mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-05-08 14:23:11 +00:00
df4ec30a51
When handling users and hosts is ipasudorule we were missing nome entry
attributes returned from FreeIPA, which would cause the add/del lists to
be incorrectly generated.
By adding the proper lists, both attributes are handled correctly.
A new test to verify the fix is added:
tests/sudorule/test_sudorule_user_host_external.yml
Fixes https://issues.redhat.com/browse/RHEL-68439
95 lines
2.6 KiB
YAML
95 lines
2.6 KiB
YAML
---
|
|
- name: Test correct handling of users and hosts lists on ipasudorule
|
|
hosts: ipaserver
|
|
become: false
|
|
gather_facts: false
|
|
module_defaults:
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipahost:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipasudorule:
|
|
ipaadmin_password: SomeADMINpassword
|
|
tasks:
|
|
- name: Ensure test state is valid
|
|
block:
|
|
- name: Ensure users are present
|
|
ipauser:
|
|
users:
|
|
- name: user_s1
|
|
first: user
|
|
last: s1
|
|
- name: user_s2
|
|
first: user
|
|
last: s2
|
|
- name: Ensure hosts are present
|
|
ipahost:
|
|
hosts:
|
|
- name: mytesthost1.ipadomain.test
|
|
force: true
|
|
- name: mytesthost1a.ipadomain.test
|
|
force: true
|
|
- name: Ensure sudorule_5a is absent
|
|
ipasudorule:
|
|
name: sudorule_5a
|
|
state: absent
|
|
- name: Ensule sudorule_5a is present with host masks and external hosts
|
|
ipasudorule:
|
|
name: sudorule_5a
|
|
hostmask: [192.168.221.0/24, 192.168.110.0/24]
|
|
host: [mytesthost1.ipa.test, mytesthost2.ipa.test]
|
|
user: [user_s1, user_s2]
|
|
|
|
- name: Ensure that sudorule remain present after remove their members(using action member).
|
|
block:
|
|
- name: Ensure sudorules members are absent
|
|
ipasudorule:
|
|
name: sudorule_5a
|
|
hostmask: 192.168.221.0/24
|
|
user: "user_s1"
|
|
host: "mytesthost1.ipa.test"
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure sudorules members are absent, again
|
|
ipasudorule:
|
|
name: sudorule_5a
|
|
hostmask: 192.168.221.0/24
|
|
user: "user_s1"
|
|
host: "mytesthost1.ipa.test"
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Check if other sudorule members are still present.
|
|
ipasudorule:
|
|
name: sudorule_5a
|
|
hostmask: 192.168.110.0/24
|
|
user: "user_s2"
|
|
host: "mytesthost2.ipa.test"
|
|
action: member
|
|
check_mode: true
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
# cleanup
|
|
|
|
- name: Ensure test sudorule is absent
|
|
ipasudorule:
|
|
name: sudorule_5a
|
|
state: absent
|
|
|
|
- name: Ensure test hosts are absent
|
|
ipahost:
|
|
name: [mytesthost1.ipa.test, mytesthost1a.ipa.test]
|
|
state: absent
|
|
|
|
- name: Ensure test users are absent
|
|
ipauser:
|
|
name: [user_s1, user_s2]
|
|
state: absent
|
|
...
|