--- - name: Test service member in role module. hosts: ipaserver become: yes gather_facts: yes tasks: - name: Set environment facts. import_tasks: env_facts.yml - name: Setup environment. import_tasks: env_setup.yml - name: Add role. iparole: ipaadmin_password: SomeADMINpassword name: testrole user: user01 group: group01 hostgroup: hostgroup01 host: "{{ host1_fqdn }}" service: "service01/{{ host1_fqdn }}" privilege: - Automember Readers - ADTrust Agents register: result failed_when: result.failed or not result.changed # Test fix for https://github.com/freeipa/ansible-freeipa/issues/409 - name: Add new privileges to role. iparole: ipaadmin_password: SomeADMINpassword name: testrole privilege: - DNS Servers - Host Administrators - DNS Administrators - Group Administrators action: member register: result failed_when: result.failed or not result.changed - name: Verify role privileges. shell: cmd: | echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin KRB5CCNAME={{ KRB5CCNAME }} ipa role-show testrole kdestroy -A -q -c {{ KRB5CCNAME }} register: result failed_when: | result.failed or not ( "Automember Readers" in result.stdout and "ADTrust Agents" in result.stdout and "DNS Servers" in result.stdout and "Host Administrators" in result.stdout and "DNS Administrators" in result.stdout and "Group Administrators" in result.stdout ) vars: KRB5CCNAME: verify_issue_409 # End of test fix for https://github.com/freeipa/ansible-freeipa/issues/409 # Test fix for https://github.com/freeipa/ansible-freeipa/issues/412 - name: Add new user to role. iparole: ipaadmin_password: SomeADMINpassword name: testrole user: user02 action: member register: result failed_when: result.failed or not result.changed - name: Verify role users. shell: cmd: | echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin KRB5CCNAME={{ KRB5CCNAME }} ipa role-show testrole kdestroy -A -q -c {{ KRB5CCNAME }} register: result failed_when: | result.failed or not ( "user01" in result.stdout and "user02" in result.stdout ) vars: KRB5CCNAME: verify_issue_412 - name: Add new group to role. iparole: ipaadmin_password: SomeADMINpassword name: testrole group: group02 action: member register: result failed_when: result.failed or not result.changed - name: Verify role group. shell: cmd: | echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin KRB5CCNAME={{ KRB5CCNAME }} ipa role-show testrole kdestroy -A -q -c {{ KRB5CCNAME }} register: result failed_when: | result.failed or not ( "group01" in result.stdout and "group02" in result.stdout ) vars: KRB5CCNAME: verify_issue_412 - name: Add new host to role. iparole: ipaadmin_password: SomeADMINpassword name: testrole host: "{{ host2_fqdn }}" action: member register: result failed_when: result.failed or not result.changed - name: Verify role hosts. shell: cmd: | echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin KRB5CCNAME={{ KRB5CCNAME }} ipa role-show testrole kdestroy -A -q -c {{ KRB5CCNAME }} register: result failed_when: | result.failed or not ( host1 in result.stdout and host2 in result.stdout ) vars: KRB5CCNAME: verify_issue_412 host1: " {{ host1_fqdn }}" host2: " {{ host2_fqdn }}" - name: Add new hostgroup to role. iparole: ipaadmin_password: SomeADMINpassword name: testrole hostgroup: hostgroup02 action: member register: result failed_when: result.failed or not result.changed - name: Verify role hostgroups. shell: cmd: | echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin KRB5CCNAME={{ KRB5CCNAME }} ipa role-show testrole kdestroy -A -q -c {{ KRB5CCNAME }} register: result failed_when: | result.failed or not ( " hostgroup01" in result.stdout and " hostgroup02" in result.stdout ) vars: KRB5CCNAME: verify_issue_412 - name: Add new service to role. iparole: ipaadmin_password: SomeADMINpassword name: testrole service: "service02/{{ host2_fqdn }}" action: member register: result failed_when: result.failed or not result.changed - name: Verify role services. shell: cmd: | echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin KRB5CCNAME={{ KRB5CCNAME }} ipa role-show testrole kdestroy -A -q -c {{ KRB5CCNAME }} register: result failed_when: | result.failed or not ( service1 in result.stdout and service1 in result.stdout ) vars: KRB5CCNAME: verify_issue_412 service1: "service01/{{ host1_fqdn }}" service2: "service02/{{ host2_fqdn }}" # End of test fix for https://github.com/freeipa/ansible-freeipa/issues/412 # Test fix for https://github.com/freeipa/ansible-freeipa/issues/413 - name: Add new user to role. iparole: ipaadmin_password: SomeADMINpassword name: testrole user: user03 action: member register: result failed_when: result.failed or not result.changed - name: Verify role services. shell: cmd: | echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin KRB5CCNAME={{ KRB5CCNAME }} ipa role-show testrole kdestroy -A -q -c {{ KRB5CCNAME }} register: result failed_when: | result.failed or not ( service1 in result.stdout and service1 in result.stdout and "user03" in result.stdout ) vars: KRB5CCNAME: verify_issue_413 service1: "service01/{{ host1_fqdn }}" service2: "service02/{{ host2_fqdn }}" - name: Remove user from role. iparole: ipaadmin_password: SomeADMINpassword name: testrole user: user03 action: member state: absent register: result failed_when: result.failed or not result.changed - name: Verify role services. shell: cmd: | echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin KRB5CCNAME={{ KRB5CCNAME }} ipa role-show testrole kdestroy -A -q -c {{ KRB5CCNAME }} register: result failed_when: | result.failed or not ( service1 in result.stdout and service1 in result.stdout and "user03" not in result.stdout ) vars: KRB5CCNAME: verify_issue_413 service1: "service01/{{ host1_fqdn }}" service2: "service02/{{ host2_fqdn }}" # End of test fix for https://github.com/freeipa/ansible-freeipa/issues/413 # Test fix for https://github.com/freeipa/ansible-freeipa/issues/411 - name: Add non-existing user to role. iparole: ipaadmin_password: SomeADMINpassword name: testrole user: nonexisiting_user action: member register: result failed_when: not result.failed # End of test fix for https://github.com/freeipa/ansible-freeipa/issues/411 # cleanup - name: Cleanup environment. include_tasks: env_cleanup.yml