--- - name: Test vault hosts: ipaserver become: true # Need to gather facts for ansible_env. gather_facts: true tasks: - name: Copy password file to target host. copy: src: "{{ playbook_dir }}/password.txt" dest: "{{ ansible_env.HOME }}/password.txt" - name: Copy public key file to target host. copy: src: "{{ playbook_dir }}/public.pem" dest: "{{ ansible_env.HOME }}/public.pem" - name: Copy private key file to target host. copy: src: "{{ playbook_dir }}/private.pem" dest: "{{ ansible_env.HOME }}/private.pem" - name: Copy input data file to target host. copy: src: "{{ playbook_dir }}/in.txt" dest: "{{ ansible_env.HOME }}/in.txt" - name: Ensure user vaults are absent ipavault: ipaadmin_password: SomeADMINpassword name: - stdvault - symvault - asymvault username: user01 state: absent - name: Ensure test users do not exist. ipauser: ipaadmin_password: SomeADMINpassword name: - user01 - user02 - user03 state: absent - name: Ensure test groups do not exist. ipagroup: ipaadmin_password: SomeADMINpassword name: vaultgroup state: absent - name: Ensure vaultgroup exists. ipagroup: ipaadmin_password: SomeADMINpassword name: vaultgroup - name: Ensure user01 exists. ipauser: ipaadmin_password: SomeADMINpassword name: user01 first: First last: Start - name: Ensure user02 exists. ipauser: ipaadmin_password: SomeADMINpassword name: user02 first: Second last: Middle - name: Ensure user03 exists. ipauser: ipaadmin_password: SomeADMINpassword name: user03 first: Third last: Last - name: Ensure shared vaults are absent ipavault: ipaadmin_password: SomeADMINpassword name: sharedvault shared: True state: absent - name: Ensure standard vault is absent ipavault: ipaadmin_password: SomeADMINpassword name: stdvault state: absent - name: Ensure service vault is absent ipavault: ipaadmin_password: SomeADMINpassword name: svcvault service: "HTTP/{{ groups.ipaserver[0] }}" state: absent # tests - name: Ensure standard vault is present ipavault: ipaadmin_password: SomeADMINpassword name: stdvault vault_type: standard register: result failed_when: not result.changed - name: Ensure standard vault is present, again ipavault: ipaadmin_password: SomeADMINpassword name: stdvault vault_type: standard register: result failed_when: result.changed - name: Ensure standard vault is absent ipavault: ipaadmin_password: SomeADMINpassword name: stdvault state: absent register: result failed_when: not result.changed - name: Ensure standard vault is absent, again ipavault: ipaadmin_password: SomeADMINpassword name: stdvault state: absent register: result failed_when: result.changed - name: Ensure symmetric vault is present ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: user01 vault_password: SomeVAULTpassword vault_type: symmetric register: result failed_when: not result.changed - name: Ensure symmetric vault is present, again ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: user01 vault_password: SomeVAULTpassword vault_type: symmetric register: result failed_when: result.changed - name: Archive data to symmetric vault ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: user01 vault_password: SomeVAULTpassword vault_data: Hello World. register: result failed_when: not result.changed - name: Archive data with non-ASCII characters to symmetric vault ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: user01 vault_password: SomeVAULTpassword vault_data: The world of π is half rounded. register: result failed_when: not result.changed - name: Ensure symmetric vault is absent ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: user01 state: absent register: result failed_when: not result.changed - name: Ensure symmetric vault is absent, again ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: user01 state: absent register: result failed_when: result.changed - name: Ensure symmetric vault is present ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: user01 vault_password: SomeVAULTpassword vault_type: symmetric register: result failed_when: not result.changed - name: Ensure symmetric vault is present, with a different password ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: user01 vault_password: SomeOtherVAULTpassword vault_type: symmetric register: result failed_when: result.changed - name: Ensure symmetric vault is absent ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: user01 state: absent register: result failed_when: not result.changed - name: Ensure symmetric vault is present, with password from file. ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: user01 vault_password_file: "{{ ansible_env.HOME }}/password.txt" vault_type: symmetric register: result failed_when: not result.changed - name: Ensure symmetric vault is present, with password from file, again. ipavault: ipaadmin_password: SomeADMINpassword name: symvault username: user01 vault_password_file: password.txt vault_type: symmetric register: result failed_when: result.changed - name: Ensure asymmetric vault is present, with public key file. ipavault: ipaadmin_password: SomeADMINpassword name: asymvault username: admin description: An asymmetric private vault. public_key_file: "{{ ansible_env.HOME }}/public.pem" vault_type: asymmetric register: result failed_when: not result.changed - name: Ensure asymmetric vault is present, with public key file, again. ipavault: ipaadmin_password: SomeADMINpassword name: asymvault username: admin description: An asymmetric private vault. public_key_file: "{{ ansible_env.HOME }}/public.pem" vault_type: asymmetric register: result failed_when: result.changed - name: Archive data in asymmetric vault. ipavault: ipaadmin_password: SomeADMINpassword name: asymvault username: admin vault_data: Hello World. register: result failed_when: not result.changed - name: Ensure asymmetric vault is absent. ipavault: ipaadmin_password: SomeADMINpassword name: asymvault username: admin state: absent register: result failed_when: not result.changed - name: Ensure asymmetric vault is absent, again. ipavault: ipaadmin_password: SomeADMINpassword name: asymvault username: admin state: absent register: result failed_when: result.changed - name: Ensure asymmetric vault is present. ipavault: ipaadmin_password: SomeADMINpassword name: asymvault username: user01 description: An asymmetric private vault. vault_public_key: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFyTTUvZjZkZC9ZSW0vYTllb0dWVApXOGpvYkVncmY5UFhSQTNhSHNBN2tKbzZmQjE4SEQ0K1JWVXd4L2xxbGtQWWJVaTliWFYvckpBa1V3QUVET25KCmVxWEVTWitnVkNWbWlnUnptS1dLMmFkOWFnbVlTaXF5eU54RklKdlpBbzBkRzRDQVdqWUsyN3RMZzRJaDZvR3MKWklERytXVkVTNVc4OUsrTDBid1ZqcTR0c2hoZURNTzU3dW52bUlLRW1hQkUwZXdQZnZrZFpoNWs4R3RzOUg0ZgpoMGZHazV0YklZYTBiaHdNVXBMK1dIT202bmJkK243QmJhVmM4MjBUZ1pETy9yU1l0bnVYYUljNld4MFU5TFhaCmtVbWszYXBNbnprbk5hVHFndUFRZFRuNzlHOFBxckdxbXlXZC9FMWNIMmI1anpJeGlHbzhwc0w1c3hXVlk3V0oKZHdJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg== vault_type: asymmetric register: result failed_when: not result.changed - name: Ensure asymmetric vault is present, again. ipavault: ipaadmin_password: SomeADMINpassword name: asymvault username: user01 description: An asymmetric private vault. vault_public_key: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFyTTUvZjZkZC9ZSW0vYTllb0dWVApXOGpvYkVncmY5UFhSQTNhSHNBN2tKbzZmQjE4SEQ0K1JWVXd4L2xxbGtQWWJVaTliWFYvckpBa1V3QUVET25KCmVxWEVTWitnVkNWbWlnUnptS1dLMmFkOWFnbVlTaXF5eU54RklKdlpBbzBkRzRDQVdqWUsyN3RMZzRJaDZvR3MKWklERytXVkVTNVc4OUsrTDBid1ZqcTR0c2hoZURNTzU3dW52bUlLRW1hQkUwZXdQZnZrZFpoNWs4R3RzOUg0ZgpoMGZHazV0YklZYTBiaHdNVXBMK1dIT202bmJkK243QmJhVmM4MjBUZ1pETy9yU1l0bnVYYUljNld4MFU5TFhaCmtVbWszYXBNbnprbk5hVHFndUFRZFRuNzlHOFBxckdxbXlXZC9FMWNIMmI1anpJeGlHbzhwc0w1c3hXVlk3V0oKZHdJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg== vault_type: asymmetric register: result failed_when: result.changed - name: Archive data in asymmetric vault. ipavault: ipaadmin_password: SomeADMINpassword name: asymvault username: user01 vault_data: Hello World. register: result failed_when: not result.changed - name: Retrieve data from asymmetric vault. ipavault: ipaadmin_password: SomeADMINpassword name: asymvault username: user01 vault_type: asymmetric private_key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBck01L2Y2ZGQvWUltL2E5ZW9HVlRXOGpvYkVncmY5UFhSQTNhSHNBN2tKbzZmQjE4CkhENCtSVlV3eC9scWxrUFliVWk5YlhWL3JKQWtVd0FFRE9uSmVxWEVTWitnVkNWbWlnUnptS1dLMmFkOWFnbVkKU2lxeXlOeEZJSnZaQW8wZEc0Q0FXallLMjd0TGc0SWg2b0dzWklERytXVkVTNVc4OUsrTDBid1ZqcTR0c2hoZQpETU81N3Vudm1JS0VtYUJFMGV3UGZ2a2RaaDVrOEd0czlINGZoMGZHazV0YklZYTBiaHdNVXBMK1dIT202bmJkCituN0JiYVZjODIwVGdaRE8vclNZdG51WGFJYzZXeDBVOUxYWmtVbWszYXBNbnprbk5hVHFndUFRZFRuNzlHOFAKcXJHcW15V2QvRTFjSDJiNWp6SXhpR284cHNMNXN4V1ZZN1dKZHdJREFRQUJBb0lCQUE2ZTlpaXQxNFVBZ3g0Sgp2WDdpczlmYk90Y1drQitqbzk0Tk1meFNGWGdacElNbDEzOW9RTXFLOTdLanhzSHFBYURWZTdtTUxINUVQOTZKCjdNM081ZzRyZ2wwY1ZXdHBNckRReVpzTHZxREZ6Qld4dENIcVZQQXJ1dW1VWmhzU0ozbFJPUXJvOGFnL3c1YmYKNXRDNW9nVnE0K3JzQjRoQnBoZ3Axakdyc1VNK0U4TzdEWFhGSDY4RjhXZ0JpNzI1V3Zjam5iSTlpcmtiMEdjcQoxYkNQSndOM2ZBMWkyVldpUndWWVdiTlRXbkRvTk05WmRZWXhLMGt1VWtEK1F0cmV5Y1dQZjlWNDlsdlVpMVZwCkZWTm1CVUR2R0szSzFNd2JnWFJ3T1hoYWNZN1B0amtkdmFlYjJRY3U1UmpUa3J1R2h6VVlzT1AzcC9jdyt3S1YKdnpRcWNlRUNnWUVBNVd6N1YyU2xSYTJyLy96K0VUUWtKZkVOSjBLRG5DYjBwTUNsQ1FoM2pUTlBBNkRiaGlNawpGVGtjb05icWNwVGlWU2x2aGg2VEtzY1NncVlRVWpRL09xeUc3U2tqS1ZqUTcyajViZVFMeGlMVHRVeWoxT21QClhoOWNXSlh4OGlRKzQ1Y1BvbitrTU9BSWlUd2lCM21tRlJmUWpJR3ZlMURQVW85SitOWjRYZEVDZ1lFQXdOS2cKT2RHWXh4S3RDclhWejFtZGc2UERsVjhxaDdueHhaYlBjaCthTUlRbDErb1RDZ1NpdzhvT1lFZDhnMEhPZFY2dAoxRytJV2h2UHhpaVd5My9BRTBRaGdvS2syR1VzU2pXU01MY0piYVV6RG9FSEZqVExqZWNSbHFkem83cXhSWHFCCm1lTjRMNVdKWUtuTEM0ODJLN2h2dWZTK3VvNWZCNXF3UG10MTNNY0NnWUFlNFRWUFJQK3R5anR0WUNyK084dGwKdy9VbVJLQ2NRdTRJd3Rrenh3ejRWMkNhTjJ0MHVZUWd5eWdjU2ZFU2JSR3RycjhSQ1VwN3BvSEtUZm5DWnIvZgo4TnJVVHdZcGlZZk53WTVaQ1NuQWlHMkFhSWxnbmZNckV3T0Y5T0MwMjhZUE1nVHJ0VXh2TzZoS2VHcUlJUXFHCnFrYnFzb1hoRGpacGdWbk9nV2VBRVFLQmdHdWlaMHcvSXFBbFhiQzMxZlViMmlCTWZ2WFhuSjhNL2RmRkdtRmoKSUtmcWJGRjlXVWxqVXhRbHF5YTFZTnpJRkI1U1RvaGlCZVArMkZtTitMYjV4ZGM3VmRWTFpnZGhXbnJHTXFlOAoxS2QrNnVReXhDanlLWm81blFqU3ltdGY0R3FmT3M4VE9kaWVDWVNLNDB1OWtvaVBPTmE5dHVYZWFVK09Xc2xOCkpRcXJBb0dCQUozTUtPdnNuUXp1WlZQMnZ6MFpxTHdJRTNYalJpRkd2ZVZwaXpxNGh3T1ZldU5zVjA4SnZBMHQKcHVlTkl5OWtsUFNjRmM5T1VkaVpXa0VYMDlCd0prVklyT0hvdHVTQjhBU3RPNVVBbnRObnV5V0xKRUZDNFVxNApHcEI4bGJqOWpreFNLYVU3WDNHYWMyM0s5Skw4ZXVMaDdFN3JQdVpSWWE2bVlONG5iS3F1Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== state: retrieved register: result failed_when: result.changed or result.failed or result['data'] != 'Hello World.' - name: Retrieve data from asymmetric vault, with private key file. ipavault: ipaadmin_password: SomeADMINpassword name: asymvault username: user01 vault_type: asymmetric private_key_file: "{{ ansible_env.HOME }}/private.pem" state: retrieved register: result failed_when: result.failed or result.changed or result['data'] != 'Hello World.' - name: Ensure asymmetric vault is absent. ipavault: ipaadmin_password: SomeADMINpassword name: asymvault username: user01 state: absent register: result failed_when: not result.changed - name: Ensure asymmetric vault is absent, again. ipavault: ipaadmin_password: SomeADMINpassword name: asymvault username: user01 state: absent register: result failed_when: result.changed - name: Ensure standard vault is present. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault vault_type: standard username: user01 description: A standard private vault. register: result failed_when: not result.changed - name: Ensure standard vault is present, again. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 vault_type: standard description: A standard private vault. register: result failed_when: result.changed - name: Archive data in standard vault. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 vault_data: Hello World. register: result failed_when: not result.changed - name: Retrieve data from standard vault. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 out: "{{ ansible_env.HOME }}/data.txt" state: retrieved register: result failed_when: result.changed - name: Verify retrieved data. slurp: src: "{{ ansible_env.HOME }}/data.txt" register: slurpfile failed_when: slurpfile['content'] | b64decode != 'Hello World.' - name: Archive data in standard vault, from file. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 in: "{{ ansible_env.HOME }}/in.txt" register: result failed_when: not result.changed - name: Retrieve data from standard vault. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 vault_type: standard state: retrieved register: result failed_when: result.data != 'Another World.' or result.changed - name: Ensure standard vault member user is present. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 action: member users: - user02 register: result failed_when: not result.changed - name: Ensure standard vault member user is present, again. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 action: member users: - user02 register: result failed_when: result.changed - name: Ensure more vault member users are present. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 action: member users: - user01 - user02 register: result failed_when: not result.changed - name: Ensure vault member user is still present. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 action: member users: - user02 register: result failed_when: result.changed - name: Ensure vault users are absent. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 action: member users: - user01 - user02 state: absent register: result failed_when: not result.changed - name: Ensure vault users are absent, again. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 action: member users: - user01 - user02 state: absent register: result failed_when: result.changed - name: Ensure vault user is absent, once more. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 action: member users: - user01 state: absent register: result failed_when: result.changed - name: Ensure vault member group is present. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 action: member groups: vaultgroup register: result failed_when: not result.changed - name: Ensure vault member group is present, again. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 action: member groups: vaultgroup register: result failed_when: result.changed - name: Ensure vault member group is absent. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 action: member groups: vaultgroup state: absent register: result failed_when: not result.changed - name: Ensure vault member group is absent, again. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 action: member groups: vaultgroup state: absent register: result failed_when: result.changed - name: Ensure vault member service is present. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 action: member services: "HTTP/{{ groups.ipaserver[0] }}" register: result failed_when: not result.changed - name: Ensure vault member service is present, again. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 action: member services: "HTTP/{{ groups.ipaserver[0] }}" register: result failed_when: result.changed - name: Ensure vault member service is absent. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 action: member services: "HTTP/{{ groups.ipaserver[0] }}" state: absent register: result failed_when: not result.changed - name: Ensure vault member service is absent, again. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 action: member services: "HTTP/{{ groups.ipaserver[0] }}" state: absent register: result failed_when: result.changed - name: Ensure vault is absent. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 state: absent register: result failed_when: not result.changed - name: Ensure vault is absent, again. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 state: absent register: result failed_when: result.changed - name: Ensure shared vault is present. ipavault: ipaadmin_password: SomeADMINpassword name: sharedvault shared: True ipavaultpassword: SomeVAULTpassword register: result failed_when: not result.changed - name: Ensure shared vault is absent. ipavault: ipaadmin_password: SomeADMINpassword name: sharedvault shared: True state: absent register: result failed_when: not result.changed - name: Ensure service vault is present. ipavault: ipaadmin_password: SomeADMINpassword name: svcvault ipavaultpassword: SomeVAULTpassword service: "HTTP/{{ groups.ipaserver[0] }}" register: result failed_when: not result.changed - name: Ensure service vault is absent. ipavault: ipaadmin_password: SomeADMINpassword name: svcvault service: "HTTP/{{ groups.ipaserver[0] }}" state: absent register: result failed_when: not result.changed - name: Ensure vault is present, with members. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 vault_type: standard users: - user02 - user03 groups: - vaultgroup register: result failed_when: not result.changed - name: Ensure vault is present, with members, again. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 vault_type: standard users: - user02 - user03 groups: - vaultgroup register: result failed_when: result.changed - name: Ensure user02 is not a member of vault stdvault. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 users: user02 state: absent action: member register: result failed_when: not result.changed - name: Ensure user02 is not a member of vault stdvault, again. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 users: user02 state: absent action: member register: result failed_when: result.changed - name: Ensure user02 is a member of vault stdvault. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 users: user02 action: member register: result failed_when: not result.changed - name: Ensure user02 is a member of vault stdvault, again. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 users: user03 action: member register: result failed_when: result.changed - name: Ensure user03 owns vault stdvault. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 owners: user03 action: member register: result failed_when: not result.changed - name: Ensure user03 owns vault stdvault, again. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 owners: user03 action: member register: result failed_when: result.changed - name: Ensure user03 is not owner of stdvault. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 owners: user03 state: absent action: member register: result failed_when: not result.changed - name: Ensure user03 is not owner of stdvault, again. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 owners: user03 state: absent action: member register: result failed_when: result.changed - name: Ensure vaultgroup is owner of stdvault. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 ownergroups: vaultgroup action: member register: result failed_when: not result.changed - name: Ensure vaultgroup is owner of stdvault, again. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 ownergroups: vaultgroup action: member register: result failed_when: result.changed - name: Ensure vaultgroup is not owner of stdvault. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 ownergroups: vaultgroup state: absent action: member register: result failed_when: not result.changed - name: Ensure vaultgroup is not owner of stdvault, again. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 ownergroups: vaultgroup state: absent action: member register: result failed_when: result.changed - name: Ensure vault is owned by HTTP service. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 ownerservices: "HTTP/{{ groups.ipaserver[0] }}" action: member register: result failed_when: not result.changed - name: Ensure vault is owned by HTTP service, again. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 ownerservices: "HTTP/{{ groups.ipaserver[0] }}" action: member register: result failed_when: result.changed - name: Ensure vault is not owned by HTTP service. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 ownerservices: "HTTP/{{ groups.ipaserver[0] }}" state: absent action: member register: result failed_when: not result.changed - name: Ensure vault is not owned by HTTP service, again. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 ownerservices: "HTTP/{{ groups.ipaserver[0] }}" state: absent action: member register: result failed_when: result.changed - name: Ensure vault is absent. ipavault: ipaadmin_password: SomeADMINpassword name: stdvault username: user01 state: absent # cleaup - name: Ensure user01 vaults are absent ipavault: ipaadmin_password: SomeADMINpassword name: - stdvault - symvault - asymvault username: user01 state: absent - name: Ensure test vaults are absent ipavault: ipaadmin_password: SomeADMINpassword name: - stdvault - symvault - asymvault username: admin state: absent - name: Ensure shared vaults are absent ipavault: ipaadmin_password: SomeADMINpassword name: sharedvault shared: True state: absent - name: Ensure service vaults are absent ipavault: ipaadmin_password: SomeADMINpassword name: svcvault service: "HTTP/{{ groups.ipaserver[0] }}" state: absent - name: Ensure test users do not exist. ipauser: ipaadmin_password: SomeADMINpassword name: - user01 - user02 - user03 state: absent - name: Ensure test groups do not exist. ipagroup: ipaadmin_password: SomeADMINpassword name: vaultgroup state: absent - name: Remove password file from target host. file: path: "{{ ansible_env.HOME }}/password.txt" state: absent - name: Remove public key file from target host. file: path: "{{ ansible_env.HOME }}/public.pem" state: absent - name: Remove private key file from target host. file: path: "{{ ansible_env.HOME }}/private.pem" state: absent - name: Remove output data file from target host. file: path: "{{ ansible_env.HOME }}/data.txt" state: absent - name: Remove input data file from target host. file: path: "{{ ansible_env.HOME }}/in.txt" state: absent