internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-06-10 10:45:55 +00:00
Code Issues Projects Releases Wiki Activity
Files
ff084fbd96b443f175a0d99b6e5621da9b404cdb
ansible-freeipa/tests/config/test_config_sid.yml
Thomas Woerner 049024bbb2 tests/config/test_config_sid: Mark tasks as noqa 503 
The latest ansible-lint failes for the tasks that are using
"when: sid_disabled.changed" with the error
"Tasks that run when changed should likely be handlers.". As
these tasks are tests and it would not make sense to use handlers here,
the tasks have been marked as noqa 503.
2023-03-27 12:29:30 +02:00

129 lines
4.4 KiB
YAML
Raw Blame History

---
- name: Test config
hosts: "{{ ipa_test_host | default('ipaserver') }}"
become: no
gather_facts: no
tasks:
- name: Set FreeIPA facts.
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
# GET CURRENT CONFIG
- name: Return current values of the global configuration options
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
register: previous
# TESTS
- name: Test config sid
# only run tests if version supports enable-sid
when: ipa_version is version("4.9.8", ">=")
block:
- name: Check if SID is enabled.
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
enable_sid: yes
check_mode: yes
register: sid_disabled
- name: Ensure netbios_name can't be changed without SID enabled. # noqa 503
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
netbios_name: IPATESTPLAY
register: result
failed_when: not result.failed and "SID generation must be enabled" in result.msg
when: sid_disabled.changed
- name: Ensure SIDs can't be changed without SID enabled. # noqa 503
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
add_sids: yes
register: result
failed_when: not result.failed and "SID generation must be enabled" in result.msg
when: sid_disabled.changed
- name: Ensure SID is enabled.
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
enable_sid: yes
register: result
failed_when: result.failed or previous.config.enable_sid == result.changed
- name: Ensure SID is enabled, again.
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
enable_sid: yes
register: result
failed_when: result.failed or result.changed
- name: Try to Ensure SID is disabled.
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
enable_sid: no
register: result
failed_when: not result.failed or "SID cannot be disabled." not in result.msg
- name: Ensure netbios_name is "IPATESTPLAY"
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
enable_sid: yes
netbios_name: IPATESTPLAY
register: result
failed_when: result.failed or not result.changed
- name: Ensure netbios_name is "IPATESTPLAY", again
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
netbios_name: IPATESTPLAY
register: result
failed_when: result.failed or result.changed
- name: Ensure netbios_name cannot be set with lowercase characters
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
netbios_name: IPATESTplay
register: result
failed_when:
(not result.failed
and "Up to 15 characters and only uppercase ASCII letters, digits and dashes are allowed" not in result.message)
- name: Ensure netbios_name cannot be set different lowercase characters
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
netbios_name: otherPLAY
register: result
failed_when:
(not result.failed
and "Up to 15 characters and only uppercase ASCII letters, digits and dashes are allowed" not in result.message)
# add_sids is not idempotent as it always tries to generate the missing
# SIDs for users and groups.
- name: Add SIDs to users and groups.
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
add_sids: yes
# REVERT TO PREVIOUS CONFIG
always:
# Once SID is enabled, it cannot be reverted.
- name: Revert netbios_name to original configuration
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
netbios_name: "{{ previous.config.netbios_name | default(omit) }}"
enable_sid: yes
Reference in New Issue View Git Blame Copy Permalink