mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-26 21:33:05 +00:00
267 lines
8.4 KiB
YAML
267 lines
8.4 KiB
YAML
---
|
|
- name: Test pwpolicy
|
|
hosts: "{{ ipa_test_host | default('ipaserver') }}"
|
|
become: true
|
|
gather_facts: false
|
|
|
|
tasks:
|
|
- name: Setup FreeIPA test facts.
|
|
ansible.builtin.import_tasks: ../env_freeipa_facts.yml
|
|
|
|
- name: Ensure maxlife of 90 for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
maxlife: 90
|
|
|
|
- name: Ensure absence of group ops
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: ops
|
|
state: absent
|
|
|
|
- name: Ensure absence of pwpolicies for group ops
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: ops
|
|
state: absent
|
|
|
|
- name: Ensure presence of group ops
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: ops
|
|
state: present
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure presence of pwpolicies for group ops
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: ops
|
|
minlife: 7
|
|
maxlife: 49
|
|
history: 5
|
|
priority: 1
|
|
lockouttime: 300
|
|
minlength: 8
|
|
minclasses: 5
|
|
maxfail: 3
|
|
failinterval: 5
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure presence of pwpolicies for group ops again
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: ops
|
|
minlife: 7
|
|
maxlife: 49
|
|
history: 5
|
|
priority: 1
|
|
lockouttime: 300
|
|
minlength: 8
|
|
minclasses: 5
|
|
maxfail: 3
|
|
failinterval: 5
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure maxlife of 49 for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
maxlife: 49
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure maxlife of 49 for global_policy again
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
maxlife: 49
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure absence of pwpoliciy global_policy will fail
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.failed or "'global_policy' can not be made absent." not in result.msg
|
|
|
|
- name: Ensure absence of pwpolicies for group ops
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: ops
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure maxlife of 90 for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
maxlife: 90
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure absence of pwpolicies for group ops
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: ops
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Execute tests if ipa_version >= 4.9.0
|
|
block:
|
|
- name: Ensure maxrepeat of 2 for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
maxrepeat: 2
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure maxrepeat of 2 for global_policy, again
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
maxrepeat: 2
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure maxrepeat of 0 for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
maxrepeat: 0
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure maxsequence of 4 for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
maxrepeat: 4
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure maxsequence of 4 for global_policy, again
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
maxrepeat: 4
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure maxsequence of 0 for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
maxrepeat: 0
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure dictcheck is set for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
dictcheck: yes
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure dictcheck is set for global_policy, again
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
dictcheck: yes
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure dictcheck is not set for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
dictcheck: no
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure usercheck is set for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
usercheck: yes
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure usercheck is set for global_policy, again
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
usercheck: yes
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure usercheck is not set for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
usercheck: no
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
when: ipa_version is version("4.9", ">=")
|
|
|
|
- name: Execute tests if ipa_version >= 4.9.10
|
|
block:
|
|
- name: Ensure grace limit is set to 10 for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
gracelimit: 10
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure grace limit is set to 0 for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
gracelimit: 0
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure grace limit is set to 0 for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
gracelimit: 0
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure grace limit is set to 0 for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
gracelimit: -1
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure grace limit is not set to -2 for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
gracelimit: -2
|
|
register: result
|
|
failed_when: not result.failed and "must be at least -1" not in result.msg
|
|
|
|
when: ipa_version is version("4.9.10", ">=")
|