ansible-freeipa/tests/service/test_service_without_skip_host_check.yml

---
- name: Test service without using option skip_host_check
  hosts: ipaserver
  become: yes

  tasks:

  # setup

  - name: Setup test environment
    include_tasks: env_setup.yml

  # tests
  - name: Ensure service is present
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "HTTP/{{ svc_fqdn }}"
      pac_type:
        - MS-PAC
        - PAD
      auth_ind: otp
      force: no
      requires_pre_auth: yes
      ok_as_delegate: no
      ok_to_auth_as_delegate: no
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure service is present, again
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "HTTP/{{ svc_fqdn }}"
      pac_type:
        - MS-PAC
        - PAD
      auth_ind: otp
      force: no
      requires_pre_auth: yes
      ok_as_delegate: no
      ok_to_auth_as_delegate: no
    register: result
    failed_when: result.changed or result.failed

  - name: Modify service.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "HTTP/{{ svc_fqdn }}"
      pac_type: NONE
      ok_as_delegate: yes
      ok_to_auth_as_delegate: yes
    register: result
    failed_when: not result.changed or result.failed

  - name: Modify service, again.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "HTTP/{{ svc_fqdn }}"
      pac_type: NONE
      ok_as_delegate: yes
      ok_to_auth_as_delegate: yes
    register: result
    failed_when: result.changed or result.failed

  - name: Ensure service is present, with host not in DNS.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: HTTP/svc.ihavenodns.info
      force: yes
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure service is present, with host not in DNS, again.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: HTTP/svc.ihavenodns.info
      force: yes
    register: result
    failed_when: result.changed or result.failed

  - name: Principal host/test.example.com present in service.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "HTTP/{{ svc_fqdn }}"
      principal:
        - host/test.example.com
      action: member
    register: result
    failed_when: not result.changed or result.failed

  - name: Principal host/test.example.com present in service, again.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "HTTP/{{ svc_fqdn }}"
      principal:
        - host/test.example.com
      action: member
    register: result
    failed_when:
      result.changed or (result.failed and "already contains one or more values" not in result.msg)

  - name: Principal host/test.example.com absent in service.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "HTTP/{{ svc_fqdn }}"
      principal:
        - host/test.example.com
      action: member
      state: absent
    register: result
    failed_when: not result.changed or result.failed

  - name: Principal host/test.example.com absent in service, again.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "HTTP/{{ svc_fqdn }}"
      principal:
        - host/test.example.com
      action: member
      state: absent
    register: result
    failed_when:
      result.changed or (result.failed and "does not contain 'one or more values to remove'" not in result.msg)

  - name: Ensure host can manage service.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "HTTP/{{ svc_fqdn }}"
      host:
      - "{{ host1_fqdn }}"
      - "{{ host2_fqdn }}"
      action: member
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure host can manage service, again.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "HTTP/{{ svc_fqdn }}"
      host: "{{ host1_fqdn }}"
      action: member
    register: result
    failed_when: result.changed or result.failed

  - name: Ensure host cannot manage service.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "HTTP/{{ svc_fqdn }}"
      host:
      - "{{ host1_fqdn }}"
      - "{{ host2_fqdn }}"
      action: member
      state: absent
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure host cannot manage service, again.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "HTTP/{{ svc_fqdn }}"
      host:
      - "{{ host1_fqdn }}"
      - "{{ host2_fqdn }}"
      action: member
      state: absent
    register: result
    failed_when: result.changed or result.failed

  - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "HTTP/{{ svc_fqdn }}"
      allow_create_keytab_user:
      - user01
      - user02
      allow_create_keytab_group:
      - group01
      - group02
      allow_create_keytab_host:
      - "{{ host1_fqdn }}"
      - "{{ host2_fqdn }}"
      allow_create_keytab_hostgroup:
      - hostgroup01
      - hostgroup02
      action: member
    register: result
    failed_when: not result.changed or result.failed

  - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups, again.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "HTTP/{{ svc_fqdn }}"
      allow_create_keytab_user:
      - user01
      - user02
      allow_create_keytab_group:
      - group01
      - group02
      allow_create_keytab_host:
      - "{{ host1_fqdn }}"
      - "{{ host2_fqdn }}"
      allow_create_keytab_hostgroup:
      - hostgroup01
      - hostgroup02
      action: member
    register: result
    failed_when: result.changed or result.failed

  - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "HTTP/{{ svc_fqdn }}"
      allow_create_keytab_user:
      - user01
      - user02
      allow_create_keytab_group:
      - group01
      - group02
      allow_create_keytab_host:
      - "{{ host1_fqdn }}"
      - "{{ host2_fqdn }}"
      allow_create_keytab_hostgroup:
      - hostgroup01
      - hostgroup02
      action: member
      state: absent
    register: result
    failed_when: not result.changed or result.failed

  - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups, again.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "HTTP/{{ svc_fqdn }}"
      allow_create_keytab_user:
      - user01
      - user02
      allow_create_keytab_group:
      - group01
      - group02
      allow_create_keytab_host:
      - "{{ host1_fqdn }}"
      - "{{ host2_fqdn }}"
      allow_create_keytab_hostgroup:
      - hostgroup01
      - hostgroup02
      action: member
      state: absent
    register: result
    failed_when: result.changed or result.failed

  - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "HTTP/{{ svc_fqdn }}"
      allow_retrieve_keytab_user:
      - user01
      - user02
      allow_retrieve_keytab_group:
      - group01
      - group02
      allow_retrieve_keytab_host:
      - "{{ host1_fqdn }}"
      - "{{ host2_fqdn }}"
      allow_retrieve_keytab_hostgroup:
      - hostgroup01
      - hostgroup02
      action: member
    register: result
    failed_when: not result.changed or result.failed

  - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups, again.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "HTTP/{{ svc_fqdn }}"
      allow_retrieve_keytab_user:
      - user01
      - user02
      allow_retrieve_keytab_group:
      - group01
      - group02
      allow_retrieve_keytab_host:
      - "{{ host1_fqdn }}"
      - "{{ host2_fqdn }}"
      allow_retrieve_keytab_hostgroup:
      - hostgroup01
      - hostgroup02
      action: member
    register: result
    failed_when: result.changed or result.failed

  - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "HTTP/{{ svc_fqdn }}"
      allow_retrieve_keytab_user:
      - user01
      - user02
      allow_retrieve_keytab_group:
      - group01
      - group02
      allow_retrieve_keytab_host:
      - "{{ host1_fqdn }}"
      - "{{ host2_fqdn }}"
      allow_retrieve_keytab_hostgroup:
      - hostgroup01
      - hostgroup02
      action: member
      state: absent
    register: result
    failed_when: not result.changed or result.failed

  - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups, again.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "HTTP/{{ svc_fqdn }}"
      allow_retrieve_keytab_user:
      - user01
      - user02
      allow_retrieve_keytab_group:
      - group01
      - group02
      allow_retrieve_keytab_host:
      - "{{ host1_fqdn }}"
      - "{{ host2_fqdn }}"
      allow_retrieve_keytab_hostgroup:
      - hostgroup01
      - hostgroup02
      action: member
      state: absent
    register: result
    failed_when: result.changed or result.failed

  #
  - name: Ensure service is absent
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "HTTP/{{ svc_fqdn }}"
      continue: yes
      state: absent
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure service is absent, again
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "HTTP/{{ svc_fqdn }}"
      state: absent
    register: result
    failed_when: result.changed or result.failed

  # tests for upstream issue #663
  - name: Ensure service is present with principal alias.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "mysvc/{{ host1_fqdn }}"
      principal: "asvc/{{ host1_fqdn }}"
    register: result
    failed_when: result.failed or not result.changed

  - name: Ensure service is present with principal alias, again.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "mysvc/{{ host1_fqdn }}"
      principal: "asvc/{{ host1_fqdn }}"
    register: result
    failed_when: result.failed or result.changed

  - name: Ensure service is present with different principal alias.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "mysvc/{{ host1_fqdn }}"
      principal: "HTTP/{{ host1_fqdn }}"
      force: yes
    register: result
    failed_when: result.failed or not result.changed

  - name: Ensure service is presennt with different principal alias, again.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "mysvc/{{ host1_fqdn }}"
      principal: "HTTP/{{ host1_fqdn }}"
      force: yes
    register: result
    failed_when: result.failed or result.changed

  - name: Ensure service member principal alias is present.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "mysvc/{{ host1_fqdn }}"
      principal: "asvc/{{ host1_fqdn }}"
      action: member
    register: result
    failed_when: result.failed or not result.changed

  - name: Ensure service member principal alias is present, again.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "mysvc/{{ host1_fqdn }}"
      principal: "asvc/{{ host1_fqdn }}"
      action: member
    register: result
    failed_when: result.failed or result.changed

  - name: Ensure service member principal alias is absent.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "mysvc/{{ host1_fqdn }}"
      principal: "asvc/{{ host1_fqdn }}"
      action: member
      state: absent
    register: result
    failed_when: result.failed or not result.changed

  - name: Ensure service member principal alias is absent, again.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "mysvc/{{ host1_fqdn }}"
      principal: "asvc/{{ host1_fqdn }}"
      action: member
      state: absent
    register: result
    failed_when: result.failed or result.changed

  - name: Ensure service is present with multiple principal aliases.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "mysvc/{{ host1_fqdn }}"
      principal:
        - "HTTP/{{ host1_fqdn }}"
        - "asvc/{{ host1_fqdn }}"
    register: result
    failed_when: result.failed or not result.changed

  - name: Ensure service is present with multiple principal aliases, again.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "mysvc/{{ host1_fqdn }}"
      principal:
        - "HTTP/{{ host1_fqdn }}"
        - "asvc/{{ host1_fqdn }}"
    register: result
    failed_when: result.failed or result.changed

  - name: Ensure service is with multiple principal aliases is absent.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "mysvc/{{ host1_fqdn }}"
      continue: yes
      state: absent
    register: result
    failed_when: result.failed or not result.changed

  - name: Ensure service is with multiple principal aliases is absent, again.
    ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: "mysvc/{{ host1_fqdn }}"
      continue: yes
      state: absent
    register: result
    failed_when: result.failed or result.changed
  # end of tests for upstream issue #663

  # cleanup
  - name: Cleanup test environment
    include_tasks: env_cleanup.yml