mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-26 21:33:05 +00:00
17bba27abf
If a task with 'action: automember' tried to modify an automember rule and did not provide either 'inclusive' or 'exclusive' parameters, the regex for the missing arguments would be removed. This patch fixes this behavior to only modify those parameters that were set on the task, and leave the missing parameters in the state they were before the task. Tests have been updated to verify expected behavior. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1976922
478 lines
15 KiB
YAML
478 lines
15 KiB
YAML
---
|
|
- name: Test automember
|
|
hosts: "{{ ipa_test_host | default('ipaserver') }}"
|
|
become: true
|
|
|
|
tasks:
|
|
|
|
# CLEANUP TEST ITEMS
|
|
|
|
- name: Ensure group testgroup is absent
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testgroup
|
|
state: absent
|
|
|
|
- name: Ensure hostgroup testhostgroup is absent
|
|
ipahostgroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testhostgroup
|
|
state: absent
|
|
|
|
- name: Ensure group automember rule testgroup is absent
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testgroup
|
|
state: absent
|
|
automember_type: group
|
|
|
|
- name: Ensure hostgroup automember rule testhostgroup is absent
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testhostgroup
|
|
state: absent
|
|
automember_type: hostgroup
|
|
|
|
# CREATE TEST ITEMS
|
|
|
|
# TESTS
|
|
- name: Ensure testgroup group is present
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testgroup
|
|
|
|
- name: Ensure testhostgroup hostgroup is present
|
|
ipahostgroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testhostgroup
|
|
|
|
- name: Ensure testgroup group automember rule is present
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testgroup
|
|
description: testgroup automember rule.
|
|
automember_type: group
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure testgroup group automember rule is present again
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testgroup
|
|
description: testgroup automember rule.
|
|
automember_type: group
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Change testgroup group automember rule description
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testgroup
|
|
description: testgroup automember rule description.
|
|
automember_type: group
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure testgroup group automember rule has conditions
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testgroup
|
|
automember_type: group
|
|
inclusive:
|
|
- key: 'uid'
|
|
expression: 'uid'
|
|
- key: 'uidnumber'
|
|
expression: 'uidnumber'
|
|
exclusive:
|
|
- key: 'uid'
|
|
expression: 'uid'
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure testgroup group automember rule has conditions again
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testgroup
|
|
automember_type: group
|
|
inclusive:
|
|
- key: 'uid'
|
|
expression: 'uid'
|
|
- key: 'uidnumber'
|
|
expression: 'uidnumber'
|
|
exclusive:
|
|
- key: 'uid'
|
|
expression: 'uid'
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Add testgroup group automember rule member condition
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testgroup
|
|
automember_type: group
|
|
action: member
|
|
inclusive:
|
|
- key: 'manager'
|
|
expression: 'uid=mscott'
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure testgroup group automember rule has conditions
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testgroup
|
|
automember_type: group
|
|
inclusive:
|
|
- key: 'uid'
|
|
expression: 'uid'
|
|
- key: 'uidnumber'
|
|
expression: 'uidnumber'
|
|
- key: 'manager'
|
|
expression: 'uid=mscott'
|
|
exclusive:
|
|
- key: 'uid'
|
|
expression: 'uid'
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Remove testgroup group automember rule member condition
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testgroup
|
|
automember_type: group
|
|
action: member
|
|
state: absent
|
|
inclusive:
|
|
- key: 'manager'
|
|
expression: 'uid=mscott'
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure testgroup group automember rule has conditions again
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testgroup
|
|
automember_type: group
|
|
inclusive:
|
|
- key: 'uid'
|
|
expression: 'uid'
|
|
- key: 'uidnumber'
|
|
expression: 'uidnumber'
|
|
exclusive:
|
|
- key: 'uid'
|
|
expression: 'uid'
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure testgroup group automember conditions fails on invalid inclusive key
|
|
ipaautomember:
|
|
ipaadmin_principal: admin
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testgroup
|
|
automember_type: group
|
|
inclusive:
|
|
- key: cns
|
|
expression: 'foo'
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or not result.failed or
|
|
"Invalid automember condition key 'cns'" not in result.msg
|
|
|
|
- name: Ensure testgroup group automember conditions fails on invalid exlusive key
|
|
ipaautomember:
|
|
ipaadmin_principal: admin
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testgroup
|
|
automember_type: group
|
|
exclusive:
|
|
- key: cns
|
|
expression: 'foo'
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or not result.failed or
|
|
"Invalid automember condition key 'cns'" not in result.msg
|
|
|
|
- name: Ensure testhostgroup hostgroup automember rule is present
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testhostgroup
|
|
description: testhostgroup automember rule
|
|
automember_type: hostgroup
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure testhostgroup hostgroup automember rule is present again
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testhostgroup
|
|
description: testhostgroup automember rule
|
|
automember_type: hostgroup
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Change testhostgroup hostgroup automember rule description
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testhostgroup
|
|
description: testhostgroup test automember rule
|
|
automember_type: hostgroup
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure testhostgroup hostgroup automember rule has conditions
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testhostgroup
|
|
automember_type: hostgroup
|
|
inclusive:
|
|
- key: 'description'
|
|
expression: 'description'
|
|
- key: 'description'
|
|
expression: 'description'
|
|
exclusive:
|
|
- key: 'cn'
|
|
expression: 'cn'
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure testhostgroup hostgroup automember rule has conditions again
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testhostgroup
|
|
automember_type: hostgroup
|
|
inclusive:
|
|
- key: 'description'
|
|
expression: 'description'
|
|
- key: 'description'
|
|
expression: 'description'
|
|
exclusive:
|
|
- key: 'cn'
|
|
expression: 'cn'
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Add testhostgroup hostgroup automember rule member condition
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testhostgroup
|
|
automember_type: hostgroup
|
|
action: member
|
|
inclusive:
|
|
- key: 'fqdn'
|
|
expression: '.*.domain.com'
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure testhostgroup hostgroup automember rule has conditions
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testhostgroup
|
|
automember_type: hostgroup
|
|
inclusive:
|
|
- key: 'description'
|
|
expression: 'description'
|
|
- key: 'description'
|
|
expression: 'description'
|
|
- key: 'fqdn'
|
|
expression: '.*.domain.com'
|
|
exclusive:
|
|
- key: 'cn'
|
|
expression: 'cn'
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Remove testhostgroup hostgroup automember rule member condition
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testhostgroup
|
|
automember_type: hostgroup
|
|
action: member
|
|
state: absent
|
|
inclusive:
|
|
- key: 'fqdn'
|
|
expression: '.*.domain.com'
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure testhostgroup hostgroup automember rule has conditions
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testhostgroup
|
|
automember_type: hostgroup
|
|
inclusive:
|
|
- key: 'description'
|
|
expression: 'description'
|
|
- key: 'description'
|
|
expression: 'description'
|
|
exclusive:
|
|
- key: 'cn'
|
|
expression: 'cn'
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
|
|
- name: Ensure testhostgroup hostgroup automember conditions fails on invalid inclusive key
|
|
ipaautomember:
|
|
ipaadmin_principal: admin
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testhostgroup
|
|
automember_type: hostgroup
|
|
inclusive:
|
|
- key: cns
|
|
expression: 'foo'
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or not result.failed or
|
|
"Invalid automember condition key 'cns'" not in result.msg
|
|
|
|
- name: Ensure testhostgroup hostgroup automember conditions fails on invalid exlusive key
|
|
ipaautomember:
|
|
ipaadmin_principal: admin
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testhostgroup
|
|
automember_type: hostgroup
|
|
exclusive:
|
|
- key: cns
|
|
expression: 'foo'
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or not result.failed or
|
|
"Invalid automember condition key 'cns'" not in result.msg
|
|
|
|
# Tests for issue https://bugzilla.redhat.com/show_bug.cgi?id=1976922
|
|
- name: Ensure group testgroup is absent
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testgroup
|
|
state: absent
|
|
automember_type: group
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure group testgroup is present
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testgroup
|
|
description: Automember rule.
|
|
automember_type: group
|
|
inclusive:
|
|
- key: cn
|
|
expression: "@1"
|
|
exclusive:
|
|
- key: cn
|
|
expression: s
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure group testgroup is present with updated description
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testgroup
|
|
description: New automember rule.
|
|
automember_type: group
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure group testgroup is present with updated description, again
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testgroup
|
|
description: New automember rule.
|
|
automember_type: group
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Verify inclusive and exclusive rules have not changed
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testgroup
|
|
automember_type: group
|
|
inclusive:
|
|
- key: cn
|
|
expression: "@1"
|
|
exclusive:
|
|
- key: cn
|
|
expression: s
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Verify no other rules existed.
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testgroup
|
|
automember_type: group
|
|
inclusive: []
|
|
exclusive: []
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
# End of ests for issue https://bugzilla.redhat.com/show_bug.cgi?id=1976922
|
|
|
|
# CLEANUP TEST ITEMS
|
|
|
|
- name: Ensure group testgroup is absent
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testgroup
|
|
state: absent
|
|
|
|
- name: Ensure hostgroup testhostgroup is absent
|
|
ipahostgroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: testhostgroup
|
|
state: absent
|
|
|
|
- name: Ensure group automember rule testgroup is absent
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
automember_type: group
|
|
name: testgroup
|
|
state: absent
|
|
|
|
- name: Ensure hostgroup automember rule testhostgroup is absent
|
|
ipaautomember:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
automember_type: hostgroup
|
|
name: testhostgroup
|
|
state: absent
|