--- - name: Test group hosts: "{{ ipa_test_host | default('ipaserver') }}" become: false gather_facts: false module_defaults: ipauser: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" ipagroup: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" ipaservice: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" tasks: # setup - name: Include tasks ../env_freeipa_facts.yml ansible.builtin.include_tasks: ../env_freeipa_facts.yml # GET FQDN_AT_DOMAIN - name: Get fqdn_at_domain ansible.builtin.set_fact: fqdn_at_domain: "{{ ansible_facts['fqdn'] + '@' + ipaserver_realm }}" # CLEANUP TEST ITEMS - name: Ensure users user1, user2 and user3 are absent ipauser: name: user1,user2,user3 state: absent - name: Ensure group group3, group2 and group1 are absent ipagroup: name: groupren,group3,group2,group1 state: absent # CREATE TEST ITEMS - name: Ensure users user1..user3 are present ipauser: users: - name: user1 first: user1 last: Last - name: user2 first: user2 last: Last - name: user3 first: user3 last: Last register: result failed_when: not result.changed or result.failed - name: Ensure test service HTTP is present ipaservice: name: "{{ 'HTTP/' + fqdn_at_domain }}" notify: Cleanup http service - name: Ensure test service LDAP is present ipaservice: name: "{{ 'ldap/' + fqdn_at_domain }}" notify: Cleanup ldap service # TESTS - name: Ensure group1 is present ipagroup: name: group1 register: result failed_when: not result.changed or result.failed - name: Ensure group1 is present again ipagroup: name: group1 register: result failed_when: result.changed or result.failed - name: Rename group1 to groupren ipagroup: name: group1 rename: groupren state: renamed register: result failed_when: not result.changed or result.failed - name: Rename group1 to groupren ipagroup: name: group1 rename: groupren state: renamed register: result failed_when: not result.failed or "No group 'group1'" not in result.msg - name: Rename group groupren to groupren ipagroup: name: groupren rename: groupren state: renamed register: result failed_when: result.changed or result.failed - name: Rename group groupren back to group1 ipagroup: name: groupren rename: group1 state: renamed register: result failed_when: not result.changed or result.failed - name: Ensure group2 is present ipagroup: name: group2 register: result failed_when: not result.changed or result.failed - name: Ensure group2 is present again ipagroup: name: group2 register: result failed_when: result.changed or result.failed - name: Ensure group3 is present ipagroup: name: group3 register: result failed_when: not result.changed or result.failed - name: Ensure group3 is present again ipagroup: name: group3 register: result failed_when: result.changed or result.failed - name: Ensure groups group2 and group3 are present in group group1 ipagroup: name: group1 group: - group2 - group3 action: member register: result failed_when: not result.changed or result.failed - name: Ensure groups group2 and group3 are present in group group1 again ipagroup: name: group1 group: - group2 - group3 action: member register: result failed_when: result.changed or result.failed - name: Ensure group3 ia present in group group1 ipagroup: name: group1 group: - group3 action: member register: result failed_when: result.changed or result.failed # service - name: Execute tests if ipa_verison >= 4.7.0 when: ipa_version is version('4.7.0', '>=') block: - name: Ensure service "{{ 'HTTP/' + fqdn_at_domain }}" is present in group group1 ipagroup: name: group1 service: - "{{ 'HTTP/' + fqdn_at_domain }}" action: member register: result failed_when: not result.changed or result.failed - name: Ensure service "{{ 'HTTP/' + fqdn_at_domain }}" is present in group group1, again ipagroup: name: group1 service: - "{{ 'HTTP/' + fqdn_at_domain }}" action: member register: result failed_when: result.changed or result.failed - name: Ensure service "{{ 'ldap/' + fqdn_at_domain }}" is present in group group1 ipagroup: name: group1 service: - "{{ 'ldap/' + fqdn_at_domain }}" action: member register: result failed_when: not result.changed or result.failed - name: Ensure service "{{ 'ldap/' + fqdn_at_domain }}" is present in group group1, again ipagroup: name: group1 service: - "{{ 'ldap/' + fqdn_at_domain }}" action: member register: result failed_when: result.changed or result.failed - name: Ensure service "{{ 'HTTP/' + fqdn_at_domain }}" is absent in group group1 ipagroup: name: group1 service: - "{{ 'HTTP/' + fqdn_at_domain }}" action: member state: absent register: result failed_when: not result.changed or result.failed - name: Ensure service "{{ 'HTTP/' + fqdn_at_domain }}" is absent in group group1, again ipagroup: name: group1 service: - "{{ 'HTTP/' + fqdn_at_domain }}" action: member state: absent register: result failed_when: result.changed or result.failed - name: Ensure service "{{ 'ldap/' + fqdn_at_domain }}" is absent in group group1 ipagroup: name: group1 service: - "{{ 'ldap/' + fqdn_at_domain }}" action: member state: absent register: result failed_when: not result.changed or result.failed - name: Ensure service "{{ 'ldap/' + fqdn_at_domain }}" is absent in group group1, again ipagroup: name: group1 service: - "{{ 'ldap/' + fqdn_at_domain }}" action: member state: absent register: result failed_when: result.changed or result.failed - name: Ensure services are present in group group1 ipagroup: name: group1 service: - "{{ 'HTTP/' + fqdn_at_domain }}" - "{{ 'ldap/' + fqdn_at_domain }}" action: member register: result failed_when: not result.changed or result.failed - name: Ensure services are present in group group1, again ipagroup: name: group1 service: - "{{ 'http/' + fqdn_at_domain }}" - "{{ 'ldap/' + fqdn_at_domain }}" action: member register: result failed_when: result.changed or result.failed - name: Ensure services are absent in group group1 ipagroup: name: group1 service: - "{{ 'HTTP/' + fqdn_at_domain }}" - "{{ 'LDAP/' + fqdn_at_domain }}" action: member state: absent register: result failed_when: not result.changed or result.failed - name: Ensure services are absent in group group1, again ipagroup: name: group1 service: - "{{ 'HTTP/' + fqdn_at_domain }}" - "{{ 'ldap/' + fqdn_at_domain }}" action: member state: absent register: result failed_when: result.changed or result.failed # user - name: Ensure users user1, user2 and user3 are present in group group1 ipagroup: name: group1 user: - user1 - user2 - user3 action: member register: result failed_when: not result.changed or result.failed - name: Ensure users user1, user2 and user3 are present in group group1 again ipagroup: name: group1 user: - user1 - user2 - user3 action: member register: result failed_when: result.changed or result.failed #- ipagroup: # name: group1 # user: # - user7 # action: member - name: Ensure user user7 is absent in group group1 ipagroup: name: group1 user: - user7 action: member state: absent register: result failed_when: result.changed or result.failed - name: Ensure group group4 is absent ipagroup: name: group4 state: absent register: result failed_when: result.changed or result.failed - name: Ensure groups group3, group2, and group1 are absent ipagroup: name: group3,group2,group1 state: absent register: result failed_when: not result.changed or result.failed - name: Ensure group group1 is present ipagroup: name: group1 register: result failed_when: not result.changed or result.failed - name: Ensure users user1, user2 are present in group group1 ipagroup: name: group1 user: - user1 - user2 action: member register: result failed_when: not result.changed or result.failed - name: Ensure users user1, user2 and user3 are present in group group1 ipagroup: name: group1 user: - user1 - user2 - user3 action: member register: result failed_when: not result.changed or result.failed - name: Ensure users user1, user2 are present in group group1, again ipagroup: name: group1 user: - user1 - user2 action: member register: result failed_when: result.changed or result.failed - name: Ensure users user1, user2 and user3 are present in group group1, again ipagroup: name: group1 user: - user1 - user2 - user3 action: member register: result failed_when: result.changed or result.failed - name: Ensure group group1 is absent ipagroup: name: group1 state: absent register: result failed_when: not result.changed or result.failed - name: Ensure group group1 with users user1, user2 is present ipagroup: name: group1 user: - user1 - user2 register: result failed_when: not result.changed or result.failed - name: Ensure group group1 with users user1, user2 and user3 is present ipagroup: name: group1 user: - user1 - user2 - user3 register: result failed_when: not result.changed or result.failed - name: Ensure group group1 with users user1, user2 and user3 is present, again ipagroup: name: group1 user: - user1 - user2 - user3 action: member register: result failed_when: result.changed or result.failed - name: Ensure only users user1, user2 are present in group group1 ipagroup: name: group1 user: - user1 - user2 register: result failed_when: not result.changed or result.failed # CLEANUP TEST ITEMS - name: Ensure group group3, group2 and group1 are absent ipagroup: name: group3,group2,group1 state: absent register: result failed_when: not result.changed or result.failed - name: Ensure users user1, user2 and user3 are absent ipauser: name: user1,user2,user3 state: absent register: result failed_when: not result.changed or result.failed # ansible-lint is complaining on the use of 'when' and requiring # the use of handlers. handlers: - name: Cleanup http service ipaservice: name: "{{ 'HTTP/' + fqdn_at_domain }}" state: absent - name: Cleanup ldap service ipaservice: name: "{{ 'ldap/' + fqdn_at_domain }}" state: absent