internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-03-26 21:33:05 +00:00
Code Issues Projects Releases Wiki Activity
Files
master
ansible-freeipa/tests/delegation/test_delegation_member_case_insensitive.yml
Rafael Guterres Jeffman e9c6e93608 ipadelegation: Fix idempotence issues due to capitalization. 
This patch force processing of permission, attribute and group
attributes in lower case, to match behavior of IPA CLI, transforming
all of them into lowercase characters.

The new behavior fixes idempotence issues when mixing different
capitalization in different tasks for the same attribute.

A new test playbook is avaiable at:

    tests/delegation/test_delegation_member_case_insensitive.yml
2024-02-12 11:10:21 -03:00

228 lines
8.0 KiB
YAML
Raw Permalink Blame History

---
- name: Test delegation
hosts: "{{ ipa_test_host | default('ipaserver') }}"
become: no
gather_facts: no
tasks:
- name: Test different cases for string case.
block:
# CLEANUP TEST ITEMS
- name: Ensure delegation "basic manager attributes" is absent
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
state: absent
# CREATE TEST ITEMS
- name: Ensure test group managers is present
ipagroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: managers
- name: Ensure test group employees is present
ipagroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: employees
# TESTS
- name: Ensure delegation "basic manager attributes" is present, group/membergroup mixed case
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
permission: read
attribute:
- businesscategory
group: Managers
membergroup: Employees
register: result
failed_when: not result.changed or result.failed
- name: Ensure delegation "basic manager attributes" is present, group lowercase
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
permission: read
attribute:
- businesscategory
group: "{{ 'Managers' | lower }}"
membergroup: Employees
register: result
failed_when: result.changed or result.failed
- name: Ensure delegation "basic manager attributes" is present, group uppercase
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
permission: read
attribute:
- businesscategory
group: "{{ 'Managers' | upper }}"
membergroup: Employees
register: result
failed_when: result.changed or result.failed
- name: Ensure delegation "basic manager attributes" is present, permission upercase
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
permission: "{{ 'read' | upper }}"
attribute:
- businesscategory
group: managers
membergroup: Employees
register: result
failed_when: result.changed or result.failed
- name: Ensure delegation "basic manager attributes" is present, permission mixed case
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
permission: Read
attribute:
- businesscategory
group: managers
membergroup: Employees
register: result
failed_when: result.changed or result.failed
- name: Ensure delegation "basic manager attributes" is present, attribute upercase
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
permission: read
attribute:
- "{{ 'businesscategory' | upper }}"
group: managers
membergroup: Employees
register: result
failed_when: result.changed or result.failed
- name: Ensure delegation "basic manager attributes" is present, attribute mixed case
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
permission: read
attribute:
- BusinessCategory
group: managers
membergroup: Employees
register: result
failed_when: result.changed or result.failed
# membergroup does not use case insensitive comparison
- name: Ensure delegation "basic manager attributes" is present, membergroup lowercase
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
permission: read
attribute:
- businesscategory
group: managers
membergroup: "{{ 'Employees' | lower }}"
register: result
failed_when: not result.changed or result.failed
- name: Ensure delegation "basic manager attributes" is present, membergroup uppercase
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
permission: read
attribute:
- businesscategory
group: managers
membergroup: "{{ 'Employees' | upper }}"
register: result
failed_when: not result.changed or result.failed
- name: Ensure delegation "basic manager attributes" is present, group/membergroup mixed case
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
permission: read
attribute:
- businesscategory
group: Managers
membergroup: Employees
register: result
failed_when: not result.changed or result.failed
# tests for action: member
- name: Ensure delegation "basic manager attributes" is present, with group and attribute in mixed case
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
permission: read
attribute:
- BusinessCategory
group: Managers
membergroup: Employees
- name: Ensure delegation "basic manager attributes" is present, attribute mixed case
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
permission: read
attribute:
- BusinessCategory
group: managers
membergroup: employees
- name: Ensure delegation "basic manager attributes" member is present, attribute upercase
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
attribute:
- "{{ 'BusinessCategory' | upper }}"
action: member
register: result
failed_when: result.changed or result.failed
- name: Ensure delegation "basic manager attributes" member is present, attribute lowercase
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
attribute:
- "{{ 'BusinessCategory' | lower }}"
action: member
register: result
failed_when: result.changed or result.failed
always:
# CLEANUP TEST ITEMS
- name: Ensure delegation "basic manager attributes" is absent
ipadelegation:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "basic manager attributes"
state: absent
- name: Ensure test groups are absent
ipagroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: managers,employees
state: absent
Reference in New Issue View Git Blame Copy Permalink