--- - name: Test hbacrule hosts: ipaserver become: true tasks: - name: Get Domain from server name set_fact: ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}" when: ipaserver_domain is not defined # CLEANUP TEST ITEMS - name: Ensure test hosts are absent ipahost: ipaadmin_password: SomeADMINpassword name: - "{{ 'testhost01.' + ipaserver_domain }}" - "{{ 'testhost02.' + ipaserver_domain }}" - "{{ 'testhost03.' + ipaserver_domain }}" - "{{ 'testhost04.' + ipaserver_domain }}" state: absent - name: Ensure test hostgroups are absent ipahostgroup: ipaadmin_password: SomeADMINpassword name: testhostgroup01,testhostgroup02,testhostgroup03,testhostgroup04 state: absent - name: Ensure test users are absent ipauser: ipaadmin_password: SomeADMINpassword name: testuser01,testuser02,testuser03,testuser04 state: absent - name: Ensure test user groups are absent ipagroup: ipaadmin_password: SomeADMINpassword name: testgroup01,testgroup02,testgroup03,testgroup04 state: absent - name: Ensure test HBAC Services are absent ipahbacsvc: ipaadmin_password: SomeADMINpassword name: testhbacsvc01,testhbacsvc02,testhbacsvc03,testhbacsvc04 state: absent - name: Ensure test HBAC Service Groups are absent ipahbacsvcgroup: ipaadmin_password: SomeADMINpassword name: testhbacsvcgroup01,testhbacsvcgroup02,testhbacsvcgroup03,testhbacsvcgroup04 state: absent # CREATE TEST ITEMS - name: Ensure hosts "{{ 'host[1..4].' + ipaserver_domain }}" are present ipahost: ipaadmin_password: SomeADMINpassword hosts: - name: "{{ 'testhost01.' + ipaserver_domain }}" force: yes - name: "{{ 'testhost02.' + ipaserver_domain }}" force: yes - name: "{{ 'testhost03.' + ipaserver_domain }}" force: yes - name: "{{ 'testhost04.' + ipaserver_domain }}" force: yes register: result failed_when: not result.changed - name: Ensure host-group testhostgroup01 is present ipahostgroup: ipaadmin_password: SomeADMINpassword name: testhostgroup01 register: result failed_when: not result.changed - name: Ensure host-group testhostgroup02 is present ipahostgroup: ipaadmin_password: SomeADMINpassword name: testhostgroup02 register: result failed_when: not result.changed - name: Ensure host-group testhostgroup03 is present ipahostgroup: ipaadmin_password: SomeADMINpassword name: testhostgroup03 register: result failed_when: not result.changed - name: Ensure host-group testhostgroup04 is present ipahostgroup: ipaadmin_password: SomeADMINpassword name: testhostgroup04 register: result failed_when: not result.changed - name: Ensure testusers are present ipauser: ipaadmin_password: SomeADMINpassword users: - name: testuser01 first: test last: user01 - name: testuser02 first: test last: user02 - name: testuser03 first: test last: user03 - name: testuser04 first: test last: user04 register: result failed_when: not result.changed - name: Ensure user group testgroup01 is present ipagroup: ipaadmin_password: SomeADMINpassword name: testgroup01 register: result failed_when: not result.changed - name: Ensure user group testgroup02 is present ipagroup: ipaadmin_password: SomeADMINpassword name: testgroup02 register: result failed_when: not result.changed - name: Ensure user group testgroup03 is present ipagroup: ipaadmin_password: SomeADMINpassword name: testgroup03 register: result failed_when: not result.changed - name: Ensure user group testgroup04 is present ipagroup: ipaadmin_password: SomeADMINpassword name: testgroup04 register: result failed_when: not result.changed - name: Ensure HBAC Service testhbacsvc01 is present ipahbacsvc: ipaadmin_password: SomeADMINpassword name: testhbacsvc01 register: result failed_when: not result.changed - name: Ensure HBAC Service testhbacsvc02 is present ipahbacsvc: ipaadmin_password: SomeADMINpassword name: testhbacsvc02 register: result failed_when: not result.changed - name: Ensure HBAC Service testhbacsvc03 is present ipahbacsvc: ipaadmin_password: SomeADMINpassword name: testhbacsvc03 register: result failed_when: not result.changed - name: Ensure HBAC Service testhbacsvc04 is present ipahbacsvc: ipaadmin_password: SomeADMINpassword name: testhbacsvc04 register: result failed_when: not result.changed - name: Ensure HBAC Service Group testhbacsvcgroup01 is present ipahbacsvcgroup: ipaadmin_password: SomeADMINpassword name: testhbacsvcgroup01 register: result failed_when: not result.changed - name: Ensure HBAC Service Group testhbacsvcgroup02 is present ipahbacsvcgroup: ipaadmin_password: SomeADMINpassword name: testhbacsvcgroup02 register: result failed_when: not result.changed - name: Ensure HBAC Service Group testhbacsvcgroup03 is present ipahbacsvcgroup: ipaadmin_password: SomeADMINpassword name: testhbacsvcgroup03 register: result failed_when: not result.changed - name: Ensure HBAC Service Group testhbacsvcgroup04 is present ipahbacsvcgroup: ipaadmin_password: SomeADMINpassword name: testhbacsvcgroup04 register: result failed_when: not result.changed - name: Ensure test HBAC rule hbacrule01 is absent ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 state: absent # ENSURE HBACRULE - name: Ensure HBAC rule hbacrule01 is present ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 register: result failed_when: not result.changed - name: Ensure HBAC rule hbacrule01 is present again ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 register: result failed_when: result.changed # CHANGE HBACRULE WITH ALL MEMBERS - name: Ensure HBAC rule hbacrule01 is present with hosts, hostgroups, users, groups, hbassvcs and hbacsvcgroups ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 host: - "{{ 'testhost01.' + ipaserver_domain }}" - "{{ 'testhost02.' + ipaserver_domain }}" hostgroup: testhostgroup01,testhostgroup02 user: testuser01,testuser02 group: testgroup01,testgroup02 hbacsvc: testhbacsvc01,testhbacsvc02 hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02 register: result failed_when: not result.changed - name: Ensure HBAC rule hbacrule01 is present with hosts, hostgroups, users, groups, hbassvcs and hbacsvcgroups again ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 host: - "{{ 'testhost01.' + ipaserver_domain }}" - "{{ 'testhost02.' + ipaserver_domain }}" hostgroup: testhostgroup01,testhostgroup02 user: testuser01,testuser02 group: testgroup01,testgroup02 hbacsvc: testhbacsvc01,testhbacsvc02 hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02 register: result failed_when: result.changed # REMOVE MEMBERS ONE BY ONE - name: Ensure test HBAC rule hbacrule01 host members are absent ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 host: - "{{ 'testhost01.' + ipaserver_domain }}" - "{{ 'testhost02.' + ipaserver_domain }}" state: absent action: member register: result failed_when: not result.changed - name: Ensure test HBAC rule hbacrule01 host members are absent again ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 host: - "{{ 'testhost01.' + ipaserver_domain }}" - "{{ 'testhost02.' + ipaserver_domain }}" state: absent action: member register: result failed_when: result.changed - name: Ensure test HBAC rule hbacrule01 hostgroup members are absent ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 hostgroup: testhostgroup01,testhostgroup02 state: absent action: member register: result failed_when: not result.changed - name: Ensure test HBAC rule hbacrule01 hostgroup members are absent again ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 hostgroup: testhostgroup01,testhostgroup02 state: absent action: member register: result failed_when: result.changed - name: Ensure test HBAC rule hbacrule01 user members are absent ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 user: testuser01,testuser02 state: absent action: member register: result failed_when: not result.changed - name: Ensure test HBAC rule hbacrule01 user members are absent again ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 user: testuser01,testuser02 state: absent action: member register: result failed_when: result.changed - name: Ensure test HBAC rule hbacrule01 user group members are absent ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 group: testgroup01,testgroup02 state: absent action: member register: result failed_when: not result.changed - name: Ensure test HBAC rule hbacrule01 user group members are absent again ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 group: testgroup01,testgroup02 state: absent action: member register: result failed_when: result.changed - name: Ensure test HBAC rule hbacrule01 hbacsvc members are absent ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 hbacsvc: testhbacsvc01,testhbacsvc02 state: absent action: member register: result failed_when: not result.changed - name: Ensure test HBAC rule hbacrule01 hbacsvc members are absent again ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 hbacsvc: testhbacsvc01,testhbacsvc02 state: absent action: member register: result failed_when: result.changed - name: Ensure test HBAC rule hbacrule01 hbacsvcgroup members are absent ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02 state: absent action: member register: result failed_when: not result.changed - name: Ensure test HBAC rule hbacrule01 hbacsvcgroup members are absent again ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02 state: absent action: member register: result failed_when: result.changed # ADD MEMBERS BACK - name: Ensure test HBAC rule hbacrule01 host members are present ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 host: - "{{ 'testhost01.' + ipaserver_domain }}" - "{{ 'testhost02.' + ipaserver_domain }}" action: member register: result failed_when: not result.changed - name: Ensure test HBAC rule hbacrule01 host members are present again ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 host: - "{{ 'testhost01.' + ipaserver_domain }}" - "{{ 'testhost02.' + ipaserver_domain }}" action: member register: result failed_when: result.changed - name: Ensure test HBAC rule hbacrule01 hostgroup members are present ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 hostgroup: testhostgroup01,testhostgroup02 action: member register: result failed_when: not result.changed - name: Ensure test HBAC rule hbacrule01 hostgroup members are present again ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 hostgroup: testhostgroup01,testhostgroup02 action: member register: result failed_when: result.changed - name: Ensure test HBAC rule hbacrule01 user members are present ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 user: testuser01,testuser02 action: member register: result failed_when: not result.changed - name: Ensure test HBAC rule hbacrule01 user members are present again ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 user: testuser01,testuser02 action: member register: result failed_when: result.changed - name: Ensure test HBAC rule hbacrule01 user group members are present ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 group: testgroup01,testgroup02 action: member register: result failed_when: not result.changed - name: Ensure test HBAC rule hbacrule01 user group members are present again ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 group: testgroup01,testgroup02 action: member register: result failed_when: result.changed - name: Ensure test HBAC rule hbacrule01 hbacsvc members are present ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 hbacsvc: testhbacsvc01,testhbacsvc02 action: member register: result failed_when: not result.changed - name: Ensure test HBAC rule hbacrule01 hbacsvc members are present again ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 hbacsvc: testhbacsvc01,testhbacsvc02 action: member register: result failed_when: result.changed - name: Ensure test HBAC rule hbacrule01 hbacsvcgroup members are present ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02 action: member register: result failed_when: not result.changed - name: Ensure test HBAC rule hbacrule01 hbacsvcgroup members are present again ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02 action: member register: result failed_when: result.changed # CHANGE TO DIFFERENT MEMBERS - name: Ensure HBAC rule hbacrule01 is present with different hosts, hostgroups, users, groups, hbassvcs and hbacsvcgroups ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 host: - "{{ 'testhost03.' + ipaserver_domain }}" - "{{ 'testhost04.' + ipaserver_domain }}" hostgroup: testhostgroup03,testhostgroup04 user: testuser03,testuser04 group: testgroup03,testgroup04 hbacsvc: testhbacsvc03,testhbacsvc04 hbacsvcgroup: testhbacsvcgroup03,testhbacsvcgroup04 register: result failed_when: not result.changed - name: Ensure HBAC rule hbacrule01 is present with different hosts, hostgroups, users, groups, hbassvcs and hbacsvcgroups again ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 host: - "{{ 'testhost03.' + ipaserver_domain }}" - "{{ 'testhost04.' + ipaserver_domain }}" hostgroup: testhostgroup03,testhostgroup04 user: testuser03,testuser04 group: testgroup03,testgroup04 hbacsvc: testhbacsvc03,testhbacsvc04 hbacsvcgroup: testhbacsvcgroup03,testhbacsvcgroup04 register: result failed_when: result.changed # ENSURE OLD TEST MEMBERS ARE ABSENT - name: Ensure HBAC rule hbacrule01 members (same) are present ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 host: - "{{ 'testhost01.' + ipaserver_domain }}" - "{{ 'testhost02.' + ipaserver_domain }}" hostgroup: testhostgroup01,testhostgroup02 user: testuser01,testuser02 group: testgroup01,testgroup02 hbacsvc: testhbacsvc01,testhbacsvc02 hbacsvcgroup: testhbacsvcgroup01,testhbacsvcgroup02 state: absent action: member register: result failed_when: result.changed # ENSURE NEW TEST MEMBERS ARE ABSENT - name: Ensure HBAC rule hbacrule01 members are absent ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 host: - "{{ 'testhost03.' + ipaserver_domain }}" - "{{ 'testhost04.' + ipaserver_domain }}" hostgroup: testhostgroup03,testhostgroup04 user: testuser03,testuser04 group: testgroup03,testgroup04 hbacsvc: testhbacsvc03,testhbacsvc04 hbacsvcgroup: testhbacsvcgroup03,testhbacsvcgroup04 state: absent action: member register: result failed_when: not result.changed - name: Ensure HBAC rule hbacrule01 members are absent again ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 host: - "{{ 'testhost03.' + ipaserver_domain }}" - "{{ 'testhost04.' + ipaserver_domain }}" hostgroup: testhostgroup03,testhostgroup04 user: testuser03,testuser04 group: testgroup03,testgroup04 hbacsvc: testhbacsvc03,testhbacsvc04 hbacsvcgroup: testhbacsvcgroup03,testhbacsvcgroup04 state: absent action: member register: result failed_when: result.changed # CLEANUP TEST ITEMS - name: Ensure test HBAC rule hbacrule01 is absent ipahbacrule: ipaadmin_password: SomeADMINpassword name: hbacrule01 state: absent - name: Ensure test hosts are absent ipahostgroup: ipaadmin_password: SomeADMINpassword name: - "{{ 'testhost01.' + ipaserver_domain }}" - "{{ 'testhost02.' + ipaserver_domain }}" - "{{ 'testhost03.' + ipaserver_domain }}" - "{{ 'testhost04.' + ipaserver_domain }}" state: absent - name: Ensure test hostgroups are absent ipahostgroup: ipaadmin_password: SomeADMINpassword name: testhostgroup01,testhostgroup02,testhostgroup03,testhostgroup04 state: absent - name: Ensure test users are absent ipauser: ipaadmin_password: SomeADMINpassword name: testuser01,testuser02,testuser03,testuser04 state: absent - name: Ensure test user groups are absent ipagroup: ipaadmin_password: SomeADMINpassword name: testgroup01,testgroup02,testgroup03,testgroup04 state: absent - name: Ensure test HBAC Services are absent ipahbacsvc: ipaadmin_password: SomeADMINpassword name: testhbacsvc01,testhbacsvc02,testhbacsvc03,testhbacsvc04 state: absent - name: Ensure test HBAC Service Groups are absent ipahbacsvcgroup: ipaadmin_password: SomeADMINpassword name: testhbacsvcgroup01,testhbacsvcgroup02,testhbacsvcgroup03,testhbacsvcgroup04 state: absent