source-git / ansible-freeipa

Clone
Source Code
GIT

Files

  1.   a34fe0c8dea056f16433df6b7c97e2df0cea603f
  2.   tests
  3.   sudorule
  4.   test_sudorule.yml
Blob Blame History Raw 
---

- name: Tests
  hosts: ipaserver
  become: true
  gather_facts: false

  tasks:

  - name: Ensure hostgroup is present, with a host.
    ipahostgroup:
      ipaadmin_password: MyPassword123
      name: cluster
      host:
      - "{{ groups.ipaserver[0] }}"

  - name: Ensure some sudocmds are available
    ipasudocmd:
      ipaadmin_password: MyPassword123
      name:
          - /sbin/ifconfig
          - /usr/bin/vim
      state: present

  - name: Ensure sudocmdgroup is available
    ipasudocmdgroup:
      ipaadmin_password: MyPassword123
      name: test_sudorule
      sudocmd: /usr/bin/vim
      state: present

  - name: Ensure sudorules are absent
    ipasudorule:
      ipaadmin_password: MyPassword123
      name:
      - testrule1
      - allusers
      - allhosts
      - allcommands
      state: absent

  - name: Ensure sudorule is present
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: testrule1
    register: result
    failed_when: not result.changed

  - name: Ensure sudorule is present again
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: testrule1
    register: result
    failed_when: result.changed

  - name: Ensure sudorule is present, runAsUserCategory.
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: testrule1
      runAsUserCategory: all
    register: result
    failed_when: result.changed

  - name: Ensure sudorule is present, with usercategory 'all'
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: allusers
      usercategory: all
    register: result
    failed_when: not result.changed

  - name: Ensure sudorule is present, with usercategory 'all', again
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: allusers
      usercategory: all
    register: result
    failed_when: result.changed

  - name: Ensure sudorule is present, with hostategory 'all'
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: allhosts
      hostcategory: all
    register: result
    failed_when: not result.changed

  - name: Ensure sudorule is present, with hostategory 'all', again
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: allhosts
      hostcategory: all
    register: result
    failed_when: result.changed

  - name: Ensure sudorule is disabled
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: testrule1
      state: disabled

  - name: Ensure sudorule is disabled, again
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: testrule1
      state: disabled
    register: result
    failed_when: result.changed

  - name: Ensure sudorule is enabled
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: testrule1
      state: enabled
    register: result
    failed_when: not result.changed

  - name: Ensure sudorule is enabled, again
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: testrule1
      state: enabled
    register: result
    failed_when: result.changed

  - name: Ensure sudorule is present and some sudocmd are allowed.
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: testrule1
      allow_sudocmd:
      - /sbin/ifconfig
      action: member
    register: result
    failed_when: not result.changed

  - name: Ensure sudorule is present and some sudocmd are allowed, again.
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: testrule1
      allow_sudocmd:
      - /sbin/ifconfig
      action: member
    register: result
    failed_when: result.changed

  - name: Ensure sudorule is present and some sudocmd are denyed.
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: testrule1
      deny_sudocmd:
      - /usr/bin/vim
      action: member
    register: result
    failed_when: not result.changed

  - name: Ensure sudorule is present and some sudocmd are denyed, again.
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: testrule1
      deny_sudocmd:
      - /usr/bin/vim
      action: member
    register: result
    failed_when: result.changed

  - name: Ensure sudorule is present and, sudocmds are absent.
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: testrule1
      allow_sudocmd: /sbin/ifconfig
      deny_sudocmd: /usr/bin/vim
      action: member
      state: absent
    register: result
    failed_when: not result.changed

  - name: Ensure sudorule is present and, sudocmds are absent, again.
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: testrule1
      allow_sudocmd: /sbin/ifconfig
      deny_sudocmd: /usr/bin/vim
      action: member
      state: absent
    register: result
    failed_when: result.changed

  - name: Ensure sudorule is present with cmdcategory 'all'.
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: allcommands
      cmdcategory: all
    register: result
    failed_when: not result.changed

  - name: Ensure sudorule is present with cmdcategory 'all', again.
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: allcommands
      cmdcategory: all
    register: result
    failed_when: result.changed

  - name: Ensure host "{{ groups.ipaserver[0] }}" is present in sudorule.
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: testrule1
      host: "{{ groups.ipaserver[0] }}"
      action: member
    register: result
    failed_when: not result.changed

  - name: Ensure host "{{ groups.ipaserver[0] }}" is present in sudorule, again.
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: testrule1
      host: "{{ groups.ipaserver[0] }}"
      action: member
    register: result
    failed_when: result.changed

  - name: Ensure hostgroup is present in sudorule.
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: testrule1
      hostgroup: cluster
      action: member
    register: result
    failed_when: not result.changed

  - name: Ensure hostgroup is present in sudorule, again.
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: testrule1
      hostgroup: cluster
      action: member
    register: result
    failed_when: result.changed

  - name: Ensure sudorule is present, with an allow_sudocmdgroup.
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: testrule1
      allow_sudocmdgroup: test_sudorule
      state: present
    register: result
    failed_when: not result.changed

  - name: Ensure sudorule is present, with an allow_sudocmdgroup, again.
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: testrule1
      allow_sudocmdgroup: test_sudorule
      state: present
    register: result
    failed_when: result.changed

  - name: Ensure sudorule is present, but allow_sudocmdgroup is absent.
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: testrule1
      allow_sudocmdgroup: test_sudorule
      action: member
      state: absent
    register: result
    failed_when: not result.changed

  - name: Ensure sudorule is present, but allow_sudocmdgroup is absent.
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: testrule1
      allow_sudocmdgroup: test_sudorule
      action: member
      state: absent
    register: result
    failed_when: result.changed

  - name: Ensure sudorule is present, with an deny_sudocmdgroup.
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: testrule1
      deny_sudocmdgroup: test_sudorule
      state: present
    register: result
    failed_when: not result.changed

  - name: Ensure sudorule is present, with an deny_sudocmdgroup, again.
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: testrule1
      deny_sudocmdgroup: test_sudorule
      state: present
    register: result
    failed_when: result.changed

  - name: Ensure sudorule is present, but deny_sudocmdgroup is absent.
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: testrule1
      deny_sudocmdgroup: test_sudorule
      action: member
      state: absent
    register: result
    failed_when: not result.changed

  - name: Ensure sudorule is present, but deny_sudocmdgroup is absent, again.
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: testrule1
      deny_sudocmdgroup: test_sudorule
      action: member
      state: absent
    register: result
    failed_when: result.changed

  - name: Ensure sudorule is absent
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: testrule1
      state: absent
    register: result
    failed_when: not result.changed

  - name: Ensure sudorule is absent, again.
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: testrule1
      state: absent
    register: result
    failed_when: result.changed

  - name: Ensure sudorule allhosts is absent
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: allhosts
      state: absent
    register: result
    failed_when: not result.changed

  - name: Ensure sudorule allhosts is absent, again
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: allhosts
      state: absent
    register: result
    failed_when: result.changed

  - name: Ensure sudorule allusers is absent
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: allusers
      state: absent
    register: result
    failed_when: not result.changed

  - name: Ensure sudorule allusers is absent, again
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: allusers
      state: absent
    register: result
    failed_when: result.changed

  - name: Ensure sudorule allcommands is absent
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: allcommands
      state: absent
    register: result
    failed_when: not result.changed

  - name: Ensure sudorule allcommands is absent, again
    ipasudorule:
      ipaadmin_password: MyPassword123
      name: allcommands
      state: absent
    register: result
    failed_when: result.changed

  # cleanup
  - name : Ensure sudocmdgroup is absent
    ipasudocmdgroup:
      ipaadmin_password: MyPassword123
      name: test_sudorule
      state: absent

  - name: Ensure hostgroup is absent.
    ipahostgroup:
      ipaadmin_password: MyPassword123
      name: cluster
      state: absent

  - name: Ensure sudocmds are absent
    ipasudocmd:
      ipaadmin_password: MyPassword123
      name:
      - /sbin/ifconfig
      - /usr/bin/vim
      state: absent

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation