internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-03-26 21:33:05 +00:00
Code Issues Projects Releases Wiki Activity

ipauser: User module extension

Browse Source 
The ipauser module now supports all user settings and additionally to ensure
the presence of several users with the new users setting. The users setting
can also be used with other states, but it has to be limited to only contain
the name of the users.

There updated user management module is placed in the plugins folder:

  plugins/modules/ipauser.py

The user module now additionally allows to handle these user settings:

  initials
  principalexpiration
  random
  city
  userstate
  postalcode
  mobile
  pager
  fax
  orgunit
  manager
  carlicense
  sshpubkey
  userauthtype
  userclass
  radius
  radiususer
  departmentnumber
  employeenumber
  employeetype
  preferredlanguage
  certificate
  certmapdata
  noprivate
  nomembers

Here is the updated documentation for the module:

  README-user.md

New example playbooks have been added:

  playbooks/user/user_certificate_absent.yml
  playbooks/user/user_certificate_present.yml
  playbooks/user/user_present.yml
  playbooks/user/users_absent.yml
  playbooks/user/users_certificate_absent.yml
  playbooks/user/users_certificate_present.yml
  playbooks/user/users_present.yml
  plugins/modules/ipauser.py

New tests added for ipauser:

  tests/user/certificate/cert1.der
  tests/user/certificate/cert1.pem
  tests/user/certificate/cert2.der
  tests/user/certificate/cert2.pem
  tests/user/certificate/cert3.der
  tests/user/certificate/cert3.pem
  tests/user/certificate/private1.key
  tests/user/certificate/private2.key
  tests/user/certificate/private3.key
  tests/user/certificate/test_user_certificate.yml
  tests/user/certificate/test_users_certificate.yml
  tests/user/certmapdata/test_user_certmapdata.yml
  tests/user/certmapdata/test_user_certmapdata_issuer_subject.yml
  tests/user/certmapdata/test_users_certmapdata.yml
  tests/user/test_user.yml
  tests/user/test_users.yml
  tests/user/test_users_absent.yml
  tests/user/test_users_invalid_cert.yml
  tests/user/test_users_present.yml
  tests/user/test_users_present_slice.yml
  tests/user/users_absent.json
  tests/user/users_absent.sh
  tests/user/users_present.json
  tests/user/users_present.sh
This commit is contained in:
Thomas Woerner
2019-10-21 12:14:36 +02:00
parent 1428143d73
commit 40713e71f9
33 changed files with 10901 additions and 138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

376
tests/user/test_users.yml Normal file
View File

@@ -0,0 +1,376 @@
---
- name: Tests
hosts: ipaserver
become: true
gather_facts: false
tasks:
- name: Remove test users
ipauser:
ipaadmin_password: SomeADMINpassword
name: user1,user2,user3,user4,user5,user6,user7,user8,user9,user10
state: absent
- name: Users user1..10 present
ipauser:
ipaadmin_password: SomeADMINpassword
users:
- name: user1
givenname: user1
last: Last
- name: user2
first: user2
last: Last
- name: user3
first: user3
last: Last
- name: user4
first: user4
last: Last
- name: user5
first: user5
last: Last
- name: user6
first: user6
last: Last
- name: user7
first: user7
last: Last
- name: user8
first: user8
last: Last
- name: user9
first: user9
last: Last
- name: user10
first: user10
last: Last
register: result
failed_when: not result.changed
- name: Users user1..10 present
ipauser:
ipaadmin_password: SomeADMINpassword
users:
- name: user1
givenname: user1
last: Last
- name: user2
first: user2
last: Last
- name: user3
first: user3
last: Last
- name: user4
first: user4
last: Last
- name: user5
first: user5
last: Last
- name: user6
first: user6
last: Last
- name: user7
first: user7
last: Last
- name: user8
first: user8
last: Last
- name: user9
first: user9
last: Last
- name: user10
first: user10
last: Last
register: result
failed_when: result.changed
- name: Remove test users
ipauser:
ipaadmin_password: SomeADMINpassword
name: user1,user2,user3,user4,user5,user6,user7,user8,user9,user10
state: absent
- name: Remove test users
ipauser:
ipaadmin_password: SomeADMINpassword
name: manager1,manager2,manager3,pinky,pinky2
state: absent
- name: User manager1 present
ipauser:
ipaadmin_password: SomeADMINpassword
users:
- name: manager1
first: Manager1
last: One1
- name: manager2
first: Manager2
last: One2
- name: manager3
first: Manager3
last: One3
register: result
failed_when: not result.changed
- name: User pinky present
ipauser:
ipaadmin_password: SomeADMINpassword
name: pinky
uid: 10001
gid: 100
phone: "+555123457"
email: pinky@acme.com
principalexpiration: "20220119235959"
#passwordexpiration: "2022-01-19 23:59:59"
first: pinky
last: Acme
initials: pa
#password: foo2
principal: pa
random: yes
city: PinkyCity
userstate: PinkyState
postalcode: PinkyZip
mobile: "+555123458,+555123459"
pager: "+555123450,+555123451"
fax: "+555123452,+555123453"
orgunit: PinkyOrgUnit
manager: manager1,manager2
update_password: on_create
carlicense: PinkyCarLicense1,PinkyCarLicense2
# sshpubkey
userauthtype: password,radius,otp
userclass: PinkyUserClass
#radius: "http://some.link/"
#radiususer: PinkyRadiusUser
departmentnumber: "1234"
employeenumber: "0815"
employeetype: "PinkyExmployeeType"
preferredlanguage: "en"
# certificate
noprivate: yes
nomembers: false
#issuer: PinkyIssuer
#subject: PinkySubject
register: result
failed_when: not result.changed
- name: Same user pinky present again
ipauser:
ipaadmin_password: SomeADMINpassword
name: pinky
uid: 10001
gid: 100
phone: "+555123457"
email: pinky@acme.com
principalexpiration: "20220119235959"
#passwordexpiration: "2022-01-19 23:59:59"
first: pinky
last: Acme
initials: pa
#password: foo2
principal: pa
random: yes
city: PinkyCity
userstate: PinkyState
postalcode: PinkyZip
mobile: "+555123458,+555123459"
pager: "+555123450,+555123451"
fax: "+555123452,+555123453"
orgunit: PinkyOrgUnit
manager: manager1,manager2
update_password: on_create
carlicense: PinkyCarLicense1,PinkyCarLicense2
# sshpubkey
userauthtype: password,radius,otp
userclass: PinkyUserClass
#radius: "http://some.link/"
#radiususer: PinkyRadiusUser
departmentnumber: "1234"
employeenumber: "0815"
employeetype: "PinkyExmployeeType"
preferredlanguage: "en"
# certificate
noprivate: yes
nomembers: false
#issuer: PinkyIssuer
#subject: PinkySubject
register: result
failed_when: result.changed
- name: User pinky present with changed settings
ipauser:
ipaadmin_password: SomeADMINpassword
name: pinky
first: pinky
last: Acme
#manager: manager1,manager2,manager3
#principal: pa,pa1,pa3
sshpubkey:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqmVDpEX5gnSjKuv97AyzOhaUMMKz8ahOA3GY77tVC4o68KNgMCmDSEG1/kOIaElngNLaCha3p/2iAcU9Bi1tLKUlm2bbO5NHNwHfRxY/3cJtq+/7D1vxJzqThYwI4F9vr1WxyY2+mMTv3pXbfAJoR8Mu06XaEY5PDetlDKjHLuNWF+/O7ZU8PsULTa1dJZFrtXeFpmUoLoGxQBvlrlcPI1zDciCSU24t27Zan5Py2l5QchyI7yhCyMM77KDtj5+AFVpmkb9+zq50rYJAyFVeyUvwjzErvQrKJzYpA0NyBp7vskWbt36M16/M/LxEK7HA6mkcakO3ESWx5MT1LAjvdlnxbWG3787MxweHXuB8CZU+9bZPFBaJ+VQtOfJ7I8eH0S16moPC4ak8FlcFvOH8ERDPWLFDqfy09yaZ7bVIF0//5ZI7Nf3YDe3S7GrBX5ieYuECyP6UNkTx9BRsAQeVvXEc6otzB7iCSnYBMGUGzCqeigoAWaVQUONsSR3Uatks= pinky@ipaserver.el81.local
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDc8MIjaSrxLYHvu+hduoF4m6NUFSlXZWzYbd3BK4L47/U4eiXoOS6dcfuZJDjmLfOipc7XVp7NADwAgA1yBOAjbeVpXr2tC8w8saZibl75WBOEjDfNroiOh/f/ojrwwHg05QTVSZHs27sU1HBPyCQM/FHVM6EnRfmyiBkEBA/3ca0PJ9UJhWb2XisCaz6y6QcTh4gQnvHzgmEmK31GwiKnmBSEQuj8P5NGCO8RlN3cq3zpRpMDEoBRCjQYicllf/5P43r5OGvS1LhTiAMfyqE37URezNQa7aozBpH1GhIwAmjAtm84jXQjxUgZPYC0aSLuADYErScOP4792r6koH9t/DM5/M+jG2c4PNWynDczUw6Eaxl5E3hU0Ee9UN0Oee7iBnVenS/QMeZNyo5lMA/HXT5lrYiJGTYM0shRjGXXYBbJZhWerguSWDAdUd1gvuGP1nb7/+/Cvb46+HX7zYouS5Ojo0yPzMZ07X142jnKAfx9LnKdMUCwBJzbtoJ91Zc= pinky@ipaserver.el81.local
register: result
failed_when: not result.changed
- name: User pinky add manager manager1
ipauser:
ipaadmin_password: SomeADMINpassword
name: pinky
manager: manager1
action: member
register: result
failed_when: not result.changed
- name: User pinky add manager manager1 again
ipauser:
ipaadmin_password: SomeADMINpassword
name: pinky
manager: manager1
action: member
register: result
failed_when: result.changed
- name: User pinky add manager manager2, manager3
ipauser:
ipaadmin_password: SomeADMINpassword
name: pinky
manager: manager2,manager3
action: member
register: result
failed_when: not result.changed
- name: User pinky add manager manager2, manager3 again
ipauser:
ipaadmin_password: SomeADMINpassword
name: pinky
manager: manager2,manager3
action: member
register: result
failed_when: result.changed
- name: User pinky remove manager manager1
ipauser:
ipaadmin_password: SomeADMINpassword
name: pinky
manager: manager1
action: member
state: absent
register: result
failed_when: not result.changed
- name: User pinky remove manager manager1 again
ipauser:
ipaadmin_password: SomeADMINpassword
name: pinky
manager: manager1
action: member
state: absent
register: result
failed_when: result.changed
- name: User pinky add principal pa
ipauser:
ipaadmin_password: SomeADMINpassword
name: pinky
principal: pa
action: member
register: result
failed_when: not result.changed
- name: User pinky add principal pa again
ipauser:
ipaadmin_password: SomeADMINpassword
name: pinky
principal: pa
action: member
register: result
failed_when: result.changed
- name: User pinky add principal pa1
ipauser:
ipaadmin_password: SomeADMINpassword
name: pinky
principal: pa1
action: member
register: result
failed_when: not result.changed
- name: User pinky remove principal pa1
ipauser:
ipaadmin_password: SomeADMINpassword
name: pinky
principal: pa1
action: member
state: absent
register: result
failed_when: not result.changed
- name: User pinky remove principal pa1 again
ipauser:
ipaadmin_password: SomeADMINpassword
name: pinky
principal: pa1
action: member
state: absent
register: result
failed_when: result.changed
- name: User pinky remove principal pa
ipauser:
ipaadmin_password: SomeADMINpassword
name: pinky
principal: pa
action: member
state: absent
register: result
failed_when: not result.changed
- name: User pinky remove principal non-existing pa2
ipauser:
ipaadmin_password: SomeADMINpassword
name: pinky
principal: pa2
action: member
state: absent
register: result
failed_when: result.changed
- name: User pinky absent and preserved
ipauser:
ipaadmin_password: SomeADMINpassword
name: pinky
preserve: yes
state: absent
register: result
failed_when: not result.changed
- name: User pinky undeleted (preserved before)
ipauser:
ipaadmin_password: SomeADMINpassword
name: pinky
state: undeleted
register: result
failed_when: not result.changed
- name: Users pinky disabled
ipauser:
ipaadmin_password: SomeADMINpassword
name: pinky
state: disabled
register: result
failed_when: not result.changed
- name: User pinky enabled
ipauser:
ipaadmin_password: SomeADMINpassword
name: pinky
state: enabled
register: result
failed_when: not result.changed
- name: Remove test users
ipauser:
ipaadmin_password: SomeADMINpassword
name: manager1,manager2,manager3,pinky,pinky2
state: absent