From a025e476eaa8854aef2ec1544865ba824ca37b26 Mon Sep 17 00:00:00 2001
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
Date: Wed, 29 Dec 2021 10:51:34 -0300
Subject: [PATCH] iparole: Add tests to verify if capitalisation is ignored.

The test playbook provided adds some tests to verify if capitalization
of role members does not influence on the module behavior. It also adds
some tests to verify check_mode.
---
 .../test_role_member_case_insensitive.yml     | 450 ++++++++++++++++++
 1 file changed, 450 insertions(+)
 create mode 100644 tests/role/test_role_member_case_insensitive.yml

diff --git a/tests/role/test_role_member_case_insensitive.yml b/tests/role/test_role_member_case_insensitive.yml
new file mode 100644
index 00000000..3f386fc3
--- /dev/null
+++ b/tests/role/test_role_member_case_insensitive.yml
@@ -0,0 +1,450 @@
+---
+- name: Test role members
+  hosts: "{{ ipa_test_host | default('ipaserver') }}"
+  become: no
+  gather_facts: no
+
+  vars:
+    user_list:
+      - User1
+      - uSer2
+      - usEr3
+    group_list:
+      - Group1
+      - gRoup2
+      - grOup3
+    host_list:
+      - HoSt01
+      - hOsT02
+    hostgroup_list:
+      - TestHostGroup
+    service_list:
+      - MySVC/host01
+
+  tasks:
+  - include_tasks: ../env_freeipa_facts.yml
+
+  - block:
+      # setup
+
+      - name: Ensure test role is absent
+        iparole:
+          ipaadmin_password: SomeADMINpassword
+          name: testrule
+          state: absent
+
+      - name: Ensure test users are present
+        ipauser:
+          ipaadmin_password: SomeADMINpassword
+          users:
+          - name: "{{ item }}"
+            first: First
+            last: Last
+        with_items: "{{ user_list }}"
+
+      - name: Ensure test groups are present
+        ipagroup:
+          ipaadmin_password: SomeADMINpassword
+          name: "{{ item }}"
+        with_items: "{{ group_list }}"
+
+      - name: Ensure test hosts are present
+        ipahost:
+          ipaadmin_password: SomeADMINpassword
+          name: "{{ item }}.{{ ipaserver_domain }}"
+          ip_address: 192.168.122.101
+          force: yes
+        with_items: "{{ host_list }}"
+
+      - name: Ensure test hostgroups are present
+        ipahostgroup:
+          ipaadmin_password: SomeADMINpassword
+          name: "{{ item }}"
+        with_items: "{{ hostgroup_list }}"
+
+      - name: Ensure test services are present
+        ipaservice:
+          ipaadmin_password: SomeADMINpassword
+          name: "{{ item }}.{{ ipaserver_domain }}"
+        with_items: "{{ service_list }}"
+
+      # Test with action: hbacrule
+
+      - name: Check role present with members would trigger a change, mixed case
+        iparole:
+          ipaadmin_password: SomeADMINpassword
+          name: testrole
+          user:
+          - "{{ user_list[1] }}"
+          - "{{ user_list[2] }}"
+          group:
+          - "{{ group_list[1] }}"
+          - "{{ group_list[2] }}"
+          host:
+          - "{{ host_list[0] }}"
+          - "{{ host_list[1] }}"
+          hostgroup:
+          - "{{ hostgroup_list[0] }}"
+          service:
+          - "{{ service_list[0] }}.{{ ipaserver_domain }}"
+        check_mode: yes
+        register: result
+        failed_when: not result.changed or result.failed
+
+      - name: Ensure role is present with members, mixed case
+        iparole:
+          ipaadmin_password: SomeADMINpassword
+          name: testrole
+          user:
+          - "{{ user_list[1] }}"
+          - "{{ user_list[2] }}"
+          group:
+          - "{{ group_list[1] }}"
+          - "{{ group_list[2] }}"
+          host:
+          - "{{ host_list[0] }}"
+          - "{{ host_list[1] }}"
+          hostgroup:
+          - "{{ hostgroup_list[0] }}"
+          service:
+          - "{{ service_list[0] }}.{{ ipaserver_domain }}"
+        register: result
+        failed_when: not result.changed or result.failed
+
+      - name: Check role present with members would not trigger a change, mixed case
+        iparole:
+          ipaadmin_password: SomeADMINpassword
+          name: testrole
+          user:
+          - "{{ user_list[1] }}"
+          - "{{ user_list[2] }}"
+          group:
+          - "{{ group_list[1] }}"
+          - "{{ group_list[2] }}"
+          host:
+          - "{{ host_list[0] }}"
+          - "{{ host_list[1] }}"
+          hostgroup:
+          - "{{ hostgroup_list[0] }}"
+          service:
+          - "{{ service_list[0] }}.{{ ipaserver_domain }}"
+        check_mode: yes
+        register: result
+        failed_when: result.changed or result.failed
+
+      - name: Ensure role is present with members, lowercase
+        iparole:
+          ipaadmin_password: SomeADMINpassword
+          name: testrole
+          user:
+          - "{{ user_list[1] | lower }}"
+          - "{{ user_list[2] | lower }}"
+          group:
+          - "{{ group_list[1] | lower }}"
+          - "{{ group_list[2] | lower }}"
+          host:
+          - "{{ host_list[0] | lower }}"
+          - "{{ host_list[1] | lower }}"
+          hostgroup:
+          - "{{ hostgroup_list[0] | lower }}"
+          service:
+          - "{{ (service_list[0] + '.' + ipaserver_domain) | lower }}"
+        register: result
+        failed_when: result.changed or result.failed
+
+      - name: Ensure role is present with members, upercase
+        iparole:
+          ipaadmin_password: SomeADMINpassword
+          name: testrole
+          user:
+          - "{{ user_list[1] | upper }}"
+          - "{{ user_list[2] | upper }}"
+          group:
+          - "{{ group_list[1] | upper }}"
+          - "{{ group_list[2] | upper }}"
+          host:
+          - "{{ host_list[0] | upper }}"
+          - "{{ host_list[1] | upper }}"
+          hostgroup:
+          - "{{ hostgroup_list[0] | upper }}"
+          service:
+          - "{{ (service_list[0] + '.' + ipaserver_domain) | upper }}"
+        register: result
+        failed_when: result.changed or result.failed
+
+      - name: Ensure test role is absent
+        iparole:
+          ipaadmin_password: SomeADMINpassword
+          name: testrole
+          state: absent
+
+      # Test with action: members
+
+      - name: Ensure test role is present
+        iparole:
+          ipaadmin_password: SomeADMINpassword
+          name: testrole
+
+      - name: Check role members present would trigger a change, mixed case
+        iparole:
+          ipaadmin_password: SomeADMINpassword
+          name: testrole
+          user:
+          - "{{ user_list[1] }}"
+          - "{{ user_list[2] }}"
+          group:
+          - "{{ group_list[1] }}"
+          - "{{ group_list[2] }}"
+          host:
+          - "{{ host_list[0] }}"
+          - "{{ host_list[1] }}"
+          hostgroup:
+          - "{{ hostgroup_list[0] }}"
+          service:
+          - "{{ service_list[0] }}.{{ ipaserver_domain }}"
+          action: member
+        check_mode: yes
+        register: result
+        failed_when: not result.changed or result.failed
+
+      - name: Ensure role is present with members, mixed case
+        iparole:
+          ipaadmin_password: SomeADMINpassword
+          name: testrole
+          user:
+          - "{{ user_list[1] }}"
+          - "{{ user_list[2] }}"
+          group:
+          - "{{ group_list[1] }}"
+          - "{{ group_list[2] }}"
+          host:
+          - "{{ host_list[0] }}"
+          - "{{ host_list[1] }}"
+          hostgroup:
+          - "{{ hostgroup_list[0] }}"
+          service:
+          - "{{ service_list[0] }}.{{ ipaserver_domain }}"
+          action: member
+        register: result
+        failed_when: not result.changed or result.failed
+
+      - name: Check role members present would  not trigger a change, mixed case
+        iparole:
+          ipaadmin_password: SomeADMINpassword
+          name: testrole
+          user:
+          - "{{ user_list[1] }}"
+          - "{{ user_list[2] }}"
+          group:
+          - "{{ group_list[1] }}"
+          - "{{ group_list[2] }}"
+          host:
+          - "{{ host_list[0] }}"
+          - "{{ host_list[1] }}"
+          hostgroup:
+          - "{{ hostgroup_list[0] }}"
+          service:
+          - "{{ service_list[0] }}.{{ ipaserver_domain }}"
+          action: member
+        check_mode: yes
+        register: result
+        failed_when: result.changed or result.failed
+
+      - name: Ensure role is present with members, lowercase
+        iparole:
+          ipaadmin_password: SomeADMINpassword
+          name: testrole
+          user:
+          - "{{ user_list[1] | lower }}"
+          - "{{ user_list[2] | lower }}"
+          group:
+          - "{{ group_list[1] | lower }}"
+          - "{{ group_list[2] | lower }}"
+          host:
+          - "{{ host_list[0] | lower }}"
+          - "{{ host_list[1] | lower }}"
+          hostgroup:
+          - "{{ hostgroup_list[0] | lower }}"
+          service:
+          - "{{ (service_list[0] + '.' + ipaserver_domain) | lower }}"
+          action: member
+        register: result
+        failed_when: result.changed or result.failed
+
+      - name: Ensure role is present with members, upercase
+        iparole:
+          ipaadmin_password: SomeADMINpassword
+          name: testrole
+          user:
+          - "{{ user_list[1] | upper }}"
+          - "{{ user_list[2] | upper }}"
+          group:
+          - "{{ group_list[1] | upper }}"
+          - "{{ group_list[2] | upper }}"
+          host:
+          - "{{ host_list[0] | upper }}"
+          - "{{ host_list[1] | upper }}"
+          hostgroup:
+          - "{{ hostgroup_list[0] | upper }}"
+          service:
+          - "{{ (service_list[0] + '.' + ipaserver_domain) | upper }}"
+          action: member
+        register: result
+        failed_when: result.changed or result.failed
+
+      # # Test absent members
+      - name: Check role members absent would trigger a change, upercase
+        iparole:
+          ipaadmin_password: SomeADMINpassword
+          name: testrole
+          user:
+          - "{{ user_list[1] | upper }}"
+          - "{{ user_list[2] | upper }}"
+          group:
+          - "{{ group_list[1] | upper }}"
+          - "{{ group_list[2] | upper }}"
+          host:
+          - "{{ host_list[0] | upper }}"
+          - "{{ host_list[1] | upper }}"
+          hostgroup:
+          - "{{ hostgroup_list[0] | upper }}"
+          service:
+          - "{{ (service_list[0] + '.' + ipaserver_domain) | upper }}"
+          action: member
+          state: absent
+        check_mode: yes
+        register: result
+        failed_when: not result.changed or result.failed
+
+      - name: Ensure role members are absent, upercase
+        iparole:
+          ipaadmin_password: SomeADMINpassword
+          name: testrole
+          user:
+          - "{{ user_list[1] | upper }}"
+          - "{{ user_list[2] | upper }}"
+          group:
+          - "{{ group_list[1] | upper }}"
+          - "{{ group_list[2] | upper }}"
+          host:
+          - "{{ host_list[0] | upper }}"
+          - "{{ host_list[1] | upper }}"
+          hostgroup:
+          - "{{ hostgroup_list[0] | upper }}"
+          service:
+          - "{{ (service_list[0] + '.' + ipaserver_domain) | upper }}"
+          action: member
+          state: absent
+        register: result
+        failed_when: not result.changed or result.failed
+
+      - name: Check role members absent would not trigger a change, upercase
+        iparole:
+          ipaadmin_password: SomeADMINpassword
+          name: testrole
+          user:
+          - "{{ user_list[1] | upper }}"
+          - "{{ user_list[2] | upper }}"
+          group:
+          - "{{ group_list[1] | upper }}"
+          - "{{ group_list[2] | upper }}"
+          host:
+          - "{{ host_list[0] | upper }}"
+          - "{{ host_list[1] | upper }}"
+          hostgroup:
+          - "{{ hostgroup_list[0] | upper }}"
+          service:
+          - "{{ (service_list[0] + '.' + ipaserver_domain) | upper }}"
+          action: member
+          state: absent
+        check_mode: yes
+        register: result
+        failed_when: result.changed or result.failed
+
+      - name: Ensure role members are absent, mixed case
+        iparole:
+          ipaadmin_password: SomeADMINpassword
+          name: testrole
+          user:
+          - "{{ user_list[1] }}"
+          - "{{ user_list[2] }}"
+          group:
+          - "{{ group_list[1] }}"
+          - "{{ group_list[2] }}"
+          host:
+          - "{{ host_list[0] }}"
+          - "{{ host_list[1] }}"
+          hostgroup:
+          - "{{ hostgroup_list[0] }}"
+          service:
+          - "{{ service_list[0] }}.{{ ipaserver_domain }}"
+          action: member
+          state: absent
+        register: result
+        failed_when: result.changed or result.failed
+
+      - name: Ensure role members are absent, lowercase
+        iparole:
+          ipaadmin_password: SomeADMINpassword
+          name: testrole
+          user:
+          - "{{ user_list[1] | lower }}"
+          - "{{ user_list[2] | lower }}"
+          group:
+          - "{{ group_list[1] | lower }}"
+          - "{{ group_list[2] | lower }}"
+          host:
+          - "{{ host_list[0] | lower }}"
+          - "{{ host_list[1] | lower }}"
+          hostgroup:
+          - "{{ hostgroup_list[0] | lower }}"
+          service:
+          - "{{ (service_list[0] + '.' + ipaserver_domain) | lower }}"
+          action: member
+          state: absent
+        register: result
+        failed_when: result.changed or result.failed
+
+    always:
+      - name: Ensure test role is absent
+        iparole:
+          ipaadmin_password: SomeADMINpassword
+          name: testrole
+          state: absent
+
+      - name: Ensure test users are absent
+        ipauser:
+          ipaadmin_password: SomeADMINpassword
+          users:
+          - name: "{{ item }}"
+          state: absent
+        with_items: "{{ user_list }}"
+
+      - name: Ensure test groups are absent
+        ipagroup:
+          ipaadmin_password: SomeADMINpassword
+          name: "{{ item }}"
+          state: absent
+        with_items: "{{ group_list }}"
+
+      - name: Ensure test hosts are absent
+        ipahost:
+          ipaadmin_password: SomeADMINpassword
+          name: "{{ item }}.{{ ipaserver_domain }}"
+          state: absent
+        with_items: "{{ host_list }}"
+
+      - name: Ensure test hostgroups are absent
+        ipahostgroup:
+          ipaadmin_password: SomeADMINpassword
+          name: "{{ item }}"
+          state: absent
+        with_items: "{{ hostgroup_list }}"
+
+      - name: Ensure test services are absent
+        ipaservice:
+          ipaadmin_password: SomeADMINpassword
+          name: "{{ item }}.{{ ipaserver_domain }}"
+          continue: yes
+          state: absent
+        with_items: "{{ service_list }}"
-- 
GitLab