mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-06-10 10:45:55 +00:00
ef9ddcc750
For failed_when result.failed should be used to make sure that the task fails if there was an error.
109 lines
2.7 KiB
YAML
109 lines
2.7 KiB
YAML
---
|
|
- name: Test pwpolicy
|
|
hosts: ipaserver
|
|
become: true
|
|
gather_facts: false
|
|
|
|
tasks:
|
|
- name: Ensure maxlife of 90 for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
maxlife: 90
|
|
|
|
- name: Ensure absence of group ops
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: ops
|
|
state: absent
|
|
|
|
- name: Ensure absence of pwpolicies for group ops
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: ops
|
|
state: absent
|
|
|
|
- name: Ensure presence of group ops
|
|
ipagroup:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: ops
|
|
state: present
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure presence of pwpolicies for group ops
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: ops
|
|
minlife: 7
|
|
maxlife: 49
|
|
history: 5
|
|
priority: 1
|
|
lockouttime: 300
|
|
minlength: 8
|
|
minclasses: 5
|
|
maxfail: 3
|
|
failinterval: 5
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure presence of pwpolicies for group ops again
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: ops
|
|
minlife: 7
|
|
maxlife: 49
|
|
history: 5
|
|
priority: 1
|
|
lockouttime: 300
|
|
minlength: 8
|
|
minclasses: 5
|
|
maxfail: 3
|
|
failinterval: 5
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure maxlife of 49 for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
maxlife: 49
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure maxlife of 49 for global_policy again
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
maxlife: 49
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure absence of pwpoliciy global_policy will fail
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
state: absent
|
|
register: result
|
|
ignore_errors: True
|
|
failed_when: (result is defined and result) or result.failed
|
|
|
|
- name: Ensure absence of pwpolicies for group ops
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: ops
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure maxlife of 90 for global_policy
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
maxlife: 90
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure absence of pwpolicies for group ops
|
|
ipapwpolicy:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: ops
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed or result.failed
|