source-git / ansible-freeipa

Clone
Source Code
GIT

Blame tests/hbacrule/test_hbacrule_categories.yml

c8 c8s master
  1.   0f71a7918e74fbb4d6974582b28ed60184cf880a
  2.   tests
  3.   hbacrule
  4.   test_hbacrule_categories.yml
Blob History Raw
Packit Service 0f71a7 
---
Packit Service 0f71a7 
- name: Test HBAC rule user category
Packit Service 0f71a7 
  hosts: ipaserver
Packit Service 0f71a7 
  become: true
Packit Service 0f71a7 
  gather_facts: false
Packit Service 0f71a7
Packit Service 0f71a7 
  tasks:
Packit Service 0f71a7
Packit Service 0f71a7 
  - name: Ensure HBAC rules are absent
Packit Service 0f71a7 
    ipahbacrule:
Packit Service 0f71a7 
      ipaadmin_password: SomeADMINpassword
Packit Service 0f71a7 
      name:
Packit Service 0f71a7 
      - testrule
Packit Service 0f71a7 
      state: absent
Packit Service 0f71a7
Packit Service 0f71a7 
  - name: Ensure HBAC rule is present, with usercategory 'all'
Packit Service 0f71a7 
    ipahbacrule:
Packit Service 0f71a7 
      ipaadmin_password: SomeADMINpassword
Packit Service 0f71a7 
      name: testrule
Packit Service 0f71a7 
      usercategory: all
Packit Service 0f71a7 
    register: result
Packit Service 0f71a7 
    failed_when: not result.changed
Packit Service 0f71a7
Packit Service 0f71a7 
  - name: Ensure HBAC rule is present, with usercategory 'all', again.
Packit Service 0f71a7 
    ipahbacrule:
Packit Service 0f71a7 
      ipaadmin_password: SomeADMINpassword
Packit Service 0f71a7 
      name: testrule
Packit Service 0f71a7 
      usercategory: all
Packit Service 0f71a7 
    register: result
Packit Service 0f71a7 
    failed_when: result.changed
Packit Service 0f71a7
Packit Service 0f71a7 
  - name: Ensure HBAC rule is present, with no usercategory.
Packit Service 0f71a7 
    ipahbacrule:
Packit Service 0f71a7 
      ipaadmin_password: SomeADMINpassword
Packit Service 0f71a7 
      name: testrule
Packit Service 0f71a7 
      usercategory: ""
Packit Service 0f71a7 
    register: result
Packit Service 0f71a7 
    failed_when: not result.changed
Packit Service 0f71a7
Packit Service 0f71a7 
  - name: Ensure HBAC rule is present, with no usercategory, again.
Packit Service 0f71a7 
    ipahbacrule:
Packit Service 0f71a7 
      ipaadmin_password: SomeADMINpassword
Packit Service 0f71a7 
      name: testrule
Packit Service 0f71a7 
      usercategory: ""
Packit Service 0f71a7 
    register: result
Packit Service 0f71a7 
    failed_when: result.changed
Packit Service 0f71a7
Packit Service 0f71a7 
  - name: Ensure HBAC rule is present, with hostcategory 'all'
Packit Service 0f71a7 
    ipahbacrule:
Packit Service 0f71a7 
      ipaadmin_password: SomeADMINpassword
Packit Service 0f71a7 
      name: testrule
Packit Service 0f71a7 
      hostcategory: all
Packit Service 0f71a7 
    register: result
Packit Service 0f71a7 
    failed_when: not result.changed
Packit Service 0f71a7
Packit Service 0f71a7 
  - name: Ensure HBAC rule is present, with hostcategory 'all', again.
Packit Service 0f71a7 
    ipahbacrule:
Packit Service 0f71a7 
      ipaadmin_password: SomeADMINpassword
Packit Service 0f71a7 
      name: testrule
Packit Service 0f71a7 
      hostcategory: all
Packit Service 0f71a7 
    register: result
Packit Service 0f71a7 
    failed_when: result.changed
Packit Service 0f71a7
Packit Service 0f71a7 
  - name: Ensure HBAC rule is present, with no hostcategory.
Packit Service 0f71a7 
    ipahbacrule:
Packit Service 0f71a7 
      ipaadmin_password: SomeADMINpassword
Packit Service 0f71a7 
      name: testrule
Packit Service 0f71a7 
      hostcategory: ""
Packit Service 0f71a7 
    register: result
Packit Service 0f71a7 
    failed_when: not result.changed
Packit Service 0f71a7
Packit Service 0f71a7 
  - name: Ensure HBAC rule is present, with no hostcategory, again.
Packit Service 0f71a7 
    ipahbacrule:
Packit Service 0f71a7 
      ipaadmin_password: SomeADMINpassword
Packit Service 0f71a7 
      name: testrule
Packit Service 0f71a7 
      hostcategory: ""
Packit Service 0f71a7 
    register: result
Packit Service 0f71a7 
    failed_when: result.changed
Packit Service 0f71a7
Packit Service 0f71a7 
  - name: Ensure HBAC rule is present, with servicecategory 'all'
Packit Service 0f71a7 
    ipahbacrule:
Packit Service 0f71a7 
      ipaadmin_password: SomeADMINpassword
Packit Service 0f71a7 
      name: testrule
Packit Service 0f71a7 
      servicecategory: all
Packit Service 0f71a7 
    register: result
Packit Service 0f71a7 
    failed_when: not result.changed
Packit Service 0f71a7
Packit Service 0f71a7 
  - name: Ensure HBAC rule is present, with servicecategory 'all', again.
Packit Service 0f71a7 
    ipahbacrule:
Packit Service 0f71a7 
      ipaadmin_password: SomeADMINpassword
Packit Service 0f71a7 
      name: testrule
Packit Service 0f71a7 
      servicecategory: all
Packit Service 0f71a7 
    register: result
Packit Service 0f71a7 
    failed_when: result.changed
Packit Service 0f71a7
Packit Service 0f71a7 
  - name: Ensure HBAC rule is present, with no servicecategory.
Packit Service 0f71a7 
    ipahbacrule:
Packit Service 0f71a7 
      ipaadmin_password: SomeADMINpassword
Packit Service 0f71a7 
      name: testrule
Packit Service 0f71a7 
      servicecategory: ""
Packit Service 0f71a7 
    register: result
Packit Service 0f71a7 
    failed_when: not result.changed
Packit Service 0f71a7
Packit Service 0f71a7 
  - name: Ensure HBAC rule is present, with no servicecategory, again.
Packit Service 0f71a7 
    ipahbacrule:
Packit Service 0f71a7 
      ipaadmin_password: SomeADMINpassword
Packit Service 0f71a7 
      name: testrule
Packit Service 0f71a7 
      servicecategory: ""
Packit Service 0f71a7 
    register: result
Packit Service 0f71a7 
    failed_when: result.changed
Packit Service 0f71a7
Packit Service 0f71a7 
  - name: Ensure `user` cannot be added if usercategory is `all`.
Packit Service 0f71a7 
    ipahbacrule:
Packit Service 0f71a7 
      ipaadmin_password: SomeADMINpassword
Packit Service 0f71a7 
      name: allusers
Packit Service 0f71a7 
      user: shouldfail01
Packit Service 0f71a7 
      usercategory: "all"
Packit Service 0f71a7 
    register: result
Packit Service 0f71a7 
    failed_when: not result.failed or "Users cannot be added when user category='all'" not in result.msg
Packit Service 0f71a7
Packit Service 0f71a7 
  - name: Ensure `group` cannot be added if usercategory is `all`.
Packit Service 0f71a7 
    ipahbacrule:
Packit Service 0f71a7 
      ipaadmin_password: SomeADMINpassword
Packit Service 0f71a7 
      name: allusers
Packit Service 0f71a7 
      group: shouldfail01
Packit Service 0f71a7 
      usercategory: "all"
Packit Service 0f71a7 
    register: result
Packit Service 0f71a7 
    failed_when: not result.failed or "Users cannot be added when user category='all'" not in result.msg
Packit Service 0f71a7
Packit Service 0f71a7 
  - name: Ensure `host` cannot be added if hostcategory is `all`.
Packit Service 0f71a7 
    ipahbacrule:
Packit Service 0f71a7 
      ipaadmin_password: SomeADMINpassword
Packit Service 0f71a7 
      name: allusers
Packit Service 0f71a7 
      host: host.shouldfail.com
Packit Service 0f71a7 
      hostcategory: "all"
Packit Service 0f71a7 
    register: result
Packit Service 0f71a7 
    failed_when: not result.failed or "Hosts cannot be added when host category='all'" not in result.msg
Packit Service 0f71a7
Packit Service 0f71a7 
  - name: Ensure `hostgroup` cannot be added if hostcategory is `all`.
Packit Service 0f71a7 
    ipahbacrule:
Packit Service 0f71a7 
      ipaadmin_password: SomeADMINpassword
Packit Service 0f71a7 
      name: allusers
Packit Service 0f71a7 
      hostgroup: shouldfail_hostgroup
Packit Service 0f71a7 
      hostcategory: "all"
Packit Service 0f71a7 
    register: result
Packit Service 0f71a7 
    failed_when: not result.failed or "Hosts cannot be added when host category='all'" not in result.msg
Packit Service 0f71a7
Packit Service 0f71a7 
  - name: Ensure `hbacsvc` cannot be added if hbacsvccategory is `all`.
Packit Service 0f71a7 
    ipahbacrule:
Packit Service 0f71a7 
      ipaadmin_password: SomeADMINpassword
Packit Service 0f71a7 
      name: allusers
Packit Service 0f71a7 
      hbacsvc: "HTTP/fail.example.com"
Packit Service 0f71a7 
      servicecategory: "all"
Packit Service 0f71a7 
    register: result
Packit Service 0f71a7 
    failed_when: not result.failed or "Services cannot be added when service category='all'" not in result.msg
Packit Service 0f71a7
Packit Service 0f71a7 
  - name: Ensure `hbacsvcgroup` cannot be added if hbacsvccategory is `all`.
Packit Service 0f71a7 
    ipahbacrule:
Packit Service 0f71a7 
      ipaadmin_password: SomeADMINpassword
Packit Service 0f71a7 
      name: allusers
Packit Service 0f71a7 
      hbacsvcgroup: shouldfail_svcgroup
Packit Service 0f71a7 
      servicecategory: "all"
Packit Service 0f71a7 
    register: result
Packit Service 0f71a7 
    failed_when: not result.failed or "Services cannot be added when service category='all'" not in result.msg
Packit Service 0f71a7
Packit Service 0f71a7 
  - name: Ensure HBAC rules are absent
Packit Service 0f71a7 
    ipahbacrule:
Packit Service 0f71a7 
      ipaadmin_password: SomeADMINpassword
Packit Service 0f71a7 
      name:
Packit Service 0f71a7 
      - testrule
Packit Service 0f71a7 
      state: absent

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation