--- - name: Test permission hosts: ipaserver become: true tasks: - include_tasks: ../env_freeipa_facts.yml # CLEANUP TEST ITEMS - name: Ensure permission perm-test-1 is absent ipapermission: ipaadmin_password: SomeADMINpassword name: - perm-test-1 - perm-test-bindtype-test - perm-test-renamed state: absent # TESTS - name: Ensure permission perm-test-1 is present ipapermission: ipaadmin_password: SomeADMINpassword name: perm-test-1 object_type: host right: all register: result failed_when: not result.changed or result.failed - name: Ensure permission perm-test-1 is present again ipapermission: ipaadmin_password: SomeADMINpassword name: perm-test-1 object_type: host right: all register: result failed_when: result.changed or result.failed - name: Ensure permission perm-test-1 is present with attr carlicense ipapermission: ipaadmin_password: SomeADMINpassword name: perm-test-1 attrs: - carlicense register: result failed_when: not result.changed or result.failed - name: Ensure permission perm-test-1 is present with attr carlicense again ipapermission: ipaadmin_password: SomeADMINpassword name: perm-test-1 attrs: - carlicense register: result failed_when: result.changed or result.failed - name: Ensure permission perm-test-1 is present with attr carlicense and displayname ipapermission: ipaadmin_password: SomeADMINpassword name: perm-test-1 attrs: - carlicense - displayname register: result failed_when: not result.changed or result.failed - name: Ensure permission perm-test-1 is present with attr carlicense and displayname again ipapermission: ipaadmin_password: SomeADMINpassword name: perm-test-1 attrs: - carlicense - displayname register: result failed_when: result.changed or result.failed - name: Ensure attr gecos is present in permission perm-test-1 ipapermission: ipaadmin_password: SomeADMINpassword name: perm-test-1 attrs: - gecos action: member register: result failed_when: not result.changed or result.failed - name: Ensure attr gecos is present in permission perm-test-1 again ipapermission: ipaadmin_password: SomeADMINpassword name: perm-test-1 attrs: - gecos action: member register: result failed_when: result.changed or result.failed - name: Ensure attr gecos is absent in permission perm-test-1 ipapermission: ipaadmin_password: SomeADMINpassword name: perm-test-1 attrs: - gecos action: member state: absent register: result failed_when: not result.changed or result.failed - name: Ensure attr gecos is absent in permission perm-test-1 again ipapermission: ipaadmin_password: SomeADMINpassword name: perm-test-1 attrs: - gecos action: member state: absent register: result failed_when: result.changed or result.failed - name: Ensure attributes carlicense and displayname are present in permission "System{{':'}} Update DNS Entries" ipapermission: ipaadmin_password: SomeADMINpassword name: "System: Update DNS Entries" attrs: - carlicense - displayname action: member register: result failed_when: not result.changed or result.failed - name: Ensure attributes carlicense and displayname are present in permission "System{{':'}} Update DNS Entries" again ipapermission: ipaadmin_password: SomeADMINpassword name: "System: Update DNS Entries" attrs: - carlicense - displayname action: member register: result failed_when: result.changed or result.failed - name: Ensure attributes carlicense and displayname are present in permission "System{{':'}} Update DNS Entries" ipapermission: ipaadmin_password: SomeADMINpassword name: "System: Update DNS Entries" attrs: - carlicense - displayname action: member state: absent register: result failed_when: not result.changed or result.failed - name: Ensure attributes carlicense and displayname are present in permission "System{{':'}} Update DNS Entries" again ipapermission: ipaadmin_password: SomeADMINpassword name: "System: Update DNS Entries" attrs: - carlicense - displayname action: member state: absent register: result failed_when: result.changed or result.failed - name: Rename permission perm-test-1 to perm-test-renamed ipapermission: ipaadmin_password: SomeADMINpassword name: perm-test-1 rename: perm-test-renamed state: renamed register: result failed_when: not result.changed or result.failed - name: Ensure permission perm-test-1 is absent ipapermission: ipaadmin_password: SomeADMINpassword name: perm-test-1 state: absent register: result failed_when: result.changed or result.failed - name: Ensure permission perm-test-renamed is present ipapermission: ipaadmin_password: SomeADMINpassword name: perm-test-renamed object_type: host right: all register: result failed_when: result.changed or result.failed - name: Ensure permission with bindtype 'self' is present, if IPA version >= 4.8.7 ipapermission: ipaadmin_password: SomeADMINpassword name: perm-test-bindtype-test bindtype: self object_type: host right: all when: ipa_version is version('4.8.7', '>=') register: result failed_when: not result.changed or result.failed - name: Fail to set permission perm-test-renamed bindtype to 'self', if IPA version < 4.8.7 ipapermission: ipaadmin_password: SomeADMINpassword name: perm-test-bindtype-test bindtype: self object_type: host right: all when: ipa_version is version('4.8.7', '<') register: result failed_when: not result.failed or "Bindtype 'self' is not supported by your IPA version." not in result.msg # CLEANUP TEST ITEMS - name: Ensure permission perm-test-1 is absent ipapermission: ipaadmin_password: SomeADMINpassword name: - perm-test-1 - perm-test-bindtype-test - perm-test-renamed state: absent