---
- name: Test delegation
hosts: ipaserver
become: true
tasks:
# CLEANUP TEST ITEMS
- name: Ensure test groups are absent
ipagroup:
ipaadmin_password: SomeADMINpassword
name: managers,managers2,employees,employees2
state: absent
- name: Ensure delegation "basic manager attributes" is absent
ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
state: absent
# CREATE TEST ITEMS
- name: Ensure test group managers is present
ipagroup:
ipaadmin_password: SomeADMINpassword
name: managers
- name: Ensure test group managers2 is present
ipagroup:
ipaadmin_password: SomeADMINpassword
name: managers2
- name: Ensure test group employees is present
ipagroup:
ipaadmin_password: SomeADMINpassword
name: employees
- name: Ensure test group employees2 is present
ipagroup:
ipaadmin_password: SomeADMINpassword
name: employees2
# TESTS
- name: Ensure delegation "basic manager attributes" is present
ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
permission: read
attribute:
- businesscategory
group: managers
membergroup: employees
register: result
failed_when: not result.changed or result.failed
- name: Ensure delegation "basic manager attributes" is present again
ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
permission: read
attribute:
- businesscategory
group: managers
membergroup: employees
register: result
failed_when: result.changed or result.failed
- name: Ensure delegation "basic manager attributes" is present with different attribute employeetype
ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
permission: read
attribute:
- employeetype
group: managers
membergroup: employees
register: result
failed_when: not result.changed or result.failed
- name: Ensure delegation "basic manager attributes" is present with different attribute employeetype again
ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
permission: read
attribute:
- employeetype
group: managers
membergroup: employees
register: result
failed_when: result.changed or result.failed
- name: Ensure delegation "basic manager attributes" member attribute departmentnumber is present
ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
attribute:
- departmentnumber
action: member
register: result
failed_when: not result.changed or result.failed
- name: Ensure delegation "basic manager attributes" member attribute departmentnumber is present again
ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
attribute:
- departmentnumber
action: member
register: result
failed_when: result.changed or result.failed
- name: Ensure delegation "basic manager attributes" member attributes employeetype and employeenumber are present
ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
attribute:
- employeetype
- employeenumber
action: member
register: result
failed_when: not result.changed or result.failed
- name: Ensure delegation "basic manager attributes" member attributes employeetype and employeenumber are present again
ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
attribute:
- employeetype
- employeenumber
action: member
register: result
failed_when: result.changed or result.failed
- name: Ensure delegation "basic manager attributes" member attributes employeenumber and employeetype are absent
ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
attribute:
- employeenumber
- employeetype
action: member
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure delegation "basic manager attributes" member attributes employeenumber and employeetype are absent again
ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
attribute:
- employeenumber
- employeetype
action: member
state: absent
register: result
failed_when: result.changed or result.failed
# TEST permission change
- name: Ensure delegation "basic manager attributes" is present with different read,write permission
ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
permission: read,write
attribute:
- businesscategory
group: managers
membergroup: employees
register: result
failed_when: not result.changed or result.failed
- name: Ensure delegation "basic manager attributes" is present with different read,write permission again
ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
permission: read,write
attribute:
- businesscategory
group: managers
membergroup: employees
register: result
failed_when: result.changed or result.failed
- name: Ensure delegation "basic manager attributes" is present with different group managers2
ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
group: managers2
register: result
failed_when: not result.changed or result.failed
- name: Ensure delegation "basic manager attributes" is present with different group managers2 again
ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
group: managers2
register: result
failed_when: result.changed or result.failed
- name: Ensure delegation "basic manager attributes" is present with different membergroup employees2
ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
membergroup: employees2
register: result
failed_when: not result.changed or result.failed
- name: Ensure delegation "basic manager attributes" is present with different membergroup employees2 again
ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
membergroup: employees2
register: result
failed_when: result.changed or result.failed
- name: Ensure delegation "basic manager attributes" fails with bad permission read,read
ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
permission: read,read
register: result
failed_when: not result.failed or "Invalid permission" not in result.msg
- name: Ensure delegation "basic manager attributes" fails with bad permission read,write,write
ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
permission: read,write,write
register: result
failed_when: not result.failed or "Invalid permission" not in result.msg
- name: Ensure delegation "basic manager attributes" fails with bad attribute businesscategory,businesscategory
ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
attribute:
- businesscategory
- businesscategory
register: result
failed_when: not result.failed or "Invalid attribute" not in result.msg
# CLEANUP TEST ITEMS
- name: Ensure delegation "basic manager attributes" is absent
ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
state: absent
- name: Ensure test groups are absent
ipagroup:
ipaadmin_password: SomeADMINpassword
name: managers,managers2,employees,employees2
state: absent