diff --git a/README-sudocmd.md b/README-sudocmd.md
index e68fa01da2f8b36db9afc35214d6108752e97b63..2c30ddbf121d5d4e631911cba2a92b489da97cf0 100644
--- a/README-sudocmd.md
+++ b/README-sudocmd.md
@@ -83,6 +83,7 @@ Variable | Description | Required
-------- | ----------- | --------
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
+`ipaapi_context` | The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. Valid values are `server` and `client`. | no
`name` \| `sudocmd` | The sudo command strings. | yes
`description` | The command description string. | no
`nomembers` | Suppress processing of membership attributes. (bool) | no
diff --git a/tests/sudocmd/test_sudocmd.yml b/tests/sudocmd/test_sudocmd.yml
index 992dba7d936728cb080d408bb1459f95e92cf44d..f41cd991a19494fe74daf03b500a3dfd68b0e5e8 100644
--- a/tests/sudocmd/test_sudocmd.yml
+++ b/tests/sudocmd/test_sudocmd.yml
@@ -1,7 +1,7 @@
---
- name: Test sudocmd
- hosts: ipaserver
+ hosts: "{{ ipa_test_host | default('ipaserver') }}"
become: true
gather_facts: false
@@ -9,6 +9,7 @@
- name: Ensure sudocmds are absent
ipasudocmd:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- /usr/bin/su
- /usr/sbin/ifconfig
@@ -18,6 +19,7 @@
- name: Ensure sudocmd is present
ipasudocmd:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: /usr/bin/su
state: present
register: result
@@ -26,6 +28,7 @@
- name: Ensure sudocmd is present again
ipasudocmd:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: /usr/bin/su
state: present
register: result
@@ -34,6 +37,7 @@
- name: Ensure sudocmd is absent
ipasudocmd:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: /usr/bin/su
state: absent
register: result
@@ -42,6 +46,7 @@
- name: Ensure sudocmd is absent again
ipasudocmd:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name: /usr/bin/su
state: absent
register: result
@@ -50,6 +55,7 @@
- name: Ensure multiple sudocmd are present
ipasudocmd:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- /usr/sbin/ifconfig
- /usr/sbin/iwlist
@@ -60,6 +66,7 @@
- name: Ensure multiple sudocmd are present again
ipasudocmd:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- /usr/sbin/ifconfig
- /usr/sbin/iwlist
@@ -70,6 +77,7 @@
- name: Ensure multiple sudocmd are absent
ipasudocmd:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- /usr/sbin/ifconfig
- /usr/sbin/iwlist
@@ -80,6 +88,7 @@
- name: Ensure multiple sudocmd are absent again
ipasudocmd:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- /usr/sbin/ifconfig
- /usr/sbin/iwlist
@@ -90,6 +99,7 @@
- name: Ensure sudocmds are absent
ipasudocmd:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- /usr/bin/su
- /usr/sbin/ifconfig
@@ -99,6 +109,7 @@
- name: Ensure sudocmds are absent
ipasudocmd:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- /usr/sbin/ifconfig
state: absent
@@ -106,6 +117,7 @@
- name: Ensure sudocmds are present
ipasudocmd:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- /usr/sbin/iwlist
state: present
@@ -113,6 +125,7 @@
- name: Ensure multiple sudocmd are absent when only one was present
ipasudocmd:
ipaadmin_password: SomeADMINpassword
+ ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- /usr/sbin/ifconfig
- /usr/sbin/iwlist
diff --git a/tests/sudocmd/test_sudocmd_client_context.yml b/tests/sudocmd/test_sudocmd_client_context.yml
new file mode 100644
index 0000000000000000000000000000000000000000..48f517565d84701df58f7d134099815571afa99d
--- /dev/null
+++ b/tests/sudocmd/test_sudocmd_client_context.yml
@@ -0,0 +1,37 @@
+---
+- name: Test sudocmd
+ hosts: ipaclients, ipaserver
+ become: no
+ gather_facts: no
+
+ tasks:
+ - name: Include FreeIPA facts.
+ include_tasks: ../env_freeipa_facts.yml
+
+ # Test will only be executed if host is not a server.
+ - name: Execute with server context in the client.
+ ipasudocmd:
+ ipaadmin_password: SomeADMINpassword
+ ipaapi_context: server
+ name: ThisShouldNotWork
+ register: result
+ failed_when: not (result.failed and result.msg is regex("No module named '*ipaserver'*"))
+ when: ipa_host_is_client
+
+# Import basic module tests, and execute with ipa_context set to 'client'.
+# If ipaclients is set, it will be executed using the client, if not,
+# ipaserver will be used.
+#
+# With this setup, tests can be executed against an IPA client, against
+# an IPA server using "client" context, and ensure that tests are executed
+# in upstream CI.
+
+- name: Test sudocmd using client context, in client host.
+ import_playbook: test_sudocmd.yml
+ when: groups['ipaclients']
+ vars:
+ ipa_test_host: ipaclients
+
+- name: Test sudocmd using client context, in server host.
+ import_playbook: test_sudocmd.yml
+ when: groups['ipaclients'] is not defined or not groups['ipaclients']