mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-26 21:33:05 +00:00
6fa8223662
Add support for 'idp' and 'idp_user_id' to ipauser plugin. FreeIPA 4.10.0 is required for both attributes.
108 lines
2.9 KiB
YAML
108 lines
2.9 KiB
YAML
---
|
|
- name: Test user
|
|
hosts: "{{ ipa_test_host | default('ipaserver') }}"
|
|
become: false
|
|
gather_facts: false
|
|
module_defaults:
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
|
|
tasks:
|
|
- name: Include tasks ../env_freeipa_facts.yml
|
|
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
|
|
|
|
# CLEANUP TEST ITEMS
|
|
|
|
- name: Ensure user idpuser is absent
|
|
ipauser:
|
|
name: idpuser
|
|
state: absent
|
|
|
|
# CREATE TEST ITEMS
|
|
- name: Run tests if FreeIPA 4.10.0+ is installed
|
|
when: ipa_version is version('4.10.0', '>=')
|
|
block:
|
|
- name: Ensure IDP provider is present
|
|
# TODO: Use an ansible-freeipa plugin instead of 'shell'
|
|
ansible.builtin.shell:
|
|
cmd: |
|
|
kinit -c test_krb5_cache admin <<< SomeADMINpassword
|
|
KRB5CCNAME=test_krb5_cache ipa idp-add keycloak --provider keycloak \
|
|
--org master \
|
|
--base-url https://client.ipademo.local:8443/auth \
|
|
--client-id ipa_oidc_client \
|
|
--secret <<< $(echo -e "Secret123\nSecret123")
|
|
kdestroy -c test_krb5_cache -q -A
|
|
register: addidp
|
|
failed_when:
|
|
- '"Added Identity Provider" not in addidp.stdout'
|
|
- '"already exists" not in addidp.stderr'
|
|
|
|
# TESTS
|
|
|
|
- name: Ensure user idpuser is present
|
|
ipauser:
|
|
name: idpuser
|
|
first: IDP
|
|
last: User
|
|
userauthtype: idp
|
|
idp: keycloak
|
|
idp_user_id: "idpuser@ipademo.local"
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure user idpuser is present again
|
|
ipauser:
|
|
name: idpuser
|
|
first: IDP
|
|
last: User
|
|
userauthtype: idp
|
|
idp: keycloak
|
|
idp_user_id: "idpuser@ipademo.local"
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Clear 'idp_user_id'
|
|
ipauser:
|
|
name: idpuser
|
|
idp_user_id: ""
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Clear 'idp'
|
|
ipauser:
|
|
name: idpuser
|
|
idp: ""
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure user idpuser is absent
|
|
ipauser:
|
|
name: idpuser
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure user idpuser is absent again
|
|
ipauser:
|
|
name: idpuser
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
|
|
# CLEANUP TEST ITEMS
|
|
- name: Ensure IDP provider is absent
|
|
# TODO: Use an ansible-freeipa plugin instead of 'shell'
|
|
ansible.builtin.shell:
|
|
cmd: |
|
|
kinit -c test_krb5_cache admin <<< SomeADMINpassword
|
|
ipa idp-del keycloak
|
|
kdestroy -c test_krb5_cache -q -A
|
|
always:
|
|
- name: Ensure user idpuser is absent
|
|
ipauser:
|
|
name: idpuser
|
|
state: absent
|