mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-26 21:33:05 +00:00
92e44f6a6c
All tasks for idoverrideuser and idoverridegroup with state absent failed with "'continue' is required" when delete_continue was not set. This happended as delete_continue was internally None and continue: None was provided to the API. The fix is simply to use '"continue": delete_continue or False' so that continue is set to False in this case.
567 lines
18 KiB
YAML
567 lines
18 KiB
YAML
---
|
|
- name: Test idoverrideuser
|
|
hosts: "{{ ipa_test_host | default('ipaserver') }}"
|
|
become: false
|
|
gather_facts: false
|
|
module_defaults:
|
|
ipaidoverrideuser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
ipaidview:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
|
|
tasks:
|
|
|
|
# CLEANUP TEST ITEMS
|
|
|
|
- name: Ensure test users test_user1..3 do not exist
|
|
ipauser:
|
|
name:
|
|
- test_user1
|
|
- test_user2
|
|
- test_user3
|
|
state: absent
|
|
|
|
- name: Ensure test users test_user1..3 are absent in idview test_idview
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor:
|
|
- test_user1
|
|
- test_user2
|
|
- test_user3
|
|
state: absent
|
|
|
|
- name: Ensure test idview test_idview does not exist
|
|
ipaidview:
|
|
name: test_idview
|
|
state: absent
|
|
|
|
# CREATE TEST ITEMS
|
|
|
|
- name: Ensure test users test_user1..3 exist
|
|
ipauser:
|
|
users:
|
|
- name: test_user1
|
|
first: test
|
|
last: user1
|
|
- name: test_user2
|
|
first: test
|
|
last: user2
|
|
- name: test_user3
|
|
first: test
|
|
last: user3
|
|
|
|
- name: Ensure test idview test_idview exists
|
|
ipaidview:
|
|
name: test_idview
|
|
|
|
- name: Generate self-signed certificates.
|
|
ansible.builtin.shell:
|
|
cmd: |
|
|
openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout "private{{ item }}.key" -out "cert{{ item }}.pem" -subj '/CN=test'
|
|
openssl x509 -outform der -in "cert{{ item }}.pem" -out "cert{{ item }}.der"
|
|
base64 "cert{{ item }}.der" -w5000 > "cert{{ item }}.b64"
|
|
with_items: [1, 2, 3]
|
|
become: no
|
|
delegate_to: localhost
|
|
|
|
# TESTS
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview, again
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user2 is present in idview test_idview
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user2
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user2 is present in idview test_idview, again
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user2
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user3 is present in idview test_idview
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user3
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user3 is present in idview test_idview, again
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user3
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
# description
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview with description
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
description: "test_user1 description"
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview with description, again
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
description: "test_user1 description"
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview without description
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
description: ""
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview without description, again
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
description: ""
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
# name
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview with internal name test_123_user
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
name: test_123_user
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview with internal name test_123_user, again
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
name: test_123_user
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview without internal name
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
name: ""
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview without internal name, again
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
name: ""
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
# uid
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview with uid 20001
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
uid: 20001
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview with uid 20001, again
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
uid: 20001
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview without uid
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
uid: ""
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview without uid, again
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
uid: ""
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
# gecos
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview with gecos "Gecos Test"
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
gecos: Gecos Test öäüÇœß
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview with gecos "Gecos Test", again
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
gecos: Gecos Test öäüÇœß
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview without gecos
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
gecos: ""
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview without gecos, again
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
gecos: ""
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
# gidnumber
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview with gidnumber 20001
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
gidnumber: 20001
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview with gidnumber 20001, again
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
gidnumber: 20001
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview without gidnumber
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
gidnumber: ""
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview without gidnumber, again
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
gidnumber: ""
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
# homedir
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview with homedir /Users
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
homedir: /Users
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview with homedir /Users, again
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
homedir: /Users
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview without homedir
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
homedir: ""
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview without homedir, again
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
homedir: ""
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
# shell
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview with shell /bin/someshell
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
shell: /bin/someshell
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview with shell /bin/someshell, again
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
shell: /bin/someshell
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview without shell
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
shell: ""
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview without shell, again
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
shell: ""
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
# sshpubkey
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview with sshpubkey
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
sshpubkey:
|
|
# yamllint disable-line rule:line-length
|
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqmVDpEX5gnSjKuv97AyzOhaUMMKz8ahOA3GY77tVC4o68KNgMCmDSEG1/kOIaElngNLaCha3p/2iAcU9Bi1tLKUlm2bbO5NHNwHfRxY/3cJtq+/7D1vxJzqThYwI4F9vr1WxyY2+mMTv3pXbfAJoR8Mu06XaEY5PDetlDKjHLuNWF+/O7ZU8PsULTa1dJZFrtXeFpmUoLoGxQBvlrlcPI1zDciCSU24t27Zan5Py2l5QchyI7yhCyMM77KDtj5+AFVpmkb9+zq50rYJAyFVeyUvwjzErvQrKJzYpA0NyBp7vskWbt36M16/M/LxEK7HA6mkcakO3ESWx5MT1LAjvdlnxbWG3787MxweHXuB8CZU+9bZPFBaJ+VQtOfJ7I8eH0S16moPC4ak8FlcFvOH8ERDPWLFDqfy09yaZ7bVIF0//5ZI7Nf3YDe3S7GrBX5ieYuECyP6UNkTx9BRsAQeVvXEc6otzB7iCSnYBMGUGzCqeigoAWaVQUONsSR3Uatks= pinky@ipaserver.el81.local # noqa 204
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview with sshpubkey, again
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
sshpubkey:
|
|
# yamllint disable-line rule:line-length
|
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqmVDpEX5gnSjKuv97AyzOhaUMMKz8ahOA3GY77tVC4o68KNgMCmDSEG1/kOIaElngNLaCha3p/2iAcU9Bi1tLKUlm2bbO5NHNwHfRxY/3cJtq+/7D1vxJzqThYwI4F9vr1WxyY2+mMTv3pXbfAJoR8Mu06XaEY5PDetlDKjHLuNWF+/O7ZU8PsULTa1dJZFrtXeFpmUoLoGxQBvlrlcPI1zDciCSU24t27Zan5Py2l5QchyI7yhCyMM77KDtj5+AFVpmkb9+zq50rYJAyFVeyUvwjzErvQrKJzYpA0NyBp7vskWbt36M16/M/LxEK7HA6mkcakO3ESWx5MT1LAjvdlnxbWG3787MxweHXuB8CZU+9bZPFBaJ+VQtOfJ7I8eH0S16moPC4ak8FlcFvOH8ERDPWLFDqfy09yaZ7bVIF0//5ZI7Nf3YDe3S7GrBX5ieYuECyP6UNkTx9BRsAQeVvXEc6otzB7iCSnYBMGUGzCqeigoAWaVQUONsSR3Uatks= pinky@ipaserver.el81.local # noqa 204
|
|
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview without sshpubkey
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
sshpubkey: []
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview without sshpubkey, again
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
sshpubkey: []
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
# certificate
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview with 1 certificate
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
certificate:
|
|
- "{{ lookup('file', 'cert1.b64', rstrip=False) }}"
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview with 1 certificate, again
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
certificate:
|
|
- "{{ lookup('file', 'cert1.b64', rstrip=False) }}"
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview with 1 certificate member
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
certificate:
|
|
- "{{ lookup('file', 'cert1.b64', rstrip=False) }}"
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview with 3 certificate members
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
certificate:
|
|
- "{{ lookup('file', 'cert1.b64', rstrip=False) }}"
|
|
- "{{ lookup('file', 'cert2.b64', rstrip=False) }}"
|
|
- "{{ lookup('file', 'cert3.b64', rstrip=False) }}"
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview with 3 certificate members, again
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
certificate:
|
|
- "{{ lookup('file', 'cert1.b64', rstrip=False) }}"
|
|
- "{{ lookup('file', 'cert2.b64', rstrip=False) }}"
|
|
- "{{ lookup('file', 'cert3.b64', rstrip=False) }}"
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview without certificate members
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
certificate:
|
|
- "{{ lookup('file', 'cert2.b64', rstrip=False) }}"
|
|
- "{{ lookup('file', 'cert3.b64', rstrip=False) }}"
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview without certificate members, again
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
certificate:
|
|
- "{{ lookup('file', 'cert2.b64', rstrip=False) }}"
|
|
- "{{ lookup('file', 'cert3.b64', rstrip=False) }}"
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview without certificates
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
certificate: []
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview without certificates, again
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
certificate: []
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is present in idview test_idview without certificate members
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
certificate:
|
|
- "{{ lookup('file', 'cert1.b64', rstrip=False) }}"
|
|
- "{{ lookup('file', 'cert2.b64', rstrip=False) }}"
|
|
- "{{ lookup('file', 'cert3.b64', rstrip=False) }}"
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
# no fallback_to_ldap tests
|
|
|
|
# absent
|
|
|
|
- name: Ensure test user test_user1 is absent in idview test_idview
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure test user test_user1 is absent in idview test_idview, again
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor: test_user1
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure test users test_user2,3 are absent in idview test_idview
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor:
|
|
- test_user2
|
|
- test_user3
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure test users test_user2,3 are absent in idview test_idview, again
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor:
|
|
- test_user2
|
|
- test_user3
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
# CLEANUP TEST ITEMS
|
|
|
|
- name: Ensure test user test_user1 does not exist
|
|
ipauser:
|
|
name: test_user1
|
|
state: absent
|
|
|
|
- name: Ensure test users test_user1..3 are absent in idview test_idview
|
|
ipaidoverrideuser:
|
|
idview: test_idview
|
|
anchor:
|
|
- test_user1
|
|
- test_user2
|
|
- test_user3
|
|
state: absent
|
|
|
|
- name: Ensure test idview test_idview does not exist
|
|
ipaidview:
|
|
name: test_idview
|
|
state: absent
|
|
|
|
- name: Remove certificate files. # noqa: deprecated-command-syntax
|
|
ansible.builtin.shell:
|
|
cmd: rm -f "private{{ item }}.key" "cert{{ item }}.pem" "cert{{ item }}.der" "cert{{ item }}.b64"
|
|
with_items: [1, 2, 3]
|
|
become: no
|
|
delegate_to: localhost
|