mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-05-06 21:33:14 +00:00
3b08edda50
Currently, when adding an overlapping set of members causes playbook to fail as the already existing members are added twice. This patch refactors membership management by removing duplicate logic and handling all changes to members in a single place. This change removed code that was causing the execution failures.
317 lines
8.9 KiB
YAML
317 lines
8.9 KiB
YAML
---
|
|
- name: Test group
|
|
hosts: "{{ ipa_test_host | default('ipaserver') }}"
|
|
become: true
|
|
gather_facts: false
|
|
|
|
tasks:
|
|
- name: Ensure users user1, user2 and user3 are absent
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: user1,user2,user3
|
|
state: absent
|
|
|
|
- name: Ensure group group3, group2 and group1 are absent
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: group3,group2,group1
|
|
state: absent
|
|
|
|
- name: Ensure users user1..user3 are present
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
users:
|
|
- name: user1
|
|
first: user1
|
|
last: Last
|
|
- name: user2
|
|
first: user2
|
|
last: Last
|
|
- name: user3
|
|
first: user3
|
|
last: Last
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure group1 is present
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: group1
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure group1 is present again
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: group1
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure group2 is present
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: group2
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure group2 is present again
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: group2
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure group3 is present
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: group3
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure group3 is present again
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: group3
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure groups group2 and group3 are present in group group1
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: group1
|
|
group:
|
|
- group2
|
|
- group3
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure groups group2 and group3 are present in group group1 again
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: group1
|
|
group:
|
|
- group2
|
|
- group3
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure group3 ia present in group group1
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: group1
|
|
group:
|
|
- group3
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure users user1, user2 and user3 are present in group group1
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: group1
|
|
user:
|
|
- user1
|
|
- user2
|
|
- user3
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure users user1, user2 and user3 are present in group group1 again
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: group1
|
|
user:
|
|
- user1
|
|
- user2
|
|
- user3
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
#- ipagroup:
|
|
# ipaadmin_password: SomeADMINpassword
|
|
# ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
# name: group1
|
|
# user:
|
|
# - user7
|
|
# action: member
|
|
|
|
- name: Ensure user user7 is absent in group group1
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: group1
|
|
user:
|
|
- user7
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure group group4 is absent
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: group4
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure groups group3, group2, and group1 are absent
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: group3,group2,group1
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure group group1 is present
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: group1
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure users user1, user2 are present in group group1
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: group1
|
|
user:
|
|
- user1
|
|
- user2
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure users user1, user2 and user3 are present in group group1
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: group1
|
|
user:
|
|
- user1
|
|
- user2
|
|
- user3
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure users user1, user2 are present in group group1, again
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: group1
|
|
user:
|
|
- user1
|
|
- user2
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure users user1, user2 and user3 are present in group group1, again
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: group1
|
|
user:
|
|
- user1
|
|
- user2
|
|
- user3
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure group group1 is absent
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: group1
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure group group1 with users user1, user2 is present
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: group1
|
|
user:
|
|
- user1
|
|
- user2
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure group group1 with users user1, user2 and user3 is present
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: group1
|
|
user:
|
|
- user1
|
|
- user2
|
|
- user3
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure group group1 with users user1, user2 and user3 is present, again
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: group1
|
|
user:
|
|
- user1
|
|
- user2
|
|
- user3
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure only users user1, user2 are present in group group1
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: group1
|
|
user:
|
|
- user1
|
|
- user2
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure group group3, group2 and group1 are absent
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: group3,group2,group1
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure users user1, user2 and user3 are absent
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: user1,user2,user3
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|