mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-05-06 21:33:14 +00:00
f4a8cf4ec7
Module was raising exceptions when trying to create a new privilege
with permissions. This change fixes the behavior and ensuure
idempotence with trying to create a privilege with the same values.
Tests for this behavior have been appended to:
tests/privilege/test_privilege.yml
176 lines
5.0 KiB
YAML
176 lines
5.0 KiB
YAML
---
|
|
- name: Test privilege
|
|
hosts: ipaserver
|
|
become: true
|
|
|
|
tasks:
|
|
|
|
# CLEANUP TEST ITEMS
|
|
|
|
- name: Ensure privilege "Broad Privilege" is absent
|
|
ipaprivilege:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name:
|
|
- Broad Privilege
|
|
- DNS Privilege
|
|
state: absent
|
|
|
|
# CREATE TEST ITEMS
|
|
|
|
# TESTS
|
|
|
|
- name: Ensure privilege Broad Privilege is present
|
|
ipaprivilege:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: Broad Privilege
|
|
description: Broad Privilege
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure privilege Broad Privilege is present again
|
|
ipaprivilege:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: Broad Privilege
|
|
description: Broad Privilege
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Change privilege Broad Privilege description
|
|
ipaprivilege:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: Broad Privilege
|
|
description: Broad Privilege description
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure privilege Broad Privilege has permissions
|
|
ipaprivilege:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: Broad Privilege
|
|
permission:
|
|
- "Write IPA Configuration"
|
|
- "System: Write DNS Configuration"
|
|
- "System: Update DNS Entries"
|
|
action: member
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure privilege Broad Privilege has permissions, again
|
|
ipaprivilege:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: Broad Privilege
|
|
permission:
|
|
- "Write IPA Configuration"
|
|
- "System: Write DNS Configuration"
|
|
- "System: Update DNS Entries"
|
|
action: member
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure privilege Broad Privilege member permission "Write IPA Configuration" is absent
|
|
ipaprivilege:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: Broad Privilege
|
|
permission:
|
|
- "Write IPA Configuration"
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure privilege Broad Privilege member permission "Write IPA Configuration" is absent again
|
|
ipaprivilege:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: Broad Privilege
|
|
permission:
|
|
- "Write IPA Configuration"
|
|
action: member
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure privilege Broad Privilege is absent
|
|
ipaprivilege:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: Broad Privilege
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure privilege Broad Privilege is present
|
|
ipaprivilege:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: Broad Privilege
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure privilege Broad Privilege is renamed to "DNS Privilege"
|
|
ipaprivilege:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: Broad Privilege
|
|
rename: DNS Privilege
|
|
state: renamed
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure privilege Broad Privilege cannot be renamed, because it does not exist.
|
|
ipaprivilege:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: Broad Privilege
|
|
rename: DNS Privilege
|
|
state: renamed
|
|
register: result
|
|
failed_when: not result.failed or "No privilege found to be renamed" not in result.msg
|
|
|
|
- name: Ensure privilege cannot be renamed to the same name.
|
|
ipaprivilege:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: DNS Privilege
|
|
rename: DNS Privilege
|
|
state: renamed
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure privilege cannot be renamed to the same name.
|
|
ipaprivilege:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: DNS Privilege
|
|
rename: DNS Privilege
|
|
state: renamed
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure "Broad Privilege" is absent.
|
|
ipaprivilege:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: Broad Privilege
|
|
state: absent
|
|
|
|
- name: Ensure privilege Broad Privilege is created with permission. (issue 529)
|
|
ipaprivilege:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: Broad Privilege
|
|
permission:
|
|
- "Write IPA Configuration"
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure privilege Broad Privilege is created with permission, again. (issue 529)
|
|
ipaprivilege:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: Broad Privilege
|
|
permission:
|
|
- "Write IPA Configuration"
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
# CLEANUP TEST ITEMS
|
|
|
|
- name: Ensure privilege testing privileges are absent
|
|
ipaprivilege:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name:
|
|
- Broad Privilege
|
|
- DNS Privilege
|
|
state: absent
|