internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-03-26 21:33:05 +00:00
Code Issues Projects Releases Wiki Activity
Files
2081a1a8ddf95796e1beddf58f3b1bcf22fac84b
ansible-freeipa/tests/service/test_service_disable.yml
Rafael Guterres Jeffman d1dfdc38c9 tests service: Fixes evaluation of 'Keytab = True' 
In ansible-core 2.19 there's no automatic coercion from None or empty
strings to the boolean value "false", so we need to compare the result
of the filter 'regex_search' to 'None' and the empty string to evaluate
if any match occurred.

In fixing this issue, it was found that the tests were incorrectly
evaluating the results, and the comparisons were fixed.

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
2025-08-12 08:25:17 -03:00

113 lines
3.9 KiB
YAML
Raw Blame History

# Due to not having some Ansible modules for IPA, some tasks are executed
# in this playbook using the `shell` module, as a Kerberos tikcket is needed
# for these tasks.
# The Kerberos cache is cleaned in the end, so you might need to `kinit` on
# the testing target after running this playbook.
---
- name: Playbook to manage IPA service.
hosts: ipaserver
become: yes
gather_facts: yes
environment:
KRB5CCNAME: test_service_disable_ccache
tasks:
- name: Get Kerberos ticket for `admin`.
ansible.builtin.shell: echo SomeADMINpassword | kinit -c ${KRB5CCNAME} admin
- name: Generate self-signed certificates.
ansible.builtin.shell:
cmd: |
openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout "private{{ item }}.key" -out "cert{{ item }}.pem" -subj '/CN=test'
openssl x509 -outform der -in "cert{{ item }}.pem" -out "cert{{ item }}.der"
base64 "cert{{ item }}.der" -w5000 > "cert{{ item }}.b64"
with_items: [1]
become: no
delegate_to: localhost
- name: Ensure service is absent
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "mysvc1/{{ ansible_facts['fqdn'] }}"
state: absent
- name: Ensure service is present
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "mysvc1/{{ ansible_facts['fqdn'] }}"
certificate:
- "{{ lookup('file', 'cert1.b64', rstrip=False) }}"
force: no
register: result
failed_when: not result.changed or result.failed
- name: Obtain keytab
ansible.builtin.shell: ipa-getkeytab -s "{{ ansible_facts['fqdn'] }}" -p "mysvc1/{{ ansible_facts['fqdn'] }}" -k mysvc1.keytab
- name: Verify keytab
ansible.builtin.shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}"
register: result
changed_when: false
failed_when: result.failed or (result.stdout | regex_search(" Keytab. [Tt]rue")) in [None, ""]
- name: Ensure service is disabled
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "mysvc1/{{ ansible_facts['fqdn'] }}"
state: disabled
register: result
failed_when: not result.changed or result.failed
- name: Verify keytab
ansible.builtin.shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}"
register: result
changed_when: false
failed_when: result.failed or (result.stdout | regex_search(" Keytab. [Ff]alse")) in [None, ""]
- name: Obtain keytab
ansible.builtin.shell: ipa-getkeytab -s "{{ ansible_facts['fqdn'] }}" -p "mysvc1/{{ ansible_facts['fqdn'] }}" -k mysvc1.keytab
- name: Verify keytab
ansible.builtin.shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}"
register: result
changed_when: false
failed_when: result.failed or (result.stdout | regex_search(" Keytab. [Tt]rue")) in [None, ""]
- name: Ensure service is disabled
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "mysvc1/{{ ansible_facts['fqdn'] }}"
state: disabled
register: result
failed_when: not result.changed or result.failed
- name: Verify keytab
ansible.builtin.shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}"
register: result
changed_when: false
failed_when: result.failed or (result.stdout | regex_search(" Keytab. [Ff]alse")) in [None, ""]
- name: Ensure service is disabled, with no keytab.
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "mysvc1/{{ ansible_facts['fqdn'] }}"
state: disabled
register: result
failed_when: result.changed or result.failed
- name: Ensure service is absent
ipaservice:
ipaadmin_password: SomeADMINpassword
name: "mysvc1/{{ ansible_facts['fqdn'] }}"
- name: Destroy Kerberos tickets.
ansible.builtin.shell: kdestroy -A -q -c ${KRB5CCNAME}
- name: Remove certificate files.
ansible.builtin.shell:
cmd: rm -f "private{{ item }}.key" "cert{{ item }}.pem" "cert{{ item }}.der" "cert{{ item }}.b64"
with_items: [1]
become: no
delegate_to: localhost
Reference in New Issue View Git Blame Copy Permalink