--- - name: Test user hosts: "{{ ipa_test_host | default('ipaserver') }}" become: true gather_facts: false tasks: - name: Include FreeIPA facts. ansible.builtin.include_tasks: ../env_freeipa_facts.yml - name: Remove test users ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: manager1,manager2,manager3,pinky,pinky2,igagarin,reddy state: absent - name: User manager1 present ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: manager1 first: Manager last: One register: result failed_when: not result.changed or result.failed - name: User manager2 present ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: manager2 first: Manager last: One register: result failed_when: not result.changed or result.failed - name: User manager3 present ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: manager3 first: Manager last: One register: result failed_when: not result.changed or result.failed - name: User pinky present ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky uid: 10001 gid: 100 phone: "+555123457" email: pinky@acme.com principalexpiration: "21220119235959" passwordexpiration: "2122-01-19 23:59:59" first: pinky last: Acme initials: pa # password: foo2 principal: pa random: yes street: PinkyStreet city: PinkyCity userstate: PinkyState postalcode: PinkyZip mobile: "+555123458,+555123459" pager: "+555123450,+555123451" fax: "+555123452,+555123453" orgunit: PinkyOrgUnit manager: manager1,manager2 update_password: on_create carlicense: PinkyCarLicense1,PinkyCarLicense2 # sshpubkey userauthtype: password,radius,otp userclass: PinkyUserClass # radius: "http://some.link/" # radiususer: PinkyRadiusUser departmentnumber: "1234" employeenumber: "0815" employeetype: "PinkyExmployeeType" preferredlanguage: "en" # certificate noprivate: yes nomembers: false # issuer: PinkyIssuer # subject: PinkySubject register: result failed_when: not result.changed or result.failed - name: Ensure user presence with 'random:false' ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky first: pinky last: Acme random: false register: result failed_when: result.changed or result.failed - name: Set street, again ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky street: PinkyStreet register: result failed_when: result.changed or result.failed - name: Clear street attribute. ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky street: "" register: result failed_when: not result.changed or result.failed - name: Clear street attribute, again ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky street: "" register: result failed_when: result.changed or result.failed - name: User pinky present with changed settings ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky first: pinky last: Acme manager: [] principal: [] sshpubkey: # yamllint disable-line rule:line-length - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqmVDpEX5gnSjKuv97AyzOhaUMMKz8ahOA3GY77tVC4o68KNgMCmDSEG1/kOIaElngNLaCha3p/2iAcU9Bi1tLKUlm2bbO5NHNwHfRxY/3cJtq+/7D1vxJzqThYwI4F9vr1WxyY2+mMTv3pXbfAJoR8Mu06XaEY5PDetlDKjHLuNWF+/O7ZU8PsULTa1dJZFrtXeFpmUoLoGxQBvlrlcPI1zDciCSU24t27Zan5Py2l5QchyI7yhCyMM77KDtj5+AFVpmkb9+zq50rYJAyFVeyUvwjzErvQrKJzYpA0NyBp7vskWbt36M16/M/LxEK7HA6mkcakO3ESWx5MT1LAjvdlnxbWG3787MxweHXuB8CZU+9bZPFBaJ+VQtOfJ7I8eH0S16moPC4ak8FlcFvOH8ERDPWLFDqfy09yaZ7bVIF0//5ZI7Nf3YDe3S7GrBX5ieYuECyP6UNkTx9BRsAQeVvXEc6otzB7iCSnYBMGUGzCqeigoAWaVQUONsSR3Uatks= pinky@ipaserver.el81.local # noqa 204 # yamllint disable-line rule:line-length - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDc8MIjaSrxLYHvu+hduoF4m6NUFSlXZWzYbd3BK4L47/U4eiXoOS6dcfuZJDjmLfOipc7XVp7NADwAgA1yBOAjbeVpXr2tC8w8saZibl75WBOEjDfNroiOh/f/ojrwwHg05QTVSZHs27sU1HBPyCQM/FHVM6EnRfmyiBkEBA/3ca0PJ9UJhWb2XisCaz6y6QcTh4gQnvHzgmEmK31GwiKnmBSEQuj8P5NGCO8RlN3cq3zpRpMDEoBRCjQYicllf/5P43r5OGvS1LhTiAMfyqE37URezNQa7aozBpH1GhIwAmjAtm84jXQjxUgZPYC0aSLuADYErScOP4792r6koH9t/DM5/M+jG2c4PNWynDczUw6Eaxl5E3hU0Ee9UN0Oee7iBnVenS/QMeZNyo5lMA/HXT5lrYiJGTYM0shRjGXXYBbJZhWerguSWDAdUd1gvuGP1nb7/+/Cvb46+HX7zYouS5Ojo0yPzMZ07X142jnKAfx9LnKdMUCwBJzbtoJ91Zc= pinky@ipaserver.el81.local # noqa 204 register: result failed_when: not result.changed or result.failed - name: User pinky add manager manager1 ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky manager: manager1 action: member register: result failed_when: not result.changed or result.failed - name: User pinky add manager manager1 again ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky manager: manager1 action: member register: result failed_when: result.changed or result.failed - name: User pinky add manager manager2, manager3 ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky manager: manager2,manager3 action: member register: result failed_when: not result.changed or result.failed - name: User pinky add manager manager2, manager3 again ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky manager: manager2,manager3 action: member register: result failed_when: result.changed or result.failed - name: User pinky remove manager manager1 ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky manager: manager1 action: member state: absent register: result failed_when: not result.changed or result.failed - name: User pinky remove manager manager1 again ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky manager: manager1 action: member state: absent register: result failed_when: result.changed or result.failed - name: User pinky add principal pa ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky principal: pa action: member register: result failed_when: not result.changed or result.failed - name: User pinky add principal pa again ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky principal: pa action: member register: result failed_when: result.changed or result.failed - name: User pinky add principal pa1 ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky principal: pa1 action: member register: result failed_when: not result.changed or result.failed - name: User pinky remove principal pa1 ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky principal: pa1 action: member state: absent register: result failed_when: not result.changed or result.failed - name: User pinky remove principal pa1 again ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky principal: pa1 action: member state: absent register: result failed_when: result.changed or result.failed - name: User pinky remove principal pa ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky principal: pa action: member state: absent register: result failed_when: not result.changed or result.failed - name: User pinky remove principal non-existing pa2 ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky principal: pa2 action: member state: absent register: result failed_when: result.changed or result.failed - name: User pinky absent and preserved ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky preserve: yes state: absent register: result failed_when: not result.changed or result.failed - name: User pinky absent and preserved, again ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky preserve: yes state: absent register: result failed_when: result.changed or result.failed - name: User pinky undeleted (preserved before) ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky state: undeleted register: result failed_when: not result.changed or result.failed - name: User pinky undeleted (preserved before), again ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky state: undeleted register: result failed_when: result.changed or result.failed - name: Users pinky disabled ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky state: disabled register: result failed_when: not result.changed or result.failed - name: Users pinky disabled, again ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky state: disabled register: result failed_when: result.changed or result.failed - name: User pinky enabled ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky state: enabled register: result failed_when: not result.changed or result.failed - name: User pinky enabled, again ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky state: enabled register: result failed_when: result.changed or result.failed - name: Rename user pinky to reddy ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky rename: reddy state: renamed register: result failed_when: not result.changed or result.failed - name: Rename user pinky to reddy, again ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky rename: reddy state: renamed register: result failed_when: not result.failed or "No user 'pinky'" not in result.msg - name: Rename user reddy to reddy ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: reddy rename: reddy state: renamed register: result failed_when: result.changed or result.failed - name: Rename user reddy back to pinky ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: reddy rename: pinky state: renamed register: result failed_when: not result.changed or result.failed - name: Ensure user pinky with userauthtype passkey exists ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky first: pinky last: user userauthtype: passkey register: result failed_when: not result.changed or result.failed when: passkey_is_supported - name: Ensure user pinky with userauthtype passkey exists, again ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky first: pinky last: user userauthtype: passkey register: result failed_when: result.changed or result.failed when: passkey_is_supported - name: Check if correct message is given if passkey is not supported. ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky first: pinky last: user userauthtype: passkey register: result when: not passkey_is_supported failed_when: not result.failed or "'passkey' is not supported" not in result.msg - name: User pinky absent and preserved for future exclusion. ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky preserve: yes state: absent register: result failed_when: not result.changed or result.failed - name: User pinky absent ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky state: absent register: result failed_when: not result.changed or result.failed - name: User pinky absent and preserved, when already absent ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: pinky preserve: yes state: absent register: result failed_when: result.changed or result.failed - name: Ensure user with GECOS information exists. ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: igagarin first: Iuri last: Gagarin gecos: Юрий Алексеевич Гагарин register: result failed_when: not result.changed or result.failed - name: Ensure user with GECOS information exists, again. ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: igagarin first: Iuri last: Gagarin gecos: Юрий Алексеевич Гагарин register: result failed_when: result.changed or result.failed - name: Modify GECOS information. ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: igagarin gecos: Юрий Гагарин register: result failed_when: not result.changed or result.failed - name: Updating with existent data, should not change user. ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: igagarin first: Iuri last: Gagarin gecos: Юрий Гагарин register: result failed_when: result.changed or result.failed - name: Ensure GECOS parameter is cleared. ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: igagarin gecos: "" register: result failed_when: not result.changed or result.failed - name: Ensure GECOS parameter is cleared, again ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: igagarin gecos: "" register: result failed_when: result.changed or result.failed - name: Ensure GECOS parameter cannot be used with state absent. ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: igagarin gecos: Юрий Гагарин state: absent register: result failed_when: not result.failed or "Argument 'gecos' can not be used with action 'user' and state 'absent'" not in result.msg - name: Ensure user igagarin is absent. ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: igagarin state: absent register: result failed_when: not result.changed or result.failed - name: Ensure user with non-ascii name exists. ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: igagarin first: Юрий last: Гагарин register: result failed_when: not result.changed or result.failed - name: Ensure user with non-ascii name exists has proper GECOS value. ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: igagarin gecos: Юрий Гагарин register: result failed_when: result.changed or result.failed - name: Remove test users ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: manager1,manager2,manager3,pinky,pinky2,igagarin state: absent