internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-14 05:22:05 +00:00
Code Issues Projects Releases Wiki Activity

Merge branch 'master' into master

Browse Source
This commit is contained in:
Thomas Woerner
2020-03-16 17:47:57 +01:00
committed by GitHub
parent 708675d9c2 73098a7ba9
commit d33935583c
218 changed files with 7650 additions and 1009 deletions
Download Patch File Download Diff File Expand all files Collapse all files

141
tests/dnsconfig/test_dnsconfig.yml Normal file
View File

@@ -0,0 +1,141 @@
---
- name: Test dnsconfig
hosts: ipaserver
become: true
gather_facts: true
tasks:
# Setup.
- name: Ensure forwarders are absent.
ipadnsconfig:
forwarders:
- ip_address: 8.8.8.8
- ip_address: 8.8.4.4
- ip_address: 2001:4860:4860::8888
- ip_address: 2001:4860:4860::8888
port: 53
state: absent
# Tests.
- name: Set dnsconfig.
ipadnsconfig:
forwarders:
- ip_address: 8.8.8.8
- ip_address: 8.8.4.4
- ip_address: 2001:4860:4860::8888
port: 53
forward_policy: only
allow_sync_ptr: yes
register: result
failed_when: not result.changed
- name: Set dnsconfig, with the same values.
ipadnsconfig:
forwarders:
- ip_address: 8.8.8.8
- ip_address: 8.8.4.4
- ip_address: 2001:4860:4860::8888
port: 53
forward_policy: only
allow_sync_ptr: yes
register: result
failed_when: result.changed
- name: Ensure forwarder is absent.
ipadnsconfig:
forwarders:
- ip_address: 8.8.8.8
state: absent
register: result
failed_when: not result.changed
- name: Ensure forwarder is absent, again.
ipadnsconfig:
forwarders:
- ip_address: 8.8.8.8
state: absent
register: result
failed_when: result.changed
- name: Disable global forwarders.
ipadnsconfig:
forward_policy: none
register: result
failed_when: not result.changed
- name: Disable global forwarders, again.
ipadnsconfig:
forward_policy: none
register: result
failed_when: result.changed
- name: Re-enable global forwarders.
ipadnsconfig:
forward_policy: first
register: result
failed_when: not result.changed
- name: Re-enable global forwarders, again.
ipadnsconfig:
forward_policy: first
register: result
failed_when: result.changed
- name: Disable PTR record synchronization.
ipadnsconfig:
allow_sync_ptr: no
register: result
failed_when: not result.changed
- name: Disable PTR record synchronization, again.
ipadnsconfig:
allow_sync_ptr: no
register: result
failed_when: result.changed
- name: Re-enable PTR record synchronization.
ipadnsconfig:
allow_sync_ptr: yes
register: result
failed_when: not result.changed
- name: Re-enable PTR record synchronization, again.
ipadnsconfig:
allow_sync_ptr: yes
register: result
failed_when: result.changed
- name: Ensure all forwarders are absent.
ipadnsconfig:
forwarders:
- ip_address: 8.8.8.8
- ip_address: 8.8.4.4
- ip_address: 2001:4860:4860::8888
port: 53
state: absent
register: result
failed_when: not result.changed
- name: Ensure all forwarders are absent, again.
ipadnsconfig:
forwarders:
- ip_address: 8.8.8.8
- ip_address: 8.8.4.4
- ip_address: 2001:4860:4860::8888
port: 53
state: absent
register: result
failed_when: result.changed
# Cleanup.
- name: Ensure forwarders are absent.
ipadnsconfig:
forwarders:
- ip_address: 8.8.8.8
- ip_address: 8.8.4.4
- ip_address: 2001:4860:4860::8888
- ip_address: 2001:4860:4860::8888
port: 53
state: absent

40
tests/group/test_group.yml
View File

@@ -1,5 +1,5 @@
---
- name: Tests
- name: Test group
hosts: ipaserver
become: true
gather_facts: false
@@ -7,19 +7,19 @@
tasks:
- name: Ensure users user1, user2 and user3 are absent
ipauser:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: user1,user2,user3
state: absent
- name: Ensure group group3, group2 and group1 are absent
ipagroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: group3,group2,group1
state: absent
- name: Ensure users user1..user3 are present
ipauser:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
users:
- name: user1
first: user1
@@ -35,49 +35,49 @@
- name: Ensure group1 is present
ipagroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: group1
register: result
failed_when: not result.changed
- name: Ensure group1 is present again
ipagroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: group1
register: result
failed_when: result.changed
- name: Ensure group2 is present
ipagroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: group2
register: result
failed_when: not result.changed
- name: Ensure group2 is present again
ipagroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: group2
register: result
failed_when: result.changed
- name: Ensure group3 is present
ipagroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: group3
register: result
failed_when: not result.changed
- name: Ensure group3 is present again
ipagroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: group3
register: result
failed_when: result.changed
- name: Ensure groups group2 and group3 are present in group group1
ipagroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: group1
group:
- group2
@@ -88,7 +88,7 @@
- name: Ensure groups group2 and group3 are present in group group1 again
ipagroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: group1
group:
- group2
@@ -99,7 +99,7 @@
- name: Ensure group3 ia present in group group1
ipagroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: group1
group:
- group3
@@ -109,7 +109,7 @@
- name: Ensure users user1, user2 and user3 are present in group group1
ipagroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: group1
user:
- user1
@@ -121,7 +121,7 @@
- name: Ensure users user1, user2 and user3 are present in group group1 again
ipagroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: group1
user:
- user1
@@ -132,7 +132,7 @@
failed_when: result.changed
#- ipagroup:
# ipaadmin_password: MyPassword123
# ipaadmin_password: SomeADMINpassword
# name: group1
# user:
# - user7
@@ -140,7 +140,7 @@
- name: Ensure user user7 is absent in group group1
ipagroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: group1
user:
- user7
@@ -151,7 +151,7 @@
- name: Ensure group group4 is absent
ipagroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: group4
state: absent
register: result
@@ -159,7 +159,7 @@
- name: Ensure group group3, group2 and group1 are absent
ipagroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: group3,group2,group1
state: absent
register: result
@@ -167,7 +167,7 @@
- name: Ensure users user1, user2 and user3 are absent
ipauser:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: user1,user2,user3
state: absent
register: result

783
tests/hbacrule/test_hbacrule.yml
View File

@@ -1,338 +1,629 @@
---
- name: Tests
- name: Test hbacrule
hosts: ipaserver
become: true
gather_facts: false
tasks:
- name: Ensure HBAC Rule allhosts is absent
ipahbacrule:
ipaadmin_password: MyPassword123
name: allhosts,sshd-pinky,loginRule
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
# CLEANUP TEST ITEMS
- name: Ensure test hosts are absent
ipahost:
ipaadmin_password: SomeADMINpassword
name:
- "{{ 'testhost01.' + ipaserver_domain }}"
- "{{ 'testhost02.' + ipaserver_domain }}"
- "{{ 'testhost03.' + ipaserver_domain }}"
- "{{ 'testhost04.' + ipaserver_domain }}"
state: absent
- name: User pinky absent
- name: Ensure test hostgroups are absent
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup01,testhostgroup02,testhostgroup03,testhostgroup04
state: absent
- name: Ensure test users are absent
ipauser:
ipaadmin_password: MyPassword123
name: pinky
ipaadmin_password: SomeADMINpassword
name: testuser01,testuser02,testuser03,testuser04
state: absent
- name: User group login absent
- name: Ensure test user groups are absent
ipagroup:
ipaadmin_password: MyPassword123
name: login
ipaadmin_password: SomeADMINpassword
name: testgroup01,testgroup02,testgroup03,testgroup04
state: absent
- name: User pinky present
- name: Ensure test HBAC Services are absent
ipahbacsvc:
ipaadmin_password: SomeADMINpassword
name: testhbacsvc01,testhbacsvc02,testhbacsvc03,testhbacsvc04
state: absent
- name: Ensure test HBAC Service Groups are absent
ipahbacsvcgroup:
ipaadmin_password: SomeADMINpassword
name: testhbacsvcgroup01,testhbacsvcgroup02,testhbacsvcgroup03,testhbacsvcgroup04
state: absent
# CREATE TEST ITEMS
- name: Ensure hosts "{{ 'host[1..4].' + ipaserver_domain }}" are present
ipahost:
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ 'testhost01.' + ipaserver_domain }}"
force: yes
- name: "{{ 'testhost02.' + ipaserver_domain }}"
force: yes
- name: "{{ 'testhost03.' + ipaserver_domain }}"
force: yes
- name: "{{ 'testhost04.' + ipaserver_domain }}"
force: yes
register: result
failed_when: not result.changed
- name: Ensure host-group testhostgroup01 is present
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup01
register: result
failed_when: not result.changed
- name: Ensure host-group testhostgroup02 is present
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup02
register: result
failed_when: not result.changed
- name: Ensure host-group testhostgroup03 is present
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup03
register: result
failed_when: not result.changed
- name: Ensure host-group testhostgroup04 is present
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup04
register: result
failed_when: not result.changed
- name: Ensure testusers are present
ipauser:
ipaadmin_password: MyPassword123
name: pinky
uid: 10001
gid: 100
phone: "+555123457"
email: pinky@acme.com
principalexpiration: "20220119235959"
#passwordexpiration: "2022-01-19 23:59:59"
first: pinky
last: Acme
ipaadmin_password: SomeADMINpassword
users:
- name: testuser01
first: test
last: user01
- name: testuser02
first: test
last: user02
- name: testuser03
first: test
last: user03
- name: testuser04
first: test
last: user04
register: result
failed_when: not result.changed
- name: User group login present
- name: Ensure user group testgroup01 is present
ipagroup:
ipaadmin_password: MyPassword123
name: login
ipaadmin_password: SomeADMINpassword
name: testgroup01
register: result
failed_when: not result.changed
- name: Ensure HBAC Rule allhosts is present
ipahbacrule:
ipaadmin_password: MyPassword123
name: allhosts
usercategory: all
- name: Ensure user group testgroup02 is present
ipagroup:
ipaadmin_password: SomeADMINpassword
name: testgroup02
register: result
failed_when: not result.changed
- name: Ensure HBAC Rule allhosts is present again
ipahbacrule:
ipaadmin_password: MyPassword123
name: allhosts
usercategory: all
register: result
failed_when: result.changed
- name: Ensure host "{{ groups.ipaserver[0] }}" is present in HBAC Rule allhosts
ipahbacrule:
ipaadmin_password: MyPassword123
name: allhosts
host: "{{ groups.ipaserver[0] }}"
action: member
- name: Ensure user group testgroup03 is present
ipagroup:
ipaadmin_password: SomeADMINpassword
name: testgroup03
register: result
failed_when: not result.changed
- name: Ensure host "{{ groups.ipaserver[0] }}" is present in HBAC Rule allhosts again
ipahbacrule:
ipaadmin_password: MyPassword123
name: allhosts
host: "{{ groups.ipaserver[0] }}"
action: member
register: result
failed_when: result.changed
- name: Ensure HBAC Rule sshd-pinky is present
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
hostcategory: all
- name: Ensure user group testgroup04 is present
ipagroup:
ipaadmin_password: SomeADMINpassword
name: testgroup04
register: result
failed_when: not result.changed
- name: Ensure HBAC Rule sshd-pinky is present again
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
hostcategory: all
register: result
failed_when: result.changed
- name: Ensure user pinky is present in HBAC Rule sshd-pinky
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
user: pinky
action: member
- name: Ensure HBAC Service testhbacsvc01 is present
ipahbacsvc:
ipaadmin_password: SomeADMINpassword
name: testhbacsvc01
register: result
failed_when: not result.changed
- name: Ensure user pinky is present in HBAC Rule sshd-pinky again
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
user: pinky
action: member
register: result
failed_when: result.changed
- name: Ensure HBAC service sshd is present in HBAC Rule sshd-pinky
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
hbacsvc: sshd
action: member
- name: Ensure HBAC Service testhbacsvc02 is present
ipahbacsvc:
ipaadmin_password: SomeADMINpassword
name: testhbacsvc02
register: result
failed_when: not result.changed
- name: Ensure HBAC service sshd is present in HBAC Rule sshd-pinky again
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
hbacsvc: sshd
action: member
register: result
failed_when: result.changed
- name: Ensure HBAC Rule loginRule is present with HBAC service sshd
ipahbacrule:
ipaadmin_password: MyPassword123
name: loginRule
group: login
- name: Ensure HBAC Service testhbacsvc03 is present
ipahbacsvc:
ipaadmin_password: SomeADMINpassword
name: testhbacsvc03
register: result
failed_when: not result.changed
- name: Ensure HBAC Rule loginRule is present with HBAC service sshd again
ipahbacrule:
ipaadmin_password: MyPassword123
name: loginRule
group: login
register: result
failed_when: result.changed
- name: Ensure user pinky is present in HBAC Rule loginRule
ipahbacrule:
ipaadmin_password: MyPassword123
name: loginRule
user: pinky
action: member
- name: Ensure HBAC Service testhbacsvc04 is present
ipahbacsvc:
ipaadmin_password: SomeADMINpassword
name: testhbacsvc04
register: result
failed_when: not result.changed
- name: Ensure user pinky is present in HBAC Rule loginRule again
ipahbacrule:
ipaadmin_password: MyPassword123
name: loginRule
user: pinky
action: member
- name: Ensure HBAC Service Group testhbacsvcgroup01 is present
ipahbacsvcgroup:
ipaadmin_password: SomeADMINpassword
name: testhbacsvcgroup01
register: result
failed_when: result.changed
failed_when: not result.changed
- name: Ensure user pinky is absent in HBAC Rule loginRule
- name: Ensure HBAC Service Group testhbacsvcgroup02 is present
ipahbacsvcgroup:
ipaadmin_password: SomeADMINpassword
name: testhbacsvcgroup02
register: result
failed_when: not result.changed
- name: Ensure HBAC Service Group testhbacsvcgroup03 is present
ipahbacsvcgroup:
ipaadmin_password: SomeADMINpassword
name: testhbacsvcgroup03
register: result
failed_when: not result.changed
- name: Ensure HBAC Service Group testhbacsvcgroup04 is present
ipahbacsvcgroup:
ipaadmin_password: SomeADMINpassword
name: testhbacsvcgroup04
register: result
failed_when: not result.changed
- name: Ensure test HBAC rule hbacrule01 is absent
ipahbacrule:
ipaadmin_password: MyPassword123
name: loginRule
user: pinky
action: member
ipaadmin_password: SomeADMINpassword
name: hbacrule01
state: absent
# ENSURE HBACRULE
- name: Ensure HBAC rule hbacrule01 is present
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: hbacrule01
register: result
failed_when: not result.changed
- name: Ensure user pinky is absent in HBAC Rule loginRule again
- name: Ensure HBAC rule hbacrule01 is present again
ipahbacrule:
ipaadmin_password: MyPassword123
name: loginRule
user: pinky
ipaadmin_password: SomeADMINpassword
name: hbacrule01
register: result
failed_when: result.changed
# CHANGE HBACRULE WITH ALL MEMBERS
- name: Ensure HBAC rule hbacrule01 is present with hosts, hostgroups, users, groups, hbassvcs and hbacsvcgroups
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: hbacrule01
host:
- "{{ 'testhost01.' + ipaserver_domain }}"
- "{{ 'testhost02.' + ipaserver_domain }}"
hostgroup: testhostgroup01,testhostgroup02
user: testuser01,testuser02
group: testgroup01,testgroup02
hbacsvc: testhbacsvc01,testhbacsvc02
hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02
register: result
failed_when: not result.changed
- name: Ensure HBAC rule hbacrule01 is present with hosts, hostgroups, users, groups, hbassvcs and hbacsvcgroups again
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: hbacrule01
host:
- "{{ 'testhost01.' + ipaserver_domain }}"
- "{{ 'testhost02.' + ipaserver_domain }}"
hostgroup: testhostgroup01,testhostgroup02
user: testuser01,testuser02
group: testgroup01,testgroup02
hbacsvc: testhbacsvc01,testhbacsvc02
hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02
register: result
failed_when: result.changed
# REMOVE MEMBERS ONE BY ONE
- name: Ensure test HBAC rule hbacrule01 host members are absent
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: hbacrule01
host:
- "{{ 'testhost01.' + ipaserver_domain }}"
- "{{ 'testhost02.' + ipaserver_domain }}"
state: absent
action: member
state: absent
register: result
failed_when: result.changed
- name: Ensure HBAC Rule loginRule is absent
ipahbacrule:
ipaadmin_password: MyPassword123
name: loginRule
state: absent
register: result
failed_when: not result.changed
- name: Ensure HBAC Rule loginRule is absent again
- name: Ensure test HBAC rule hbacrule01 host members are absent again
ipahbacrule:
ipaadmin_password: MyPassword123
name: loginRule
ipaadmin_password: SomeADMINpassword
name: hbacrule01
host:
- "{{ 'testhost01.' + ipaserver_domain }}"
- "{{ 'testhost02.' + ipaserver_domain }}"
state: absent
register: result
failed_when: result.changed
- name: Ensure HBAC service sshd is absent in HBAC Rule sshd-pinky
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
hbacsvc: sshd
action: member
state: absent
register: result
failed_when: not result.changed
failed_when: result.changed
- name: Ensure HBAC service sshd is absent in HBAC Rule sshd-pinky again
- name: Ensure test HBAC rule hbacrule01 hostgroup members are absent
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
hbacsvc: sshd
ipaadmin_password: SomeADMINpassword
name: hbacrule01
hostgroup: testhostgroup01,testhostgroup02
state: absent
action: member
state: absent
register: result
failed_when: result.changed
failed_when: not result.changed
- name: Ensure user pinky is absent in HBAC Rule sshd-pinky
- name: Ensure test HBAC rule hbacrule01 hostgroup members are absent again
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
user: pinky
ipaadmin_password: SomeADMINpassword
name: hbacrule01
hostgroup: testhostgroup01,testhostgroup02
state: absent
action: member
state: absent
register: result
failed_when: not result.changed
failed_when: result.changed
- name: Ensure user pinky is absent in HBAC Rule sshd-pinky again
- name: Ensure test HBAC rule hbacrule01 user members are absent
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
user: pinky
ipaadmin_password: SomeADMINpassword
name: hbacrule01
user: testuser01,testuser02
state: absent
action: member
state: absent
register: result
failed_when: result.changed
- name: Ensure HBAC Rule sshd-pinky is disabled
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
state: disabled
register: result
failed_when: not result.changed
- name: Ensure HBAC Rule sshd-pinky is disabled again
- name: Ensure test HBAC rule hbacrule01 user members are absent again
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
state: disabled
register: result
failed_when: result.changed
- name: Ensure HBAC Rule sshd-pinky is enabled
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
state: enabled
register: result
failed_when: not result.changed
- name: Ensure HBAC Rule sshd-pinky is enabled again
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
state: enabled
register: result
failed_when: result.changed
- name: Ensure HBAC Rule sshd-pinky is absent
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
ipaadmin_password: SomeADMINpassword
name: hbacrule01
user: testuser01,testuser02
state: absent
register: result
failed_when: not result.changed
- name: Ensure HBAC Rule sshd-pinky is absent again
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
state: absent
register: result
failed_when: result.changed
- name: Ensure host "{{ groups.ipaserver[0] }}" is absent in HBAC Rule allhosts
ipahbacrule:
ipaadmin_password: MyPassword123
name: allhosts
host: "{{ groups.ipaserver[0] }}"
action: member
state: absent
register: result
failed_when: not result.changed
failed_when: result.changed
- name: Ensure host "{{ groups.ipaserver[0] }}" is absent in HBAC Rule allhosts again
- name: Ensure test HBAC rule hbacrule01 user group members are absent
ipahbacrule:
ipaadmin_password: MyPassword123
name: allhosts
host: "{{ groups.ipaserver[0] }}"
ipaadmin_password: SomeADMINpassword
name: hbacrule01
group: testgroup01,testgroup02
state: absent
action: member
state: absent
register: result
failed_when: result.changed
- name: Ensure HBAC Rule allhosts is absent
ipahbacrule:
ipaadmin_password: MyPassword123
name: allhosts
state: absent
register: result
failed_when: not result.changed
- name: Ensure HBAC Rule allhosts is absent again
- name: Ensure test HBAC rule hbacrule01 user group members are absent again
ipahbacrule:
ipaadmin_password: MyPassword123
name: allhosts
ipaadmin_password: SomeADMINpassword
name: hbacrule01
group: testgroup01,testgroup02
state: absent
action: member
register: result
failed_when: result.changed
- name: User pinky absent
- name: Ensure test HBAC rule hbacrule01 hbacsvc members are absent
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: hbacrule01
hbacsvc: testhbacsvc01,testhbacsvc02
state: absent
action: member
register: result
failed_when: not result.changed
- name: Ensure test HBAC rule hbacrule01 hbacsvc members are absent again
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: hbacrule01
hbacsvc: testhbacsvc01,testhbacsvc02
state: absent
action: member
register: result
failed_when: result.changed
- name: Ensure test HBAC rule hbacrule01 hbacsvcgroup members are absent
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: hbacrule01
hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02
state: absent
action: member
register: result
failed_when: not result.changed
- name: Ensure test HBAC rule hbacrule01 hbacsvcgroup members are absent again
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: hbacrule01
hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02
state: absent
action: member
register: result
failed_when: result.changed
# ADD MEMBERS BACK
- name: Ensure test HBAC rule hbacrule01 host members are present
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: hbacrule01
host:
- "{{ 'testhost01.' + ipaserver_domain }}"
- "{{ 'testhost02.' + ipaserver_domain }}"
action: member
register: result
failed_when: not result.changed
- name: Ensure test HBAC rule hbacrule01 host members are present again
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: hbacrule01
host:
- "{{ 'testhost01.' + ipaserver_domain }}"
- "{{ 'testhost02.' + ipaserver_domain }}"
action: member
register: result
failed_when: result.changed
- name: Ensure test HBAC rule hbacrule01 hostgroup members are present
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: hbacrule01
hostgroup: testhostgroup01,testhostgroup02
action: member
register: result
failed_when: not result.changed
- name: Ensure test HBAC rule hbacrule01 hostgroup members are present again
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: hbacrule01
hostgroup: testhostgroup01,testhostgroup02
action: member
register: result
failed_when: result.changed
- name: Ensure test HBAC rule hbacrule01 user members are present
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: hbacrule01
user: testuser01,testuser02
action: member
register: result
failed_when: not result.changed
- name: Ensure test HBAC rule hbacrule01 user members are present again
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: hbacrule01
user: testuser01,testuser02
action: member
register: result
failed_when: result.changed
- name: Ensure test HBAC rule hbacrule01 user group members are present
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: hbacrule01
group: testgroup01,testgroup02
action: member
register: result
failed_when: not result.changed
- name: Ensure test HBAC rule hbacrule01 user group members are present again
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: hbacrule01
group: testgroup01,testgroup02
action: member
register: result
failed_when: result.changed
- name: Ensure test HBAC rule hbacrule01 hbacsvc members are present
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: hbacrule01
hbacsvc: testhbacsvc01,testhbacsvc02
action: member
register: result
failed_when: not result.changed
- name: Ensure test HBAC rule hbacrule01 hbacsvc members are present again
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: hbacrule01
hbacsvc: testhbacsvc01,testhbacsvc02
action: member
register: result
failed_when: result.changed
- name: Ensure test HBAC rule hbacrule01 hbacsvcgroup members are present
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: hbacrule01
hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02
action: member
register: result
failed_when: not result.changed
- name: Ensure test HBAC rule hbacrule01 hbacsvcgroup members are present again
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: hbacrule01
hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02
action: member
register: result
failed_when: result.changed
# CHANGE TO DIFFERENT MEMBERS
- name: Ensure HBAC rule hbacrule01 is present with different hosts, hostgroups, users, groups, hbassvcs and hbacsvcgroups
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: hbacrule01
host:
- "{{ 'testhost03.' + ipaserver_domain }}"
- "{{ 'testhost04.' + ipaserver_domain }}"
hostgroup: testhostgroup03,testhostgroup04
user: testuser03,testuser04
group: testgroup03,testgroup04
hbacsvc: testhbacsvc03,testhbacsvc04
hbacsvcgroup: testhbacsvcgroup03,testhbacsvcgroup04
register: result
failed_when: not result.changed
- name: Ensure HBAC rule hbacrule01 is present with different hosts, hostgroups, users, groups, hbassvcs and hbacsvcgroups again
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: hbacrule01
host:
- "{{ 'testhost03.' + ipaserver_domain }}"
- "{{ 'testhost04.' + ipaserver_domain }}"
hostgroup: testhostgroup03,testhostgroup04
user: testuser03,testuser04
group: testgroup03,testgroup04
hbacsvc: testhbacsvc03,testhbacsvc04
hbacsvcgroup: testhbacsvcgroup03,testhbacsvcgroup04
register: result
failed_when: result.changed
# ENSURE OLD TEST MEMBERS ARE ABSENT
- name: Ensure HBAC rule hbacrule01 members (same) are present
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: hbacrule01
host:
- "{{ 'testhost01.' + ipaserver_domain }}"
- "{{ 'testhost02.' + ipaserver_domain }}"
hostgroup: testhostgroup01,testhostgroup02
user: testuser01,testuser02
group: testgroup01,testgroup02
hbacsvc: testhbacsvc01,testhbacsvc02
hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02
state: absent
action: member
register: result
failed_when: result.changed
# ENSURE NEW TEST MEMBERS ARE ABSENT
- name: Ensure HBAC rule hbacrule01 members are absent
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: hbacrule01
host:
- "{{ 'testhost03.' + ipaserver_domain }}"
- "{{ 'testhost04.' + ipaserver_domain }}"
hostgroup: testhostgroup03,testhostgroup04
user: testuser03,testuser04
group: testgroup03,testgroup04
hbacsvc: testhbacsvc03,testhbacsvc04
hbacsvcgroup: testhbacsvcgroup03,testhbacsvcgroup04
state: absent
action: member
register: result
failed_when: not result.changed
- name: Ensure HBAC rule hbacrule01 members are absent again
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: hbacrule01
host:
- "{{ 'testhost03.' + ipaserver_domain }}"
- "{{ 'testhost04.' + ipaserver_domain }}"
hostgroup: testhostgroup03,testhostgroup04
user: testuser03,testuser04
group: testgroup03,testgroup04
hbacsvc: testhbacsvc03,testhbacsvc04
hbacsvcgroup: testhbacsvcgroup03,testhbacsvcgroup04
state: absent
action: member
register: result
failed_when: result.changed
# CLEANUP TEST ITEMS
- name: Ensure test HBAC rule hbacrule01 is absent
ipahbacrule:
ipaadmin_password: SomeADMINpassword
name: hbacrule01
state: absent
- name: Ensure test hosts are absent
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name:
- "{{ 'testhost01.' + ipaserver_domain }}"
- "{{ 'testhost02.' + ipaserver_domain }}"
- "{{ 'testhost03.' + ipaserver_domain }}"
- "{{ 'testhost04.' + ipaserver_domain }}"
state: absent
- name: Ensure test hostgroups are absent
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup01,testhostgroup02,testhostgroup03,testhostgroup04
state: absent
- name: Ensure test users are absent
ipauser:
ipaadmin_password: MyPassword123
name: pinky
ipaadmin_password: SomeADMINpassword
name: testuser01,testuser02,testuser03,testuser04
state: absent
- name: User group login absent
- name: Ensure test user groups are absent
ipagroup:
ipaadmin_password: MyPassword123
name: login
ipaadmin_password: SomeADMINpassword
name: testgroup01,testgroup02,testgroup03,testgroup04
state: absent
- name: Ensure test HBAC Services are absent
ipahbacsvc:
ipaadmin_password: SomeADMINpassword
name: testhbacsvc01,testhbacsvc02,testhbacsvc03,testhbacsvc04
state: absent
- name: Ensure test HBAC Service Groups are absent
ipahbacsvcgroup:
ipaadmin_password: SomeADMINpassword
name: testhbacsvcgroup01,testhbacsvcgroup02,testhbacsvcgroup03,testhbacsvcgroup04
state: absent

16
tests/hbacsvc/test_hbacsvc.yml
View File

@@ -1,5 +1,5 @@
---
- name: Tests
- name: Test hbacsvc
hosts: ipaserver
become: true
gather_facts: false
@@ -7,27 +7,27 @@
tasks:
- name: Ensure HBAC Service for http is absent
ipahbacsvc:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: http,tftp
state: absent
- name: Ensure HBAC Service for http is present
ipahbacsvc:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: http
register: result
failed_when: not result.changed
- name: Ensure HBAC Service for http is present again
ipahbacsvc:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: http
register: result
failed_when: result.changed
- name: Ensure HBAC Service for tftp is present
ipahbacsvc:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: tftp
description: TFTP service
register: result
@@ -35,7 +35,7 @@
- name: Ensure HBAC Service for tftp is present again
ipahbacsvc:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: tftp
description: TFTP service
register: result
@@ -43,7 +43,7 @@
- name: Ensure HBAC Services for http and tftp are absent
ipahbacsvc:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: http,tftp
state: absent
register: result
@@ -51,7 +51,7 @@
- name: Ensure HBAC Services for http and tftp are absent again
ipahbacsvc:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: http,tftp
state: absent
register: result

22
tests/hbacsvcgroup/test_hbacsvcgroup.yml
View File

@@ -1,5 +1,5 @@
---
- name: Tests
- name: Test hbacsvcgroup
hosts: ipaserver
become: true
gather_facts: false
@@ -7,32 +7,32 @@
tasks:
- name: Ensure HBAC Service Group login is absent
ipahbacsvcgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: login
state: absent
- name: Ensure HBAC Service for sshd is present
ipahbacsvc:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: login
- name: Ensure HBAC Service Group login is present
ipahbacsvcgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: login
register: result
failed_when: not result.changed
- name: Ensure HBAC Service Group login is present again
ipahbacsvcgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: login
register: result
failed_when: result.changed
- name: Ensure HBAC Service sshd is present in HBAC Service Group login
ipahbacsvcgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: login
hbacsvc:
- sshd
@@ -42,7 +42,7 @@
- name: Ensure HBAC Service sshd is present in HBAC Service Group login again
ipahbacsvcgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: login
hbacsvc:
- sshd
@@ -52,7 +52,7 @@
- name: Ensure HBAC Services sshd and foo are absent in HBAC Service Group login
ipahbacsvcgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: login
hbacsvc:
- sshd
@@ -64,7 +64,7 @@
- name: Ensure HBAC Services sshd and foo are absent in HBAC Service Group login again
ipahbacsvcgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: login
hbacsvc:
- sshd
@@ -76,7 +76,7 @@
- name: Ensure HBAC Service Group login is absent
ipahbacsvcgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: login
state: absent
register: result
@@ -84,7 +84,7 @@
- name: Ensure HBAC Service Group login is absent again
ipahbacsvcgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: login
state: absent
register: result

36
tests/host/test_host.yml
View File

@@ -20,7 +20,7 @@
- name: Host absent
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
@@ -38,7 +38,7 @@
- name: Host "{{ host1_fqdn }}" present
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
ip_address: "{{ ipv4_prefix + '.201' }}"
update_dns: yes
@@ -48,7 +48,7 @@
- name: Host "{{ host1_fqdn }}" present again
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
ip_address: "{{ ipv4_prefix + '.201' }}"
update_dns: yes
@@ -58,7 +58,7 @@
- name: Host "{{ host2_fqdn }}" present
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host2_fqdn }}"
ip_address: "{{ ipv4_prefix + '.202' }}"
update_dns: yes
@@ -68,7 +68,7 @@
- name: Host "{{ host2_fqdn }}" present again
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host2_fqdn }}"
ip_address: "{{ ipv4_prefix + '.202' }}"
update_dns: yes
@@ -78,7 +78,7 @@
- name: Host "{{ host3_fqdn }}" present
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host3_fqdn }}"
ip_address: "{{ ipv4_prefix + '.203' }}"
update_dns: yes
@@ -88,7 +88,7 @@
- name: Host "{{ host3_fqdn }}" present again
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host3_fqdn }}"
ip_address: "{{ ipv4_prefix + '.203' }}"
update_dns: yes
@@ -98,7 +98,7 @@
- name: Host "{{ host4_fqdn }}" present
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host4_fqdn }}"
ip_address: "{{ ipv4_prefix + '.204' }}"
update_dns: yes
@@ -108,7 +108,7 @@
- name: Host "{{ host4_fqdn }}" present again
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host4_fqdn }}"
ip_address: "{{ ipv4_prefix + '.204' }}"
update_dns: yes
@@ -118,7 +118,7 @@
- name: Host "{{ host5_fqdn }}" present
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host5_fqdn }}"
ip_address: "{{ ipv4_prefix + '.205' }}"
update_dns: yes
@@ -128,8 +128,8 @@
- name: Host "{{ host5_fqdn }}" present again
ipahost:
ipaadmin_password: MyPassword123
name: "{{ host1_fqdn }}"
ipaadmin_password: SomeADMINpassword
name: "{{ host5_fqdn }}"
ip_address: "{{ ipv4_prefix + '.205' }}"
update_dns: yes
reverse: no
@@ -138,7 +138,7 @@
- name: Host "{{ host6_fqdn }}" present
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host6_fqdn }}"
ip_address: "{{ ipv4_prefix + '.206' }}"
update_dns: yes
@@ -148,7 +148,7 @@
- name: Host "{{ host6_fqdn }}" present again
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host6_fqdn }}"
ip_address: "{{ ipv4_prefix + '.206' }}"
update_dns: yes
@@ -160,7 +160,7 @@
# not enabled.
#- name: Hosts host1..host6 disabled
# ipahost:
# ipaadmin_password: MyPassword123
# ipaadmin_password: SomeADMINpassword
# name:
# - "{{ host1_fqdn }}"
# - "{{ host2_fqdn }}"
@@ -174,7 +174,7 @@
#
#- name: Hosts host1..host6 disabled again
# ipahost:
# ipaadmin_password: MyPassword123
# ipaadmin_password: SomeADMINpassword
# name:
# - "{{ host1_fqdn }}"
# - "{{ host2_fqdn }}"
@@ -188,7 +188,7 @@
- name: Hosts host1..host6 absent
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
@@ -203,7 +203,7 @@
- name: Hosts host1..host6 absent again
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"

44
tests/host/test_host_allow_create_keytab.yml
View File

@@ -22,7 +22,7 @@
- name: Host host1..., host2... and host3... absent
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
@@ -31,13 +31,13 @@
- name: Ensure host-groups hostgroup1 and hostgroup2 absent
ipahostgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: hostgroup1,hostgroup2
state: absent
- name: Ensure users user1 and user2 absent
ipauser:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
users:
- name: user1
- name: user2
@@ -45,13 +45,13 @@
- name: Ensure group1 and group2 absent
ipagroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: group1,group2
state: absent
- name: Host host2... and host3... present
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host2_fqdn }}"
force: yes
@@ -62,7 +62,7 @@
- name: Ensure host-group hostgroup1 present
ipahostgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: hostgroup1
state: present
register: result
@@ -70,7 +70,7 @@
- name: Ensure host-group hostgroup2 present
ipahostgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: hostgroup2
state: present
register: result
@@ -78,7 +78,7 @@
- name: Ensure users user1 and user2 present
ipauser:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
users:
- name: user1
first: First1
@@ -91,21 +91,21 @@
- name: Ensure group1 present
ipagroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: group1
register: result
failed_when: not result.changed
- name: Ensure group2 present
ipagroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: group2
register: result
failed_when: not result.changed
- name: Host host1... present with allow_create_keytab users,groups,hosts and hostgroups
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
allow_create_keytab_user:
- user1
@@ -125,7 +125,7 @@
- name: Host host1... present with allow_create_keytab users,groups,hosts and hostgroups again
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
allow_create_keytab_user:
- user1
@@ -145,14 +145,14 @@
- name: Host host1... absent
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
state: absent
- name: Host host1... present
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
force: yes
register: result
@@ -160,7 +160,7 @@
- name: Host host1... ensure allow_create_keytab users,groups,hosts and hostgroups present
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
allow_create_keytab_user:
- user1
@@ -180,7 +180,7 @@
- name: Host host1... ensure allow_create_keytab users,groups,hosts and hostgroups present again
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
allow_create_keytab_user:
- user1
@@ -200,7 +200,7 @@
- name: Host host1... ensure allow_create_keytab users,groups,hosts and hostgroups absent
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
allow_create_keytab_user:
- user1
@@ -221,7 +221,7 @@
- name: Host host1... ensure allow_create_keytab users,groups,hosts and hostgroups absent again
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
allow_create_keytab_user:
- user1
@@ -242,7 +242,7 @@
- name: Host host1..., host2... and host3... absent
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
@@ -253,7 +253,7 @@
- name: Ensure host-groups hostgroup1 and hostgroup2 absent
ipahostgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: hostgroup1,hostgroup2
state: absent
register: result
@@ -261,7 +261,7 @@
- name: Ensure users user1 and user2 absent
ipauser:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
users:
- name: user1
- name: user2
@@ -271,7 +271,7 @@
- name: Ensure group1 and group2 absent
ipagroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: group1,group2
state: absent
register: result

44
tests/host/test_host_allow_retrieve_keytab.yml
View File

@@ -22,7 +22,7 @@
- name: Host host1..., host2... and host3... absent
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
@@ -31,13 +31,13 @@
- name: Ensure host-groups hostgroup1 and hostgroup2 absent
ipahostgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: hostgroup1,hostgroup2
state: absent
- name: Ensure users user1 and user2 absent
ipauser:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
users:
- name: user1
- name: user2
@@ -45,13 +45,13 @@
- name: Ensure group1 and group2 absent
ipagroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: group1,group2
state: absent
- name: Host host2... and host3... present
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host2_fqdn }}"
force: yes
@@ -62,7 +62,7 @@
- name: Ensure host-group hostgroup1 present
ipahostgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: hostgroup1
state: present
register: result
@@ -70,7 +70,7 @@
- name: Ensure host-group hostgroup2 present
ipahostgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: hostgroup2
state: present
register: result
@@ -78,7 +78,7 @@
- name: Ensure users user1 and user2 present
ipauser:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
users:
- name: user1
first: First1
@@ -91,21 +91,21 @@
- name: Ensure group1 present
ipagroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: group1
register: result
failed_when: not result.changed
- name: Ensure group2 present
ipagroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: group2
register: result
failed_when: not result.changed
- name: Host host1... present with allow_retrieve_keytab users,groups,hosts and hostgroups
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
allow_retrieve_keytab_user:
- user1
@@ -125,7 +125,7 @@
- name: Host host1... present with allow_retrieve_keytab users,groups,hosts and hostgroups again
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
allow_retrieve_keytab_user:
- user1
@@ -145,14 +145,14 @@
- name: Host host1... absent
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
state: absent
- name: Host host1... present
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
force: yes
register: result
@@ -160,7 +160,7 @@
- name: Host host1... ensure allow_retrieve_keytab users,groups,hosts and hostgroups present
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
allow_retrieve_keytab_user:
- user1
@@ -180,7 +180,7 @@
- name: Host host1... ensure allow_retrieve_keytab users,groups,hosts and hostgroups present again
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
allow_retrieve_keytab_user:
- user1
@@ -200,7 +200,7 @@
- name: Host host1... ensure allow_retrieve_keytab users,groups,hosts and hostgroups absent
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
allow_retrieve_keytab_user:
- user1
@@ -221,7 +221,7 @@
- name: Host host1... ensure allow_retrieve_keytab users,groups,hosts and hostgroups absent again
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
allow_retrieve_keytab_user:
- user1
@@ -242,7 +242,7 @@
- name: Host host1..., host2... and host3... absent
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
@@ -253,7 +253,7 @@
- name: Ensure host-groups hostgroup1 and hostgroup2 absent
ipahostgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: hostgroup1,hostgroup2
state: absent
register: result
@@ -261,7 +261,7 @@
- name: Ensure users user1 and user2 absent
ipauser:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
users:
- name: user1
- name: user2
@@ -271,7 +271,7 @@
- name: Ensure group1 and group2 absent
ipagroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: group1,group2
state: absent
register: result

119
tests/host/test_host_bool_params.yml Normal file
View File

@@ -0,0 +1,119 @@
---
- name: Test host bool parameters
hosts: ipaserver
become: true
tasks:
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Set host1_fqdn .. host6_fqdn
set_fact:
host1_fqdn: "{{ 'host1.' + ipaserver_domain }}"
- name: Host absent
ipahost:
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
update_dns: yes
state: absent
- name: Host "{{ host1_fqdn }}" present with requires_pre_auth, ok_as_delegate and ok_to_auth_as_delegate
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
force: yes
requires_pre_auth: yes
ok_as_delegate: yes
ok_to_auth_as_delegate: yes
register: result
failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" present with requires_pre_auth, ok_as_delegate and ok_to_auth_as_delegate again
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
requires_pre_auth: yes
ok_as_delegate: yes
ok_to_auth_as_delegate: yes
register: result
failed_when: result.changed
- name: Host "{{ host1_fqdn }}" present with requires_pre_auth, ok_as_delegate and ok_to_auth_as_delegate set to no
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
requires_pre_auth: no
ok_as_delegate: no
ok_to_auth_as_delegate: no
register: result
failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" present with requires_pre_auth, ok_as_delegate and ok_to_auth_as_delegate set to no again
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
requires_pre_auth: no
ok_as_delegate: no
ok_to_auth_as_delegate: no
register: result
failed_when: result.changed
- name: Host "{{ host1_fqdn }}" present with requires_pre_auth
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
requires_pre_auth: yes
register: result
failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" present with requires_pre_auth again
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
requires_pre_auth: yes
register: result
failed_when: result.changed
- name: Host "{{ host1_fqdn }}" present with ok_as_delegate
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
ok_as_delegate: yes
register: result
failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" present with ok_as_delegate again
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
ok_as_delegate: yes
register: result
failed_when: result.changed
- name: Host "{{ host1_fqdn }}" present with ok_to_auth_as_delegate
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
ok_to_auth_as_delegate: yes
register: result
failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" present with ok_to_auth_as_delegate again
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
ok_to_auth_as_delegate: yes
register: result
failed_when: result.changed
- name: Host absent
ipahost:
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
update_dns: yes
state: absent

321
tests/host/test_host_ipaddresses.yml Normal file
View File

@@ -0,0 +1,321 @@
---
- name: Test host IP addresses
hosts: ipaserver
become: true
tasks:
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Set host1_fqdn .. host6_fqdn
set_fact:
host1_fqdn: "{{ 'host1.' + ipaserver_domain }}"
host2_fqdn: "{{ 'host2.' + ipaserver_domain }}"
host3_fqdn: "{{ 'host3.' + ipaserver_domain }}"
- name: Get IPv4 address prefix from server node
set_fact:
ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] |
join('.') }}"
- name: Host absent
ipahost:
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
- "{{ host3_fqdn }}"
update_dns: yes
state: absent
- name: Host "{{ host1_fqdn }}" present
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
ip_address:
- "{{ ipv4_prefix + '.201' }}"
- fe80::20c:29ff:fe02:a1b2
update_dns: yes
reverse: no
register: result
failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" present again
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
ip_address:
- "{{ ipv4_prefix + '.201' }}"
- fe80::20c:29ff:fe02:a1b2
update_dns: yes
reverse: no
register: result
failed_when: result.changed
- name: Host "{{ host1_fqdn }}" present again with new IP address
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
ip_address:
- "{{ ipv4_prefix + '.211' }}"
- fe80::20c:29ff:fe02:a1b3
- "{{ ipv4_prefix + '.221' }}"
- fe80::20c:29ff:fe02:a1b4
update_dns: yes
reverse: no
register: result
failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" present again with new IP address again
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
ip_address:
- "{{ ipv4_prefix + '.211' }}"
- fe80::20c:29ff:fe02:a1b3
- "{{ ipv4_prefix + '.221' }}"
- fe80::20c:29ff:fe02:a1b4
update_dns: yes
reverse: no
register: result
failed_when: result.changed
- name: Host "{{ host1_fqdn }}" member IPv4 address present
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
ip_address: "{{ ipv4_prefix + '.201' }}"
action: member
register: result
failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" member IPv4 address present again
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
ip_address: "{{ ipv4_prefix + '.201' }}"
action: member
register: result
failed_when: result.changed
- name: Host "{{ host1_fqdn }}" member IPv4 address absent
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
ip_address: "{{ ipv4_prefix + '.201' }}"
action: member
state: absent
register: result
failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" member IPv4 address absent again
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
ip_address: "{{ ipv4_prefix + '.201' }}"
action: member
state: absent
register: result
failed_when: result.changed
- name: Host "{{ host1_fqdn }}" member IPv6 address present
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
ip_address: fe80::20c:29ff:fe02:a1b2
action: member
register: result
failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" member IPv6 address present again
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
ip_address: fe80::20c:29ff:fe02:a1b2
action: member
register: result
failed_when: result.changed
- name: Host "{{ host1_fqdn }}" member IPv6 address absent
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
ip_address: fe80::20c:29ff:fe02:a1b2
action: member
state: absent
register: result
failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" member IPv6 address absent again
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
ip_address: fe80::20c:29ff:fe02:a1b2
action: member
state: absent
register: result
- name: Host "{{ host1_fqdn }}" member all ip-addresses absent
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
ip_address:
- "{{ ipv4_prefix + '.211' }}"
- fe80::20c:29ff:fe02:a1b3
- "{{ ipv4_prefix + '.221' }}"
- fe80::20c:29ff:fe02:a1b4
action: member
state: absent
register: result
failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" all member ip-addresses absent again
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
ip_address:
- "{{ ipv4_prefix + '.211' }}"
- fe80::20c:29ff:fe02:a1b3
- "{{ ipv4_prefix + '.221' }}"
- fe80::20c:29ff:fe02:a1b4
action: member
state: absent
register: result
failed_when: result.changed
- name: Hosts "{{ host1_fqdn }}" and "{{ host2_fqdn }}" present with same IP addresses
ipahost:
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
ip_address:
- "{{ ipv4_prefix + '.211' }}"
- fe80::20c:29ff:fe02:a1b3
- "{{ ipv4_prefix + '.221' }}"
- fe80::20c:29ff:fe02:a1b4
- name: "{{ host2_fqdn }}"
ip_address:
- "{{ ipv4_prefix + '.211' }}"
- fe80::20c:29ff:fe02:a1b3
- "{{ ipv4_prefix + '.221' }}"
- fe80::20c:29ff:fe02:a1b4
register: result
failed_when: not result.changed
- name: Hosts "{{ host1_fqdn }}" and "{{ host2_fqdn }}" present with same IP addresses again
ipahost:
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
ip_address:
- "{{ ipv4_prefix + '.211' }}"
- fe80::20c:29ff:fe02:a1b3
- "{{ ipv4_prefix + '.221' }}"
- fe80::20c:29ff:fe02:a1b4
- name: "{{ host2_fqdn }}"
ip_address:
- "{{ ipv4_prefix + '.211' }}"
- fe80::20c:29ff:fe02:a1b3
- "{{ ipv4_prefix + '.221' }}"
- fe80::20c:29ff:fe02:a1b4
register: result
failed_when: result.changed
- name: Hosts "{{ host3_fqdn }}" present with same IP addresses
ipahost:
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host3_fqdn }}"
ip_address:
- "{{ ipv4_prefix + '.211' }}"
- fe80::20c:29ff:fe02:a1b3
- "{{ ipv4_prefix + '.221' }}"
- fe80::20c:29ff:fe02:a1b4
register: result
failed_when: not result.changed
- name: Hosts "{{ host3_fqdn }}" present with same IP addresses again
ipahost:
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host3_fqdn }}"
ip_address:
- "{{ ipv4_prefix + '.211' }}"
- fe80::20c:29ff:fe02:a1b3
- "{{ ipv4_prefix + '.221' }}"
- fe80::20c:29ff:fe02:a1b4
register: result
failed_when: result.changed
- name: Host "{{ host3_fqdn }}" present with differnt IP addresses
ipahost:
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host3_fqdn }}"
ip_address:
- "{{ ipv4_prefix + '.111' }}"
- fe80::20c:29ff:fe02:a1b1
- "{{ ipv4_prefix + '.121' }}"
- fe80::20c:29ff:fe02:a1b2
register: result
failed_when: not result.changed
- name: Host "{{ host3_fqdn }}" present with different IP addresses again
ipahost:
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host3_fqdn }}"
ip_address:
- "{{ ipv4_prefix + '.111' }}"
- fe80::20c:29ff:fe02:a1b1
- "{{ ipv4_prefix + '.121' }}"
- fe80::20c:29ff:fe02:a1b2
register: result
failed_when: result.changed
- name: Host "{{ host3_fqdn }}" present with old IP addresses
ipahost:
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host3_fqdn }}"
ip_address:
- "{{ ipv4_prefix + '.211' }}"
- fe80::20c:29ff:fe02:a1b3
- "{{ ipv4_prefix + '.221' }}"
- fe80::20c:29ff:fe02:a1b4
register: result
failed_when: not result.changed
- name: Host "{{ host3_fqdn }}" present with old IP addresses again
ipahost:
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host3_fqdn }}"
ip_address:
- "{{ ipv4_prefix + '.211' }}"
- fe80::20c:29ff:fe02:a1b3
- "{{ ipv4_prefix + '.221' }}"
- fe80::20c:29ff:fe02:a1b4
register: result
failed_when: result.changed
- name: Absent host01.ihavenodns.info test
ipahost:
ipaadmin_password: SomeADMINpassword
hosts:
- name: host01.ihavenodns.info
state: absent
register: result
failed_when: result.changed
- name: Host absent
ipahost:
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
- "{{ host3_fqdn }}"
update_dns: yes
state: absent

24
tests/host/test_host_managedby_host.yml
View File

@@ -16,7 +16,7 @@
- name: Host absent
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
@@ -25,7 +25,7 @@
- name: Host "{{ host1_fqdn }}" present
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
force: yes
register: result
@@ -33,7 +33,7 @@
- name: Host "{{ host2_fqdn }}" present
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host2_fqdn }}"
force: yes
register: result
@@ -41,7 +41,7 @@
- name: Host "{{ host1_fqdn }}" managed by "{{ 'host2.' + ipaserver_domain }}"
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
managedby_host: "{{ host2_fqdn }}"
register: result
@@ -49,7 +49,7 @@
- name: Host "{{ host1_fqdn }}" managed by "{{ 'host2.' + ipaserver_domain }}" again
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
managedby_host: "{{ host2_fqdn }}"
register: result
@@ -57,7 +57,7 @@
- name: Host "{{ host1_fqdn }}" managed by "{{ groups.ipaserver[0] }}"
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
managedby_host: "{{ groups.ipaserver[0] }}"
action: member
@@ -66,7 +66,7 @@
- name: Host "{{ host1_fqdn }}" managed by "{{ groups.ipaserver[0] }}" again
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
managedby_host: "{{ groups.ipaserver[0] }}"
action: member
@@ -75,7 +75,7 @@
- name: Host "{{ host1_fqdn }}" not managed by "{{ groups.ipaserver[0] }}"
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
managedby_host: "{{ groups.ipaserver[0] }}"
action: member
@@ -85,7 +85,7 @@
- name: Host "{{ host1_fqdn }}" not managed by "{{ groups.ipaserver[0] }}" again
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
managedby_host: "{{ groups.ipaserver[0] }}"
action: member
@@ -95,7 +95,7 @@
- name: Host "{{ host1_fqdn }}" not managed by "{{ 'host2.' + ipaserver_domain }}"
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
managedby_host: "{{ host2_fqdn }}"
state: absent
@@ -105,7 +105,7 @@
- name: Host "{{ host1_fqdn }}" not managed by "{{ 'host2.' + ipaserver_domain }}" again
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
managedby_host: "{{ host2_fqdn }}"
action: member
@@ -115,7 +115,7 @@
- name: Host absent
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"

22
tests/host/test_host_principal.yml
View File

@@ -20,7 +20,7 @@
- name: Host host1 absent
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
update_dns: yes
@@ -28,7 +28,7 @@
- name: Host host1... present with principal host/testhost1...
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
principal:
- "{{ 'host/testhost1.' + ipaserver_domain + '@' + ipaserver_realm }}"
@@ -38,7 +38,7 @@
- name: Host host1... principal host/host1... present (existing already)
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
principal:
- "{{ 'host/host1.' + ipaserver_domain + '@' + ipaserver_realm }}"
@@ -48,7 +48,7 @@
- name: Host host1... principal host/testhost1... present again
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
principal: "{{ 'host/testhost1.' + ipaserver_domain + '@' + ipaserver_realm }}"
action: member
@@ -57,7 +57,7 @@
- name: Host host1... principal host/testhost1... absent
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
principal: "{{ 'host/testhost1.' + ipaserver_domain + '@' + ipaserver_realm }}"
action: member
@@ -67,7 +67,7 @@
- name: Host host1... principal host/testhost1... absent again
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
principal: "{{ 'host/testhost1.' + ipaserver_domain + '@' + ipaserver_realm }}"
action: member
@@ -77,7 +77,7 @@
- name: Host host1... principal host/testhost1... and host/myhost1... present
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
principal:
- "{{ 'host/testhost1.' + ipaserver_domain + '@' + ipaserver_realm }}"
@@ -88,7 +88,7 @@
- name: Host host1... principal host/testhost1... and host/myhost1... present again
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
principal:
- "{{ 'host/testhost1.' + ipaserver_domain + '@' + ipaserver_realm }}"
@@ -99,7 +99,7 @@
- name: Host host1... principal host/testhost1... and host/myhost1... absent
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
principal:
- "{{ 'host/testhost1.' + ipaserver_domain + '@' + ipaserver_realm }}"
@@ -111,7 +111,7 @@
- name: Host host1... principal host/testhost1... and host/myhost1... absent again
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
principal:
- "{{ 'host/testhost1.' + ipaserver_domain + '@' + ipaserver_realm }}"
@@ -123,7 +123,7 @@
- name: Host host1... absent
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
update_dns: yes

10
tests/host/test_host_random.yml
View File

@@ -16,7 +16,7 @@
- name: Test hosts absent
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
@@ -25,7 +25,7 @@
- name: Host "{{ host1_fqdn }}" present with random password
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
random: yes
force: yes
@@ -43,14 +43,14 @@
- name: Host "{{ host1_fqdn }}" absent
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
state: absent
- name: Hosts "{{ host1_fqdn }}" and "{{ host2_fqdn }}" present with random password
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
random: yes
@@ -79,7 +79,7 @@
- name: Hosts "{{ host1_fqdn }}" and "{{ host2_fqdn }}" absent
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"

103
tests/host/test_host_reverse.yml Normal file
View File

@@ -0,0 +1,103 @@
---
- name: Test host
hosts: ipaserver
become: true
gather_facts: true
tasks:
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Set host1_fqdn
set_fact:
host1_fqdn: "{{ 'host1.' + ipaserver_domain }}"
- name: Host absent
ipahost:
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
update_dns: yes
state: absent
- name: Get IPv4 address prefix from server node
set_fact:
ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] |
join('.') }}"
reverse_zone: "{{ ansible_default_ipv4.address.split('.')[2::-1] |
join('.') }}"
- name: Set zone for reverse address.
command: ipa dnszone-add "{{ item }}" --skip-nameserver-check --skip-overlap-check
with_items:
- "{{ reverse_zone + '.in-addr.arpa.' }}"
- 'ip6.arpa.'
ignore_errors: yes
- name: Host "{{ host1_fqdn }}" present
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
ip_address: "{{ ipv4_prefix + '.201' }}"
update_dns: yes
reverse: yes
register: result
failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" present, again.
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
ip_address: "{{ ipv4_prefix + '.201' }}"
update_dns: yes
reverse: yes
register: result
failed_when: result.changed
- name: Hosts host1 absent
ipahost:
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
update_dns: yes
state: absent
register: result
failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" present with IPv6
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
ip_address: "fd00::0001"
update_dns: yes
reverse: yes
register: result
failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" present with IPv6, again.
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
ip_address: "fd00::0001"
update_dns: yes
reverse: yes
register: result
failed_when: result.changed
- name: Hosts host1 absent
ipahost:
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
update_dns: yes
state: absent
register: result
failed_when: not result.changed
- name: Set zone for reverse address.
command: ipa dnszone-del "{{ item }}"
with_items:
- "{{ reverse_zone + '.in-addr.arpa.' }}"
- 'ip6.arpa.'

10
tests/host/test_hosts.yml
View File

@@ -21,7 +21,7 @@
- name: Host host1..host6 absent
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
- name: "{{ host2_fqdn }}"
@@ -33,7 +33,7 @@
- name: Hosts host1..host6 present
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
force: yes
@@ -52,7 +52,7 @@
- name: Hosts host1..host6 present again
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
force: yes
@@ -71,7 +71,7 @@
- name: Hosts host1..host6 absent
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
- name: "{{ host2_fqdn }}"
@@ -85,7 +85,7 @@
- name: Hosts host1..host6 absent again
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
- name: "{{ host2_fqdn }}"

16
tests/host/test_hosts_managedby_host.yml
View File

@@ -19,7 +19,7 @@
- name: Host absent
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
@@ -31,7 +31,7 @@
- name: Host "{{ host5_fqdn }}" present
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host5_fqdn }}"
force: yes
register: result
@@ -39,7 +39,7 @@
- name: Hosts "{{ host1_fqdn }}" .. "{{ 'host5.' + ipaserver_domain }}" present and managed by "{{ 'host5.' + ipaserver_domain }}"
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
managedby_host: "{{ host5_fqdn }}"
@@ -61,7 +61,7 @@
- name: Hosts "{{ host1_fqdn }}" .. "{{ 'host5.' + ipaserver_domain }}" present and managed by "{{ 'host5.' + ipaserver_domain }}" again
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
managedby_host: "{{ host5_fqdn }}"
@@ -83,7 +83,7 @@
- name: Hosts "{{ host1_fqdn }}" .. "{{ 'host5.' + ipaserver_domain }}" managed by "{{ 'host5.' + ipaserver_domain }}"
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
managedby_host: "{{ host5_fqdn }}"
@@ -101,7 +101,7 @@
- name: Hosts "{{ host1_fqdn }}" .. "{{ 'host5.' + ipaserver_domain }}" not managed by "{{ 'host5.' + ipaserver_domain }}"
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
managedby_host: "{{ host5_fqdn }}"
@@ -120,7 +120,7 @@
- name: Hosts "{{ host1_fqdn }}" .. "{{ 'host5.' + ipaserver_domain }}" not managed by "{{ 'host5.' + ipaserver_domain }}" again
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
managedby_host: "{{ host5_fqdn }}"
@@ -139,7 +139,7 @@
- name: Hosts "{{ host1_fqdn }}" .. "{{ 'host5.' + ipaserver_domain }}" absent
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
- name: "{{ host2_fqdn }}"

22
tests/host/test_hosts_principal.yml
View File

@@ -21,7 +21,7 @@
- name: Host host1... and host2... absent
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
@@ -30,7 +30,7 @@
- name: Host hostX... present with principal host/testhostX... X=[1,2]
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
principal:
@@ -45,7 +45,7 @@
- name: Host hostX... principal 'host/hostX... present (existing already) X=[1,2]
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
principal:
@@ -59,7 +59,7 @@
- name: Host hostX... principal host/testhostX... present again X=[1,2]
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
principal:
@@ -73,7 +73,7 @@
- name: Host hostX.. principal host/testhostX... absent X=[1,2]
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
principal:
@@ -88,7 +88,7 @@
- name: Host hostX... principal host/testhostX... absent again X=[1,2]
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
principal:
@@ -103,7 +103,7 @@
- name: Host hostX... principal host/testhostX... and host/myhostX... present X=[1,2]
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
principal:
@@ -119,7 +119,7 @@
- name: Host hostX... principal host/testhostX... and host/myhostX... present again X=[1,2]
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
principal:
@@ -135,7 +135,7 @@
- name: Host hostX... principal host/testhostX... and host/myhostX... absent X=[1,2]
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
principal:
@@ -153,7 +153,7 @@
- name: Host hostX... principal host/testhostX... and host/myhostX... absent again X=[1,2]
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
principal:
@@ -171,7 +171,7 @@
- name: Hosts host1... and host2... absent
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"

38
tests/hostgroup/test_hostgroup.yml
View File

@@ -1,5 +1,5 @@
---
- name: Tests
- name: Test hostgroup
hosts: ipaserver
become: true
gather_facts: false
@@ -12,7 +12,7 @@
- name: Ensure host-group databases, mysql-server and oracle-server are absent
ipahostgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- databases
- mysql-server
@@ -21,7 +21,7 @@
- name: Test hosts db1 and db2 absent
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- "{{ 'db1.' + ipaserver_domain }}"
- "{{ 'db2.' + ipaserver_domain }}"
@@ -29,7 +29,7 @@
- name: Host "{{ 'db1.' + ipaserver_domain }}" present
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ 'db1.' + ipaserver_domain }}"
force: yes
register: result
@@ -37,7 +37,7 @@
- name: Host "{{ 'db2.' + ipaserver_domain }}" present
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ 'db2.' + ipaserver_domain }}"
force: yes
register: result
@@ -45,7 +45,7 @@
- name: Ensure host-group mysql-server is present
ipahostgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: mysql-server
state: present
register: result
@@ -53,7 +53,7 @@
- name: Ensure host-group mysql-server is present again
ipahostgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: mysql-server
state: present
register: result
@@ -61,7 +61,7 @@
- name: Ensure host-group oracle-server is present
ipahostgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: oracle-server
state: present
register: result
@@ -69,7 +69,7 @@
- name: Ensure host-group oracle-server is present again
ipahostgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: oracle-server
state: present
register: result
@@ -77,7 +77,7 @@
- name: Ensure host-group databases is present
ipahostgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: databases
state: present
host:
@@ -89,7 +89,7 @@
- name: Ensure host-group databases is present again
ipahostgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: databases
state: present
host:
@@ -101,7 +101,7 @@
- name: Ensure host db2 is member of host-group databases
ipahostgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: databases
state: present
host:
@@ -112,7 +112,7 @@
- name: Ensure host db2 is member of host-group databases again
ipahostgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: databases
state: present
host:
@@ -123,7 +123,7 @@
- name: Ensure host-group mysql-server is member of host-group databases
ipahostgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: databases
state: present
hostgroup:
@@ -134,7 +134,7 @@
- name: Ensure host-group mysql-server is member of host-group databases again
ipahostgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: databases
state: present
hostgroup:
@@ -145,7 +145,7 @@
- name: Ensure host-group oracle-server is member of host-group databases (again)
ipahostgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: databases
state: present
hostgroup:
@@ -156,7 +156,7 @@
- name: Ensure host-group databases, mysql-server and oracle-server are absent
ipahostgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- databases
- mysql-server
@@ -167,7 +167,7 @@
- name: Ensure host-group databases, mysql-server and oracle-server are absent again
ipahostgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- databases
- mysql-server
@@ -178,7 +178,7 @@
- name: Test hosts db1 and db2 absent
ipahost:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- "{{ 'db1.' + ipaserver_domain }}"
- "{{ 'db2.' + ipaserver_domain }}"

51
tests/pwpolicy/test_pwpolicy.yml
View File

@@ -1,14 +1,34 @@
---
- name: Tests
- name: Test pwpolicy
hosts: ipaserver
become: true
gather_facts: false
tasks:
- name: Ensure maxlife of 90 for global_policy
ipapwpolicy:
ipaadmin_password: SomeADMINpassword
maxlife: 90
- name: Ensure absence of group ops
ipagroup:
ipaadmin_password: SomeADMINpassword
name: ops
state: absent
- name: Ensure absence of pwpolicies for group ops
ipapwpolicy:
ipaadmin_password: SomeADMINpassword
name: ops
state: absent
- name: Ensure presence of group ops
ipagroup:
ipaadmin_password: SomeADMINpassword
name: ops
state: present
register: result
failed_when: not result.changed
- name: Ensure presence of pwpolicies for group ops
ipapwpolicy:
@@ -42,6 +62,28 @@
register: result
failed_when: result.changed
- name: Ensure maxlife of 49 for global_policy
ipapwpolicy:
ipaadmin_password: SomeADMINpassword
maxlife: 49
register: result
failed_when: not result.changed
- name: Ensure maxlife of 49 for global_policy again
ipapwpolicy:
ipaadmin_password: SomeADMINpassword
maxlife: 49
register: result
failed_when: result.changed
- name: Ensure absence of pwpoliciy global_policy will fail
ipapwpolicy:
ipaadmin_password: SomeADMINpassword
state: absent
register: result
ignore_errors: True
failed_when: result is defined and result
- name: Ensure absence of pwpolicies for group ops
ipapwpolicy:
ipaadmin_password: SomeADMINpassword
@@ -50,6 +92,13 @@
register: result
failed_when: not result.changed
- name: Ensure maxlife of 90 for global_policy
ipapwpolicy:
ipaadmin_password: SomeADMINpassword
maxlife: 90
register: result
failed_when: not result.changed
- name: Ensure absence of pwpolicies for group ops
ipapwpolicy:
ipaadmin_password: SomeADMINpassword

BIN
tests/service/certificate/cert1.der Normal file
View File

Binary file not shown.

19
tests/service/certificate/cert1.pem Normal file
View File

@@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQEL
BQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQx
MDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk
+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa
8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0am
nvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cj
QQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidS
X0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYuku
H/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAP
BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0
WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqic
uPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkG
wIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyE
iaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj
9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV
7MVq
-----END CERTIFICATE-----

BIN
tests/service/certificate/cert2.der Normal file
View File

Binary file not shown.

19
tests/service/certificate/cert2.pem Normal file
View File

@@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIC/zCCAeegAwIBAgIURhps6LEteMDCdBrlVkWe4cgSh0YwDQYJKoZIhvcNAQEL
BQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQyNDBaFw0zMDAyMDExNDQy
NDBaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC4W56H0VraEKGlCxSTS2PqnaD11shMjruexmholmTEtYPePPnQHpwiiZlg
K7CPBIOdCn4hHH+hXQDg/TJRMjrde1VzD0pFRBUq6H25sy8oOlfD0bDXkncWn82S
OJu2UJHeL7htQLRxW14VIAO2YO9zaXdophy6/csTAkFq1ls/vTBp73pnnYp8D7Tg
zBB6bb95OZBSHeCzPIH2FSCJ/W0j6bHw4i7uHu/jWx0o0LR152fSFFwk0Wrmp8HH
b2083OlnSBgTM+BZDg9rB7jpLCsIGHWXbjG36jmRaZu5z4vq2FNomJ8PXkX7mwUf
aft6z+px7UlhrwUxEVWIXOoUBYcJAgMBAAGjUzBRMB0GA1UdDgQWBBTttCQn5UaQ
i+N5WRnA7ZTQlkVfRTAfBgNVHSMEGDAWgBTttCQn5UaQi+N5WRnA7ZTQlkVfRTAP
BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBW3vRR5wEDztuLVrcQ
Dojn1XB24OOqn4C6OJyz3FUxd4MQA8J2vKN4P2QXhY0oYsauFKhR5xfOaDUcK2Tu
kAtFz1mxqm1ygUVQHbrs8lBeIi4hoMc76ODJ/V9GNY7N/y/5xtD7XlyTVT2tb6tc
6tmv8e4497PTPspuHp9YbbvzdSI12JENDW4hKCOpR/Uv7mRcCT+c2iMJdUL3f3YO
FsGBbxVdTPmuhL4My8qR/CtCNpN0gBsaxUKFAP+/1AvFbFDChFVDEEdD8PLznH5x
8HLmA9/K5x/cXbgqESUqK13P53f1XYOfggKb1f7yqBAZRnTY82+k9Kn9qWOcnyxS
uUtZ
-----END CERTIFICATE-----

28
tests/service/certificate/private1.key Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+XVVGFYpHVkcD
fVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJ
zMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmj
fMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn
0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQW
AnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63
g5cZyE+nAgMBAAECggEBALJIsw5aKhE5inSIN0xZT3FTWxcjHF26jE+X86G0H3KZ
roLqnjOagOKTwjeErXt66IWKFh3b5vKCSNq6PEs8OCeRHv71bay5zK1WWLH87sKJ
EAUSPuK5O6donI9aC36VL8tTwSOOOS9WJ0KoHqsn/tLHlONXOvo063iYEg8xFhuP
etrOf2gDjwGbeWis7VeHG7wL5p2/WdsyjTDbQPhmUlBO93rtkBlm9FaqYKwrp8qe
4c5gf6ZAKgY2EZaQuEvq3Lonk7TRCtPDVCPLYQxZGOmn2UeUS+HMnDSqrlQesBKD
hNNCCJVaQZHsghmwXa8t9yRBIxoOqVObdEQYJ8wuxMECgYEA676x3m7T2PwJXS+q
Km3snv60lCozxKbzaNJ1xlAmpW08MijYCkDS/kWSIwN5GO+b5B6use8iALrV9SyP
eC/6bFuMJ+zRfGhn1cw4Ibz79EroTxmJio7J7SiD/yxvjNVznKx5xgQeB9tdgjaf
yHSxInWoQzcDGKUe2h2KFJxUzJECgYEAzrh6zI8Ugne5iBUbLcpJUehlMd4+RM0l
1y8ZOBS1tjzimWycjZaPtMB0q4FOc1ou2zcSxwoGIv5khvUsjKhTfOc6lK+cHPhE
fAppYUxhHw2UDpX/0hKDuDu++O+86ANp7AOvM+KcNAiEoovxUyurVjBsT/PPlrTA
r5w7xuyi1LcCgYAZ7ZdSh431R4MgJKXqlLx5oDnsMdgPwOz0knExpo8ZkrIUMjnQ
puCN5sjz4OXowDG9HULJfyuWOPZfSM9ewKgiUs9PdNR1gmYpNZTW4Ro0/CggywY9
nwbGdrZN0m1SaAeXK8EY7kr/Qjk+oRNh0LPKvnYLLnnAtCh4hNcy/R62gQKBgBaD
3UweYVt8csaxlc489BNpvmvaCuovdemkBZkoGEqLAxs2yy5Ysbo8I/jyEntZ3TSf
IPpwyw5Qqt5QIdQIGV/HR4geQGCfYcYo1CV2zjU1o2SbTcuxnIsaZshyRB75EDZW
iGScT+sS6m9R0qz+WqD+kS18HqYJddsqpxAZgfqtAoGBAJx7E8HxFpaNfz/QQPAQ
mvON6ub5u4AfhH4DgiPErMxNsdzVICL+mnQy0wdmi1oEpq9KH4/8aSxdPhadyl/8
l+0CkCkBZvEP7+NmctR8Zot60wS0DnOwuURCxm/zYJ26DXjB0XitDDumFJ56Wd6p
uLl9eKMBE/jBsCSWQTuwrtnT
-----END PRIVATE KEY-----

28
tests/service/certificate/private2.key Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC4W56H0VraEKGl
CxSTS2PqnaD11shMjruexmholmTEtYPePPnQHpwiiZlgK7CPBIOdCn4hHH+hXQDg
/TJRMjrde1VzD0pFRBUq6H25sy8oOlfD0bDXkncWn82SOJu2UJHeL7htQLRxW14V
IAO2YO9zaXdophy6/csTAkFq1ls/vTBp73pnnYp8D7TgzBB6bb95OZBSHeCzPIH2
FSCJ/W0j6bHw4i7uHu/jWx0o0LR152fSFFwk0Wrmp8HHb2083OlnSBgTM+BZDg9r
B7jpLCsIGHWXbjG36jmRaZu5z4vq2FNomJ8PXkX7mwUfaft6z+px7UlhrwUxEVWI
XOoUBYcJAgMBAAECggEAPTBrlbiu5uHORPFAiwLizuQyoGYBZSearkA8Nzpzh7aX
ZhPm9mSyfeQdvAXEPDPLWzw4UNUcp3ou6H4hTUHWt9xPqDjS9dp7DBrOX+xRIpD6
wEvA3kwGqsOvf3C6ffCP+abtF5X6TgV9XJWbpdTWpP/EWj+IGahS1qRRAhzTfHvF
YGMTFwlgbz4eOs+FXBnVNGsdsdMLpOyqHMdDAA4BhyspWHyHgCRjEjROuJCKSDUR
MD1pNdaEYzoj5QeE1IKzXAzTaxG/YKd36BxV5Cp9DOBuZZLgNEd2EisXxV7UwZL4
leGgxAc+KQs6QoPoz+mrKbdDnxe6V+uaa9KHoqnj4QKBgQD1qh+MEIF+Vuf/keFJ
vDgS7oFeg1UGzMtWypiNfVYu9cBLp32tgY48+ey3OCvhRSJAVROH1rc5ZfkESSQ2
rSeV/T3plr5bBkLc7chuDM8An745p8VSOM+Ak1zE2qb+Qo+IsxNRA9KyeUvupuB8
HJ7fxdZ7JpgueD/mKyCn1WaGIwKBgQDAHTS6J7LKm52d2norERK6ZyBNVhKaKNDW
ssRqSh906oFU63Qijsp4dbm1iRXGME6Zoe1quN/K80iATdv/VzjzxS1Of8mqA7gr
/2juZbpEluSxjkqPAZp1p4Kx9WURdzv2ModkYwM3zSTGR5l22Whd9QdNQvVl1mf0
+RfgE6ty4wKBgA+GtwO1L1n6yCLg52ovmSOpK0f76O3LF7beixG2MDI7mfGuHkVP
ANxdt1ZFGJDeO7HxLpDRQzc/eKOKs904yF20aatPuawrEyK/bIF4EcUqU211awUt
TgAEUEKoxxEex8+N8dSW90QMYn4s0ddGP8xIxqt13vxg4Tj81M2GsTodAoGAOa8L
S/Hrj0ZWdzVIhXHk669XVaFIiJ1Ex5J5w2hqNZLMLpFcF5xEUxMWJdn5fb63ew3R
2b+VAr01wcCfE/Y+lYNY7T8VcEUZoaxY92v4F+wu0tlkrbfPhxA6//As3qesi2n0
mUHZj4G7TwXkoHj7C2stPBek02UjZbz9XDzLt/0CgYAiawpqmHJK4LhRm+P6J1+X
nzLPzQ6t15ivh4jPrWZPgOG3hKV+If+PTv7lLy51y2X4Ttuyumy09J+kYiy3qIHR
nmbAEkc9lesrxk1eytxmYY+fGTBpaLAc+vNXWCtUc1ttKcfrPhZdncmSh5Z0aFN3
D+EddEZHzfzoGlfbNVkfmQ==
-----END PRIVATE KEY-----

225
tests/service/certificate/test_service_certificate.yml Normal file
View File

@@ -0,0 +1,225 @@
#
# Generate self-signed certificates using openssl:
#
# openssl req -x509 -newkey rsa:2048 -days 3650 -nodes -keyout private1.key -out cert1.pem -subj '/CN=test'
# openssl req -x509 -newkey rsa:2048 -days 3650 -nodes -keyout private2.key -out cert2.pem -subj '/CN=test'
#
# Convert the certificate do DER for easier handling through CLI
#
# openssl x509 -outform der -in cert1.pem -out cert1.der
# openssl x509 -outform der -in cert2.pem -out cert2.der
#
# Use base64:
#
# base64 cert1.der -w5000
# base64 cert2.der -w5000
#
# Certificates:
# cert1:
# - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq
# cert2:
# - MIIC/zCCAeegAwIBAgIURhps6LEteMDCdBrlVkWe4cgSh0YwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQyNDBaFw0zMDAyMDExNDQyNDBaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4W56H0VraEKGlCxSTS2PqnaD11shMjruexmholmTEtYPePPnQHpwiiZlgK7CPBIOdCn4hHH+hXQDg/TJRMjrde1VzD0pFRBUq6H25sy8oOlfD0bDXkncWn82SOJu2UJHeL7htQLRxW14VIAO2YO9zaXdophy6/csTAkFq1ls/vTBp73pnnYp8D7TgzBB6bb95OZBSHeCzPIH2FSCJ/W0j6bHw4i7uHu/jWx0o0LR152fSFFwk0Wrmp8HHb2083OlnSBgTM+BZDg9rB7jpLCsIGHWXbjG36jmRaZu5z4vq2FNomJ8PXkX7mwUfaft6z+px7UlhrwUxEVWIXOoUBYcJAgMBAAGjUzBRMB0GA1UdDgQWBBTttCQn5UaQi+N5WRnA7ZTQlkVfRTAfBgNVHSMEGDAWgBTttCQn5UaQi+N5WRnA7ZTQlkVfRTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBW3vRR5wEDztuLVrcQDojn1XB24OOqn4C6OJyz3FUxd4MQA8J2vKN4P2QXhY0oYsauFKhR5xfOaDUcK2TukAtFz1mxqm1ygUVQHbrs8lBeIi4hoMc76ODJ/V9GNY7N/y/5xtD7XlyTVT2tb6tc6tmv8e4497PTPspuHp9YbbvzdSI12JENDW4hKCOpR/Uv7mRcCT+c2iMJdUL3f3YOFsGBbxVdTPmuhL4My8qR/CtCNpN0gBsaxUKFAP+/1AvFbFDChFVDEEdD8PLznH5x8HLmA9/K5x/cXbgqESUqK13P53f1XYOfggKb1f7yqBAZRnTY82+k9Kn9qWOcnyxSuUtZ
---
- name: Test service certificates
hosts: ipaserver
become: true
tasks:
# setup
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Get IPv4 address prefix from server node
set_fact:
ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] |
join('.') }}"
- name: Set test host FQDN
set_fact:
test_subdomain: testcert
test_host: "{{ 'testcert.' + ipaserver_domain }}"
- name: Host test absent
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ test_host }}"
update_dns: yes
state: absent
- name: Host test present
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ test_host }}"
ip_address: "{{ ipv4_prefix + '.201' }}"
update_dns: yes
- name: Ensure testing group group01 is present.
ipagroup:
ipaadmin_password: SomeADMINpassword
name: group01
- name: Ensure testing group group02 is present.
ipagroup:
ipaadmin_password: SomeADMINpassword
name: group02
- name: Ensure services are absent.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ test_host }}"
state: absent
# tests
- name: Ensure service is present
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ test_host }}"
certificate:
- MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq
pac_type:
- MS-PAC
- PAD
auth_ind: otp
force: no
requires_pre_auth: yes
ok_as_delegate: no
ok_to_auth_as_delegate: no
register: result
failed_when: not result.changed
- name: Ensure service is present, again
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ test_host }}"
certificate:
- MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq
pac_type:
- MS_PAC
- PAD
auth_ind: otp
force: no
requires_pre_auth: yes
ok_as_delegate: no
ok_to_auth_as_delegate: no
register: result
failed_when: result.changed
- name: Ensure service is disabled
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ test_host }}"
state: disabled
register: result
failed_when: not result.changed
- name: Ensure service member certificate is present.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ test_host }}"
certificate:
- MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq
action: member
state: present
register: result
failed_when: not result.changed
- name: Ensure service member certificate is present, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ test_host }}"
certificate:
- MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq
action: member
state: present
register: result
failed_when: result.changed
- name: Ensure service multiple member certificates are present, with duplicate.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ test_host }}"
certificate:
- MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq
- MIIC/zCCAeegAwIBAgIURhps6LEteMDCdBrlVkWe4cgSh0YwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQyNDBaFw0zMDAyMDExNDQyNDBaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4W56H0VraEKGlCxSTS2PqnaD11shMjruexmholmTEtYPePPnQHpwiiZlgK7CPBIOdCn4hHH+hXQDg/TJRMjrde1VzD0pFRBUq6H25sy8oOlfD0bDXkncWn82SOJu2UJHeL7htQLRxW14VIAO2YO9zaXdophy6/csTAkFq1ls/vTBp73pnnYp8D7TgzBB6bb95OZBSHeCzPIH2FSCJ/W0j6bHw4i7uHu/jWx0o0LR152fSFFwk0Wrmp8HHb2083OlnSBgTM+BZDg9rB7jpLCsIGHWXbjG36jmRaZu5z4vq2FNomJ8PXkX7mwUfaft6z+px7UlhrwUxEVWIXOoUBYcJAgMBAAGjUzBRMB0GA1UdDgQWBBTttCQn5UaQi+N5WRnA7ZTQlkVfRTAfBgNVHSMEGDAWgBTttCQn5UaQi+N5WRnA7ZTQlkVfRTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBW3vRR5wEDztuLVrcQDojn1XB24OOqn4C6OJyz3FUxd4MQA8J2vKN4P2QXhY0oYsauFKhR5xfOaDUcK2TukAtFz1mxqm1ygUVQHbrs8lBeIi4hoMc76ODJ/V9GNY7N/y/5xtD7XlyTVT2tb6tc6tmv8e4497PTPspuHp9YbbvzdSI12JENDW4hKCOpR/Uv7mRcCT+c2iMJdUL3f3YOFsGBbxVdTPmuhL4My8qR/CtCNpN0gBsaxUKFAP+/1AvFbFDChFVDEEdD8PLznH5x8HLmA9/K5x/cXbgqESUqK13P53f1XYOfggKb1f7yqBAZRnTY82+k9Kn9qWOcnyxSuUtZ
action: member
state: present
register: result
failed_when: not result.changed
- name: Ensure service member certificate is absent.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ test_host }}"
certificate:
- MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq
action: member
state: absent
register: result
failed_when: not result.changed
- name: Ensure service member certificate is absent, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ test_host }}"
certificate:
- MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq
action: member
state: absent
register: result
failed_when: result.changed
- name: Ensure service member certificates are absent.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ test_host }}"
certificate:
- MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq
- MIIC/zCCAeegAwIBAgIURhps6LEteMDCdBrlVkWe4cgSh0YwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQyNDBaFw0zMDAyMDExNDQyNDBaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4W56H0VraEKGlCxSTS2PqnaD11shMjruexmholmTEtYPePPnQHpwiiZlgK7CPBIOdCn4hHH+hXQDg/TJRMjrde1VzD0pFRBUq6H25sy8oOlfD0bDXkncWn82SOJu2UJHeL7htQLRxW14VIAO2YO9zaXdophy6/csTAkFq1ls/vTBp73pnnYp8D7TgzBB6bb95OZBSHeCzPIH2FSCJ/W0j6bHw4i7uHu/jWx0o0LR152fSFFwk0Wrmp8HHb2083OlnSBgTM+BZDg9rB7jpLCsIGHWXbjG36jmRaZu5z4vq2FNomJ8PXkX7mwUfaft6z+px7UlhrwUxEVWIXOoUBYcJAgMBAAGjUzBRMB0GA1UdDgQWBBTttCQn5UaQi+N5WRnA7ZTQlkVfRTAfBgNVHSMEGDAWgBTttCQn5UaQi+N5WRnA7ZTQlkVfRTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBW3vRR5wEDztuLVrcQDojn1XB24OOqn4C6OJyz3FUxd4MQA8J2vKN4P2QXhY0oYsauFKhR5xfOaDUcK2TukAtFz1mxqm1ygUVQHbrs8lBeIi4hoMc76ODJ/V9GNY7N/y/5xtD7XlyTVT2tb6tc6tmv8e4497PTPspuHp9YbbvzdSI12JENDW4hKCOpR/Uv7mRcCT+c2iMJdUL3f3YOFsGBbxVdTPmuhL4My8qR/CtCNpN0gBsaxUKFAP+/1AvFbFDChFVDEEdD8PLznH5x8HLmA9/K5x/cXbgqESUqK13P53f1XYOfggKb1f7yqBAZRnTY82+k9Kn9qWOcnyxSuUtZ
action: member
state: absent
register: result
failed_when: not result.changed
- name: Ensure service multiple member certificates is present.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ test_host }}"
certificate:
- MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq
action: member
state: present
register: result
failed_when: not result.changed
- name: Ensure service is disabled
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ test_host }}"
state: disabled
register: result
failed_when: not result.changed
- name: Ensure service is disabled, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ test_host }}"
state: disabled
register: result
failed_when: result.changed
# cleanup
- name: Ensure services are absent.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ test_host }}"
state: absent
- name: Ensure host is absent
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ test_host }}"
update_dns: yes
state: absent

536
tests/service/test_service.yml Normal file
View File

@@ -0,0 +1,536 @@
# This test uses skip_host_check, so it will fail if not using
# FreeIPA version 4.7.0 or later.
#
# To test against earlier versions, use test_without_skip_host_check.yml.
#
# This test define 6 hosts:
# - www.ansible.com: a host with a DNS setup (external), not present in IPA
# - no.idontexist.info: a host without DNS and not present in IPA.
# - svc.ihavenodns.inf: a host without DNS, but present in IPA.
# - svc_fqdn: a host with DNS and present in IPA.
# - host1_fqdn and host2_fqdn: used for member actions only.
#
---
- name: Test service
hosts: ipaserver
become: yes
tasks:
# setup
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Set host1, host2 and svc hosts fqdn
set_fact:
host1_fqdn: "{{ 'host1.' + ipaserver_domain }}"
host2_fqdn: "{{ 'host2.' + ipaserver_domain }}"
svc_fqdn: "{{ 'svc.' + ipaserver_domain }}"
- name: Host absent
ipahost:
ipaadmin_password: SomeADMINpassword
name:
- www.ansible.com
- no.idontexist.info
- svc.ihavenodns.info
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
- "{{ svc_fqdn }}"
update_dns: no
state: absent
- name: Get IPv4 address prefix from server node
set_fact:
ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] |
join('.') }}"
- name: Add hosts for tests.
ipahost:
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
force: yes
- name: "{{ host2_fqdn }}"
force: yes
- name: "{{ svc_fqdn }}"
ip_address: "{{ ipv4_prefix + '.201' }}"
- name: svc.ihavenodns.info
force: yes
- name: Ensure testing user user01 is present.
ipauser:
ipaadmin_password: SomeADMINpassword
name: user01
first: user01
last: last
- name: Ensure testing user user02 is present.
ipauser:
ipaadmin_password: SomeADMINpassword
name: user02
first: user02
last: last
- name: Ensure testing group group01 is present.
ipagroup:
ipaadmin_password: SomeADMINpassword
name: group01
- name: Ensure testing group group02 is present.
ipagroup:
ipaadmin_password: SomeADMINpassword
name: group02
- name: Ensure testing hostgroup hostgroup01 is present.
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: hostgroup01
- name: Ensure testing hostgroup hostgroup02 is present.
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: hostgroup02
- name: Ensure services are absent.
ipaservice:
ipaadmin_password: SomeADMINpassword
name:
- "HTTP/{{ svc_fqdn }}"
- HTTP/www.ansible.com
- HTTP/svc.ihavenodns.info
- HTTP/no.idontexist.info
state: absent
# tests
- name: Ensure service is present
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
pac_type:
- MS-PAC
- PAD
auth_ind: otp
skip_host_check: no
force: no
requires_pre_auth: yes
ok_as_delegate: no
ok_to_auth_as_delegate: no
register: result
failed_when: not result.changed
- name: Ensure service is present, again
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
pac_type:
- MS_PAC
- PAD
auth_ind: otp
skip_host_check: no
force: no
requires_pre_auth: yes
ok_as_delegate: no
ok_to_auth_as_delegate: no
register: result
failed_when: result.changed
- name: Modify service.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
pac_type: NONE
ok_as_delegate: yes
ok_to_auth_as_delegate: yes
register: result
failed_when: not result.changed
- name: Modify service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
pac_type: NONE
ok_as_delegate: yes
ok_to_auth_as_delegate: yes
register: result
failed_when: result.changed
- name: Ensure service is present, without host object.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: HTTP/www.ansible.com
skip_host_check: yes
register: result
failed_when: not result.changed
- name: Ensure service is present, without host object, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: HTTP/www.ansible.com
skip_host_check: yes
register: result
failed_when: result.changed
- name: Ensure service is present, with host not in DNS.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: HTTP/svc.ihavenodns.info
skip_host_check: no
force: yes
register: result
failed_when: not result.changed
- name: Ensure service is present, with host not in DNS, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: HTTP/svc.ihavenodns.info
skip_host_check: no
force: yes
register: result
failed_when: result.changed
- name: Ensure service is present, whithout host object and with host not in DNS.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: HTTP/no.idontexist.info
skip_host_check: yes
force: yes
register: result
failed_when: not result.changed
- name: Ensure service is present, whithout host object and with host not in DNS, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: HTTP/no.idontexist.info
skip_host_check: yes
force: yes
register: result
failed_when: result.changed
- name: Principal host/test.example.com present in service.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
principal:
- host/test.example.com
action: member
register: result
failed_when: not result.changed
- name: Principal host/test.example.com present in service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
principal:
- host/test.example.com
action: member
register: result
failed_when: result.changed
- name: Principal host/test.example.com absent in service.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
principal:
- host/test.example.com
action: member
state: absent
register: result
failed_when: not result.changed
- name: Principal host/test.example.com absent in service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
principal:
- host/test.example.com
action: member
state: absent
register: result
failed_when: result.changed
- name: Ensure host can manage service.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
action: member
register: result
failed_when: not result.changed
- name: Ensure host can manage service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
host: "{{ host1_fqdn }}"
action: member
register: result
failed_when: result.changed
- name: Ensure host cannot manage service.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
action: member
state: absent
register: result
failed_when: not result.changed
- name: Ensure host cannot manage service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
action: member
state: absent
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
- user02
allow_create_keytab_group:
- group01
- group02
allow_create_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
- user02
allow_create_keytab_group:
- group01
- group02
allow_create_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
- user02
allow_create_keytab_group:
- group01
- group02
allow_create_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
state: absent
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
- user02
allow_create_keytab_group:
- group01
- group02
allow_create_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
state: absent
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
- user02
allow_retrieve_keytab_group:
- group01
- group02
allow_retrieve_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_retrieve_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
- user02
allow_retrieve_keytab_group:
- group01
- group02
allow_retrieve_keytab_host:
- "{{ host1_fqdn }}"
- host02.exampl "{{ groups.ipaserver[0] }}"e.com
allow_retrieve_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
- user02
allow_retrieve_keytab_group:
- group01
- group02
allow_retrieve_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_retrieve_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
state: absent
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
- user02
allow_retrieve_keytab_group:
- group01
- group02
allow_retrieve_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_retrieve_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
state: absent
register: result
failed_when: result.changed
#
- name: Ensure service is absent
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
state: absent
register: result
failed_when: not result.changed
- name: Ensure service is absent, again
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
state: absent
register: result
failed_when: result.changed
# cleanup
- name: Ensure services are absent.
ipaservice:
ipaadmin_password: SomeADMINpassword
name:
- "HTTP/{{ svc_fqdn }}"
- HTTP/www.ansible.com
- HTTP/svc.ihavenodns.info
- HTTP/no.idontexist.local
state: absent
- name: Ensure host "{{ svc_fqdn }}" is absent
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ svc_fqdn }}"
update_dns: yes
state: absent
- name: Ensure host is absent
ipahost:
ipaadmin_password: SomeADMINpassword
name:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
- www.ansible.com
- svc.ihavenodns.info
update_dns: no
state: absent
- name: Ensure testing users are absent.
ipauser:
ipaadmin_password: SomeADMINpassword
name:
- user01
- user02
state: absent
- name: Ensure testing groups are absent.
ipagroup:
ipaadmin_password: SomeADMINpassword
name:
- group01
- group02
state: absent
- name: Ensure testing hostgroup hostgroup01 is absent.
ipagroup:
ipaadmin_password: SomeADMINpassword
name:
- hostgroup01
state: absent
- name: Ensure testing hostgroup hostgroup02 is absent.
ipagroup:
ipaadmin_password: SomeADMINpassword
name:
- hostgroup02
state: absent

476
tests/service/test_service_without_skip_host_check.yml Normal file
View File

@@ -0,0 +1,476 @@
---
- name: Test service without using option skip_host_check
hosts: ipaserver
become: yes
tasks:
# setup
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Set host1, host2 and svc hosts fqdn
set_fact:
host1_fqdn: "{{ 'host1.' + ipaserver_domain }}"
host2_fqdn: "{{ 'host2.' + ipaserver_domain }}"
svc_fqdn: "{{ 'svc.' + ipaserver_domain }}"
- name: Host absent
ipahost:
ipaadmin_password: SomeADMINpassword
name:
- svc.ihavenodns.info
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
- "{{ svc_fqdn }}"
update_dns: yes
state: absent
- name: Get IPv4 address prefix from server node
set_fact:
ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] |
join('.') }}"
- name: Add hosts for tests.
ipahost:
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
ip_address: "{{ ipv4_prefix + '.201' }}"
update_dns: yes
- name: "{{ host2_fqdn }}"
ip_address: "{{ ipv4_prefix + '.202' }}"
update_dns: yes
- name: "{{ svc_fqdn }}"
ip_address: "{{ ipv4_prefix + '.203' }}"
update_dns: yes
- name: svc.ihavenodns.info
update_dns: no
force: yes
- name: Ensure testing user user01 is present.
ipauser:
ipaadmin_password: SomeADMINpassword
name: user01
first: user01
last: last
- name: Ensure testing user user02 is present.
ipauser:
ipaadmin_password: SomeADMINpassword
name: user02
first: user02
last: last
- name: Ensure testing group group01 is present.
ipagroup:
ipaadmin_password: SomeADMINpassword
name: group01
- name: Ensure testing group group02 is present.
ipagroup:
ipaadmin_password: SomeADMINpassword
name: group02
- name: Ensure testing hostgroup hostgroup01 is present.
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: hostgroup01
- name: Ensure testing hostgroup hostgroup02 is present.
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: hostgroup02
- name: Ensure services are absent.
ipaservice:
ipaadmin_password: SomeADMINpassword
name:
- "HTTP/{{ svc_fqdn }}"
- HTTP/svc.ihavenodns.info
state: absent
# tests
- name: Ensure service is present
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
pac_type:
- MS-PAC
- PAD
auth_ind: otp
force: no
requires_pre_auth: yes
ok_as_delegate: no
ok_to_auth_as_delegate: no
register: result
failed_when: not result.changed
- name: Ensure service is present, again
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
pac_type:
- MS_PAC
- PAD
auth_ind: otp
force: no
requires_pre_auth: yes
ok_as_delegate: no
ok_to_auth_as_delegate: no
register: result
failed_when: result.changed
- name: Modify service.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
pac_type: NONE
ok_as_delegate: yes
ok_to_auth_as_delegate: yes
register: result
failed_when: not result.changed
- name: Modify service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
pac_type: NONE
ok_as_delegate: yes
ok_to_auth_as_delegate: yes
register: result
failed_when: result.changed
- name: Ensure service is present, with host not in DNS.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: HTTP/svc.ihavenodns.info
force: yes
register: result
failed_when: not result.changed
- name: Ensure service is present, with host not in DNS, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: HTTP/svc.ihavenodns.info
force: yes
register: result
failed_when: result.changed
- name: Principal host/test.example.com present in service.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
principal:
- host/test.example.com
action: member
register: result
failed_when: not result.changed
- name: Principal host/test.exabple.com present in service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
principal:
- host/test.example.com
action: member
register: result
failed_when: result.changed
- name: Principal host/test.example.com absent in service.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
principal:
- host/test.example.com
action: member
state: absent
register: result
failed_when: not result.changed
- name: Principal host/test.example.com absent in service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
principal:
- host/test.example.com
action: member
state: absent
register: result
failed_when: result.changed
- name: Ensure host can manage service.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
action: member
register: result
failed_when: not result.changed
- name: Ensure host can manage service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
host: "{{ host1_fqdn }}"
action: member
register: result
failed_when: result.changed
- name: Ensure host cannot manage service.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
action: member
state: absent
register: result
failed_when: not result.changed
- name: Ensure host cannot manage service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
action: member
state: absent
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
- user02
allow_create_keytab_group:
- group01
- group02
allow_create_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
- user02
allow_create_keytab_group:
- group01
- group02
allow_create_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
- user02
allow_create_keytab_group:
- group01
- group02
allow_create_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
state: absent
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
- user02
allow_create_keytab_group:
- group01
- group02
allow_create_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
state: absent
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
- user02
allow_retrieve_keytab_group:
- group01
- group02
allow_retrieve_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_retrieve_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
- user02
allow_retrieve_keytab_group:
- group01
- group02
allow_retrieve_keytab_host:
- "{{ host1_fqdn }}"
- host02.exampl "{{ groups.ipaserver[0] }}"e.com
allow_retrieve_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
register: result
failed_when: result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
- user02
allow_retrieve_keytab_group:
- group01
- group02
allow_retrieve_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_retrieve_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
state: absent
register: result
failed_when: not result.changed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
- user02
allow_retrieve_keytab_group:
- group01
- group02
allow_retrieve_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_retrieve_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
state: absent
register: result
failed_when: result.changed
#
- name: Ensure service is absent
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
state: absent
register: result
failed_when: not result.changed
- name: Ensure service is absent, again
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
state: absent
register: result
failed_when: result.changed
# cleanup
- name: Ensure services are absent.
ipaservice:
ipaadmin_password: SomeADMINpassword
name:
- "HTTP/{{ svc_fqdn }}"
- HTTP/svc.ihavenodns.info
state: absent
- name: Ensure host is absent
ipahost:
ipaadmin_password: SomeADMINpassword
name:
- "{{ svc_fqdn }}"
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
- svc.ihavenodns.info
state: absent
- name: Ensure testing users are absent.
ipauser:
ipaadmin_password: SomeADMINpassword
name:
- user01
- user02
state: absent
- name: Ensure testing groups are absent.
ipagroup:
ipaadmin_password: SomeADMINpassword
name:
- group01
- group02
state: absent
- name: Ensure testing hostgroup hostgroup01 is absent.
ipagroup:
ipaadmin_password: SomeADMINpassword
name:
- hostgroup01
state: absent
- name: Ensure testing hostgroup hostgroup02 is absent.
ipagroup:
ipaadmin_password: SomeADMINpassword
name:
- hostgroup02
state: absent

28
tests/sudocmd/test_sudocmd.yml
View File

@@ -1,6 +1,6 @@
---
- name: Tests
- name: Test sudocmd
hosts: ipaserver
become: true
gather_facts: false
@@ -8,7 +8,7 @@
tasks:
- name: Ensure sudocmds are absent
ipasudocmd:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- /usr/bin/su
- /usr/sbin/ifconfig
@@ -17,7 +17,7 @@
- name: Ensure sudocmd is present
ipasudocmd:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: /usr/bin/su
state: present
register: result
@@ -25,7 +25,7 @@
- name: Ensure sudocmd is present again
ipasudocmd:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: /usr/bin/su
state: present
register: result
@@ -33,7 +33,7 @@
- name: Ensure sudocmd is absent
ipasudocmd:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: /usr/bin/su
state: absent
register: result
@@ -41,7 +41,7 @@
- name: Ensure sudocmd is absent again
ipasudocmd:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: /usr/bin/su
state: absent
register: result
@@ -49,7 +49,7 @@
- name: Ensure multiple sudocmd are present
ipasudocmd:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- /usr/sbin/ifconfig
- /usr/sbin/iwlist
@@ -59,7 +59,7 @@
- name: Ensure multiple sudocmd are present again
ipasudocmd:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- /usr/sbin/ifconfig
- /usr/sbin/iwlist
@@ -69,7 +69,7 @@
- name: Ensure multiple sudocmd are absent
ipasudocmd:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- /usr/sbin/ifconfig
- /usr/sbin/iwlist
@@ -79,7 +79,7 @@
- name: Ensure multiple sudocmd are absent again
ipasudocmd:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- /usr/sbin/ifconfig
- /usr/sbin/iwlist
@@ -88,7 +88,7 @@
failed_when: result.changed
- name: Ensure sudocmds are absent
ipasudocmd:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- /usr/bin/su
- /usr/sbin/ifconfig
@@ -97,21 +97,21 @@
- name: Ensure sudocmds are absent
ipasudocmd:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- /usr/sbin/ifconfig
state: absent
- name: Ensure sudocmds are present
ipasudocmd:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- /usr/sbin/iwlist
state: present
- name: Ensure multiple sudocmd are absent when only one was present
ipasudocmd:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- /usr/sbin/ifconfig
- /usr/sbin/iwlist

34
tests/sudocmdgroup/test_sudocmdgroup.yml
View File

@@ -1,6 +1,6 @@
---
- name: Tests
- name: Test sudocmdgroup
hosts: ipaserver
become: true
gather_facts: false
@@ -8,7 +8,7 @@
tasks:
- name: Ensure sudocmds are present
ipasudocmd:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- /usr/bin/su
- /usr/sbin/ifconfig
@@ -17,13 +17,13 @@
- name: Ensure sudocmdgroup is absent
ipasudocmdgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: network
state: absent
- name: Ensure sudocmdgroup is present
ipasudocmdgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: network
state: present
register: result
@@ -31,7 +31,7 @@
- name: Ensure sudocmdgroup is present again
ipasudocmdgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: network
state: present
register: result
@@ -39,7 +39,7 @@
- name: Ensure sudocmdgroup is absent
ipasudocmdgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: network
state: absent
register: result
@@ -47,7 +47,7 @@
- name: Ensure sudocmdgroup is absent again
ipasudocmdgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: network
state: absent
register: result
@@ -55,7 +55,7 @@
- name: Ensure testing sudocmdgroup is present
ipasudocmdgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: network
state: present
register: result
@@ -63,7 +63,7 @@
- name: Ensure sudo commands are present in existing sudocmdgroup
ipasudocmdgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: network
sudocmd:
- /usr/sbin/ifconfig
@@ -74,7 +74,7 @@
- name: Ensure sudo commands are present in existing sudocmdgroup, again
ipasudocmdgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: network
sudocmd:
- /usr/sbin/ifconfig
@@ -85,7 +85,7 @@
- name: Ensure sudo commands are absent in existing sudocmdgroup
ipasudocmdgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: network
sudocmd:
- /usr/sbin/ifconfig
@@ -97,7 +97,7 @@
- name: Ensure sudo commands are absent in existing sudocmdgroup, again
ipasudocmdgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: network
sudocmd:
- /usr/sbin/ifconfig
@@ -109,7 +109,7 @@
- name: Ensure sudo commands are present in sudocmdgroup
ipasudocmdgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: network
sudocmd:
- /usr/sbin/ifconfig
@@ -121,7 +121,7 @@
- name: Ensure one sudo command is not present in sudocmdgroup
ipasudocmdgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: network
sudocmd:
- /usr/sbin/ifconfig
@@ -132,7 +132,7 @@
- name: Ensure one sudo command is present in sudocmdgroup
ipasudocmdgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: network
sudocmd:
- /usr/sbin/ifconfig
@@ -143,7 +143,7 @@
- name: Ensure the other sudo command is not present in sudocmdgroup
ipasudocmdgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: network
sudocmd:
- /usr/sbin/iwlist
@@ -154,7 +154,7 @@
- name: Ensure the other sudo commandsis not present in sudocmdgroup, again
ipasudocmdgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: network
sudocmd:
- /usr/sbin/iwlist

212
tests/sudorule/test_sudorule.yml
View File

@@ -1,6 +1,6 @@
---
- name: Tests
- name: Test sudorule
hosts: ipaserver
become: true
gather_facts: false
@@ -9,22 +9,29 @@
- name: Ensure hostgroup is present, with a host.
ipahostgroup:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: cluster
host:
- "{{ groups.ipaserver[0] }}"
- name: Ensure some sudocmds are available
ipasudocmd:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name:
- /sbin/ifconfig
- /usr/bin/vim
state: present
- name: Ensure sudocmdgroup is available
ipasudocmdgroup:
ipaadmin_password: SomeADMINpassword
name: test_sudorule
sudocmd: /usr/bin/vim
state: present
- name: Ensure sudorules are absent
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name:
- testrule1
- allusers
@@ -34,21 +41,21 @@
- name: Ensure sudorule is present
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name: testrule1
register: result
failed_when: not result.changed
- name: Ensure sudorule is present again
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name: testrule1
register: result
failed_when: result.changed
- name: Ensure sudorule is present, runAsUserCategory.
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name: testrule1
runAsUserCategory: all
register: result
@@ -56,7 +63,7 @@
- name: Ensure sudorule is present, with usercategory 'all'
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name: allusers
usercategory: all
register: result
@@ -64,7 +71,7 @@
- name: Ensure sudorule is present, with usercategory 'all', again
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name: allusers
usercategory: all
register: result
@@ -72,7 +79,7 @@
- name: Ensure sudorule is present, with hostategory 'all'
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name: allhosts
hostcategory: all
register: result
@@ -80,7 +87,7 @@
- name: Ensure sudorule is present, with hostategory 'all', again
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name: allhosts
hostcategory: all
register: result
@@ -88,13 +95,13 @@
- name: Ensure sudorule is disabled
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name: testrule1
state: disabled
- name: Ensure sudorule is disabled, again
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name: testrule1
state: disabled
register: result
@@ -102,7 +109,7 @@
- name: Ensure sudorule is enabled
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name: testrule1
state: enabled
register: result
@@ -110,37 +117,77 @@
- name: Ensure sudorule is enabled, again
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name: testrule1
state: enabled
register: result
failed_when: result.changed
- name: Ensure sudorule is present and some sudocmd are a member of it.
- name: Ensure sudorule is present and some sudocmd are allowed.
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name: testrule1
cmd:
allow_sudocmd:
- /sbin/ifconfig
action: member
register: result
failed_when: not result.changed
- name: Ensure sudorule is present and some sudocmd are allowed, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: testrule1
allow_sudocmd:
- /sbin/ifconfig
action: member
register: result
failed_when: result.changed
- name: Ensure sudorule is present and some sudocmd are denyed.
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: testrule1
deny_sudocmd:
- /usr/bin/vim
action: member
register: result
failed_when: not result.changed
- name: Ensure sudorule is present and some sudocmd are a member of it, again.
- name: Ensure sudorule is present and some sudocmd are denyed, again.
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name: testrule1
cmd:
- /sbin/ifconfig
deny_sudocmd:
- /usr/bin/vim
action: member
register: result
failed_when: result.changed
- name: Ensure sudorule is present and, sudocmds are absent.
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: testrule1
allow_sudocmd: /sbin/ifconfig
deny_sudocmd: /usr/bin/vim
action: member
state: absent
register: result
failed_when: not result.changed
- name: Ensure sudorule is present and, sudocmds are absent, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: testrule1
allow_sudocmd: /sbin/ifconfig
deny_sudocmd: /usr/bin/vim
action: member
state: absent
register: result
failed_when: result.changed
- name: Ensure sudorule is present with cmdcategory 'all'.
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name: allcommands
cmdcategory: all
register: result
@@ -148,7 +195,7 @@
- name: Ensure sudorule is present with cmdcategory 'all', again.
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name: allcommands
cmdcategory: all
register: result
@@ -156,7 +203,7 @@
- name: Ensure host "{{ groups.ipaserver[0] }}" is present in sudorule.
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name: testrule1
host: "{{ groups.ipaserver[0] }}"
action: member
@@ -165,7 +212,7 @@
- name: Ensure host "{{ groups.ipaserver[0] }}" is present in sudorule, again.
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name: testrule1
host: "{{ groups.ipaserver[0] }}"
action: member
@@ -174,7 +221,7 @@
- name: Ensure hostgroup is present in sudorule.
ipasudorule:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: testrule1
hostgroup: cluster
action: member
@@ -183,32 +230,84 @@
- name: Ensure hostgroup is present in sudorule, again.
ipasudorule:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: testrule1
hostgroup: cluster
action: member
register: result
failed_when: result.changed
- name: Ensure sudorule sudocmds are absent
- name: Ensure sudorule is present, with an allow_sudocmdgroup.
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name: testrule1
cmd:
- /sbin/ifconfig
- /usr/bin/vim
allow_sudocmdgroup: test_sudorule
state: present
register: result
failed_when: not result.changed
- name: Ensure sudorule is present, with an allow_sudocmdgroup, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: testrule1
allow_sudocmdgroup: test_sudorule
state: present
register: result
failed_when: result.changed
- name: Ensure sudorule is present, but allow_sudocmdgroup is absent.
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: testrule1
allow_sudocmdgroup: test_sudorule
action: member
state: absent
register: result
failed_when: not result.changed
- name: Ensure sudorule sudocmds are absent, again
- name: Ensure sudorule is present, but allow_sudocmdgroup is absent.
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name: testrule1
cmd:
- /sbin/ifconfig
- /usr/bin/vim
allow_sudocmdgroup: test_sudorule
action: member
state: absent
register: result
failed_when: result.changed
- name: Ensure sudorule is present, with an deny_sudocmdgroup.
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: testrule1
deny_sudocmdgroup: test_sudorule
state: present
register: result
failed_when: not result.changed
- name: Ensure sudorule is present, with an deny_sudocmdgroup, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: testrule1
deny_sudocmdgroup: test_sudorule
state: present
register: result
failed_when: result.changed
- name: Ensure sudorule is present, but deny_sudocmdgroup is absent.
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: testrule1
deny_sudocmdgroup: test_sudorule
action: member
state: absent
register: result
failed_when: not result.changed
- name: Ensure sudorule is present, but deny_sudocmdgroup is absent, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: testrule1
deny_sudocmdgroup: test_sudorule
action: member
state: absent
register: result
@@ -216,7 +315,7 @@
- name: Ensure sudorule is absent
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name: testrule1
state: absent
register: result
@@ -224,7 +323,7 @@
- name: Ensure sudorule is absent, again.
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name: testrule1
state: absent
register: result
@@ -232,7 +331,7 @@
- name: Ensure sudorule allhosts is absent
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name: allhosts
state: absent
register: result
@@ -240,7 +339,7 @@
- name: Ensure sudorule allhosts is absent, again
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name: allhosts
state: absent
register: result
@@ -248,7 +347,7 @@
- name: Ensure sudorule allusers is absent
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name: allusers
state: absent
register: result
@@ -256,7 +355,7 @@
- name: Ensure sudorule allusers is absent, again
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name: allusers
state: absent
register: result
@@ -264,7 +363,7 @@
- name: Ensure sudorule allcommands is absent
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name: allcommands
state: absent
register: result
@@ -272,8 +371,29 @@
- name: Ensure sudorule allcommands is absent, again
ipasudorule:
ipaadmin_password: pass1234
ipaadmin_password: SomeADMINpassword
name: allcommands
state: absent
register: result
failed_when: result.changed
# cleanup
- name : Ensure sudocmdgroup is absent
ipasudocmdgroup:
ipaadmin_password: SomeADMINpassword
name: test_sudorule
state: absent
- name: Ensure hostgroup is absent.
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: cluster
state: absent
- name: Ensure sudocmds are absent
ipasudocmd:
ipaadmin_password: SomeADMINpassword
name:
- /sbin/ifconfig
- /usr/bin/vim
state: absent

2
tests/user/test_user.yml
View File

@@ -1,5 +1,5 @@
---
- name: Tests
- name: Test user
hosts: ipaserver
become: true
gather_facts: false

10
tests/user/test_user_random.yml
View File

@@ -6,7 +6,7 @@
tasks:
- name: Users user1 and user2 absent
ipauser:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- user1
- user2
@@ -14,7 +14,7 @@
- name: User user1 present with random password
ipauser:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: user1
first: first1
last: last1
@@ -30,14 +30,14 @@
- name: User user1 absent
ipauser:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- user1
state: absent
- name: Users user1 and user1 present with random password
ipauser:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
users:
- name: user1
first: first1
@@ -63,7 +63,7 @@
- name: Users user1 and user2 absent
ipauser:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name:
- user1
- user2

2
tests/user/test_users.yml
View File

@@ -1,5 +1,5 @@
---
- name: Tests
- name: Test users
hosts: ipaserver
become: true
gather_facts: false

2
tests/user/test_users_absent.yml
View File

@@ -1,5 +1,5 @@
---
- name: Tests
- name: Test users absent
hosts: ipaserver
become: true
gather_facts: false

2
tests/user/test_users_present.yml
View File

@@ -1,5 +1,5 @@
---
- name: Tests
- name: Test users present
hosts: ipaserver
become: true
gather_facts: false

2
tests/user/test_users_present_slice.yml
View File

@@ -1,5 +1,5 @@
---
- name: Tests
- name: Test users present slice
hosts: ipaserver
become: true
gather_facts: false

562
tests/vault/test_vault.yml Normal file
View File

@@ -0,0 +1,562 @@
---
- name: Test vault
hosts: ipaserver
become: true
gather_facts: false
tasks:
- name: Ensure user vaults are absent
ipavault:
ipaadmin_password: SomeADMINpassword
name:
- stdvault
- symvault
- asymvault
username: user01
state: absent
- name: Ensure test users do not exist.
ipauser:
ipaadmin_password: SomeADMINpassword
name:
- user01
- user02
- user03
state: absent
- name: Ensure test groups do not exist.
ipagroup:
ipaadmin_password: SomeADMINpassword
name: vaultgroup
state: absent
- name: Ensure vaultgroup exists.
ipagroup:
ipaadmin_password: SomeADMINpassword
name: vaultgroup
- name: Ensure user01 exists.
ipauser:
ipaadmin_password: SomeADMINpassword
name: user01
first: First
last: Start
- name: Ensure user02 exists.
ipauser:
ipaadmin_password: SomeADMINpassword
name: user02
first: Second
last: Middle
- name: Ensure user03 exists.
ipauser:
ipaadmin_password: SomeADMINpassword
name: user03
first: Third
last: Last
- name: Ensure shared vaults are absent
ipavault:
ipaadmin_password: SomeADMINpassword
name: sharedvault
shared: True
state: absent
- name: Ensure service vaults are absent
ipavault:
ipaadmin_password: SomeADMINpassword
name: svcvault
service: "HTTP/{{ groups.ipaserver[0] }}"
state: absent
- name: Ensure symmetric vault is present
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
username: user01
vault_password: MyVaultPassword123
vault_type: symmetric
register: result
failed_when: not result.changed
- name: Ensure symmetric vault is present, again
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
username: user01
vault_password: MyVaultPassword123
vault_type: symmetric
register: result
failed_when: result.changed
- name: Archive data to symmetric vault
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
username: user01
vault_password: MyVaultPassword123
vault_data: Hello World.
action: member
register: result
failed_when: not result.changed
- name: Archive data with non-ASCII characters to symmetric vault
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
username: user01
vault_password: MyVaultPassword123
vault_data: The world of π is half rounded.
action: member
register: result
failed_when: not result.changed
- name: Ensure symmetric vault is absent
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
username: user01
state: absent
register: result
failed_when: not result.changed
- name: Ensure symmetric vault is absent, again
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
username: user01
state: absent
register: result
failed_when: result.changed
- name: Ensure asymmetric vault is present.
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
username: user01
description: A symmetric private vault.
vault_public_key:
LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTR
HTkFEQ0JpUUtCZ1FDdGFudjRkK3ptSTZ0T3ova1RXdGowY3AxRAowUENoYy8vR0pJMTUzTi
9CN3UrN0h3SXlRVlZoNUlXZG1UcCtkWXYzd09yeVpPbzYvbHN5eFJaZ2pZRDRwQ3VGCjlxM
295VTFEMnFOZERYeGtSaFFETXBiUEVSWWlHbE1jbzdhN0hIVDk1bGNQbmhObVFkb3VGdHlV
bFBUVS96V1kKZldYWTBOeU1UbUtoeFRseUV3SURBUUFCCi0tLS0tRU5EIFBVQkxJQyBLRVk
tLS0tLQo=
vault_type: asymmetric
register: result
failed_when: not result.changed
- name: Ensure asymmetric vault is present, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
username: user01
vault_public_key:
LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTR
HTkFEQ0JpUUtCZ1FDdGFudjRkK3ptSTZ0T3ova1RXdGowY3AxRAowUENoYy8vR0pJMTUzTi
9CN3UrN0h3SXlRVlZoNUlXZG1UcCtkWXYzd09yeVpPbzYvbHN5eFJaZ2pZRDRwQ3VGCjlxM
295VTFEMnFOZERYeGtSaFFETXBiUEVSWWlHbE1jbzdhN0hIVDk1bGNQbmhObVFkb3VGdHlV
bFBUVS96V1kKZldYWTBOeU1UbUtoeFRseUV3SURBUUFCCi0tLS0tRU5EIFBVQkxJQyBLRVk
tLS0tLQo=
vault_type: asymmetric
register: result
failed_when: result.changed
- name: Archive data in asymmetric vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
username: user01
vault_data: Hello World.
action: member
register: result
failed_when: not result.changed
- name: Ensure asymmetric vault is absent.
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
username: user01
state: absent
register: result
failed_when: not result.changed
- name: Ensure asymmetric vault is absent, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
username: user01
state: absent
register: result
failed_when: result.changed
- name: Ensure standard vault is present.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
vault_type: standard
username: user01
description: A standard private vault.
register: result
failed_when: not result.changed
- name: Ensure standard vault is present, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
username: user01
vault_type: standard
description: A standard private vault.
register: result
failed_when: result.changed
- name: Archive data in standard vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
username: user01
vault_data: Hello World.
action: member
register: result
failed_when: not result.changed
- name: Ensure standard vault member user is present.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
username: user01
action: member
users:
- user02
register: result
failed_when: not result.changed
- name: Ensure standard vault member user is present, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
username: user01
action: member
users:
- user02
register: result
failed_when: result.changed
- name: Ensure more vault member users are present.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
username: user01
action: member
users:
- user01
- user02
register: result
failed_when: not result.changed
- name: Ensure vault member user is still present.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
username: user01
action: member
users:
- user02
register: result
failed_when: result.changed
- name: Ensure vault users are absent.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
username: user01
action: member
users:
- user01
- user02
state: absent
register: result
failed_when: not result.changed
- name: Ensure vault users are absent, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
username: user01
action: member
users:
- user01
- user02
state: absent
register: result
failed_when: result.changed
- name: Ensure vault user is absent, once more.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
username: user01
action: member
users:
- user01
state: absent
register: result
failed_when: result.changed
- name: Ensure vault member group is present.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
username: user01
action: member
groups: vaultgroup
register: result
failed_when: not result.changed
- name: Ensure vault member group is present, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
username: user01
action: member
groups: vaultgroup
register: result
failed_when: result.changed
- name: Ensure vault member group is absent.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
username: user01
action: member
groups: vaultgroup
state: absent
register: result
failed_when: not result.changed
- name: Ensure vault member group is absent, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
username: user01
action: member
groups: vaultgroup
state: absent
register: result
failed_when: result.changed
- name: Ensure vault is absent.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
username: user01
state: absent
register: result
failed_when: not result.changed
- name: Ensure vault is absent, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
username: user01
state: absent
register: result
failed_when: result.changed
- name: Ensure shared vault is present.
ipavault:
ipaadmin_password: SomeADMINpassword
name: sharedvault
shared: True
ipavaultpassword: MyVaultPassword123
register: result
failed_when: not result.changed
- name: Ensure shared vault is absent.
ipavault:
ipaadmin_password: SomeADMINpassword
name: sharedvault
shared: True
state: absent
register: result
failed_when: not result.changed
- name: Ensure service vault is present.
ipavault:
ipaadmin_password: SomeADMINpassword
name: svcvault
ipavaultpassword: MyVaultPassword123
service: "HTTP/{{ groups.ipaserver[0] }}"
register: result
failed_when: not result.changed
- name: Ensure service vault is absent.
ipavault:
ipaadmin_password: SomeADMINpassword
name: svcvault
service: "HTTP/{{ groups.ipaserver[0] }}"
state: absent
register: result
failed_when: not result.changed
- name: Ensure vault is present, with members.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
username: user01
vault_type: standard
users:
- user02
- user03
groups:
- vaultgroup
register: result
failed_when: not result.changed
- name: Ensure vault is present, with members, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
username: user01
vault_type: standard
users:
- user02
- user03
groups:
- vaultgroup
register: result
failed_when: result.changed
- name: Ensure user02 is not a member of vault stdvault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
username: user01
users: user02
state: absent
action: member
register: result
failed_when: not result.changed
- name: Ensure user02 is not a member of vault stdvault, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
username: user01
users: user02
state: absent
action: member
register: result
failed_when: result.changed
- name: Ensure user02 is a member of vault stdvault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
username: user01
users: user02
action: member
register: result
failed_when: not result.changed
- name: Ensure user02 is a member of vault stdvault, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
username: user01
users: user03
action: member
register: result
failed_when: result.changed
- name: Ensure user03 owns vault stdvault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
username: user01
owners: user03
action: member
register: result
failed_when: not result.changed
- name: Ensure user03 owns vault stdvault, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
username: user01
owners: user03
action: member
register: result
failed_when: result.changed
- name: Ensure user03 is not owner of stdvault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
username: user01
owners: user03
state: absent
action: member
register: result
failed_when: not result.changed
- name: Ensure user03 is not owner of stdvault, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
username: user01
owners: user03
state: absent
action: member
register: result
failed_when: result.changed
- name: Ensure vault is absent.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
username: user01
state: absent
# cleaup
- name: Ensure test vaults are absent
ipavault:
ipaadmin_password: SomeADMINpassword
name:
- stdvault
- symvault
- asymvault
username: user01
state: absent
- name: Ensure shared vaults are absent
ipavault:
ipaadmin_password: SomeADMINpassword
name: sharedvault
shared: True
state: absent
- name: Ensure service vaults are absent
ipavault:
ipaadmin_password: SomeADMINpassword
name: svcvault
service: "HTTP/{{ groups.ipaserver[0] }}"
state: absent
- name: Ensure test users do not exist.
ipauser:
ipaadmin_password: SomeADMINpassword
name:
- user01
- user02
- user03
state: absent
- name: Ensure test groups do not exist.
ipagroup:
ipaadmin_password: SomeADMINpassword
name: vaultgroup
state: absent