Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: rhel-9.6
Affects Version/s: rhel-9.6
Component/s: ansible-freeipa
Labels:
- commit
- rebase

Fixed in Build:
ansible-freeipa-1.14.5-1.el9
Regression:
No
Severity:
Moderate
Epic Link:
FREEIPA-11025
Keywords:

Rebase
sprint_count:
2

AssignedTeam:
rhel-idm-ipa
Sub-System Group:

ssg_idm

Dev Target Milestone:
25
Internal Target Milestone:
26
Story Points:
3
ACKs Check:

QE ack, Dev ack
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
Yes
Sprint:
2024-Q4-Alpha-S4, 2024-Q4-Alpha-S5

Preliminary Testing:
Pass
Errata Link:
https://errata.devel.redhat.com/advisory/143644
Test Coverage:
None

Release Note Type:
Enhancement
Release Note Text:

Hide
.`ansible-freeipa` rebased to 1.14.5
The `ansible-freeipa` package has been rebased from version 1.13.2 to version 1.14.5. Notable enhancements and bug fixes include:

* You can use `module_defaults` to define variables for multiple `ansible-freeipa` tasks
+
The `freeipa.ansible_freeipa` collection now provides the `module_defaults` action group that simplifies the use of `ansible-freeipa` modules. By using `module_defaults`, you can set default values to be applied to all modules of the collection used in a playbook. To do so, use the `action_group` named `freeipa.ansible_freeipa.modules`. For example:
+
----
- name: Test
   hosts: localhost
   module_defaults:
    group/freeipa.ansible_freeipa.modules:
       ipaadmin_password: Secret123
   tasks:
…
----
+
As a result, the playbook is more concise.

* Multiple IdM `sudo` rules can now be managed in a single Ansible task
+
This enhancement adds the `sudorules` option to `ansible-freeipa`. By using `sudorules`, you can add, modify, and delete multiple Identity Management (IdM) `sudo` rules by using a single Ansible task. To do this, use the `sudorules` option of the `ipasudorule` module. As a result, you can define your `sudo` rules more easily, and execute them more efficiently.
+
Using the `sudorules` option, you can specify multiple `sudo` rule parameters that apply to a particular `sudo` rule. This `sudo` rule is defined by the `name` variable, which is the only mandatory variable for the `sudorules` option.

* Removing external members by using the `ipagroup` module now works correctly
+
Previously, attempting to ensure the absence of an external member from an IdM group by using the `ansible-freeipa` `ipagroup` module with the `externalmember` parameter did not remove the members from the group, even though Ansible presented the result of the task as `changed`. With this fix, using the `ipagroup` module with `externalmember` correctly ensures the absence of an external member from an IdM group. The fix also allows the use of either DOM\name or name@domain to identify AD users.

Show
.`ansible-freeipa` rebased to 1.14.5 The `ansible-freeipa` package has been rebased from version 1.13.2 to version 1.14.5. Notable enhancements and bug fixes include: * You can use `module_defaults` to define variables for multiple `ansible-freeipa` tasks + The `freeipa.ansible_freeipa` collection now provides the `module_defaults` action group that simplifies the use of `ansible-freeipa` modules. By using `module_defaults`, you can set default values to be applied to all modules of the collection used in a playbook. To do so, use the `action_group` named `freeipa.ansible_freeipa.modules`. For example: + ---- - name: Test    hosts: localhost    module_defaults:     group/freeipa.ansible_freeipa.modules:        ipaadmin_password: Secret123    tasks: … ---- + As a result, the playbook is more concise. * Multiple IdM `sudo` rules can now be managed in a single Ansible task + This enhancement adds the `sudorules` option to `ansible-freeipa`. By using `sudorules`, you can add, modify, and delete multiple Identity Management (IdM) `sudo` rules by using a single Ansible task. To do this, use the `sudorules` option of the `ipasudorule` module. As a result, you can define your `sudo` rules more easily, and execute them more efficiently. + Using the `sudorules` option, you can specify multiple `sudo` rule parameters that apply to a particular `sudo` rule. This `sudo` rule is defined by the `name` variable, which is the only mandatory variable for the `sudorules` option. * Removing external members by using the `ipagroup` module now works correctly + Previously, attempting to ensure the absence of an external member from an IdM group by using the `ansible-freeipa` `ipagroup` module with the `externalmember` parameter did not remove the members from the group, even though Ansible presented the result of the task as `changed`. With this fix, using the `ipagroup` module with `externalmember` correctly ensures the absence of an external member from an IdM group. The fix also allows the use of either DOM\name or name@domain to identify AD users.
Release Note Status:
Done

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Rebase ansible-freeipa to the latest version available for RHEL 9.6 GA.

is cloned by

RHEL-67567 [ansible-freeipa] Rebase to latest version for RHEL-10

Closed

links to

RHBA-2024:143644 ansible-freeipa update

Assignee:: Thomas Woerner

Reporter:: Thomas Woerner

Developer:: Thomas Woerner

QA Contact:: Varun Mylaraiah

Doc Contact:: Filip Hanzelka

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2024/11/14 11:02 AM

Updated:: 2025/05/13 10:23 AM

Resolved:: 2025/05/13 10:23 AM

Dev Target end:: 2025/02/10

Target end:: 2025/02/17

Next Planned Release Date:: 2025/05/13

Release Date:: 2025/05/13

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

Hide