--- - name: Test delegation hosts: "{{ ipa_test_host | default('ipaserver') }}" become: no gather_facts: no tasks: - name: Test different cases for string case. block: # CLEANUP TEST ITEMS - name: Ensure delegation "basic manager attributes" is absent ipadelegation: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: "basic manager attributes" state: absent # CREATE TEST ITEMS - name: Ensure test group managers is present ipagroup: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: managers - name: Ensure test group employees is present ipagroup: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: employees # TESTS - name: Ensure delegation "basic manager attributes" is present, group/membergroup mixed case ipadelegation: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: "basic manager attributes" permission: read attribute: - businesscategory group: Managers membergroup: Employees register: result failed_when: not result.changed or result.failed - name: Ensure delegation "basic manager attributes" is present, group lowercase ipadelegation: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: "basic manager attributes" permission: read attribute: - businesscategory group: "{{ 'Managers' | lower }}" membergroup: Employees register: result failed_when: result.changed or result.failed - name: Ensure delegation "basic manager attributes" is present, group uppercase ipadelegation: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: "basic manager attributes" permission: read attribute: - businesscategory group: "{{ 'Managers' | upper }}" membergroup: Employees register: result failed_when: result.changed or result.failed - name: Ensure delegation "basic manager attributes" is present, permission upercase ipadelegation: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: "basic manager attributes" permission: "{{ 'read' | upper }}" attribute: - businesscategory group: managers membergroup: Employees register: result failed_when: result.changed or result.failed - name: Ensure delegation "basic manager attributes" is present, permission mixed case ipadelegation: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: "basic manager attributes" permission: Read attribute: - businesscategory group: managers membergroup: Employees register: result failed_when: result.changed or result.failed - name: Ensure delegation "basic manager attributes" is present, attribute upercase ipadelegation: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: "basic manager attributes" permission: read attribute: - "{{ 'businesscategory' | upper }}" group: managers membergroup: Employees register: result failed_when: result.changed or result.failed - name: Ensure delegation "basic manager attributes" is present, attribute mixed case ipadelegation: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: "basic manager attributes" permission: read attribute: - BusinessCategory group: managers membergroup: Employees register: result failed_when: result.changed or result.failed # membergroup does not use case insensitive comparison - name: Ensure delegation "basic manager attributes" is present, membergroup lowercase ipadelegation: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: "basic manager attributes" permission: read attribute: - businesscategory group: managers membergroup: "{{ 'Employees' | lower }}" register: result failed_when: not result.changed or result.failed - name: Ensure delegation "basic manager attributes" is present, membergroup uppercase ipadelegation: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: "basic manager attributes" permission: read attribute: - businesscategory group: managers membergroup: "{{ 'Employees' | upper }}" register: result failed_when: not result.changed or result.failed - name: Ensure delegation "basic manager attributes" is present, group/membergroup mixed case ipadelegation: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: "basic manager attributes" permission: read attribute: - businesscategory group: Managers membergroup: Employees register: result failed_when: not result.changed or result.failed # tests for action: member - name: Ensure delegation "basic manager attributes" is present, with group and attribute in mixed case ipadelegation: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: "basic manager attributes" permission: read attribute: - BusinessCategory group: Managers membergroup: Employees - name: Ensure delegation "basic manager attributes" is present, attribute mixed case ipadelegation: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: "basic manager attributes" permission: read attribute: - BusinessCategory group: managers membergroup: employees - name: Ensure delegation "basic manager attributes" member is present, attribute upercase ipadelegation: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: "basic manager attributes" attribute: - "{{ 'BusinessCategory' | upper }}" action: member register: result failed_when: result.changed or result.failed - name: Ensure delegation "basic manager attributes" member is present, attribute lowercase ipadelegation: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: "basic manager attributes" attribute: - "{{ 'BusinessCategory' | lower }}" action: member register: result failed_when: result.changed or result.failed always: # CLEANUP TEST ITEMS - name: Ensure delegation "basic manager attributes" is absent ipadelegation: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: "basic manager attributes" state: absent - name: Ensure test groups are absent ipagroup: ipaadmin_password: SomeADMINpassword ipaapi_context: "{{ ipa_context | default(omit) }}" name: managers,employees state: absent