internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-08 14:23:11 +00:00
Code Issues Projects Releases Wiki Activity
Files
141554bd3da78b62dbeeeec3116a9751ba8f0a6e
ansible-freeipa/tests/vault/tasks_vault_members.yml
Rafael Guterres Jeffman 14f682ad76 Remove usage of b64encode in lookup from Vault tests. 
There are some issues using a combination of `lookup('file')` and the
`b64encode` filter in Ansible, making tests unstable. This change
removes the usage of b64encode when loading public and private keys
from files in the Vault test playbooks.
2021-01-07 09:18:53 -03:00

319 lines
8.3 KiB
YAML
Raw Blame History

---
# Tasks to test member management for Vault module.
- name: Setup testing environment.
import_tasks: env_setup.yml
- name: Ensure vault is present
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
vault_type: "{{vault.vault_type}}"
register: result
failed_when: not result.changed
when: vault.vault_type == 'standard'
- name: Ensure vault is present
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
vault_password: SomeVAULTpassword
vault_type: "{{vault.vault_type}}"
register: result
failed_when: not result.changed
when: vault.vault_type == 'symmetric'
- name: Ensure vault is present
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{ vault.name }}"
vault_type: "{{ vault.vault_type }}"
public_key: "{{lookup('file', 'A_private.b64')}}"
register: result
failed_when: not result.changed
when: vault.vault_type == 'asymmetric'
- name: Ensure vault member user is present.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
users:
- user02
register: result
failed_when: not result.changed
- name: Ensure vault member user is present, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
users:
- user02
register: result
failed_when: result.changed
- name: Ensure more vault member users are present.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
users:
- admin
- user02
register: result
failed_when: not result.changed
- name: Ensure vault member user is still present.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
users:
- user02
register: result
failed_when: result.changed
- name: Ensure vault users are absent.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
users:
- admin
- user02
state: absent
register: result
failed_when: not result.changed
- name: Ensure vault users are absent, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
users:
- admin
- user02
state: absent
register: result
failed_when: result.changed
- name: Ensure vault user is absent, once more.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
users:
- admin
state: absent
register: result
failed_when: result.changed
- name: Ensure vault member group is present.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
groups: vaultgroup
register: result
failed_when: not result.changed
- name: Ensure vault member group is present, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
groups: vaultgroup
register: result
failed_when: result.changed
- name: Ensure vault member group is absent.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
groups: vaultgroup
state: absent
register: result
failed_when: not result.changed
- name: Ensure vault member group is absent, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
groups: vaultgroup
state: absent
register: result
failed_when: result.changed
- name: Ensure vault member service is present.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
services: "HTTP/{{ ansible_fqdn }}"
register: result
failed_when: not result.changed
- name: Ensure vault member service is present, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
services: "HTTP/{{ ansible_fqdn }}"
register: result
failed_when: result.changed
- name: Ensure vault member service is absent.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
services: "HTTP/{{ ansible_fqdn }}"
state: absent
register: result
failed_when: not result.changed
- name: Ensure vault member service is absent, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
services: "HTTP/{{ ansible_fqdn }}"
state: absent
register: result
failed_when: result.changed
- name: Ensure user03 is an owner of vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
owners: user03
action: member
register: result
failed_when: not result.changed
- name: Ensure user03 is an owner of vault, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
owners: user03
action: member
register: result
failed_when: result.changed
- name: Ensure user03 is not owner of vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
owners: user03
state: absent
action: member
register: result
failed_when: not result.changed
- name: Ensure user03 is not owner of vault, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
owners: user03
state: absent
action: member
register: result
failed_when: result.changed
- name: Ensure vaultgroup is an ownergroup of vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownergroups: vaultgroup
action: member
register: result
failed_when: not result.changed
- name: Ensure vaultgroup is an ownergroup of vault, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownergroups: vaultgroup
action: member
register: result
failed_when: result.changed
- name: Ensure vaultgroup is not ownergroup of vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownergroups: vaultgroup
state: absent
action: member
register: result
failed_when: not result.changed
- name: Ensure vaultgroup is not ownergroup of vault, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownergroups: vaultgroup
state: absent
action: member
register: result
failed_when: result.changed
- name: Ensure service is an owner of vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownerservices: "HTTP/{{ ansible_fqdn }}"
action: member
register: result
failed_when: not result.changed
- name: Ensure service is an owner of vault, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownerservices: "HTTP/{{ ansible_fqdn }}"
action: member
register: result
failed_when: result.changed
- name: Ensure service is not owner of vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownerservices: "HTTP/{{ ansible_fqdn }}"
state: absent
action: member
register: result
failed_when: not result.changed
- name: Ensure service is not owner of vault, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownerservices: "HTTP/{{ ansible_fqdn }}"
state: absent
action: member
register: result
failed_when: result.changed
- name: Ensure {{vault.vault_type}} vault is absent
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
state: absent
register: result
failed_when: not result.changed
- name: Ensure {{vault.vault_type}} vault is absent, again
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
state: absent
register: result
failed_when: result.changed
- name: Cleanup testing environment.
import_tasks: env_cleanup.yml
Reference in New Issue View Git Blame Copy Permalink