internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-07 13:53:23 +00:00
Code Issues Projects Releases Wiki Activity
Files
master
ansible-freeipa/tests/service/test_service_without_skip_host_check.yml
Thomas Woerner a9257e7f44 service: Use FQCN for ansible.builtin 
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is
ansible.builtin.set_fact instead of set_fact for example and aplies for
all actions that are part of ansible.builtin.

All the replaced ansible.builtins:
  assert, command, copy, debug, fail, fetch, file, import_playbook,
  import_tasks, include_role, include_tasks, include_vars, package,
  set_fact, shell, slurp, stat, systemd
2022-12-20 13:53:43 +01:00

465 lines
13 KiB
YAML
Raw Permalink Blame History

---
- name: Test service without using option skip_host_check
hosts: ipaserver
become: yes
tasks:
# setup
- name: Setup test environment
ansible.builtin.include_tasks: env_setup.yml
# tests
- name: Ensure service is present
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
pac_type:
- MS-PAC
- PAD
auth_ind: otp
force: no
requires_pre_auth: yes
ok_as_delegate: no
ok_to_auth_as_delegate: no
register: result
failed_when: not result.changed or result.failed
- name: Ensure service is present, again
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
pac_type:
- MS-PAC
- PAD
auth_ind: otp
force: no
requires_pre_auth: yes
ok_as_delegate: no
ok_to_auth_as_delegate: no
register: result
failed_when: result.changed or result.failed
- name: Modify service.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
pac_type: NONE
ok_as_delegate: yes
ok_to_auth_as_delegate: yes
register: result
failed_when: not result.changed or result.failed
- name: Modify service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
pac_type: NONE
ok_as_delegate: yes
ok_to_auth_as_delegate: yes
register: result
failed_when: result.changed or result.failed
- name: Ensure service is present, with host not in DNS.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: HTTP/svc.ihavenodns.info
force: yes
register: result
failed_when: not result.changed or result.failed
- name: Ensure service is present, with host not in DNS, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: HTTP/svc.ihavenodns.info
force: yes
register: result
failed_when: result.changed or result.failed
- name: Principal host/test.example.com present in service.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
principal:
- host/test.example.com
action: member
register: result
failed_when: not result.changed or result.failed
- name: Principal host/test.example.com present in service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
principal:
- host/test.example.com
action: member
register: result
failed_when:
result.changed or (result.failed and "already contains one or more values" not in result.msg)
- name: Principal host/test.example.com absent in service.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
principal:
- host/test.example.com
action: member
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Principal host/test.example.com absent in service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
principal:
- host/test.example.com
action: member
state: absent
register: result
failed_when:
result.changed or (result.failed and "does not contain 'one or more values to remove'" not in result.msg)
- name: Ensure host can manage service.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
action: member
register: result
failed_when: not result.changed or result.failed
- name: Ensure host can manage service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
host: "{{ host1_fqdn }}"
action: member
register: result
failed_when: result.changed or result.failed
- name: Ensure host cannot manage service.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
action: member
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure host cannot manage service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
action: member
state: absent
register: result
failed_when: result.changed or result.failed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
- user02
allow_create_keytab_group:
- group01
- group02
allow_create_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
register: result
failed_when: not result.changed or result.failed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
- user02
allow_create_keytab_group:
- group01
- group02
allow_create_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
register: result
failed_when: result.changed or result.failed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
- user02
allow_create_keytab_group:
- group01
- group02
allow_create_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
- user02
allow_create_keytab_group:
- group01
- group02
allow_create_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_create_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
state: absent
register: result
failed_when: result.changed or result.failed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
- user02
allow_retrieve_keytab_group:
- group01
- group02
allow_retrieve_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_retrieve_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
register: result
failed_when: not result.changed or result.failed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
- user02
allow_retrieve_keytab_group:
- group01
- group02
allow_retrieve_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_retrieve_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
register: result
failed_when: result.changed or result.failed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
- user02
allow_retrieve_keytab_group:
- group01
- group02
allow_retrieve_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_retrieve_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
- user02
allow_retrieve_keytab_group:
- group01
- group02
allow_retrieve_keytab_host:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
allow_retrieve_keytab_hostgroup:
- hostgroup01
- hostgroup02
action: member
state: absent
register: result
failed_when: result.changed or result.failed
#
- name: Ensure service is absent
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
continue: yes
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure service is absent, again
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ svc_fqdn }}"
state: absent
register: result
failed_when: result.changed or result.failed
# tests for upstream issue #663
- name: Ensure service is present with principal alias.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "mysvc/{{ host1_fqdn }}"
principal: "asvc/{{ host1_fqdn }}"
register: result
failed_when: result.failed or not result.changed
- name: Ensure service is present with principal alias, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "mysvc/{{ host1_fqdn }}"
principal: "asvc/{{ host1_fqdn }}"
register: result
failed_when: result.failed or result.changed
- name: Ensure service is present with different principal alias.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "mysvc/{{ host1_fqdn }}"
principal: "HTTP/{{ host1_fqdn }}"
force: yes
register: result
failed_when: result.failed or not result.changed
- name: Ensure service is presennt with different principal alias, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "mysvc/{{ host1_fqdn }}"
principal: "HTTP/{{ host1_fqdn }}"
force: yes
register: result
failed_when: result.failed or result.changed
- name: Ensure service member principal alias is present.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "mysvc/{{ host1_fqdn }}"
principal: "asvc/{{ host1_fqdn }}"
action: member
register: result
failed_when: result.failed or not result.changed
- name: Ensure service member principal alias is present, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "mysvc/{{ host1_fqdn }}"
principal: "asvc/{{ host1_fqdn }}"
action: member
register: result
failed_when: result.failed or result.changed
- name: Ensure service member principal alias is absent.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "mysvc/{{ host1_fqdn }}"
principal: "asvc/{{ host1_fqdn }}"
action: member
state: absent
register: result
failed_when: result.failed or not result.changed
- name: Ensure service member principal alias is absent, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "mysvc/{{ host1_fqdn }}"
principal: "asvc/{{ host1_fqdn }}"
action: member
state: absent
register: result
failed_when: result.failed or result.changed
- name: Ensure service is present with multiple principal aliases.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "mysvc/{{ host1_fqdn }}"
principal:
- "HTTP/{{ host1_fqdn }}"
- "asvc/{{ host1_fqdn }}"
register: result
failed_when: result.failed or not result.changed
- name: Ensure service is present with multiple principal aliases, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "mysvc/{{ host1_fqdn }}"
principal:
- "HTTP/{{ host1_fqdn }}"
- "asvc/{{ host1_fqdn }}"
register: result
failed_when: result.failed or result.changed
- name: Ensure service is with multiple principal aliases is absent.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "mysvc/{{ host1_fqdn }}"
continue: yes
state: absent
register: result
failed_when: result.failed or not result.changed
- name: Ensure service is with multiple principal aliases is absent, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "mysvc/{{ host1_fqdn }}"
continue: yes
state: absent
register: result
failed_when: result.failed or result.changed
# end of tests for upstream issue #663
# cleanup
- name: Cleanup test environment
ansible.builtin.include_tasks: env_cleanup.yml
Reference in New Issue View Git Blame Copy Permalink