--- - name: Tests hosts: ipaserver become: true gather_facts: false tasks: - name: Ensure hostgroup is present, with a host. ipahostgroup: ipaadmin_password: MyPassword123 name: cluster host: - "{{ groups.ipaserver[0] }}" - name: Ensure some sudocmds are available ipasudocmd: ipaadmin_password: MyPassword123 name: - /sbin/ifconfig - /usr/bin/vim state: present - name: Ensure sudocmdgroup is available ipasudocmdgroup: ipaadmin_password: MyPassword123 name: test_sudorule sudocmd: /usr/bin/vim state: present - name: Ensure sudorules are absent ipasudorule: ipaadmin_password: MyPassword123 name: - testrule1 - allusers - allhosts - allcommands state: absent - name: Ensure sudorule is present ipasudorule: ipaadmin_password: MyPassword123 name: testrule1 register: result failed_when: not result.changed - name: Ensure sudorule is present again ipasudorule: ipaadmin_password: MyPassword123 name: testrule1 register: result failed_when: result.changed - name: Ensure sudorule is present, runAsUserCategory. ipasudorule: ipaadmin_password: MyPassword123 name: testrule1 runAsUserCategory: all register: result failed_when: result.changed - name: Ensure sudorule is present, with usercategory 'all' ipasudorule: ipaadmin_password: MyPassword123 name: allusers usercategory: all register: result failed_when: not result.changed - name: Ensure sudorule is present, with usercategory 'all', again ipasudorule: ipaadmin_password: MyPassword123 name: allusers usercategory: all register: result failed_when: result.changed - name: Ensure sudorule is present, with hostategory 'all' ipasudorule: ipaadmin_password: MyPassword123 name: allhosts hostcategory: all register: result failed_when: not result.changed - name: Ensure sudorule is present, with hostategory 'all', again ipasudorule: ipaadmin_password: MyPassword123 name: allhosts hostcategory: all register: result failed_when: result.changed - name: Ensure sudorule is disabled ipasudorule: ipaadmin_password: MyPassword123 name: testrule1 state: disabled - name: Ensure sudorule is disabled, again ipasudorule: ipaadmin_password: MyPassword123 name: testrule1 state: disabled register: result failed_when: result.changed - name: Ensure sudorule is enabled ipasudorule: ipaadmin_password: MyPassword123 name: testrule1 state: enabled register: result failed_when: not result.changed - name: Ensure sudorule is enabled, again ipasudorule: ipaadmin_password: MyPassword123 name: testrule1 state: enabled register: result failed_when: result.changed - name: Ensure sudorule is present and some sudocmd are allowed. ipasudorule: ipaadmin_password: MyPassword123 name: testrule1 allow_sudocmd: - /sbin/ifconfig action: member register: result failed_when: not result.changed - name: Ensure sudorule is present and some sudocmd are allowed, again. ipasudorule: ipaadmin_password: MyPassword123 name: testrule1 allow_sudocmd: - /sbin/ifconfig action: member register: result failed_when: result.changed - name: Ensure sudorule is present and some sudocmd are denyed. ipasudorule: ipaadmin_password: MyPassword123 name: testrule1 deny_sudocmd: - /usr/bin/vim action: member register: result failed_when: not result.changed - name: Ensure sudorule is present and some sudocmd are denyed, again. ipasudorule: ipaadmin_password: MyPassword123 name: testrule1 deny_sudocmd: - /usr/bin/vim action: member register: result failed_when: result.changed - name: Ensure sudorule is present and, sudocmds are absent. ipasudorule: ipaadmin_password: MyPassword123 name: testrule1 allow_sudocmd: /sbin/ifconfig deny_sudocmd: /usr/bin/vim action: member state: absent register: result failed_when: not result.changed - name: Ensure sudorule is present and, sudocmds are absent, again. ipasudorule: ipaadmin_password: MyPassword123 name: testrule1 allow_sudocmd: /sbin/ifconfig deny_sudocmd: /usr/bin/vim action: member state: absent register: result failed_when: result.changed - name: Ensure sudorule is present with cmdcategory 'all'. ipasudorule: ipaadmin_password: MyPassword123 name: allcommands cmdcategory: all register: result failed_when: not result.changed - name: Ensure sudorule is present with cmdcategory 'all', again. ipasudorule: ipaadmin_password: MyPassword123 name: allcommands cmdcategory: all register: result failed_when: result.changed - name: Ensure host "{{ groups.ipaserver[0] }}" is present in sudorule. ipasudorule: ipaadmin_password: MyPassword123 name: testrule1 host: "{{ groups.ipaserver[0] }}" action: member register: result failed_when: not result.changed - name: Ensure host "{{ groups.ipaserver[0] }}" is present in sudorule, again. ipasudorule: ipaadmin_password: MyPassword123 name: testrule1 host: "{{ groups.ipaserver[0] }}" action: member register: result failed_when: result.changed - name: Ensure hostgroup is present in sudorule. ipasudorule: ipaadmin_password: MyPassword123 name: testrule1 hostgroup: cluster action: member register: result failed_when: not result.changed - name: Ensure hostgroup is present in sudorule, again. ipasudorule: ipaadmin_password: MyPassword123 name: testrule1 hostgroup: cluster action: member register: result failed_when: result.changed - name: Ensure sudorule is present, with an allow_sudocmdgroup. ipasudorule: ipaadmin_password: MyPassword123 name: testrule1 allow_sudocmdgroup: test_sudorule state: present register: result failed_when: not result.changed - name: Ensure sudorule is present, with an allow_sudocmdgroup, again. ipasudorule: ipaadmin_password: MyPassword123 name: testrule1 allow_sudocmdgroup: test_sudorule state: present register: result failed_when: result.changed - name: Ensure sudorule is present, but allow_sudocmdgroup is absent. ipasudorule: ipaadmin_password: MyPassword123 name: testrule1 allow_sudocmdgroup: test_sudorule action: member state: absent register: result failed_when: not result.changed - name: Ensure sudorule is present, but allow_sudocmdgroup is absent. ipasudorule: ipaadmin_password: MyPassword123 name: testrule1 allow_sudocmdgroup: test_sudorule action: member state: absent register: result failed_when: result.changed - name: Ensure sudorule is present, with an deny_sudocmdgroup. ipasudorule: ipaadmin_password: MyPassword123 name: testrule1 deny_sudocmdgroup: test_sudorule state: present register: result failed_when: not result.changed - name: Ensure sudorule is present, with an deny_sudocmdgroup, again. ipasudorule: ipaadmin_password: MyPassword123 name: testrule1 deny_sudocmdgroup: test_sudorule state: present register: result failed_when: result.changed - name: Ensure sudorule is present, but deny_sudocmdgroup is absent. ipasudorule: ipaadmin_password: MyPassword123 name: testrule1 deny_sudocmdgroup: test_sudorule action: member state: absent register: result failed_when: not result.changed - name: Ensure sudorule is present, but deny_sudocmdgroup is absent, again. ipasudorule: ipaadmin_password: MyPassword123 name: testrule1 deny_sudocmdgroup: test_sudorule action: member state: absent register: result failed_when: result.changed - name: Ensure sudorule is absent ipasudorule: ipaadmin_password: MyPassword123 name: testrule1 state: absent register: result failed_when: not result.changed - name: Ensure sudorule is absent, again. ipasudorule: ipaadmin_password: MyPassword123 name: testrule1 state: absent register: result failed_when: result.changed - name: Ensure sudorule allhosts is absent ipasudorule: ipaadmin_password: MyPassword123 name: allhosts state: absent register: result failed_when: not result.changed - name: Ensure sudorule allhosts is absent, again ipasudorule: ipaadmin_password: MyPassword123 name: allhosts state: absent register: result failed_when: result.changed - name: Ensure sudorule allusers is absent ipasudorule: ipaadmin_password: MyPassword123 name: allusers state: absent register: result failed_when: not result.changed - name: Ensure sudorule allusers is absent, again ipasudorule: ipaadmin_password: MyPassword123 name: allusers state: absent register: result failed_when: result.changed - name: Ensure sudorule allcommands is absent ipasudorule: ipaadmin_password: MyPassword123 name: allcommands state: absent register: result failed_when: not result.changed - name: Ensure sudorule allcommands is absent, again ipasudorule: ipaadmin_password: MyPassword123 name: allcommands state: absent register: result failed_when: result.changed # cleanup - name : Ensure sudocmdgroup is absent ipasudocmdgroup: ipaadmin_password: MyPassword123 name: test_sudorule state: absent - name: Ensure hostgroup is absent. ipahostgroup: ipaadmin_password: MyPassword123 name: cluster state: absent - name: Ensure sudocmds are absent ipasudocmd: ipaadmin_password: MyPassword123 name: - /sbin/ifconfig - /usr/bin/vim state: absent