diff --git a/plugins/modules/ipahbacrule.py b/plugins/modules/ipahbacrule.py
index 4744acf75a934f2aa26423ec4fdf8a04f5795074..c6a67cff3d02cbe03629b615d2c382869a4bed76 100644
--- a/plugins/modules/ipahbacrule.py
+++ b/plugins/modules/ipahbacrule.py
@@ -238,12 +238,12 @@ def main():
hostcategory = ansible_module.params_get("hostcategory")
servicecategory = ansible_module.params_get("servicecategory")
nomembers = ansible_module.params_get("nomembers")
- host = ansible_module.params_get("host")
- hostgroup = ansible_module.params_get("hostgroup")
- hbacsvc = ansible_module.params_get("hbacsvc")
- hbacsvcgroup = ansible_module.params_get("hbacsvcgroup")
- user = ansible_module.params_get("user")
- group = ansible_module.params_get("group")
+ host = ansible_module.params_get_lowercase("host")
+ hostgroup = ansible_module.params_get_lowercase("hostgroup")
+ hbacsvc = ansible_module.params_get_lowercase("hbacsvc")
+ hbacsvcgroup = ansible_module.params_get_lowercase("hbacsvcgroup")
+ user = ansible_module.params_get_lowercase("user")
+ group = ansible_module.params_get_lowercase("group")
action = ansible_module.params_get("action")
# state
state = ansible_module.params_get("state")
@@ -307,7 +307,7 @@ def main():
# Ensure fqdn host names, use default domain for simple names
if host is not None:
- _host = [ensure_fqdn(x, default_domain) for x in host]
+ _host = [ensure_fqdn(x, default_domain).lower() for x in host]
host = _host
commands = []
@@ -316,6 +316,13 @@ def main():
# Make sure hbacrule exists
res_find = find_hbacrule(ansible_module, name)
+ host_add, host_del = [], []
+ hostgroup_add, hostgroup_del = [], []
+ hbacsvc_add, hbacsvc_del = [], []
+ hbacsvcgroup_add, hbacsvcgroup_del = [], []
+ user_add, user_del = [], []
+ group_add, group_del = [], []
+
# Create command
if state == "present":
# Generate args
@@ -353,69 +360,30 @@ def main():
res_find = {}
# Generate addition and removal lists
- host_add, host_del = gen_add_del_lists(
- host, res_find.get("memberhost_host"))
-
- hostgroup_add, hostgroup_del = gen_add_del_lists(
- hostgroup, res_find.get("memberhost_hostgroup"))
-
- hbacsvc_add, hbacsvc_del = gen_add_del_lists(
- hbacsvc, res_find.get("memberservice_hbacsvc"))
-
- hbacsvcgroup_add, hbacsvcgroup_del = gen_add_del_lists(
- hbacsvcgroup,
- res_find.get("memberservice_hbacsvcgroup"))
-
- user_add, user_del = gen_add_del_lists(
- user, res_find.get("memberuser_user"))
-
- group_add, group_del = gen_add_del_lists(
- group, res_find.get("memberuser_group"))
-
- # Add hosts and hostgroups
- if len(host_add) > 0 or len(hostgroup_add) > 0:
- commands.append([name, "hbacrule_add_host",
- {
- "host": host_add,
- "hostgroup": hostgroup_add,
- }])
- # Remove hosts and hostgroups
- if len(host_del) > 0 or len(hostgroup_del) > 0:
- commands.append([name, "hbacrule_remove_host",
- {
- "host": host_del,
- "hostgroup": hostgroup_del,
- }])
-
- # Add hbacsvcs and hbacsvcgroups
- if len(hbacsvc_add) > 0 or len(hbacsvcgroup_add) > 0:
- commands.append([name, "hbacrule_add_service",
- {
- "hbacsvc": hbacsvc_add,
- "hbacsvcgroup": hbacsvcgroup_add,
- }])
- # Remove hbacsvcs and hbacsvcgroups
- if len(hbacsvc_del) > 0 or len(hbacsvcgroup_del) > 0:
- commands.append([name, "hbacrule_remove_service",
- {
- "hbacsvc": hbacsvc_del,
- "hbacsvcgroup": hbacsvcgroup_del,
- }])
-
- # Add users and groups
- if len(user_add) > 0 or len(group_add) > 0:
- commands.append([name, "hbacrule_add_user",
- {
- "user": user_add,
- "group": group_add,
- }])
- # Remove users and groups
- if len(user_del) > 0 or len(group_del) > 0:
- commands.append([name, "hbacrule_remove_user",
- {
- "user": user_del,
- "group": group_del,
- }])
+ if host:
+ host_add, host_del = gen_add_del_lists(
+ host, res_find.get("memberhost_host"))
+
+ if hostgroup:
+ hostgroup_add, hostgroup_del = gen_add_del_lists(
+ hostgroup, res_find.get("memberhost_hostgroup"))
+
+ if hbacsvc:
+ hbacsvc_add, hbacsvc_del = gen_add_del_lists(
+ hbacsvc, res_find.get("memberservice_hbacsvc"))
+
+ if hbacsvcgroup:
+ hbacsvcgroup_add, hbacsvcgroup_del = gen_add_del_lists(
+ hbacsvcgroup,
+ res_find.get("memberservice_hbacsvcgroup"))
+
+ if user:
+ user_add, user_del = gen_add_del_lists(
+ user, res_find.get("memberuser_user"))
+
+ if group:
+ group_add, group_del = gen_add_del_lists(
+ group, res_find.get("memberuser_group"))
elif action == "member":
if res_find is None:
@@ -424,63 +392,33 @@ def main():
# Generate add lists for host, hostgroup and
# res_find to only try to add hosts and hostgroups
# that not in hbacrule already
- if host is not None and \
- "memberhost_host" in res_find:
- host = gen_add_list(
- host, res_find["memberhost_host"])
- if hostgroup is not None and \
- "memberhost_hostgroup" in res_find:
- hostgroup = gen_add_list(
- hostgroup, res_find["memberhost_hostgroup"])
-
- # Add hosts and hostgroups
- if host is not None or hostgroup is not None:
- commands.append([name, "hbacrule_add_host",
- {
- "host": host,
- "hostgroup": hostgroup,
- }])
+ if host:
+ host_add = gen_add_list(
+ host, res_find.get("memberhost_host"))
+ if hostgroup is not None:
+ hostgroup_add = gen_add_list(
+ hostgroup, res_find.get("memberhost_hostgroup"))
# Generate add lists for hbacsvc, hbacsvcgroup and
# res_find to only try to add hbacsvcs and hbacsvcgroups
# that not in hbacrule already
- if hbacsvc is not None and \
- "memberservice_hbacsvc" in res_find:
- hbacsvc = gen_add_list(
- hbacsvc, res_find["memberservice_hbacsvc"])
- if hbacsvcgroup is not None and \
- "memberservice_hbacsvcgroup" in res_find:
- hbacsvcgroup = gen_add_list(
+ if hbacsvc:
+ hbacsvc_add = gen_add_list(
+ hbacsvc, res_find.get("memberservice_hbacsvc"))
+ if hbacsvcgroup:
+ hbacsvcgroup_add = gen_add_list(
hbacsvcgroup,
- res_find["memberservice_hbacsvcgroup"])
-
- # Add hbacsvcs and hbacsvcgroups
- if hbacsvc is not None or hbacsvcgroup is not None:
- commands.append([name, "hbacrule_add_service",
- {
- "hbacsvc": hbacsvc,
- "hbacsvcgroup": hbacsvcgroup,
- }])
+ res_find.get("memberservice_hbacsvcgroup"))
# Generate add lists for user, group and
# res_find to only try to add users and groups
# that not in hbacrule already
- if user is not None and \
- "memberuser_user" in res_find:
- user = gen_add_list(
- user, res_find["memberuser_user"])
- if group is not None and \
- "memberuser_group" in res_find:
- group = gen_add_list(
- group, res_find["memberuser_group"])
-
- # Add users and groups
- if user is not None or group is not None:
- commands.append([name, "hbacrule_add_user",
- {
- "user": user,
- "group": group,
- }])
+ if user:
+ user_add = gen_add_list(
+ user, res_find.get("memberuser_user"))
+ if group:
+ group_add = gen_add_list(
+ group, res_find.get("memberuser_group"))
elif state == "absent":
if action == "hbacrule":
@@ -494,75 +432,39 @@ def main():
# Generate intersection lists for host, hostgroup and
# res_find to only try to remove hosts and hostgroups
# that are in hbacrule
- if host is not None:
+ if host:
if "memberhost_host" in res_find:
- host = gen_intersection_list(
+ host_del = gen_intersection_list(
host, res_find["memberhost_host"])
- else:
- host = None
- if hostgroup is not None:
+ if hostgroup:
if "memberhost_hostgroup" in res_find:
- hostgroup = gen_intersection_list(
+ hostgroup_del = gen_intersection_list(
hostgroup, res_find["memberhost_hostgroup"])
- else:
- hostgroup = None
-
- # Remove hosts and hostgroups
- if host is not None or hostgroup is not None:
- commands.append([name, "hbacrule_remove_host",
- {
- "host": host,
- "hostgroup": hostgroup,
- }])
# Generate intersection lists for hbacsvc, hbacsvcgroup
# and res_find to only try to remove hbacsvcs and
# hbacsvcgroups that are in hbacrule
- if hbacsvc is not None:
+ if hbacsvc:
if "memberservice_hbacsvc" in res_find:
- hbacsvc = gen_intersection_list(
+ hbacsvc_del = gen_intersection_list(
hbacsvc, res_find["memberservice_hbacsvc"])
- else:
- hbacsvc = None
- if hbacsvcgroup is not None:
+ if hbacsvcgroup:
if "memberservice_hbacsvcgroup" in res_find:
- hbacsvcgroup = gen_intersection_list(
+ hbacsvcgroup_del = gen_intersection_list(
hbacsvcgroup,
res_find["memberservice_hbacsvcgroup"])
- else:
- hbacsvcgroup = None
-
- # Remove hbacsvcs and hbacsvcgroups
- if hbacsvc is not None or hbacsvcgroup is not None:
- commands.append([name, "hbacrule_remove_service",
- {
- "hbacsvc": hbacsvc,
- "hbacsvcgroup": hbacsvcgroup,
- }])
# Generate intersection lists for user, group and
# res_find to only try to remove users and groups
# that are in hbacrule
- if user is not None:
+ if user:
if "memberuser_user" in res_find:
- user = gen_intersection_list(
+ user_del = gen_intersection_list(
user, res_find["memberuser_user"])
- else:
- user = None
- if group is not None:
+ if group:
if "memberuser_group" in res_find:
- group = gen_intersection_list(
+ group_del = gen_intersection_list(
group, res_find["memberuser_group"])
- else:
- group = None
-
- # Remove users and groups
- if user is not None or group is not None:
- commands.append([name, "hbacrule_remove_user",
- {
- "user": user,
- "group": group,
- }])
elif state == "enabled":
if res_find is None:
@@ -587,6 +489,53 @@ def main():
else:
ansible_module.fail_json(msg="Unkown state '%s'" % state)
+ # Manage HBAC rule members.
+
+ # Add hosts and hostgroups
+ if len(host_add) > 0 or len(hostgroup_add) > 0:
+ commands.append([name, "hbacrule_add_host",
+ {
+ "host": host_add,
+ "hostgroup": hostgroup_add,
+ }])
+ # Remove hosts and hostgroups
+ if len(host_del) > 0 or len(hostgroup_del) > 0:
+ commands.append([name, "hbacrule_remove_host",
+ {
+ "host": host_del,
+ "hostgroup": hostgroup_del,
+ }])
+
+ # Add hbacsvcs and hbacsvcgroups
+ if len(hbacsvc_add) > 0 or len(hbacsvcgroup_add) > 0:
+ commands.append([name, "hbacrule_add_service",
+ {
+ "hbacsvc": hbacsvc_add,
+ "hbacsvcgroup": hbacsvcgroup_add,
+ }])
+ # Remove hbacsvcs and hbacsvcgroups
+ if len(hbacsvc_del) > 0 or len(hbacsvcgroup_del) > 0:
+ commands.append([name, "hbacrule_remove_service",
+ {
+ "hbacsvc": hbacsvc_del,
+ "hbacsvcgroup": hbacsvcgroup_del,
+ }])
+
+ # Add users and groups
+ if len(user_add) > 0 or len(group_add) > 0:
+ commands.append([name, "hbacrule_add_user",
+ {
+ "user": user_add,
+ "group": group_add,
+ }])
+ # Remove users and groups
+ if len(user_del) > 0 or len(group_del) > 0:
+ commands.append([name, "hbacrule_remove_user",
+ {
+ "user": user_del,
+ "group": group_del,
+ }])
+
# Execute commands
changed = ansible_module.execute_ipa_commands(
diff --git a/tests/env_freeipa_facts.yml b/tests/env_freeipa_facts.yml
index a150ecd64557f69ffd399df852a6898c3ac8b6e4..0ab8541e12df03b1420039036d5882c26ee59bec 100644
--- a/tests/env_freeipa_facts.yml
+++ b/tests/env_freeipa_facts.yml
@@ -29,3 +29,15 @@
ipa_api_version: "{{ ipa_cmd_version.stdout_lines[1] }}"
ipa_host_is_client: "{{ (output.stdout_lines[-1] == 'CLIENT') | bool }}"
trust_test_is_supported: no
+
+- block:
+ - name: Get Domain from server name
+ set_fact:
+ ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join ('.') }}"
+ when: "'fqdn' in ansible_facts"
+
+ - name: Set Domain to 'ipa.test' if FQDN could not be retrieved.
+ set_fact:
+ ipaserver_domain: "ipa.test"
+ when: "'fqdn' not in ansible_facts"
+ when: ipaserver_domain is not defined
diff --git a/tests/hbacrule/test_hbacrule_member_case_insensitive.yml b/tests/hbacrule/test_hbacrule_member_case_insensitive.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5f4e010aea1f8677505a25a45dfc8ed97bc45fa5
--- /dev/null
+++ b/tests/hbacrule/test_hbacrule_member_case_insensitive.yml
@@ -0,0 +1,503 @@
+---
+- name: Test group
+ hosts: "{{ ipa_test_host | default('ipaserver') }}"
+ become: no
+ gather_facts: yes
+
+ vars:
+ user_list:
+ - User1
+ - uSer2
+ - usEr3
+ group_list:
+ - Group1
+ - gRoup2
+ - grOup3
+ host_list:
+ - HoSt01
+ - hOsT02
+ hostgroup_list:
+ - TestHostGroup
+ hbacsvc_list:
+ - Svc1
+ - sVC2
+ hbacsvcgroup_list:
+ - sVCgrOUp1
+
+ tasks:
+ - include_tasks: ../env_freeipa_facts.yml
+
+ - block:
+ # setup
+
+ - name: Ensure test hbacrule is absent
+ ipahbacrule:
+ ipaadmin_password: SomeADMINpassword
+ name: testrule
+ state: absent
+
+ - name: Ensure test users are present
+ ipauser:
+ ipaadmin_password: SomeADMINpassword
+ users:
+ - name: "{{ item }}"
+ first: First
+ last: Last
+ with_items: "{{ user_list }}"
+
+ - name: Ensure test groups are present
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: "{{ item }}"
+ with_items: "{{ group_list }}"
+
+ - name: Ensure test hosts are present
+ ipahost:
+ ipaadmin_password: SomeADMINpassword
+ name: "{{ item }}.{{ ipaserver_domain }}"
+ force: yes
+ with_items: "{{ host_list }}"
+
+ - name: Ensure test hostgroups are present
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: "{{ item }}"
+ with_items: "{{ hostgroup_list }}"
+
+ - name: Ensure test hbac services are present
+ ipahbacsvc:
+ ipaadmin_password: SomeADMINpassword
+ name: "{{ item }}"
+ with_items: "{{ hbacsvc_list }}"
+
+ - name: Ensure test hbac service groups are present
+ ipahbacsvcgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: "{{ item }}"
+ with_items: "{{ hbacsvcgroup_list }}"
+
+ # Test with action: hbacrule
+
+ - name: Check if hbacrule present with members would trigger changes, mixed case
+ ipahbacrule:
+ ipaadmin_password: SomeADMINpassword
+ name: testrule
+ user:
+ - "{{ user_list[1] }}"
+ - "{{ user_list[2] }}"
+ group:
+ - "{{ group_list[1] }}"
+ - "{{ group_list[2] }}"
+ host:
+ - "{{ host_list[0] }}"
+ - "{{ host_list[1] }}"
+ hostgroup:
+ - "{{ hostgroup_list[0] }}"
+ hbacsvc:
+ - "{{ hbacsvc_list[0] }}"
+ - "{{ hbacsvc_list[1] }}"
+ hbacsvcgroup:
+ - "{{ hbacsvcgroup_list[0] }}"
+ check_mode: yes
+ register: result
+ failed_when: not result.changed or result.failed
+
+ - name: Ensure hbacrule is present with members, mixed case
+ ipahbacrule:
+ ipaadmin_password: SomeADMINpassword
+ name: testrule
+ user:
+ - "{{ user_list[1] }}"
+ - "{{ user_list[2] }}"
+ group:
+ - "{{ group_list[1] }}"
+ - "{{ group_list[2] }}"
+ host:
+ - "{{ host_list[0] }}"
+ - "{{ host_list[1] }}"
+ hostgroup:
+ - "{{ hostgroup_list[0] }}"
+ hbacsvc:
+ - "{{ hbacsvc_list[0] }}"
+ - "{{ hbacsvc_list[1] }}"
+ hbacsvcgroup:
+ - "{{ hbacsvcgroup_list[0] }}"
+ register: result
+ failed_when: not result.changed or result.failed
+
+ - name: Check if hbacrule present with members would not trigger changes, mixed case
+ ipahbacrule:
+ ipaadmin_password: SomeADMINpassword
+ name: testrule
+ user:
+ - "{{ user_list[1] }}"
+ - "{{ user_list[2] }}"
+ group:
+ - "{{ group_list[1] }}"
+ - "{{ group_list[2] }}"
+ host:
+ - "{{ host_list[0] }}"
+ - "{{ host_list[1] }}"
+ hostgroup:
+ - "{{ hostgroup_list[0] }}"
+ hbacsvc:
+ - "{{ hbacsvc_list[0] }}"
+ - "{{ hbacsvc_list[1] }}"
+ hbacsvcgroup:
+ - "{{ hbacsvcgroup_list[0] }}"
+ check_mode: yes
+ register: result
+ failed_when: result.changed or result.failed
+
+ - name: Ensure hbacrule is present with members, lowercase
+ ipahbacrule:
+ ipaadmin_password: SomeADMINpassword
+ name: testrule
+ user:
+ - "{{ user_list[1] | lower }}"
+ - "{{ user_list[2] | lower }}"
+ group:
+ - "{{ group_list[1] | lower }}"
+ - "{{ group_list[2] | lower }}"
+ host:
+ - "{{ host_list[0] | lower }}"
+ - "{{ host_list[1] | lower }}"
+ hostgroup:
+ - "{{ hostgroup_list[0] | lower }}"
+ hbacsvc:
+ - "{{ hbacsvc_list[0] | lower }}"
+ - "{{ hbacsvc_list[1] | lower }}"
+ hbacsvcgroup:
+ - "{{ hbacsvcgroup_list[0] | lower }}"
+ register: result
+ failed_when: result.changed or result.failed
+
+ - name: Ensure hbacrule is present with members, upercase
+ ipahbacrule:
+ ipaadmin_password: SomeADMINpassword
+ name: testrule
+ user:
+ - "{{ user_list[1] | upper }}"
+ - "{{ user_list[2] | upper }}"
+ group:
+ - "{{ group_list[1] | upper }}"
+ - "{{ group_list[2] | upper }}"
+ host:
+ - "{{ host_list[0] | upper }}"
+ - "{{ host_list[1] | upper }}"
+ hostgroup:
+ - "{{ hostgroup_list[0] | upper }}"
+ hbacsvc:
+ - "{{ hbacsvc_list[0] | upper }}"
+ - "{{ hbacsvc_list[1] | upper }}"
+ hbacsvcgroup:
+ - "{{ hbacsvcgroup_list[0] | upper }}"
+ register: result
+ failed_when: result.changed or result.failed
+
+ - name: Ensure test hbacrule is absent
+ ipahbacrule:
+ ipaadmin_password: SomeADMINpassword
+ name: testrule
+ state: absent
+
+ # Test with action: members
+
+ - name: Ensure test hbacrule is present
+ ipahbacrule:
+ ipaadmin_password: SomeADMINpassword
+ name: testrule
+
+ - name: Check if hbacrule members present would trigger changes, mixed case
+ ipahbacrule:
+ ipaadmin_password: SomeADMINpassword
+ name: testrule
+ user:
+ - "{{ user_list[1] }}"
+ - "{{ user_list[2] }}"
+ group:
+ - "{{ group_list[1] }}"
+ - "{{ group_list[2] }}"
+ host:
+ - "{{ host_list[0] }}"
+ - "{{ host_list[1] }}"
+ hostgroup:
+ - "{{ hostgroup_list[0] }}"
+ hbacsvc:
+ - "{{ hbacsvc_list[0] }}"
+ - "{{ hbacsvc_list[1] }}"
+ hbacsvcgroup:
+ - "{{ hbacsvcgroup_list[0] }}"
+ check_mode: yes
+ register: result
+ failed_when: not result.changed or result.failed
+
+ - name: Ensure hbacrule members present, mixed case
+ ipahbacrule:
+ ipaadmin_password: SomeADMINpassword
+ name: testrule
+ user:
+ - "{{ user_list[1] }}"
+ - "{{ user_list[2] }}"
+ group:
+ - "{{ group_list[1] }}"
+ - "{{ group_list[2] }}"
+ host:
+ - "{{ host_list[0] }}"
+ - "{{ host_list[1] }}"
+ hostgroup:
+ - "{{ hostgroup_list[0] }}"
+ hbacsvc:
+ - "{{ hbacsvc_list[0] }}"
+ - "{{ hbacsvc_list[1] }}"
+ hbacsvcgroup:
+ - "{{ hbacsvcgroup_list[0] }}"
+ action: member
+ register: result
+ failed_when: not result.changed or result.failed
+
+ - name: Check if hbacrule members present would not trigger changes, mixed case
+ ipahbacrule:
+ ipaadmin_password: SomeADMINpassword
+ name: testrule
+ user:
+ - "{{ user_list[1] }}"
+ - "{{ user_list[2] }}"
+ group:
+ - "{{ group_list[1] }}"
+ - "{{ group_list[2] }}"
+ host:
+ - "{{ host_list[0] }}"
+ - "{{ host_list[1] }}"
+ hostgroup:
+ - "{{ hostgroup_list[0] }}"
+ hbacsvc:
+ - "{{ hbacsvc_list[0] }}"
+ - "{{ hbacsvc_list[1] }}"
+ hbacsvcgroup:
+ - "{{ hbacsvcgroup_list[0] }}"
+ check_mode: yes
+ register: result
+ failed_when: result.changed or result.failed
+
+ - name: Ensure hbacrule members present, lowercase
+ ipahbacrule:
+ ipaadmin_password: SomeADMINpassword
+ name: testrule
+ user:
+ - "{{ user_list[1] | lower }}"
+ - "{{ user_list[2] | lower }}"
+ group:
+ - "{{ group_list[1] | lower }}"
+ - "{{ group_list[2] | lower }}"
+ host:
+ - "{{ host_list[0] | lower }}"
+ - "{{ host_list[1] | lower }}"
+ hostgroup:
+ - "{{ hostgroup_list[0] | lower }}"
+ hbacsvc:
+ - "{{ hbacsvc_list[0] | lower }}"
+ - "{{ hbacsvc_list[1] | lower }}"
+ hbacsvcgroup:
+ - "{{ hbacsvcgroup_list[0] | lower }}"
+ action: member
+ register: result
+ failed_when: result.changed or result.failed
+
+ - name: Ensure hbacrule members present, upercase
+ ipahbacrule:
+ ipaadmin_password: SomeADMINpassword
+ name: testrule
+ user:
+ - "{{ user_list[1] | upper }}"
+ - "{{ user_list[2] | upper }}"
+ group:
+ - "{{ group_list[1] | upper }}"
+ - "{{ group_list[2] | upper }}"
+ host:
+ - "{{ host_list[0] | upper }}"
+ - "{{ host_list[1] | upper }}"
+ hostgroup:
+ - "{{ hostgroup_list[0] | upper }}"
+ hbacsvc:
+ - "{{ hbacsvc_list[0] | upper }}"
+ - "{{ hbacsvc_list[1] | upper }}"
+ hbacsvcgroup:
+ - "{{ hbacsvcgroup_list[0] | upper }}"
+ action: member
+ register: result
+ failed_when: result.changed or result.failed
+
+ # Test absent members
+
+ - name: Check if hbacrule members absent would trigger change, upercase
+ ipahbacrule:
+ ipaadmin_password: SomeADMINpassword
+ name: testrule
+ user:
+ - "{{ user_list[1] | upper }}"
+ - "{{ user_list[2] | upper }}"
+ group:
+ - "{{ group_list[1] | upper }}"
+ - "{{ group_list[2] | upper }}"
+ host:
+ - "{{ host_list[0] | upper }}"
+ - "{{ host_list[1] | upper }}"
+ hostgroup:
+ - "{{ hostgroup_list[0] | upper }}"
+ hbacsvc:
+ - "{{ hbacsvc_list[0] | upper }}"
+ - "{{ hbacsvc_list[1] | upper }}"
+ hbacsvcgroup:
+ - "{{ hbacsvcgroup_list[0] | upper }}"
+ action: member
+ state: absent
+ check_mode: yes
+ register: result
+ failed_when: not result.changed or result.failed
+
+ - name: Ensure hbacrule members are absent, upercase
+ ipahbacrule:
+ ipaadmin_password: SomeADMINpassword
+ name: testrule
+ user:
+ - "{{ user_list[1] | upper }}"
+ - "{{ user_list[2] | upper }}"
+ group:
+ - "{{ group_list[1] | upper }}"
+ - "{{ group_list[2] | upper }}"
+ host:
+ - "{{ host_list[0] | upper }}"
+ - "{{ host_list[1] | upper }}"
+ hostgroup:
+ - "{{ hostgroup_list[0] | upper }}"
+ hbacsvc:
+ - "{{ hbacsvc_list[0] | upper }}"
+ - "{{ hbacsvc_list[1] | upper }}"
+ hbacsvcgroup:
+ - "{{ hbacsvcgroup_list[0] | upper }}"
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed or result.failed
+
+ - name: Check if hbacrule members absent would not trigger change, upercase
+ ipahbacrule:
+ ipaadmin_password: SomeADMINpassword
+ name: testrule
+ user:
+ - "{{ user_list[1] | upper }}"
+ - "{{ user_list[2] | upper }}"
+ group:
+ - "{{ group_list[1] | upper }}"
+ - "{{ group_list[2] | upper }}"
+ host:
+ - "{{ host_list[0] | upper }}"
+ - "{{ host_list[1] | upper }}"
+ hostgroup:
+ - "{{ hostgroup_list[0] | upper }}"
+ hbacsvc:
+ - "{{ hbacsvc_list[0] | upper }}"
+ - "{{ hbacsvc_list[1] | upper }}"
+ hbacsvcgroup:
+ - "{{ hbacsvcgroup_list[0] | upper }}"
+ action: member
+ state: absent
+ check_mode: yes
+ register: result
+ failed_when: result.changed or result.failed
+
+ - name: Ensure hbacrule members are absent, mixed case
+ ipahbacrule:
+ ipaadmin_password: SomeADMINpassword
+ name: testrule
+ user:
+ - "{{ user_list[1] }}"
+ - "{{ user_list[2] }}"
+ group:
+ - "{{ group_list[1] }}"
+ - "{{ group_list[2] }}"
+ host:
+ - "{{ host_list[0] }}"
+ - "{{ host_list[1] }}"
+ hostgroup:
+ - "{{ hostgroup_list[0] }}"
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed or result.failed
+
+ - name: Ensure hbacrule members are absent, lowercase
+ ipahbacrule:
+ ipaadmin_password: SomeADMINpassword
+ name: testrule
+ user:
+ - "{{ user_list[1] | lower }}"
+ - "{{ user_list[2] | lower }}"
+ group:
+ - "{{ group_list[1] | lower }}"
+ - "{{ group_list[2] | lower }}"
+ host:
+ - "{{ host_list[0] | lower }}"
+ - "{{ host_list[1] | lower }}"
+ hostgroup:
+ - "{{ hostgroup_list[0] | lower }}"
+ hbacsvc:
+ - "{{ hbacsvc_list[0] | lower }}"
+ - "{{ hbacsvc_list[1] | lower }}"
+ hbacsvcgroup:
+ - "{{ hbacsvcgroup_list[0] | lower }}"
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed or result.failed
+
+ always:
+ - name: Ensure test hbacrule is absent
+ ipahbacrule:
+ ipaadmin_password: SomeADMINpassword
+ name: testrule
+ state: absent
+
+ - name: Ensure test users are absent
+ ipauser:
+ ipaadmin_password: SomeADMINpassword
+ users:
+ - name: "{{ item }}"
+ state: absent
+ with_items: "{{ user_list }}"
+
+ - name: Ensure test groups are absent
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: "{{ item }}"
+ state: absent
+ with_items: "{{ group_list }}"
+
+ - name: Ensure test hosts are absent
+ ipahost:
+ ipaadmin_password: SomeADMINpassword
+ name: "{{ item }}.{{ ipaserver_domain }}"
+ state: absent
+ with_items: "{{ host_list }}"
+
+ - name: Ensure test hostgroups are absent
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: "{{ item }}"
+ state: absent
+ with_items: "{{ hostgroup_list }}"
+
+ - name: Ensure test hbac services are absent
+ ipahbacsvc:
+ ipaadmin_password: SomeADMINpassword
+ name: "{{ item }}"
+ state: absent
+ with_items: "{{ hbacsvc_list }}"
+
+ - name: Ensure test hbac service groups are absent
+ ipahbacsvcgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: "{{ item }}"
+ state: absent
+ with_items: "{{ hbacsvcgroup_list }}"