--- - name: Test privilege hosts: ipaserver become: true tasks: # CLEANUP TEST ITEMS - name: Ensure privilege "Broad Privilege" is absent ipaprivilege: ipaadmin_password: SomeADMINpassword name: - Broad Privilege - DNS Privilege state: absent # CREATE TEST ITEMS # TESTS - name: Ensure privilege Broad Privilege is present ipaprivilege: ipaadmin_password: SomeADMINpassword name: Broad Privilege description: Broad Privilege register: result failed_when: not result.changed or result.failed - name: Ensure privilege Broad Privilege is present again ipaprivilege: ipaadmin_password: SomeADMINpassword name: Broad Privilege description: Broad Privilege register: result failed_when: result.changed or result.failed - name: Change privilege Broad Privilege description ipaprivilege: ipaadmin_password: SomeADMINpassword name: Broad Privilege description: Broad Privilege description register: result failed_when: not result.changed or result.failed - name: Ensure privilege Broad Privilege has permissions ipaprivilege: ipaadmin_password: SomeADMINpassword name: Broad Privilege permission: - "Write IPA Configuration" - "System: Write DNS Configuration" - "System: Update DNS Entries" action: member register: result failed_when: not result.changed or result.failed - name: Ensure privilege Broad Privilege has permissions, again ipaprivilege: ipaadmin_password: SomeADMINpassword name: Broad Privilege permission: - "Write IPA Configuration" - "System: Write DNS Configuration" - "System: Update DNS Entries" action: member register: result failed_when: result.changed or result.failed - name: Ensure privilege Broad Privilege member permission "Write IPA Configuration" is absent ipaprivilege: ipaadmin_password: SomeADMINpassword name: Broad Privilege permission: - "Write IPA Configuration" action: member state: absent register: result failed_when: not result.changed or result.failed - name: Ensure privilege Broad Privilege member permission "Write IPA Configuration" is absent again ipaprivilege: ipaadmin_password: SomeADMINpassword name: Broad Privilege permission: - "Write IPA Configuration" action: member state: absent register: result failed_when: result.changed or result.failed - name: Ensure privilege Broad Privilege is absent ipaprivilege: ipaadmin_password: SomeADMINpassword name: Broad Privilege state: absent register: result failed_when: not result.changed or result.failed - name: Ensure privilege Broad Privilege is present ipaprivilege: ipaadmin_password: SomeADMINpassword name: Broad Privilege register: result failed_when: not result.changed or result.failed - name: Ensure privilege Broad Privilege is renamed to "DNS Privilege" ipaprivilege: ipaadmin_password: SomeADMINpassword name: Broad Privilege rename: DNS Privilege state: renamed register: result failed_when: not result.changed or result.failed - name: Ensure privilege Broad Privilege cannot be renamed, because it does not exist. ipaprivilege: ipaadmin_password: SomeADMINpassword name: Broad Privilege rename: DNS Privilege state: renamed register: result failed_when: not result.failed or "No privilege found to be renamed" not in result.msg - name: Ensure privilege cannot be renamed to the same name. ipaprivilege: ipaadmin_password: SomeADMINpassword name: DNS Privilege rename: DNS Privilege state: renamed register: result failed_when: result.changed or result.failed - name: Ensure privilege cannot be renamed to the same name. ipaprivilege: ipaadmin_password: SomeADMINpassword name: DNS Privilege rename: DNS Privilege state: renamed register: result failed_when: result.changed or result.failed # CLEANUP TEST ITEMS - name: Ensure privilege testing privileges are absent ipaprivilege: ipaadmin_password: SomeADMINpassword name: - Broad Privilege - DNS Privilege state: absent