ansible-freeipa-1.16.0

Highlights in 1.16.0

• Sysaccount management with the ipasysaccount and iparole modules
• Passkey management with the ipapasskeyconfig, ipaconfig, ipahost, ipaservice and ipauser modules
• Allow to set any IP address with ipadnsrecord if create_reverse is false
• Support for ansible-core 2.19

Changes since 1.15.1

• Fix Ansible warnings in Firewall zone testing tasks (#1407)
• upstream ci: Use version_name for CheckPR labels (#1406)
• Cert tests: Do not fail on new dogtag profile not found error message (#1405)
• upstream ci: Fix Azure pipelines invalid names (#1404)
• upstream CI: Fix CheckPR ansible-core version definition (#1403)
• upstream CI: Fix nightly and azure-pipelines to use version map (#1402)
• Sysaccount management (#1398)
• pre-commit: Update pre-commit repo versions (#1394)
• ipacert: Fix tests for inexistent certificate (#1392)
• Add capability sys admin to fix dbus broker in systemd 258 (#1387)
• ipadnsrecord: Allow setting any IP address if create_reverse is false (#1382)
• Fixes several linter issues for recent tool versions. (#1380)
• test_backup.yml: Fix evaluation of 'list = False' and 'list = True' v2 (#1379)
• Update Ansible version in Upstream CI (#1377)
• test_backup.yml: Fix evaluation of 'list = False' and 'list = True' (#1376)
• Add support for passkey (#1372)
• Prepare playbooks for ansible core 2.19 (#1369)

Detailed changelog since 1.15.1 by author

2 authors, 36 commits

Rafael Guterres Jeffman (28)

• Fix Ansible warnings in Firewalld zone testing tasks
• ipadnsrecord: Allow setting any IP address if create_reverse is false
• New passkeyconfig management module
• ipauser: Add support for 'passkey' in 'user_auth_type'
• ipaservice: Add support for 'passkey' in 'auth_ind'
• ipahost: Add support for 'passkey' in 'auth_ind'
• ipaconfig: Add support for 'passkey' in 'user_auth_type'
• tests: Add fact for passkey support
• upstream ci: Use version_name for CheckPR labels
• upstream ci: Fix Azure pipelines invalid names
• upstream CI: Fix CheckPR ansible-core version definition
• upstream CI: Fix Azure nightly pipelines to use version map
• pre-commit: Update pre-commit repo versions
• upstream CI: Update Ansible version for c9s
• pytest: update to work with recent Python
• pylint: Add list of upper case constants to setup.cfg
• ansible-lint: Fix Jinja error
• ansible-lint: Fix deprecation warning with bool and omit
• pylint: Fix pylint 3.3.8 issues
• requirements.txt: Add setuptools
• ansible-docs: Update versions for ansible-doc-test checks
• linter: Pin Python version for ansible-lint
• ipacert: Fix tests for inexistent certificate
• ci: Update ansible-core to 2.18 in CI
• tests service: Fixes evaluation of 'Keytab = True'
• ansible-core 2.19: 'upper' and 'lower' make lists into strings
• ansible-core 2.19: Templates and expressions must use trusted sources
• ansible-core 2.19: when clause don't automatically convert to bool

Thomas Woerner (8)

• README-role.md: Fix typo in action description
• iparole: Add sysaccount member support
• Cert tests: Do not fail on new dogtag profile not found error message
• New sysaccount management module
• Dockerfiles c8s,c9s,fedora-latest and fedora-rawhide: Install hostname
• infra/image/shdefaults: Add capability SYS_ADMIN for systemd 258
• test_backup.yml: Fix evaluation of 'list = False' and 'list = True' v2
• test_backup.yml: Fix evaluation of 'list = False' and 'list = True'

ansible-freeipa-1.15.1

Changes since 1.15.0

• ipaclient: client_dns has new statestore arg with IPA change e6445b8 (#1375)

Detailed changelog since 1.15.0 by author

1 authors, 1 commits

Thomas Woerner (1)

• ipaclient: client_dns has new statestore arg with IPA change e6445b8

ansible-freeipa-1.15.0

Highlights in 1.15.0

• DNS over TLS support for ipaserver, ipareplica and ipaclient deployment roles
• ipaidrange: Enforce requirement of baserid and secondarybaserid for ID ranges
• Fix ipaserver and ipareplica deployment roles for use in Mitogen

Changes since 1.14.7

• ipaserver, ipareplica and ipaclient roles: Add DNS over TLS support (#1371)
• ipaidrange: Require usage of range id parameters (#1367)
• infra/image/shcontainer: Safer host removal from /etc/hosts (#1365)
• infra/image: Make fixnet and fixipaip services active by default (#1364)
• infra/image/shcontainer: Add host entry in container_start (#1361)
• ipaclient: Drop misspelled ipassd_ compat vars (#1360)
• tests/service/env_cleanup.yml: Turn on update_dns for test host removal (#1359)
• Cache sys.stdout instead of assuming it is equal to sys.stdout (#1329)

Detailed changelog since 1.14.7 by author

3 authors, 10 commits

Jarl Gullberg (1)

• Cache sys.stdout instead of assuming it is equal to sys.stdout

Rafael Guterres Jeffman (1)

• ipaidrange: Require usage of range id parameters

Thomas Woerner (8)

• ipareplica: Add support for DNS over TLS
• ipaserver: Add support for DNS over TLS
• ipaclient: Add support for DNS over TLS
• infra/image: Make fixnet and fixipaip services active by default
• infra/image/shcontainer: Safer host removal from /etc/hosts
• infra/image/shcontainer: Add host entry in container_start
• ipaclient: Drop misspelled ipassd_ compat vars
• tests/service/env_cleanup.yml: Turn on update_dns for test host removal

ansible-freeipa-1.14.7

Changes since 1.14.6

• ipaclient: Fix AttributeError by defaulting dns_over_tls to False (#1357)

Detailed changelog since 1.14.6 by author

1 authors, 1 commits

Jose Angel Morena (1)

• ipaclient: Fix AttributeError by defaulting dns_over_tls to False

ansible-freeipa-1.14.6

Changes since 1.14.5

• infra/image/shcontainer: Fix log message in container_tee (#1355)
• infra/image/shcontainer: Volume support and new container_tee (#1354)
• test container: Add DAC_READ_SEARCH capability (#1352)
• infra/image/shdefaults: Add SYS_PTRACE to CAP_DEFAULTS (#1351)
• ipareplica: Don't rely on pkg_resources whenever possible (#1350)
• Fix flake8 7 2 0 (#1349)
• Fix CA certificates iteration (#1348)
• Use ubuntu 24.04 for testing (#1301)

Detailed changelog since 1.14.5 by author

3 authors, 13 commits

Alexander Bokovoy (1)

• Fix CA certificates iteration

Rafael Guterres Jeffman (6)

• test container: Add DAC_READ_SEARCH capability
• infra/image/shcontainer: Fix log message in container_tee
• ipareplica: Don't rely on pkg_resources whenever possible
• Fix linter issues related to 'global'
• Unpin flake8 version from requirements-dev.txt
• pre-commit: Bump flake8 version to 7.2.0

Thomas Woerner (6)

• infra/image/shcontainer: Fix processing of multi item CAP_DEFAULTS
• infra/image/shdefaults: Add SYS_PTRACE to CAP_DEFAULTS
• infra/image/shcontainer: Volume support and new container_tee
• infra/image/shcontainer: Ensure '/ect/shadow' is readable
• utils/setup_test_container.sh: Wait till systemd-journald is running
• Use ubuntu 24.04 for testing

ansible-freeipa-1.14.5

Changes since 1.14.4

• ipa* deployment roles: Hotfix for dns_over_tls (Freeipa#7343) (#1340)

Detailed changelog since 1.14.4 by author

1 authors, 1 commits

Thomas Woerner (1)

• ipa* deployment roles: Hotfix for dns_over_tls (Freeipa#7343)

ansible-freeipa-1.14.4

Changes since 1.14.3

• ipagroup: Fix test for externalmember use in client context (#1337)

Detailed changelog since 1.14.3 by author

1 authors, 1 commits

Thomas Woerner (1)

• ipagroup: Fix test for externalmember use in client context

ansible-freeipa-1.14.3

Highlights in 1.14.3

• Fix management of AD objects for ipagroup

Changes since 1.14.2

• tests/idoverrideuser: Fix client context test when running on client (#1336)
• ipagroup: Fix management of AD objects (#1335)
• Update c10s image (#1334)
• Remove 'vars' files of unsupported distributions (#1327)

Detailed changelog since 1.14.2 by author

1 authors, 7 commits

Rafael Guterres Jeffman (7)

• Remove 'vars' files of unsupported distributions
• Use non-development CentOS 10 Stream image
• Configure yamllint to be compatible with ansible-lint
• ipagroup: Fix management of AD objects
• tests/idoverrideuser: Fix client context test when running on client
• tests: Improve FreeIPA facts
• ansible_freeipa_module_utils: Add functions to handle objects SID

ansible-freeipa-1.14.2

Highlights in 1.14.2

• ipareplica: Pass ipareplica_ip_addresses to client deployment part
• ipagroup: Correctly handle externalmember in member actions
• ipasudorule: Evaluate all members related to hosts and users
• ipacert: Correctly handle removFromCRL revocation
• Collection: No more role module duplication
• Enabled CentOS 10 Stream tests

Changes since 1.14.1

• utils/build-galaxy-release.sh: Do not create duplicates for role plugins (#1324)
• ipacert: Revoking with removeFromCRL should be handled as cert release (#1323)
• ipagroup: Correctly handle externalmember in member actions (#1322)
• ipasudorule: Evaluate all members related to hosts and users (#1321)
• modules: Do not hide errors using IPA *_show command with Exception (#1319)
• infra/image: Use SYS_ADMIN capability for server deployment (#1318)
• infra/image/dockerfile/c10s: Fix client part deployment for the server (#1316)
• infra/image/shcontainer: New container_copy and container_fetch (#1315)
• ipareplica: Pass ipareplica_ip_addresses to client deployment part (#1243)

Detailed changelog since 1.14.1 by author

2 authors, 13 commits

Rafael Guterres Jeffman (5)

• ipasudorule: Evaluate all members related to hosts and users
• ipagroup: Correctly handle externalmember in member actions
• ipacert: Revoking with removeFromCRL should be handled as cert release
• utils/templates: Use ipalib_errors.NotFound instead of Exception
• modules: Do not hide errors using IPA *_show command with Exception

Thomas Woerner (8)

• ipareplica: Pass ipareplica_ip_addresses to client deployment part
• ansible_ipa_server.py: Calm down ansible-test "metaclass-boilerplate"
• utils/build-galaxy-release.sh: Do not create duplicates for role plugins
• Enable c10s testing for PRs and nightly and after merge testing
• Enable to build c10s test container image
• infra/image: Use SYS_ADMIN capability for server deployment
• infra/image/dockerfile/c10s: Fix client part deployment for the server
• infra/image/shcontainer: New container_copy and container_fetch

ansible-freeipa-1.14.1

Changes since 1.14.0

• Change minimum Ansible version to 2.14 (#1317)

Detailed changelog since 1.14.0 by author

1 authors, 1 commits

Thomas Woerner (1)

• Change minimum Ansible version to 2.14