internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-13 21:12:02 +00:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: internet:ipaautomember_documantation_fix
Branches Tags
internet:master internet:run_collection_playbooks internet:validate_emaildomain internet:0.4 internet:automember_verify_condition_keys internet:ipaautomember_documantation_fix internet:fix_image_build internet:t-woerner-permission-typo1 internet:fix-role-readme-title-1 internet:fix-role-readme-title internet:t-woerner-group-readme-external internet:fix_logger_info_calls
internet:v1.16.0 internet:v1.15.1 internet:v1.15.0 internet:v1.14.7 internet:v1.14.6 internet:v1.14.5 internet:v1.14.4 internet:v1.14.3 internet:v1.14.2 internet:v1.14.1 internet:v1.14.0 internet:v1.13.2 internet:v1.13.1 internet:v1.13.0 internet:v1.12.1 internet:v1.12.0 internet:v1.11.1 internet:v1.11.0 internet:v1.10.0 internet:v1.9.2 internet:v1.9.1 internet:v1.9.0 internet:v1.8.4 internet:v1.8.3 internet:v1.8.2 internet:v1.8.1 internet:v1.8.0 internet:v1.7.0 internet:v1.6.3 internet:v1.6.2 internet:v1.6.1 internet:v1.6.0 internet:v1.5.3 internet:v1.5.2 internet:v1.5.1 internet:v1.5.0 internet:v0.4.2 internet:v0.4.1 internet:v0.4.0 internet:v0.3.8 internet:v0.3.7 internet:v0.3.6 internet:v0.3.5 internet:v0.3.4 internet:v0.3.3 internet:v0.3.2 internet:v0.3.1 internet:v0.3.0 internet:v0.2.1 internet:v0.2.0 internet:v0.1.12 internet:v0.1.11 internet:v0.1.10 internet:v0.1.9 internet:v0.1.8 internet:v0.1.7 internet:v0.1.6 internet:v0.1.5 internet:v0.1.4 internet:v0.1.3 internet:v0.1.2 internet:v0.1.1 internet:v0.1.0
..
compare: internet:fix_image_build
Branches Tags
internet:master internet:run_collection_playbooks internet:validate_emaildomain internet:0.4 internet:automember_verify_condition_keys internet:ipaautomember_documantation_fix internet:fix_image_build internet:t-woerner-permission-typo1 internet:fix-role-readme-title-1 internet:fix-role-readme-title internet:t-woerner-group-readme-external internet:fix_logger_info_calls
internet:v1.16.0 internet:v1.15.1 internet:v1.15.0 internet:v1.14.7 internet:v1.14.6 internet:v1.14.5 internet:v1.14.4 internet:v1.14.3 internet:v1.14.2 internet:v1.14.1 internet:v1.14.0 internet:v1.13.2 internet:v1.13.1 internet:v1.13.0 internet:v1.12.1 internet:v1.12.0 internet:v1.11.1 internet:v1.11.0 internet:v1.10.0 internet:v1.9.2 internet:v1.9.1 internet:v1.9.0 internet:v1.8.4 internet:v1.8.3 internet:v1.8.2 internet:v1.8.1 internet:v1.8.0 internet:v1.7.0 internet:v1.6.3 internet:v1.6.2 internet:v1.6.1 internet:v1.6.0 internet:v1.5.3 internet:v1.5.2 internet:v1.5.1 internet:v1.5.0 internet:v0.4.2 internet:v0.4.1 internet:v0.4.0 internet:v0.3.8 internet:v0.3.7 internet:v0.3.6 internet:v0.3.5 internet:v0.3.4 internet:v0.3.3 internet:v0.3.2 internet:v0.3.1 internet:v0.3.0 internet:v0.2.1 internet:v0.2.0 internet:v0.1.12 internet:v0.1.11 internet:v0.1.10 internet:v0.1.9 internet:v0.1.8 internet:v0.1.7 internet:v0.1.6 internet:v0.1.5 internet:v0.1.4 internet:v0.1.3 internet:v0.1.2 internet:v0.1.1 internet:v0.1.0

2 Commits
ipaautomem ... fix_image_

Author SHA1 Message Date
Thomas Woerner
408aa69ab0 tests/azure: Deactivate NTP in prepare-build 
In CentOS 8 and also Fedora the configuration and start of chrony
fails with

  Fatal error : adjtimex(0x8001) failed : Operation not permitted

For more information: https://bugzilla.redhat.com/show_bug.cgi?id=1772053

NTP will not be needed before a separate namespace is used for clocks.
 2021-05-03 13:28:25 +02:00
Thomas Woerner
f24390473b tests/azure: Set ANSIBLE_LIBRARY to fix unknown interpreter issue 
The ANSIBLE_LIBRARY environment variable needs to be set.
 2021-04-30 16:29:53 +02:00
136 changed files with 2906 additions and 5436 deletions
Expand all files Collapse all files

22
.github/workflows/docs.yml vendored
View File

@@ -4,8 +4,8 @@ on:
- push - push
- pull_request - pull_request
jobs: jobs:
check_docs_29: check_docs:
name: Check Ansible Documentation with Ansible 2.9. name: Check Ansible Documentation.
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
@@ -13,20 +13,4 @@ jobs:
with: with:
python-version: '3.x' python-version: '3.x'
- name: Run ansible-doc-test - name: Run ansible-doc-test
run: | run: ANSIBLE_LIBRARY="." python utils/ansible-doc-test roles plugins
python -m pip install "ansible < 2.10"
ANSIBLE_LIBRARY="." python utils/ansible-doc-test -v roles plugins
check_docs_latest:
name: Check Ansible Documentation with latest Ansible.
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Run ansible-doc-test
run: |
python -m pip install ansible
ANSIBLE_LIBRARY="." python utils/ansible-doc-test -v roles plugins

55
.github/workflows/lint.yml vendored
View File

@@ -4,14 +4,15 @@ on:
- push - push
- pull_request - pull_request
jobs: jobs:
ansible_lint: linters:
name: Verify ansible-lint name: Run Linters
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- uses: actions/setup-python@v2 - uses: actions/setup-python@v2
with: with:
python-version: "3.x" python-version: "3.6"
- name: Run ansible-lint - name: Run ansible-lint
uses: ansible/ansible-lint-action@master uses: ansible/ansible-lint-action@master
with: with:
@@ -25,52 +26,8 @@ jobs:
ANSIBLE_MODULE_UTILS: plugins/module_utils ANSIBLE_MODULE_UTILS: plugins/module_utils
ANSIBLE_LIBRARY: plugins/modules ANSIBLE_LIBRARY: plugins/modules
yamllint:
name: Verify yamllint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
with:
python-version: "3.x"
- name: Run yaml-lint - name: Run yaml-lint
uses: ibiqlik/action-yamllint@v1 uses: ibiqlik/action-yamllint@v1
pydocstyle: - name: Run Python linters
name: Verify pydocstyle uses: rjeffman/python-lint-action@v2
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
with:
python-version: "3.x"
- name: Run pydocstyle
run: |
pip install pydocstyle
pydocstyle
flake8:
name: Verify flake8
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
with:
python-version: "3.x"
- name: Run flake8
run: |
pip install flake8
flake8
pylint:
name: Verify pylint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
with:
python-version: "3.x"
- name: Run pylint
run: |
pip install pylint==2.8.2
pylint plugins --disable=import-error

9
.pre-commit-config.yaml
View File

@@ -21,18 +21,11 @@ repos:
rev: 5.1.1 rev: 5.1.1
hooks: hooks:
- id: pydocstyle - id: pydocstyle
- repo: https://github.com/pycqa/pylint
rev: v2.8.2
hooks:
- id: pylint
args:
- --disable=import-error
files: \.py$
- repo: local - repo: local
hooks: hooks:
- id: ansible-doc-test - id: ansible-doc-test
name: Verify Ansible roles and module documentation. name: Verify Ansible roles and module documentation.
language: python language: script
entry: utils/ansible-doc-test entry: utils/ansible-doc-test
# args: ['-v', 'roles', 'plugins'] # args: ['-v', 'roles', 'plugins']
files: ^.*.py$ files: ^.*.py$

137
README-automember.md
View File

@@ -1,137 +0,0 @@
Automember module
===========
Description
-----------
The automember module allows to ensure presence or absence of automember rules and manage automember rule conditions.
Features
--------
* Automember management
Supported FreeIPA Versions
--------------------------
FreeIPA versions 4.4.0 and up are supported by the ipaautomember module.
Requirements
------------
**Controller**
* Ansible version: 2.8+
**Node**
* Supported FreeIPA version (see above)
Usage
=====
Example inventory file
```ini
[ipaserver]
ipaserver.test.local
```
Example playbook to make sure group automember rule is present with no conditions.
```yaml
---
- name: Playbook to ensure a group automember rule is present with no conditions
hosts: ipaserver
become: yes
gather_facts: no
tasks:
- ipaautomember:
ipaadmin_password: SomeADMINpassword
name: admins
description: "my automember rule"
automember_type: group
```
Example playbook to make sure group automember rule is present with conditions:
```yaml
---
- name: Playbook to add a group automember rule with two conditions
hosts: ipaserver
become: yes
gather_facts: no
tasks:
- ipaautomember:
ipaadmin_password: SomeADMINpassword
name: admins
description: "my automember rule"
automember_type: group
inclusive:
- key: mail
expression: '@example.com$'
exclusive:
- key: uid
expression: "1234"
```
Example playbook to delete a group automember rule:
```yaml
- name: Playbook to delete a group automember rule
hosts: ipaserver
become: yes
gather_facts: no
tasks:
- ipaautomember:
ipaadmin_password: SomeADMINpassword
name: admins
description: "my automember rule"
automember_type: group
state: absent
```
Example playbook to add an inclusive condition to an existing rule
```yaml
- name: Playbook to add an inclusive condition to an existing rule
hosts: ipaserver
become: yes
gather_facts: no
tasks:
- ipaautomember:
ipaadmin_password: SomeADMINpassword
name: "My domain hosts"
description: "my automember condition"
automember_tye: hostgroup
action: member
inclusive:
- key: fqdn
expression: ".*.mydomain.com"
```
Variables
---------
ipaautomember
-------
Variable | Description | Required
-------- | ----------- | --------
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
`name` \| `cn` | Automember rule. | yes
`description` | A description of this auto member rule. | no
`automember_type` | Grouping to which the rule applies. It can be one of `group`, `hostgroup`. | yes
`inclusive` | List of dictionaries in the format of `{'key': attribute, 'expression': inclusive_regex}` | no
`exclusive` | List of dictionaries in the format of `{'key': attribute, 'expression': exclusive_regex}` | no
`action` | Work on automember or member level. It can be one of `member` or `automember` and defaults to `automember`. | no
`state` | The state to ensure. It can be one of `present`, `absent`, default: `present`. | no
Authors
=======
Mark Hahl

248
README-server.md
View File

@@ -1,248 +0,0 @@
Server module
============
Description
-----------
The server module allows to ensure presence and absence of servers. The module requires an existing server, the deployment of a new server can not be done with the module.
Features
--------
* Server management
Supported FreeIPA Versions
--------------------------
FreeIPA versions 4.4.0 and up are supported by the ipaserver module.
Requirements
------------
**Controller**
* Ansible version: 2.8+
**Node**
* Supported FreeIPA version (see above)
Usage
=====
Example inventory file
```ini
[ipaserver]
ipaserver.test.local
```
Example playbook to make sure server "server.example.com" is present:
```yaml
---
- name: Playbook to manage IPA server.
hosts: ipaserver
become: yes
tasks:
- ipaserver:
ipaadmin_password: SomeADMINpassword
name: server.example.com
```
Example playbook to make sure server "server.example.com" is present with location mylocation:
```yaml
---
- name: Playbook to manage IPA server.
hosts: ipaserver
become: yes
tasks:
- ipaserver:
ipaadmin_password: SomeADMINpassword
name: server.example.com
location: mylocation
```
Example playbook to make sure server "server.example.com" is present without a location:
```yaml
---
- name: Playbook to manage IPA server.
hosts: ipaserver
become: yes
tasks:
- ipaserver:
ipaadmin_password: SomeADMINpassword
name: server.example.com
location: ""
```
Example playbook to make sure server "server.example.com" is present with service weight 1:
```yaml
---
- name: Playbook to manage IPA server.
hosts: ipaserver
become: yes
tasks:
- ipaserver:
ipaadmin_password: SomeADMINpassword
name: server.example.com
service_weight: 1
```
Example playbook to make sure server "server.example.com" is present without service weight:
```yaml
---
- name: Playbook to manage IPA server.
hosts: ipaserver
become: yes
tasks:
- ipaserver:
ipaadmin_password: SomeADMINpassword
name: server.example.com
service_weight: -1
```
Example playbook to make sure server "server.example.com" is present and hidden:
```yaml
---
- name: Playbook to manage IPA server.
hosts: ipaserver
become: yes
tasks:
- ipaserver:
ipaadmin_password: SomeADMINpassword
name: server.example.com
hidden: yes
```
Example playbook to make sure server "server.example.com" is present and not hidden:
```yaml
---
- name: Playbook to manage IPA server.
hosts: ipaserver
become: yes
tasks:
- ipaserver:
ipaadmin_password: SomeADMINpassword
name: server.example.com
hidden: no
```
Example playbook to make sure server "server.example.com" is absent:
```yaml
---
- name: Playbook to manage IPA server.
hosts: ipaserver
become: yes
tasks:
- ipaserver:
ipaadmin_password: SomeADMINpassword
name: server.example.com
state: absent
```
Example playbook to make sure server "server.example.com" is absent in continuous mode in error case:
```yaml
---
- name: Playbook to manage IPA server.
hosts: ipaserver
become: yes
tasks:
- ipaserver:
ipaadmin_password: SomeADMINpassword
name: server.example.com
continue: yes
state: absent
```
Example playbook to make sure server "server.example.com" is absent with last of role check skip:
```yaml
---
- name: Playbook to manage IPA server.
hosts: ipaserver
become: yes
tasks:
- ipaserver:
ipaadmin_password: SomeADMINpassword
name: server.example.com
ignore_last_of_role: yes
state: absent
```
Example playbook to make sure server "server.example.com" is absent iwith topology disconnect check skip:
```yaml
---
- name: Playbook to manage IPA server.
hosts: ipaserver
become: yes
tasks:
- ipaserver:
ipaadmin_password: SomeADMINpassword
name: server.example.com
ignore_topology_disconnect: yes
state: absent
```
MORE EXAMPLE PLAYBOOKS HERE
Variables
---------
ipaserver
-------
Variable | Description | Required
-------- | ----------- | --------
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
`name` \| `cn` | The list of server name strings. | yes
`location` \| `ipalocation_location` | The server location string. Only in state: present. "" for location reset. | no
`service_weight` \| `ipaserviceweight` | Weight for server services. Type Values 0 to 65535, -1 for weight reset. Only in state: present. (int) | no
`hidden` | Set hidden state of a server. Only in state: present. (bool) | no
`no_members` | Suppress processing of membership attributes. Only in state: present. (bool) | no
`delete_continue` \| `continue` | Continuous mode: Don't stop on errors. Only in state: absent. (bool) | no
`ignore_last_of_role` | Skip a check whether the last CA master or DNS server is removed. Only in state: absent. (bool) | no
`ignore_topology_disconnect` | Ignore topology connectivity problems after removal. Only in state: absent. (bool) | no
`force` | Force server removal even if it does not exist. Will always result in changed. Only in state: absent. (bool) | no
`state` | The state to ensure. It can be one of `present`, `absent`, default: `present`. `present` is only working with existing servers. | no
Authors
=======
Thomas Woerner

2
README-service.md
View File

@@ -311,8 +311,6 @@ Variable | Description | Required
`allow_retrieve_keytab_host` \| `ipaallowedtoperform_read_keys_host` | Hosts allowed to retrieve a keytab from of host. | no `allow_retrieve_keytab_host` \| `ipaallowedtoperform_read_keys_host` | Hosts allowed to retrieve a keytab from of host. | no
`allow_retrieve_keytab_hostgroup` \| `ipaallowedtoperform_read_keys_hostgroup` | Host groups allowed to retrieve a keytab of this host. | no `allow_retrieve_keytab_hostgroup` \| `ipaallowedtoperform_read_keys_hostgroup` | Host groups allowed to retrieve a keytab of this host. | no
`continue` | Continuous mode: don't stop on errors. Valid only if `state` is `absent`. Default: `no` (bool) | no `continue` | Continuous mode: don't stop on errors. Valid only if `state` is `absent`. Default: `no` (bool) | no
`smb` | Service is an SMB service. If set, `cifs/` will be prefixed to the service name if needed. | no
`netbiosname` | NETBIOS name for the SMB service. Only with `smb: yes`. | no
`action` | Work on service or member level. It can be on of `member` or `service` and defaults to `service`. | no `action` | Work on service or member level. It can be on of `member` or `service` and defaults to `service`. | no
`state` | The state to ensure. It can be one of `present`, `absent`, or `disabled`, default: `present`. | no `state` | The state to ensure. It can be one of `present`, `absent`, or `disabled`, default: `present`. | no

2
README-sudocmd.md
View File

@@ -67,7 +67,7 @@ Example playbook to make sure sudocmd is absent:
tasks: tasks:
# Ensure sudocmd are absent # Ensure sudocmd are absent
- ipasudocmd: - ipahostgroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: /usr/bin/su name: /usr/bin/su
state: absent state: absent

6
README-sudorule.md
View File

@@ -125,7 +125,7 @@ Variable | Description | Required
`usercategory` \| `usercat` | User category the rule applies to. Choices: ["all", ""] | no `usercategory` \| `usercat` | User category the rule applies to. Choices: ["all", ""] | no
`hostcategory` \| `hostcat` | Host category the rule applies to. Choices: ["all", ""] | no `hostcategory` \| `hostcat` | Host category the rule applies to. Choices: ["all", ""] | no
`cmdcategory` \| `cmdcat` | Command category the rule applies to. Choices: ["all", ""] | no `cmdcategory` \| `cmdcat` | Command category the rule applies to. Choices: ["all", ""] | no
`runasusercategory` \| `runasusercat` | RunAs User category the rule applies to. Choices: ["all", ""] | no `runasusercategory` \| `rusasusercat` | RunAs User category the rule applies to. Choices: ["all", ""] | no
`runasgroupcategory` \| `runasgroupcat` | RunAs Group category the rule applies to. Choices: ["all", ""] | no `runasgroupcategory` \| `runasgroupcat` | RunAs Group category the rule applies to. Choices: ["all", ""] | no
`nomembers` | Suppress processing of membership attributes. (bool) | no `nomembers` | Suppress processing of membership attributes. (bool) | no
`host` | List of host name strings assigned to this sudorule. | no `host` | List of host name strings assigned to this sudorule. | no
@@ -136,8 +136,8 @@ Variable | Description | Required
`deny_sudocmd` | List of sudocmd name strings assigned to the deny group of this sudorule. | no `deny_sudocmd` | List of sudocmd name strings assigned to the deny group of this sudorule. | no
`allow_sudocmdgroup` | List of sudocmd groups name strings assigned to the allow group of this sudorule. | no `allow_sudocmdgroup` | List of sudocmd groups name strings assigned to the allow group of this sudorule. | no
`deny_sudocmdgroup` | List of sudocmd groups name strings assigned to the deny group of this sudorule. | no `deny_sudocmdgroup` | List of sudocmd groups name strings assigned to the deny group of this sudorule. | no
`sudooption` \| `options` | List of options to the sudorule | no `sudooption` \| `option` | List of options to the sudorule | no
`order` \| `sudoorder` | Integer to order the sudorule | no `order` | Integer to order the sudorule | no
`runasuser` | List of users for Sudo to execute as. | no `runasuser` | List of users for Sudo to execute as. | no
`runasgroup` | List of groups for Sudo to execute as. | no `runasgroup` | List of groups for Sudo to execute as. | no
`action` | Work on sudorule or member level. It can be on of `member` or `sudorule` and defaults to `sudorule`. | no `action` | Work on sudorule or member level. It can be on of `member` or `sudorule` and defaults to `sudorule`. | no

16
README-vault.md
View File

@@ -219,25 +219,23 @@ Variable | Description | Required
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no `ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
`name` \| `cn` | The list of vault name strings. | yes `name` \| `cn` | The list of vault name strings. | yes
`description` | The vault description string. | no `description` | The vault description string. | no
`nomembers` | Suppress processing of membership attributes. (bool) | no
`password` \| `vault_password` \| `ipavaultpassword` \| `old_password`| Vault password. | no `password` \| `vault_password` \| `ipavaultpassword` \| `old_password`| Vault password. | no
`password_file` \| `vault_password_file` \| `old_password_file`| File containing Base64 encoded Vault password. | no `password_file` \| `vault_password_file` \| `old_password_file`| File containing Base64 encoded Vault password. | no
`new_password` | Vault new password. | no `new_password` | Vault new password. | no
`new_password_file` | File containing Base64 encoded new Vault password. | no `new_password_file` | File containing Base64 encoded new Vault password. | no
`public_key ` \| `vault_public_key` \| `ipavaultpublickey` | Base64 encoded vault public key. | no `public_key ` \| `vault_public_key` \| `old_password_file` | Base64 encoded vault public key. | no
`public_key_file` \| `vault_public_key_file` | Path to file with public key. | no `public_key_file` \| `vault_public_key_file` | Path to file with public key. | no
`private_key `\| `vault_private_key` \| `ipavaultprivatekey` | Base64 encoded vault private key. Used only to retrieve data. | no `private_key `\| `vault_private_key` | Base64 encoded vault private key. Used only to retrieve data. | no
`private_key_file` \| `vault_private_key_file` | Path to file with private key. Used only to retrieve data. | no `private_key_file` \| `vault_private_key_file` | Path to file with private key. Used only to retrieve data. | no
`salt` \| `vault_salt` \| `ipavaultsalt` | Vault salt. | no `salt` \| `vault_salt` \| `ipavaultsalt` | Vault salt. | no
`vault_type` \| `ipavaulttype` | Vault types are based on security level. It can be one of `standard`, `symmetric` or `asymmetric`, default: `symmetric` | no `vault_type` \| `ipavaulttype` | Vault types are based on security level. It can be one of `standard`, `symmetric` or `asymmetric`, default: `symmetric` | no
`username` \| `user` | Any user can own one or more user vaults. | no `user` \| `username` | Any user can own one or more user vaults. | no
`service` | Any service can own one or more service vaults. | no `service` | Any service can own one or more service vaults. | no
`shared` | Vault is shared. Default to false. (bool) | no `shared` | Vault is shared. Default to false. (bool) | no
`users` | List of users that are members of the vault. | no `users` | Users that are members of the vault. | no
`groups` | List of groups that are member of the vault. | no `groups` | Groups that are member of the vault. | no
`services` | List of services that are member of the vault. | no `services` | Services that are member of the vault. | no
`owners` \| `ownerusers` | List of users that are owners of the vault. | no
`ownergroups` | List of groups that are owners of the vault. | no
`ownerservices` | List of services that are owners of the vault. | no
`data` \|`vault_data` \| `ipavaultdata` | Data to be stored in the vault. | no `data` \|`vault_data` \| `ipavaultdata` | Data to be stored in the vault. | no
`in` \| `datafile_in` | Path to file with data to be stored in the vault. | no `in` \| `datafile_in` | Path to file with data to be stored in the vault. | no
`out` \| `datafile_out` | Path to file to store data retrieved from the vault. | no `out` \| `datafile_out` | Path to file to store data retrieved from the vault. | no

18
README.md
View File

@@ -3,7 +3,7 @@ FreeIPA Ansible collection
This repository contains [Ansible](https://www.ansible.com/) roles and playbooks to install and uninstall [FreeIPA](https://www.freeipa.org/) `servers`, `replicas` and `clients`. Also modules for group, host, topology and user management. This repository contains [Ansible](https://www.ansible.com/) roles and playbooks to install and uninstall [FreeIPA](https://www.freeipa.org/) `servers`, `replicas` and `clients`. Also modules for group, host, topology and user management.
**Note**: The Ansible playbooks and roles require a configured Ansible environment where the Ansible nodes are reachable and are properly set up to have an IP address and a working package manager. **Note**: The ansible playbooks and roles require a configured ansible environment where the ansible nodes are reachable and are properly set up to have an IP address and a working package manager.
Features Features
-------- --------
@@ -12,7 +12,6 @@ Features
* One-time-password (OTP) support for client installation * One-time-password (OTP) support for client installation
* Repair mode for clients * Repair mode for clients
* Backup and restore, also to and from controller * Backup and restore, also to and from controller
* Modules for automembership rule management
* Modules for config management * Modules for config management
* Modules for delegation management * Modules for delegation management
* Modules for dns config management * Modules for dns config management
@@ -31,13 +30,12 @@ Features
* Modules for pwpolicy management * Modules for pwpolicy management
* Modules for role management * Modules for role management
* Modules for self service management * Modules for self service management
* Modules for server management
* Modules for service management * Modules for service management
* Modules for sudocmd management * Modules for sudocmd management
* Modules for sudocmdgroup management * Modules for sudocmdgroup management
* Modules for sudorule management * Modules for sudorule management
* Modules for topology management * Modules for topology management
* Modules for trust management * Modules fot trust management
* Modules for user management * Modules for user management
* Modules for vault management * Modules for vault management
@@ -114,7 +112,7 @@ ansible-freeipa/plugins/module_utils to ~/.ansible/plugins/
There are RPM packages available for Fedora 29+. These are installing the roles and modules into the global Ansible directories for `roles`, `plugins/modules` and `plugins/module_utils` in the `/usr/share/ansible` directory. Therefore is it possible to use the roles and modules without adapting the names like it is done in the example playbooks. There are RPM packages available for Fedora 29+. These are installing the roles and modules into the global Ansible directories for `roles`, `plugins/modules` and `plugins/module_utils` in the `/usr/share/ansible` directory. Therefore is it possible to use the roles and modules without adapting the names like it is done in the example playbooks.
**Ansible Galaxy** **Ansible galaxy**
This command will get the whole collection from galaxy: This command will get the whole collection from galaxy:
@@ -138,7 +136,7 @@ The needed adaptions of collection prefixes for `modules` and `module_utils` wil
Ansible inventory file Ansible inventory file
---------------------- ----------------------
The most important parts of the inventory file is the definition of the nodes, settings and the management modules. Please remember to use [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html) for passwords. The examples here are not using vault for better readability. The most important parts of the inventory file is the definition of the nodes, settings and the management modules. Please remember to use [Ansible vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html) for passwords. The examples here are not using vault for better readability.
**Master server** **Master server**
@@ -282,7 +280,7 @@ ipaserver_domain=test.local
ipaserver_realm=TEST.LOCAL ipaserver_realm=TEST.LOCAL
``` ```
For enhanced security it is possible to use a auto-generated one-time-password (OTP). This will be generated on the controller using the (first) server. It is needed to have the python-gssapi bindings installed on the controller for this. For enhanced security it is possible to use a auto-generated one-time-password (OTP). This will be generated on the controller using the (first) server. It is needed to have the Python gssapi bindings installed on the controller for this.
To enable the generation of the one-time-password: To enable the generation of the one-time-password:
```yaml ```yaml
[ipaclients:vars] [ipaclients:vars]
@@ -347,7 +345,7 @@ With this playbook it is possible to add a list of topology segments using the `
Playbooks Playbooks
========= =========
The playbooks needed to deploy or undeploy servers, replicas and clients are part of the repository and placed in the playbooks folder. There are also playbooks to deploy and undeploy clusters. With them it is only needed to add an inventory file: The playbooks needed to deploy or undeploy server, replicas and clients are part of the repository and placed in the playbooks folder. There are also playbooks to deploy and undeploy clusters. With them it is only needed to add an inventory file:
``` ```
playbooks\ playbooks\
install-client.yml install-client.yml
@@ -368,7 +366,7 @@ ansible-playbook -v -i inventory/hosts install-server.yml
``` ```
This will deploy the master server defined in the inventory file. This will deploy the master server defined in the inventory file.
If Ansible Vault is used for passwords, then it is needed to adapt the playbooks in this way: If Ansible vault is used for passwords, then it is needed to adapt the playbooks in this way:
```yaml ```yaml
--- ---
- name: Playbook to configure IPA servers - name: Playbook to configure IPA servers
@@ -423,7 +421,6 @@ Roles
Modules in plugin/modules Modules in plugin/modules
========================= =========================
* [ipaautomember](README-automember.md)
* [ipaconfig](README-config.md) * [ipaconfig](README-config.md)
* [ipadelegation](README-delegation.md) * [ipadelegation](README-delegation.md)
* [ipadnsconfig](README-dnsconfig.md) * [ipadnsconfig](README-dnsconfig.md)
@@ -442,7 +439,6 @@ Modules in plugin/modules
* [ipapwpolicy](README-pwpolicy.md) * [ipapwpolicy](README-pwpolicy.md)
* [iparole](README-role.md) * [iparole](README-role.md)
* [ipaselfservice](README-ipaselfservice.md) * [ipaselfservice](README-ipaselfservice.md)
* [ipaserver](README-server.md)
* [ipaservice](README-service.md) * [ipaservice](README-service.md)
* [ipasudocmd](README-sudocmd.md) * [ipasudocmd](README-sudocmd.md)
* [ipasudocmdgroup](README-sudocmdgroup.md) * [ipasudocmdgroup](README-sudocmdgroup.md)

2
galaxy.yml
View File

@@ -14,6 +14,8 @@ issues: "https://github.com/freeipa/ansible-freeipa/issues"
readme: "README.md" readme: "README.md"
license: "GPL-3.0-or-later" license: "GPL-3.0-or-later"
dependencies:
tags: tags:
- "system" - "system"
- "identity" - "identity"

11
playbooks/automember/automember-group-absent.yml
View File

@@ -1,11 +0,0 @@
---
- name: Automember group absent example
hosts: ipaserver
become: true
tasks:
- name: Ensure group automember rule admins is absent
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: admins
automember_type: group
state: absent

11
playbooks/automember/automember-group-present.yml
View File

@@ -1,11 +0,0 @@
---
- name: Automember group present example
hosts: ipaserver
become: true
tasks:
- name: Ensure group automember rule admins is present
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: admins
automember_type: group
state: present

11
playbooks/automember/automember-hostgroup-absent.yml
View File

@@ -1,11 +0,0 @@
---
- name: Automember hostgroup absent example
hosts: ipaserver
become: true
tasks:
- name: Ensure hostgroup automember rule ipaservers is absent
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: ipaservers
automember_type: hostgroup
state: absent

11
playbooks/automember/automember-hostgroup-present.yml
View File

@@ -1,11 +0,0 @@
---
- name: Automember hostgroup present example
hosts: ipaserver
become: true
tasks:
- name: Ensure hostgroup automember rule ipaservers is absent
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: ipaservers
automember_type: hostgroup
state: present

15
playbooks/automember/automember-hostgroup-rule-absent.yml
View File

@@ -1,15 +0,0 @@
---
- name: Automember hostgroup rule member absent example
hosts: ipaserver
become: true
tasks:
- name: Ensure hostgroup automember condition is absent
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: "My domain hosts"
automember_type: hostgroup
state: absent
action: member
inclusive:
- key: fqdn
expression: ".*.mydomain.com"

15
playbooks/automember/automember-hostgroup-rule-present.yml
View File

@@ -1,15 +0,0 @@
---
- name: Automember hostgroup rule member present example
hosts: ipaserver
become: true
tasks:
- name: Ensure hostgroup automember condition is present
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: "My domain hosts"
automember_type: hostgroup
state: present
action: member
inclusive:
- key: fqdn
expression: ".*.mydomain.com"

12
playbooks/server/server-absent-continue.yml
View File

@@ -1,12 +0,0 @@
---
- name: Server absent continuous mode example
hosts: ipaserver
become: true
tasks:
- name: Ensure server "absent.example.com" is absent continuous mode
ipaserver:
ipaadmin_password: SomeADMINpassword
name: absent.example.com
continue: yes
state: absent

12
playbooks/server/server-absent-force.yml
View File

@@ -1,12 +0,0 @@
---
- name: Server absent with force example
hosts: ipaserver
become: true
tasks:
- name: Ensure server "absent.example.com" is absent with force
ipaserver:
ipaadmin_password: SomeADMINpassword
name: absent.example.com
force: yes
state: absent

12
playbooks/server/server-absent-ignore_last_of_role.yml
View File

@@ -1,12 +0,0 @@
---
- name: Server absent with last of role skip example
hosts: ipaserver
become: true
tasks:
- name: Ensure server "absent.example.com" is absent with last of role skip
ipaserver:
ipaadmin_password: SomeADMINpassword
name: absent.example.com
ignore_last_of_role: yes
state: absent

12
playbooks/server/server-absent-ignore_topology_disconnect.yml
View File

@@ -1,12 +0,0 @@
---
- name: Server absent with ignoring topology disconnects example
hosts: ipaserver
become: true
tasks:
- name: Ensure server "absent.example.com" is absent with ignoring topology disconnects
ipaserver:
ipaadmin_password: SomeADMINpassword
name: absent.example.com
ignore_topology_disconnect: yes
state: absent

11
playbooks/server/server-absent.yml
View File

@@ -1,11 +0,0 @@
---
- name: Server absent example
hosts: ipaserver
become: true
tasks:
- name: Ensure server "absent.example.com" is absent
ipaserver:
ipaadmin_password: SomeADMINpassword
name: absent.example.com
state: absent

11
playbooks/server/server-hidden.yml
View File

@@ -1,11 +0,0 @@
---
- name: Server hidden example
hosts: ipaserver
become: true
tasks:
- name: Ensure server "ipareplica1.example.com" is hidden
ipaserver:
ipaadmin_password: SomeADMINpassword
name: ipareplica1.example.com
hidden: True

11
playbooks/server/server-location.yml
View File

@@ -1,11 +0,0 @@
---
- name: Server enabled example
hosts: ipaserver
become: true
tasks:
- name: Ensure server "{{ 'ipareplica1.' + ipaserver_domain }}" with location "mylocation"
ipaserver:
ipaadmin_password: SomeADMINpassword
name: "{{ 'ipareplica1.' + ipaserver_domain }}"
location: "mylocation"

11
playbooks/server/server-no-location.yml
View File

@@ -1,11 +0,0 @@
---
- name: Server no location example
hosts: ipaserver
become: true
tasks:
- name: Ensure server "ipareplica1.example.com" with no location
ipaserver:
ipaadmin_password: SomeADMINpassword
name: ipareplica1.example.com
location: ""

11
playbooks/server/server-no-service-weight.yml
View File

@@ -1,11 +0,0 @@
---
- name: Server service weight example
hosts: ipaserver
become: true
tasks:
- name: Ensure server "ipareplica1.example.com" with no service weight
ipaserver:
ipaadmin_password: SomeADMINpassword
name: ipareplica1.example.com
service_weight: -1

11
playbooks/server/server-not-hidden.yml
View File

@@ -1,11 +0,0 @@
---
- name: Server not hidden example
hosts: ipaserver
become: true
tasks:
- name: Ensure server "ipareplica1.example.com" is not hidden
ipaserver:
ipaadmin_password: SomeADMINpassword
name: ipareplica1.example.com
hidden: no

10
playbooks/server/server-present.yml
View File

@@ -1,10 +0,0 @@
---
- name: Server present example
hosts: ipaserver
become: true
tasks:
- name: Ensure server "ipareplica1.exmple.com" is present
ipaserver:
ipaadmin_password: SomeADMINpassword
name: ipareplica1.example.com

11
playbooks/server/server-service-weight.yml
View File

@@ -1,11 +0,0 @@
---
- name: Server service weight example
hosts: ipaserver
become: true
tasks:
- name: Ensure server "ipareplica1.example.com" with service weight 1
ipaserver:
ipaadmin_password: SomeADMINpassword
name: ipareplica1.example.com
service_weight: 1

1376
plugins/module_utils/ansible_freeipa_module.py
View File

File diff suppressed because it is too large Load Diff

423
plugins/modules/ipaautomember.py
View File

@@ -1,423 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
# Mark Hahl <mhahl@redhat.com>
# Jake Reynolds <jakealexis@gmail.com>
#
# Copyright (C) 2021 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from ansible.module_utils._text import to_text
from ansible.module_utils.ansible_freeipa_module import (
api_command, api_command_no_name, api_connect, compare_args_ipa,
gen_add_del_lists, temp_kdestroy, temp_kinit, valid_creds,
ipalib_errors
)
from ansible.module_utils.basic import AnsibleModule
ANSIBLE_METADATA = {
"metadata_version": "1.0",
"supported_by": "community",
"status": ["preview"],
}
DOCUMENTATION = """
---
module: ipaautomember
short description: Add and delete FreeIPA Auto Membership Rules.
description: Add, modify and delete an IPA Auto Membership Rules.
options:
ipaadmin_principal:
description: The admin principal
default: admin
ipaadmin_password:
description: The admin password
required: false
name:
description: The automember rule
required: true
aliases: ["cn"]
description:
description: A description of this auto member rule
required: false
automember_type:
description: Grouping to which the rule applies
required: true
type: str
choices: ["group", "hostgroup"]
exclusive:
description: List of dictionaries containing the attribute and expression.
type: list
elements: dict
aliases: ["automemberexclusiveregex"]
options:
key:
description: The attribute of the regex
type: str
required: true
expression:
description: The expression of the regex
type: str
required: true
inclusive:
description: List of dictionaries containing the attribute and expression.
type: list
elements: dict
aliases: ["automemberinclusiveregex"]
options:
key:
description: The attribute of the regex
type: str
required: true
expression:
description: The expression of the regex
type: str
required: true
action:
description: Work on automember or member level
default: automember
choices: ["member", "automember"]
state:
description: State to ensure
default: present
choices: ["present", "absent"]
author:
- Mark Hahl
- Jake Reynolds
"""
EXAMPLES = """
# Ensure an automember rule exists
- ipaautomember:
ipaadmin_password: SomeADMINpassword
name: admins
description: "example description"
automember_type: group
state: present
inclusive:
- key: "mail"
expression: "example.com$
# Delete an automember rule
- ipaautomember:
ipaadmin_password: SomeADMINpassword
name: admins
description: "my automember rule"
automember_type: group
state: absent
# Add an inclusive condition to an existing rule
- ipaautomember:
ipaadmin_password: SomeADMINpassword
name: "My domain hosts"
automember_tye: hostgroup
action: member
inclusive:
- key: fqdn
expression: ".*.mydomain.com"
"""
RETURN = """
"""
def find_automember(module, name, grouping):
_args = {
"all": True,
"type": to_text(grouping)
}
try:
_result = api_command(module, "automember_show", to_text(name), _args)
except ipalib_errors.NotFound:
return None
return _result["result"]
def gen_condition_args(grouping,
key,
inclusiveregex=None,
exclusiveregex=None):
_args = {}
if grouping is not None:
_args['type'] = to_text(grouping)
if key is not None:
_args['key'] = to_text(key)
if inclusiveregex is not None:
_args['automemberinclusiveregex'] = to_text(inclusiveregex)
if exclusiveregex is not None:
_args['automemberexclusiveregex'] = to_text(exclusiveregex)
return _args
def gen_args(description, grouping):
_args = {}
if description is not None:
_args["description"] = to_text(description)
if grouping is not None:
_args['type'] = to_text(grouping)
return _args
def transform_conditions(conditions):
"""Transform a list of dicts into a list with the format of key=value."""
transformed = ['%s=%s' % (condition['key'], condition['expression'])
for condition in conditions]
return transformed
def main():
ansible_module = AnsibleModule(
argument_spec=dict(
# general
ipaadmin_principal=dict(type="str", default="admin"),
ipaadmin_password=dict(type="str", required=False, no_log=True),
inclusive=dict(type="list",
aliases=["automemberinclusiveregex"], default=None,
options=dict(
key=dict(type="str", required=True),
expression=dict(type="str", required=True)
),
elements="dict", required=False),
exclusive=dict(type="list", aliases=[
"automemberexclusiveregex"], default=None,
options=dict(
key=dict(type="str", required=True),
expression=dict(type="str", required=True)
),
elements="dict", required=False),
name=dict(type="list", aliases=["cn"],
default=None, required=True),
description=dict(type="str", default=None),
automember_type=dict(type='str', required=False,
choices=['group', 'hostgroup']),
action=dict(type="str", default="automember",
choices=["member", "automember"]),
state=dict(type="str", default="present",
choices=["present", "absent", "rebuild"]),
users=dict(type="list", default=None),
hosts=dict(type="list", default=None),
),
supports_check_mode=True,
)
ansible_module._ansible_debug = True
# Get parameters
# general
ipaadmin_principal = ansible_module.params.get("ipaadmin_principal")
ipaadmin_password = ansible_module.params.get("ipaadmin_password")
names = ansible_module.params.get("name")
# present
description = ansible_module.params.get("description")
# conditions
inclusive = ansible_module.params.get("inclusive")
exclusive = ansible_module.params.get("exclusive")
# action
action = ansible_module.params.get("action")
# state
state = ansible_module.params.get("state")
# grouping/type
automember_type = ansible_module.params.get("automember_type")
rebuild_users = ansible_module.params.get("users")
rebuild_hosts = ansible_module.params.get("hosts")
if (rebuild_hosts or rebuild_users) and state != "rebuild":
ansible_module.fail_json(
msg="'hosts' and 'users' are only valid with state: rebuild")
if not automember_type and state != "rebuild":
ansible_module.fail_json(
msg="'automember_type' is required unless state: rebuild")
# Init
changed = False
exit_args = {}
ccache_dir = None
ccache_name = None
res_find = None
try:
if not valid_creds(ansible_module, ipaadmin_principal):
ccache_dir, ccache_name = temp_kinit(ipaadmin_principal,
ipaadmin_password)
api_connect()
commands = []
for name in names:
# Make sure automember rule exists
res_find = find_automember(ansible_module, name, automember_type)
# Create command
if state == 'present':
args = gen_args(description, automember_type)
if action == "automember":
if res_find is not None:
if not compare_args_ipa(ansible_module,
args,
res_find,
ignore=['type']):
commands.append([name, 'automember_mod', args])
else:
commands.append([name, 'automember_add', args])
res_find = {}
inclusive_add, inclusive_del = gen_add_del_lists(
transform_conditions(inclusive or []),
res_find.get("automemberinclusiveregex", [])
)
exclusive_add, exclusive_del = gen_add_del_lists(
transform_conditions(exclusive or []),
res_find.get("automemberexclusiveregex", [])
)
elif action == "member":
if res_find is None:
ansible_module.fail_json(
msg="No automember '%s'" % name)
inclusive_add = transform_conditions(inclusive or [])
inclusive_del = []
exclusive_add = transform_conditions(exclusive or [])
exclusive_del = []
for _inclusive in inclusive_add:
key, regex = _inclusive.split("=", 1)
condition_args = gen_condition_args(
automember_type, key, inclusiveregex=regex)
commands.append([name, 'automember_add_condition',
condition_args])
for _inclusive in inclusive_del:
key, regex = _inclusive.split("=", 1)
condition_args = gen_condition_args(
automember_type, key, inclusiveregex=regex)
commands.append([name, 'automember_remove_condition',
condition_args])
for _exclusive in exclusive_add:
key, regex = _exclusive.split("=", 1)
condition_args = gen_condition_args(
automember_type, key, exclusiveregex=regex)
commands.append([name, 'automember_add_condition',
condition_args])
for _exclusive in exclusive_del:
key, regex = _exclusive.split("=", 1)
condition_args = gen_condition_args(
automember_type, key, exclusiveregex=regex)
commands.append([name, 'automember_remove_condition',
condition_args])
elif state == 'absent':
if action == "automember":
if res_find is not None:
commands.append([name, 'automember_del',
{'type': to_text(automember_type)}])
elif action == "member":
if res_find is None:
ansible_module.fail_json(
msg="No automember '%s'" % name)
if inclusive is not None:
for _inclusive in transform_conditions(inclusive):
key, regex = _inclusive.split("=", 1)
condition_args = gen_condition_args(
automember_type, key, inclusiveregex=regex)
commands.append(
[name, 'automember_remove_condition',
condition_args])
if exclusive is not None:
for _exclusive in transform_conditions(exclusive):
key, regex = _exclusive.split("=", 1)
condition_args = gen_condition_args(
automember_type, key, exclusiveregex=regex)
commands.append([name,
'automember_remove_condition',
condition_args])
elif state == "rebuild":
if automember_type:
commands.append([None, 'automember_rebuild',
{"type": to_text(automember_type)}])
if rebuild_users:
commands.append([None, 'automember_rebuild',
{"users": [
to_text(_u)
for _u in rebuild_users]}])
if rebuild_hosts:
commands.append([None, 'automember_rebuild',
{"hosts": [
to_text(_h)
for _h in rebuild_hosts]}])
# Check mode exit
if ansible_module.check_mode:
ansible_module.exit_json(changed=len(commands) > 0, **exit_args)
for name, command, args in commands:
try:
if name is None:
result = api_command_no_name(ansible_module, command, args)
else:
result = api_command(ansible_module, command,
to_text(name), args)
if "completed" in result:
if result["completed"] > 0:
changed = True
else:
changed = True
except Exception as ex:
ansible_module.fail_json(msg="%s: %s: %s" % (command, name,
str(ex)))
# result["failed"] is used only for INCLUDE_RE, EXCLUDE_RE
# if entries could not be added that are already there and
# it entries could not be removed that are not there.
# All other issues like invalid attributes etc. are handled
# as exceptions. Therefore the error section is not here as
# in other modules.
except Exception as e:
ansible_module.fail_json(msg=str(e))
finally:
temp_kdestroy(ccache_dir, ccache_name)
# Done
ansible_module.exit_json(changed=changed, **exit_args)
if __name__ == "__main__":
main()

38
plugins/modules/ipaconfig.py
View File

@@ -254,7 +254,8 @@ config:
from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_freeipa_module import temp_kinit, \ from ansible.module_utils.ansible_freeipa_module import temp_kinit, \
temp_kdestroy, valid_creds, api_connect, api_command_no_name, \ temp_kdestroy, valid_creds, api_connect, api_command_no_name, \
compare_args_ipa, module_params_get, ipalib_errors compare_args_ipa, module_params_get
import ipalib.errors
def config_show(module): def config_show(module):
@@ -264,7 +265,10 @@ def config_show(module):
def gen_args(params): def gen_args(params):
_args = {k: v for k, v in params.items() if v is not None} _args = {}
for k, v in params.items():
if v is not None:
_args[k] = v
return _args return _args
@@ -365,7 +369,7 @@ def main():
reverse_field_map = {v: k for k, v in field_map.items()} reverse_field_map = {v: k for k, v in field_map.items()}
params = {} params = {}
for x in field_map: for x in field_map.keys():
val = module_params_get(ansible_module, x) val = module_params_get(ansible_module, x)
if val is not None: if val is not None:
@@ -399,11 +403,11 @@ def main():
("ipasearchrecordslimit", -1, 2147483647), ("ipasearchrecordslimit", -1, 2147483647),
("ipapwdexpadvnotify", 0, 2147483647), ("ipapwdexpadvnotify", 0, 2147483647),
] ]
for arg, minimum, maximum in args_with_limits: for arg, min, max in args_with_limits:
if arg in params and (params[arg] > maximum or params[arg] < minimum): if arg in params and (params[arg] > max or params[arg] < min):
ansible_module.fail_json( ansible_module.fail_json(
msg="Argument '%s' must be between %d and %d." msg="Argument '%s' must be between %d and %d."
% (arg, minimum, maximum)) % (arg, min, max))
changed = False changed = False
exit_args = {} exit_args = {}
@@ -431,7 +435,7 @@ def main():
rawresult = api_command_no_name(ansible_module, "config_show", {}) rawresult = api_command_no_name(ansible_module, "config_show", {})
result = rawresult['result'] result = rawresult['result']
del result['dn'] del result['dn']
for key, value in result.items(): for key, v in result.items():
k = reverse_field_map.get(key, key) k = reverse_field_map.get(key, key)
if ansible_module.argument_spec.get(k): if ansible_module.argument_spec.get(k):
if k == 'ipaselinuxusermaporder': if k == 'ipaselinuxusermaporder':
@@ -446,21 +450,21 @@ def main():
elif k == 'groupsearch': elif k == 'groupsearch':
exit_args['groupsearch'] = \ exit_args['groupsearch'] = \
result.get(key)[0].split(',') result.get(key)[0].split(',')
elif isinstance(value, str) and \ elif isinstance(v, str) and \
ansible_module.argument_spec[k]['type'] == "list": ansible_module.argument_spec[k]['type'] == "list":
exit_args[k] = [value] exit_args[k] = [v]
elif isinstance(value, list) and \ elif isinstance(v, list) and \
ansible_module.argument_spec[k]['type'] == "str": ansible_module.argument_spec[k]['type'] == "str":
exit_args[k] = ",".join(value) exit_args[k] = ",".join(v)
elif isinstance(value, list) and \ elif isinstance(v, list) and \
ansible_module.argument_spec[k]['type'] == "int": ansible_module.argument_spec[k]['type'] == "int":
exit_args[k] = ",".join(value) exit_args[k] = ",".join(v)
elif isinstance(value, list) and \ elif isinstance(v, list) and \
ansible_module.argument_spec[k]['type'] == "bool": ansible_module.argument_spec[k]['type'] == "bool":
exit_args[k] = (value[0] == "TRUE") exit_args[k] = (v[0] == "TRUE")
else: else:
exit_args[k] = value exit_args[k] = v
except ipalib_errors.EmptyModlist: except ipalib.errors.EmptyModlist:
changed = False changed = False
except Exception as e: except Exception as e:
ansible_module.fail_json(msg="%s %s" % (params, str(e))) ansible_module.fail_json(msg="%s %s" % (params, str(e)))

4
plugins/modules/ipadnsconfig.py
View File

@@ -114,8 +114,8 @@ def find_dnsconfig(module):
if _result["result"].get('idnsforwarders', None) is None: if _result["result"].get('idnsforwarders', None) is None:
_result["result"]['idnsforwarders'] = [''] _result["result"]['idnsforwarders'] = ['']
return _result["result"] return _result["result"]
else:
module.fail_json(msg="Could not retrieve current DNS configuration.") module.fail_json(msg="Could not retrieve current DNS configuration.")
return None return None

8
plugins/modules/ipadnsforwardzone.py
View File

@@ -135,8 +135,8 @@ def find_dnsforwardzone(module, name):
msg="There is more than one dnsforwardzone '%s'" % (name)) msg="There is more than one dnsforwardzone '%s'" % (name))
elif len(_result["result"]) == 1: elif len(_result["result"]) == 1:
return _result["result"][0] return _result["result"][0]
else:
return None return None
def gen_args(forwarders, forwardpolicy, skip_overlap_check): def gen_args(forwarders, forwardpolicy, skip_overlap_check):
@@ -386,8 +386,8 @@ def main():
**exit_args) **exit_args)
# Execute commands # Execute commands
for _name, command, args in commands: for name, command, args in commands:
api_command(ansible_module, command, _name, args) api_command(ansible_module, command, name, args)
changed = True changed = True
except Exception as e: except Exception as e:

12
plugins/modules/ipadnsrecord.py
View File

@@ -868,10 +868,10 @@ from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils._text import to_text from ansible.module_utils._text import to_text
from ansible.module_utils.ansible_freeipa_module import temp_kinit, \ from ansible.module_utils.ansible_freeipa_module import temp_kinit, \
temp_kdestroy, valid_creds, api_connect, api_command, module_params_get, \ temp_kdestroy, valid_creds, api_connect, api_command, module_params_get, \
is_ipv4_addr, is_ipv6_addr, ipalib_errors is_ipv4_addr, is_ipv6_addr
import dns.reversename import dns.reversename
import dns.resolver import dns.resolver
import ipalib.errors
import six import six
@@ -1150,7 +1150,7 @@ def find_dnsrecord(module, dnszone, name):
try: try:
_result = api_command( _result = api_command(
module, "dnsrecord_show", to_text(dnszone), _args) module, "dnsrecord_show", to_text(dnszone), _args)
except ipalib_errors.NotFound: except ipalib.errors.NotFound:
return None return None
return _result["result"] return _result["result"]
@@ -1377,7 +1377,7 @@ def define_commands_for_present_state(module, zone_name, entry, res_find):
_args['idnsname'] = name _args['idnsname'] = name
_commands.append([zone_name, 'dnsrecord_add', _args]) _commands.append([zone_name, 'dnsrecord_add', _args])
# clean used fields from args # clean used fields from args
for f in part_fields: # pylint: disable=invalid-name for f in part_fields:
if f in args: if f in args:
del args[f] del args[f]
else: else:
@@ -1509,9 +1509,9 @@ def main():
else: else:
changed = True changed = True
except ipalib_errors.EmptyModlist: except ipalib.errors.EmptyModlist:
continue continue
except ipalib_errors.DuplicateEntry: except ipalib.errors.DuplicateEntry:
continue continue
except Exception as e: except Exception as e:
error_message = str(e) error_message = str(e)

58
plugins/modules/ipadnszone.py
View File

@@ -212,9 +212,9 @@ from ansible.module_utils.ansible_freeipa_module import (
FreeIPABaseModule, FreeIPABaseModule,
is_ip_address, is_ip_address,
is_ip_network_address, is_ip_network_address,
is_valid_port, is_valid_port
ipalib_errors
) # noqa: E402 ) # noqa: E402
import ipalib.errors
import netaddr import netaddr
import six import six
@@ -263,18 +263,22 @@ class DNSZoneModule(FreeIPABaseModule):
if any(invalid_ips): if any(invalid_ips):
self.fail_json(msg=error_msg % invalid_ips) self.fail_json(msg=error_msg % invalid_ips)
def is_valid_nsec3param_rec(self, nsec3param_rec): # pylint: disable=R0201 def is_valid_nsec3param_rec(self, nsec3param_rec):
try: try:
part1, part2, part3, part4 = nsec3param_rec.split(" ") part1, part2, part3, part4 = nsec3param_rec.split(" ")
except ValueError: except ValueError:
return False return False
if ( if not all([part1.isdigit(), part2.isdigit(), part3.isdigit()]):
not all([part1.isdigit(), part2.isdigit(), part3.isdigit()]) return False
or not 0 <= int(part1) <= 255
or not 0 <= int(part2) <= 255 if not 0 <= int(part1) <= 255:
or not 0 <= int(part3) <= 65535 return False
):
if not 0 <= int(part2) <= 255:
return False
if not 0 <= int(part3) <= 65535:
return False return False
try: try:
@@ -294,7 +298,7 @@ class DNSZoneModule(FreeIPABaseModule):
return True return True
def get_ipa_nsec3paramrecord(self, **_kwargs): # pylint: disable=R1710 def get_ipa_nsec3paramrecord(self, **kwargs):
nsec3param_rec = self.ipa_params.nsec3param_rec nsec3param_rec = self.ipa_params.nsec3param_rec
if nsec3param_rec is not None: if nsec3param_rec is not None:
error_msg = ( error_msg = (
@@ -306,12 +310,12 @@ class DNSZoneModule(FreeIPABaseModule):
self.fail_json(msg=error_msg) self.fail_json(msg=error_msg)
return nsec3param_rec return nsec3param_rec
def get_ipa_idnsforwarders(self, **_kwargs): # pylint: disable=R1710 def get_ipa_idnsforwarders(self, **kwargs):
if self.ipa_params.forwarders is not None: if self.ipa_params.forwarders is not None:
forwarders = [] forwarders = []
for forwarder in self.ipa_params.forwarders: for forwarder in self.ipa_params.forwarders:
ip_address = forwarder.get("ip_address") ip_address = forwarder.get("ip_address")
if not is_ip_address(ip_address): if not (is_ip_address(ip_address)):
self.fail_json( self.fail_json(
msg="Invalid IP for DNS forwarder: %s" % ip_address msg="Invalid IP for DNS forwarder: %s" % ip_address
) )
@@ -330,14 +334,14 @@ class DNSZoneModule(FreeIPABaseModule):
return forwarders return forwarders
def get_ipa_idnsallowtransfer(self, **_kwargs): # pylint: disable=R1710 def get_ipa_idnsallowtransfer(self, **kwargs):
if self.ipa_params.allow_transfer is not None: if self.ipa_params.allow_transfer is not None:
error_msg = "Invalid ip_address for DNS allow_transfer: %s" error_msg = "Invalid ip_address for DNS allow_transfer: %s"
self.validate_ips(self.ipa_params.allow_transfer, error_msg) self.validate_ips(self.ipa_params.allow_transfer, error_msg)
return (";".join(self.ipa_params.allow_transfer) or "none") + ";" return (";".join(self.ipa_params.allow_transfer) or "none") + ";"
def get_ipa_idnsallowquery(self, **_kwargs): # pylint: disable=R1710 def get_ipa_idnsallowquery(self, **kwargs):
if self.ipa_params.allow_query is not None: if self.ipa_params.allow_query is not None:
error_msg = "Invalid ip_address for DNS allow_query: %s" error_msg = "Invalid ip_address for DNS allow_query: %s"
self.validate_ips(self.ipa_params.allow_query, error_msg) self.validate_ips(self.ipa_params.allow_query, error_msg)
@@ -360,27 +364,27 @@ class DNSZoneModule(FreeIPABaseModule):
return ".".join((name, domain)) return ".".join((name, domain))
def get_ipa_idnssoarname(self, **_kwargs): # pylint: disable=R1710 def get_ipa_idnssoarname(self, **kwargs):
if self.ipa_params.admin_email is not None: if self.ipa_params.admin_email is not None:
return DNSName( return DNSName(
self._replace_at_symbol_in_rname(self.ipa_params.admin_email) self._replace_at_symbol_in_rname(self.ipa_params.admin_email)
) )
def get_ipa_idnssoamname(self, **_kwargs): # pylint: disable=R1710 def get_ipa_idnssoamname(self, **kwargs):
if self.ipa_params.name_server is not None: if self.ipa_params.name_server is not None:
return DNSName(self.ipa_params.name_server) return DNSName(self.ipa_params.name_server)
def get_ipa_skip_overlap_check(self, **kwargs): # pylint: disable=R1710 def get_ipa_skip_overlap_check(self, **kwargs):
zone = kwargs.get('zone') zone = kwargs.get('zone')
if not zone and self.ipa_params.skip_overlap_check is not None: if not zone and self.ipa_params.skip_overlap_check is not None:
return self.ipa_params.skip_overlap_check return self.ipa_params.skip_overlap_check
def get_ipa_skip_nameserver_check(self, **kwargs): # pylint: disable=R1710 def get_ipa_skip_nameserver_check(self, **kwargs):
zone = kwargs.get('zone') zone = kwargs.get('zone')
if not zone and self.ipa_params.skip_nameserver_check is not None: if not zone and self.ipa_params.skip_nameserver_check is not None:
return self.ipa_params.skip_nameserver_check return self.ipa_params.skip_nameserver_check
def __reverse_zone_name(self, ipaddress): # pylint: disable=R1710 def __reverse_zone_name(self, ipaddress):
""" """
Infer reverse zone name from an ip address. Infer reverse zone name from an ip address.
@@ -400,16 +404,17 @@ class DNSZoneModule(FreeIPABaseModule):
ip_version = ip.version ip_version = ip.version
if ip_version == 4: if ip_version == 4:
return u'.'.join(items[4 - prefixlen // 8:]) return u'.'.join(items[4 - prefixlen // 8:])
if ip_version == 6: elif ip_version == 6:
return u'.'.join(items[32 - prefixlen // 4:]) return u'.'.join(items[32 - prefixlen // 4:])
self.fail_json(msg="Invalid IP version for reverse zone.") else:
self.fail_json(msg="Invalid IP version for reverse zone.")
def get_zone(self, zone_name): def get_zone(self, zone_name):
get_zone_args = {"idnsname": zone_name, "all": True} get_zone_args = {"idnsname": zone_name, "all": True}
try: try:
response = self.api_command("dnszone_show", args=get_zone_args) response = self.api_command("dnszone_show", args=get_zone_args)
except ipalib_errors.NotFound: except ipalib.errors.NotFound:
zone = None zone = None
is_zone_active = False is_zone_active = False
else: else:
@@ -487,20 +492,13 @@ class DNSZoneModule(FreeIPABaseModule):
# See: # See:
# - https://pagure.io/freeipa/issue/8227 # - https://pagure.io/freeipa/issue/8227
# - https://pagure.io/freeipa/issue/8489 # - https://pagure.io/freeipa/issue/8489
# Only set SOA Serial if it is not set already. if set_serial:
if (set_serial and
(zone is None
or "idnssoaserial" not in zone
or zone["idnssoaserial"] is None
or zone["idnssoaserial"][0] != str(self.ipa_params.serial)
)):
args = { args = {
"idnssoaserial": self.ipa_params.serial, "idnssoaserial": self.ipa_params.serial,
} }
self.add_ipa_command("dnszone_mod", zone_name, args) self.add_ipa_command("dnszone_mod", zone_name, args)
def process_command_result(self, name, command, args, result): def process_command_result(self, name, command, args, result):
# pylint: disable=super-with-arguments
super(DNSZoneModule, self).process_command_result( super(DNSZoneModule, self).process_command_result(
name, command, args, result name, command, args, result
) )

70
plugins/modules/ipagroup.py
View File

@@ -185,8 +185,7 @@ RETURN = """
from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_freeipa_module import temp_kinit, \ from ansible.module_utils.ansible_freeipa_module import temp_kinit, \
temp_kdestroy, valid_creds, api_connect, api_command, compare_args_ipa, \ temp_kdestroy, valid_creds, api_connect, api_command, compare_args_ipa, \
api_check_param, module_params_get, gen_add_del_lists, api_check_command, \ api_check_param, module_params_get, gen_add_del_lists, api_check_command
gen_add_list, gen_intersection_list
def find_group(module, name): def find_group(module, name):
@@ -202,8 +201,8 @@ def find_group(module, name):
msg="There is more than one group '%s'" % (name)) msg="There is more than one group '%s'" % (name))
elif len(_result["result"]) == 1: elif len(_result["result"]) == 1:
return _result["result"][0] return _result["result"][0]
else:
return None return None
def gen_args(description, gid, nomembers): def gen_args(description, gid, nomembers):
@@ -557,43 +556,12 @@ def main():
"non-external group." "non-external group."
) )
# Reduce add lists for member_user, member_group,
# member_service and member_external to new entries
# only that are not in res_find.
if user is not None and "member_user" in res_find:
user = gen_add_list(
user, res_find["member_user"])
if group is not None and "member_group" in res_find:
group = gen_add_list(
group, res_find["member_group"])
if service is not None and "member_service" in res_find:
service = gen_add_list(
service, res_find["member_service"])
if externalmember is not None \
and "member_external" in res_find:
externalmember = gen_add_list(
externalmember, res_find["member_external"])
if any([user, group, service, externalmember]): if any([user, group, service, externalmember]):
commands.append( commands.append(
[name, "group_add_member", add_member_args] [name, "group_add_member", add_member_args]
) )
if has_add_membermanager: if has_add_membermanager:
# Reduce add list for membermanager_user and
# membermanager_group to new entries only that are
# not in res_find.
if membermanager_user is not None \
and "membermanager_user" in res_find:
membermanager_user = gen_add_list(
membermanager_user,
res_find["membermanager_user"])
if membermanager_group is not None \
and "membermanager_group" in res_find:
membermanager_group = gen_add_list(
membermanager_group,
res_find["membermanager_group"])
# Add membermanager users and groups # Add membermanager users and groups
if membermanager_user is not None or \ if membermanager_user is not None or \
membermanager_group is not None: membermanager_group is not None:
@@ -628,40 +596,12 @@ def main():
"non-external group." "non-external group."
) )
# Reduce del lists of member_user, member_group,
# member_service and member_external to the entries only
# that are in res_find.
if user is not None:
user = gen_intersection_list(
user, res_find.get("member_user"))
if group is not None:
group = gen_intersection_list(
group, res_find.get("member_group"))
if service is not None:
service = gen_intersection_list(
service, res_find.get("member_service"))
if externalmember is not None:
externalmember = gen_intersection_list(
externalmember, res_find.get("member_external"))
if any([user, group, service, externalmember]): if any([user, group, service, externalmember]):
commands.append( commands.append(
[name, "group_remove_member", del_member_args] [name, "group_remove_member", del_member_args]
) )
if has_add_membermanager: if has_add_membermanager:
# Reduce del lists of membermanager_user and
# membermanager_group to the entries only that are
# in res_find.
if membermanager_user is not None:
membermanager_user = gen_intersection_list(
membermanager_user,
res_find.get("membermanager_user"))
if membermanager_group is not None:
membermanager_group = gen_intersection_list(
membermanager_group,
res_find.get("membermanager_group"))
# Remove membermanager users and groups # Remove membermanager users and groups
if membermanager_user is not None or \ if membermanager_user is not None or \
membermanager_group is not None: membermanager_group is not None:
@@ -695,12 +635,16 @@ def main():
ansible_module.fail_json(msg="%s: %s: %s" % (command, name, ansible_module.fail_json(msg="%s: %s: %s" % (command, name,
str(e))) str(e)))
# Get all errors # Get all errors
# All "already a member" and "not a member" failures in the
# result are ignored. All others are reported. # result are ignored. All others are reported.
errors = [] errors = []
for failed_item in result.get("failed", []): for failed_item in result.get("failed", []):
failed = result["failed"][failed_item] failed = result["failed"][failed_item]
for member_type in failed: for member_type in failed:
for member, failure in failed[member_type]: for member, failure in failed[member_type]:
if "already a member" in failure \
or "not a member" in failure:
continue
errors.append("%s: %s %s: %s" % ( errors.append("%s: %s %s: %s" % (
command, member_type, member, failure)) command, member_type, member, failure))
if len(errors) > 0: if len(errors) > 0:

112
plugins/modules/ipahbacrule.py
View File

@@ -159,7 +159,7 @@ RETURN = """
from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_freeipa_module import temp_kinit, \ from ansible.module_utils.ansible_freeipa_module import temp_kinit, \
temp_kdestroy, valid_creds, api_connect, api_command, compare_args_ipa, \ temp_kdestroy, valid_creds, api_connect, api_command, compare_args_ipa, \
module_params_get, gen_add_del_lists, gen_add_list, gen_intersection_list module_params_get, gen_add_del_lists
def find_hbacrule(module, name): def find_hbacrule(module, name):
@@ -175,8 +175,8 @@ def find_hbacrule(module, name):
msg="There is more than one hbacrule '%s'" % (name)) msg="There is more than one hbacrule '%s'" % (name))
elif len(_result["result"]) == 1: elif len(_result["result"]) == 1:
return _result["result"][0] return _result["result"][0]
else:
return None return None
def gen_args(description, usercategory, hostcategory, servicecategory, def gen_args(description, usercategory, hostcategory, servicecategory,
@@ -340,22 +340,6 @@ def main():
if action == "hbacrule": if action == "hbacrule":
# Found the hbacrule # Found the hbacrule
if res_find is not None: if res_find is not None:
# Remove usercategory, hostcategory and
# servicecategory from args if "" and category
# not in res_find (needed for idempotency)
if "usercategory" in args and \
args["usercategory"] == "" and \
"usercategory" not in res_find:
del args["usercategory"]
if "hostcategory" in args and \
args["hostcategory"] == "" and \
"hostcategory" not in res_find:
del args["hostcategory"]
if "servicecategory" in args and \
args["servicecategory"] == "" and \
"servicecategory" not in res_find:
del args["servicecategory"]
# For all settings is args, check if there are # For all settings is args, check if there are
# different settings in the find result. # different settings in the find result.
# If yes: modify # If yes: modify
@@ -436,18 +420,6 @@ def main():
if res_find is None: if res_find is None:
ansible_module.fail_json(msg="No hbacrule '%s'" % name) ansible_module.fail_json(msg="No hbacrule '%s'" % name)
# Generate add lists for host, hostgroup and
# res_find to only try to add hosts and hostgroups
# that not in hbacrule already
if host is not None and \
"memberhost_host" in res_find:
host = gen_add_list(
host, res_find["memberhost_host"])
if hostgroup is not None and \
"memberhost_hostgroup" in res_find:
hostgroup = gen_add_list(
hostgroup, res_find["memberhost_hostgroup"])
# Add hosts and hostgroups # Add hosts and hostgroups
if host is not None or hostgroup is not None: if host is not None or hostgroup is not None:
commands.append([name, "hbacrule_add_host", commands.append([name, "hbacrule_add_host",
@@ -456,19 +428,6 @@ def main():
"hostgroup": hostgroup, "hostgroup": hostgroup,
}]) }])
# Generate add lists for hbacsvc, hbacsvcgroup and
# res_find to only try to add hbacsvcs and hbacsvcgroups
# that not in hbacrule already
if hbacsvc is not None and \
"memberservice_hbacsvc" in res_find:
hbacsvc = gen_add_list(
hbacsvc, res_find["memberservice_hbacsvc"])
if hbacsvcgroup is not None and \
"memberservice_hbacsvcgroup" in res_find:
hbacsvcgroup = gen_add_list(
hbacsvcgroup,
res_find["memberservice_hbacsvcgroup"])
# Add hbacsvcs and hbacsvcgroups # Add hbacsvcs and hbacsvcgroups
if hbacsvc is not None or hbacsvcgroup is not None: if hbacsvc is not None or hbacsvcgroup is not None:
commands.append([name, "hbacrule_add_service", commands.append([name, "hbacrule_add_service",
@@ -477,18 +436,6 @@ def main():
"hbacsvcgroup": hbacsvcgroup, "hbacsvcgroup": hbacsvcgroup,
}]) }])
# Generate add lists for user, group and
# res_find to only try to add users and groups
# that not in hbacrule already
if user is not None and \
"memberuser_user" in res_find:
user = gen_add_list(
user, res_find["memberuser_user"])
if group is not None and \
"memberuser_group" in res_find:
group = gen_add_list(
group, res_find["memberuser_group"])
# Add users and groups # Add users and groups
if user is not None or group is not None: if user is not None or group is not None:
commands.append([name, "hbacrule_add_user", commands.append([name, "hbacrule_add_user",
@@ -506,22 +453,6 @@ def main():
if res_find is None: if res_find is None:
ansible_module.fail_json(msg="No hbacrule '%s'" % name) ansible_module.fail_json(msg="No hbacrule '%s'" % name)
# Generate intersection lists for host, hostgroup and
# res_find to only try to remove hosts and hostgroups
# that are in hbacrule
if host is not None:
if "memberhost_host" in res_find:
host = gen_intersection_list(
host, res_find["memberhost_host"])
else:
host = None
if hostgroup is not None:
if "memberhost_hostgroup" in res_find:
hostgroup = gen_intersection_list(
hostgroup, res_find["memberhost_hostgroup"])
else:
hostgroup = None
# Remove hosts and hostgroups # Remove hosts and hostgroups
if host is not None or hostgroup is not None: if host is not None or hostgroup is not None:
commands.append([name, "hbacrule_remove_host", commands.append([name, "hbacrule_remove_host",
@@ -530,23 +461,6 @@ def main():
"hostgroup": hostgroup, "hostgroup": hostgroup,
}]) }])
# Generate intersection lists for hbacsvc, hbacsvcgroup
# and res_find to only try to remove hbacsvcs and
# hbacsvcgroups that are in hbacrule
if hbacsvc is not None:
if "memberservice_hbacsvc" in res_find:
hbacsvc = gen_intersection_list(
hbacsvc, res_find["memberservice_hbacsvc"])
else:
hbacsvc = None
if hbacsvcgroup is not None:
if "memberservice_hbacsvcgroup" in res_find:
hbacsvcgroup = gen_intersection_list(
hbacsvcgroup,
res_find["memberservice_hbacsvcgroup"])
else:
hbacsvcgroup = None
# Remove hbacsvcs and hbacsvcgroups # Remove hbacsvcs and hbacsvcgroups
if hbacsvc is not None or hbacsvcgroup is not None: if hbacsvc is not None or hbacsvcgroup is not None:
commands.append([name, "hbacrule_remove_service", commands.append([name, "hbacrule_remove_service",
@@ -555,22 +469,6 @@ def main():
"hbacsvcgroup": hbacsvcgroup, "hbacsvcgroup": hbacsvcgroup,
}]) }])
# Generate intersection lists for user, group and
# res_find to only try to remove users and groups
# that are in hbacrule
if user is not None:
if "memberuser_user" in res_find:
user = gen_intersection_list(
user, res_find["memberuser_user"])
else:
user = None
if group is not None:
if "memberuser_group" in res_find:
group = gen_intersection_list(
group, res_find["memberuser_group"])
else:
group = None
# Remove users and groups # Remove users and groups
if user is not None or group is not None: if user is not None or group is not None:
commands.append([name, "hbacrule_remove_user", commands.append([name, "hbacrule_remove_user",
@@ -622,12 +520,16 @@ def main():
ansible_module.fail_json(msg="%s: %s: %s" % (command, name, ansible_module.fail_json(msg="%s: %s: %s" % (command, name,
str(e))) str(e)))
# Get all errors # Get all errors
# All "already a member" and "not a member" failures in the
# result are ignored. All others are reported. # result are ignored. All others are reported.
if "failed" in result and len(result["failed"]) > 0: if "failed" in result and len(result["failed"]) > 0:
for item in result["failed"]: for item in result["failed"]:
failed_item = result["failed"][item] failed_item = result["failed"][item]
for member_type in failed_item: for member_type in failed_item:
for member, failure in failed_item[member_type]: for member, failure in failed_item[member_type]:
if "already a member" in failure \
or "not a member" in failure:
continue
errors.append("%s: %s %s: %s" % ( errors.append("%s: %s %s: %s" % (
command, member_type, member, failure)) command, member_type, member, failure))
if len(errors) > 0: if len(errors) > 0:

4
plugins/modules/ipahbacsvc.py
View File

@@ -89,8 +89,8 @@ def find_hbacsvc(module, name):
msg="There is more than one hbacsvc '%s'" % (name)) msg="There is more than one hbacsvc '%s'" % (name))
elif len(_result["result"]) == 1: elif len(_result["result"]) == 1:
return _result["result"][0] return _result["result"][0]
else:
return None return None
def gen_args(description): def gen_args(description):

4
plugins/modules/ipahbacsvcgroup.py
View File

@@ -121,8 +121,8 @@ def find_hbacsvcgroup(module, name):
msg="There is more than one hbacsvcgroup '%s'" % (name)) msg="There is more than one hbacsvcgroup '%s'" % (name))
elif len(_result["result"]) == 1: elif len(_result["result"]) == 1:
return _result["result"][0] return _result["result"][0]
else:
return None return None
def gen_args(description, nomembers): def gen_args(description, nomembers):

23
plugins/modules/ipahost.py
View File

@@ -466,7 +466,7 @@ def show_host(module, name):
def gen_args(description, locality, location, platform, os, password, random, def gen_args(description, locality, location, platform, os, password, random,
mac_address, sshpubkey, userclass, auth_ind, requires_pre_auth, mac_address, sshpubkey, userclass, auth_ind, requires_pre_auth,
ok_as_delegate, ok_to_auth_as_delegate, force, _reverse, ok_as_delegate, ok_to_auth_as_delegate, force, reverse,
ip_address, update_dns): ip_address, update_dns):
# certificate, managedby_host, principal, create_keytab_* and # certificate, managedby_host, principal, create_keytab_* and
# allow_retrieve_keytab_* are not handled here # allow_retrieve_keytab_* are not handled here
@@ -529,7 +529,7 @@ def gen_dnsrecord_args(module, ip_address, reverse):
return _args return _args
def check_parameters( # pylint: disable=unused-argument def check_parameters(
module, state, action, module, state, action,
description, locality, location, platform, os, password, random, description, locality, location, platform, os, password, random,
certificate, managedby_host, principal, allow_create_keytab_user, certificate, managedby_host, principal, allow_create_keytab_user,
@@ -862,7 +862,7 @@ def main():
ok_to_auth_as_delegate, force, reverse, ip_address, ok_to_auth_as_delegate, force, reverse, ip_address,
update_dns, update_password) update_dns, update_password)
elif isinstance(host, (str, unicode)): elif isinstance(host, str) or isinstance(host, unicode):
name = host name = host
else: else:
ansible_module.fail_json(msg="Host '%s' is not valid" % ansible_module.fail_json(msg="Host '%s' is not valid" %
@@ -1327,23 +1327,6 @@ def main():
dnsrecord_args = gen_dnsrecord_args(ansible_module, dnsrecord_args = gen_dnsrecord_args(ansible_module,
ip_address, reverse) ip_address, reverse)
# Remove arecord and aaaarecord from dnsrecord_args
# if the record does not exits in res_find_dnsrecord
# to prevent "DNS resource record not found" error
if "arecord" in dnsrecord_args \
and dnsrecord_args["arecord"] is not None \
and len(dnsrecord_args["arecord"]) > 0 \
and (res_find_dnsrecord is None
or "arecord" not in res_find_dnsrecord):
del dnsrecord_args["arecord"]
if "aaaarecord" in dnsrecord_args \
and dnsrecord_args["aaaarecord"] is not None \
and len(dnsrecord_args["aaaarecord"]) > 0 \
and (res_find_dnsrecord is None
or "aaaarecord" not in res_find_dnsrecord):
del dnsrecord_args["aaaarecord"]
if "arecord" in dnsrecord_args or \ if "arecord" in dnsrecord_args or \
"aaaarecord" in dnsrecord_args: "aaaarecord" in dnsrecord_args:
domain_name = name[name.find(".")+1:] domain_name = name[name.find(".")+1:]

54
plugins/modules/ipahostgroup.py
View File

@@ -141,8 +141,7 @@ RETURN = """
from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_freeipa_module import temp_kinit, \ from ansible.module_utils.ansible_freeipa_module import temp_kinit, \
temp_kdestroy, valid_creds, api_connect, api_command, compare_args_ipa, \ temp_kdestroy, valid_creds, api_connect, api_command, compare_args_ipa, \
module_params_get, gen_add_del_lists, api_check_command, api_check_param, \ module_params_get, gen_add_del_lists, api_check_command, api_check_param
gen_add_list, gen_intersection_list
def find_hostgroup(module, name): def find_hostgroup(module, name):
@@ -158,8 +157,8 @@ def find_hostgroup(module, name):
msg="There is more than one hostgroup '%s'" % (name)) msg="There is more than one hostgroup '%s'" % (name))
elif len(_result["result"]) == 1: elif len(_result["result"]) == 1:
return _result["result"][0] return _result["result"][0]
else:
return None return None
def gen_args(description, nomembers, rename): def gen_args(description, nomembers, rename):
@@ -397,15 +396,6 @@ def main():
ansible_module.fail_json( ansible_module.fail_json(
msg="No hostgroup '%s'" % name) msg="No hostgroup '%s'" % name)
# Reduce add lists for member_host and member_hostgroup,
# to new entries only that are not in res_find.
if host is not None and "member_host" in res_find:
host = gen_add_list(host, res_find["member_host"])
if hostgroup is not None \
and "member_hostgroup" in res_find:
hostgroup = gen_add_list(
hostgroup, res_find["member_hostgroup"])
# Ensure members are present # Ensure members are present
commands.append([name, "hostgroup_add_member", commands.append([name, "hostgroup_add_member",
{ {
@@ -414,20 +404,6 @@ def main():
}]) }])
if has_add_membermanager: if has_add_membermanager:
# Reduce add list for membermanager_user and
# membermanager_group to new entries only that are
# not in res_find.
if membermanager_user is not None \
and "membermanager_user" in res_find:
membermanager_user = gen_add_list(
membermanager_user,
res_find["membermanager_user"])
if membermanager_group is not None \
and "membermanager_group" in res_find:
membermanager_group = gen_add_list(
membermanager_group,
res_find["membermanager_group"])
# Add membermanager users and groups # Add membermanager users and groups
if membermanager_user is not None or \ if membermanager_user is not None or \
membermanager_group is not None: membermanager_group is not None:
@@ -465,15 +441,6 @@ def main():
ansible_module.fail_json( ansible_module.fail_json(
msg="No hostgroup '%s'" % name) msg="No hostgroup '%s'" % name)
# Reduce del lists of member_host and member_hostgroup,
# to the entries only that are in res_find.
if host is not None:
host = gen_intersection_list(
host, res_find.get("member_host"))
if hostgroup is not None:
hostgroup = gen_intersection_list(
hostgroup, res_find.get("member_hostgroup"))
# Ensure members are absent # Ensure members are absent
commands.append([name, "hostgroup_remove_member", commands.append([name, "hostgroup_remove_member",
{ {
@@ -482,18 +449,6 @@ def main():
}]) }])
if has_add_membermanager: if has_add_membermanager:
# Reduce del lists of membermanager_user and
# membermanager_group to the entries only that are
# in res_find.
if membermanager_user is not None:
membermanager_user = gen_intersection_list(
membermanager_user,
res_find.get("membermanager_user"))
if membermanager_group is not None:
membermanager_group = gen_intersection_list(
membermanager_group,
res_find.get("membermanager_group"))
# Remove membermanager users and groups # Remove membermanager users and groups
if membermanager_user is not None or \ if membermanager_user is not None or \
membermanager_group is not None: membermanager_group is not None:
@@ -532,6 +487,9 @@ def main():
failed = result["failed"][failed_item] failed = result["failed"][failed_item]
for member_type in failed: for member_type in failed:
for member, failure in failed[member_type]: for member, failure in failed[member_type]:
if "already a member" in failure \
or "not a member" in failure:
continue
errors.append("%s: %s %s: %s" % ( errors.append("%s: %s %s: %s" % (
command, member_type, member, failure)) command, member_type, member, failure))
if len(errors) > 0: if len(errors) > 0:

12
plugins/modules/ipaprivilege.py
View File

@@ -234,22 +234,14 @@ def main():
if action == "privilege": if action == "privilege":
# Found the privilege # Found the privilege
if res_find is not None: if res_find is not None:
res_cmp = {
k: v for k, v in res_find.items()
if k not in [
"objectclass", "cn", "dn",
"memberof_permisssion"
]
}
# For all settings is args, check if there are # For all settings is args, check if there are
# different settings in the find result. # different settings in the find result.
# If yes: modify # If yes: modify
if args and not compare_args_ipa(ansible_module, args, if not compare_args_ipa(ansible_module, args,
res_cmp): res_find):
commands.append([name, "privilege_mod", args]) commands.append([name, "privilege_mod", args])
else: else:
commands.append([name, "privilege_add", args]) commands.append([name, "privilege_add", args])
res_find = {}
member_args = {} member_args = {}
if permission: if permission:

4
plugins/modules/ipapwpolicy.py
View File

@@ -130,8 +130,8 @@ def find_pwpolicy(module, name):
msg="There is more than one pwpolicy '%s'" % (name)) msg="There is more than one pwpolicy '%s'" % (name))
elif len(_result["result"]) == 1: elif len(_result["result"]) == 1:
return _result["result"][0] return _result["result"][0]
else:
return None return None
def gen_args(maxlife, minlife, history, minclasses, minlength, priority, def gen_args(maxlife, minlife, history, minclasses, minlength, priority,

440
plugins/modules/ipaserver.py
View File

@@ -1,440 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
# Thomas Woerner <twoerner@redhat.com>
#
# Copyright (C) 2021 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
ANSIBLE_METADATA = {
"metadata_version": "1.0",
"supported_by": "community",
"status": ["preview"],
}
DOCUMENTATION = """
---
module: ipaserver
short description: Manage FreeIPA server
description: Manage FreeIPA server
options:
ipaadmin_principal:
description: The admin principal.
default: admin
ipaadmin_password:
description: The admin password.
required: false
name:
description: The list of server name strings.
required: true
aliases: ["cn"]
location:
description: |
The server location string.
"" for location reset.
Only in state: present.
required: false
aliases: ["ipalocation_location"]
service_weight:
description: |
Weight for server services
Values 0 to 65535, -1 for weight reset.
Only in state: present.
required: false
type: int
aliases: ["ipaserviceweight"]
hidden:
description: |
Set hidden state of a server.
Only in state: present.
required: false
type: bool
no_members:
description: |
Suppress processing of membership attributes
Only in state: present.
required: false
type: bool
delete_continue:
description: |
Continuous mode: Don't stop on errors.
Only in state: absent.
required: false
type: bool
aliases: ["continue"]
ignore_last_of_role:
description: |
Skip a check whether the last CA master or DNS server is removed.
Only in state: absent.
required: false
type: bool
ignore_topology_disconnect:
description: |
Ignore topology connectivity problems after removal.
Only in state: absent.
required: false
type: bool
force:
description: |
Force server removal even if it does not exist.
Will always result in changed.
Only in state: absent.
required: false
type: bool
state:
description: The state to ensure.
choices: ["present", "absent"]
default: present
required: true
"""
EXAMPLES = """
# Ensure server server.example.com is present
- ipaserver:
ipaadmin_password: SomeADMINpassword
name: server.example.com
# Ensure server server.example.com is absent
- ipaserver:
ipaadmin_password: SomeADMINpassword
name: server.example.com
state: absent
# Ensure server server.example.com is present with location mylocation
- ipaserver:
ipaadmin_password: SomeADMINpassword
name: server.example.com
location: mylocation
# Ensure server server.example.com is present without a location
- ipaserver:
ipaadmin_password: SomeADMINpassword
name: server.example.com
location: ""
# Ensure server server.example.com is present with service weight 1
- ipaserver:
ipaadmin_password: SomeADMINpassword
name: server.example.com
service_weight: 1
# Ensure server server.example.com is present without service weight
- ipaserver:
ipaadmin_password: SomeADMINpassword
name: server.example.com
service_weight: -1
# Ensure server server.example.com is present and hidden
- ipaserver:
ipaadmin_password: SomeADMINpassword
name: server.example.com
hidden: yes
# Ensure server server.example.com is present and not hidden
- ipaserver:
ipaadmin_password: SomeADMINpassword
name: server.example.com
hidden: no
# Ensure server server.example.com is absent in continuous mode in error case
- ipaserver:
ipaadmin_password: SomeADMINpassword
name: server.example.com
continue: yes
state: absent
# Ensure server server.example.com is absent with last of role check skip
- ipaserver:
ipaadmin_password: SomeADMINpassword
name: server.example.com
ignore_last_of_role: yes
state: absent
# Ensure server server.example.com is absent with topology disconnect check
# skip
- ipaserver:
ipaadmin_password: SomeADMINpassword
name: server.example.com
ignore_topology_disconnect: yes
state: absent
# Ensure server server.example.com is absent in force mode
- ipaserver:
ipaadmin_password: SomeADMINpassword
name: server.example.com
force: yes
state: absent
"""
RETURN = """
"""
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_freeipa_module import \
temp_kinit, temp_kdestroy, valid_creds, api_connect, api_command, \
api_command_no_name, compare_args_ipa, module_params_get, DNSName
import six
if six.PY3:
unicode = str
def find_server(module, name):
"""Find if a server with the given name already exist."""
try:
_result = api_command(module, "server_show", name, {"all": True})
except Exception: # pylint: disable=broad-except
# An exception is raised if server name is not found.
return None
else:
return _result["result"]
def server_role_status(module, name):
"""Get server role of a hidden server with the given name."""
try:
_result = api_command_no_name(module, "server_role_find",
{"server_server": name,
"role_servrole": 'IPA master',
"include_master": True,
"raw": True,
"all": True})
except Exception: # pylint: disable=broad-except
# An exception is raised if server name is not found.
return None
else:
return _result["result"][0]
def gen_args(location, service_weight, no_members, delete_continue,
ignore_topology_disconnect, ignore_last_of_role, force):
_args = {}
if location is not None:
if location != "":
_args["ipalocation_location"] = DNSName(location)
else:
_args["ipalocation_location"] = None
if service_weight is not None:
_args["ipaserviceweight"] = service_weight
if no_members is not None:
_args["no_members"] = no_members
if delete_continue is not None:
_args["continue"] = delete_continue
if ignore_topology_disconnect is not None:
_args["ignore_topology_disconnect"] = ignore_topology_disconnect
if ignore_last_of_role is not None:
_args["ignore_last_of_role"] = ignore_last_of_role
if force is not None:
_args["force"] = force
return _args
def main():
ansible_module = AnsibleModule(
argument_spec=dict(
# general
ipaadmin_principal=dict(type="str", default="admin"),
ipaadmin_password=dict(type="str", required=False, no_log=True),
name=dict(type="list", aliases=["cn"],
default=None, required=True),
# present
location=dict(required=False, type='str',
aliases=["ipalocation_location"], default=None),
service_weight=dict(required=False, type='int',
aliases=["ipaserviceweight"], default=None),
hidden=dict(required=False, type='bool', default=None),
no_members=dict(required=False, type='bool', default=None),
# absent
delete_continue=dict(required=False, type='bool',
aliases=["continue"], default=None),
ignore_topology_disconnect=dict(required=False, type='bool',
default=None),
ignore_last_of_role=dict(required=False, type='bool',
default=None),
force=dict(required=False, type='bool',
default=None),
# state
state=dict(type="str", default="present",
choices=["present", "absent"]),
),
supports_check_mode=True,
)
ansible_module._ansible_debug = True
# Get parameters
# general
ipaadmin_principal = module_params_get(ansible_module,
"ipaadmin_principal")
ipaadmin_password = module_params_get(ansible_module, "ipaadmin_password")
names = module_params_get(ansible_module, "name")
# present
location = module_params_get(ansible_module, "location")
service_weight = module_params_get(ansible_module, "service_weight")
# Service weight smaller than 0 leads to resetting service weight
if service_weight is not None and \
(service_weight < -1 or service_weight > 65535):
ansible_module.fail_json(
msg="service_weight %d is out of range [-1 .. 65535]" %
service_weight)
if service_weight == -1:
service_weight = ""
hidden = module_params_get(ansible_module, "hidden")
no_members = module_params_get(ansible_module, "no_members")
# absent
delete_continue = module_params_get(ansible_module, "delete_continue")
ignore_topology_disconnect = module_params_get(
ansible_module, "ignore_topology_disconnect")
ignore_last_of_role = module_params_get(ansible_module,
"ignore_last_of_role")
force = module_params_get(ansible_module, "force")
# state
state = module_params_get(ansible_module, "state")
# Check parameters
invalid = []
if state == "present":
if len(names) != 1:
ansible_module.fail_json(
msg="Only one server can be ensured at a time.")
invalid = ["delete_continue", "ignore_topology_disconnect",
"ignore_last_of_role", "force"]
if state == "absent":
if len(names) < 1:
ansible_module.fail_json(msg="No name given.")
invalid = ["location", "service_weight", "hidden", "no_members"]
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with state '%s'" %
(x, state))
# Init
changed = False
exit_args = {}
ccache_dir = None
ccache_name = None
try:
if not valid_creds(ansible_module, ipaadmin_principal):
ccache_dir, ccache_name = temp_kinit(ipaadmin_principal,
ipaadmin_password)
api_connect()
commands = []
for name in names:
# Make sure server exists
res_find = find_server(ansible_module, name)
# Generate args
args = gen_args(location, service_weight, no_members,
delete_continue, ignore_topology_disconnect,
ignore_last_of_role, force)
# Create command
if state == "present":
# Server not found
if res_find is None:
ansible_module.fail_json(
msg="Server '%s' not found" % name)
# Remove location from args if "" (transformed to None)
# and "ipalocation_location" not in res_find for idempotency
if "ipalocation_location" in args and \
args["ipalocation_location"] is None and \
"ipalocation_location" not in res_find:
del args["ipalocation_location"]
# Remove service weight from args if ""
# and "ipaserviceweight" not in res_find for idempotency
if "ipaserviceweight" in args and \
args["ipaserviceweight"] == "" and \
"ipaserviceweight" not in res_find:
del args["ipaserviceweight"]
# For all settings is args, check if there are
# different settings in the find result.
# If yes: modify
if not compare_args_ipa(ansible_module, args, res_find):
commands.append([name, "server_mod", args])
# hidden handling
if hidden is not None:
res_role_status = server_role_status(ansible_module,
name)
if "status" in res_role_status:
# Fail if status is configured, it should be done
# only in the installer
if res_role_status["status"] == "configured":
ansible_module.fail_json(
msg="'%s' in configured state, "
"unable to change state" % state)
if hidden and res_role_status["status"] == "enabled":
commands.append([name, "server_state",
{"state": "hidden"}])
if not hidden and \
res_role_status["status"] == "hidden":
commands.append([name, "server_state",
{"state": "enabled"}])
elif state == "absent":
if res_find is not None or force:
commands.append([name, "server_del", args])
else:
ansible_module.fail_json(msg="Unkown state '%s'" % state)
# Execute commands
for name, command, args in commands:
try:
result = api_command(ansible_module, command, name,
args)
if "completed" in result:
if result["completed"] > 0:
changed = True
else:
changed = True
except Exception as e:
ansible_module.fail_json(msg="%s: %s: %s" % (command, name,
str(e)))
except Exception as e:
ansible_module.fail_json(msg=str(e))
finally:
temp_kdestroy(ccache_dir, ccache_name)
# Done
ansible_module.exit_json(changed=changed, **exit_args)
if __name__ == "__main__":
main()

90
plugins/modules/ipaservice.py
View File

@@ -91,7 +91,7 @@ options:
type: list type: list
aliases: ["krbprincipalname"] aliases: ["krbprincipalname"]
smb: smb:
description: Add a SMB service. description: Add a SMB service. Can only be used with new services.
required: false required: false
type: bool type: bool
netbiosname: netbiosname:
@@ -230,17 +230,28 @@ from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_freeipa_module import temp_kinit, \ from ansible.module_utils.ansible_freeipa_module import temp_kinit, \
temp_kdestroy, valid_creds, api_connect, api_command, compare_args_ipa, \ temp_kdestroy, valid_creds, api_connect, api_command, compare_args_ipa, \
encode_certificate, gen_add_del_lists, module_params_get, to_text, \ encode_certificate, gen_add_del_lists, module_params_get, to_text, \
api_check_param, ipalib_errors api_check_param
import ipalib.errors
def find_service(module, name): def find_service(module, name, netbiosname):
_args = { _args = {
"all": True, "all": True,
} }
# Search for a SMB/cifs service.
if netbiosname is not None:
_result = api_command(
module, "service_find", to_text(netbiosname), _args)
for _res_find in _result.get('result', []):
for uid in _res_find.get('uid', []):
if uid.startswith("%s$@" % netbiosname):
return _res_find
try: try:
_result = api_command(module, "service_show", to_text(name), _args) _result = api_command(module, "service_show", to_text(name), _args)
except ipalib_errors.NotFound: except ipalib.errors.NotFound:
return None return None
if "result" in _result: if "result" in _result:
@@ -250,8 +261,8 @@ def find_service(module, name):
_res["usercertificate"] = [encode_certificate(cert) for _res["usercertificate"] = [encode_certificate(cert) for
cert in certs] cert in certs]
return _res return _res
else:
return None return None
def gen_args(pac_type, auth_ind, skip_host_check, force, requires_pre_auth, def gen_args(pac_type, auth_ind, skip_host_check, force, requires_pre_auth,
@@ -276,19 +287,6 @@ def gen_args(pac_type, auth_ind, skip_host_check, force, requires_pre_auth,
return _args return _args
def gen_args_smb(netbiosname, ok_as_delegate, ok_to_auth_as_delegate):
_args = {}
if netbiosname is not None:
_args['ipantflatname'] = netbiosname
if ok_as_delegate is not None:
_args['ipakrbokasdelegate'] = (ok_as_delegate)
if ok_to_auth_as_delegate is not None:
_args['ipakrboktoauthasdelegate'] = (ok_to_auth_as_delegate)
return _args
def check_parameters(module, state, action, names, parameters): def check_parameters(module, state, action, names, parameters):
assert isinstance(parameters, dict) assert isinstance(parameters, dict)
@@ -312,13 +310,15 @@ def check_parameters(module, state, action, names, parameters):
if action == 'service': if action == 'service':
invalid = ['delete_continue'] invalid = ['delete_continue']
if ( if parameters.get('smb', False):
not parameters.get('smb', False) invalid.extend(['force', 'auth_ind', 'skip_host_check',
and parameters.get('netbiosname') 'requires_pre_auth', 'auth_ind', 'pac_type'])
):
module.fail_json( for _invalid in invalid:
msg="Argument 'netbiosname' can not be used without " if parameters.get(_invalid, False):
"SMB service.") module.fail_json(
msg="Argument '%s' can not be used with SMB "
"service." % _invalid)
else: else:
invalid.append('delete_continue') invalid.append('delete_continue')
@@ -494,9 +494,11 @@ def main():
commands = [] commands = []
for name in names: for name in names:
res_find = find_service(ansible_module, name) res_find = find_service(ansible_module, name, netbiosname)
if state == "present": if state == "present":
# if service exists, 'smb' cannot be used.
if action == "service": if action == "service":
args = gen_args( args = gen_args(
pac_type, auth_ind, skip_host_check, force, pac_type, auth_ind, skip_host_check, force,
@@ -505,24 +507,13 @@ def main():
if not has_skip_host_check and 'skip_host_check' in args: if not has_skip_host_check and 'skip_host_check' in args:
del args['skip_host_check'] del args['skip_host_check']
if smb:
if res_find is None:
_name = "cifs/" + name
res_find = find_service(ansible_module, _name)
if res_find is None:
_args = gen_args_smb(
netbiosname, ok_as_delegate,
ok_to_auth_as_delegate)
commands.append(
[name, 'service_add_smb', _args])
res_find = {}
# service_add_smb will prefix 'name' with
# "cifs/", so we will need to change it here,
# so that service_mod, if called later, works.
name = _name
if res_find is None: if res_find is None:
commands.append([name, 'service_add', args]) if smb:
if netbiosname is not None:
args['ipantflatname'] = netbiosname
commands.append([name, 'service_add_smb', args])
else:
commands.append([name, 'service_add', args])
certificate_add = certificate or [] certificate_add = certificate or []
certificate_del = [] certificate_del = []
@@ -560,15 +551,6 @@ def main():
if remove in args: if remove in args:
del args[remove] del args[remove]
if (
"krbprincipalauthind" in args
and (
args.get("krbprincipalauthind", [""]) ==
res_find.get("krbprincipalauthind", [""])
)
):
del args["krbprincipalauthind"]
if not compare_args_ipa(ansible_module, args, if not compare_args_ipa(ansible_module, args,
res_find): res_find):
commands.append([name, "service_mod", args]) commands.append([name, "service_mod", args])
@@ -771,7 +753,7 @@ def main():
elif state == "absent": elif state == "absent":
if action == "service": if action == "service":
if res_find is not None: if res_find is not None:
args = {'continue': delete_continue} args = {'continue': True if delete_continue else False}
commands.append([name, 'service_del', args]) commands.append([name, 'service_del', args])
elif action == "member": elif action == "member":

12
plugins/modules/ipasudocmd.py
View File

@@ -56,15 +56,15 @@ author:
EXAMPLES = """ EXAMPLES = """
# Ensure sudocmd is present # Ensure sudocmd is present
- ipasudocmd: - ipacommand:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: /usr/bin/su name: su
state: present state: present
# Ensure sudocmd is absent # Ensure sudocmd is absent
- ipasudocmd: - ipacommand:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: /usr/bin/su name: su
state: absent state: absent
""" """
@@ -90,8 +90,8 @@ def find_sudocmd(module, name):
msg="There is more than one sudocmd '%s'" % (name)) msg="There is more than one sudocmd '%s'" % (name))
elif len(_result["result"]) == 1: elif len(_result["result"]) == 1:
return _result["result"][0] return _result["result"][0]
else:
return None return None
def gen_args(description): def gen_args(description):

6
plugins/modules/ipasudocmdgroup.py
View File

@@ -107,7 +107,9 @@ from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils._text import to_text from ansible.module_utils._text import to_text
from ansible.module_utils.ansible_freeipa_module import temp_kinit, \ from ansible.module_utils.ansible_freeipa_module import temp_kinit, \
temp_kdestroy, valid_creds, api_connect, api_command, compare_args_ipa, \ temp_kdestroy, valid_creds, api_connect, api_command, compare_args_ipa, \
gen_add_del_lists, ipalib_errors gen_add_del_lists
import ipalib
def find_sudocmdgroup(module, name): def find_sudocmdgroup(module, name):
@@ -115,7 +117,7 @@ def find_sudocmdgroup(module, name):
try: try:
_result = api_command(module, "sudocmdgroup_show", to_text(name), args) _result = api_command(module, "sudocmdgroup_show", to_text(name), args)
except ipalib_errors.NotFound: except ipalib.errors.NotFound:
return None return None
else: else:
return _result["result"] return _result["result"]

32
plugins/modules/ipasudorule.py
View File

@@ -53,7 +53,7 @@ options:
required: false required: false
choices: ["all", ""] choices: ["all", ""]
aliases: ["usercat"] aliases: ["usercat"]
group: usergroup:
description: List of user groups assigned to the sudo rule. description: List of user groups assigned to the sudo rule.
required: false required: false
runasgroupcategory: runasgroupcategory:
@@ -206,8 +206,8 @@ def find_sudorule(module, name):
msg="There is more than one sudorule '%s'" % (name)) msg="There is more than one sudorule '%s'" % (name))
elif len(_result["result"]) == 1: elif len(_result["result"]) == 1:
return _result["result"][0] return _result["result"][0]
else:
return None return None
def gen_args(description, usercat, hostcat, cmdcat, runasusercat, def gen_args(description, usercat, hostcat, cmdcat, runasusercat,
@@ -416,32 +416,6 @@ def main():
if action == "sudorule": if action == "sudorule":
# Found the sudorule # Found the sudorule
if res_find is not None: if res_find is not None:
# Remove empty usercategory, hostcategory,
# cmdcaterory, runasusercategory and hostcategory
# from args if "" and if the category is not in the
# sudorule. The empty string is used to reset the
# category.
if "usercategory" in args \
and args["usercategory"] == "" \
and "usercategory" not in res_find:
del args["usercategory"]
if "hostcategory" in args \
and args["hostcategory"] == "" \
and "hostcategory" not in res_find:
del args["hostcategory"]
if "cmdcategory" in args \
and args["cmdcategory"] == "" \
and "cmdcategory" not in res_find:
del args["cmdcategory"]
if "ipasudorunasusercategory" in args \
and args["ipasudorunasusercategory"] == "" \
and "ipasudorunasusercategory" not in res_find:
del args["ipasudorunasusercategory"]
if "ipasudorunasgroupcategory" in args \
and args["ipasudorunasgroupcategory"] == "" \
and "ipasudorunasgroupcategory" not in res_find:
del args["ipasudorunasgroupcategory"]
# For all settings is args, check if there are # For all settings is args, check if there are
# different settings in the find result. # different settings in the find result.
# If yes: modify # If yes: modify

8
plugins/modules/ipatopologysegment.py
View File

@@ -132,8 +132,8 @@ def find_left_right(module, suffix, left, right):
"not unique for suffix '%s'" % (left, right, suffix)) "not unique for suffix '%s'" % (left, right, suffix))
elif len(_result["result"]) == 1: elif len(_result["result"]) == 1:
return _result["result"][0] return _result["result"][0]
else:
return None return None
def find_cn(module, suffix, name): def find_cn(module, suffix, name):
@@ -147,8 +147,8 @@ def find_cn(module, suffix, name):
msg="CN '%s' is not unique for suffix '%s'" % (name, suffix)) msg="CN '%s' is not unique for suffix '%s'" % (name, suffix))
elif len(_result["result"]) == 1: elif len(_result["result"]) == 1:
return _result["result"][0] return _result["result"][0]
else:
return None return None
def find_left_right_cn(module, suffix, left, right, name): def find_left_right_cn(module, suffix, left, right, name):

10
plugins/modules/ipatrust.py
View File

@@ -125,8 +125,8 @@ def find_trust(module, realm):
module.fail_json(msg="There is more than one realm '%s'" % (realm)) module.fail_json(msg="There is more than one realm '%s'" % (realm))
elif len(_result["result"]) == 1: elif len(_result["result"]) == 1:
return _result["result"][0] return _result["result"][0]
else:
return None return None
def del_trust(module, realm): def del_trust(module, realm):
@@ -136,6 +136,8 @@ def del_trust(module, realm):
if len(_result["result"]["failed"]) > 0: if len(_result["result"]["failed"]) > 0:
module.fail_json( module.fail_json(
msg="Trust deletion has failed for '%s'" % (realm)) msg="Trust deletion has failed for '%s'" % (realm))
else:
return None
def add_trust(module, realm, args): def add_trust(module, realm, args):
@@ -146,10 +148,12 @@ def add_trust(module, realm, args):
if "cn" not in _result["result"]: if "cn" not in _result["result"]:
module.fail_json( module.fail_json(
msg="Trust add has failed for '%s'" % (realm)) msg="Trust add has failed for '%s'" % (realm))
else:
return None
def gen_args(trust_type, admin, password, server, trust_secret, base_id, def gen_args(trust_type, admin, password, server, trust_secret, base_id,
range_size, _range_type, two_way, external): range_size, range_type, two_way, external):
_args = {} _args = {}
if trust_type is not None: if trust_type is not None:
_args["trust_type"] = trust_type _args["trust_type"] = trust_type

37
plugins/modules/ipauser.py
View File

@@ -512,9 +512,10 @@ def find_user(module, name, preserved=False):
if certs is not None: if certs is not None:
_result["usercertificate"] = [encode_certificate(x) _result["usercertificate"] = [encode_certificate(x)
for x in certs] for x in certs]
return _result
return None return _result
else:
return None
def gen_args(first, last, fullname, displayname, initials, homedir, shell, def gen_args(first, last, fullname, displayname, initials, homedir, shell,
@@ -598,14 +599,17 @@ def gen_args(first, last, fullname, displayname, initials, homedir, shell,
return _args return _args
def check_parameters( # pylint: disable=unused-argument def check_parameters(module, state, action,
module, state, action, first, last, fullname, displayname, initials, first, last, fullname, displayname, initials, homedir,
homedir, shell, email, principal, principalexpiration, shell, email, principal, principalexpiration,
passwordexpiration, password, random, uid, gid, city, phone, mobile, passwordexpiration, password, random, uid, gid, city,
pager, fax, orgunit, title, manager, carlicense, sshpubkey, phone, mobile, pager, fax, orgunit, title, manager,
userauthtype, userclass, radius, radiususer, departmentnumber, carlicense, sshpubkey, userauthtype, userclass, radius,
employeenumber, employeetype, preferredlanguage, certificate, radiususer, departmentnumber, employeenumber,
certmapdata, noprivate, nomembers, preserve, update_password): employeetype, preferredlanguage, certificate,
certmapdata, noprivate, nomembers, preserve,
update_password):
if state == "present": if state == "present":
if action == "member": if action == "member":
invalid = ["first", "last", "fullname", "displayname", "initials", invalid = ["first", "last", "fullname", "displayname", "initials",
@@ -711,7 +715,7 @@ def check_certmapdata(data):
return False return False
i = data.find("<I>", 4) i = data.find("<I>", 4)
s = data.find("<S>", i) # pylint: disable=invalid-name s = data.find("<S>", i)
issuer = data[i+3:s] issuer = data[i+3:s]
subject = data[s+3:] subject = data[s+3:]
@@ -1029,7 +1033,7 @@ def main():
email = extend_emails(email, default_email_domain) email = extend_emails(email, default_email_domain)
elif isinstance(user, (str, unicode)): elif isinstance(user, str) or isinstance(user, unicode):
name = user name = user
else: else:
ansible_module.fail_json(msg="User '%s' is not valid" % ansible_module.fail_json(msg="User '%s' is not valid" %
@@ -1111,13 +1115,8 @@ def main():
# For all settings is args, check if there are # For all settings is args, check if there are
# different settings in the find result. # different settings in the find result.
# If yes: modify # If yes: modify
# The nomembers parameter is added to args for the if not compare_args_ipa(ansible_module, args,
# api command. But no_members is never part of res_find):
# res_find from user-show, therefore this parameter
# needs to be ignored in compare_args_ipa.
if not compare_args_ipa(
ansible_module, args, res_find,
ignore=["no_members"]):
commands.append([name, "user_mod", args]) commands.append([name, "user_mod", args])
else: else:

41
plugins/modules/ipavault.py
View File

@@ -119,7 +119,6 @@ options:
description: Users that are owners of the vault. description: Users that are owners of the vault.
required: false required: false
type: list type: list
aliases: ["ownerusers"]
ownergroups: ownergroups:
description: Groups that are owners of the vault. description: Groups that are owners of the vault.
required: false required: false
@@ -321,8 +320,8 @@ from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils._text import to_text from ansible.module_utils._text import to_text
from ansible.module_utils.ansible_freeipa_module import temp_kinit, \ from ansible.module_utils.ansible_freeipa_module import temp_kinit, \
temp_kdestroy, valid_creds, api_connect, api_command, \ temp_kdestroy, valid_creds, api_connect, api_command, \
gen_add_del_lists, compare_args_ipa, module_params_get, exit_raw_json, \ gen_add_del_lists, compare_args_ipa, module_params_get, exit_raw_json
ipalib_errors from ipalib.errors import EmptyModlist, NotFound
def find_vault(module, name, username, service, shared): def find_vault(module, name, username, service, shared):
@@ -349,9 +348,9 @@ def find_vault(module, name, username, service, shared):
return None return None
def gen_args( def gen_args(description, username, service, shared, vault_type, salt,
description, username, service, shared, vault_type, salt, password, password_file, public_key, public_key_file, vault_data,
public_key, public_key_file): datafile_in, datafile_out):
_args = {} _args = {}
vault_type = vault_type or to_text("symmetric") vault_type = vault_type or to_text("symmetric")
@@ -444,12 +443,12 @@ def data_storage_args(vault_type, args, data, password, password_file,
return _args return _args
def check_parameters( # pylint: disable=unused-argument def check_parameters(module, state, action, description, username, service,
module, state, action, description, username, service, shared, users, shared, users, groups, services, owners, ownergroups,
groups, services, owners, ownergroups, ownerservices, vault_type, salt, ownerservices, vault_type, salt, password, password_file,
password, password_file, public_key, public_key_file, private_key, public_key, public_key_file, private_key,
private_key_file, vault_data, datafile_in, datafile_out, new_password, private_key_file, vault_data, datafile_in, datafile_out,
new_password_file): new_password, new_password_file):
invalid = [] invalid = []
if state == "present": if state == "present":
invalid = ['datafile_out'] invalid = ['datafile_out']
@@ -492,11 +491,11 @@ def check_parameters( # pylint: disable=unused-argument
"action '%s'" % (arg, state, action)) "action '%s'" % (arg, state, action))
def check_encryption_params( # pylint: disable=unused-argument def check_encryption_params(module, state, action, vault_type, salt,
module, state, action, vault_type, salt, password, password_file, password, password_file, public_key,
public_key, public_key_file, private_key, private_key_file, vault_data, public_key_file, private_key, private_key_file,
datafile_in, datafile_out, new_password, new_password_file, res_find): vault_data, datafile_in, datafile_out,
"""Check parameters used for (de)vault data encryption.""" new_password, new_password_file, res_find):
vault_type_invalid = [] vault_type_invalid = []
existing_type = None existing_type = None
@@ -580,7 +579,7 @@ def get_stored_data(module, res_find, args):
# retrieve vault stored data # retrieve vault stored data
try: try:
result = api_command(module, 'vault_retrieve', name, pwdargs) result = api_command(module, 'vault_retrieve', name, pwdargs)
except ipalib_errors.NotFound: except NotFound:
return None return None
return result['result'].get('data') return result['result'].get('data')
@@ -758,7 +757,9 @@ def main():
# Generate args # Generate args
args = gen_args(description, username, service, shared, vault_type, args = gen_args(description, username, service, shared, vault_type,
salt, public_key, public_key_file) salt, password, password_file, public_key,
public_key_file, vault_data, datafile_in,
datafile_out)
pwdargs = None pwdargs = None
# Create command # Create command
@@ -990,7 +991,7 @@ def main():
changed = True changed = True
else: else:
changed = True changed = True
except ipalib_errors.EmptyModlist: except EmptyModlist:
result = {} result = {}
except Exception as exception: except Exception as exception:
ansible_module.fail_json( ansible_module.fail_json(

1
requirements.txt
View File

@@ -0,0 +1 @@
ansible>=2.8.0

69
roles/ipabackup/library/ipabackup_get_backup_dir.py
View File

@@ -1,69 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
# Thomas Woerner <twoerner@redhat.com>
#
# Copyright (C) 2021 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
ANSIBLE_METADATA = {
'metadata_version': '1.0',
'supported_by': 'community',
'status': ['preview'],
}
DOCUMENTATION = '''
---
module: ipabackup_get_backup_dir
short description:
Get IPA_BACKUP_DIR from ipaplatform
description:
Get IPA_BACKUP_DIR from ipaplatform
options:
author:
- Thomas Woerner
'''
EXAMPLES = '''
# Get IPA_BACKUP_DIR from ipaplatform
- name: ipabackup_get_backup_dir:
register result
'''
RETURN = '''
backup_dir:
description: IPA_BACKUP_DIR from ipaplatform
returned: always
type: str
'''
from ansible.module_utils.basic import AnsibleModule
from ipaplatform.paths import paths
def main():
module = AnsibleModule(
argument_spec=dict(),
supports_check_mode=True,
)
module.exit_json(changed=False,
backup_dir=paths.IPA_BACKUP_DIR)
if __name__ == '__main__':
main()

12
roles/ipabackup/tasks/get_ipabackup_dir.yml
View File

@@ -1,8 +1,12 @@
--- ---
- name: Get IPA_BACKUP_DIR from ipaplatform - name: Get IPA_BACKUP_DIR dir from ipaplatform
ipabackup_get_backup_dir: command: "{{ ansible_python_interpreter | default('/usr/bin/python') }}"
register: result_ipabackup_get_backup_dir args:
stdin: |
from ipaplatform.paths import paths
print(paths.IPA_BACKUP_DIR)
register: result_ipaplatform_backup_dir
- name: Set IPA backup dir - name: Set IPA backup dir
set_fact: set_fact:
ipabackup_dir: "{{ result_ipabackup_get_backup_dir.backup_dir }}" ipabackup_dir: "{{ result_ipaplatform_backup_dir.stdout_lines | first }}"

9
roles/ipaclient/library/ipaclient_get_facts.py
View File

@@ -1,15 +1,6 @@
#!/usr/bin/python #!/usr/bin/python
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
DOCUMENTATION = """
---
module: ipaclient_get_facts
short description: Get facts about IPA client and server configuration.
description: Get facts about IPA client and server configuration.
author:
- Thomas Woerner
"""
import os import os
import re import re
import six import six

6
roles/ipaclient/library/ipaclient_test.py
View File

@@ -180,9 +180,9 @@ ntp_servers:
type: list type: list
sample: ["ntp.example.com"] sample: ["ntp.example.com"]
ipa_python_version: ipa_python_version:
description: > description:
The IPA python version as a number: - The IPA python version as a number:
<major version>*10000+<minor version>*100+<release> - <major version>*10000+<minor version>*100+<release>
returned: always returned: always
type: int type: int
sample: 040400 sample: 040400

453
roles/ipaclient/module_utils/ansible_ipa_client.py
View File

@@ -45,244 +45,229 @@ __all__ = ["gssapi", "version", "ipadiscovery", "api", "errors", "x509",
"configure_firefox", "sync_time", "check_ldap_conf", "configure_firefox", "sync_time", "check_ldap_conf",
"sssd_enable_ifp"] "sssd_enable_ifp"]
import sys from ipapython.version import NUM_VERSION, VERSION
# HACK: workaround for Ansible 2.9 if NUM_VERSION < 30201:
# https://github.com/ansible/ansible/issues/68361 # See ipapython/version.py
if 'ansible.executor' in sys.modules: IPA_MAJOR, IPA_MINOR, IPA_RELEASE = [int(x) for x in VERSION.split(".", 2)]
for attr in __all__: IPA_PYTHON_VERSION = IPA_MAJOR*10000 + IPA_MINOR*100 + IPA_RELEASE
setattr(sys.modules[__name__], attr, None) else:
IPA_PYTHON_VERSION = NUM_VERSION
class installer_obj(object):
def __init__(self):
pass
def set_logger(self, logger):
self.logger = logger
# def __getattribute__(self, attr):
# value = super(installer_obj, self).__getattribute__(attr)
# if not attr.startswith("--") and not attr.endswith("--"):
# logger.debug(
# " <-- Accessing installer.%s (%s)" % (attr, repr(value)))
# return value
# def __getattr__(self, attr):
# # logger.info(" --> ADDING missing installer.%s" % attr)
# self.logger.warn(" --> ADDING missing installer.%s" % attr)
# setattr(self, attr, None)
# return getattr(self, attr)
# def __setattr__(self, attr, value):
# logger.debug(" --> Setting installer.%s to %s" % (attr, repr(value)))
# return super(installer_obj, self).__setattr__(attr, value)
def knobs(self):
for name in self.__dict__:
yield self, name
# Initialize installer settings
installer = installer_obj()
# Create options
options = installer
options.interactive = False
options.unattended = not options.interactive
if NUM_VERSION >= 40400:
# IPA version >= 4.4
import sys
import inspect
import gssapi
import logging
from ipapython import version
try:
from ipaclient.install import ipadiscovery
except ImportError:
from ipaclient import ipadiscovery
from ipalib import api, errors, x509
from ipalib import constants
try:
from ipalib import sysrestore
except ImportError:
try:
from ipalib.install import sysrestore
except ImportError:
from ipapython import sysrestore
try:
from ipalib.install import certmonger
except ImportError:
from ipapython import certmonger
try:
from ipalib.install import certstore
except ImportError:
from ipalib import certstore
from ipalib.rpc import delete_persistent_client_session_data
from ipapython import certdb, ipautil
from ipapython.admintool import ScriptError
from ipapython.ipautil import CheckedIPAddress
from ipalib.util import validate_domain_name, normalize_hostname, \
validate_hostname
from ipaplatform import services
from ipaplatform.paths import paths
from ipaplatform.tasks import tasks
try:
from cryptography.hazmat.primitives import serialization
except ImportError:
serialization = None
from ipapython.ipautil import CalledProcessError, write_tmp_file, \
ipa_generate_password
from ipapython.dn import DN
try:
from ipalib.install.kinit import kinit_keytab, kinit_password
except ImportError:
from ipapython.ipautil import kinit_keytab, kinit_password
from ipapython.ipa_log_manager import standard_logging_setup
from gssapi.exceptions import GSSError
try:
from ipaclient.install.client import configure_krb5_conf, \
get_ca_certs, SECURE_PATH, get_server_connection_interface, \
disable_ra, client_dns, \
configure_certmonger, update_ssh_keys, configure_openldap_conf, \
hardcode_ldap_server, get_certs_from_ldap, save_state, \
create_ipa_nssdb, configure_ssh_config, configure_sshd_config, \
configure_automount, configure_firefox, configure_nisdomain, \
CLIENT_INSTALL_ERROR, is_ipa_client_installed, \
CLIENT_ALREADY_CONFIGURED, nssldap_exists, remove_file, \
check_ip_addresses, print_port_conf_info, configure_ipa_conf, \
purge_host_keytab, configure_sssd_conf, configure_ldap_conf, \
configure_nslcd_conf, nosssd_files
get_ca_cert = None
except ImportError:
# Create temporary copy of ipa-client-install script (as
# ipa_client_install.py) to be able to import the script easily
# and also to remove the global finally clause in which the
# generated ccache file gets removed. The ccache file will be
# needed in the next step.
# This is done in a temporary directory that gets removed right
# after ipa_client_install has been imported.
import shutil
import tempfile
temp_dir = tempfile.mkdtemp(dir="/tmp")
sys.path.append(temp_dir)
temp_file = "%s/ipa_client_install.py" % temp_dir
with open("/usr/sbin/ipa-client-install", "r") as f_in:
with open(temp_file, "w") as f_out:
for line in f_in:
if line.startswith("finally:"):
break
f_out.write(line)
import ipa_client_install
shutil.rmtree(temp_dir, ignore_errors=True)
sys.path.remove(temp_dir)
argspec = inspect.getargspec(ipa_client_install.configure_krb5_conf)
if argspec.keywords is None:
def configure_krb5_conf(
cli_realm, cli_domain, cli_server, cli_kdc, dnsok,
filename, client_domain, client_hostname, force=False,
configure_sssd=True):
global options
options.force = force
options.sssd = configure_sssd
return ipa_client_install.configure_krb5_conf(
cli_realm, cli_domain, cli_server, cli_kdc, dnsok, options,
filename, client_domain, client_hostname)
else:
configure_krb5_conf = ipa_client_install.configure_krb5_conf
if NUM_VERSION < 40100:
get_ca_cert = ipa_client_install.get_ca_cert
get_ca_certs = None
else:
get_ca_cert = None
get_ca_certs = ipa_client_install.get_ca_certs
SECURE_PATH = ("/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:"
"/usr/bin:/usr/sbin")
get_server_connection_interface = \
ipa_client_install.get_server_connection_interface
disable_ra = ipa_client_install.disable_ra
client_dns = ipa_client_install.client_dns
configure_certmonger = ipa_client_install.configure_certmonger
update_ssh_keys = ipa_client_install.update_ssh_keys
configure_openldap_conf = ipa_client_install.configure_openldap_conf
hardcode_ldap_server = ipa_client_install.hardcode_ldap_server
get_certs_from_ldap = ipa_client_install.get_certs_from_ldap
save_state = ipa_client_install.save_state
create_ipa_nssdb = certdb.create_ipa_nssdb
argspec = inspect.getargspec(ipa_client_install.configure_nisdomain)
if len(argspec.args) == 3:
configure_nisdomain = ipa_client_install.configure_nisdomain
else:
def configure_nisdomain(options, domain, statestore=None):
return ipa_client_install.configure_nisdomain(options, domain)
configure_ldap_conf = ipa_client_install.configure_ldap_conf
configure_nslcd_conf = ipa_client_install.configure_nslcd_conf
nosssd_files = ipa_client_install.nosssd_files
configure_ssh_config = ipa_client_install.configure_ssh_config
configure_sshd_config = ipa_client_install.configure_sshd_config
configure_automount = ipa_client_install.configure_automount
configure_firefox = ipa_client_install.configure_firefox
from ipapython.ipautil import realm_to_suffix, run
try:
from ipaclient.install import timeconf
time_service = "chronyd"
except ImportError:
try:
from ipaclient.install import ntpconf as timeconf
except ImportError:
from ipaclient import ntpconf as timeconf
time_service = "ntpd"
try:
from ipaclient.install.client import sync_time
except ImportError:
sync_time = None
try:
from ipaclient.install.client import check_ldap_conf
except ImportError:
check_ldap_conf = None
try:
from ipaclient.install.client import sssd_enable_ifp
except ImportError:
sssd_enable_ifp = None
logger = logging.getLogger("ipa-client-install")
root_logger = logger
else: else:
from ipapython.version import NUM_VERSION, VERSION # IPA version < 4.4
if NUM_VERSION < 30201: raise Exception("freeipa version '%s' is too old" % VERSION)
# See ipapython/version.py
IPA_MAJOR, IPA_MINOR, IPA_RELEASE = [int(x) for x in
VERSION.split(".", 2)]
IPA_PYTHON_VERSION = IPA_MAJOR*10000 + IPA_MINOR*100 + IPA_RELEASE
else:
IPA_PYTHON_VERSION = NUM_VERSION
class installer_obj(object):
def __init__(self):
pass
def set_logger(self, logger):
self.logger = logger
# def __getattribute__(self, attr):
# value = super(installer_obj, self).__getattribute__(attr)
# if not attr.startswith("--") and not attr.endswith("--"):
# logger.debug(
# " <-- Accessing installer.%s (%s)" % (attr, repr(value)))
# return value
# def __getattr__(self, attr):
# # logger.info(" --> ADDING missing installer.%s" % attr)
# self.logger.warn(" --> ADDING missing installer.%s" % attr)
# setattr(self, attr, None)
# return getattr(self, attr)
# def __setattr__(self, attr, value):
# logger.debug(" --> Setting installer.%s to %s" %
# (attr, repr(value)))
# return super(installer_obj, self).__setattr__(attr, value)
def knobs(self):
for name in self.__dict__:
yield self, name
# Initialize installer settings
installer = installer_obj()
# Create options
options = installer
options.interactive = False
options.unattended = not options.interactive
if NUM_VERSION >= 40400:
# IPA version >= 4.4
import sys
import inspect
import gssapi
import logging
from ipapython import version
try:
from ipaclient.install import ipadiscovery
except ImportError:
from ipaclient import ipadiscovery
from ipalib import api, errors, x509
from ipalib import constants
try:
from ipalib import sysrestore
except ImportError:
try:
from ipalib.install import sysrestore
except ImportError:
from ipapython import sysrestore
try:
from ipalib.install import certmonger
except ImportError:
from ipapython import certmonger
try:
from ipalib.install import certstore
except ImportError:
from ipalib import certstore
from ipalib.rpc import delete_persistent_client_session_data
from ipapython import certdb, ipautil
from ipapython.admintool import ScriptError
from ipapython.ipautil import CheckedIPAddress
from ipalib.util import validate_domain_name, normalize_hostname, \
validate_hostname
from ipaplatform import services
from ipaplatform.paths import paths
from ipaplatform.tasks import tasks
try:
from cryptography.hazmat.primitives import serialization
except ImportError:
serialization = None
from ipapython.ipautil import CalledProcessError, write_tmp_file, \
ipa_generate_password
from ipapython.dn import DN
try:
from ipalib.install.kinit import kinit_keytab, kinit_password
except ImportError:
from ipapython.ipautil import kinit_keytab, kinit_password
from ipapython.ipa_log_manager import standard_logging_setup
from gssapi.exceptions import GSSError
try:
from ipaclient.install.client import configure_krb5_conf, \
get_ca_certs, SECURE_PATH, get_server_connection_interface, \
disable_ra, client_dns, \
configure_certmonger, update_ssh_keys, \
configure_openldap_conf, \
hardcode_ldap_server, get_certs_from_ldap, save_state, \
create_ipa_nssdb, configure_ssh_config, \
configure_sshd_config, \
configure_automount, configure_firefox, configure_nisdomain, \
CLIENT_INSTALL_ERROR, is_ipa_client_installed, \
CLIENT_ALREADY_CONFIGURED, nssldap_exists, remove_file, \
check_ip_addresses, print_port_conf_info, configure_ipa_conf, \
purge_host_keytab, configure_sssd_conf, configure_ldap_conf, \
configure_nslcd_conf, nosssd_files
get_ca_cert = None
except ImportError:
# Create temporary copy of ipa-client-install script (as
# ipa_client_install.py) to be able to import the script easily
# and also to remove the global finally clause in which the
# generated ccache file gets removed. The ccache file will be
# needed in the next step.
# This is done in a temporary directory that gets removed right
# after ipa_client_install has been imported.
import shutil
import tempfile
temp_dir = tempfile.mkdtemp(dir="/tmp")
sys.path.append(temp_dir)
temp_file = "%s/ipa_client_install.py" % temp_dir
with open("/usr/sbin/ipa-client-install", "r") as f_in:
with open(temp_file, "w") as f_out:
for line in f_in:
if line.startswith("finally:"):
break
f_out.write(line)
import ipa_client_install
shutil.rmtree(temp_dir, ignore_errors=True)
sys.path.remove(temp_dir)
argspec = inspect.getargspec(
ipa_client_install.configure_krb5_conf)
if argspec.keywords is None:
def configure_krb5_conf(
cli_realm, cli_domain, cli_server, cli_kdc, dnsok,
filename, client_domain, client_hostname, force=False,
configure_sssd=True):
global options
options.force = force
options.sssd = configure_sssd
return ipa_client_install.configure_krb5_conf(
cli_realm, cli_domain, cli_server, cli_kdc, dnsok,
options, filename, client_domain, client_hostname)
else:
configure_krb5_conf = ipa_client_install.configure_krb5_conf
if NUM_VERSION < 40100:
get_ca_cert = ipa_client_install.get_ca_cert
get_ca_certs = None
else:
get_ca_cert = None
get_ca_certs = ipa_client_install.get_ca_certs
SECURE_PATH = ("/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:"
"/usr/bin:/usr/sbin")
get_server_connection_interface = \
ipa_client_install.get_server_connection_interface
disable_ra = ipa_client_install.disable_ra
client_dns = ipa_client_install.client_dns
configure_certmonger = ipa_client_install.configure_certmonger
update_ssh_keys = ipa_client_install.update_ssh_keys
configure_openldap_conf = \
ipa_client_install.configure_openldap_conf
hardcode_ldap_server = ipa_client_install.hardcode_ldap_server
get_certs_from_ldap = ipa_client_install.get_certs_from_ldap
save_state = ipa_client_install.save_state
create_ipa_nssdb = certdb.create_ipa_nssdb
argspec = \
inspect.getargspec(ipa_client_install.configure_nisdomain)
if len(argspec.args) == 3:
configure_nisdomain = ipa_client_install.configure_nisdomain
else:
def configure_nisdomain(options, domain, statestore=None):
return ipa_client_install.configure_nisdomain(options,
domain)
configure_ldap_conf = ipa_client_install.configure_ldap_conf
configure_nslcd_conf = ipa_client_install.configure_nslcd_conf
nosssd_files = ipa_client_install.nosssd_files
configure_ssh_config = ipa_client_install.configure_ssh_config
configure_sshd_config = ipa_client_install.configure_sshd_config
configure_automount = ipa_client_install.configure_automount
configure_firefox = ipa_client_install.configure_firefox
from ipapython.ipautil import realm_to_suffix, run
try:
from ipaclient.install import timeconf
time_service = "chronyd"
except ImportError:
try:
from ipaclient.install import ntpconf as timeconf
except ImportError:
from ipaclient import ntpconf as timeconf
time_service = "ntpd"
try:
from ipaclient.install.client import sync_time
except ImportError:
sync_time = None
try:
from ipaclient.install.client import check_ldap_conf
except ImportError:
check_ldap_conf = None
try:
from ipaclient.install.client import sssd_enable_ifp
except ImportError:
sssd_enable_ifp = None
logger = logging.getLogger("ipa-client-install")
root_logger = logger
else:
# IPA version < 4.4
raise Exception("freeipa version '%s' is too old" % VERSION)
def setup_logging(): def setup_logging():

642
roles/ipareplica/module_utils/ansible_ipa_replica.py
View File

@@ -46,383 +46,379 @@ __all__ = ["contextlib", "dnsexception", "dnsresolver", "dnsreversename",
"dnsname", "kernel_keyring", "krbinstance"] "dnsname", "kernel_keyring", "krbinstance"]
import sys import sys
import logging
from contextlib import contextmanager as contextlib_contextmanager
# HACK: workaround for Ansible 2.9
# https://github.com/ansible/ansible/issues/68361 from ipapython.version import NUM_VERSION, VERSION
if 'ansible.executor' in sys.modules:
for attr in __all__: if NUM_VERSION < 30201:
setattr(sys.modules[__name__], attr, None) # See ipapython/version.py
IPA_MAJOR, IPA_MINOR, IPA_RELEASE = [int(x) for x in VERSION.split(".", 2)]
IPA_PYTHON_VERSION = IPA_MAJOR*10000 + IPA_MINOR*100 + IPA_RELEASE
else: else:
import logging IPA_PYTHON_VERSION = NUM_VERSION
from contextlib import contextmanager as contextlib_contextmanager
from ipapython.version import NUM_VERSION, VERSION
if NUM_VERSION < 30201: if NUM_VERSION >= 40600:
# See ipapython/version.py # IPA version >= 4.6
IPA_MAJOR, IPA_MINOR, IPA_RELEASE = [int(x) for x in
VERSION.split(".", 2)]
IPA_PYTHON_VERSION = IPA_MAJOR*10000 + IPA_MINOR*100 + IPA_RELEASE
else:
IPA_PYTHON_VERSION = NUM_VERSION
if NUM_VERSION >= 40600: import contextlib
# IPA version >= 4.6
import contextlib import dns.exception as dnsexception
import dns.name as dnsname
import dns.resolver as dnsresolver
import dns.reversename as dnsreversename
import dns.exception as dnsexception from pkg_resources import parse_version
import dns.name as dnsname
import dns.resolver as dnsresolver
import dns.reversename as dnsreversename
from pkg_resources import parse_version from ipaclient.install.ipachangeconf import IPAChangeConf
from ipalib.install import certstore, sysrestore
from ipapython.ipautil import ipa_generate_password
from ipalib.install.kinit import kinit_keytab
from ipapython import ipaldap, ipautil, kernel_keyring
from ipapython.certdb import IPA_CA_TRUST_FLAGS, EXTERNAL_CA_TRUST_FLAGS
from ipapython.dn import DN
from ipapython.admintool import ScriptError
from ipapython.ipa_log_manager import standard_logging_setup
from ipaplatform import services
from ipaplatform.tasks import tasks
from ipaplatform.paths import paths
from ipalib import api, constants, create_api, errors, rpc, x509
from ipalib.config import Env
from ipalib.util import (
validate_domain_name,
no_matching_interface_for_ip_address_warning)
from ipaclient.install.client import configure_krb5_conf, purge_host_keytab
from ipaserver.install import (
adtrust, bindinstance, ca, certs, dns, dsinstance, httpinstance,
installutils, kra, krbinstance,
otpdinstance, custodiainstance, service, upgradeinstance)
try:
from ipaserver.masters import (
find_providing_servers, find_providing_server)
except ImportError:
from ipaserver.install.service import (
find_providing_servers, find_providing_server)
from ipaserver.install.installutils import (
ReplicaConfig, load_pkcs12)
try:
from ipalib.facts import is_ipa_configured
except ImportError:
from ipaserver.install.installutils import is_ipa_configured
from ipaserver.install.replication import (
ReplicationManager, replica_conn_check)
from ipaserver.install.server.replicainstall import (
make_pkcs12_info, install_replica_ds, install_krb, install_ca_cert,
install_http, install_dns_records, create_ipa_conf, check_dirsrv,
check_dns_resolution, configure_certmonger, remove_replica_info_dir,
# common_cleanup,
preserve_enrollment_state, uninstall_client,
promote_sssd, promote_openldap_conf, rpc_client,
check_remote_fips_mode, check_remote_version, common_check,
current_domain_level, check_domain_level_is_supported,
# enroll_dl0_replica,
# ensure_enrolled,
promotion_check_ipa_domain
)
import SSSDConfig
from subprocess import CalledProcessError
from ipaclient.install.ipachangeconf import IPAChangeConf try:
from ipalib.install import certstore, sysrestore from ipaclient.install import timeconf
from ipapython.ipautil import ipa_generate_password time_service = "chronyd"
from ipalib.install.kinit import kinit_keytab ntpinstance = None
from ipapython import ipaldap, ipautil, kernel_keyring except ImportError:
from ipapython.certdb import IPA_CA_TRUST_FLAGS, \
EXTERNAL_CA_TRUST_FLAGS
from ipapython.dn import DN
from ipapython.admintool import ScriptError
from ipapython.ipa_log_manager import standard_logging_setup
from ipaplatform import services
from ipaplatform.tasks import tasks
from ipaplatform.paths import paths
from ipalib import api, constants, create_api, errors, rpc, x509
from ipalib.config import Env
from ipalib.util import (
validate_domain_name,
no_matching_interface_for_ip_address_warning)
from ipaclient.install.client import configure_krb5_conf, \
purge_host_keytab
from ipaserver.install import (
adtrust, bindinstance, ca, certs, dns, dsinstance, httpinstance,
installutils, kra, krbinstance,
otpdinstance, custodiainstance, service, upgradeinstance)
try: try:
from ipaserver.masters import ( from ipaclient.install import ntpconf as timeconf
find_providing_servers, find_providing_server)
except ImportError: except ImportError:
from ipaserver.install.service import ( from ipaclient import ntpconf as timeconf
find_providing_servers, find_providing_server) from ipaserver.install import ntpinstance
from ipaserver.install.installutils import ( time_service = "ntpd"
ReplicaConfig, load_pkcs12)
try:
from ipalib.facts import is_ipa_configured
except ImportError:
from ipaserver.install.installutils import is_ipa_configured
from ipaserver.install.replication import (
ReplicationManager, replica_conn_check)
from ipaserver.install.server.replicainstall import (
make_pkcs12_info, install_replica_ds, install_krb, install_ca_cert,
install_http, install_dns_records, create_ipa_conf, check_dirsrv,
check_dns_resolution, configure_certmonger,
remove_replica_info_dir,
# common_cleanup,
preserve_enrollment_state, uninstall_client,
promote_sssd, promote_openldap_conf, rpc_client,
check_remote_fips_mode, check_remote_version, common_check,
current_domain_level, check_domain_level_is_supported,
# enroll_dl0_replica,
# ensure_enrolled,
promotion_check_ipa_domain
)
import SSSDConfig
from subprocess import CalledProcessError
try:
from ipaclient.install import timeconf
time_service = "chronyd"
ntpinstance = None
except ImportError:
try:
from ipaclient.install import ntpconf as timeconf
except ImportError:
from ipaclient import ntpconf as timeconf
from ipaserver.install import ntpinstance
time_service = "ntpd"
else: else:
# IPA version < 4.6 # IPA version < 4.6
raise Exception("freeipa version '%s' is too old" % VERSION) raise Exception("freeipa version '%s' is too old" % VERSION)
logger = logging.getLogger("ipa-server-install")
def setup_logging(): logger = logging.getLogger("ipa-server-install")
# logger.setLevel(logging.DEBUG)
standard_logging_setup(
paths.IPAREPLICA_INSTALL_LOG, verbose=False, debug=False,
filemode='a', console_format='%(message)s')
@contextlib_contextmanager
def redirect_stdout(f):
sys.stdout = f
try:
yield f
finally:
sys.stdout = sys.__stdout__
class AnsibleModuleLog(): def setup_logging():
def __init__(self, module): # logger.setLevel(logging.DEBUG)
self.module = module standard_logging_setup(
_ansible_module_log = self paths.IPAREPLICA_INSTALL_LOG, verbose=False, debug=False,
filemode='a', console_format='%(message)s')
class AnsibleLoggingHandler(logging.Handler):
def emit(self, record):
_ansible_module_log.write(self.format(record))
self.logging_handler = AnsibleLoggingHandler() @contextlib_contextmanager
logger.setLevel(logging.DEBUG) def redirect_stdout(f):
logger.root.addHandler(self.logging_handler) sys.stdout = f
try:
yield f
finally:
sys.stdout = sys.__stdout__
def close(self):
self.flush()
def flush(self): class AnsibleModuleLog():
pass def __init__(self, module):
self.module = module
_ansible_module_log = self
def log(self, msg): class AnsibleLoggingHandler(logging.Handler):
# self.write(msg+"\n") def emit(self, record):
self.write(msg) _ansible_module_log.write(self.format(record))
def debug(self, msg): self.logging_handler = AnsibleLoggingHandler()
self.module.debug(msg) logger.setLevel(logging.DEBUG)
logger.root.addHandler(self.logging_handler)
def info(self, msg): def close(self):
self.module.debug(msg) self.flush()
def write(self, msg): def flush(self):
self.module.debug(msg) pass
# self.module.warn(msg)
class installer_obj(object): def log(self, msg):
def __init__(self): # self.write(msg+"\n")
# CompatServerReplicaInstall self.write(msg)
self.ca_cert_files = None
self.all_ip_addresses = False def debug(self, msg):
self.no_wait_for_dns = True self.module.debug(msg)
self.nisdomain = None
self.no_nisdomain = False def info(self, msg):
self.no_sudo = False self.module.debug(msg)
self.request_cert = False
self.ca_file = None def write(self, msg):
self.zonemgr = None self.module.debug(msg)
self.replica_file = None # self.module.warn(msg)
# ServerReplicaInstall
self.subject_base = None
self.ca_subject = None class installer_obj(object):
# others def __init__(self):
self._ccache = None # CompatServerReplicaInstall
self.password = None self.ca_cert_files = None
self.reverse_zones = [] self.all_ip_addresses = False
# def _is_promote(self): self.no_wait_for_dns = True
# return self.replica_file is None self.nisdomain = None
# self.skip_conncheck = False self.no_nisdomain = False
self._replica_install = False self.no_sudo = False
# self.dnssec_master = False # future unknown self.request_cert = False
# self.disable_dnssec_master = False # future unknown self.ca_file = None
# self.domainlevel = MAX_DOMAIN_LEVEL # deprecated self.zonemgr = None
# self.domain_level = self.domainlevel # deprecated self.replica_file = None
self.interactive = False # ServerReplicaInstall
self.unattended = not self.interactive self.subject_base = None
# self.promote = self.replica_file is None self.ca_subject = None
self.promote = True # others
self.skip_schema_check = None self._ccache = None
self.password = None
self.reverse_zones = []
# def _is_promote(self):
# return self.replica_file is None
# self.skip_conncheck = False
self._replica_install = False
# self.dnssec_master = False # future unknown
# self.disable_dnssec_master = False # future unknown
# self.domainlevel = MAX_DOMAIN_LEVEL # deprecated
# self.domain_level = self.domainlevel # deprecated
self.interactive = False
self.unattended = not self.interactive
# self.promote = self.replica_file is None
self.promote = True
self.skip_schema_check = None
# def __getattribute__(self, attr):
# value = super(installer_obj, self).__getattribute__(attr)
# if not attr.startswith("--") and not attr.endswith("--"):
# logger.debug(
# " <-- Accessing installer.%s (%s)" % (attr, repr(value)))
# return value
def __getattr__(self, attr):
logger.info(" --> ADDING missing installer.%s", attr)
setattr(self, attr, None)
return getattr(self, attr)
# def __setattr__(self, attr, value):
# logger.debug(" --> Setting installer.%s to %s" % (attr, repr(value)))
# return super(installer_obj, self).__setattr__(attr, value)
def knobs(self):
for name in self.__dict__:
yield self, name
installer = installer_obj()
options = installer
# DNSInstallInterface
options.dnssec_master = False
options.disable_dnssec_master = False
options.kasp_db_file = None
options.force = False
# ServerMasterInstall
options.add_sids = False
options.add_agents = False
# ServerReplicaInstall
options.subject_base = None
options.ca_subject = None
def gen_env_boostrap_finalize_core(etc_ipa, default_config):
env = Env()
# env._bootstrap(context='installer', confdir=paths.ETC_IPA, log=None)
# env._finalize_core(**dict(constants.DEFAULT_CONFIG))
env._bootstrap(context='installer', confdir=etc_ipa, log=None)
env._finalize_core(**dict(default_config))
return env
def api_bootstrap_finalize(env):
# pylint: disable=no-member
xmlrpc_uri = 'https://{}/ipa/xml'.format(ipautil.format_netloc(env.host))
api.bootstrap(in_server=True,
context='installer',
confdir=paths.ETC_IPA,
ldap_uri=installutils.realm_to_ldapi_uri(env.realm),
xmlrpc_uri=xmlrpc_uri)
# pylint: enable=no-member
api.finalize()
def gen_ReplicaConfig():
class ExtendedReplicaConfig(ReplicaConfig):
def __init__(self, top_dir=None):
super(ExtendedReplicaConfig, self).__init__(top_dir)
# def __getattribute__(self, attr): # def __getattribute__(self, attr):
# value = super(installer_obj, self).__getattribute__(attr) # value = super(ExtendedReplicaConfig, self).__getattribute__(attr)
# if not attr.startswith("--") and not attr.endswith("--"): # if attr not in ["__dict__", "knobs"]:
# logger.debug( # logger.debug(" <== Accessing config.%s (%s)" %
# " <-- Accessing installer.%s (%s)" % # (attr, repr(value)))
# (attr, repr(value))) # return value
# return value
def __getattr__(self, attr): def __getattr__(self, attr):
logger.info(" --> ADDING missing installer.%s", attr) logger.info(" ==> ADDING missing config.%s", attr)
setattr(self, attr, None) setattr(self, attr, None)
return getattr(self, attr) return getattr(self, attr)
# def __setattr__(self, attr, value): # def __setattr__(self, attr, value):
# logger.debug(" --> Setting installer.%s to %s" % # logger.debug(" ==> Setting config.%s to %s" % (attr, repr(value)))
# (attr, repr(value))) # return super(ExtendedReplicaConfig, self).__setattr__(attr, value)
# return super(installer_obj, self).__setattr__(attr, value)
def knobs(self): def knobs(self):
for name in self.__dict__: for name in self.__dict__:
yield self, name yield self, name
installer = installer_obj() # config = ReplicaConfig()
options = installer config = ExtendedReplicaConfig()
config.realm_name = api.env.realm
config.host_name = api.env.host
config.domain_name = api.env.domain
config.master_host_name = api.env.server
config.ca_host_name = api.env.ca_host
config.kra_host_name = config.ca_host_name
config.ca_ds_port = 389
config.setup_ca = options.setup_ca
config.setup_kra = options.setup_kra
config.dir = options._top_dir
config.basedn = api.env.basedn
# config.subject_base = options.subject_base
# DNSInstallInterface return config
options.dnssec_master = False
options.disable_dnssec_master = False
options.kasp_db_file = None
options.force = False
# ServerMasterInstall
options.add_sids = False
options.add_agents = False
# ServerReplicaInstall def replica_ds_init_info(ansible_log,
options.subject_base = None config, options, ca_is_configured, remote_api,
options.ca_subject = None ds_ca_subject, ca_file,
promote=False, pkcs12_info=None):
def gen_env_boostrap_finalize_core(etc_ipa, default_config): dsinstance.check_ports()
env = Env()
# env._bootstrap(context='installer', confdir=paths.ETC_IPA, log=None)
# env._finalize_core(**dict(constants.DEFAULT_CONFIG))
env._bootstrap(context='installer', confdir=etc_ipa, log=None)
env._finalize_core(**dict(default_config))
return env
def api_bootstrap_finalize(env): # if we have a pkcs12 file, create the cert db from
# pylint: disable=no-member # that. Otherwise the ds setup will create the CA
xmlrpc_uri = \ # cert
'https://{}/ipa/xml'.format(ipautil.format_netloc(env.host)) if pkcs12_info is None:
api.bootstrap(in_server=True, pkcs12_info = make_pkcs12_info(config.dir, "dscert.p12",
context='installer', "dirsrv_pin.txt")
confdir=paths.ETC_IPA,
ldap_uri=installutils.realm_to_ldapi_uri(env.realm),
xmlrpc_uri=xmlrpc_uri)
# pylint: enable=no-member
api.finalize()
def gen_ReplicaConfig(): # during replica install, this gets invoked before local DS is
class ExtendedReplicaConfig(ReplicaConfig): # available, so use the remote api.
def __init__(self, top_dir=None): # if ca_is_configured:
super(ExtendedReplicaConfig, self).__init__(top_dir) # ca_subject = ca.lookup_ca_subject(_api, config.subject_base)
# else:
# ca_subject = installutils.default_ca_subject_dn(config.subject_base)
ca_subject = ds_ca_subject
# def __getattribute__(self, attr): ds = dsinstance.DsInstance(
# value = super(ExtendedReplicaConfig, self).__getattribute__( config_ldif=options.dirsrv_config_file)
# attr) ds.set_output(ansible_log)
# if attr not in ["__dict__", "knobs"]:
# logger.debug(" <== Accessing config.%s (%s)" %
# (attr, repr(value)))
# return value
def __getattr__(self, attr): # Source: ipaserver/install/dsinstance.py
logger.info(" ==> ADDING missing config.%s", attr)
setattr(self, attr, None)
return getattr(self, attr)
# def __setattr__(self, attr, value): # idstart and idmax are configured so that the range is seen as
# logger.debug(" ==> Setting config.%s to %s" % # depleted by the DNA plugin and the replica will go and get a
# (attr, repr(value))) # new range from the master.
# return super(ExtendedReplicaConfig, self).__setattr__(attr, # This way all servers use the initially defined range by default.
# value) idstart = 1101
idmax = 1100
def knobs(self): with redirect_stdout(ansible_log):
for name in self.__dict__: ds.init_info(
yield self, name realm_name=config.realm_name,
fqdn=config.host_name,
domain_name=config.domain_name,
dm_password=config.dirman_password,
subject_base=config.subject_base,
ca_subject=ca_subject,
idstart=idstart,
idmax=idmax,
pkcs12_info=pkcs12_info,
ca_file=ca_file,
setup_pkinit=not options.no_pkinit,
)
ds.master_fqdn = config.master_host_name
if ca_is_configured is not None:
ds.ca_is_configured = ca_is_configured
ds.promote = promote
ds.api = remote_api
# config = ReplicaConfig() # from __setup_replica
config = ExtendedReplicaConfig()
config.realm_name = api.env.realm
config.host_name = api.env.host
config.domain_name = api.env.domain
config.master_host_name = api.env.server
config.ca_host_name = api.env.ca_host
config.kra_host_name = config.ca_host_name
config.ca_ds_port = 389
config.setup_ca = options.setup_ca
config.setup_kra = options.setup_kra
config.dir = options._top_dir
config.basedn = api.env.basedn
# config.subject_base = options.subject_base
return config # Always connect to ds over ldapi
ldap_uri = ipaldap.get_ldap_uri(protocol='ldapi', realm=ds.realm)
conn = ipaldap.LDAPClient(ldap_uri)
conn.external_bind()
def replica_ds_init_info(ansible_log, return ds
config, options, ca_is_configured, remote_api,
ds_ca_subject, ca_file,
promote=False, pkcs12_info=None):
dsinstance.check_ports()
# if we have a pkcs12 file, create the cert db from def ansible_module_get_parsed_ip_addresses(ansible_module,
# that. Otherwise the ds setup will create the CA param='ip_addresses'):
# cert ip_addrs = []
if pkcs12_info is None: for ip in ansible_module.params.get(param):
pkcs12_info = make_pkcs12_info(config.dir, "dscert.p12", try:
"dirsrv_pin.txt") ip_parsed = ipautil.CheckedIPAddress(ip)
except Exception as e:
ansible_module.fail_json(msg="Invalid IP Address %s: %s" % (ip, e))
ip_addrs.append(ip_parsed)
return ip_addrs
# during replica install, this gets invoked before local DS is
# available, so use the remote api.
# if ca_is_configured:
# ca_subject = ca.lookup_ca_subject(_api, config.subject_base)
# else:
# ca_subject = installutils.default_ca_subject_dn(
# config.subject_base)
ca_subject = ds_ca_subject
ds = dsinstance.DsInstance( def gen_remote_api(master_host_name, etc_ipa):
config_ldif=options.dirsrv_config_file) ldapuri = 'ldaps://%s' % ipautil.format_netloc(master_host_name)
ds.set_output(ansible_log) xmlrpc_uri = 'https://{}/ipa/xml'.format(
ipautil.format_netloc(master_host_name))
# Source: ipaserver/install/dsinstance.py remote_api = create_api(mode=None)
remote_api.bootstrap(in_server=True,
# idstart and idmax are configured so that the range is seen as context='installer',
# depleted by the DNA plugin and the replica will go and get a confdir=etc_ipa,
# new range from the master. ldap_uri=ldapuri,
# This way all servers use the initially defined range by default. xmlrpc_uri=xmlrpc_uri)
idstart = 1101 remote_api.finalize()
idmax = 1100 return remote_api
with redirect_stdout(ansible_log):
ds.init_info(
realm_name=config.realm_name,
fqdn=config.host_name,
domain_name=config.domain_name,
dm_password=config.dirman_password,
subject_base=config.subject_base,
ca_subject=ca_subject,
idstart=idstart,
idmax=idmax,
pkcs12_info=pkcs12_info,
ca_file=ca_file,
setup_pkinit=not options.no_pkinit,
)
ds.master_fqdn = config.master_host_name
if ca_is_configured is not None:
ds.ca_is_configured = ca_is_configured
ds.promote = promote
ds.api = remote_api
# from __setup_replica
# Always connect to ds over ldapi
ldap_uri = ipaldap.get_ldap_uri(protocol='ldapi', realm=ds.realm)
conn = ipaldap.LDAPClient(ldap_uri)
conn.external_bind()
return ds
def ansible_module_get_parsed_ip_addresses(ansible_module,
param='ip_addresses'):
ip_addrs = []
for ip in ansible_module.params.get(param):
try:
ip_parsed = ipautil.CheckedIPAddress(ip)
except Exception as e:
ansible_module.fail_json(
msg="Invalid IP Address %s: %s" % (ip, e))
ip_addrs.append(ip_parsed)
return ip_addrs
def gen_remote_api(master_host_name, etc_ipa):
ldapuri = 'ldaps://%s' % ipautil.format_netloc(master_host_name)
xmlrpc_uri = 'https://{}/ipa/xml'.format(
ipautil.format_netloc(master_host_name))
remote_api = create_api(mode=None)
remote_api.bootstrap(in_server=True,
context='installer',
confdir=etc_ipa,
ldap_uri=ldapuri,
xmlrpc_uri=xmlrpc_uri)
remote_api.finalize()
return remote_api

6
roles/ipaserver/README.md
View File

@@ -260,12 +260,12 @@ Certificate system Variables
Variable | Description | Required Variable | Description | Required
-------- | ----------- | -------- -------- | ----------- | --------
`ipaserver_external_ca` | Generate a CSR for the IPA CA certificate to be signed by an external CA. (bool, default: false) | no `ipaserver_external_ca` | Generate a CSR for the IPA CA certificate to be signed by an external CA. (bool, default: false) | no
`ipaserver_external_ca_type` | Type of the external CA. (choice: generic, ms-cs) | no `ipaserver_external_ca_type` | Type of the external CA. (choice: generic,ms-cs) | no
`ipaserver_external_ca_profile` | Specify the certificate profile/template to use at the external CA. (string) | no `ipaserver_external_ca_profile` | Specify the certificate profile/template to use at the external CA. (string) | no
`ipaserver_external_cert_files` | Files containing the IPA CA certificates and the external CA certificate chains (list of string) | no `ipaserver_external_cert_files` | Files containing the IPA CA certificates and the external CA certificate chains (list of string) | no
`ipaserver_subject_base` | The certificate subject base (default O=<realm-name>). RDNs are in LDAP order (most specific RDN first). (string) | no `ipaserver_subject_base` | The certificate subject base (default O=<realm-name>). RDNs are in LDAP order (most specific RDN first). (string) | no
`ipaserver_ca_subject` | The CA certificate subject DN (default CN=Certificate Authority,O=<realm-name>). RDNs are in LDAP order (most specific RDN first). (string) | no `ipaserver_ca_subject` | The CA certificate subject DN (default CN=Certificate Authority,O=<realm-name>). RDNs are in LDAP order (most specific RDN first). (string) | no
`ipaserver_ca_signing_algorithm` | Signing algorithm of the IPA CA certificate. (choice: SHA1withRSA, SHA256withRSA, SHA512withRSA) | no `ipaserver_ca_signing_algorithm` | Signing algorithm of the IPA CA certificate. (choice: SHA1withRSA,SHA256withRSA,SHA512withRSA) | no
DNS Variables DNS Variables
------------- -------------
@@ -280,7 +280,7 @@ Variable | Description | Required
`ipaserver_forwarders` | Add DNS forwarders to the DNS configuration. (list of strings) | no `ipaserver_forwarders` | Add DNS forwarders to the DNS configuration. (list of strings) | no
`ipaserver_no_forwarders` | Do not add any DNS forwarders. Root DNS servers will be used instead. (bool, default: false) | no `ipaserver_no_forwarders` | Do not add any DNS forwarders. Root DNS servers will be used instead. (bool, default: false) | no
`ipaserver_auto_forwarders` | Add DNS forwarders configured in /etc/resolv.conf to the list of forwarders used by IPA DNS. (bool, default: false) | no `ipaserver_auto_forwarders` | Add DNS forwarders configured in /etc/resolv.conf to the list of forwarders used by IPA DNS. (bool, default: false) | no
`ipaserver_forward_policy` | DNS forwarding policy for global forwarders specified using other options. (choice: first, only) | no `ipaserver_forward_policy` | DNS forwarding policy for global forwarders specified using other options. (choice: first|only) | no
`ipaserver_no_dnssec_validation` | Disable DNSSEC validation on this server. (bool, default: false) | no `ipaserver_no_dnssec_validation` | Disable DNSSEC validation on this server. (bool, default: false) | no
AD trust Variables AD trust Variables

653
roles/ipaserver/module_utils/ansible_ipa_server.py
View File

@@ -41,349 +41,352 @@ __all__ = ["IPAChangeConf", "certmonger", "sysrestore", "root_logger",
"check_available_memory"] "check_available_memory"]
import sys import sys
import logging
from contextlib import contextmanager as contextlib_contextmanager
import six
import base64
# HACK: workaround for Ansible 2.9
# https://github.com/ansible/ansible/issues/68361 from ipapython.version import NUM_VERSION, VERSION
if 'ansible.executor' in sys.modules:
for attr in __all__: if NUM_VERSION < 30201:
setattr(sys.modules[__name__], attr, None) # See ipapython/version.py
IPA_MAJOR, IPA_MINOR, IPA_RELEASE = [int(x) for x in VERSION.split(".", 2)]
IPA_PYTHON_VERSION = IPA_MAJOR*10000 + IPA_MINOR*100 + IPA_RELEASE
else:
IPA_PYTHON_VERSION = NUM_VERSION
if NUM_VERSION >= 40500:
# IPA version >= 4.5
from ipaclient.install.ipachangeconf import IPAChangeConf
from ipalib.install import certmonger
try:
from ipalib import sysrestore
except ImportError:
from ipalib.install import sysrestore
from ipapython import ipautil
from ipapython.ipa_log_manager import standard_logging_setup
try:
from ipapython.ipa_log_manager import root_logger
except ImportError:
root_logger = None
from ipapython.ipautil import (
ipa_generate_password, run)
from ipapython.admintool import ScriptError
from ipaplatform import services
from ipaplatform.paths import paths
from ipaplatform.tasks import tasks
from ipalib import api, errors, x509
from ipalib.constants import DOMAIN_LEVEL_0, MIN_DOMAIN_LEVEL, \
MAX_DOMAIN_LEVEL
try:
from ipalib.constants import IPAAPI_USER
except ImportError:
IPAAPI_USER = None
from ipalib.util import (
validate_domain_name,
no_matching_interface_for_ip_address_warning,
)
from ipapython.dnsutil import check_zone_overlap
from ipapython.dn import DN
try:
from ipaclient.install import timeconf
from ipaclient.install.client import sync_time
time_service = "chronyd"
ntpinstance = None
except ImportError:
try:
from ipaclient.install import ntpconf as timeconf
except ImportError:
from ipaclient import ntpconf as timeconf
from ipaserver.install import ntpinstance
time_service = "ntpd"
sync_time = None
from ipaserver.install import (
adtrust, bindinstance, ca, dns, dsinstance,
httpinstance, installutils, kra, krbinstance,
otpdinstance, custodiainstance, replication, service,
sysupgrade)
adtrust_imported = True
kra_imported = True
from ipaserver.install.installutils import (
BadHostError, get_fqdn, get_server_ip_address,
load_pkcs12, read_password, verify_fqdn,
update_hosts_file)
try:
from ipalib.facts import is_ipa_configured
except ImportError:
from ipaserver.install.installutils import is_ipa_configured
from ipaserver.install.server.install import (
check_dirsrv, validate_admin_password, validate_dm_password,
read_cache, write_cache)
try:
from ipaserver.install.dogtaginstance import PKIIniLoader
except ImportError:
PKIIniLoader = None
try:
from ipaserver.install.installutils import default_subject_base
except ImportError:
def default_subject_base(realm_name):
return DN(('O', realm_name))
try:
from ipalib.facts import IPA_MODULES
except ImportError:
from ipaserver.install.installutils import IPA_MODULES
try:
from ipaserver.install.installutils import default_ca_subject_dn
except ImportError:
def default_ca_subject_dn(subject_base):
return DN(('CN', 'Certificate Authority'), subject_base)
try:
from ipaserver.install.installutils import check_available_memory
except ImportError:
check_available_memory = None
try:
from ipaserver.install import adtrustinstance
_server_trust_ad_installed = True
except ImportError:
_server_trust_ad_installed = False
try:
from ipaclient.install.client import check_ldap_conf
except ImportError:
check_ldap_conf = None
try:
from ipalib.x509 import Encoding
except ImportError:
from cryptography.hazmat.primitives.serialization import Encoding
try:
from ipalib.x509 import load_pem_x509_certificate
except ImportError:
from ipalib.x509 import load_certificate
load_pem_x509_certificate = None
else: else:
# IPA version < 4.5
import logging raise Exception("freeipa version '%s' is too old" % VERSION)
from contextlib import contextmanager as contextlib_contextmanager
import six
import base64
from ipapython.version import NUM_VERSION, VERSION
if NUM_VERSION < 30201: logger = logging.getLogger("ipa-server-install")
# See ipapython/version.py
IPA_MAJOR, IPA_MINOR, IPA_RELEASE = [int(x) for x in
VERSION.split(".", 2)] def setup_logging():
IPA_PYTHON_VERSION = IPA_MAJOR*10000 + IPA_MINOR*100 + IPA_RELEASE # logger.setLevel(logging.DEBUG)
standard_logging_setup(
paths.IPASERVER_INSTALL_LOG, verbose=False, debug=False,
filemode='a', console_format='%(message)s')
@contextlib_contextmanager
def redirect_stdout(f):
sys.stdout = f
try:
yield f
finally:
sys.stdout = sys.__stdout__
class AnsibleModuleLog():
def __init__(self, module):
self.module = module
_ansible_module_log = self
class AnsibleLoggingHandler(logging.Handler):
def emit(self, record):
_ansible_module_log.write(self.format(record))
self.logging_handler = AnsibleLoggingHandler()
logger.setLevel(logging.DEBUG)
logger.root.addHandler(self.logging_handler)
def close(self):
self.flush()
def flush(self):
pass
def log(self, msg):
# self.write(msg+"\n")
self.write(msg)
def debug(self, msg):
self.module.debug(msg)
def info(self, msg):
self.module.debug(msg)
def write(self, msg):
self.module.debug(msg)
# self.module.warn(msg)
class options_obj(object):
def __init__(self):
self._replica_install = False
self.dnssec_master = False # future unknown
self.disable_dnssec_master = False # future unknown
self.domainlevel = MAX_DOMAIN_LEVEL # deprecated
self.domain_level = self.domainlevel # deprecated
self.interactive = False
self.unattended = not self.interactive
# def __getattribute__(self, attr):
# logger.info(" <-- Accessing options.%s" % attr)
# return super(options_obj, self).__getattribute__(attr)
# def __getattr__(self, attr):
# logger.info(" --> Adding missing options.%s" % attr)
# setattr(self, attr, None)
# return getattr(self, attr)
def knobs(self):
for name in self.__dict__:
yield self, name
options = options_obj()
installer = options
# ServerMasterInstall
options.add_sids = True
options.add_agents = False
# Installable
options.uninstalling = False
# ServerInstallInterface
options.description = "Server"
options.kinit_attempts = 1
options.fixed_primary = True
options.permit = False
options.enable_dns_updates = False
options.no_krb5_offline_passwords = False
options.preserve_sssd = False
options.no_sssd = False
# ServerMasterInstall
options.force_join = False
options.servers = None
options.no_wait_for_dns = True
options.host_password = None
options.keytab = None
options.setup_ca = True
# always run sidgen task and do not allow adding agents on first master
options.add_sids = True
options.add_agents = False
# ADTrustInstallInterface
# no_msdcs is deprecated
options.no_msdcs = False
# For pylint
options.external_cert_files = None
options.dirsrv_cert_files = None
# Uninstall
options.ignore_topology_disconnect = False
options.ignore_last_of_role = False
def api_Backend_ldap2(host_name, setup_ca, connect=False):
# we are sure we have the configuration file ready.
cfg = dict(context='installer', confdir=paths.ETC_IPA, in_server=True,
host=host_name)
if setup_ca:
# we have an IPA-integrated CA
cfg['ca_host'] = host_name
api.bootstrap(**cfg)
api.finalize()
if connect:
api.Backend.ldap2.connect()
def ds_init_info(ansible_log, fstore, domainlevel, dirsrv_config_file,
realm_name, host_name, domain_name, dm_password,
idstart, idmax, subject_base, ca_subject,
no_hbac_allow, dirsrv_pkcs12_info, no_pkinit):
if not options.external_cert_files:
ds = dsinstance.DsInstance(fstore=fstore, domainlevel=domainlevel,
config_ldif=dirsrv_config_file)
ds.set_output(ansible_log)
if options.dirsrv_cert_files:
_dirsrv_pkcs12_info = dirsrv_pkcs12_info
else:
_dirsrv_pkcs12_info = None
with redirect_stdout(ansible_log):
ds.init_info(realm_name, host_name, domain_name, dm_password,
subject_base, ca_subject, idstart, idmax,
# hbac_allow=not no_hbac_allow,
_dirsrv_pkcs12_info, setup_pkinit=not no_pkinit)
else: else:
IPA_PYTHON_VERSION = NUM_VERSION ds = dsinstance.DsInstance(fstore=fstore, domainlevel=domainlevel)
ds.set_output(ansible_log)
if NUM_VERSION >= 40500: with redirect_stdout(ansible_log):
# IPA version >= 4.5 ds.init_info(realm_name, host_name, domain_name, dm_password,
subject_base, ca_subject, 1101, 1100, None,
setup_pkinit=not no_pkinit)
from ipaclient.install.ipachangeconf import IPAChangeConf return ds
from ipalib.install import certmonger
try:
from ipalib import sysrestore
except ImportError:
from ipalib.install import sysrestore
from ipapython import ipautil
from ipapython.ipa_log_manager import standard_logging_setup
try:
from ipapython.ipa_log_manager import root_logger
except ImportError:
root_logger = None
from ipapython.ipautil import (
ipa_generate_password, run)
from ipapython.admintool import ScriptError
from ipaplatform import services
from ipaplatform.paths import paths
from ipaplatform.tasks import tasks
from ipalib import api, errors, x509
from ipalib.constants import DOMAIN_LEVEL_0, MIN_DOMAIN_LEVEL, \
MAX_DOMAIN_LEVEL
try:
from ipalib.constants import IPAAPI_USER
except ImportError:
IPAAPI_USER = None
from ipalib.util import (
validate_domain_name,
no_matching_interface_for_ip_address_warning,
)
from ipapython.dnsutil import check_zone_overlap
from ipapython.dn import DN
try:
from ipaclient.install import timeconf
from ipaclient.install.client import sync_time
time_service = "chronyd"
ntpinstance = None
except ImportError:
try:
from ipaclient.install import ntpconf as timeconf
except ImportError:
from ipaclient import ntpconf as timeconf
from ipaserver.install import ntpinstance
time_service = "ntpd"
sync_time = None
from ipaserver.install import (
adtrust, bindinstance, ca, dns, dsinstance,
httpinstance, installutils, kra, krbinstance,
otpdinstance, custodiainstance, replication, service,
sysupgrade)
adtrust_imported = True
kra_imported = True
from ipaserver.install.installutils import (
BadHostError, get_fqdn, get_server_ip_address,
load_pkcs12, read_password, verify_fqdn,
update_hosts_file)
try:
from ipalib.facts import is_ipa_configured
except ImportError:
from ipaserver.install.installutils import is_ipa_configured
from ipaserver.install.server.install import (
check_dirsrv, validate_admin_password, validate_dm_password,
read_cache, write_cache)
try:
from ipaserver.install.dogtaginstance import PKIIniLoader
except ImportError:
PKIIniLoader = None
try:
from ipaserver.install.installutils import default_subject_base
except ImportError:
def default_subject_base(realm_name):
return DN(('O', realm_name))
try:
from ipalib.facts import IPA_MODULES
except ImportError:
from ipaserver.install.installutils import IPA_MODULES
try:
from ipaserver.install.installutils import default_ca_subject_dn
except ImportError:
def default_ca_subject_dn(subject_base):
return DN(('CN', 'Certificate Authority'), subject_base)
try:
from ipaserver.install.installutils import check_available_memory
except ImportError:
check_available_memory = None
try:
from ipaserver.install import adtrustinstance
_server_trust_ad_installed = True
except ImportError:
_server_trust_ad_installed = False
def ansible_module_get_parsed_ip_addresses(ansible_module,
param='ip_addresses'):
ip_addrs = []
for ip in ansible_module.params.get(param):
try: try:
from ipaclient.install.client import check_ldap_conf ip_parsed = ipautil.CheckedIPAddress(ip)
except ImportError: except Exception as e:
check_ldap_conf = None ansible_module.fail_json(msg="Invalid IP Address %s: %s" % (ip, e))
ip_addrs.append(ip_parsed)
return ip_addrs
try:
from ipalib.x509 import Encoding
except ImportError:
from cryptography.hazmat.primitives.serialization import Encoding
try: def encode_certificate(cert):
from ipalib.x509 import load_pem_x509_certificate """
except ImportError: Encode a certificate using base64.
from ipalib.x509 import load_certificate
load_pem_x509_certificate = None
It also takes FreeIPA and Python versions into account.
"""
if isinstance(cert, (str, bytes)):
encoded = base64.b64encode(cert)
else: else:
# IPA version < 4.5 encoded = base64.b64encode(cert.public_bytes(Encoding.DER))
if not six.PY2:
encoded = encoded.decode('ascii')
return encoded
raise Exception("freeipa version '%s' is too old" % VERSION)
logger = logging.getLogger("ipa-server-install") def decode_certificate(cert):
"""
Decode a certificate using base64.
def setup_logging(): It also takes FreeIPA versions into account and returns a IPACertificate
# logger.setLevel(logging.DEBUG) for newer IPA versions.
standard_logging_setup( """
paths.IPASERVER_INSTALL_LOG, verbose=False, debug=False, if hasattr(x509, "IPACertificate"):
filemode='a', console_format='%(message)s') cert = cert.strip()
if not cert.startswith("-----BEGIN CERTIFICATE-----"):
cert = "-----BEGIN CERTIFICATE-----\n" + cert
if not cert.endswith("-----END CERTIFICATE-----"):
cert += "\n-----END CERTIFICATE-----"
@contextlib_contextmanager if load_pem_x509_certificate is not None:
def redirect_stdout(f): cert = load_pem_x509_certificate(cert.encode('utf-8'))
sys.stdout = f
try:
yield f
finally:
sys.stdout = sys.__stdout__
class AnsibleModuleLog():
def __init__(self, module):
self.module = module
_ansible_module_log = self
class AnsibleLoggingHandler(logging.Handler):
def emit(self, record):
_ansible_module_log.write(self.format(record))
self.logging_handler = AnsibleLoggingHandler()
logger.setLevel(logging.DEBUG)
logger.root.addHandler(self.logging_handler)
def close(self):
self.flush()
def flush(self):
pass
def log(self, msg):
# self.write(msg+"\n")
self.write(msg)
def debug(self, msg):
self.module.debug(msg)
def info(self, msg):
self.module.debug(msg)
def write(self, msg):
self.module.debug(msg)
# self.module.warn(msg)
class options_obj(object):
def __init__(self):
self._replica_install = False
self.dnssec_master = False # future unknown
self.disable_dnssec_master = False # future unknown
self.domainlevel = MAX_DOMAIN_LEVEL # deprecated
self.domain_level = self.domainlevel # deprecated
self.interactive = False
self.unattended = not self.interactive
# def __getattribute__(self, attr):
# logger.info(" <-- Accessing options.%s" % attr)
# return super(options_obj, self).__getattribute__(attr)
# def __getattr__(self, attr):
# logger.info(" --> Adding missing options.%s" % attr)
# setattr(self, attr, None)
# return getattr(self, attr)
def knobs(self):
for name in self.__dict__:
yield self, name
options = options_obj()
installer = options
# ServerMasterInstall
options.add_sids = True
options.add_agents = False
# Installable
options.uninstalling = False
# ServerInstallInterface
options.description = "Server"
options.kinit_attempts = 1
options.fixed_primary = True
options.permit = False
options.enable_dns_updates = False
options.no_krb5_offline_passwords = False
options.preserve_sssd = False
options.no_sssd = False
# ServerMasterInstall
options.force_join = False
options.servers = None
options.no_wait_for_dns = True
options.host_password = None
options.keytab = None
options.setup_ca = True
# always run sidgen task and do not allow adding agents on first master
options.add_sids = True
options.add_agents = False
# ADTrustInstallInterface
# no_msdcs is deprecated
options.no_msdcs = False
# For pylint
options.external_cert_files = None
options.dirsrv_cert_files = None
# Uninstall
options.ignore_topology_disconnect = False
options.ignore_last_of_role = False
def api_Backend_ldap2(host_name, setup_ca, connect=False):
# we are sure we have the configuration file ready.
cfg = dict(context='installer', confdir=paths.ETC_IPA, in_server=True,
host=host_name)
if setup_ca:
# we have an IPA-integrated CA
cfg['ca_host'] = host_name
api.bootstrap(**cfg)
api.finalize()
if connect:
api.Backend.ldap2.connect()
def ds_init_info(ansible_log, fstore, domainlevel, dirsrv_config_file,
realm_name, host_name, domain_name, dm_password,
idstart, idmax, subject_base, ca_subject,
no_hbac_allow, dirsrv_pkcs12_info, no_pkinit):
if not options.external_cert_files:
ds = dsinstance.DsInstance(fstore=fstore, domainlevel=domainlevel,
config_ldif=dirsrv_config_file)
ds.set_output(ansible_log)
if options.dirsrv_cert_files:
_dirsrv_pkcs12_info = dirsrv_pkcs12_info
else:
_dirsrv_pkcs12_info = None
with redirect_stdout(ansible_log):
ds.init_info(realm_name, host_name, domain_name, dm_password,
subject_base, ca_subject, idstart, idmax,
# hbac_allow=not no_hbac_allow,
_dirsrv_pkcs12_info, setup_pkinit=not no_pkinit)
else: else:
ds = dsinstance.DsInstance(fstore=fstore, domainlevel=domainlevel) cert = load_certificate(cert.encode('utf-8'))
ds.set_output(ansible_log) else:
cert = base64.b64decode(cert)
with redirect_stdout(ansible_log): return cert
ds.init_info(realm_name, host_name, domain_name, dm_password,
subject_base, ca_subject, 1101, 1100, None,
setup_pkinit=not no_pkinit)
return ds
def ansible_module_get_parsed_ip_addresses(ansible_module,
param='ip_addresses'):
ip_addrs = []
for ip in ansible_module.params.get(param):
try:
ip_parsed = ipautil.CheckedIPAddress(ip)
except Exception as e:
ansible_module.fail_json(
msg="Invalid IP Address %s: %s" % (ip, e))
ip_addrs.append(ip_parsed)
return ip_addrs
def encode_certificate(cert):
"""
Encode a certificate using base64.
It also takes FreeIPA and Python versions into account.
"""
if isinstance(cert, (str, bytes)):
encoded = base64.b64encode(cert)
else:
encoded = base64.b64encode(cert.public_bytes(Encoding.DER))
if not six.PY2:
encoded = encoded.decode('ascii')
return encoded
def decode_certificate(cert):
"""
Decode a certificate using base64.
It also takes FreeIPA versions into account and returns a
IPACertificate for newer IPA versions.
"""
if hasattr(x509, "IPACertificate"):
cert = cert.strip()
if not cert.startswith("-----BEGIN CERTIFICATE-----"):
cert = "-----BEGIN CERTIFICATE-----\n" + cert
if not cert.endswith("-----END CERTIFICATE-----"):
cert += "\n-----END CERTIFICATE-----"
if load_pem_x509_certificate is not None:
cert = load_pem_x509_certificate(cert.encode('utf-8'))
else:
cert = load_certificate(cert.encode('utf-8'))
else:
cert = base64.b64decode(cert)
return cert

37
setup.cfg
View File

@@ -31,40 +31,3 @@ per-file-ignores =
[pydocstyle] [pydocstyle]
inherit = false inherit = false
ignore = D1,D212,D203 ignore = D1,D212,D203
[pylint.MASTER]
disable =
c-extension-no-member,
missing-module-docstring,
missing-class-docstring,
missing-function-docstring,
wrong-import-order,
ungrouped-imports,
wrong-import-position,
protected-access,
no-name-in-module,
too-many-arguments,
too-many-statements,
too-many-lines,
raise-missing-from,
duplicate-code,
broad-except,
too-many-branches,
too-many-locals,
fixme
[pylint.BASIC]
good-names = ex, i, j, k, Run, _, e, x, dn, cn, ip, os, unicode
[pylint.IMPORTS]
ignored-modules =
ansible.module_utils.ansible_freeipa_module,
ipalib, ipalib.config, ipalib.constants, ipalib.krb_utils, ipalib.errors,
ipapython.ipautil, ipapython.dn, ipapython.version, ipapython.dnsutil,
ipaplatform.paths
[pylint.REFACTORING]
max-nested-blocks = 9
[pylint.FORMAT]
max-line-length = 80

311
tests/automember/test_automember.yml
View File

@@ -1,311 +0,0 @@
---
- name: Test automember
hosts: ipaserver
become: true
tasks:
# CLEANUP TEST ITEMS
- name: Ensure group testgroup is absent
ipagroup:
ipaadmin_password: SomeADMINpassword
name: testgroup
state: absent
- name: Ensure hostgroup testhostgroup is absent
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
state: absent
- name: Ensure group automember rule testgroup is absent
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testgroup
state: absent
automember_type: group
- name: Ensure hostgroup automember rule testhostgroup is absent
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
state: absent
automember_type: hostgroup
# CREATE TEST ITEMS
# TESTS
- name: Ensure testgroup group is present
ipagroup:
ipaadmin_password: SomeADMINpassword
name: testgroup
- name: Ensure testhostgroup hostgroup is present
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
- name: Ensure testgroup group automember rule is present
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testgroup
description: testgroup automember rule.
automember_type: group
register: result
failed_when: not result.changed or result.failed
- name: Ensure testgroup group automember rule is present again
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testgroup
description: testgroup automember rule.
automember_type: group
register: result
failed_when: result.changed or result.failed
- name: Change testgroup group automember rule description
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testgroup
description: testgroup automember rule description.
automember_type: group
register: result
failed_when: not result.changed or result.failed
- name: Ensure testgroup group automember rule has conditions
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testgroup
automember_type: group
inclusive:
- key: 'uid'
expression: 'uid'
- key: 'uidnumber'
expression: 'uidnumber'
exclusive:
- key: 'uid'
expression: 'uid'
register: result
failed_when: not result.changed or result.failed
- name: Ensure testgroup group automember rule has conditions again
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testgroup
automember_type: group
inclusive:
- key: 'uid'
expression: 'uid'
- key: 'uidnumber'
expression: 'uidnumber'
exclusive:
- key: 'uid'
expression: 'uid'
register: result
failed_when: result.changed or result.failed
- name: Add testgroup group automember rule member condition
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testgroup
automember_type: group
action: member
inclusive:
- key: 'manager'
expression: 'uid=mscott'
register: result
failed_when: not result.changed or result.failed
- name: Ensure testgroup group automember rule has conditions
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testgroup
automember_type: group
inclusive:
- key: 'uid'
expression: 'uid'
- key: 'uidnumber'
expression: 'uidnumber'
- key: 'manager'
expression: 'uid=mscott'
exclusive:
- key: 'uid'
expression: 'uid'
register: result
failed_when: result.changed or result.failed
- name: Remove testgroup group automember rule member condition
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testgroup
automember_type: group
action: member
state: absent
inclusive:
- key: 'manager'
expression: 'uid=mscott'
register: result
failed_when: not result.changed or result.failed
- name: Ensure testgroup group automember rule has conditions again
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testgroup
automember_type: group
inclusive:
- key: 'uid'
expression: 'uid'
- key: 'uidnumber'
expression: 'uidnumber'
exclusive:
- key: 'uid'
expression: 'uid'
register: result
failed_when: result.changed or result.failed
- name: Ensure testhostgroup hostgroup automember rule is present
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
description: testhostgroup automember rule
automember_type: hostgroup
register: result
failed_when: not result.changed or result.failed
- name: Ensure testhostgroup hostgroup automember rule is present again
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
description: testhostgroup automember rule
automember_type: hostgroup
register: result
failed_when: result.changed or result.failed
- name: Change testhostgroup hostgroup automember rule description
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
description: testhostgroup test automember rule
automember_type: hostgroup
register: result
failed_when: not result.changed or result.failed
- name: Ensure testhostgroup hostgroup automember rule has conditions
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
automember_type: hostgroup
inclusive:
- key: 'description'
expression: 'description'
- key: 'description'
expression: 'description'
exclusive:
- key: 'cn'
expression: 'cn'
register: result
failed_when: not result.changed or result.failed
- name: Ensure testhostgroup hostgroup automember rule has conditions again
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
automember_type: hostgroup
inclusive:
- key: 'description'
expression: 'description'
- key: 'description'
expression: 'description'
exclusive:
- key: 'cn'
expression: 'cn'
register: result
failed_when: result.changed or result.failed
- name: Add testhostgroup hostgroup automember rule member condition
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
automember_type: hostgroup
action: member
inclusive:
- key: 'fqdn'
expression: '.*.domain.com'
register: result
failed_when: not result.changed or result.failed
- name: Ensure testhostgroup hostgroup automember rule has conditions
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
automember_type: hostgroup
inclusive:
- key: 'description'
expression: 'description'
- key: 'description'
expression: 'description'
- key: 'fqdn'
expression: '.*.domain.com'
exclusive:
- key: 'cn'
expression: 'cn'
register: result
failed_when: result.changed or result.failed
- name: Remove testhostgroup hostgroup automember rule member condition
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
automember_type: hostgroup
action: member
state: absent
inclusive:
- key: 'fqdn'
expression: '.*.domain.com'
register: result
failed_when: not result.changed or result.failed
- name: Ensure testhostgroup hostgroup automember rule has conditions
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
automember_type: hostgroup
inclusive:
- key: 'description'
expression: 'description'
- key: 'description'
expression: 'description'
exclusive:
- key: 'cn'
expression: 'cn'
register: result
failed_when: result.changed or result.failed
# CLEANUP TEST ITEMS
- name: Ensure group testgroup is absent
ipagroup:
ipaadmin_password: SomeADMINpassword
name: testgroup
state: absent
- name: Ensure hostgroup testhostgroup is absent
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
state: absent
- name: Ensure group automember rule testgroup is absent
ipaautomember:
ipaadmin_password: SomeADMINpassword
automember_type: group
name: testgroup
state: absent
- name: Ensure hostgroup automember rule testhostgroup is absent
ipaautomember:
ipaadmin_password: SomeADMINpassword
automember_type: hostgroup
name: testhostgroup
state: absent

3
tests/azure/templates/playbook_tests.yml
View File

@@ -34,9 +34,6 @@ jobs:
"ansible${{ parameters.ansible_version }}" "ansible${{ parameters.ansible_version }}"
displayName: Install molecule and Ansible displayName: Install molecule and Ansible
- script: |
ansible-galaxy collection install community.docker
- script: pip install -r requirements-tests.txt - script: pip install -r requirements-tests.txt
displayName: Install dependencies displayName: Install dependencies

3
tests/azure/templates/pytest_tests.yml
View File

@@ -26,9 +26,6 @@ jobs:
"ansible${{ parameters.ansible_version }}" "ansible${{ parameters.ansible_version }}"
displayName: Install molecule and Ansible displayName: Install molecule and Ansible
- script: |
ansible-galaxy collection install community.docker
- script: pip install -r requirements-tests.txt - script: pip install -r requirements-tests.txt
displayName: Install dependencies displayName: Install dependencies

72
tests/config/test_config.yml
View File

@@ -110,84 +110,84 @@
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
emaildomain: somedomain.test emaildomain: somedomain.test
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure the default e-mail domain is somedomain.test, again. - name: Ensure the default e-mail domain is somedomain.test, again.
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
emaildomain: somedomain.test emaildomain: somedomain.test
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: set default shell to '/bin/someshell' - name: set default shell to '/bin/someshell'
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
defaultshell: /bin/someshell defaultshell: /bin/someshell
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: set default shell to '/bin/someshell', again. - name: set default shell to '/bin/someshell', again.
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
defaultshell: /bin/someshell defaultshell: /bin/someshell
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: set default group - name: set default group
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
defaultgroup: somedefaultgroup defaultgroup: somedefaultgroup
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: set default group, again - name: set default group
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
defaultgroup: somedefaultgroup defaultgroup: somedefaultgroup
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: set default home directory - name: set default home directory
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
homedirectory: /Users homedirectory: /Users
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: set default home directory, again - name: set default home directory
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
homedirectory: /Users homedirectory: /Users
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: set pac-type - name: set pac-type
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
pac_type: "nfs:NONE" pac_type: "nfs:NONE"
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: set pac-type, again. - name: set pac-type, again.
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
pac_type: "nfs:NONE" pac_type: "nfs:NONE"
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: set maxusername to 33 - name: set maxusername to 33
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
maxusername: 33 maxusername: 33
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: set maxusername to 33, again. - name: set maxusername to 33, again.
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
maxusername: 33 maxusername: 33
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: set maxhostname to 77 - name: set maxhostname to 77
block: block:
@@ -195,13 +195,13 @@
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
maxhostname: 77 maxhostname: 77
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- ipaconfig: - ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
maxhostname: 77 maxhostname: 77
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
when: ipa_version is version('4.8.0', '>=') when: ipa_version is version('4.8.0', '>=')
- name: set pwdexpnotify to 17 - name: set pwdexpnotify to 17
@@ -209,126 +209,126 @@
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
pwdexpnotify: 17 pwdexpnotify: 17
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: set pwdexpnotify to 17, again - name: set pwdexpnotify to 17, again
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
pwdexpnotify: 17 pwdexpnotify: 17
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: set searchrecordslimit to -1 - name: set searchrecordslimit to -1
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
searchrecordslimit: -1 searchrecordslimit: -1
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: set searchrecordslimit to -1, again. - name: set searchrecordslimit to -1, again.
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
searchrecordslimit: -1 searchrecordslimit: -1
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: set searchtimelimit to 12345 - name: set searchtimelimit to 12345
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
searchtimelimit: 12345 searchtimelimit: 12345
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: set searchtimelimit to 12345, again. - name: set searchtimelimit to 12345, again.
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
searchtimelimit: 12345 searchtimelimit: 12345
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: change enable_migration - name: change enable_migration
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
enable_migration: '{{ not previousconfig.config.enable_migration }}' enable_migration: '{{ not previousconfig.config.enable_migration }}'
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: change enable_migration, again - name: change enable_migration, again
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
enable_migration: '{{ not previousconfig.config.enable_migration }}' enable_migration: '{{ not previousconfig.config.enable_migration }}'
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: set configstring to AllowNThash - name: set configstring to AllowNThash
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
configstring: AllowNThash configstring: AllowNThash
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: set configstring to AllowNThash, again. - name: set configstring to AllowNThash, again.
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
configstring: AllowNThash configstring: AllowNThash
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: set selinuxusermaporder - name: set selinuxusermaporder
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
selinuxusermaporder: 'user_u:s0$staff_u:s0-s0:c0.c1023$sysadm_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023' selinuxusermaporder: 'user_u:s0$staff_u:s0-s0:c0.c1023$sysadm_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023'
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: set selinuxusermaporder, again - name: set selinuxusermaporder, again
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
selinuxusermaporder: 'user_u:s0$staff_u:s0-s0:c0.c1023$sysadm_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023' selinuxusermaporder: 'user_u:s0$staff_u:s0-s0:c0.c1023$sysadm_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023'
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: set selinuxusermapdefault - name: set selinuxusermapdefault
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
selinuxusermapdefault: 'user_u:s0' selinuxusermapdefault: 'user_u:s0'
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: set selinuxusermapdefault, again - name: set selinuxusermapdefault, again
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
selinuxusermapdefault: 'user_u:s0' selinuxusermapdefault: 'user_u:s0'
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: set groupsearch to `description` - name: set groupsearch to `description`
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
groupsearch: description groupsearch: description
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: set groupsearch to `gidNumber`, again - name: set groupsearch to `gidNumber`, again
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
groupsearch: description groupsearch: description
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: set usersearch to `uidNumber` - name: set usersearch to `uidNumber`
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
usersearch: uidNumber usersearch: uidNumber
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: set usersearch to `uidNumber`, again - name: set usersearch to `uidNumber`, again
ipaconfig: ipaconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
usersearch: uidNumber usersearch: uidNumber
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: reset changed fields - name: reset changed fields
ipaconfig: ipaconfig:
@@ -354,7 +354,7 @@
domain_resolution_order: '{{previousconfig.config.domain_resolution_order | default(omit)}}' domain_resolution_order: '{{previousconfig.config.domain_resolution_order | default(omit)}}'
ca_renewal_master_server: '{{previousconfig.config.ca_renewal_master_server | default(omit)}}' ca_renewal_master_server: '{{previousconfig.config.ca_renewal_master_server | default(omit)}}'
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: reset maxhostname - name: reset maxhostname
block: block:
@@ -387,7 +387,7 @@
domain_resolution_order: '{{previousconfig.config.domain_resolution_order | default(omit)}}' domain_resolution_order: '{{previousconfig.config.domain_resolution_order | default(omit)}}'
ca_renewal_master_server: '{{previousconfig.config.ca_renewal_master_server | default(omit)}}' ca_renewal_master_server: '{{previousconfig.config.ca_renewal_master_server | default(omit)}}'
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: reset maxhostname - name: reset maxhostname
block: block:

28
tests/dnsconfig/test_dnsconfig.yml
View File

@@ -53,7 +53,7 @@
forward_policy: only forward_policy: only
allow_sync_ptr: yes allow_sync_ptr: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Set dnsconfig, with the same values. - name: Set dnsconfig, with the same values.
ipadnsconfig: ipadnsconfig:
@@ -66,7 +66,7 @@
forward_policy: only forward_policy: only
allow_sync_ptr: yes allow_sync_ptr: yes
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure forwarder is absent. - name: Ensure forwarder is absent.
ipadnsconfig: ipadnsconfig:
@@ -75,7 +75,7 @@
- ip_address: 8.8.8.8 - ip_address: 8.8.8.8
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure forwarder is absent, again. - name: Ensure forwarder is absent, again.
ipadnsconfig: ipadnsconfig:
@@ -84,63 +84,63 @@
- ip_address: 8.8.8.8 - ip_address: 8.8.8.8
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Disable global forwarders. - name: Disable global forwarders.
ipadnsconfig: ipadnsconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
forward_policy: none forward_policy: none
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Disable global forwarders, again. - name: Disable global forwarders, again.
ipadnsconfig: ipadnsconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
forward_policy: none forward_policy: none
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Re-enable global forwarders. - name: Re-enable global forwarders.
ipadnsconfig: ipadnsconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
forward_policy: first forward_policy: first
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Re-enable global forwarders, again. - name: Re-enable global forwarders, again.
ipadnsconfig: ipadnsconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
forward_policy: first forward_policy: first
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Disable PTR record synchronization. - name: Disable PTR record synchronization.
ipadnsconfig: ipadnsconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
allow_sync_ptr: no allow_sync_ptr: no
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Disable PTR record synchronization, again. - name: Disable PTR record synchronization, again.
ipadnsconfig: ipadnsconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
allow_sync_ptr: no allow_sync_ptr: no
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Re-enable PTR record synchronization. - name: Re-enable PTR record synchronization.
ipadnsconfig: ipadnsconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
allow_sync_ptr: yes allow_sync_ptr: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Re-enable PTR record synchronization, again. - name: Re-enable PTR record synchronization, again.
ipadnsconfig: ipadnsconfig:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
allow_sync_ptr: yes allow_sync_ptr: yes
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure all forwarders are absent. - name: Ensure all forwarders are absent.
ipadnsconfig: ipadnsconfig:
@@ -152,7 +152,7 @@
port: 53 port: 53
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure all forwarders are absent, again. - name: Ensure all forwarders are absent, again.
@@ -165,7 +165,7 @@
port: 53 port: 53
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
# Cleanup. # Cleanup.
- name: Ensure forwarders are absent. - name: Ensure forwarders are absent.

90
tests/dnsforwardzone/test_dnsforwardzone.yml
View File

@@ -23,7 +23,7 @@
forwardpolicy: first forwardpolicy: first
skip_overlap_check: true skip_overlap_check: true
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: ensure forwardzone example.com is present again - name: ensure forwardzone example.com is present again
ipadnsforwardzone: ipadnsforwardzone:
@@ -35,7 +35,7 @@
forwardpolicy: first forwardpolicy: first
skip_overlap_check: true skip_overlap_check: true
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: ensure forwardzone example.com has two forwarders - name: ensure forwardzone example.com has two forwarders
ipadnsforwardzone: ipadnsforwardzone:
@@ -49,7 +49,7 @@
forwardpolicy: first forwardpolicy: first
skip_overlap_check: true skip_overlap_check: true
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: ensure forwardzone example.com has one forwarder again - name: ensure forwardzone example.com has one forwarder again
ipadnsforwardzone: ipadnsforwardzone:
@@ -61,7 +61,7 @@
skip_overlap_check: true skip_overlap_check: true
state: present state: present
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: skip_overlap_check can only be set on creation so change nothing - name: skip_overlap_check can only be set on creation so change nothing
ipadnsforwardzone: ipadnsforwardzone:
@@ -73,7 +73,7 @@
skip_overlap_check: false skip_overlap_check: false
state: present state: present
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: ensure forwardzone example.com is absent. - name: ensure forwardzone example.com is absent.
ipadnsforwardzone: ipadnsforwardzone:
@@ -81,7 +81,7 @@
name: example.com name: example.com
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: ensure forwardzone example.com is absent, again. - name: ensure forwardzone example.com is absent, again.
ipadnsforwardzone: ipadnsforwardzone:
@@ -89,7 +89,7 @@
name: example.com name: example.com
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: change all the things at once - name: change all the things at once
ipadnsforwardzone: ipadnsforwardzone:
@@ -104,7 +104,7 @@
skip_overlap_check: true skip_overlap_check: true
permission: yes permission: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: change zone forward policy - name: change zone forward policy
ipadnsforwardzone: ipadnsforwardzone:
@@ -112,7 +112,7 @@
name: example.com name: example.com
forwardpolicy: first forwardpolicy: first
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: change zone forward policy, again - name: change zone forward policy, again
ipadnsforwardzone: ipadnsforwardzone:
@@ -120,23 +120,13 @@
name: example.com name: example.com
forwardpolicy: first forwardpolicy: first
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: ensure forwardzone example.com is absent. - name: ensure forwardzone example.com is absent.
ipadnsforwardzone: ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: example.com name: example.com
state: absent state: absent
register: result
failed_when: not result.changed or result.failed
- name: ensure forwardzone example.com is absent, again.
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
name: example.com
state: absent
register: result
failed_when: result.changed or result.failed
- name: ensure forwardzone example.com is created with minimal args - name: ensure forwardzone example.com is created with minimal args
ipadnsforwardzone: ipadnsforwardzone:
@@ -147,18 +137,7 @@
forwarders: forwarders:
- ip_address: 8.8.8.8 - ip_address: 8.8.8.8
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: ensure forwardzone example.com is created with minimal args, again
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
state: present
name: example.com
skip_overlap_check: true
forwarders:
- ip_address: 8.8.8.8
register: result
failed_when: result.changed or result.failed
- name: add a forwarder to any existing ones - name: add a forwarder to any existing ones
ipadnsforwardzone: ipadnsforwardzone:
@@ -170,19 +149,7 @@
port: 8053 port: 8053
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: add a forwarder to any existing ones, again
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
state: present
name: example.com
forwarders:
- ip_address: 4.4.4.4
port: 8053
action: member
register: result
failed_when: result.changed or result.failed
- name: check the list of forwarders is what we expect - name: check the list of forwarders is what we expect
ipadnsforwardzone: ipadnsforwardzone:
@@ -195,7 +162,7 @@
- ip_address: 8.8.8.8 - ip_address: 8.8.8.8
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: remove a single forwarder - name: remove a single forwarder
ipadnsforwardzone: ipadnsforwardzone:
@@ -206,18 +173,7 @@
- ip_address: 8.8.8.8 - ip_address: 8.8.8.8
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: remove a single forwarder, again
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
state: absent
name: example.com
forwarders:
- ip_address: 8.8.8.8
action: member
register: result
failed_when: result.changed or result.failed
- name: check the list of forwarders is what we expect now - name: check the list of forwarders is what we expect now
ipadnsforwardzone: ipadnsforwardzone:
@@ -229,7 +185,7 @@
port: 8053 port: 8053
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Add a permission for per-forward zone access delegation. - name: Add a permission for per-forward zone access delegation.
ipadnsforwardzone: ipadnsforwardzone:
@@ -238,7 +194,7 @@
permission: yes permission: yes
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Add a permission for per-forward zone access delegation, again. - name: Add a permission for per-forward zone access delegation, again.
ipadnsforwardzone: ipadnsforwardzone:
@@ -247,7 +203,7 @@
permission: yes permission: yes
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Remove a permission for per-forward zone access delegation. - name: Remove a permission for per-forward zone access delegation.
ipadnsforwardzone: ipadnsforwardzone:
@@ -256,7 +212,7 @@
permission: no permission: no
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Remove a permission for per-forward zone access delegation, again. - name: Remove a permission for per-forward zone access delegation, again.
ipadnsforwardzone: ipadnsforwardzone:
@@ -265,7 +221,7 @@
permission: no permission: no
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: disable the forwarder - name: disable the forwarder
ipadnsforwardzone: ipadnsforwardzone:
@@ -273,7 +229,7 @@
name: example.com name: example.com
state: disabled state: disabled
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: disable the forwarder again - name: disable the forwarder again
ipadnsforwardzone: ipadnsforwardzone:
@@ -281,7 +237,7 @@
name: example.com name: example.com
state: disabled state: disabled
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: enable the forwarder - name: enable the forwarder
ipadnsforwardzone: ipadnsforwardzone:
@@ -289,7 +245,7 @@
name: example.com name: example.com
state: enabled state: enabled
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: enable the forwarder, again - name: enable the forwarder, again
ipadnsforwardzone: ipadnsforwardzone:
@@ -297,7 +253,7 @@
name: example.com name: example.com
state: enabled state: enabled
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: ensure forwardzone example.com is absent again - name: ensure forwardzone example.com is absent again
ipadnsforwardzone: ipadnsforwardzone:

14
tests/dnsrecord/env_vars.yml
View File

@@ -4,9 +4,9 @@
set_fact: set_fact:
ipv4_prefix: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] | ipv4_prefix: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] |
join('.') }}" join('.') }}"
ipv4_reverse: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] | ipv4_reverse_sufix: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] |
reverse | reverse |
join('.') }}" join('.') }}"
- name: Set zone prefixes. - name: Set zone prefixes.
set_fact: set_fact:
@@ -14,7 +14,7 @@
safezone: 'safezone.test' safezone: 'safezone.test'
zone_ipv6_reverse: "ip6.arpa." zone_ipv6_reverse: "ip6.arpa."
zone_ipv6_reverse_workaround: "d.f.ip6.arpa." zone_ipv6_reverse_workaround: "d.f.ip6.arpa."
zone_prefix_reverse: "in-addr.arpa." zone_prefix_reverse: "in-addr.arpa"
zone_prefix_reverse_24: "{{ ipv4_reverse.split('.')[:] | join ('.') }}.in-addr.arpa." zone_prefix_reverse_24: "{{ ipv4_prefix.split('.')[::-1] | join ('.') }}.in-addr.arpa"
zone_prefix_reverse_16: "{{ ipv4_reverse.split('.')[1:] | join ('.') }}.in-addr.arpa." zone_prefix_reverse_16: "{{ ipv4_prefix.split('.')[1::-1] | join ('.') }}.in-addr.arpa"
zone_prefix_reverse_8: "{{ ipv4_reverse.split('.')[2:] | join ('.') }}.in-addr.arpa." zone_prefix_reverse_8: "{{ ipv4_prefix.split('.')[2::-1] | join ('.') }}.in-addr.arpa"

240
tests/dnsrecord/test_dnsrecord.yml
View File

@@ -28,7 +28,7 @@
record_type: AAAA record_type: AAAA
record_value: ::1 record_value: ::1
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that dns record 'host01' is present, again - name: Ensure that dns record 'host01' is present, again
ipadnsrecord: ipadnsrecord:
@@ -38,7 +38,7 @@
record_type: AAAA record_type: AAAA
record_value: ::1 record_value: ::1
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that dns record 'host02' is present - name: Ensure that dns record 'host02' is present
ipadnsrecord: ipadnsrecord:
@@ -48,7 +48,7 @@
record_type: A record_type: A
record_value: "{{ ipv4_prefix }}.102" record_value: "{{ ipv4_prefix }}.102"
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that dns record 'host02' is present, again - name: Ensure that dns record 'host02' is present, again
ipadnsrecord: ipadnsrecord:
@@ -58,7 +58,7 @@
record_type: A record_type: A
record_value: "{{ ipv4_prefix }}.102" record_value: "{{ ipv4_prefix }}.102"
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Modify record 'host02' with multiple A and AAAA record. - name: Modify record 'host02' with multiple A and AAAA record.
ipadnsrecord: ipadnsrecord:
@@ -75,7 +75,7 @@
record_type: AAAA record_type: AAAA
record_value: ::1 record_value: ::1
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Modify record 'host02' with multiple A and AAAA record, again. - name: Modify record 'host02' with multiple A and AAAA record, again.
ipadnsrecord: ipadnsrecord:
@@ -92,7 +92,7 @@
record_type: AAAA record_type: AAAA
record_value: ::1 record_value: ::1
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure 'host02' A6 record is present. - name: Ensure 'host02' A6 record is present.
ipadnsrecord: ipadnsrecord:
@@ -101,7 +101,7 @@
name: host02 name: host02
a6_data: ::1 a6_data: ::1
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure 'host02' A6 record is present, again. - name: Ensure 'host02' A6 record is present, again.
ipadnsrecord: ipadnsrecord:
@@ -110,7 +110,7 @@
name: host02 name: host02
a6_rec: ::1 a6_rec: ::1
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure 'host02' A6 record is absent. - name: Ensure 'host02' A6 record is absent.
ipadnsrecord: ipadnsrecord:
@@ -120,7 +120,7 @@
a6_rec: ::1 a6_rec: ::1
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure 'host02' A6 record is absent, again. - name: Ensure 'host02' A6 record is absent, again.
ipadnsrecord: ipadnsrecord:
@@ -130,7 +130,7 @@
a6_rec: ::1 a6_rec: ::1
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that dns record 'host03' is present, with reverse record. - name: Ensure that dns record 'host03' is present, with reverse record.
ipadnsrecord: ipadnsrecord:
@@ -140,7 +140,7 @@
a_ip_address: "{{ ipv4_prefix }}.103" a_ip_address: "{{ ipv4_prefix }}.103"
a_create_reverse: yes a_create_reverse: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that dns record 'host03' is present, with reverse record, again - name: Ensure that dns record 'host03' is present, with reverse record, again
ipadnsrecord: ipadnsrecord:
@@ -151,7 +151,7 @@
record_value: "{{ ipv4_prefix }}.103" record_value: "{{ ipv4_prefix }}.103"
create_reverse: yes create_reverse: yes
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Delete all entries associated with host03 - name: Delete all entries associated with host03
ipadnsrecord: ipadnsrecord:
@@ -161,7 +161,7 @@
del_all: yes del_all: yes
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Delete all entries associated with host03, again - name: Delete all entries associated with host03, again
ipadnsrecord: ipadnsrecord:
@@ -171,7 +171,7 @@
del_all: yes del_all: yes
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'host04' has CNAME - name: Ensure that 'host04' has CNAME
ipadnsrecord: ipadnsrecord:
@@ -181,7 +181,7 @@
record_type: CNAME record_type: CNAME
record_value: "host04.{{ testzone }}" record_value: "host04.{{ testzone }}"
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' has CNAME, again - name: Ensure that 'host04' has CNAME, again
ipadnsrecord: ipadnsrecord:
@@ -190,7 +190,7 @@
name: host04 name: host04
cname_hostname: "host04.{{ testzone }}" cname_hostname: "host04.{{ testzone }}"
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'host04' CNAME is absent - name: Ensure that 'host04' CNAME is absent
ipadnsrecord: ipadnsrecord:
@@ -200,7 +200,7 @@
cname_rec: "host04.{{ testzone }}" cname_rec: "host04.{{ testzone }}"
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' CNAME is absent, again - name: Ensure that 'host04' CNAME is absent, again
ipadnsrecord: ipadnsrecord:
@@ -211,7 +211,7 @@
record_value: "host04.{{ testzone }}" record_value: "host04.{{ testzone }}"
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'host04' and 'host03' have CNAME, with cname_hostname - name: Ensure that 'host04' and 'host03' have CNAME, with cname_hostname
ipadnsrecord: ipadnsrecord:
@@ -223,7 +223,7 @@
- name: host03 - name: host03
cname_hostname: "host03.{{ testzone }}" cname_hostname: "host03.{{ testzone }}"
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' has CNAME, with cname_hostname, again - name: Ensure that 'host04' has CNAME, with cname_hostname, again
ipadnsrecord: ipadnsrecord:
@@ -232,7 +232,7 @@
name: host04 name: host04
cname_hostname: "host04.{{ testzone }}" cname_hostname: "host04.{{ testzone }}"
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'host04' CNAME is absent. - name: Ensure that 'host04' CNAME is absent.
ipadnsrecord: ipadnsrecord:
@@ -242,7 +242,7 @@
cname_rec: "host04.{{ testzone }}" cname_rec: "host04.{{ testzone }}"
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' has A record. - name: Ensure that 'host04' has A record.
ipadnsrecord: ipadnsrecord:
@@ -251,7 +251,7 @@
name: host04 name: host04
ip_address: "{{ ipv4_prefix }}.104" ip_address: "{{ ipv4_prefix }}.104"
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' has A record, again. - name: Ensure that 'host04' has A record, again.
ipadnsrecord: ipadnsrecord:
@@ -260,7 +260,7 @@
name: host04 name: host04
ip_address: "{{ ipv4_prefix }}.104" ip_address: "{{ ipv4_prefix }}.104"
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'host04' has the same A record with reverse. - name: Ensure that 'host04' has the same A record with reverse.
ipadnsrecord: ipadnsrecord:
@@ -270,7 +270,7 @@
a_rec: "{{ ipv4_prefix }}.104" a_rec: "{{ ipv4_prefix }}.104"
reverse: yes reverse: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' has the same A record with reverse, again. - name: Ensure that 'host04' has the same A record with reverse, again.
ipadnsrecord: ipadnsrecord:
@@ -280,18 +280,17 @@
a_rec: "{{ ipv4_prefix }}.104" a_rec: "{{ ipv4_prefix }}.104"
reverse: yes reverse: yes
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'host04' has another A record with reverse. - name: Ensure that 'host04' has an A record with reverse, for NS record.
ipadnsrecord: ipadnsrecord:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
zone_name: "{{ testzone }}" zone_name: "{{ testzone }}"
name: host04 name: host04
ip_address: "{{ ipv4_prefix }}.114" ip_address: "{{ ipv4_prefix }}.114"
reverse: yes reverse: yes
failed_when: result.changed or result.failed
- name: Ensure that 'host04' has another A record with reverse, again. - name: Ensure that 'host04' has an A record with reverse, again.
ipadnsrecord: ipadnsrecord:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
zone_name: "{{ testzone }}" zone_name: "{{ testzone }}"
@@ -299,7 +298,7 @@
ip_address: "{{ ipv4_prefix }}.114" ip_address: "{{ ipv4_prefix }}.114"
reverse: yes reverse: yes
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'host04' has AAAA record. - name: Ensure that 'host04' has AAAA record.
ipadnsrecord: ipadnsrecord:
@@ -309,7 +308,7 @@
aaaa_ip_address: fd00::0004 aaaa_ip_address: fd00::0004
aaaa_create_reverse: yes aaaa_create_reverse: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' has AAAA record, again. - name: Ensure that 'host04' has AAAA record, again.
ipadnsrecord: ipadnsrecord:
@@ -319,7 +318,7 @@
ip_address: fd00::0004 ip_address: fd00::0004
reverse: yes reverse: yes
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'host04' has AAAA record, without reverse. - name: Ensure that 'host04' has AAAA record, without reverse.
ipadnsrecord: ipadnsrecord:
@@ -328,7 +327,7 @@
name: host04 name: host04
ip_address: fd00::0014 ip_address: fd00::0014
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' previous AAAA record, now has a reverse record. - name: Ensure that 'host04' previous AAAA record, now has a reverse record.
ipadnsrecord: ipadnsrecord:
@@ -338,7 +337,7 @@
aaaa_rec: fd00::0014 aaaa_rec: fd00::0014
reverse: yes reverse: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' previous AAAA record, now has a reverse record, again. - name: Ensure that 'host04' previous AAAA record, now has a reverse record, again.
ipadnsrecord: ipadnsrecord:
@@ -348,7 +347,7 @@
aaaa_rec: fd00::0014 aaaa_rec: fd00::0014
reverse: yes reverse: yes
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'host04' has PTR record. - name: Ensure that 'host04' has PTR record.
ipadnsrecord: ipadnsrecord:
@@ -357,7 +356,7 @@
name: "124" name: "124"
ptr_hostname: "host04.{{ testzone }}" ptr_hostname: "host04.{{ testzone }}"
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' has PTR record, again. - name: Ensure that 'host04' has PTR record, again.
ipadnsrecord: ipadnsrecord:
@@ -366,7 +365,7 @@
name: "124" name: "124"
ptr_hostname: "host04.{{ testzone }}" ptr_hostname: "host04.{{ testzone }}"
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'host04' has PTR record is absent. - name: Ensure that 'host04' has PTR record is absent.
ipadnsrecord: ipadnsrecord:
@@ -376,7 +375,7 @@
ptr_rec: "host04.{{ testzone }}" ptr_rec: "host04.{{ testzone }}"
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' has PTR record is absent, again. - name: Ensure that 'host04' has PTR record is absent, again.
ipadnsrecord: ipadnsrecord:
@@ -386,7 +385,7 @@
ptr_rec: "host04.{{ testzone }}" ptr_rec: "host04.{{ testzone }}"
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'host04' has DNAME record. - name: Ensure that 'host04' has DNAME record.
ipadnsrecord: ipadnsrecord:
@@ -395,7 +394,7 @@
name: host04 name: host04
dname_target: "ipa.{{ testzone }}" dname_target: "ipa.{{ testzone }}"
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' has DNAME record, again. - name: Ensure that 'host04' has DNAME record, again.
ipadnsrecord: ipadnsrecord:
@@ -404,7 +403,7 @@
name: host04 name: host04
dname_target: "ipa.{{ testzone }}" dname_target: "ipa.{{ testzone }}"
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'host04' DNAME record is absent. - name: Ensure that 'host04' DNAME record is absent.
ipadnsrecord: ipadnsrecord:
@@ -414,7 +413,7 @@
dname_rec: "ipa.{{ testzone }}" dname_rec: "ipa.{{ testzone }}"
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' DNAME record is absent, again. - name: Ensure that 'host04' DNAME record is absent, again.
ipadnsrecord: ipadnsrecord:
@@ -424,10 +423,8 @@
dname_rec: "ipa.{{ testzone }}" dname_rec: "ipa.{{ testzone }}"
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
# This task only ensures proper records are present,
# it is not testing anything, and should not faild.
- name: Ensure that 'host04' has a A record with reverse, for NS record. - name: Ensure that 'host04' has a A record with reverse, for NS record.
ipadnsrecord: ipadnsrecord:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
@@ -435,8 +432,6 @@
name: host04 name: host04
ip_address: "{{ ipv4_prefix }}.114" ip_address: "{{ ipv4_prefix }}.114"
reverse: yes reverse: yes
register: result
failed_when: result.failed
- name: Ensure that 'host04' has NS record. - name: Ensure that 'host04' has NS record.
ipadnsrecord: ipadnsrecord:
@@ -445,7 +440,7 @@
name: host04 name: host04
ns_hostname: host04 ns_hostname: host04
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' has NS record, again. - name: Ensure that 'host04' has NS record, again.
ipadnsrecord: ipadnsrecord:
@@ -454,9 +449,7 @@
name: host04 name: host04
ns_hostname: host04 ns_hostname: host04
register: result register: result
# IPA issue 8850 should be fixed before we handle the failed_when failed_when: result.changed
# message. For now, we'll just test if it does not fail.
failed_when: result.changed or not result.failed
- name: Ensure that 'host04' NS record is absent. - name: Ensure that 'host04' NS record is absent.
ipadnsrecord: ipadnsrecord:
@@ -466,7 +459,7 @@
ns_rec: host04 ns_rec: host04
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' NS record is absent, again. - name: Ensure that 'host04' NS record is absent, again.
ipadnsrecord: ipadnsrecord:
@@ -476,7 +469,7 @@
ns_rec: host04 ns_rec: host04
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'host04' DLV record is present. - name: Ensure that 'host04' DLV record is present.
ipadnsrecord: ipadnsrecord:
@@ -573,7 +566,7 @@
zone_name: "{{ safezone }}" zone_name: "{{ safezone }}"
ip_address: "{{ ansible_facts['default_ipv4'].address }}" ip_address: "{{ ansible_facts['default_ipv4'].address }}"
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that NS record for "{{ safezone }}" is present - name: Ensure that NS record for "{{ safezone }}" is present
ipadnsrecord: ipadnsrecord:
@@ -582,7 +575,7 @@
zone_name: "{{ safezone }}" zone_name: "{{ safezone }}"
ns_hostname: iron01 ns_hostname: iron01
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'iron01' DS record is present. - name: Ensure that 'iron01' DS record is present.
ipadnsrecord: ipadnsrecord:
@@ -595,7 +588,7 @@
# digest is sha1sum of 'iron01."{{ safezone }}"' # digest is sha1sum of 'iron01."{{ safezone }}"'
ds_digest: 84763786e4213cca9a6938dba5dacd64f87ec216 ds_digest: 84763786e4213cca9a6938dba5dacd64f87ec216
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'iron01' DS record is present, again. - name: Ensure that 'iron01' DS record is present, again.
ipadnsrecord: ipadnsrecord:
@@ -607,7 +600,7 @@
ds_digest_type: 1 ds_digest_type: 1
ds_digest: 84763786e4213cca9a6938dba5dacd64f87ec216 ds_digest: 84763786e4213cca9a6938dba5dacd64f87ec216
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'iron01' DS record is present, with a different key tag. - name: Ensure that 'iron01' DS record is present, with a different key tag.
ipadnsrecord: ipadnsrecord:
@@ -617,7 +610,7 @@
ds_key_tag: 54321 ds_key_tag: 54321
ds_rec: 12345 3 1 84763786e4213cca9a6938dba5dacd64f87ec216 ds_rec: 12345 3 1 84763786e4213cca9a6938dba5dacd64f87ec216
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'iron01' DS record is present, with a different key tag, again. - name: Ensure that 'iron01' DS record is present, with a different key tag, again.
ipadnsrecord: ipadnsrecord:
@@ -627,7 +620,7 @@
ds_key_tag: 54321 ds_key_tag: 54321
ds_rec: 12345 3 1 84763786e4213cca9a6938dba5dacd64f87ec216 ds_rec: 12345 3 1 84763786e4213cca9a6938dba5dacd64f87ec216
register: result register: result
failed_when: result.changed or (result.failed and "DS record does not contain" not in result.msg) failed_when: result.changed
- name: Ensure that 'iron01' DS record is absent. - name: Ensure that 'iron01' DS record is absent.
ipadnsrecord: ipadnsrecord:
@@ -637,7 +630,7 @@
ds_rec: 54321 3 1 84763786e4213cca9a6938dba5dacd64f87ec216 ds_rec: 54321 3 1 84763786e4213cca9a6938dba5dacd64f87ec216
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'iron01' DS record is absent, again. - name: Ensure that 'iron01' DS record is absent, again.
ipadnsrecord: ipadnsrecord:
@@ -647,7 +640,7 @@
ds_rec: 54321 3 1 84763786e4213cca9a6938dba5dacd64f87ec216 ds_rec: 54321 3 1 84763786e4213cca9a6938dba5dacd64f87ec216
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'host04' AFSDB record is present. - name: Ensure that 'host04' AFSDB record is present.
ipadnsrecord: ipadnsrecord:
@@ -657,7 +650,7 @@
afsdb_subtype: 1 afsdb_subtype: 1
afsdb_hostname: "host04.{{ testzone }}" afsdb_hostname: "host04.{{ testzone }}"
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' AFSDB record is present, again. - name: Ensure that 'host04' AFSDB record is present, again.
ipadnsrecord: ipadnsrecord:
@@ -667,7 +660,7 @@
afsdb_subtype: 1 afsdb_subtype: 1
afsdb_hostname: "host04.{{ testzone }}" afsdb_hostname: "host04.{{ testzone }}"
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'host04' AFSDB record subtype is 2. - name: Ensure that 'host04' AFSDB record subtype is 2.
ipadnsrecord: ipadnsrecord:
@@ -677,7 +670,7 @@
afsdb_subtype: 2 afsdb_subtype: 2
afsdb_rec: "1 host04.{{ testzone }}" afsdb_rec: "1 host04.{{ testzone }}"
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' AFSDB record subtype is 2, again. - name: Ensure that 'host04' AFSDB record subtype is 2, again.
ipadnsrecord: ipadnsrecord:
@@ -687,7 +680,7 @@
afsdb_subtype: 2 afsdb_subtype: 2
afsdb_rec: "1 host04.{{ testzone }}" afsdb_rec: "1 host04.{{ testzone }}"
register: result register: result
failed_when: result.changed or (result.failed and "AFSDB record does not contain" not in result.msg) failed_when: result.changed
- name: Ensure that 'host04' AFSDB record is absent. - name: Ensure that 'host04' AFSDB record is absent.
ipadnsrecord: ipadnsrecord:
@@ -697,7 +690,7 @@
afsdb_rec: "2 host04.{{ testzone }}" afsdb_rec: "2 host04.{{ testzone }}"
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' AFSDB record is absent, again. - name: Ensure that 'host04' AFSDB record is absent, again.
ipadnsrecord: ipadnsrecord:
@@ -707,7 +700,7 @@
afsdb_rec: "2 host04.{{ testzone }}" afsdb_rec: "2 host04.{{ testzone }}"
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'host04' CERT record is present. - name: Ensure that 'host04' CERT record is present.
ipadnsrecord: ipadnsrecord:
@@ -719,7 +712,7 @@
cert_algorithm: 3 cert_algorithm: 3
cert_certificate_or_crl: "{{ lookup('file', 'cert1.b64') }}" cert_certificate_or_crl: "{{ lookup('file', 'cert1.b64') }}"
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' CERT record is present, again. - name: Ensure that 'host04' CERT record is present, again.
ipadnsrecord: ipadnsrecord:
@@ -731,7 +724,7 @@
cert_algorithm: 3 cert_algorithm: 3
cert_certificate_or_crl: "{{ lookup('file', 'cert1.b64') }}" cert_certificate_or_crl: "{{ lookup('file', 'cert1.b64') }}"
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'host04' CERT record is absent. - name: Ensure that 'host04' CERT record is absent.
ipadnsrecord: ipadnsrecord:
@@ -741,7 +734,7 @@
cert_rec: "1 1234 3 {{ lookup('file', 'cert1.b64') }}" cert_rec: "1 1234 3 {{ lookup('file', 'cert1.b64') }}"
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' CERT record is absent, again. - name: Ensure that 'host04' CERT record is absent, again.
ipadnsrecord: ipadnsrecord:
@@ -751,7 +744,7 @@
cert_rec: 1 1234 3 "{{ lookup('file', 'cert1.b64') }}" cert_rec: 1 1234 3 "{{ lookup('file', 'cert1.b64') }}"
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'host04' KX record is present. - name: Ensure that 'host04' KX record is present.
ipadnsrecord: ipadnsrecord:
@@ -761,7 +754,7 @@
kx_preference: 10 kx_preference: 10
kx_exchanger: "keyex.{{ testzone }}" kx_exchanger: "keyex.{{ testzone }}"
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' KX record is present, again. - name: Ensure that 'host04' KX record is present, again.
ipadnsrecord: ipadnsrecord:
@@ -771,7 +764,7 @@
kx_preference: 10 kx_preference: 10
kx_exchanger: "keyex.{{ testzone }}" kx_exchanger: "keyex.{{ testzone }}"
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'host04' KX record is present with preference set to 20. - name: Ensure that 'host04' KX record is present with preference set to 20.
ipadnsrecord: ipadnsrecord:
@@ -781,7 +774,7 @@
kx_preference: 20 kx_preference: 20
kx_rec: "10 keyex.{{ testzone }}" kx_rec: "10 keyex.{{ testzone }}"
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' KX record is present with preference set to 20, again. - name: Ensure that 'host04' KX record is present with preference set to 20, again.
ipadnsrecord: ipadnsrecord:
@@ -791,7 +784,7 @@
kx_preference: 20 kx_preference: 20
kx_rec: "10 keyex.{{ testzone }}" kx_rec: "10 keyex.{{ testzone }}"
register: result register: result
failed_when: result.changed or (result.failed and "KX record does not contain" not in result.msg) failed_when: result.changed
- name: Ensure that 'host04' KX record is present with preference set to 20, one more time. - name: Ensure that 'host04' KX record is present with preference set to 20, one more time.
ipadnsrecord: ipadnsrecord:
@@ -801,7 +794,7 @@
kx_preference: 20 kx_preference: 20
kx_rec: "20 keyex.{{ testzone }}" kx_rec: "20 keyex.{{ testzone }}"
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'host04' KX record is absent. - name: Ensure that 'host04' KX record is absent.
ipadnsrecord: ipadnsrecord:
@@ -811,7 +804,7 @@
kx_rec: "20 keyex.{{ testzone }}" kx_rec: "20 keyex.{{ testzone }}"
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' KX record is absent, again. - name: Ensure that 'host04' KX record is absent, again.
ipadnsrecord: ipadnsrecord:
@@ -821,7 +814,7 @@
kx_rec: "20 keyex.{{ testzone }}" kx_rec: "20 keyex.{{ testzone }}"
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'host04' MX record is present. - name: Ensure that 'host04' MX record is present.
ipadnsrecord: ipadnsrecord:
@@ -831,7 +824,7 @@
mx_preference: 10 mx_preference: 10
mx_exchanger: "mail.{{ testzone }}" mx_exchanger: "mail.{{ testzone }}"
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' MX record is present, again. - name: Ensure that 'host04' MX record is present, again.
ipadnsrecord: ipadnsrecord:
@@ -841,7 +834,7 @@
mx_preference: 10 mx_preference: 10
mx_exchanger: "mail.{{ testzone }}" mx_exchanger: "mail.{{ testzone }}"
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'host04' MX record is present with preference set to 20. - name: Ensure that 'host04' MX record is present with preference set to 20.
ipadnsrecord: ipadnsrecord:
@@ -851,7 +844,7 @@
mx_preference: 20 mx_preference: 20
mx_rec: "10 mail.{{ testzone }}" mx_rec: "10 mail.{{ testzone }}"
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' MX record is absent. - name: Ensure that 'host04' MX record is absent.
ipadnsrecord: ipadnsrecord:
@@ -861,7 +854,7 @@
mx_rec: "20 mail.{{ testzone }}" mx_rec: "20 mail.{{ testzone }}"
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' MX record is absent, again. - name: Ensure that 'host04' MX record is absent, again.
ipadnsrecord: ipadnsrecord:
@@ -871,7 +864,7 @@
mx_rec: "20 mail.{{ testzone }}" mx_rec: "20 mail.{{ testzone }}"
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'host04' LOC record is present. - name: Ensure that 'host04' LOC record is present.
ipadnsrecord: ipadnsrecord:
@@ -891,7 +884,7 @@
loc_h_precision: 10000 loc_h_precision: 10000
loc_v_precision: 10 loc_v_precision: 10
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' LOC record is present, again. - name: Ensure that 'host04' LOC record is present, again.
ipadnsrecord: ipadnsrecord:
@@ -911,7 +904,7 @@
loc_h_precision: 10000 loc_h_precision: 10000
loc_v_precision: 10 loc_v_precision: 10
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'host04' LOC record is present, with loc_size 1.00. - name: Ensure that 'host04' LOC record is present, with loc_size 1.00.
ipadnsrecord: ipadnsrecord:
@@ -921,7 +914,7 @@
loc_size: 1.00 loc_size: 1.00
loc_rec: 52 22 23.000 N 4 53 32.000 E -2.00 0.00 10000.00 10.00 loc_rec: 52 22 23.000 N 4 53 32.000 E -2.00 0.00 10000.00 10.00
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' LOC record is absent. - name: Ensure that 'host04' LOC record is absent.
ipadnsrecord: ipadnsrecord:
@@ -931,7 +924,7 @@
loc_rec: 52 22 23.000 N 4 53 32.000 E -2.00 1.00 10000.00 10.00 loc_rec: 52 22 23.000 N 4 53 32.000 E -2.00 1.00 10000.00 10.00
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' LOC record is absent, again. - name: Ensure that 'host04' LOC record is absent, again.
ipadnsrecord: ipadnsrecord:
@@ -941,7 +934,7 @@
loc_rec: 52 22 23.000 N 4 53 32.000 E -2.00 1.00 10000.00 10.00 loc_rec: 52 22 23.000 N 4 53 32.000 E -2.00 1.00 10000.00 10.00
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that '_sip._udp' service has NAPTR record. - name: Ensure that '_sip._udp' service has NAPTR record.
ipadnsrecord: ipadnsrecord:
@@ -955,7 +948,7 @@
naptr_regexp: "!^.*$!sip:info@example.com!" naptr_regexp: "!^.*$!sip:info@example.com!"
naptr_replacement: "." naptr_replacement: "."
register: result register: result
failed_when: result.failed or not result.changed or result.failed failed_when: result.failed or not result.changed
- name: Ensure that '_sip._udp' service has NAPTR record, again. - name: Ensure that '_sip._udp' service has NAPTR record, again.
ipadnsrecord: ipadnsrecord:
@@ -1056,7 +1049,7 @@
srv_port: 5060 srv_port: 5060
srv_target: "sip-server.{{ testzone }}" srv_target: "sip-server.{{ testzone }}"
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that '_sip._udp' service has SRV record, again. - name: Ensure that '_sip._udp' service has SRV record, again.
ipadnsrecord: ipadnsrecord:
@@ -1068,7 +1061,7 @@
srv_port: 5060 srv_port: 5060
srv_target: "sip-server.{{ testzone }}" srv_target: "sip-server.{{ testzone }}"
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure '_sip._udp' SRV record has priority equals to 4. - name: Ensure '_sip._udp' SRV record has priority equals to 4.
ipadnsrecord: ipadnsrecord:
@@ -1081,7 +1074,7 @@
srv_target: "sip-server.{{ testzone }}" srv_target: "sip-server.{{ testzone }}"
srv_rec: "10 10 5060 sip-server.{{ testzone }}" srv_rec: "10 10 5060 sip-server.{{ testzone }}"
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure '_sip._udp' SRV record has priority equals to 4, again. - name: Ensure '_sip._udp' SRV record has priority equals to 4, again.
ipadnsrecord: ipadnsrecord:
@@ -1094,7 +1087,7 @@
srv_target: sip-server."{{ testzone }}" srv_target: sip-server."{{ testzone }}"
srv_rec: "10 10 5060 sip-server.{{ testzone }}" srv_rec: "10 10 5060 sip-server.{{ testzone }}"
register: result register: result
failed_when: result.changed or (result.failed and "SRV record does not contain" not in result.msg) failed_when: result.changed
- name: Ensurer '_sip._udp' SRV record has priority 2, weight 20 - name: Ensurer '_sip._udp' SRV record has priority 2, weight 20
ipadnsrecord: ipadnsrecord:
@@ -1106,7 +1099,7 @@
srv_port: 5060 srv_port: 5060
srv_target: "sip-server.{{ testzone }}" srv_target: "sip-server.{{ testzone }}"
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensurer '_sip._udp' SRV record has priority 2, weight 20, again. - name: Ensurer '_sip._udp' SRV record has priority 2, weight 20, again.
ipadnsrecord: ipadnsrecord:
@@ -1118,7 +1111,7 @@
srv_port: 5060 srv_port: 5060
srv_target: "sip-server.{{ testzone }}" srv_target: "sip-server.{{ testzone }}"
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that '_sip._udp' SRV record is absent. - name: Ensure that '_sip._udp' SRV record is absent.
ipadnsrecord: ipadnsrecord:
@@ -1128,7 +1121,7 @@
srv_record: "2 20 5060 sip-server.{{ testzone }}" srv_record: "2 20 5060 sip-server.{{ testzone }}"
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that '_sip._udp' SRV record is absent, again. - name: Ensure that '_sip._udp' SRV record is absent, again.
ipadnsrecord: ipadnsrecord:
@@ -1138,7 +1131,7 @@
srv_record: "2 20 5060 sip-server.{{ testzone }}" srv_record: "2 20 5060 sip-server.{{ testzone }}"
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
# SSHFP fingerprint generated with `ssh-keygen -r host04."{{ testzone }}"` # SSHFP fingerprint generated with `ssh-keygen -r host04."{{ testzone }}"`
- name: Ensure that 'host04' has SSHFP record. - name: Ensure that 'host04' has SSHFP record.
@@ -1150,7 +1143,7 @@
sshfp_fp_type: 1 sshfp_fp_type: 1
sshfp_fingerprint: d21802c61733e055b8d16296cbce300efb8a167a sshfp_fingerprint: d21802c61733e055b8d16296cbce300efb8a167a
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' has SSHFP record, again. - name: Ensure that 'host04' has SSHFP record, again.
ipadnsrecord: ipadnsrecord:
@@ -1161,7 +1154,7 @@
sshfp_fp_type: 1 sshfp_fp_type: 1
sshfp_fingerprint: d21802c61733e055b8d16296cbce300efb8a167a sshfp_fingerprint: d21802c61733e055b8d16296cbce300efb8a167a
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'host04' SSHFP record is absent. - name: Ensure that 'host04' SSHFP record is absent.
ipadnsrecord: ipadnsrecord:
@@ -1171,7 +1164,7 @@
sshfp_rec: 1 1 d21802c61733e055b8d16296cbce300efb8a167a sshfp_rec: 1 1 d21802c61733e055b8d16296cbce300efb8a167a
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' SSHFP record is absent, again. - name: Ensure that 'host04' SSHFP record is absent, again.
ipadnsrecord: ipadnsrecord:
@@ -1181,7 +1174,7 @@
sshfp_rec: 1 1 d21802c61733e055b8d16296cbce300efb8a167a sshfp_rec: 1 1 d21802c61733e055b8d16296cbce300efb8a167a
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
# Data is sha356sum of 'Some Text to Test', it should be created from # Data is sha356sum of 'Some Text to Test', it should be created from
# a real certificate. # a real certificate.
@@ -1195,7 +1188,7 @@
tlsa_matching_type: 1 tlsa_matching_type: 1
tlsa_cert_association_data: 9c0ad776dbeae8d9d55b0ad42899d30235c114d5f918fd69746e4279e47bdaa2 tlsa_cert_association_data: 9c0ad776dbeae8d9d55b0ad42899d30235c114d5f918fd69746e4279e47bdaa2
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' has TLSA record present, again. - name: Ensure that 'host04' has TLSA record present, again.
ipadnsrecord: ipadnsrecord:
@@ -1207,7 +1200,7 @@
tlsa_matching_type: 1 tlsa_matching_type: 1
tlsa_cert_association_data: 9c0ad776dbeae8d9d55b0ad42899d30235c114d5f918fd69746e4279e47bdaa2 tlsa_cert_association_data: 9c0ad776dbeae8d9d55b0ad42899d30235c114d5f918fd69746e4279e47bdaa2
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Modify 'host04' has TLSA record. - name: Modify 'host04' has TLSA record.
ipadnsrecord: ipadnsrecord:
@@ -1217,7 +1210,7 @@
tlsa_matching_type: 0 tlsa_matching_type: 0
tlsa_rec: 3 1 1 9c0ad776dbeae8d9d55b0ad42899d30235c114d5f918fd69746e4279e47bdaa2 tlsa_rec: 3 1 1 9c0ad776dbeae8d9d55b0ad42899d30235c114d5f918fd69746e4279e47bdaa2
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Modify 'host04' has TLSA record, again. - name: Modify 'host04' has TLSA record, again.
ipadnsrecord: ipadnsrecord:
@@ -1227,7 +1220,7 @@
tlsa_matching_type: 0 tlsa_matching_type: 0
tlsa_rec: 3 1 1 9c0ad776dbeae8d9d55b0ad42899d30235c114d5f918fd69746e4279e47bdaa2 tlsa_rec: 3 1 1 9c0ad776dbeae8d9d55b0ad42899d30235c114d5f918fd69746e4279e47bdaa2
register: result register: result
failed_when: result.changed or (result.failed and "TLSA record does not contain" not in result.msg) failed_when: result.changed
- name: Ensure that 'host04' TLSA record is absent. - name: Ensure that 'host04' TLSA record is absent.
ipadnsrecord: ipadnsrecord:
@@ -1237,7 +1230,7 @@
tlsa_rec: 3 1 0 9c0ad776dbeae8d9d55b0ad42899d30235c114d5f918fd69746e4279e47bdaa2 tlsa_rec: 3 1 0 9c0ad776dbeae8d9d55b0ad42899d30235c114d5f918fd69746e4279e47bdaa2
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' TLSA record is absent, again. - name: Ensure that 'host04' TLSA record is absent, again.
ipadnsrecord: ipadnsrecord:
@@ -1247,7 +1240,7 @@
tlsa_rec: 3 1 0 9c0ad776dbeae8d9d55b0ad42899d30235c114d5f918fd69746e4279e47bdaa2 tlsa_rec: 3 1 0 9c0ad776dbeae8d9d55b0ad42899d30235c114d5f918fd69746e4279e47bdaa2
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'host04' has TXT record present. - name: Ensure that 'host04' has TXT record present.
ipadnsrecord: ipadnsrecord:
@@ -1256,7 +1249,7 @@
name: host04 name: host04
txt_data: Some Text txt_data: Some Text
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
# - name: Ensure that 'host04' has TXT record present, again. # - name: Ensure that 'host04' has TXT record present, again.
# ipadnsrecord: # ipadnsrecord:
@@ -1265,7 +1258,7 @@
# name: host04 # name: host04
# txt_data: Some Text # txt_data: Some Text
# register: result # register: result
# failed_when: result.changed or result.failed # failed_when: result.changed
- name: Change value of 'host04' TXT record. - name: Change value of 'host04' TXT record.
ipadnsrecord: ipadnsrecord:
@@ -1275,7 +1268,7 @@
txt_data: Some new Text txt_data: Some new Text
txt_rec: Some Text txt_rec: Some Text
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Add a second TXT record to 'host04'. - name: Add a second TXT record to 'host04'.
ipadnsrecord: ipadnsrecord:
@@ -1284,7 +1277,7 @@
name: host04 name: host04
txt_rec: Some Other Text txt_rec: Some Other Text
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Add a second TXT record to 'host04', again. - name: Add a second TXT record to 'host04', again.
ipadnsrecord: ipadnsrecord:
@@ -1293,7 +1286,7 @@
name: host04 name: host04
txt_rec: Some Other Text txt_rec: Some Other Text
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that one of 'host04' TXT record is absent. - name: Ensure that one of 'host04' TXT record is absent.
ipadnsrecord: ipadnsrecord:
@@ -1303,7 +1296,7 @@
txt_rec: Some new Text txt_rec: Some new Text
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that one of 'host04' TXT record is absent, again. - name: Ensure that one of 'host04' TXT record is absent, again.
ipadnsrecord: ipadnsrecord:
@@ -1313,7 +1306,7 @@
txt_rec: Some new Text txt_rec: Some new Text
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that 'host04' TXT record are all absent. - name: Ensure that 'host04' TXT record are all absent.
ipadnsrecord: ipadnsrecord:
@@ -1325,7 +1318,7 @@
- Some Other Text - Some Other Text
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that 'host04' TXT record are all absent, again. - name: Ensure that 'host04' TXT record are all absent, again.
ipadnsrecord: ipadnsrecord:
@@ -1337,7 +1330,7 @@
- Some Other Text - Some Other Text
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that '_ftp._tcp' has URI record. - name: Ensure that '_ftp._tcp' has URI record.
ipadnsrecord: ipadnsrecord:
@@ -1348,7 +1341,7 @@
uri_weight: 1 uri_weight: 1
uri_target: ftp://ftp.host04.{{ testzone }}/public uri_target: ftp://ftp.host04.{{ testzone }}/public
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that '_ftp._tcp' has URI record, again - name: Ensure that '_ftp._tcp' has URI record, again
ipadnsrecord: ipadnsrecord:
@@ -1359,7 +1352,7 @@
uri_weight: 1 uri_weight: 1
uri_target: ftp://ftp.host04.{{ testzone }}/public uri_target: ftp://ftp.host04.{{ testzone }}/public
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Change '_ftp._tcp' URI record weight to 3 and priority to 5. - name: Change '_ftp._tcp' URI record weight to 3 and priority to 5.
ipadnsrecord: ipadnsrecord:
@@ -1370,17 +1363,14 @@
uri_weight: 3 uri_weight: 3
uri_rec: 10 1 "ftp://ftp.host04.{{ testzone }}/public" uri_rec: 10 1 "ftp://ftp.host04.{{ testzone }}/public"
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Verify if modification worked. - name: Verify if modification worked.
ipadnsrecord: ipadnsrecord:
ipaadmin_password: SomeADMINpassword
zone_name: "{{ testzone }}"
name: _ftp._tcp
uri_rec: 10 1 ftp://ftp.host04.{{ testzone }}/public uri_rec: 10 1 ftp://ftp.host04.{{ testzone }}/public
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Change '_ftp._tcp' URI record weight to 3 and priority to 5, again. - name: Change '_ftp._tcp' URI record weight to 3 and priority to 5, again.
@@ -1392,7 +1382,7 @@
uri_weight: 3 uri_weight: 3
uri_rec: 5 3 "ftp://ftp.host04.{{ testzone }}/public" uri_rec: 5 3 "ftp://ftp.host04.{{ testzone }}/public"
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that '_ftp._tcp' URI record is absent. - name: Ensure that '_ftp._tcp' URI record is absent.
ipadnsrecord: ipadnsrecord:
@@ -1402,7 +1392,7 @@
uri_rec: 5 3 "ftp://ftp.host04.{{ testzone }}/public" uri_rec: 5 3 "ftp://ftp.host04.{{ testzone }}/public"
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that '_ftp._tcp' URI record is absent, again. - name: Ensure that '_ftp._tcp' URI record is absent, again.
ipadnsrecord: ipadnsrecord:
@@ -1412,7 +1402,7 @@
uri_rec: 5 3 "ftp://ftp.host04.{{ testzone }}/public" uri_rec: 5 3 "ftp://ftp.host04.{{ testzone }}/public"
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
# cleanup # cleanup
- name: Cleanup test environment. - name: Cleanup test environment.

24
tests/dnsrecord/test_dnsrecord_full_records.yml
View File

@@ -18,7 +18,7 @@
zone_name: "{{ testzone }}" zone_name: "{{ testzone }}"
a_rec: 192.168.122.101 a_rec: 192.168.122.101
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that dns A record for 'host01' is present, again - name: Ensure that dns A record for 'host01' is present, again
ipadnsrecord: ipadnsrecord:
@@ -27,7 +27,7 @@
zone_name: "{{ testzone }}" zone_name: "{{ testzone }}"
a_rec: 192.168.122.101 a_rec: 192.168.122.101
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that dns A records for 'host01' are present - name: Ensure that dns A records for 'host01' are present
ipadnsrecord: ipadnsrecord:
@@ -39,7 +39,7 @@
- 192.168.122.102 - 192.168.122.102
- 192.168.122.103 - 192.168.122.103
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that dns A records for 'host01' are present, again - name: Ensure that dns A records for 'host01' are present, again
ipadnsrecord: ipadnsrecord:
@@ -51,7 +51,7 @@
- 192.168.122.102 - 192.168.122.102
- 192.168.122.103 - 192.168.122.103
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that dns A records for 'host01' are absent - name: Ensure that dns A records for 'host01' are absent
ipadnsrecord: ipadnsrecord:
@@ -63,7 +63,7 @@
- 192.168.122.102 - 192.168.122.102
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that dns A records for 'host01' are absent, again - name: Ensure that dns A records for 'host01' are absent, again
ipadnsrecord: ipadnsrecord:
@@ -75,7 +75,7 @@
- 192.168.122.102 - 192.168.122.102
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
#### ####
@@ -86,7 +86,7 @@
zone_name: "{{ testzone }}" zone_name: "{{ testzone }}"
aaaa_rec: fd00::0001 aaaa_rec: fd00::0001
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that dns AAAA record for 'host01' is present, again - name: Ensure that dns AAAA record for 'host01' is present, again
ipadnsrecord: ipadnsrecord:
@@ -95,7 +95,7 @@
zone_name: "{{ testzone }}" zone_name: "{{ testzone }}"
aaaa_rec: fd00::0001 aaaa_rec: fd00::0001
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that dns AAAA records for 'host01' are present - name: Ensure that dns AAAA records for 'host01' are present
ipadnsrecord: ipadnsrecord:
@@ -107,7 +107,7 @@
- fd00::0011 - fd00::0011
- fd00::0021 - fd00::0021
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that dns AAAAA records for 'host01' are present, again - name: Ensure that dns AAAAA records for 'host01' are present, again
ipadnsrecord: ipadnsrecord:
@@ -119,7 +119,7 @@
- fd00::0011 - fd00::0011
- fd00::0021 - fd00::0021
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure that dns AAAAA records for 'host01' are absent - name: Ensure that dns AAAAA records for 'host01' are absent
ipadnsrecord: ipadnsrecord:
@@ -131,7 +131,7 @@
- fd00::0011 - fd00::0011
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure that dns AAAAA records for 'host01' are absent, again - name: Ensure that dns AAAAA records for 'host01' are absent, again
ipadnsrecord: ipadnsrecord:
@@ -143,7 +143,7 @@
- fd00::0011 - fd00::0011
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
# Cleanup # Cleanup
- name: Cleanup test environment. - name: Cleanup test environment.

63
tests/dnszone/test_dnszone.yml
View File

@@ -17,7 +17,7 @@
name: testzone.local name: testzone.local
state: present state: present
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure zone is present, again. - name: Ensure zone is present, again.
ipadnszone: ipadnszone:
@@ -25,7 +25,7 @@
name: testzone.local name: testzone.local
state: present state: present
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure zone is disabled. - name: Ensure zone is disabled.
ipadnszone: ipadnszone:
@@ -33,7 +33,7 @@
name: testzone.local name: testzone.local
state: disabled state: disabled
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure zone is disabled, again. - name: Ensure zone is disabled, again.
ipadnszone: ipadnszone:
@@ -41,7 +41,7 @@
name: testzone.local name: testzone.local
state: disabled state: disabled
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure zone is enabled. - name: Ensure zone is enabled.
ipadnszone: ipadnszone:
@@ -49,7 +49,7 @@
name: testzone.local name: testzone.local
state: enabled state: enabled
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure zone is enabled, again. - name: Ensure zone is enabled, again.
ipadnszone: ipadnszone:
@@ -57,7 +57,7 @@
name: testzone.local name: testzone.local
state: enabled state: enabled
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure forward_policy is none. - name: Ensure forward_policy is none.
ipadnszone: ipadnszone:
@@ -65,7 +65,7 @@
name: testzone.local name: testzone.local
forward_policy: none forward_policy: none
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure forward_policy is none, again. - name: Ensure forward_policy is none, again.
ipadnszone: ipadnszone:
@@ -73,7 +73,7 @@
name: testzone.local name: testzone.local
forward_policy: none forward_policy: none
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure forward_policy is first. - name: Ensure forward_policy is first.
ipadnszone: ipadnszone:
@@ -81,7 +81,7 @@
name: testzone.local name: testzone.local
forward_policy: first forward_policy: first
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure forward_policy is first, again. - name: Ensure forward_policy is first, again.
ipadnszone: ipadnszone:
@@ -89,7 +89,7 @@
name: testzone.local name: testzone.local
forward_policy: first forward_policy: first
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure first forwarder is set. - name: Ensure first forwarder is set.
ipadnszone: ipadnszone:
@@ -99,7 +99,7 @@
- ip_address: 8.8.8.8 - ip_address: 8.8.8.8
port: 53 port: 53
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure first and second forwarder are set. - name: Ensure first and second forwarder are set.
ipadnszone: ipadnszone:
@@ -110,7 +110,7 @@
port: 53 port: 53
- ip_address: 2001:4860:4860::8888 - ip_address: 2001:4860:4860::8888
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure first and second forwarder are set, again. - name: Ensure first and second forwarder are set, again.
ipadnszone: ipadnszone:
@@ -121,7 +121,7 @@
port: 53 port: 53
- ip_address: 2001:4860:4860::8888 - ip_address: 2001:4860:4860::8888
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure only second forwarder is set. - name: Ensure only second forwarder is set.
ipadnszone: ipadnszone:
@@ -130,14 +130,14 @@
forwarders: forwarders:
- ip_address: 2001:4860:4860::8888 - ip_address: 2001:4860:4860::8888
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Nothing changes. - name: Nothing changes.
ipadnszone: ipadnszone:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: testzone.local name: testzone.local
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure no forwarders are set. - name: Ensure no forwarders are set.
ipadnszone: ipadnszone:
@@ -145,49 +145,22 @@
name: testzone.local name: testzone.local
forwarders: [] forwarders: []
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Create zones test1 - name: Create zones test1
ipadnszone: ipadnszone:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: test1.testzone.local name: test1.testzone.local
register: result
failed_when: not result.changed or result.failed
- name: Create zones test1, again
ipadnszone:
ipaadmin_password: SomeADMINpassword
name: test1.testzone.local
register: result
failed_when: result.changed or result.failed
- name: Create zones test2 - name: Create zones test2
ipadnszone: ipadnszone:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: test2.testzone.local name: test2.testzone.local
register: result
failed_when: not result.changed or result.failed
- name: Create zones test2, again
ipadnszone:
ipaadmin_password: SomeADMINpassword
name: test2.testzone.local
register: result
failed_when: result.changed or result.failed
- name: Create zones test3 - name: Create zones test3
ipadnszone: ipadnszone:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: test3.testzone.local name: test3.testzone.local
register: result
failed_when: not result.changed or result.failed
- name: Create zones test3, again
ipadnszone:
ipaadmin_password: SomeADMINpassword
name: test3.testzone.local
register: result
failed_when: result.changed or result.failed
- name: Ensure multiple zones are absent - name: Ensure multiple zones are absent
ipadnszone: ipadnszone:
@@ -198,7 +171,7 @@
- test3.testzone.local - test3.testzone.local
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure multiple zones are absent, again - name: Ensure multiple zones are absent, again
ipadnszone: ipadnszone:
@@ -209,7 +182,7 @@
- test3.testzone.local - test3.testzone.local
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
# Teardown # Teardown
- name: Teardown testing environment - name: Teardown testing environment

68
tests/dnszone/test_dnszone_mod.yml
View File

@@ -111,7 +111,7 @@
nsec3param_rec: "1 7 100 abcd" nsec3param_rec: "1 7 100 abcd"
state: present state: present
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Set serial to 1234, again. - name: Set serial to 1234, again.
ipadnszone: ipadnszone:
@@ -119,7 +119,7 @@
name: testzone.local name: testzone.local
serial: 1234 serial: 1234
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Set different nsec3param_rec. - name: Set different nsec3param_rec.
ipadnszone: ipadnszone:
@@ -127,7 +127,7 @@
name: testzone.local name: testzone.local
nsec3param_rec: "2 8 200 abcd" nsec3param_rec: "2 8 200 abcd"
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Set same nsec3param_rec. - name: Set same nsec3param_rec.
ipadnszone: ipadnszone:
@@ -135,7 +135,7 @@
name: testzone.local name: testzone.local
nsec3param_rec: "2 8 200 abcd" nsec3param_rec: "2 8 200 abcd"
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Set default_ttl to 1200 - name: Set default_ttl to 1200
ipadnszone: ipadnszone:
@@ -143,7 +143,7 @@
name: testzone.local name: testzone.local
default_ttl: 1200 default_ttl: 1200
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Set default_ttl to 1200, again - name: Set default_ttl to 1200, again
ipadnszone: ipadnszone:
@@ -151,7 +151,7 @@
name: testzone.local name: testzone.local
default_ttl: 1200 default_ttl: 1200
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Set ttl to 900 - name: Set ttl to 900
ipadnszone: ipadnszone:
@@ -159,7 +159,7 @@
name: testzone.local name: testzone.local
ttl: 900 ttl: 900
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Set ttl to 900, again - name: Set ttl to 900, again
ipadnszone: ipadnszone:
@@ -167,7 +167,7 @@
name: testzone.local name: testzone.local
ttl: 900 ttl: 900
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Set minimum to 1000 - name: Set minimum to 1000
ipadnszone: ipadnszone:
@@ -175,7 +175,7 @@
name: testzone.local name: testzone.local
minimum: 1000 minimum: 1000
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Set minimum to 1000, again - name: Set minimum to 1000, again
ipadnszone: ipadnszone:
@@ -183,7 +183,7 @@
name: testzone.local name: testzone.local
minimum: 1000 minimum: 1000
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Set expire to 1209601 - name: Set expire to 1209601
ipadnszone: ipadnszone:
@@ -191,7 +191,7 @@
name: testzone.local name: testzone.local
expire: 1209601 expire: 1209601
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Set expire to 1209601, again - name: Set expire to 1209601, again
ipadnszone: ipadnszone:
@@ -199,7 +199,7 @@
name: testzone.local name: testzone.local
expire: 1209601 expire: 1209601
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Set retry to 1200. - name: Set retry to 1200.
ipadnszone: ipadnszone:
@@ -207,7 +207,7 @@
name: testzone.local name: testzone.local
retry: 1200 retry: 1200
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Set retry to 1200, again. - name: Set retry to 1200, again.
ipadnszone: ipadnszone:
@@ -215,7 +215,7 @@
name: testzone.local name: testzone.local
retry: 1200 retry: 1200
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Set refresh to 4000. - name: Set refresh to 4000.
ipadnszone: ipadnszone:
@@ -223,7 +223,7 @@
name: testzone.local name: testzone.local
refresh: 4000 refresh: 4000
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Set refresh to 4000, again. - name: Set refresh to 4000, again.
ipadnszone: ipadnszone:
@@ -231,7 +231,7 @@
name: testzone.local name: testzone.local
refresh: 4000 refresh: 4000
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Set serial to 12345. - name: Set serial to 12345.
ipadnszone: ipadnszone:
@@ -239,7 +239,7 @@
name: testzone.local name: testzone.local
serial: 12345 serial: 12345
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Set serial to 12345, again. - name: Set serial to 12345, again.
ipadnszone: ipadnszone:
@@ -247,7 +247,7 @@
name: testzone.local name: testzone.local
serial: 12345 serial: 12345
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Set dnssec to false. - name: Set dnssec to false.
ipadnszone: ipadnszone:
@@ -255,7 +255,7 @@
name: testzone.local name: testzone.local
dnssec: false dnssec: false
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Set dnssec to false, again. - name: Set dnssec to false, again.
ipadnszone: ipadnszone:
@@ -263,7 +263,7 @@
name: testzone.local name: testzone.local
dnssec: false dnssec: false
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Set allow_sync_ptr to false. - name: Set allow_sync_ptr to false.
ipadnszone: ipadnszone:
@@ -271,7 +271,7 @@
name: testzone.local name: testzone.local
allow_sync_ptr: false allow_sync_ptr: false
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Set allow_sync_ptr to false, again. - name: Set allow_sync_ptr to false, again.
ipadnszone: ipadnszone:
@@ -279,7 +279,7 @@
name: testzone.local name: testzone.local
allow_sync_ptr: false allow_sync_ptr: false
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Set dynamic_update to false. - name: Set dynamic_update to false.
ipadnszone: ipadnszone:
@@ -287,7 +287,7 @@
name: testzone.local name: testzone.local
dynamic_update: false dynamic_update: false
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Set dynamic_update to false, again. - name: Set dynamic_update to false, again.
ipadnszone: ipadnszone:
@@ -295,7 +295,7 @@
name: testzone.local name: testzone.local
dynamic_update: false dynamic_update: false
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Update allow_transfer. - name: Update allow_transfer.
ipadnszone: ipadnszone:
@@ -306,7 +306,7 @@
- 2.2.2.2 - 2.2.2.2
- 3.3.3.3 - 3.3.3.3
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Update allow_transfer, again. - name: Update allow_transfer, again.
ipadnszone: ipadnszone:
@@ -317,7 +317,7 @@
- 2.2.2.2 - 2.2.2.2
- 3.3.3.3 - 3.3.3.3
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Remove allow transfer. - name: Remove allow transfer.
ipadnszone: ipadnszone:
@@ -325,7 +325,7 @@
name: testzone.local name: testzone.local
allow_transfer: [] allow_transfer: []
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Remove allow transfer, again. - name: Remove allow transfer, again.
ipadnszone: ipadnszone:
@@ -333,7 +333,7 @@
name: testzone.local name: testzone.local
allow_transfer: [] allow_transfer: []
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Update allow_query. - name: Update allow_query.
ipadnszone: ipadnszone:
@@ -344,7 +344,7 @@
- 2.2.2.2 - 2.2.2.2
- 3.3.3.3 - 3.3.3.3
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Update allow_query, again. - name: Update allow_query, again.
ipadnszone: ipadnszone:
@@ -355,7 +355,7 @@
- 2.2.2.2 - 2.2.2.2
- 3.3.3.3 - 3.3.3.3
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure allow query is empty. - name: Ensure allow query is empty.
ipadnszone: ipadnszone:
@@ -363,7 +363,7 @@
name: testzone.local name: testzone.local
allow_query: [] allow_query: []
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure allow query is empty, again. - name: Ensure allow query is empty, again.
ipadnszone: ipadnszone:
@@ -371,7 +371,7 @@
name: testzone.local name: testzone.local
allow_query: [] allow_query: []
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Update admin email. - name: Update admin email.
ipadnszone: ipadnszone:
@@ -379,7 +379,7 @@
name: testzone.local name: testzone.local
admin_email: admin2@example.com admin_email: admin2@example.com
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Update admin email, again. - name: Update admin email, again.
ipadnszone: ipadnszone:
@@ -387,7 +387,7 @@
name: testzone.local name: testzone.local
admin_email: admin2@example.com admin_email: admin2@example.com
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
# Teardown # Teardown
- name: Teardown testing environment - name: Teardown testing environment

8
tests/dnszone/test_dnszone_name_from_ip.yml
View File

@@ -38,7 +38,7 @@
name_from_ip: 192.0.2.3/24 name_from_ip: 192.0.2.3/24
default_ttl: 1234 default_ttl: 1234
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Modify existing zone, using `name_from_ip`, again. - name: Modify existing zone, using `name_from_ip`, again.
ipadnszone: ipadnszone:
@@ -70,14 +70,14 @@
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name_from_ip: fd00::0001 name_from_ip: fd00::0001
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure second ipv6 zone exists for reverse IPv6. - name: Ensure second ipv6 zone exists for reverse IPv6.
ipadnszone: ipadnszone:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name_from_ip: 2001:db8:cafe:1::1 name_from_ip: 2001:db8:cafe:1::1
register: ipv6_sec_zone register: ipv6_sec_zone
failed_when: not ipv6_sec_zone.changed or ipv6_zone.failed or ipv6_sec_zone.failed failed_when: not ipv6_sec_zone.changed or ipv6_zone.failed
- name: Ensure second ipv6 zone was created. - name: Ensure second ipv6 zone was created.
ipadnszone: ipadnszone:
@@ -91,7 +91,7 @@
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name_from_ip: 2001:db8:cafe:1::1 name_from_ip: 2001:db8:cafe:1::1
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
# Teardown # Teardown
- name: Teardown testing environment - name: Teardown testing environment

32
tests/environment/test_locale.yml
View File

@@ -1,32 +0,0 @@
---
- name: Test language variations
hosts: ipaserver
tasks:
- name: Ensure a host is not present, with language set to "de_DE".
ipahost:
ipaadmin_password: SomeADMINpassword
name: nonexistent
state: absent
environment:
LANGUAGE: "de_DE"
register: result
failed_when: result.failed or result.changed
- name: Ensure a host is not present, with language set to "C".
ipahost:
ipaadmin_password: SomeADMINpassword
name: nonexistent
state: absent
environment:
LANGUAGE: "C"
register: result
failed_when: result.failed or result.changed
- name: Ensure a host is not present, using controller language.
ipahost:
ipaadmin_password: SomeADMINpassword
name: nonexistent
state: absent
register: result
failed_when: result.failed or result.changed

32
tests/group/test_group.yml
View File

@@ -31,49 +31,49 @@
first: user3 first: user3
last: Last last: Last
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure group1 is present - name: Ensure group1 is present
ipagroup: ipagroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: group1 name: group1
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure group1 is present again - name: Ensure group1 is present again
ipagroup: ipagroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: group1 name: group1
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure group2 is present - name: Ensure group2 is present
ipagroup: ipagroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: group2 name: group2
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure group2 is present again - name: Ensure group2 is present again
ipagroup: ipagroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: group2 name: group2
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure group3 is present - name: Ensure group3 is present
ipagroup: ipagroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: group3 name: group3
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure group3 is present again - name: Ensure group3 is present again
ipagroup: ipagroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: group3 name: group3
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure groups group2 and group3 are present in group group1 - name: Ensure groups group2 and group3 are present in group group1
ipagroup: ipagroup:
@@ -84,7 +84,7 @@
- group3 - group3
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure groups group2 and group3 are present in group group1 again - name: Ensure groups group2 and group3 are present in group group1 again
ipagroup: ipagroup:
@@ -95,7 +95,7 @@
- group3 - group3
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure group3 ia present in group group1 - name: Ensure group3 ia present in group group1
ipagroup: ipagroup:
@@ -105,7 +105,7 @@
- group3 - group3
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure users user1, user2 and user3 are present in group group1 - name: Ensure users user1, user2 and user3 are present in group group1
ipagroup: ipagroup:
@@ -117,7 +117,7 @@
- user3 - user3
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure users user1, user2 and user3 are present in group group1 again - name: Ensure users user1, user2 and user3 are present in group group1 again
ipagroup: ipagroup:
@@ -129,7 +129,7 @@
- user3 - user3
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
#- ipagroup: #- ipagroup:
# ipaadmin_password: SomeADMINpassword # ipaadmin_password: SomeADMINpassword
@@ -147,7 +147,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure group group4 is absent - name: Ensure group group4 is absent
ipagroup: ipagroup:
@@ -155,7 +155,7 @@
name: group4 name: group4
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure group group3, group2 and group1 are absent - name: Ensure group group3, group2 and group1 are absent
ipagroup: ipagroup:
@@ -163,7 +163,7 @@
name: group3,group2,group1 name: group3,group2,group1
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure users user1, user2 and user3 are absent - name: Ensure users user1, user2 and user3 are absent
ipauser: ipauser:
@@ -171,5 +171,5 @@
name: user1,user2,user3 name: user1,user2,user3
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed

40
tests/group/test_group_membermanager.yml
View File

@@ -32,28 +32,28 @@
first: manageruser2 first: manageruser2
last: Last2 last: Last2
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure testgroup is present - name: Ensure testgroup is present
ipagroup: ipagroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: testgroup name: testgroup
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure managergroup1 is present - name: Ensure managergroup1 is present
ipagroup: ipagroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: managergroup1 name: managergroup1
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure managergroup2 is present - name: Ensure managergroup2 is present
ipagroup: ipagroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: managergroup2 name: managergroup2
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure membermanager user1 is present for testgroup - name: Ensure membermanager user1 is present for testgroup
ipagroup: ipagroup:
@@ -61,7 +61,7 @@
name: testgroup name: testgroup
membermanager_user: manageruser1 membermanager_user: manageruser1
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure membermanager user1 is present for testgroup again - name: Ensure membermanager user1 is present for testgroup again
ipagroup: ipagroup:
@@ -69,7 +69,7 @@
name: testgroup name: testgroup
membermanager_user: manageruser1 membermanager_user: manageruser1
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure membermanager group1 is present for testgroup - name: Ensure membermanager group1 is present for testgroup
ipagroup: ipagroup:
@@ -77,7 +77,7 @@
name: testgroup name: testgroup
membermanager_group: managergroup1 membermanager_group: managergroup1
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure membermanager group1 is present for testgroup again - name: Ensure membermanager group1 is present for testgroup again
ipagroup: ipagroup:
@@ -85,7 +85,7 @@
name: testgroup name: testgroup
membermanager_group: managergroup1 membermanager_group: managergroup1
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure membermanager user2 and group2 members are present for testgroup - name: Ensure membermanager user2 and group2 members are present for testgroup
ipagroup: ipagroup:
@@ -95,7 +95,7 @@
membermanager_group: managergroup2 membermanager_group: managergroup2
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure membermanager user2 and group2 members are present for testgroup again - name: Ensure membermanager user2 and group2 members are present for testgroup again
ipagroup: ipagroup:
@@ -105,7 +105,7 @@
membermanager_group: managergroup2 membermanager_group: managergroup2
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure membermanager user and group members are present for testgroup again - name: Ensure membermanager user and group members are present for testgroup again
ipagroup: ipagroup:
@@ -115,7 +115,7 @@
membermanager_group: managergroup1,managergroup2 membermanager_group: managergroup1,managergroup2
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure membermanager user1 and group1 members are absent for testgroup - name: Ensure membermanager user1 and group1 members are absent for testgroup
ipagroup: ipagroup:
@@ -126,7 +126,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure membermanager user1 and group1 members are absent for testgroup again - name: Ensure membermanager user1 and group1 members are absent for testgroup again
ipagroup: ipagroup:
@@ -137,7 +137,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure membermanager user1 and group1 members are present for testgroup - name: Ensure membermanager user1 and group1 members are present for testgroup
ipagroup: ipagroup:
@@ -147,7 +147,7 @@
membermanager_group: managergroup1 membermanager_group: managergroup1
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure membermanager user1 and group1 members are present for testgroup again - name: Ensure membermanager user1 and group1 members are present for testgroup again
ipagroup: ipagroup:
@@ -157,7 +157,7 @@
membermanager_group: managergroup1 membermanager_group: managergroup1
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure membermanager user and group members are absent for testgroup - name: Ensure membermanager user and group members are absent for testgroup
ipagroup: ipagroup:
@@ -168,7 +168,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure membermanager user and group members are absent for testgroup again - name: Ensure membermanager user and group members are absent for testgroup again
ipagroup: ipagroup:
@@ -179,7 +179,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure user manangeruser1 and manageruser2 is absent - name: Ensure user manangeruser1 and manageruser2 is absent
ipauser: ipauser:
@@ -187,7 +187,7 @@
name: manageruser1,manageruser2 name: manageruser1,manageruser2
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure unknown membermanager_user member failure - name: Ensure unknown membermanager_user member failure
ipagroup: ipagroup:
@@ -196,7 +196,7 @@
membermanager_user: unknown_user membermanager_user: unknown_user
action: member action: member
register: result register: result
failed_when: result.changed or "no such entry" not in result.msg or not result.failed failed_when: result.changed or "no such entry" not in result.msg
- name: Ensure group testgroup, managergroup1 and managergroup2 are absent - name: Ensure group testgroup, managergroup1 and managergroup2 are absent
ipagroup: ipagroup:
@@ -204,6 +204,6 @@
name: testgroup,managergroup1,managergroup2 name: testgroup,managergroup1,managergroup2
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
when: ipa_version is version('4.8.4', '>=') when: ipa_version is version('4.8.4', '>=')

102
tests/hbacrule/test_hbacrule.yml
View File

@@ -66,35 +66,35 @@
- name: "{{ 'testhost04.' + ipaserver_domain }}" - name: "{{ 'testhost04.' + ipaserver_domain }}"
force: yes force: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure host-group testhostgroup01 is present - name: Ensure host-group testhostgroup01 is present
ipahostgroup: ipahostgroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: testhostgroup01 name: testhostgroup01
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure host-group testhostgroup02 is present - name: Ensure host-group testhostgroup02 is present
ipahostgroup: ipahostgroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: testhostgroup02 name: testhostgroup02
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure host-group testhostgroup03 is present - name: Ensure host-group testhostgroup03 is present
ipahostgroup: ipahostgroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: testhostgroup03 name: testhostgroup03
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure host-group testhostgroup04 is present - name: Ensure host-group testhostgroup04 is present
ipahostgroup: ipahostgroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: testhostgroup04 name: testhostgroup04
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure testusers are present - name: Ensure testusers are present
ipauser: ipauser:
@@ -113,91 +113,91 @@
first: test first: test
last: user04 last: user04
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure user group testgroup01 is present - name: Ensure user group testgroup01 is present
ipagroup: ipagroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: testgroup01 name: testgroup01
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure user group testgroup02 is present - name: Ensure user group testgroup02 is present
ipagroup: ipagroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: testgroup02 name: testgroup02
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure user group testgroup03 is present - name: Ensure user group testgroup03 is present
ipagroup: ipagroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: testgroup03 name: testgroup03
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure user group testgroup04 is present - name: Ensure user group testgroup04 is present
ipagroup: ipagroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: testgroup04 name: testgroup04
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure HBAC Service testhbacsvc01 is present - name: Ensure HBAC Service testhbacsvc01 is present
ipahbacsvc: ipahbacsvc:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: testhbacsvc01 name: testhbacsvc01
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure HBAC Service testhbacsvc02 is present - name: Ensure HBAC Service testhbacsvc02 is present
ipahbacsvc: ipahbacsvc:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: testhbacsvc02 name: testhbacsvc02
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure HBAC Service testhbacsvc03 is present - name: Ensure HBAC Service testhbacsvc03 is present
ipahbacsvc: ipahbacsvc:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: testhbacsvc03 name: testhbacsvc03
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure HBAC Service testhbacsvc04 is present - name: Ensure HBAC Service testhbacsvc04 is present
ipahbacsvc: ipahbacsvc:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: testhbacsvc04 name: testhbacsvc04
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure HBAC Service Group testhbacsvcgroup01 is present - name: Ensure HBAC Service Group testhbacsvcgroup01 is present
ipahbacsvcgroup: ipahbacsvcgroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: testhbacsvcgroup01 name: testhbacsvcgroup01
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure HBAC Service Group testhbacsvcgroup02 is present - name: Ensure HBAC Service Group testhbacsvcgroup02 is present
ipahbacsvcgroup: ipahbacsvcgroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: testhbacsvcgroup02 name: testhbacsvcgroup02
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure HBAC Service Group testhbacsvcgroup03 is present - name: Ensure HBAC Service Group testhbacsvcgroup03 is present
ipahbacsvcgroup: ipahbacsvcgroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: testhbacsvcgroup03 name: testhbacsvcgroup03
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure HBAC Service Group testhbacsvcgroup04 is present - name: Ensure HBAC Service Group testhbacsvcgroup04 is present
ipahbacsvcgroup: ipahbacsvcgroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: testhbacsvcgroup04 name: testhbacsvcgroup04
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure test HBAC rule hbacrule01 is absent - name: Ensure test HBAC rule hbacrule01 is absent
ipahbacrule: ipahbacrule:
@@ -212,14 +212,14 @@
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: hbacrule01 name: hbacrule01
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure HBAC rule hbacrule01 is present again - name: Ensure HBAC rule hbacrule01 is present again
ipahbacrule: ipahbacrule:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: hbacrule01 name: hbacrule01
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
# CHANGE HBACRULE WITH ALL MEMBERS # CHANGE HBACRULE WITH ALL MEMBERS
@@ -236,7 +236,7 @@
hbacsvc: testhbacsvc01,testhbacsvc02 hbacsvc: testhbacsvc01,testhbacsvc02
hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02 hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure HBAC rule hbacrule01 is present with hosts, hostgroups, users, groups, hbassvcs and hbacsvcgroups again - name: Ensure HBAC rule hbacrule01 is present with hosts, hostgroups, users, groups, hbassvcs and hbacsvcgroups again
ipahbacrule: ipahbacrule:
@@ -251,7 +251,7 @@
hbacsvc: testhbacsvc01,testhbacsvc02 hbacsvc: testhbacsvc01,testhbacsvc02
hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02 hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
# REMOVE MEMBERS ONE BY ONE # REMOVE MEMBERS ONE BY ONE
@@ -265,7 +265,7 @@
state: absent state: absent
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure test HBAC rule hbacrule01 host members are absent again - name: Ensure test HBAC rule hbacrule01 host members are absent again
ipahbacrule: ipahbacrule:
@@ -277,7 +277,7 @@
state: absent state: absent
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure test HBAC rule hbacrule01 hostgroup members are absent - name: Ensure test HBAC rule hbacrule01 hostgroup members are absent
ipahbacrule: ipahbacrule:
@@ -287,7 +287,7 @@
state: absent state: absent
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure test HBAC rule hbacrule01 hostgroup members are absent again - name: Ensure test HBAC rule hbacrule01 hostgroup members are absent again
ipahbacrule: ipahbacrule:
@@ -297,7 +297,7 @@
state: absent state: absent
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure test HBAC rule hbacrule01 user members are absent - name: Ensure test HBAC rule hbacrule01 user members are absent
ipahbacrule: ipahbacrule:
@@ -307,7 +307,7 @@
state: absent state: absent
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure test HBAC rule hbacrule01 user members are absent again - name: Ensure test HBAC rule hbacrule01 user members are absent again
ipahbacrule: ipahbacrule:
@@ -317,7 +317,7 @@
state: absent state: absent
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure test HBAC rule hbacrule01 user group members are absent - name: Ensure test HBAC rule hbacrule01 user group members are absent
ipahbacrule: ipahbacrule:
@@ -327,7 +327,7 @@
state: absent state: absent
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure test HBAC rule hbacrule01 user group members are absent again - name: Ensure test HBAC rule hbacrule01 user group members are absent again
ipahbacrule: ipahbacrule:
@@ -337,7 +337,7 @@
state: absent state: absent
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure test HBAC rule hbacrule01 hbacsvc members are absent - name: Ensure test HBAC rule hbacrule01 hbacsvc members are absent
ipahbacrule: ipahbacrule:
@@ -347,7 +347,7 @@
state: absent state: absent
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure test HBAC rule hbacrule01 hbacsvc members are absent again - name: Ensure test HBAC rule hbacrule01 hbacsvc members are absent again
ipahbacrule: ipahbacrule:
@@ -357,7 +357,7 @@
state: absent state: absent
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure test HBAC rule hbacrule01 hbacsvcgroup members are absent - name: Ensure test HBAC rule hbacrule01 hbacsvcgroup members are absent
ipahbacrule: ipahbacrule:
@@ -367,7 +367,7 @@
state: absent state: absent
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure test HBAC rule hbacrule01 hbacsvcgroup members are absent again - name: Ensure test HBAC rule hbacrule01 hbacsvcgroup members are absent again
ipahbacrule: ipahbacrule:
@@ -377,7 +377,7 @@
state: absent state: absent
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
# ADD MEMBERS BACK # ADD MEMBERS BACK
@@ -390,7 +390,7 @@
- "{{ 'testhost02.' + ipaserver_domain }}" - "{{ 'testhost02.' + ipaserver_domain }}"
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure test HBAC rule hbacrule01 host members are present again - name: Ensure test HBAC rule hbacrule01 host members are present again
ipahbacrule: ipahbacrule:
@@ -401,7 +401,7 @@
- "{{ 'testhost02.' + ipaserver_domain }}" - "{{ 'testhost02.' + ipaserver_domain }}"
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure test HBAC rule hbacrule01 hostgroup members are present - name: Ensure test HBAC rule hbacrule01 hostgroup members are present
ipahbacrule: ipahbacrule:
@@ -410,7 +410,7 @@
hostgroup: testhostgroup01,testhostgroup02 hostgroup: testhostgroup01,testhostgroup02
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure test HBAC rule hbacrule01 hostgroup members are present again - name: Ensure test HBAC rule hbacrule01 hostgroup members are present again
ipahbacrule: ipahbacrule:
@@ -419,7 +419,7 @@
hostgroup: testhostgroup01,testhostgroup02 hostgroup: testhostgroup01,testhostgroup02
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure test HBAC rule hbacrule01 user members are present - name: Ensure test HBAC rule hbacrule01 user members are present
ipahbacrule: ipahbacrule:
@@ -428,7 +428,7 @@
user: testuser01,testuser02 user: testuser01,testuser02
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure test HBAC rule hbacrule01 user members are present again - name: Ensure test HBAC rule hbacrule01 user members are present again
ipahbacrule: ipahbacrule:
@@ -437,7 +437,7 @@
user: testuser01,testuser02 user: testuser01,testuser02
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure test HBAC rule hbacrule01 user group members are present - name: Ensure test HBAC rule hbacrule01 user group members are present
ipahbacrule: ipahbacrule:
@@ -446,7 +446,7 @@
group: testgroup01,testgroup02 group: testgroup01,testgroup02
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure test HBAC rule hbacrule01 user group members are present again - name: Ensure test HBAC rule hbacrule01 user group members are present again
ipahbacrule: ipahbacrule:
@@ -455,7 +455,7 @@
group: testgroup01,testgroup02 group: testgroup01,testgroup02
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure test HBAC rule hbacrule01 hbacsvc members are present - name: Ensure test HBAC rule hbacrule01 hbacsvc members are present
ipahbacrule: ipahbacrule:
@@ -464,7 +464,7 @@
hbacsvc: testhbacsvc01,testhbacsvc02 hbacsvc: testhbacsvc01,testhbacsvc02
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure test HBAC rule hbacrule01 hbacsvc members are present again - name: Ensure test HBAC rule hbacrule01 hbacsvc members are present again
ipahbacrule: ipahbacrule:
@@ -473,7 +473,7 @@
hbacsvc: testhbacsvc01,testhbacsvc02 hbacsvc: testhbacsvc01,testhbacsvc02
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure test HBAC rule hbacrule01 hbacsvcgroup members are present - name: Ensure test HBAC rule hbacrule01 hbacsvcgroup members are present
ipahbacrule: ipahbacrule:
@@ -482,7 +482,7 @@
hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02 hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure test HBAC rule hbacrule01 hbacsvcgroup members are present again - name: Ensure test HBAC rule hbacrule01 hbacsvcgroup members are present again
ipahbacrule: ipahbacrule:
@@ -491,7 +491,7 @@
hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02 hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
# CHANGE TO DIFFERENT MEMBERS # CHANGE TO DIFFERENT MEMBERS
@@ -508,7 +508,7 @@
hbacsvc: testhbacsvc03,testhbacsvc04 hbacsvc: testhbacsvc03,testhbacsvc04
hbacsvcgroup: testhbacsvcgroup03,testhbacsvcgroup04 hbacsvcgroup: testhbacsvcgroup03,testhbacsvcgroup04
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure HBAC rule hbacrule01 is present with different hosts, hostgroups, users, groups, hbassvcs and hbacsvcgroups again - name: Ensure HBAC rule hbacrule01 is present with different hosts, hostgroups, users, groups, hbassvcs and hbacsvcgroups again
ipahbacrule: ipahbacrule:
@@ -523,7 +523,7 @@
hbacsvc: testhbacsvc03,testhbacsvc04 hbacsvc: testhbacsvc03,testhbacsvc04
hbacsvcgroup: testhbacsvcgroup03,testhbacsvcgroup04 hbacsvcgroup: testhbacsvcgroup03,testhbacsvcgroup04
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
# ENSURE OLD TEST MEMBERS ARE ABSENT # ENSURE OLD TEST MEMBERS ARE ABSENT
@@ -542,7 +542,7 @@
state: absent state: absent
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
# ENSURE NEW TEST MEMBERS ARE ABSENT # ENSURE NEW TEST MEMBERS ARE ABSENT
@@ -561,7 +561,7 @@
state: absent state: absent
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure HBAC rule hbacrule01 members are absent again - name: Ensure HBAC rule hbacrule01 members are absent again
ipahbacrule: ipahbacrule:
@@ -578,7 +578,7 @@
state: absent state: absent
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
# CLEANUP TEST ITEMS # CLEANUP TEST ITEMS

24
tests/hbacrule/test_hbacrule_categories.yml
View File

@@ -19,7 +19,7 @@
name: testrule name: testrule
usercategory: all usercategory: all
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure HBAC rule is present, with usercategory 'all', again. - name: Ensure HBAC rule is present, with usercategory 'all', again.
ipahbacrule: ipahbacrule:
@@ -27,7 +27,7 @@
name: testrule name: testrule
usercategory: all usercategory: all
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure HBAC rule is present, with no usercategory. - name: Ensure HBAC rule is present, with no usercategory.
ipahbacrule: ipahbacrule:
@@ -35,7 +35,7 @@
name: testrule name: testrule
usercategory: "" usercategory: ""
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure HBAC rule is present, with no usercategory, again. - name: Ensure HBAC rule is present, with no usercategory, again.
ipahbacrule: ipahbacrule:
@@ -43,7 +43,7 @@
name: testrule name: testrule
usercategory: "" usercategory: ""
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure HBAC rule is present, with hostcategory 'all' - name: Ensure HBAC rule is present, with hostcategory 'all'
ipahbacrule: ipahbacrule:
@@ -51,7 +51,7 @@
name: testrule name: testrule
hostcategory: all hostcategory: all
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure HBAC rule is present, with hostcategory 'all', again. - name: Ensure HBAC rule is present, with hostcategory 'all', again.
ipahbacrule: ipahbacrule:
@@ -59,7 +59,7 @@
name: testrule name: testrule
hostcategory: all hostcategory: all
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure HBAC rule is present, with no hostcategory. - name: Ensure HBAC rule is present, with no hostcategory.
ipahbacrule: ipahbacrule:
@@ -67,7 +67,7 @@
name: testrule name: testrule
hostcategory: "" hostcategory: ""
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure HBAC rule is present, with no hostcategory, again. - name: Ensure HBAC rule is present, with no hostcategory, again.
ipahbacrule: ipahbacrule:
@@ -75,7 +75,7 @@
name: testrule name: testrule
hostcategory: "" hostcategory: ""
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure HBAC rule is present, with servicecategory 'all' - name: Ensure HBAC rule is present, with servicecategory 'all'
ipahbacrule: ipahbacrule:
@@ -83,7 +83,7 @@
name: testrule name: testrule
servicecategory: all servicecategory: all
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure HBAC rule is present, with servicecategory 'all', again. - name: Ensure HBAC rule is present, with servicecategory 'all', again.
ipahbacrule: ipahbacrule:
@@ -91,7 +91,7 @@
name: testrule name: testrule
servicecategory: all servicecategory: all
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure HBAC rule is present, with no servicecategory. - name: Ensure HBAC rule is present, with no servicecategory.
ipahbacrule: ipahbacrule:
@@ -99,7 +99,7 @@
name: testrule name: testrule
servicecategory: "" servicecategory: ""
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure HBAC rule is present, with no servicecategory, again. - name: Ensure HBAC rule is present, with no servicecategory, again.
ipahbacrule: ipahbacrule:
@@ -107,7 +107,7 @@
name: testrule name: testrule
servicecategory: "" servicecategory: ""
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure `user` cannot be added if usercategory is `all`. - name: Ensure `user` cannot be added if usercategory is `all`.
ipahbacrule: ipahbacrule:

12
tests/hbacsvc/test_hbacsvc.yml
View File

@@ -16,14 +16,14 @@
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: http name: http
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure HBAC Service for http is present again - name: Ensure HBAC Service for http is present again
ipahbacsvc: ipahbacsvc:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: http name: http
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure HBAC Service for tftp is present - name: Ensure HBAC Service for tftp is present
ipahbacsvc: ipahbacsvc:
@@ -31,7 +31,7 @@
name: tftp name: tftp
description: TFTP service description: TFTP service
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure HBAC Service for tftp is present again - name: Ensure HBAC Service for tftp is present again
ipahbacsvc: ipahbacsvc:
@@ -39,7 +39,7 @@
name: tftp name: tftp
description: TFTP service description: TFTP service
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure HBAC Services for http and tftp are absent - name: Ensure HBAC Services for http and tftp are absent
ipahbacsvc: ipahbacsvc:
@@ -47,7 +47,7 @@
name: http,tftp name: http,tftp
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure HBAC Services for http and tftp are absent again - name: Ensure HBAC Services for http and tftp are absent again
ipahbacsvc: ipahbacsvc:
@@ -55,4 +55,4 @@
name: http,tftp name: http,tftp
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed

16
tests/hbacsvcgroup/test_hbacsvcgroup.yml
View File

@@ -21,14 +21,14 @@
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: login name: login
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure HBAC Service Group login is present again - name: Ensure HBAC Service Group login is present again
ipahbacsvcgroup: ipahbacsvcgroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: login name: login
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure HBAC Service sshd is present in HBAC Service Group login - name: Ensure HBAC Service sshd is present in HBAC Service Group login
ipahbacsvcgroup: ipahbacsvcgroup:
@@ -38,7 +38,7 @@
- sshd - sshd
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure HBAC Service sshd is present in HBAC Service Group login again - name: Ensure HBAC Service sshd is present in HBAC Service Group login again
ipahbacsvcgroup: ipahbacsvcgroup:
@@ -48,7 +48,7 @@
- sshd - sshd
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure HBAC Services sshd and foo are absent in HBAC Service Group login - name: Ensure HBAC Services sshd and foo are absent in HBAC Service Group login
ipahbacsvcgroup: ipahbacsvcgroup:
@@ -60,7 +60,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure HBAC Services sshd and foo are absent in HBAC Service Group login again - name: Ensure HBAC Services sshd and foo are absent in HBAC Service Group login again
ipahbacsvcgroup: ipahbacsvcgroup:
@@ -72,7 +72,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure HBAC Service Group login is absent - name: Ensure HBAC Service Group login is absent
ipahbacsvcgroup: ipahbacsvcgroup:
@@ -80,7 +80,7 @@
name: login name: login
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure HBAC Service Group login is absent again - name: Ensure HBAC Service Group login is absent again
ipahbacsvcgroup: ipahbacsvcgroup:
@@ -88,4 +88,4 @@
name: login name: login
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed

14
tests/host/certificate/test_host_certificate.yml
View File

@@ -31,7 +31,7 @@
name: "{{ 'test.' + ipaserver_domain }}" name: "{{ 'test.' + ipaserver_domain }}"
force: yes force: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host test cert members present - name: Host test cert members present
ipahost: ipahost:
@@ -43,7 +43,7 @@
- "{{ lookup('file', 'cert3.b64', rstrip=False) }}" - "{{ lookup('file', 'cert3.b64', rstrip=False) }}"
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host test cert members present again - name: Host test cert members present again
ipahost: ipahost:
@@ -55,7 +55,7 @@
- "{{ lookup('file', 'cert3.b64', rstrip=False) }}" - "{{ lookup('file', 'cert3.b64', rstrip=False) }}"
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host test cert members absent - name: Host test cert members absent
ipahost: ipahost:
@@ -68,7 +68,7 @@
state: absent state: absent
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host test cert members absent again - name: Host test cert members absent again
ipahost: ipahost:
@@ -81,7 +81,7 @@
state: absent state: absent
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host test absent - name: Host test absent
ipahost: ipahost:
@@ -89,7 +89,7 @@
name: "{{ 'test.' + ipaserver_domain }}" name: "{{ 'test.' + ipaserver_domain }}"
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host test absent again - name: Host test absent again
ipahost: ipahost:
@@ -97,7 +97,7 @@
name: "{{ 'test.' + ipaserver_domain }}" name: "{{ 'test.' + ipaserver_domain }}"
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Remove certificate files. - name: Remove certificate files.
shell: shell:

12
tests/host/certificate/test_hosts_certificate.yml
View File

@@ -23,7 +23,7 @@
- name: "{{ 'test.' + ipaserver_domain }}" - name: "{{ 'test.' + ipaserver_domain }}"
force: yes force: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Generate self-signed certificates. - name: Generate self-signed certificates.
shell: shell:
@@ -46,7 +46,7 @@
- "{{ lookup('file', 'cert3.b64', rstrip=False) }}" - "{{ lookup('file', 'cert3.b64', rstrip=False) }}"
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host test cert members present again - name: Host test cert members present again
ipahost: ipahost:
@@ -59,7 +59,7 @@
- "{{ lookup('file', 'cert3.b64', rstrip=False) }}" - "{{ lookup('file', 'cert3.b64', rstrip=False) }}"
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host test cert members absent - name: Host test cert members absent
ipahost: ipahost:
@@ -73,7 +73,7 @@
state: absent state: absent
action: member action: member
#register: result #register: result
#failed_when: not result.changed or result.failed #failed_when: not result.changed
- name: Host test cert members absent again - name: Host test cert members absent again
ipahost: ipahost:
@@ -87,7 +87,7 @@
state: absent state: absent
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host test absent - name: Host test absent
ipahost: ipahost:
@@ -96,7 +96,7 @@
- name: "{{ 'test.' + ipaserver_domain }}" - name: "{{ 'test.' + ipaserver_domain }}"
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Remove certificate files. - name: Remove certificate files.
shell: shell:

32
tests/host/test_host.yml
View File

@@ -44,7 +44,7 @@
update_dns: yes update_dns: yes
reverse: no reverse: no
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" present again - name: Host "{{ host1_fqdn }}" present again
ipahost: ipahost:
@@ -54,7 +54,7 @@
update_dns: yes update_dns: yes
reverse: no reverse: no
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host "{{ host2_fqdn }}" present - name: Host "{{ host2_fqdn }}" present
ipahost: ipahost:
@@ -64,7 +64,7 @@
update_dns: yes update_dns: yes
reverse: no reverse: no
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host2_fqdn }}" present again - name: Host "{{ host2_fqdn }}" present again
ipahost: ipahost:
@@ -74,7 +74,7 @@
update_dns: yes update_dns: yes
reverse: no reverse: no
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host "{{ host3_fqdn }}" present - name: Host "{{ host3_fqdn }}" present
ipahost: ipahost:
@@ -84,7 +84,7 @@
update_dns: yes update_dns: yes
reverse: no reverse: no
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host3_fqdn }}" present again - name: Host "{{ host3_fqdn }}" present again
ipahost: ipahost:
@@ -94,7 +94,7 @@
update_dns: yes update_dns: yes
reverse: no reverse: no
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host "{{ host4_fqdn }}" present - name: Host "{{ host4_fqdn }}" present
ipahost: ipahost:
@@ -104,7 +104,7 @@
update_dns: yes update_dns: yes
reverse: no reverse: no
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host4_fqdn }}" present again - name: Host "{{ host4_fqdn }}" present again
ipahost: ipahost:
@@ -114,7 +114,7 @@
update_dns: yes update_dns: yes
reverse: no reverse: no
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host "{{ host5_fqdn }}" present - name: Host "{{ host5_fqdn }}" present
ipahost: ipahost:
@@ -124,7 +124,7 @@
update_dns: yes update_dns: yes
reverse: no reverse: no
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host5_fqdn }}" present again - name: Host "{{ host5_fqdn }}" present again
ipahost: ipahost:
@@ -134,7 +134,7 @@
update_dns: yes update_dns: yes
reverse: no reverse: no
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host "{{ host6_fqdn }}" present - name: Host "{{ host6_fqdn }}" present
ipahost: ipahost:
@@ -144,7 +144,7 @@
update_dns: yes update_dns: yes
reverse: no reverse: no
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host6_fqdn }}" present again - name: Host "{{ host6_fqdn }}" present again
ipahost: ipahost:
@@ -154,7 +154,7 @@
update_dns: yes update_dns: yes
reverse: no reverse: no
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
# disabled can only be checked with enabled hosts, all hosts above are # disabled can only be checked with enabled hosts, all hosts above are
# not enabled. # not enabled.
@@ -170,7 +170,7 @@
# - "{{ host6_fqdn }}" # - "{{ host6_fqdn }}"
# state: disabled # state: disabled
# register: result # register: result
# failed_when: not result.changed or result.failed # failed_when: not result.changed
# #
#- name: Hosts host1..host6 disabled again #- name: Hosts host1..host6 disabled again
# ipahost: # ipahost:
@@ -184,7 +184,7 @@
# - "{{ host6_fqdn }}" # - "{{ host6_fqdn }}"
# state: disabled # state: disabled
# register: result # register: result
# failed_when: result.changed or result.failed # failed_when: result.changed
- name: Hosts host1..host6 absent - name: Hosts host1..host6 absent
ipahost: ipahost:
@@ -199,7 +199,7 @@
update_dns: yes update_dns: yes
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Hosts host1..host6 absent again - name: Hosts host1..host6 absent again
ipahost: ipahost:
@@ -214,5 +214,5 @@
update_dns: yes update_dns: yes
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed

34
tests/host/test_host_allow_create_keytab.yml
View File

@@ -58,7 +58,7 @@
- name: "{{ host3_fqdn }}" - name: "{{ host3_fqdn }}"
force: yes force: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure host-group hostgroup1 present - name: Ensure host-group hostgroup1 present
ipahostgroup: ipahostgroup:
@@ -66,7 +66,7 @@
name: hostgroup1 name: hostgroup1
state: present state: present
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure host-group hostgroup2 present - name: Ensure host-group hostgroup2 present
ipahostgroup: ipahostgroup:
@@ -74,7 +74,7 @@
name: hostgroup2 name: hostgroup2
state: present state: present
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure users user1 and user2 present - name: Ensure users user1 and user2 present
ipauser: ipauser:
@@ -87,21 +87,21 @@
first: First2 first: First2
last: Last2 last: Last2
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure group1 present - name: Ensure group1 present
ipagroup: ipagroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: group1 name: group1
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure group2 present - name: Ensure group2 present
ipagroup: ipagroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: group2 name: group2
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host host1... present with allow_create_keytab users,groups,hosts and hostgroups - name: Host host1... present with allow_create_keytab users,groups,hosts and hostgroups
ipahost: ipahost:
@@ -121,7 +121,7 @@
- hostgroup2 - hostgroup2
force: yes force: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host host1... present with allow_create_keytab users,groups,hosts and hostgroups again - name: Host host1... present with allow_create_keytab users,groups,hosts and hostgroups again
ipahost: ipahost:
@@ -141,7 +141,7 @@
- hostgroup2 - hostgroup2
force: yes force: yes
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host host1... absent - name: Host host1... absent
ipahost: ipahost:
@@ -156,7 +156,7 @@
name: "{{ host1_fqdn }}" name: "{{ host1_fqdn }}"
force: yes force: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host host1... ensure allow_create_keytab users,groups,hosts and hostgroups present - name: Host host1... ensure allow_create_keytab users,groups,hosts and hostgroups present
ipahost: ipahost:
@@ -176,7 +176,7 @@
- hostgroup2 - hostgroup2
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host host1... ensure allow_create_keytab users,groups,hosts and hostgroups present again - name: Host host1... ensure allow_create_keytab users,groups,hosts and hostgroups present again
ipahost: ipahost:
@@ -196,7 +196,7 @@
- hostgroup2 - hostgroup2
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host host1... ensure allow_create_keytab users,groups,hosts and hostgroups absent - name: Host host1... ensure allow_create_keytab users,groups,hosts and hostgroups absent
ipahost: ipahost:
@@ -217,7 +217,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host host1... ensure allow_create_keytab users,groups,hosts and hostgroups absent again - name: Host host1... ensure allow_create_keytab users,groups,hosts and hostgroups absent again
ipahost: ipahost:
@@ -238,7 +238,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host host1..., host2... and host3... absent - name: Host host1..., host2... and host3... absent
ipahost: ipahost:
@@ -249,7 +249,7 @@
- "{{ host3_fqdn }}" - "{{ host3_fqdn }}"
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure host-groups hostgroup1 and hostgroup2 absent - name: Ensure host-groups hostgroup1 and hostgroup2 absent
ipahostgroup: ipahostgroup:
@@ -257,7 +257,7 @@
name: hostgroup1,hostgroup2 name: hostgroup1,hostgroup2
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure users user1 and user2 absent - name: Ensure users user1 and user2 absent
ipauser: ipauser:
@@ -267,7 +267,7 @@
- name: user2 - name: user2
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure group1 and group2 absent - name: Ensure group1 and group2 absent
ipagroup: ipagroup:
@@ -275,4 +275,4 @@
name: group1,group2 name: group1,group2
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed

34
tests/host/test_host_allow_retrieve_keytab.yml
View File

@@ -58,7 +58,7 @@
- name: "{{ host3_fqdn }}" - name: "{{ host3_fqdn }}"
force: yes force: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure host-group hostgroup1 present - name: Ensure host-group hostgroup1 present
ipahostgroup: ipahostgroup:
@@ -66,7 +66,7 @@
name: hostgroup1 name: hostgroup1
state: present state: present
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure host-group hostgroup2 present - name: Ensure host-group hostgroup2 present
ipahostgroup: ipahostgroup:
@@ -74,7 +74,7 @@
name: hostgroup2 name: hostgroup2
state: present state: present
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure users user1 and user2 present - name: Ensure users user1 and user2 present
ipauser: ipauser:
@@ -87,21 +87,21 @@
first: First2 first: First2
last: Last2 last: Last2
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure group1 present - name: Ensure group1 present
ipagroup: ipagroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: group1 name: group1
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure group2 present - name: Ensure group2 present
ipagroup: ipagroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: group2 name: group2
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host host1... present with allow_retrieve_keytab users,groups,hosts and hostgroups - name: Host host1... present with allow_retrieve_keytab users,groups,hosts and hostgroups
ipahost: ipahost:
@@ -121,7 +121,7 @@
- hostgroup2 - hostgroup2
force: yes force: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host host1... present with allow_retrieve_keytab users,groups,hosts and hostgroups again - name: Host host1... present with allow_retrieve_keytab users,groups,hosts and hostgroups again
ipahost: ipahost:
@@ -141,7 +141,7 @@
- hostgroup2 - hostgroup2
force: yes force: yes
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host host1... absent - name: Host host1... absent
ipahost: ipahost:
@@ -156,7 +156,7 @@
name: "{{ host1_fqdn }}" name: "{{ host1_fqdn }}"
force: yes force: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host host1... ensure allow_retrieve_keytab users,groups,hosts and hostgroups present - name: Host host1... ensure allow_retrieve_keytab users,groups,hosts and hostgroups present
ipahost: ipahost:
@@ -176,7 +176,7 @@
- hostgroup2 - hostgroup2
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host host1... ensure allow_retrieve_keytab users,groups,hosts and hostgroups present again - name: Host host1... ensure allow_retrieve_keytab users,groups,hosts and hostgroups present again
ipahost: ipahost:
@@ -196,7 +196,7 @@
- hostgroup2 - hostgroup2
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host host1... ensure allow_retrieve_keytab users,groups,hosts and hostgroups absent - name: Host host1... ensure allow_retrieve_keytab users,groups,hosts and hostgroups absent
ipahost: ipahost:
@@ -217,7 +217,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host host1... ensure allow_retrieve_keytab users,groups,hosts and hostgroups absent again - name: Host host1... ensure allow_retrieve_keytab users,groups,hosts and hostgroups absent again
ipahost: ipahost:
@@ -238,7 +238,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host host1..., host2... and host3... absent - name: Host host1..., host2... and host3... absent
ipahost: ipahost:
@@ -249,7 +249,7 @@
- "{{ host3_fqdn }}" - "{{ host3_fqdn }}"
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure host-groups hostgroup1 and hostgroup2 absent - name: Ensure host-groups hostgroup1 and hostgroup2 absent
ipahostgroup: ipahostgroup:
@@ -257,7 +257,7 @@
name: hostgroup1,hostgroup2 name: hostgroup1,hostgroup2
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure users user1 and user2 absent - name: Ensure users user1 and user2 absent
ipauser: ipauser:
@@ -267,7 +267,7 @@
- name: user2 - name: user2
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure group1 and group2 absent - name: Ensure group1 and group2 absent
ipagroup: ipagroup:
@@ -275,4 +275,4 @@
name: group1,group2 name: group1,group2
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed

20
tests/host/test_host_bool_params.yml
View File

@@ -30,7 +30,7 @@
ok_as_delegate: yes ok_as_delegate: yes
ok_to_auth_as_delegate: yes ok_to_auth_as_delegate: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" present with requires_pre_auth, ok_as_delegate and ok_to_auth_as_delegate again - name: Host "{{ host1_fqdn }}" present with requires_pre_auth, ok_as_delegate and ok_to_auth_as_delegate again
ipahost: ipahost:
@@ -40,7 +40,7 @@
ok_as_delegate: yes ok_as_delegate: yes
ok_to_auth_as_delegate: yes ok_to_auth_as_delegate: yes
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host "{{ host1_fqdn }}" present with requires_pre_auth, ok_as_delegate and ok_to_auth_as_delegate set to no - name: Host "{{ host1_fqdn }}" present with requires_pre_auth, ok_as_delegate and ok_to_auth_as_delegate set to no
ipahost: ipahost:
@@ -50,7 +50,7 @@
ok_as_delegate: no ok_as_delegate: no
ok_to_auth_as_delegate: no ok_to_auth_as_delegate: no
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" present with requires_pre_auth, ok_as_delegate and ok_to_auth_as_delegate set to no again - name: Host "{{ host1_fqdn }}" present with requires_pre_auth, ok_as_delegate and ok_to_auth_as_delegate set to no again
ipahost: ipahost:
@@ -60,7 +60,7 @@
ok_as_delegate: no ok_as_delegate: no
ok_to_auth_as_delegate: no ok_to_auth_as_delegate: no
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host "{{ host1_fqdn }}" present with requires_pre_auth - name: Host "{{ host1_fqdn }}" present with requires_pre_auth
ipahost: ipahost:
@@ -68,7 +68,7 @@
name: "{{ host1_fqdn }}" name: "{{ host1_fqdn }}"
requires_pre_auth: yes requires_pre_auth: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" present with requires_pre_auth again - name: Host "{{ host1_fqdn }}" present with requires_pre_auth again
ipahost: ipahost:
@@ -76,7 +76,7 @@
name: "{{ host1_fqdn }}" name: "{{ host1_fqdn }}"
requires_pre_auth: yes requires_pre_auth: yes
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host "{{ host1_fqdn }}" present with ok_as_delegate - name: Host "{{ host1_fqdn }}" present with ok_as_delegate
ipahost: ipahost:
@@ -84,7 +84,7 @@
name: "{{ host1_fqdn }}" name: "{{ host1_fqdn }}"
ok_as_delegate: yes ok_as_delegate: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" present with ok_as_delegate again - name: Host "{{ host1_fqdn }}" present with ok_as_delegate again
ipahost: ipahost:
@@ -92,7 +92,7 @@
name: "{{ host1_fqdn }}" name: "{{ host1_fqdn }}"
ok_as_delegate: yes ok_as_delegate: yes
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host "{{ host1_fqdn }}" present with ok_to_auth_as_delegate - name: Host "{{ host1_fqdn }}" present with ok_to_auth_as_delegate
ipahost: ipahost:
@@ -100,7 +100,7 @@
name: "{{ host1_fqdn }}" name: "{{ host1_fqdn }}"
ok_to_auth_as_delegate: yes ok_to_auth_as_delegate: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" present with ok_to_auth_as_delegate again - name: Host "{{ host1_fqdn }}" present with ok_to_auth_as_delegate again
ipahost: ipahost:
@@ -108,7 +108,7 @@
name: "{{ host1_fqdn }}" name: "{{ host1_fqdn }}"
ok_to_auth_as_delegate: yes ok_to_auth_as_delegate: yes
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host absent - name: Host absent
ipahost: ipahost:

45
tests/host/test_host_ipaddresses.yml
View File

@@ -40,7 +40,7 @@
update_dns: yes update_dns: yes
reverse: no reverse: no
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" present again - name: Host "{{ host1_fqdn }}" present again
ipahost: ipahost:
@@ -52,7 +52,7 @@
update_dns: yes update_dns: yes
reverse: no reverse: no
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host "{{ host1_fqdn }}" present again with new IP address - name: Host "{{ host1_fqdn }}" present again with new IP address
ipahost: ipahost:
@@ -66,7 +66,7 @@
update_dns: yes update_dns: yes
reverse: no reverse: no
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" present again with new IP address again - name: Host "{{ host1_fqdn }}" present again with new IP address again
ipahost: ipahost:
@@ -80,7 +80,7 @@
update_dns: yes update_dns: yes
reverse: no reverse: no
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host "{{ host1_fqdn }}" member IPv4 address present - name: Host "{{ host1_fqdn }}" member IPv4 address present
ipahost: ipahost:
@@ -89,7 +89,7 @@
ip_address: "{{ ipv4_prefix + '.201' }}" ip_address: "{{ ipv4_prefix + '.201' }}"
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" member IPv4 address present again - name: Host "{{ host1_fqdn }}" member IPv4 address present again
ipahost: ipahost:
@@ -98,7 +98,7 @@
ip_address: "{{ ipv4_prefix + '.201' }}" ip_address: "{{ ipv4_prefix + '.201' }}"
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host "{{ host1_fqdn }}" member IPv4 address absent - name: Host "{{ host1_fqdn }}" member IPv4 address absent
ipahost: ipahost:
@@ -108,7 +108,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" member IPv4 address absent again - name: Host "{{ host1_fqdn }}" member IPv4 address absent again
ipahost: ipahost:
@@ -118,7 +118,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host "{{ host1_fqdn }}" member IPv6 address present - name: Host "{{ host1_fqdn }}" member IPv6 address present
ipahost: ipahost:
@@ -127,7 +127,7 @@
ip_address: fe80::20c:29ff:fe02:a1b2 ip_address: fe80::20c:29ff:fe02:a1b2
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" member IPv6 address present again - name: Host "{{ host1_fqdn }}" member IPv6 address present again
ipahost: ipahost:
@@ -136,7 +136,7 @@
ip_address: fe80::20c:29ff:fe02:a1b2 ip_address: fe80::20c:29ff:fe02:a1b2
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host "{{ host1_fqdn }}" member IPv6 address absent - name: Host "{{ host1_fqdn }}" member IPv6 address absent
ipahost: ipahost:
@@ -146,7 +146,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" member IPv6 address absent again - name: Host "{{ host1_fqdn }}" member IPv6 address absent again
ipahost: ipahost:
@@ -156,7 +156,6 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed
- name: Host "{{ host1_fqdn }}" member all ip-addresses absent - name: Host "{{ host1_fqdn }}" member all ip-addresses absent
ipahost: ipahost:
@@ -170,7 +169,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" all member ip-addresses absent again - name: Host "{{ host1_fqdn }}" all member ip-addresses absent again
ipahost: ipahost:
@@ -184,7 +183,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Hosts "{{ host1_fqdn }}" and "{{ host2_fqdn }}" present with same IP addresses - name: Hosts "{{ host1_fqdn }}" and "{{ host2_fqdn }}" present with same IP addresses
ipahost: ipahost:
@@ -203,7 +202,7 @@
- "{{ ipv4_prefix + '.221' }}" - "{{ ipv4_prefix + '.221' }}"
- fe80::20c:29ff:fe02:a1b4 - fe80::20c:29ff:fe02:a1b4
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Hosts "{{ host1_fqdn }}" and "{{ host2_fqdn }}" present with same IP addresses again - name: Hosts "{{ host1_fqdn }}" and "{{ host2_fqdn }}" present with same IP addresses again
ipahost: ipahost:
@@ -222,7 +221,7 @@
- "{{ ipv4_prefix + '.221' }}" - "{{ ipv4_prefix + '.221' }}"
- fe80::20c:29ff:fe02:a1b4 - fe80::20c:29ff:fe02:a1b4
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Hosts "{{ host3_fqdn }}" present with same IP addresses - name: Hosts "{{ host3_fqdn }}" present with same IP addresses
ipahost: ipahost:
@@ -235,7 +234,7 @@
- "{{ ipv4_prefix + '.221' }}" - "{{ ipv4_prefix + '.221' }}"
- fe80::20c:29ff:fe02:a1b4 - fe80::20c:29ff:fe02:a1b4
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Hosts "{{ host3_fqdn }}" present with same IP addresses again - name: Hosts "{{ host3_fqdn }}" present with same IP addresses again
ipahost: ipahost:
@@ -248,7 +247,7 @@
- "{{ ipv4_prefix + '.221' }}" - "{{ ipv4_prefix + '.221' }}"
- fe80::20c:29ff:fe02:a1b4 - fe80::20c:29ff:fe02:a1b4
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host "{{ host3_fqdn }}" present with differnt IP addresses - name: Host "{{ host3_fqdn }}" present with differnt IP addresses
ipahost: ipahost:
@@ -261,7 +260,7 @@
- "{{ ipv4_prefix + '.121' }}" - "{{ ipv4_prefix + '.121' }}"
- fe80::20c:29ff:fe02:a1b2 - fe80::20c:29ff:fe02:a1b2
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host3_fqdn }}" present with different IP addresses again - name: Host "{{ host3_fqdn }}" present with different IP addresses again
ipahost: ipahost:
@@ -274,7 +273,7 @@
- "{{ ipv4_prefix + '.121' }}" - "{{ ipv4_prefix + '.121' }}"
- fe80::20c:29ff:fe02:a1b2 - fe80::20c:29ff:fe02:a1b2
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host "{{ host3_fqdn }}" present with old IP addresses - name: Host "{{ host3_fqdn }}" present with old IP addresses
ipahost: ipahost:
@@ -287,7 +286,7 @@
- "{{ ipv4_prefix + '.221' }}" - "{{ ipv4_prefix + '.221' }}"
- fe80::20c:29ff:fe02:a1b4 - fe80::20c:29ff:fe02:a1b4
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host3_fqdn }}" present with old IP addresses again - name: Host "{{ host3_fqdn }}" present with old IP addresses again
ipahost: ipahost:
@@ -300,7 +299,7 @@
- "{{ ipv4_prefix + '.221' }}" - "{{ ipv4_prefix + '.221' }}"
- fe80::20c:29ff:fe02:a1b4 - fe80::20c:29ff:fe02:a1b4
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Absent host01.ihavenodns.info test - name: Absent host01.ihavenodns.info test
ipahost: ipahost:
@@ -309,7 +308,7 @@
- name: host01.ihavenodns.info - name: host01.ihavenodns.info
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host absent - name: Host absent
ipahost: ipahost:

22
tests/host/test_host_managedby_host.yml
View File

@@ -29,7 +29,7 @@
name: "{{ host1_fqdn }}" name: "{{ host1_fqdn }}"
force: yes force: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host2_fqdn }}" present - name: Host "{{ host2_fqdn }}" present
ipahost: ipahost:
@@ -37,7 +37,7 @@
name: "{{ host2_fqdn }}" name: "{{ host2_fqdn }}"
force: yes force: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" managed by "{{ 'host2.' + ipaserver_domain }}" - name: Host "{{ host1_fqdn }}" managed by "{{ 'host2.' + ipaserver_domain }}"
ipahost: ipahost:
@@ -45,7 +45,7 @@
name: "{{ host1_fqdn }}" name: "{{ host1_fqdn }}"
managedby_host: "{{ host2_fqdn }}" managedby_host: "{{ host2_fqdn }}"
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" managed by "{{ 'host2.' + ipaserver_domain }}" again - name: Host "{{ host1_fqdn }}" managed by "{{ 'host2.' + ipaserver_domain }}" again
ipahost: ipahost:
@@ -53,7 +53,7 @@
name: "{{ host1_fqdn }}" name: "{{ host1_fqdn }}"
managedby_host: "{{ host2_fqdn }}" managedby_host: "{{ host2_fqdn }}"
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host "{{ host1_fqdn }}" managed by "{{ ansible_facts['fqdn'] }}" - name: Host "{{ host1_fqdn }}" managed by "{{ ansible_facts['fqdn'] }}"
ipahost: ipahost:
@@ -62,7 +62,7 @@
managedby_host: "{{ ansible_facts['fqdn'] }}" managedby_host: "{{ ansible_facts['fqdn'] }}"
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" managed by "{{ ansible_facts['fqdn'] }}" again - name: Host "{{ host1_fqdn }}" managed by "{{ ansible_facts['fqdn'] }}" again
ipahost: ipahost:
@@ -71,7 +71,7 @@
managedby_host: "{{ ansible_facts['fqdn'] }}" managedby_host: "{{ ansible_facts['fqdn'] }}"
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host "{{ host1_fqdn }}" not managed by "{{ ansible_facts['fqdn'] }}" - name: Host "{{ host1_fqdn }}" not managed by "{{ ansible_facts['fqdn'] }}"
ipahost: ipahost:
@@ -81,7 +81,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" not managed by "{{ ansible_facts['fqdn'] }}" again - name: Host "{{ host1_fqdn }}" not managed by "{{ ansible_facts['fqdn'] }}" again
ipahost: ipahost:
@@ -91,7 +91,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host "{{ host1_fqdn }}" not managed by "{{ 'host2.' + ipaserver_domain }}" - name: Host "{{ host1_fqdn }}" not managed by "{{ 'host2.' + ipaserver_domain }}"
ipahost: ipahost:
@@ -101,7 +101,7 @@
state: absent state: absent
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" not managed by "{{ 'host2.' + ipaserver_domain }}" again - name: Host "{{ host1_fqdn }}" not managed by "{{ 'host2.' + ipaserver_domain }}" again
ipahost: ipahost:
@@ -111,7 +111,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host absent - name: Host absent
ipahost: ipahost:
@@ -122,4 +122,4 @@
update_dns: yes update_dns: yes
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed

18
tests/host/test_host_principal.yml
View File

@@ -34,7 +34,7 @@
- "{{ 'host/testhost1.' + ipaserver_domain + '@' + ipaserver_realm }}" - "{{ 'host/testhost1.' + ipaserver_domain + '@' + ipaserver_realm }}"
force: yes force: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host host1... principal host/host1... present (existing already) - name: Host host1... principal host/host1... present (existing already)
ipahost: ipahost:
@@ -44,7 +44,7 @@
- "{{ 'host/host1.' + ipaserver_domain + '@' + ipaserver_realm }}" - "{{ 'host/host1.' + ipaserver_domain + '@' + ipaserver_realm }}"
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host host1... principal host/testhost1... present again - name: Host host1... principal host/testhost1... present again
ipahost: ipahost:
@@ -53,7 +53,7 @@
principal: "{{ 'host/testhost1.' + ipaserver_domain + '@' + ipaserver_realm }}" principal: "{{ 'host/testhost1.' + ipaserver_domain + '@' + ipaserver_realm }}"
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host host1... principal host/testhost1... absent - name: Host host1... principal host/testhost1... absent
ipahost: ipahost:
@@ -63,7 +63,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host host1... principal host/testhost1... absent again - name: Host host1... principal host/testhost1... absent again
ipahost: ipahost:
@@ -73,7 +73,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host host1... principal host/testhost1... and host/myhost1... present - name: Host host1... principal host/testhost1... and host/myhost1... present
ipahost: ipahost:
@@ -84,7 +84,7 @@
- "{{ 'host/myhost1.' + ipaserver_domain + '@' + ipaserver_realm }}" - "{{ 'host/myhost1.' + ipaserver_domain + '@' + ipaserver_realm }}"
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host host1... principal host/testhost1... and host/myhost1... present again - name: Host host1... principal host/testhost1... and host/myhost1... present again
ipahost: ipahost:
@@ -95,7 +95,7 @@
- "{{ 'host/myhost1.' + ipaserver_domain + '@' + ipaserver_realm }}" - "{{ 'host/myhost1.' + ipaserver_domain + '@' + ipaserver_realm }}"
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host host1... principal host/testhost1... and host/myhost1... absent - name: Host host1... principal host/testhost1... and host/myhost1... absent
ipahost: ipahost:
@@ -107,7 +107,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host host1... principal host/testhost1... and host/myhost1... absent again - name: Host host1... principal host/testhost1... and host/myhost1... absent again
ipahost: ipahost:
@@ -119,7 +119,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host host1... absent - name: Host host1... absent
ipahost: ipahost:

6
tests/host/test_host_random.yml
View File

@@ -31,7 +31,7 @@
force: yes force: yes
update_password: on_create update_password: on_create
register: ipahost register: ipahost
failed_when: not ipahost.changed or ipahost.failed failed_when: not ipahost.changed
- assert: - assert:
that: that:
@@ -60,7 +60,7 @@
force: yes force: yes
update_password: on_create update_password: on_create
register: ipahost register: ipahost
failed_when: not ipahost.changed or ipahost.failed failed_when: not ipahost.changed
- assert: - assert:
that: that:
@@ -85,7 +85,7 @@
random: yes random: yes
update_password: always update_password: always
register: ipahost register: ipahost
failed_when: ipahost.changed or not ipahost.failed failed_when: ipahost.changed
- assert: - assert:
that: that:

12
tests/host/test_host_reverse.yml
View File

@@ -57,7 +57,7 @@
update_dns: yes update_dns: yes
reverse: yes reverse: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" present, again. - name: Host "{{ host1_fqdn }}" present, again.
ipahost: ipahost:
@@ -67,7 +67,7 @@
update_dns: yes update_dns: yes
reverse: yes reverse: yes
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Hosts host1 absent - name: Hosts host1 absent
ipahost: ipahost:
@@ -77,7 +77,7 @@
update_dns: yes update_dns: yes
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" present with IPv6 - name: Host "{{ host1_fqdn }}" present with IPv6
ipahost: ipahost:
@@ -87,7 +87,7 @@
update_dns: yes update_dns: yes
reverse: yes reverse: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" present with IPv6, again. - name: Host "{{ host1_fqdn }}" present with IPv6, again.
ipahost: ipahost:
@@ -97,7 +97,7 @@
update_dns: yes update_dns: yes
reverse: yes reverse: yes
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Hosts host1 absent - name: Hosts host1 absent
ipahost: ipahost:
@@ -107,7 +107,7 @@
update_dns: yes update_dns: yes
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Delete zone for reverse address. - name: Delete zone for reverse address.
ipadnszone: ipadnszone:

12
tests/host/test_hosts.yml
View File

@@ -47,7 +47,7 @@
- name: "{{ host6_fqdn }}" - name: "{{ host6_fqdn }}"
force: yes force: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Hosts host1..host6 present again - name: Hosts host1..host6 present again
ipahost: ipahost:
@@ -66,7 +66,7 @@
- name: "{{ host6_fqdn }}" - name: "{{ host6_fqdn }}"
force: yes force: yes
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Hosts host1..host6 absent - name: Hosts host1..host6 absent
ipahost: ipahost:
@@ -80,7 +80,7 @@
- name: "{{ host6_fqdn }}" - name: "{{ host6_fqdn }}"
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Hosts host1..host6 absent again - name: Hosts host1..host6 absent again
ipahost: ipahost:
@@ -94,10 +94,8 @@
- name: "{{ host6_fqdn }}" - name: "{{ host6_fqdn }}"
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
# Use failed_when: not result.failed as this test needs to fail because a
# host is added two times in the same task
- name: Duplicate names in hosts failure test - name: Duplicate names in hosts failure test
ipahost: ipahost:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
@@ -111,4 +109,4 @@
- name: "{{ host3_fqdn }}" - name: "{{ host3_fqdn }}"
force: yes force: yes
register: result register: result
failed_when: result.changed or not result.failed or "is used more than once" not in result.msg failed_when: result.changed or "is used more than once" not in result.msg

14
tests/host/test_hosts_managedby_host.yml
View File

@@ -35,7 +35,7 @@
name: "{{ host5_fqdn }}" name: "{{ host5_fqdn }}"
force: yes force: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Hosts "{{ host1_fqdn }}" .. "{{ 'host5.' + ipaserver_domain }}" present and managed by "{{ 'host5.' + ipaserver_domain }}" - name: Hosts "{{ host1_fqdn }}" .. "{{ 'host5.' + ipaserver_domain }}" present and managed by "{{ 'host5.' + ipaserver_domain }}"
ipahost: ipahost:
@@ -57,7 +57,7 @@
managedby_host: "{{ host5_fqdn }}" managedby_host: "{{ host5_fqdn }}"
force: yes force: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Hosts "{{ host1_fqdn }}" .. "{{ 'host5.' + ipaserver_domain }}" present and managed by "{{ 'host5.' + ipaserver_domain }}" again - name: Hosts "{{ host1_fqdn }}" .. "{{ 'host5.' + ipaserver_domain }}" present and managed by "{{ 'host5.' + ipaserver_domain }}" again
ipahost: ipahost:
@@ -79,7 +79,7 @@
managedby_host: "{{ host5_fqdn }}" managedby_host: "{{ host5_fqdn }}"
force: yes force: yes
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Hosts "{{ host1_fqdn }}" .. "{{ 'host5.' + ipaserver_domain }}" managed by "{{ 'host5.' + ipaserver_domain }}" - name: Hosts "{{ host1_fqdn }}" .. "{{ 'host5.' + ipaserver_domain }}" managed by "{{ 'host5.' + ipaserver_domain }}"
ipahost: ipahost:
@@ -97,7 +97,7 @@
managedby_host: "{{ host5_fqdn }}" managedby_host: "{{ host5_fqdn }}"
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Hosts "{{ host1_fqdn }}" .. "{{ 'host5.' + ipaserver_domain }}" not managed by "{{ 'host5.' + ipaserver_domain }}" - name: Hosts "{{ host1_fqdn }}" .. "{{ 'host5.' + ipaserver_domain }}" not managed by "{{ 'host5.' + ipaserver_domain }}"
ipahost: ipahost:
@@ -116,7 +116,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Hosts "{{ host1_fqdn }}" .. "{{ 'host5.' + ipaserver_domain }}" not managed by "{{ 'host5.' + ipaserver_domain }}" again - name: Hosts "{{ host1_fqdn }}" .. "{{ 'host5.' + ipaserver_domain }}" not managed by "{{ 'host5.' + ipaserver_domain }}" again
ipahost: ipahost:
@@ -135,7 +135,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Hosts "{{ host1_fqdn }}" .. "{{ 'host5.' + ipaserver_domain }}" absent - name: Hosts "{{ host1_fqdn }}" .. "{{ 'host5.' + ipaserver_domain }}" absent
ipahost: ipahost:
@@ -148,4 +148,4 @@
- name: "{{ host5_fqdn }}" - name: "{{ host5_fqdn }}"
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed

18
tests/host/test_hosts_principal.yml
View File

@@ -41,7 +41,7 @@
- "{{ 'host/testhost2.' + ipaserver_domain + '@' + ipaserver_realm }}" - "{{ 'host/testhost2.' + ipaserver_domain + '@' + ipaserver_realm }}"
force: yes force: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host hostX... principal 'host/hostX... present (existing already) X=[1,2] - name: Host hostX... principal 'host/hostX... present (existing already) X=[1,2]
ipahost: ipahost:
@@ -55,7 +55,7 @@
- "{{ 'host/host2.' + ipaserver_domain + '@' + ipaserver_realm }}" - "{{ 'host/host2.' + ipaserver_domain + '@' + ipaserver_realm }}"
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host hostX... principal host/testhostX... present again X=[1,2] - name: Host hostX... principal host/testhostX... present again X=[1,2]
ipahost: ipahost:
@@ -69,7 +69,7 @@
- "{{ 'host/testhost2.' + ipaserver_domain + '@' + ipaserver_realm }}" - "{{ 'host/testhost2.' + ipaserver_domain + '@' + ipaserver_realm }}"
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host hostX.. principal host/testhostX... absent X=[1,2] - name: Host hostX.. principal host/testhostX... absent X=[1,2]
ipahost: ipahost:
@@ -84,7 +84,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host hostX... principal host/testhostX... absent again X=[1,2] - name: Host hostX... principal host/testhostX... absent again X=[1,2]
ipahost: ipahost:
@@ -99,7 +99,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host hostX... principal host/testhostX... and host/myhostX... present X=[1,2] - name: Host hostX... principal host/testhostX... and host/myhostX... present X=[1,2]
ipahost: ipahost:
@@ -115,7 +115,7 @@
- "{{ 'host/myhost2.' + ipaserver_domain + '@' + ipaserver_realm }}" - "{{ 'host/myhost2.' + ipaserver_domain + '@' + ipaserver_realm }}"
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host hostX... principal host/testhostX... and host/myhostX... present again X=[1,2] - name: Host hostX... principal host/testhostX... and host/myhostX... present again X=[1,2]
ipahost: ipahost:
@@ -131,7 +131,7 @@
- "{{ 'host/myhost2.' + ipaserver_domain + '@' + ipaserver_realm }}" - "{{ 'host/myhost2.' + ipaserver_domain + '@' + ipaserver_realm }}"
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Host hostX... principal host/testhostX... and host/myhostX... absent X=[1,2] - name: Host hostX... principal host/testhostX... and host/myhostX... absent X=[1,2]
ipahost: ipahost:
@@ -148,7 +148,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host hostX... principal host/testhostX... and host/myhostX... absent again X=[1,2] - name: Host hostX... principal host/testhostX... and host/myhostX... absent again X=[1,2]
ipahost: ipahost:
@@ -165,7 +165,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Hosts host1... and host2... absent - name: Hosts host1... and host2... absent
ipahost: ipahost:

30
tests/hostgroup/test_hostgroup.yml
View File

@@ -33,7 +33,7 @@
name: "{{ 'db1.' + ipaserver_domain }}" name: "{{ 'db1.' + ipaserver_domain }}"
force: yes force: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Host "{{ 'db2.' + ipaserver_domain }}" present - name: Host "{{ 'db2.' + ipaserver_domain }}" present
ipahost: ipahost:
@@ -41,7 +41,7 @@
name: "{{ 'db2.' + ipaserver_domain }}" name: "{{ 'db2.' + ipaserver_domain }}"
force: yes force: yes
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure host-group mysql-server is present - name: Ensure host-group mysql-server is present
ipahostgroup: ipahostgroup:
@@ -49,7 +49,7 @@
name: mysql-server name: mysql-server
state: present state: present
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure host-group mysql-server is present again - name: Ensure host-group mysql-server is present again
ipahostgroup: ipahostgroup:
@@ -57,7 +57,7 @@
name: mysql-server name: mysql-server
state: present state: present
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure host-group oracle-server is present - name: Ensure host-group oracle-server is present
ipahostgroup: ipahostgroup:
@@ -65,7 +65,7 @@
name: oracle-server name: oracle-server
state: present state: present
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure host-group oracle-server is present again - name: Ensure host-group oracle-server is present again
ipahostgroup: ipahostgroup:
@@ -73,7 +73,7 @@
name: oracle-server name: oracle-server
state: present state: present
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure host-group databases is present - name: Ensure host-group databases is present
ipahostgroup: ipahostgroup:
@@ -85,7 +85,7 @@
hostgroup: hostgroup:
- oracle-server - oracle-server
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure host-group databases is present again - name: Ensure host-group databases is present again
ipahostgroup: ipahostgroup:
@@ -97,7 +97,7 @@
hostgroup: hostgroup:
- oracle-server - oracle-server
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure host db2 is member of host-group databases - name: Ensure host db2 is member of host-group databases
ipahostgroup: ipahostgroup:
@@ -108,7 +108,7 @@
- "{{ 'db2.' + ipaserver_domain }}" - "{{ 'db2.' + ipaserver_domain }}"
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure host db2 is member of host-group databases again - name: Ensure host db2 is member of host-group databases again
ipahostgroup: ipahostgroup:
@@ -119,7 +119,7 @@
- "{{ 'db2.' + ipaserver_domain }}" - "{{ 'db2.' + ipaserver_domain }}"
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure host-group mysql-server is member of host-group databases - name: Ensure host-group mysql-server is member of host-group databases
ipahostgroup: ipahostgroup:
@@ -130,7 +130,7 @@
- mysql-server - mysql-server
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure host-group mysql-server is member of host-group databases again - name: Ensure host-group mysql-server is member of host-group databases again
ipahostgroup: ipahostgroup:
@@ -141,7 +141,7 @@
- mysql-server - mysql-server
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure host-group oracle-server is member of host-group databases (again) - name: Ensure host-group oracle-server is member of host-group databases (again)
ipahostgroup: ipahostgroup:
@@ -152,7 +152,7 @@
- oracle-server - oracle-server
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure host-group databases, mysql-server and oracle-server are absent - name: Ensure host-group databases, mysql-server and oracle-server are absent
ipahostgroup: ipahostgroup:
@@ -163,7 +163,7 @@
- oracle-server - oracle-server
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure host-group databases, mysql-server and oracle-server are absent again - name: Ensure host-group databases, mysql-server and oracle-server are absent again
ipahostgroup: ipahostgroup:
@@ -174,7 +174,7 @@
- oracle-server - oracle-server
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Test hosts db1 and db2 absent - name: Test hosts db1 and db2 absent
ipahost: ipahost:

40
tests/hostgroup/test_hostgroup_membermanager.yml
View File

@@ -45,21 +45,21 @@
first: manageruser2 first: manageruser2
last: Last2 last: Last2
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure managergroup1 is present - name: Ensure managergroup1 is present
ipagroup: ipagroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: managergroup1 name: managergroup1
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure managergroup2 is present - name: Ensure managergroup2 is present
ipagroup: ipagroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
name: managergroup2 name: managergroup2
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure membermanager user1 is present for testhostgroup - name: Ensure membermanager user1 is present for testhostgroup
ipahostgroup: ipahostgroup:
@@ -67,7 +67,7 @@
name: testhostgroup name: testhostgroup
membermanager_user: manageruser1 membermanager_user: manageruser1
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure membermanager user1 is present for testhostgroup again - name: Ensure membermanager user1 is present for testhostgroup again
ipahostgroup: ipahostgroup:
@@ -75,7 +75,7 @@
name: testhostgroup name: testhostgroup
membermanager_user: manageruser1 membermanager_user: manageruser1
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure membermanager group1 is present for testhostgroup - name: Ensure membermanager group1 is present for testhostgroup
ipahostgroup: ipahostgroup:
@@ -83,7 +83,7 @@
name: testhostgroup name: testhostgroup
membermanager_group: managergroup1 membermanager_group: managergroup1
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure membermanager group1 is present for testhostgroup again - name: Ensure membermanager group1 is present for testhostgroup again
ipahostgroup: ipahostgroup:
@@ -91,7 +91,7 @@
name: testhostgroup name: testhostgroup
membermanager_group: managergroup1 membermanager_group: managergroup1
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure membermanager user2 and group2 members are present for testhostgroup - name: Ensure membermanager user2 and group2 members are present for testhostgroup
ipahostgroup: ipahostgroup:
@@ -101,7 +101,7 @@
membermanager_group: managergroup2 membermanager_group: managergroup2
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure membermanager user2 and group2 members are present for testhostgroup again - name: Ensure membermanager user2 and group2 members are present for testhostgroup again
ipahostgroup: ipahostgroup:
@@ -111,7 +111,7 @@
membermanager_group: managergroup2 membermanager_group: managergroup2
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure membermanager user and group members are present for testhostgroup again - name: Ensure membermanager user and group members are present for testhostgroup again
ipahostgroup: ipahostgroup:
@@ -121,7 +121,7 @@
membermanager_group: managergroup1,managergroup2 membermanager_group: managergroup1,managergroup2
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure membermanager user1 and group1 members are absent for testhostgroup - name: Ensure membermanager user1 and group1 members are absent for testhostgroup
ipahostgroup: ipahostgroup:
@@ -132,7 +132,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure membermanager user1 and group1 members are absent for testhostgroup again - name: Ensure membermanager user1 and group1 members are absent for testhostgroup again
ipahostgroup: ipahostgroup:
@@ -143,7 +143,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure membermanager user1 and group1 members are present for testhostgroup - name: Ensure membermanager user1 and group1 members are present for testhostgroup
@@ -154,7 +154,7 @@
membermanager_group: managergroup1 membermanager_group: managergroup1
action: member action: member
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure membermanager user1 and group1 members are present for testhostgroup again - name: Ensure membermanager user1 and group1 members are present for testhostgroup again
ipahostgroup: ipahostgroup:
@@ -164,7 +164,7 @@
membermanager_group: managergroup1 membermanager_group: managergroup1
action: member action: member
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure membermanager user and group members are absent for testhostgroup - name: Ensure membermanager user and group members are absent for testhostgroup
ipahostgroup: ipahostgroup:
@@ -175,7 +175,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure membermanager user and group members are absent for testhostgroup again - name: Ensure membermanager user and group members are absent for testhostgroup again
ipahostgroup: ipahostgroup:
@@ -186,7 +186,7 @@
action: member action: member
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure user manangeruser1 and manageruser2 is absent - name: Ensure user manangeruser1 and manageruser2 is absent
ipauser: ipauser:
@@ -194,7 +194,7 @@
name: manageruser1,manageruser2 name: manageruser1,manageruser2
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure group managergroup1 and managergroup2 are absent - name: Ensure group managergroup1 and managergroup2 are absent
ipagroup: ipagroup:
@@ -202,10 +202,8 @@
name: managergroup1,managergroup2 name: managergroup1,managergroup2
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
# Do not add failed_when result.failed, as this test needs to fail
# due to using an unknown user
- name: Ensure unknown membermanager_user member failure - name: Ensure unknown membermanager_user member failure
ipahostgroup: ipahostgroup:
ipaadmin_password: SomeADMINpassword ipaadmin_password: SomeADMINpassword
@@ -222,5 +220,5 @@
- testhostgroup - testhostgroup
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
when: ipa_version is version('4.8.4', '>=') when: ipa_version is version('4.8.4', '>=')

8
tests/hostgroup/test_hostgroup_rename.yml
View File

@@ -24,7 +24,7 @@
name: databases name: databases
state: present state: present
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Rename host-group from `databases` to `datalake` - name: Rename host-group from `databases` to `datalake`
ipahostgroup: ipahostgroup:
@@ -33,7 +33,7 @@
rename: datalake rename: datalake
state: renamed state: renamed
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed
- name: Ensure host-group database was already absent - name: Ensure host-group database was already absent
ipahostgroup: ipahostgroup:
@@ -41,7 +41,7 @@
name: database name: database
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Rename host-group from `databases` to `datalake`, again - name: Rename host-group from `databases` to `datalake`, again
ipahostgroup: ipahostgroup:
@@ -59,7 +59,7 @@
rename: datalake rename: datalake
state: renamed state: renamed
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed
- name: Ensure testing hostgroups do not exist. - name: Ensure testing hostgroups do not exist.
ipahostgroup: ipahostgroup:

24
tests/privilege/test_privilege.yml
View File

@@ -140,30 +140,6 @@
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed or result.failed
- name: Ensure "Broad Privilege" is absent.
ipaprivilege:
ipaadmin_password: SomeADMINpassword
name: Broad Privilege
state: absent
- name: Ensure privilege Broad Privilege is created with permission. (issue 529)
ipaprivilege:
ipaadmin_password: SomeADMINpassword
name: Broad Privilege
permission:
- "Write IPA Configuration"
register: result
failed_when: not result.changed or result.failed
- name: Ensure privilege Broad Privilege is created with permission, again. (issue 529)
ipaprivilege:
ipaadmin_password: SomeADMINpassword
name: Broad Privilege
permission:
- "Write IPA Configuration"
register: result
failed_when: result.changed or result.failed
# CLEANUP TEST ITEMS # CLEANUP TEST ITEMS
- name: Ensure privilege testing privileges are absent - name: Ensure privilege testing privileges are absent

Some files were not shown because too many files have changed in this diff Show More