mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-26 21:33:05 +00:00
f2a1d50b82
The reset of the minlength parameter failed with an internal error so far. This has been fixed in IPA and therefore requires to fix the test in ansible-freeipa also. Related: https://pagure.io/freeipa/issue/9297
366 lines
12 KiB
YAML
366 lines
12 KiB
YAML
---
|
|
- name: Test pwpolicy
|
|
hosts: "{{ ipa_test_host | default('ipaserver') }}"
|
|
become: true
|
|
gather_facts: false
|
|
|
|
tasks:
|
|
- name: Setup FreeIPA test facts.
|
|
ansible.builtin.import_tasks: ../env_freeipa_facts.yml
|
|
|
|
- name: Ensure maxlife of 90 for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
maxlife: 90
|
|
|
|
- name: Ensure absence of group ops
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: ops
|
|
state: absent
|
|
|
|
- name: Ensure absence of pwpolicies for group ops
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: ops
|
|
state: absent
|
|
|
|
- name: Ensure presence of group ops
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: ops
|
|
state: present
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure presence of pwpolicies for group ops
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: ops
|
|
minlife: 7
|
|
maxlife: 49
|
|
history: 5
|
|
priority: 1
|
|
lockouttime: 300
|
|
minlength: 8
|
|
minclasses: 5
|
|
maxfail: 3
|
|
failinterval: 5
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure presence of pwpolicies for group ops again
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: ops
|
|
minlife: 7
|
|
maxlife: 49
|
|
history: 5
|
|
priority: 1
|
|
lockouttime: 300
|
|
minlength: 8
|
|
minclasses: 5
|
|
maxfail: 3
|
|
failinterval: 5
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure maxlife of 49 for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
maxlife: 49
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure maxlife of 49 for global_policy again
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
maxlife: 49
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure absence of pwpoliciy global_policy will fail
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.failed or "'global_policy' can not be made absent." not in result.msg
|
|
|
|
- name: Ensure absence of pwpolicies for group ops
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: ops
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure maxlife of 90 for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
maxlife: 90
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure absence of pwpolicies for group ops
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: ops
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure presence of pwpolicies for group ops
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: ops
|
|
minlife: 7
|
|
maxlife: 49
|
|
history: 5
|
|
priority: 1
|
|
lockouttime: 300
|
|
minlength: 8
|
|
minclasses: 5
|
|
maxfail: 3
|
|
failinterval: 5
|
|
|
|
- name: Ensure policies are cleared
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: ops
|
|
minlife: ""
|
|
maxlife: ""
|
|
history: ""
|
|
# priority: ""
|
|
lockouttime: ""
|
|
minclasses: ""
|
|
maxfail: ""
|
|
failinterval: ""
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure policies are cleared, again
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: ops
|
|
minlife: ""
|
|
maxlife: ""
|
|
history: ""
|
|
# priority: ""
|
|
lockouttime: ""
|
|
minclasses: ""
|
|
maxfail: ""
|
|
failinterval: ""
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure minlength is not cleared due to FreeIPA issue
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: ops
|
|
minlength: ""
|
|
register: result
|
|
failed_when:
|
|
(result.failed and not
|
|
("an internal error has occurred" in result.msg or
|
|
"int() argument must be" in result.msg))
|
|
or (not result.failed and not result.changed)
|
|
|
|
- name: Execute tests if ipa_version >= 4.9.0
|
|
when: ipa_version is version("4.9", ">=")
|
|
block:
|
|
- name: Ensure maxrepeat of 2 for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
maxrepeat: 2
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure maxrepeat of 2 for global_policy, again
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
maxrepeat: 2
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure maxrepeat of 0 for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
maxrepeat: 0
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure maxsequence of 4 for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
maxsequence: 4
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure maxsequence of 4 for global_policy, again
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
maxsequence: 4
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure maxsequence of 0 for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
maxsequence: 0
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure usercheck and dictcheck have known values
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
dictcheck: false
|
|
usercheck: false
|
|
|
|
- name: Ensure dictcheck is set for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
dictcheck: yes
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure dictcheck is set for global_policy, again
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
dictcheck: yes
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure dictcheck is not set for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
dictcheck: no
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure usercheck is set for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
usercheck: yes
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure usercheck is set for global_policy, again
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
usercheck: yes
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure usercheck is not set for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
usercheck: no
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure usercheck and dictcheck are cleared for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
dictcheck: ""
|
|
usercheck: ""
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure usercheck and dictcheck are cleared for global_policy, again
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
dictcheck: ""
|
|
usercheck: ""
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Execute tests if ipa_version >= 4.9.10
|
|
when: ipa_version is version("4.9.10", ">=")
|
|
block:
|
|
- name: Ensure grace limit is set to 10 for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
gracelimit: 10
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure grace limit is set to 0 for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
gracelimit: 0
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure grace limit is set to 0 for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
gracelimit: 0
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure grace limit is set to 0 for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
gracelimit: -1
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure grace limit is cleared for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
gracelimit: ""
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure grace limit is cleared for global_policy, again
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
gracelimit: ""
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure grace limit is not set to -2 for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
gracelimit: -2
|
|
register: result
|
|
failed_when: not result.failed and "must be at least -1" not in result.msg
|