10s image (#1334)
• Remove 'vars' files of unsupported distributions (#1327)

Detailed changelog since 1.14.2 by author

1 authors, 7 commits

Rafael Guterres Jeffman (7)

• Remove 'vars' files of unsupported distributions
• Use non-development CentOS 10 Stream image
• Configure yamllint to be compatible with ansible-lint
• ipagroup: Fix management of AD objects
• tests/idoverrideuser: Fix client context test when running on client
• tests: Improve FreeIPA facts
• ansible_freeipa_module_utils: Add functions to handle objects SID

ansible-freeipa-1.14.2

Highlights in 1.14.2

• ipareplica: Pass ipareplica_ip_addresses to client deployment part
• ipagroup: Correctly handle externalmember in member actions
• ipasudorule: Evaluate all members related to hosts and users
• ipacert: Correctly handle removFromCRL revocation
• Collection: No more role module duplication
• Enabled CentOS 10 Stream tests

Changes since 1.14.1

• utils/build-galaxy-release.sh: Do not create duplicates for role plugins (#1324)
• ipacert: Revoking with removeFromCRL should be handled as cert release (#1323)
• ipagroup: Correctly handle externalmember in member actions (#1322)
• ipasudorule: Evaluate all members related to hosts and users (#1321)
• modules: Do not hide errors using IPA *_show command with Exception (#1319)
• infra/image: Use SYS_ADMIN capability for server deployment (#1318)
• infra/image/dockerfile/c10s: Fix client part deployment for the server (#1316)
• infra/image/shcontainer: New container_copy and container_fetch (#1315)
• ipareplica: Pass ipareplica_ip_addresses to client deployment part (#1243)

Detailed changelog since 1.14.1 by author

2 authors, 13 commits

Rafael Guterres Jeffman (5)

• ipasudorule: Evaluate all members related to hosts and users
• ipagroup: Correctly handle externalmember in member actions
• ipacert: Revoking with removeFromCRL should be handled as cert release
• utils/templates: Use ipalib_errors.NotFound instead of Exception
• modules: Do not hide errors using IPA *_show command with Exception

Thomas Woerner (8)

• ipareplica: Pass ipareplica_ip_addresses to client deployment part
• ansible_ipa_server.py: Calm down ansible-test "metaclass-boilerplate"
• utils/build-galaxy-release.sh: Do not create duplicates for role plugins
• Enable c10s testing for PRs and nightly and after merge testing
• Enable to build c10s test container image
• infra/image: Use SYS_ADMIN capability for server deployment
• infra/image/dockerfile/c10s: Fix client part deployment for the server
• infra/image/shcontainer: New container_copy and container_fetch

ansible-freeipa-1.14.1

Changes since 1.14.0

• Change minimum Ansible version to 2.14 (#1317)

Detailed changelog since 1.14.0 by author

1 authors, 1 commits

Thomas Woerner (1)

• Change minimum Ansible version to 2.14

ansible-freeipa-1.14.0

Highlights in 1.14.0

• Multi sudorule management with the ipasudorule module
• Use batch command internally for ipasudorule
• Lots of CI/infra fixes and enhancements
• Documentation fixes

Changes since 1.13.2

• infra/image/build.sh: Use consistent options for hostname (#1311)
• linters: Remove pydocstyle from linter checks (#1310)
• Update images to Fedora 41 (#1309)
• upstream CI: Move scripts that evaluate repo changes to infra/azure (#1308)
• upstream CI: Use Azure 'loops' to create stages (#1306)
• ipacert: Fix ipacert tests (#1305)
• Fix upstream CI and remove molecule (#1300)
• pylint gihub workflow: Disable too-many-positional-arguments (#1299)
• fixipaip infra image service: No need for hard coded admin password (#1298)
• New infra image start (#1292)
• ipasudorule: Add support for batch mode and multiple sudorules (#1290)
• fix minor typo in hbacrule and hbacsvcgroup docs (#1285)
• Infra image system services dns and kinit (#1284)
• infra/image/system-services: Enhance checks, also fix reverse zone (#1282)
• tests/user/test_users_present_*: Use new generate_test_data.yml (#1281)
• README-host.md: correction of managedby_host description (#1280)
• Run tests with podman and ubuntu 20.04 (#1276)
• test_services_absent is also part of test_services_present, not needed (#1275)
• Fix multi user tests (#1274)
• New image builder without molecule using podman (#1273)
• tests/service/test_services_present.yml: Add missing cleanup (#1272)
• Truncate stdout and stderr in upstream test log (#1270)
• ipauser: Use date string, not datetime object for expiration dates (#1268)

Detailed changelog since 1.13.2 by author

4 authors, 51 commits

Jon Moore (1)

• fix minor typo in hbacrule and hbacsvcgroup docs

Kees Bakker (1)

• README-host.md: correction of managedby_host description

Rafael Guterres Jeffman (27)

• tests/sudorule: Don't become or gather_facts and use only true/false
• ipasudorule: Add support for batch mode and multiple sudorules
• ansible_freeipa_module_utils: Add EntryFactory class
• upstream CI: Use Azure 'loops' to create stages
• infra/image/build.sh: Use consistent options for hostname
• linters: Remove pydocstyle from linter checks
• build images: Force use --privileged on containers
• build images: Update images for Fedora 41
• upstream CI: Move scripts that evaluate repo changes to infra/azure
• upstream CI: Update Ansible version
• upstream CI: Use Ubuntu 24.04 to build test images
• upstream CI: Enable creation of CentOS 10 Stream images
• upstream CI: Simplify pipelines enviroment creation
• upstream ci: Move Azure scripts to infra directory
• Remove molecule dependencies
• upstream CI: Allow podman options when creating containers
• utils/set_test_modules: Allow to ignore Git differences
• ipacert: Fix ipacert tests
• upstream ci: Remove 'molecule' from tests.
• gitignore: Ignore test results from run-tests.sh
• tests: Allow to set Python interpreter to be used by Ansible
• utils: Rewrite run-tests.sh to use functions and extenal scripts
• ci lint: Allow ShellCheck to test source-d scripts.
• fixup! New image builder without molecule using podman
• ustream ci: Use infra scripts to build testing images
• rjeffman: this is a fixup for infra/images/build.sh
• Add shell utitily functions for scripts

Thomas Woerner (22)

• ipauser: Use date string, not datetime object for expiration dates
• test_services_absent is also part of test_services_present, not needed
• tests/user/test_users_present_*: Use new generate_test_data.yml
• fixipaip infra image service: No need for hard coded admin password
• pylint gihub workflow: Disable too-many-positional-arguments
• Add ansible-freeipa-tests inventory using podman
• infra/image/system-service/fixipaip.sh: Behave idempotent
• infra/image/build.sh: "-s" help fix and cleanup
• Use container-ipa.target from freeipa-container container project
• Renamed infra/image/inventory to build-inventory, dropped interpreter
• infra/image/build.sh: Use new shcontainer
• New infra/image/start.sh script to start the generated containers
• infra/image/system-service/fixipaip.sh: Use of admin for kinit call
• infra/image system-services: Fix DNS forwarder
• infra/image/system-services: Enhance checks, also fix reverse zone
• tests/utils.py: Shorten run_playbook for smaller traceback with assert
• infra/image/build.sh: Fail if deployment failed or podman is missing
• tests/azure/templates/build_container.yml: Use new image builder
• New image builder without molecule using podman
• Fix multi user tests
• tests/service/test_services_present.yml: Add missing cleanup
• Truncate stdout and stderr in upstream test log

ansible-freeipa-1.13.2

Highlights in 1.13.2

• Support for FreeIPA 4.12
• Idempotency fixes
• Minimum supported ansible-core version: 2.15.0
• Fixes for ansible-test 2.17.1

Changes since 1.13.1

• Documentation fixes for issues found by ansible-test part of ansible-core 2.17.1 (#1264)
• tests/sanity/sanity.sh: Install setuptools with pip (#1263)
• user: Fix idp_user_id aliases (#1262)
• plugins/inventory/freeipa: Try imports for requests and urllib3 (#1261)
• permission: Fix idempotency issues for DN parameters (#1259)
• README-service.md: Add multi service handling (#1255)
• Convert input certificates (#1250)
• ansible_freeipa_module: Fix errors in batch mode (#1248)
• Fixes for FreeIPA 4.12 (#1246)
• Bump minimum supported Ansible version (#1130)

Detailed changelog since 1.13.1 by author

2 authors, 35 commits

Rafael Guterres Jeffman (9)

• ansible-freeipa.spec: Bump minimum supported Ansible version to 2.15
• utils/templates: Bump minimum supported Ansible version to 2.15
• ipasmartcard_*: Bump minimum supported Ansible version to 2.15
• ipabackup: Bump minimum supported Ansible version to 2.15
• ipaserver: Bump minimum supported Ansible version to 2.15
• ipareplica: Bump minimum supported Ansible version to 2.15
• ipaclient: Bump minimum supported Ansible version to 2.15
• README-*: Bump minimum Ansible supported version to 2.15
• Set collection ansible-core minimum version to 2.15

Thomas Woerner (26)

• Role modules: Docs: Fix default value for string list parameters
• tests/utils.py: Fix missing whitespace around arithmetic operator (E226)
• ipareplica_prepare: Documentation: Fixed name of ipa_client_installed
• ipaclient_setup_nss: Documentation: Add default for selinux_works
• service: Docs: Fix required for name, add delete_continue to services
• idp: Drop no_log from docs section, allow to log token_uri and keys_uri
• idoverrideuser: Docs: Fix sshpubkey element type, nomembers type
• cert: Fix short_description tag, add chain option, remove authors
• inventory/freeipa: Documentation: Fix version_added and drop plugin_type
• ipamodule_base_docs: Documentation: Fix default for delete_continue
• tests/sanity/sanity.sh: Install setuptools with pip
• user: Fix idp_user_id aliases
• service: Add multi service examples to EXAMPLES
• README-service.md: Add multi service handling
• plugins/inventory/freeipa: Try imports for requests and urllib3
• permission: Fix idempotency issues for DN parameters
• ansible_freeipa_module: Fix errors in batch mode
• ipauser: Use new convert_input_certificates
• ipaidoverrideusere: Use new convert_input_certificates
• ipahost: Use new convert_input_certificates
• ipaservice: Use new convert_input_certificates
• ansible_freeipa_module: New function convert_input_certificates
• ipareplica: After an HSM replica install ensure all certs are visible
• ipareplica: Refactor CA file handling
• ipareplica_install_ca_certs: Do not return unchanged config attributes
• ipaserver: Set hsm attributes to None for now

ansible-freeipa-1.13.1

Changes since 1.13.0

• utils/build-galaxy-release.sh: Fix unary operator expected (v2) (#1242)

Detailed changelog since 1.13.0 by author

1 authors, 1 commits

Thomas Woerner (1)

• utils/build-galaxy-release.sh: Fix unary operator expected (v2)

ansible-freeipa-1.13.0

Highlights in 1.13.0

• New inventory plugin
• Use batch command internally for ipahost, ipaservice and ipauser
• Fix idempotency issues in ipahost, ipaservice and ipauser
• Fix idempotency in ipaclient_dns_resolver
• Documentation fixes

Changes since 1.12.1

• README-group.md: Add missing ":" in multi rename example (#1239)
• README-user.md: Fix state for user rename in example playbook (#1238)
• ipahost: Fix idempotency issues (#1237)
• ipaservice: Do not set continue to None for service_del (#1236)
• ipauser: Fix idempotency issues for members (#1235)
• New inventory plugin (#1231)
• Use batch command internally (#1229)
• utils/build-galaxy-release.sh: Fix offline default value (#1227)
• ipalib.install.kinit moved to ipalib (#1226)
• Bump linter tools versions an fix linter errors (#1225)
• ipaclient_configure_dns_resolver: Return proper changed state (#1224)
• utils/build-galaxy-release.sh: Enable offline generation for rpm (#1223)
• ipaserver_prepare: Properly create IPA_DEFAULT_CONF (#1222)
• ipaserver: Run custodia setup only once (#1221)
• ipaserver_test: Return generated domain_name (#1220)
• Fix ca-less test to use X.509 v3 certificates (#1215)
• README-dnszone: Fix yaml code block declaration. (#1213)

Detailed changelog since 1.12.1 by author

2 authors, 27 commits

Rafael Guterres Jeffman (6)

• fixup! pylint: Ignore usage of 'unicode' before assignment
• pylint: ensure variables are initialized
• pylint: Ignore usage of 'unicode' before assignment
• upstream ci: Update Github actions
• lint tools: bump code verification tools versions
• README-dnszone: Fix yaml code block declaration.

Thomas Woerner (21)

• ipahost: Enable batch command with keeponly
• ipagroup: Enable batch command use with keeponly
• ipaservice: Enable batch command use with keeponly
• ipauser: Enable batch command use with keeponly
• IPAAnsibleModule: Add support for batch command in execute_ipa_commands
• README-group.md: Add missing ":" in multi rename example
• README-user.md: Fix state for user rename in example playbook
• utils/build-galaxy-release.sh: Fix unary operator expected
• New inventory plugin
• ipahost: Fix idempotency issues
• ansible_freeipa_module: Import and provide normalize_sshpubkey
• ipaservice: Do not set continue to None for service_del
• ipauser: Fix idempotency issues for members
• ipalib.install.kinit moved to ipalib
• utils/build-galaxy-release.sh: Fix offline default value
• ipaclient_configure_dns_resolver: Return proper changed state
• utils/build-galaxy-release.sh: Enable offline generation for rpm
• ipaserver_prepare: Properly create IPA_DEFAULT_CONF
• ipaserver: Run custodia setup only once
• ipaserver_test: Return generated domain_name
• Fix ca-less test to use X.509 v3 certificates

ansible-freeipa-1.12.1

Highlights in 1.12.1

• Fix ipaserver deployment on CentOS 8 Stream
• Fix ipaclient deployment with automount
• Fix ipaclient OTP error reporting
• Add missing support for renaming groups and users
• Idempotency fixes in several modules

Changes since 1.12.0

• Disable config tests for pac type without ms pac (#1211)
• ipaclient_setup_automount with new install states (#1208)
• ipaclient: Enable SELinux for SSSD (#1207)
• ipaserver: Fix deployment after Bronze-bit fix (#1206)
• ipahbacrule: Fix handling of hbacsvcgroup in members (#1203)
• ipahostgroup: Fix idempotence issues due to capitalization (#1202)
• ipagroup: Fix idempotence issues due to capitalization (#1201)
• Fixes for ansible-lint 6.22.1 (#1195)
• Revert "[TEMP] Enable only idp, service and user module tests" (#1189)
• Bump minimum ansible-lint version to 6.22 (#1188)
• ipaclient: Fix OTP error reporting (#1187)
• test_host_random: No jinja2 templating in conditional statements (#1186)
• upstream ci: Increase timeout for PR tests (#1184)
• ipaidp: Fix validation and reset of parameters (#1183)
• test_pwpolicy: minlength parameter can be reset with empty string now (#1180)
• ipagroup: Add support for renaming groups (#1178)
• ipauser: Add support for renaming users (#1174)
• ipaclient: Properly name automount_location var and add documentation (#1169)
• ipareplica: Support inventory groups.ipaserver (#1151)
• ipauser: Do not try to modify user when not changing password (#1149)
• ipadnszone: Add support for per-zone privilege delegation (#1147)
• Handle data type or empty string in module_utils (#1143)
• ipasudorule: Allow setting groups for runasuser. (#899)
• ipadelegation: Fix idempotence issues due to capitalization. (#760)

Detailed changelog since 1.12.0 by author

2 authors, 31 commits

Rafael Guterres Jeffman (20)

• ipadelegation: Fix idempotence issues due to capitalization.
• ipagroup: Fix idempotence issues due to capitalization
• ipahostgroup: Fix idempotence issues due to capitalization
• ipaserver: Fix deployment after Bronze-bit fix
• ipahbacrule: Fix handling of hbacsvcgroup in members
• ipasudorule: Allow setting groups for runasuser.
• ipagroup: Add support for renaming groups
• tests/group: Use module_defaults on tests_group
• ipauser: Add support for renaming users
• ipadnszone: Add support for per-zone privilege delegation
• idoveridegroup: Use module.params_get_type
• idoverideuser: Use module.params_get_type
• ipapwpolicy: Use modules.params_get_type
• ansible_freeipa_module: Ensure data type when retrieving parameter
• Rename parameter 'allow_empty_string' to 'allow_empty_list_item'
• upstream ci: Increase timeout for PR tests
• Bump minimum ansible-lint version to 6.22
• ipaclient: Fix OTP error reporting
• ipauser: Do not try to modify user when not changing password
• ipareplica: Support inventory groups.ipaserver

Thomas Woerner (11)

• config: Disable config tests due to pac type requirement MS-PAC
• ipaclient_setup_automount: Only return changed if there was a change
• ipaclient_setup_automount with new install states
• ipaclient: Enable SELinux for SSSD
• Fixes for ansible-lint 6.22.1
• Revert "[TEMP] Enable only idp, service and user module tests"
• test_host_random: No jinja2 templating in conditional statements
• [TEMP] Enable only idp, service and user module tests
• ipaidp: Fix validation and reset of parameters
• test_pwpolicy: minlength parameter can be reset with empty string now
• ipaclient: Properly name automount_location var and add documentation