internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-03-26 21:33:05 +00:00
Code Issues Projects Releases Wiki Activity
Files
master
ansible-freeipa/tests/group/test_group.yml
Thomas Woerner c1d7ed1df6 Merge pull request #1335 from rjeffman/ipagroup_fix_1 
ipagroup: Fix management of AD objects
2025-02-03 13:43:35 +01:00

466 lines
12 KiB
YAML
Raw Permalink Blame History

---
- name: Test group
hosts: "{{ ipa_test_host | default('ipaserver') }}"
become: false
gather_facts: false
module_defaults:
ipauser:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
ipagroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
tasks:
# setup
- name: Include tasks ../env_freeipa_facts.yml
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
# GET FQDN_AT_DOMAIN
- name: Get fqdn_at_domain
ansible.builtin.set_fact:
fqdn_at_domain: "{{ ansible_facts['fqdn'] + '@' + ipaserver_realm }}"
# CLEANUP TEST ITEMS
- name: Ensure users user1, user2 and user3 are absent
ipauser:
name: user1,user2,user3
state: absent
- name: Ensure group group3, group2 and group1 are absent
ipagroup:
name: groupren,group3,group2,group1
state: absent
# CREATE TEST ITEMS
- name: Ensure users user1..user3 are present
ipauser:
users:
- name: user1
first: user1
last: Last
- name: user2
first: user2
last: Last
- name: user3
first: user3
last: Last
register: result
failed_when: not result.changed or result.failed
- name: Ensure test service HTTP is present
ipaservice:
name: "{{ 'HTTP/' + fqdn_at_domain }}"
notify: Cleanup http service
- name: Ensure test service LDAP is present
ipaservice:
name: "{{ 'ldap/' + fqdn_at_domain }}"
notify: Cleanup ldap service
# TESTS
- name: Ensure group1 is present
ipagroup:
name: group1
register: result
failed_when: not result.changed or result.failed
- name: Ensure group1 is present again
ipagroup:
name: group1
register: result
failed_when: result.changed or result.failed
- name: Rename group1 to groupren
ipagroup:
name: group1
rename: groupren
state: renamed
register: result
failed_when: not result.changed or result.failed
- name: Rename group1 to groupren
ipagroup:
name: group1
rename: groupren
state: renamed
register: result
failed_when: not result.failed or "No group 'group1'" not in result.msg
- name: Rename group groupren to groupren
ipagroup:
name: groupren
rename: groupren
state: renamed
register: result
failed_when: result.changed or result.failed
- name: Rename group groupren back to group1
ipagroup:
name: groupren
rename: group1
state: renamed
register: result
failed_when: not result.changed or result.failed
- name: Ensure group2 is present
ipagroup:
name: group2
register: result
failed_when: not result.changed or result.failed
- name: Ensure group2 is present again
ipagroup:
name: group2
register: result
failed_when: result.changed or result.failed
- name: Ensure group3 is present
ipagroup:
name: group3
register: result
failed_when: not result.changed or result.failed
- name: Ensure group3 is present again
ipagroup:
name: group3
register: result
failed_when: result.changed or result.failed
- name: Ensure groups group2 and group3 are present in group group1
ipagroup:
name: group1
group:
- group2
- group3
action: member
register: result
failed_when: not result.changed or result.failed
- name: Ensure groups group2 and group3 are present in group group1 again
ipagroup:
name: group1
group:
- group2
- group3
action: member
register: result
failed_when: result.changed or result.failed
- name: Ensure group3 ia present in group group1
ipagroup:
name: group1
group:
- group3
action: member
register: result
failed_when: result.changed or result.failed
# service
- name: Execute tests if ipa_verison >= 4.7.0
when: ipa_version is version('4.7.0', '>=')
block:
- name: Ensure service "{{ 'HTTP/' + fqdn_at_domain }}" is present in group group1
ipagroup:
name: group1
service:
- "{{ 'HTTP/' + fqdn_at_domain }}"
action: member
register: result
failed_when: not result.changed or result.failed
- name: Ensure service "{{ 'HTTP/' + fqdn_at_domain }}" is present in group group1, again
ipagroup:
name: group1
service:
- "{{ 'HTTP/' + fqdn_at_domain }}"
action: member
register: result
failed_when: result.changed or result.failed
- name: Ensure service "{{ 'ldap/' + fqdn_at_domain }}" is present in group group1
ipagroup:
name: group1
service:
- "{{ 'ldap/' + fqdn_at_domain }}"
action: member
register: result
failed_when: not result.changed or result.failed
- name: Ensure service "{{ 'ldap/' + fqdn_at_domain }}" is present in group group1, again
ipagroup:
name: group1
service:
- "{{ 'ldap/' + fqdn_at_domain }}"
action: member
register: result
failed_when: result.changed or result.failed
- name: Ensure service "{{ 'HTTP/' + fqdn_at_domain }}" is absent in group group1
ipagroup:
name: group1
service:
- "{{ 'HTTP/' + fqdn_at_domain }}"
action: member
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure service "{{ 'HTTP/' + fqdn_at_domain }}" is absent in group group1, again
ipagroup:
name: group1
service:
- "{{ 'HTTP/' + fqdn_at_domain }}"
action: member
state: absent
register: result
failed_when: result.changed or result.failed
- name: Ensure service "{{ 'ldap/' + fqdn_at_domain }}" is absent in group group1
ipagroup:
name: group1
service:
- "{{ 'ldap/' + fqdn_at_domain }}"
action: member
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure service "{{ 'ldap/' + fqdn_at_domain }}" is absent in group group1, again
ipagroup:
name: group1
service:
- "{{ 'ldap/' + fqdn_at_domain }}"
action: member
state: absent
register: result
failed_when: result.changed or result.failed
- name: Ensure services are present in group group1
ipagroup:
name: group1
service:
- "{{ 'HTTP/' + fqdn_at_domain }}"
- "{{ 'ldap/' + fqdn_at_domain }}"
action: member
register: result
failed_when: not result.changed or result.failed
- name: Ensure services are present in group group1, again
ipagroup:
name: group1
service:
- "{{ 'http/' + fqdn_at_domain }}"
- "{{ 'ldap/' + fqdn_at_domain }}"
action: member
register: result
failed_when: result.changed or result.failed
- name: Ensure services are absent in group group1
ipagroup:
name: group1
service:
- "{{ 'HTTP/' + fqdn_at_domain }}"
- "{{ 'LDAP/' + fqdn_at_domain }}"
action: member
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure services are absent in group group1, again
ipagroup:
name: group1
service:
- "{{ 'HTTP/' + fqdn_at_domain }}"
- "{{ 'ldap/' + fqdn_at_domain }}"
action: member
state: absent
register: result
failed_when: result.changed or result.failed
# user
- name: Ensure users user1, user2 and user3 are present in group group1
ipagroup:
name: group1
user:
- user1
- user2
- user3
action: member
register: result
failed_when: not result.changed or result.failed
- name: Ensure users user1, user2 and user3 are present in group group1 again
ipagroup:
name: group1
user:
- user1
- user2
- user3
action: member
register: result
failed_when: result.changed or result.failed
# - ipagroup:
# name: group1
# user:
# - user7
# action: member
- name: Ensure user user7 is absent in group group1
ipagroup:
name: group1
user:
- user7
action: member
state: absent
register: result
failed_when: result.changed or result.failed
- name: Ensure group group4 is absent
ipagroup:
name: group4
state: absent
register: result
failed_when: result.changed or result.failed
- name: Ensure groups group3, group2, and group1 are absent
ipagroup:
name: group3,group2,group1
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure group group1 is present
ipagroup:
name: group1
register: result
failed_when: not result.changed or result.failed
- name: Ensure users user1, user2 are present in group group1
ipagroup:
name: group1
user:
- user1
- user2
action: member
register: result
failed_when: not result.changed or result.failed
- name: Ensure users user1, user2 and user3 are present in group group1
ipagroup:
name: group1
user:
- user1
- user2
- user3
action: member
register: result
failed_when: not result.changed or result.failed
- name: Ensure users user1, user2 are present in group group1, again
ipagroup:
name: group1
user:
- user1
- user2
action: member
register: result
failed_when: result.changed or result.failed
- name: Ensure users user1, user2 and user3 are present in group group1, again
ipagroup:
name: group1
user:
- user1
- user2
- user3
action: member
register: result
failed_when: result.changed or result.failed
- name: Ensure group group1 is absent
ipagroup:
name: group1
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure group group1 with users user1, user2 is present
ipagroup:
name: group1
user:
- user1
- user2
register: result
failed_when: not result.changed or result.failed
- name: Ensure group group1 with users user1, user2 and user3 is present
ipagroup:
name: group1
user:
- user1
- user2
- user3
register: result
failed_when: not result.changed or result.failed
- name: Ensure group group1 with users user1, user2 and user3 is present, again
ipagroup:
name: group1
user:
- user1
- user2
- user3
action: member
register: result
failed_when: result.changed or result.failed
- name: Ensure only users user1, user2 are present in group group1
ipagroup:
name: group1
user:
- user1
- user2
register: result
failed_when: not result.changed or result.failed
# CLEANUP TEST ITEMS
- name: Ensure group group3, group2 and group1 are absent
ipagroup:
name: group3,group2,group1
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure users user1, user2 and user3 are absent
ipauser:
name: user1,user2,user3
state: absent
register: result
failed_when: not result.changed or result.failed
# ansible-lint is complaining on the use of 'when' and requiring
# the use of handlers.
handlers:
- name: Cleanup http service
ipaservice:
name: "{{ 'HTTP/' + fqdn_at_domain }}"
state: absent
- name: Cleanup ldap service
ipaservice:
name: "{{ 'ldap/' + fqdn_at_domain }}"
state: absent
Reference in New Issue View Git Blame Copy Permalink