diff --git a/tests/env_freeipa_facts.yml b/tests/env_freeipa_facts.yml
new file mode 100644
index 0000000000000000000000000000000000000000..7a664c1c928c9e8f369a1fe2dd15ff075081d255
--- /dev/null
+++ b/tests/env_freeipa_facts.yml
@@ -0,0 +1,18 @@
+# This playbook should be included with `include_tasks` as the first task
+# of a test playbook that requires FreeIPA information.
+#
+# Available Facts:
+#
+# ipa_version: The installed FreeIPA version.
+# ipa_api_version: The installed FreeIPA API version.
+#
+---
+- name: Retrieving FreeIPA version.
+ shell:
+ cmd: 'ipa --version | sed -n "s/VERSION: \([^,]*\).*API_VERSION: \([^,]*\).*/\1\\n\2/p"'
+ register: ipa_cmd_version
+
+- name: Set FreeIPA facts.
+ set_fact:
+ ipa_version: "{{ ipa_cmd_version.stdout_lines[0] }}"
+ ipa_api_version: "{{ ipa_cmd_version.stdout_lines[1] }}"
diff --git a/tests/hostgroup/test_hostgroup_membermanager.yml b/tests/hostgroup/test_hostgroup_membermanager.yml
index c0f65460e634aea22632d728c8f7b577e6ec3ae8..2af8445de9e54719a5ed3fe5bea146a97c68d16c 100644
--- a/tests/hostgroup/test_hostgroup_membermanager.yml
+++ b/tests/hostgroup/test_hostgroup_membermanager.yml
@@ -5,215 +5,220 @@
gather_facts: false
tasks:
- - name: Ensure host-group testhostgroup is absent
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name:
- - testhostgroup
- state: absent
-
- - name: Ensure user manangeruser1 and manageruser2 is absent
- ipauser:
- ipaadmin_password: SomeADMINpassword
- name: manageruser1,manageruser2,unknown_user
- state: absent
-
- - name: Ensure group managergroup1 and managergroup2 are absent
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: managergroup1,managergroup2
- state: absent
-
- - name: Ensure host-group testhostgroup is present
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name:
- - testhostgroup
-
- - name: Ensure user manageruser1 and manageruser2 are present
- ipauser:
- ipaadmin_password: SomeADMINpassword
- users:
- - name: manageruser1
- first: manageruser1
- last: Last1
- - name: manageruser2
- first: manageruser2
- last: Last2
- register: result
- failed_when: not result.changed
-
- - name: Ensure managergroup1 is present
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: managergroup1
- register: result
- failed_when: not result.changed
-
- - name: Ensure managergroup2 is present
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: managergroup2
- register: result
- failed_when: not result.changed
-
- - name: Ensure membermanager user1 is present for testhostgroup
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: testhostgroup
- membermanager_user: manageruser1
- register: result
- failed_when: not result.changed
-
- - name: Ensure membermanager user1 is present for testhostgroup again
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: testhostgroup
- membermanager_user: manageruser1
- register: result
- failed_when: result.changed
-
- - name: Ensure membermanager group1 is present for testhostgroup
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: testhostgroup
- membermanager_group: managergroup1
- register: result
- failed_when: not result.changed
-
- - name: Ensure membermanager group1 is present for testhostgroup again
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: testhostgroup
- membermanager_group: managergroup1
- register: result
- failed_when: result.changed
-
- - name: Ensure membermanager user2 and group2 members are present for testhostgroup
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: testhostgroup
- membermanager_user: manageruser2
- membermanager_group: managergroup2
- action: member
- register: result
- failed_when: not result.changed
-
- - name: Ensure membermanager user2 and group2 members are present for testhostgroup again
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: testhostgroup
- membermanager_user: manageruser2
- membermanager_group: managergroup2
- action: member
- register: result
- failed_when: result.changed
-
- - name: Ensure membermanager user and group members are present for testhostgroup again
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: testhostgroup
- membermanager_user: manageruser1,manageruser2
- membermanager_group: managergroup1,managergroup2
- action: member
- register: result
- failed_when: result.changed
-
- - name: Ensure membermanager user1 and group1 members are absent for testhostgroup
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: testhostgroup
- membermanager_user: manageruser1
- membermanager_group: managergroup1
- action: member
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Ensure membermanager user1 and group1 members are absent for testhostgroup again
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: testhostgroup
- membermanager_user: manageruser1
- membermanager_group: managergroup1
- action: member
- state: absent
- register: result
- failed_when: result.changed
-
-
- - name: Ensure membermanager user1 and group1 members are present for testhostgroup
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: testhostgroup
- membermanager_user: manageruser1
- membermanager_group: managergroup1
- action: member
- register: result
- failed_when: not result.changed
-
- - name: Ensure membermanager user1 and group1 members are present for testhostgroup again
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: testhostgroup
- membermanager_user: manageruser1
- membermanager_group: managergroup1
- action: member
- register: result
- failed_when: result.changed
-
- - name: Ensure membermanager user and group members are absent for testhostgroup
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: testhostgroup
- membermanager_user: manageruser1,manageruser2
- membermanager_group: managergroup1,managergroup2
- action: member
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Ensure membermanager user and group members are absent for testhostgroup again
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: testhostgroup
- membermanager_user: manageruser1,manageruser2
- membermanager_group: managergroup1,managergroup2
- action: member
- state: absent
- register: result
- failed_when: result.changed
-
- - name: Ensure user manangeruser1 and manageruser2 is absent
- ipauser:
- ipaadmin_password: SomeADMINpassword
- name: manageruser1,manageruser2
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Ensure group managergroup1 and managergroup2 are absent
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: managergroup1,managergroup2
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Ensure unknown membermanager_user member failure
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: testhostgroup
- membermanager_user: unknown_user
- action: member
- register: result
- failed_when: result.changed or "no such entry" not in result.msg
-
- - name: Ensure host-group testhostgroup is absent
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name:
- - testhostgroup
- state: absent
- register: result
- failed_when: not result.changed
+ - include_tasks: ../env_freeipa_facts.yml
+
+ - name: Tests requiring IPA version 4.8.4+
+ block:
+ - name: Ensure host-group testhostgroup is absent
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - testhostgroup
+ state: absent
+
+ - name: Ensure user manangeruser1 and manageruser2 is absent
+ ipauser:
+ ipaadmin_password: SomeADMINpassword
+ name: manageruser1,manageruser2,unknown_user
+ state: absent
+
+ - name: Ensure group managergroup1 and managergroup2 are absent
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: managergroup1,managergroup2
+ state: absent
+
+ - name: Ensure host-group testhostgroup is present
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - testhostgroup
+
+ - name: Ensure user manageruser1 and manageruser2 are present
+ ipauser:
+ ipaadmin_password: SomeADMINpassword
+ users:
+ - name: manageruser1
+ first: manageruser1
+ last: Last1
+ - name: manageruser2
+ first: manageruser2
+ last: Last2
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure managergroup1 is present
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: managergroup1
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure managergroup2 is present
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: managergroup2
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure membermanager user1 is present for testhostgroup
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testhostgroup
+ membermanager_user: manageruser1
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure membermanager user1 is present for testhostgroup again
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testhostgroup
+ membermanager_user: manageruser1
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure membermanager group1 is present for testhostgroup
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testhostgroup
+ membermanager_group: managergroup1
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure membermanager group1 is present for testhostgroup again
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testhostgroup
+ membermanager_group: managergroup1
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure membermanager user2 and group2 members are present for testhostgroup
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testhostgroup
+ membermanager_user: manageruser2
+ membermanager_group: managergroup2
+ action: member
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure membermanager user2 and group2 members are present for testhostgroup again
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testhostgroup
+ membermanager_user: manageruser2
+ membermanager_group: managergroup2
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure membermanager user and group members are present for testhostgroup again
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testhostgroup
+ membermanager_user: manageruser1,manageruser2
+ membermanager_group: managergroup1,managergroup2
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure membermanager user1 and group1 members are absent for testhostgroup
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testhostgroup
+ membermanager_user: manageruser1
+ membermanager_group: managergroup1
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure membermanager user1 and group1 members are absent for testhostgroup again
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testhostgroup
+ membermanager_user: manageruser1
+ membermanager_group: managergroup1
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed
+
+
+ - name: Ensure membermanager user1 and group1 members are present for testhostgroup
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testhostgroup
+ membermanager_user: manageruser1
+ membermanager_group: managergroup1
+ action: member
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure membermanager user1 and group1 members are present for testhostgroup again
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testhostgroup
+ membermanager_user: manageruser1
+ membermanager_group: managergroup1
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure membermanager user and group members are absent for testhostgroup
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testhostgroup
+ membermanager_user: manageruser1,manageruser2
+ membermanager_group: managergroup1,managergroup2
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure membermanager user and group members are absent for testhostgroup again
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testhostgroup
+ membermanager_user: manageruser1,manageruser2
+ membermanager_group: managergroup1,managergroup2
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure user manangeruser1 and manageruser2 is absent
+ ipauser:
+ ipaadmin_password: SomeADMINpassword
+ name: manageruser1,manageruser2
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure group managergroup1 and managergroup2 are absent
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: managergroup1,managergroup2
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure unknown membermanager_user member failure
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testhostgroup
+ membermanager_user: unknown_user
+ action: member
+ register: result
+ failed_when: result.changed or "no such entry" not in result.msg
+
+ - name: Ensure host-group testhostgroup is absent
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - testhostgroup
+ state: absent
+ register: result
+ failed_when: not result.changed
+ when: ipa_version is version('4.8.4', '>=')
diff --git a/tests/hostgroup/test_hostgroup_rename.yml b/tests/hostgroup/test_hostgroup_rename.yml
index 8d13338fa5a907f6738518d1af741e3f0c9b70cd..98007175a6a64e0542bf43d4003feb8bd149b1b0 100644
--- a/tests/hostgroup/test_hostgroup_rename.yml
+++ b/tests/hostgroup/test_hostgroup_rename.yml
@@ -5,101 +5,107 @@
gather_facts: false
tasks:
- - name: Ensure testing host-group are absent
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name:
- - databases
- - datalake
- - inexistenthostgroup
- state: absent
+ - include_tasks: ../env_freeipa_facts.yml
- - name: Ensure host-group databases is present
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: databases
- state: present
- register: result
- failed_when: not result.changed
+ - name: Tests requiring IPA version 4.8.7+
+ block:
+ - name: Ensure testing host-group are absent
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - databases
+ - datalake
+ - inexistenthostgroup
+ state: absent
- - name: Rename host-group from `databases` to `datalake`
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: databases
- rename: datalake
- state: renamed
- register: result
- failed_when: not result.changed
+ - name: Ensure host-group databases is present
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: databases
+ state: present
+ register: result
+ failed_when: not result.changed
- - name: Ensure host-group database was already absent
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: database
- state: absent
- register: result
- failed_when: result.changed
+ - name: Rename host-group from `databases` to `datalake`
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: databases
+ rename: datalake
+ state: renamed
+ register: result
+ failed_when: not result.changed
- - name: Rename host-group from `databases` to `datalake`, again
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: databases
- rename: datalake
- state: renamed
- register: result
- failed_when: result.changed or result.failed
+ - name: Ensure host-group database was already absent
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: database
+ state: absent
+ register: result
+ failed_when: result.changed
- - name: Rename host-group with same name.
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: datalake
- rename: datalake
- state: renamed
- register: result
- failed_when: result.changed
+ - name: Rename host-group from `databases` to `datalake`, again
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: databases
+ rename: datalake
+ state: renamed
+ register: result
+ failed_when: result.changed or result.failed
- - name: Ensure testing hostgroups do not exist.
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: inexistenthostgroup,alsoinexistent
- state: absent
+ - name: Rename host-group with same name.
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: datalake
+ rename: datalake
+ state: renamed
+ register: result
+ failed_when: result.changed
- - name: Rename inexistent host-group to an existing one.
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: inexistenthostgroup
- rename: datalake
- state: renamed
- register: result
- failed_when: result.changed or result.failed
+ - name: Ensure testing hostgroups do not exist.
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: inexistenthostgroup,alsoinexistent
+ state: absent
- - name: Rename inexistent host-group to a non-existing one.
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: inexistenthostgroup
- rename: alsoinexistent
- state: renamed
- register: result
- failed_when: not result.failed or "Attribute `rename` can not be used, unless hostgroup exists." not in result.msg
+ - name: Rename inexistent host-group to an existing one.
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: inexistenthostgroup
+ rename: datalake
+ state: renamed
+ register: result
+ failed_when: result.changed or result.failed
- - name: Ensure host-group databases is present
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: databases
- state: present
+ - name: Rename inexistent host-group to a non-existing one.
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: inexistenthostgroup
+ rename: alsoinexistent
+ state: renamed
+ register: result
+ failed_when: not result.failed or "Attribute `rename` can not be used, unless hostgroup exists." not in result.msg
- - name: Rename host-group to an existing one.
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: databases
- rename: datalake
- state: renamed
- register: result
- failed_when: not result.failed or "This entry already exists" not in result.msg
+ - name: Ensure host-group databases is present
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: databases
+ state: present
- - name: Ensure host-group databases and datalake are absent
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name:
- - databases
- - datalake
- state: absent
+ - name: Rename host-group to an existing one.
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: databases
+ rename: datalake
+ state: renamed
+ register: result
+ failed_when: not result.failed or "This entry already exists" not in result.msg
+
+ - name: Ensure host-group databases and datalake are absent
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - databases
+ - datalake
+ state: absent
+
+ when: ipa_version is version('4.8.7', '>=')
diff --git a/tests/service/test_service_without_skip_host_check.yml b/tests/service/test_service_without_skip_host_check.yml
index 0f89cc7247de62f29295e1fb453f8c1a5e745b40..2b627256bf927fc637acd8a7bed1d695c745cd2a 100644
--- a/tests/service/test_service_without_skip_host_check.yml
+++ b/tests/service/test_service_without_skip_host_check.yml
@@ -4,344 +4,478 @@
become: yes
tasks:
- # setup
- - name: Setup test environment
- include_tasks: env_setup.yml
-
- # tests
- - name: Ensure service is present
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- pac_type:
- - MS-PAC
- - PAD
- auth_ind: otp
- force: no
- requires_pre_auth: yes
- ok_as_delegate: no
- ok_to_auth_as_delegate: no
- register: result
- failed_when: not result.changed
-
- - name: Ensure service is present, again
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- pac_type:
- - MS_PAC
- - PAD
- auth_ind: otp
- force: no
- requires_pre_auth: yes
- ok_as_delegate: no
- ok_to_auth_as_delegate: no
- register: result
- failed_when: result.changed
-
- - name: Modify service.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- pac_type: NONE
- ok_as_delegate: yes
- ok_to_auth_as_delegate: yes
- register: result
- failed_when: not result.changed
-
- - name: Modify service, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- pac_type: NONE
- ok_as_delegate: yes
- ok_to_auth_as_delegate: yes
- register: result
- failed_when: result.changed
-
- - name: Ensure service is present, with host not in DNS.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: HTTP/svc.ihavenodns.info
- force: yes
- register: result
- failed_when: not result.changed
-
- - name: Ensure service is present, with host not in DNS, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: HTTP/svc.ihavenodns.info
- force: yes
- register: result
- failed_when: result.changed
-
- - name: Principal host/test.example.com present in service.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- principal:
- - host/test.example.com
- action: member
- register: result
- failed_when: not result.changed
-
- - name: Principal host/test.exabple.com present in service, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- principal:
- - host/test.example.com
- action: member
- register: result
- failed_when: result.changed
-
- - name: Principal host/test.example.com absent in service.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- principal:
- - host/test.example.com
- action: member
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Principal host/test.example.com absent in service, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- principal:
- - host/test.example.com
- action: member
- state: absent
- register: result
- failed_when: result.changed
-
- - name: Ensure host can manage service.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- action: member
- register: result
- failed_when: not result.changed
-
- - name: Ensure host can manage service, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- host: "{{ host1_fqdn }}"
- action: member
- register: result
- failed_when: result.changed
-
- - name: Ensure host cannot manage service.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- action: member
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Ensure host cannot manage service, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- action: member
- state: absent
- register: result
- failed_when: result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_user:
- - user01
- - user02
- allow_create_keytab_group:
- - group01
- - group02
- allow_create_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- allow_create_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_user:
- - user01
- - user02
- allow_create_keytab_group:
- - group01
- - group02
- allow_create_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- allow_create_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- register: result
- failed_when: result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_user:
- - user01
- - user02
- allow_create_keytab_group:
- - group01
- - group02
- allow_create_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- allow_create_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_user:
- - user01
- - user02
- allow_create_keytab_group:
- - group01
- - group02
- allow_create_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- allow_create_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- state: absent
- register: result
- failed_when: result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_user:
- - user01
- - user02
- allow_retrieve_keytab_group:
- - group01
- - group02
- allow_retrieve_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- allow_retrieve_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_user:
- - user01
- - user02
- allow_retrieve_keytab_group:
- - group01
- - group02
- allow_retrieve_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- allow_retrieve_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- register: result
- failed_when: result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_user:
- - user01
- - user02
- allow_retrieve_keytab_group:
- - group01
- - group02
- allow_retrieve_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- allow_retrieve_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_user:
- - user01
- - user02
- allow_retrieve_keytab_group:
- - group01
- - group02
- allow_retrieve_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- allow_retrieve_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- state: absent
- register: result
- failed_when: result.changed
-
- #
- - name: Ensure service is absent
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Ensure service is absent, again
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- state: absent
- register: result
- failed_when: result.changed
-
- # cleanup
- - name: Cleanup test environment
- include_tasks: env_cleanup.yml
+ - include_tasks: ../env_freeipa_facts.yml
+
+ - name: Tests requiring IPA version 4.7.0+
+ block:
+ # setup
+ - name: Get Domain from server name
+ set_fact:
+ ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
+ when: ipaserver_domain is not defined
+
+ - name: Set host1, host2 and svc hosts fqdn
+ set_fact:
+ host1_fqdn: "{{ 'host1.' + ipaserver_domain }}"
+ host2_fqdn: "{{ 'host2.' + ipaserver_domain }}"
+ svc_fqdn: "{{ 'svc.' + ipaserver_domain }}"
+
+ - name: Host absent
+ ipahost:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - svc.ihavenodns.info
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ - "{{ svc_fqdn }}"
+ update_dns: yes
+ state: absent
+
+ - name: Get IPv4 address prefix from server node
+ set_fact:
+ ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] |
+ join('.') }}"
+
+ - name: Add hosts for tests.
+ ipahost:
+ ipaadmin_password: SomeADMINpassword
+ hosts:
+ - name: "{{ host1_fqdn }}"
+ ip_address: "{{ ipv4_prefix + '.201' }}"
+ update_dns: yes
+ - name: "{{ host2_fqdn }}"
+ ip_address: "{{ ipv4_prefix + '.202' }}"
+ update_dns: yes
+ - name: "{{ svc_fqdn }}"
+ ip_address: "{{ ipv4_prefix + '.203' }}"
+ update_dns: yes
+ - name: svc.ihavenodns.info
+ update_dns: no
+ force: yes
+
+ - name: Ensure testing user user01 is present.
+ ipauser:
+ ipaadmin_password: SomeADMINpassword
+ name: user01
+ first: user01
+ last: last
+
+ - name: Ensure testing user user02 is present.
+ ipauser:
+ ipaadmin_password: SomeADMINpassword
+ name: user02
+ first: user02
+ last: last
+
+ - name: Ensure testing group group01 is present.
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: group01
+
+ - name: Ensure testing group group02 is present.
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: group02
+
+ - name: Ensure testing hostgroup hostgroup01 is present.
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: hostgroup01
+
+ - name: Ensure testing hostgroup hostgroup02 is present.
+ ipahostgroup:
+ ipaadmin_password: SomeADMINpassword
+ name: hostgroup02
+
+ - name: Ensure services are absent.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - "HTTP/{{ svc_fqdn }}"
+ - HTTP/svc.ihavenodns.info
+ state: absent
+
+ # tests
+ - name: Ensure service is present
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ pac_type:
+ - MS-PAC
+ - PAD
+ auth_ind: otp
+ force: no
+ requires_pre_auth: yes
+ ok_as_delegate: no
+ ok_to_auth_as_delegate: no
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure service is present, again
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ pac_type:
+ - MS_PAC
+ - PAD
+ auth_ind: otp
+ force: no
+ requires_pre_auth: yes
+ ok_as_delegate: no
+ ok_to_auth_as_delegate: no
+ register: result
+ failed_when: result.changed
+
+ - name: Modify service.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ pac_type: NONE
+ ok_as_delegate: yes
+ ok_to_auth_as_delegate: yes
+ register: result
+ failed_when: not result.changed
+
+ - name: Modify service, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ pac_type: NONE
+ ok_as_delegate: yes
+ ok_to_auth_as_delegate: yes
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure service is present, with host not in DNS.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: HTTP/svc.ihavenodns.info
+ force: yes
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure service is present, with host not in DNS, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: HTTP/svc.ihavenodns.info
+ force: yes
+ register: result
+ failed_when: result.changed
+
+ - name: Principal host/test.example.com present in service.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ principal:
+ - host/test.example.com
+ action: member
+ register: result
+ failed_when: not result.changed
+
+ - name: Principal host/test.exabple.com present in service, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ principal:
+ - host/test.example.com
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Principal host/test.example.com absent in service.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ principal:
+ - host/test.example.com
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Principal host/test.example.com absent in service, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ principal:
+ - host/test.example.com
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure host can manage service.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ action: member
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure host can manage service, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ host: "{{ host1_fqdn }}"
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure host cannot manage service.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure host cannot manage service, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_user:
+ - user01
+ - user02
+ allow_create_keytab_group:
+ - group01
+ - group02
+ allow_create_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ allow_create_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_user:
+ - user01
+ - user02
+ allow_create_keytab_group:
+ - group01
+ - group02
+ allow_create_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ allow_create_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_user:
+ - user01
+ - user02
+ allow_create_keytab_group:
+ - group01
+ - group02
+ allow_create_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ allow_create_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_user:
+ - user01
+ - user02
+ allow_create_keytab_group:
+ - group01
+ - group02
+ allow_create_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ allow_create_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_user:
+ - user01
+ - user02
+ allow_retrieve_keytab_group:
+ - group01
+ - group02
+ allow_retrieve_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ allow_retrieve_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_user:
+ - user01
+ - user02
+ allow_retrieve_keytab_group:
+ - group01
+ - group02
+ allow_retrieve_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ allow_retrieve_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_user:
+ - user01
+ - user02
+ allow_retrieve_keytab_group:
+ - group01
+ - group02
+ allow_retrieve_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ allow_retrieve_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_user:
+ - user01
+ - user02
+ allow_retrieve_keytab_group:
+ - group01
+ - group02
+ allow_retrieve_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ allow_retrieve_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ #
+ - name: Ensure service is absent
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure service is absent, again
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ # cleanup
+
+ - name: Ensure services are absent.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - "HTTP/{{ svc_fqdn }}"
+ - HTTP/svc.ihavenodns.info
+ state: absent
+
+ - name: Ensure host is absent
+ ipahost:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - "{{ svc_fqdn }}"
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ - svc.ihavenodns.info
+ state: absent
+
+ - name: Ensure testing users are absent.
+ ipauser:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - user01
+ - user02
+ state: absent
+
+ - name: Ensure testing groups are absent.
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - group01
+ - group02
+ state: absent
+
+ - name: Ensure testing hostgroup hostgroup01 is absent.
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - hostgroup01
+ state: absent
+
+ - name: Ensure testing hostgroup hostgroup02 is absent.
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - hostgroup02
+ state: absent
+ when: ipa_version is version('4.7.0', '>=')