--- - name: Find trust hosts: ipaserver become: false gather_facts: false module_defaults: ipagroup: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" tasks: - name: Include tasks ../env_freeipa_facts.yml ansible.builtin.include_tasks: ../env_freeipa_facts.yml - name: Ensure tests groups are absent ipagroup: name: - extgroup - extgroup_members state: absent - name: Execute group tests if trust test environment is supported when: trust_test_is_supported | default(false) block: - name: Add nonposix group. ipagroup: name: extgroup nonposix: true register: result failed_when: result.failed or not result.changed - name: Set group to be external ipagroup: name: extgroup external: true register: result failed_when: result.failed or not result.changed - name: Add AD users to group ipagroup: name: extgroup external_member: "AD\\Domain Users" register: result failed_when: result.failed or not result.changed - name: Add AD users to group, again ipagroup: name: extgroup external_member: "AD\\Domain Users" register: result failed_when: result.failed or result.changed - name: Remove external group ipagroup: name: extgroup state: absent register: result failed_when: result.failed or not result.changed - name: Add nonposix, external group, with AD users. ipagroup: name: extgroup nonposix: true external: true external_member: "AD\\Domain Users" register: result failed_when: result.failed or not result.changed - name: Add nonposix, external group, with AD users, again. ipagroup: name: extgroup nonposix: true external: true external_member: "AD\\Domain Users" register: result failed_when: result.failed or result.changed - name: Remove group ipagroup: name: extgroup state: absent register: result failed_when: result.failed or not result.changed - name: Add nonposix group. ipagroup: name: extgroup nonposix: true register: result failed_when: result.failed or not result.changed - name: Set group to be external, and add users. ipagroup: name: extgroup external: true external_member: "AD\\Domain Users" register: result failed_when: result.failed or not result.changed - name: Set group to be external, and add users, again. ipagroup: name: extgroup external: true external_member: "AD\\Domain Users" register: result failed_when: result.failed or result.changed - name: Ensure external group for external member exist ipagroup: name: extgroup_members external: true register: result failed_when: result.failed or not result.changed - name: Ensure external group members are present ipagroup: name: extgroup_members external_member: "AD\\Domain Users" action: member register: result failed_when: result.failed or not result.changed - name: Ensure external group members are present, again ipagroup: name: extgroup_members external_member: "AD\\Domain Users" action: member register: result failed_when: result.failed or result.changed - name: Ensure external group members are absent ipagroup: name: extgroup_members external_member: "AD\\Domain Users" action: member state: absent register: result failed_when: result.failed or not result.changed - name: Ensure external group members are absent, again ipagroup: name: extgroup_members external_member: "AD\\Domain Users" action: member state: absent register: result failed_when: result.failed or result.changed - name: Ensure tests groups are absent ipagroup: name: - extgroup - extgroup_members state: absent