From 39d5558bd2c06b075b2d6175f5d97bcc94b1b8a5 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Fri, 21 Aug 2020 16:27:43 -0300 Subject: [PATCH 1/3] Add IPA version verification for ipaconfig's maxhostname tests. The config attributte maxhostname is only available after IPA version 4.8.0. The tests for this attribute are now protected to not run if a previous IPA version is found. --- tests/config/test_config.yml | 55 +++++++++++++++++++++++------------- 1 file changed, 36 insertions(+), 19 deletions(-) diff --git a/tests/config/test_config.yml b/tests/config/test_config.yml index c288e451..e1d33f79 100644 --- a/tests/config/test_config.yml +++ b/tests/config/test_config.yml @@ -5,6 +5,8 @@ gather_facts: false tasks: + - include_tasks: ../env_freeipa_facts.yml + # Retrieve current configuration. - name: return current values of the global configuration options ipaconfig: @@ -45,15 +47,17 @@ ipaadmin_password: SomeADMINpassword pac_type: "" - - name: set maxusername to 255 - ipaconfig: - ipaadmin_password: SomeADMINpassword - maxusername: 255 - - name: set maxhostname to 255 + block: + - ipaconfig: + ipaadmin_password: SomeADMINpassword + maxhostname: 255 + when: ipa_version is version('4.8.0', '>=') + + - name: set maxusername to 45 ipaconfig: ipaadmin_password: SomeADMINpassword - maxhostname: 255 + maxusername: 45 - name: set pwdexpnotify to 0 ipaconfig: @@ -186,18 +190,19 @@ failed_when: result.changed - name: set maxhostname to 77 - ipaconfig: - ipaadmin_password: SomeADMINpassword - maxhostname: 77 - register: result - failed_when: not result.changed + block: + - ipaconfig: + ipaadmin_password: SomeADMINpassword + maxhostname: 77 + register: result + failed_when: not result.changed - - name: set maxhostname to 77, again - ipaconfig: - ipaadmin_password: SomeADMINpassword - maxhostname: 77 - register: result - failed_when: result.changed + - ipaconfig: + ipaadmin_password: SomeADMINpassword + maxhostname: 77 + register: result + failed_when: result.changed + when: ipa_version is version('4.8.0', '>=') - name: set pwdexpnotify to 17 ipaconfig: @@ -329,7 +334,6 @@ ipaconfig: ipaadmin_password: 'SomeADMINpassword' maxusername: '{{previousconfig.config.maxusername | default(omit)}}' - maxhostname: '{{previousconfig.config.maxhostname | default(omit)}}' homedirectory: '{{previousconfig.config.homedirectory | default(omit)}}' defaultshell: '{{previousconfig.config.defaultshell | default(omit)}}' defaultgroup: '{{previousconfig.config.defaultgroup | default(omit)}}' @@ -352,11 +356,17 @@ register: result failed_when: not result.changed + - name: reset maxhostname + block: + - ipaconfig: + ipaadmin_password: SomeADMINpassword + maxhostname: '{{previousconfig.config.maxhostname | default(omit)}}' + when: ipa_version is version('4.8.0', '>=') + - name: reset changed fields, again ipaconfig: ipaadmin_password: 'SomeADMINpassword' maxusername: '{{previousconfig.config.maxusername | default(omit)}}' - maxhostname: '{{previousconfig.config.maxhostname | default(omit)}}' homedirectory: '{{previousconfig.config.homedirectory | default(omit)}}' defaultshell: '{{previousconfig.config.defaultshell | default(omit)}}' defaultgroup: '{{previousconfig.config.defaultgroup | default(omit)}}' @@ -379,6 +389,13 @@ register: result failed_when: result.changed + - name: reset maxhostname + block: + - ipaconfig: + ipaadmin_password: SomeADMINpassword + maxhostname: '{{previousconfig.config.maxhostname | default(omit)}}' + when: ipa_version is version('4.8.0', '>=') + # cleanup - name: cleanup test group From 609901eda6cddf7c6f238eb704794d44c4baf30b Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Fri, 21 Aug 2020 20:37:49 -0300 Subject: [PATCH 2/3] Fix IPA version evaluation to test ipaservice with skip_host_check. Test to verify IPA version before testing ipaservice with attribute skip_host_check was inverted, and tests failed. This change fixes it. --- tests/service/test_service.yml | 879 +++++++++--------- .../test_service_without_skip_host_check.yml | 764 +++++++-------- 2 files changed, 758 insertions(+), 885 deletions(-) diff --git a/tests/service/test_service.yml b/tests/service/test_service.yml index 7035bb9e..77f3d291 100644 --- a/tests/service/test_service.yml +++ b/tests/service/test_service.yml @@ -17,480 +17,485 @@ tasks: # setup - - name: Setup test environment - include_tasks: env_setup.yml + - include_tasks: ../env_freeipa_facts.yml # tests - - name: Ensure service is present - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - pac_type: - - MS-PAC - - PAD - auth_ind: otp - skip_host_check: no - force: yes - requires_pre_auth: yes - ok_as_delegate: no - ok_to_auth_as_delegate: no - register: result - failed_when: not result.changed + - name: Tests with skip_host_check, require IPA version 4.8.0+. + block: + - name: Setup test environment + include_tasks: env_setup.yml - - name: Ensure service is present, again - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - pac_type: - - MS_PAC - - PAD - auth_ind: otp - skip_host_check: no - force: no - requires_pre_auth: yes - ok_as_delegate: no - ok_to_auth_as_delegate: no - register: result - failed_when: result.changed + - name: Ensure service is present + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + pac_type: + - MS-PAC + - PAD + auth_ind: otp + skip_host_check: no + force: yes + requires_pre_auth: yes + ok_as_delegate: no + ok_to_auth_as_delegate: no + register: result + failed_when: not result.changed - - name: Modify service. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - pac_type: NONE - ok_as_delegate: yes - ok_to_auth_as_delegate: yes - register: result - failed_when: not result.changed + - name: Ensure service is present, again + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + pac_type: + - MS_PAC + - PAD + auth_ind: otp + skip_host_check: no + force: no + requires_pre_auth: yes + ok_as_delegate: no + ok_to_auth_as_delegate: no + register: result + failed_when: result.changed - - name: Modify service, again. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - pac_type: NONE - ok_as_delegate: yes - ok_to_auth_as_delegate: yes - register: result - failed_when: result.changed + - name: Modify service. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + pac_type: NONE + ok_as_delegate: yes + ok_to_auth_as_delegate: yes + register: result + failed_when: not result.changed - - name: Ensure service is present, without host object. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ nohost_fqdn }}" - skip_host_check: yes - register: result - failed_when: not result.changed + - name: Modify service, again. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + pac_type: NONE + ok_as_delegate: yes + ok_to_auth_as_delegate: yes + register: result + failed_when: result.changed - - name: Ensure service is present, without host object, again. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ nohost_fqdn }}" - skip_host_check: yes - register: result - failed_when: result.changed + - name: Ensure service is present, without host object. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ nohost_fqdn }}" + skip_host_check: yes + register: result + failed_when: not result.changed - - name: Ensure service is present, with host not in DNS. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: HTTP/svc.ihavenodns.info - skip_host_check: no - force: yes - register: result - failed_when: not result.changed + - name: Ensure service is present, without host object, again. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ nohost_fqdn }}" + skip_host_check: yes + register: result + failed_when: result.changed - - name: Ensure service is present, with host not in DNS, again. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: HTTP/svc.ihavenodns.info - skip_host_check: no - force: yes - register: result - failed_when: result.changed + - name: Ensure service is present, with host not in DNS. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: HTTP/svc.ihavenodns.info + skip_host_check: no + force: yes + register: result + failed_when: not result.changed - - name: Ensure service is present, whithout host object and with host not in DNS. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: HTTP/no.idontexist.info - skip_host_check: yes - force: yes - register: result - failed_when: not result.changed + - name: Ensure service is present, with host not in DNS, again. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: HTTP/svc.ihavenodns.info + skip_host_check: no + force: yes + register: result + failed_when: result.changed - - name: Ensure service is present, whithout host object and with host not in DNS, again. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: HTTP/no.idontexist.info - skip_host_check: yes - force: yes - register: result - failed_when: result.changed + - name: Ensure service is present, whithout host object and with host not in DNS. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: HTTP/no.idontexist.info + skip_host_check: yes + force: yes + register: result + failed_when: not result.changed - - name: Principal host/test.example.com present in service. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - principal: - - host/test.example.com - action: member - register: result - failed_when: not result.changed + - name: Ensure service is present, whithout host object and with host not in DNS, again. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: HTTP/no.idontexist.info + skip_host_check: yes + force: yes + register: result + failed_when: result.changed - - name: Principal host/test.example.com present in service, again. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - principal: - - host/test.example.com - action: member - register: result - failed_when: result.changed + - name: Principal host/test.example.com present in service. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + principal: + - host/test.example.com + action: member + register: result + failed_when: not result.changed - - name: Principal host/test.example.com absent in service. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - principal: - - host/test.example.com - action: member - state: absent - register: result - failed_when: not result.changed + - name: Principal host/test.example.com present in service, again. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + principal: + - host/test.example.com + action: member + register: result + failed_when: result.changed - - name: Principal host/test.example.com absent in service, again. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - principal: - - host/test.example.com - action: member - state: absent - register: result - failed_when: result.changed + - name: Principal host/test.example.com absent in service. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + principal: + - host/test.example.com + action: member + state: absent + register: result + failed_when: not result.changed - - name: Ensure host can manage service. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - host: - - "{{ host1_fqdn }}" - - "{{ host2_fqdn }}" - action: member - register: result - failed_when: not result.changed + - name: Principal host/test.example.com absent in service, again. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + principal: + - host/test.example.com + action: member + state: absent + register: result + failed_when: result.changed - - name: Ensure host can manage service, again. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - host: "{{ host1_fqdn }}" - action: member - register: result - failed_when: result.changed + - name: Ensure host can manage service. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + host: + - "{{ host1_fqdn }}" + - "{{ host2_fqdn }}" + action: member + register: result + failed_when: not result.changed - - name: Ensure host cannot manage service. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - host: - - "{{ host1_fqdn }}" - - "{{ host2_fqdn }}" - action: member - state: absent - register: result - failed_when: not result.changed + - name: Ensure host can manage service, again. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + host: "{{ host1_fqdn }}" + action: member + register: result + failed_when: result.changed - - name: Ensure host cannot manage service, again. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - host: - - "{{ host1_fqdn }}" - - "{{ host2_fqdn }}" - action: member - state: absent - register: result - failed_when: result.changed + - name: Ensure host cannot manage service. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + host: + - "{{ host1_fqdn }}" + - "{{ host2_fqdn }}" + action: member + state: absent + register: result + failed_when: not result.changed - - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - allow_create_keytab_user: - - user01 - - user02 - allow_create_keytab_group: - - group01 - - group02 - allow_create_keytab_host: - - "{{ host1_fqdn }}" - - "{{ host2_fqdn }}" - allow_create_keytab_hostgroup: - - hostgroup01 - - hostgroup02 - action: member - register: result - failed_when: not result.changed + - name: Ensure host cannot manage service, again. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + host: + - "{{ host1_fqdn }}" + - "{{ host2_fqdn }}" + action: member + state: absent + register: result + failed_when: result.changed - - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups, again. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - allow_create_keytab_user: - - user01 - - user02 - allow_create_keytab_group: - - group01 - - group02 - allow_create_keytab_host: - - "{{ host1_fqdn }}" - - "{{ host2_fqdn }}" - allow_create_keytab_hostgroup: - - hostgroup01 - - hostgroup02 - action: member - register: result - failed_when: result.changed + - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + allow_create_keytab_user: + - user01 + - user02 + allow_create_keytab_group: + - group01 + - group02 + allow_create_keytab_host: + - "{{ host1_fqdn }}" + - "{{ host2_fqdn }}" + allow_create_keytab_hostgroup: + - hostgroup01 + - hostgroup02 + action: member + register: result + failed_when: not result.changed - - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - allow_create_keytab_user: - - user01 - - user02 - allow_create_keytab_group: - - group01 - - group02 - allow_create_keytab_host: - - "{{ host1_fqdn }}" - - "{{ host2_fqdn }}" - allow_create_keytab_hostgroup: - - hostgroup01 - - hostgroup02 - action: member - state: absent - register: result - failed_when: not result.changed + - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups, again. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + allow_create_keytab_user: + - user01 + - user02 + allow_create_keytab_group: + - group01 + - group02 + allow_create_keytab_host: + - "{{ host1_fqdn }}" + - "{{ host2_fqdn }}" + allow_create_keytab_hostgroup: + - hostgroup01 + - hostgroup02 + action: member + register: result + failed_when: result.changed - - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups, again. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - allow_create_keytab_user: - - user01 - - user02 - allow_create_keytab_group: - - group01 - - group02 - allow_create_keytab_host: - - "{{ host1_fqdn }}" - - "{{ host2_fqdn }}" - allow_create_keytab_hostgroup: - - hostgroup01 - - hostgroup02 - action: member - state: absent - register: result - failed_when: result.changed + - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + allow_create_keytab_user: + - user01 + - user02 + allow_create_keytab_group: + - group01 + - group02 + allow_create_keytab_host: + - "{{ host1_fqdn }}" + - "{{ host2_fqdn }}" + allow_create_keytab_hostgroup: + - hostgroup01 + - hostgroup02 + action: member + state: absent + register: result + failed_when: not result.changed - - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - allow_retrieve_keytab_user: - - user01 - - user02 - allow_retrieve_keytab_group: - - group01 - - group02 - allow_retrieve_keytab_host: - - "{{ host1_fqdn }}" - - "{{ host2_fqdn }}" - allow_retrieve_keytab_hostgroup: - - hostgroup01 - - hostgroup02 - action: member - register: result - failed_when: not result.changed + - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups, again. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + allow_create_keytab_user: + - user01 + - user02 + allow_create_keytab_group: + - group01 + - group02 + allow_create_keytab_host: + - "{{ host1_fqdn }}" + - "{{ host2_fqdn }}" + allow_create_keytab_hostgroup: + - hostgroup01 + - hostgroup02 + action: member + state: absent + register: result + failed_when: result.changed - - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups, again. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - allow_retrieve_keytab_user: - - user01 - - user02 - allow_retrieve_keytab_group: - - group01 - - group02 - allow_retrieve_keytab_host: - - "{{ host1_fqdn }}" - - "{{ host2_fqdn }}" - allow_retrieve_keytab_hostgroup: - - hostgroup01 - - hostgroup02 - action: member - register: result - failed_when: result.changed + - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + allow_retrieve_keytab_user: + - user01 + - user02 + allow_retrieve_keytab_group: + - group01 + - group02 + allow_retrieve_keytab_host: + - "{{ host1_fqdn }}" + - "{{ host2_fqdn }}" + allow_retrieve_keytab_hostgroup: + - hostgroup01 + - hostgroup02 + action: member + register: result + failed_when: not result.changed - - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - allow_retrieve_keytab_user: - - user01 - - user02 - allow_retrieve_keytab_group: - - group01 - - group02 - allow_retrieve_keytab_host: - - "{{ host1_fqdn }}" - - "{{ host2_fqdn }}" - allow_retrieve_keytab_hostgroup: - - hostgroup01 - - hostgroup02 - action: member - state: absent - register: result - failed_when: not result.changed + - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups, again. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + allow_retrieve_keytab_user: + - user01 + - user02 + allow_retrieve_keytab_group: + - group01 + - group02 + allow_retrieve_keytab_host: + - "{{ host1_fqdn }}" + - "{{ host2_fqdn }}" + allow_retrieve_keytab_hostgroup: + - hostgroup01 + - hostgroup02 + action: member + register: result + failed_when: result.changed - - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups, again. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - allow_retrieve_keytab_user: - - user01 - - user02 - allow_retrieve_keytab_group: - - group01 - - group02 - allow_retrieve_keytab_host: - - "{{ host1_fqdn }}" - - "{{ host2_fqdn }}" - allow_retrieve_keytab_hostgroup: - - hostgroup01 - - hostgroup02 - action: member - state: absent - register: result - failed_when: result.changed + - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + allow_retrieve_keytab_user: + - user01 + - user02 + allow_retrieve_keytab_group: + - group01 + - group02 + allow_retrieve_keytab_host: + - "{{ host1_fqdn }}" + - "{{ host2_fqdn }}" + allow_retrieve_keytab_hostgroup: + - hostgroup01 + - hostgroup02 + action: member + state: absent + register: result + failed_when: not result.changed - - name: Ensure service is absent - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - state: absent - register: result - failed_when: not result.changed + - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups, again. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + allow_retrieve_keytab_user: + - user01 + - user02 + allow_retrieve_keytab_group: + - group01 + - group02 + allow_retrieve_keytab_host: + - "{{ host1_fqdn }}" + - "{{ host2_fqdn }}" + allow_retrieve_keytab_hostgroup: + - hostgroup01 + - hostgroup02 + action: member + state: absent + register: result + failed_when: result.changed - - name: Ensure service is absent, again - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - state: absent - register: result - failed_when: result.changed + - name: Ensure service is absent + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + state: absent + register: result + failed_when: not result.changed - - name: Ensure service is present, with multiple auth_ind values. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - auth_ind: otp,radius - skip_host_check: no - force: yes - register: result - failed_when: not result.changed + - name: Ensure service is absent, again + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + state: absent + register: result + failed_when: result.changed - - name: Ensure service is present, with multiple auth_ind values, again. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - auth_ind: otp,radius - skip_host_check: no - force: yes - register: result - failed_when: result.changed + - name: Ensure service is present, with multiple auth_ind values. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + auth_ind: otp,radius + skip_host_check: no + force: yes + register: result + failed_when: not result.changed - - name: Clear auth_ind. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - auth_ind: "" - skip_host_check: no - force: yes - register: result - failed_when: not result.changed + - name: Ensure service is present, with multiple auth_ind values, again. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + auth_ind: otp,radius + skip_host_check: no + force: yes + register: result + failed_when: result.changed - - name: Clear auth_ind, again. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - auth_ind: "" - skip_host_check: no - force: yes - register: result - failed_when: result.changed + - name: Clear auth_ind. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + auth_ind: "" + skip_host_check: no + force: yes + register: result + failed_when: not result.changed - - name: Ensure services are absent. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: - - "HTTP/{{ svc_fqdn }}" - - "HTTP/{{ nohost_fqdn }}" - - HTTP/svc.ihavenodns.info - - HTTP/no.idontexist.local - continue: yes - state: absent - register: result - failed_when: not result.changed + - name: Clear auth_ind, again. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + auth_ind: "" + skip_host_check: no + force: yes + register: result + failed_when: result.changed - - name: Ensure services are absent. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: - - "HTTP/{{ svc_fqdn }}" - - "HTTP/{{ nohost_fqdn }}" - - HTTP/svc.ihavenodns.info - - HTTP/no.idontexist.local - continue: yes - state: absent - register: result - failed_when: result.changed + - name: Ensure services are absent. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: + - "HTTP/{{ svc_fqdn }}" + - "HTTP/{{ nohost_fqdn }}" + - HTTP/svc.ihavenodns.info + - HTTP/no.idontexist.local + continue: yes + state: absent + register: result + failed_when: not result.changed - - name: Ensure SMB service is present. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "{{ host1_fqdn }}" - smb: yes - netbiosname: SAMBASVC - register: result - failed_when: not result.changed + - name: Ensure services are absent. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: + - "HTTP/{{ svc_fqdn }}" + - "HTTP/{{ nohost_fqdn }}" + - HTTP/svc.ihavenodns.info + - HTTP/no.idontexist.local + continue: yes + state: absent + register: result + failed_when: result.changed - - name: Ensure SMB service is again. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "{{ host1_fqdn }}" - smb: yes - netbiosname: SAMBASVC - register: result - failed_when: result.changed + - name: Ensure SMB service is present. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "{{ host1_fqdn }}" + smb: yes + netbiosname: SAMBASVC + register: result + failed_when: not result.changed - - name: Ensure SMB service is absent. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "cifs/{{ host1_fqdn }}" - state: absent - register: result - failed_when: not result.changed + - name: Ensure SMB service is again. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "{{ host1_fqdn }}" + smb: yes + netbiosname: SAMBASVC + register: result + failed_when: result.changed - - name: Ensure SMB service is absent, again. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "cifs/{{ host1_fqdn }}" - state: absent - register: result - failed_when: result.changed + - name: Ensure SMB service is absent. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "cifs/{{ host1_fqdn }}" + state: absent + register: result + failed_when: not result.changed - # cleanup - - name: Cleanup test environment - include_tasks: env_cleanup.yml + - name: Ensure SMB service is absent, again. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "cifs/{{ host1_fqdn }}" + state: absent + register: result + failed_when: result.changed + + # cleanup + - name: Cleanup test environment + include_tasks: env_cleanup.yml + when: ipa_version is version('4.7.0', '>=') diff --git a/tests/service/test_service_without_skip_host_check.yml b/tests/service/test_service_without_skip_host_check.yml index 2b627256..794750e3 100644 --- a/tests/service/test_service_without_skip_host_check.yml +++ b/tests/service/test_service_without_skip_host_check.yml @@ -4,478 +4,346 @@ become: yes tasks: - - include_tasks: ../env_freeipa_facts.yml - - name: Tests requiring IPA version 4.7.0+ - block: - # setup - - name: Get Domain from server name - set_fact: - ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}" - when: ipaserver_domain is not defined + # setup - - name: Set host1, host2 and svc hosts fqdn - set_fact: - host1_fqdn: "{{ 'host1.' + ipaserver_domain }}" - host2_fqdn: "{{ 'host2.' + ipaserver_domain }}" - svc_fqdn: "{{ 'svc.' + ipaserver_domain }}" + - name: Setup test environment + include_tasks: env_setup.yml - - name: Host absent - ipahost: - ipaadmin_password: SomeADMINpassword - name: - - svc.ihavenodns.info - - "{{ host1_fqdn }}" - - "{{ host2_fqdn }}" - - "{{ svc_fqdn }}" - update_dns: yes - state: absent + # tests + - name: Ensure service is present + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + pac_type: + - MS-PAC + - PAD + auth_ind: otp + force: no + requires_pre_auth: yes + ok_as_delegate: no + ok_to_auth_as_delegate: no + register: result + failed_when: not result.changed - - name: Get IPv4 address prefix from server node - set_fact: - ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] | - join('.') }}" + - name: Ensure service is present, again + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + pac_type: + - MS_PAC + - PAD + auth_ind: otp + force: no + requires_pre_auth: yes + ok_as_delegate: no + ok_to_auth_as_delegate: no + register: result + failed_when: result.changed - - name: Add hosts for tests. - ipahost: - ipaadmin_password: SomeADMINpassword - hosts: - - name: "{{ host1_fqdn }}" - ip_address: "{{ ipv4_prefix + '.201' }}" - update_dns: yes - - name: "{{ host2_fqdn }}" - ip_address: "{{ ipv4_prefix + '.202' }}" - update_dns: yes - - name: "{{ svc_fqdn }}" - ip_address: "{{ ipv4_prefix + '.203' }}" - update_dns: yes - - name: svc.ihavenodns.info - update_dns: no - force: yes + - name: Modify service. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + pac_type: NONE + ok_as_delegate: yes + ok_to_auth_as_delegate: yes + register: result + failed_when: not result.changed - - name: Ensure testing user user01 is present. - ipauser: - ipaadmin_password: SomeADMINpassword - name: user01 - first: user01 - last: last + - name: Modify service, again. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + pac_type: NONE + ok_as_delegate: yes + ok_to_auth_as_delegate: yes + register: result + failed_when: result.changed - - name: Ensure testing user user02 is present. - ipauser: - ipaadmin_password: SomeADMINpassword - name: user02 - first: user02 - last: last + - name: Ensure service is present, with host not in DNS. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: HTTP/svc.ihavenodns.info + force: yes + register: result + failed_when: not result.changed - - name: Ensure testing group group01 is present. - ipagroup: - ipaadmin_password: SomeADMINpassword - name: group01 + - name: Ensure service is present, with host not in DNS, again. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: HTTP/svc.ihavenodns.info + force: yes + register: result + failed_when: result.changed - - name: Ensure testing group group02 is present. - ipagroup: - ipaadmin_password: SomeADMINpassword - name: group02 + - name: Principal host/test.example.com present in service. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + principal: + - host/test.example.com + action: member + register: result + failed_when: not result.changed - - name: Ensure testing hostgroup hostgroup01 is present. - ipahostgroup: - ipaadmin_password: SomeADMINpassword - name: hostgroup01 + - name: Principal host/test.exabple.com present in service, again. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + principal: + - host/test.example.com + action: member + register: result + failed_when: result.changed - - name: Ensure testing hostgroup hostgroup02 is present. - ipahostgroup: - ipaadmin_password: SomeADMINpassword - name: hostgroup02 + - name: Principal host/test.example.com absent in service. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + principal: + - host/test.example.com + action: member + state: absent + register: result + failed_when: not result.changed - - name: Ensure services are absent. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: - - "HTTP/{{ svc_fqdn }}" - - HTTP/svc.ihavenodns.info - state: absent + - name: Principal host/test.example.com absent in service, again. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + principal: + - host/test.example.com + action: member + state: absent + register: result + failed_when: result.changed - # tests - - name: Ensure service is present - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - pac_type: - - MS-PAC - - PAD - auth_ind: otp - force: no - requires_pre_auth: yes - ok_as_delegate: no - ok_to_auth_as_delegate: no - register: result - failed_when: not result.changed + - name: Ensure host can manage service. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + host: + - "{{ host1_fqdn }}" + - "{{ host2_fqdn }}" + action: member + register: result + failed_when: not result.changed - - name: Ensure service is present, again - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - pac_type: - - MS_PAC - - PAD - auth_ind: otp - force: no - requires_pre_auth: yes - ok_as_delegate: no - ok_to_auth_as_delegate: no - register: result - failed_when: result.changed + - name: Ensure host can manage service, again. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + host: "{{ host1_fqdn }}" + action: member + register: result + failed_when: result.changed - - name: Modify service. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - pac_type: NONE - ok_as_delegate: yes - ok_to_auth_as_delegate: yes - register: result - failed_when: not result.changed + - name: Ensure host cannot manage service. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + host: + - "{{ host1_fqdn }}" + - "{{ host2_fqdn }}" + action: member + state: absent + register: result + failed_when: not result.changed - - name: Modify service, again. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - pac_type: NONE - ok_as_delegate: yes - ok_to_auth_as_delegate: yes - register: result - failed_when: result.changed + - name: Ensure host cannot manage service, again. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + host: + - "{{ host1_fqdn }}" + - "{{ host2_fqdn }}" + action: member + state: absent + register: result + failed_when: result.changed - - name: Ensure service is present, with host not in DNS. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: HTTP/svc.ihavenodns.info - force: yes - register: result - failed_when: not result.changed + - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + allow_create_keytab_user: + - user01 + - user02 + allow_create_keytab_group: + - group01 + - group02 + allow_create_keytab_host: + - "{{ host1_fqdn }}" + - "{{ host2_fqdn }}" + allow_create_keytab_hostgroup: + - hostgroup01 + - hostgroup02 + action: member + register: result + failed_when: not result.changed - - name: Ensure service is present, with host not in DNS, again. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: HTTP/svc.ihavenodns.info - force: yes - register: result - failed_when: result.changed + - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups, again. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + allow_create_keytab_user: + - user01 + - user02 + allow_create_keytab_group: + - group01 + - group02 + allow_create_keytab_host: + - "{{ host1_fqdn }}" + - "{{ host2_fqdn }}" + allow_create_keytab_hostgroup: + - hostgroup01 + - hostgroup02 + action: member + register: result + failed_when: result.changed - - name: Principal host/test.example.com present in service. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - principal: - - host/test.example.com - action: member - register: result - failed_when: not result.changed + - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + allow_create_keytab_user: + - user01 + - user02 + allow_create_keytab_group: + - group01 + - group02 + allow_create_keytab_host: + - "{{ host1_fqdn }}" + - "{{ host2_fqdn }}" + allow_create_keytab_hostgroup: + - hostgroup01 + - hostgroup02 + action: member + state: absent + register: result + failed_when: not result.changed - - name: Principal host/test.exabple.com present in service, again. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - principal: - - host/test.example.com - action: member - register: result - failed_when: result.changed + - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups, again. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + allow_create_keytab_user: + - user01 + - user02 + allow_create_keytab_group: + - group01 + - group02 + allow_create_keytab_host: + - "{{ host1_fqdn }}" + - "{{ host2_fqdn }}" + allow_create_keytab_hostgroup: + - hostgroup01 + - hostgroup02 + action: member + state: absent + register: result + failed_when: result.changed - - name: Principal host/test.example.com absent in service. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - principal: - - host/test.example.com - action: member - state: absent - register: result - failed_when: not result.changed + - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + allow_retrieve_keytab_user: + - user01 + - user02 + allow_retrieve_keytab_group: + - group01 + - group02 + allow_retrieve_keytab_host: + - "{{ host1_fqdn }}" + - "{{ host2_fqdn }}" + allow_retrieve_keytab_hostgroup: + - hostgroup01 + - hostgroup02 + action: member + register: result + failed_when: not result.changed - - name: Principal host/test.example.com absent in service, again. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - principal: - - host/test.example.com - action: member - state: absent - register: result - failed_when: result.changed + - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups, again. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + allow_retrieve_keytab_user: + - user01 + - user02 + allow_retrieve_keytab_group: + - group01 + - group02 + allow_retrieve_keytab_host: + - "{{ host1_fqdn }}" + - "{{ host2_fqdn }}" + allow_retrieve_keytab_hostgroup: + - hostgroup01 + - hostgroup02 + action: member + register: result + failed_when: result.changed - - name: Ensure host can manage service. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - host: - - "{{ host1_fqdn }}" - - "{{ host2_fqdn }}" - action: member - register: result - failed_when: not result.changed + - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + allow_retrieve_keytab_user: + - user01 + - user02 + allow_retrieve_keytab_group: + - group01 + - group02 + allow_retrieve_keytab_host: + - "{{ host1_fqdn }}" + - "{{ host2_fqdn }}" + allow_retrieve_keytab_hostgroup: + - hostgroup01 + - hostgroup02 + action: member + state: absent + register: result + failed_when: not result.changed - - name: Ensure host can manage service, again. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - host: "{{ host1_fqdn }}" - action: member - register: result - failed_when: result.changed + - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups, again. + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + allow_retrieve_keytab_user: + - user01 + - user02 + allow_retrieve_keytab_group: + - group01 + - group02 + allow_retrieve_keytab_host: + - "{{ host1_fqdn }}" + - "{{ host2_fqdn }}" + allow_retrieve_keytab_hostgroup: + - hostgroup01 + - hostgroup02 + action: member + state: absent + register: result + failed_when: result.changed - - name: Ensure host cannot manage service. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - host: - - "{{ host1_fqdn }}" - - "{{ host2_fqdn }}" - action: member - state: absent - register: result - failed_when: not result.changed + # + - name: Ensure service is absent + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + state: absent + register: result + failed_when: not result.changed - - name: Ensure host cannot manage service, again. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - host: - - "{{ host1_fqdn }}" - - "{{ host2_fqdn }}" - action: member - state: absent - register: result - failed_when: result.changed + - name: Ensure service is absent, again + ipaservice: + ipaadmin_password: SomeADMINpassword + name: "HTTP/{{ svc_fqdn }}" + state: absent + register: result + failed_when: result.changed - - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - allow_create_keytab_user: - - user01 - - user02 - allow_create_keytab_group: - - group01 - - group02 - allow_create_keytab_host: - - "{{ host1_fqdn }}" - - "{{ host2_fqdn }}" - allow_create_keytab_hostgroup: - - hostgroup01 - - hostgroup02 - action: member - register: result - failed_when: not result.changed - - - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups, again. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - allow_create_keytab_user: - - user01 - - user02 - allow_create_keytab_group: - - group01 - - group02 - allow_create_keytab_host: - - "{{ host1_fqdn }}" - - "{{ host2_fqdn }}" - allow_create_keytab_hostgroup: - - hostgroup01 - - hostgroup02 - action: member - register: result - failed_when: result.changed - - - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - allow_create_keytab_user: - - user01 - - user02 - allow_create_keytab_group: - - group01 - - group02 - allow_create_keytab_host: - - "{{ host1_fqdn }}" - - "{{ host2_fqdn }}" - allow_create_keytab_hostgroup: - - hostgroup01 - - hostgroup02 - action: member - state: absent - register: result - failed_when: not result.changed - - - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups, again. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - allow_create_keytab_user: - - user01 - - user02 - allow_create_keytab_group: - - group01 - - group02 - allow_create_keytab_host: - - "{{ host1_fqdn }}" - - "{{ host2_fqdn }}" - allow_create_keytab_hostgroup: - - hostgroup01 - - hostgroup02 - action: member - state: absent - register: result - failed_when: result.changed - - - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - allow_retrieve_keytab_user: - - user01 - - user02 - allow_retrieve_keytab_group: - - group01 - - group02 - allow_retrieve_keytab_host: - - "{{ host1_fqdn }}" - - "{{ host2_fqdn }}" - allow_retrieve_keytab_hostgroup: - - hostgroup01 - - hostgroup02 - action: member - register: result - failed_when: not result.changed - - - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups, again. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - allow_retrieve_keytab_user: - - user01 - - user02 - allow_retrieve_keytab_group: - - group01 - - group02 - allow_retrieve_keytab_host: - - "{{ host1_fqdn }}" - - "{{ host2_fqdn }}" - allow_retrieve_keytab_hostgroup: - - hostgroup01 - - hostgroup02 - action: member - register: result - failed_when: result.changed - - - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - allow_retrieve_keytab_user: - - user01 - - user02 - allow_retrieve_keytab_group: - - group01 - - group02 - allow_retrieve_keytab_host: - - "{{ host1_fqdn }}" - - "{{ host2_fqdn }}" - allow_retrieve_keytab_hostgroup: - - hostgroup01 - - hostgroup02 - action: member - state: absent - register: result - failed_when: not result.changed - - - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups, again. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - allow_retrieve_keytab_user: - - user01 - - user02 - allow_retrieve_keytab_group: - - group01 - - group02 - allow_retrieve_keytab_host: - - "{{ host1_fqdn }}" - - "{{ host2_fqdn }}" - allow_retrieve_keytab_hostgroup: - - hostgroup01 - - hostgroup02 - action: member - state: absent - register: result - failed_when: result.changed - - # - - name: Ensure service is absent - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - state: absent - register: result - failed_when: not result.changed - - - name: Ensure service is absent, again - ipaservice: - ipaadmin_password: SomeADMINpassword - name: "HTTP/{{ svc_fqdn }}" - state: absent - register: result - failed_when: result.changed - - # cleanup - - - name: Ensure services are absent. - ipaservice: - ipaadmin_password: SomeADMINpassword - name: - - "HTTP/{{ svc_fqdn }}" - - HTTP/svc.ihavenodns.info - state: absent - - - name: Ensure host is absent - ipahost: - ipaadmin_password: SomeADMINpassword - name: - - "{{ svc_fqdn }}" - - "{{ host1_fqdn }}" - - "{{ host2_fqdn }}" - - svc.ihavenodns.info - state: absent - - - name: Ensure testing users are absent. - ipauser: - ipaadmin_password: SomeADMINpassword - name: - - user01 - - user02 - state: absent - - - name: Ensure testing groups are absent. - ipagroup: - ipaadmin_password: SomeADMINpassword - name: - - group01 - - group02 - state: absent - - - name: Ensure testing hostgroup hostgroup01 is absent. - ipagroup: - ipaadmin_password: SomeADMINpassword - name: - - hostgroup01 - state: absent - - - name: Ensure testing hostgroup hostgroup02 is absent. - ipagroup: - ipaadmin_password: SomeADMINpassword - name: - - hostgroup02 - state: absent - when: ipa_version is version('4.7.0', '>=') + # cleanup + - name: Cleanup test environment + include_tasks: env_cleanup.yml From 58de022edb1015375643da4f6c9451640cbd929c Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Fri, 21 Aug 2020 21:01:16 -0300 Subject: [PATCH 3/3] Add verification of IPA version for ipagroup's membermanager. The ipagroup attribute `membermanager` requires the use of IPA version 4.8.4 or later. This change ensure that the tests are executed only if a required version is found. --- tests/group/test_group_membermanager.yml | 356 ++++++++++++----------- 1 file changed, 181 insertions(+), 175 deletions(-) diff --git a/tests/group/test_group_membermanager.yml b/tests/group/test_group_membermanager.yml index 661f26d6..f3d58812 100644 --- a/tests/group/test_group_membermanager.yml +++ b/tests/group/test_group_membermanager.yml @@ -5,199 +5,205 @@ gather_facts: false tasks: - - name: Ensure user manangeruser1 and manageruser2 is absent - ipauser: - ipaadmin_password: SomeADMINpassword - name: manageruser1,manageruser2,unknown_user - state: absent + - include_tasks: ../env_freeipa_facts.yml - - name: Ensure group testgroup, managergroup1 and managergroup2 are absent - ipagroup: - ipaadmin_password: SomeADMINpassword - name: testgroup,managergroup1,managergroup2 - state: absent + - name: Tests requiring IPA version 4.8.4+ + block: + - name: Ensure user manangeruser1 and manageruser2 is absent + ipauser: + ipaadmin_password: SomeADMINpassword + name: manageruser1,manageruser2,unknown_user + state: absent - - name: Ensure user manageruser1 and manageruser2 are present - ipauser: - ipaadmin_password: SomeADMINpassword - users: - - name: manageruser1 - first: manageruser1 - last: Last1 - - name: manageruser2 - first: manageruser2 - last: Last2 - register: result - failed_when: not result.changed + - name: Ensure group testgroup, managergroup1 and managergroup2 are absent + ipagroup: + ipaadmin_password: SomeADMINpassword + name: testgroup,managergroup1,managergroup2 + state: absent - - name: Ensure testgroup is present - ipagroup: - ipaadmin_password: SomeADMINpassword - name: testgroup - register: result - failed_when: not result.changed + - name: Ensure user manageruser1 and manageruser2 are present + ipauser: + ipaadmin_password: SomeADMINpassword + users: + - name: manageruser1 + first: manageruser1 + last: Last1 + - name: manageruser2 + first: manageruser2 + last: Last2 + register: result + failed_when: not result.changed - - name: Ensure managergroup1 is present - ipagroup: - ipaadmin_password: SomeADMINpassword - name: managergroup1 - register: result - failed_when: not result.changed + - name: Ensure testgroup is present + ipagroup: + ipaadmin_password: SomeADMINpassword + name: testgroup + register: result + failed_when: not result.changed - - name: Ensure managergroup2 is present - ipagroup: - ipaadmin_password: SomeADMINpassword - name: managergroup2 - register: result - failed_when: not result.changed + - name: Ensure managergroup1 is present + ipagroup: + ipaadmin_password: SomeADMINpassword + name: managergroup1 + register: result + failed_when: not result.changed - - name: Ensure membermanager user1 is present for testgroup - ipagroup: - ipaadmin_password: SomeADMINpassword - name: testgroup - membermanager_user: manageruser1 - register: result - failed_when: not result.changed + - name: Ensure managergroup2 is present + ipagroup: + ipaadmin_password: SomeADMINpassword + name: managergroup2 + register: result + failed_when: not result.changed - - name: Ensure membermanager user1 is present for testgroup again - ipagroup: - ipaadmin_password: SomeADMINpassword - name: testgroup - membermanager_user: manageruser1 - register: result - failed_when: result.changed + - name: Ensure membermanager user1 is present for testgroup + ipagroup: + ipaadmin_password: SomeADMINpassword + name: testgroup + membermanager_user: manageruser1 + register: result + failed_when: not result.changed - - name: Ensure membermanager group1 is present for testgroup - ipagroup: - ipaadmin_password: SomeADMINpassword - name: testgroup - membermanager_group: managergroup1 - register: result - failed_when: not result.changed + - name: Ensure membermanager user1 is present for testgroup again + ipagroup: + ipaadmin_password: SomeADMINpassword + name: testgroup + membermanager_user: manageruser1 + register: result + failed_when: result.changed - - name: Ensure membermanager group1 is present for testgroup again - ipagroup: - ipaadmin_password: SomeADMINpassword - name: testgroup - membermanager_group: managergroup1 - register: result - failed_when: result.changed + - name: Ensure membermanager group1 is present for testgroup + ipagroup: + ipaadmin_password: SomeADMINpassword + name: testgroup + membermanager_group: managergroup1 + register: result + failed_when: not result.changed - - name: Ensure membermanager user2 and group2 members are present for testgroup - ipagroup: - ipaadmin_password: SomeADMINpassword - name: testgroup - membermanager_user: manageruser2 - membermanager_group: managergroup2 - action: member - register: result - failed_when: not result.changed + - name: Ensure membermanager group1 is present for testgroup again + ipagroup: + ipaadmin_password: SomeADMINpassword + name: testgroup + membermanager_group: managergroup1 + register: result + failed_when: result.changed - - name: Ensure membermanager user2 and group2 members are present for testgroup again - ipagroup: - ipaadmin_password: SomeADMINpassword - name: testgroup - membermanager_user: manageruser2 - membermanager_group: managergroup2 - action: member - register: result - failed_when: result.changed + - name: Ensure membermanager user2 and group2 members are present for testgroup + ipagroup: + ipaadmin_password: SomeADMINpassword + name: testgroup + membermanager_user: manageruser2 + membermanager_group: managergroup2 + action: member + register: result + failed_when: not result.changed - - name: Ensure membermanager user and group members are present for testgroup again - ipagroup: - ipaadmin_password: SomeADMINpassword - name: testgroup - membermanager_user: manageruser1,manageruser2 - membermanager_group: managergroup1,managergroup2 - action: member - register: result - failed_when: result.changed + - name: Ensure membermanager user2 and group2 members are present for testgroup again + ipagroup: + ipaadmin_password: SomeADMINpassword + name: testgroup + membermanager_user: manageruser2 + membermanager_group: managergroup2 + action: member + register: result + failed_when: result.changed - - name: Ensure membermanager user1 and group1 members are absent for testgroup - ipagroup: - ipaadmin_password: SomeADMINpassword - name: testgroup - membermanager_user: manageruser1 - membermanager_group: managergroup1 - action: member - state: absent - register: result - failed_when: not result.changed + - name: Ensure membermanager user and group members are present for testgroup again + ipagroup: + ipaadmin_password: SomeADMINpassword + name: testgroup + membermanager_user: manageruser1,manageruser2 + membermanager_group: managergroup1,managergroup2 + action: member + register: result + failed_when: result.changed - - name: Ensure membermanager user1 and group1 members are absent for testgroup again - ipagroup: - ipaadmin_password: SomeADMINpassword - name: testgroup - membermanager_user: manageruser1 - membermanager_group: managergroup1 - action: member - state: absent - register: result - failed_when: result.changed + - name: Ensure membermanager user1 and group1 members are absent for testgroup + ipagroup: + ipaadmin_password: SomeADMINpassword + name: testgroup + membermanager_user: manageruser1 + membermanager_group: managergroup1 + action: member + state: absent + register: result + failed_when: not result.changed - - name: Ensure membermanager user1 and group1 members are present for testgroup - ipagroup: - ipaadmin_password: SomeADMINpassword - name: testgroup - membermanager_user: manageruser1 - membermanager_group: managergroup1 - action: member - register: result - failed_when: not result.changed + - name: Ensure membermanager user1 and group1 members are absent for testgroup again + ipagroup: + ipaadmin_password: SomeADMINpassword + name: testgroup + membermanager_user: manageruser1 + membermanager_group: managergroup1 + action: member + state: absent + register: result + failed_when: result.changed - - name: Ensure membermanager user1 and group1 members are present for testgroup again - ipagroup: - ipaadmin_password: SomeADMINpassword - name: testgroup - membermanager_user: manageruser1 - membermanager_group: managergroup1 - action: member - register: result - failed_when: result.changed + - name: Ensure membermanager user1 and group1 members are present for testgroup + ipagroup: + ipaadmin_password: SomeADMINpassword + name: testgroup + membermanager_user: manageruser1 + membermanager_group: managergroup1 + action: member + register: result + failed_when: not result.changed - - name: Ensure membermanager user and group members are absent for testgroup - ipagroup: - ipaadmin_password: SomeADMINpassword - name: testgroup - membermanager_user: manageruser1,manageruser2 - membermanager_group: managergroup1,managergroup2 - action: member - state: absent - register: result - failed_when: not result.changed + - name: Ensure membermanager user1 and group1 members are present for testgroup again + ipagroup: + ipaadmin_password: SomeADMINpassword + name: testgroup + membermanager_user: manageruser1 + membermanager_group: managergroup1 + action: member + register: result + failed_when: result.changed - - name: Ensure membermanager user and group members are absent for testgroup again - ipagroup: - ipaadmin_password: SomeADMINpassword - name: testgroup - membermanager_user: manageruser1,manageruser2 - membermanager_group: managergroup1,managergroup2 - action: member - state: absent - register: result - failed_when: result.changed + - name: Ensure membermanager user and group members are absent for testgroup + ipagroup: + ipaadmin_password: SomeADMINpassword + name: testgroup + membermanager_user: manageruser1,manageruser2 + membermanager_group: managergroup1,managergroup2 + action: member + state: absent + register: result + failed_when: not result.changed - - name: Ensure user manangeruser1 and manageruser2 is absent - ipauser: - ipaadmin_password: SomeADMINpassword - name: manageruser1,manageruser2 - state: absent - register: result - failed_when: not result.changed + - name: Ensure membermanager user and group members are absent for testgroup again + ipagroup: + ipaadmin_password: SomeADMINpassword + name: testgroup + membermanager_user: manageruser1,manageruser2 + membermanager_group: managergroup1,managergroup2 + action: member + state: absent + register: result + failed_when: result.changed - - name: Ensure unknown membermanager_user member failure - ipagroup: - ipaadmin_password: SomeADMINpassword - name: testgroup - membermanager_user: unknown_user - action: member - register: result - failed_when: result.changed or "no such entry" not in result.msg + - name: Ensure user manangeruser1 and manageruser2 is absent + ipauser: + ipaadmin_password: SomeADMINpassword + name: manageruser1,manageruser2 + state: absent + register: result + failed_when: not result.changed - - name: Ensure group testgroup, managergroup1 and managergroup2 are absent - ipagroup: - ipaadmin_password: SomeADMINpassword - name: testgroup,managergroup1,managergroup2 - state: absent - register: result - failed_when: not result.changed + - name: Ensure unknown membermanager_user member failure + ipagroup: + ipaadmin_password: SomeADMINpassword + name: testgroup + membermanager_user: unknown_user + action: member + register: result + failed_when: result.changed or "no such entry" not in result.msg + + - name: Ensure group testgroup, managergroup1 and managergroup2 are absent + ipagroup: + ipaadmin_password: SomeADMINpassword + name: testgroup,managergroup1,managergroup2 + state: absent + register: result + failed_when: not result.changed + + when: ipa_version is version('4.8.4', '>=')