ansible-freeipa/tests/config/test_config_empty_string_params.yml

---
- name: Test config
  hosts: "{{ ipa_test_host | default('ipaserver') }}"
  become: yes
  gather_facts: no

  tasks:
  - name: Include tasks ../env_freeipa_facts.yml
    ansible.builtin.include_tasks: ../env_freeipa_facts.yml

  # GET CURRENT CONFIG

  - name: Return current values of the global configuration options
    ipaconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
    register: previousconfig

  - name: Ensure config with empty pac_type, user_auth_type and configstring
    ipaconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      pac_type: ""
      user_auth_type: ""
      configstring: ""

  # TESTS

  - name: Ensure config with pac_type "nfs:NONE" and PAD
    ipaconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      pac_type:
      - "nfs:NONE"
      - PAD
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure config with pac_type "nfs:NONE" and PAD, again
    ipaconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      pac_type:
      - "nfs:NONE"
      - PAD
    register: result
    failed_when: result.changed or result.failed

  - name: Ensure config with empty pac_type
    ipaconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      pac_type: ""
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure config with empty pac_type, again
    ipaconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      pac_type: ""
    register: result
    failed_when: result.changed or result.failed

  - name: Ensure config with user_auth_type otp and radius
    ipaconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      user_auth_type:
      - otp
      - radius
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure config with user_auth_type otp and radius, again
    ipaconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      user_auth_type:
      - otp
      - radius
    register: result
    failed_when: result.changed or result.failed

  - name: Ensure config with user_auth_type passkey
    ipaconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      user_auth_type:
      - passkey
    register: result
    failed_when: not result.changed or result.failed
    when: passkey_is_supported

  - name: Ensure config with user_auth_type passkey, again
    ipaconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      user_auth_type:
      - passkey
    register: result
    failed_when: result.changed or result.failed
    when: passkey_is_supported

  - name: Check if correct message is given if passkey is not supported.
    ipaconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      user_auth_type:
      - passkey
    register: result
    failed_when: not result.failed or "'passkey' is not supported" not in result.msg
    when: not passkey_is_supported

  - name: Ensure config with empty user_auth_type
    ipaconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      user_auth_type: ""
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure config with empty user_auth_type, again
    ipaconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      user_auth_type: ""
    register: result
    failed_when: result.changed or result.failed

  - name: Ensure config with configstring AllowNThash and "KDC:Disable Lockout"
    ipaconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      configstring:
      - AllowNThash
      - "KDC:Disable Lockout"
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure config with configstring AllowNThash and "KDC:Disable Lockout", again
    ipaconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      configstring:
      - AllowNThash
      - "KDC:Disable Lockout"
    register: result
    failed_when: result.changed or result.failed

  - name: Ensure config with empty configstring
    ipaconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      configstring: ""
    register: result
    failed_when: not result.changed or result.failed

  - name: Ensure config with empty configstring, again
    ipaconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      configstring: ""
    register: result
    failed_when: result.changed or result.failed

  # REVERT TO PREVIOUS CONFIG

  - name: Reset to previous pac_type and user_auth_type
    ipaconfig:
      ipaadmin_password: SomeADMINpassword
      ipaapi_context: "{{ ipa_context | default(omit) }}"
      pac_type: '{{ previousconfig.config.pac_type | default("") }}'
      user_auth_type: '{{ previousconfig.config.user_auth_type | default("") }}'
      configstring: '{{ previousconfig.config.configstring | default("") }}'