mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-05-14 13:32:10 +00:00
b33c5a7bab
There is a new role management module placed in the plugins folder:
plugins/modules/iparole.py
The role module allows to ensure presence or absence of roles and
manage role members.
Here is the documentation for the module:
README-role.md
New example playbooks have been added:
playbooks/role/role-is-absent.yml
playbooks/role/role-is-present.yml
playbooks/role/role-member-group-absent.yml
playbooks/role/role-member-group-present.yml
playbooks/role/role-member-host-absent.yml
playbooks/role/role-member-host-present.yml
playbooks/role/role-member-hostgroup-absent.yml
playbooks/role/role-member-hostgroup-present.yml
playbooks/role/role-member-privilege-absent.yml
playbooks/role/role-member-privilege-present.yml
playbooks/role/role-member-service-absent.yml
playbooks/role/role-member-service-present.yml
playbooks/role/role-member-user-absent.yml
playbooks/role/role-member-user-present.yml
playbooks/role/role-members-absent.yml
playbooks/role/role-members-present.yml
playbooks/role/role-rename.yml
New tests for the module:
tests/role/test_role.yml
tests/role/test_role_service_member.yml
96 lines
2.3 KiB
YAML
96 lines
2.3 KiB
YAML
---
|
|
- name: Test service member in role module.
|
|
hosts: ipaserver
|
|
become: yes
|
|
gather_facts: yes
|
|
|
|
tasks:
|
|
- name: Set environment facts.
|
|
import_tasks: env_facts.yml
|
|
|
|
- name: Setup environment.
|
|
import_tasks: env_setup.yml
|
|
|
|
# tests
|
|
|
|
- name: Ensure role with member service is present.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
service:
|
|
- "service01/{{ host1_fqdn }}"
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure role with member service is present, again.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
service:
|
|
- "service01/{{ host1_fqdn }}"
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Ensure role has member service absent.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
service:
|
|
- "service01/{{ host1_fqdn }}"
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure role has member service absent, again.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
service:
|
|
- "service01/{{ host1_fqdn }}"
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Ensure role has member service with principal name.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
service:
|
|
- "service01/{{ host1_fqdn }}@{{ ipaserver_realm }}"
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure role has member service with principal name, again.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
service:
|
|
- "service01/{{ host1_fqdn }}@{{ ipaserver_realm }}"
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Ensure role is absent.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure role is absent, again.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
# cleanup
|
|
- name: Cleanup environment.
|
|
include_tasks: env_cleanup.yml
|