diff --git a/README-dnsforwardzone.md b/README-dnsforwardzone.md
index 32de7bf..8191929 100644
--- a/README-dnsforwardzone.md
+++ b/README-dnsforwardzone.md
@@ -49,7 +49,7 @@ Example playbook to ensure presence of a forwardzone to ipa DNS:
tasks:
- name: ensure presence of forwardzone for DNS requests for example.com to 8.8.8.8
ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
+ ipaadmin_password: password01
state: present
name: example.com
forwarders:
@@ -59,13 +59,13 @@ Example playbook to ensure presence of a forwardzone to ipa DNS:
- name: ensure the forward zone is disabled
ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
+ ipaadmin_password: password01
name: example.com
state: disabled
- name: ensure presence of multiple upstream DNS servers for example.com
ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
+ ipaadmin_password: password01
state: present
name: example.com
forwarders:
@@ -74,7 +74,7 @@ Example playbook to ensure presence of a forwardzone to ipa DNS:
- name: ensure presence of another forwarder to any existing ones for example.com
ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
+ ipaadmin_password: password01
state: present
name: example.com
forwarders:
@@ -83,7 +83,7 @@ Example playbook to ensure presence of a forwardzone to ipa DNS:
- name: ensure the forwarder for example.com does not exists (delete it if needed)
ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
+ ipaadmin_password: password01
name: example.com
state: absent
```
@@ -99,12 +99,9 @@ Variable | Description | Required
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
`name` \| `cn` | Zone name (FQDN). | yes if `state` == `present`
-`forwarders` \| `idnsforwarders` | Per-zone forwarders. A custom port can be specified for each forwarder. Options | no
- | `ip_address`: The forwarder IP address. | yes
- | `port`: The forwarder IP port. | no
-`forwardpolicy` \| `idnsforwardpolicy` | Per-zone conditional forwarding policy. Possible values are `only`, `first`, `none`. Set to "none" to disable forwarding to global forwarder for this zone. In that case, conditional zone forwarders are disregarded. | no
+`forwarders` \| `idnsforwarders` | Per-zone conditional forwarding policy. Possible values are `only`, `first`, `none`) | no
+`forwardpolicy` \| `idnsforwardpolicy` | Per-zone conditional forwarding policy. Set to "none" to disable forwarding to global forwarder for this zone. In that case, conditional zone forwarders are disregarded. | no
`skip_overlap_check` | Force DNS zone creation even if it will overlap with an existing zone. Defaults to False. | no
-`permission` | Allow DNS Forward Zone to be managed. (bool) | no
`action` | Work on group or member level. It can be on of `member` or `dnsforwardzone` and defaults to `dnsforwardzone`. | no
`state` | The state to ensure. It can be one of `present`, `absent`, `enabled` or `disabled`, default: `present`. | yes
diff --git a/README-dnszone.md b/README-dnszone.md
index c5a7ab3..766efe5 100644
--- a/README-dnszone.md
+++ b/README-dnszone.md
@@ -152,46 +152,6 @@ Example playbook to remove a zone:
```
-Example playbook to create a zone for reverse DNS lookup, from an IP address:
-
-```yaml
-
----
-- name: dnszone present
- hosts: ipaserver
- become: true
-
- tasks:
- - name: Ensure zone for reverse DNS lookup is present.
- ipadnszone:
- ipaadmin_password: SomeADMINpassword
- name_from_ip: 192.168.1.2
- state: present
-```
-
-Note that, on the previous example the zone created with `name_from_ip` might be "1.168.192.in-addr.arpa.", "168.192.in-addr.arpa.", or "192.in-addr.arpa.", depending on the DNS response the system get while querying for zones, and for this reason, when creating a zone using `name_from_ip`, the inferred zone name is returned to the controller, in the attribute `dnszone.name`. Since the zone inferred might not be what a user expects, `name_from_ip` can only be used with `state: present`. To have more control over the zone name, the prefix length for the IP address can be provided.
-
-Example playbook to create a zone for reverse DNS lookup, from an IP address, given the prefix length and displaying the resulting zone name:
-
-```yaml
-
----
-- name: dnszone present
- hosts: ipaserver
- become: true
-
- tasks:
- - name: Ensure zone for reverse DNS lookup is present.
- ipadnszone:
- ipaadmin_password: SomeADMINpassword
- name_from_ip: 192.168.1.2/24
- state: present
- register: result
- - name: Display inferred zone name.
- debug:
- msg: "Zone name: {{ result.dnszone.name }}"
-```
-
Variables
=========
@@ -203,8 +163,7 @@ Variable | Description | Required
-------- | ----------- | --------
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
-`name` \| `zone_name` | The zone name string or list of strings. | no
-`name_from_ip` | Derive zone name from reverse of IP (PTR). Can only be used with `state: present`. | no
+`name` \| `zone_name` | The zone name string. | yes
`forwarders` | The list of forwarders dicts. Each `forwarders` dict entry has:| no
| `ip_address` - The IPv4 or IPv6 address of the DNS server. | yes
| `port` - The custom port that should be used on this server. | no
@@ -230,17 +189,6 @@ Variable | Description | Required
`skip_nameserver_check` | Force DNS zone creation even if nameserver is not resolvable | no
-Return Values
-=============
-
-ipadnszone
-----------
-
-Variable | Description | Returned When
--------- | ----------- | -------------
-`dnszone` | DNS Zone dict with zone name infered from `name_from_ip`.
Options: | If `state` is `present`, `name_from_ip` is used, and a zone was created.
- | `name` - The name of the zone created, inferred from `name_from_ip`. | Always
-
Authors
=======
diff --git a/README-vault.md b/README-vault.md
index e7a31a2..c7ae691 100644
--- a/README-vault.md
+++ b/README-vault.md
@@ -165,22 +165,6 @@ Example playbook to make sure vault data is absent in a symmetric vault:
state: absent
```
-Example playbook to change the password of a symmetric:
-
-```yaml
----
-- name: Playbook to handle vaults
- hosts: ipaserver
- become: true
-
- tasks:
- - ipavault:
- ipaadmin_password: SomeADMINpassword
- name: symvault
- old_password: SomeVAULTpassword
- new_password: SomeNEWpassword
-```
-
Example playbook to make sure vault is absent:
```yaml
@@ -197,7 +181,7 @@ Example playbook to make sure vault is absent:
state: absent
register: result
- debug:
- msg: "{{ result.vault.data }}"
+ msg: "{{ result.data }}"
```
Variables
@@ -213,11 +197,8 @@ Variable | Description | Required
`name` \| `cn` | The list of vault name strings. | yes
`description` | The vault description string. | no
`nomembers` | Suppress processing of membership attributes. (bool) | no
-`password` \| `vault_password` \| `ipavaultpassword` \| `old_password`| Vault password. | no
-`password_file` \| `vault_password_file` \| `old_password_file`| File containing Base64 encoded Vault password. | no
-`new_password` | Vault new password. | no
-`new_password_file` | File containing Base64 encoded new Vault password. | no
-`public_key ` \| `vault_public_key` \| `old_password_file` | Base64 encoded vault public key. | no
+`password ` \| `vault_password` \| `ipavaultpassword` | Vault password. | no
+`public_key ` \| `vault_public_key` \| `ipavaultpublickey` | Base64 encoded vault public key. | no
`public_key_file` \| `vault_public_key_file` | Path to file with public key. | no
`private_key `\| `vault_private_key` | Base64 encoded vault private key. Used only to retrieve data. | no
`private_key_file` \| `vault_private_key_file` | Path to file with private key. Used only to retrieve data. | no
@@ -248,11 +229,6 @@ Variable | Description | Returned When
-------- | ----------- | -------------
`data` | The data stored in the vault. | If `state` is `retrieved`.
-Variable | Description | Returned When
--------- | ----------- | -------------
-`vault` | Vault dict with archived data. (dict)
Options: | If `state` is `retrieved`.
- | `data` - The vault data. | Always
-
Notes
=====
diff --git a/playbooks/dnszone/dnszone-reverse-from-ip.yml b/playbooks/dnszone/dnszone-reverse-from-ip.yml
deleted file mode 100644
index 218a318..0000000
--- a/playbooks/dnszone/dnszone-reverse-from-ip.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-- name: Playbook to ensure DNS zone exist
- hosts: ipaserver
- become: true
-
- tasks:
- - name: Ensure zone exist, finding zone name from IP address.
- ipadnszone:
- ipaadmin_password: SomeADMINpassword
- name_from_ip: 10.1.2.3/24
- register: result
-
- - name: Zone name inferred from `name_from_ip`
- debug:
- msg: "Zone created: {{ result.dnszone.name }}"
diff --git a/playbooks/vault/change-password-symmetric-vault.yml b/playbooks/vault/change-password-symmetric-vault.yml
index 396a79f..3871f45 100644
--- a/playbooks/vault/change-password-symmetric-vault.yml
+++ b/playbooks/vault/change-password-symmetric-vault.yml
@@ -10,7 +10,7 @@
ipaadmin_password: SomeADMINpassword
name: symvault
password: SomeVAULTpassword
- - name: Change vault password.
+ - name: Change vault passord.
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
diff --git a/playbooks/vault/retrive-data-asymmetric-vault.yml b/playbooks/vault/retrive-data-asymmetric-vault.yml
index f71f826..5f67c59 100644
--- a/playbooks/vault/retrive-data-asymmetric-vault.yml
+++ b/playbooks/vault/retrive-data-asymmetric-vault.yml
@@ -14,4 +14,4 @@
state: retrieved
register: result
- debug:
- msg: "Data: {{ result.vault.data }}"
+ msg: "Data: {{ result.data }}"
diff --git a/playbooks/vault/retrive-data-symmetric-vault.yml b/playbooks/vault/retrive-data-symmetric-vault.yml
index 24692a8..163f8b9 100644
--- a/playbooks/vault/retrive-data-symmetric-vault.yml
+++ b/playbooks/vault/retrive-data-symmetric-vault.yml
@@ -14,4 +14,4 @@
state: retrieved
register: result
- debug:
- msg: "{{ result.vault.data }}"
+ msg: "{{ result.data | b64decode }}"
diff --git a/plugins/module_utils/ansible_freeipa_module.py b/plugins/module_utils/ansible_freeipa_module.py
index ed8f6f6..122ea2e 100644
--- a/plugins/module_utils/ansible_freeipa_module.py
+++ b/plugins/module_utils/ansible_freeipa_module.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
@@ -505,7 +506,7 @@ class FreeIPABaseModule(AnsibleModule):
# when needed.
self.ipa_params = AnsibleFreeIPAParams(self)
- def get_ipa_command_args(self, **kwargs):
+ def get_ipa_command_args(self):
"""
Return a dict to be passed to an IPA command.
@@ -537,7 +538,7 @@ class FreeIPABaseModule(AnsibleModule):
elif hasattr(self, param_name):
method = getattr(self, param_name)
if callable(method):
- value = method(**kwargs)
+ value = method()
# We don't have a way to guess the value so fail.
else:
@@ -609,16 +610,13 @@ class FreeIPABaseModule(AnsibleModule):
exit the module with proper arguments.
"""
- # TODO: shouldn't we also disconnect from api backend?
- temp_kdestroy(self.ccache_dir, self.ccache_name)
-
- if exc_type == SystemExit:
- raise
-
if exc_val:
self.fail_json(msg=str(exc_val))
- self.exit_json(changed=self.changed, **self.exit_args)
+ # TODO: shouldn't we also disconnect from api backend?
+ temp_kdestroy(self.ccache_dir, self.ccache_name)
+
+ self.exit_json(changed=self.changed, user=self.exit_args)
def get_command_errors(self, command, result):
"""Look for erros into command results."""
@@ -657,21 +655,13 @@ class FreeIPABaseModule(AnsibleModule):
except Exception as excpt:
self.fail_json(msg="%s: %s: %s" % (command, name, str(excpt)))
else:
- self.process_command_result(name, command, args, result)
- self.get_command_errors(command, result)
-
- def process_command_result(self, name, command, args, result):
- """
- Process an API command result.
+ if "completed" in result:
+ if result["completed"] > 0:
+ self.changed = True
+ else:
+ self.changed = True
- This method can be overriden in subclasses, and change self.exit_values
- to return data in the result for the controller.
- """
- if "completed" in result:
- if result["completed"] > 0:
- self.changed = True
- else:
- self.changed = True
+ self.get_command_errors(command, result)
def require_ipa_attrs_change(self, command_args, ipa_attrs):
"""
diff --git a/plugins/modules/ipaconfig.py b/plugins/modules/ipaconfig.py
index 050f7fc..41a6d0a 100644
--- a/plugins/modules/ipaconfig.py
+++ b/plugins/modules/ipaconfig.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/plugins/modules/ipadnsconfig.py b/plugins/modules/ipadnsconfig.py
index 2dca92e..b89344d 100644
--- a/plugins/modules/ipadnsconfig.py
+++ b/plugins/modules/ipadnsconfig.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/plugins/modules/ipadnsforwardzone.py b/plugins/modules/ipadnsforwardzone.py
index 5ed6060..90bd387 100644
--- a/plugins/modules/ipadnsforwardzone.py
+++ b/plugins/modules/ipadnsforwardzone.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
@@ -53,16 +54,9 @@ options:
forwarders:
description:
- List of the DNS servers to forward to
+ required: true
+ type: list
aliases: ["idnsforwarders"]
- options:
- ip_address:
- description: Forwarder IP address (either IPv4 or IPv6).
- required: false
- type: string
- port:
- description: Forwarder port.
- required: false
- type: int
forwardpolicy:
description: Per-zone conditional forwarding policy
required: false
@@ -74,11 +68,6 @@ options:
- Force DNS zone creation even if it will overlap with an existing zone.
required: false
default: false
- permission:
- description:
- - Allow DNS Forward Zone to be managed.
- required: false
- type: bool
'''
EXAMPLES = '''
@@ -139,41 +128,20 @@ def gen_args(forwarders, forwardpolicy, skip_overlap_check):
return _args
-def forwarder_list(forwarders):
- """Convert the forwarder dict into a list compatible with IPA API."""
- if forwarders is None:
- return None
- fwd_list = []
- for forwarder in forwarders:
- if forwarder.get('port', None) is not None:
- formatter = "{ip_address} port {port}"
- else:
- formatter = "{ip_address}"
- fwd_list.append(formatter.format(**forwarder))
- return fwd_list
-
-
def main():
ansible_module = AnsibleModule(
argument_spec=dict(
# general
ipaadmin_principal=dict(type="str", default="admin"),
ipaadmin_password=dict(type="str", required=False, no_log=True),
- name=dict(type="list", aliases=["cn"], default=None,
+ name=dict(type="str", aliases=["cn"], default=None,
required=True),
- forwarders=dict(type="list", default=None, required=False,
- aliases=["idnsforwarders"], elements='dict',
- options=dict(
- ip_address=dict(type='str', required=True),
- port=dict(type='int', required=False,
- default=None),
- )),
+ forwarders=dict(type='list', aliases=["idnsforwarders"],
+ required=False),
forwardpolicy=dict(type='str', aliases=["idnsforwardpolicy"],
required=False,
choices=['only', 'first', 'none']),
skip_overlap_check=dict(type='bool', required=False),
- permission=dict(type='bool', required=False,
- aliases=['managedby']),
action=dict(type="str", default="dnsforwardzone",
choices=["member", "dnsforwardzone"]),
# state
@@ -190,22 +158,14 @@ def main():
"ipaadmin_principal")
ipaadmin_password = module_params_get(ansible_module,
"ipaadmin_password")
- names = module_params_get(ansible_module, "name")
+ name = module_params_get(ansible_module, "name")
action = module_params_get(ansible_module, "action")
- forwarders = forwarder_list(
- module_params_get(ansible_module, "forwarders"))
+ forwarders = module_params_get(ansible_module, "forwarders")
forwardpolicy = module_params_get(ansible_module, "forwardpolicy")
skip_overlap_check = module_params_get(ansible_module,
"skip_overlap_check")
- permission = module_params_get(ansible_module, "permission")
state = module_params_get(ansible_module, "state")
- if state == 'present' and len(names) != 1:
- ansible_module.fail_json(
- msg="Only one dnsforwardzone can be added at a time.")
- if state == 'absent' and len(names) < 1:
- ansible_module.fail_json(msg="No name given.")
-
# absent stae means delete if the action is NOT member but update if it is
# if action is member then update an exisiting resource
# and if action is not member then create a resource
@@ -216,30 +176,18 @@ def main():
else:
operation = "add"
- if state in ["enabled", "disabled"]:
- if action == "member":
- ansible_module.fail_json(
- msg="Action `member` cannot be used with state `%s`"
- % (state))
- invalid = [
- "forwarders", "forwardpolicy", "skip_overlap_check", "permission"
- ]
- for x in invalid:
- if vars()[x] is not None:
- ansible_module.fail_json(
- msg="Argument '%s' can not be used with action "
- "'%s', state `%s`" % (x, action, state))
- wants_enable = (state == "enabled")
+ if state == "disabled":
+ wants_enable = False
+ else:
+ wants_enable = True
if operation == "del":
- invalid = [
- "forwarders", "forwardpolicy", "skip_overlap_check", "permission"
- ]
+ invalid = ["forwarders", "forwardpolicy", "skip_overlap_check"]
for x in invalid:
if vars()[x] is not None:
ansible_module.fail_json(
msg="Argument '%s' can not be used with action "
- "'%s', state `%s`" % (x, action, state))
+ "'%s'" % (x, action))
changed = False
exit_args = {}
@@ -259,116 +207,99 @@ def main():
ipaadmin_password)
api_connect()
- for name in names:
- commands = []
+ # Make sure forwardzone exists
+ existing_resource = find_dnsforwardzone(ansible_module, name)
+
+ if existing_resource is None and operation == "update":
+ # does not exist and is updating
+ # trying to update something that doesn't exist, so error
+ ansible_module.fail_json(msg="""dnsforwardzone '%s' is not
+ valid""" % (name))
+ elif existing_resource is None and operation == "del":
+ # does not exists and should be absent
+ # set command
command = None
-
- # Make sure forwardzone exists
- existing_resource = find_dnsforwardzone(ansible_module, name)
-
- # validate parameters
- if state == 'present':
- if existing_resource is None and not forwarders:
- ansible_module.fail_json(msg='No forwarders specified.')
-
- if existing_resource is None:
- if operation == "add":
- # does not exist but should be present
- # determine args
- args = gen_args(forwarders, forwardpolicy,
- skip_overlap_check)
- # set command
- command = "dnsforwardzone_add"
- # enabled or disabled?
-
- elif operation == "update":
- # does not exist and is updating
- # trying to update something that doesn't exist, so error
- ansible_module.fail_json(
- msg="dnsforwardzone '%s' not found." % (name))
-
- elif operation == "del":
- # there's nothnig to do.
- continue
-
- else: # existing_resource is not None
- if state != "absent":
- if forwarders:
- forwarders = list(
- set(existing_resource["idnsforwarders"]
- + forwarders))
- else:
- if forwarders:
- forwarders = list(
- set(existing_resource["idnsforwarders"])
- - set(forwarders))
-
- if operation == "add":
- # exists and should be present, has it changed?
- # determine args
- args = gen_args(
- forwarders, forwardpolicy, skip_overlap_check)
- if 'skip_overlap_check' in args:
- del args['skip_overlap_check']
-
- # set command
- if not compare_args_ipa(
- ansible_module, args, existing_resource):
- command = "dnsforwardzone_mod"
-
- elif operation == "del":
- # exists but should be absent
- # set command
- command = "dnsforwardzone_del"
- args = {}
-
- elif operation == "update":
- # exists and is updating
- # calculate the new forwarders and mod
- args = gen_args(
- forwarders, forwardpolicy, skip_overlap_check)
- if "skip_overlap_check" in args:
- del args['skip_overlap_check']
-
- # command
- if not compare_args_ipa(
- ansible_module, args, existing_resource):
- command = "dnsforwardzone_mod"
-
- if state in ['enabled', 'disabled']:
- if existing_resource is not None:
- is_enabled = existing_resource["idnszoneactive"][0]
- else:
- ansible_module.fail_json(
- msg="dnsforwardzone '%s' not found." % (name))
-
- # does the enabled state match what we want (if we care)
- if is_enabled != "IGNORE":
- if wants_enable and is_enabled != "TRUE":
- commands.append([name, "dnsforwardzone_enable", {}])
- elif not wants_enable and is_enabled != "FALSE":
- commands.append([name, "dnsforwardzone_disable", {}])
-
- # if command is set...
- if command is not None:
- commands.append([name, command, args])
-
- if permission is not None:
- if existing_resource is None:
- managedby = None
- else:
- managedby = existing_resource.get('managedby', None)
- if permission and managedby is None:
- commands.append(
- [name, 'dnsforwardzone_add_permission', {}]
- )
- elif not permission and managedby is not None:
- commands.append(
- [name, 'dnsforwardzone_remove_permission', {}]
- )
-
- for name, command, args in commands:
- api_command(ansible_module, command, name, args)
+ # enabled or disabled?
+ is_enabled = "IGNORE"
+ elif existing_resource is not None and operation == "del":
+ # exists but should be absent
+ # set command
+ command = "dnsforwardzone_del"
+ # enabled or disabled?
+ is_enabled = "IGNORE"
+ elif forwarders is None:
+ # forwarders are not defined its not a delete, update state?
+ # set command
+ command = None
+ # enabled or disabled?
+ if existing_resource is not None:
+ is_enabled = existing_resource["idnszoneactive"][0]
+ else:
+ is_enabled = "IGNORE"
+ elif existing_resource is not None and operation == "update":
+ # exists and is updating
+ # calculate the new forwarders and mod
+ # determine args
+ if state != "absent":
+ forwarders = list(set(existing_resource["idnsforwarders"]
+ + forwarders))
+ else:
+ forwarders = list(set(existing_resource["idnsforwarders"])
+ - set(forwarders))
+ args = gen_args(forwarders, forwardpolicy,
+ skip_overlap_check)
+ if skip_overlap_check is not None:
+ del args['skip_overlap_check']
+
+ # command
+ if not compare_args_ipa(ansible_module, args, existing_resource):
+ command = "dnsforwardzone_mod"
+ else:
+ command = None
+
+ # enabled or disabled?
+ is_enabled = existing_resource["idnszoneactive"][0]
+
+ elif existing_resource is None and operation == "add":
+ # does not exist but should be present
+ # determine args
+ args = gen_args(forwarders, forwardpolicy,
+ skip_overlap_check)
+ # set command
+ command = "dnsforwardzone_add"
+ # enabled or disabled?
+ is_enabled = "TRUE"
+
+ elif existing_resource is not None and operation == "add":
+ # exists and should be present, has it changed?
+ # determine args
+ args = gen_args(forwarders, forwardpolicy, skip_overlap_check)
+ if skip_overlap_check is not None:
+ del args['skip_overlap_check']
+
+ # set command
+ if not compare_args_ipa(ansible_module, args, existing_resource):
+ command = "dnsforwardzone_mod"
+ else:
+ command = None
+
+ # enabled or disabled?
+ is_enabled = existing_resource["idnszoneactive"][0]
+
+ # if command is set then run it with the args
+ if command is not None:
+ api_command(ansible_module, command, name, args)
+ changed = True
+
+ # does the enabled state match what we want (if we care)
+ if is_enabled != "IGNORE":
+ if wants_enable and is_enabled != "TRUE":
+ api_command(ansible_module, "dnsforwardzone_enable",
+ name, {})
+ changed = True
+ elif not wants_enable and is_enabled != "FALSE":
+ api_command(ansible_module, "dnsforwardzone_disable",
+ name, {})
changed = True
except Exception as e:
diff --git a/plugins/modules/ipadnsrecord.py b/plugins/modules/ipadnsrecord.py
index 2f63919..89528e5 100644
--- a/plugins/modules/ipadnsrecord.py
+++ b/plugins/modules/ipadnsrecord.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/plugins/modules/ipadnszone.py b/plugins/modules/ipadnszone.py
index ed0c241..717978e 100644
--- a/plugins/modules/ipadnszone.py
+++ b/plugins/modules/ipadnszone.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
@@ -40,14 +41,8 @@ options:
name:
description: The zone name string.
required: true
- type: list
- alises: ["zone_name"]
- name_from_ip:
- description: |
- Derive zone name from reverse of IP (PTR).
- Can only be used with `state: present`.
- required: false
type: str
+ alises: ["zone_name"]
forwarders:
description: The list of global DNS forwarders.
required: false
@@ -193,14 +188,6 @@ EXAMPLES = """
"""
RETURN = """
-dnszone:
- description: DNS Zone dict with zone name infered from `name_from_ip`.
- returned:
- If `state` is `present`, `name_from_ip` is used, and a zone was created.
- options:
- name:
- description: The name of the zone created, inferred from `name_from_ip`.
- returned: always
"""
from ipapython.dnsutil import DNSName # noqa: E402
@@ -210,12 +197,6 @@ from ansible.module_utils.ansible_freeipa_module import (
is_ipv6_addr,
is_valid_port,
) # noqa: E402
-import netaddr
-import six
-
-
-if six.PY3:
- unicode = str
class DNSZoneModule(FreeIPABaseModule):
@@ -287,7 +268,7 @@ class DNSZoneModule(FreeIPABaseModule):
return True
- def get_ipa_nsec3paramrecord(self, **kwargs):
+ def get_ipa_nsec3paramrecord(self):
nsec3param_rec = self.ipa_params.nsec3param_rec
if nsec3param_rec is not None:
error_msg = (
@@ -299,7 +280,7 @@ class DNSZoneModule(FreeIPABaseModule):
self.fail_json(msg=error_msg)
return nsec3param_rec
- def get_ipa_idnsforwarders(self, **kwargs):
+ def get_ipa_idnsforwarders(self):
if self.ipa_params.forwarders is not None:
forwarders = []
for forwarder in self.ipa_params.forwarders:
@@ -323,14 +304,14 @@ class DNSZoneModule(FreeIPABaseModule):
return forwarders
- def get_ipa_idnsallowtransfer(self, **kwargs):
+ def get_ipa_idnsallowtransfer(self):
if self.ipa_params.allow_transfer is not None:
error_msg = "Invalid ip_address for DNS allow_transfer: %s"
self.validate_ips(self.ipa_params.allow_transfer, error_msg)
return (";".join(self.ipa_params.allow_transfer) or "none") + ";"
- def get_ipa_idnsallowquery(self, **kwargs):
+ def get_ipa_idnsallowquery(self):
if self.ipa_params.allow_query is not None:
error_msg = "Invalid ip_address for DNS allow_query: %s"
self.validate_ips(self.ipa_params.allow_query, error_msg)
@@ -353,141 +334,81 @@ class DNSZoneModule(FreeIPABaseModule):
return ".".join((name, domain))
- def get_ipa_idnssoarname(self, **kwargs):
+ def get_ipa_idnssoarname(self):
if self.ipa_params.admin_email is not None:
return DNSName(
self._replace_at_symbol_in_rname(self.ipa_params.admin_email)
)
- def get_ipa_idnssoamname(self, **kwargs):
+ def get_ipa_idnssoamname(self):
if self.ipa_params.name_server is not None:
return DNSName(self.ipa_params.name_server)
- def get_ipa_skip_overlap_check(self, **kwargs):
- zone = kwargs.get('zone')
- if not zone and self.ipa_params.skip_overlap_check is not None:
+ def get_ipa_skip_overlap_check(self):
+ if not self.zone and self.ipa_params.skip_overlap_check is not None:
return self.ipa_params.skip_overlap_check
- def get_ipa_skip_nameserver_check(self, **kwargs):
- zone = kwargs.get('zone')
- if not zone and self.ipa_params.skip_nameserver_check is not None:
+ def get_ipa_skip_nameserver_check(self):
+ if not self.zone and self.ipa_params.skip_nameserver_check is not None:
return self.ipa_params.skip_nameserver_check
- def __reverse_zone_name(self, ipaddress):
- """
- Infer reverse zone name from an ip address.
-
- This function uses the same heuristics as FreeIPA to infer the zone
- name from ip.
- """
- try:
- ip = netaddr.IPAddress(str(ipaddress))
- except (netaddr.AddrFormatError, ValueError):
- net = netaddr.IPNetwork(ipaddress)
- items = net.ip.reverse_dns.split('.')
- prefixlen = net.prefixlen
- ip_version = net.version
- else:
- items = ip.reverse_dns.split('.')
- prefixlen = 24 if ip.version == 4 else 64
- ip_version = ip.version
- if ip_version == 4:
- return u'.'.join(items[4 - prefixlen // 8:])
- elif ip_version == 6:
- return u'.'.join(items[32 - prefixlen // 4:])
- else:
- self.fail_json(msg="Invalid IP version for reverse zone.")
-
def get_zone(self, zone_name):
get_zone_args = {"idnsname": zone_name, "all": True}
response = self.api_command("dnszone_find", args=get_zone_args)
- zone = None
- is_zone_active = False
-
if response["count"] == 1:
- zone = response["result"][0]
- is_zone_active = zone.get("idnszoneactive") == ["TRUE"]
+ self.zone = response["result"][0]
+ self.is_zone_active = self.zone.get("idnszoneactive") == ["TRUE"]
+ return self.zone
- return zone, is_zone_active
-
- def get_zone_names(self):
- zone_names = self.__get_zone_names_from_params()
- if len(zone_names) > 1 and self.ipa_params.state != "absent":
- self.fail_json(
- msg=("Please provide a single name. Multiple values for 'name'"
- "can only be supplied for state 'absent'.")
- )
+ # Zone doesn't exist yet
+ self.zone = None
+ self.is_zone_active = False
- return zone_names
-
- def __get_zone_names_from_params(self):
- if not self.ipa_params.name:
- return [self.__reverse_zone_name(self.ipa_params.name_from_ip)]
+ @property
+ def zone_name(self):
return self.ipa_params.name
- def check_ipa_params(self):
- if not self.ipa_params.name and not self.ipa_params.name_from_ip:
- self.fail_json(
- msg="Either `name` or `name_from_ip` must be provided."
- )
- if self.ipa_params.state != "present" and self.ipa_params.name_from_ip:
- self.fail_json(
- msg=(
- "Cannot use argument `name_from_ip` with state `%s`."
- % self.ipa_params.state
- )
- )
-
def define_ipa_commands(self):
- for zone_name in self.get_zone_names():
- # Look for existing zone in IPA
- zone, is_zone_active = self.get_zone(zone_name)
- args = self.get_ipa_command_args(zone=zone)
- just_added = False
-
- if self.ipa_params.state in ["present", "enabled", "disabled"]:
- if not zone:
- # Since the zone doesn't exist we just create it
- # with given args
- self.add_ipa_command("dnszone_add", zone_name, args)
- is_zone_active = True
- just_added = True
-
- else:
- # Zone already exist so we need to verify if given args
- # matches the current config. If not we updated it.
- if self.require_ipa_attrs_change(args, zone):
- self.add_ipa_command("dnszone_mod", zone_name, args)
-
- if self.ipa_params.state == "enabled" and not is_zone_active:
- self.add_ipa_command("dnszone_enable", zone_name)
-
- if self.ipa_params.state == "disabled" and is_zone_active:
- self.add_ipa_command("dnszone_disable", zone_name)
-
- if self.ipa_params.state == "absent":
- if zone:
- self.add_ipa_command("dnszone_del", zone_name)
-
- # Due to a bug in FreeIPA dnszone-add won't set
- # SOA Serial. The good news is that dnszone-mod does the job.
- # See: https://pagure.io/freeipa/issue/8227
- # Because of that, if the zone was just added with a given serial
- # we run mod just after to workaround the bug
- if just_added and self.ipa_params.serial is not None:
- args = {
- "idnssoaserial": self.ipa_params.serial,
- }
- self.add_ipa_command("dnszone_mod", zone_name, args)
-
- def process_command_result(self, name, command, args, result):
- super(DNSZoneModule, self).process_command_result(
- name, command, args, result
- )
- if command == "dnszone_add" and self.ipa_params.name_from_ip:
- dnszone_exit_args = self.exit_args.setdefault('dnszone', {})
- dnszone_exit_args['name'] = name
+ # Look for existing zone in IPA
+ self.get_zone(self.zone_name)
+ args = self.get_ipa_command_args()
+ just_added = False
+
+ if self.ipa_params.state in ["present", "enabled", "disabled"]:
+ if not self.zone:
+ # Since the zone doesn't exist we just create it
+ # with given args
+ self.add_ipa_command("dnszone_add", self.zone_name, args)
+ self.is_zone_active = True
+ just_added = True
+
+ else:
+ # Zone already exist so we need to verify if given args
+ # matches the current config. If not we updated it.
+ if self.require_ipa_attrs_change(args, self.zone):
+ self.add_ipa_command("dnszone_mod", self.zone_name, args)
+
+ if self.ipa_params.state == "enabled" and not self.is_zone_active:
+ self.add_ipa_command("dnszone_enable", self.zone_name)
+
+ if self.ipa_params.state == "disabled" and self.is_zone_active:
+ self.add_ipa_command("dnszone_disable", self.zone_name)
+
+ if self.ipa_params.state == "absent":
+ if self.zone:
+ self.add_ipa_command("dnszone_del", self.zone_name)
+
+ # Due to a bug in FreeIPA dnszone-add won't set
+ # SOA Serial. The good news is that dnszone-mod does the job.
+ # See: https://pagure.io/freeipa/issue/8227
+ # Because of that, if the zone was just added with a given serial
+ # we run mod just after to workaround the bug
+ if just_added and self.ipa_params.serial is not None:
+ args = {
+ "idnssoaserial": self.ipa_params.serial,
+ }
+ self.add_ipa_command("dnszone_mod", self.zone_name, args)
def get_argument_spec():
@@ -505,9 +426,8 @@ def get_argument_spec():
ipaadmin_principal=dict(type="str", default="admin"),
ipaadmin_password=dict(type="str", required=False, no_log=True),
name=dict(
- type="list", default=None, required=False, aliases=["zone_name"]
+ type="str", default=None, required=True, aliases=["zone_name"]
),
- name_from_ip=dict(type="str", default=None, required=False),
forwarders=dict(
type="list",
default=None,
@@ -547,11 +467,7 @@ def get_argument_spec():
def main():
- DNSZoneModule(
- argument_spec=get_argument_spec(),
- mutually_exclusive=[["name", "name_from_ip"]],
- required_one_of=[["name", "name_from_ip"]],
- ).ipa_run()
+ DNSZoneModule(argument_spec=get_argument_spec()).ipa_run()
if __name__ == "__main__":
diff --git a/plugins/modules/ipagroup.py b/plugins/modules/ipagroup.py
index 4a137f6..915bc49 100644
--- a/plugins/modules/ipagroup.py
+++ b/plugins/modules/ipagroup.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
@@ -506,15 +507,16 @@ def main():
# All "already a member" and "not a member" failures in the
# result are ignored. All others are reported.
errors = []
- for failed_item in result.get("failed", []):
- failed = result["failed"][failed_item]
- for member_type in failed:
- for member, failure in failed[member_type]:
- if "already a member" in failure \
- or "not a member" in failure:
- continue
- errors.append("%s: %s %s: %s" % (
- command, member_type, member, failure))
+ if "failed" in result and len(result["failed"]) > 0:
+ for item in result["failed"]:
+ failed_item = result["failed"][item]
+ for member_type in failed_item:
+ for member, failure in failed_item[member_type]:
+ if "already a member" in failure \
+ or "not a member" in failure:
+ continue
+ errors.append("%s: %s %s: %s" % (
+ command, member_type, member, failure))
if len(errors) > 0:
ansible_module.fail_json(msg=", ".join(errors))
diff --git a/plugins/modules/ipahbacrule.py b/plugins/modules/ipahbacrule.py
index a1b5e8f..12725c7 100644
--- a/plugins/modules/ipahbacrule.py
+++ b/plugins/modules/ipahbacrule.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/plugins/modules/ipahbacsvc.py b/plugins/modules/ipahbacsvc.py
index 50693c1..969a62e 100644
--- a/plugins/modules/ipahbacsvc.py
+++ b/plugins/modules/ipahbacsvc.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/plugins/modules/ipahbacsvcgroup.py b/plugins/modules/ipahbacsvcgroup.py
index ee0b250..d55dc13 100644
--- a/plugins/modules/ipahbacsvcgroup.py
+++ b/plugins/modules/ipahbacsvcgroup.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/plugins/modules/ipahost.py b/plugins/modules/ipahost.py
index 0beac40..7a981f1 100644
--- a/plugins/modules/ipahost.py
+++ b/plugins/modules/ipahost.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
@@ -798,15 +799,10 @@ def main():
server_realm = api_get_realm()
commands = []
- host_set = set()
for host in names:
if isinstance(host, dict):
name = host.get("name")
- if name in host_set:
- ansible_module.fail_json(
- msg="host '%s' is used more than once" % name)
- host_set.add(name)
description = host.get("description")
locality = host.get("locality")
location = host.get("location")
@@ -1341,8 +1337,6 @@ def main():
else:
ansible_module.fail_json(msg="Unkown state '%s'" % state)
- del host_set
-
# Execute commands
errors = []
diff --git a/plugins/modules/ipahostgroup.py b/plugins/modules/ipahostgroup.py
index ff8761e..4c18e94 100644
--- a/plugins/modules/ipahostgroup.py
+++ b/plugins/modules/ipahostgroup.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
@@ -422,15 +423,14 @@ def main():
# All "already a member" and "not a member" failures in the
# result are ignored. All others are reported.
errors = []
- for failed_item in result.get("failed", []):
- failed = result["failed"][failed_item]
+ if "failed" in result and "member" in result["failed"]:
+ failed = result["failed"]["member"]
for member_type in failed:
for member, failure in failed[member_type]:
- if "already a member" in failure \
- or "not a member" in failure:
- continue
- errors.append("%s: %s %s: %s" % (
- command, member_type, member, failure))
+ if "already a member" not in failure \
+ and "not a member" not in failure:
+ errors.append("%s: %s %s: %s" % (
+ command, member_type, member, failure))
if len(errors) > 0:
ansible_module.fail_json(msg=", ".join(errors))
diff --git a/plugins/modules/ipapwpolicy.py b/plugins/modules/ipapwpolicy.py
index c2e4704..0d68fb1 100644
--- a/plugins/modules/ipapwpolicy.py
+++ b/plugins/modules/ipapwpolicy.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/plugins/modules/ipaservice.py b/plugins/modules/ipaservice.py
index 3503726..23a0d6b 100644
--- a/plugins/modules/ipaservice.py
+++ b/plugins/modules/ipaservice.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
@@ -459,7 +460,7 @@ def main():
allow_retrieve_keytab_group = module_params_get(
ansible_module, "allow_retrieve_keytab_group")
allow_retrieve_keytab_host = module_params_get(
- ansible_module, "allow_retrieve_keytab_host")
+ ansible_module, "allow_create_keytab_host")
allow_retrieve_keytab_hostgroup = module_params_get(
ansible_module, "allow_retrieve_keytab_hostgroup")
delete_continue = module_params_get(ansible_module, "delete_continue")
@@ -726,7 +727,7 @@ def main():
# Allow retrieve keytab
if len(allow_retrieve_keytab_user_add) > 0 or \
len(allow_retrieve_keytab_group_add) > 0 or \
- len(allow_retrieve_keytab_host_add) > 0 or \
+ len(allow_retrieve_keytab_hostgroup_add) > 0 or \
len(allow_retrieve_keytab_hostgroup_add) > 0:
commands.append(
[name, "service_allow_retrieve_keytab",
@@ -811,11 +812,9 @@ def main():
elif state == "disabled":
if action == "service":
- if res_find is not None:
- has_cert = bool(res_find.get('usercertificate'))
- has_keytab = res_find.get('has_keytab', False)
- if has_cert or has_keytab:
- commands.append([name, 'service_disable', {}])
+ if res_find is not None and \
+ len(res_find.get('usercertificate', [])) > 0:
+ commands.append([name, 'service_disable', {}])
else:
ansible_module.fail_json(
msg="Invalid action '%s' for state '%s'" %
diff --git a/plugins/modules/ipasudocmd.py b/plugins/modules/ipasudocmd.py
index f6f3bd5..7494793 100644
--- a/plugins/modules/ipasudocmd.py
+++ b/plugins/modules/ipasudocmd.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/plugins/modules/ipasudocmdgroup.py b/plugins/modules/ipasudocmdgroup.py
index 75e1e5f..a5b0e4e 100644
--- a/plugins/modules/ipasudocmdgroup.py
+++ b/plugins/modules/ipasudocmdgroup.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/plugins/modules/ipasudorule.py b/plugins/modules/ipasudorule.py
index c810a18..741028c 100644
--- a/plugins/modules/ipasudorule.py
+++ b/plugins/modules/ipasudorule.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/plugins/modules/ipatopologysegment.py b/plugins/modules/ipatopologysegment.py
index ee7dbb4..5740cde 100644
--- a/plugins/modules/ipatopologysegment.py
+++ b/plugins/modules/ipatopologysegment.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/plugins/modules/ipatopologysuffix.py b/plugins/modules/ipatopologysuffix.py
index ce65304..ab1e413 100644
--- a/plugins/modules/ipatopologysuffix.py
+++ b/plugins/modules/ipatopologysuffix.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/plugins/modules/ipauser.py b/plugins/modules/ipauser.py
index 4169376..b8152ee 100644
--- a/plugins/modules/ipauser.py
+++ b/plugins/modules/ipauser.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
@@ -957,15 +958,10 @@ def main():
# commands
commands = []
- user_set = set()
for user in names:
if isinstance(user, dict):
name = user.get("name")
- if name in user_set:
- ansible_module.fail_json(
- msg="user '%s' is used more than once" % name)
- user_set.add(name)
# present
first = user.get("first")
last = user.get("last")
@@ -1374,8 +1370,6 @@ def main():
else:
ansible_module.fail_json(msg="Unkown state '%s'" % state)
- del user_set
-
# Execute commands
errors = []
diff --git a/plugins/modules/ipavault.py b/plugins/modules/ipavault.py
index 4c3b0a2..ad5dd41 100644
--- a/plugins/modules/ipavault.py
+++ b/plugins/modules/ipavault.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
@@ -68,20 +69,12 @@ options:
description: password to be used on symmetric vault.
required: false
type: string
- aliases: ["ipavaultpassword", "vault_password", "old_password"]
+ aliases: ["ipavaultpassword", "vault_password"]
password_file:
description: file with password to be used on symmetric vault.
required: false
type: string
- aliases: ["vault_password_file", "old_password_file"]
- new_password:
- description: new password to be used on symmetric vault.
- required: false
- type: string
- new_password_file:
- description: file with new password to be used on symmetric vault.
- required: false
- type: string
+ aliases: ["vault_password_file"]
salt:
description: Vault salt.
required: false
@@ -242,15 +235,7 @@ EXAMPLES = """
state: retrieved
register: result
- debug:
- msg: "{{ result.vault.data }}"
-
-# Change password of a symmetric vault
-- ipavault:
- ipaadmin_password: SomeADMINpassword
- name: symvault
- username: admin
- old_password: SomeVAULTpassword
- new_password: SomeNEWpassword
+ msg: "{{ result.data | b64decode }}"
# Ensure vault symvault is absent
- ipavault:
@@ -266,7 +251,7 @@ EXAMPLES = """
username: user01
description: An asymmetric vault
vault_type: asymmetric
- public_key: |
+ public_key:
LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTR
HTkFEQ0JpUUtCZ1FDdGFudjRkK3ptSTZ0T3ova1RXdGowY3AxRAowUENoYy8vR0pJMTUzTi
9CN3UrN0h3SXlRVlZoNUlXZG1UcCtkWXYzd09yeVpPbzYvbHN5eFJaZ2pZRDRwQ3VGCjlxM
@@ -302,15 +287,10 @@ EXAMPLES = """
"""
RETURN = """
-vault:
- description: Vault dict with archived data.
- returned: If state is `retrieved`.
- type: dict
- options:
- data:
- description: The vault data.
- returned: always
- type: string
+user:
+ description: The vault data.
+ returned: If state is retrieved.
+ type: string
"""
import os
@@ -436,29 +416,18 @@ def check_parameters(module, state, action, description, username, service,
shared, users, groups, services, owners, ownergroups,
ownerservices, vault_type, salt, password, password_file,
public_key, public_key_file, private_key,
- private_key_file, vault_data, datafile_in, datafile_out,
- new_password, new_password_file):
+ private_key_file, vault_data, datafile_in, datafile_out):
invalid = []
if state == "present":
invalid = ['private_key', 'private_key_file', 'datafile_out']
- if all([password, password_file]) \
- or all([new_password, new_password_file]):
- module.fail_json(msg="Password specified multiple times.")
-
- if any([new_password, new_password_file]) \
- and not any([password, password_file]):
- module.fail_json(
- msg="Either `password` or `password_file` must be provided to "
- "change symmetric vault password.")
-
if action == "member":
invalid.extend(['description'])
elif state == "absent":
invalid = ['description', 'salt', 'vault_type', 'private_key',
'private_key_file', 'datafile_in', 'datafile_out',
- 'vault_data', 'new_password', 'new_password_file']
+ 'vault_data']
if action == "vault":
invalid.extend(['users', 'groups', 'services', 'owners',
@@ -468,7 +437,7 @@ def check_parameters(module, state, action, description, username, service,
elif state == "retrieved":
invalid = ['description', 'salt', 'datafile_in', 'users', 'groups',
'owners', 'ownergroups', 'public_key', 'public_key_file',
- 'vault_data', 'new_password', 'new_password_file']
+ 'vault_data']
if action == 'member':
module.fail_json(
msg="State `retrieved` do not support action `member`.")
@@ -489,19 +458,11 @@ def check_parameters(module, state, action, description, username, service,
def check_encryption_params(module, state, action, vault_type, salt,
password, password_file, public_key,
public_key_file, private_key, private_key_file,
- vault_data, datafile_in, datafile_out,
- new_password, new_password_file, res_find):
+ vault_data, datafile_in, datafile_out, res_find):
vault_type_invalid = []
-
- if vault_type is None and res_find is not None:
- vault_type = res_find['ipavaulttype']
- if isinstance(vault_type, (tuple, list)):
- vault_type = vault_type[0]
-
if vault_type == "standard":
vault_type_invalid = ['public_key', 'public_key_file', 'password',
- 'password_file', 'salt', 'new_password',
- 'new_password_file']
+ 'password_file', 'salt']
if vault_type is None or vault_type == "symmetric":
vault_type_invalid = ['public_key', 'public_key_file',
@@ -512,24 +473,8 @@ def check_encryption_params(module, state, action, vault_type, salt,
msg="Symmetric vault requires password or password_file "
"to store data or change `salt`.")
- if any([new_password, new_password_file]) and res_find is None:
- module.fail_json(
- msg="Cannot modify password of inexistent vault.")
-
- if (
- salt is not None
- and not(
- any([password, password_file])
- and any([new_password, new_password_file])
- )
- ):
- module.fail_json(
- msg="Vault `salt` can only change when changing the password.")
-
if vault_type == "asymmetric":
- vault_type_invalid = [
- 'password', 'password_file', 'new_password', 'new_password_file'
- ]
+ vault_type_invalid = ['password', 'password_file']
if not any([public_key, public_key_file]) and res_find is None:
module.fail_json(
msg="Assymmetric vault requires public_key "
@@ -542,43 +487,6 @@ def check_encryption_params(module, state, action, vault_type, salt,
(param, vault_type or 'symmetric'))
-def change_password(module, res_find, password, password_file, new_password,
- new_password_file):
- """
- Change the password of a symmetric vault.
-
- To change the password of a vault, it is needed to retrieve the stored
- data with the current password, and store the data again, with the new
- password, forcing it to override the old one.
- """
- # verify parameters.
- if not any([new_password, new_password_file]):
- return []
- if res_find["ipavaulttype"][0] != "symmetric":
- module.fail_json(msg="Cannot change password of `%s` vault."
- % res_find["ipavaulttype"])
-
- # prepare arguments to retrieve data.
- name = res_find["cn"][0]
- args = {}
- if password:
- args["password"] = password
- if password_file:
- args["password"] = password_file
- # retrieve current stored data
- result = api_command(module, 'vault_retrieve', name, args)
- args['data'] = result['result']['data']
-
- # modify arguments to store data with new password.
- if password:
- args["password"] = new_password
- if password_file:
- args["password"] = new_password_file
- args["override_password"] = True
- # return the command to store data with the new password.
- return [(name, "vault_archive", args)]
-
-
def main():
ansible_module = AnsibleModule(
argument_spec=dict(
@@ -625,18 +533,10 @@ def main():
datafile_out=dict(type="str", required=False, default=None,
aliases=['out']),
vault_password=dict(type="str", required=False, default=None,
- no_log=True,
- aliases=['ipavaultpassword', 'password',
- "old_password"]),
+ aliases=['ipavaultpassword', 'password'],
+ no_log=True),
vault_password_file=dict(type="str", required=False, default=None,
- no_log=False,
- aliases=[
- 'password_file', "old_password_file"
- ]),
- new_password=dict(type="str", required=False, default=None,
- no_log=True),
- new_password_file=dict(type="str", required=False, default=None,
- no_log=False),
+ no_log=False, aliases=['password_file']),
# state
action=dict(type="str", default="vault",
choices=["vault", "data", "member"]),
@@ -646,7 +546,6 @@ def main():
supports_check_mode=True,
mutually_exclusive=[['username', 'service', 'shared'],
['datafile_in', 'vault_data'],
- ['new_password', 'new_password_file'],
['vault_password', 'vault_password_file'],
['vault_public_key', 'vault_public_key_file']],
)
@@ -677,8 +576,6 @@ def main():
salt = module_params_get(ansible_module, "vault_salt")
password = module_params_get(ansible_module, "vault_password")
password_file = module_params_get(ansible_module, "vault_password_file")
- new_password = module_params_get(ansible_module, "new_password")
- new_password_file = module_params_get(ansible_module, "new_password_file")
public_key = module_params_get(ansible_module, "vault_public_key")
public_key_file = module_params_get(ansible_module,
"vault_public_key_file")
@@ -717,8 +614,7 @@ def main():
service, shared, users, groups, services, owners,
ownergroups, ownerservices, vault_type, salt, password,
password_file, public_key, public_key_file, private_key,
- private_key_file, vault_data, datafile_in, datafile_out,
- new_password, new_password_file)
+ private_key_file, vault_data, datafile_in, datafile_out)
# Init
changed = False
@@ -764,7 +660,7 @@ def main():
ansible_module, state, action, vault_type, salt, password,
password_file, public_key, public_key_file, private_key,
private_key_file, vault_data, datafile_in, datafile_out,
- new_password, new_password_file, res_find)
+ res_find)
# Found the vault
if action == "vault":
@@ -777,12 +673,7 @@ def main():
commands.append([name, "vault_mod_internal", args])
else:
- if vault_type == 'symmetric' \
- and 'ipavaultsalt' not in args:
- args['ipavaultsalt'] = os.urandom(32)
-
commands.append([name, "vault_add_internal", args])
-
if vault_type != 'standard' and vault_data is None:
vault_data = ''
@@ -830,6 +721,7 @@ def main():
owner_add_args = gen_member_args(
args, owner_add, ownergroups_add, ownerservice_add)
if owner_add_args is not None:
+ # ansible_module.warn("OWNER ADD: %s" % owner_add_args)
commands.append(
[name, 'vault_add_owner', owner_add_args])
@@ -837,9 +729,18 @@ def main():
owner_del_args = gen_member_args(
args, owner_del, ownergroups_del, ownerservice_del)
if owner_del_args is not None:
+ # ansible_module.warn("OWNER DEL: %s" % owner_del_args)
commands.append(
[name, 'vault_remove_owner', owner_del_args])
+ if vault_type == 'symmetric' \
+ and 'ipavaultsalt' not in args:
+ args['ipavaultsalt'] = os.urandom(32)
+
+ if vault_type == 'symmetric' \
+ and 'ipavaultsalt' not in args:
+ args['ipavaultsalt'] = os.urandom(32)
+
elif action in "member":
# Add users and groups
if any([users, groups, services]):
@@ -857,22 +758,19 @@ def main():
if any([vault_data, datafile_in]):
commands.append([name, "vault_archive", pwdargs])
- cmds = change_password(
- ansible_module, res_find, password, password_file,
- new_password, new_password_file)
- commands.extend(cmds)
-
elif state == "retrieved":
if res_find is None:
ansible_module.fail_json(
msg="Vault `%s` not found to retrieve data." % name)
+ vault_type = res_find['cn']
+
# verify data encription args
check_encryption_params(
ansible_module, state, action, vault_type, salt, password,
password_file, public_key, public_key_file, private_key,
private_key_file, vault_data, datafile_in, datafile_out,
- new_password, new_password_file, res_find)
+ res_find)
pwdargs = data_storage_args(
args, vault_data, password, password_file, private_key,
@@ -915,6 +813,7 @@ def main():
errors = []
for name, command, args in commands:
try:
+ # ansible_module.warn("RUN: %s %s %s" % (command, name, args))
result = api_command(ansible_module, command, name, args)
if command == 'vault_archive':
@@ -923,15 +822,14 @@ def main():
if 'result' not in result:
raise Exception("No result obtained.")
if 'data' in result['result']:
- data_return = exit_args.setdefault('vault', {})
- data_return['data'] = result['result']['data']
+ exit_args['data'] = result['result']['data']
elif 'vault_data' in result['result']:
- data_return = exit_args.setdefault('vault', {})
- data_return['data'] = result['result']['vault_data']
+ exit_args['data'] = result['result']['vault_data']
else:
raise Exception("No data retrieved.")
changed = False
else:
+ # ansible_module.warn("RESULT: %s" % (result))
if "completed" in result:
if result["completed"] > 0:
changed = True
diff --git a/roles/ipaclient/action_plugins/ipaclient_get_otp.py b/roles/ipaclient/action_plugins/ipaclient_get_otp.py
index 8e04ad9..dcddc0a 100644
--- a/roles/ipaclient/action_plugins/ipaclient_get_otp.py
+++ b/roles/ipaclient/action_plugins/ipaclient_get_otp.py
@@ -164,8 +164,7 @@ class ActionModule(ActionBase):
return result
data = self._execute_module(module_name='ipaclient_get_facts',
- module_args=dict(), task_vars=task_vars)
-
+ module_args=dict(), task_vars=None)
try:
domain = data['ansible_facts']['ipa']['domain']
realm = data['ansible_facts']['ipa']['realm']
@@ -246,3 +245,4 @@ class ActionModule(ActionBase):
finally:
# delete the local temp directory
shutil.rmtree(local_temp_dir, ignore_errors=True)
+ run_cmd(['/usr/bin/kdestroy', '-c', tmp_ccache])
diff --git a/roles/ipaclient/files/py3test.py b/roles/ipaclient/files/py3test.py
old mode 100755
new mode 100644
diff --git a/roles/ipaclient/library/ipaclient_api.py b/roles/ipaclient/library/ipaclient_api.py
index 9252bb5..865438f 100644
--- a/roles/ipaclient/library/ipaclient_api.py
+++ b/roles/ipaclient/library/ipaclient_api.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaclient/library/ipaclient_fix_ca.py b/roles/ipaclient/library/ipaclient_fix_ca.py
index 09f682d..a3a1dae 100644
--- a/roles/ipaclient/library/ipaclient_fix_ca.py
+++ b/roles/ipaclient/library/ipaclient_fix_ca.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaclient/library/ipaclient_fstore.py b/roles/ipaclient/library/ipaclient_fstore.py
index b210171..db1218a 100644
--- a/roles/ipaclient/library/ipaclient_fstore.py
+++ b/roles/ipaclient/library/ipaclient_fstore.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaclient/library/ipaclient_get_facts.py b/roles/ipaclient/library/ipaclient_get_facts.py
index 05c5bca..003715e 100644
--- a/roles/ipaclient/library/ipaclient_get_facts.py
+++ b/roles/ipaclient/library/ipaclient_get_facts.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
import os
diff --git a/roles/ipaclient/library/ipaclient_get_otp.py b/roles/ipaclient/library/ipaclient_get_otp.py
index 793b8f8..03e8b2b 100644
--- a/roles/ipaclient/library/ipaclient_get_otp.py
+++ b/roles/ipaclient/library/ipaclient_get_otp.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaclient/library/ipaclient_ipa_conf.py b/roles/ipaclient/library/ipaclient_ipa_conf.py
index bf2b951..ac31e01 100644
--- a/roles/ipaclient/library/ipaclient_ipa_conf.py
+++ b/roles/ipaclient/library/ipaclient_ipa_conf.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaclient/library/ipaclient_join.py b/roles/ipaclient/library/ipaclient_join.py
index 95eed4b..b67be37 100644
--- a/roles/ipaclient/library/ipaclient_join.py
+++ b/roles/ipaclient/library/ipaclient_join.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaclient/library/ipaclient_set_hostname.py b/roles/ipaclient/library/ipaclient_set_hostname.py
index 51afdc2..4145df9 100644
--- a/roles/ipaclient/library/ipaclient_set_hostname.py
+++ b/roles/ipaclient/library/ipaclient_set_hostname.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaclient/library/ipaclient_setup_automount.py b/roles/ipaclient/library/ipaclient_setup_automount.py
index 58ee2f7..1fda9ba 100644
--- a/roles/ipaclient/library/ipaclient_setup_automount.py
+++ b/roles/ipaclient/library/ipaclient_setup_automount.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaclient/library/ipaclient_setup_firefox.py b/roles/ipaclient/library/ipaclient_setup_firefox.py
index 4c74cf6..36116ae 100644
--- a/roles/ipaclient/library/ipaclient_setup_firefox.py
+++ b/roles/ipaclient/library/ipaclient_setup_firefox.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaclient/library/ipaclient_setup_krb5.py b/roles/ipaclient/library/ipaclient_setup_krb5.py
index 134d78e..9eb3e94 100644
--- a/roles/ipaclient/library/ipaclient_setup_krb5.py
+++ b/roles/ipaclient/library/ipaclient_setup_krb5.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaclient/library/ipaclient_setup_nis.py b/roles/ipaclient/library/ipaclient_setup_nis.py
index 7a3f169..e04b87c 100644
--- a/roles/ipaclient/library/ipaclient_setup_nis.py
+++ b/roles/ipaclient/library/ipaclient_setup_nis.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaclient/library/ipaclient_setup_nss.py b/roles/ipaclient/library/ipaclient_setup_nss.py
index 04ab0ae..c1bd173 100644
--- a/roles/ipaclient/library/ipaclient_setup_nss.py
+++ b/roles/ipaclient/library/ipaclient_setup_nss.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaclient/library/ipaclient_setup_ntp.py b/roles/ipaclient/library/ipaclient_setup_ntp.py
index c0daa83..b41a910 100644
--- a/roles/ipaclient/library/ipaclient_setup_ntp.py
+++ b/roles/ipaclient/library/ipaclient_setup_ntp.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaclient/library/ipaclient_setup_ssh.py b/roles/ipaclient/library/ipaclient_setup_ssh.py
index a8329fd..f721b2a 100644
--- a/roles/ipaclient/library/ipaclient_setup_ssh.py
+++ b/roles/ipaclient/library/ipaclient_setup_ssh.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaclient/library/ipaclient_setup_sssd.py b/roles/ipaclient/library/ipaclient_setup_sssd.py
index 596db3f..3fd767f 100644
--- a/roles/ipaclient/library/ipaclient_setup_sssd.py
+++ b/roles/ipaclient/library/ipaclient_setup_sssd.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaclient/library/ipaclient_test.py b/roles/ipaclient/library/ipaclient_test.py
index 62faa2c..d5d7f71 100644
--- a/roles/ipaclient/library/ipaclient_test.py
+++ b/roles/ipaclient/library/ipaclient_test.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaclient/library/ipaclient_test_keytab.py b/roles/ipaclient/library/ipaclient_test_keytab.py
index 3d4351a..75ed109 100644
--- a/roles/ipaclient/library/ipaclient_test_keytab.py
+++ b/roles/ipaclient/library/ipaclient_test_keytab.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaclient/module_utils/ansible_ipa_client.py b/roles/ipaclient/module_utils/ansible_ipa_client.py
index 20c69ca..48ef132 100644
--- a/roles/ipaclient/module_utils/ansible_ipa_client.py
+++ b/roles/ipaclient/module_utils/ansible_ipa_client.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml
index 4421f0c..0de3dea 100644
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -134,6 +134,7 @@
"Password cannot be set on enrolled host" not
in result_ipaclient_get_otp.msg
delegate_to: "{{ result_ipaclient_test.servers[0] }}"
+ delegate_facts: yes
ignore_errors: yes
- name: Install - Report error for OTP generation
diff --git a/roles/ipareplica/files/py3test.py b/roles/ipareplica/files/py3test.py
old mode 100755
new mode 100644
diff --git a/roles/ipareplica/library/ipareplica_add_to_ipaservers.py b/roles/ipareplica/library/ipareplica_add_to_ipaservers.py
index b347581..acd553b 100644
--- a/roles/ipareplica/library/ipareplica_add_to_ipaservers.py
+++ b/roles/ipareplica/library/ipareplica_add_to_ipaservers.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipareplica/library/ipareplica_create_ipa_conf.py b/roles/ipareplica/library/ipareplica_create_ipa_conf.py
index a043c2d..3a85a6f 100644
--- a/roles/ipareplica/library/ipareplica_create_ipa_conf.py
+++ b/roles/ipareplica/library/ipareplica_create_ipa_conf.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
@@ -261,7 +262,6 @@ def main():
config.subject_base = options.subject_base
config.dirman_password = dirman_password
config.ca_host_name = ca_host_name
- config.setup_ca = options.setup_ca
remote_api = gen_remote_api(master_host_name, paths.ETC_IPA)
installer._remote_api = remote_api
diff --git a/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py b/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py
index d1cab9e..c580ed5 100644
--- a/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py
+++ b/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipareplica/library/ipareplica_ds_apply_updates.py b/roles/ipareplica/library/ipareplica_ds_apply_updates.py
index 3b0614f..3796874 100644
--- a/roles/ipareplica/library/ipareplica_ds_apply_updates.py
+++ b/roles/ipareplica/library/ipareplica_ds_apply_updates.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
@@ -176,7 +177,6 @@ def main():
config = gen_ReplicaConfig()
config.dirman_password = dirman_password
config.subject_base = options.subject_base
- config.master_host_name = master_host_name
remote_api = gen_remote_api(master_host_name, paths.ETC_IPA)
diff --git a/roles/ipareplica/library/ipareplica_ds_enable_ssl.py b/roles/ipareplica/library/ipareplica_ds_enable_ssl.py
index 3738b25..a1b638e 100644
--- a/roles/ipareplica/library/ipareplica_ds_enable_ssl.py
+++ b/roles/ipareplica/library/ipareplica_ds_enable_ssl.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
@@ -172,7 +173,6 @@ def main():
config = gen_ReplicaConfig()
config.dirman_password = dirman_password
config.subject_base = options.subject_base
- config.master_host_name = master_host_name
remote_api = gen_remote_api(master_host_name, paths.ETC_IPA)
# installer._remote_api = remote_api
diff --git a/roles/ipareplica/library/ipareplica_enable_ipa.py b/roles/ipareplica/library/ipareplica_enable_ipa.py
index a83744a..d18552b 100644
--- a/roles/ipareplica/library/ipareplica_enable_ipa.py
+++ b/roles/ipareplica/library/ipareplica_enable_ipa.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipareplica/library/ipareplica_install_ca_certs.py b/roles/ipareplica/library/ipareplica_install_ca_certs.py
index 345649f..b93f0b9 100644
--- a/roles/ipareplica/library/ipareplica_install_ca_certs.py
+++ b/roles/ipareplica/library/ipareplica_install_ca_certs.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipareplica/library/ipareplica_krb_enable_ssl.py b/roles/ipareplica/library/ipareplica_krb_enable_ssl.py
index 2b00ccd..a302b0f 100644
--- a/roles/ipareplica/library/ipareplica_krb_enable_ssl.py
+++ b/roles/ipareplica/library/ipareplica_krb_enable_ssl.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipareplica/library/ipareplica_master_password.py b/roles/ipareplica/library/ipareplica_master_password.py
index 9630932..02f9fd1 100644
--- a/roles/ipareplica/library/ipareplica_master_password.py
+++ b/roles/ipareplica/library/ipareplica_master_password.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipareplica/library/ipareplica_prepare.py b/roles/ipareplica/library/ipareplica_prepare.py
index 3887669..ed89b69 100644
--- a/roles/ipareplica/library/ipareplica_prepare.py
+++ b/roles/ipareplica/library/ipareplica_prepare.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipareplica/library/ipareplica_promote_openldap_conf.py b/roles/ipareplica/library/ipareplica_promote_openldap_conf.py
index 260b317..207794c 100644
--- a/roles/ipareplica/library/ipareplica_promote_openldap_conf.py
+++ b/roles/ipareplica/library/ipareplica_promote_openldap_conf.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipareplica/library/ipareplica_promote_sssd.py b/roles/ipareplica/library/ipareplica_promote_sssd.py
index eaae271..66d84d0 100644
--- a/roles/ipareplica/library/ipareplica_promote_sssd.py
+++ b/roles/ipareplica/library/ipareplica_promote_sssd.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipareplica/library/ipareplica_restart_kdc.py b/roles/ipareplica/library/ipareplica_restart_kdc.py
index 21648c5..b9c9900 100644
--- a/roles/ipareplica/library/ipareplica_restart_kdc.py
+++ b/roles/ipareplica/library/ipareplica_restart_kdc.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipareplica/library/ipareplica_setup_adtrust.py b/roles/ipareplica/library/ipareplica_setup_adtrust.py
index 06b4c7c..c830ebf 100644
--- a/roles/ipareplica/library/ipareplica_setup_adtrust.py
+++ b/roles/ipareplica/library/ipareplica_setup_adtrust.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
@@ -109,7 +110,7 @@ def main():
# additional
ccache=dict(required=True),
_top_dir=dict(required=True),
- setup_ca=dict(required=True, type='bool'),
+ setup_ca=dict(required=True),
config_master_host_name=dict(required=True),
),
supports_check_mode=True,
diff --git a/roles/ipareplica/library/ipareplica_setup_ca.py b/roles/ipareplica/library/ipareplica_setup_ca.py
index a05ad47..d71299b 100644
--- a/roles/ipareplica/library/ipareplica_setup_ca.py
+++ b/roles/ipareplica/library/ipareplica_setup_ca.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipareplica/library/ipareplica_setup_certmonger.py b/roles/ipareplica/library/ipareplica_setup_certmonger.py
index 95604da..982aab0 100644
--- a/roles/ipareplica/library/ipareplica_setup_certmonger.py
+++ b/roles/ipareplica/library/ipareplica_setup_certmonger.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipareplica/library/ipareplica_setup_custodia.py b/roles/ipareplica/library/ipareplica_setup_custodia.py
index a18608e..5a74e87 100644
--- a/roles/ipareplica/library/ipareplica_setup_custodia.py
+++ b/roles/ipareplica/library/ipareplica_setup_custodia.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
@@ -168,7 +169,6 @@ def main():
config.promote = installer.promote
config.kra_enabled = kra_enabled
config.kra_host_name = kra_host_name
- config.setup_ca = options.setup_ca
remote_api = gen_remote_api(master_host_name, paths.ETC_IPA)
diff --git a/roles/ipareplica/library/ipareplica_setup_dns.py b/roles/ipareplica/library/ipareplica_setup_dns.py
index 9bb42a6..1557afe 100644
--- a/roles/ipareplica/library/ipareplica_setup_dns.py
+++ b/roles/ipareplica/library/ipareplica_setup_dns.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipareplica/library/ipareplica_setup_ds.py b/roles/ipareplica/library/ipareplica_setup_ds.py
index a54fa8f..8a44120 100644
--- a/roles/ipareplica/library/ipareplica_setup_ds.py
+++ b/roles/ipareplica/library/ipareplica_setup_ds.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipareplica/library/ipareplica_setup_http.py b/roles/ipareplica/library/ipareplica_setup_http.py
index 64856fe..987ea95 100644
--- a/roles/ipareplica/library/ipareplica_setup_http.py
+++ b/roles/ipareplica/library/ipareplica_setup_http.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
@@ -163,7 +164,7 @@ def main():
config.subject_base = options.subject_base
config.dirman_password = dirman_password
config.setup_ca = options.setup_ca
- config.master_host_name = master_host_name
+ # config.master_host_name = master_host_name
config.ca_host_name = ca_host_name
config.promote = installer.promote
diff --git a/roles/ipareplica/library/ipareplica_setup_kra.py b/roles/ipareplica/library/ipareplica_setup_kra.py
index c44dbb9..3149c10 100644
--- a/roles/ipareplica/library/ipareplica_setup_kra.py
+++ b/roles/ipareplica/library/ipareplica_setup_kra.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
@@ -119,9 +120,6 @@ options:
_subject_base:
description: The installer _subject_base setting
required: no
- dirman_password:
- description: Directory Manager (master) password
- required: no
author:
- Thomas Woerner
'''
@@ -175,12 +173,10 @@ def main():
_ca_enabled=dict(required=False, type='bool'),
_kra_enabled=dict(required=False, type='bool'),
_kra_host_name=dict(required=False),
- _ca_host_name=dict(required=False),
_top_dir=dict(required=True),
_add_to_ipaservers=dict(required=True, type='bool'),
_ca_subject=dict(required=True),
_subject_base=dict(required=True),
- dirman_password=dict(required=True, no_log=True),
),
supports_check_mode=True,
)
@@ -237,7 +233,6 @@ def main():
ca_enabled = ansible_module.params.get('_ca_enabled')
kra_enabled = ansible_module.params.get('_kra_enabled')
kra_host_name = ansible_module.params.get('_kra_host_name')
- ca_host_name = ansible_module.params.get('_ca_host_name')
options.subject_base = ansible_module.params.get('subject_base')
if options.subject_base is not None:
@@ -248,7 +243,6 @@ def main():
options._ca_subject = ansible_module.params.get('_ca_subject')
options._subject_base = ansible_module.params.get('_subject_base')
- dirman_password = ansible_module.params.get('dirman_password')
# init #
@@ -260,25 +254,14 @@ def main():
constants.DEFAULT_CONFIG)
api_bootstrap_finalize(env)
config = gen_ReplicaConfig()
- config.dirman_password = dirman_password
config.subject_base = options.subject_base
config.promote = installer.promote
config.kra_enabled = kra_enabled
config.kra_host_name = kra_host_name
- config.ca_host_name = ca_host_name
- config.master_host_name = master_host_name
remote_api = gen_remote_api(master_host_name, paths.ETC_IPA)
installer._remote_api = remote_api
- conn = remote_api.Backend.ldap2
- ccache = os.environ['KRB5CCNAME']
-
- # There is a api.Backend.ldap2.connect call somewhere in ca, ds, dns or
- # ntpinstance
- api.Backend.ldap2.connect()
- conn.connect(ccache=ccache)
-
with redirect_stdout(ansible_log):
ansible_log.debug("-- INSTALL KRA --")
diff --git a/roles/ipareplica/library/ipareplica_setup_krb.py b/roles/ipareplica/library/ipareplica_setup_krb.py
index 703ae76..c8d09f7 100644
--- a/roles/ipareplica/library/ipareplica_setup_krb.py
+++ b/roles/ipareplica/library/ipareplica_setup_krb.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
@@ -62,9 +63,6 @@ options:
_top_dir:
description: The installer _top_dir setting
required: no
- dirman_password:
- description: Directory Manager (master) password
- required: no
author:
- Thomas Woerner
'''
@@ -100,7 +98,6 @@ def main():
ccache=dict(required=True),
_pkinit_pkcs12_info=dict(required=False, type='list'),
_top_dir=dict(required=True),
- dirman_password=dict(required=True, no_log=True),
),
supports_check_mode=True,
)
@@ -129,7 +126,6 @@ def main():
'_pkinit_pkcs12_info')
options._top_dir = ansible_module.params.get('_top_dir')
- dirman_password = ansible_module.params.get('dirman_password')
# init #
@@ -145,10 +141,8 @@ def main():
constants.DEFAULT_CONFIG)
api_bootstrap_finalize(env)
config = gen_ReplicaConfig()
- config.dirman_password = dirman_password
config.master_host_name = config_master_host_name
config.subject_base = options.subject_base
- config.setup_ca = options.setup_ca
ccache = os.environ['KRB5CCNAME']
diff --git a/roles/ipareplica/library/ipareplica_setup_otpd.py b/roles/ipareplica/library/ipareplica_setup_otpd.py
index a211b9e..1b8117d 100644
--- a/roles/ipareplica/library/ipareplica_setup_otpd.py
+++ b/roles/ipareplica/library/ipareplica_setup_otpd.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipareplica/library/ipareplica_test.py b/roles/ipareplica/library/ipareplica_test.py
index 37b288e..ebb1163 100644
--- a/roles/ipareplica/library/ipareplica_test.py
+++ b/roles/ipareplica/library/ipareplica_test.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipareplica/module_utils/ansible_ipa_replica.py b/roles/ipareplica/module_utils/ansible_ipa_replica.py
index a2a70d5..368ec6b 100644
--- a/roles/ipareplica/module_utils/ansible_ipa_replica.py
+++ b/roles/ipareplica/module_utils/ansible_ipa_replica.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipareplica/tasks/install.yml b/roles/ipareplica/tasks/install.yml
index ddb3f85..fc7f83e 100644
--- a/roles/ipareplica/tasks/install.yml
+++ b/roles/ipareplica/tasks/install.yml
@@ -226,8 +226,6 @@
setup_adtrust: "{{ result_ipareplica_test.setup_adtrust }}"
setup_kra: "{{ result_ipareplica_test.setup_kra }}"
setup_dns: "{{ ipareplica_setup_dns }}"
- ### server ###
- setup_ca: "{{ ipareplica_setup_ca }}"
### ssl certificate ###
dirsrv_cert_files: "{{ ipareplica_dirsrv_cert_files | default([]) }}"
### client ###
@@ -283,7 +281,7 @@
ccache: "{{ result_ipareplica_prepare.ccache }}"
installer_ccache: "{{ result_ipareplica_prepare.installer_ccache }}"
_ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
- _dirsrv_pkcs12_info: "{{ result_ipareplica_prepare._dirsrv_pkcs12_info if result_ipareplica_prepare._dirsrv_pkcs12_info != None else omit }}"
+ _dirsrv_pkcs12_info: "{{ result_ipareplica_prepare._dirsrv_pkcs12_info }}"
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
_add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
@@ -334,7 +332,6 @@
_ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
_subject_base: "{{ result_ipareplica_prepare._subject_base }}"
dirman_password: "{{ ipareplica_dirman_password }}"
- setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
- name: Install - Setup KRB
ipareplica_setup_krb:
@@ -348,9 +345,8 @@
config_master_host_name:
"{{ result_ipareplica_install_ca_certs.config_master_host_name }}"
ccache: "{{ result_ipareplica_prepare.ccache }}"
- _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
+ _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
- dirman_password: "{{ ipareplica_dirman_password }}"
# We need to point to the master in ipa default conf when certmonger
# asks for HTTP certificate in newer ipa versions. In these versions
@@ -392,7 +388,6 @@
_ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
_subject_base: "{{ result_ipareplica_prepare._subject_base }}"
dirman_password: "{{ ipareplica_dirman_password }}"
- setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
master:
"{{ result_ipareplica_install_ca_certs.config_master_host_name }}"
when: result_ipareplica_test.change_master_for_certmonger
@@ -412,8 +407,8 @@
ccache: "{{ result_ipareplica_prepare.ccache }}"
_ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
- _dirsrv_pkcs12_info: "{{ result_ipareplica_prepare._dirsrv_pkcs12_info if result_ipareplica_prepare._dirsrv_pkcs12_info != None else omit }}"
- _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
+ _dirsrv_pkcs12_info: "{{ result_ipareplica_prepare._dirsrv_pkcs12_info }}"
+ _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
dirman_password: "{{ ipareplica_dirman_password }}"
ds_ca_subject: "{{ result_ipareplica_setup_ds.ds_ca_subject }}"
@@ -434,7 +429,7 @@
ccache: "{{ result_ipareplica_prepare.ccache }}"
_ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
- _http_pkcs12_info: "{{ result_ipareplica_prepare._http_pkcs12_info if result_ipareplica_prepare._http_pkcs12_info != None else omit }}"
+ _http_pkcs12_info: "{{ result_ipareplica_prepare._http_pkcs12_info }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
dirman_password: "{{ ipareplica_dirman_password }}"
@@ -476,7 +471,6 @@
_ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
_subject_base: "{{ result_ipareplica_prepare._subject_base }}"
dirman_password: "{{ ipareplica_dirman_password }}"
- setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
when: result_ipareplica_test.change_master_for_certmonger
- name: Install - Setup otpd
@@ -513,7 +507,7 @@
_kra_enabled: "{{ result_ipareplica_prepare._kra_enabled }}"
_kra_host_name: "{{ result_ipareplica_prepare.config_kra_host_name }}"
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
- _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
+ _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
dirman_password: "{{ ipareplica_dirman_password }}"
@@ -535,7 +529,7 @@
_kra_enabled: "{{ result_ipareplica_prepare._kra_enabled }}"
_kra_host_name: "{{ result_ipareplica_prepare.config_kra_host_name }}"
_subject_base: "{{ result_ipareplica_prepare._subject_base }}"
- _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
+ _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
dirman_password: "{{ ipareplica_dirman_password }}"
config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
@@ -560,7 +554,7 @@
ccache: "{{ result_ipareplica_prepare.ccache }}"
_ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
- _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
+ _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
dirman_password: "{{ ipareplica_dirman_password }}"
@@ -580,7 +574,7 @@
ccache: "{{ result_ipareplica_prepare.ccache }}"
_ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
- _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
+ _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
dirman_password: "{{ ipareplica_dirman_password }}"
ds_ca_subject: "{{ result_ipareplica_setup_ds.ds_ca_subject }}"
@@ -617,12 +611,10 @@
_ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
_kra_enabled: "{{ result_ipareplica_prepare._kra_enabled }}"
_kra_host_name: "{{ result_ipareplica_prepare.config_kra_host_name }}"
- _ca_host_name: "{{ result_ipareplica_prepare.config_ca_host_name }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
_add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
_ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
_subject_base: "{{ result_ipareplica_prepare._subject_base }}"
- dirman_password: "{{ ipareplica_dirman_password }}"
when: result_ipareplica_test.setup_kra
- name: Install - Restart KDC
diff --git a/roles/ipaserver/files/py3test.py b/roles/ipaserver/files/py3test.py
old mode 100755
new mode 100644
diff --git a/roles/ipaserver/library/ipaserver_enable_ipa.py b/roles/ipaserver/library/ipaserver_enable_ipa.py
index e3a9d53..00bf3da 100644
--- a/roles/ipaserver/library/ipaserver_enable_ipa.py
+++ b/roles/ipaserver/library/ipaserver_enable_ipa.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaserver/library/ipaserver_load_cache.py b/roles/ipaserver/library/ipaserver_load_cache.py
index 80030c6..ad29455 100644
--- a/roles/ipaserver/library/ipaserver_load_cache.py
+++ b/roles/ipaserver/library/ipaserver_load_cache.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaserver/library/ipaserver_master_password.py b/roles/ipaserver/library/ipaserver_master_password.py
index dc1c000..bf9c52b 100644
--- a/roles/ipaserver/library/ipaserver_master_password.py
+++ b/roles/ipaserver/library/ipaserver_master_password.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaserver/library/ipaserver_prepare.py b/roles/ipaserver/library/ipaserver_prepare.py
index 1153dd8..1341abf 100644
--- a/roles/ipaserver/library/ipaserver_prepare.py
+++ b/roles/ipaserver/library/ipaserver_prepare.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaserver/library/ipaserver_set_ds_password.py b/roles/ipaserver/library/ipaserver_set_ds_password.py
index 2b2fb52..4b5b3b3 100644
--- a/roles/ipaserver/library/ipaserver_set_ds_password.py
+++ b/roles/ipaserver/library/ipaserver_set_ds_password.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaserver/library/ipaserver_setup_adtrust.py b/roles/ipaserver/library/ipaserver_setup_adtrust.py
index d6663e1..341cb4e 100644
--- a/roles/ipaserver/library/ipaserver_setup_adtrust.py
+++ b/roles/ipaserver/library/ipaserver_setup_adtrust.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaserver/library/ipaserver_setup_ca.py b/roles/ipaserver/library/ipaserver_setup_ca.py
index 31af30b..53a3633 100644
--- a/roles/ipaserver/library/ipaserver_setup_ca.py
+++ b/roles/ipaserver/library/ipaserver_setup_ca.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaserver/library/ipaserver_setup_custodia.py b/roles/ipaserver/library/ipaserver_setup_custodia.py
index aaa3b47..565020b 100644
--- a/roles/ipaserver/library/ipaserver_setup_custodia.py
+++ b/roles/ipaserver/library/ipaserver_setup_custodia.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaserver/library/ipaserver_setup_dns.py b/roles/ipaserver/library/ipaserver_setup_dns.py
index 8072e40..396b439 100644
--- a/roles/ipaserver/library/ipaserver_setup_dns.py
+++ b/roles/ipaserver/library/ipaserver_setup_dns.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaserver/library/ipaserver_setup_ds.py b/roles/ipaserver/library/ipaserver_setup_ds.py
index ccb76a3..3fc9d50 100644
--- a/roles/ipaserver/library/ipaserver_setup_ds.py
+++ b/roles/ipaserver/library/ipaserver_setup_ds.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaserver/library/ipaserver_setup_http.py b/roles/ipaserver/library/ipaserver_setup_http.py
index e00465d..4d9a54d 100644
--- a/roles/ipaserver/library/ipaserver_setup_http.py
+++ b/roles/ipaserver/library/ipaserver_setup_http.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaserver/library/ipaserver_setup_kra.py b/roles/ipaserver/library/ipaserver_setup_kra.py
index 8c1240c..5296c09 100644
--- a/roles/ipaserver/library/ipaserver_setup_kra.py
+++ b/roles/ipaserver/library/ipaserver_setup_kra.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaserver/library/ipaserver_setup_krb.py b/roles/ipaserver/library/ipaserver_setup_krb.py
index cb000eb..1101d8d 100644
--- a/roles/ipaserver/library/ipaserver_setup_krb.py
+++ b/roles/ipaserver/library/ipaserver_setup_krb.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaserver/library/ipaserver_setup_ntp.py b/roles/ipaserver/library/ipaserver_setup_ntp.py
index 1e57a85..ab1fde7 100644
--- a/roles/ipaserver/library/ipaserver_setup_ntp.py
+++ b/roles/ipaserver/library/ipaserver_setup_ntp.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaserver/library/ipaserver_setup_otpd.py b/roles/ipaserver/library/ipaserver_setup_otpd.py
index d67748e..e72d27b 100644
--- a/roles/ipaserver/library/ipaserver_setup_otpd.py
+++ b/roles/ipaserver/library/ipaserver_setup_otpd.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaserver/library/ipaserver_test.py b/roles/ipaserver/library/ipaserver_test.py
index 541415e..4ac100c 100644
--- a/roles/ipaserver/library/ipaserver_test.py
+++ b/roles/ipaserver/library/ipaserver_test.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaserver/module_utils/ansible_ipa_server.py b/roles/ipaserver/module_utils/ansible_ipa_server.py
index fe71311..d934751 100644
--- a/roles/ipaserver/module_utils/ansible_ipa_server.py
+++ b/roles/ipaserver/module_utils/ansible_ipa_server.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
diff --git a/roles/ipaserver/tasks/install.yml b/roles/ipaserver/tasks/install.yml
index 687f72d..30f9da2 100644
--- a/roles/ipaserver/tasks/install.yml
+++ b/roles/ipaserver/tasks/install.yml
@@ -203,7 +203,7 @@
# no_host_dns: "{{ result_ipaserver_test.no_host_dns }}"
dirsrv_config_file: "{{ ipaserver_dirsrv_config_file | default(omit) }}"
dirsrv_cert_files: "{{ ipaserver_dirsrv_cert_files | default(omit) }}"
- _dirsrv_pkcs12_info: "{{ result_ipaserver_test._dirsrv_pkcs12_info if result_ipaserver_test._dirsrv_pkcs12_info != None else omit }}"
+ _dirsrv_pkcs12_info: "{{ result_ipaserver_test._dirsrv_pkcs12_info }}"
external_cert_files:
"{{ ipaserver_external_cert_files | default(omit) }}"
subject_base: "{{ result_ipaserver_prepare.subject_base }}"
@@ -240,7 +240,7 @@
no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
idstart: "{{ result_ipaserver_test.idstart }}"
idmax: "{{ result_ipaserver_test.idmax }}"
- _pkinit_pkcs12_info: "{{ result_ipaserver_test._pkinit_pkcs12_info if result_ipaserver_test._pkinit_pkcs12_info != None else omit }}"
+ _pkinit_pkcs12_info: "{{ result_ipaserver_test._pkinit_pkcs12_info }}"
- name: Install - Setup custodia
ipaserver_setup_custodia:
@@ -270,7 +270,7 @@
no_pkinit: "{{ result_ipaserver_test.no_pkinit }}"
dirsrv_config_file: "{{ ipaserver_dirsrv_config_file | default(omit) }}"
dirsrv_cert_files: "{{ ipaserver_dirsrv_cert_files | default([]) }}"
- _dirsrv_pkcs12_info: "{{ result_ipaserver_test._dirsrv_pkcs12_info if result_ipaserver_test._dirsrv_pkcs12_info != None else omit }}"
+ _dirsrv_pkcs12_info: "{{ result_ipaserver_test._dirsrv_pkcs12_info }}"
external_ca: "{{ ipaserver_external_ca }}"
external_ca_type: "{{ ipaserver_external_ca_type | default(omit) }}"
external_ca_profile:
@@ -334,7 +334,7 @@
idmax: "{{ result_ipaserver_test.idmax }}"
http_cert_files: "{{ ipaserver_http_cert_files | default([]) }}"
no_ui_redirect: "{{ ipaserver_no_ui_redirect }}"
- _http_pkcs12_info: "{{ result_ipaserver_test._http_pkcs12_info if result_ipaserver_test._http_pkcs12_info != None else omit }}"
+ _http_pkcs12_info: "{{ result_ipaserver_test._http_pkcs12_info }}"
- name: Install - Setup KRA
ipaserver_setup_kra:
@@ -394,7 +394,7 @@
idstart: "{{ result_ipaserver_test.idstart }}"
idmax: "{{ result_ipaserver_test.idmax }}"
dirsrv_config_file: "{{ ipaserver_dirsrv_config_file | default(omit) }}"
- _dirsrv_pkcs12_info: "{{ result_ipaserver_test._dirsrv_pkcs12_info if result_ipaserver_test._dirsrv_pkcs12_info != None else omit }}"
+ _dirsrv_pkcs12_info: "{{ result_ipaserver_test._dirsrv_pkcs12_info }}"
- name: Install - Setup client
include_role:
diff --git a/tests/dnsforwardzone/test_dnsforwardzone.yml b/tests/dnsforwardzone/test_dnsforwardzone.yml
index 223cf3d..1a45e82 100644
--- a/tests/dnsforwardzone/test_dnsforwardzone.yml
+++ b/tests/dnsforwardzone/test_dnsforwardzone.yml
@@ -5,21 +5,19 @@
gather_facts: false
tasks:
- - name: ensure test forwardzones are absent
+ - name: ensure forwardzone example.com is absent - prep
ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
- name:
- - example.com
- - newfailzone.com
+ ipaadmin_password: password01
+ name: example.com
state: absent
- name: ensure forwardzone example.com is created
ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
+ ipaadmin_password: password01
state: present
name: example.com
forwarders:
- - ip_address: 8.8.8.8
+ - 8.8.8.8
forwardpolicy: first
skip_overlap_check: true
register: result
@@ -27,11 +25,11 @@
- name: ensure forwardzone example.com is present again
ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
+ ipaadmin_password: password01
state: present
name: example.com
forwarders:
- - ip_address: 8.8.8.8
+ - 8.8.8.8
forwardpolicy: first
skip_overlap_check: true
register: result
@@ -39,13 +37,12 @@
- name: ensure forwardzone example.com has two forwarders
ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
+ ipaadmin_password: password01
state: present
name: example.com
forwarders:
- - ip_address: 8.8.8.8
- - ip_address: 4.4.4.4
- port: 8053
+ - 8.8.8.8
+ - 4.4.4.4
forwardpolicy: first
skip_overlap_check: true
register: result
@@ -53,246 +50,165 @@
- name: ensure forwardzone example.com has one forwarder again
ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
+ ipaadmin_password: password01
name: example.com
forwarders:
- - ip_address: 8.8.8.8
+ - 8.8.8.8
forwardpolicy: first
skip_overlap_check: true
state: present
register: result
- failed_when: result.changed
+ failed_when: not result.changed
- name: skip_overlap_check can only be set on creation so change nothing
ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
+ ipaadmin_password: password01
name: example.com
forwarders:
- - ip_address: 8.8.8.8
+ - 8.8.8.8
forwardpolicy: first
skip_overlap_check: false
state: present
register: result
failed_when: result.changed
- - name: ensure forwardzone example.com is absent.
- ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
- name: example.com
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: ensure forwardzone example.com is absent, again.
- ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
- name: example.com
- state: absent
- register: result
- failed_when: result.changed
-
- name: change all the things at once
ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
+ ipaadmin_password: password01
state: present
name: example.com
forwarders:
- - ip_address: 8.8.8.8
- - ip_address: 4.4.4.4
- port: 8053
+ - 8.8.8.8
+ - 4.4.4.4
forwardpolicy: only
- skip_overlap_check: true
- permission: yes
- register: result
- failed_when: not result.changed
-
- - name: change zone forward policy
- ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
- name: example.com
- forwardpolicy: first
+ skip_overlap_check: false
register: result
failed_when: not result.changed
- - name: change zone forward policy, again
+ - name: ensure forwardzone example.com is absent for next testset
ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
- name: example.com
- forwardpolicy: first
- register: result
- failed_when: result.changed
-
- - name: ensure forwardzone example.com is absent.
- ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
+ ipaadmin_password: password01
name: example.com
state: absent
- name: ensure forwardzone example.com is created with minimal args
ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
+ ipaadmin_password: password01
state: present
name: example.com
skip_overlap_check: true
forwarders:
- - ip_address: 8.8.8.8
+ - 8.8.8.8
register: result
failed_when: not result.changed
- name: add a forwarder to any existing ones
ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
+ ipaadmin_password: password01
state: present
name: example.com
forwarders:
- - ip_address: 4.4.4.4
- port: 8053
+ - 4.4.4.4
action: member
register: result
failed_when: not result.changed
- name: check the list of forwarders is what we expect
ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
+ ipaadmin_password: password01
state: present
name: example.com
forwarders:
- - ip_address: 4.4.4.4
- port: 8053
- - ip_address: 8.8.8.8
+ - 4.4.4.4
+ - 8.8.8.8
action: member
register: result
failed_when: result.changed
- name: remove a single forwarder
ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
+ ipaadmin_password: password01
state: absent
name: example.com
forwarders:
- - ip_address: 8.8.8.8
+ - 8.8.8.8
action: member
register: result
failed_when: not result.changed
- name: check the list of forwarders is what we expect now
ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
+ ipaadmin_password: password01
state: present
name: example.com
forwarders:
- - ip_address: 4.4.4.4
- port: 8053
+ - 4.4.4.4
action: member
register: result
failed_when: result.changed
- - name: Add a permission for per-forward zone access delegation.
+ - name: ensure forwardzone example.com is absent again
ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
+ ipaadmin_password: password01
name: example.com
- permission: yes
- action: member
- register: result
- failed_when: not result.changed
+ state: absent
- - name: Add a permission for per-forward zone access delegation, again.
+ - name: try to create a new forwarder with action=member
ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
+ ipaadmin_password: password01
+ state: present
name: example.com
- permission: yes
+ forwarders:
+ - 4.4.4.4
action: member
+ skip_overlap_check: true
register: result
failed_when: result.changed
- - name: Remove a permission for per-forward zone access delegation.
- ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
- name: example.com
- permission: no
- action: member
- register: result
- failed_when: not result.changed
-
- - name: Remove a permission for per-forward zone access delegation, again.
+ - name: ensure forwardzone example.com is absent - tidy up
ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
+ ipaadmin_password: password01
name: example.com
- permission: no
- action: member
- register: result
- failed_when: result.changed
+ state: absent
- - name: disable the forwarder
+ - name: try to create a new forwarder is disabled state
ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
- name: example.com
+ ipaadmin_password: password01
state: disabled
- register: result
- failed_when: not result.changed
-
- - name: disable the forwarder again
- ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
name: example.com
- state: disabled
+ forwarders:
+ - 4.4.4.4
+ skip_overlap_check: true
register: result
- failed_when: result.changed
+ failed_when: not result.changed
- name: enable the forwarder
ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
+ ipaadmin_password: password01
name: example.com
state: enabled
register: result
failed_when: not result.changed
- - name: enable the forwarder, again
- ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
- name: example.com
- state: enabled
- register: result
- failed_when: result.changed
-
- - name: ensure forwardzone example.com is absent again
- ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
- name: example.com
- state: absent
-
- - name: try to create a new forwarder with action=member
+ - name: disable the forwarder again
ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
- state: present
+ ipaadmin_password: password01
name: example.com
- forwarders:
- - ip_address: 4.4.4.4
- port: 8053
+ state: disabled
action: member
- skip_overlap_check: true
register: result
- failed_when: not result.failed or "not found" not in result.msg
+ failed_when: not result.changed
- - name: try to create a new forwarder with disabled state
+ - name: ensure it stays disabled
ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
+ ipaadmin_password: password01
name: example.com
state: disabled
register: result
- failed_when: not result.failed or "not found" not in result.msg
-
- - name: Ensure forwardzone is not added without forwarders, with correct message.
- ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
- name: newfailzone.com
- register: result
- failed_when: not result.failed or "No forwarders specified" not in result.msg
+ failed_when: result.changed
- name: ensure forwardzone example.com is absent - tidy up
ipadnsforwardzone:
- ipaadmin_password: SomeADMINpassword
- name:
- - example.com
- - newfailzone.com
+ ipaadmin_password: password01
+ name: example.com
state: absent
diff --git a/tests/dnszone/test_dnszone.yml b/tests/dnszone/test_dnszone.yml
index bd820df..f7bd1f0 100644
--- a/tests/dnszone/test_dnszone.yml
+++ b/tests/dnszone/test_dnszone.yml
@@ -149,40 +149,3 @@
forwarders: []
register: result
failed_when: not result.changed
-
- - name: Create zones test1
- ipadnszone:
- ipaadmin_password: SomeADMINpassword
- name: test1.testzone.local
-
- - name: Create zones test2
- ipadnszone:
- ipaadmin_password: SomeADMINpassword
- name: test2.testzone.local
-
- - name: Create zones test3
- ipadnszone:
- ipaadmin_password: SomeADMINpassword
- name: test3.testzone.local
-
- - name: Ensure multiple zones are absent
- ipadnszone:
- ipaadmin_password: SomeADMINpassword
- name:
- - test1.testzone.local
- - test2.testzone.local
- - test3.testzone.local
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Ensure multiple zones are absent, again
- ipadnszone:
- ipaadmin_password: SomeADMINpassword
- name:
- - test1.testzone.local
- - test2.testzone.local
- - test3.testzone.local
- state: absent
- register: result
- failed_when: result.changed
diff --git a/tests/dnszone/test_dnszone_name_from_ip.yml b/tests/dnszone/test_dnszone_name_from_ip.yml
deleted file mode 100644
index 9bd2eb0..0000000
--- a/tests/dnszone/test_dnszone_name_from_ip.yml
+++ /dev/null
@@ -1,112 +0,0 @@
----
-- name: Test dnszone
- hosts: ipaserver
- become: yes
- gather_facts: yes
-
- tasks:
-
- # Setup
- - name: Ensure zone is absent.
- ipadnszone:
- ipaadmin_password: SomeADMINpassword
- name: "{{ item }}"
- state: absent
- with_items:
- - 2.0.192.in-addr.arpa.
- - 0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa.
- - 1.0.0.0.e.f.a.c.8.b.d.0.1.0.0.2.ip6.arpa.
-
- # tests
- - name: Ensure zone exists for reverse IP.
- ipadnszone:
- ipaadmin_password: SomeADMINpassword
- name_from_ip: 192.0.2.3/24
- register: ipv4_zone
- failed_when: not ipv4_zone.changed or ipv4_zone.failed
-
- - name: Ensure zone exists for reverse IP, again.
- ipadnszone:
- ipaadmin_password: SomeADMINpassword
- name_from_ip: 192.0.2.3/24
- register: result
- failed_when: result.changed or result.failed
-
- - name: Ensure zone exists for reverse IP, given the zone name.
- ipadnszone:
- ipaadmin_password: SomeADMINpassword
- name: "{{ ipv4_zone.dnszone.name }}"
- register: result
- failed_when: result.changed or result.failed
-
- - name: Modify existing zone, using `name_from_ip`.
- ipadnszone:
- ipaadmin_password: SomeADMINpassword
- name_from_ip: 192.0.2.3/24
- default_ttl: 1234
- register: result
- failed_when: not result.changed
-
- - name: Modify existing zone, using `name_from_ip`, again.
- ipadnszone:
- ipaadmin_password: SomeADMINpassword
- name_from_ip: 192.0.2.3/24
- default_ttl: 1234
- register: result
- failed_when: result.changed or result.failed
-
- - name: Ensure ipv6 zone exists for reverse IPv6.
- ipadnszone:
- ipaadmin_password: SomeADMINpassword
- name_from_ip: fd00::0001
- register: ipv6_zone
- failed_when: not ipv6_zone.changed or ipv6_zone.failed
-
- # - debug:
- # msg: "{{ipv6_zone}}"
-
- - name: Ensure ipv6 zone was created.
- ipadnszone:
- ipaadmin_password: SomeADMINpassword
- name: "{{ ipv6_zone.dnszone.name }}"
- register: result
- failed_when: result.changed or result.failed
-
- - name: Ensure ipv6 zone exists for reverse IPv6, again.
- ipadnszone:
- ipaadmin_password: SomeADMINpassword
- name_from_ip: fd00::0001
- register: result
- failed_when: result.changed
-
- - name: Ensure second ipv6 zone exists for reverse IPv6.
- ipadnszone:
- ipaadmin_password: SomeADMINpassword
- name_from_ip: 2001:db8:cafe:1::1
- register: ipv6_sec_zone
- failed_when: not ipv6_sec_zone.changed or ipv6_zone.failed
-
- - name: Ensure second ipv6 zone was created.
- ipadnszone:
- ipaadmin_password: SomeADMINpassword
- name: "{{ ipv6_sec_zone.dnszone.name }}"
- register: result
- failed_when: result.changed or result.failed
-
- - name: Ensure second ipv6 zone exists for reverse IPv6, again.
- ipadnszone:
- ipaadmin_password: SomeADMINpassword
- name_from_ip: 2001:db8:cafe:1::1
- register: result
- failed_when: result.changed
-
- # Cleanup
- - name: Ensure zone is absent.
- ipadnszone:
- ipaadmin_password: SomeADMINpassword
- name: "{{ item }}"
- state: absent
- with_items:
- - "{{ ipv6_zone.dnszone.name }}"
- - "{{ ipv6_sec_zone.dnszone.name }}"
- - "{{ ipv4_zone.dnszone.name }}"
diff --git a/tests/group/test_group_membermanager.yml b/tests/group/test_group_membermanager.yml
index 661f26d..1d38654 100644
--- a/tests/group/test_group_membermanager.yml
+++ b/tests/group/test_group_membermanager.yml
@@ -8,7 +8,7 @@
- name: Ensure user manangeruser1 and manageruser2 is absent
ipauser:
ipaadmin_password: SomeADMINpassword
- name: manageruser1,manageruser2,unknown_user
+ name: manageruser1,manageruser2
state: absent
- name: Ensure group testgroup, managergroup1 and managergroup2 are absent
@@ -185,15 +185,6 @@
register: result
failed_when: not result.changed
- - name: Ensure unknown membermanager_user member failure
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: testgroup
- membermanager_user: unknown_user
- action: member
- register: result
- failed_when: result.changed or "no such entry" not in result.msg
-
- name: Ensure group testgroup, managergroup1 and managergroup2 are absent
ipagroup:
ipaadmin_password: SomeADMINpassword
diff --git a/tests/host/test_hosts.yml b/tests/host/test_hosts.yml
index f82cc61..30fd653 100644
--- a/tests/host/test_hosts.yml
+++ b/tests/host/test_hosts.yml
@@ -96,18 +96,3 @@
state: absent
register: result
failed_when: result.changed
-
- - name: Duplicate names in hosts failure test
- ipahost:
- ipaadmin_password: SomeADMINpassword
- hosts:
- - name: "{{ host1_fqdn }}"
- force: yes
- - name: "{{ host2_fqdn }}"
- force: yes
- - name: "{{ host3_fqdn }}"
- force: yes
- - name: "{{ host3_fqdn }}"
- force: yes
- register: result
- failed_when: result.changed or "is used more than once" not in result.msg
diff --git a/tests/hostgroup/test_hostgroup_membermanager.yml b/tests/hostgroup/test_hostgroup_membermanager.yml
index c0f6546..c32d108 100644
--- a/tests/hostgroup/test_hostgroup_membermanager.yml
+++ b/tests/hostgroup/test_hostgroup_membermanager.yml
@@ -15,7 +15,7 @@
- name: Ensure user manangeruser1 and manageruser2 is absent
ipauser:
ipaadmin_password: SomeADMINpassword
- name: manageruser1,manageruser2,unknown_user
+ name: manageruser1,manageruser2
state: absent
- name: Ensure group managergroup1 and managergroup2 are absent
@@ -200,15 +200,6 @@
register: result
failed_when: not result.changed
- - name: Ensure unknown membermanager_user member failure
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: testhostgroup
- membermanager_user: unknown_user
- action: member
- register: result
- failed_when: result.changed or "no such entry" not in result.msg
-
- name: Ensure host-group testhostgroup is absent
ipahostgroup:
ipaadmin_password: SomeADMINpassword
diff --git a/tests/service/env_cleanup.yml b/tests/service/env_cleanup.yml
deleted file mode 100644
index f96a75b..0000000
--- a/tests/service/env_cleanup.yml
+++ /dev/null
@@ -1,68 +0,0 @@
----
-# Cleanup tasks for the service module tests.
-- name: Ensure services are absent.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name:
- - "HTTP/{{ svc_fqdn }}"
- - "HTTP/{{ nohost_fqdn }}"
- - HTTP/svc.ihavenodns.info
- - HTTP/no.idontexist.local
- - "cifs/{{ host1_fqdn }}"
- state: absent
-
-- name: Ensure host "{{ svc_fqdn }}" is absent
- ipahost:
- ipaadmin_password: SomeADMINpassword
- name: "{{ svc_fqdn }}"
- update_dns: yes
- state: absent
-
-- name: Ensure host is absent
- ipahost:
- ipaadmin_password: SomeADMINpassword
- name:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- - "{{ nohost_fqdn }}"
- - svc.ihavenodns.info
- update_dns: no
- state: absent
-
-- name: Ensure testing users are absent.
- ipauser:
- ipaadmin_password: SomeADMINpassword
- name:
- - user01
- - user02
- state: absent
-
-- name: Ensure testing groups are absent.
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name:
- - group01
- - group02
- state: absent
-
-- name: Ensure testing hostgroup hostgroup01 is absent.
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name:
- - hostgroup01
- state: absent
-
-- name: Ensure testing hostgroup hostgroup02 is absent.
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name:
- - hostgroup02
- state: absent
-
-- name: Remove IP address for "nohost" host.
- ipadnsrecord:
- ipaadmin_password: SomeADMINpassword
- zone_name: "{{ test_domain }}."
- name: nohost
- del_all: yes
- state: absent
diff --git a/tests/service/env_setup.yml b/tests/service/env_setup.yml
deleted file mode 100644
index 309cfc0..0000000
--- a/tests/service/env_setup.yml
+++ /dev/null
@@ -1,73 +0,0 @@
-# Setup environment for service module tests.
----
-- name: Setup variables and facts.
- include_tasks: env_vars.yml
-
-# Cleanup before setup.
-- name: Cleanup test environment.
- include_tasks: env_cleanup.yml
-
-- name: Add IP address for "nohost" host.
- ipadnsrecord:
- ipaadmin_password: SomeADMINpassword
- zone_name: "{{ test_domain }}."
- name: nohost
- a_ip_address: "{{ ipv4_prefix + '.100' }}"
-
-- name: Add hosts for tests.
- ipahost:
- ipaadmin_password: SomeADMINpassword
- hosts:
- - name: "{{ host1_fqdn }}"
- ip_address: "{{ ipv4_prefix + '.101' }}"
- - name: "{{ host2_fqdn }}"
- ip_address: "{{ ipv4_prefix + '.102' }}"
- - name: "{{ svc_fqdn }}"
- ip_address: "{{ ipv4_prefix + '.201' }}"
- - name: svc.ihavenodns.info
- force: yes
- update_dns: yes
-
-- name: Ensure testing user user01 is present.
- ipauser:
- ipaadmin_password: SomeADMINpassword
- name: user01
- first: user01
- last: last
-
-- name: Ensure testing user user02 is present.
- ipauser:
- ipaadmin_password: SomeADMINpassword
- name: user02
- first: user02
- last: last
-
-- name: Ensure testing group group01 is present.
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: group01
-
-- name: Ensure testing group group02 is present.
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: group02
-
-- name: Ensure testing hostgroup hostgroup01 is present.
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: hostgroup01
-
-- name: Ensure testing hostgroup hostgroup02 is present.
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: hostgroup02
-
-- name: Ensure services are absent.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name:
- - "HTTP/{{ svc_fqdn }}"
- - "HTTP/{{ nohost_fqdn }}"
- - HTTP/svc.ihavenodns.info
- - HTTP/no.idontexist.info
- state: absent
diff --git a/tests/service/env_vars.yml b/tests/service/env_vars.yml
deleted file mode 100644
index eb53c7a..0000000
--- a/tests/service/env_vars.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
- - name: Get Domain from server name
- set_fact:
- test_domain: "{{ ansible_fqdn.split('.')[1:] | join('.') }}"
-
- - name: Set host1, host2 and svc hosts fqdn
- set_fact:
- host1_fqdn: "{{ 'host1.' + test_domain }}"
- host2_fqdn: "{{ 'host2.' + test_domain }}"
- svc_fqdn: "{{ 'svc.' + test_domain }}"
- nohost_fqdn: "{{ 'nohost.' + test_domain }}"
-
- - name: Get IPv4 address prefix from server node
- set_fact:
- ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] | join('.') }}"
diff --git a/tests/service/test_service_disable.yml b/tests/service/test_service_disable.yml
deleted file mode 100644
index 3b4a88f..0000000
--- a/tests/service/test_service_disable.yml
+++ /dev/null
@@ -1,68 +0,0 @@
----
-- name: Playbook to manage IPA service.
- hosts: ipaserver
- become: yes
- gather_facts: yes
-
- tasks:
- - name: Ensure service is absent
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "mysvc1/{{ ansible_fqdn }}"
-
- - name: Ensure service is present
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "mysvc1/{{ ansible_fqdn }}"
- certificate:
- - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq
- force: no
- register: result
- failed_when: not result.changed
-
- - name: Obtain keytab
- shell: ipa-getkeytab -s "{{ ansible_fqdn }}" -p "mysvc1/{{ ansible_fqdn }}" -k mysvc1.keytab
-
- - name: Verify keytab
- shell: ipa service-find "mysvc1/{{ ansible_fqdn }}"
- register: result
- failed_when: result.failed or result.stdout | regex_search(" Keytab. true")
-
- - name: Ensure service is disabled
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "mysvc1/{{ ansible_fqdn }}"
- state: disabled
- register: result
- failed_when: not result.changed
-
- - name: Verify keytab
- shell: ipa service-find "mysvc1/{{ ansible_fqdn }}"
- register: result
- failed_when: result.failed or result.stdout | regex_search(" Keytab. true")
-
- - name: Obtain keytab
- shell: ipa-getkeytab -s "{{ ansible_fqdn }}" -p "mysvc1/{{ ansible_fqdn }}" -k mysvc1.keytab
-
- - name: Verify keytab
- shell: ipa service-find "mysvc1/{{ ansible_fqdn }}"
- register: result
- failed_when: result.failed or result.stdout | regex_search(" Keytab. true")
-
- - name: Ensure service is disabled
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "mysvc1/{{ ansible_fqdn }}"
- state: disabled
- register: result
- failed_when: not result.changed
-
- - name: Verify keytab
- shell: ipa service-find "mysvc1/{{ ansible_fqdn }}"
- register: result
- failed_when: result.failed or result.stdout | regex_search(" Keytab. true")
-
- - name: Ensure service is absent
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "mysvc1/{{ ansible_fqdn }}"
diff --git a/tests/service/test_service_keytab.yml b/tests/service/test_service_keytab.yml
deleted file mode 100644
index 0918802..0000000
--- a/tests/service/test_service_keytab.yml
+++ /dev/null
@@ -1,397 +0,0 @@
----
-- name: Test service
- hosts: ipaserver
- become: yes
-
- tasks:
- # setup
- - name: Setup test envirnoment.
- include_tasks: env_setup.yml
-
- # Add service to test keytab create/retrieve attributes.
- - name: Ensure test service is present
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- pac_type:
- - MS-PAC
- - PAD
- auth_ind: otp
- force: yes
- requires_pre_auth: yes
- ok_as_delegate: no
- ok_to_auth_as_delegate: no
-
- # tests
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_user:
- - user01
- - user02
- action: member
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_user:
- - user01
- - user02
- action: member
- register: result
- failed_when: result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_user:
- - user01
- - user02
- action: member
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_user:
- - user01
- - user02
- action: member
- state: absent
- register: result
- failed_when: result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for group.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_group:
- - group01
- - group02
- action: member
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for group, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_group:
- - group01
- - group02
- action: member
- register: result
- failed_when: result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for group.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_group:
- - group01
- - group02
- action: member
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for group, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_group:
- - group01
- - group02
- action: member
- state: absent
- register: result
- failed_when: result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for host.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- action: member
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for host, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- action: member
- register: result
- failed_when: result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for host.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- action: member
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for host, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- action: member
- state: absent
- register: result
- failed_when: result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for hostgroup.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for hostgroup, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- register: result
- failed_when: result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for hostgroup.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- state: absent
- action: member
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for hostgroup, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- state: absent
- register: result
- failed_when: result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_user:
- - user01
- - user02
- action: member
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_user:
- - user01
- - user02
- action: member
- register: result
- failed_when: result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_user:
- - user01
- - user02
- action: member
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_user:
- - user01
- - user02
- action: member
- state: absent
- register: result
- failed_when: result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for group.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_group:
- - group01
- - group02
- action: member
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for group, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_group:
- - group01
- - group02
- action: member
- register: result
- failed_when: result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for group.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_group:
- - group01
- - group02
- action: member
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for group, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_group:
- - group01
- - group02
- action: member
- state: absent
- register: result
- failed_when: result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for host.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- action: member
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for host, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- action: member
- register: result
- failed_when: result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for host.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- action: member
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for host, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- action: member
- state: absent
- register: result
- failed_when: result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for hostgroup.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for hostgroup, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- register: result
- failed_when: result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for hostgroup.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for hostgroup, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- state: absent
- register: result
- failed_when: result.changed
-
- # cleanup
- - name: Clean-up envirnoment.
- include_tasks: env_cleanup.yml
diff --git a/tests/user/test_users.yml b/tests/user/test_users.yml
index 81c7b60..5b5d453 100644
--- a/tests/user/test_users.yml
+++ b/tests/user/test_users.yml
@@ -85,25 +85,6 @@
register: result
failed_when: result.changed
- - name: Duplicate names in users failure test
- ipauser:
- ipaadmin_password: SomeADMINpassword
- users:
- - name: user1
- givenname: user1
- last: Last
- - name: user2
- first: user2
- last: Last
- - name: user3
- first: user3
- last: Last
- - name: user3
- first: user3
- last: Last
- register: result
- failed_when: result.changed or "is used more than once" not in result.msg
-
- name: Remove test users
ipauser:
ipaadmin_password: SomeADMINpassword
diff --git a/tests/vault/test_vault_asymmetric.yml b/tests/vault/test_vault_asymmetric.yml
index 268922c..1a1d3dc 100644
--- a/tests/vault/test_vault_asymmetric.yml
+++ b/tests/vault/test_vault_asymmetric.yml
@@ -42,7 +42,7 @@
private_key: "{{ lookup('file', 'private.pem') | b64encode }}"
state: retrieved
register: result
- failed_when: result.vault.data != 'Hello World.' or result.changed
+ failed_when: result.data != 'Hello World.' or result.changed
- name: Retrieve data from asymmetric vault into file {{ ansible_env.HOME }}/data.txt.
ipavault:
@@ -75,7 +75,7 @@
private_key: "{{ lookup('file', 'private.pem') | b64encode }}"
state: retrieved
register: result
- failed_when: result.vault.data != 'The world of π is half rounded.' or result.changed
+ failed_when: result.data != 'The world of π is half rounded.' or result.changed
- name: Archive data in asymmetric vault, from file.
ipavault:
@@ -93,7 +93,7 @@
private_key: "{{ lookup('file', 'private.pem') | b64encode }}"
state: retrieved
register: result
- failed_when: result.vault.data != 'Another World.' or result.changed
+ failed_when: result.data != 'Another World.' or result.changed
- name: Archive data with single character to asymmetric vault
ipavault:
@@ -110,7 +110,7 @@
private_key: "{{ lookup('file', 'private.pem') | b64encode }}"
state: retrieved
register: result
- failed_when: result.vault.data != 'c' or result.changed
+ failed_when: result.data != 'c' or result.changed
- name: Ensure asymmetric vault is absent
ipavault:
@@ -161,7 +161,7 @@
private_key: "{{ lookup('file', 'private.pem') | b64encode }}"
state: retrieved
register: result
- failed_when: result.vault.data != 'Hello World.' or result.changed
+ failed_when: result.data != 'Hello World.' or result.changed
- name: Retrieve data from asymmetric vault, with password file.
ipavault:
@@ -170,7 +170,7 @@
private_key_file: "{{ ansible_env.HOME }}/private.pem"
state: retrieved
register: result
- failed_when: result.vault.data != 'Hello World.' or result.changed
+ failed_when: result.data != 'Hello World.' or result.changed
- name: Ensure asymmetric vault is absent
ipavault:
diff --git a/tests/vault/test_vault_standard.yml b/tests/vault/test_vault_standard.yml
index 6ccb0d5..5e0da98 100644
--- a/tests/vault/test_vault_standard.yml
+++ b/tests/vault/test_vault_standard.yml
@@ -39,7 +39,7 @@
name: stdvault
state: retrieved
register: result
- failed_when: result.vault.data != 'Hello World.' or result.changed
+ failed_when: result.data != 'Hello World.' or result.changed
- name: Retrieve data from standard vault into file {{ ansible_env.HOME }}/data.txt.
ipavault:
@@ -70,7 +70,7 @@
name: stdvault
state: retrieved
register: result
- failed_when: result.vault.data != 'The world of π is half rounded.' or result.changed
+ failed_when: result.data != 'The world of π is half rounded.' or result.changed
- name: Archive data in standard vault, from file.
ipavault:
@@ -87,7 +87,7 @@
name: stdvault
state: retrieved
register: result
- failed_when: result.vault.data != 'Another World.' or result.changed
+ failed_when: result.data != 'Another World.' or result.changed
- name: Archive data with single character to standard vault
ipavault:
@@ -103,7 +103,7 @@
name: stdvault
state: retrieved
register: result
- failed_when: result.vault.data != 'c' or result.changed
+ failed_when: result.data != 'c' or result.changed
- name: Ensure standard vault is absent
ipavault:
diff --git a/tests/vault/test_vault_symmetric.yml b/tests/vault/test_vault_symmetric.yml
index 5394c71..c9429f4 100644
--- a/tests/vault/test_vault_symmetric.yml
+++ b/tests/vault/test_vault_symmetric.yml
@@ -43,7 +43,7 @@
password: SomeVAULTpassword
state: retrieved
register: result
- failed_when: result.vault.data != 'Hello World.' or result.changed
+ failed_when: result.data != 'Hello World.' or result.changed
- name: Retrieve data from symmetric vault into file {{ ansible_env.HOME }}/data.txt.
ipavault:
@@ -77,7 +77,7 @@
password: SomeVAULTpassword
state: retrieved
register: result
- failed_when: result.vault.data != 'The world of π is half rounded.' or result.changed
+ failed_when: result.data != 'The world of π is half rounded.' or result.changed
- name: Archive data in symmetric vault, from file.
ipavault:
@@ -95,7 +95,7 @@
password: SomeVAULTpassword
state: retrieved
register: result
- failed_when: result.vault.data != 'Another World.' or result.changed
+ failed_when: result.data != 'Another World.' or result.changed
- name: Archive data with single character to symmetric vault
ipavault:
@@ -113,7 +113,7 @@
password: SomeVAULTpassword
state: retrieved
register: result
- failed_when: result.vault.data != 'c' or result.changed
+ failed_when: result.data != 'c' or result.changed
- name: Ensure symmetric vault is absent
ipavault:
@@ -167,7 +167,7 @@
password: SomeVAULTpassword
state: retrieved
register: result
- failed_when: result.vault.data != 'Hello World.' or result.changed
+ failed_when: result.data != 'Hello World.' or result.changed
- name: Retrieve data from symmetric vault, with password file.
ipavault:
@@ -176,99 +176,7 @@
password_file: "{{ ansible_env.HOME }}/password.txt"
state: retrieved
register: result
- failed_when: result.vault.data != 'Hello World.' or result.changed
-
- - name: Retrieve data from symmetric vault, with wrong password.
- ipavault:
- ipaadmin_password: SomeADMINpassword
- name: symvault
- password: SomeWRONGpassword
- state: retrieved
- register: result
- failed_when: not result.failed or "Invalid credentials" not in result.msg
-
- - name: Change vault password.
- ipavault:
- ipaadmin_password: SomeADMINpassword
- name: symvault
- password: SomeVAULTpassword
- new_password: SomeNEWpassword
- register: result
- failed_when: not result.changed
-
- - name: Retrieve data from symmetric vault, with new password.
- ipavault:
- ipaadmin_password: SomeADMINpassword
- name: symvault
- password: SomeNEWpassword
- state: retrieved
- register: result
- failed_when: result.vault.data != 'Hello World.' or result.changed
-
- - name: Retrieve data from symmetric vault, with old password.
- ipavault:
- ipaadmin_password: SomeADMINpassword
- name: symvault
- password: SomeVAULTpassword
- state: retrieved
- register: result
- failed_when: not result.failed or "Invalid credentials" not in result.msg
-
- - name: Change symmetric vault salt, changing password
- ipavault:
- ipaadmin_password: SomeADMINpassword
- name: symvault
- password: SomeNEWpassword
- new_password: SomeVAULTpassword
- salt: AAAAAAAAAAAAAAAAAAAAAAA=
- register: result
- failed_when: not result.changed
-
- - name: Change symmetric vault salt, without changing password
- ipavault:
- ipaadmin_password: SomeADMINpassword
- name: symvault
- password: SomeVAULTpassword
- new_password: SomeVAULTpassword
- salt: MTIzNDU2Nzg5MDEyMzQ1Ngo=
- register: result
- failed_when: not result.changed
-
- - name: Try to change symmetric vault salt, without providing any password
- ipavault:
- ipaadmin_password: SomeADMINpassword
- name: symvault
- salt: MTIzNDU2Nzg5MDEyMzQ1Ngo=
- register: result
- failed_when: not result.failed and "Vault `salt` can only change when changing the password." not in result.msg
-
- - name: Try to change symmetric vault salt, without providing `password`
- ipavault:
- ipaadmin_password: SomeADMINpassword
- name: symvault
- salt: MTIzNDU2Nzg5MDEyMzQ1Ngo=
- new_password: SomeVAULTpassword
- register: result
- failed_when: not result.failed and "Vault `salt` can only change when changing the password." not in result.msg
-
- - name: Try to change symmetric vault salt, without providing `new_password`
- ipavault:
- ipaadmin_password: SomeADMINpassword
- name: symvault
- salt: MTIzNDU2Nzg5MDEyMzQ1Ngo=
- password: SomeVAULTpassword
- register: result
- failed_when: not result.failed and "Vault `salt` can only change when changing the password." not in result.msg
-
- - name: Try to change symmetric vault salt, using wrong password.
- ipavault:
- ipaadmin_password: SomeADMINpassword
- name: symvault
- password: SomeWRONGpassword
- new_password: SomeWRONGpassword
- salt: MDEyMzQ1Njc4OTAxMjM0NQo=
- register: result
- failed_when: not result.failed
+ failed_when: result.data != 'Hello World.' or result.changed
- name: Ensure symmetric vault is absent
ipavault:
@@ -286,14 +194,5 @@
register: result
failed_when: result.changed
- - name: Try to change password of inexistent vault.
- ipavault:
- ipaadmin_password: SomeADMINpassword
- name: inexistentvault
- password: SomeVAULTpassword
- new_password: SomeNEWpassword
- register: result
- failed_when: not result.failed or "Cannot modify password of inexistent vault" not in result.msg
-
- name: Cleanup testing environment.
import_tasks: env_cleanup.yml