diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index b2aa5f747f4fcc57c4c8319f3906e9bff52efc01..2b7f782e56f0af0afb9e19f710a890ec4b098dac 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -4,8 +4,8 @@ on:
- push
- pull_request
jobs:
- check_docs:
- name: Check Ansible Documentation.
+ check_docs_29:
+ name: Check Ansible Documentation with Ansible 2.9.
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
@@ -13,4 +13,20 @@ jobs:
with:
python-version: '3.x'
- name: Run ansible-doc-test
- run: ANSIBLE_LIBRARY="." python utils/ansible-doc-test roles plugins
+ run: |
+ python -m pip install "ansible < 2.10"
+ ANSIBLE_LIBRARY="." python utils/ansible-doc-test roles plugins
+
+ check_docs_latest:
+ name: Check Ansible Documentation with latest Ansible.
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ - uses: actions/setup-python@v2
+ with:
+ python-version: '3.x'
+ - name: Run ansible-doc-test
+ run: |
+ python -m pip install ansible
+ ANSIBLE_LIBRARY="." python utils/ansible-doc-test roles plugins
+
diff --git a/molecule/resources/playbooks/prepare-build.yml b/molecule/resources/playbooks/prepare-build.yml
index 41f513d4f2dac98f488d01d66363bef3ff1faca0..5e8e5a92e152d1f59a4f49d83697302dfb1f93bf 100644
--- a/molecule/resources/playbooks/prepare-build.yml
+++ b/molecule/resources/playbooks/prepare-build.yml
@@ -25,3 +25,4 @@
ipadm_password: SomeDMpassword
ipaserver_domain: test.local
ipaserver_realm: TEST.LOCAL
+ ipaclient_no_ntp: yes
diff --git a/playbooks/vault/vault-is-present-with-password-file.yml b/playbooks/vault/vault-is-present-with-password-file.yml
index b552ac66584d26859718c6a262a60abcb5dfe674..bedb75dfea5b31f37d84f1b85ff4ab3f600dea8a 100644
--- a/playbooks/vault/vault-is-present-with-password-file.yml
+++ b/playbooks/vault/vault-is-present-with-password-file.yml
@@ -7,7 +7,7 @@
tasks:
- copy:
src: "{{ playbook_dir }}/password.txt"
- dest: "{{ ansible_env.HOME }}/password.txt"
+ dest: "{{ ansible_facts['env'].HOME }}/password.txt"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: 0600
@@ -16,7 +16,7 @@
name: symvault
username: admin
vault_type: symmetric
- vault_password_file: "{{ ansible_env.HOME }}/password.txt"
+ vault_password_file: "{{ ansible_facts['env'].HOME }}/password.txt"
- file:
- path: "{{ ansible_env.HOME }}/password.txt"
+ path: "{{ ansible_facts['env'].HOME }}/password.txt"
state: absent
diff --git a/playbooks/vault/vault-is-present-with-public-key-file.yml b/playbooks/vault/vault-is-present-with-public-key-file.yml
index 2420f83668ec7b489b47ddeb240c2b44bf611a4a..5d7eda02ddba3a172de697d73143ed914d3ecf8c 100644
--- a/playbooks/vault/vault-is-present-with-public-key-file.yml
+++ b/playbooks/vault/vault-is-present-with-public-key-file.yml
@@ -12,7 +12,7 @@
tasks:
- copy:
src: "{{ playbook_dir }}/public.pem"
- dest: "{{ ansible_env.HOME }}/public.pem"
+ dest: "{{ ansible_facts['env'].HOME }}/public.pem"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: 0600
@@ -21,7 +21,7 @@
name: asymvault
username: admin
vault_type: asymmetric
- vault_public_key_file: "{{ ansible_env.HOME }}/public.pem"
+ vault_public_key_file: "{{ ansible_facts['env'].HOME }}/public.pem"
- file:
- path: "{{ ansible_env.HOME }}/public.pem"
+ path: "{{ ansible_facts['env'].HOME }}/public.pem"
state: absent
diff --git a/plugins/module_utils/ansible_freeipa_module.py b/plugins/module_utils/ansible_freeipa_module.py
index 7748a78fb2df3151d1721f6b0bc262c563803315..f70756c895ff938870730feb0ac91342910a97d9 100644
--- a/plugins/module_utils/ansible_freeipa_module.py
+++ b/plugins/module_utils/ansible_freeipa_module.py
@@ -45,6 +45,9 @@ else:
from datetime import datetime
from pprint import pformat
+ # ansible-freeipa requires locale to be C, IPA requires utf-8.
+ os.environ["LANGUAGE"] = "C"
+
try:
from packaging import version
except ImportError:
@@ -294,6 +297,23 @@ else:
"""
base_debug_msg = "Ansible arguments and IPA commands differed. "
+ # If both args and ipa are None, return there's no difference.
+ # If only one is None, return there is a difference.
+ # This tests avoid unecessary invalid access to attributes.
+ if args is None and ipa is None:
+ return True
+ if args is None or ipa is None:
+ module.debug(
+ base_debug_msg + "args is%s None an ipa is%s None" % (
+ "" if args is None else " not", "" if ipa is None else " not",
+ )
+ )
+ return False
+
+ # Fail if args or ipa are not dicts.
+ if not (isinstance(args, dict) and isinstance(ipa, dict)):
+ raise TypeError("Expected 'dicts' to compare.")
+
for key in args.keys():
if key not in ipa:
module.debug(
diff --git a/plugins/modules/ipaprivilege.py b/plugins/modules/ipaprivilege.py
index 18074f585d41ba077d717a6b7c905d850d6ae066..66af01e5a07a1f4850a18c9b49a6bbc84e4203d1 100644
--- a/plugins/modules/ipaprivilege.py
+++ b/plugins/modules/ipaprivilege.py
@@ -234,14 +234,22 @@ def main():
if action == "privilege":
# Found the privilege
if res_find is not None:
+ res_cmp = {
+ k: v for k, v in res_find.items()
+ if k not in [
+ "objectclass", "cn", "dn",
+ "memberof_permisssion"
+ ]
+ }
# For all settings is args, check if there are
# different settings in the find result.
# If yes: modify
- if not compare_args_ipa(ansible_module, args,
- res_find):
+ if args and not compare_args_ipa(ansible_module, args,
+ res_cmp):
commands.append([name, "privilege_mod", args])
else:
commands.append([name, "privilege_add", args])
+ res_find = {}
member_args = {}
if permission:
diff --git a/roles/ipabackup/tasks/copy_backup_from_server.yml b/roles/ipabackup/tasks/copy_backup_from_server.yml
index 1cfef3debad6e0f7f2042f5ee5445b13c91e4ad7..e9964fdd9fe1b751fb83bbb1364e446916b780d7 100644
--- a/roles/ipabackup/tasks/copy_backup_from_server.yml
+++ b/roles/ipabackup/tasks/copy_backup_from_server.yml
@@ -10,7 +10,7 @@
set_fact:
ipabackup_controller_dir:
"{{ ipabackup_controller_path | default(lookup('env','PWD')) }}/{{
- ipabackup_name_prefix | default(ansible_fqdn) }}_{{
+ ipabackup_name_prefix | default(ansible_facts['fqdn']) }}_{{
ipabackup_item }}/"
- name: Stat backup on server
diff --git a/roles/ipabackup/tasks/get_ipabackup_dir.yml b/roles/ipabackup/tasks/get_ipabackup_dir.yml
index 41597e8dddccef5ca82e084a2bbb620e9ec646ad..45cb48a1678089d64726aa3982ac79183fc16e4d 100644
--- a/roles/ipabackup/tasks/get_ipabackup_dir.yml
+++ b/roles/ipabackup/tasks/get_ipabackup_dir.yml
@@ -1,6 +1,6 @@
---
- name: Get IPA_BACKUP_DIR dir from ipaplatform
- command: "{{ ansible_playbook_python }}"
+ command: "{{ ansible_python_interpreter | default('/usr/bin/python') }}"
args:
stdin: |
from ipaplatform.paths import paths
diff --git a/roles/ipabackup/tasks/restore.yml b/roles/ipabackup/tasks/restore.yml
index 362735522e6eccbcf07030df6b751137c57dea3c..55576c6e4bee67acec4c552c3095d7c262fc2423 100644
--- a/roles/ipabackup/tasks/restore.yml
+++ b/roles/ipabackup/tasks/restore.yml
@@ -6,9 +6,9 @@
- name: Import variables specific to distribution
include_vars: "{{ item }}"
with_first_found:
- - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml"
- - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
- - "{{ role_path }}/vars/{{ ansible_distribution }}.yml"
+ - "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_version'] }}.yml"
+ - "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_major_version'] }}.yml"
+ - "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}.yml"
- "{{ role_path }}/vars/default.yml"
### GET SERVICES FROM BACKUP
diff --git a/roles/ipaclient/library/ipaclient_get_facts.py b/roles/ipaclient/library/ipaclient_get_facts.py
index 003715efd3926c88437f99106daed5654150b976..b7e270fc3f0b66be9beecb6bd6955bfcd2bc8e96 100644
--- a/roles/ipaclient/library/ipaclient_get_facts.py
+++ b/roles/ipaclient/library/ipaclient_get_facts.py
@@ -1,6 +1,15 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
+DOCUMENTATION = """
+---
+module: ipaclient_get_facts
+short description: Get facts about IPA client and server configuration.
+description: Get facts about IPA client and server configuration.
+author:
+ - Thomas Woerner
+"""
+
import os
import re
import six
diff --git a/roles/ipaclient/library/ipaclient_test.py b/roles/ipaclient/library/ipaclient_test.py
index d5d7f7187941dff8e34ad8d7ba5298eaf478ad8a..1a80fafb6022b96aa585a7374e126abd56dd52bc 100644
--- a/roles/ipaclient/library/ipaclient_test.py
+++ b/roles/ipaclient/library/ipaclient_test.py
@@ -180,9 +180,9 @@ ntp_servers:
type: list
sample: ["ntp.example.com"]
ipa_python_version:
- description:
- - The IPA python version as a number:
- - <major version>*10000+<minor version>*100+<release>
+ description: >
+ The IPA python version as a number:
+ <major version>*10000+<minor version>*100+<release>
returned: always
type: int
sample: 040400
diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml
index fccc72e06d0865c5890a7ab47fdf6e5332989df0..515bab2f0ac71ee26c72627fd7ac274019e03100 100644
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -33,7 +33,7 @@
domain: "{{ ipaserver_domain | default(ipaclient_domain) | default(omit) }}"
servers: "{{ ipaclient_servers | default(omit) }}"
realm: "{{ ipaserver_realm | default(ipaclient_realm) | default(omit) }}"
- hostname: "{{ ipaclient_hostname | default(ansible_fqdn) }}"
+ hostname: "{{ ipaclient_hostname | default(ansible_facts['fqdn']) }}"
ntp_servers: "{{ ipaclient_ntp_servers | default(omit) }}"
ntp_pool: "{{ ipaclient_ntp_pool | default(omit) }}"
no_ntp: "{{ ipaclient_no_ntp }}"
@@ -181,8 +181,12 @@
# Do not fail on error codes 3 and 5:
# 3 - Unable to open keytab
# 5 - Principal name or realm not found in keytab
+ # 7 - Failed to set cursor, typically when errcode
+ # would be issued in past
failed_when: result_ipa_rmkeytab.rc != 0 and
- result_ipa_rmkeytab.rc != 3 and result_ipa_rmkeytab.rc != 5
+ result_ipa_rmkeytab.rc != 3 and
+ result_ipa_rmkeytab.rc != 5 and
+ result_ipa_rmkeytab.rc != 7
when: (ipaclient_use_otp | bool or ipaclient_force_join | bool) and not ipaclient_on_master | bool
- name: Install - Backup and set hostname
diff --git a/roles/ipaclient/tasks/main.yml b/roles/ipaclient/tasks/main.yml
index d8b3c03ae38fd992d214b290a77d8d3611b3cfc2..8840bb5feeca18927a3c8196cc880e3186fade6d 100644
--- a/roles/ipaclient/tasks/main.yml
+++ b/roles/ipaclient/tasks/main.yml
@@ -4,9 +4,9 @@
- name: Import variables specific to distribution
include_vars: "{{ item }}"
with_first_found:
- - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml"
- - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
- - "{{ role_path }}/vars/{{ ansible_distribution }}.yml"
+ - "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_version'] }}.yml"
+ - "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_major_version'] }}.yml"
+ - "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}.yml"
- "{{ role_path }}/vars/default.yml"
- name: Install IPA client
diff --git a/roles/ipareplica/tasks/install.yml b/roles/ipareplica/tasks/install.yml
index bae12531328c5c6efc3476a57161de448b9c42e0..695242d1b97f12268c2181486c2f7b9878c65518 100644
--- a/roles/ipareplica/tasks/install.yml
+++ b/roles/ipareplica/tasks/install.yml
@@ -72,7 +72,7 @@
default(omit) }}"
servers: "{{ ipareplica_servers | default(omit) }}"
realm: "{{ ipareplica_realm | default(ipaserver_realm) |default(omit) }}"
- hostname: "{{ ipareplica_hostname | default(ansible_fqdn) }}"
+ hostname: "{{ ipareplica_hostname | default(ansible_facts['fqdn']) }}"
ca_cert_files: "{{ ipareplica_ca_cert_files | default([]) }}"
hidden_replica: "{{ ipareplica_hidden_replica }}"
skip_mem_check: "{{ not ipareplica_mem_check }}"
diff --git a/roles/ipareplica/tasks/main.yml b/roles/ipareplica/tasks/main.yml
index 0d9cd7acc02dd0025d8ba3c5e462b48b191820d0..18bbe2569d005b30155ab624a8f13d1197ed094b 100644
--- a/roles/ipareplica/tasks/main.yml
+++ b/roles/ipareplica/tasks/main.yml
@@ -4,9 +4,9 @@
- name: Import variables specific to distribution
include_vars: "{{ item }}"
with_first_found:
- - "vars/{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml"
- - "vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
- - "vars/{{ ansible_distribution }}.yml"
+ - "vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_version'] }}.yml"
+ - "vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_major_version'] }}.yml"
+ - "vars/{{ ansible_facts['distribution'] }}.yml"
- "vars/default.yml"
- name: Install IPA replica
diff --git a/roles/ipareplica/tasks/uninstall.yml b/roles/ipareplica/tasks/uninstall.yml
index 5df73e93bb6b0a00dc05773356992dc7628d0721..a9240d776ca7b9777d6b18d0adb7622061a25f47 100644
--- a/roles/ipareplica/tasks/uninstall.yml
+++ b/roles/ipareplica/tasks/uninstall.yml
@@ -25,7 +25,7 @@
# command: >
# /usr/sbin/ipa-replica-manage
# del
-# {{ ipareplica_hostname | default(ansible_fqdn) }}
+# {{ ipareplica_hostname | default(ansible_facts['fqdn']) }}
# --force
# --password={{ ipadm_password }}
# failed_when: False
diff --git a/roles/ipaserver/tasks/install.yml b/roles/ipaserver/tasks/install.yml
index d34bc125a55cc2098b524d875b64e6ec483b4a3c..8099a158245a74d749fd73341b3943f3c747789f 100644
--- a/roles/ipaserver/tasks/install.yml
+++ b/roles/ipaserver/tasks/install.yml
@@ -65,7 +65,7 @@
master_password: "{{ ipaserver_master_password | default(omit) }}"
domain: "{{ ipaserver_domain | default(omit) }}"
realm: "{{ ipaserver_realm | default(omit) }}"
- hostname: "{{ ipaserver_hostname | default(ansible_fqdn) }}"
+ hostname: "{{ ipaserver_hostname | default(ansible_facts['fqdn']) }}"
ca_cert_files: "{{ ipaserver_ca_cert_files | default(omit) }}"
no_host_dns: "{{ ipaserver_no_host_dns }}"
pki_config_override: "{{ ipaserver_pki_config_override | default(omit) }}"
diff --git a/roles/ipaserver/tasks/main.yml b/roles/ipaserver/tasks/main.yml
index 6ae77ae0c481257b4808dc1b16502da1521d3046..c4e1bd7c6f04dbc3922371164706cb263c65f7ce 100644
--- a/roles/ipaserver/tasks/main.yml
+++ b/roles/ipaserver/tasks/main.yml
@@ -4,9 +4,9 @@
- name: Import variables specific to distribution
include_vars: "{{ item }}"
with_first_found:
- - "vars/{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml"
- - "vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
- - "vars/{{ ansible_distribution }}.yml"
+ - "vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_version'] }}.yml"
+ - "vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_major_version'] }}.yml"
+ - "vars/{{ ansible_facts['distribution'] }}.yml"
- "vars/default.yml"
- name: Install IPA server
diff --git a/tests/ansible.cfg b/tests/ansible.cfg
index e7f4443968a96c6d8878c6646ee6a0a54144b68b..5436b8c03b3971abdfb03e5a3d33b949ca7b2e49 100644
--- a/tests/ansible.cfg
+++ b/tests/ansible.cfg
@@ -3,3 +3,4 @@ roles_path = ../roles:~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/rol
library = ../plugins/modules:~/.ansible/plugins/modules:/usr/share/ansible/plugins/modules
module_utils = ../plugins/module_utils:~/.ansible/plugins/module_utils:/usr/share/ansible/plugins/module_utils
host_key_checking = false
+inject_facts_as_vars = false
diff --git a/tests/azure/templates/build_container.yml b/tests/azure/templates/build_container.yml
index 0bd493213795eaa33d27e9b15263c70d09c74a67..c77e274558e16adf9b85e265d37a2b1f1d3e028b 100644
--- a/tests/azure/templates/build_container.yml
+++ b/tests/azure/templates/build_container.yml
@@ -23,6 +23,8 @@ jobs:
- script: molecule create -s ${{ parameters.build_scenario_name }}
displayName: Create test container
+ env:
+ ANSIBLE_LIBRARY: ./molecule
- script: |
docker stop ${{ parameters.build_scenario_name }}
diff --git a/tests/azure/templates/playbook_tests.yml b/tests/azure/templates/playbook_tests.yml
index d5b5d81820e771ca0c4d3b1b03fc70dc4bfdc0d6..6962fb76fb3575d802a9cc4d0d7697a0d7cb54cf 100644
--- a/tests/azure/templates/playbook_tests.yml
+++ b/tests/azure/templates/playbook_tests.yml
@@ -44,6 +44,8 @@ jobs:
cp -a plugins/module_utils/* ~/.ansible/module_utils
molecule create -s ${{ parameters.scenario }}
displayName: Setup test container
+ env:
+ ANSIBLE_LIBRARY: ./molecule
- script: |
pytest \
diff --git a/tests/azure/templates/pytest_tests.yml b/tests/azure/templates/pytest_tests.yml
index 64fe0b45e5fceff9624d07b15a4dc86789f15e02..d4254543926f18e16747f7eb01d6c36f3e255b5b 100644
--- a/tests/azure/templates/pytest_tests.yml
+++ b/tests/azure/templates/pytest_tests.yml
@@ -36,6 +36,8 @@ jobs:
cp -a plugins/module_utils/* ~/.ansible/module_utils
molecule create -s ${{ parameters.scenario }}
displayName: Setup test container
+ env:
+ ANSIBLE_LIBRARY: ./molecule
- script: |
pytest \
diff --git a/tests/dnsrecord/env_vars.yml b/tests/dnsrecord/env_vars.yml
index d3aef920351e65c948b62c9558bbfa849f0ca9e3..d95e1381fc52ee5afa1800d84e64959b7bdabd74 100644
--- a/tests/dnsrecord/env_vars.yml
+++ b/tests/dnsrecord/env_vars.yml
@@ -2,9 +2,9 @@
# Set common vars and facts for test.
- name: Set IPv4 address prefix.
set_fact:
- ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] |
+ ipv4_prefix: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] |
join('.') }}"
- ipv4_reverse_sufix: "{{ ansible_default_ipv4.address.split('.')[:-1] |
+ ipv4_reverse_sufix: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] |
reverse |
join('.') }}"
diff --git a/tests/dnsrecord/test_dnsrecord.yml b/tests/dnsrecord/test_dnsrecord.yml
index 75f6a92a5ec3993b7dc2df940270615f8116bffc..05379ce4607a48029a9e2bb33d081d2c896d4375 100644
--- a/tests/dnsrecord/test_dnsrecord.yml
+++ b/tests/dnsrecord/test_dnsrecord.yml
@@ -564,7 +564,7 @@
ipaadmin_password: SomeADMINpassword
name: iron01
zone_name: "{{ safezone }}"
- ip_address: "{{ ansible_default_ipv4.address }}"
+ ip_address: "{{ ansible_facts['default_ipv4'].address }}"
register: result
failed_when: not result.changed
diff --git a/tests/environment/test_locale.yml b/tests/environment/test_locale.yml
new file mode 100644
index 0000000000000000000000000000000000000000..27d03de756655fae5c1d84ffdb5ab7d0271feb1e
--- /dev/null
+++ b/tests/environment/test_locale.yml
@@ -0,0 +1,32 @@
+---
+- name: Test language variations
+ hosts: ipaserver
+
+ tasks:
+ - name: Ensure a host is not present, with language set to "de_DE".
+ ipahost:
+ ipaadmin_password: SomeADMINpassword
+ name: nonexistent
+ state: absent
+ environment:
+ LANGUAGE: "de_DE"
+ register: result
+ failed_when: result.failed or result.changed
+
+ - name: Ensure a host is not present, with language set to "C".
+ ipahost:
+ ipaadmin_password: SomeADMINpassword
+ name: nonexistent
+ state: absent
+ environment:
+ LANGUAGE: "C"
+ register: result
+ failed_when: result.failed or result.changed
+
+ - name: Ensure a host is not present, using controller language.
+ ipahost:
+ ipaadmin_password: SomeADMINpassword
+ name: nonexistent
+ state: absent
+ register: result
+ failed_when: result.failed or result.changed
diff --git a/tests/hbacrule/test_hbacrule.yml b/tests/hbacrule/test_hbacrule.yml
index ce1f29c5743fdad46aac8700a1ae7bf3026514c8..e0dc3b8ef9943b7dd4ce1c75707313310e8ff2a3 100644
--- a/tests/hbacrule/test_hbacrule.yml
+++ b/tests/hbacrule/test_hbacrule.yml
@@ -6,7 +6,7 @@
tasks:
- name: Get Domain from server name
set_fact:
- ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
+ ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
# CLEANUP TEST ITEMS
diff --git a/tests/host/certificate/test_host_certificate.yml b/tests/host/certificate/test_host_certificate.yml
index c4149491af2316b2c121739943a6479884459305..1feb66b57ff985b0e60a1af908e9c3e7cc3b3abd 100644
--- a/tests/host/certificate/test_host_certificate.yml
+++ b/tests/host/certificate/test_host_certificate.yml
@@ -6,7 +6,7 @@
tasks:
- name: Get Domain from server name
set_fact:
- ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
+ ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Generate self-signed certificates.
diff --git a/tests/host/certificate/test_hosts_certificate.yml b/tests/host/certificate/test_hosts_certificate.yml
index f2ef1a22ae262aa26e7aedc6844a24dc123bb024..00940f3c76bab4303bcbab025414ae4a449db174 100644
--- a/tests/host/certificate/test_hosts_certificate.yml
+++ b/tests/host/certificate/test_hosts_certificate.yml
@@ -6,7 +6,7 @@
tasks:
- name: Get Domain from server name
set_fact:
- ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
+ ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Host test absent
diff --git a/tests/host/test_host.yml b/tests/host/test_host.yml
index d4760c1887109cb1f811b8863e4afc5f7762d0b6..e04105b94cbb132d557778b51d3acc728ded2715 100644
--- a/tests/host/test_host.yml
+++ b/tests/host/test_host.yml
@@ -6,7 +6,7 @@
tasks:
- name: Get Domain from server name
set_fact:
- ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
+ ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Set host1_fqdn .. host6_fqdn
@@ -33,7 +33,7 @@
- name: Get IPv4 address prefix from server node
set_fact:
- ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] |
+ ipv4_prefix: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] |
join('.') }}"
- name: Host "{{ host1_fqdn }}" present
diff --git a/tests/host/test_host_allow_create_keytab.yml b/tests/host/test_host_allow_create_keytab.yml
index 4be1305ec117d77c2ee7583d016a5aab20884800..358a6780828a2751af9473ada65e1766b95a7665 100644
--- a/tests/host/test_host_allow_create_keytab.yml
+++ b/tests/host/test_host_allow_create_keytab.yml
@@ -6,12 +6,12 @@
tasks:
- name: Get Domain from server name
set_fact:
- ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
+ ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Get Realm from server name
set_fact:
- ipaserver_realm: "{{ ansible_fqdn.split('.')[1:] | join ('.') | upper }}"
+ ipaserver_realm: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') | upper }}"
when: ipaserver_realm is not defined
- name: Set host1_fqdn .. host3_fqdn
diff --git a/tests/host/test_host_allow_retrieve_keytab.yml b/tests/host/test_host_allow_retrieve_keytab.yml
index 9be0ef6189f0d686bb62ee6ea93d594124d42a93..c5eba3770e99c8d544c21a76e63492dde5487b73 100644
--- a/tests/host/test_host_allow_retrieve_keytab.yml
+++ b/tests/host/test_host_allow_retrieve_keytab.yml
@@ -6,12 +6,12 @@
tasks:
- name: Get Domain from server name
set_fact:
- ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
+ ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Get Realm from server name
set_fact:
- ipaserver_realm: "{{ ansible_fqdn.split('.')[1:] | join ('.') | upper }}"
+ ipaserver_realm: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') | upper }}"
when: ipaserver_realm is not defined
- name: Set host1_fqdn .. host3_fqdn
diff --git a/tests/host/test_host_bool_params.yml b/tests/host/test_host_bool_params.yml
index bc35f97e1fd5f28d93dc05319a1f0f25e0db3e5a..e685fbea6d9fe5f94e32009842ed9ccb4549c432 100644
--- a/tests/host/test_host_bool_params.yml
+++ b/tests/host/test_host_bool_params.yml
@@ -6,7 +6,7 @@
tasks:
- name: Get Domain from server name
set_fact:
- ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
+ ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Set host1_fqdn .. host6_fqdn
diff --git a/tests/host/test_host_ipaddresses.yml b/tests/host/test_host_ipaddresses.yml
index bcca18fc65343e4686d7c80d8dfa4c18f8498fd4..c9774a604ffd07da89237f70262b0441f18f8843 100644
--- a/tests/host/test_host_ipaddresses.yml
+++ b/tests/host/test_host_ipaddresses.yml
@@ -6,7 +6,7 @@
tasks:
- name: Get Domain from server name
set_fact:
- ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
+ ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Set host1_fqdn .. host6_fqdn
@@ -17,7 +17,7 @@
- name: Get IPv4 address prefix from server node
set_fact:
- ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] |
+ ipv4_prefix: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] |
join('.') }}"
- name: Host absent
diff --git a/tests/host/test_host_managedby_host.yml b/tests/host/test_host_managedby_host.yml
index d5d367801f62f89c53df227e70ea05d466f025a5..81fccbd6571097d63994c8748e0ace3089f754ff 100644
--- a/tests/host/test_host_managedby_host.yml
+++ b/tests/host/test_host_managedby_host.yml
@@ -6,7 +6,7 @@
tasks:
- name: Get Domain from server name
set_fact:
- ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
+ ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Set host1_fqdn .. host2_fqdn
@@ -55,39 +55,39 @@
register: result
failed_when: result.changed
- - name: Host "{{ host1_fqdn }}" managed by "{{ ansible_fqdn }}"
+ - name: Host "{{ host1_fqdn }}" managed by "{{ ansible_facts['fqdn'] }}"
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
- managedby_host: "{{ ansible_fqdn }}"
+ managedby_host: "{{ ansible_facts['fqdn'] }}"
action: member
register: result
failed_when: not result.changed
- - name: Host "{{ host1_fqdn }}" managed by "{{ ansible_fqdn }}" again
+ - name: Host "{{ host1_fqdn }}" managed by "{{ ansible_facts['fqdn'] }}" again
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
- managedby_host: "{{ ansible_fqdn }}"
+ managedby_host: "{{ ansible_facts['fqdn'] }}"
action: member
register: result
failed_when: result.changed
- - name: Host "{{ host1_fqdn }}" not managed by "{{ ansible_fqdn }}"
+ - name: Host "{{ host1_fqdn }}" not managed by "{{ ansible_facts['fqdn'] }}"
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
- managedby_host: "{{ ansible_fqdn }}"
+ managedby_host: "{{ ansible_facts['fqdn'] }}"
action: member
state: absent
register: result
failed_when: not result.changed
- - name: Host "{{ host1_fqdn }}" not managed by "{{ ansible_fqdn }}" again
+ - name: Host "{{ host1_fqdn }}" not managed by "{{ ansible_facts['fqdn'] }}" again
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
- managedby_host: "{{ ansible_fqdn }}"
+ managedby_host: "{{ ansible_facts['fqdn'] }}"
action: member
state: absent
register: result
diff --git a/tests/host/test_host_principal.yml b/tests/host/test_host_principal.yml
index 5bef0522a813b82bfab8b376f48fbab96c33ac33..0e85626f9099c84639d75730e9f0a9438fb0fc14 100644
--- a/tests/host/test_host_principal.yml
+++ b/tests/host/test_host_principal.yml
@@ -6,12 +6,12 @@
tasks:
- name: Get Domain from server name
set_fact:
- ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
+ ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Get Realm from server name
set_fact:
- ipaserver_realm: "{{ ansible_fqdn.split('.')[1:] | join ('.') | upper }}"
+ ipaserver_realm: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') | upper }}"
when: ipaserver_realm is not defined
- name: Set host1_fqdn
diff --git a/tests/host/test_host_random.yml b/tests/host/test_host_random.yml
index 211d660c9b323f9cf4302be08e1d1e1fe5463f6d..3de73d9611bdb1fe95db53a744a91149da41b2ef 100644
--- a/tests/host/test_host_random.yml
+++ b/tests/host/test_host_random.yml
@@ -6,7 +6,7 @@
tasks:
- name: Get Domain from server name
set_fact:
- ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
+ ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Set host1_fqdn and host2_fqdn
@@ -77,11 +77,11 @@
debug:
var: ipahost.host["{{host2_fqdn }}"].randompassword
- - name: Enrolled host "{{ ansible_fqdn }}" fails to set random password with update_password always
+ - name: Enrolled host "{{ ansible_facts['fqdn'] }}" fails to set random password with update_password always
ipahost:
ipaadmin_password: SomeADMINpassword
hosts:
- - name: "{{ ansible_fqdn }}"
+ - name: "{{ ansible_facts['fqdn'] }}"
random: yes
update_password: always
register: ipahost
@@ -89,7 +89,7 @@
- assert:
that:
- - ipahost.host["{{ ansible_fqdn }}"].randompassword is
+ - ipahost.host["{{ ansible_facts['fqdn'] }}"].randompassword is
not defined
- "'Password cannot be set on enrolled host' in ipahost.msg"
diff --git a/tests/host/test_host_reverse.yml b/tests/host/test_host_reverse.yml
index 9a59c489d8582bc1e2286d4b32e20543f6ee4048..36a0abcc661489cde4fc24ea8862b620bac54b78 100644
--- a/tests/host/test_host_reverse.yml
+++ b/tests/host/test_host_reverse.yml
@@ -6,7 +6,7 @@
tasks:
- name: Get Domain from server name
set_fact:
- ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
+ ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Set host1_fqdn
@@ -23,7 +23,7 @@
- name: Get IPv4 address prefix from server node
set_fact:
- ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] |
+ ipv4_prefix: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] |
join('.') }}"
- name: Set zone prefixes.
diff --git a/tests/host/test_hosts.yml b/tests/host/test_hosts.yml
index 1159e078e6c553ff56c1f45b212f91a2d066d895..cf0f22b927ee53028f54eb272830f3c1e83955ee 100644
--- a/tests/host/test_hosts.yml
+++ b/tests/host/test_hosts.yml
@@ -6,7 +6,7 @@
tasks:
- name: Get Domain from server name
set_fact:
- ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
+ ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Set host1_fqdn .. host6_fqdn
diff --git a/tests/host/test_hosts_managedby_host.yml b/tests/host/test_hosts_managedby_host.yml
index 0fc6651fcb774ae607f2d8d4007cabd2ff9417a5..95f71dcde1f1cd278974f47afb8f62979ade5c13 100644
--- a/tests/host/test_hosts_managedby_host.yml
+++ b/tests/host/test_hosts_managedby_host.yml
@@ -6,7 +6,7 @@
tasks:
- name: Get Domain from server name
set_fact:
- ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
+ ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Set host1_fqdn .. host5_fqdn
diff --git a/tests/host/test_hosts_principal.yml b/tests/host/test_hosts_principal.yml
index b53c043353edd265f6224bf1d1a9ee902e6c4c83..67b4a202f8900f009a3646c4919f182d68da0499 100644
--- a/tests/host/test_hosts_principal.yml
+++ b/tests/host/test_hosts_principal.yml
@@ -6,12 +6,12 @@
tasks:
- name: Get Domain from server name
set_fact:
- ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
+ ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Get Realm from server name
set_fact:
- ipaserver_realm: "{{ ansible_fqdn.split('.')[1:] | join ('.') | upper }}"
+ ipaserver_realm: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') | upper }}"
when: ipaserver_realm is not defined
- name: Set host1_fqdn .. host2_fqdn
diff --git a/tests/hostgroup/test_hostgroup.yml b/tests/hostgroup/test_hostgroup.yml
index f5af7bbeb18771a03892c8ff6c79573678aaeb1d..a0df6ec1cf8dda4447f2fb339995f91df8fff572 100644
--- a/tests/hostgroup/test_hostgroup.yml
+++ b/tests/hostgroup/test_hostgroup.yml
@@ -7,7 +7,7 @@
tasks:
- name: Get Domain from server name
set_fact:
- ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
+ ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Ensure host-group databases, mysql-server and oracle-server are absent
diff --git a/tests/privilege/test_privilege.yml b/tests/privilege/test_privilege.yml
index 2a13187d5b315be5a3d18e2614d24c821e4e7d64..0f6a29d7e7a9a4d8e102346cf02cc4d91bc55b29 100644
--- a/tests/privilege/test_privilege.yml
+++ b/tests/privilege/test_privilege.yml
@@ -140,6 +140,30 @@
register: result
failed_when: result.changed or result.failed
+ - name: Ensure "Broad Privilege" is absent.
+ ipaprivilege:
+ ipaadmin_password: SomeADMINpassword
+ name: Broad Privilege
+ state: absent
+
+ - name: Ensure privilege Broad Privilege is created with permission. (issue 529)
+ ipaprivilege:
+ ipaadmin_password: SomeADMINpassword
+ name: Broad Privilege
+ permission:
+ - "Write IPA Configuration"
+ register: result
+ failed_when: not result.changed or result.failed
+
+ - name: Ensure privilege Broad Privilege is created with permission, again. (issue 529)
+ ipaprivilege:
+ ipaadmin_password: SomeADMINpassword
+ name: Broad Privilege
+ permission:
+ - "Write IPA Configuration"
+ register: result
+ failed_when: result.changed or result.failed
+
# CLEANUP TEST ITEMS
- name: Ensure privilege testing privileges are absent
diff --git a/tests/role/env_facts.yml b/tests/role/env_facts.yml
index f9bca93f4d86ac301ceedf8b14595f86f714a2e2..c6ae0659f7498869e521186f52cfc9f9eefab8f1 100644
--- a/tests/role/env_facts.yml
+++ b/tests/role/env_facts.yml
@@ -1,7 +1,7 @@
---
- name: Get Domain from server name
set_fact:
- ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
+ ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Set fact for realm name
diff --git a/tests/service/certificate/cert1.der b/tests/service/certificate/cert1.der
deleted file mode 100644
index b1b90efde6d33ab44ca7b62941eee06fdbc05da9..0000000000000000000000000000000000000000
Binary files a/tests/service/certificate/cert1.der and /dev/null differ
diff --git a/tests/service/certificate/cert1.pem b/tests/service/certificate/cert1.pem
deleted file mode 100644
index ab3704bba5957ba125762cfb3b5b11b1067b20a8..0000000000000000000000000000000000000000
--- a/tests/service/certificate/cert1.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQEL
-BQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQx
-MDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk
-+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa
-8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0am
-nvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cj
-QQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidS
-X0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYuku
-H/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAP
-BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0
-WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqic
-uPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkG
-wIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyE
-iaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj
-9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV
-7MVq
------END CERTIFICATE-----
diff --git a/tests/service/certificate/cert2.der b/tests/service/certificate/cert2.der
deleted file mode 100644
index e176c2ba50270b331c457e784dea5f5f6a09e53a..0000000000000000000000000000000000000000
Binary files a/tests/service/certificate/cert2.der and /dev/null differ
diff --git a/tests/service/certificate/cert2.pem b/tests/service/certificate/cert2.pem
deleted file mode 100644
index e8ea2e434b79dd142b7531c03ab105ddd2d5d5fd..0000000000000000000000000000000000000000
--- a/tests/service/certificate/cert2.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC/zCCAeegAwIBAgIURhps6LEteMDCdBrlVkWe4cgSh0YwDQYJKoZIhvcNAQEL
-BQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQyNDBaFw0zMDAyMDExNDQy
-NDBaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQC4W56H0VraEKGlCxSTS2PqnaD11shMjruexmholmTEtYPePPnQHpwiiZlg
-K7CPBIOdCn4hHH+hXQDg/TJRMjrde1VzD0pFRBUq6H25sy8oOlfD0bDXkncWn82S
-OJu2UJHeL7htQLRxW14VIAO2YO9zaXdophy6/csTAkFq1ls/vTBp73pnnYp8D7Tg
-zBB6bb95OZBSHeCzPIH2FSCJ/W0j6bHw4i7uHu/jWx0o0LR152fSFFwk0Wrmp8HH
-b2083OlnSBgTM+BZDg9rB7jpLCsIGHWXbjG36jmRaZu5z4vq2FNomJ8PXkX7mwUf
-aft6z+px7UlhrwUxEVWIXOoUBYcJAgMBAAGjUzBRMB0GA1UdDgQWBBTttCQn5UaQ
-i+N5WRnA7ZTQlkVfRTAfBgNVHSMEGDAWgBTttCQn5UaQi+N5WRnA7ZTQlkVfRTAP
-BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBW3vRR5wEDztuLVrcQ
-Dojn1XB24OOqn4C6OJyz3FUxd4MQA8J2vKN4P2QXhY0oYsauFKhR5xfOaDUcK2Tu
-kAtFz1mxqm1ygUVQHbrs8lBeIi4hoMc76ODJ/V9GNY7N/y/5xtD7XlyTVT2tb6tc
-6tmv8e4497PTPspuHp9YbbvzdSI12JENDW4hKCOpR/Uv7mRcCT+c2iMJdUL3f3YO
-FsGBbxVdTPmuhL4My8qR/CtCNpN0gBsaxUKFAP+/1AvFbFDChFVDEEdD8PLznH5x
-8HLmA9/K5x/cXbgqESUqK13P53f1XYOfggKb1f7yqBAZRnTY82+k9Kn9qWOcnyxS
-uUtZ
------END CERTIFICATE-----
diff --git a/tests/service/certificate/private1.key b/tests/service/certificate/private1.key
deleted file mode 100644
index 372908d226ff4d711846f4a4097d8059437b0388..0000000000000000000000000000000000000000
--- a/tests/service/certificate/private1.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC+XVVGFYpHVkcD
-fVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJ
-zMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmj
-fMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn
-0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQW
-AnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63
-g5cZyE+nAgMBAAECggEBALJIsw5aKhE5inSIN0xZT3FTWxcjHF26jE+X86G0H3KZ
-roLqnjOagOKTwjeErXt66IWKFh3b5vKCSNq6PEs8OCeRHv71bay5zK1WWLH87sKJ
-EAUSPuK5O6donI9aC36VL8tTwSOOOS9WJ0KoHqsn/tLHlONXOvo063iYEg8xFhuP
-etrOf2gDjwGbeWis7VeHG7wL5p2/WdsyjTDbQPhmUlBO93rtkBlm9FaqYKwrp8qe
-4c5gf6ZAKgY2EZaQuEvq3Lonk7TRCtPDVCPLYQxZGOmn2UeUS+HMnDSqrlQesBKD
-hNNCCJVaQZHsghmwXa8t9yRBIxoOqVObdEQYJ8wuxMECgYEA676x3m7T2PwJXS+q
-Km3snv60lCozxKbzaNJ1xlAmpW08MijYCkDS/kWSIwN5GO+b5B6use8iALrV9SyP
-eC/6bFuMJ+zRfGhn1cw4Ibz79EroTxmJio7J7SiD/yxvjNVznKx5xgQeB9tdgjaf
-yHSxInWoQzcDGKUe2h2KFJxUzJECgYEAzrh6zI8Ugne5iBUbLcpJUehlMd4+RM0l
-1y8ZOBS1tjzimWycjZaPtMB0q4FOc1ou2zcSxwoGIv5khvUsjKhTfOc6lK+cHPhE
-fAppYUxhHw2UDpX/0hKDuDu++O+86ANp7AOvM+KcNAiEoovxUyurVjBsT/PPlrTA
-r5w7xuyi1LcCgYAZ7ZdSh431R4MgJKXqlLx5oDnsMdgPwOz0knExpo8ZkrIUMjnQ
-puCN5sjz4OXowDG9HULJfyuWOPZfSM9ewKgiUs9PdNR1gmYpNZTW4Ro0/CggywY9
-nwbGdrZN0m1SaAeXK8EY7kr/Qjk+oRNh0LPKvnYLLnnAtCh4hNcy/R62gQKBgBaD
-3UweYVt8csaxlc489BNpvmvaCuovdemkBZkoGEqLAxs2yy5Ysbo8I/jyEntZ3TSf
-IPpwyw5Qqt5QIdQIGV/HR4geQGCfYcYo1CV2zjU1o2SbTcuxnIsaZshyRB75EDZW
-iGScT+sS6m9R0qz+WqD+kS18HqYJddsqpxAZgfqtAoGBAJx7E8HxFpaNfz/QQPAQ
-mvON6ub5u4AfhH4DgiPErMxNsdzVICL+mnQy0wdmi1oEpq9KH4/8aSxdPhadyl/8
-l+0CkCkBZvEP7+NmctR8Zot60wS0DnOwuURCxm/zYJ26DXjB0XitDDumFJ56Wd6p
-uLl9eKMBE/jBsCSWQTuwrtnT
------END PRIVATE KEY-----
diff --git a/tests/service/certificate/private2.key b/tests/service/certificate/private2.key
deleted file mode 100644
index 58909dbf5990ff703c7d70395edb0899ce90fb3d..0000000000000000000000000000000000000000
--- a/tests/service/certificate/private2.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC4W56H0VraEKGl
-CxSTS2PqnaD11shMjruexmholmTEtYPePPnQHpwiiZlgK7CPBIOdCn4hHH+hXQDg
-/TJRMjrde1VzD0pFRBUq6H25sy8oOlfD0bDXkncWn82SOJu2UJHeL7htQLRxW14V
-IAO2YO9zaXdophy6/csTAkFq1ls/vTBp73pnnYp8D7TgzBB6bb95OZBSHeCzPIH2
-FSCJ/W0j6bHw4i7uHu/jWx0o0LR152fSFFwk0Wrmp8HHb2083OlnSBgTM+BZDg9r
-B7jpLCsIGHWXbjG36jmRaZu5z4vq2FNomJ8PXkX7mwUfaft6z+px7UlhrwUxEVWI
-XOoUBYcJAgMBAAECggEAPTBrlbiu5uHORPFAiwLizuQyoGYBZSearkA8Nzpzh7aX
-ZhPm9mSyfeQdvAXEPDPLWzw4UNUcp3ou6H4hTUHWt9xPqDjS9dp7DBrOX+xRIpD6
-wEvA3kwGqsOvf3C6ffCP+abtF5X6TgV9XJWbpdTWpP/EWj+IGahS1qRRAhzTfHvF
-YGMTFwlgbz4eOs+FXBnVNGsdsdMLpOyqHMdDAA4BhyspWHyHgCRjEjROuJCKSDUR
-MD1pNdaEYzoj5QeE1IKzXAzTaxG/YKd36BxV5Cp9DOBuZZLgNEd2EisXxV7UwZL4
-leGgxAc+KQs6QoPoz+mrKbdDnxe6V+uaa9KHoqnj4QKBgQD1qh+MEIF+Vuf/keFJ
-vDgS7oFeg1UGzMtWypiNfVYu9cBLp32tgY48+ey3OCvhRSJAVROH1rc5ZfkESSQ2
-rSeV/T3plr5bBkLc7chuDM8An745p8VSOM+Ak1zE2qb+Qo+IsxNRA9KyeUvupuB8
-HJ7fxdZ7JpgueD/mKyCn1WaGIwKBgQDAHTS6J7LKm52d2norERK6ZyBNVhKaKNDW
-ssRqSh906oFU63Qijsp4dbm1iRXGME6Zoe1quN/K80iATdv/VzjzxS1Of8mqA7gr
-/2juZbpEluSxjkqPAZp1p4Kx9WURdzv2ModkYwM3zSTGR5l22Whd9QdNQvVl1mf0
-+RfgE6ty4wKBgA+GtwO1L1n6yCLg52ovmSOpK0f76O3LF7beixG2MDI7mfGuHkVP
-ANxdt1ZFGJDeO7HxLpDRQzc/eKOKs904yF20aatPuawrEyK/bIF4EcUqU211awUt
-TgAEUEKoxxEex8+N8dSW90QMYn4s0ddGP8xIxqt13vxg4Tj81M2GsTodAoGAOa8L
-S/Hrj0ZWdzVIhXHk669XVaFIiJ1Ex5J5w2hqNZLMLpFcF5xEUxMWJdn5fb63ew3R
-2b+VAr01wcCfE/Y+lYNY7T8VcEUZoaxY92v4F+wu0tlkrbfPhxA6//As3qesi2n0
-mUHZj4G7TwXkoHj7C2stPBek02UjZbz9XDzLt/0CgYAiawpqmHJK4LhRm+P6J1+X
-nzLPzQ6t15ivh4jPrWZPgOG3hKV+If+PTv7lLy51y2X4Ttuyumy09J+kYiy3qIHR
-nmbAEkc9lesrxk1eytxmYY+fGTBpaLAc+vNXWCtUc1ttKcfrPhZdncmSh5Z0aFN3
-D+EddEZHzfzoGlfbNVkfmQ==
------END PRIVATE KEY-----
diff --git a/tests/service/certificate/test_service_certificate.yml b/tests/service/certificate/test_service_certificate.yml
index 3dc24c5b13f4af170300f8f53ec142460de95354..d92cf5976e56572728117fcf905587f6096a7c38 100644
--- a/tests/service/certificate/test_service_certificate.yml
+++ b/tests/service/certificate/test_service_certificate.yml
@@ -1,25 +1,3 @@
-#
-# Generate self-signed certificates using openssl:
-#
-# openssl req -x509 -newkey rsa:2048 -days 3650 -nodes -keyout private1.key -out cert1.pem -subj '/CN=test'
-# openssl req -x509 -newkey rsa:2048 -days 3650 -nodes -keyout private2.key -out cert2.pem -subj '/CN=test'
-#
-# Convert the certificate do DER for easier handling through CLI
-#
-# openssl x509 -outform der -in cert1.pem -out cert1.der
-# openssl x509 -outform der -in cert2.pem -out cert2.der
-#
-# Use base64:
-#
-# base64 cert1.der -w5000
-# base64 cert2.der -w5000
-#
-# Certificates:
-# cert1:
-# - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq
-# cert2:
-# - MIIC/zCCAeegAwIBAgIURhps6LEteMDCdBrlVkWe4cgSh0YwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQyNDBaFw0zMDAyMDExNDQyNDBaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4W56H0VraEKGlCxSTS2PqnaD11shMjruexmholmTEtYPePPnQHpwiiZlgK7CPBIOdCn4hHH+hXQDg/TJRMjrde1VzD0pFRBUq6H25sy8oOlfD0bDXkncWn82SOJu2UJHeL7htQLRxW14VIAO2YO9zaXdophy6/csTAkFq1ls/vTBp73pnnYp8D7TgzBB6bb95OZBSHeCzPIH2FSCJ/W0j6bHw4i7uHu/jWx0o0LR152fSFFwk0Wrmp8HHb2083OlnSBgTM+BZDg9rB7jpLCsIGHWXbjG36jmRaZu5z4vq2FNomJ8PXkX7mwUfaft6z+px7UlhrwUxEVWIXOoUBYcJAgMBAAGjUzBRMB0GA1UdDgQWBBTttCQn5UaQi+N5WRnA7ZTQlkVfRTAfBgNVHSMEGDAWgBTttCQn5UaQi+N5WRnA7ZTQlkVfRTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBW3vRR5wEDztuLVrcQDojn1XB24OOqn4C6OJyz3FUxd4MQA8J2vKN4P2QXhY0oYsauFKhR5xfOaDUcK2TukAtFz1mxqm1ygUVQHbrs8lBeIi4hoMc76ODJ/V9GNY7N/y/5xtD7XlyTVT2tb6tc6tmv8e4497PTPspuHp9YbbvzdSI12JENDW4hKCOpR/Uv7mRcCT+c2iMJdUL3f3YOFsGBbxVdTPmuhL4My8qR/CtCNpN0gBsaxUKFAP+/1AvFbFDChFVDEEdD8PLznH5x8HLmA9/K5x/cXbgqESUqK13P53f1XYOfggKb1f7yqBAZRnTY82+k9Kn9qWOcnyxSuUtZ
-
---
- name: Test service certificates
hosts: ipaserver
@@ -27,14 +5,24 @@
tasks:
# setup
+ - name: Generate self-signed certificates.
+ shell:
+ cmd: |
+ openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout "private{{ item }}.key" -out "cert{{ item }}.pem" -subj '/CN=test'
+ openssl x509 -outform der -in "cert{{ item }}.pem" -out "cert{{ item }}.der"
+ base64 "cert{{ item }}.der" -w5000 > "cert{{ item }}.b64"
+ with_items: [1, 2]
+ become: no
+ delegate_to: localhost
+
- name: Get Domain from server name
set_fact:
- ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
+ ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Get IPv4 address prefix from server node
set_fact:
- ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] |
+ ipv4_prefix: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] |
join('.') }}"
- name: Set test host FQDN
@@ -78,7 +66,7 @@
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ test_host }}"
certificate:
- - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq
+ - "{{ lookup('file', 'cert1.b64') }}"
pac_type:
- MS-PAC
- PAD
@@ -95,7 +83,7 @@
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ test_host }}"
certificate:
- - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq
+ - "{{ lookup('file', 'cert1.b64') }}"
pac_type:
- MS_PAC
- PAD
@@ -120,7 +108,7 @@
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ test_host }}"
certificate:
- - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq
+ - "{{ lookup('file', 'cert1.b64') }}"
action: member
state: present
register: result
@@ -131,7 +119,7 @@
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ test_host }}"
certificate:
- - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq
+ - "{{ lookup('file', 'cert1.b64') }}"
action: member
state: present
register: result
@@ -142,8 +130,8 @@
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ test_host }}"
certificate:
- - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq
- - MIIC/zCCAeegAwIBAgIURhps6LEteMDCdBrlVkWe4cgSh0YwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQyNDBaFw0zMDAyMDExNDQyNDBaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4W56H0VraEKGlCxSTS2PqnaD11shMjruexmholmTEtYPePPnQHpwiiZlgK7CPBIOdCn4hHH+hXQDg/TJRMjrde1VzD0pFRBUq6H25sy8oOlfD0bDXkncWn82SOJu2UJHeL7htQLRxW14VIAO2YO9zaXdophy6/csTAkFq1ls/vTBp73pnnYp8D7TgzBB6bb95OZBSHeCzPIH2FSCJ/W0j6bHw4i7uHu/jWx0o0LR152fSFFwk0Wrmp8HHb2083OlnSBgTM+BZDg9rB7jpLCsIGHWXbjG36jmRaZu5z4vq2FNomJ8PXkX7mwUfaft6z+px7UlhrwUxEVWIXOoUBYcJAgMBAAGjUzBRMB0GA1UdDgQWBBTttCQn5UaQi+N5WRnA7ZTQlkVfRTAfBgNVHSMEGDAWgBTttCQn5UaQi+N5WRnA7ZTQlkVfRTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBW3vRR5wEDztuLVrcQDojn1XB24OOqn4C6OJyz3FUxd4MQA8J2vKN4P2QXhY0oYsauFKhR5xfOaDUcK2TukAtFz1mxqm1ygUVQHbrs8lBeIi4hoMc76ODJ/V9GNY7N/y/5xtD7XlyTVT2tb6tc6tmv8e4497PTPspuHp9YbbvzdSI12JENDW4hKCOpR/Uv7mRcCT+c2iMJdUL3f3YOFsGBbxVdTPmuhL4My8qR/CtCNpN0gBsaxUKFAP+/1AvFbFDChFVDEEdD8PLznH5x8HLmA9/K5x/cXbgqESUqK13P53f1XYOfggKb1f7yqBAZRnTY82+k9Kn9qWOcnyxSuUtZ
+ - "{{ lookup('file', 'cert1.b64') }}"
+ - "{{ lookup('file', 'cert2.b64') }}"
action: member
state: present
register: result
@@ -154,7 +142,7 @@
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ test_host }}"
certificate:
- - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq
+ - "{{ lookup('file', 'cert1.b64') }}"
action: member
state: absent
register: result
@@ -165,7 +153,7 @@
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ test_host }}"
certificate:
- - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq
+ - "{{ lookup('file', 'cert1.b64') }}"
action: member
state: absent
register: result
@@ -176,8 +164,8 @@
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ test_host }}"
certificate:
- - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq
- - MIIC/zCCAeegAwIBAgIURhps6LEteMDCdBrlVkWe4cgSh0YwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQyNDBaFw0zMDAyMDExNDQyNDBaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4W56H0VraEKGlCxSTS2PqnaD11shMjruexmholmTEtYPePPnQHpwiiZlgK7CPBIOdCn4hHH+hXQDg/TJRMjrde1VzD0pFRBUq6H25sy8oOlfD0bDXkncWn82SOJu2UJHeL7htQLRxW14VIAO2YO9zaXdophy6/csTAkFq1ls/vTBp73pnnYp8D7TgzBB6bb95OZBSHeCzPIH2FSCJ/W0j6bHw4i7uHu/jWx0o0LR152fSFFwk0Wrmp8HHb2083OlnSBgTM+BZDg9rB7jpLCsIGHWXbjG36jmRaZu5z4vq2FNomJ8PXkX7mwUfaft6z+px7UlhrwUxEVWIXOoUBYcJAgMBAAGjUzBRMB0GA1UdDgQWBBTttCQn5UaQi+N5WRnA7ZTQlkVfRTAfBgNVHSMEGDAWgBTttCQn5UaQi+N5WRnA7ZTQlkVfRTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBW3vRR5wEDztuLVrcQDojn1XB24OOqn4C6OJyz3FUxd4MQA8J2vKN4P2QXhY0oYsauFKhR5xfOaDUcK2TukAtFz1mxqm1ygUVQHbrs8lBeIi4hoMc76ODJ/V9GNY7N/y/5xtD7XlyTVT2tb6tc6tmv8e4497PTPspuHp9YbbvzdSI12JENDW4hKCOpR/Uv7mRcCT+c2iMJdUL3f3YOFsGBbxVdTPmuhL4My8qR/CtCNpN0gBsaxUKFAP+/1AvFbFDChFVDEEdD8PLznH5x8HLmA9/K5x/cXbgqESUqK13P53f1XYOfggKb1f7yqBAZRnTY82+k9Kn9qWOcnyxSuUtZ
+ - "{{ lookup('file', 'cert1.b64') }}"
+ - "{{ lookup('file', 'cert2.b64') }}"
action: member
state: absent
register: result
@@ -188,7 +176,7 @@
ipaadmin_password: SomeADMINpassword
name: "HTTP/{{ test_host }}"
certificate:
- - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq
+ - "{{ lookup('file', 'cert1.b64') }}"
action: member
state: present
register: result
@@ -223,3 +211,12 @@
name: "{{ test_host }}"
update_dns: yes
state: absent
+
+ - name: Remove certificate files.
+ shell:
+ cmd: rm -f "private{{ item }}.key" "cert{{ item }}.pem" "cert{{ item }}.der" "cert{{ item }}.b64"
+ with_items: [1, 2]
+ become: no
+ delegate_to: localhost
+ args:
+ warn: no # suppres warning for not using the `file` module.
diff --git a/tests/service/env_vars.yml b/tests/service/env_vars.yml
index eb53c7a07f3b523a775a8d7ec2182bfdd70c597d..37c9e1cbe325905fb8de09be197c681ad9575540 100644
--- a/tests/service/env_vars.yml
+++ b/tests/service/env_vars.yml
@@ -1,7 +1,7 @@
---
- name: Get Domain from server name
set_fact:
- test_domain: "{{ ansible_fqdn.split('.')[1:] | join('.') }}"
+ test_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join('.') }}"
- name: Set host1, host2 and svc hosts fqdn
set_fact:
@@ -12,4 +12,4 @@
- name: Get IPv4 address prefix from server node
set_fact:
- ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] | join('.') }}"
+ ipv4_prefix: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] | join('.') }}"
diff --git a/tests/service/test_service_disable.yml b/tests/service/test_service_disable.yml
index e96b920273c69d1bb4bcba5119995728324a2b82..19bf7243a88a57a1862762f0249657f08540677d 100644
--- a/tests/service/test_service_disable.yml
+++ b/tests/service/test_service_disable.yml
@@ -16,68 +16,78 @@
- name: Get Kerberos ticket for `admin`.
shell: echo SomeADMINpassword | kinit -c ${KRB5CCNAME} admin
+ - name: Generate self-signed certificates.
+ shell:
+ cmd: |
+ openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout "private{{ item }}.key" -out "cert{{ item }}.pem" -subj '/CN=test'
+ openssl x509 -outform der -in "cert{{ item }}.pem" -out "cert{{ item }}.der"
+ base64 "cert{{ item }}.der" -w5000 > "cert{{ item }}.b64"
+ with_items: [1]
+ become: no
+ delegate_to: localhost
+
- name: Ensure service is absent
ipaservice:
ipaadmin_password: SomeADMINpassword
- name: "mysvc1/{{ ansible_fqdn }}"
+ name: "mysvc1/{{ ansible_facts['fqdn'] }}"
state: absent
- name: Ensure service is present
ipaservice:
ipaadmin_password: SomeADMINpassword
- name: "mysvc1/{{ ansible_fqdn }}"
+ name: "mysvc1/{{ ansible_facts['fqdn'] }}"
certificate:
- - MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEraELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmjfMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQINt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJEkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMBAAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJPrp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfwQ5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHoVOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+sKC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA5yqV7MVq
+ - "{{ lookup('file', 'cert1.b64', rstrip=False) }}"
force: no
register: result
failed_when: not result.changed
- name: Obtain keytab
- shell: ipa-getkeytab -s "{{ ansible_fqdn }}" -p "mysvc1/{{ ansible_fqdn }}" -k mysvc1.keytab
+ shell: ipa-getkeytab -s "{{ ansible_facts['fqdn'] }}" -p "mysvc1/{{ ansible_facts['fqdn'] }}" -k mysvc1.keytab
- name: Verify keytab
- shell: ipa service-find "mysvc1/{{ ansible_fqdn }}"
+ shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}"
register: result
failed_when: result.failed or result.stdout | regex_search(" Keytab. true")
- name: Ensure service is disabled
ipaservice:
ipaadmin_password: SomeADMINpassword
- name: "mysvc1/{{ ansible_fqdn }}"
+ name: "mysvc1/{{ ansible_facts['fqdn'] }}"
state: disabled
register: result
failed_when: not result.changed
- name: Verify keytab
- shell: ipa service-find "mysvc1/{{ ansible_fqdn }}"
+ shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}"
register: result
failed_when: result.failed or result.stdout | regex_search(" Keytab. true")
- name: Obtain keytab
- shell: ipa-getkeytab -s "{{ ansible_fqdn }}" -p "mysvc1/{{ ansible_fqdn }}" -k mysvc1.keytab
+ shell: ipa-getkeytab -s "{{ ansible_facts['fqdn'] }}" -p "mysvc1/{{ ansible_facts['fqdn'] }}" -k mysvc1.keytab
- name: Verify keytab
- shell: ipa service-find "mysvc1/{{ ansible_fqdn }}"
+ shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}"
register: result
failed_when: result.failed or result.stdout | regex_search(" Keytab. true")
- name: Ensure service is disabled
ipaservice:
ipaadmin_password: SomeADMINpassword
- name: "mysvc1/{{ ansible_fqdn }}"
+ name: "mysvc1/{{ ansible_facts['fqdn'] }}"
state: disabled
register: result
failed_when: not result.changed
- name: Verify keytab
- shell: ipa service-find "mysvc1/{{ ansible_fqdn }}"
+ shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}"
register: result
failed_when: result.failed or result.stdout | regex_search(" Keytab. true")
- name: Ensure service is disabled, with no keytab.
ipaservice:
ipaadmin_password: SomeADMINpassword
- name: "mysvc1/{{ ansible_fqdn }}"
+ name: "mysvc1/{{ ansible_facts['fqdn'] }}"
state: disabled
register: result
failed_when: result.changed
@@ -85,7 +95,16 @@
- name: Ensure service is absent
ipaservice:
ipaadmin_password: SomeADMINpassword
- name: "mysvc1/{{ ansible_fqdn }}"
+ name: "mysvc1/{{ ansible_facts['fqdn'] }}"
- name: Destroy Kerberos tickets.
shell: kdestroy -A -q -c ${KRB5CCNAME}
+
+ - name: Remove certificate files.
+ shell:
+ cmd: rm -f "private{{ item }}.key" "cert{{ item }}.pem" "cert{{ item }}.der" "cert{{ item }}.b64"
+ with_items: [1]
+ become: no
+ delegate_to: localhost
+ args:
+ warn: no # suppres warning for not using the `file` module.
diff --git a/tests/sudorule/test_sudorule.yml b/tests/sudorule/test_sudorule.yml
index 15ba7f460853f881309a6eedf3e530e9382ef782..579db11ba54c6547dbe1f14a12278245fc81fb28 100644
--- a/tests/sudorule/test_sudorule.yml
+++ b/tests/sudorule/test_sudorule.yml
@@ -43,7 +43,7 @@
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: cluster
- host: "{{ ansible_fqdn }}"
+ host: "{{ ansible_facts['fqdn'] }}"
- name: Ensure some sudocmds are available
ipasudocmd:
@@ -500,20 +500,20 @@
register: result
failed_when: result.changed
- - name: Ensure host "{{ ansible_fqdn }}" is present in sudorule.
+ - name: Ensure host "{{ ansible_facts['fqdn'] }}" is present in sudorule.
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: testrule1
- host: "{{ ansible_fqdn }}"
+ host: "{{ ansible_facts['fqdn'] }}"
action: member
register: result
failed_when: not result.changed
- - name: Ensure host "{{ ansible_fqdn }}" is present in sudorule, again.
+ - name: Ensure host "{{ ansible_facts['fqdn'] }}" is present in sudorule, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: testrule1
- host: "{{ ansible_fqdn }}"
+ host: "{{ ansible_facts['fqdn'] }}"
action: member
register: result
failed_when: result.changed
diff --git a/tests/sudorule/test_sudorule_categories.yml b/tests/sudorule/test_sudorule_categories.yml
index a7740c57fdc3138fec085037a3794e3c0577c0e2..43d735202de833ed03680b14a5ad01976f545025 100644
--- a/tests/sudorule/test_sudorule_categories.yml
+++ b/tests/sudorule/test_sudorule_categories.yml
@@ -7,7 +7,7 @@
tasks:
- name: Get Domain from the server name
set_fact:
- ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
+ ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}"
- name: Ensure sudorules are absent
ipasudorule:
diff --git a/tests/vault/env_cleanup.yml b/tests/vault/env_cleanup.yml
index 31cc17999342c170eed5a188235094b7051559c8..9b0d6f7e57fb5f1d691fecf1864db05815f6aff7 100644
--- a/tests/vault/env_cleanup.yml
+++ b/tests/vault/env_cleanup.yml
@@ -40,7 +40,7 @@
- name: Remove files from target host.
file:
- path: "{{ ansible_env.HOME }}/{{ item }}"
+ path: "{{ ansible_facts['env'].HOME }}/{{ item }}"
state: absent
with_items:
- A_private.pem
diff --git a/tests/vault/env_setup.yml b/tests/vault/env_setup.yml
index 47baa292c6e7ab125bfa39051c20b3bbfa9133e3..059caf5f7a95d6327a14be2777b7ca25f2ec12bb 100644
--- a/tests/vault/env_setup.yml
+++ b/tests/vault/env_setup.yml
@@ -19,7 +19,7 @@
- name: Copy files to target host.
copy:
src: "{{ playbook_dir }}/{{ item }}"
- dest: "{{ ansible_env.HOME }}/{{ item }}"
+ dest: "{{ ansible_facts['env'].HOME }}/{{ item }}"
with_items:
- A_private.pem
- A_public.pem
diff --git a/tests/vault/tasks_vault_members.yml b/tests/vault/tasks_vault_members.yml
index 99e2fd0c7641634590a0b99bceffe8ff02c5a0d7..e53acceec5d794fab7d61dd02dc222c7c47f4490 100644
--- a/tests/vault/tasks_vault_members.yml
+++ b/tests/vault/tasks_vault_members.yml
@@ -151,7 +151,7 @@
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
- services: "HTTP/{{ ansible_fqdn }}"
+ services: "HTTP/{{ ansible_facts['fqdn'] }}"
register: result
failed_when: not result.changed
@@ -160,7 +160,7 @@
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
- services: "HTTP/{{ ansible_fqdn }}"
+ services: "HTTP/{{ ansible_facts['fqdn'] }}"
register: result
failed_when: result.changed
@@ -169,7 +169,7 @@
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
- services: "HTTP/{{ ansible_fqdn }}"
+ services: "HTTP/{{ ansible_facts['fqdn'] }}"
state: absent
register: result
failed_when: not result.changed
@@ -179,7 +179,7 @@
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
- services: "HTTP/{{ ansible_fqdn }}"
+ services: "HTTP/{{ ansible_facts['fqdn'] }}"
state: absent
register: result
failed_when: result.changed
@@ -264,7 +264,7 @@
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
- ownerservices: "HTTP/{{ ansible_fqdn }}"
+ ownerservices: "HTTP/{{ ansible_facts['fqdn'] }}"
action: member
register: result
failed_when: not result.changed
@@ -273,7 +273,7 @@
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
- ownerservices: "HTTP/{{ ansible_fqdn }}"
+ ownerservices: "HTTP/{{ ansible_facts['fqdn'] }}"
action: member
register: result
failed_when: result.changed
@@ -282,7 +282,7 @@
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
- ownerservices: "HTTP/{{ ansible_fqdn }}"
+ ownerservices: "HTTP/{{ ansible_facts['fqdn'] }}"
state: absent
action: member
register: result
@@ -292,7 +292,7 @@
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
- ownerservices: "HTTP/{{ ansible_fqdn }}"
+ ownerservices: "HTTP/{{ ansible_facts['fqdn'] }}"
state: absent
action: member
register: result
diff --git a/tests/vault/test_vault_asymmetric.yml b/tests/vault/test_vault_asymmetric.yml
index d0a7cca70074930e949220673a1af09d2b0b1c22..60e5ab8b4b36a16031003521848b9901cbec54a5 100644
--- a/tests/vault/test_vault_asymmetric.yml
+++ b/tests/vault/test_vault_asymmetric.yml
@@ -68,7 +68,7 @@
ipaadmin_password: SomeADMINpassword
name: asymvault
vault_type: asymmetric
- public_key_file: "{{ ansible_env.HOME }}/A_public.pem"
+ public_key_file: "{{ ansible_facts['env'].HOME }}/A_public.pem"
private_key: "{{ lookup('file', 'B_private.b64') }}"
register: result
failed_when: result.failed or not result.changed
@@ -77,7 +77,7 @@
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
- private_key_file: "{{ ansible_env.HOME }}/A_private.pem"
+ private_key_file: "{{ ansible_facts['env'].HOME }}/A_private.pem"
state: retrieved
register: result
failed_when: result.failed or result.changed or result.vault.data != 'SomeValue'
@@ -87,8 +87,8 @@
ipaadmin_password: SomeADMINpassword
name: asymvault
vault_type: asymmetric
- public_key_file: "{{ ansible_env.HOME }}/B_public.pem"
- private_key_file: "{{ ansible_env.HOME }}/A_private.pem"
+ public_key_file: "{{ ansible_facts['env'].HOME }}/B_public.pem"
+ private_key_file: "{{ ansible_facts['env'].HOME }}/A_private.pem"
register: result
failed_when: result.failed or not result.changed
@@ -115,8 +115,8 @@
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
- public_key_file: "{{ ansible_env.HOME }}/B_public.pem"
- private_key_file: "{{ ansible_env.HOME }}/A_private.pem"
+ public_key_file: "{{ ansible_facts['env'].HOME }}/B_public.pem"
+ private_key_file: "{{ ansible_facts['env'].HOME }}/A_private.pem"
register: result
failed_when: result.failed or not result.changed
@@ -154,11 +154,11 @@
register: result
failed_when: result.vault.data != 'Hello World.' or result.changed
- - name: Retrieve data from asymmetric vault into file {{ ansible_env.HOME }}/data.txt.
+ - name: Retrieve data from asymmetric vault into file {{ ansible_facts['env'].HOME }}/data.txt.
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
- out: "{{ ansible_env.HOME }}/data.txt"
+ out: "{{ ansible_facts['env'].HOME }}/data.txt"
private_key: "{{ lookup('file', 'B_private.b64') }}"
state: retrieved
register: result
@@ -166,7 +166,7 @@
- name: Verify retrieved data.
slurp:
- src: "{{ ansible_env.HOME }}/data.txt"
+ src: "{{ ansible_facts['env'].HOME }}/data.txt"
register: slurpfile
failed_when: slurpfile['content'] | b64decode != 'Hello World.'
@@ -192,7 +192,7 @@
ipaadmin_password: SomeADMINpassword
name: asymvault
vault_type: asymmetric
- in: "{{ ansible_env.HOME }}/in.txt"
+ in: "{{ ansible_facts['env'].HOME }}/in.txt"
register: result
failed_when: not result.changed
@@ -242,7 +242,7 @@
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
- public_key_file: "{{ ansible_env.HOME }}/B_public.pem"
+ public_key_file: "{{ ansible_facts['env'].HOME }}/B_public.pem"
vault_type: asymmetric
register: result
failed_when: not result.changed
@@ -251,7 +251,7 @@
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
- public_key_file: "{{ ansible_env.HOME }}/B_public.pem"
+ public_key_file: "{{ ansible_facts['env'].HOME }}/B_public.pem"
vault_type: asymmetric
register: result
failed_when: result.changed
@@ -277,7 +277,7 @@
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
- private_key_file: "{{ ansible_env.HOME }}/B_private.pem"
+ private_key_file: "{{ ansible_facts['env'].HOME }}/B_private.pem"
state: retrieved
register: result
failed_when: result.vault.data != 'Hello World.' or result.changed
diff --git a/tests/vault/test_vault_standard.yml b/tests/vault/test_vault_standard.yml
index ad5b097b974a1c2e8d0f01d8df70d9fbcec986ea..2cda5e1a7a09c79ad1aef2cbfc8a77ca9cd436fd 100644
--- a/tests/vault/test_vault_standard.yml
+++ b/tests/vault/test_vault_standard.yml
@@ -57,18 +57,18 @@
register: result
failed_when: result.vault.data != 'Hello World.' or result.changed
- - name: Retrieve data from standard vault into file {{ ansible_env.HOME }}/data.txt.
+ - name: Retrieve data from standard vault into file {{ ansible_facts['env'].HOME }}/data.txt.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
- out: "{{ ansible_env.HOME }}/data.txt"
+ out: "{{ ansible_facts['env'].HOME }}/data.txt"
state: retrieved
register: result
failed_when: result.changed or result.failed or (result.vault.data | default(false))
- name: Verify retrieved data.
slurp:
- src: "{{ ansible_env.HOME }}/data.txt"
+ src: "{{ ansible_facts['env'].HOME }}/data.txt"
register: slurpfile
failed_when: slurpfile['content'] | b64decode != 'Hello World.'
@@ -93,7 +93,7 @@
ipaadmin_password: SomeADMINpassword
name: stdvault
vault_type: standard
- in: "{{ ansible_env.HOME }}/in.txt"
+ in: "{{ ansible_facts['env'].HOME }}/in.txt"
register: result
failed_when: not result.changed
diff --git a/tests/vault/test_vault_symmetric.yml b/tests/vault/test_vault_symmetric.yml
index 8794ef7298f67882e014150012943e53af73c30b..fd85d06ede6e6233f272f89902cdfc5b40e67f75 100644
--- a/tests/vault/test_vault_symmetric.yml
+++ b/tests/vault/test_vault_symmetric.yml
@@ -63,19 +63,19 @@
register: result
failed_when: result.changed or result.failed or result.vault.data != 'Hello World.'
- - name: Retrieve data from symmetric vault into file {{ ansible_env.HOME }}/data.txt.
+ - name: Retrieve data from symmetric vault into file {{ ansible_facts['env'].HOME }}/data.txt.
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
password: SomeVAULTpassword
- out: "{{ ansible_env.HOME }}/data.txt"
+ out: "{{ ansible_facts['env'].HOME }}/data.txt"
state: retrieved
register: result
failed_when: result.changed or result.failed or (result.vault.data | default(false))
- name: Verify retrieved data.
slurp:
- src: "{{ ansible_env.HOME }}/data.txt"
+ src: "{{ ansible_facts['env'].HOME }}/data.txt"
register: slurpfile
failed_when: slurpfile['content'] | b64decode != 'Hello World.'
@@ -101,7 +101,7 @@
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
- in: "{{ ansible_env.HOME }}/in.txt"
+ in: "{{ ansible_facts['env'].HOME }}/in.txt"
password: SomeVAULTpassword
register: result
failed_when: result.failed or not result.changed
@@ -154,7 +154,7 @@
ipaadmin_password: SomeADMINpassword
name: symvault
username: user01
- password_file: "{{ ansible_env.HOME }}/password.txt"
+ password_file: "{{ ansible_facts['env'].HOME }}/password.txt"
vault_type: symmetric
register: result
failed_when: result.failed or not result.changed
@@ -164,7 +164,7 @@
ipaadmin_password: SomeADMINpassword
name: symvault
username: user01
- password_file: "{{ ansible_env.HOME }}/password.txt"
+ password_file: "{{ ansible_facts['env'].HOME }}/password.txt"
vault_type: symmetric
register: result
failed_when: result.failed or result.changed
@@ -191,7 +191,7 @@
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
- password_file: "{{ ansible_env.HOME }}/password.txt"
+ password_file: "{{ ansible_facts['env'].HOME }}/password.txt"
state: retrieved
register: result
failed_when: result.failed or result.changed or result.vault.data != 'Hello World.'
@@ -328,7 +328,7 @@
ipaadmin_password: SomeADMINpassword
name: symvault
password: APasswordToChange
- new_password_file: "{{ ansible_env.HOME }}/password.txt"
+ new_password_file: "{{ ansible_facts['env'].HOME }}/password.txt"
vault_type: symmetric
register: result
failed_when: not result.changed or result.failed