ansible-freeipa/tests/user/certmapdata/test_user_certmapdata.yml

---
- name: Test user certmapdata
  hosts: ipaserver
  become: true
  gather_facts: false

  tasks:
  - name: Generate self-signed certificates.
    shell:
      cmd: |
        openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout "private{{ item }}.key" -out "cert{{ item }}.pem" -subj '/CN=test'
        openssl x509 -outform der -in "cert{{ item }}.pem" -out "cert{{ item }}.der"
        base64 "cert{{ item }}.der" -w5000 > "cert{{ item }}.b64"
    with_items: [1, 2, 3]
    become: no
    delegate_to: localhost

  - name: User test absent
    ipauser:
      ipaadmin_password: SomeADMINpassword
      name: test
      state: absent

  - name: User test present
    ipauser:
      ipaadmin_password: SomeADMINpassword
      name: test
      first: test
      last: test
    register: result
    failed_when: not result.changed

  - name: User test certmapdata members present
    ipauser:
      ipaadmin_password: SomeADMINpassword
      name: test
      certmapdata:
        - certificate: "{{ lookup('file', 'cert1.b64', rstrip=False) }}"
        - certificate: "{{ lookup('file', 'cert2.b64', rstrip=False) }}"
        - certificate: "{{ lookup('file', 'cert3.b64', rstrip=False) }}"
      action: member
    register: result
    failed_when: not result.changed

  - name: User test certmapdata members present again
    ipauser:
      ipaadmin_password: SomeADMINpassword
      name: test
      certmapdata:
        - certificate: "{{ lookup('file', 'cert1.b64', rstrip=False) }}"
        - certificate: "{{ lookup('file', 'cert2.b64', rstrip=False) }}"
        - certificate: "{{ lookup('file', 'cert3.b64', rstrip=False) }}"
      action: member
    register: result
    failed_when: result.changed

  - name: User test certmapdata members absent
    ipauser:
      ipaadmin_password: SomeADMINpassword
      name: test
      certmapdata:
        - certificate: "{{ lookup('file', 'cert1.b64', rstrip=False) }}"
        - certificate: "{{ lookup('file', 'cert2.b64', rstrip=False) }}"
        - certificate: "{{ lookup('file', 'cert3.b64', rstrip=False) }}"
      action: member
      state: absent
    register: result
    failed_when: not result.changed

  - name: User test certmapdata members absent again
    ipauser:
      ipaadmin_password: SomeADMINpassword
      name: test
      certmapdata:
        - certificate: "{{ lookup('file', 'cert1.b64', rstrip=False) }}"
        - certificate: "{{ lookup('file', 'cert2.b64', rstrip=False) }}"
        - certificate: "{{ lookup('file', 'cert3.b64', rstrip=False) }}"
      action: member
      state: absent
    register: result
    failed_when: result.changed

  - name: User test certmapdata members present
    ipauser:
      ipaadmin_password: SomeADMINpassword
      name: test
      certmapdata:
      - issuer: CN=issuer1
        subject: CN=subject1
      - issuer: CN=issuer2
        subject: CN=subject2
      - issuer: CN=issuer3
        subject: CN=subject3
      action: member
    register: result
    failed_when: not result.changed

  - name: User test certmapdata members present again
    ipauser:
      ipaadmin_password: SomeADMINpassword
      name: test
      certmapdata:
      - issuer: CN=issuer1
        subject: CN=subject1
      - issuer: CN=issuer2
        subject: CN=subject2
      - issuer: CN=issuer3
        subject: CN=subject3
      action: member
    register: result
    failed_when: result.changed

  - name: User test certmapdata members absent
    ipauser:
      ipaadmin_password: SomeADMINpassword
      name: test
      certmapdata:
      - issuer: CN=issuer1
        subject: CN=subject1
      - issuer: CN=issuer3
        subject: CN=subject3
      action: member
      state: absent
    register: result
    failed_when: not result.changed

  - name: User test certmapdata members absent again
    ipauser:
      ipaadmin_password: SomeADMINpassword
      name: test
      certmapdata:
      - issuer: CN=issuer1
        subject: CN=subject1
      - issuer: CN=issuer3
        subject: CN=subject3
      action: member
      state: absent
    register: result
    failed_when: result.changed

  - name: User test certmapdata members absent
    ipauser:
      ipaadmin_password: SomeADMINpassword
      name: test
      certmapdata:
      - issuer: CN=issuer2
        subject: CN=subject2
      action: member
      state: absent
    register: result
    failed_when: not result.changed

  - name: User test certmapdata members absent again
    ipauser:
      ipaadmin_password: SomeADMINpassword
      name: test
      certmapdata:
      - issuer: CN=issuer2
        subject: CN=subject2
      action: member
      state: absent
    register: result
    failed_when: result.changed

  - name: User test certmapdata member present
    ipauser:
      ipaadmin_password: SomeADMINpassword
      name: test
      certmapdata:
      - issuer: CN=ca,dc=example,dc=com
        subject: CN=test,dc=example,dc=com
      action: member
    register: result
    failed_when: not result.changed

  - name: User test certmapdata member present again
    ipauser:
      ipaadmin_password: SomeADMINpassword
      name: test
      certmapdata:
      - issuer: CN=ca,dc=example,dc=com
        subject: CN=test,dc=example,dc=com
      action: member
    register: result
    failed_when: result.changed

  - name: User test certmapdata member (data) present again
    ipauser:
      ipaadmin_password: SomeADMINpassword
      name: test
      certmapdata:
      - data: X509:<I>dc=com,dc=example,CN=ca<S>dc=com,dc=example,CN=test
      action: member
    register: result
    failed_when: result.changed

  - name: User test certmapdata member absent
    ipauser:
      ipaadmin_password: SomeADMINpassword
      name: test
      certmapdata:
      - issuer: CN=ca,dc=example,dc=com
        subject: CN=test,dc=example,dc=com
      action: member
      state: absent
    register: result
    failed_when: not result.changed

  - name: User test certmapdata member (data) absent again
    ipauser:
      ipaadmin_password: SomeADMINpassword
      name: test
      certmapdata:
      - data: X509:<I>dc=com,dc=example,CN=ca<S>dc=com,dc=example,CN=test
      action: member
      state: absent
    register: result
    failed_when: result.changed

  - name: User test absent
    ipauser:
      ipaadmin_password: SomeADMINpassword
      name: test
      state: absent
    register: result
    failed_when: not result.changed

  - name: Remove certificate files.
    shell:
      cmd: rm -f "private{{ item }}.key" "cert{{ item }}.pem" "cert{{ item }}.der" "cert{{ item }}.b64"
    with_items: [1, 2, 3]
    become: no
    delegate_to: localhost
    args:
      warn: no  # suppres warning for not using the `file` module.