This issues a warning if the relevant parameters to use GSSAPI were
provided, but the needed library is not installed in the system.
This is meant for usability, since it'll tell folks what they're missing
in their systems in order to use GSSAPI for authentication with the
FreeIPA modules.
This also removes the "required" key from the password parameter; now
this is checked in runtime.
* identity: Add GSSAPI suport for FreeIPA authentication
This enables the usage of GSSAPI for authentication, instead of having
to pass the username and password as part of the playbook run.
If there is GSSAPI support, this makes the password optional, and will
be able to use the KRB5_CLIENT_KTNAME or the KRB5CCNAME environment
variables; which are standard when using kerberos authentication.
Note that this depends on the urllib_gssapi library, and will only
enable this if that library is available.
* identity: Add documentation for GSSAPI authentication for FreeIPA
This documentation describes how to use GSSAPI authentication with the
IPA identity modules.
* identity: Add changelog for GSSAPI support for IPA
This adds the changelog entry for the GSSAPI authentication feature for
the IPA identity module.
* identity: Autodetect FreeIPA server with DNS
This adds the ability for the freeIPA related modules to be able to
auto-detect the IPA server through DNS.
This takes advantage of the fact that a lot of FreeIPA deployments
configure their hosts to use IPA as the nameserver.
This check is only used if we didn't set neither the ipa_host parameter,
nor the environment variable IPA_HOST.
* identity: Specify docs for DNS discovery of ipa_host
These docs specify that it can now default to DNS if the 'ipa-ca' entry
is available.
This fix allows user to specify idle timeout for fetch_url used
internally in IPA connection and post_json call.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Remove use of simplejson throughout code base. Fixes#42761
* Address failing tests
* Remove simplejson from contrib and other outlying files
* Add changelog fragment for simplejson removal
This fix adds environment variable fallback method to read
argument parameters if user has not specified.
Fixes: #35368
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Moved JSON-RPC client IPAClient class to ansible.module_utils.ipa, which is extended by all ipa modules
* IPAClient: Changed to 2-clause BSD license
* IPAClient (lines 37-39): Added some additional imports for use with Python 3
* IPAClient (line 41): Explicitly extend Python base object
* IPAClient (line 57): Properly URL quoted the username/password form data as per https://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1
* IPAClient (line 62): Data should be bytes or bytearray in Python 3 (still str in Python 2)
* IPAClient (line 65): Print error message, not returned body
* IPAClient (line 70): getheader() is not present in Python 3 version of HTTPMessage; get() is present in both Python 2/3
* IPAClient (line 88): Convert form data to bytes for Python 3 again
* IPAClient (line 91): Print error message, not returned body
* IPAClient (line 96-104): json.loads() requires a string; HTTPResponse.read() returns bytes in Python 3 and str in Python 2, so decode the bytes/string using the HTTPResponse returned charset (default to 'latin-1')
* Add author/copyright notice
Juan Antonio Osorio
Abhijeet Kasurde
Matt Martz
Fran Fitzpatrick
Toshio Kuratomi
Thomas Krahn
Matthew Krupcale