mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-05-07 05:43:26 +00:00
e0defaaebe
For failed_when result.failed should be used to make sure that the task fails if there was an error. Fixed also "User test cert members present again" task, it was failing due to also having first and last parameters with action: member.
91 lines
2.7 KiB
YAML
91 lines
2.7 KiB
YAML
---
|
|
- name: Test user certificates
|
|
hosts: ipaserver
|
|
become: true
|
|
gather_facts: false
|
|
|
|
tasks:
|
|
- name: Generate self-signed certificates.
|
|
shell:
|
|
cmd: |
|
|
openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout "private{{ item }}.key" -out "cert{{ item }}.pem" -subj '/CN=test'
|
|
openssl x509 -outform der -in "cert{{ item }}.pem" -out "cert{{ item }}.der"
|
|
base64 "cert{{ item }}.der" -w5000 > "cert{{ item }}.b64"
|
|
with_items: [1, 2, 3]
|
|
become: no
|
|
delegate_to: localhost
|
|
|
|
- name: User test present
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: test
|
|
first: test
|
|
last: test
|
|
|
|
- name: User test cert members present
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: test
|
|
certificate:
|
|
- "{{ lookup('file', 'cert1.b64', rstrip=False) }}"
|
|
- "{{ lookup('file', 'cert2.b64', rstrip=False) }}"
|
|
- "{{ lookup('file', 'cert3.b64', rstrip=False) }}"
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User test cert members present again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: test
|
|
certificate:
|
|
- "{{ lookup('file', 'cert1.b64', rstrip=False) }}"
|
|
- "{{ lookup('file', 'cert2.b64', rstrip=False) }}"
|
|
- "{{ lookup('file', 'cert3.b64', rstrip=False) }}"
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User test cert members absent
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: test
|
|
certificate:
|
|
- "{{ lookup('file', 'cert1.b64', rstrip=False) }}"
|
|
- "{{ lookup('file', 'cert2.b64', rstrip=False) }}"
|
|
- "{{ lookup('file', 'cert3.b64', rstrip=False) }}"
|
|
state: absent
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User test cert members absent again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: test
|
|
certificate:
|
|
- "{{ lookup('file', 'cert1.b64', rstrip=False) }}"
|
|
- "{{ lookup('file', 'cert2.b64', rstrip=False) }}"
|
|
- "{{ lookup('file', 'cert3.b64', rstrip=False) }}"
|
|
state: absent
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User test absent
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: test
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Remove certificate files.
|
|
shell:
|
|
cmd: rm -f "private{{ item }}.key" "cert{{ item }}.pem" "cert{{ item }}.der" "cert{{ item }}.b64"
|
|
with_items: [1, 2, 3]
|
|
become: no
|
|
delegate_to: localhost
|
|
args:
|
|
warn: no # suppres warning for not using the `file` module.
|