mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-26 21:33:05 +00:00
536b7cb5f3
The value 'passkey' was missing as a valid value for user_auth_type attribute. Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
567 lines
18 KiB
YAML
567 lines
18 KiB
YAML
---
|
|
- name: Test user
|
|
hosts: "{{ ipa_test_host | default('ipaserver') }}"
|
|
become: true
|
|
gather_facts: false
|
|
|
|
tasks:
|
|
- name: Include FreeIPA facts.
|
|
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
|
|
|
|
- name: Remove test users
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: manager1,manager2,manager3,pinky,pinky2,igagarin,reddy
|
|
state: absent
|
|
|
|
- name: User manager1 present
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: manager1
|
|
first: Manager
|
|
last: One
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User manager2 present
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: manager2
|
|
first: Manager
|
|
last: One
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User manager3 present
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: manager3
|
|
first: Manager
|
|
last: One
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky present
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
uid: 10001
|
|
gid: 100
|
|
phone: "+555123457"
|
|
email: pinky@acme.com
|
|
principalexpiration: "21220119235959"
|
|
passwordexpiration: "2122-01-19 23:59:59"
|
|
first: pinky
|
|
last: Acme
|
|
initials: pa
|
|
# password: foo2
|
|
principal: pa
|
|
random: yes
|
|
street: PinkyStreet
|
|
city: PinkyCity
|
|
userstate: PinkyState
|
|
postalcode: PinkyZip
|
|
mobile: "+555123458,+555123459"
|
|
pager: "+555123450,+555123451"
|
|
fax: "+555123452,+555123453"
|
|
orgunit: PinkyOrgUnit
|
|
manager: manager1,manager2
|
|
update_password: on_create
|
|
carlicense: PinkyCarLicense1,PinkyCarLicense2
|
|
# sshpubkey
|
|
userauthtype: password,radius,otp
|
|
userclass: PinkyUserClass
|
|
# radius: "http://some.link/"
|
|
# radiususer: PinkyRadiusUser
|
|
departmentnumber: "1234"
|
|
employeenumber: "0815"
|
|
employeetype: "PinkyExmployeeType"
|
|
preferredlanguage: "en"
|
|
# certificate
|
|
noprivate: yes
|
|
nomembers: false
|
|
# issuer: PinkyIssuer
|
|
# subject: PinkySubject
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure user presence with 'random:false'
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
first: pinky
|
|
last: Acme
|
|
random: false
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Set street, again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
street: PinkyStreet
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Clear street attribute.
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
street: ""
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Clear street attribute, again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
street: ""
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User pinky present with changed settings
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
first: pinky
|
|
last: Acme
|
|
manager: []
|
|
principal: []
|
|
sshpubkey:
|
|
# yamllint disable-line rule:line-length
|
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqmVDpEX5gnSjKuv97AyzOhaUMMKz8ahOA3GY77tVC4o68KNgMCmDSEG1/kOIaElngNLaCha3p/2iAcU9Bi1tLKUlm2bbO5NHNwHfRxY/3cJtq+/7D1vxJzqThYwI4F9vr1WxyY2+mMTv3pXbfAJoR8Mu06XaEY5PDetlDKjHLuNWF+/O7ZU8PsULTa1dJZFrtXeFpmUoLoGxQBvlrlcPI1zDciCSU24t27Zan5Py2l5QchyI7yhCyMM77KDtj5+AFVpmkb9+zq50rYJAyFVeyUvwjzErvQrKJzYpA0NyBp7vskWbt36M16/M/LxEK7HA6mkcakO3ESWx5MT1LAjvdlnxbWG3787MxweHXuB8CZU+9bZPFBaJ+VQtOfJ7I8eH0S16moPC4ak8FlcFvOH8ERDPWLFDqfy09yaZ7bVIF0//5ZI7Nf3YDe3S7GrBX5ieYuECyP6UNkTx9BRsAQeVvXEc6otzB7iCSnYBMGUGzCqeigoAWaVQUONsSR3Uatks= pinky@ipaserver.el81.local # noqa 204
|
|
# yamllint disable-line rule:line-length
|
|
- AAAAB3NzaC1yc2EAAAADAQABAAABgQDc8MIjaSrxLYHvu+hduoF4m6NUFSlXZWzYbd3BK4L47/U4eiXoOS6dcfuZJDjmLfOipc7XVp7NADwAgA1yBOAjbeVpXr2tC8w8saZibl75WBOEjDfNroiOh/f/ojrwwHg05QTVSZHs27sU1HBPyCQM/FHVM6EnRfmyiBkEBA/3ca0PJ9UJhWb2XisCaz6y6QcTh4gQnvHzgmEmK31GwiKnmBSEQuj8P5NGCO8RlN3cq3zpRpMDEoBRCjQYicllf/5P43r5OGvS1LhTiAMfyqE37URezNQa7aozBpH1GhIwAmjAtm84jXQjxUgZPYC0aSLuADYErScOP4792r6koH9t/DM5/M+jG2c4PNWynDczUw6Eaxl5E3hU0Ee9UN0Oee7iBnVenS/QMeZNyo5lMA/HXT5lrYiJGTYM0shRjGXXYBbJZhWerguSWDAdUd1gvuGP1nb7/+/Cvb46+HX7zYouS5Ojo0yPzMZ07X142jnKAfx9LnKdMUCwBJzbtoJ91Zc= pinky@ipaserver.el81.local # noqa 204
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky add manager manager1
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
manager: manager1
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky add manager manager1 again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
manager: manager1
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User pinky add manager manager2, manager3
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
manager: manager2,manager3
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky add manager manager2, manager3 again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
manager: manager2,manager3
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User pinky remove manager manager1
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
manager: manager1
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky remove manager manager1 again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
manager: manager1
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User pinky add principal pa
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
principal: pa
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky add principal pa again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
principal: pa
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User pinky add principal pa1
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
principal: pa1
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky remove principal pa1
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
principal: pa1
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky remove principal pa1 again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
principal: pa1
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User pinky remove principal pa
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
principal: pa
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky remove principal non-existing pa2
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
principal: pa2
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User pinky absent and preserved
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
preserve: yes
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky absent and preserved, again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
preserve: yes
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User pinky undeleted (preserved before)
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
state: undeleted
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky undeleted (preserved before), again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
state: undeleted
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Users pinky disabled
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
state: disabled
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Users pinky disabled, again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
state: disabled
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User pinky enabled
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
state: enabled
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky enabled, again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
state: enabled
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Rename user pinky to reddy
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
rename: reddy
|
|
state: renamed
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Rename user pinky to reddy, again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
rename: reddy
|
|
state: renamed
|
|
register: result
|
|
failed_when: not result.failed or "No user 'pinky'" not in result.msg
|
|
|
|
- name: Rename user reddy to reddy
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: reddy
|
|
rename: reddy
|
|
state: renamed
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Rename user reddy back to pinky
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: reddy
|
|
rename: pinky
|
|
state: renamed
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure user pinky with userauthtype passkey exists
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
first: pinky
|
|
last: user
|
|
userauthtype: passkey
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
when: passkey_is_supported
|
|
|
|
- name: Ensure user pinky with userauthtype passkey exists, again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
first: pinky
|
|
last: user
|
|
userauthtype: passkey
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
when: passkey_is_supported
|
|
|
|
- name: Check if correct message is given if passkey is not supported.
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
first: pinky
|
|
last: user
|
|
userauthtype: passkey
|
|
register: result
|
|
when: not passkey_is_supported
|
|
failed_when: not result.failed or "'passkey' is not supported" not in result.msg
|
|
|
|
- name: User pinky absent and preserved for future exclusion.
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
preserve: yes
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky absent
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky absent and preserved, when already absent
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
preserve: yes
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure user with GECOS information exists.
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: igagarin
|
|
first: Iuri
|
|
last: Gagarin
|
|
gecos: Юрий Алексеевич Гагарин
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure user with GECOS information exists, again.
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: igagarin
|
|
first: Iuri
|
|
last: Gagarin
|
|
gecos: Юрий Алексеевич Гагарин
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Modify GECOS information.
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: igagarin
|
|
gecos: Юрий Гагарин
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Updating with existent data, should not change user.
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: igagarin
|
|
first: Iuri
|
|
last: Gagarin
|
|
gecos: Юрий Гагарин
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure GECOS parameter is cleared.
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: igagarin
|
|
gecos: ""
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure GECOS parameter is cleared, again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: igagarin
|
|
gecos: ""
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure GECOS parameter cannot be used with state absent.
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: igagarin
|
|
gecos: Юрий Гагарин
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.failed or "Argument 'gecos' can not be used with action 'user' and state 'absent'" not in result.msg
|
|
|
|
- name: Ensure user igagarin is absent.
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: igagarin
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure user with non-ascii name exists.
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: igagarin
|
|
first: Юрий
|
|
last: Гагарин
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure user with non-ascii name exists has proper GECOS value.
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: igagarin
|
|
gecos: Юрий Гагарин
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Remove test users
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: manager1,manager2,manager3,pinky,pinky2,igagarin
|
|
state: absent
|