mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-26 21:33:05 +00:00
e30bcfd876
The parameters user_auth_type, pac_type and configstring are allowing to use "" to reset to the default value or for configstring to set an empty list. The new check in params_get is not allowing to use empty strings in lists, therefore allow_empty_string=True had to be added to the call. A test has been added to verify that the empty strings are supported and working. Additionally empty pac_type, user_auth_type and domain_resolution_order have been added to exit_args as if they have not been set.
144 lines
4.4 KiB
YAML
144 lines
4.4 KiB
YAML
---
|
|
- name: Test config
|
|
hosts: "{{ ipa_test_host | default('ipaserver') }}"
|
|
become: yes
|
|
gather_facts: no
|
|
|
|
tasks:
|
|
|
|
# GET CURRENT CONFIG
|
|
|
|
- name: Return current values of the global configuration options
|
|
ipaconfig:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
register: previousconfig
|
|
|
|
- name: Ensure config with empty pac_type, user_auth_type and configstring
|
|
ipaconfig:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
pac_type: ""
|
|
user_auth_type: ""
|
|
configstring: ""
|
|
|
|
# TESTS
|
|
|
|
- name: Ensure config with pac_type "nfs:NONE" and PAD
|
|
ipaconfig:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
pac_type:
|
|
- "nfs:NONE"
|
|
- PAD
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure config with pac_type "nfs:NONE" and PAD, again
|
|
ipaconfig:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
pac_type:
|
|
- "nfs:NONE"
|
|
- PAD
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure config with empty pac_type
|
|
ipaconfig:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
pac_type: ""
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure config with empty pac_type, again
|
|
ipaconfig:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
pac_type: ""
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure config with user_auth_type otp and radius
|
|
ipaconfig:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
user_auth_type:
|
|
- otp
|
|
- radius
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure config with user_auth_type otp and radius, again
|
|
ipaconfig:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
user_auth_type:
|
|
- otp
|
|
- radius
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure config with empty user_auth_type
|
|
ipaconfig:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
user_auth_type: ""
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure config with empty user_auth_type, again
|
|
ipaconfig:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
user_auth_type: ""
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure config with configstring AllowNThash and "KDC:Disable Lockout"
|
|
ipaconfig:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
configstring:
|
|
- AllowNThash
|
|
- "KDC:Disable Lockout"
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure config with configstring AllowNThash and "KDC:Disable Lockout", again
|
|
ipaconfig:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
configstring:
|
|
- AllowNThash
|
|
- "KDC:Disable Lockout"
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
- name: Ensure config with empty configstring
|
|
ipaconfig:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
configstring: ""
|
|
register: result
|
|
failed_when: not result.changed or result.failed
|
|
|
|
- name: Ensure config with empty configstring, again
|
|
ipaconfig:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
configstring: ""
|
|
register: result
|
|
failed_when: result.changed or result.failed
|
|
|
|
# REVERT TO PREVIOUS CONFIG
|
|
|
|
- name: Reset to previous pac_type and user_auth_type
|
|
ipaconfig:
|
|
ipaadmin_password: SomeADMINpassword
|
|
ipaapi_context: "{{ ipa_context | default(omit) }}"
|
|
pac_type: '{{ previousconfig.config.pac_type }}'
|
|
user_auth_type: '{{ previousconfig.config.user_auth_type }}'
|
|
configstring: '{{ previousconfig.config.configstring }}'
|