mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-27 05:43:05 +00:00
47a1d50c84
- Replace outdated noqa 503 with noqa no-handler - Drop outdated and not needed noqa 505 for include_vars - Drop outdated noqa deprecated-command-syntax for ansible.builtin.shell using cmd tag These warnings have been reported by utils/lint_check.sh using ansible-lint 6.22.1.
234 lines
6.8 KiB
YAML
234 lines
6.8 KiB
YAML
---
|
|
- name: Test user certmapdata
|
|
hosts: ipaserver
|
|
become: true
|
|
gather_facts: false
|
|
|
|
tasks:
|
|
- name: Generate self-signed certificates.
|
|
ansible.builtin.shell:
|
|
cmd: |
|
|
openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout "private{{ item }}.key" -out "cert{{ item }}.pem" -subj '/CN=test'
|
|
openssl x509 -outform der -in "cert{{ item }}.pem" -out "cert{{ item }}.der"
|
|
base64 "cert{{ item }}.der" -w5000 > "cert{{ item }}.b64"
|
|
with_items: [1, 2, 3]
|
|
become: no
|
|
delegate_to: localhost
|
|
|
|
- name: User test absent
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: test
|
|
state: absent
|
|
|
|
- name: User test present
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: test
|
|
first: test
|
|
last: test
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User test certmapdata members present
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: test
|
|
certmapdata:
|
|
- certificate: "{{ lookup('file', 'cert1.b64', rstrip=False) }}"
|
|
- certificate: "{{ lookup('file', 'cert2.b64', rstrip=False) }}"
|
|
- certificate: "{{ lookup('file', 'cert3.b64', rstrip=False) }}"
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User test certmapdata members present again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: test
|
|
certmapdata:
|
|
- certificate: "{{ lookup('file', 'cert1.b64', rstrip=False) }}"
|
|
- certificate: "{{ lookup('file', 'cert2.b64', rstrip=False) }}"
|
|
- certificate: "{{ lookup('file', 'cert3.b64', rstrip=False) }}"
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User test certmapdata members absent
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: test
|
|
certmapdata:
|
|
- certificate: "{{ lookup('file', 'cert1.b64', rstrip=False) }}"
|
|
- certificate: "{{ lookup('file', 'cert2.b64', rstrip=False) }}"
|
|
- certificate: "{{ lookup('file', 'cert3.b64', rstrip=False) }}"
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User test certmapdata members absent again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: test
|
|
certmapdata:
|
|
- certificate: "{{ lookup('file', 'cert1.b64', rstrip=False) }}"
|
|
- certificate: "{{ lookup('file', 'cert2.b64', rstrip=False) }}"
|
|
- certificate: "{{ lookup('file', 'cert3.b64', rstrip=False) }}"
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User test certmapdata members present
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: test
|
|
certmapdata:
|
|
- issuer: CN=issuer1
|
|
subject: CN=subject1
|
|
- issuer: CN=issuer2
|
|
subject: CN=subject2
|
|
- issuer: CN=issuer3
|
|
subject: CN=subject3
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User test certmapdata members present again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: test
|
|
certmapdata:
|
|
- issuer: CN=issuer1
|
|
subject: CN=subject1
|
|
- issuer: CN=issuer2
|
|
subject: CN=subject2
|
|
- issuer: CN=issuer3
|
|
subject: CN=subject3
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User test certmapdata members absent
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: test
|
|
certmapdata:
|
|
- issuer: CN=issuer1
|
|
subject: CN=subject1
|
|
- issuer: CN=issuer3
|
|
subject: CN=subject3
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User test certmapdata members absent again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: test
|
|
certmapdata:
|
|
- issuer: CN=issuer1
|
|
subject: CN=subject1
|
|
- issuer: CN=issuer3
|
|
subject: CN=subject3
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User test certmapdata members absent
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: test
|
|
certmapdata:
|
|
- issuer: CN=issuer2
|
|
subject: CN=subject2
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User test certmapdata members absent again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: test
|
|
certmapdata:
|
|
- issuer: CN=issuer2
|
|
subject: CN=subject2
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User test certmapdata member present
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: test
|
|
certmapdata:
|
|
- issuer: CN=ca,dc=example,dc=com
|
|
subject: CN=test,dc=example,dc=com
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User test certmapdata member present again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: test
|
|
certmapdata:
|
|
- issuer: CN=ca,dc=example,dc=com
|
|
subject: CN=test,dc=example,dc=com
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User test certmapdata member (data) present again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: test
|
|
certmapdata:
|
|
- data: X509:<I>dc=com,dc=example,CN=ca<S>dc=com,dc=example,CN=test
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User test certmapdata member absent
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: test
|
|
certmapdata:
|
|
- issuer: CN=ca,dc=example,dc=com
|
|
subject: CN=test,dc=example,dc=com
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User test certmapdata member (data) absent again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: test
|
|
certmapdata:
|
|
- data: X509:<I>dc=com,dc=example,CN=ca<S>dc=com,dc=example,CN=test
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User test absent
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: test
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Remove certificate files.
|
|
ansible.builtin.shell:
|
|
cmd: rm -f "private{{ item }}.key" "cert{{ item }}.pem" "cert{{ item }}.der" "cert{{ item }}.b64"
|
|
with_items: [1, 2, 3]
|
|
become: no
|
|
delegate_to: localhost
|