internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-03-26 21:33:05 +00:00
Code Issues Projects Releases Wiki Activity
Files
d580431832031f061deeedea3a38ac542e3aeb21
ansible-freeipa/tests/sudorule/test_sudorule.yml
Rafael Guterres Jeffman 6c94fe9bd5 tests/sudorule: Don't become or gather_facts and use only true/false 
Unless there's a real need to use privileged access or to gather Ansible
facts upfront, we should always set "become: false" and
"gather_facts: false". In the case that only a few Ansible facts are
required, 'ansible.builtin.setup' with 'gather_subset' should be used.

As the YAML 1.2 standard dictates, boolean values should only use 'true'
or 'false' values.

This patch fixes these issues in the 'sudorule' test suite.
2024-11-18 11:59:51 -03:00

1264 lines
38 KiB
YAML
Raw Blame History

---
- name: Test sudorule
hosts: "{{ ipa_test_host | default('ipaserver') }}"
become: true
gather_facts: false
tasks:
# setup
- name: Ensure DNS Ansible facts are available
ansible.builtin.setup:
gather_subset: dns
- name: Ensure test user is present
ipauser:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: user01
first: user
last: zeroone
- name: Ensure group01 is present, with user01 on it.
ipagroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: group01
user: user01
- name: Ensure group02 is present
ipagroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: group02
- name: Ensure sudocmdgroup is absent
ipasudocmdgroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: test_sudorule
state: absent
- name: Ensure hostgroup is present, with a host.
ipahostgroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: cluster
host: "{{ ansible_facts['fqdn'] }}"
- name: Ensure some sudocmds are available
ipasudocmd:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- /sbin/ifconfig
- /usr/bin/vim
- /usr/bin/emacs
state: present
- name: Ensure sudocmdgroup is available
ipasudocmdgroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: test_sudorule
sudocmd: /usr/bin/vim
state: present
- name: Ensure sudocmdgroup is available
ipasudocmdgroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: test_sudorule2
sudocmd: /usr/bin/emacs
state: present
- name: Ensure sudorules are absent
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- test_upstream_issue_664
- testrule_hostmask
- testrule1
- allusers
- allhosts
- allcommands
state: absent
# tests
- name: Ensure sudorule is present
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present again
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
register: result
failed_when: result.changed or result.failed
- name: Ensure user01 is on the list of users sudorule execute as.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
runasuser:
- user01
action: member
register: result
failed_when: not result.changed or result.failed
- name: Ensure user01 is on the list of users sudorule execute as, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
runasuser:
- user01
action: member
register: result
failed_when: result.changed or result.failed
- name: Ensure user01 is not on the list of users sudorule execute as.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
runasuser:
- user01
action: member
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure user01 is not on the list of users sudorule execute as, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
runasuser:
- user01
action: member
state: absent
register: result
failed_when: result.changed or result.failed
- name: Ensure group01 is on the list of users sudorule execute as.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
runasuser_group:
- group01
action: member
register: result
failed_when: not result.changed or result.failed
- name: Ensure group01 is on the list of users sudorule execute as, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
runasuser_group:
- group01
action: member
register: result
failed_when: result.changed or result.failed
- name: Ensure group01 and group2 are on the list of users sudorule execute as.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
runasuser_group:
- group01
- group02
action: member
register: result
failed_when: not result.changed or result.failed
- name: Ensure group01 and group2 are on the list of users sudorule execute as, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
runasuser_group:
- group01
- group02
action: member
register: result
failed_when: result.changed or result.failed
- name: Check if group02 is on the list of users sudorule execute as.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
runasuser_group:
- group02
action: member
register: result
check_mode: true
failed_when: result.changed or result.failed
- name: Ensure group01 is not on the list of users sudorule execute as.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
runasuser_group:
- group01
action: member
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure group01 is not on the list of users sudorule execute as, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
runasuser_group:
- group01
action: member
state: absent
register: result
failed_when: result.changed or result.failed
- name: Check if group02 is on the list of users sudorule execute as.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
runasuser_group:
- group02
action: member
register: result
check_mode: true
failed_when: result.changed or result.failed
- name: Ensure group01 is on the list of group sudorule execute as.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
runasgroup:
- group01
action: member
register: result
failed_when: not result.changed or result.failed
- name: Ensure group01 is on the list of group sudorule execute as, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
runasgroup:
- group01
action: member
register: result
failed_when: result.changed or result.failed
- name: Ensure group01 is not on the list of group sudorule execute as.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
runasgroup:
- group01
action: member
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure group01 is not on the list of groups sudorule execute as, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
runasgroup:
- group01
action: member
state: absent
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule is present, with usercategory 'all'
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: allusers
usercategory: all
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present, with usercategory 'all', again
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: allusers
usercategory: all
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule is with usercategory 'all' is absent
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: allusers
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present, with runasusercategory 'all'.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: allusers
runasusercategory: all
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present, with runasusercategory 'all', again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: allusers
runasusercategory: all
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule is with runasusercategory 'all' is absent
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: allusers
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present, with runasgroupcategory 'all'.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: allusers
runasgroupcategory: all
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present, with runasgroupcategory 'all', again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: allusers
runasgroupcategory: all
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule is with runasgroupcategory 'all' is absent
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: allusers
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present, with usercategory 'all'.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: allusers
usercategory: all
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present, with usercategory 'all', again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: allusers
usercategory: all
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule is present, with hostategory 'all'
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: allhosts
hostcategory: all
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present, with hostategory 'all', again
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: allhosts
hostcategory: all
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule is disabled
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
state: disabled
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is disabled, again
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
state: disabled
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule is enabled
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
state: enabled
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is enabled, again
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
state: enabled
register: result
failed_when: result.changed or result.failed
- name: Ensure user is present in sudorule.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
user: user01
action: member
register: result
failed_when: not result.changed or result.failed
- name: Ensure user is present in sudorule, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
user: user01
action: member
register: result
failed_when: result.changed or result.failed
- name: Ensure user is absent from sudorule.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
user: user01
action: member
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure user is absent from sudorule, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
user: user01
action: member
state: absent
register: result
failed_when: result.changed or result.failed
- name: Ensure group is present in sudorule.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
group: group01
action: member
register: result
failed_when: not result.changed or result.failed
- name: Ensure group is present in sudorule, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
group: group01
action: member
register: result
failed_when: result.changed or result.failed
- name: Ensure group is absent from sudorule.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
group: group01
action: member
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure group is absent from sudorule, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
group: group01
action: member
state: absent
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule has a sudooption.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
sudooption: '!authenticate'
action: member
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule has a sudooption, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
sudooption: '!authenticate'
action: member
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule has an order.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
order: 1
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule has an order, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
order: 1
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule has another order.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
order: 10
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present and some sudocmd are allowed.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
allow_sudocmd:
- /sbin/ifconfig
action: member
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present and some sudocmd are allowed, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
allow_sudocmd:
- /sbin/ifconfig
action: member
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule is present and some sudocmd are denyed.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
deny_sudocmd:
- /usr/bin/vim
action: member
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present and some sudocmd are denyed, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
deny_sudocmd:
- /usr/bin/vim
action: member
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule is present and, sudocmds are absent.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
allow_sudocmd: /sbin/ifconfig
deny_sudocmd: /usr/bin/vim
action: member
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present and, sudocmds are absent, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
allow_sudocmd: /sbin/ifconfig
deny_sudocmd: /usr/bin/vim
action: member
state: absent
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule is present with cmdcategory 'all'.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: allcommands
cmdcategory: all
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present with cmdcategory 'all', again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: allcommands
cmdcategory: all
register: result
failed_when: result.changed or result.failed
- name: Ensure host "{{ ansible_facts['fqdn'] }}" is present in sudorule.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
host: "{{ ansible_facts['fqdn'] }}"
action: member
register: result
failed_when: not result.changed or result.failed
- name: Ensure host "{{ ansible_facts['fqdn'] }}" is present in sudorule, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
host: "{{ ansible_facts['fqdn'] }}"
action: member
register: result
failed_when: result.changed or result.failed
- name: Ensure hostgroup is present in sudorule.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
hostgroup: cluster
action: member
register: result
failed_when: not result.changed or result.failed
- name: Ensure hostgroup is present in sudorule, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
hostgroup: cluster
action: member
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule is present, with an allow_sudocmdgroup.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
allow_sudocmdgroup: test_sudorule
action: member
state: present
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present, with an allow_sudocmdgroup, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
allow_sudocmdgroup: test_sudorule
action: member
state: present
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule is present, but allow_sudocmdgroup is absent.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
allow_sudocmdgroup: test_sudorule
action: member
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present, but allow_sudocmdgroup is absent.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
allow_sudocmdgroup: test_sudorule
action: member
state: absent
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule is present, with an deny_sudocmdgroup.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
deny_sudocmdgroup: test_sudorule
action: member
state: present
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present, with an deny_sudocmdgroup, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
deny_sudocmdgroup: test_sudorule
action: member
state: present
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule is present, but deny_sudocmdgroup is absent.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
deny_sudocmdgroup: test_sudorule
action: member
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present, but deny_sudocmdgroup is absent, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
deny_sudocmdgroup: test_sudorule
action: member
state: absent
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule is present, with `test_sudorule` sudocmdgroup in allow_sudocmdgroup.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
allow_sudocmdgroup: test_sudorule
state: present
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present, with `test_sudorule2` sudocmdgroup in allow_sudocmdgroup.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
allow_sudocmdgroup: test_sudorule2
state: present
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present, with both sudocmdgroup in allow_sudocmdgroup.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
allow_sudocmdgroup:
- test_sudorule
- test_sudorule2
state: present
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present, with both sudocmdgroup, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
allow_sudocmdgroup:
- test_sudorule
- test_sudorule2
state: present
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule is present, with only `test_sudorule` sudocmdgroup in allow_sudocmdgroup.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
allow_sudocmdgroup: test_sudorule
state: present
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present, with `test_sudorule` sudocmdgroup in deny_sudocmdgroup.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
deny_sudocmdgroup: test_sudorule
state: present
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present, with `test_sudorule2` sudocmdgroup in deny_sudocmdgroup.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
deny_sudocmdgroup: test_sudorule2
state: present
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present, with both sudocmdgroup in deny_sudocmdgroup.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
deny_sudocmdgroup:
- test_sudorule
- test_sudorule2
state: present
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present, with both sudocmdgroup, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
deny_sudocmdgroup:
- test_sudorule
- test_sudorule2
state: present
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule is present, with only `test_sudorule` sudocmdgroup in deny_sudocmdgroup.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
deny_sudocmdgroup: test_sudorule
state: present
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is absent
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is absent, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule1
state: absent
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule allhosts is absent
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: allhosts
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule allhosts is absent, again
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: allhosts
state: absent
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule allusers is absent
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: allusers
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule allusers is absent, again
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: allusers
state: absent
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule allcommands is absent
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: allcommands
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule allcommands is absent, again
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: allcommands
state: absent
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule with external user in 'runasuser' is present
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: test_upstream_issue_664
runasuser:
- apache
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule with external user in 'runasuser' is present, again
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: test_upstream_issue_664
runasuser:
- apache
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule member external user in 'runasuser' is absent
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: test_upstream_issue_664
runasuser:
- apache
action: member
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule member external user in 'runasuser' is absent, again
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: test_upstream_issue_664
runasuser:
- apache
action: member
state: absent
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule member external user in 'runasuser' is present
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: test_upstream_issue_664
runasuser:
- apache
action: member
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule member external user in 'runasuser' is present, again
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: test_upstream_issue_664
runasuser:
- apache
action: member
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule with external group in 'runasgroup' is present
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: test_upstream_issue_664
runasgroup:
- wheel
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule with external group in 'runasgroup' user is present, again
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: test_upstream_issue_664
runasgroup:
- wheel
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule member external group in 'runasgroup' is absent
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: test_upstream_issue_664
runasgroup:
- wheel
action: member
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule member external group in 'runasgroup' is absent, again
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: test_upstream_issue_664
runasgroup:
- wheel
action: member
state: absent
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule member external group in 'runasgroup' is present
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: test_upstream_issue_664
runasgroup:
- wheel
action: member
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule member external group in 'runasgroup' is present, again
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: test_upstream_issue_664
runasgroup:
- wheel
action: member
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule 'test_upstream_issue_664' is absent
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: test_upstream_issue_664
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present with hostmask
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: testrule_hostmask
hostmask:
- 192.168.122.1/24
- 192.168.120.1/24
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present with hostmask, again
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: testrule_hostmask
hostmask:
- 192.168.122.1/24
- 192.168.120.1/24
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule hostmask member is absent
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: testrule_hostmask
hostmask: 192.168.122.0/24
action: member
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule hostmask member is absent, again
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: testrule_hostmask
hostmask: 192.168.122.0/24
action: member
state: absent
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule is present with another hostmask
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: testrule_hostmask
hostmask: 192.168.122.0/24
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule is present with another hostmask, again
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule_hostmask
hostmask: 192.168.122.0/24
register: result
failed_when: result.changed
- name: Check sudorule with hostmask is absent
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule_hostmask
hostmask: 192.168.120.0/24
action: member
register: result
check_mode: true
failed_when: not result.changed or result.failed
- name: Ensure sudorule hostmask member is present
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule_hostmask
hostmask: 192.168.120.0/24
action: member
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule hostmask member is present, again
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule_hostmask
hostmask: 192.168.120.0/24
action: member
register: result
failed_when: result.changed or result.failed
- name: Ensure sudorule hostmask member is absent
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule_hostmask
hostmask: 192.168.120.0/24
action: member
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure sudorule hostmask member is absent, again
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: testrule_hostmask
hostmask: 192.168.120.0/24
action: member
state: absent
register: result
failed_when: result.changed or result.failed
# cleanup
- name: Ensure sudocmdgroup is absent
ipasudocmdgroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- test_sudorule
- test_sudorule2
- testrule_hostmask
state: absent
- name: Ensure sudocmds are absent
ipasudocmd:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- /sbin/ifconfig
- /usr/bin/vim
- /usr/bin/emacs
state: absent
- name: Ensure sudorules are absent
ipasudorule:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- test_upstream_issue_664
- testrule1
- allusers
- allhosts
- allcommands
state: absent
- name: Ensure hostgroup is absent.
ipahostgroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: cluster
state: absent
- name: Ensure groups are absent
ipagroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- group01
- group02
state: absent
- name: Ensure user is absent
ipauser:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: user01
state: absent
Reference in New Issue View Git Blame Copy Permalink