diff --git a/plugins/modules/ipaservice.py b/plugins/modules/ipaservice.py
index b0d253553c4388addb2efeea82e1bbaa823876bb..8bc390d1ecab26754a98d963a1c10dd6ca9b5f13 100644
--- a/plugins/modules/ipaservice.py
+++ b/plugins/modules/ipaservice.py
@@ -460,7 +460,7 @@ def main():
allow_retrieve_keytab_group = module_params_get(
ansible_module, "allow_retrieve_keytab_group")
allow_retrieve_keytab_host = module_params_get(
- ansible_module, "allow_create_keytab_host")
+ ansible_module, "allow_retrieve_keytab_host")
allow_retrieve_keytab_hostgroup = module_params_get(
ansible_module, "allow_retrieve_keytab_hostgroup")
delete_continue = module_params_get(ansible_module, "delete_continue")
@@ -727,7 +727,7 @@ def main():
# Allow retrieve keytab
if len(allow_retrieve_keytab_user_add) > 0 or \
len(allow_retrieve_keytab_group_add) > 0 or \
- len(allow_retrieve_keytab_hostgroup_add) > 0 or \
+ len(allow_retrieve_keytab_host_add) > 0 or \
len(allow_retrieve_keytab_hostgroup_add) > 0:
commands.append(
[name, "service_allow_retrieve_keytab",
diff --git a/tests/service/env_cleanup.yml b/tests/service/env_cleanup.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f96a75b9c38f31db1960941b7ec6a4f275e6cceb
--- /dev/null
+++ b/tests/service/env_cleanup.yml
@@ -0,0 +1,68 @@
+---
+# Cleanup tasks for the service module tests.
+- name: Ensure services are absent.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - "HTTP/{{ svc_fqdn }}"
+ - "HTTP/{{ nohost_fqdn }}"
+ - HTTP/svc.ihavenodns.info
+ - HTTP/no.idontexist.local
+ - "cifs/{{ host1_fqdn }}"
+ state: absent
+
+- name: Ensure host "{{ svc_fqdn }}" is absent
+ ipahost:
+ ipaadmin_password: SomeADMINpassword
+ name: "{{ svc_fqdn }}"
+ update_dns: yes
+ state: absent
+
+- name: Ensure host is absent
+ ipahost:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ - "{{ nohost_fqdn }}"
+ - svc.ihavenodns.info
+ update_dns: no
+ state: absent
+
+- name: Ensure testing users are absent.
+ ipauser:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - user01
+ - user02
+ state: absent
+
+- name: Ensure testing groups are absent.
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - group01
+ - group02
+ state: absent
+
+- name: Ensure testing hostgroup hostgroup01 is absent.
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - hostgroup01
+ state: absent
+
+- name: Ensure testing hostgroup hostgroup02 is absent.
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - hostgroup02
+ state: absent
+
+- name: Remove IP address for "nohost" host.
+ ipadnsrecord:
+ ipaadmin_password: SomeADMINpassword
+ zone_name: "{{ test_domain }}."
+ name: nohost
+ del_all: yes
+ state: absent
diff --git a/tests/service/env_setup.yml b/tests/service/env_setup.yml
new file mode 100644
index 0000000000000000000000000000000000000000..309cfc03c7bda68de7c930415d26d5533d3e50ca
--- /dev/null
+++ b/tests/service/env_setup.yml
@@ -0,0 +1,73 @@
+# Setup environment for service module tests.
+---
+- name: Setup variables and facts.
+ include_tasks: env_vars.yml
+
+# Cleanup before setup.
+- name: Cleanup test environment.
+ include_tasks: env_cleanup.yml
+
+- name: Add IP address for "nohost" host.
+ ipadnsrecord:
+ ipaadmin_password: SomeADMINpassword
+ zone_name: "{{ test_domain }}."
+ name: nohost
+ a_ip_address: "{{ ipv4_prefix + '.100' }}"
+
+- name: Add hosts for tests.
+ ipahost:
+ ipaadmin_password: SomeADMINpassword
+ hosts:
+ - name: "{{ host1_fqdn }}"
+ ip_address: "{{ ipv4_prefix + '.101' }}"
+ - name: "{{ host2_fqdn }}"
+ ip_address: "{{ ipv4_prefix + '.102' }}"
+ - name: "{{ svc_fqdn }}"
+ ip_address: "{{ ipv4_prefix + '.201' }}"
+ - name: svc.ihavenodns.info
+ force: yes
+ update_dns: yes
+
+- name: Ensure testing user user01 is present.
+ ipauser:
+ ipaadmin_password: SomeADMINpassword
+ name: user01
+ first: user01
+ last: last
+
+- name: Ensure testing user user02 is present.
+ ipauser:
+ ipaadmin_password: SomeADMINpassword
+ name: user02
+ first: user02
+ last: last
+
+- name: Ensure testing group group01 is present.
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: group01
+
+- name: Ensure testing group group02 is present.
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: group02
+
+- name: Ensure testing hostgroup hostgroup01 is present.
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: hostgroup01
+
+- name: Ensure testing hostgroup hostgroup02 is present.
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: hostgroup02
+
+- name: Ensure services are absent.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - "HTTP/{{ svc_fqdn }}"
+ - "HTTP/{{ nohost_fqdn }}"
+ - HTTP/svc.ihavenodns.info
+ - HTTP/no.idontexist.info
+ state: absent
diff --git a/tests/service/env_vars.yml b/tests/service/env_vars.yml
new file mode 100644
index 0000000000000000000000000000000000000000..eb53c7a07f3b523a775a8d7ec2182bfdd70c597d
--- /dev/null
+++ b/tests/service/env_vars.yml
@@ -0,0 +1,15 @@
+---
+ - name: Get Domain from server name
+ set_fact:
+ test_domain: "{{ ansible_fqdn.split('.')[1:] | join('.') }}"
+
+ - name: Set host1, host2 and svc hosts fqdn
+ set_fact:
+ host1_fqdn: "{{ 'host1.' + test_domain }}"
+ host2_fqdn: "{{ 'host2.' + test_domain }}"
+ svc_fqdn: "{{ 'svc.' + test_domain }}"
+ nohost_fqdn: "{{ 'nohost.' + test_domain }}"
+
+ - name: Get IPv4 address prefix from server node
+ set_fact:
+ ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] | join('.') }}"
diff --git a/tests/service/test_service.yml b/tests/service/test_service.yml
index 26f509efa619ff23053dd66b77adf78b9e2a14f1..7035bb9e7b793ca6591d2592ef4480be6e541340 100644
--- a/tests/service/test_service.yml
+++ b/tests/service/test_service.yml
@@ -17,109 +17,8 @@
tasks:
# setup
- - name: Get Domain from server name
- set_fact:
- ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
- when: ipaserver_domain is not defined
-
- - name: Set host1, host2 and svc hosts fqdn
- set_fact:
- host1_fqdn: "{{ 'host1.' + ipaserver_domain }}"
- host2_fqdn: "{{ 'host2.' + ipaserver_domain }}"
- svc_fqdn: "{{ 'svc.' + ipaserver_domain }}"
- nohost_fqdn: "{{ 'nohost.' + ipaserver_domain }}"
-
- - name: Remove IP address for "nohost" host.
- ipadnsrecord:
- ipaadmin_password: SomeADMINpassword
- zone_name: "{{ ipaserver_domain }}"
- name: nohost
- del_all: yes
- state: absent
-
- - name: Host absent
- ipahost:
- ipaadmin_password: SomeADMINpassword
- name:
- - "{{ nohost_fqdn }}"
- - no.idontexist.info
- - svc.ihavenodns.info
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- - "{{ svc_fqdn }}"
- update_dns: no
- state: absent
-
- - name: Get IPv4 address prefix from server node
- set_fact:
- ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] |
- join('.') }}"
-
- - name: Add IP address for "nohost" host.
- ipadnsrecord:
- ipaadmin_password: SomeADMINpassword
- zone_name: "{{ ipaserver_domain }}"
- name: nohost
- a_ip_address: "{{ ipv4_prefix + '.100' }}"
-
- - name: Add hosts for tests.
- ipahost:
- ipaadmin_password: SomeADMINpassword
- hosts:
- - name: "{{ host1_fqdn }}"
- ip_address: "{{ ipv4_prefix + '.101' }}"
- - name: "{{ host2_fqdn }}"
- ip_address: "{{ ipv4_prefix + '.102' }}"
- force: yes
- - name: "{{ svc_fqdn }}"
- ip_address: "{{ ipv4_prefix + '.201' }}"
- - name: svc.ihavenodns.info
- force: yes
- update_dns: yes
-
- - name: Ensure testing user user01 is present.
- ipauser:
- ipaadmin_password: SomeADMINpassword
- name: user01
- first: user01
- last: last
-
- - name: Ensure testing user user02 is present.
- ipauser:
- ipaadmin_password: SomeADMINpassword
- name: user02
- first: user02
- last: last
-
- - name: Ensure testing group group01 is present.
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: group01
-
- - name: Ensure testing group group02 is present.
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: group02
-
- - name: Ensure testing hostgroup hostgroup01 is present.
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: hostgroup01
-
- - name: Ensure testing hostgroup hostgroup02 is present.
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: hostgroup02
-
- - name: Ensure services are absent.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name:
- - "HTTP/{{ svc_fqdn }}"
- - "HTTP/{{ nohost_fqdn }}"
- - HTTP/svc.ihavenodns.info
- - HTTP/no.idontexist.info
- state: absent
+ - name: Setup test environment
+ include_tasks: env_setup.yml
# tests
- name: Ensure service is present
@@ -476,7 +375,6 @@
register: result
failed_when: result.changed
- #
- name: Ensure service is absent
ipaservice:
ipaadmin_password: SomeADMINpassword
@@ -594,70 +492,5 @@
failed_when: result.changed
# cleanup
-
- - name: Ensure services are absent.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name:
- - "HTTP/{{ svc_fqdn }}"
- - "HTTP/{{ nohost_fqdn }}"
- - HTTP/svc.ihavenodns.info
- - HTTP/no.idontexist.local
- - "cifs/{{ host1_fqdn }}"
- state: absent
-
- - name: Ensure host "{{ svc_fqdn }}" is absent
- ipahost:
- ipaadmin_password: SomeADMINpassword
- name: "{{ svc_fqdn }}"
- update_dns: yes
- state: absent
-
- - name: Ensure host is absent
- ipahost:
- ipaadmin_password: SomeADMINpassword
- name:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- - "{{ nohost_fqdn }}"
- - svc.ihavenodns.info
- update_dns: no
- state: absent
-
- - name: Ensure testing users are absent.
- ipauser:
- ipaadmin_password: SomeADMINpassword
- name:
- - user01
- - user02
- state: absent
-
- - name: Ensure testing groups are absent.
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name:
- - group01
- - group02
- state: absent
-
- - name: Ensure testing hostgroup hostgroup01 is absent.
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name:
- - hostgroup01
- state: absent
-
- - name: Ensure testing hostgroup hostgroup02 is absent.
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name:
- - hostgroup02
- state: absent
-
- - name: Remove IP address for "nohost" host.
- ipadnsrecord:
- ipaadmin_password: SomeADMINpassword
- zone_name: "{{ ipaserver_domain }}"
- name: nohost
- del_all: yes
- state: absent
+ - name: Cleanup test environment
+ include_tasks: env_cleanup.yml
diff --git a/tests/service/test_service_keytab.yml b/tests/service/test_service_keytab.yml
new file mode 100644
index 0000000000000000000000000000000000000000..0918802952463c398b086868fd038018826e07fe
--- /dev/null
+++ b/tests/service/test_service_keytab.yml
@@ -0,0 +1,397 @@
+---
+- name: Test service
+ hosts: ipaserver
+ become: yes
+
+ tasks:
+ # setup
+ - name: Setup test envirnoment.
+ include_tasks: env_setup.yml
+
+ # Add service to test keytab create/retrieve attributes.
+ - name: Ensure test service is present
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ pac_type:
+ - MS-PAC
+ - PAD
+ auth_ind: otp
+ force: yes
+ requires_pre_auth: yes
+ ok_as_delegate: no
+ ok_to_auth_as_delegate: no
+
+ # tests
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_user:
+ - user01
+ - user02
+ action: member
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_user:
+ - user01
+ - user02
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_user:
+ - user01
+ - user02
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_user:
+ - user01
+ - user02
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for group.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_group:
+ - group01
+ - group02
+ action: member
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for group, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_group:
+ - group01
+ - group02
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for group.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_group:
+ - group01
+ - group02
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for group, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_group:
+ - group01
+ - group02
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for host.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ action: member
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for host, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for host.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for host, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for hostgroup.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for hostgroup, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for hostgroup.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ state: absent
+ action: member
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for hostgroup, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_user:
+ - user01
+ - user02
+ action: member
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_user:
+ - user01
+ - user02
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_user:
+ - user01
+ - user02
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_user:
+ - user01
+ - user02
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for group.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_group:
+ - group01
+ - group02
+ action: member
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for group, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_group:
+ - group01
+ - group02
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for group.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_group:
+ - group01
+ - group02
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for group, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_group:
+ - group01
+ - group02
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for host.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ action: member
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for host, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for host.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for host, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for hostgroup.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for hostgroup, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for hostgroup.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for hostgroup, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ # cleanup
+ - name: Clean-up envirnoment.
+ include_tasks: env_cleanup.yml
diff --git a/tests/service/test_service_without_skip_host_check.yml b/tests/service/test_service_without_skip_host_check.yml
index ce703e9a0d39e1faf7a486b2495e188a38d9380b..0f89cc7247de62f29295e1fb453f8c1a5e745b40 100644
--- a/tests/service/test_service_without_skip_host_check.yml
+++ b/tests/service/test_service_without_skip_host_check.yml
@@ -5,91 +5,8 @@
tasks:
# setup
- - name: Get Domain from server name
- set_fact:
- ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
- when: ipaserver_domain is not defined
-
- - name: Set host1, host2 and svc hosts fqdn
- set_fact:
- host1_fqdn: "{{ 'host1.' + ipaserver_domain }}"
- host2_fqdn: "{{ 'host2.' + ipaserver_domain }}"
- svc_fqdn: "{{ 'svc.' + ipaserver_domain }}"
-
- - name: Host absent
- ipahost:
- ipaadmin_password: SomeADMINpassword
- name:
- - svc.ihavenodns.info
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- - "{{ svc_fqdn }}"
- update_dns: yes
- state: absent
-
- - name: Get IPv4 address prefix from server node
- set_fact:
- ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] |
- join('.') }}"
-
- - name: Add hosts for tests.
- ipahost:
- ipaadmin_password: SomeADMINpassword
- hosts:
- - name: "{{ host1_fqdn }}"
- ip_address: "{{ ipv4_prefix + '.201' }}"
- update_dns: yes
- - name: "{{ host2_fqdn }}"
- ip_address: "{{ ipv4_prefix + '.202' }}"
- update_dns: yes
- - name: "{{ svc_fqdn }}"
- ip_address: "{{ ipv4_prefix + '.203' }}"
- update_dns: yes
- - name: svc.ihavenodns.info
- update_dns: no
- force: yes
-
- - name: Ensure testing user user01 is present.
- ipauser:
- ipaadmin_password: SomeADMINpassword
- name: user01
- first: user01
- last: last
-
- - name: Ensure testing user user02 is present.
- ipauser:
- ipaadmin_password: SomeADMINpassword
- name: user02
- first: user02
- last: last
-
- - name: Ensure testing group group01 is present.
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: group01
-
- - name: Ensure testing group group02 is present.
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: group02
-
- - name: Ensure testing hostgroup hostgroup01 is present.
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: hostgroup01
-
- - name: Ensure testing hostgroup hostgroup02 is present.
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: hostgroup02
-
- - name: Ensure services are absent.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name:
- - "HTTP/{{ svc_fqdn }}"
- - HTTP/svc.ihavenodns.info
- state: absent
+ - name: Setup test environment
+ include_tasks: env_setup.yml
# tests
- name: Ensure service is present
@@ -426,51 +343,5 @@
failed_when: result.changed
# cleanup
-
- - name: Ensure services are absent.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name:
- - "HTTP/{{ svc_fqdn }}"
- - HTTP/svc.ihavenodns.info
- state: absent
-
- - name: Ensure host is absent
- ipahost:
- ipaadmin_password: SomeADMINpassword
- name:
- - "{{ svc_fqdn }}"
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- - svc.ihavenodns.info
- state: absent
-
- - name: Ensure testing users are absent.
- ipauser:
- ipaadmin_password: SomeADMINpassword
- name:
- - user01
- - user02
- state: absent
-
- - name: Ensure testing groups are absent.
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name:
- - group01
- - group02
- state: absent
-
- - name: Ensure testing hostgroup hostgroup01 is absent.
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name:
- - hostgroup01
- state: absent
-
- - name: Ensure testing hostgroup hostgroup02 is absent.
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name:
- - hostgroup02
- state: absent
+ - name: Cleanup test environment
+ include_tasks: env_cleanup.yml