internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-06-10 10:45:55 +00:00
Code Issues Projects Releases Wiki Activity
Files
5c80b68eb7d798d50edc4d3d43c2ada83f05ad2d
ansible-freeipa/tests/permission/test_permission.yml
Rafael Guterres Jeffman b6cf3e5f51 ipapermission: add version check for bind type 'self' 
FreeIPA 4.8.7 has introduced bind type 'self' as a valid value, and
this PR adds checks so the module fails early if the value is used
with an unsupported version.

Tests and documentation have been updated to reflect the changes.
2020-11-16 11:15:37 -03:00

138 lines
4.0 KiB
YAML
Raw Blame History

---
- name: Test permission
hosts: ipaserver
become: true
tasks:
- include_tasks: ../env_freeipa_facts.yml
# CLEANUP TEST ITEMS
- name: Ensure permission perm-test-1 is absent
ipapermission:
ipaadmin_password: SomeADMINpassword
name:
- perm-test-1
- perm-test-bindtype-test
- perm-test-renamed
state: absent
# TESTS
- name: Ensure permission perm-test-1 is present
ipapermission:
ipaadmin_password: SomeADMINpassword
name: perm-test-1
object_type: host
right: all
register: result
failed_when: not result.changed or result.failed
- name: Ensure permission perm-test-1 is present again
ipapermission:
ipaadmin_password: SomeADMINpassword
name: perm-test-1
object_type: host
right: all
register: result
failed_when: result.changed or result.failed
- name: Ensure permission perm-test-1 member User Administrators privilege is present
ipapermission:
ipaadmin_password: SomeADMINpassword
name: perm-test-1
privilege: "User Administrators"
action: member
register: result
failed_when: not result.changed or result.failed
- name: Ensure permission perm-test-1 member User Administrators privilege is present again
ipapermission:
ipaadmin_password: SomeADMINpassword
name: perm-test-1
privilege: "User Administrators"
action: member
register: result
failed_when: result.changed or result.failed
- name: Ensure permission perm-test-1 member User Administrators privilege is absent
ipapermission:
ipaadmin_password: SomeADMINpassword
name: perm-test-1
privilege: "User Administrators"
action: member
state: absent
register: result
failed_when: not result.changed or result.failed
# NOTE: We use the "User Administrators" Privilege here since we don't have a module
# to make one. A test privilege should be used in the future.
- name: Ensure permission perm-test-1 member User Administrators privilege is absent again
ipapermission:
ipaadmin_password: SomeADMINpassword
name: perm-test-1
privilege: "User Administrators"
action: member
state: absent
register: result
failed_when: result.changed or result.failed
- name: Rename permission perm-test-1 to perm-test-renamed
ipapermission:
ipaadmin_password: SomeADMINpassword
name: perm-test-1
rename: perm-test-renamed
state: renamed
register: result
failed_when: not result.changed or result.failed
- name: Ensure permission perm-test-1 is absent
ipapermission:
ipaadmin_password: SomeADMINpassword
name: perm-test-1
state: absent
register: result
failed_when: result.changed or result.failed
- name: Ensure permission perm-test-renamed is present
ipapermission:
ipaadmin_password: SomeADMINpassword
name: perm-test-renamed
object_type: host
right: all
register: result
failed_when: result.changed or result.failed
- name: Ensure permission with bindtype 'self' is present, if IPA version >= 4.8.7
ipapermission:
ipaadmin_password: SomeADMINpassword
name: perm-test-bindtype-test
bindtype: self
object_type: host
right: all
when: ipa_version is version('4.8.7', '>=')
register: result
failed_when: not result.changed or result.failed
- name: Fail to set permission perm-test-renamed bindtype to 'self', if IPA version < 4.8.7
ipapermission:
ipaadmin_password: SomeADMINpassword
name: perm-test-bindtype-test
bindtype: self
object_type: host
right: all
when: ipa_version is version('4.8.7', '<')
register: result
failed_when: not result.failed or "Bindtype 'self' is not supported by your IPA version." not in result.msg
# CLEANUP TEST ITEMS
- name: Ensure permission perm-test-1 is absent
ipapermission:
ipaadmin_password: SomeADMINpassword
name:
- perm-test-1
- perm-test-bindtype-test
- perm-test-renamed
state: absent
Reference in New Issue View Git Blame Copy Permalink