mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-05-07 05:43:26 +00:00
b33c5a7bab
There is a new role management module placed in the plugins folder:
plugins/modules/iparole.py
The role module allows to ensure presence or absence of roles and
manage role members.
Here is the documentation for the module:
README-role.md
New example playbooks have been added:
playbooks/role/role-is-absent.yml
playbooks/role/role-is-present.yml
playbooks/role/role-member-group-absent.yml
playbooks/role/role-member-group-present.yml
playbooks/role/role-member-host-absent.yml
playbooks/role/role-member-host-present.yml
playbooks/role/role-member-hostgroup-absent.yml
playbooks/role/role-member-hostgroup-present.yml
playbooks/role/role-member-privilege-absent.yml
playbooks/role/role-member-privilege-present.yml
playbooks/role/role-member-service-absent.yml
playbooks/role/role-member-service-present.yml
playbooks/role/role-member-user-absent.yml
playbooks/role/role-member-user-present.yml
playbooks/role/role-members-absent.yml
playbooks/role/role-members-present.yml
playbooks/role/role-rename.yml
New tests for the module:
tests/role/test_role.yml
tests/role/test_role_service_member.yml
389 lines
9.0 KiB
YAML
389 lines
9.0 KiB
YAML
---
|
|
- name: Test role module
|
|
hosts: ipaserver
|
|
become: yes
|
|
gather_facts: yes
|
|
|
|
tasks:
|
|
- name: Set environment facts.
|
|
import_tasks: env_facts.yml
|
|
|
|
- name: Setup environment.
|
|
import_tasks: env_setup.yml
|
|
|
|
# tests
|
|
- name: Ensure role is present.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: renamerole
|
|
description: A role in IPA.
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure role is present, again.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: renamerole
|
|
description: A role in IPA.
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Rename role.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: renamerole
|
|
rename: testrole
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Rename role, again.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: renamerole
|
|
rename: testrole
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Ensure role has member has privileges.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
privilege:
|
|
- DNS Servers
|
|
- Host Administrators
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure role has member has privileges, again.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
privilege:
|
|
- DNS Servers
|
|
- Host Administrators
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Ensure role has less privileges.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
privilege:
|
|
- Host Administrators
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure role has less privileges, again.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
privilege:
|
|
- Host Administrators
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Ensure role has member has privileges restored.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
privilege:
|
|
- DNS Servers
|
|
- Host Administrators
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure role has member has privileges restored, again.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
privilege:
|
|
- DNS Servers
|
|
- Host Administrators
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Ensure role member privileges are absent.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
privilege:
|
|
- DNS Servers
|
|
- Host Administrators
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure role member privileges are absent, again.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
privilege:
|
|
- DNS Servers
|
|
- Host Administrators
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Ensure invalid privileged is not assigned to role.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
privilege: Invalid Privilege
|
|
action: member
|
|
register: result
|
|
failed_when: not result.failed or "privilege not found" not in result.msg
|
|
|
|
- name: Ensure role has member user present.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
user:
|
|
- user01
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure role has member user present, again.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
user:
|
|
- user01
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Ensure role has member user absent.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
user:
|
|
- user01
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure role has member user absent, again.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
user:
|
|
- user01
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Ensure role has member group present.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
group:
|
|
- group01
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure role has member group present, again.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
group:
|
|
- group01
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Ensure role has member group absent.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
group:
|
|
- group01
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure role has member group absent, again.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
group:
|
|
- group01
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Ensure role has member host present.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
host:
|
|
- "{{ host1_fqdn }}"
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure role has member host present, again.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
host:
|
|
- "{{ host1_fqdn }}"
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Ensure role has member host absent.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
host:
|
|
- "{{ host1_fqdn }}"
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure role has member host absent, again.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
host:
|
|
- "{{ host1_fqdn }}"
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Ensure role has member hostgroup present.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
hostgroup:
|
|
- hostgroup01
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure role has member hostgroup present, again.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
hostgroup:
|
|
- hostgroup01
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Ensure role has member hostgroup absent.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
hostgroup:
|
|
- hostgroup01
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure role has member hostgroup absent, again.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
hostgroup:
|
|
- hostgroup01
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Ensure role is absent.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure role is absent, again.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Ensure role with members is present.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
user:
|
|
- user01
|
|
group:
|
|
- group01
|
|
host:
|
|
- "{{ host1_fqdn }}"
|
|
hostgroup:
|
|
- hostgroup01
|
|
privilege:
|
|
- Group Administrators
|
|
- User Administrators
|
|
service:
|
|
- "service01/{{ host1_fqdn }}"
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure role with members is present, again.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
user:
|
|
- user01
|
|
group:
|
|
- group01
|
|
host:
|
|
- "{{ host1_fqdn }}"
|
|
hostgroup:
|
|
- hostgroup01
|
|
privilege:
|
|
- Group Administrators
|
|
- User Administrators
|
|
service:
|
|
- "service01/{{ host1_fqdn }}"
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Ensure role is absent.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure role is absent, again.
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
# cleanup
|
|
- name: Cleanup environment.
|
|
include_tasks: env_cleanup.yml
|