internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-03-26 21:33:05 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #350 from rjeffman/tests_skip_tests_ipa_version

Browse Source 
Add FreeIPA version as Ansible facts for testing.
This commit is contained in:
Thomas Woerner
2020-08-21 17:44:16 +02:00
committed by GitHub
parent 246593d77f 9cb75cdea7
commit 9a97303cca
4 changed files with 754 additions and 591 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
tests/env_freeipa_facts.yml Normal file
View File

@@ -0,0 +1,18 @@
# This playbook should be included with `include_tasks` as the first task
# of a test playbook that requires FreeIPA information.
#
# Available Facts:
#
# ipa_version: The installed FreeIPA version.
# ipa_api_version: The installed FreeIPA API version.
#
---
- name: Retrieving FreeIPA version.
shell:
cmd: 'ipa --version | sed -n "s/VERSION: \([^,]*\).*API_VERSION: \([^,]*\).*/\1\\n\2/p"'
register: ipa_cmd_version
- name: Set FreeIPA facts.
set_fact:
ipa_version: "{{ ipa_cmd_version.stdout_lines[0] }}"
ipa_api_version: "{{ ipa_cmd_version.stdout_lines[1] }}"

381
tests/hostgroup/test_hostgroup_membermanager.yml
View File

@@ -5,215 +5,220 @@
gather_facts: false
tasks:
- name: Ensure host-group testhostgroup is absent
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name:
- testhostgroup
state: absent
- include_tasks: ../env_freeipa_facts.yml
- name: Ensure user manangeruser1 and manageruser2 is absent
ipauser:
ipaadmin_password: SomeADMINpassword
name: manageruser1,manageruser2,unknown_user
state: absent
- name: Tests requiring IPA version 4.8.4+
block:
- name: Ensure host-group testhostgroup is absent
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name:
- testhostgroup
state: absent
- name: Ensure group managergroup1 and managergroup2 are absent
ipagroup:
ipaadmin_password: SomeADMINpassword
name: managergroup1,managergroup2
state: absent
- name: Ensure user manangeruser1 and manageruser2 is absent
ipauser:
ipaadmin_password: SomeADMINpassword
name: manageruser1,manageruser2,unknown_user
state: absent
- name: Ensure host-group testhostgroup is present
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name:
- testhostgroup
- name: Ensure group managergroup1 and managergroup2 are absent
ipagroup:
ipaadmin_password: SomeADMINpassword
name: managergroup1,managergroup2
state: absent
- name: Ensure user manageruser1 and manageruser2 are present
ipauser:
ipaadmin_password: SomeADMINpassword
users:
- name: manageruser1
first: manageruser1
last: Last1
- name: manageruser2
first: manageruser2
last: Last2
register: result
failed_when: not result.changed
- name: Ensure host-group testhostgroup is present
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name:
- testhostgroup
- name: Ensure managergroup1 is present
ipagroup:
ipaadmin_password: SomeADMINpassword
name: managergroup1
register: result
failed_when: not result.changed
- name: Ensure user manageruser1 and manageruser2 are present
ipauser:
ipaadmin_password: SomeADMINpassword
users:
- name: manageruser1
first: manageruser1
last: Last1
- name: manageruser2
first: manageruser2
last: Last2
register: result
failed_when: not result.changed
- name: Ensure managergroup2 is present
ipagroup:
ipaadmin_password: SomeADMINpassword
name: managergroup2
register: result
failed_when: not result.changed
- name: Ensure managergroup1 is present
ipagroup:
ipaadmin_password: SomeADMINpassword
name: managergroup1
register: result
failed_when: not result.changed
- name: Ensure membermanager user1 is present for testhostgroup
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser1
register: result
failed_when: not result.changed
- name: Ensure managergroup2 is present
ipagroup:
ipaadmin_password: SomeADMINpassword
name: managergroup2
register: result
failed_when: not result.changed
- name: Ensure membermanager user1 is present for testhostgroup again
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser1
register: result
failed_when: result.changed
- name: Ensure membermanager user1 is present for testhostgroup
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser1
register: result
failed_when: not result.changed
- name: Ensure membermanager group1 is present for testhostgroup
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_group: managergroup1
register: result
failed_when: not result.changed
- name: Ensure membermanager user1 is present for testhostgroup again
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser1
register: result
failed_when: result.changed
- name: Ensure membermanager group1 is present for testhostgroup again
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_group: managergroup1
register: result
failed_when: result.changed
- name: Ensure membermanager group1 is present for testhostgroup
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_group: managergroup1
register: result
failed_when: not result.changed
- name: Ensure membermanager user2 and group2 members are present for testhostgroup
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser2
membermanager_group: managergroup2
action: member
register: result
failed_when: not result.changed
- name: Ensure membermanager group1 is present for testhostgroup again
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_group: managergroup1
register: result
failed_when: result.changed
- name: Ensure membermanager user2 and group2 members are present for testhostgroup again
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser2
membermanager_group: managergroup2
action: member
register: result
failed_when: result.changed
- name: Ensure membermanager user2 and group2 members are present for testhostgroup
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser2
membermanager_group: managergroup2
action: member
register: result
failed_when: not result.changed
- name: Ensure membermanager user and group members are present for testhostgroup again
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser1,manageruser2
membermanager_group: managergroup1,managergroup2
action: member
register: result
failed_when: result.changed
- name: Ensure membermanager user2 and group2 members are present for testhostgroup again
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser2
membermanager_group: managergroup2
action: member
register: result
failed_when: result.changed
- name: Ensure membermanager user1 and group1 members are absent for testhostgroup
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser1
membermanager_group: managergroup1
action: member
state: absent
register: result
failed_when: not result.changed
- name: Ensure membermanager user and group members are present for testhostgroup again
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser1,manageruser2
membermanager_group: managergroup1,managergroup2
action: member
register: result
failed_when: result.changed
- name: Ensure membermanager user1 and group1 members are absent for testhostgroup again
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser1
membermanager_group: managergroup1
action: member
state: absent
register: result
failed_when: result.changed
- name: Ensure membermanager user1 and group1 members are absent for testhostgroup
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser1
membermanager_group: managergroup1
action: member
state: absent
register: result
failed_when: not result.changed
- name: Ensure membermanager user1 and group1 members are absent for testhostgroup again
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser1
membermanager_group: managergroup1
action: member
state: absent
register: result
failed_when: result.changed
- name: Ensure membermanager user1 and group1 members are present for testhostgroup
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser1
membermanager_group: managergroup1
action: member
register: result
failed_when: not result.changed
- name: Ensure membermanager user1 and group1 members are present for testhostgroup
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser1
membermanager_group: managergroup1
action: member
register: result
failed_when: not result.changed
- name: Ensure membermanager user1 and group1 members are present for testhostgroup again
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser1
membermanager_group: managergroup1
action: member
register: result
failed_when: result.changed
- name: Ensure membermanager user1 and group1 members are present for testhostgroup again
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser1
membermanager_group: managergroup1
action: member
register: result
failed_when: result.changed
- name: Ensure membermanager user and group members are absent for testhostgroup
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser1,manageruser2
membermanager_group: managergroup1,managergroup2
action: member
state: absent
register: result
failed_when: not result.changed
- name: Ensure membermanager user and group members are absent for testhostgroup
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser1,manageruser2
membermanager_group: managergroup1,managergroup2
action: member
state: absent
register: result
failed_when: not result.changed
- name: Ensure membermanager user and group members are absent for testhostgroup again
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser1,manageruser2
membermanager_group: managergroup1,managergroup2
action: member
state: absent
register: result
failed_when: result.changed
- name: Ensure membermanager user and group members are absent for testhostgroup again
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: manageruser1,manageruser2
membermanager_group: managergroup1,managergroup2
action: member
state: absent
register: result
failed_when: result.changed
- name: Ensure user manangeruser1 and manageruser2 is absent
ipauser:
ipaadmin_password: SomeADMINpassword
name: manageruser1,manageruser2
state: absent
register: result
failed_when: not result.changed
- name: Ensure user manangeruser1 and manageruser2 is absent
ipauser:
ipaadmin_password: SomeADMINpassword
name: manageruser1,manageruser2
state: absent
register: result
failed_when: not result.changed
- name: Ensure group managergroup1 and managergroup2 are absent
ipagroup:
ipaadmin_password: SomeADMINpassword
name: managergroup1,managergroup2
state: absent
register: result
failed_when: not result.changed
- name: Ensure group managergroup1 and managergroup2 are absent
ipagroup:
ipaadmin_password: SomeADMINpassword
name: managergroup1,managergroup2
state: absent
register: result
failed_when: not result.changed
- name: Ensure unknown membermanager_user member failure
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: unknown_user
action: member
register: result
failed_when: result.changed or "no such entry" not in result.msg
- name: Ensure unknown membermanager_user member failure
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
membermanager_user: unknown_user
action: member
register: result
failed_when: result.changed or "no such entry" not in result.msg
- name: Ensure host-group testhostgroup is absent
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name:
- testhostgroup
state: absent
register: result
failed_when: not result.changed
- name: Ensure host-group testhostgroup is absent
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name:
- testhostgroup
state: absent
register: result
failed_when: not result.changed
when: ipa_version is version('4.8.4', '>=')

180
tests/hostgroup/test_hostgroup_rename.yml
View File

@@ -5,101 +5,107 @@
gather_facts: false
tasks:
- name: Ensure testing host-group are absent
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name:
- databases
- datalake
- inexistenthostgroup
state: absent
- include_tasks: ../env_freeipa_facts.yml
- name: Ensure host-group databases is present
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: databases
state: present
register: result
failed_when: not result.changed
- name: Tests requiring IPA version 4.8.7+
block:
- name: Ensure testing host-group are absent
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name:
- databases
- datalake
- inexistenthostgroup
state: absent
- name: Rename host-group from `databases` to `datalake`
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: databases
rename: datalake
state: renamed
register: result
failed_when: not result.changed
- name: Ensure host-group databases is present
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: databases
state: present
register: result
failed_when: not result.changed
- name: Ensure host-group database was already absent
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: database
state: absent
register: result
failed_when: result.changed
- name: Rename host-group from `databases` to `datalake`
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: databases
rename: datalake
state: renamed
register: result
failed_when: not result.changed
- name: Rename host-group from `databases` to `datalake`, again
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: databases
rename: datalake
state: renamed
register: result
failed_when: result.changed or result.failed
- name: Ensure host-group database was already absent
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: database
state: absent
register: result
failed_when: result.changed
- name: Rename host-group with same name.
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: datalake
rename: datalake
state: renamed
register: result
failed_when: result.changed
- name: Rename host-group from `databases` to `datalake`, again
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: databases
rename: datalake
state: renamed
register: result
failed_when: result.changed or result.failed
- name: Ensure testing hostgroups do not exist.
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: inexistenthostgroup,alsoinexistent
state: absent
- name: Rename host-group with same name.
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: datalake
rename: datalake
state: renamed
register: result
failed_when: result.changed
- name: Rename inexistent host-group to an existing one.
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: inexistenthostgroup
rename: datalake
state: renamed
register: result
failed_when: result.changed or result.failed
- name: Ensure testing hostgroups do not exist.
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: inexistenthostgroup,alsoinexistent
state: absent
- name: Rename inexistent host-group to a non-existing one.
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: inexistenthostgroup
rename: alsoinexistent
state: renamed
register: result
failed_when: not result.failed or "Attribute `rename` can not be used, unless hostgroup exists." not in result.msg
- name: Rename inexistent host-group to an existing one.
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: inexistenthostgroup
rename: datalake
state: renamed
register: result
failed_when: result.changed or result.failed
- name: Ensure host-group databases is present
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: databases
state: present
- name: Rename inexistent host-group to a non-existing one.
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: inexistenthostgroup
rename: alsoinexistent
state: renamed
register: result
failed_when: not result.failed or "Attribute `rename` can not be used, unless hostgroup exists." not in result.msg
- name: Rename host-group to an existing one.
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: databases
rename: datalake
state: renamed
register: result
failed_when: not result.failed or "This entry already exists" not in result.msg
- name: Ensure host-group databases is present
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: databases
state: present
- name: Ensure host-group databases and datalake are absent
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name:
- databases
- datalake
state: absent
- name: Rename host-group to an existing one.
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: databases
rename: datalake
state: renamed
register: result
failed_when: not result.failed or "This entry already exists" not in result.msg
- name: Ensure host-group databases and datalake are absent
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name:
- databases
- datalake
state: absent
when: ipa_version is version('4.8.7', '>=')

766
tests/service/test_service_without_skip_host_check.yml
View File

@@ -4,344 +4,478 @@
become: yes
tasks:
# setup
- name: Setup test environment
include_tasks: env_setup.yml
- include_tasks: ../env_freeipa_facts.yml
# tests
- name: Ensure service is present
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
pac_type:
- MS-PAC
- PAD
auth_ind: otp
force: no
requires_pre_auth: yes
ok_as_delegate: no
ok_to_auth_as_delegate: no
register: result
failed_when: not result.changed
- name: Tests requiring IPA version 4.7.0+
block:
# setup
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Ensure service is present, again
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
pac_type:
- MS_PAC
- PAD
auth_ind: otp
force: no
requires_pre_auth: yes
ok_as_delegate: no
ok_to_auth_as_delegate: no
register: result
failed_when: result.changed
- name: Set host1, host2 and svc hosts fqdn
set_fact:
host1_fqdn: "{{ 'host1.' + ipaserver_domain }}"
host2_fqdn: "{{ 'host2.' + ipaserver_domain }}"
svc_fqdn: "{{ 'svc.' + ipaserver_domain }}"
- name: Modify service.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
pac_type: NONE
ok_as_delegate: yes
ok_to_auth_as_delegate: yes
register: result
failed_when: not result.changed
- name: Host absent
ipahost:
ipaadmin_password: SomeADMINpassword
name:
- svc.ihavenodns.info
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
- "{{ svc_fqdn }}"
update_dns: yes
state: absent
- name: Modify service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
pac_type: NONE
ok_as_delegate: yes
ok_to_auth_as_delegate: yes
register: result
failed_when: result.changed
- name: Get IPv4 address prefix from server node
set_fact:
ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] |
join('.') }}"
- name: Ensure service is present, with host not in DNS.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: HTTP/svc.ihavenodns.info
force: yes
register: result
failed_when: not result.changed
- name: Add hosts for tests.
ipahost:
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
ip_address: "{{ ipv4_prefix + '.201' }}"
update_dns: yes
- name: "{{ host2_fqdn }}"
ip_address: "{{ ipv4_prefix + '.202' }}"
update_dns: yes
- name: "{{ svc_fqdn }}"
ip_address: "{{ ipv4_prefix + '.203' }}"
update_dns: yes
- name: svc.ihavenodns.info
update_dns: no
force: yes
- name: Ensure service is present, with host not in DNS, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: HTTP/svc.ihavenodns.info
force: yes
register: result
failed_when: result.changed
- name: Ensure testing user user01 is present.
ipauser:
ipaadmin_password: SomeADMINpassword
name: user01
first: user01
last: last
- name: Principal host/test.example.com present in service.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
principal:
- host/test.example.com
action: member
register: result
failed_when: not result.changed
- name: Ensure testing user user02 is present.
ipauser:
ipaadmin_password: SomeADMINpassword
name: user02
first: user02
last: last
- name: Principal host/test.exabple.com present in service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
principal:
- host/test.example.com
action: member
register: result
failed_when: result.changed
- name: Ensure testing group group01 is present.
ipagroup:
ipaadmin_password: SomeADMINpassword
name: group01
- name: Principal host/test.example.com absent in service.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
principal:
- host/test.example.com
action: member
state: absent
register: result
failed_when: not result.changed
- name: Ensure testing group group02 is present.
ipagroup:
ipaadmin_password: SomeADMINpassword
name: group02
- name: Principal host/test.example.com absent in service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
principal:
- host/test.example.com
action: member
state: absent
register: result
failed_when: result.changed
- name: Ensure testing hostgroup hostgroup01 is present.
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: hostgroup01
- name: Ensure host can manage service.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
action: member
register: result
failed_when: not result.changed
- name: Ensure testing hostgroup hostgroup02 is present.
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: hostgroup02
- name: Ensure host can manage service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
host: "{{ host1_fqdn }}"
action: member
register: result
failed_when: result.changed
- name: Ensure services are absent.
ipaservice:
ipaadmin_password: SomeADMINpassword
name:
- "HTTP/{{ svc_fqdn }}"
- HTTP/svc.ihavenodns.info
state: absent
- name: Ensure host cannot manage service.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
action: member
state: absent
register: result
failed_when: not result.changed
# tests
- name: Ensure service is present
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
pac_type:
- MS-PAC
- PAD
auth_ind: otp
force: no
requires_pre_auth: yes
ok_as_delegate: no
ok_to_auth_as_delegate: no
register: result
failed_when: not result.changed
- name: Ensure host cannot manage service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
action: member
state: absent
register: result
failed_when: result.changed
- name: Ensure service is present, again
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
pac_type:
- MS_PAC
- PAD
auth_ind: otp
force: no
requires_pre_auth: yes
ok_as_delegate: no
ok_to_auth_as_delegate: no
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
- user02
allow_create_keytab_group:
- group01
- group02
allow_create_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
register: result
failed_when: not result.changed
- name: Modify service.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
pac_type: NONE
ok_as_delegate: yes
ok_to_auth_as_delegate: yes
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
- user02
allow_create_keytab_group:
- group01
- group02
allow_create_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
register: result
failed_when: result.changed
- name: Modify service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
pac_type: NONE
ok_as_delegate: yes
ok_to_auth_as_delegate: yes
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
- user02
allow_create_keytab_group:
- group01
- group02
allow_create_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
state: absent
register: result
failed_when: not result.changed
- name: Ensure service is present, with host not in DNS.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: HTTP/svc.ihavenodns.info
force: yes
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
- user02
allow_create_keytab_group:
- group01
- group02
allow_create_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
state: absent
register: result
failed_when: result.changed
- name: Ensure service is present, with host not in DNS, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: HTTP/svc.ihavenodns.info
force: yes
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
- user02
allow_retrieve_keytab_group:
- group01
- group02
allow_retrieve_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_retrieve_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
register: result
failed_when: not result.changed
- name: Principal host/test.example.com present in service.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
principal:
- host/test.example.com
action: member
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
- user02
allow_retrieve_keytab_group:
- group01
- group02
allow_retrieve_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_retrieve_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
register: result
failed_when: result.changed
- name: Principal host/test.exabple.com present in service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
principal:
- host/test.example.com
action: member
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
- user02
allow_retrieve_keytab_group:
- group01
- group02
allow_retrieve_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_retrieve_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
state: absent
register: result
failed_when: not result.changed
- name: Principal host/test.example.com absent in service.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
principal:
- host/test.example.com
action: member
state: absent
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
- user02
allow_retrieve_keytab_group:
- group01
- group02
allow_retrieve_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_retrieve_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
state: absent
register: result
failed_when: result.changed
- name: Principal host/test.example.com absent in service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
principal:
- host/test.example.com
action: member
state: absent
register: result
failed_when: result.changed
#
- name: Ensure service is absent
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
state: absent
register: result
failed_when: not result.changed
- name: Ensure host can manage service.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
action: member
register: result
failed_when: not result.changed
- name: Ensure service is absent, again
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
state: absent
register: result
failed_when: result.changed
- name: Ensure host can manage service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
host: "{{ host1_fqdn }}"
action: member
register: result
failed_when: result.changed
# cleanup
- name: Cleanup test environment
include_tasks: env_cleanup.yml
- name: Ensure host cannot manage service.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
action: member
state: absent
register: result
failed_when: not result.changed
- name: Ensure host cannot manage service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
action: member
state: absent
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
- user02
allow_create_keytab_group:
- group01
- group02
allow_create_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
- user02
allow_create_keytab_group:
- group01
- group02
allow_create_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
- user02
allow_create_keytab_group:
- group01
- group02
allow_create_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
state: absent
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
- user02
allow_create_keytab_group:
- group01
- group02
allow_create_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
state: absent
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
- user02
allow_retrieve_keytab_group:
- group01
- group02
allow_retrieve_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_retrieve_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
- user02
allow_retrieve_keytab_group:
- group01
- group02
allow_retrieve_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_retrieve_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
- user02
allow_retrieve_keytab_group:
- group01
- group02
allow_retrieve_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_retrieve_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
state: absent
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
- user02
allow_retrieve_keytab_group:
- group01
- group02
allow_retrieve_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_retrieve_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
state: absent
register: result
failed_when: result.changed
#
- name: Ensure service is absent
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
state: absent
register: result
failed_when: not result.changed
- name: Ensure service is absent, again
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
state: absent
register: result
failed_when: result.changed
# cleanup
- name: Ensure services are absent.
ipaservice:
ipaadmin_password: SomeADMINpassword
name:
- "HTTP/{{ svc_fqdn }}"
- HTTP/svc.ihavenodns.info
state: absent
- name: Ensure host is absent
ipahost:
ipaadmin_password: SomeADMINpassword
name:
- "{{ svc_fqdn }}"
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
- svc.ihavenodns.info
state: absent
- name: Ensure testing users are absent.
ipauser:
ipaadmin_password: SomeADMINpassword
name:
- user01
- user02
state: absent
- name: Ensure testing groups are absent.
ipagroup:
ipaadmin_password: SomeADMINpassword
name:
- group01
- group02
state: absent
- name: Ensure testing hostgroup hostgroup01 is absent.
ipagroup:
ipaadmin_password: SomeADMINpassword
name:
- hostgroup01
state: absent
- name: Ensure testing hostgroup hostgroup02 is absent.
ipagroup:
ipaadmin_password: SomeADMINpassword
name:
- hostgroup02
state: absent
when: ipa_version is version('4.7.0', '>=')