mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-26 21:33:05 +00:00
87e1edf575
There is a new certificate management module placed in the plugins
folder:
plugins/modules/ipacert.py
The certificate module allows to request, revoke, release and retrieve
certificates for users, hosts and services.
Here is the documentation for the module:
README-cert.md
New example playbooks have been added:
playbooks/cert/cert-hold.yml
playbooks/cert/cert-release.yml
playbooks/cert/cert-request-host.yml
playbooks/cert/cert-request-service.yml
playbooks/cert/cert-request-user.yml
playbooks/cert/cert-retrieve.yml
playbooks/cert/cert-revoke.yml
New tests for the module can be found at:
tests/cert/test_cert_client_context.yml
tests/cert/test_cert_host.yml
tests/cert/test_cert_service.yml
tests/cert/test_cert_user.yml
The module has been co-authored by Sam Morris (@yrro) and Rafael
Guterres Jeffman (@rjeffman).
61 lines
2.1 KiB
YAML
61 lines
2.1 KiB
YAML
---
|
|
- name: Test cert
|
|
hosts: ipaclients, ipaserver
|
|
become: false
|
|
gather_facts: false
|
|
module_defaults:
|
|
ipacert:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_contetx: "{{ ipa_context | default(omit) }}"
|
|
|
|
tasks:
|
|
- name: Include FreeIPA facts.
|
|
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
|
|
|
|
# Test will only be executed if host is not a server.
|
|
- name: Execute with server context in the client.
|
|
ipacert:
|
|
ipaapi_context: server
|
|
name: ThisShouldNotWork
|
|
register: result
|
|
failed_when: not (result.failed and result.msg is regex("No module named '*ipaserver'*"))
|
|
when: ipa_host_is_client
|
|
|
|
# Import basic module tests, and execute with ipa_context set to 'client'.
|
|
# If ipaclients is set, it will be executed using the client, if not,
|
|
# ipaserver will be used.
|
|
#
|
|
# With this setup, tests can be executed against an IPA client, against
|
|
# an IPA server using "client" context, and ensure that tests are executed
|
|
# in upstream CI.
|
|
|
|
- name: Test host certs using client context, in client host.
|
|
ansible.builtin.import_playbook: test_cert_host.yml
|
|
when: groups['ipaclients']
|
|
vars:
|
|
ipa_test_host: ipaclients
|
|
|
|
- name: Test service certs using client context, in client host.
|
|
ansible.builtin.import_playbook: test_cert_service.yml
|
|
when: groups['ipaclients']
|
|
vars:
|
|
ipa_test_host: ipaclients
|
|
|
|
- name: Test user certs using client context, in client host.
|
|
ansible.builtin.import_playbook: test_cert_user.yml
|
|
when: groups['ipaclients']
|
|
vars:
|
|
ipa_test_host: ipaclients
|
|
|
|
- name: Test host certs using client context, in server host.
|
|
ansible.builtin.import_playbook: test_cert_host.yml
|
|
when: groups['ipaclients'] is not defined or not groups['ipaclients']
|
|
|
|
- name: Test service certs using client context, in server host.
|
|
ansible.builtin.import_playbook: test_cert_service.yml
|
|
when: groups['ipaclients'] is not defined or not groups['ipaclients']
|
|
|
|
- name: Test user certs using client context, in server host.
|
|
ansible.builtin.import_playbook: test_cert_user.yml
|
|
when: groups['ipaclients'] is not defined or not groups['ipaclients']
|