[RHEL-19134] [ansible-freeipa] ipadnszone: Add support for per-zone privilege delegation

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: rhel-9.4
Affects Version/s: rhel-9.4
Component/s: ansible-freeipa
Labels:
- CY24Q1_commit

Fixed in Build:
ansible-freeipa-1.12.1-1.el9
Regression:
None
Severity:
None
Epic Link:
FREEIPA-10484
sprint_count:
1

Pool Team:

rhel-sst-idm-ipa
Sub-System Group:

ssg_idm

Dev Target Milestone:
24
Internal Target Milestone:
25
Story Points:
5
ACKs Check:

QE ack, Dev ack
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
Yes
Sprint:
2024-Q1-Alpha-S4

Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/125061
Test Coverage:

Automated

Release Note Type:
Enhancement
Release Note Text:

Hide
.The delegation of DNS zone management is now enabled in `ansible-freeipa`

You can now use the `dnszone` `ansible-freeipa` module to delegate DNS zone management. Use the `permission` or `managedby` variable of the `dnszone` module to configure a per-zone access delegation permission.

Show
.The delegation of DNS zone management is now enabled in `ansible-freeipa` You can now use the `dnszone` `ansible-freeipa` module to delegate DNS zone management. Use the `permission` or `managedby` variable of the `dnszone` module to configure a per-zone access delegation permission.
Release Note Status:
Done

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

IPA DNS Zones management can be delegated by adding a "Manage DNS zone" permission. The CLI commands that manage these permissions are dnszone-add-delegation and dnszone-remove-delegation.

The ansible-freeipa module ipadnszone did not have this capability, and it now support dnszone per-zone management delegation by setting the module parameter 'permission'. If set to 'true' the permission will be assigned to the zone, if set to false the permission will be removed.

clones

RHEL-19133 [ansible-freeipa] ipadnszone: Add support for per-zone privilege delegation

Closed

links to

RHBA-2023:125061 ansible-freeipa bug fix and enhancement update

mentioned on

Merge request - Update to version 1.12.1...

Errata Tool added a comment - 2024/04/30 9:53 AM

Since the problem described in this issue should be resolved in a recent advisory, it has been closed.

For information on the advisory (ansible-freeipa bug fix and enhancement update), and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2024:2237

Errata Tool added a comment - 2024/04/30 9:53 AM Since the problem described in this issue should be resolved in a recent advisory, it has been closed. For information on the advisory (ansible-freeipa bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2024:2237

Varun Mylaraiah added a comment - 2024/02/16 1:54 AM

Verified
ansible-core-2.14.14-1.el9.x86_64
ansible-freeipa-1.12.1-1.el9.noarch

Test Result:

 PASSED ansible_freeipa_tests/dns/test_dns.py::TestDNSForwardZone::test_dnsforwardzone_grant_system_permission
 PASSED ansible_freeipa_tests/dns/test_dns.py::TestDNSForwardZone::test_dnsforwardzone_removed_system_permission
 PASSED ansible_freeipa_tests/dns/test_dns.py::TestDNSZone::test_dnszone_grant_system_permission
 PASSED ansible_freeipa_tests/dns/test_dns.py::TestDNSZone::test_dnszone_removed_system_permission

Based on the test result, marking the issue as "Release Pending"(Verified)

Varun Mylaraiah added a comment - 2024/02/16 1:54 AM Verified ansible-core-2.14.14-1.el9.x86_64 ansible-freeipa-1.12.1-1.el9.noarch Test Result: PASSED ansible_freeipa_tests/dns/test_dns.py::TestDNSForwardZone::test_dnsforwardzone_grant_system_permission PASSED ansible_freeipa_tests/dns/test_dns.py::TestDNSForwardZone::test_dnsforwardzone_removed_system_permission PASSED ansible_freeipa_tests/dns/test_dns.py::TestDNSZone::test_dnszone_grant_system_permission PASSED ansible_freeipa_tests/dns/test_dns.py::TestDNSZone::test_dnszone_removed_system_permission Based on the test result, marking the issue as "Release Pending"(Verified)

gitlab-bot added a comment - 2024/02/12 3:24 PM

Thomas Woerner mentioned this issue in a merge request of Red Hat / centos-stream / rpms / ansible-freeipa on branch af_1_12_1:

Update to version 1.12.1...

gitlab-bot added a comment - 2024/02/12 3:24 PM Thomas Woerner mentioned this issue in a merge request of Red Hat / centos-stream / rpms / ansible-freeipa on branch af_1_12_1 : Update to version 1.12.1...

Rafael Jeffman added a comment - 2024/01/04 2:17 PM

Upstream PR: https://github.com/freeipa/ansible-freeipa/pull/1147

Rafael Jeffman added a comment - 2024/01/04 2:17 PM Upstream PR: https://github.com/freeipa/ansible-freeipa/pull/1147

Assignee:: Rafael Jeffman

Reporter:: Thomas Woerner

Developer:: Thomas Woerner

QA Contact:: Varun Mylaraiah

Doc Contact:: Filip Hanzelka

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2023/12/11 3:00 PM

Updated:: 2024/05/29 5:43 PM

Resolved:: 2024/04/30 9:53 AM

Dev Target end:: 2024/02/12

Target end:: 2024/02/19

Release Date:: 2024/04/30

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

Collapse comment: Errata Tool added a comment - 2024/04/30 9:53 AM

Expand comment: Errata Tool added a comment - 2024/04/30 9:53 AM

Collapse comment: Varun Mylaraiah added a comment - 2024/02/16 1:54 AM

Expand comment: Varun Mylaraiah added a comment - 2024/02/16 1:54 AM

Collapse comment: gitlab-bot added a comment - 2024/02/12 3:24 PM

Expand comment: gitlab-bot added a comment - 2024/02/12 3:24 PM

Collapse comment: Rafael Jeffman added a comment - 2024/01/04 2:17 PM

Expand comment: Rafael Jeffman added a comment - 2024/01/04 2:17 PM

People

Dates