--- - name: Test user certmapdata hosts: ipaserver become: true gather_facts: false tasks: - name: Generate self-signed certificates. shell: cmd: | openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout "private{{ item }}.key" -out "cert{{ item }}.pem" -subj '/CN=test' openssl x509 -outform der -in "cert{{ item }}.pem" -out "cert{{ item }}.der" base64 "cert{{ item }}.der" -w5000 > "cert{{ item }}.b64" with_items: [1, 2, 3] become: no delegate_to: localhost - name: User test absent ipauser: ipaadmin_password: SomeADMINpassword name: test state: absent - name: User test present ipauser: ipaadmin_password: SomeADMINpassword name: test first: test last: test register: result failed_when: not result.changed - name: User test certmapdata members present ipauser: ipaadmin_password: SomeADMINpassword name: test certmapdata: - certificate: "{{ lookup('file', 'cert1.b64', rstrip=False) }}" - certificate: "{{ lookup('file', 'cert2.b64', rstrip=False) }}" - certificate: "{{ lookup('file', 'cert3.b64', rstrip=False) }}" action: member register: result failed_when: not result.changed - name: User test certmapdata members present again ipauser: ipaadmin_password: SomeADMINpassword name: test certmapdata: - certificate: "{{ lookup('file', 'cert1.b64', rstrip=False) }}" - certificate: "{{ lookup('file', 'cert2.b64', rstrip=False) }}" - certificate: "{{ lookup('file', 'cert3.b64', rstrip=False) }}" action: member register: result failed_when: result.changed - name: User test certmapdata members absent ipauser: ipaadmin_password: SomeADMINpassword name: test certmapdata: - certificate: "{{ lookup('file', 'cert1.b64', rstrip=False) }}" - certificate: "{{ lookup('file', 'cert2.b64', rstrip=False) }}" - certificate: "{{ lookup('file', 'cert3.b64', rstrip=False) }}" action: member state: absent register: result failed_when: not result.changed - name: User test certmapdata members absent again ipauser: ipaadmin_password: SomeADMINpassword name: test certmapdata: - certificate: "{{ lookup('file', 'cert1.b64', rstrip=False) }}" - certificate: "{{ lookup('file', 'cert2.b64', rstrip=False) }}" - certificate: "{{ lookup('file', 'cert3.b64', rstrip=False) }}" action: member state: absent register: result failed_when: result.changed - name: User test certmapdata members present ipauser: ipaadmin_password: SomeADMINpassword name: test certmapdata: - issuer: CN=issuer1 subject: CN=subject1 - issuer: CN=issuer2 subject: CN=subject2 - issuer: CN=issuer3 subject: CN=subject3 action: member register: result failed_when: not result.changed - name: User test certmapdata members present again ipauser: ipaadmin_password: SomeADMINpassword name: test certmapdata: - issuer: CN=issuer1 subject: CN=subject1 - issuer: CN=issuer2 subject: CN=subject2 - issuer: CN=issuer3 subject: CN=subject3 action: member register: result failed_when: result.changed - name: User test certmapdata members absent ipauser: ipaadmin_password: SomeADMINpassword name: test certmapdata: - issuer: CN=issuer1 subject: CN=subject1 - issuer: CN=issuer3 subject: CN=subject3 action: member state: absent register: result failed_when: not result.changed - name: User test certmapdata members absent again ipauser: ipaadmin_password: SomeADMINpassword name: test certmapdata: - issuer: CN=issuer1 subject: CN=subject1 - issuer: CN=issuer3 subject: CN=subject3 action: member state: absent register: result failed_when: result.changed - name: User test certmapdata members absent ipauser: ipaadmin_password: SomeADMINpassword name: test certmapdata: - issuer: CN=issuer2 subject: CN=subject2 action: member state: absent register: result failed_when: not result.changed - name: User test certmapdata members absent again ipauser: ipaadmin_password: SomeADMINpassword name: test certmapdata: - issuer: CN=issuer2 subject: CN=subject2 action: member state: absent register: result failed_when: result.changed - name: User test certmapdata member present ipauser: ipaadmin_password: SomeADMINpassword name: test certmapdata: - issuer: CN=ca,dc=example,dc=com subject: CN=test,dc=example,dc=com action: member register: result failed_when: not result.changed - name: User test certmapdata member present again ipauser: ipaadmin_password: SomeADMINpassword name: test certmapdata: - issuer: CN=ca,dc=example,dc=com subject: CN=test,dc=example,dc=com action: member register: result failed_when: result.changed - name: User test certmapdata member (data) present again ipauser: ipaadmin_password: SomeADMINpassword name: test certmapdata: - data: X509:dc=com,dc=example,CN=cadc=com,dc=example,CN=test action: member register: result failed_when: result.changed - name: User test certmapdata member absent ipauser: ipaadmin_password: SomeADMINpassword name: test certmapdata: - issuer: CN=ca,dc=example,dc=com subject: CN=test,dc=example,dc=com action: member state: absent register: result failed_when: not result.changed - name: User test certmapdata member (data) absent again ipauser: ipaadmin_password: SomeADMINpassword name: test certmapdata: - data: X509:dc=com,dc=example,CN=cadc=com,dc=example,CN=test action: member state: absent register: result failed_when: result.changed - name: User test absent ipauser: ipaadmin_password: SomeADMINpassword name: test state: absent register: result failed_when: not result.changed - name: Remove certificate files. shell: cmd: rm -f "private{{ item }}.key" "cert{{ item }}.pem" "cert{{ item }}.der" "cert{{ item }}.b64" with_items: [1, 2, 3] become: no delegate_to: localhost args: warn: no # suppres warning for not using the `file` module.