---
- name: Tests
hosts: ipaserver
become: true
gather_facts: false
tasks:
- name: Ensure HBAC Rule allhosts is absent
ipahbacrule:
ipaadmin_password: MyPassword123
name: allhosts,sshd-pinky,loginRule
state: absent
- name: User pinky absent
ipauser:
ipaadmin_password: MyPassword123
name: pinky
state: absent
- name: User group login absent
ipagroup:
ipaadmin_password: MyPassword123
name: login
state: absent
- name: User pinky present
ipauser:
ipaadmin_password: MyPassword123
name: pinky
uid: 10001
gid: 100
phone: "+555123457"
email: pinky@acme.com
principalexpiration: "20220119235959"
#passwordexpiration: "2022-01-19 23:59:59"
first: pinky
last: Acme
register: result
failed_when: not result.changed
- name: User group login present
ipagroup:
ipaadmin_password: MyPassword123
name: login
register: result
failed_when: not result.changed
- name: Ensure HBAC Rule allhosts is present
ipahbacrule:
ipaadmin_password: MyPassword123
name: allhosts
usercategory: all
register: result
failed_when: not result.changed
- name: Ensure HBAC Rule allhosts is present again
ipahbacrule:
ipaadmin_password: MyPassword123
name: allhosts
usercategory: all
register: result
failed_when: result.changed
- name: Ensure host "{{ groups.ipaserver[0] }}" is present in HBAC Rule allhosts
ipahbacrule:
ipaadmin_password: MyPassword123
name: allhosts
host: "{{ groups.ipaserver[0] }}"
action: member
register: result
failed_when: not result.changed
- name: Ensure host "{{ groups.ipaserver[0] }}" is present in HBAC Rule allhosts again
ipahbacrule:
ipaadmin_password: MyPassword123
name: allhosts
host: "{{ groups.ipaserver[0] }}"
action: member
register: result
failed_when: result.changed
- name: Ensure HBAC Rule sshd-pinky is present
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
hostcategory: all
register: result
failed_when: not result.changed
- name: Ensure HBAC Rule sshd-pinky is present again
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
hostcategory: all
register: result
failed_when: result.changed
- name: Ensure user pinky is present in HBAC Rule sshd-pinky
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
user: pinky
action: member
register: result
failed_when: not result.changed
- name: Ensure user pinky is present in HBAC Rule sshd-pinky again
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
user: pinky
action: member
register: result
failed_when: result.changed
- name: Ensure HBAC service sshd is present in HBAC Rule sshd-pinky
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
hbacsvc: sshd
action: member
register: result
failed_when: not result.changed
- name: Ensure HBAC service sshd is present in HBAC Rule sshd-pinky again
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
hbacsvc: sshd
action: member
register: result
failed_when: result.changed
- name: Ensure HBAC Rule loginRule is present with HBAC service sshd
ipahbacrule:
ipaadmin_password: MyPassword123
name: loginRule
group: login
register: result
failed_when: not result.changed
- name: Ensure HBAC Rule loginRule is present with HBAC service sshd again
ipahbacrule:
ipaadmin_password: MyPassword123
name: loginRule
group: login
register: result
failed_when: result.changed
- name: Ensure user pinky is present in HBAC Rule loginRule
ipahbacrule:
ipaadmin_password: MyPassword123
name: loginRule
user: pinky
action: member
register: result
failed_when: not result.changed
- name: Ensure user pinky is present in HBAC Rule loginRule again
ipahbacrule:
ipaadmin_password: MyPassword123
name: loginRule
user: pinky
action: member
register: result
failed_when: result.changed
- name: Ensure user pinky is absent in HBAC Rule loginRule
ipahbacrule:
ipaadmin_password: MyPassword123
name: loginRule
user: pinky
action: member
state: absent
register: result
failed_when: not result.changed
- name: Ensure user pinky is absent in HBAC Rule loginRule again
ipahbacrule:
ipaadmin_password: MyPassword123
name: loginRule
user: pinky
action: member
state: absent
register: result
failed_when: result.changed
- name: Ensure HBAC Rule loginRule is absent
ipahbacrule:
ipaadmin_password: MyPassword123
name: loginRule
state: absent
register: result
failed_when: not result.changed
- name: Ensure HBAC Rule loginRule is absent again
ipahbacrule:
ipaadmin_password: MyPassword123
name: loginRule
state: absent
register: result
failed_when: result.changed
- name: Ensure HBAC service sshd is absent in HBAC Rule sshd-pinky
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
hbacsvc: sshd
action: member
state: absent
register: result
failed_when: not result.changed
- name: Ensure HBAC service sshd is absent in HBAC Rule sshd-pinky again
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
hbacsvc: sshd
action: member
state: absent
register: result
failed_when: result.changed
- name: Ensure user pinky is absent in HBAC Rule sshd-pinky
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
user: pinky
action: member
state: absent
register: result
failed_when: not result.changed
- name: Ensure user pinky is absent in HBAC Rule sshd-pinky again
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
user: pinky
action: member
state: absent
register: result
failed_when: result.changed
- name: Ensure HBAC Rule sshd-pinky is disabled
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
state: disabled
register: result
failed_when: not result.changed
- name: Ensure HBAC Rule sshd-pinky is disabled again
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
state: disabled
register: result
failed_when: result.changed
- name: Ensure HBAC Rule sshd-pinky is enabled
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
state: enabled
register: result
failed_when: not result.changed
- name: Ensure HBAC Rule sshd-pinky is enabled again
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
state: enabled
register: result
failed_when: result.changed
- name: Ensure HBAC Rule sshd-pinky is absent
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
state: absent
register: result
failed_when: not result.changed
- name: Ensure HBAC Rule sshd-pinky is absent again
ipahbacrule:
ipaadmin_password: MyPassword123
name: sshd-pinky
state: absent
register: result
failed_when: result.changed
- name: Ensure host "{{ groups.ipaserver[0] }}" is absent in HBAC Rule allhosts
ipahbacrule:
ipaadmin_password: MyPassword123
name: allhosts
host: "{{ groups.ipaserver[0] }}"
action: member
state: absent
register: result
failed_when: not result.changed
- name: Ensure host "{{ groups.ipaserver[0] }}" is absent in HBAC Rule allhosts again
ipahbacrule:
ipaadmin_password: MyPassword123
name: allhosts
host: "{{ groups.ipaserver[0] }}"
action: member
state: absent
register: result
failed_when: result.changed
- name: Ensure HBAC Rule allhosts is absent
ipahbacrule:
ipaadmin_password: MyPassword123
name: allhosts
state: absent
register: result
failed_when: not result.changed
- name: Ensure HBAC Rule allhosts is absent again
ipahbacrule:
ipaadmin_password: MyPassword123
name: allhosts
state: absent
register: result
failed_when: result.changed
- name: User pinky absent
ipauser:
ipaadmin_password: MyPassword123
name: pinky
state: absent
- name: User group login absent
ipagroup:
ipaadmin_password: MyPassword123
name: login
state: absent