mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-05-07 05:43:26 +00:00
603f0c1374
There is a new selfservice management module placed in the plugins folder:
plugins/modules/ipaselfservice.py
The selfservice module allows to ensure presence and absence of selfservices
and manage selfservice attributes.
Here is the documentation for the module:
README-selfservice.md
New example playbooks have been added:
playbooks/selfservice/selfservice-absent.yml
playbooks/selfservice/selfservice-present.yml
playbooks/selfservice/selfservice-member-absent.yml
playbooks/selfservice/selfservice-member-present.yml
New tests for the module:
tests/selfservice/test_selfservice.yml
161 lines
5.3 KiB
YAML
161 lines
5.3 KiB
YAML
---
|
|
- name: Test selfservice
|
|
hosts: ipaserver
|
|
become: true
|
|
|
|
tasks:
|
|
|
|
# CLEANUP TEST ITEMS
|
|
|
|
- name: Ensure selfservice "Users can manage their own name details" is absent
|
|
ipaselfservice:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "Users can manage their own name details"
|
|
state: absent
|
|
|
|
# CREATE TEST ITEMS
|
|
|
|
# TESTS
|
|
|
|
- name: Ensure selfservice "Users can manage their own name details" is present
|
|
ipaselfservice:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "Users can manage their own name details"
|
|
permission: write
|
|
attribute:
|
|
- givenname
|
|
- displayname
|
|
- title
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure selfservice "Users can manage their own name details" is present again
|
|
ipaselfservice:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "Users can manage their own name details"
|
|
permission: write
|
|
attribute:
|
|
- givenname
|
|
- displayname
|
|
- title
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure selfservice "Users can manage their own name details" is present with different attribute initials
|
|
ipaselfservice:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "Users can manage their own name details"
|
|
permission: write
|
|
attribute:
|
|
- initials
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure selfservice "Users can manage their own name details" is present with different attribute initials again
|
|
ipaselfservice:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "Users can manage their own name details"
|
|
permission: write
|
|
attribute:
|
|
- initials
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure selfservice "Users can manage their own name details" member attributes givenname, displayname and title are present
|
|
ipaselfservice:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "Users can manage their own name details"
|
|
attribute:
|
|
- givenname
|
|
- displayname
|
|
- title
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure selfservice "Users can manage their own name details" member attributes givenname, displayname and title are present again
|
|
ipaselfservice:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "Users can manage their own name details"
|
|
attribute:
|
|
- givenname
|
|
- displayname
|
|
- title
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure selfservice "Users can manage their own name details" member attribute title is absent
|
|
ipaselfservice:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "Users can manage their own name details"
|
|
attribute:
|
|
- title
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure selfservice "Users can manage their own name details" member attribute title is absent again
|
|
ipaselfservice:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "Users can manage their own name details"
|
|
attribute:
|
|
- title
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
# TEST permission change
|
|
|
|
- name: Ensure selfservice "Users can manage their own name details" is present with different read,write permission
|
|
ipaselfservice:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "Users can manage their own name details"
|
|
permission: read,write
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure selfservice "Users can manage their own name details" is present with different read,write permission again
|
|
ipaselfservice:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "Users can manage their own name details"
|
|
permission: read,write
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure selfservice "Users can manage their own name details" fails with bad permission read,read
|
|
ipaselfservice:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "Users can manage their own name details"
|
|
permission: read,read
|
|
register: result
|
|
failed_when: not result.failed or "Invalid permission" not in result.msg
|
|
|
|
- name: Ensure selfservice "Users can manage their own name details" fails with bad permission read,write,write
|
|
ipaselfservice:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "Users can manage their own name details"
|
|
permission: read,write,write
|
|
register: result
|
|
failed_when: not result.failed or "Invalid permission" not in result.msg
|
|
|
|
- name: Ensure selfservice "Users can manage their own name details" fails with bad attribute title,title
|
|
ipaselfservice:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "Users can manage their own name details"
|
|
attribute:
|
|
- title
|
|
- title
|
|
register: result
|
|
failed_when: not result.failed or "Invalid attribute" not in result.msg
|
|
|
|
# CLEANUP TEST ITEMS
|
|
|
|
- name: Ensure selfservice "Users can manage their own name details" is absent
|
|
ipaselfservice:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "Users can manage their own name details"
|
|
state: absent
|