From e23def1b9b8f0e767ed76ea24631f68c986f0e10 Mon Sep 17 00:00:00 2001
From: Durga Jagadeesh Palli <v-dpalli@microsoft.com>
Date: Tue, 12 Nov 2024 14:47:34 +0000
Subject: [PATCH] ansible-freeipa: Update to 1.13.2

---
 .../ansible-freeipa.signatures.json           |   2 +-
 .../ansible-freeipa/ansible-freeipa.spec      | 280 ++++++++++++++++--
 cgmanifest.json                               |   4 +-
 3 files changed, 266 insertions(+), 20 deletions(-)

diff --git a/SPECS-EXTENDED/ansible-freeipa/ansible-freeipa.signatures.json b/SPECS-EXTENDED/ansible-freeipa/ansible-freeipa.signatures.json
index f6254611c31..3bcd86e0543 100644
--- a/SPECS-EXTENDED/ansible-freeipa/ansible-freeipa.signatures.json
+++ b/SPECS-EXTENDED/ansible-freeipa/ansible-freeipa.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "ansible-freeipa-0.3.4.tar.gz": "3c60aadbd612cd577145e85582a5e3ab8d62787592d7789218196cf624ffc85f"
+  "ansible-freeipa-1.13.2.tar.gz": "c28204ca99d676a64041cafc40bacbc3ba542808815acab03244195ad6ebfdf0"
  }
 }
diff --git a/SPECS-EXTENDED/ansible-freeipa/ansible-freeipa.spec b/SPECS-EXTENDED/ansible-freeipa/ansible-freeipa.spec
index ec9d7e36cf3..fe3f2b250f2 100644
--- a/SPECS-EXTENDED/ansible-freeipa/ansible-freeipa.spec
+++ b/SPECS-EXTENDED/ansible-freeipa/ansible-freeipa.spec
@@ -1,5 +1,6 @@
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
+
 # Turn off automatic python byte compilation because these are Ansible
 # roles and the files are transferred to the node and compiled there with
 # the python version used in the node
@@ -7,21 +8,32 @@ Distribution:   Azure Linux
 
 %global python %{__python3}
 
+%global collection_namespace freeipa
+%global collection_name ansible_freeipa
+%global ansible_collections_dir %{_datadir}/ansible/collections/ansible_collections
+
 Summary: Roles and playbooks to deploy FreeIPA servers, replicas and clients
 Name: ansible-freeipa
-Version: 0.3.4
+Version: 1.13.2
 Release: 2%{?dist}
 URL: https://github.com/freeipa/ansible-freeipa
-License: GPLv3+
+License: GPL-3.0-or-later
 Source: https://github.com/freeipa/ansible-freeipa/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+#Source:  https://github.com/freeipa/ansible-freeipa/archive/refs/tags/v1.13.2.tar.gz
 BuildArch: noarch
+#Requires: ansible-core >= 1.15.0
+#BuildRequires: ansible-core >= 1.15.0
+BuildRequires: ansible
+BuildRequires: python
+BuildRequires: PyYAML
 
 %description
-ansible-freeipa provides Ansible roles and playbooks to install and uninstall
-FreeIPA servers, replicas and clients. Also modules for management.
+Ansible roles to install and uninstall FreeIPA servers, replicas and clients,
+roles for backups and SmartCard configuration, modules for management and also
+playbooks for all roles and modules.
 
-Note: The ansible playbooks and roles require a configured ansible environment
-where the ansible nodes are reachable and are properly set up to have an IP
+Note: The Ansible playbooks and roles require a configured Ansible environment
+where the Ansible nodes are reachable and are properly set up to have an IP
 address and a working package manager.
 
 Features
@@ -31,6 +43,13 @@ Features
 - One-time-password (OTP) support for client installation
 - Repair mode for clients
 - Backup and restore, also to and from controller
+- Smartcard setup for servers and clients
+- Inventory plugin freeipa
+- Modules for automembership rule management
+- Modules for automount key management
+- Modules for automount location management
+- Modules for automount map management
+- Modules for certificate management
 - Modules for config management
 - Modules for delegation management
 - Modules for dns config management
@@ -43,18 +62,27 @@ Features
 - Modules for hbacsvcgroup management
 - Modules for host management
 - Modules for hostgroup management
+- Modules for idoverridegroup management
+- Modules for idoverrideuser management
+- Modules for idp management
+- Modules for idrange management
+- Modules for idview management
 - Modules for location management
+- Modules for netgroup management
 - Modules for permission management
 - Modules for privilege management
 - Modules for pwpolicy management
 - Modules for role management
 - Modules for self service management
+- Modules for server management
 - Modules for service management
+- Modules for service delegation rule management
+- Modules for service delegation target management
 - Modules for sudocmd management
 - Modules for sudocmdgroup management
 - Modules for sudorule management
 - Modules for topology management
-- Modules fot trust management
+- Modules for trust management
 - Modules for user management
 - Modules for vault management
 
@@ -76,15 +104,9 @@ Supported Distributions
 Requirements
 
   Controller
-
-  - Ansible version: 2.8+ (ansible-freeipa is an Ansible Collection)
-    /usr/bin/kinit is required on the controller if a one time password (OTP)
-    is used
-  - python3-gssapi is required on the controller if a one time password (OTP)
-    is used with keytab to install the client.
+  - Ansible version: 2.13+
 
   Node
-
   - Supported FreeIPA version (see above)
   - Supported distribution (needed for package installation only, see above)
 
@@ -103,10 +125,20 @@ Requires: %{name} = %{version}-%{release}
 %description tests
 ansible-freeipa tests.
 
+The tests for the collection are part of the collection sub package.
+
 Please have a look at %{_datadir}/ansible-freeipa/requirements-tests.txt
 to get the needed requrements to run the tests.
 
 
+%package collection
+Summary: %{collection_namespace}.%{collection_name} collection
+Provides: ansible-collection-%{collection_namespace}-%{collection_name} = %{version}-%{release}
+
+%description collection
+The %{collection_namespace}.%{collection_name} collection, including tests.
+
+
 %prep
 %setup -q
 # Do not create backup files with patches
@@ -114,15 +146,17 @@ to get the needed requrements to run the tests.
 # Fix python modules and module utils:
 # - Remove shebang
 # - Remove execute flag
-for i in roles/ipa*/library/*.py roles/ipa*/module_utils/*.py plugins/*/*.py; do
+for i in roles/ipa*/library/*.py roles/ipa*/module_utils/*.py plugins/*/*.py;
+do
     sed -i '1{/\/usr\/bin\/python*/d;}' $i
+    sed -i '1{/\/usr\/bin\/env python*/d;}' $i
     chmod a-x $i
 done
 
-for i in utils/*.py utils/ansible-ipa-*-install utils/new_module \
-         utils/changelog utils/ansible-doc-test;
+for i in utils/*.py utils/new_module utils/changelog utils/ansible-doc-test;
 do
     sed -i '{s@/usr/bin/python*@%{python}@}' $i
+    sed -i '{s@/usr/bin/env python*@%{python}@}' $i
 done
 
 
@@ -138,6 +172,10 @@ cp -rp roles/ipaclient %{buildroot}%{_datadir}/ansible/roles/
 cp -rp roles/ipaclient/README.md README-client.md
 cp -rp roles/ipabackup %{buildroot}%{_datadir}/ansible/roles/
 cp -rp roles/ipabackup/README.md README-backup.md
+cp -rp roles/ipasmartcard_server %{buildroot}%{_datadir}/ansible/roles/
+cp -rp roles/ipasmartcard_server/README.md README-smartcard_server.md
+cp -rp roles/ipasmartcard_client %{buildroot}%{_datadir}/ansible/roles/
+cp -rp roles/ipasmartcard_client/README.md README-smartcard_client.md
 install -m 755 -d %{buildroot}%{_datadir}/ansible/plugins/
 cp -rp plugins/* %{buildroot}%{_datadir}/ansible/plugins/
 
@@ -147,14 +185,23 @@ cp -rp utils %{buildroot}%{_datadir}/ansible-freeipa/
 install -m 755 -d %{buildroot}%{_datadir}/ansible-freeipa/tests
 cp -rp tests %{buildroot}%{_datadir}/ansible-freeipa/
 
+# Create collection and install to %{buildroot}%{ansible_collections_dir}
+# ansible-galaxy collection install creates ansible_collections directory
+# automatically in given path, therefore /..
+utils/build-galaxy-release.sh -o "%{version}" -p %{buildroot}%{ansible_collections_dir}/.. %{collection_namespace} %{collection_name}
+
 %files
 %license COPYING
 %{_datadir}/ansible/roles/ipaserver
 %{_datadir}/ansible/roles/ipareplica
 %{_datadir}/ansible/roles/ipaclient
 %{_datadir}/ansible/roles/ipabackup
+%{_datadir}/ansible/roles/ipasmartcard_server
+%{_datadir}/ansible/roles/ipasmartcard_client
+%{_datadir}/ansible/plugins/doc_fragments
 %{_datadir}/ansible/plugins/module_utils
 %{_datadir}/ansible/plugins/modules
+%{_datadir}/ansible/plugins/inventory
 %doc README*.md
 %doc playbooks
 %{_datadir}/ansible-freeipa/requirements.txt
@@ -165,7 +212,206 @@ cp -rp tests %{buildroot}%{_datadir}/ansible-freeipa/
 %{_datadir}/ansible-freeipa/tests
 %{_datadir}/ansible-freeipa/requirements-tests.txt
 
+%files collection
+%dir %{ansible_collections_dir}/%{collection_namespace}
+%{ansible_collections_dir}/%{collection_namespace}/%{collection_name}
+
 %changelog
+* Tue Nov 12 2024 Durga Jagadeesh Palli <v-dpalli@microsoft.com> - 1.13.2-2
+- Update to 1.13.2
+
+* Mon Jul  1 2024 Thomas Woerner <twoerner@redhat.com> - 1.13.2-1
+- Update to version 1.13.2
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.13.2
+  - Support for FreeIPA 4.12
+  - Idempotency fixes
+  - Minimum supported ansible-core version: 2.15.0
+  - Fixes for ansible-test 2.17.1
+
+* Tue May 28 2024 Thomas Woerner <twoerner@redhat.com> - 1.13.1-1
+- Update to version 1.13.1
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.13.0
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.13.1
+  Highlights:
+  - New inventory plugin
+  - Use batch command internally for ipahost, ipaservice and ipauser
+  - Fix idempotency issues in ipahost, ipaservice and ipauser
+  - Fix idempotency in ipaclient_dns_resolver
+  - Documentation fixes
+
+* Tue Apr  2 2024 Thomas Woerner <twoerner@redhat.com> - 1.12.1-2
+- New -collection sub package providing the freeipa.ansible_freeipa
+  collection
+- New build requires for ansible-core and python
+
+* Mon Feb 12 2024 Thomas Woerner <twoerner@redhat.com> - 1.12.1-1
+- Update to version 1.12.1
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.12.1
+  Highlights:
+  - Fix ipaserver deployment on CentOS 8 Stream
+  - Fix ipaclient deployment with automount
+  - Fix ipaclient OTP error reporting
+  - Add missing support for renaming groups and users
+  - Idempotency fixes in several modules
+
+* Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.12.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.12.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Nov 27 2023 Thomas Woerner <twoerner@redhat.com> - 1.12.0-1
+- Update to version 1.12.0
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.12.0
+  Highlights:
+  - New idoverridegroup management module.
+  - New idoverrideuser management module.
+  - New idview management module.
+  - New idp management module.
+  - Bug fixes and CI improvements.
+
+* Mon Jul 24 2023 Thomas Woerner <twoerner@redhat.com> - 1.11.1-1
+- Update to version 1.11.1
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.11.1
+  Highlights:
+  - Support for GECOS, street, smb and idp attributes in ipauser module
+  - Support for indirect maps in ipaautomountmap module
+  - Update of user_auth_type choices in ipaconfig and ipauser modules
+  - Update of auth_ind choices in ipahost and ipaservice modules
+  - Upstream test and environment enhancements
+  - Documentation updates
+
+* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.11.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Mon Jun 12 2023 Thomas Woerner <twoerner@redhat.com> - 1.11.0-1
+- Update to version 1.11.0
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.11.0
+  Highlights:
+  - Multiple service management with ipaservice module
+  - New ipacert module for certificate management
+  - Action group support for the Ansible collections on Ansible Galaxy and
+    Ansible AutomationHub
+  - Fixed maxsequence handling in ipapwpolicy module
+  - Even more Ansible lint driven changes
+
+* Wed Apr  5 2023 Thomas Woerner <twoerner@redhat.com> - 1.10.0-1
+- Update to version 1.10.0
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.10.0
+  Highlights:
+  - ipagroup: Allow multiple group management.
+  - ipaclient: Add subid option to select the sssd profile with-subid.
+  - ipaclient: Fix allow_repair with removed krb5.conf and DNS lookup.
+  - ipaclient: Keep server affinity while deploying by deferring the
+    creation the final krb5.conf.
+  - ipaserver: Allow deployments with random serial numbers.
+  - ipareplica/server: Enable removal from domain with undeployment.
+  - More Ansible lint fixes.
+
+* Fri Mar 10 2023 Rafael Jeffman <rjeffman@redhat.com> - 1.9.2-2
+- Migrate to SPDX license
+
+* Tue Jan 31 2023 Thomas Woerner <twoerner@redhat.com> - 1.9.2-1
+- Update to version 1.9.2
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.9.2
+
+* Mon Jan 30 2023 Thomas Woerner <twoerner@redhat.com> - 1.9.1-1
+- Update to version 1.9.1
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.9.1
+  Highlights:
+  - Ansible 2.14 test and lint fixes
+  - pwpolicy: Allow clearing policy values
+  - More bug fixes
+
+* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Tue Dec  6 2022 Thomas Woerner <twoerner@redhat.com> - 1.9.0-1
+- Update to version 1.9.0
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.9.0
+  Highlights:
+  - New netgroup management module
+  - sudorule: Add support for 'hostmask' parameter
+  - pwpolicy: Add support for password check and grace limit
+  - ipaclient: No kinit on controller for deployment using OTP
+  - ipaclient: Configure DNS resolver
+  - Support for ansible-core 2.14 tests
+
+* Mon Sep 12 2022 Thomas Woerner <twoerner@redhat.com> - 1.8.4-1
+- Update to version 1.8.4
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.8.4
+
+* Tue Aug 16 2022 Thomas Woerner <twoerner@redhat.com> - 1.8.3-1
+- Update to version 1.8.3
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.8.3
+
+* Thu Jul 28 2022 Thomas Woerner <twoerner@redhat.com> - 1.8.2-1
+- Update to version 1.8.2
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.8.2
+
+* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Thu Jul  7 2022 Thomas Woerner <twoerner@redhat.com> - 1.8.1-1
+- Update to version 1.8.1
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.8.1
+
+* Fri Jun 24 2022 Thomas Woerner <twoerner@redhat.com> - 1.8.0-1
+- Update to version 1.8.0
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.8.0
+
+* Fri Apr 29 2022 Thomas Woerner <twoerner@redhat.com> - 1.7.0-1
+- Update to version 1.7.0
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.7.0
+- Update to version 1.6.3
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.3
+
+* Wed Jan 26 2022 Thomas Woerner <twoerner@redhat.com> - 1.6.2-1
+- Update to version 1.6.2
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.2
+
+* Fri Jan 21 2022 Thomas Woerner <twoerner@redhat.com> - 1.6.1-1
+- Update to version 1.6.1
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.1
+- Update to version 1.6.0
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.0
+
+* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Tue Dec 28 2021 Thomas Woerner <twoerner@redhat.com> - 1.5.3-1
+- Update to version 1.5.3
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.3
+- Update to version 1.5.2
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.2
+- Update to version 1.5.1
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.1
+
+* Tue Dec  7 2021 Thomas Woerner <twoerner@redhat.com> - 1.5.0-1
+- Update to version 1.5.0
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.0
+
+* Wed Oct  6 2021 Thomas Woerner <twoerner@redhat.com> - 0.4.0-1
+- Update to version 0.4.0
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.4.0
+
+* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.8-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Wed Jul 14 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.8-1
+- Update to version 0.3.8
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.8
+- Update to version 0.3.7
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.7
+
+* Tue Jun  1 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.6-1
+- Update to version 0.3.6
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.6
+
+* Wed Mar  3 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.5-1
+- Update to version 0.3.5
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.5
+
 * Fri Oct 15 2021 Pawel Winogrodzki <pawelwi@microsoft.com> - 0.3.4-2
 - Initial CBL-Mariner import from Fedora 33 (license: MIT).
 
diff --git a/cgmanifest.json b/cgmanifest.json
index d1159de93cc..9e1b5dc80ed 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -225,8 +225,8 @@
         "type": "other",
         "other": {
           "name": "ansible-freeipa",
-          "version": "0.3.4",
-          "downloadUrl": "https://github.com/freeipa/ansible-freeipa/archive/v0.3.4.tar.gz"
+          "version": "1.13.2",
+          "downloadUrl": "https://github.com/freeipa/ansible-freeipa/archive/v1.13.2.tar.gz"
         }
       }
     },