Bug 1797532

Summary: [ansible-freeipa] The password policy module depends on the group
Product: Red Hat Enterprise Linux 8 Reporter: Varun Mylaraiah <mvarun>
Component: ansible-freeipaAssignee: Thomas Woerner <twoerner>
Status: CLOSED ERRATA QA Contact: ipa-qe <ipa-qe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.2   
Target Milestone: rc   
Target Release: 8.0   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: ansible-freeipa-0.1.8-2.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-28 16:01:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Varun Mylaraiah 2020-02-03 11:21:04 UTC 
Description of problem:
The password policy module depends on the group. But it should not. This is not correct.
Due to that not able to modify global_policy.

Version-Release number of selected component (if applicable):
ansible-freeipa-0.1.7-1.el8.noarch

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Thomas Woerner 2020-02-07 09:10:54 UTC 
Here is the merged upstream PR: https://github.com/freeipa/ansible-freeipa/pull/198
Comment 4 Varun Mylaraiah 2020-02-19 07:49:48 UTC 
Verified

Manual execution console output:
================================
# rpm -q ansible-freeipa
ansible-freeipa-0.1.8-2.el8.noarch

[root@master ~]# ipa pwpolicy-show 
  Group: global_policy
  Max lifetime (days): 90
  Min lifetime (hours): 1
  History size: 0
  Character classes: 0
  Min length: 8
  Max failures: 6
  Failure reset interval: 60
  Lockout duration: 600

# cat bz1797532_without_name.yaml
---
- name: Ensure global_policy modified
  hosts: ipaserver
  become: true

  tasks:
  - ipapwpolicy:
      ipaadmin_password: <XXXXX>
      minlife: 7
      maxlife: 49
      lockouttime: 300


[root@ansible ~]# ansible-playbook -vv -i inventory/server.hosts bz1797532_without_name.yaml
ansible-playbook 2.9.5
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible-playbook
  python version = 3.6.8 (default, Dec  5 2019, 15:45:45) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
Using /etc/ansible/ansible.cfg as config file

PLAYBOOK: bz1797532_without_name.yaml ********************************************************************************
1 plays in bz1797532_without_name.yaml

PLAY [Ensure global_policy modified] *********************************************************************************

TASK [Gathering Facts] ***********************************************************************************************
task path: /root/bz1797532_without_name.yaml:2
ok: [master.ipadomain.test]
META: ran handlers

TASK [ipapwpolicy] ***************************************************************************************************
task path: /root/bz1797532_without_name.yaml:7
changed: [master.ipadomain.test] => {"changed": true}
META: ran handlers
META: ran handlers

PLAY RECAP ***********************************************************************************************************
master.ipadomain.test      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   


[root@master ~]# ipa pwpolicy-show 
  Group: global_policy
  Max lifetime (days): 49
  Min lifetime (hours): 7
  History size: 0
  Character classes: 0
  Min length: 8
  Max failures: 6
  Failure reset interval: 60
  Lockout duration: 300
Comment 5 Varun Mylaraiah 2020-02-19 07:51:29 UTC 
Automated test console output:
===============================
ansible-freeipa-0.1.8-2.el8.noarch

ansible_freeipa_tests/pwpolicy_module.py::Testpwpolicy09::test_modify_group_policy 
-------------------------------- live log call ---------------------------------
[paramiko.transport] INFO Connected (version 2.0, client OpenSSH_8.0)
[paramiko.transport] INFO Authentication (publickey) successful!
[pytest_multihost.host.Host.master.ParamikoTransport] INFO RUN ['ipactl', 'status']
[paramiko.transport] INFO Connected (version 2.0, client OpenSSH_8.0)
[paramiko.transport] INFO Authentication (publickey) successful!
[pytest_multihost.host.Host.ansible.ParamikoTransport] INFO WRITE inventory/pwpolicy.hosts
[paramiko.transport.sftp] INFO [chan 0] Opened sftp connection (server version 3)
[pytest_multihost.host.Host.ansible.ParamikoTransport] INFO PUT pwpolicy_module.yml
[pytest_multihost.host.Host.ansible.ParamikoTransport] INFO RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/pwpolicy.hosts', 'pwpolicy_module.yml']
[pytest_multihost.host.Host.master.ParamikoTransport] INFO RUN ['kinit', 'admin']
[pytest_multihost.host.Host.master.ParamikoTransport] INFO RUN ['ipa', 'pwpolicy-show']
[pytest_multihost.host.Host.master.ParamikoTransport] INFO RUN ['kdestroy', '-A']
[pytest_multihost.host.Host.ansible.ParamikoTransport] INFO WRITE inventory/pwpolicy.hosts
[pytest_multihost.host.Host.ansible.ParamikoTransport] INFO PUT pwpolicy_module.yml
[pytest_multihost.host.Host.ansible.ParamikoTransport] INFO RUN ['ansible-playbook', '--ssh-extra-args="-o StrictHostKeyChecking=no"', '-vv', '-i', 'inventory/pwpolicy.hosts', 'pwpolicy_module.yml']
PASSED                                                                   [100%]

Now the password policy module not depends on the group.
Based on the test result, marking the bug VERIFIED.
Comment 7 errata-xmlrpc 2020-04-28 16:01:57 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1705