From dc62744f6a11c8a02db2482e893913e7c60e9f96 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Mon, 14 Feb 2022 12:56:08 +0100 Subject: [PATCH 1/5] ipaclient install.yml: Use named tasks The unnamed tasks have been reported as issues by new ansible-lint. --- roles/ipaclient/tasks/install.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml index 99c95569..46cfc3aa 100644 --- a/roles/ipaclient/tasks/install.yml +++ b/roles/ipaclient/tasks/install.yml @@ -216,15 +216,18 @@ ipaclient_force_join) - block: - - fail: + - name: krb5 configuration not correct + fail: msg: > The krb5 configuration is not correct, please enable allow_repair to fix this. when: not result_ipaclient_test_keytab.krb5_conf_ok - - fail: + - name: IPA test failed + fail: msg: "The IPA test failed, please enable allow_repair to fix this." when: not result_ipaclient_test_keytab.ping_test_ok - - fail: + - name: ca.crt file is missing + fail: msg: > The ca.crt file is missing, please enable allow_repair to fix this. when: not result_ipaclient_test_keytab.ca_crt_exists From fdd4b19b1830bc3350eae61fe36fa837c0ecca65 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Mon, 14 Feb 2022 12:57:32 +0100 Subject: [PATCH 2/5] tests/config/test_config.yml: Use named tasks The unnamed tasks have been reported as issues by new ansible-lint. --- tests/config/test_config.yml | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/tests/config/test_config.yml b/tests/config/test_config.yml index c3f26872..cac579d4 100644 --- a/tests/config/test_config.yml +++ b/tests/config/test_config.yml @@ -56,9 +56,9 @@ ipaapi_context: "{{ ipa_context | default(omit) }}" pac_type: "" - - name: set maxhostname to 255 - block: - - ipaconfig: + - block: + - name: set maxhostname to 255 + ipaconfig: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" maxhostname: 255 @@ -221,16 +221,17 @@ register: result failed_when: result.changed or result.failed - - name: set maxhostname to 77 - block: - - ipaconfig: + - block: + - name: set maxhostname to 77 + ipaconfig: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" maxhostname: 77 register: result failed_when: not result.changed or result.failed - - ipaconfig: + - name: set maxhostname to 77, again + ipaconfig: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" maxhostname: 77 @@ -409,9 +410,9 @@ register: result failed_when: not result.changed or result.failed - - name: reset maxhostname - block: - - ipaconfig: + - block: + - name: reset maxhostname + ipaconfig: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" maxhostname: '{{ previousconfig.config.maxhostname | default(omit) }}' @@ -444,9 +445,9 @@ register: result failed_when: result.changed or result.failed - - name: reset maxhostname - block: - - ipaconfig: + - block: + - name: reset maxhostname + ipaconfig: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" maxhostname: '{{ previousconfig.config.maxhostname | default(omit) }}' From d5fdaaf444755c352872a0771d0f262a61b9904d Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Mon, 14 Feb 2022 12:58:22 +0100 Subject: [PATCH 3/5] tests/env_freeipa_facts.yml: Use lower case var names The upper case name has been reported as issues by new ansible-lint. --- tests/env_freeipa_facts.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/env_freeipa_facts.yml b/tests/env_freeipa_facts.yml index 0ab8541e..b9bce90a 100644 --- a/tests/env_freeipa_facts.yml +++ b/tests/env_freeipa_facts.yml @@ -15,12 +15,12 @@ - name: Verify if host is an IPA server or client. shell: cmd: | - echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin - RESULT=$(KRB5CCNAME={{ KRB5CCNAME }} ipa server-show `hostname` && echo SERVER || echo CLIENT) - kdestroy -A -c {{ KRB5CCNAME }} + echo SomeADMINpassword | kinit -c {{ krb5ccname }} admin + RESULT=$(KRB5CCNAME={{ krb5ccname }} ipa server-show `hostname` && echo SERVER || echo CLIENT) + kdestroy -A -c {{ krb5ccname }} echo $RESULT vars: - KRB5CCNAME: "__check_ipa_host_is_client_or_server__" + krb5ccname: "__check_ipa_host_is_client_or_server__" register: output - name: Set FreeIPA facts. From ae9c81139b85e9919beab3739321157250a68eb1 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Mon, 14 Feb 2022 13:00:39 +0100 Subject: [PATCH 4/5] tests/role/test_role_lists_handling.yml: Use lower case var names The upper case name has been reported as issues by new ansible-lint. --- tests/role/test_role_lists_handling.yml | 64 ++++++++++++------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/tests/role/test_role_lists_handling.yml b/tests/role/test_role_lists_handling.yml index d698aab9..ca3f023c 100644 --- a/tests/role/test_role_lists_handling.yml +++ b/tests/role/test_role_lists_handling.yml @@ -43,9 +43,9 @@ - name: Verify role privileges. shell: cmd: | - echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin - KRB5CCNAME={{ KRB5CCNAME }} ipa role-show testrole - kdestroy -A -q -c {{ KRB5CCNAME }} + echo SomeADMINpassword | kinit -c {{ krb5ccname }} admin + KRB5CCNAME={{ krb5ccname }} ipa role-show testrole + kdestroy -A -q -c {{ krb5ccname }} register: result failed_when: | result.failed or not ( @@ -57,7 +57,7 @@ and "Group Administrators" in result.stdout ) vars: - KRB5CCNAME: verify_issue_409 + krb5ccname: verify_issue_409 # End of test fix for https://github.com/freeipa/ansible-freeipa/issues/409 # Test fix for https://github.com/freeipa/ansible-freeipa/issues/412 @@ -73,9 +73,9 @@ - name: Verify role users. shell: cmd: | - echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin - KRB5CCNAME={{ KRB5CCNAME }} ipa role-show testrole - kdestroy -A -q -c {{ KRB5CCNAME }} + echo SomeADMINpassword | kinit -c {{ krb5ccname }} admin + KRB5CCNAME={{ krb5ccname }} ipa role-show testrole + kdestroy -A -q -c {{ krb5ccname }} register: result failed_when: | result.failed or not ( @@ -83,7 +83,7 @@ and "user02" in result.stdout ) vars: - KRB5CCNAME: verify_issue_412 + krb5ccname: verify_issue_412 - name: Add new group to role. iparole: @@ -97,9 +97,9 @@ - name: Verify role group. shell: cmd: | - echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin - KRB5CCNAME={{ KRB5CCNAME }} ipa role-show testrole - kdestroy -A -q -c {{ KRB5CCNAME }} + echo SomeADMINpassword | kinit -c {{ krb5ccname }} admin + KRB5CCNAME={{ krb5ccname }} ipa role-show testrole + kdestroy -A -q -c {{ krb5ccname }} register: result failed_when: | result.failed or not ( @@ -107,7 +107,7 @@ and "group02" in result.stdout ) vars: - KRB5CCNAME: verify_issue_412 + krb5ccname: verify_issue_412 - name: Add new host to role. iparole: @@ -121,9 +121,9 @@ - name: Verify role hosts. shell: cmd: | - echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin - KRB5CCNAME={{ KRB5CCNAME }} ipa role-show testrole - kdestroy -A -q -c {{ KRB5CCNAME }} + echo SomeADMINpassword | kinit -c {{ krb5ccname }} admin + KRB5CCNAME={{ krb5ccname }} ipa role-show testrole + kdestroy -A -q -c {{ krb5ccname }} register: result failed_when: | result.failed or not ( @@ -131,7 +131,7 @@ and host2 in result.stdout ) vars: - KRB5CCNAME: verify_issue_412 + krb5ccname: verify_issue_412 host1: " {{ host1_fqdn }}" host2: " {{ host2_fqdn }}" @@ -147,9 +147,9 @@ - name: Verify role hostgroups. shell: cmd: | - echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin - KRB5CCNAME={{ KRB5CCNAME }} ipa role-show testrole - kdestroy -A -q -c {{ KRB5CCNAME }} + echo SomeADMINpassword | kinit -c {{ krb5ccname }} admin + KRB5CCNAME={{ krb5ccname }} ipa role-show testrole + kdestroy -A -q -c {{ krb5ccname }} register: result failed_when: | result.failed or not ( @@ -157,7 +157,7 @@ and " hostgroup02" in result.stdout ) vars: - KRB5CCNAME: verify_issue_412 + krb5ccname: verify_issue_412 - name: Add new service to role. iparole: @@ -171,9 +171,9 @@ - name: Verify role services. shell: cmd: | - echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin - KRB5CCNAME={{ KRB5CCNAME }} ipa role-show testrole - kdestroy -A -q -c {{ KRB5CCNAME }} + echo SomeADMINpassword | kinit -c {{ krb5ccname }} admin + KRB5CCNAME={{ krb5ccname }} ipa role-show testrole + kdestroy -A -q -c {{ krb5ccname }} register: result failed_when: | result.failed or not ( @@ -181,7 +181,7 @@ and service1 in result.stdout ) vars: - KRB5CCNAME: verify_issue_412 + krb5ccname: verify_issue_412 service1: "service01/{{ host1_fqdn }}" service2: "service02/{{ host2_fqdn }}" # End of test fix for https://github.com/freeipa/ansible-freeipa/issues/412 @@ -199,9 +199,9 @@ - name: Verify role services. shell: cmd: | - echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin - KRB5CCNAME={{ KRB5CCNAME }} ipa role-show testrole - kdestroy -A -q -c {{ KRB5CCNAME }} + echo SomeADMINpassword | kinit -c {{ krb5ccname }} admin + KRB5CCNAME={{ krb5ccname }} ipa role-show testrole + kdestroy -A -q -c {{ krb5ccname }} register: result failed_when: | result.failed or not ( @@ -210,7 +210,7 @@ and "user03" in result.stdout ) vars: - KRB5CCNAME: verify_issue_413 + krb5ccname: verify_issue_413 service1: "service01/{{ host1_fqdn }}" service2: "service02/{{ host2_fqdn }}" @@ -227,9 +227,9 @@ - name: Verify role services. shell: cmd: | - echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin - KRB5CCNAME={{ KRB5CCNAME }} ipa role-show testrole - kdestroy -A -q -c {{ KRB5CCNAME }} + echo SomeADMINpassword | kinit -c {{ krb5ccname }} admin + KRB5CCNAME={{ krb5ccname }} ipa role-show testrole + kdestroy -A -q -c {{ krb5ccname }} register: result failed_when: | result.failed or not ( @@ -238,7 +238,7 @@ and "user03" not in result.stdout ) vars: - KRB5CCNAME: verify_issue_413 + krb5ccname: verify_issue_413 service1: "service01/{{ host1_fqdn }}" service2: "service02/{{ host2_fqdn }}" # End of test fix for https://github.com/freeipa/ansible-freeipa/issues/413 From bc72bbd92e769d263dc9094d3079346fd0175186 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Mon, 14 Feb 2022 13:42:56 +0100 Subject: [PATCH 5/5] tests/vault/test_vault_change_type.yml: Use lower case var names The upper case name has been reported as issues by new ansible-lint. --- tests/vault/test_vault_change_type.yml | 64 +++++++++++++------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/tests/vault/test_vault_change_type.yml b/tests/vault/test_vault_change_type.yml index f7106af1..8490a2c9 100644 --- a/tests/vault/test_vault_change_type.yml +++ b/tests/vault/test_vault_change_type.yml @@ -43,14 +43,14 @@ - name: Verify assymetric-only fields are not present. shell: | - echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin - KRB5CCNAME={{ KRB5CCNAME }} ipa vault-show test_vault - kdestroy -A -q -c {{ KRB5CCNAME }} + echo SomeADMINpassword | kinit -c {{ krb5ccname }} admin + KRB5CCNAME={{ krb5ccname }} ipa vault-show test_vault + kdestroy -A -q -c {{ krb5ccname }} register: result failed_when: result.failed or "Public Key:" in result.stdout vars: - KRB5CCNAME: verify_change_from_asymmetric + krb5ccname: verify_change_from_asymmetric - block: - name: Change from symmetric to standard @@ -64,14 +64,14 @@ - name: Verify salt is not present. shell: | - echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin - KRB5CCNAME={{ KRB5CCNAME }} ipa vault-show test_vault - kdestroy -A -q -c {{ KRB5CCNAME }} + echo SomeADMINpassword | kinit -c {{ krb5ccname }} admin + KRB5CCNAME={{ krb5ccname }} ipa vault-show test_vault + kdestroy -A -q -c {{ krb5ccname }} register: result failed_when: result.failed or "Salt:" in result.stdout vars: - KRB5CCNAME: verify_change_from_symmetric + krb5ccname: verify_change_from_symmetric - name: Change from standard to symmetric ipavault: @@ -95,14 +95,14 @@ - name: Verify salt is not present. shell: | - echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin - KRB5CCNAME={{ KRB5CCNAME }} ipa vault-show test_vault - kdestroy -A -q -c {{ KRB5CCNAME }} + echo SomeADMINpassword | kinit -c {{ krb5ccname }} admin + KRB5CCNAME={{ krb5ccname }} ipa vault-show test_vault + kdestroy -A -q -c {{ krb5ccname }} register: result failed_when: result.failed or "Salt:" in result.stdout vars: - KRB5CCNAME: verify_change_from_symmetric + krb5ccname: verify_change_from_symmetric - block: - name: Change from asymmetric to standard @@ -116,14 +116,14 @@ - name: Verify assymetric-only fields are not present. shell: | - echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin - KRB5CCNAME={{ KRB5CCNAME }} ipa vault-show test_vault - kdestroy -A -q -c {{ KRB5CCNAME }} + echo SomeADMINpassword | kinit -c {{ krb5ccname }} admin + KRB5CCNAME={{ krb5ccname }} ipa vault-show test_vault + kdestroy -A -q -c {{ krb5ccname }} register: result failed_when: result.failed or "Public Key:" in result.stdout vars: - KRB5CCNAME: verify_change_from_asymmetric + krb5ccname: verify_change_from_asymmetric - name: Ensure test_vault is absent. ipavault: @@ -169,14 +169,14 @@ - name: Verify assymetric-only fields are not present. shell: | - echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin - KRB5CCNAME={{ KRB5CCNAME }} ipa vault-show test_vault - kdestroy -A -q -c {{ KRB5CCNAME }} + echo SomeADMINpassword | kinit -c {{ krb5ccname }} admin + KRB5CCNAME={{ krb5ccname }} ipa vault-show test_vault + kdestroy -A -q -c {{ krb5ccname }} register: result failed_when: result.failed or "Public Key:" in result.stdout vars: - KRB5CCNAME: verify_change_from_asymmetric + krb5ccname: verify_change_from_asymmetric - name: Retrieve data from symmetric vault. ipavault: @@ -199,14 +199,14 @@ - name: Verify salt is not present. shell: | - echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin - KRB5CCNAME={{ KRB5CCNAME }} ipa vault-show test_vault - kdestroy -A -q -c {{ KRB5CCNAME }} + echo SomeADMINpassword | kinit -c {{ krb5ccname }} admin + KRB5CCNAME={{ krb5ccname }} ipa vault-show test_vault + kdestroy -A -q -c {{ krb5ccname }} register: result failed_when: result.failed or "Salt:" in result.stdout vars: - KRB5CCNAME: verify_change_from_symmetric + krb5ccname: verify_change_from_symmetric - name: Retrieve data from standard vault. ipavault: @@ -247,14 +247,14 @@ - name: Verify salt is not present. shell: | - echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin - KRB5CCNAME={{ KRB5CCNAME }} ipa vault-show test_vault - kdestroy -A -q -c {{ KRB5CCNAME }} + echo SomeADMINpassword | kinit -c {{ krb5ccname }} admin + KRB5CCNAME={{ krb5ccname }} ipa vault-show test_vault + kdestroy -A -q -c {{ krb5ccname }} register: result failed_when: result.failed or "Salt:" in result.stdout vars: - KRB5CCNAME: verify_change_from_symmetric + krb5ccname: verify_change_from_symmetric - name: Retrieve data from asymmetric vault. ipavault: @@ -277,14 +277,14 @@ - name: Verify assymetric-only fields are not present. shell: | - echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin - KRB5CCNAME={{ KRB5CCNAME }} ipa vault-show test_vault - kdestroy -A -q -c {{ KRB5CCNAME }} + echo SomeADMINpassword | kinit -c {{ krb5ccname }} admin + KRB5CCNAME={{ krb5ccname }} ipa vault-show test_vault + kdestroy -A -q -c {{ krb5ccname }} register: result failed_when: result.failed or "Public Key:" in result.stdout vars: - KRB5CCNAME: verify_change_from_asymmetric + krb5ccname: verify_change_from_asymmetric - name: Retrieve data from standard vault. ipavault: