Releases: freeipa/ansible-freeipa
Releases · freeipa/ansible-freeipa
ansible-freeipa-0.1.11
Changes in 0.1.11:
- Fixes attempt to create rules with members when category is
all
. - Reformatted README for better presentation on 80 column terminals.
- Fixes error handling on dnsconfig module.
- Add support for missing attributes, and enhance ipaconfig tests.
- Split vault tests in different files.
- Add state
retrieved
to ipavault to retrieve vault stored data. - Fixes password behavior on Vault module.
- ipahostgroup: Add support for group membership management
- New dnsrecord management module.
- tests/config/test_config.yml: Fix main name
- Fix KDC certificate permissions
- Test ipaserver installation without CA
- Test ipareplicas installation without CA
- Remove temporary certificates after installation is completed
- Install iparelicas without CA
- ipagroup: Add support for group membership management
- ipahostgroup: Add support for group membership management
- Add support for service-add-smb.
- Add support for FreeIPA API service_del
continue
option. - Removed invalid state
enabled
from available choices. - Allow clearing auth_ind by using "" as input value.
- Fix error message when adding a service without principal.
- Allow the use of multiple values with auth_ind variable.
- Fixes message when variable cannot be used in a given state action.
- Add support for service-add-smb.
- Add support for FreeIPA API service_del
continue
option. - Removed invalid state
enabled
from available choices. - Allow clearing auth_ind by using "" as input value.
- Fix error message when adding a service without principal.
- Allow the use of multiple values with auth_ind variable.
- Fixes message when variable cannot be used in a given state action.
- Fixes no_log warning for
update_password
. - Fixes password behavior on Vault module.
- There is a new config management module placed in the plugins folder:
- library/ipaserver_setup_ca: Use x509 IPA upstream code for pkcs12 files
- ipaserver/tasks/install.yml: Always remove temporary pkcs12 copies
- library/ipaserver_test: Revert to IPA upstream code for pkcs12 files
- ansible_ipa_server: New functions encode_certificate and decode_certificate
- ca-less: No pre-generated certificates, generate them for each run
- Generate mock certificates for ca-less installation
- Install ipaserver without ca
- Fixes host absent when DNS zone is not found.
- Fixes no_log warning for
update_password
. - Add missing attribute
services
to vault module. - Fix all tests entry point
- Added pytests as test entrypoint
- Update README.md
- Update README.md
- Fixes behavior of ipavault when no user, service or shared is given.
- ipauser: Fix certmapdata, add missing certmapdata data option
- ansible_freeipa_module: New function api_check_command
- ansible_freeipa_module: New function DN_x500_text
- ansible_freeipa_module: New function load_cert_from_str
- ipagroup: Add lacking service check for group_remove_member with old IPA
- tests/host/test_hosts_principal.yml: Remove dudplicate hosts tag
- ipahost: Use dnsrecord_show instead of dnsrecord_find command
- ipahost: Honour update_password also for random
- ipauser: Use encode_certificate for certificates in find_user result
- Do not remove member attributes while updating others
- Fixes usage of Kerberos credentials on Vault module.
- Doc string improvements
- Added azure-pipelines check
- Fixed typo
- Adjusted doc strings to follow PEP 257.
- Made code flake8 friendly
- ansible_freeipa_module: Set KRB5CCNAME for api_connect (non root)
- Fixes removal of
all
from HBAC rule categories. - Fixes removal of
all
from sudorule categories.
ansible-freeipa-0.1.10
Changes in 0.1.10:
- ipaclient: Not delete keytab when ipaclient_on_master is true
- New module to manage dns forwarder zones in ipa
- Enhancements of sudorule module tests
- Gracefully handle RuntimeError raised during parameter validation in fail_jso
- ipareplica_prepare: Fix module DOCUMENTATION
- ipa[server,replica,client]: setup_logging wrapper for standard_logging_setup
- Created FreeIPABaseModule class to facilitate creation of new modules
- New IPADNSZone module
- Add admin password to the ipadnsconfig module tests
- Added alias module arguments in dnszone module
- Fixed a bug in AnsibleFreeIPAParams
- utils/build-galaxy-release: Do not add release tag to version for galaxy
- ipaserver docs: Calm down module linter
- galaxy.yml: Add system tag
- ipareplica_setup_kra: Remove unused ccache parameter
- ipareplica_setup_krb: krb is assigned to but never used
- utils/galaxy: Make galaxy scripts more generic
- galaxyfy-playbook.py: Fixed script name
ansible-freeipa-0.1.9
Changes in 0.1.9:
- New vault management module.
- ipahost: Fix choices of auth_ind parameter, allow to reset parameter
- ipauser: Allow reset of userauthtype, do not depend on first,last for mod
- ipahost: Enhanced failure msg for member params used without member action
- Update README-hbacsvcgroup.md
- Update README-sudorule.md
- Add missing validation in ipasudocmd
- ipareplica: Use ipaserver_realm as a fallback for realm
- ipapwpolicy: Use global_policy if name is not set
- ipahbacrule: Fix handing of members with action hbacrule
- tests: Fix top name tags in tests
- ansible_freeipa_module: Fix comparison of bool parameters in compare_args_ipa
- Modify roles README for consistency
- ipahost: Add support for several IP addresses and also to change them
- tests/host/test_host: Fix use of wrong host in the host5 test
- Properly handle base64 enconding of certificates stored as bytes
- ipahost: Fail on action member for new hosts, fix dnsrecord_add reverse flag
- ipahost: Do not fail on missing DNS or zone when no IP address given
- ansible_freeipa_module: Import ipalib.errors as ipalib_errors
- test_pwpolicy: unite admin passwords
- Unite admin passwords in tests, plugins and READMEs
- New service management module
- Removed trailling space on README.md
- Fixes documentation for module ipaservice
- Add documentation of missing variables for sudorule
- New DNSConfig management module
- README-group: Fix description of external parameter
- Fixes behavior for host module attribute
reverse
ansible-freeipa-0.1.8
Changes in 0.1.8:
- roles/ipaclient/README.md: Add information about ipaclient_otp
- Install and enable firewalld if it is configured for ipaserver and ipareplica roles
- ipaserver_test: Do not use zone_overlap_check for domain name validation
- Allow execution of API commands that do not require a name
- Update README-host: Drop options from allow_*keytab parameters docs
- ipauser: Extend email addresses with default email domain if no domain is given
- Update galaxy.yml: Add empty dependencies to calm down ansible-agalxy
- utils/build-galaxy-release.sh: Use ansible-galaxy instead of mazer
ansible-freeipa-0.1.7
Changes in 0.1.7
- Add debian support for ipaclient
- Added support for predefining client OTP using ipaclient_otp
- ipatopologysegment: Store suffix for commands in command list
- ipatopologysegment: Fail for missing entry with reinitialized
- Utils scripts: ansible-ipa-[server,replica,client]-install
- ipaserver_test,ipareplica_prepare: Do not return _pkcs12_file settings
- ansible_freeipa_module: Add support for GSSAPI
- ansible_ipa_client: Drop import of configure_nsswitch_database
- New host management module
- New hostgroup management module
- ipagroup: Remove unused member_[present,absent] states
- external-ca tests: Fix typo in inventory files
- tests/external-signed-ca tests: Fix external-ca.sh to use proper serials
- ipagroup: Rework to use same mechanisms as ipahostgroup module
- ansible_freeipa_module: api_command should not have extra try clause
- ansible_freeipa_module: compare_args_ipa needs to compare lists orderless
- ansible_freeipa_module: New function api_check_param
- ansible_freeipa_module: New functions module_params_get and _afm_convert
- ansible_freeipa_module: Add missing to_text import for _afm_convert
- ansible_freeipa_module: Convert tuple to list in compare_args_ipa
- ansible_freeipa_module: New function api_get_realm
- ipauser: User module extension
- New sudocmd management module
- New sudocmdgroup management module
- ansible_freeipa_module: Convert int to string in compare_args_ipa
- New pwpolicy management module
- New hbacsvc (HBAC Service) management module
- New hbacsvcgroup (HBAC Service Group) management module
- ipagroup: Properly support IPA versions 4.6 and RHEL-7
- ipagroup: Fix changed flag, new test cases
- ipauser: Add info about version limitation of passwordexpiration
- New hbacrule (HBAC Rule) management module
- ipahostgroup: Fix changed flag, support IPA 4.6 on RHEL-7, new test cases
- New sudorule (Sudo Rule) management module
- ipauser: Support 'sn' alias of 'last' for surname
- Update galaxy.yml: Update description, drop empty dependencies
- Update ipauser.py: Fix typo in users.name description
- ipaclient: Fix misspelled sssd options
- ipauser: Return generated random password
- ipahost: Return generated random password
- Added context configuration to api_connect
- ansible_freeipa_module: Better support for KRB5CCNAME environment variable
- ipa[server,replica,client]: Add support for CentOS-8
- ipahost: Extension to be able handle several hosts and all settings
- Flake8 fixes
- Documentation updates
- Cleanup
ansible-freeipa-0.1.6
Highlights in 0.1.6
- Lots of documentation updates in READMEs and modules
- library/ipaclient_get_otp: Enable force mode for host_add call (fixes #74)
- Flake8 and pylint reated fixes
- Fixed wrong path to CheckedIPAddress class in ipareplica_test
- Remove unused ipaserver/library/ipaserver.py
- No not use wildcard imports for modules
- ipareplica: Add support for pki_config_override
- ipareplica: Initialize dns.ip_addresses and dns.reverse_zones for dns setup
- ipareplica_prepare: Properly initialize pin and cert_name variables
- ipareplica: Fail with proper error messages
- ipaserver: Properly set settings related to pkcs12 files
- ipaclient: RawConfigParser is not always provided by six.moves.configparser
- ipaclient_setup_nss: paths.GETENT is not available before freeipa-4.6.90.pre1
- ipaserver_test: Initialize value from options.zonemgr
- ipareplica_setup_custodia: create_replica only available in newer releases
- ipaclient: Fix typo in dnsok assignment for ipaclient_setup_nss
- ipa[server,replica]: Set _packages_adtrust for Ubuntu
- New build script for galaxy release
- New utils script to update module docs
ansible-freeipa-0.1.5
Highlights in 0.1.5
- Support for IPA 4.8.0
- New user management module
- New group management module
- ipaserver: Support external signed CA
- RHEL-8 specific vars files to be able to install needed modules automatically
- ipareplica: Fixes for certmonger and kra setup
- New tests folder
- OTP related updates to README files
ansible-freeipa-0.1.4
Highlights in 0.1.4
- ipatopologysegment: Use commands, not command
ansible-freeipa-0.1.3
Highlights in 0.1.3
- ipaclient_test: Fix Python2 decode use with Python3
Fixed: #86 (AttributeError: 'str' object has no attribute 'decode') - ipaclient_get_otp: Remove ansible_python_interpreter handling
- ipaclient: Use omit (None) for password, keytab, no string length checks
- ipaclient_join: Support to use ipaadmin_keytab without ipaclient_use_otp
- ipaclient: Report error message if ipaclient_get_otp failed
- Fixes #17 Improve how tasks manage package installation
- ipareplica: The dm password is not needed for ipareplica_master_password
- ipareplica: Use ipareplica_server if set
- ipatopologysegment: Allow domain+ca suffix, new state: checked
- Documentation updates
- Cleanups
ansible-freeipa-0.1.2
Highlights in 0.1.2
- Now a new Ansible Collection
- Fix gssapi requirement for OTP: It is only needed if keytab is used with OTP now.
- Fix wrong ansible argument types
- Do not fail on textwrap for replica deployments with CA
- Ansible lint and galaxy fixes
- Disable automatic removal of replication agreements in uninstall
- Enable freeipa-trust service if adtrust is enabled
- Add support for hidden replica
- New topology managament modules
- Add support for pki_config_override
- Fix host name setup in server deployment
- Fix errors when ipaservers variable is not set
- Fix ipaclient install role length typo
- Cleanups