mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-27 05:43:05 +00:00
9c13882428
This patch adds Ansible tasks to create and remove self-signed certificates, instead of using previously created certificates. The certificates are then `lookup`, instead of being used inline in the playbooks. Playbooks are easier to read and maintain with this changes, and there is no need to change the playbooks, if a certificate expires.
171 lines
4.7 KiB
YAML
171 lines
4.7 KiB
YAML
---
|
|
- name: Test user certmapdata
|
|
hosts: ipaserver
|
|
become: true
|
|
gather_facts: false
|
|
|
|
tasks:
|
|
- name: Generate self-signed certificates.
|
|
shell:
|
|
cmd: |
|
|
openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout "private{{ item }}.key" -out "cert{{ item }}.pem" -subj '/CN=test'
|
|
openssl x509 -outform der -in "cert{{ item }}.pem" -out "cert{{ item }}.der"
|
|
with_items: [1, 2, 3]
|
|
become: no
|
|
delegate_to: localhost
|
|
|
|
- name: User test absent
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
users:
|
|
- name: test
|
|
state: absent
|
|
|
|
- name: User test present
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
users:
|
|
- name: test
|
|
first: test
|
|
last: test
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: User test certmapdata members present
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
users:
|
|
- name: test
|
|
certmapdata:
|
|
- certificate: "{{ lookup('file', 'cert1.der') | b64encode }}"
|
|
- certificate: "{{ lookup('file', 'cert2.der') | b64encode }}"
|
|
- certificate: "{{ lookup('file', 'cert3.der') | b64encode }}"
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: User test certmapdata members present again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
users:
|
|
- name: test
|
|
certmapdata:
|
|
- certificate: "{{ lookup('file', 'cert1.der') | b64encode }}"
|
|
- certificate: "{{ lookup('file', 'cert2.der') | b64encode }}"
|
|
- certificate: "{{ lookup('file', 'cert3.der') | b64encode }}"
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: User test certmapdata members absent
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
users:
|
|
- name: test
|
|
certmapdata:
|
|
- certificate: "{{ lookup('file', 'cert1.der') | b64encode }}"
|
|
- certificate: "{{ lookup('file', 'cert2.der') | b64encode }}"
|
|
- certificate: "{{ lookup('file', 'cert3.der') | b64encode }}"
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: User test certmapdata members absent again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
users:
|
|
- name: test
|
|
certmapdata:
|
|
- certificate: "{{ lookup('file', 'cert1.der') | b64encode }}"
|
|
- certificate: "{{ lookup('file', 'cert2.der') | b64encode }}"
|
|
- certificate: "{{ lookup('file', 'cert3.der') | b64encode }}"
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: User test certmapdata members present
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
users:
|
|
- name: test
|
|
certmapdata:
|
|
- issuer: CN=issuer1
|
|
subject: CN=subject1
|
|
- issuer: CN=issuer2
|
|
subject: CN=subject2
|
|
- issuer: CN=issuer3
|
|
subject: CN=subject3
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: User test certmapdata members present again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
users:
|
|
- name: test
|
|
certmapdata:
|
|
- issuer: CN=issuer1
|
|
subject: CN=subject1
|
|
- issuer: CN=issuer2
|
|
subject: CN=subject2
|
|
- issuer: CN=issuer3
|
|
subject: CN=subject3
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: User test certmapdata members absent
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
users:
|
|
- name: test
|
|
certmapdata:
|
|
- issuer: CN=issuer1
|
|
subject: CN=subject1
|
|
- issuer: CN=issuer2
|
|
subject: CN=subject2
|
|
- issuer: CN=issuer3
|
|
subject: CN=subject3
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: User test certmapdata members absent again
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
users:
|
|
- name: test
|
|
certmapdata:
|
|
- issuer: CN=issuer1
|
|
subject: CN=subject1
|
|
- issuer: CN=issuer2
|
|
subject: CN=subject2
|
|
- issuer: CN=issuer3
|
|
subject: CN=subject3
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: User test absent
|
|
ipauser:
|
|
ipaadmin_password: SomeADMINpassword
|
|
users:
|
|
- name: test
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Remove certificate files.
|
|
shell:
|
|
cmd: rm -f "private{{ item }}.key" "cert{{ item }}.pem" "cert{{ item }}.der"
|
|
with_items: [1, 2, 3]
|
|
become: no
|
|
delegate_to: localhost
|
|
args:
|
|
warn: no # suppres warning for not using the `file` module.
|