--- # Tasks to test member management for Vault module. - name: Setup testing environment. ansible.builtin.import_tasks: env_setup.yml - name: Ensure vault is present ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" vault_type: "{{ vault.vault_type }}" register: result failed_when: not result.changed or result.failed when: vault.vault_type == 'standard' - name: Ensure vault is present ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" vault_password: SomeVAULTpassword vault_type: "{{ vault.vault_type }}" register: result failed_when: not result.changed or result.failed when: vault.vault_type == 'symmetric' - name: Ensure vault is present ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" vault_type: "{{ vault.vault_type }}" public_key: "{{ lookup('file', 'A_private.b64') }}" register: result failed_when: not result.changed or result.failed when: vault.vault_type == 'asymmetric' - name: Ensure vault member user is present. ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" action: member users: - user02 register: result failed_when: not result.changed or result.failed - name: Ensure vault member user is present, again. ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" action: member users: - user02 register: result failed_when: result.changed or result.failed - name: Ensure more vault member users are present. ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" action: member users: - admin - user02 register: result failed_when: not result.changed or result.failed - name: Ensure vault member user is still present. ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" action: member users: - user02 register: result failed_when: result.changed or result.failed - name: Ensure vault users are absent. ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" action: member users: - admin - user02 state: absent register: result failed_when: not result.changed or result.failed - name: Ensure vault users are absent, again. ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" action: member users: - admin - user02 state: absent register: result failed_when: result.changed or result.failed - name: Ensure vault user is absent, once more. ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" action: member users: - admin state: absent register: result failed_when: result.changed or result.failed - name: Ensure vault member group is present. ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" action: member groups: vaultgroup register: result failed_when: not result.changed or result.failed - name: Ensure vault member group is present, again. ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" action: member groups: vaultgroup register: result failed_when: result.changed or result.failed - name: Ensure vault member group is absent. ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" action: member groups: vaultgroup state: absent register: result failed_when: not result.changed or result.failed - name: Ensure vault member group is absent, again. ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" action: member groups: vaultgroup state: absent register: result failed_when: result.changed or result.failed - name: Ensure vault member service is present. ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" action: member services: "HTTP/{{ ansible_facts['fqdn'] }}" register: result failed_when: not result.changed or result.failed - name: Ensure vault member service is present, again. ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" action: member services: "HTTP/{{ ansible_facts['fqdn'] }}" register: result failed_when: result.changed or result.failed - name: Ensure vault member service is absent. ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" action: member services: "HTTP/{{ ansible_facts['fqdn'] }}" state: absent register: result failed_when: not result.changed or result.failed - name: Ensure vault member service is absent, again. ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" action: member services: "HTTP/{{ ansible_facts['fqdn'] }}" state: absent register: result failed_when: result.changed or result.failed - name: Ensure user03 is an owner of vault. ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" owners: user03 action: member register: result failed_when: not result.changed or result.failed - name: Ensure user03 is an owner of vault, again. ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" owners: user03 action: member register: result failed_when: result.changed or result.failed - name: Ensure user03 is not owner of vault. ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" owners: user03 state: absent action: member register: result failed_when: not result.changed or result.failed - name: Ensure user03 is not owner of vault, again. ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" owners: user03 state: absent action: member register: result failed_when: result.changed or result.failed - name: Ensure vaultgroup is an ownergroup of vault. ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" ownergroups: vaultgroup action: member register: result failed_when: not result.changed or result.failed - name: Ensure vaultgroup is an ownergroup of vault, again. ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" ownergroups: vaultgroup action: member register: result failed_when: result.changed or result.failed - name: Ensure vaultgroup is not ownergroup of vault. ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" ownergroups: vaultgroup state: absent action: member register: result failed_when: not result.changed or result.failed - name: Ensure vaultgroup is not ownergroup of vault, again. ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" ownergroups: vaultgroup state: absent action: member register: result failed_when: result.changed or result.failed - name: Ensure service is an owner of vault. ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" ownerservices: "HTTP/{{ ansible_facts['fqdn'] }}" action: member register: result failed_when: not result.changed or result.failed - name: Ensure service is an owner of vault, again. ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" ownerservices: "HTTP/{{ ansible_facts['fqdn'] }}" action: member register: result failed_when: result.changed or result.failed - name: Ensure service is not owner of vault. ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" ownerservices: "HTTP/{{ ansible_facts['fqdn'] }}" state: absent action: member register: result failed_when: not result.changed or result.failed - name: Ensure service is not owner of vault, again. ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" ownerservices: "HTTP/{{ ansible_facts['fqdn'] }}" state: absent action: member register: result failed_when: result.changed or result.failed - name: Ensure {{ vault.vault_type }} vault is absent ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" state: absent register: result failed_when: not result.changed or result.failed - name: Ensure {{ vault.vault_type }} vault is absent, again ipavault: ipaadmin_password: SomeADMINpassword name: "{{ vault.name }}" state: absent register: result failed_when: result.changed or result.failed - name: Cleanup testing environment. ansible.builtin.import_tasks: env_cleanup.yml