mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-04-14 21:01:03 +00:00
3f3e495ab3
The way how randompasswords are returned by the ipahost module depends
so far on the number of hosts that are handled by the module.
This is unexpected if for example a json file is provided with the hosts
parameter. As it might be unknown how many hosts are in the json file,
this behaviour is unexpected. The return should not vary in this case.
This chamge makes the return simply depend on the use of the hosts
paramater. As soon as this parameter is used, the return will always be:
"host": { "<the host>": { "randompassword": "<the host random password>" } }
In the simply case with one host it will be still
"host": { "randompassword": "<the host random password>" }
This change for ipahost is related to the ipauser PR #1053.
126 lines
3.7 KiB
YAML
126 lines
3.7 KiB
YAML
---
|
|
- name: Test ipahost random password generation
|
|
hosts: ipaserver
|
|
become: true
|
|
|
|
tasks:
|
|
- name: Get Domain from server name
|
|
ansible.builtin.set_fact:
|
|
ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join('.') }}"
|
|
when: ipaserver_domain is not defined
|
|
|
|
- name: Set host1_fqdn and host2_fqdn
|
|
ansible.builtin.set_fact:
|
|
host1_fqdn: "{{ 'host1.' + ipaserver_domain }}"
|
|
host2_fqdn: "{{ 'host2.' + ipaserver_domain }}"
|
|
|
|
- name: Test hosts absent
|
|
ipahost:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name:
|
|
- "{{ host1_fqdn }}"
|
|
- "{{ host2_fqdn }}"
|
|
update_dns: yes
|
|
state: absent
|
|
|
|
- name: Host "{{ host1_fqdn }}" present with random password
|
|
ipahost:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: "{{ host1_fqdn }}"
|
|
random: yes
|
|
force: yes
|
|
update_password: on_create
|
|
register: ipahost
|
|
failed_when: not ipahost.changed or ipahost.failed
|
|
|
|
- name: Assert ipahost.host.randompassword is defined.
|
|
ansible.builtin.assert:
|
|
that:
|
|
- ipahost.host.randompassword is defined
|
|
|
|
- name: Print generated random password
|
|
ansible.builtin.debug:
|
|
var: ipahost.host.randompassword
|
|
|
|
- name: Host "{{ host1_fqdn }}" absent
|
|
ipahost:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name:
|
|
- "{{ host1_fqdn }}"
|
|
state: absent
|
|
|
|
- name: Host "{{ host1_fqdn }}" is present with random password using hosts parameter
|
|
ipahost:
|
|
ipaadmin_password: SomeADMINpassword
|
|
hosts:
|
|
- name: "{{ host1_fqdn }}"
|
|
random: yes
|
|
force: yes
|
|
update_password: on_create
|
|
register: ipahost
|
|
failed_when: not ipahost.changed or
|
|
ipahost.host[host1_fqdn].randompassword is not defined or
|
|
ipahost.failed
|
|
|
|
- name: Host "{{ host1_fqdn }}" absent
|
|
ipahost:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name:
|
|
- "{{ host1_fqdn }}"
|
|
state: absent
|
|
|
|
- name: Hosts "{{ host1_fqdn }}" and "{{ host2_fqdn }}" present with random password
|
|
ipahost:
|
|
ipaadmin_password: SomeADMINpassword
|
|
hosts:
|
|
- name: "{{ host1_fqdn }}"
|
|
random: yes
|
|
force: yes
|
|
- name: "{{ host2_fqdn }}"
|
|
random: yes
|
|
force: yes
|
|
update_password: on_create
|
|
register: ipahost
|
|
failed_when: not ipahost.changed or ipahost.failed
|
|
|
|
- name: Assert randompassword is defined for host1 and host2.
|
|
ansible.builtin.assert:
|
|
that:
|
|
- ipahost.host["{{ host1_fqdn }}"].randompassword is
|
|
defined
|
|
- ipahost.host["{{ host2_fqdn }}"].randompassword is
|
|
defined
|
|
|
|
- name: Print generated random password for "{{ host1_fqdn }}"
|
|
ansible.builtin.debug:
|
|
var: ipahost.host["{{ host1_fqdn }}"].randompassword
|
|
|
|
- name: Print generated random password for "{{ host2_fqdn }}"
|
|
ansible.builtin.debug:
|
|
var: ipahost.host["{{ host2_fqdn }}"].randompassword
|
|
|
|
- name: Enrolled host "{{ ansible_facts['fqdn'] }}" fails to set random password with update_password always
|
|
ipahost:
|
|
ipaadmin_password: SomeADMINpassword
|
|
hosts:
|
|
- name: "{{ ansible_facts['fqdn'] }}"
|
|
random: yes
|
|
update_password: always
|
|
register: ipahost
|
|
failed_when: ipahost.changed or not ipahost.failed
|
|
|
|
- name: Assert randompassword is not defined for 'ansible_fqdn'.
|
|
ansible.builtin.assert:
|
|
that:
|
|
- ipahost.host["{{ ansible_facts['fqdn'] }}"].randompassword is
|
|
not defined
|
|
- "'Password cannot be set on enrolled host' in ipahost.msg"
|
|
|
|
- name: Hosts "{{ host1_fqdn }}" and "{{ host2_fqdn }}" absent
|
|
ipahost:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name:
|
|
- "{{ host1_fqdn }}"
|
|
- "{{ host2_fqdn }}"
|
|
state: absent
|