internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-03-26 21:33:05 +00:00
Code Issues Projects Releases Wiki Activity
Files
382ee6ffa070a9851cc8bcd1f19a5756e048f754
ansible-freeipa/tests/automember/test_automember.yml
Thomas Woerner 382ee6ffa0 automember: Verify condition keys 
The automember_add_condition and automember_remove_condition commands
are not verifying condition keys in all cases. This is for example not
done in the removal case if a condition is not part of the automember
rule.

For consistent behaviour this needs to be done in the automember module
now. The condition keys are verified with the user and group aciattrs
returned by the API command json_metadata now.

Related: RHBZ#1976926
2021-07-13 14:58:26 +02:00

369 lines
11 KiB
YAML
Raw Blame History

---
- name: Test automember
hosts: ipaserver
become: true
tasks:
# CLEANUP TEST ITEMS
- name: Ensure group testgroup is absent
ipagroup:
ipaadmin_password: SomeADMINpassword
name: testgroup
state: absent
- name: Ensure hostgroup testhostgroup is absent
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
state: absent
- name: Ensure group automember rule testgroup is absent
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testgroup
state: absent
automember_type: group
- name: Ensure hostgroup automember rule testhostgroup is absent
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
state: absent
automember_type: hostgroup
# CREATE TEST ITEMS
# TESTS
- name: Ensure testgroup group is present
ipagroup:
ipaadmin_password: SomeADMINpassword
name: testgroup
- name: Ensure testhostgroup hostgroup is present
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
- name: Ensure testgroup group automember rule is present
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testgroup
description: testgroup automember rule.
automember_type: group
register: result
failed_when: not result.changed or result.failed
- name: Ensure testgroup group automember rule is present again
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testgroup
description: testgroup automember rule.
automember_type: group
register: result
failed_when: result.changed or result.failed
- name: Change testgroup group automember rule description
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testgroup
description: testgroup automember rule description.
automember_type: group
register: result
failed_when: not result.changed or result.failed
- name: Ensure testgroup group automember rule has conditions
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testgroup
automember_type: group
inclusive:
- key: 'uid'
expression: 'uid'
- key: 'uidnumber'
expression: 'uidnumber'
exclusive:
- key: 'uid'
expression: 'uid'
register: result
failed_when: not result.changed or result.failed
- name: Ensure testgroup group automember rule has conditions again
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testgroup
automember_type: group
inclusive:
- key: 'uid'
expression: 'uid'
- key: 'uidnumber'
expression: 'uidnumber'
exclusive:
- key: 'uid'
expression: 'uid'
register: result
failed_when: result.changed or result.failed
- name: Add testgroup group automember rule member condition
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testgroup
automember_type: group
action: member
inclusive:
- key: 'manager'
expression: 'uid=mscott'
register: result
failed_when: not result.changed or result.failed
- name: Ensure testgroup group automember rule has conditions
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testgroup
automember_type: group
inclusive:
- key: 'uid'
expression: 'uid'
- key: 'uidnumber'
expression: 'uidnumber'
- key: 'manager'
expression: 'uid=mscott'
exclusive:
- key: 'uid'
expression: 'uid'
register: result
failed_when: result.changed or result.failed
- name: Remove testgroup group automember rule member condition
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testgroup
automember_type: group
action: member
state: absent
inclusive:
- key: 'manager'
expression: 'uid=mscott'
register: result
failed_when: not result.changed or result.failed
- name: Ensure testgroup group automember rule has conditions again
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testgroup
automember_type: group
inclusive:
- key: 'uid'
expression: 'uid'
- key: 'uidnumber'
expression: 'uidnumber'
exclusive:
- key: 'uid'
expression: 'uid'
register: result
failed_when: result.changed or result.failed
- name: Ensure testgroup group automember conditions fails on invalid inclusive key
ipaautomember:
ipaadmin_principal: admin
ipaadmin_password: SomeADMINpassword
name: testgroup
automember_type: group
inclusive:
- key: cns
expression: 'foo'
action: member
register: result
failed_when: result.changed or not result.failed or
"Invalid automember condition key 'cns'" not in result.msg
- name: Ensure testgroup group automember conditions fails on invalid exlusive key
ipaautomember:
ipaadmin_principal: admin
ipaadmin_password: SomeADMINpassword
name: testgroup
automember_type: group
exclusive:
- key: cns
expression: 'foo'
action: member
register: result
failed_when: result.changed or not result.failed or
"Invalid automember condition key 'cns'" not in result.msg
- name: Ensure testhostgroup hostgroup automember rule is present
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
description: testhostgroup automember rule
automember_type: hostgroup
register: result
failed_when: not result.changed or result.failed
- name: Ensure testhostgroup hostgroup automember rule is present again
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
description: testhostgroup automember rule
automember_type: hostgroup
register: result
failed_when: result.changed or result.failed
- name: Change testhostgroup hostgroup automember rule description
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
description: testhostgroup test automember rule
automember_type: hostgroup
register: result
failed_when: not result.changed or result.failed
- name: Ensure testhostgroup hostgroup automember rule has conditions
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
automember_type: hostgroup
inclusive:
- key: 'description'
expression: 'description'
- key: 'description'
expression: 'description'
exclusive:
- key: 'cn'
expression: 'cn'
register: result
failed_when: not result.changed or result.failed
- name: Ensure testhostgroup hostgroup automember rule has conditions again
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
automember_type: hostgroup
inclusive:
- key: 'description'
expression: 'description'
- key: 'description'
expression: 'description'
exclusive:
- key: 'cn'
expression: 'cn'
register: result
failed_when: result.changed or result.failed
- name: Add testhostgroup hostgroup automember rule member condition
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
automember_type: hostgroup
action: member
inclusive:
- key: 'fqdn'
expression: '.*.domain.com'
register: result
failed_when: not result.changed or result.failed
- name: Ensure testhostgroup hostgroup automember rule has conditions
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
automember_type: hostgroup
inclusive:
- key: 'description'
expression: 'description'
- key: 'description'
expression: 'description'
- key: 'fqdn'
expression: '.*.domain.com'
exclusive:
- key: 'cn'
expression: 'cn'
register: result
failed_when: result.changed or result.failed
- name: Remove testhostgroup hostgroup automember rule member condition
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
automember_type: hostgroup
action: member
state: absent
inclusive:
- key: 'fqdn'
expression: '.*.domain.com'
register: result
failed_when: not result.changed or result.failed
- name: Ensure testhostgroup hostgroup automember rule has conditions
ipaautomember:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
automember_type: hostgroup
inclusive:
- key: 'description'
expression: 'description'
- key: 'description'
expression: 'description'
exclusive:
- key: 'cn'
expression: 'cn'
register: result
failed_when: result.changed or result.failed
- name: Ensure testhostgroup hostgroup automember conditions fails on invalid inclusive key
ipaautomember:
ipaadmin_principal: admin
ipaadmin_password: SomeADMINpassword
name: testhostgroup
automember_type: hostgroup
inclusive:
- key: cns
expression: 'foo'
action: member
register: result
failed_when: result.changed or not result.failed or
"Invalid automember condition key 'cns'" not in result.msg
- name: Ensure testhostgroup hostgroup automember conditions fails on invalid exlusive key
ipaautomember:
ipaadmin_principal: admin
ipaadmin_password: SomeADMINpassword
name: testhostgroup
automember_type: hostgroup
exclusive:
- key: cns
expression: 'foo'
action: member
register: result
failed_when: result.changed or not result.failed or
"Invalid automember condition key 'cns'" not in result.msg
# CLEANUP TEST ITEMS
- name: Ensure group testgroup is absent
ipagroup:
ipaadmin_password: SomeADMINpassword
name: testgroup
state: absent
- name: Ensure hostgroup testhostgroup is absent
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: testhostgroup
state: absent
- name: Ensure group automember rule testgroup is absent
ipaautomember:
ipaadmin_password: SomeADMINpassword
automember_type: group
name: testgroup
state: absent
- name: Ensure hostgroup automember rule testhostgroup is absent
ipaautomember:
ipaadmin_password: SomeADMINpassword
automember_type: hostgroup
name: testhostgroup
state: absent
Reference in New Issue View Git Blame Copy Permalink