|
Packit Service |
0f71a7 |
---
|
|
Packit Service |
0f71a7 |
- name: Test HBAC rule user category
|
|
Packit Service |
0f71a7 |
hosts: ipaserver
|
|
Packit Service |
0f71a7 |
become: true
|
|
Packit Service |
0f71a7 |
gather_facts: false
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
tasks:
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure HBAC rules are absent
|
|
Packit Service |
0f71a7 |
ipahbacrule:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name:
|
|
Packit Service |
0f71a7 |
- testrule
|
|
Packit Service |
0f71a7 |
state: absent
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure HBAC rule is present, with usercategory 'all'
|
|
Packit Service |
0f71a7 |
ipahbacrule:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: testrule
|
|
Packit Service |
0f71a7 |
usercategory: all
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure HBAC rule is present, with usercategory 'all', again.
|
|
Packit Service |
0f71a7 |
ipahbacrule:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: testrule
|
|
Packit Service |
0f71a7 |
usercategory: all
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure HBAC rule is present, with no usercategory.
|
|
Packit Service |
0f71a7 |
ipahbacrule:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: testrule
|
|
Packit Service |
0f71a7 |
usercategory: ""
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure HBAC rule is present, with no usercategory, again.
|
|
Packit Service |
0f71a7 |
ipahbacrule:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: testrule
|
|
Packit Service |
0f71a7 |
usercategory: ""
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure HBAC rule is present, with hostcategory 'all'
|
|
Packit Service |
0f71a7 |
ipahbacrule:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: testrule
|
|
Packit Service |
0f71a7 |
hostcategory: all
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure HBAC rule is present, with hostcategory 'all', again.
|
|
Packit Service |
0f71a7 |
ipahbacrule:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: testrule
|
|
Packit Service |
0f71a7 |
hostcategory: all
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure HBAC rule is present, with no hostcategory.
|
|
Packit Service |
0f71a7 |
ipahbacrule:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: testrule
|
|
Packit Service |
0f71a7 |
hostcategory: ""
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure HBAC rule is present, with no hostcategory, again.
|
|
Packit Service |
0f71a7 |
ipahbacrule:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: testrule
|
|
Packit Service |
0f71a7 |
hostcategory: ""
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure HBAC rule is present, with servicecategory 'all'
|
|
Packit Service |
0f71a7 |
ipahbacrule:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: testrule
|
|
Packit Service |
0f71a7 |
servicecategory: all
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure HBAC rule is present, with servicecategory 'all', again.
|
|
Packit Service |
0f71a7 |
ipahbacrule:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: testrule
|
|
Packit Service |
0f71a7 |
servicecategory: all
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure HBAC rule is present, with no servicecategory.
|
|
Packit Service |
0f71a7 |
ipahbacrule:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: testrule
|
|
Packit Service |
0f71a7 |
servicecategory: ""
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure HBAC rule is present, with no servicecategory, again.
|
|
Packit Service |
0f71a7 |
ipahbacrule:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: testrule
|
|
Packit Service |
0f71a7 |
servicecategory: ""
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: result.changed
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure `user` cannot be added if usercategory is `all`.
|
|
Packit Service |
0f71a7 |
ipahbacrule:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: allusers
|
|
Packit Service |
0f71a7 |
user: shouldfail01
|
|
Packit Service |
0f71a7 |
usercategory: "all"
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.failed or "Users cannot be added when user category='all'" not in result.msg
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure `group` cannot be added if usercategory is `all`.
|
|
Packit Service |
0f71a7 |
ipahbacrule:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: allusers
|
|
Packit Service |
0f71a7 |
group: shouldfail01
|
|
Packit Service |
0f71a7 |
usercategory: "all"
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.failed or "Users cannot be added when user category='all'" not in result.msg
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure `host` cannot be added if hostcategory is `all`.
|
|
Packit Service |
0f71a7 |
ipahbacrule:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: allusers
|
|
Packit Service |
0f71a7 |
host: host.shouldfail.com
|
|
Packit Service |
0f71a7 |
hostcategory: "all"
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.failed or "Hosts cannot be added when host category='all'" not in result.msg
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure `hostgroup` cannot be added if hostcategory is `all`.
|
|
Packit Service |
0f71a7 |
ipahbacrule:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: allusers
|
|
Packit Service |
0f71a7 |
hostgroup: shouldfail_hostgroup
|
|
Packit Service |
0f71a7 |
hostcategory: "all"
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.failed or "Hosts cannot be added when host category='all'" not in result.msg
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure `hbacsvc` cannot be added if hbacsvccategory is `all`.
|
|
Packit Service |
0f71a7 |
ipahbacrule:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: allusers
|
|
Packit Service |
0f71a7 |
hbacsvc: "HTTP/fail.example.com"
|
|
Packit Service |
0f71a7 |
servicecategory: "all"
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.failed or "Services cannot be added when service category='all'" not in result.msg
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure `hbacsvcgroup` cannot be added if hbacsvccategory is `all`.
|
|
Packit Service |
0f71a7 |
ipahbacrule:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name: allusers
|
|
Packit Service |
0f71a7 |
hbacsvcgroup: shouldfail_svcgroup
|
|
Packit Service |
0f71a7 |
servicecategory: "all"
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
failed_when: not result.failed or "Services cannot be added when service category='all'" not in result.msg
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: Ensure HBAC rules are absent
|
|
Packit Service |
0f71a7 |
ipahbacrule:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0f71a7 |
name:
|
|
Packit Service |
0f71a7 |
- testrule
|
|
Packit Service |
0f71a7 |
state: absent
|