internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-06-10 10:45:55 +00:00
Code Issues Projects Releases Wiki Activity
Files
3780a9a00e77ae0fd2944b36adad446d094fc90f
ansible-freeipa/tests/pwpolicy/test_pwpolicy.yml
Thomas Woerner 4dd1d25eac ipapwpolicy: Use global_policy if name is not set 
If the name is not set, the policy global_policy is now used. It was needed
before to explicitly name the global_policy. Also a check has been added
to fail early if global_policy is used with state absent.

The README for pwpolicy has been extended with an example for global_policy
and also the description of the name variable.

The test has also been extended to check a change of maxlife for
global_policy and that global_policy can not be used with state: absent

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1797532
2020-02-06 15:40:19 +01:00

109 lines
2.5 KiB
YAML
Raw Blame History

---
- name: Tests
hosts: ipaserver
become: true
gather_facts: false
tasks:
- name: Ensure maxlife of 90 for global_policy
ipapwpolicy:
ipaadmin_password: SomeADMINpassword
maxlife: 90
- name: Ensure absence of group ops
ipagroup:
ipaadmin_password: SomeADMINpassword
name: ops
state: absent
- name: Ensure absence of pwpolicies for group ops
ipapwpolicy:
ipaadmin_password: SomeADMINpassword
name: ops
state: absent
- name: Ensure presence of group ops
ipagroup:
ipaadmin_password: SomeADMINpassword
name: ops
state: present
register: result
failed_when: not result.changed
- name: Ensure presence of pwpolicies for group ops
ipapwpolicy:
ipaadmin_password: SomeADMINpassword
name: ops
minlife: 7
maxlife: 49
history: 5
priority: 1
lockouttime: 300
minlength: 8
minclasses: 5
maxfail: 3
failinterval: 5
register: result
failed_when: not result.changed
- name: Ensure presence of pwpolicies for group ops again
ipapwpolicy:
ipaadmin_password: SomeADMINpassword
name: ops
minlife: 7
maxlife: 49
history: 5
priority: 1
lockouttime: 300
minlength: 8
minclasses: 5
maxfail: 3
failinterval: 5
register: result
failed_when: result.changed
- name: Ensure maxlife of 49 for global_policy
ipapwpolicy:
ipaadmin_password: SomeADMINpassword
maxlife: 49
register: result
failed_when: not result.changed
- name: Ensure maxlife of 49 for global_policy again
ipapwpolicy:
ipaadmin_password: SomeADMINpassword
maxlife: 49
register: result
failed_when: result.changed
- name: Ensure absence of pwpoliciy global_policy will fail
ipapwpolicy:
ipaadmin_password: SomeADMINpassword
state: absent
register: result
ignore_errors: True
failed_when: result is defined and result
- name: Ensure absence of pwpolicies for group ops
ipapwpolicy:
ipaadmin_password: SomeADMINpassword
name: ops
state: absent
register: result
failed_when: not result.changed
- name: Ensure maxlife of 90 for global_policy
ipapwpolicy:
ipaadmin_password: MyPassword123
maxlife: 90
register: result
failed_when: not result.changed
- name: Ensure absence of pwpolicies for group ops
ipapwpolicy:
ipaadmin_password: SomeADMINpassword
name: ops
state: absent
register: result
failed_when: result.changed
Reference in New Issue View Git Blame Copy Permalink