internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-06-11 19:25:54 +00:00
Code Issues Projects Releases Wiki Activity

ipapermission: add version check for bind type 'self'

Browse Source 
FreeIPA 4.8.7 has introduced bind type 'self' as a valid value, and
this PR adds checks so the module fails early if the value is used
with an unsupported version.

Tests and documentation have been updated to reflect the changes.
This commit is contained in:
Rafael Guterres Jeffman
2020-11-13 15:26:36 -03:00
parent 2aaabc77c4
commit b6cf3e5f51
3 changed files with 41 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
tests/permission/test_permission.yml
View File

@@ -4,15 +4,19 @@
become: true
tasks:
- include_tasks: ../env_freeipa_facts.yml
# CLEANUP TEST ITEMS
- name: Ensure permission perm-test-1 is absent
ipapermission:
ipaadmin_password: SomeADMINpassword
name: perm-test-1
name:
- perm-test-1
- perm-test-bindtype-test
- perm-test-renamed
state: absent
# TESTS
- name: Ensure permission perm-test-1 is present
@@ -38,7 +42,7 @@
ipaadmin_password: SomeADMINpassword
name: perm-test-1
privilege: "User Administrators"
action: member
action: member
register: result
failed_when: not result.changed or result.failed
@@ -89,7 +93,7 @@
state: absent
register: result
failed_when: result.changed or result.failed
- name: Ensure permission perm-test-renamed is present
ipapermission:
ipaadmin_password: SomeADMINpassword
@@ -99,16 +103,35 @@
register: result
failed_when: result.changed or result.failed
- name: Ensure permission with bindtype 'self' is present, if IPA version >= 4.8.7
ipapermission:
ipaadmin_password: SomeADMINpassword
name: perm-test-bindtype-test
bindtype: self
object_type: host
right: all
when: ipa_version is version('4.8.7', '>=')
register: result
failed_when: not result.changed or result.failed
- name: Fail to set permission perm-test-renamed bindtype to 'self', if IPA version < 4.8.7
ipapermission:
ipaadmin_password: SomeADMINpassword
name: perm-test-bindtype-test
bindtype: self
object_type: host
right: all
when: ipa_version is version('4.8.7', '<')
register: result
failed_when: not result.failed or "Bindtype 'self' is not supported by your IPA version." not in result.msg
# CLEANUP TEST ITEMS
- name: Ensure permission perm-test-1 is absent
ipapermission:
ipaadmin_password: SomeADMINpassword
name: perm-test-1
state: absent
- name: Ensure permission perm-test-renamed is absent
ipapermission:
ipaadmin_password: SomeADMINpassword
name: perm-test-renamed
name:
- perm-test-1
- perm-test-bindtype-test
- perm-test-renamed
state: absent