diff --git a/galaxy.yml b/galaxy.yml
index ca10cb3e94db5130e6ef742aef62d9d42035c71f..f5e9f8db4ce52cc4cce28863a92c419b0c9b20e4 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -13,8 +13,8 @@ homepage: "https://github.com/freeipa/ansible-freeipa"
issues: "https://github.com/freeipa/ansible-freeipa/issues"
readme: "README.md"
-license: "GPL-3.0-or-later"
-
+license:
+ - "GPL-3.0-or-later"
tags:
- "linux"
- "system"
diff --git a/tests/config/test_config.yml b/tests/config/test_config.yml
index ced34211ca312019b1f52a7ae40670e69eb02562..555a142e96f17081061c2f5aaa636964ef17bd01 100644
--- a/tests/config/test_config.yml
+++ b/tests/config/test_config.yml
@@ -59,13 +59,13 @@
pac_type: ""
- name: Execute tests if ipa_version >= 4.8.0
+ when: ipa_version is version('4.8.0', '>=')
block:
- name: Set maxhostname to 255
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
maxhostname: 255
- when: ipa_version is version('4.8.0', '>=')
- name: Set maxusername to 45
ipaconfig:
@@ -225,6 +225,7 @@
failed_when: result.changed or result.failed
- name: Execute tests if ipa_version >= 4.8.0
+ when: ipa_version is version('4.8.0', '>=')
block:
- name: Set maxhostname to 77
ipaconfig:
@@ -241,7 +242,6 @@
maxhostname: 77
register: result
failed_when: result.changed or result.failed
- when: ipa_version is version('4.8.0', '>=')
- name: Set pwdexpnotify to 17
ipaconfig:
@@ -415,13 +415,13 @@
failed_when: not result.changed or result.failed
- name: Execute tests if ipa_version >= 4.8.0
+ when: ipa_version is version('4.8.0', '>=')
block:
- name: Reset maxhostname
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
maxhostname: '{{ previousconfig.config.maxhostname | default(omit) }}'
- when: ipa_version is version('4.8.0', '>=')
- name: Reset changed fields, again
ipaconfig:
@@ -451,13 +451,13 @@
failed_when: result.changed or result.failed
- name: Execute tests if ipa_version >= 4.8.0
+ when: ipa_version is version('4.8.0', '>=')
block:
- name: Reset maxhostname
ipaconfig:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
maxhostname: '{{ previousconfig.config.maxhostname | default(omit) }}'
- when: ipa_version is version('4.8.0', '>=')
rescue:
- name: Set fields to IPA default, due to error
diff --git a/tests/config/test_config_sid.yml b/tests/config/test_config_sid.yml
index e288f01428483e3550d2ce0055c4def7f7b743a3..cd3ce4fbbf901211fecc05e41cc9ec328633c0ae 100644
--- a/tests/config/test_config_sid.yml
+++ b/tests/config/test_config_sid.yml
@@ -19,6 +19,8 @@
# TESTS
- name: Test config sid
+ # only run tests if version supports enable-sid
+ when: ipa_version is version("4.9.8", ">=")
block:
- name: Check if SID is enabled.
ipaconfig:
@@ -115,8 +117,6 @@
ipaapi_context: "{{ ipa_context | default(omit) }}"
add_sids: yes
- # only run tests if version supports enable-sid
- when: ipa_version is version("4.9.8", ">=")
# REVERT TO PREVIOUS CONFIG
always:
# Once SID is enabled, it cannot be reverted.
diff --git a/tests/env_freeipa_facts.yml b/tests/env_freeipa_facts.yml
index d6f65f3b0d80b830da1ad0d511c993c6ea7aaecc..280e8efa43f8ab36ba9f2770b93668618f00c813 100644
--- a/tests/env_freeipa_facts.yml
+++ b/tests/env_freeipa_facts.yml
@@ -31,6 +31,7 @@
trust_test_is_supported: no
- name: Ensure ipaserver_domain is set
+ when: ipaserver_domain is not defined
block:
- name: Get Domain from server name
ansible.builtin.set_fact:
@@ -41,4 +42,3 @@
ansible.builtin.set_fact:
ipaserver_domain: "ipa.test"
when: "'fqdn' not in ansible_facts"
- when: ipaserver_domain is not defined
diff --git a/tests/group/test_group.yml b/tests/group/test_group.yml
index f3f1c521221c926574c74c7370267ae2193bf28e..8f6a0fa97f1dab86221d155bdd8745b777b72115 100644
--- a/tests/group/test_group.yml
+++ b/tests/group/test_group.yml
@@ -138,6 +138,7 @@
# service
- name: Execute tests if ipa_verison >= 4.7.0
+ when: ipa_version is version('4.7.0', '>=')
block:
- name: Ensure service "{{ 'HTTP/' + fqdn_at_domain }}" is present in group group1
@@ -282,8 +283,6 @@
register: result
failed_when: result.changed or result.failed
- when: ipa_version is version('4.7.0', '>=')
-
# user
- name: Ensure users user1, user2 and user3 are present in group group1
diff --git a/tests/group/test_group_external_members.yml b/tests/group/test_group_external_members.yml
index db926cf44e92d53051b56c9722902a362e7e3d95..7541f876b33a113dfa4c6fe9b12c84214e632423 100644
--- a/tests/group/test_group_external_members.yml
+++ b/tests/group/test_group_external_members.yml
@@ -10,6 +10,7 @@
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
- name: Execute group tests if trust test environment is supported
+ when: trust_test_is_supported | default(false)
block:
- name: Add nonposix group.
@@ -111,5 +112,3 @@
ipaadmin_password: SomeADMINpassword
name: extgroup
state: absent
-
- when: trust_test_is_supported | default(false)
diff --git a/tests/group/test_group_external_nonposix.yml b/tests/group/test_group_external_nonposix.yml
index 83e009cfa5eef7eeff1ed5079a3e9626264e2641..51d2e755b036feed2800c38e3e91cd4d3fd2a7bb 100644
--- a/tests/group/test_group_external_nonposix.yml
+++ b/tests/group/test_group_external_nonposix.yml
@@ -205,6 +205,7 @@
# EXTERNAL MEMBER TEST (REQUIRES AD)
- name: Execute group tests if trust test environment is supported
+ when: trust_test_is_supported | default(false)
block:
- name: Ensure users testuser1, testuser2 and testuser3 are present in group externalgroup
@@ -231,8 +232,6 @@
register: result
failed_when: result.changed or result.failed
- when: trust_test_is_supported | default(false)
-
# CONVERT NONPOSIX TO POSIX GROUP WITH USERS
- name: Ensure nonposix group nonposixgroup as posix
diff --git a/tests/group/test_group_idoverrideuser.yml b/tests/group/test_group_idoverrideuser.yml
index 71d640a688f9868d368d281a69a53c0974eb7a46..ce4c0bb4eea2e8ad3308a05c3ed091c0a341ed3c 100644
--- a/tests/group/test_group_idoverrideuser.yml
+++ b/tests/group/test_group_idoverrideuser.yml
@@ -13,6 +13,7 @@
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
- name: Execute tests if ipa_verison >= 4.8.7 and trust test environment is supported
+ when: ipa_version is version("4.8.7", ">=") and trust_test_is_supported | default(false)
block:
- name: Create idoverrideuser.
ansible.builtin.shell: |
@@ -97,10 +98,8 @@
always:
- name: Remove idoverrideuser.
- ansible.builtin.shell: |
- kinit -c idoverride_cache admin <<< SomeADMINpassword
- ipa idoverrideuser-del "Default Trust View" {{ ad_user }}
- kdestroy -A -q -c idoverride_cache
- when:
-
- when: ipa_version is version("4.8.7", ">=") and trust_test_is_supported | default(false)
+ ansible.builtin.shell:
+ cmd: |
+ kinit -c idoverride_cache admin <<< SomeADMINpassword
+ ipa idoverrideuser-del "Default Trust View" {{ ad_user }}
+ kdestroy -A -q -c idoverride_cache
diff --git a/tests/group/test_group_membermanager.yml b/tests/group/test_group_membermanager.yml
index ecb3fe096e94d72a1fb5611efe9a64df4a443103..e4214f60d77de54ae84df937089ebf337f7aa860 100644
--- a/tests/group/test_group_membermanager.yml
+++ b/tests/group/test_group_membermanager.yml
@@ -9,6 +9,7 @@
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
- name: Execute tests if ipa_verison >= 4.8.4
+ when: ipa_version is version('4.8.4', '>=')
block:
- name: Ensure user manangeruser1 and manageruser2 is absent
ipauser:
@@ -206,5 +207,3 @@
state: absent
register: result
failed_when: not result.changed or result.failed
-
- when: ipa_version is version('4.8.4', '>=')
diff --git a/tests/hostgroup/test_hostgroup_membermanager.yml b/tests/hostgroup/test_hostgroup_membermanager.yml
index eb82b5665e587d3ac7ac6edb97df5dc41f5d2720..a26a9a4a5446655c9383ebdad45aaa1ecabaa75a 100644
--- a/tests/hostgroup/test_hostgroup_membermanager.yml
+++ b/tests/hostgroup/test_hostgroup_membermanager.yml
@@ -9,6 +9,7 @@
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
- name: Tests requiring IPA version 4.8.4+
+ when: ipa_version is version('4.8.4', '>=')
block:
- name: Ensure host-group testhostgroup is absent
ipahostgroup:
@@ -224,4 +225,3 @@
state: absent
register: result
failed_when: not result.changed or result.failed
- when: ipa_version is version('4.8.4', '>=')
diff --git a/tests/hostgroup/test_hostgroup_rename.yml b/tests/hostgroup/test_hostgroup_rename.yml
index 5cde2705fb8c5bcf4e972d7422cc7c002b7cd917..b41cd902512cafeb8600ae150f4fa435142a0b96 100644
--- a/tests/hostgroup/test_hostgroup_rename.yml
+++ b/tests/hostgroup/test_hostgroup_rename.yml
@@ -9,6 +9,7 @@
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
- name: Tests requiring IPA version 4.8.7+
+ when: ipa_version is version('4.8.7', '>=')
block:
- name: Ensure testing host-group are absent
ipahostgroup:
@@ -108,5 +109,3 @@
- databases
- datalake
state: absent
-
- when: ipa_version is version('4.8.7', '>=')
diff --git a/tests/idrange/test_idrange.yml b/tests/idrange/test_idrange.yml
index 92ea3aff8a92f45dda197e2ff38f809c75f326bf..2becb9c1582696595eef396714d12352dbe4937a 100644
--- a/tests/idrange/test_idrange.yml
+++ b/tests/idrange/test_idrange.yml
@@ -120,6 +120,7 @@
name: local_id_range
- name: Execute idrange tests if trust test environment is supported
+ when: trust_test_is_supported | default(false)
block:
# Create trust with range_type: ipa-ad-trust
- name: Create trust with range_type 'ipa-ad-trust'
@@ -367,5 +368,3 @@
- ad_posix_id_range
continue: yes
state: absent
-
- when: trust_test_is_supported | default(false)
diff --git a/tests/role/env_facts.yml b/tests/role/env_facts.yml
index 87c2774366e8fa743ac5ea5609fc49a8c5ac85f8..398354b2f268105441aa464fcb34ef8a8dba4741 100644
--- a/tests/role/env_facts.yml
+++ b/tests/role/env_facts.yml
@@ -1,5 +1,6 @@
---
- name: Ensure ipaserver_domain is set
+ when: ipaserver_domain is not defined
block:
- name: Get Domain from server name
ansible.builtin.set_fact:
@@ -9,7 +10,6 @@
ansible.builtin.set_fact:
ipaserver_domain: "ipa.test"
when: "'fqdn' not in ansible_facts"
- when: ipaserver_domain is not defined
- name: Set ipaserver_realm.
ansible.builtin.set_fact:
diff --git a/tests/server/test_server.yml b/tests/server/test_server.yml
index 755601940966c924fb6ef143c5c830d03b3c56f3..d299032419720bed847855fe4ee4e87a27b95223 100644
--- a/tests/server/test_server.yml
+++ b/tests/server/test_server.yml
@@ -8,6 +8,7 @@
# CLEANUP TEST ITEMS
- name: Ensure ipa_server_name is set
+ when: ipa_server_name is not defined
block:
- name: Get server name from hostname
ansible.builtin.set_fact:
@@ -16,9 +17,9 @@
- name: Fallback to 'ipaserver'
ansible.builtin.set_fact:
ipa_server_name: ipaserver
- when: ipa_server_name is not defined
- name: Ensure ipaserver_domain is set
+ when: ipaserver_domain is not defined
block:
- name: Get domain name from hostname.
ansible.builtin.set_fact:
@@ -27,7 +28,6 @@
- name: Fallback to 'ipa.test'
ansible.builtin.set_fact:
ipaserver_domain: "ipa.test"
- when: ipaserver_domain is not defined
- name: Ensure server "{{ ipa_server_name + '.' + ipaserver_domain }}" without location
ipaserver:
diff --git a/tests/service/test_service.yml b/tests/service/test_service.yml
index 8c6c4d8b84c101adea8c02bafde279c6980f67c3..a246080392fc85fa304090ef6352b875417af965 100644
--- a/tests/service/test_service.yml
+++ b/tests/service/test_service.yml
@@ -22,6 +22,7 @@
# tests
- name: Tests with skip_host_check, require IPA version 4.8.0+.
+ when: ipa_version is version('4.7.0', '>=')
block:
- name: Setup test environment
ansible.builtin.include_tasks: env_setup.yml
@@ -577,4 +578,3 @@
# cleanup
- name: Cleanup test environment
ansible.builtin.include_tasks: env_cleanup.yml
- when: ipa_version is version('4.7.0', '>=')
diff --git a/tests/servicedelegationrule/test_servicedelegationrule_hostprincipal.yml b/tests/servicedelegationrule/test_servicedelegationrule_hostprincipal.yml
index 8df4274a636b2ac8a657f938162bb477c14328ba..bac500e12544e90c77cd323951826187bc4f93d1 100644
--- a/tests/servicedelegationrule/test_servicedelegationrule_hostprincipal.yml
+++ b/tests/servicedelegationrule/test_servicedelegationrule_hostprincipal.yml
@@ -10,6 +10,7 @@
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
- name: Host principals are only possible with IPA 4.9.0+
+ when: ipa_version is version('4.9.0', '>=')
block:
# SET FACTS
@@ -145,5 +146,3 @@
state: absent
register: result
failed_when: not result.changed or result.failed
-
- when: ipa_version is version('4.9.0', '>=')
diff --git a/tests/servicedelegationtarget/test_servicedelegationtarget_hostprincipal.yml b/tests/servicedelegationtarget/test_servicedelegationtarget_hostprincipal.yml
index 111608d82366d44401dc751ef58682a3246c98d4..77987764af50e71e46e64f6fb490165d7a224986 100644
--- a/tests/servicedelegationtarget/test_servicedelegationtarget_hostprincipal.yml
+++ b/tests/servicedelegationtarget/test_servicedelegationtarget_hostprincipal.yml
@@ -10,6 +10,7 @@
ansible.builtin.include_tasks: ../env_freeipa_facts.yml
- name: Host principals are only possible with IPA 4.9.0+
+ when: ipa_version is version('4.9.0', '>=')
block:
# SET FACTS
@@ -145,5 +146,3 @@
state: absent
register: result
failed_when: not result.changed or result.failed
-
- when: ipa_version is version('4.9.0', '>=')
diff --git a/tests/trust/test_trust.yml b/tests/trust/test_trust.yml
index e0e633860653ba56746578c2888a34334a336fb2..8c0afb97232cc1097c82125c52a784c1fed27073 100644
--- a/tests/trust/test_trust.yml
+++ b/tests/trust/test_trust.yml
@@ -17,10 +17,9 @@
ipa_range_exists: 'Range name: {{ ipaserver.realm }}_subid_range'
tasks:
-
- name: Run tust tests, if supported by environment
+ when: trust_test_is_supported | default(false)
block:
-
- name: Delete test trust
ipatrust:
ipaadmin_password: SomeADMINpassword
@@ -165,5 +164,3 @@
ipa idrange-del {{ adserver.realm }}_id_range || true
ipa idrange-del {{ ipaserver.realm }}_subid_range || true
kdestroy -c test_krb5_cache -q -A
-
- when: trust_test_is_supported | default(false)
diff --git a/tests/user/test_users_absent.yml b/tests/user/test_users_absent.yml
index 59a15feaa2b73f6917a6e8779c1193fd0eef5467..d59b7d338e92ff368f429e1f318f43bc96f627a5 100644
--- a/tests/user/test_users_absent.yml
+++ b/tests/user/test_users_absent.yml
@@ -10,7 +10,7 @@
tasks:
- name: Include users.json
ansible.builtin.include_vars:
- file: users.json # noqa 505
+ file: users.json # noqa missing-import
- name: Create dict with user names
ansible.builtin.set_fact:
diff --git a/tests/user/test_users_present.yml b/tests/user/test_users_present.yml
index 0a3279fa70d2371d1320f96b5f0b10a68eb8d443..c42d152c54714b4e2675bebdb33093fe4cc5a3ef 100644
--- a/tests/user/test_users_present.yml
+++ b/tests/user/test_users_present.yml
@@ -10,7 +10,7 @@
tasks:
- name: Include users.json
ansible.builtin.include_vars:
- file: users.json # noqa 505
+ file: users.json # noqa missing-import
- name: Users present len:{{ users | length }}
ipauser:
diff --git a/tests/user/test_users_present_slice.yml b/tests/user/test_users_present_slice.yml
index c3274974d5bd9df84a303169c0d4dc11397ac664..98bad4bd09dcb0ac3312874c18362e33caa58a91 100644
--- a/tests/user/test_users_present_slice.yml
+++ b/tests/user/test_users_present_slice.yml
@@ -12,7 +12,7 @@
tasks:
- name: Include users.json
ansible.builtin.include_vars:
- file: users.json # noqa 505
+ file: users.json # noqa missing-import
- name: Size of users slice.
ansible.builtin.debug:
msg: "{{ users | length }}"
diff --git a/tests/vault/test_vault_change_type.yml b/tests/vault/test_vault_change_type.yml
index 7e4ca44fb0de5edf41f2bdeb9d683f8ca0ce4ca6..3b8a332d0c1719e9ed4fec05b83f7e2d0c9c5b4f 100644
--- a/tests/vault/test_vault_change_type.yml
+++ b/tests/vault/test_vault_change_type.yml
@@ -31,6 +31,8 @@
failed_when: result.failed or not result.changed
- name: Change vault type from asymmetric to symmetric
+ vars:
+ krb5ccname: verify_change_from_asymmetric
block:
- name: Change from asymmetric to symmetric
ipavault:
@@ -50,10 +52,9 @@
register: result
failed_when: result.failed or "Public Key:" in result.stdout
- vars:
- krb5ccname: verify_change_from_asymmetric
-
- name: Change vault type from symmetric to standard
+ vars:
+ krb5ccname: verify_change_from_symmetric
block:
- name: Change from symmetric to standard
ipavault:
@@ -72,9 +73,6 @@
register: result
failed_when: result.failed or "Salt:" in result.stdout
- vars:
- krb5ccname: verify_change_from_symmetric
-
- name: Change from standard to symmetric
ipavault:
ipaadmin_password: SomeADMINpassword
@@ -85,6 +83,8 @@
failed_when: result.failed or not result.changed
- name: Change vault type from symmetric to asymmetric
+ vars:
+ krb5ccname: verify_change_from_symmetric
block:
- name: Change from symmetric to asymmetric
ipavault:
@@ -104,10 +104,9 @@
register: result
failed_when: result.failed or "Salt:" in result.stdout
- vars:
- krb5ccname: verify_change_from_symmetric
-
- name: Change vault type from asymmetric to standard
+ vars:
+ krb5ccname: verify_change_from_asymmetric
block:
- name: Change from asymmetric to standard
ipavault:
@@ -126,9 +125,6 @@
register: result
failed_when: result.failed or "Public Key:" in result.stdout
- vars:
- krb5ccname: verify_change_from_asymmetric
-
- name: Ensure test_vault is absent.
ipavault:
ipaadmin_password: SomeADMINpassword
@@ -161,6 +157,8 @@
failed_when: result.failed or result.changed or result.vault.data != 'hello'
- name: Change vault type from asymmetric to symmetric, with data
+ vars:
+ krb5ccname: verify_change_from_asymmetric
block:
- name: Change from asymmetric to symmetric, with data
ipavault:
@@ -180,9 +178,6 @@
register: result
failed_when: result.failed or "Public Key:" in result.stdout
- vars:
- krb5ccname: verify_change_from_asymmetric
-
- name: Retrieve data from symmetric vault.
ipavault:
ipaadmin_password: SomeADMINpassword
@@ -193,6 +188,8 @@
failed_when: result.failed or result.changed or result.vault.data != 'hello'
- name: Change vault type from symmetric to standard, with data
+ vars:
+ krb5ccname: verify_change_from_symmetric
block:
- name: Change from symmetric to standard, with data
ipavault:
@@ -211,9 +208,6 @@
register: result
failed_when: result.failed or "Salt:" in result.stdout
- vars:
- krb5ccname: verify_change_from_symmetric
-
- name: Retrieve data from standard vault.
ipavault:
ipaadmin_password: SomeADMINpassword
@@ -241,6 +235,8 @@
failed_when: result.failed or result.changed or result.vault.data != 'hello'
- name: Change vault type from symmetric to asymmetric, with data
+ vars:
+ krb5ccname: verify_change_from_symmetric
block:
- name: Change from symmetric to asymmetric, with data
ipavault:
@@ -260,9 +256,6 @@
register: result
failed_when: result.failed or "Salt:" in result.stdout
- vars:
- krb5ccname: verify_change_from_symmetric
-
- name: Retrieve data from asymmetric vault.
ipavault:
ipaadmin_password: SomeADMINpassword
@@ -273,6 +266,8 @@
failed_when: result.failed or result.changed or result.vault.data != 'hello'
- name: Change vault type from asymmetric to standard, with data
+ vars:
+ krb5ccname: verify_change_from_asymmetric
block:
- name: Change from asymmetric to standard, with data
ipavault:
@@ -291,9 +286,6 @@
register: result
failed_when: result.failed or "Public Key:" in result.stdout
- vars:
- krb5ccname: verify_change_from_asymmetric
-
- name: Retrieve data from standard vault.
ipavault:
ipaadmin_password: SomeADMINpassword