mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-26 21:33:05 +00:00
91c4b83311
Current version of ansible-list pre-commit hook required changes in the ansible-freeipa yamllint configuration and these changes triggered issues in the current playbooks on roles and tests. This patch adds the required changes to yaml lint configuration and fixes the affected playbooks. Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
528 lines
16 KiB
YAML
528 lines
16 KiB
YAML
---
|
|
- name: Test user
|
|
hosts: "{{ ipa_test_host | default('ipaserver') }}"
|
|
become: true
|
|
gather_facts: false
|
|
|
|
tasks:
|
|
- name: Remove test users
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: manager1,manager2,manager3,pinky,pinky2,igagarin,reddy
|
|
state: absent
|
|
|
|
- name: User manager1 present
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: manager1
|
|
first: Manager
|
|
last: One
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User manager2 present
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: manager2
|
|
first: Manager
|
|
last: One
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User manager3 present
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: manager3
|
|
first: Manager
|
|
last: One
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky present
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
uid: 10001
|
|
gid: 100
|
|
phone: "+555123457"
|
|
email: pinky@acme.com
|
|
principalexpiration: "21220119235959"
|
|
passwordexpiration: "2122-01-19 23:59:59"
|
|
first: pinky
|
|
last: Acme
|
|
initials: pa
|
|
# password: foo2
|
|
principal: pa
|
|
random: yes
|
|
street: PinkyStreet
|
|
city: PinkyCity
|
|
userstate: PinkyState
|
|
postalcode: PinkyZip
|
|
mobile: "+555123458,+555123459"
|
|
pager: "+555123450,+555123451"
|
|
fax: "+555123452,+555123453"
|
|
orgunit: PinkyOrgUnit
|
|
manager: manager1,manager2
|
|
update_password: on_create
|
|
carlicense: PinkyCarLicense1,PinkyCarLicense2
|
|
# sshpubkey
|
|
userauthtype: password,radius,otp
|
|
userclass: PinkyUserClass
|
|
# radius: "http://some.link/"
|
|
# radiususer: PinkyRadiusUser
|
|
departmentnumber: "1234"
|
|
employeenumber: "0815"
|
|
employeetype: "PinkyExmployeeType"
|
|
preferredlanguage: "en"
|
|
# certificate
|
|
noprivate: yes
|
|
nomembers: false
|
|
# issuer: PinkyIssuer
|
|
# subject: PinkySubject
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure user presence with 'random:false'
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
first: pinky
|
|
last: Acme
|
|
random: false
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Set street, again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
street: PinkyStreet
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Clear street attribute.
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
street: ""
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Clear street attribute, again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
street: ""
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User pinky present with changed settings
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
first: pinky
|
|
last: Acme
|
|
manager: []
|
|
principal: []
|
|
sshpubkey:
|
|
# yamllint disable-line rule:line-length
|
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqmVDpEX5gnSjKuv97AyzOhaUMMKz8ahOA3GY77tVC4o68KNgMCmDSEG1/kOIaElngNLaCha3p/2iAcU9Bi1tLKUlm2bbO5NHNwHfRxY/3cJtq+/7D1vxJzqThYwI4F9vr1WxyY2+mMTv3pXbfAJoR8Mu06XaEY5PDetlDKjHLuNWF+/O7ZU8PsULTa1dJZFrtXeFpmUoLoGxQBvlrlcPI1zDciCSU24t27Zan5Py2l5QchyI7yhCyMM77KDtj5+AFVpmkb9+zq50rYJAyFVeyUvwjzErvQrKJzYpA0NyBp7vskWbt36M16/M/LxEK7HA6mkcakO3ESWx5MT1LAjvdlnxbWG3787MxweHXuB8CZU+9bZPFBaJ+VQtOfJ7I8eH0S16moPC4ak8FlcFvOH8ERDPWLFDqfy09yaZ7bVIF0//5ZI7Nf3YDe3S7GrBX5ieYuECyP6UNkTx9BRsAQeVvXEc6otzB7iCSnYBMGUGzCqeigoAWaVQUONsSR3Uatks= pinky@ipaserver.el81.local # noqa 204
|
|
# yamllint disable-line rule:line-length
|
|
- AAAAB3NzaC1yc2EAAAADAQABAAABgQDc8MIjaSrxLYHvu+hduoF4m6NUFSlXZWzYbd3BK4L47/U4eiXoOS6dcfuZJDjmLfOipc7XVp7NADwAgA1yBOAjbeVpXr2tC8w8saZibl75WBOEjDfNroiOh/f/ojrwwHg05QTVSZHs27sU1HBPyCQM/FHVM6EnRfmyiBkEBA/3ca0PJ9UJhWb2XisCaz6y6QcTh4gQnvHzgmEmK31GwiKnmBSEQuj8P5NGCO8RlN3cq3zpRpMDEoBRCjQYicllf/5P43r5OGvS1LhTiAMfyqE37URezNQa7aozBpH1GhIwAmjAtm84jXQjxUgZPYC0aSLuADYErScOP4792r6koH9t/DM5/M+jG2c4PNWynDczUw6Eaxl5E3hU0Ee9UN0Oee7iBnVenS/QMeZNyo5lMA/HXT5lrYiJGTYM0shRjGXXYBbJZhWerguSWDAdUd1gvuGP1nb7/+/Cvb46+HX7zYouS5Ojo0yPzMZ07X142jnKAfx9LnKdMUCwBJzbtoJ91Zc= pinky@ipaserver.el81.local # noqa 204
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky add manager manager1
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
manager: manager1
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky add manager manager1 again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
manager: manager1
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User pinky add manager manager2, manager3
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
manager: manager2,manager3
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky add manager manager2, manager3 again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
manager: manager2,manager3
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User pinky remove manager manager1
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
manager: manager1
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky remove manager manager1 again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
manager: manager1
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User pinky add principal pa
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
principal: pa
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky add principal pa again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
principal: pa
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User pinky add principal pa1
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
principal: pa1
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky remove principal pa1
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
principal: pa1
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky remove principal pa1 again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
principal: pa1
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User pinky remove principal pa
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
principal: pa
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky remove principal non-existing pa2
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
principal: pa2
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User pinky absent and preserved
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
preserve: yes
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky absent and preserved, again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
preserve: yes
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User pinky undeleted (preserved before)
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
state: undeleted
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky undeleted (preserved before), again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
state: undeleted
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Users pinky disabled
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
state: disabled
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Users pinky disabled, again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
state: disabled
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: User pinky enabled
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
state: enabled
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky enabled, again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
state: enabled
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Rename user pinky to reddy
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
rename: reddy
|
|
state: renamed
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Rename user pinky to reddy, again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
rename: reddy
|
|
state: renamed
|
|
register: result
|
|
failed_when: not result.failed or "No user 'pinky'" not in result.msg
|
|
|
|
- name: Rename user reddy to reddy
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: reddy
|
|
rename: reddy
|
|
state: renamed
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Rename user reddy back to pinky
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: reddy
|
|
rename: pinky
|
|
state: renamed
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky absent and preserved for future exclusion.
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
preserve: yes
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky absent
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: User pinky absent and preserved, when already absent
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: pinky
|
|
preserve: yes
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure user with GECOS information exists.
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: igagarin
|
|
first: Iuri
|
|
last: Gagarin
|
|
gecos: Юрий Алексеевич Гагарин
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure user with GECOS information exists, again.
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: igagarin
|
|
first: Iuri
|
|
last: Gagarin
|
|
gecos: Юрий Алексеевич Гагарин
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Modify GECOS information.
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: igagarin
|
|
gecos: Юрий Гагарин
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Updating with existent data, should not change user.
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: igagarin
|
|
first: Iuri
|
|
last: Gagarin
|
|
gecos: Юрий Гагарин
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure GECOS parameter is cleared.
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: igagarin
|
|
gecos: ""
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure GECOS parameter is cleared, again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: igagarin
|
|
gecos: ""
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure GECOS parameter cannot be used with state absent.
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: igagarin
|
|
gecos: Юрий Гагарин
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.failed or "Argument 'gecos' can not be used with action 'user' and state 'absent'" not in result.msg
|
|
|
|
- name: Ensure user igagarin is absent.
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: igagarin
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure user with non-ascii name exists.
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: igagarin
|
|
first: Юрий
|
|
last: Гагарин
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure user with non-ascii name exists has proper GECOS value.
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: igagarin
|
|
gecos: Юрий Гагарин
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Remove test users
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
name: manager1,manager2,manager3,pinky,pinky2,igagarin
|
|
state: absent
|