---
- name: Test user certmapdata
hosts: ipaserver
become: true
gather_facts: false
tasks:
- name: Generate self-signed certificates.
shell:
cmd: |
openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout "private{{ item }}.key" -out "cert{{ item }}.pem" -subj '/CN=test'
openssl x509 -outform der -in "cert{{ item }}.pem" -out "cert{{ item }}.der"
base64 "cert{{ item }}.der" -w5000 > "cert{{ item }}.b64"
with_items: [1, 2, 3]
become: no
delegate_to: localhost
- name: User test absent
ipauser:
ipaadmin_password: SomeADMINpassword
name: test
state: absent
- name: User test present
ipauser:
ipaadmin_password: SomeADMINpassword
name: test
first: test
last: test
register: result
failed_when: not result.changed
- name: User test certmapdata members present
ipauser:
ipaadmin_password: SomeADMINpassword
name: test
certmapdata:
- certificate: "{{ lookup('file', 'cert1.b64', rstrip=False) }}"
- certificate: "{{ lookup('file', 'cert2.b64', rstrip=False) }}"
- certificate: "{{ lookup('file', 'cert3.b64', rstrip=False) }}"
action: member
register: result
failed_when: not result.changed
- name: User test certmapdata members present again
ipauser:
ipaadmin_password: SomeADMINpassword
name: test
certmapdata:
- certificate: "{{ lookup('file', 'cert1.b64', rstrip=False) }}"
- certificate: "{{ lookup('file', 'cert2.b64', rstrip=False) }}"
- certificate: "{{ lookup('file', 'cert3.b64', rstrip=False) }}"
action: member
register: result
failed_when: result.changed
- name: User test certmapdata members absent
ipauser:
ipaadmin_password: SomeADMINpassword
name: test
certmapdata:
- certificate: "{{ lookup('file', 'cert1.b64', rstrip=False) }}"
- certificate: "{{ lookup('file', 'cert2.b64', rstrip=False) }}"
- certificate: "{{ lookup('file', 'cert3.b64', rstrip=False) }}"
action: member
state: absent
register: result
failed_when: not result.changed
- name: User test certmapdata members absent again
ipauser:
ipaadmin_password: SomeADMINpassword
name: test
certmapdata:
- certificate: "{{ lookup('file', 'cert1.b64', rstrip=False) }}"
- certificate: "{{ lookup('file', 'cert2.b64', rstrip=False) }}"
- certificate: "{{ lookup('file', 'cert3.b64', rstrip=False) }}"
action: member
state: absent
register: result
failed_when: result.changed
- name: User test certmapdata members present
ipauser:
ipaadmin_password: SomeADMINpassword
name: test
certmapdata:
- issuer: CN=issuer1
subject: CN=subject1
- issuer: CN=issuer2
subject: CN=subject2
- issuer: CN=issuer3
subject: CN=subject3
action: member
register: result
failed_when: not result.changed
- name: User test certmapdata members present again
ipauser:
ipaadmin_password: SomeADMINpassword
name: test
certmapdata:
- issuer: CN=issuer1
subject: CN=subject1
- issuer: CN=issuer2
subject: CN=subject2
- issuer: CN=issuer3
subject: CN=subject3
action: member
register: result
failed_when: result.changed
- name: User test certmapdata members absent
ipauser:
ipaadmin_password: SomeADMINpassword
name: test
certmapdata:
- issuer: CN=issuer1
subject: CN=subject1
- issuer: CN=issuer3
subject: CN=subject3
action: member
state: absent
register: result
failed_when: not result.changed
- name: User test certmapdata members absent again
ipauser:
ipaadmin_password: SomeADMINpassword
name: test
certmapdata:
- issuer: CN=issuer1
subject: CN=subject1
- issuer: CN=issuer3
subject: CN=subject3
action: member
state: absent
register: result
failed_when: result.changed
- name: User test certmapdata members absent
ipauser:
ipaadmin_password: SomeADMINpassword
name: test
certmapdata:
- issuer: CN=issuer2
subject: CN=subject2
action: member
state: absent
register: result
failed_when: not result.changed
- name: User test certmapdata members absent again
ipauser:
ipaadmin_password: SomeADMINpassword
name: test
certmapdata:
- issuer: CN=issuer2
subject: CN=subject2
action: member
state: absent
register: result
failed_when: result.changed
- name: User test certmapdata member present
ipauser:
ipaadmin_password: SomeADMINpassword
name: test
certmapdata:
- issuer: CN=ca,dc=example,dc=com
subject: CN=test,dc=example,dc=com
action: member
register: result
failed_when: not result.changed
- name: User test certmapdata member present again
ipauser:
ipaadmin_password: SomeADMINpassword
name: test
certmapdata:
- issuer: CN=ca,dc=example,dc=com
subject: CN=test,dc=example,dc=com
action: member
register: result
failed_when: result.changed
- name: User test certmapdata member (data) present again
ipauser:
ipaadmin_password: SomeADMINpassword
name: test
certmapdata:
- data: X509:<I>dc=com,dc=example,CN=ca<S>dc=com,dc=example,CN=test
action: member
register: result
failed_when: result.changed
- name: User test certmapdata member absent
ipauser:
ipaadmin_password: SomeADMINpassword
name: test
certmapdata:
- issuer: CN=ca,dc=example,dc=com
subject: CN=test,dc=example,dc=com
action: member
state: absent
register: result
failed_when: not result.changed
- name: User test certmapdata member (data) absent again
ipauser:
ipaadmin_password: SomeADMINpassword
name: test
certmapdata:
- data: X509:<I>dc=com,dc=example,CN=ca<S>dc=com,dc=example,CN=test
action: member
state: absent
register: result
failed_when: result.changed
- name: User test absent
ipauser:
ipaadmin_password: SomeADMINpassword
name: test
state: absent
register: result
failed_when: not result.changed
- name: Remove certificate files.
shell:
cmd: rm -f "private{{ item }}.key" "cert{{ item }}.pem" "cert{{ item }}.der" "cert{{ item }}.b64"
with_items: [1, 2, 3]
become: no
delegate_to: localhost
args:
warn: no # suppres warning for not using the `file` module.