From 8c87ca3511665d78d55f996f01f35d7bbea63e6c Mon Sep 17 00:00:00 2001 From: Packit Date: Sep 03 2020 10:11:48 +0000 Subject: Apply patch ansible-freeipa-0.1.8-ipahbacrule-Fix-handing-of-members-with-action-hbacrule_rhbz#1787996.patch patch_name: ansible-freeipa-0.1.8-ipahbacrule-Fix-handing-of-members-with-action-hbacrule_rhbz#1787996.patch present_in_specfile: true --- diff --git a/plugins/modules/ipahbacrule.py b/plugins/modules/ipahbacrule.py index 385876b..82340c2 100644 --- a/plugins/modules/ipahbacrule.py +++ b/plugins/modules/ipahbacrule.py @@ -344,41 +344,41 @@ def main(): # Generate addition and removal lists host_add = list( set(host or []) - - set(res_find.get("member_host", []))) + set(res_find.get("memberhost_host", []))) host_del = list( - set(res_find.get("member_host", [])) - + set(res_find.get("memberhost_host", [])) - set(host or [])) hostgroup_add = list( set(hostgroup or []) - - set(res_find.get("member_hostgroup", []))) + set(res_find.get("memberhost_hostgroup", []))) hostgroup_del = list( - set(res_find.get("member_hostgroup", [])) - + set(res_find.get("memberhost_hostgroup", [])) - set(hostgroup or [])) hbacsvc_add = list( set(hbacsvc or []) - - set(res_find.get("member_hbacsvc", []))) + set(res_find.get("memberservice_hbacsvc", []))) hbacsvc_del = list( - set(res_find.get("member_hbacsvc", [])) - + set(res_find.get("memberservice_hbacsvc", [])) - set(hbacsvc or [])) hbacsvcgroup_add = list( set(hbacsvcgroup or []) - - set(res_find.get("member_hbacsvcgroup", []))) + set(res_find.get("memberservice_hbacsvcgroup", []))) hbacsvcgroup_del = list( - set(res_find.get("member_hbacsvcgroup", [])) - + set(res_find.get("memberservice_hbacsvcgroup", [])) - set(hbacsvcgroup or [])) user_add = list( set(user or []) - - set(res_find.get("member_user", []))) + set(res_find.get("memberuser_user", []))) user_del = list( - set(res_find.get("member_user", [])) - + set(res_find.get("memberuser_user", [])) - set(user or [])) group_add = list( set(group or []) - - set(res_find.get("member_group", []))) + set(res_find.get("memberuser_group", []))) group_del = list( - set(res_find.get("member_group", [])) - + set(res_find.get("memberuser_group", [])) - set(group or [])) # Add hosts and hostgroups diff --git a/tests/hbacrule/test_hbacrule.yml b/tests/hbacrule/test_hbacrule.yml index a5615cc..38858d3 100644 --- a/tests/hbacrule/test_hbacrule.yml +++ b/tests/hbacrule/test_hbacrule.yml @@ -1,338 +1,629 @@ --- -- name: Tests +- name: Playbook to handle hbacrules hosts: ipaserver become: true - gather_facts: false tasks: - - name: Ensure HBAC Rule allhosts is absent - ipahbacrule: + - name: Get Domain from server name + set_fact: + ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}" + when: ipaserver_domain is not defined + + # CLEANUP TEST ITEMS + + - name: Ensure test hosts are absent + ipahost: + ipaadmin_password: MyPassword123 + name: + - "{{ 'testhost01.' + ipaserver_domain }}" + - "{{ 'testhost02.' + ipaserver_domain }}" + - "{{ 'testhost03.' + ipaserver_domain }}" + - "{{ 'testhost04.' + ipaserver_domain }}" + state: absent + + - name: Ensure test hostgroups are absent + ipahostgroup: ipaadmin_password: MyPassword123 - name: allhosts,sshd-pinky,loginRule + name: testhostgroup01,testhostgroup02,testhostgroup03,testhostgroup04 state: absent - - name: User pinky absent + - name: Ensure test users are absent ipauser: ipaadmin_password: MyPassword123 - name: pinky + name: testuser01,testuser02,testuser03,testuser04 state: absent - - name: User group login absent + - name: Ensure test user groups are absent ipagroup: ipaadmin_password: MyPassword123 - name: login + name: testgroup01,testgroup02,testgroup03,testgroup04 + state: absent + + - name: Ensure test HBAC Services are absent + ipahbacsvc: + ipaadmin_password: MyPassword123 + name: testhbacsvc01,testhbacsvc02,testhbacsvc03,testhbacsvc04 + state: absent + + - name: Ensure test HBAC Service Groups are absent + ipahbacsvcgroup: + ipaadmin_password: MyPassword123 + name: testhbacsvcgroup01,testhbacsvcgroup02,testhbacsvcgroup03,testhbacsvcgroup04 state: absent - - name: User pinky present + # CREATE TEST ITEMS + + - name: Ensure hosts "{{ 'host[1..4].' + ipaserver_domain }}" are present + ipahost: + ipaadmin_password: MyPassword123 + hosts: + - name: "{{ 'testhost01.' + ipaserver_domain }}" + force: yes + - name: "{{ 'testhost02.' + ipaserver_domain }}" + force: yes + - name: "{{ 'testhost03.' + ipaserver_domain }}" + force: yes + - name: "{{ 'testhost04.' + ipaserver_domain }}" + force: yes + register: result + failed_when: not result.changed + + - name: Ensure host-group testhostgroup01 is present + ipahostgroup: + ipaadmin_password: MyPassword123 + name: testhostgroup01 + register: result + failed_when: not result.changed + + - name: Ensure host-group testhostgroup02 is present + ipahostgroup: + ipaadmin_password: MyPassword123 + name: testhostgroup02 + register: result + failed_when: not result.changed + + - name: Ensure host-group testhostgroup03 is present + ipahostgroup: + ipaadmin_password: MyPassword123 + name: testhostgroup03 + register: result + failed_when: not result.changed + + - name: Ensure host-group testhostgroup04 is present + ipahostgroup: + ipaadmin_password: MyPassword123 + name: testhostgroup04 + register: result + failed_when: not result.changed + + - name: Ensure testusers are present ipauser: ipaadmin_password: MyPassword123 - name: pinky - uid: 10001 - gid: 100 - phone: "+555123457" - email: pinky@acme.com - principalexpiration: "20220119235959" - #passwordexpiration: "2022-01-19 23:59:59" - first: pinky - last: Acme + users: + - name: testuser01 + first: test + last: user01 + - name: testuser02 + first: test + last: user02 + - name: testuser03 + first: test + last: user03 + - name: testuser04 + first: test + last: user04 register: result failed_when: not result.changed - - name: User group login present + - name: Ensure user group testgroup01 is present ipagroup: ipaadmin_password: MyPassword123 - name: login + name: testgroup01 register: result failed_when: not result.changed - - name: Ensure HBAC Rule allhosts is present - ipahbacrule: + - name: Ensure user group testgroup02 is present + ipagroup: ipaadmin_password: MyPassword123 - name: allhosts - usercategory: all + name: testgroup02 register: result failed_when: not result.changed - - name: Ensure HBAC Rule allhosts is present again - ipahbacrule: + - name: Ensure user group testgroup03 is present + ipagroup: ipaadmin_password: MyPassword123 - name: allhosts - usercategory: all + name: testgroup03 register: result - failed_when: result.changed + failed_when: not result.changed - - name: Ensure host "{{ groups.ipaserver[0] }}" is present in HBAC Rule allhosts + - name: Ensure user group testgroup04 is present + ipagroup: + ipaadmin_password: MyPassword123 + name: testgroup04 + register: result + failed_when: not result.changed + + - name: Ensure HBAC Service testhbacsvc01 is present + ipahbacsvc: + ipaadmin_password: MyPassword123 + name: testhbacsvc01 + register: result + failed_when: not result.changed + + - name: Ensure HBAC Service testhbacsvc02 is present + ipahbacsvc: + ipaadmin_password: MyPassword123 + name: testhbacsvc02 + register: result + failed_when: not result.changed + + - name: Ensure HBAC Service testhbacsvc03 is present + ipahbacsvc: + ipaadmin_password: MyPassword123 + name: testhbacsvc03 + register: result + failed_when: not result.changed + + - name: Ensure HBAC Service testhbacsvc04 is present + ipahbacsvc: + ipaadmin_password: MyPassword123 + name: testhbacsvc04 + register: result + failed_when: not result.changed + + - name: Ensure HBAC Service Group testhbacsvcgroup01 is present + ipahbacsvcgroup: + ipaadmin_password: MyPassword123 + name: testhbacsvcgroup01 + register: result + failed_when: not result.changed + + - name: Ensure HBAC Service Group testhbacsvcgroup02 is present + ipahbacsvcgroup: + ipaadmin_password: MyPassword123 + name: testhbacsvcgroup02 + register: result + failed_when: not result.changed + + - name: Ensure HBAC Service Group testhbacsvcgroup03 is present + ipahbacsvcgroup: + ipaadmin_password: MyPassword123 + name: testhbacsvcgroup03 + register: result + failed_when: not result.changed + + - name: Ensure HBAC Service Group testhbacsvcgroup04 is present + ipahbacsvcgroup: + ipaadmin_password: MyPassword123 + name: testhbacsvcgroup04 + register: result + failed_when: not result.changed + + - name: Ensure test HBAC rule hbacrule01 is absent ipahbacrule: ipaadmin_password: MyPassword123 - name: allhosts - host: "{{ groups.ipaserver[0] }}" - action: member + name: hbacrule01 + state: absent + + # ENSURE HBACRULE + + - name: Ensure HBAC rule hbacrule01 is present + ipahbacrule: + ipaadmin_password: MyPassword123 + name: hbacrule01 register: result failed_when: not result.changed - - name: Ensure host "{{ groups.ipaserver[0] }}" is present in HBAC Rule allhosts again + - name: Ensure HBAC rule hbacrule01 is present again ipahbacrule: ipaadmin_password: MyPassword123 - name: allhosts - host: "{{ groups.ipaserver[0] }}" - action: member + name: hbacrule01 register: result failed_when: result.changed - - name: Ensure HBAC Rule sshd-pinky is present + # CHANGE HBACRULE WITH ALL MEMBERS + + - name: Ensure HBAC rule hbacrule01 is present with hosts, hostgroups, users, groups, hbassvcs and hbacsvcgroups ipahbacrule: ipaadmin_password: MyPassword123 - name: sshd-pinky - hostcategory: all + name: hbacrule01 + host: + - "{{ 'testhost01.' + ipaserver_domain }}" + - "{{ 'testhost02.' + ipaserver_domain }}" + hostgroup: testhostgroup01,testhostgroup02 + user: testuser01,testuser02 + group: testgroup01,testgroup02 + hbacsvc: testhbacsvc01,testhbacsvc02 + hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02 register: result failed_when: not result.changed - - name: Ensure HBAC Rule sshd-pinky is present again + - name: Ensure HBAC rule hbacrule01 is present with hosts, hostgroups, users, groups, hbassvcs and hbacsvcgroups again ipahbacrule: ipaadmin_password: MyPassword123 - name: sshd-pinky - hostcategory: all + name: hbacrule01 + host: + - "{{ 'testhost01.' + ipaserver_domain }}" + - "{{ 'testhost02.' + ipaserver_domain }}" + hostgroup: testhostgroup01,testhostgroup02 + user: testuser01,testuser02 + group: testgroup01,testgroup02 + hbacsvc: testhbacsvc01,testhbacsvc02 + hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02 register: result failed_when: result.changed - - name: Ensure user pinky is present in HBAC Rule sshd-pinky + # REMOVE MEMBERS ONE BY ONE + + - name: Ensure test HBAC rule hbacrule01 host members are absent ipahbacrule: ipaadmin_password: MyPassword123 - name: sshd-pinky - user: pinky + name: hbacrule01 + host: + - "{{ 'testhost01.' + ipaserver_domain }}" + - "{{ 'testhost02.' + ipaserver_domain }}" + state: absent action: member register: result failed_when: not result.changed - - name: Ensure user pinky is present in HBAC Rule sshd-pinky again + - name: Ensure test HBAC rule hbacrule01 host members are absent again ipahbacrule: ipaadmin_password: MyPassword123 - name: sshd-pinky - user: pinky + name: hbacrule01 + host: + - "{{ 'testhost01.' + ipaserver_domain }}" + - "{{ 'testhost02.' + ipaserver_domain }}" + state: absent action: member register: result failed_when: result.changed - - name: Ensure HBAC service sshd is present in HBAC Rule sshd-pinky + - name: Ensure test HBAC rule hbacrule01 hostgroup members are absent ipahbacrule: ipaadmin_password: MyPassword123 - name: sshd-pinky - hbacsvc: sshd + name: hbacrule01 + hostgroup: testhostgroup01,testhostgroup02 + state: absent action: member register: result failed_when: not result.changed - - name: Ensure HBAC service sshd is present in HBAC Rule sshd-pinky again + - name: Ensure test HBAC rule hbacrule01 hostgroup members are absent again ipahbacrule: ipaadmin_password: MyPassword123 - name: sshd-pinky - hbacsvc: sshd + name: hbacrule01 + hostgroup: testhostgroup01,testhostgroup02 + state: absent action: member register: result failed_when: result.changed - - name: Ensure HBAC Rule loginRule is present with HBAC service sshd + - name: Ensure test HBAC rule hbacrule01 user members are absent ipahbacrule: ipaadmin_password: MyPassword123 - name: loginRule - group: login + name: hbacrule01 + user: testuser01,testuser02 + state: absent + action: member register: result failed_when: not result.changed - - name: Ensure HBAC Rule loginRule is present with HBAC service sshd again + - name: Ensure test HBAC rule hbacrule01 user members are absent again ipahbacrule: ipaadmin_password: MyPassword123 - name: loginRule - group: login + name: hbacrule01 + user: testuser01,testuser02 + state: absent + action: member register: result failed_when: result.changed - - name: Ensure user pinky is present in HBAC Rule loginRule + - name: Ensure test HBAC rule hbacrule01 user group members are absent ipahbacrule: ipaadmin_password: MyPassword123 - name: loginRule - user: pinky + name: hbacrule01 + group: testgroup01,testgroup02 + state: absent action: member register: result failed_when: not result.changed - - name: Ensure user pinky is present in HBAC Rule loginRule again + - name: Ensure test HBAC rule hbacrule01 user group members are absent again ipahbacrule: ipaadmin_password: MyPassword123 - name: loginRule - user: pinky + name: hbacrule01 + group: testgroup01,testgroup02 + state: absent action: member register: result failed_when: result.changed - - name: Ensure user pinky is absent in HBAC Rule loginRule + - name: Ensure test HBAC rule hbacrule01 hbacsvc members are absent ipahbacrule: ipaadmin_password: MyPassword123 - name: loginRule - user: pinky - action: member + name: hbacrule01 + hbacsvc: testhbacsvc01,testhbacsvc02 state: absent + action: member register: result failed_when: not result.changed - - name: Ensure user pinky is absent in HBAC Rule loginRule again + - name: Ensure test HBAC rule hbacrule01 hbacsvc members are absent again ipahbacrule: ipaadmin_password: MyPassword123 - name: loginRule - user: pinky - action: member + name: hbacrule01 + hbacsvc: testhbacsvc01,testhbacsvc02 state: absent + action: member register: result failed_when: result.changed - - name: Ensure HBAC Rule loginRule is absent + - name: Ensure test HBAC rule hbacrule01 hbacsvcgroup members are absent ipahbacrule: ipaadmin_password: MyPassword123 - name: loginRule + name: hbacrule01 + hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02 state: absent + action: member register: result failed_when: not result.changed - - name: Ensure HBAC Rule loginRule is absent again + - name: Ensure test HBAC rule hbacrule01 hbacsvcgroup members are absent again ipahbacrule: ipaadmin_password: MyPassword123 - name: loginRule + name: hbacrule01 + hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02 state: absent + action: member register: result failed_when: result.changed - - name: Ensure HBAC service sshd is absent in HBAC Rule sshd-pinky + # ADD MEMBERS BACK + + - name: Ensure test HBAC rule hbacrule01 host members are present ipahbacrule: ipaadmin_password: MyPassword123 - name: sshd-pinky - hbacsvc: sshd + name: hbacrule01 + host: + - "{{ 'testhost01.' + ipaserver_domain }}" + - "{{ 'testhost02.' + ipaserver_domain }}" action: member - state: absent register: result failed_when: not result.changed - - name: Ensure HBAC service sshd is absent in HBAC Rule sshd-pinky again + - name: Ensure test HBAC rule hbacrule01 host members are present again ipahbacrule: ipaadmin_password: MyPassword123 - name: sshd-pinky - hbacsvc: sshd + name: hbacrule01 + host: + - "{{ 'testhost01.' + ipaserver_domain }}" + - "{{ 'testhost02.' + ipaserver_domain }}" action: member - state: absent register: result failed_when: result.changed - - name: Ensure user pinky is absent in HBAC Rule sshd-pinky + - name: Ensure test HBAC rule hbacrule01 hostgroup members are present ipahbacrule: ipaadmin_password: MyPassword123 - name: sshd-pinky - user: pinky + name: hbacrule01 + hostgroup: testhostgroup01,testhostgroup02 action: member - state: absent register: result failed_when: not result.changed - - name: Ensure user pinky is absent in HBAC Rule sshd-pinky again + - name: Ensure test HBAC rule hbacrule01 hostgroup members are present again ipahbacrule: ipaadmin_password: MyPassword123 - name: sshd-pinky - user: pinky + name: hbacrule01 + hostgroup: testhostgroup01,testhostgroup02 action: member - state: absent register: result failed_when: result.changed - - name: Ensure HBAC Rule sshd-pinky is disabled + - name: Ensure test HBAC rule hbacrule01 user members are present ipahbacrule: ipaadmin_password: MyPassword123 - name: sshd-pinky - state: disabled + name: hbacrule01 + user: testuser01,testuser02 + action: member register: result failed_when: not result.changed - - name: Ensure HBAC Rule sshd-pinky is disabled again + - name: Ensure test HBAC rule hbacrule01 user members are present again ipahbacrule: ipaadmin_password: MyPassword123 - name: sshd-pinky - state: disabled + name: hbacrule01 + user: testuser01,testuser02 + action: member register: result failed_when: result.changed - - name: Ensure HBAC Rule sshd-pinky is enabled + - name: Ensure test HBAC rule hbacrule01 user group members are present ipahbacrule: ipaadmin_password: MyPassword123 - name: sshd-pinky - state: enabled + name: hbacrule01 + group: testgroup01,testgroup02 + action: member register: result failed_when: not result.changed - - name: Ensure HBAC Rule sshd-pinky is enabled again + - name: Ensure test HBAC rule hbacrule01 user group members are present again ipahbacrule: ipaadmin_password: MyPassword123 - name: sshd-pinky - state: enabled + name: hbacrule01 + group: testgroup01,testgroup02 + action: member register: result failed_when: result.changed - - name: Ensure HBAC Rule sshd-pinky is absent + - name: Ensure test HBAC rule hbacrule01 hbacsvc members are present ipahbacrule: ipaadmin_password: MyPassword123 - name: sshd-pinky - state: absent + name: hbacrule01 + hbacsvc: testhbacsvc01,testhbacsvc02 + action: member register: result failed_when: not result.changed - - name: Ensure HBAC Rule sshd-pinky is absent again + - name: Ensure test HBAC rule hbacrule01 hbacsvc members are present again ipahbacrule: ipaadmin_password: MyPassword123 - name: sshd-pinky - state: absent + name: hbacrule01 + hbacsvc: testhbacsvc01,testhbacsvc02 + action: member register: result failed_when: result.changed - - name: Ensure host "{{ groups.ipaserver[0] }}" is absent in HBAC Rule allhosts + - name: Ensure test HBAC rule hbacrule01 hbacsvcgroup members are present ipahbacrule: ipaadmin_password: MyPassword123 - name: allhosts - host: "{{ groups.ipaserver[0] }}" + name: hbacrule01 + hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02 action: member - state: absent register: result failed_when: not result.changed - - name: Ensure host "{{ groups.ipaserver[0] }}" is absent in HBAC Rule allhosts again + - name: Ensure test HBAC rule hbacrule01 hbacsvcgroup members are present again ipahbacrule: ipaadmin_password: MyPassword123 - name: allhosts - host: "{{ groups.ipaserver[0] }}" + name: hbacrule01 + hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02 action: member + register: result + failed_when: result.changed + + # CHANGE TO DIFFERENT MEMBERS + + - name: Ensure HBAC rule hbacrule01 is present with different hosts, hostgroups, users, groups, hbassvcs and hbacsvcgroups + ipahbacrule: + ipaadmin_password: MyPassword123 + name: hbacrule01 + host: + - "{{ 'testhost03.' + ipaserver_domain }}" + - "{{ 'testhost04.' + ipaserver_domain }}" + hostgroup: testhostgroup03,testhostgroup04 + user: testuser03,testuser04 + group: testgroup03,testgroup04 + hbacsvc: testhbacsvc03,testhbacsvc04 + hbacsvcgroup: testhbacsvcgroup03,testhbacsvcgroup04 + register: result + failed_when: not result.changed + + - name: Ensure HBAC rule hbacrule01 is present with different hosts, hostgroups, users, groups, hbassvcs and hbacsvcgroups again + ipahbacrule: + ipaadmin_password: MyPassword123 + name: hbacrule01 + host: + - "{{ 'testhost03.' + ipaserver_domain }}" + - "{{ 'testhost04.' + ipaserver_domain }}" + hostgroup: testhostgroup03,testhostgroup04 + user: testuser03,testuser04 + group: testgroup03,testgroup04 + hbacsvc: testhbacsvc03,testhbacsvc04 + hbacsvcgroup: testhbacsvcgroup03,testhbacsvcgroup04 + register: result + failed_when: result.changed + + # ENSURE OLD TEST MEMBERS ARE ABSENT + + - name: Ensure HBAC rule hbacrule01 members (same) are present + ipahbacrule: + ipaadmin_password: MyPassword123 + name: hbacrule01 + host: + - "{{ 'testhost01.' + ipaserver_domain }}" + - "{{ 'testhost02.' + ipaserver_domain }}" + hostgroup: testhostgroup01,testhostgroup02 + user: testuser01,testuser02 + group: testgroup01,testgroup02 + hbacsvc: testhbacsvc01,testhbacsvc02 + hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02 state: absent + action: member register: result failed_when: result.changed - - name: Ensure HBAC Rule allhosts is absent + # ENSURE NEW TEST MEMBERS ARE ABSENT + + - name: Ensure HBAC rule hbacrule01 members are absent ipahbacrule: ipaadmin_password: MyPassword123 - name: allhosts + name: hbacrule01 + host: + - "{{ 'testhost03.' + ipaserver_domain }}" + - "{{ 'testhost04.' + ipaserver_domain }}" + hostgroup: testhostgroup03,testhostgroup04 + user: testuser03,testuser04 + group: testgroup03,testgroup04 + hbacsvc: testhbacsvc03,testhbacsvc04 + hbacsvcgroup: testhbacsvcgroup03,testhbacsvcgroup04 state: absent + action: member register: result failed_when: not result.changed - - name: Ensure HBAC Rule allhosts is absent again + - name: Ensure HBAC rule hbacrule01 members are absent again ipahbacrule: ipaadmin_password: MyPassword123 - name: allhosts + name: hbacrule01 + host: + - "{{ 'testhost03.' + ipaserver_domain }}" + - "{{ 'testhost04.' + ipaserver_domain }}" + hostgroup: testhostgroup03,testhostgroup04 + user: testuser03,testuser04 + group: testgroup03,testgroup04 + hbacsvc: testhbacsvc03,testhbacsvc04 + hbacsvcgroup: testhbacsvcgroup03,testhbacsvcgroup04 state: absent + action: member register: result failed_when: result.changed - - name: User pinky absent + # CLEANUP TEST ITEMS + + - name: Ensure test HBAC rule hbacrule01 is absent + ipahbacrule: + ipaadmin_password: MyPassword123 + name: hbacrule01 + state: absent + + - name: Ensure test hosts are absent + ipahostgroup: + ipaadmin_password: MyPassword123 + name: + - "{{ 'testhost01.' + ipaserver_domain }}" + - "{{ 'testhost02.' + ipaserver_domain }}" + - "{{ 'testhost03.' + ipaserver_domain }}" + - "{{ 'testhost04.' + ipaserver_domain }}" + state: absent + + - name: Ensure test hostgroups are absent + ipahostgroup: + ipaadmin_password: MyPassword123 + name: testhostgroup01,testhostgroup02,testhostgroup03,testhostgroup04 + state: absent + + - name: Ensure test users are absent ipauser: ipaadmin_password: MyPassword123 - name: pinky + name: testuser01,testuser02,testuser03,testuser04 state: absent - - name: User group login absent + - name: Ensure test user groups are absent ipagroup: ipaadmin_password: MyPassword123 - name: login + name: testgroup01,testgroup02,testgroup03,testgroup04 + state: absent + + - name: Ensure test HBAC Services are absent + ipahbacsvc: + ipaadmin_password: MyPassword123 + name: testhbacsvc01,testhbacsvc02,testhbacsvc03,testhbacsvc04 + state: absent + + - name: Ensure test HBAC Service Groups are absent + ipahbacsvcgroup: + ipaadmin_password: MyPassword123 + name: testhbacsvcgroup01,testhbacsvcgroup02,testhbacsvcgroup03,testhbacsvcgroup04 state: absent