diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index b2aa5f74..2b7f782e 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -4,8 +4,8 @@ on: - push - pull_request jobs: - check_docs: - name: Check Ansible Documentation. + check_docs_29: + name: Check Ansible Documentation with Ansible 2.9. runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 @@ -13,4 +13,20 @@ jobs: with: python-version: '3.x' - name: Run ansible-doc-test - run: ANSIBLE_LIBRARY="." python utils/ansible-doc-test roles plugins + run: | + python -m pip install "ansible < 2.10" + ANSIBLE_LIBRARY="." python utils/ansible-doc-test roles plugins + + check_docs_latest: + name: Check Ansible Documentation with latest Ansible. + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-python@v2 + with: + python-version: '3.x' + - name: Run ansible-doc-test + run: | + python -m pip install ansible + ANSIBLE_LIBRARY="." python utils/ansible-doc-test roles plugins + diff --git a/molecule/resources/playbooks/prepare-build.yml b/molecule/resources/playbooks/prepare-build.yml index 41f513d4..5e8e5a92 100644 --- a/molecule/resources/playbooks/prepare-build.yml +++ b/molecule/resources/playbooks/prepare-build.yml @@ -25,3 +25,4 @@ ipadm_password: SomeDMpassword ipaserver_domain: test.local ipaserver_realm: TEST.LOCAL + ipaclient_no_ntp: yes diff --git a/playbooks/vault/vault-is-present-with-password-file.yml b/playbooks/vault/vault-is-present-with-password-file.yml index b552ac66..bedb75df 100644 --- a/playbooks/vault/vault-is-present-with-password-file.yml +++ b/playbooks/vault/vault-is-present-with-password-file.yml @@ -7,7 +7,7 @@ tasks: - copy: src: "{{ playbook_dir }}/password.txt" - dest: "{{ ansible_env.HOME }}/password.txt" + dest: "{{ ansible_facts['env'].HOME }}/password.txt" owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: 0600 @@ -16,7 +16,7 @@ name: symvault username: admin vault_type: symmetric - vault_password_file: "{{ ansible_env.HOME }}/password.txt" + vault_password_file: "{{ ansible_facts['env'].HOME }}/password.txt" - file: - path: "{{ ansible_env.HOME }}/password.txt" + path: "{{ ansible_facts['env'].HOME }}/password.txt" state: absent diff --git a/playbooks/vault/vault-is-present-with-public-key-file.yml b/playbooks/vault/vault-is-present-with-public-key-file.yml index 2420f836..5d7eda02 100644 --- a/playbooks/vault/vault-is-present-with-public-key-file.yml +++ b/playbooks/vault/vault-is-present-with-public-key-file.yml @@ -12,7 +12,7 @@ tasks: - copy: src: "{{ playbook_dir }}/public.pem" - dest: "{{ ansible_env.HOME }}/public.pem" + dest: "{{ ansible_facts['env'].HOME }}/public.pem" owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: 0600 @@ -21,7 +21,7 @@ name: asymvault username: admin vault_type: asymmetric - vault_public_key_file: "{{ ansible_env.HOME }}/public.pem" + vault_public_key_file: "{{ ansible_facts['env'].HOME }}/public.pem" - file: - path: "{{ ansible_env.HOME }}/public.pem" + path: "{{ ansible_facts['env'].HOME }}/public.pem" state: absent diff --git a/plugins/module_utils/ansible_freeipa_module.py b/plugins/module_utils/ansible_freeipa_module.py index 7748a78f..f70756c8 100644 --- a/plugins/module_utils/ansible_freeipa_module.py +++ b/plugins/module_utils/ansible_freeipa_module.py @@ -45,6 +45,9 @@ else: from datetime import datetime from pprint import pformat + # ansible-freeipa requires locale to be C, IPA requires utf-8. + os.environ["LANGUAGE"] = "C" + try: from packaging import version except ImportError: @@ -294,6 +297,23 @@ else: """ base_debug_msg = "Ansible arguments and IPA commands differed. " + # If both args and ipa are None, return there's no difference. + # If only one is None, return there is a difference. + # This tests avoid unecessary invalid access to attributes. + if args is None and ipa is None: + return True + if args is None or ipa is None: + module.debug( + base_debug_msg + "args is%s None an ipa is%s None" % ( + "" if args is None else " not", "" if ipa is None else " not", + ) + ) + return False + + # Fail if args or ipa are not dicts. + if not (isinstance(args, dict) and isinstance(ipa, dict)): + raise TypeError("Expected 'dicts' to compare.") + for key in args.keys(): if key not in ipa: module.debug( diff --git a/plugins/modules/ipaprivilege.py b/plugins/modules/ipaprivilege.py index 18074f58..66af01e5 100644 --- a/plugins/modules/ipaprivilege.py +++ b/plugins/modules/ipaprivilege.py @@ -234,14 +234,22 @@ def main(): if action == "privilege": # Found the privilege if res_find is not None: + res_cmp = { + k: v for k, v in res_find.items() + if k not in [ + "objectclass", "cn", "dn", + "memberof_permisssion" + ] + } # For all settings is args, check if there are # different settings in the find result. # If yes: modify - if not compare_args_ipa(ansible_module, args, - res_find): + if args and not compare_args_ipa(ansible_module, args, + res_cmp): commands.append([name, "privilege_mod", args]) else: commands.append([name, "privilege_add", args]) + res_find = {} member_args = {} if permission: diff --git a/roles/ipabackup/tasks/copy_backup_from_server.yml b/roles/ipabackup/tasks/copy_backup_from_server.yml index 1cfef3de..e9964fdd 100644 --- a/roles/ipabackup/tasks/copy_backup_from_server.yml +++ b/roles/ipabackup/tasks/copy_backup_from_server.yml @@ -10,7 +10,7 @@ set_fact: ipabackup_controller_dir: "{{ ipabackup_controller_path | default(lookup('env','PWD')) }}/{{ - ipabackup_name_prefix | default(ansible_fqdn) }}_{{ + ipabackup_name_prefix | default(ansible_facts['fqdn']) }}_{{ ipabackup_item }}/" - name: Stat backup on server diff --git a/roles/ipabackup/tasks/get_ipabackup_dir.yml b/roles/ipabackup/tasks/get_ipabackup_dir.yml index 41597e8d..45cb48a1 100644 --- a/roles/ipabackup/tasks/get_ipabackup_dir.yml +++ b/roles/ipabackup/tasks/get_ipabackup_dir.yml @@ -1,6 +1,6 @@ --- - name: Get IPA_BACKUP_DIR dir from ipaplatform - command: "{{ ansible_playbook_python }}" + command: "{{ ansible_python_interpreter | default('/usr/bin/python') }}" args: stdin: | from ipaplatform.paths import paths diff --git a/roles/ipabackup/tasks/restore.yml b/roles/ipabackup/tasks/restore.yml index 36273552..55576c6e 100644 --- a/roles/ipabackup/tasks/restore.yml +++ b/roles/ipabackup/tasks/restore.yml @@ -6,9 +6,9 @@ - name: Import variables specific to distribution include_vars: "{{ item }}" with_first_found: - - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml" - - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" - - "{{ role_path }}/vars/{{ ansible_distribution }}.yml" + - "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_version'] }}.yml" + - "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_major_version'] }}.yml" + - "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}.yml" - "{{ role_path }}/vars/default.yml" ### GET SERVICES FROM BACKUP diff --git a/roles/ipaclient/library/ipaclient_get_facts.py b/roles/ipaclient/library/ipaclient_get_facts.py index 003715ef..b7e270fc 100644 --- a/roles/ipaclient/library/ipaclient_get_facts.py +++ b/roles/ipaclient/library/ipaclient_get_facts.py @@ -1,6 +1,15 @@ #!/usr/bin/python # -*- coding: utf-8 -*- +DOCUMENTATION = """ +--- +module: ipaclient_get_facts +short description: Get facts about IPA client and server configuration. +description: Get facts about IPA client and server configuration. +author: + - Thomas Woerner +""" + import os import re import six diff --git a/roles/ipaclient/library/ipaclient_test.py b/roles/ipaclient/library/ipaclient_test.py index d5d7f718..1a80fafb 100644 --- a/roles/ipaclient/library/ipaclient_test.py +++ b/roles/ipaclient/library/ipaclient_test.py @@ -180,9 +180,9 @@ ntp_servers: type: list sample: ["ntp.example.com"] ipa_python_version: - description: - - The IPA python version as a number: - - *10000+*100+ + description: > + The IPA python version as a number: + *10000+*100+ returned: always type: int sample: 040400 diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml index fccc72e0..515bab2f 100644 --- a/roles/ipaclient/tasks/install.yml +++ b/roles/ipaclient/tasks/install.yml @@ -33,7 +33,7 @@ domain: "{{ ipaserver_domain | default(ipaclient_domain) | default(omit) }}" servers: "{{ ipaclient_servers | default(omit) }}" realm: "{{ ipaserver_realm | default(ipaclient_realm) | default(omit) }}" - hostname: "{{ ipaclient_hostname | default(ansible_fqdn) }}" + hostname: "{{ ipaclient_hostname | default(ansible_facts['fqdn']) }}" ntp_servers: "{{ ipaclient_ntp_servers | default(omit) }}" ntp_pool: "{{ ipaclient_ntp_pool | default(omit) }}" no_ntp: "{{ ipaclient_no_ntp }}" @@ -181,8 +181,12 @@ # Do not fail on error codes 3 and 5: # 3 - Unable to open keytab # 5 - Principal name or realm not found in keytab + # 7 - Failed to set cursor, typically when errcode + # would be issued in past failed_when: result_ipa_rmkeytab.rc != 0 and - result_ipa_rmkeytab.rc != 3 and result_ipa_rmkeytab.rc != 5 + result_ipa_rmkeytab.rc != 3 and + result_ipa_rmkeytab.rc != 5 and + result_ipa_rmkeytab.rc != 7 when: (ipaclient_use_otp | bool or ipaclient_force_join | bool) and not ipaclient_on_master | bool - name: Install - Backup and set hostname diff --git a/roles/ipaclient/tasks/main.yml b/roles/ipaclient/tasks/main.yml index d8b3c03a..8840bb5f 100644 --- a/roles/ipaclient/tasks/main.yml +++ b/roles/ipaclient/tasks/main.yml @@ -4,9 +4,9 @@ - name: Import variables specific to distribution include_vars: "{{ item }}" with_first_found: - - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml" - - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" - - "{{ role_path }}/vars/{{ ansible_distribution }}.yml" + - "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_version'] }}.yml" + - "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_major_version'] }}.yml" + - "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}.yml" - "{{ role_path }}/vars/default.yml" - name: Install IPA client diff --git a/roles/ipareplica/tasks/install.yml b/roles/ipareplica/tasks/install.yml index bae12531..695242d1 100644 --- a/roles/ipareplica/tasks/install.yml +++ b/roles/ipareplica/tasks/install.yml @@ -72,7 +72,7 @@ default(omit) }}" servers: "{{ ipareplica_servers | default(omit) }}" realm: "{{ ipareplica_realm | default(ipaserver_realm) |default(omit) }}" - hostname: "{{ ipareplica_hostname | default(ansible_fqdn) }}" + hostname: "{{ ipareplica_hostname | default(ansible_facts['fqdn']) }}" ca_cert_files: "{{ ipareplica_ca_cert_files | default([]) }}" hidden_replica: "{{ ipareplica_hidden_replica }}" skip_mem_check: "{{ not ipareplica_mem_check }}" diff --git a/roles/ipareplica/tasks/main.yml b/roles/ipareplica/tasks/main.yml index 0d9cd7ac..18bbe256 100644 --- a/roles/ipareplica/tasks/main.yml +++ b/roles/ipareplica/tasks/main.yml @@ -4,9 +4,9 @@ - name: Import variables specific to distribution include_vars: "{{ item }}" with_first_found: - - "vars/{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml" - - "vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" - - "vars/{{ ansible_distribution }}.yml" + - "vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_version'] }}.yml" + - "vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_major_version'] }}.yml" + - "vars/{{ ansible_facts['distribution'] }}.yml" - "vars/default.yml" - name: Install IPA replica diff --git a/roles/ipareplica/tasks/uninstall.yml b/roles/ipareplica/tasks/uninstall.yml index 5df73e93..a9240d77 100644 --- a/roles/ipareplica/tasks/uninstall.yml +++ b/roles/ipareplica/tasks/uninstall.yml @@ -25,7 +25,7 @@ # command: > # /usr/sbin/ipa-replica-manage # del -# {{ ipareplica_hostname | default(ansible_fqdn) }} +# {{ ipareplica_hostname | default(ansible_facts['fqdn']) }} # --force # --password={{ ipadm_password }} # failed_when: False diff --git a/roles/ipaserver/tasks/install.yml b/roles/ipaserver/tasks/install.yml index d34bc125..8099a158 100644 --- a/roles/ipaserver/tasks/install.yml +++ b/roles/ipaserver/tasks/install.yml @@ -65,7 +65,7 @@ master_password: "{{ ipaserver_master_password | default(omit) }}" domain: "{{ ipaserver_domain | default(omit) }}" realm: "{{ ipaserver_realm | default(omit) }}" - hostname: "{{ ipaserver_hostname | default(ansible_fqdn) }}" + hostname: "{{ ipaserver_hostname | default(ansible_facts['fqdn']) }}" ca_cert_files: "{{ ipaserver_ca_cert_files | default(omit) }}" no_host_dns: "{{ ipaserver_no_host_dns }}" pki_config_override: "{{ ipaserver_pki_config_override | default(omit) }}" diff --git a/roles/ipaserver/tasks/main.yml b/roles/ipaserver/tasks/main.yml index 6ae77ae0..c4e1bd7c 100644 --- a/roles/ipaserver/tasks/main.yml +++ b/roles/ipaserver/tasks/main.yml @@ -4,9 +4,9 @@ - name: Import variables specific to distribution include_vars: "{{ item }}" with_first_found: - - "vars/{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml" - - "vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" - - "vars/{{ ansible_distribution }}.yml" + - "vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_version'] }}.yml" + - "vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_major_version'] }}.yml" + - "vars/{{ ansible_facts['distribution'] }}.yml" - "vars/default.yml" - name: Install IPA server diff --git a/tests/ansible.cfg b/tests/ansible.cfg index e7f44439..5436b8c0 100644 --- a/tests/ansible.cfg +++ b/tests/ansible.cfg @@ -3,3 +3,4 @@ roles_path = ../roles:~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/rol library = ../plugins/modules:~/.ansible/plugins/modules:/usr/share/ansible/plugins/modules module_utils = ../plugins/module_utils:~/.ansible/plugins/module_utils:/usr/share/ansible/plugins/module_utils host_key_checking = false +inject_facts_as_vars = false diff --git a/tests/azure/templates/build_container.yml b/tests/azure/templates/build_container.yml index 0bd49321..c77e2745 100644 --- a/tests/azure/templates/build_container.yml +++ b/tests/azure/templates/build_container.yml @@ -23,6 +23,8 @@ jobs: - script: molecule create -s ${{ parameters.build_scenario_name }} displayName: Create test container + env: + ANSIBLE_LIBRARY: ./molecule - script: | docker stop ${{ parameters.build_scenario_name }} diff --git a/tests/azure/templates/playbook_tests.yml b/tests/azure/templates/playbook_tests.yml index d5b5d818..6962fb76 100644 --- a/tests/azure/templates/playbook_tests.yml +++ b/tests/azure/templates/playbook_tests.yml @@ -44,6 +44,8 @@ jobs: cp -a plugins/module_utils/* ~/.ansible/module_utils molecule create -s ${{ parameters.scenario }} displayName: Setup test container + env: + ANSIBLE_LIBRARY: ./molecule - script: | pytest \ diff --git a/tests/azure/templates/pytest_tests.yml b/tests/azure/templates/pytest_tests.yml index 64fe0b45..d4254543 100644 --- a/tests/azure/templates/pytest_tests.yml +++ b/tests/azure/templates/pytest_tests.yml @@ -36,6 +36,8 @@ jobs: cp -a plugins/module_utils/* ~/.ansible/module_utils molecule create -s ${{ parameters.scenario }} displayName: Setup test container + env: + ANSIBLE_LIBRARY: ./molecule - script: | pytest \ diff --git a/tests/dnsrecord/env_vars.yml b/tests/dnsrecord/env_vars.yml index d3aef920..d95e1381 100644 --- a/tests/dnsrecord/env_vars.yml +++ b/tests/dnsrecord/env_vars.yml @@ -2,9 +2,9 @@ # Set common vars and facts for test. - name: Set IPv4 address prefix. set_fact: - ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] | + ipv4_prefix: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] | join('.') }}" - ipv4_reverse_sufix: "{{ ansible_default_ipv4.address.split('.')[:-1] | + ipv4_reverse_sufix: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] | reverse | join('.') }}" diff --git a/tests/dnsrecord/test_dnsrecord.yml b/tests/dnsrecord/test_dnsrecord.yml index 75f6a92a..05379ce4 100644 --- a/tests/dnsrecord/test_dnsrecord.yml +++ b/tests/dnsrecord/test_dnsrecord.yml @@ -564,7 +564,7 @@ ipaadmin_password: SomeADMINpassword name: iron01 zone_name: "{{ safezone }}" - ip_address: "{{ ansible_default_ipv4.address }}" + ip_address: "{{ ansible_facts['default_ipv4'].address }}" register: result failed_when: not result.changed diff --git a/tests/environment/test_locale.yml b/tests/environment/test_locale.yml new file mode 100644 index 00000000..27d03de7 --- /dev/null +++ b/tests/environment/test_locale.yml @@ -0,0 +1,32 @@ +--- +- name: Test language variations + hosts: ipaserver + + tasks: + - name: Ensure a host is not present, with language set to "de_DE". + ipahost: + ipaadmin_password: SomeADMINpassword + name: nonexistent + state: absent + environment: + LANGUAGE: "de_DE" + register: result + failed_when: result.failed or result.changed + + - name: Ensure a host is not present, with language set to "C". + ipahost: + ipaadmin_password: SomeADMINpassword + name: nonexistent + state: absent + environment: + LANGUAGE: "C" + register: result + failed_when: result.failed or result.changed + + - name: Ensure a host is not present, using controller language. + ipahost: + ipaadmin_password: SomeADMINpassword + name: nonexistent + state: absent + register: result + failed_when: result.failed or result.changed diff --git a/tests/hbacrule/test_hbacrule.yml b/tests/hbacrule/test_hbacrule.yml index ce1f29c5..e0dc3b8e 100644 --- a/tests/hbacrule/test_hbacrule.yml +++ b/tests/hbacrule/test_hbacrule.yml @@ -6,7 +6,7 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined # CLEANUP TEST ITEMS diff --git a/tests/host/certificate/test_host_certificate.yml b/tests/host/certificate/test_host_certificate.yml index c4149491..1feb66b5 100644 --- a/tests/host/certificate/test_host_certificate.yml +++ b/tests/host/certificate/test_host_certificate.yml @@ -6,7 +6,7 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Generate self-signed certificates. diff --git a/tests/host/certificate/test_hosts_certificate.yml b/tests/host/certificate/test_hosts_certificate.yml index f2ef1a22..00940f3c 100644 --- a/tests/host/certificate/test_hosts_certificate.yml +++ b/tests/host/certificate/test_hosts_certificate.yml @@ -6,7 +6,7 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Host test absent diff --git a/tests/host/test_host.yml b/tests/host/test_host.yml index d4760c18..e04105b9 100644 --- a/tests/host/test_host.yml +++ b/tests/host/test_host.yml @@ -6,7 +6,7 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Set host1_fqdn .. host6_fqdn @@ -33,7 +33,7 @@ - name: Get IPv4 address prefix from server node set_fact: - ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] | + ipv4_prefix: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] | join('.') }}" - name: Host "{{ host1_fqdn }}" present diff --git a/tests/host/test_host_allow_create_keytab.yml b/tests/host/test_host_allow_create_keytab.yml index 4be1305e..358a6780 100644 --- a/tests/host/test_host_allow_create_keytab.yml +++ b/tests/host/test_host_allow_create_keytab.yml @@ -6,12 +6,12 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Get Realm from server name set_fact: - ipaserver_realm: "{{ ansible_fqdn.split('.')[1:] | join ('.') | upper }}" + ipaserver_realm: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') | upper }}" when: ipaserver_realm is not defined - name: Set host1_fqdn .. host3_fqdn diff --git a/tests/host/test_host_allow_retrieve_keytab.yml b/tests/host/test_host_allow_retrieve_keytab.yml index 9be0ef61..c5eba377 100644 --- a/tests/host/test_host_allow_retrieve_keytab.yml +++ b/tests/host/test_host_allow_retrieve_keytab.yml @@ -6,12 +6,12 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Get Realm from server name set_fact: - ipaserver_realm: "{{ ansible_fqdn.split('.')[1:] | join ('.') | upper }}" + ipaserver_realm: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') | upper }}" when: ipaserver_realm is not defined - name: Set host1_fqdn .. host3_fqdn diff --git a/tests/host/test_host_bool_params.yml b/tests/host/test_host_bool_params.yml index bc35f97e..e685fbea 100644 --- a/tests/host/test_host_bool_params.yml +++ b/tests/host/test_host_bool_params.yml @@ -6,7 +6,7 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Set host1_fqdn .. host6_fqdn diff --git a/tests/host/test_host_ipaddresses.yml b/tests/host/test_host_ipaddresses.yml index bcca18fc..c9774a60 100644 --- a/tests/host/test_host_ipaddresses.yml +++ b/tests/host/test_host_ipaddresses.yml @@ -6,7 +6,7 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Set host1_fqdn .. host6_fqdn @@ -17,7 +17,7 @@ - name: Get IPv4 address prefix from server node set_fact: - ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] | + ipv4_prefix: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] | join('.') }}" - name: Host absent diff --git a/tests/host/test_host_managedby_host.yml b/tests/host/test_host_managedby_host.yml index d5d36780..81fccbd6 100644 --- a/tests/host/test_host_managedby_host.yml +++ b/tests/host/test_host_managedby_host.yml @@ -6,7 +6,7 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Set host1_fqdn .. host2_fqdn @@ -55,39 +55,39 @@ register: result failed_when: result.changed - - name: Host "{{ host1_fqdn }}" managed by "{{ ansible_fqdn }}" + - name: Host "{{ host1_fqdn }}" managed by "{{ ansible_facts['fqdn'] }}" ipahost: ipaadmin_password: SomeADMINpassword name: "{{ host1_fqdn }}" - managedby_host: "{{ ansible_fqdn }}" + managedby_host: "{{ ansible_facts['fqdn'] }}" action: member register: result failed_when: not result.changed - - name: Host "{{ host1_fqdn }}" managed by "{{ ansible_fqdn }}" again + - name: Host "{{ host1_fqdn }}" managed by "{{ ansible_facts['fqdn'] }}" again ipahost: ipaadmin_password: SomeADMINpassword name: "{{ host1_fqdn }}" - managedby_host: "{{ ansible_fqdn }}" + managedby_host: "{{ ansible_facts['fqdn'] }}" action: member register: result failed_when: result.changed - - name: Host "{{ host1_fqdn }}" not managed by "{{ ansible_fqdn }}" + - name: Host "{{ host1_fqdn }}" not managed by "{{ ansible_facts['fqdn'] }}" ipahost: ipaadmin_password: SomeADMINpassword name: "{{ host1_fqdn }}" - managedby_host: "{{ ansible_fqdn }}" + managedby_host: "{{ ansible_facts['fqdn'] }}" action: member state: absent register: result failed_when: not result.changed - - name: Host "{{ host1_fqdn }}" not managed by "{{ ansible_fqdn }}" again + - name: Host "{{ host1_fqdn }}" not managed by "{{ ansible_facts['fqdn'] }}" again ipahost: ipaadmin_password: SomeADMINpassword name: "{{ host1_fqdn }}" - managedby_host: "{{ ansible_fqdn }}" + managedby_host: "{{ ansible_facts['fqdn'] }}" action: member state: absent register: result diff --git a/tests/host/test_host_principal.yml b/tests/host/test_host_principal.yml index 5bef0522..0e85626f 100644 --- a/tests/host/test_host_principal.yml +++ b/tests/host/test_host_principal.yml @@ -6,12 +6,12 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Get Realm from server name set_fact: - ipaserver_realm: "{{ ansible_fqdn.split('.')[1:] | join ('.') | upper }}" + ipaserver_realm: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') | upper }}" when: ipaserver_realm is not defined - name: Set host1_fqdn diff --git a/tests/host/test_host_random.yml b/tests/host/test_host_random.yml index 211d660c..3de73d96 100644 --- a/tests/host/test_host_random.yml +++ b/tests/host/test_host_random.yml @@ -6,7 +6,7 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Set host1_fqdn and host2_fqdn @@ -77,11 +77,11 @@ debug: var: ipahost.host["{{host2_fqdn }}"].randompassword - - name: Enrolled host "{{ ansible_fqdn }}" fails to set random password with update_password always + - name: Enrolled host "{{ ansible_facts['fqdn'] }}" fails to set random password with update_password always ipahost: ipaadmin_password: SomeADMINpassword hosts: - - name: "{{ ansible_fqdn }}" + - name: "{{ ansible_facts['fqdn'] }}" random: yes update_password: always register: ipahost @@ -89,7 +89,7 @@ - assert: that: - - ipahost.host["{{ ansible_fqdn }}"].randompassword is + - ipahost.host["{{ ansible_facts['fqdn'] }}"].randompassword is not defined - "'Password cannot be set on enrolled host' in ipahost.msg" diff --git a/tests/host/test_host_reverse.yml b/tests/host/test_host_reverse.yml index 9a59c489..36a0abcc 100644 --- a/tests/host/test_host_reverse.yml +++ b/tests/host/test_host_reverse.yml @@ -6,7 +6,7 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Set host1_fqdn @@ -23,7 +23,7 @@ - name: Get IPv4 address prefix from server node set_fact: - ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] | + ipv4_prefix: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] | join('.') }}" - name: Set zone prefixes. diff --git a/tests/host/test_hosts.yml b/tests/host/test_hosts.yml index 1159e078..cf0f22b9 100644 --- a/tests/host/test_hosts.yml +++ b/tests/host/test_hosts.yml @@ -6,7 +6,7 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Set host1_fqdn .. host6_fqdn diff --git a/tests/host/test_hosts_managedby_host.yml b/tests/host/test_hosts_managedby_host.yml index 0fc6651f..95f71dcd 100644 --- a/tests/host/test_hosts_managedby_host.yml +++ b/tests/host/test_hosts_managedby_host.yml @@ -6,7 +6,7 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Set host1_fqdn .. host5_fqdn diff --git a/tests/host/test_hosts_principal.yml b/tests/host/test_hosts_principal.yml index b53c0433..67b4a202 100644 --- a/tests/host/test_hosts_principal.yml +++ b/tests/host/test_hosts_principal.yml @@ -6,12 +6,12 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Get Realm from server name set_fact: - ipaserver_realm: "{{ ansible_fqdn.split('.')[1:] | join ('.') | upper }}" + ipaserver_realm: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') | upper }}" when: ipaserver_realm is not defined - name: Set host1_fqdn .. host2_fqdn diff --git a/tests/hostgroup/test_hostgroup.yml b/tests/hostgroup/test_hostgroup.yml index f5af7bbe..a0df6ec1 100644 --- a/tests/hostgroup/test_hostgroup.yml +++ b/tests/hostgroup/test_hostgroup.yml @@ -7,7 +7,7 @@ tasks: - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Ensure host-group databases, mysql-server and oracle-server are absent diff --git a/tests/privilege/test_privilege.yml b/tests/privilege/test_privilege.yml index 2a13187d..0f6a29d7 100644 --- a/tests/privilege/test_privilege.yml +++ b/tests/privilege/test_privilege.yml @@ -140,6 +140,30 @@ register: result failed_when: result.changed or result.failed + - name: Ensure "Broad Privilege" is absent. + ipaprivilege: + ipaadmin_password: SomeADMINpassword + name: Broad Privilege + state: absent + + - name: Ensure privilege Broad Privilege is created with permission. (issue 529) + ipaprivilege: + ipaadmin_password: SomeADMINpassword + name: Broad Privilege + permission: + - "Write IPA Configuration" + register: result + failed_when: not result.changed or result.failed + + - name: Ensure privilege Broad Privilege is created with permission, again. (issue 529) + ipaprivilege: + ipaadmin_password: SomeADMINpassword + name: Broad Privilege + permission: + - "Write IPA Configuration" + register: result + failed_when: result.changed or result.failed + # CLEANUP TEST ITEMS - name: Ensure privilege testing privileges are absent diff --git a/tests/role/env_facts.yml b/tests/role/env_facts.yml index f9bca93f..c6ae0659 100644 --- a/tests/role/env_facts.yml +++ b/tests/role/env_facts.yml @@ -1,7 +1,7 @@ --- - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Set fact for realm name diff --git a/tests/service/certificate/cert1.der b/tests/service/certificate/cert1.der deleted file mode 100644 index b1b90efd..00000000 Binary files a/tests/service/certificate/cert1.der and /dev/null differ diff --git a/tests/service/certificate/cert1.pem b/tests/service/certificate/cert1.pem deleted file mode 100644 index ab3704bb..00000000 --- a/tests/service/certificate/cert1.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQEL -BQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQx -MDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk -+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa -8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0am -nvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cj -QQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidS -X0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYuku -H/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAP -BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0 -WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqic -uPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkG -wIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyE -iaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj -9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV -7MVq ------END CERTIFICATE----- diff --git a/tests/service/certificate/cert2.der b/tests/service/certificate/cert2.der deleted file mode 100644 index e176c2ba..00000000 Binary files a/tests/service/certificate/cert2.der and /dev/null differ diff --git a/tests/service/certificate/cert2.pem b/tests/service/certificate/cert2.pem deleted file mode 100644 index e8ea2e43..00000000 --- a/tests/service/certificate/cert2.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC/zCCAeegAwIBAgIURhps6LEteMDCdBrlVkWe4cgSh0YwDQYJKoZIhvcNAQEL -BQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQyNDBaFw0zMDAyMDExNDQy -NDBaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQC4W56H0VraEKGlCxSTS2PqnaD11shMjruexmholmTEtYPePPnQHpwiiZlg -K7CPBIOdCn4hHH+hXQDg/TJRMjrde1VzD0pFRBUq6H25sy8oOlfD0bDXkncWn82S -OJu2UJHeL7htQLRxW14VIAO2YO9zaXdophy6/csTAkFq1ls/vTBp73pnnYp8D7Tg -zBB6bb95OZBSHeCzPIH2FSCJ/W0j6bHw4i7uHu/jWx0o0LR152fSFFwk0Wrmp8HH -b2083OlnSBgTM+BZDg9rB7jpLCsIGHWXbjG36jmRaZu5z4vq2FNomJ8PXkX7mwUf -aft6z+px7UlhrwUxEVWIXOoUBYcJAgMBAAGjUzBRMB0GA1UdDgQWBBTttCQn5UaQ -i+N5WRnA7ZTQlkVfRTAfBgNVHSMEGDAWgBTttCQn5UaQi+N5WRnA7ZTQlkVfRTAP -BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBW3vRR5wEDztuLVrcQ -Dojn1XB24OOqn4C6OJyz3FUxd4MQA8J2vKN4P2QXhY0oYsauFKhR5xfOaDUcK2Tu -kAtFz1mxqm1ygUVQHbrs8lBeIi4hoMc76ODJ/V9GNY7N/y/5xtD7XlyTVT2tb6tc -6tmv8e4497PTPspuHp9YbbvzdSI12JENDW4hKCOpR/Uv7mRcCT+c2iMJdUL3f3YO -FsGBbxVdTPmuhL4My8qR/CtCNpN0gBsaxUKFAP+/1AvFbFDChFVDEEdD8PLznH5x -8HLmA9/K5x/cXbgqESUqK13P53f1XYOfggKb1f7yqBAZRnTY82+k9Kn9qWOcnyxS -uUtZ ------END CERTIFICATE----- diff --git a/tests/service/certificate/private1.key b/tests/service/certificate/private1.key deleted file mode 100644 index 372908d2..00000000 --- a/tests/service/certificate/private1.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+XVVGFYpHVkcD -fVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJ -zMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmj -fMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn -0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQW -AnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63 -g5cZyE+nAgMBAAECggEBALJIsw5aKhE5inSIN0xZT3FTWxcjHF26jE+X86G0H3KZ -roLqnjOagOKTwjeErXt66IWKFh3b5vKCSNq6PEs8OCeRHv71bay5zK1WWLH87sKJ -EAUSPuK5O6donI9aC36VL8tTwSOOOS9WJ0KoHqsn/tLHlONXOvo063iYEg8xFhuP -etrOf2gDjwGbeWis7VeHG7wL5p2/WdsyjTDbQPhmUlBO93rtkBlm9FaqYKwrp8qe -4c5gf6ZAKgY2EZaQuEvq3Lonk7TRCtPDVCPLYQxZGOmn2UeUS+HMnDSqrlQesBKD -hNNCCJVaQZHsghmwXa8t9yRBIxoOqVObdEQYJ8wuxMECgYEA676x3m7T2PwJXS+q -Km3snv60lCozxKbzaNJ1xlAmpW08MijYCkDS/kWSIwN5GO+b5B6use8iALrV9SyP -eC/6bFuMJ+zRfGhn1cw4Ibz79EroTxmJio7J7SiD/yxvjNVznKx5xgQeB9tdgjaf -yHSxInWoQzcDGKUe2h2KFJxUzJECgYEAzrh6zI8Ugne5iBUbLcpJUehlMd4+RM0l -1y8ZOBS1tjzimWycjZaPtMB0q4FOc1ou2zcSxwoGIv5khvUsjKhTfOc6lK+cHPhE -fAppYUxhHw2UDpX/0hKDuDu++O+86ANp7AOvM+KcNAiEoovxUyurVjBsT/PPlrTA -r5w7xuyi1LcCgYAZ7ZdSh431R4MgJKXqlLx5oDnsMdgPwOz0knExpo8ZkrIUMjnQ -puCN5sjz4OXowDG9HULJfyuWOPZfSM9ewKgiUs9PdNR1gmYpNZTW4Ro0/CggywY9 -nwbGdrZN0m1SaAeXK8EY7kr/Qjk+oRNh0LPKvnYLLnnAtCh4hNcy/R62gQKBgBaD -3UweYVt8csaxlc489BNpvmvaCuovdemkBZkoGEqLAxs2yy5Ysbo8I/jyEntZ3TSf -IPpwyw5Qqt5QIdQIGV/HR4geQGCfYcYo1CV2zjU1o2SbTcuxnIsaZshyRB75EDZW -iGScT+sS6m9R0qz+WqD+kS18HqYJddsqpxAZgfqtAoGBAJx7E8HxFpaNfz/QQPAQ -mvON6ub5u4AfhH4DgiPErMxNsdzVICL+mnQy0wdmi1oEpq9KH4/8aSxdPhadyl/8 -l+0CkCkBZvEP7+NmctR8Zot60wS0DnOwuURCxm/zYJ26DXjB0XitDDumFJ56Wd6p -uLl9eKMBE/jBsCSWQTuwrtnT ------END PRIVATE KEY----- diff --git a/tests/service/certificate/private2.key b/tests/service/certificate/private2.key deleted file mode 100644 index 58909dbf..00000000 --- a/tests/service/certificate/private2.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC4W56H0VraEKGl -CxSTS2PqnaD11shMjruexmholmTEtYPePPnQHpwiiZlgK7CPBIOdCn4hHH+hXQDg -/TJRMjrde1VzD0pFRBUq6H25sy8oOlfD0bDXkncWn82SOJu2UJHeL7htQLRxW14V -IAO2YO9zaXdophy6/csTAkFq1ls/vTBp73pnnYp8D7TgzBB6bb95OZBSHeCzPIH2 -FSCJ/W0j6bHw4i7uHu/jWx0o0LR152fSFFwk0Wrmp8HHb2083OlnSBgTM+BZDg9r -B7jpLCsIGHWXbjG36jmRaZu5z4vq2FNomJ8PXkX7mwUfaft6z+px7UlhrwUxEVWI -XOoUBYcJAgMBAAECggEAPTBrlbiu5uHORPFAiwLizuQyoGYBZSearkA8Nzpzh7aX -ZhPm9mSyfeQdvAXEPDPLWzw4UNUcp3ou6H4hTUHWt9xPqDjS9dp7DBrOX+xRIpD6 -wEvA3kwGqsOvf3C6ffCP+abtF5X6TgV9XJWbpdTWpP/EWj+IGahS1qRRAhzTfHvF -YGMTFwlgbz4eOs+FXBnVNGsdsdMLpOyqHMdDAA4BhyspWHyHgCRjEjROuJCKSDUR -MD1pNdaEYzoj5QeE1IKzXAzTaxG/YKd36BxV5Cp9DOBuZZLgNEd2EisXxV7UwZL4 -leGgxAc+KQs6QoPoz+mrKbdDnxe6V+uaa9KHoqnj4QKBgQD1qh+MEIF+Vuf/keFJ -vDgS7oFeg1UGzMtWypiNfVYu9cBLp32tgY48+ey3OCvhRSJAVROH1rc5ZfkESSQ2 -rSeV/T3plr5bBkLc7chuDM8An745p8VSOM+Ak1zE2qb+Qo+IsxNRA9KyeUvupuB8 -HJ7fxdZ7JpgueD/mKyCn1WaGIwKBgQDAHTS6J7LKm52d2norERK6ZyBNVhKaKNDW -ssRqSh906oFU63Qijsp4dbm1iRXGME6Zoe1quN/K80iATdv/VzjzxS1Of8mqA7gr -/2juZbpEluSxjkqPAZp1p4Kx9WURdzv2ModkYwM3zSTGR5l22Whd9QdNQvVl1mf0 -+RfgE6ty4wKBgA+GtwO1L1n6yCLg52ovmSOpK0f76O3LF7beixG2MDI7mfGuHkVP -ANxdt1ZFGJDeO7HxLpDRQzc/eKOKs904yF20aatPuawrEyK/bIF4EcUqU211awUt -TgAEUEKoxxEex8+N8dSW90QMYn4s0ddGP8xIxqt13vxg4Tj81M2GsTodAoGAOa8L -S/Hrj0ZWdzVIhXHk669XVaFIiJ1Ex5J5w2hqNZLMLpFcF5xEUxMWJdn5fb63ew3R -2b+VAr01wcCfE/Y+lYNY7T8VcEUZoaxY92v4F+wu0tlkrbfPhxA6//As3qesi2n0 -mUHZj4G7TwXkoHj7C2stPBek02UjZbz9XDzLt/0CgYAiawpqmHJK4LhRm+P6J1+X -nzLPzQ6t15ivh4jPrWZPgOG3hKV+If+PTv7lLy51y2X4Ttuyumy09J+kYiy3qIHR -nmbAEkc9lesrxk1eytxmYY+fGTBpaLAc+vNXWCtUc1ttKcfrPhZdncmSh5Z0aFN3 -D+EddEZHzfzoGlfbNVkfmQ== ------END PRIVATE KEY----- diff --git a/tests/service/certificate/test_service_certificate.yml b/tests/service/certificate/test_service_certificate.yml index 3dc24c5b..d92cf597 100644 --- a/tests/service/certificate/test_service_certificate.yml +++ b/tests/service/certificate/test_service_certificate.yml @@ -1,25 +1,3 @@ -# -# Generate self-signed certificates using openssl: -# -# openssl req -x509 -newkey rsa:2048 -days 3650 -nodes -keyout private1.key -out cert1.pem -subj '/CN=test' -# openssl req -x509 -newkey rsa:2048 -days 3650 -nodes -keyout private2.key -out cert2.pem -subj '/CN=test' -# -# Convert the certificate do DER for easier handling through CLI -# -# openssl x509 -outform der -in cert1.pem -out cert1.der -# openssl x509 -outform der -in cert2.pem -out cert2.der -# -# Use base64: -# -# base64 cert1.der -w5000 -# base64 cert2.der -w5000 -# -# Certificates: -# cert1: -# - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq -# cert2: -# - MIIC/zCCAeegAwIBAgIURhps6LEteMDCdBrlVkWe4cgSh0YwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQyNDBaFw0zMDAyMDExNDQyNDBaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4W56H0VraEKGlCxSTS2PqnaD11shMjruexmholmTEtYPePPnQHpwiiZlgK7CPBIOdCn4hHH+hXQDg/TJRMjrde1VzD0pFRBUq6H25sy8oOlfD0bDXkncWn82SOJu2UJHeL7htQLRxW14VIAO2YO9zaXdophy6/csTAkFq1ls/vTBp73pnnYp8D7TgzBB6bb95OZBSHeCzPIH2FSCJ/W0j6bHw4i7uHu/jWx0o0LR152fSFFwk0Wrmp8HHb2083OlnSBgTM+BZDg9rB7jpLCsIGHWXbjG36jmRaZu5z4vq2FNomJ8PXkX7mwUfaft6z+px7UlhrwUxEVWIXOoUBYcJAgMBAAGjUzBRMB0GA1UdDgQWBBTttCQn5UaQi+N5WRnA7ZTQlkVfRTAfBgNVHSMEGDAWgBTttCQn5UaQi+N5WRnA7ZTQlkVfRTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBW3vRR5wEDztuLVrcQDojn1XB24OOqn4C6OJyz3FUxd4MQA8J2vKN4P2QXhY0oYsauFKhR5xfOaDUcK2TukAtFz1mxqm1ygUVQHbrs8lBeIi4hoMc76ODJ/V9GNY7N/y/5xtD7XlyTVT2tb6tc6tmv8e4497PTPspuHp9YbbvzdSI12JENDW4hKCOpR/Uv7mRcCT+c2iMJdUL3f3YOFsGBbxVdTPmuhL4My8qR/CtCNpN0gBsaxUKFAP+/1AvFbFDChFVDEEdD8PLznH5x8HLmA9/K5x/cXbgqESUqK13P53f1XYOfggKb1f7yqBAZRnTY82+k9Kn9qWOcnyxSuUtZ - --- - name: Test service certificates hosts: ipaserver @@ -27,14 +5,24 @@ tasks: # setup + - name: Generate self-signed certificates. + shell: + cmd: | + openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout "private{{ item }}.key" -out "cert{{ item }}.pem" -subj '/CN=test' + openssl x509 -outform der -in "cert{{ item }}.pem" -out "cert{{ item }}.der" + base64 "cert{{ item }}.der" -w5000 > "cert{{ item }}.b64" + with_items: [1, 2] + become: no + delegate_to: localhost + - name: Get Domain from server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined - name: Get IPv4 address prefix from server node set_fact: - ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] | + ipv4_prefix: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] | join('.') }}" - name: Set test host FQDN @@ -78,7 +66,7 @@ ipaadmin_password: SomeADMINpassword name: "HTTP/{{ test_host }}" certificate: - - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq + - "{{ lookup('file', 'cert1.b64') }}" pac_type: - MS-PAC - PAD @@ -95,7 +83,7 @@ ipaadmin_password: SomeADMINpassword name: "HTTP/{{ test_host }}" certificate: - - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq + - "{{ lookup('file', 'cert1.b64') }}" pac_type: - MS_PAC - PAD @@ -120,7 +108,7 @@ ipaadmin_password: SomeADMINpassword name: "HTTP/{{ test_host }}" certificate: - - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq + - "{{ lookup('file', 'cert1.b64') }}" action: member state: present register: result @@ -131,7 +119,7 @@ ipaadmin_password: SomeADMINpassword name: "HTTP/{{ test_host }}" certificate: - - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq + - "{{ lookup('file', 'cert1.b64') }}" action: member state: present register: result @@ -142,8 +130,8 @@ ipaadmin_password: SomeADMINpassword name: "HTTP/{{ test_host }}" certificate: - - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq - - MIIC/zCCAeegAwIBAgIURhps6LEteMDCdBrlVkWe4cgSh0YwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQyNDBaFw0zMDAyMDExNDQyNDBaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4W56H0VraEKGlCxSTS2PqnaD11shMjruexmholmTEtYPePPnQHpwiiZlgK7CPBIOdCn4hHH+hXQDg/TJRMjrde1VzD0pFRBUq6H25sy8oOlfD0bDXkncWn82SOJu2UJHeL7htQLRxW14VIAO2YO9zaXdophy6/csTAkFq1ls/vTBp73pnnYp8D7TgzBB6bb95OZBSHeCzPIH2FSCJ/W0j6bHw4i7uHu/jWx0o0LR152fSFFwk0Wrmp8HHb2083OlnSBgTM+BZDg9rB7jpLCsIGHWXbjG36jmRaZu5z4vq2FNomJ8PXkX7mwUfaft6z+px7UlhrwUxEVWIXOoUBYcJAgMBAAGjUzBRMB0GA1UdDgQWBBTttCQn5UaQi+N5WRnA7ZTQlkVfRTAfBgNVHSMEGDAWgBTttCQn5UaQi+N5WRnA7ZTQlkVfRTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBW3vRR5wEDztuLVrcQDojn1XB24OOqn4C6OJyz3FUxd4MQA8J2vKN4P2QXhY0oYsauFKhR5xfOaDUcK2TukAtFz1mxqm1ygUVQHbrs8lBeIi4hoMc76ODJ/V9GNY7N/y/5xtD7XlyTVT2tb6tc6tmv8e4497PTPspuHp9YbbvzdSI12JENDW4hKCOpR/Uv7mRcCT+c2iMJdUL3f3YOFsGBbxVdTPmuhL4My8qR/CtCNpN0gBsaxUKFAP+/1AvFbFDChFVDEEdD8PLznH5x8HLmA9/K5x/cXbgqESUqK13P53f1XYOfggKb1f7yqBAZRnTY82+k9Kn9qWOcnyxSuUtZ + - "{{ lookup('file', 'cert1.b64') }}" + - "{{ lookup('file', 'cert2.b64') }}" action: member state: present register: result @@ -154,7 +142,7 @@ ipaadmin_password: SomeADMINpassword name: "HTTP/{{ test_host }}" certificate: - - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq + - "{{ lookup('file', 'cert1.b64') }}" action: member state: absent register: result @@ -165,7 +153,7 @@ ipaadmin_password: SomeADMINpassword name: "HTTP/{{ test_host }}" certificate: - - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq + - "{{ lookup('file', 'cert1.b64') }}" action: member state: absent register: result @@ -176,8 +164,8 @@ ipaadmin_password: SomeADMINpassword name: "HTTP/{{ test_host }}" certificate: - - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq - - MIIC/zCCAeegAwIBAgIURhps6LEteMDCdBrlVkWe4cgSh0YwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQyNDBaFw0zMDAyMDExNDQyNDBaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4W56H0VraEKGlCxSTS2PqnaD11shMjruexmholmTEtYPePPnQHpwiiZlgK7CPBIOdCn4hHH+hXQDg/TJRMjrde1VzD0pFRBUq6H25sy8oOlfD0bDXkncWn82SOJu2UJHeL7htQLRxW14VIAO2YO9zaXdophy6/csTAkFq1ls/vTBp73pnnYp8D7TgzBB6bb95OZBSHeCzPIH2FSCJ/W0j6bHw4i7uHu/jWx0o0LR152fSFFwk0Wrmp8HHb2083OlnSBgTM+BZDg9rB7jpLCsIGHWXbjG36jmRaZu5z4vq2FNomJ8PXkX7mwUfaft6z+px7UlhrwUxEVWIXOoUBYcJAgMBAAGjUzBRMB0GA1UdDgQWBBTttCQn5UaQi+N5WRnA7ZTQlkVfRTAfBgNVHSMEGDAWgBTttCQn5UaQi+N5WRnA7ZTQlkVfRTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBW3vRR5wEDztuLVrcQDojn1XB24OOqn4C6OJyz3FUxd4MQA8J2vKN4P2QXhY0oYsauFKhR5xfOaDUcK2TukAtFz1mxqm1ygUVQHbrs8lBeIi4hoMc76ODJ/V9GNY7N/y/5xtD7XlyTVT2tb6tc6tmv8e4497PTPspuHp9YbbvzdSI12JENDW4hKCOpR/Uv7mRcCT+c2iMJdUL3f3YOFsGBbxVdTPmuhL4My8qR/CtCNpN0gBsaxUKFAP+/1AvFbFDChFVDEEdD8PLznH5x8HLmA9/K5x/cXbgqESUqK13P53f1XYOfggKb1f7yqBAZRnTY82+k9Kn9qWOcnyxSuUtZ + - "{{ lookup('file', 'cert1.b64') }}" + - "{{ lookup('file', 'cert2.b64') }}" action: member state: absent register: result @@ -188,7 +176,7 @@ ipaadmin_password: SomeADMINpassword name: "HTTP/{{ test_host }}" certificate: - - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq + - "{{ lookup('file', 'cert1.b64') }}" action: member state: present register: result @@ -223,3 +211,12 @@ name: "{{ test_host }}" update_dns: yes state: absent + + - name: Remove certificate files. + shell: + cmd: rm -f "private{{ item }}.key" "cert{{ item }}.pem" "cert{{ item }}.der" "cert{{ item }}.b64" + with_items: [1, 2] + become: no + delegate_to: localhost + args: + warn: no # suppres warning for not using the `file` module. diff --git a/tests/service/env_vars.yml b/tests/service/env_vars.yml index eb53c7a0..37c9e1cb 100644 --- a/tests/service/env_vars.yml +++ b/tests/service/env_vars.yml @@ -1,7 +1,7 @@ --- - name: Get Domain from server name set_fact: - test_domain: "{{ ansible_fqdn.split('.')[1:] | join('.') }}" + test_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join('.') }}" - name: Set host1, host2 and svc hosts fqdn set_fact: @@ -12,4 +12,4 @@ - name: Get IPv4 address prefix from server node set_fact: - ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] | join('.') }}" + ipv4_prefix: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] | join('.') }}" diff --git a/tests/service/test_service_disable.yml b/tests/service/test_service_disable.yml index e96b9202..19bf7243 100644 --- a/tests/service/test_service_disable.yml +++ b/tests/service/test_service_disable.yml @@ -16,68 +16,78 @@ - name: Get Kerberos ticket for `admin`. shell: echo SomeADMINpassword | kinit -c ${KRB5CCNAME} admin + - name: Generate self-signed certificates. + shell: + cmd: | + openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout "private{{ item }}.key" -out "cert{{ item }}.pem" -subj '/CN=test' + openssl x509 -outform der -in "cert{{ item }}.pem" -out "cert{{ item }}.der" + base64 "cert{{ item }}.der" -w5000 > "cert{{ item }}.b64" + with_items: [1] + become: no + delegate_to: localhost + - name: Ensure service is absent ipaservice: ipaadmin_password: SomeADMINpassword - name: "mysvc1/{{ ansible_fqdn }}" + name: "mysvc1/{{ ansible_facts['fqdn'] }}" state: absent - name: Ensure service is present ipaservice: ipaadmin_password: SomeADMINpassword - name: "mysvc1/{{ ansible_fqdn }}" + name: "mysvc1/{{ ansible_facts['fqdn'] }}" certificate: - - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq + - "{{ lookup('file', 'cert1.b64', rstrip=False) }}" force: no register: result failed_when: not result.changed - name: Obtain keytab - shell: ipa-getkeytab -s "{{ ansible_fqdn }}" -p "mysvc1/{{ ansible_fqdn }}" -k mysvc1.keytab + shell: ipa-getkeytab -s "{{ ansible_facts['fqdn'] }}" -p "mysvc1/{{ ansible_facts['fqdn'] }}" -k mysvc1.keytab - name: Verify keytab - shell: ipa service-find "mysvc1/{{ ansible_fqdn }}" + shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}" register: result failed_when: result.failed or result.stdout | regex_search(" Keytab. true") - name: Ensure service is disabled ipaservice: ipaadmin_password: SomeADMINpassword - name: "mysvc1/{{ ansible_fqdn }}" + name: "mysvc1/{{ ansible_facts['fqdn'] }}" state: disabled register: result failed_when: not result.changed - name: Verify keytab - shell: ipa service-find "mysvc1/{{ ansible_fqdn }}" + shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}" register: result failed_when: result.failed or result.stdout | regex_search(" Keytab. true") - name: Obtain keytab - shell: ipa-getkeytab -s "{{ ansible_fqdn }}" -p "mysvc1/{{ ansible_fqdn }}" -k mysvc1.keytab + shell: ipa-getkeytab -s "{{ ansible_facts['fqdn'] }}" -p "mysvc1/{{ ansible_facts['fqdn'] }}" -k mysvc1.keytab - name: Verify keytab - shell: ipa service-find "mysvc1/{{ ansible_fqdn }}" + shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}" register: result failed_when: result.failed or result.stdout | regex_search(" Keytab. true") - name: Ensure service is disabled ipaservice: ipaadmin_password: SomeADMINpassword - name: "mysvc1/{{ ansible_fqdn }}" + name: "mysvc1/{{ ansible_facts['fqdn'] }}" state: disabled register: result failed_when: not result.changed - name: Verify keytab - shell: ipa service-find "mysvc1/{{ ansible_fqdn }}" + shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}" register: result failed_when: result.failed or result.stdout | regex_search(" Keytab. true") - name: Ensure service is disabled, with no keytab. ipaservice: ipaadmin_password: SomeADMINpassword - name: "mysvc1/{{ ansible_fqdn }}" + name: "mysvc1/{{ ansible_facts['fqdn'] }}" state: disabled register: result failed_when: result.changed @@ -85,7 +95,16 @@ - name: Ensure service is absent ipaservice: ipaadmin_password: SomeADMINpassword - name: "mysvc1/{{ ansible_fqdn }}" + name: "mysvc1/{{ ansible_facts['fqdn'] }}" - name: Destroy Kerberos tickets. shell: kdestroy -A -q -c ${KRB5CCNAME} + + - name: Remove certificate files. + shell: + cmd: rm -f "private{{ item }}.key" "cert{{ item }}.pem" "cert{{ item }}.der" "cert{{ item }}.b64" + with_items: [1] + become: no + delegate_to: localhost + args: + warn: no # suppres warning for not using the `file` module. diff --git a/tests/sudorule/test_sudorule.yml b/tests/sudorule/test_sudorule.yml index 15ba7f46..579db11b 100644 --- a/tests/sudorule/test_sudorule.yml +++ b/tests/sudorule/test_sudorule.yml @@ -43,7 +43,7 @@ ipahostgroup: ipaadmin_password: SomeADMINpassword name: cluster - host: "{{ ansible_fqdn }}" + host: "{{ ansible_facts['fqdn'] }}" - name: Ensure some sudocmds are available ipasudocmd: @@ -500,20 +500,20 @@ register: result failed_when: result.changed - - name: Ensure host "{{ ansible_fqdn }}" is present in sudorule. + - name: Ensure host "{{ ansible_facts['fqdn'] }}" is present in sudorule. ipasudorule: ipaadmin_password: SomeADMINpassword name: testrule1 - host: "{{ ansible_fqdn }}" + host: "{{ ansible_facts['fqdn'] }}" action: member register: result failed_when: not result.changed - - name: Ensure host "{{ ansible_fqdn }}" is present in sudorule, again. + - name: Ensure host "{{ ansible_facts['fqdn'] }}" is present in sudorule, again. ipasudorule: ipaadmin_password: SomeADMINpassword name: testrule1 - host: "{{ ansible_fqdn }}" + host: "{{ ansible_facts['fqdn'] }}" action: member register: result failed_when: result.changed diff --git a/tests/sudorule/test_sudorule_categories.yml b/tests/sudorule/test_sudorule_categories.yml index a7740c57..43d73520 100644 --- a/tests/sudorule/test_sudorule_categories.yml +++ b/tests/sudorule/test_sudorule_categories.yml @@ -7,7 +7,7 @@ tasks: - name: Get Domain from the server name set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}" - name: Ensure sudorules are absent ipasudorule: diff --git a/tests/vault/env_cleanup.yml b/tests/vault/env_cleanup.yml index 31cc1799..9b0d6f7e 100644 --- a/tests/vault/env_cleanup.yml +++ b/tests/vault/env_cleanup.yml @@ -40,7 +40,7 @@ - name: Remove files from target host. file: - path: "{{ ansible_env.HOME }}/{{ item }}" + path: "{{ ansible_facts['env'].HOME }}/{{ item }}" state: absent with_items: - A_private.pem diff --git a/tests/vault/env_setup.yml b/tests/vault/env_setup.yml index 47baa292..059caf5f 100644 --- a/tests/vault/env_setup.yml +++ b/tests/vault/env_setup.yml @@ -19,7 +19,7 @@ - name: Copy files to target host. copy: src: "{{ playbook_dir }}/{{ item }}" - dest: "{{ ansible_env.HOME }}/{{ item }}" + dest: "{{ ansible_facts['env'].HOME }}/{{ item }}" with_items: - A_private.pem - A_public.pem diff --git a/tests/vault/tasks_vault_members.yml b/tests/vault/tasks_vault_members.yml index 99e2fd0c..e53accee 100644 --- a/tests/vault/tasks_vault_members.yml +++ b/tests/vault/tasks_vault_members.yml @@ -151,7 +151,7 @@ ipaadmin_password: SomeADMINpassword name: "{{vault.name}}" action: member - services: "HTTP/{{ ansible_fqdn }}" + services: "HTTP/{{ ansible_facts['fqdn'] }}" register: result failed_when: not result.changed @@ -160,7 +160,7 @@ ipaadmin_password: SomeADMINpassword name: "{{vault.name}}" action: member - services: "HTTP/{{ ansible_fqdn }}" + services: "HTTP/{{ ansible_facts['fqdn'] }}" register: result failed_when: result.changed @@ -169,7 +169,7 @@ ipaadmin_password: SomeADMINpassword name: "{{vault.name}}" action: member - services: "HTTP/{{ ansible_fqdn }}" + services: "HTTP/{{ ansible_facts['fqdn'] }}" state: absent register: result failed_when: not result.changed @@ -179,7 +179,7 @@ ipaadmin_password: SomeADMINpassword name: "{{vault.name}}" action: member - services: "HTTP/{{ ansible_fqdn }}" + services: "HTTP/{{ ansible_facts['fqdn'] }}" state: absent register: result failed_when: result.changed @@ -264,7 +264,7 @@ ipavault: ipaadmin_password: SomeADMINpassword name: "{{vault.name}}" - ownerservices: "HTTP/{{ ansible_fqdn }}" + ownerservices: "HTTP/{{ ansible_facts['fqdn'] }}" action: member register: result failed_when: not result.changed @@ -273,7 +273,7 @@ ipavault: ipaadmin_password: SomeADMINpassword name: "{{vault.name}}" - ownerservices: "HTTP/{{ ansible_fqdn }}" + ownerservices: "HTTP/{{ ansible_facts['fqdn'] }}" action: member register: result failed_when: result.changed @@ -282,7 +282,7 @@ ipavault: ipaadmin_password: SomeADMINpassword name: "{{vault.name}}" - ownerservices: "HTTP/{{ ansible_fqdn }}" + ownerservices: "HTTP/{{ ansible_facts['fqdn'] }}" state: absent action: member register: result @@ -292,7 +292,7 @@ ipavault: ipaadmin_password: SomeADMINpassword name: "{{vault.name}}" - ownerservices: "HTTP/{{ ansible_fqdn }}" + ownerservices: "HTTP/{{ ansible_facts['fqdn'] }}" state: absent action: member register: result diff --git a/tests/vault/test_vault_asymmetric.yml b/tests/vault/test_vault_asymmetric.yml index d0a7cca7..60e5ab8b 100644 --- a/tests/vault/test_vault_asymmetric.yml +++ b/tests/vault/test_vault_asymmetric.yml @@ -68,7 +68,7 @@ ipaadmin_password: SomeADMINpassword name: asymvault vault_type: asymmetric - public_key_file: "{{ ansible_env.HOME }}/A_public.pem" + public_key_file: "{{ ansible_facts['env'].HOME }}/A_public.pem" private_key: "{{ lookup('file', 'B_private.b64') }}" register: result failed_when: result.failed or not result.changed @@ -77,7 +77,7 @@ ipavault: ipaadmin_password: SomeADMINpassword name: asymvault - private_key_file: "{{ ansible_env.HOME }}/A_private.pem" + private_key_file: "{{ ansible_facts['env'].HOME }}/A_private.pem" state: retrieved register: result failed_when: result.failed or result.changed or result.vault.data != 'SomeValue' @@ -87,8 +87,8 @@ ipaadmin_password: SomeADMINpassword name: asymvault vault_type: asymmetric - public_key_file: "{{ ansible_env.HOME }}/B_public.pem" - private_key_file: "{{ ansible_env.HOME }}/A_private.pem" + public_key_file: "{{ ansible_facts['env'].HOME }}/B_public.pem" + private_key_file: "{{ ansible_facts['env'].HOME }}/A_private.pem" register: result failed_when: result.failed or not result.changed @@ -115,8 +115,8 @@ ipavault: ipaadmin_password: SomeADMINpassword name: asymvault - public_key_file: "{{ ansible_env.HOME }}/B_public.pem" - private_key_file: "{{ ansible_env.HOME }}/A_private.pem" + public_key_file: "{{ ansible_facts['env'].HOME }}/B_public.pem" + private_key_file: "{{ ansible_facts['env'].HOME }}/A_private.pem" register: result failed_when: result.failed or not result.changed @@ -154,11 +154,11 @@ register: result failed_when: result.vault.data != 'Hello World.' or result.changed - - name: Retrieve data from asymmetric vault into file {{ ansible_env.HOME }}/data.txt. + - name: Retrieve data from asymmetric vault into file {{ ansible_facts['env'].HOME }}/data.txt. ipavault: ipaadmin_password: SomeADMINpassword name: asymvault - out: "{{ ansible_env.HOME }}/data.txt" + out: "{{ ansible_facts['env'].HOME }}/data.txt" private_key: "{{ lookup('file', 'B_private.b64') }}" state: retrieved register: result @@ -166,7 +166,7 @@ - name: Verify retrieved data. slurp: - src: "{{ ansible_env.HOME }}/data.txt" + src: "{{ ansible_facts['env'].HOME }}/data.txt" register: slurpfile failed_when: slurpfile['content'] | b64decode != 'Hello World.' @@ -192,7 +192,7 @@ ipaadmin_password: SomeADMINpassword name: asymvault vault_type: asymmetric - in: "{{ ansible_env.HOME }}/in.txt" + in: "{{ ansible_facts['env'].HOME }}/in.txt" register: result failed_when: not result.changed @@ -242,7 +242,7 @@ ipavault: ipaadmin_password: SomeADMINpassword name: asymvault - public_key_file: "{{ ansible_env.HOME }}/B_public.pem" + public_key_file: "{{ ansible_facts['env'].HOME }}/B_public.pem" vault_type: asymmetric register: result failed_when: not result.changed @@ -251,7 +251,7 @@ ipavault: ipaadmin_password: SomeADMINpassword name: asymvault - public_key_file: "{{ ansible_env.HOME }}/B_public.pem" + public_key_file: "{{ ansible_facts['env'].HOME }}/B_public.pem" vault_type: asymmetric register: result failed_when: result.changed @@ -277,7 +277,7 @@ ipavault: ipaadmin_password: SomeADMINpassword name: asymvault - private_key_file: "{{ ansible_env.HOME }}/B_private.pem" + private_key_file: "{{ ansible_facts['env'].HOME }}/B_private.pem" state: retrieved register: result failed_when: result.vault.data != 'Hello World.' or result.changed diff --git a/tests/vault/test_vault_standard.yml b/tests/vault/test_vault_standard.yml index ad5b097b..2cda5e1a 100644 --- a/tests/vault/test_vault_standard.yml +++ b/tests/vault/test_vault_standard.yml @@ -57,18 +57,18 @@ register: result failed_when: result.vault.data != 'Hello World.' or result.changed - - name: Retrieve data from standard vault into file {{ ansible_env.HOME }}/data.txt. + - name: Retrieve data from standard vault into file {{ ansible_facts['env'].HOME }}/data.txt. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault - out: "{{ ansible_env.HOME }}/data.txt" + out: "{{ ansible_facts['env'].HOME }}/data.txt" state: retrieved register: result failed_when: result.changed or result.failed or (result.vault.data | default(false)) - name: Verify retrieved data. slurp: - src: "{{ ansible_env.HOME }}/data.txt" + src: "{{ ansible_facts['env'].HOME }}/data.txt" register: slurpfile failed_when: slurpfile['content'] | b64decode != 'Hello World.' @@ -93,7 +93,7 @@ ipaadmin_password: SomeADMINpassword name: stdvault vault_type: standard - in: "{{ ansible_env.HOME }}/in.txt" + in: "{{ ansible_facts['env'].HOME }}/in.txt" register: result failed_when: not result.changed diff --git a/tests/vault/test_vault_symmetric.yml b/tests/vault/test_vault_symmetric.yml index 8794ef72..fd85d06e 100644 --- a/tests/vault/test_vault_symmetric.yml +++ b/tests/vault/test_vault_symmetric.yml @@ -63,19 +63,19 @@ register: result failed_when: result.changed or result.failed or result.vault.data != 'Hello World.' - - name: Retrieve data from symmetric vault into file {{ ansible_env.HOME }}/data.txt. + - name: Retrieve data from symmetric vault into file {{ ansible_facts['env'].HOME }}/data.txt. ipavault: ipaadmin_password: SomeADMINpassword name: symvault password: SomeVAULTpassword - out: "{{ ansible_env.HOME }}/data.txt" + out: "{{ ansible_facts['env'].HOME }}/data.txt" state: retrieved register: result failed_when: result.changed or result.failed or (result.vault.data | default(false)) - name: Verify retrieved data. slurp: - src: "{{ ansible_env.HOME }}/data.txt" + src: "{{ ansible_facts['env'].HOME }}/data.txt" register: slurpfile failed_when: slurpfile['content'] | b64decode != 'Hello World.' @@ -101,7 +101,7 @@ ipavault: ipaadmin_password: SomeADMINpassword name: symvault - in: "{{ ansible_env.HOME }}/in.txt" + in: "{{ ansible_facts['env'].HOME }}/in.txt" password: SomeVAULTpassword register: result failed_when: result.failed or not result.changed @@ -154,7 +154,7 @@ ipaadmin_password: SomeADMINpassword name: symvault username: user01 - password_file: "{{ ansible_env.HOME }}/password.txt" + password_file: "{{ ansible_facts['env'].HOME }}/password.txt" vault_type: symmetric register: result failed_when: result.failed or not result.changed @@ -164,7 +164,7 @@ ipaadmin_password: SomeADMINpassword name: symvault username: user01 - password_file: "{{ ansible_env.HOME }}/password.txt" + password_file: "{{ ansible_facts['env'].HOME }}/password.txt" vault_type: symmetric register: result failed_when: result.failed or result.changed @@ -191,7 +191,7 @@ ipavault: ipaadmin_password: SomeADMINpassword name: symvault - password_file: "{{ ansible_env.HOME }}/password.txt" + password_file: "{{ ansible_facts['env'].HOME }}/password.txt" state: retrieved register: result failed_when: result.failed or result.changed or result.vault.data != 'Hello World.' @@ -328,7 +328,7 @@ ipaadmin_password: SomeADMINpassword name: symvault password: APasswordToChange - new_password_file: "{{ ansible_env.HOME }}/password.txt" + new_password_file: "{{ ansible_facts['env'].HOME }}/password.txt" vault_type: symmetric register: result failed_when: not result.changed or result.failed