mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-26 21:33:05 +00:00
453 lines
14 KiB
YAML
453 lines
14 KiB
YAML
---
|
|
- name: Test role members
|
|
hosts: "{{ ipa_test_host | default('ipaserver') }}"
|
|
become: no
|
|
gather_facts: no
|
|
|
|
vars:
|
|
user_list:
|
|
- User1
|
|
- uSer2
|
|
- usEr3
|
|
group_list:
|
|
- Group1
|
|
- gRoup2
|
|
- grOup3
|
|
host_list:
|
|
- HoSt01
|
|
- hOsT02
|
|
hostgroup_list:
|
|
- TestHostGroup
|
|
service_list:
|
|
- MySVC/host01
|
|
|
|
tasks:
|
|
- name: Include tasks ../env_freeipa_facts.yml
|
|
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
|
|
|
|
- name: Test role member case insensitive
|
|
block:
|
|
# setup
|
|
|
|
- name: Ensure test role is absent
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrule
|
|
state: absent
|
|
|
|
- name: Ensure test users are present
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
users:
|
|
- name: "{{ item }}"
|
|
first: First
|
|
last: Last
|
|
with_items: "{{ user_list }}"
|
|
|
|
- name: Ensure test groups are present
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ item }}"
|
|
with_items: "{{ group_list }}"
|
|
|
|
- name: Ensure test hosts are present
|
|
ipahost:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ item }}.{{ ipaserver_domain }}"
|
|
ip_address: 192.168.122.101
|
|
force: yes
|
|
with_items: "{{ host_list }}"
|
|
|
|
- name: Ensure test hostgroups are present
|
|
ipahostgroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ item }}"
|
|
with_items: "{{ hostgroup_list }}"
|
|
|
|
- name: Ensure test services are present
|
|
ipaservice:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ item }}.{{ ipaserver_domain }}"
|
|
with_items: "{{ service_list }}"
|
|
|
|
# Test with action: hbacrule
|
|
|
|
- name: Check role present with members would trigger a change, mixed case
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
user:
|
|
- "{{ user_list[1] }}"
|
|
- "{{ user_list[2] }}"
|
|
group:
|
|
- "{{ group_list[1] }}"
|
|
- "{{ group_list[2] }}"
|
|
host:
|
|
- "{{ host_list[0] }}"
|
|
- "{{ host_list[1] }}"
|
|
hostgroup:
|
|
- "{{ hostgroup_list[0] }}"
|
|
service:
|
|
- "{{ service_list[0] }}.{{ ipaserver_domain }}"
|
|
check_mode: yes
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure role is present with members, mixed case
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
user:
|
|
- "{{ user_list[1] }}"
|
|
- "{{ user_list[2] }}"
|
|
group:
|
|
- "{{ group_list[1] }}"
|
|
- "{{ group_list[2] }}"
|
|
host:
|
|
- "{{ host_list[0] }}"
|
|
- "{{ host_list[1] }}"
|
|
hostgroup:
|
|
- "{{ hostgroup_list[0] }}"
|
|
service:
|
|
- "{{ service_list[0] }}.{{ ipaserver_domain }}"
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Check role present with members would not trigger a change, mixed case
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
user:
|
|
- "{{ user_list[1] }}"
|
|
- "{{ user_list[2] }}"
|
|
group:
|
|
- "{{ group_list[1] }}"
|
|
- "{{ group_list[2] }}"
|
|
host:
|
|
- "{{ host_list[0] }}"
|
|
- "{{ host_list[1] }}"
|
|
hostgroup:
|
|
- "{{ hostgroup_list[0] }}"
|
|
service:
|
|
- "{{ service_list[0] }}.{{ ipaserver_domain }}"
|
|
check_mode: yes
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure role is present with members, lowercase
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
user:
|
|
- "{{ user_list[1] | lower }}"
|
|
- "{{ user_list[2] | lower }}"
|
|
group:
|
|
- "{{ group_list[1] | lower }}"
|
|
- "{{ group_list[2] | lower }}"
|
|
host:
|
|
- "{{ host_list[0] | lower }}"
|
|
- "{{ host_list[1] | lower }}"
|
|
hostgroup:
|
|
- "{{ hostgroup_list[0] | lower }}"
|
|
service:
|
|
- "{{ (service_list[0] + '.' + ipaserver_domain) | lower }}"
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure role is present with members, upercase
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
user:
|
|
- "{{ user_list[1] | upper }}"
|
|
- "{{ user_list[2] | upper }}"
|
|
group:
|
|
- "{{ group_list[1] | upper }}"
|
|
- "{{ group_list[2] | upper }}"
|
|
host:
|
|
- "{{ host_list[0] | upper }}"
|
|
- "{{ host_list[1] | upper }}"
|
|
hostgroup:
|
|
- "{{ hostgroup_list[0] | upper }}"
|
|
service:
|
|
- "{{ (service_list[0] + '.' + ipaserver_domain) | upper }}"
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure test role is absent
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
state: absent
|
|
|
|
# Test with action: members
|
|
|
|
- name: Ensure test role is present
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
|
|
- name: Check role members present would trigger a change, mixed case
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
user:
|
|
- "{{ user_list[1] }}"
|
|
- "{{ user_list[2] }}"
|
|
group:
|
|
- "{{ group_list[1] }}"
|
|
- "{{ group_list[2] }}"
|
|
host:
|
|
- "{{ host_list[0] }}"
|
|
- "{{ host_list[1] }}"
|
|
hostgroup:
|
|
- "{{ hostgroup_list[0] }}"
|
|
service:
|
|
- "{{ service_list[0] }}.{{ ipaserver_domain }}"
|
|
action: member
|
|
check_mode: yes
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure role is present with members, mixed case
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
user:
|
|
- "{{ user_list[1] }}"
|
|
- "{{ user_list[2] }}"
|
|
group:
|
|
- "{{ group_list[1] }}"
|
|
- "{{ group_list[2] }}"
|
|
host:
|
|
- "{{ host_list[0] }}"
|
|
- "{{ host_list[1] }}"
|
|
hostgroup:
|
|
- "{{ hostgroup_list[0] }}"
|
|
service:
|
|
- "{{ service_list[0] }}.{{ ipaserver_domain }}"
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Check role members present would not trigger a change, mixed case
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
user:
|
|
- "{{ user_list[1] }}"
|
|
- "{{ user_list[2] }}"
|
|
group:
|
|
- "{{ group_list[1] }}"
|
|
- "{{ group_list[2] }}"
|
|
host:
|
|
- "{{ host_list[0] }}"
|
|
- "{{ host_list[1] }}"
|
|
hostgroup:
|
|
- "{{ hostgroup_list[0] }}"
|
|
service:
|
|
- "{{ service_list[0] }}.{{ ipaserver_domain }}"
|
|
action: member
|
|
check_mode: yes
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure role is present with members, lowercase
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
user:
|
|
- "{{ user_list[1] | lower }}"
|
|
- "{{ user_list[2] | lower }}"
|
|
group:
|
|
- "{{ group_list[1] | lower }}"
|
|
- "{{ group_list[2] | lower }}"
|
|
host:
|
|
- "{{ host_list[0] | lower }}"
|
|
- "{{ host_list[1] | lower }}"
|
|
hostgroup:
|
|
- "{{ hostgroup_list[0] | lower }}"
|
|
service:
|
|
- "{{ (service_list[0] + '.' + ipaserver_domain) | lower }}"
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure role is present with members, upercase
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
user:
|
|
- "{{ user_list[1] | upper }}"
|
|
- "{{ user_list[2] | upper }}"
|
|
group:
|
|
- "{{ group_list[1] | upper }}"
|
|
- "{{ group_list[2] | upper }}"
|
|
host:
|
|
- "{{ host_list[0] | upper }}"
|
|
- "{{ host_list[1] | upper }}"
|
|
hostgroup:
|
|
- "{{ hostgroup_list[0] | upper }}"
|
|
service:
|
|
- "{{ (service_list[0] + '.' + ipaserver_domain) | upper }}"
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
# # Test absent members
|
|
- name: Check role members absent would trigger a change, upercase
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
user:
|
|
- "{{ user_list[1] | upper }}"
|
|
- "{{ user_list[2] | upper }}"
|
|
group:
|
|
- "{{ group_list[1] | upper }}"
|
|
- "{{ group_list[2] | upper }}"
|
|
host:
|
|
- "{{ host_list[0] | upper }}"
|
|
- "{{ host_list[1] | upper }}"
|
|
hostgroup:
|
|
- "{{ hostgroup_list[0] | upper }}"
|
|
service:
|
|
- "{{ (service_list[0] + '.' + ipaserver_domain) | upper }}"
|
|
action: member
|
|
state: absent
|
|
check_mode: yes
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure role members are absent, upercase
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
user:
|
|
- "{{ user_list[1] | upper }}"
|
|
- "{{ user_list[2] | upper }}"
|
|
group:
|
|
- "{{ group_list[1] | upper }}"
|
|
- "{{ group_list[2] | upper }}"
|
|
host:
|
|
- "{{ host_list[0] | upper }}"
|
|
- "{{ host_list[1] | upper }}"
|
|
hostgroup:
|
|
- "{{ hostgroup_list[0] | upper }}"
|
|
service:
|
|
- "{{ (service_list[0] + '.' + ipaserver_domain) | upper }}"
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Check role members absent would not trigger a change, upercase
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
user:
|
|
- "{{ user_list[1] | upper }}"
|
|
- "{{ user_list[2] | upper }}"
|
|
group:
|
|
- "{{ group_list[1] | upper }}"
|
|
- "{{ group_list[2] | upper }}"
|
|
host:
|
|
- "{{ host_list[0] | upper }}"
|
|
- "{{ host_list[1] | upper }}"
|
|
hostgroup:
|
|
- "{{ hostgroup_list[0] | upper }}"
|
|
service:
|
|
- "{{ (service_list[0] + '.' + ipaserver_domain) | upper }}"
|
|
action: member
|
|
state: absent
|
|
check_mode: yes
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure role members are absent, mixed case
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
user:
|
|
- "{{ user_list[1] }}"
|
|
- "{{ user_list[2] }}"
|
|
group:
|
|
- "{{ group_list[1] }}"
|
|
- "{{ group_list[2] }}"
|
|
host:
|
|
- "{{ host_list[0] }}"
|
|
- "{{ host_list[1] }}"
|
|
hostgroup:
|
|
- "{{ hostgroup_list[0] }}"
|
|
service:
|
|
- "{{ service_list[0] }}.{{ ipaserver_domain }}"
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure role members are absent, lowercase
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
user:
|
|
- "{{ user_list[1] | lower }}"
|
|
- "{{ user_list[2] | lower }}"
|
|
group:
|
|
- "{{ group_list[1] | lower }}"
|
|
- "{{ group_list[2] | lower }}"
|
|
host:
|
|
- "{{ host_list[0] | lower }}"
|
|
- "{{ host_list[1] | lower }}"
|
|
hostgroup:
|
|
- "{{ hostgroup_list[0] | lower }}"
|
|
service:
|
|
- "{{ (service_list[0] + '.' + ipaserver_domain) | lower }}"
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
always:
|
|
- name: Ensure test role is absent
|
|
iparole:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: testrole
|
|
state: absent
|
|
|
|
- name: Ensure test users are absent
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
users:
|
|
- name: "{{ item }}"
|
|
state: absent
|
|
with_items: "{{ user_list }}"
|
|
|
|
- name: Ensure test groups are absent
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ item }}"
|
|
state: absent
|
|
with_items: "{{ group_list }}"
|
|
|
|
- name: Ensure test hosts are absent
|
|
ipahost:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ item }}.{{ ipaserver_domain }}"
|
|
state: absent
|
|
with_items: "{{ host_list }}"
|
|
|
|
- name: Ensure test hostgroups are absent
|
|
ipahostgroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ item }}"
|
|
state: absent
|
|
with_items: "{{ hostgroup_list }}"
|
|
|
|
- name: Ensure test services are absent
|
|
ipaservice:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ item }}.{{ ipaserver_domain }}"
|
|
continue: yes
|
|
state: absent
|
|
with_items: "{{ service_list }}"
|