source-git / ansible-freeipa

Clone
Source Code
GIT

Files

  1.   6e1210e335a2c4de6cae4957f53ad4157970dcf0
  2.   tests
  3.   role
  4.   test_role_lists_handling.yml
Blob Blame History Raw 
---
- name: Test service member in role module.
  hosts: ipaserver
  become: yes
  gather_facts: yes

  tasks:
  - name: Set environment facts.
    import_tasks: env_facts.yml

  - name: Setup environment.
    import_tasks: env_setup.yml

  - name: Add role.
    iparole:
      ipaadmin_password: SomeADMINpassword
      name: testrole
      user: user01
      group: group01
      hostgroup: hostgroup01
      host: "{{ host1_fqdn }}"
      service: "service01/{{ host1_fqdn }}"
      privilege:
        - Automember Readers
        - ADTrust Agents
    register: result
    failed_when: result.failed or not result.changed

  # Test fix for https://github.com/freeipa/ansible-freeipa/issues/409
  - name: Add new privileges to role.
    iparole:
      ipaadmin_password: SomeADMINpassword
      name: testrole
      privilege:
        - DNS Servers
        - Host Administrators
        - DNS Administrators
        - Group Administrators
      action: member
    register: result
    failed_when: result.failed or not result.changed

  - name: Verify role privileges.
    shell:
      cmd: |
        echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin
        KRB5CCNAME={{ KRB5CCNAME }} ipa role-show testrole
        kdestroy -A -q -c {{ KRB5CCNAME }}
    register: result
    failed_when: |
      result.failed or not (
        "Automember Readers" in result.stdout
        and "ADTrust Agents" in result.stdout
        and "DNS Servers" in result.stdout
        and "Host Administrators" in result.stdout
        and "DNS Administrators" in result.stdout
        and "Group Administrators" in result.stdout
      )
    vars:
      KRB5CCNAME: verify_issue_409
  # End of test fix for https://github.com/freeipa/ansible-freeipa/issues/409

  # Test fix for https://github.com/freeipa/ansible-freeipa/issues/412
  - name: Add new user to role.
    iparole:
      ipaadmin_password: SomeADMINpassword
      name: testrole
      user: user02
      action: member
    register: result
    failed_when: result.failed or not result.changed

  - name: Verify role users.
    shell:
      cmd: |
        echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin
        KRB5CCNAME={{ KRB5CCNAME }} ipa role-show testrole
        kdestroy -A -q -c {{ KRB5CCNAME }}
    register: result
    failed_when: |
      result.failed or not (
        "user01" in result.stdout
        and "user02" in result.stdout
      )
    vars:
      KRB5CCNAME: verify_issue_412

  - name: Add new group to role.
    iparole:
      ipaadmin_password: SomeADMINpassword
      name: testrole
      group: group02
      action: member
    register: result
    failed_when: result.failed or not result.changed

  - name: Verify role group.
    shell:
      cmd: |
        echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin
        KRB5CCNAME={{ KRB5CCNAME }} ipa role-show testrole
        kdestroy -A -q -c {{ KRB5CCNAME }}
    register: result
    failed_when: |
      result.failed or not (
        "group01" in result.stdout
        and "group02" in result.stdout
      )
    vars:
      KRB5CCNAME: verify_issue_412

  - name: Add new host to role.
    iparole:
      ipaadmin_password: SomeADMINpassword
      name: testrole
      host: "{{ host2_fqdn }}"
      action: member
    register: result
    failed_when: result.failed or not result.changed

  - name: Verify role hosts.
    shell:
      cmd: |
        echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin
        KRB5CCNAME={{ KRB5CCNAME }} ipa role-show testrole
        kdestroy -A -q -c {{ KRB5CCNAME }}
    register: result
    failed_when: |
      result.failed or not (
        host1 in result.stdout
        and host2 in result.stdout
      )
    vars:
      KRB5CCNAME: verify_issue_412
      host1: " {{ host1_fqdn }}"
      host2: " {{ host2_fqdn }}"

  - name: Add new hostgroup to role.
    iparole:
      ipaadmin_password: SomeADMINpassword
      name: testrole
      hostgroup: hostgroup02
      action: member
    register: result
    failed_when: result.failed or not result.changed

  - name: Verify role hostgroups.
    shell:
      cmd: |
        echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin
        KRB5CCNAME={{ KRB5CCNAME }} ipa role-show testrole
        kdestroy -A -q -c {{ KRB5CCNAME }}
    register: result
    failed_when: |
      result.failed or not (
        " hostgroup01" in result.stdout
        and " hostgroup02" in result.stdout
      )
    vars:
      KRB5CCNAME: verify_issue_412

  - name: Add new service to role.
    iparole:
      ipaadmin_password: SomeADMINpassword
      name: testrole
      service: "service02/{{ host2_fqdn }}"
      action: member
    register: result
    failed_when: result.failed or not result.changed

  - name: Verify role services.
    shell:
      cmd: |
        echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin
        KRB5CCNAME={{ KRB5CCNAME }} ipa role-show testrole
        kdestroy -A -q -c {{ KRB5CCNAME }}
    register: result
    failed_when: |
      result.failed or not (
        service1 in result.stdout
        and service1 in result.stdout
      )
    vars:
      KRB5CCNAME: verify_issue_412
      service1: "service01/{{ host1_fqdn }}"
      service2: "service02/{{ host2_fqdn }}"
  # End of test fix for https://github.com/freeipa/ansible-freeipa/issues/412

  # Test fix for https://github.com/freeipa/ansible-freeipa/issues/413
  - name: Add new user to role.
    iparole:
      ipaadmin_password: SomeADMINpassword
      name: testrole
      user: user03
      action: member
    register: result
    failed_when: result.failed or not result.changed

  - name: Verify role services.
    shell:
      cmd: |
        echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin
        KRB5CCNAME={{ KRB5CCNAME }} ipa role-show testrole
        kdestroy -A -q -c {{ KRB5CCNAME }}
    register: result
    failed_when: |
      result.failed or not (
        service1 in result.stdout
        and service1 in result.stdout
        and "user03" in result.stdout
      )
    vars:
      KRB5CCNAME: verify_issue_413
      service1: "service01/{{ host1_fqdn }}"
      service2: "service02/{{ host2_fqdn }}"

  - name: Remove user from role.
    iparole:
      ipaadmin_password: SomeADMINpassword
      name: testrole
      user: user03
      action: member
      state: absent
    register: result
    failed_when: result.failed or not result.changed

  - name: Verify role services.
    shell:
      cmd: |
        echo SomeADMINpassword | kinit -c {{ KRB5CCNAME }} admin
        KRB5CCNAME={{ KRB5CCNAME }} ipa role-show testrole
        kdestroy -A -q -c {{ KRB5CCNAME }}
    register: result
    failed_when: |
      result.failed or not (
        service1 in result.stdout
        and service1 in result.stdout
        and "user03" not in result.stdout
      )
    vars:
      KRB5CCNAME: verify_issue_413
      service1: "service01/{{ host1_fqdn }}"
      service2: "service02/{{ host2_fqdn }}"
  # End of test fix for https://github.com/freeipa/ansible-freeipa/issues/413

  # Test fix for https://github.com/freeipa/ansible-freeipa/issues/411
  - name: Add non-existing user to role.
    iparole:
      ipaadmin_password: SomeADMINpassword
      name: testrole
      user: nonexisiting_user
      action: member
    register: result
    failed_when: not result.failed
  # End of test fix for https://github.com/freeipa/ansible-freeipa/issues/411

  # cleanup
  - name: Cleanup environment.
    include_tasks: env_cleanup.yml

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation