internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-06-10 10:45:55 +00:00
Code Issues Projects Releases Wiki Activity
Files
5c80b68eb7d798d50edc4d3d43c2ada83f05ad2d
ansible-freeipa/tests/vault/tasks_vault_members.yml
Thomas Woerner b866c56e7e Fix lookup for certicates in tests 
The file lookup is by default setting `rstrip=True` which could lead
into a stripped new line. This is not happening always but resulted in
failed tests sometimes with certificates pasted to the b64encode filter.

For calls of lookup in the certificae tests `rstrip=False` has been
added to make sure that this is not happening any more. Not in
test_dnsrecord as lookup(..., rstrip=False) is adding a new line if
there was not a new line and this is an issue for dnsrecord. The user
and host tests have also been simplified to create the base64 encoded
file in the beginning and use this file then later on in the tests
without the need to use the b64encode filter.

Ref: https://github.com/ansible/ansible/issues/57521#issuecomment-502238000
2020-11-18 22:18:09 +01:00

319 lines
8.3 KiB
YAML
Raw Blame History

---
# Tasks to test member management for Vault module.
- name: Setup testing environment.
import_tasks: env_setup.yml
- name: Ensure vault is present
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
vault_type: "{{vault.vault_type}}"
register: result
failed_when: not result.changed
when: vault.vault_type == 'standard'
- name: Ensure vault is present
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
vault_password: SomeVAULTpassword
vault_type: "{{vault.vault_type}}"
register: result
failed_when: not result.changed
when: vault.vault_type == 'symmetric'
- name: Ensure vault is present
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
vault_type: "{{vault.vault_type}}"
public_key: "{{lookup('file', 'private.pem', rstrip=False) | b64encode}}"
register: result
failed_when: not result.changed
when: vault.vault_type == 'asymmetric'
- name: Ensure vault member user is present.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
users:
- user02
register: result
failed_when: not result.changed
- name: Ensure vault member user is present, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
users:
- user02
register: result
failed_when: result.changed
- name: Ensure more vault member users are present.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
users:
- admin
- user02
register: result
failed_when: not result.changed
- name: Ensure vault member user is still present.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
users:
- user02
register: result
failed_when: result.changed
- name: Ensure vault users are absent.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
users:
- admin
- user02
state: absent
register: result
failed_when: not result.changed
- name: Ensure vault users are absent, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
users:
- admin
- user02
state: absent
register: result
failed_when: result.changed
- name: Ensure vault user is absent, once more.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
users:
- admin
state: absent
register: result
failed_when: result.changed
- name: Ensure vault member group is present.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
groups: vaultgroup
register: result
failed_when: not result.changed
- name: Ensure vault member group is present, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
groups: vaultgroup
register: result
failed_when: result.changed
- name: Ensure vault member group is absent.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
groups: vaultgroup
state: absent
register: result
failed_when: not result.changed
- name: Ensure vault member group is absent, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
groups: vaultgroup
state: absent
register: result
failed_when: result.changed
- name: Ensure vault member service is present.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
services: "HTTP/{{ ansible_fqdn }}"
register: result
failed_when: not result.changed
- name: Ensure vault member service is present, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
services: "HTTP/{{ ansible_fqdn }}"
register: result
failed_when: result.changed
- name: Ensure vault member service is absent.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
services: "HTTP/{{ ansible_fqdn }}"
state: absent
register: result
failed_when: not result.changed
- name: Ensure vault member service is absent, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
services: "HTTP/{{ ansible_fqdn }}"
state: absent
register: result
failed_when: result.changed
- name: Ensure user03 is an owner of vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
owners: user03
action: member
register: result
failed_when: not result.changed
- name: Ensure user03 is an owner of vault, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
owners: user03
action: member
register: result
failed_when: result.changed
- name: Ensure user03 is not owner of vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
owners: user03
state: absent
action: member
register: result
failed_when: not result.changed
- name: Ensure user03 is not owner of vault, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
owners: user03
state: absent
action: member
register: result
failed_when: result.changed
- name: Ensure vaultgroup is an ownergroup of vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownergroups: vaultgroup
action: member
register: result
failed_when: not result.changed
- name: Ensure vaultgroup is an ownergroup of vault, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownergroups: vaultgroup
action: member
register: result
failed_when: result.changed
- name: Ensure vaultgroup is not ownergroup of vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownergroups: vaultgroup
state: absent
action: member
register: result
failed_when: not result.changed
- name: Ensure vaultgroup is not ownergroup of vault, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownergroups: vaultgroup
state: absent
action: member
register: result
failed_when: result.changed
- name: Ensure service is an owner of vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownerservices: "HTTP/{{ ansible_fqdn }}"
action: member
register: result
failed_when: not result.changed
- name: Ensure service is an owner of vault, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownerservices: "HTTP/{{ ansible_fqdn }}"
action: member
register: result
failed_when: result.changed
- name: Ensure service is not owner of vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownerservices: "HTTP/{{ ansible_fqdn }}"
state: absent
action: member
register: result
failed_when: not result.changed
- name: Ensure service is not owner of vault, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownerservices: "HTTP/{{ ansible_fqdn }}"
state: absent
action: member
register: result
failed_when: result.changed
- name: Ensure {{vault.vault_type}} vault is absent
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
state: absent
register: result
failed_when: not result.changed
- name: Ensure {{vault.vault_type}} vault is absent, again
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
state: absent
register: result
failed_when: result.changed
- name: Cleanup testing environment.
import_tasks: env_cleanup.yml
Reference in New Issue View Git Blame Copy Permalink