mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-26 21:33:05 +00:00
6ce1055bac
Update hbacsvcgroup README file and add tests for executing plugin with
`ipaapi_context` set to `client`.
A new test playbook can be found at:
tests/hbacsvcgroup/test_hbacsvcgroup_client_context.yml
The new test file can be executed in a FreeIPA client host that is
not a server. In this case, it should be defined in the `ipaclients`
group, in the inventory file.
102 lines
3.0 KiB
YAML
102 lines
3.0 KiB
YAML
---
|
|
- name: Test hbacsvcgroup
|
|
hosts: "{{ ipa_test_host | default('ipaserver') }}"
|
|
become: true
|
|
gather_facts: false
|
|
|
|
tasks:
|
|
- name: Ensure HBAC Service Group login is absent
|
|
ipahbacsvcgroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: login
|
|
state: absent
|
|
|
|
- name: Ensure HBAC Service for sshd is present
|
|
ipahbacsvc:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: login
|
|
|
|
- name: Ensure HBAC Service Group login is present
|
|
ipahbacsvcgroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: login
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure HBAC Service Group login is present again
|
|
ipahbacsvcgroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: login
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure HBAC Service sshd is present in HBAC Service Group login
|
|
ipahbacsvcgroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: login
|
|
hbacsvc:
|
|
- sshd
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure HBAC Service sshd is present in HBAC Service Group login again
|
|
ipahbacsvcgroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: login
|
|
hbacsvc:
|
|
- sshd
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure HBAC Services sshd and foo are absent in HBAC Service Group login
|
|
ipahbacsvcgroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: login
|
|
hbacsvc:
|
|
- sshd
|
|
- foo
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure HBAC Services sshd and foo are absent in HBAC Service Group login again
|
|
ipahbacsvcgroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: login
|
|
hbacsvc:
|
|
- sshd
|
|
- foo
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure HBAC Service Group login is absent
|
|
ipahbacsvcgroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: login
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure HBAC Service Group login is absent again
|
|
ipahbacsvcgroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: login
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|