---
- name: Tests
hosts: ipaserver
become: true
gather_facts: false
tasks:
- name: Ensure hostgroup is present, with a host.
ipahostgroup:
ipaadmin_password: MyPassword123
name: cluster
host:
- "{{ groups.ipaserver[0] }}"
- name: Ensure some sudocmds are available
ipasudocmd:
ipaadmin_password: MyPassword123
name:
- /sbin/ifconfig
- /usr/bin/vim
state: present
- name: Ensure sudocmdgroup is available
ipasudocmdgroup:
ipaadmin_password: MyPassword123
name: test_sudorule
sudocmd: /usr/bin/vim
state: present
- name: Ensure sudorules are absent
ipasudorule:
ipaadmin_password: MyPassword123
name:
- testrule1
- allusers
- allhosts
- allcommands
state: absent
- name: Ensure sudorule is present
ipasudorule:
ipaadmin_password: MyPassword123
name: testrule1
register: result
failed_when: not result.changed
- name: Ensure sudorule is present again
ipasudorule:
ipaadmin_password: MyPassword123
name: testrule1
register: result
failed_when: result.changed
- name: Ensure sudorule is present, runAsUserCategory.
ipasudorule:
ipaadmin_password: MyPassword123
name: testrule1
runAsUserCategory: all
register: result
failed_when: result.changed
- name: Ensure sudorule is present, with usercategory 'all'
ipasudorule:
ipaadmin_password: MyPassword123
name: allusers
usercategory: all
register: result
failed_when: not result.changed
- name: Ensure sudorule is present, with usercategory 'all', again
ipasudorule:
ipaadmin_password: MyPassword123
name: allusers
usercategory: all
register: result
failed_when: result.changed
- name: Ensure sudorule is present, with hostategory 'all'
ipasudorule:
ipaadmin_password: MyPassword123
name: allhosts
hostcategory: all
register: result
failed_when: not result.changed
- name: Ensure sudorule is present, with hostategory 'all', again
ipasudorule:
ipaadmin_password: MyPassword123
name: allhosts
hostcategory: all
register: result
failed_when: result.changed
- name: Ensure sudorule is disabled
ipasudorule:
ipaadmin_password: MyPassword123
name: testrule1
state: disabled
- name: Ensure sudorule is disabled, again
ipasudorule:
ipaadmin_password: MyPassword123
name: testrule1
state: disabled
register: result
failed_when: result.changed
- name: Ensure sudorule is enabled
ipasudorule:
ipaadmin_password: MyPassword123
name: testrule1
state: enabled
register: result
failed_when: not result.changed
- name: Ensure sudorule is enabled, again
ipasudorule:
ipaadmin_password: MyPassword123
name: testrule1
state: enabled
register: result
failed_when: result.changed
- name: Ensure sudorule is present and some sudocmd are allowed.
ipasudorule:
ipaadmin_password: MyPassword123
name: testrule1
allow_sudocmd:
- /sbin/ifconfig
action: member
register: result
failed_when: not result.changed
- name: Ensure sudorule is present and some sudocmd are allowed, again.
ipasudorule:
ipaadmin_password: MyPassword123
name: testrule1
allow_sudocmd:
- /sbin/ifconfig
action: member
register: result
failed_when: result.changed
- name: Ensure sudorule is present and some sudocmd are denyed.
ipasudorule:
ipaadmin_password: MyPassword123
name: testrule1
deny_sudocmd:
- /usr/bin/vim
action: member
register: result
failed_when: not result.changed
- name: Ensure sudorule is present and some sudocmd are denyed, again.
ipasudorule:
ipaadmin_password: MyPassword123
name: testrule1
deny_sudocmd:
- /usr/bin/vim
action: member
register: result
failed_when: result.changed
- name: Ensure sudorule is present and, sudocmds are absent.
ipasudorule:
ipaadmin_password: MyPassword123
name: testrule1
allow_sudocmd: /sbin/ifconfig
deny_sudocmd: /usr/bin/vim
action: member
state: absent
register: result
failed_when: not result.changed
- name: Ensure sudorule is present and, sudocmds are absent, again.
ipasudorule:
ipaadmin_password: MyPassword123
name: testrule1
allow_sudocmd: /sbin/ifconfig
deny_sudocmd: /usr/bin/vim
action: member
state: absent
register: result
failed_when: result.changed
- name: Ensure sudorule is present with cmdcategory 'all'.
ipasudorule:
ipaadmin_password: MyPassword123
name: allcommands
cmdcategory: all
register: result
failed_when: not result.changed
- name: Ensure sudorule is present with cmdcategory 'all', again.
ipasudorule:
ipaadmin_password: MyPassword123
name: allcommands
cmdcategory: all
register: result
failed_when: result.changed
- name: Ensure host "{{ groups.ipaserver[0] }}" is present in sudorule.
ipasudorule:
ipaadmin_password: MyPassword123
name: testrule1
host: "{{ groups.ipaserver[0] }}"
action: member
register: result
failed_when: not result.changed
- name: Ensure host "{{ groups.ipaserver[0] }}" is present in sudorule, again.
ipasudorule:
ipaadmin_password: MyPassword123
name: testrule1
host: "{{ groups.ipaserver[0] }}"
action: member
register: result
failed_when: result.changed
- name: Ensure hostgroup is present in sudorule.
ipasudorule:
ipaadmin_password: MyPassword123
name: testrule1
hostgroup: cluster
action: member
register: result
failed_when: not result.changed
- name: Ensure hostgroup is present in sudorule, again.
ipasudorule:
ipaadmin_password: MyPassword123
name: testrule1
hostgroup: cluster
action: member
register: result
failed_when: result.changed
- name: Ensure sudorule is present, with an allow_sudocmdgroup.
ipasudorule:
ipaadmin_password: MyPassword123
name: testrule1
allow_sudocmdgroup: test_sudorule
state: present
register: result
failed_when: not result.changed
- name: Ensure sudorule is present, with an allow_sudocmdgroup, again.
ipasudorule:
ipaadmin_password: MyPassword123
name: testrule1
allow_sudocmdgroup: test_sudorule
state: present
register: result
failed_when: result.changed
- name: Ensure sudorule is present, but allow_sudocmdgroup is absent.
ipasudorule:
ipaadmin_password: MyPassword123
name: testrule1
allow_sudocmdgroup: test_sudorule
action: member
state: absent
register: result
failed_when: not result.changed
- name: Ensure sudorule is present, but allow_sudocmdgroup is absent.
ipasudorule:
ipaadmin_password: MyPassword123
name: testrule1
allow_sudocmdgroup: test_sudorule
action: member
state: absent
register: result
failed_when: result.changed
- name: Ensure sudorule is present, with an deny_sudocmdgroup.
ipasudorule:
ipaadmin_password: MyPassword123
name: testrule1
deny_sudocmdgroup: test_sudorule
state: present
register: result
failed_when: not result.changed
- name: Ensure sudorule is present, with an deny_sudocmdgroup, again.
ipasudorule:
ipaadmin_password: MyPassword123
name: testrule1
deny_sudocmdgroup: test_sudorule
state: present
register: result
failed_when: result.changed
- name: Ensure sudorule is present, but deny_sudocmdgroup is absent.
ipasudorule:
ipaadmin_password: MyPassword123
name: testrule1
deny_sudocmdgroup: test_sudorule
action: member
state: absent
register: result
failed_when: not result.changed
- name: Ensure sudorule is present, but deny_sudocmdgroup is absent, again.
ipasudorule:
ipaadmin_password: MyPassword123
name: testrule1
deny_sudocmdgroup: test_sudorule
action: member
state: absent
register: result
failed_when: result.changed
- name: Ensure sudorule is absent
ipasudorule:
ipaadmin_password: MyPassword123
name: testrule1
state: absent
register: result
failed_when: not result.changed
- name: Ensure sudorule is absent, again.
ipasudorule:
ipaadmin_password: MyPassword123
name: testrule1
state: absent
register: result
failed_when: result.changed
- name: Ensure sudorule allhosts is absent
ipasudorule:
ipaadmin_password: MyPassword123
name: allhosts
state: absent
register: result
failed_when: not result.changed
- name: Ensure sudorule allhosts is absent, again
ipasudorule:
ipaadmin_password: MyPassword123
name: allhosts
state: absent
register: result
failed_when: result.changed
- name: Ensure sudorule allusers is absent
ipasudorule:
ipaadmin_password: MyPassword123
name: allusers
state: absent
register: result
failed_when: not result.changed
- name: Ensure sudorule allusers is absent, again
ipasudorule:
ipaadmin_password: MyPassword123
name: allusers
state: absent
register: result
failed_when: result.changed
- name: Ensure sudorule allcommands is absent
ipasudorule:
ipaadmin_password: MyPassword123
name: allcommands
state: absent
register: result
failed_when: not result.changed
- name: Ensure sudorule allcommands is absent, again
ipasudorule:
ipaadmin_password: MyPassword123
name: allcommands
state: absent
register: result
failed_when: result.changed
# cleanup
- name : Ensure sudocmdgroup is absent
ipasudocmdgroup:
ipaadmin_password: MyPassword123
name: test_sudorule
state: absent
- name: Ensure hostgroup is absent.
ipahostgroup:
ipaadmin_password: MyPassword123
name: cluster
state: absent
- name: Ensure sudocmds are absent
ipasudocmd:
ipaadmin_password: MyPassword123
name:
- /sbin/ifconfig
- /usr/bin/vim
state: absent