ansible-freeipa-0.1.11

Changes in 0.1.11:

• Fixes attempt to create rules with members when category is all.
• Reformatted README for better presentation on 80 column terminals.
• Fixes error handling on dnsconfig module.
• Add support for missing attributes, and enhance ipaconfig tests.
• Split vault tests in different files.
• Add state retrieved to ipavault to retrieve vault stored data.
• Fixes password behavior on Vault module.
• ipahostgroup: Add support for group membership management
• New dnsrecord management module.
• tests/config/test_config.yml: Fix main name
• Fix KDC certificate permissions
• Test ipaserver installation without CA
• Test ipareplicas installation without CA
• Remove temporary certificates after installation is completed
• Install iparelicas without CA
• ipagroup: Add support for group membership management
• ipahostgroup: Add support for group membership management
• Add support for service-add-smb.
• Add support for FreeIPA API service_del continue option.
• Removed invalid state enabled from available choices.
• Allow clearing auth_ind by using "" as input value.
• Fix error message when adding a service without principal.
• Allow the use of multiple values with auth_ind variable.
• Fixes message when variable cannot be used in a given state action.
• Add support for service-add-smb.
• Add support for FreeIPA API service_del continue option.
• Removed invalid state enabled from available choices.
• Allow clearing auth_ind by using "" as input value.
• Fix error message when adding a service without principal.
• Allow the use of multiple values with auth_ind variable.
• Fixes message when variable cannot be used in a given state action.
• Fixes no_log warning for update_password.
• Fixes password behavior on Vault module.
• There is a new config management module placed in the plugins folder:
• library/ipaserver_setup_ca: Use x509 IPA upstream code for pkcs12 files
• ipaserver/tasks/install.yml: Always remove temporary pkcs12 copies
• library/ipaserver_test: Revert to IPA upstream code for pkcs12 files
• ansible_ipa_server: New functions encode_certificate and decode_certificate
• ca-less: No pre-generated certificates, generate them for each run
• Generate mock certificates for ca-less installation
• Install ipaserver without ca
• Fixes host absent when DNS zone is not found.
• Fixes no_log warning for update_password.
• Add missing attribute services to vault module.
• Fix all tests entry point
• Added pytests as test entrypoint
• Update README.md
• Update README.md
• Fixes behavior of ipavault when no user, service or shared is given.
• ipauser: Fix certmapdata, add missing certmapdata data option
• ansible_freeipa_module: New function api_check_command
• ansible_freeipa_module: New function DN_x500_text
• ansible_freeipa_module: New function load_cert_from_str
• ipagroup: Add lacking service check for group_remove_member with old IPA
• tests/host/test_hosts_principal.yml: Remove dudplicate hosts tag
• ipahost: Use dnsrecord_show instead of dnsrecord_find command
• ipahost: Honour update_password also for random
• ipauser: Use encode_certificate for certificates in find_user result
• Do not remove member attributes while updating others
• Fixes usage of Kerberos credentials on Vault module.
• Doc string improvements
• Added azure-pipelines check
• Fixed typo
• Adjusted doc strings to follow PEP 257.
• Made code flake8 friendly
• ansible_freeipa_module: Set KRB5CCNAME for api_connect (non root)
• Fixes removal of all from HBAC rule categories.
• Fixes removal of all from sudorule categories.

ansible-freeipa-0.1.10

Changes in 0.1.10:

• ipaclient: Not delete keytab when ipaclient_on_master is true
• New module to manage dns forwarder zones in ipa
• Enhancements of sudorule module tests
• Gracefully handle RuntimeError raised during parameter validation in fail_jso
• ipareplica_prepare: Fix module DOCUMENTATION
• ipa[server,replica,client]: setup_logging wrapper for standard_logging_setup
• Created FreeIPABaseModule class to facilitate creation of new modules
• New IPADNSZone module
• Add admin password to the ipadnsconfig module tests
• Added alias module arguments in dnszone module
• Fixed a bug in AnsibleFreeIPAParams
• utils/build-galaxy-release: Do not add release tag to version for galaxy
• ipaserver docs: Calm down module linter
• galaxy.yml: Add system tag
• ipareplica_setup_kra: Remove unused ccache parameter
• ipareplica_setup_krb: krb is assigned to but never used
• utils/galaxy: Make galaxy scripts more generic
• galaxyfy-playbook.py: Fixed script name

ansible-freeipa-0.1.9

Changes in 0.1.9:

• New vault management module.
• ipahost: Fix choices of auth_ind parameter, allow to reset parameter
• ipauser: Allow reset of userauthtype, do not depend on first,last for mod
• ipahost: Enhanced failure msg for member params used without member action
• Update README-hbacsvcgroup.md
• Update README-sudorule.md
• Add missing validation in ipasudocmd
• ipareplica: Use ipaserver_realm as a fallback for realm
• ipapwpolicy: Use global_policy if name is not set
• ipahbacrule: Fix handing of members with action hbacrule
• tests: Fix top name tags in tests
• ansible_freeipa_module: Fix comparison of bool parameters in compare_args_ipa
• Modify roles README for consistency
• ipahost: Add support for several IP addresses and also to change them
• tests/host/test_host: Fix use of wrong host in the host5 test
• Properly handle base64 enconding of certificates stored as bytes
• ipahost: Fail on action member for new hosts, fix dnsrecord_add reverse flag
• ipahost: Do not fail on missing DNS or zone when no IP address given
• ansible_freeipa_module: Import ipalib.errors as ipalib_errors
• test_pwpolicy: unite admin passwords
• Unite admin passwords in tests, plugins and READMEs
• New service management module
• Removed trailling space on README.md
• Fixes documentation for module ipaservice
• Add documentation of missing variables for sudorule
• New DNSConfig management module
• README-group: Fix description of external parameter
• Fixes behavior for host module attribute reverse

ansible-freeipa-0.1.8

Changes in 0.1.8:

• roles/ipaclient/README.md: Add information about ipaclient_otp
• Install and enable firewalld if it is configured for ipaserver and ipareplica roles
• ipaserver_test: Do not use zone_overlap_check for domain name validation
• Allow execution of API commands that do not require a name
• Update README-host: Drop options from allow_*keytab parameters docs
• ipauser: Extend email addresses with default email domain if no domain is given
• Update galaxy.yml: Add empty dependencies to calm down ansible-agalxy
• utils/build-galaxy-release.sh: Use ansible-galaxy instead of mazer

ansible-freeipa-0.1.7

Changes in 0.1.7

• Add debian support for ipaclient
• Added support for predefining client OTP using ipaclient_otp
• ipatopologysegment: Store suffix for commands in command list
• ipatopologysegment: Fail for missing entry with reinitialized
• Utils scripts: ansible-ipa-[server,replica,client]-install
• ipaserver_test,ipareplica_prepare: Do not return _pkcs12_file settings
• ansible_freeipa_module: Add support for GSSAPI
• ansible_ipa_client: Drop import of configure_nsswitch_database
• New host management module
• New hostgroup management module
• ipagroup: Remove unused member_[present,absent] states
• external-ca tests: Fix typo in inventory files
• tests/external-signed-ca tests: Fix external-ca.sh to use proper serials
• ipagroup: Rework to use same mechanisms as ipahostgroup module
• ansible_freeipa_module: api_command should not have extra try clause
• ansible_freeipa_module: compare_args_ipa needs to compare lists orderless
• ansible_freeipa_module: New function api_check_param
• ansible_freeipa_module: New functions module_params_get and _afm_convert
• ansible_freeipa_module: Add missing to_text import for _afm_convert
• ansible_freeipa_module: Convert tuple to list in compare_args_ipa
• ansible_freeipa_module: New function api_get_realm
• ipauser: User module extension
• New sudocmd management module
• New sudocmdgroup management module
• ansible_freeipa_module: Convert int to string in compare_args_ipa
• New pwpolicy management module
• New hbacsvc (HBAC Service) management module
• New hbacsvcgroup (HBAC Service Group) management module
• ipagroup: Properly support IPA versions 4.6 and RHEL-7
• ipagroup: Fix changed flag, new test cases
• ipauser: Add info about version limitation of passwordexpiration
• New hbacrule (HBAC Rule) management module
• ipahostgroup: Fix changed flag, support IPA 4.6 on RHEL-7, new test cases
• New sudorule (Sudo Rule) management module
• ipauser: Support 'sn' alias of 'last' for surname
• Update galaxy.yml: Update description, drop empty dependencies
• Update ipauser.py: Fix typo in users.name description
• ipaclient: Fix misspelled sssd options
• ipauser: Return generated random password
• ipahost: Return generated random password
• Added context configuration to api_connect
• ansible_freeipa_module: Better support for KRB5CCNAME environment variable
• ipa[server,replica,client]: Add support for CentOS-8
• ipahost: Extension to be able handle several hosts and all settings
• Flake8 fixes
• Documentation updates
• Cleanup

ansible-freeipa-0.1.6

Highlights in 0.1.6

• Lots of documentation updates in READMEs and modules
• library/ipaclient_get_otp: Enable force mode for host_add call (fixes #74)
• Flake8 and pylint reated fixes
• Fixed wrong path to CheckedIPAddress class in ipareplica_test
• Remove unused ipaserver/library/ipaserver.py
• No not use wildcard imports for modules
• ipareplica: Add support for pki_config_override
• ipareplica: Initialize dns.ip_addresses and dns.reverse_zones for dns setup
• ipareplica_prepare: Properly initialize pin and cert_name variables
• ipareplica: Fail with proper error messages
• ipaserver: Properly set settings related to pkcs12 files
• ipaclient: RawConfigParser is not always provided by six.moves.configparser
• ipaclient_setup_nss: paths.GETENT is not available before freeipa-4.6.90.pre1
• ipaserver_test: Initialize value from options.zonemgr
• ipareplica_setup_custodia: create_replica only available in newer releases
• ipaclient: Fix typo in dnsok assignment for ipaclient_setup_nss
• ipa[server,replica]: Set _packages_adtrust for Ubuntu
• New build script for galaxy release
• New utils script to update module docs

ansible-freeipa-0.1.5

Highlights in 0.1.5

• Support for IPA 4.8.0
• New user management module
• New group management module
• ipaserver: Support external signed CA
• RHEL-8 specific vars files to be able to install needed modules automatically
• ipareplica: Fixes for certmonger and kra setup
• New tests folder
• OTP related updates to README files

ansible-freeipa-0.1.4

Highlights in 0.1.4

• ipatopologysegment: Use commands, not command

ansible-freeipa-0.1.3

Highlights in 0.1.3

• ipaclient_test: Fix Python2 decode use with Python3
  Fixed: #86 (AttributeError: 'str' object has no attribute 'decode')
• ipaclient_get_otp: Remove ansible_python_interpreter handling
• ipaclient: Use omit (None) for password, keytab, no string length checks
• ipaclient_join: Support to use ipaadmin_keytab without ipaclient_use_otp
• ipaclient: Report error message if ipaclient_get_otp failed
• Fixes #17 Improve how tasks manage package installation
• ipareplica: The dm password is not needed for ipareplica_master_password
• ipareplica: Use ipareplica_server if set
• ipatopologysegment: Allow domain+ca suffix, new state: checked
• Documentation updates
• Cleanups

ansible-freeipa-0.1.2

Highlights in 0.1.2

• Now a new Ansible Collection
• Fix gssapi requirement for OTP: It is only needed if keytab is used with OTP now.
• Fix wrong ansible argument types
• Do not fail on textwrap for replica deployments with CA
• Ansible lint and galaxy fixes
• Disable automatic removal of replication agreements in uninstall
• Enable freeipa-trust service if adtrust is enabled
• Add support for hidden replica
• New topology managament modules
• Add support for pki_config_override
• Fix host name setup in server deployment
• Fix errors when ipaservers variable is not set
• Fix ipaclient install role length typo
• Cleanups