mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-26 21:33:05 +00:00
b175c78c95
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is ansible.builtin.set_fact instead of set_fact for example and aplies for all actions that are part of ansible.builtin. All the replaced ansible.builtins: assert, command, copy, debug, fail, fetch, file, import_playbook, import_tasks, include_role, include_tasks, include_vars, package, set_fact, shell, slurp, stat, systemd
319 lines
9.0 KiB
YAML
319 lines
9.0 KiB
YAML
---
|
|
# Tasks to test member management for Vault module.
|
|
- name: Setup testing environment.
|
|
ansible.builtin.import_tasks: env_setup.yml
|
|
|
|
- name: Ensure vault is present
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
vault_type: "{{ vault.vault_type }}"
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
when: vault.vault_type == 'standard'
|
|
|
|
- name: Ensure vault is present
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
vault_password: SomeVAULTpassword
|
|
vault_type: "{{ vault.vault_type }}"
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
when: vault.vault_type == 'symmetric'
|
|
|
|
- name: Ensure vault is present
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
vault_type: "{{ vault.vault_type }}"
|
|
public_key: "{{ lookup('file', 'A_private.b64') }}"
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
when: vault.vault_type == 'asymmetric'
|
|
|
|
- name: Ensure vault member user is present.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
action: member
|
|
users:
|
|
- user02
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure vault member user is present, again.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
action: member
|
|
users:
|
|
- user02
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure more vault member users are present.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
action: member
|
|
users:
|
|
- admin
|
|
- user02
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure vault member user is still present.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
action: member
|
|
users:
|
|
- user02
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure vault users are absent.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
action: member
|
|
users:
|
|
- admin
|
|
- user02
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure vault users are absent, again.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
action: member
|
|
users:
|
|
- admin
|
|
- user02
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure vault user is absent, once more.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
action: member
|
|
users:
|
|
- admin
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure vault member group is present.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
action: member
|
|
groups: vaultgroup
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure vault member group is present, again.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
action: member
|
|
groups: vaultgroup
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure vault member group is absent.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
action: member
|
|
groups: vaultgroup
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure vault member group is absent, again.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
action: member
|
|
groups: vaultgroup
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure vault member service is present.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
action: member
|
|
services: "HTTP/{{ ansible_facts['fqdn'] }}"
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure vault member service is present, again.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
action: member
|
|
services: "HTTP/{{ ansible_facts['fqdn'] }}"
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure vault member service is absent.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
action: member
|
|
services: "HTTP/{{ ansible_facts['fqdn'] }}"
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure vault member service is absent, again.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
action: member
|
|
services: "HTTP/{{ ansible_facts['fqdn'] }}"
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure user03 is an owner of vault.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
owners: user03
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure user03 is an owner of vault, again.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
owners: user03
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure user03 is not owner of vault.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
owners: user03
|
|
state: absent
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure user03 is not owner of vault, again.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
owners: user03
|
|
state: absent
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure vaultgroup is an ownergroup of vault.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
ownergroups: vaultgroup
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure vaultgroup is an ownergroup of vault, again.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
ownergroups: vaultgroup
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure vaultgroup is not ownergroup of vault.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
ownergroups: vaultgroup
|
|
state: absent
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure vaultgroup is not ownergroup of vault, again.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
ownergroups: vaultgroup
|
|
state: absent
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure service is an owner of vault.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
ownerservices: "HTTP/{{ ansible_facts['fqdn'] }}"
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure service is an owner of vault, again.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
ownerservices: "HTTP/{{ ansible_facts['fqdn'] }}"
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure service is not owner of vault.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
ownerservices: "HTTP/{{ ansible_facts['fqdn'] }}"
|
|
state: absent
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure service is not owner of vault, again.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
ownerservices: "HTTP/{{ ansible_facts['fqdn'] }}"
|
|
state: absent
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure {{ vault.vault_type }} vault is absent
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure {{ vault.vault_type }} vault is absent, again
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ vault.name }}"
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Cleanup testing environment.
|
|
ansible.builtin.import_tasks: env_cleanup.yml
|