--- - name: Test service hosts: ipaserver become: yes tasks: # setup - name: Setup test envirnoment. include_tasks: env_setup.yml # Add service to test keytab create/retrieve attributes. - name: Ensure test service is present ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" pac_type: - MS-PAC - PAD auth_ind: otp force: yes requires_pre_auth: yes ok_as_delegate: no ok_to_auth_as_delegate: no # tests - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_create_keytab_user: - user01 - user02 action: member register: result failed_when: not result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, again. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_create_keytab_user: - user01 - user02 action: member register: result failed_when: result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_create_keytab_user: - user01 - user02 action: member state: absent register: result failed_when: not result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, again. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_create_keytab_user: - user01 - user02 action: member state: absent register: result failed_when: result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for group. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_create_keytab_group: - group01 - group02 action: member register: result failed_when: not result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for group, again. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_create_keytab_group: - group01 - group02 action: member register: result failed_when: result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for group. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_create_keytab_group: - group01 - group02 action: member state: absent register: result failed_when: not result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for group, again. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_create_keytab_group: - group01 - group02 action: member state: absent register: result failed_when: result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for host. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_create_keytab_host: - "{{ host1_fqdn }}" - "{{ host2_fqdn }}" action: member register: result failed_when: not result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for host, again. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_create_keytab_host: - "{{ host1_fqdn }}" - "{{ host2_fqdn }}" action: member register: result failed_when: result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for host. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_create_keytab_host: - "{{ host1_fqdn }}" - "{{ host2_fqdn }}" action: member state: absent register: result failed_when: not result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for host, again. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_create_keytab_host: - "{{ host1_fqdn }}" - "{{ host2_fqdn }}" action: member state: absent register: result failed_when: result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for hostgroup. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_create_keytab_hostgroup: - hostgroup01 - hostgroup02 action: member register: result failed_when: not result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for hostgroup, again. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_create_keytab_hostgroup: - hostgroup01 - hostgroup02 action: member register: result failed_when: result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for hostgroup. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_create_keytab_hostgroup: - hostgroup01 - hostgroup02 state: absent action: member register: result failed_when: not result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for hostgroup, again. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_create_keytab_hostgroup: - hostgroup01 - hostgroup02 action: member state: absent register: result failed_when: result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_retrieve_keytab_user: - user01 - user02 action: member register: result failed_when: not result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, again. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_retrieve_keytab_user: - user01 - user02 action: member register: result failed_when: result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_retrieve_keytab_user: - user01 - user02 action: member state: absent register: result failed_when: not result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, again. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_retrieve_keytab_user: - user01 - user02 action: member state: absent register: result failed_when: result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for group. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_retrieve_keytab_group: - group01 - group02 action: member register: result failed_when: not result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for group, again. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_retrieve_keytab_group: - group01 - group02 action: member register: result failed_when: result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for group. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_retrieve_keytab_group: - group01 - group02 action: member state: absent register: result failed_when: not result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for group, again. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_retrieve_keytab_group: - group01 - group02 action: member state: absent register: result failed_when: result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for host. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_retrieve_keytab_host: - "{{ host1_fqdn }}" - "{{ host2_fqdn }}" action: member register: result failed_when: not result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for host, again. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_retrieve_keytab_host: - "{{ host1_fqdn }}" - "{{ host2_fqdn }}" action: member register: result failed_when: result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for host. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_retrieve_keytab_host: - "{{ host1_fqdn }}" - "{{ host2_fqdn }}" action: member state: absent register: result failed_when: not result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for host, again. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_retrieve_keytab_host: - "{{ host1_fqdn }}" - "{{ host2_fqdn }}" action: member state: absent register: result failed_when: result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for hostgroup. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_retrieve_keytab_hostgroup: - hostgroup01 - hostgroup02 action: member register: result failed_when: not result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for hostgroup, again. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_retrieve_keytab_hostgroup: - hostgroup01 - hostgroup02 action: member register: result failed_when: result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for hostgroup. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_retrieve_keytab_hostgroup: - hostgroup01 - hostgroup02 action: member state: absent register: result failed_when: not result.changed - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for hostgroup, again. ipaservice: ipaadmin_password: SomeADMINpassword name: "HTTP/{{ svc_fqdn }}" allow_retrieve_keytab_hostgroup: - hostgroup01 - hostgroup02 action: member state: absent register: result failed_when: result.changed # cleanup - name: Clean-up envirnoment. include_tasks: env_cleanup.yml