diff --git a/tests/config/test_config.yml b/tests/config/test_config.yml
index c288e45197c749756dd1c46395edac3ca40299c2..e1d33f791d68671d95bd82dcae16a640d0bbd486 100644
--- a/tests/config/test_config.yml
+++ b/tests/config/test_config.yml
@@ -5,6 +5,8 @@
gather_facts: false
tasks:
+ - include_tasks: ../env_freeipa_facts.yml
+
# Retrieve current configuration.
- name: return current values of the global configuration options
ipaconfig:
@@ -45,15 +47,17 @@
ipaadmin_password: SomeADMINpassword
pac_type: ""
- - name: set maxusername to 255
- ipaconfig:
- ipaadmin_password: SomeADMINpassword
- maxusername: 255
-
- name: set maxhostname to 255
+ block:
+ - ipaconfig:
+ ipaadmin_password: SomeADMINpassword
+ maxhostname: 255
+ when: ipa_version is version('4.8.0', '>=')
+
+ - name: set maxusername to 45
ipaconfig:
ipaadmin_password: SomeADMINpassword
- maxhostname: 255
+ maxusername: 45
- name: set pwdexpnotify to 0
ipaconfig:
@@ -186,18 +190,19 @@
failed_when: result.changed
- name: set maxhostname to 77
- ipaconfig:
- ipaadmin_password: SomeADMINpassword
- maxhostname: 77
- register: result
- failed_when: not result.changed
-
- - name: set maxhostname to 77, again
- ipaconfig:
- ipaadmin_password: SomeADMINpassword
- maxhostname: 77
- register: result
- failed_when: result.changed
+ block:
+ - ipaconfig:
+ ipaadmin_password: SomeADMINpassword
+ maxhostname: 77
+ register: result
+ failed_when: not result.changed
+
+ - ipaconfig:
+ ipaadmin_password: SomeADMINpassword
+ maxhostname: 77
+ register: result
+ failed_when: result.changed
+ when: ipa_version is version('4.8.0', '>=')
- name: set pwdexpnotify to 17
ipaconfig:
@@ -329,7 +334,6 @@
ipaconfig:
ipaadmin_password: 'SomeADMINpassword'
maxusername: '{{previousconfig.config.maxusername | default(omit)}}'
- maxhostname: '{{previousconfig.config.maxhostname | default(omit)}}'
homedirectory: '{{previousconfig.config.homedirectory | default(omit)}}'
defaultshell: '{{previousconfig.config.defaultshell | default(omit)}}'
defaultgroup: '{{previousconfig.config.defaultgroup | default(omit)}}'
@@ -352,11 +356,17 @@
register: result
failed_when: not result.changed
+ - name: reset maxhostname
+ block:
+ - ipaconfig:
+ ipaadmin_password: SomeADMINpassword
+ maxhostname: '{{previousconfig.config.maxhostname | default(omit)}}'
+ when: ipa_version is version('4.8.0', '>=')
+
- name: reset changed fields, again
ipaconfig:
ipaadmin_password: 'SomeADMINpassword'
maxusername: '{{previousconfig.config.maxusername | default(omit)}}'
- maxhostname: '{{previousconfig.config.maxhostname | default(omit)}}'
homedirectory: '{{previousconfig.config.homedirectory | default(omit)}}'
defaultshell: '{{previousconfig.config.defaultshell | default(omit)}}'
defaultgroup: '{{previousconfig.config.defaultgroup | default(omit)}}'
@@ -379,6 +389,13 @@
register: result
failed_when: result.changed
+ - name: reset maxhostname
+ block:
+ - ipaconfig:
+ ipaadmin_password: SomeADMINpassword
+ maxhostname: '{{previousconfig.config.maxhostname | default(omit)}}'
+ when: ipa_version is version('4.8.0', '>=')
+
# cleanup
- name: cleanup test group
diff --git a/tests/group/test_group_membermanager.yml b/tests/group/test_group_membermanager.yml
index 661f26d64f48f517d253af133119ea7924ef4509..f3d58812ac10bd77d5d9491b549cbb92bbcb3af1 100644
--- a/tests/group/test_group_membermanager.yml
+++ b/tests/group/test_group_membermanager.yml
@@ -5,199 +5,205 @@
gather_facts: false
tasks:
- - name: Ensure user manangeruser1 and manageruser2 is absent
- ipauser:
- ipaadmin_password: SomeADMINpassword
- name: manageruser1,manageruser2,unknown_user
- state: absent
-
- - name: Ensure group testgroup, managergroup1 and managergroup2 are absent
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: testgroup,managergroup1,managergroup2
- state: absent
-
- - name: Ensure user manageruser1 and manageruser2 are present
- ipauser:
- ipaadmin_password: SomeADMINpassword
- users:
- - name: manageruser1
- first: manageruser1
- last: Last1
- - name: manageruser2
- first: manageruser2
- last: Last2
- register: result
- failed_when: not result.changed
-
- - name: Ensure testgroup is present
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: testgroup
- register: result
- failed_when: not result.changed
-
- - name: Ensure managergroup1 is present
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: managergroup1
- register: result
- failed_when: not result.changed
-
- - name: Ensure managergroup2 is present
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: managergroup2
- register: result
- failed_when: not result.changed
-
- - name: Ensure membermanager user1 is present for testgroup
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: testgroup
- membermanager_user: manageruser1
- register: result
- failed_when: not result.changed
-
- - name: Ensure membermanager user1 is present for testgroup again
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: testgroup
- membermanager_user: manageruser1
- register: result
- failed_when: result.changed
-
- - name: Ensure membermanager group1 is present for testgroup
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: testgroup
- membermanager_group: managergroup1
- register: result
- failed_when: not result.changed
-
- - name: Ensure membermanager group1 is present for testgroup again
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: testgroup
- membermanager_group: managergroup1
- register: result
- failed_when: result.changed
-
- - name: Ensure membermanager user2 and group2 members are present for testgroup
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: testgroup
- membermanager_user: manageruser2
- membermanager_group: managergroup2
- action: member
- register: result
- failed_when: not result.changed
-
- - name: Ensure membermanager user2 and group2 members are present for testgroup again
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: testgroup
- membermanager_user: manageruser2
- membermanager_group: managergroup2
- action: member
- register: result
- failed_when: result.changed
-
- - name: Ensure membermanager user and group members are present for testgroup again
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: testgroup
- membermanager_user: manageruser1,manageruser2
- membermanager_group: managergroup1,managergroup2
- action: member
- register: result
- failed_when: result.changed
-
- - name: Ensure membermanager user1 and group1 members are absent for testgroup
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: testgroup
- membermanager_user: manageruser1
- membermanager_group: managergroup1
- action: member
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Ensure membermanager user1 and group1 members are absent for testgroup again
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: testgroup
- membermanager_user: manageruser1
- membermanager_group: managergroup1
- action: member
- state: absent
- register: result
- failed_when: result.changed
-
- - name: Ensure membermanager user1 and group1 members are present for testgroup
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: testgroup
- membermanager_user: manageruser1
- membermanager_group: managergroup1
- action: member
- register: result
- failed_when: not result.changed
-
- - name: Ensure membermanager user1 and group1 members are present for testgroup again
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: testgroup
- membermanager_user: manageruser1
- membermanager_group: managergroup1
- action: member
- register: result
- failed_when: result.changed
-
- - name: Ensure membermanager user and group members are absent for testgroup
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: testgroup
- membermanager_user: manageruser1,manageruser2
- membermanager_group: managergroup1,managergroup2
- action: member
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Ensure membermanager user and group members are absent for testgroup again
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: testgroup
- membermanager_user: manageruser1,manageruser2
- membermanager_group: managergroup1,managergroup2
- action: member
- state: absent
- register: result
- failed_when: result.changed
-
- - name: Ensure user manangeruser1 and manageruser2 is absent
- ipauser:
- ipaadmin_password: SomeADMINpassword
- name: manageruser1,manageruser2
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Ensure unknown membermanager_user member failure
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: testgroup
- membermanager_user: unknown_user
- action: member
- register: result
- failed_when: result.changed or "no such entry" not in result.msg
-
- - name: Ensure group testgroup, managergroup1 and managergroup2 are absent
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: testgroup,managergroup1,managergroup2
- state: absent
- register: result
- failed_when: not result.changed
+ - include_tasks: ../env_freeipa_facts.yml
+
+ - name: Tests requiring IPA version 4.8.4+
+ block:
+ - name: Ensure user manangeruser1 and manageruser2 is absent
+ ipauser:
+ ipaadmin_password: SomeADMINpassword
+ name: manageruser1,manageruser2,unknown_user
+ state: absent
+
+ - name: Ensure group testgroup, managergroup1 and managergroup2 are absent
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testgroup,managergroup1,managergroup2
+ state: absent
+
+ - name: Ensure user manageruser1 and manageruser2 are present
+ ipauser:
+ ipaadmin_password: SomeADMINpassword
+ users:
+ - name: manageruser1
+ first: manageruser1
+ last: Last1
+ - name: manageruser2
+ first: manageruser2
+ last: Last2
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure testgroup is present
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testgroup
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure managergroup1 is present
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: managergroup1
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure managergroup2 is present
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: managergroup2
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure membermanager user1 is present for testgroup
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testgroup
+ membermanager_user: manageruser1
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure membermanager user1 is present for testgroup again
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testgroup
+ membermanager_user: manageruser1
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure membermanager group1 is present for testgroup
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testgroup
+ membermanager_group: managergroup1
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure membermanager group1 is present for testgroup again
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testgroup
+ membermanager_group: managergroup1
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure membermanager user2 and group2 members are present for testgroup
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testgroup
+ membermanager_user: manageruser2
+ membermanager_group: managergroup2
+ action: member
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure membermanager user2 and group2 members are present for testgroup again
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testgroup
+ membermanager_user: manageruser2
+ membermanager_group: managergroup2
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure membermanager user and group members are present for testgroup again
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testgroup
+ membermanager_user: manageruser1,manageruser2
+ membermanager_group: managergroup1,managergroup2
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure membermanager user1 and group1 members are absent for testgroup
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testgroup
+ membermanager_user: manageruser1
+ membermanager_group: managergroup1
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure membermanager user1 and group1 members are absent for testgroup again
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testgroup
+ membermanager_user: manageruser1
+ membermanager_group: managergroup1
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure membermanager user1 and group1 members are present for testgroup
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testgroup
+ membermanager_user: manageruser1
+ membermanager_group: managergroup1
+ action: member
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure membermanager user1 and group1 members are present for testgroup again
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testgroup
+ membermanager_user: manageruser1
+ membermanager_group: managergroup1
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure membermanager user and group members are absent for testgroup
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testgroup
+ membermanager_user: manageruser1,manageruser2
+ membermanager_group: managergroup1,managergroup2
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure membermanager user and group members are absent for testgroup again
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testgroup
+ membermanager_user: manageruser1,manageruser2
+ membermanager_group: managergroup1,managergroup2
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure user manangeruser1 and manageruser2 is absent
+ ipauser:
+ ipaadmin_password: SomeADMINpassword
+ name: manageruser1,manageruser2
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure unknown membermanager_user member failure
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testgroup
+ membermanager_user: unknown_user
+ action: member
+ register: result
+ failed_when: result.changed or "no such entry" not in result.msg
+
+ - name: Ensure group testgroup, managergroup1 and managergroup2 are absent
+ ipagroup:
+ ipaadmin_password: SomeADMINpassword
+ name: testgroup,managergroup1,managergroup2
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ when: ipa_version is version('4.8.4', '>=')
diff --git a/tests/service/test_service.yml b/tests/service/test_service.yml
index 7035bb9e7b793ca6591d2592ef4480be6e541340..77f3d2911c197b14b58316ccf33bc693ea6a2f8a 100644
--- a/tests/service/test_service.yml
+++ b/tests/service/test_service.yml
@@ -17,480 +17,485 @@
tasks:
# setup
- - name: Setup test environment
- include_tasks: env_setup.yml
+ - include_tasks: ../env_freeipa_facts.yml
# tests
- - name: Ensure service is present
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- pac_type:
- - MS-PAC
- - PAD
- auth_ind: otp
- skip_host_check: no
- force: yes
- requires_pre_auth: yes
- ok_as_delegate: no
- ok_to_auth_as_delegate: no
- register: result
- failed_when: not result.changed
-
- - name: Ensure service is present, again
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- pac_type:
- - MS_PAC
- - PAD
- auth_ind: otp
- skip_host_check: no
- force: no
- requires_pre_auth: yes
- ok_as_delegate: no
- ok_to_auth_as_delegate: no
- register: result
- failed_when: result.changed
-
- - name: Modify service.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- pac_type: NONE
- ok_as_delegate: yes
- ok_to_auth_as_delegate: yes
- register: result
- failed_when: not result.changed
-
- - name: Modify service, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- pac_type: NONE
- ok_as_delegate: yes
- ok_to_auth_as_delegate: yes
- register: result
- failed_when: result.changed
-
- - name: Ensure service is present, without host object.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ nohost_fqdn }}"
- skip_host_check: yes
- register: result
- failed_when: not result.changed
-
- - name: Ensure service is present, without host object, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ nohost_fqdn }}"
- skip_host_check: yes
- register: result
- failed_when: result.changed
-
- - name: Ensure service is present, with host not in DNS.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: HTTP/svc.ihavenodns.info
- skip_host_check: no
- force: yes
- register: result
- failed_when: not result.changed
-
- - name: Ensure service is present, with host not in DNS, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: HTTP/svc.ihavenodns.info
- skip_host_check: no
- force: yes
- register: result
- failed_when: result.changed
-
- - name: Ensure service is present, whithout host object and with host not in DNS.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: HTTP/no.idontexist.info
- skip_host_check: yes
- force: yes
- register: result
- failed_when: not result.changed
-
- - name: Ensure service is present, whithout host object and with host not in DNS, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: HTTP/no.idontexist.info
- skip_host_check: yes
- force: yes
- register: result
- failed_when: result.changed
-
- - name: Principal host/test.example.com present in service.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- principal:
- - host/test.example.com
- action: member
- register: result
- failed_when: not result.changed
-
- - name: Principal host/test.example.com present in service, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- principal:
- - host/test.example.com
- action: member
- register: result
- failed_when: result.changed
-
- - name: Principal host/test.example.com absent in service.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- principal:
- - host/test.example.com
- action: member
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Principal host/test.example.com absent in service, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- principal:
- - host/test.example.com
- action: member
- state: absent
- register: result
- failed_when: result.changed
-
- - name: Ensure host can manage service.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- action: member
- register: result
- failed_when: not result.changed
-
- - name: Ensure host can manage service, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- host: "{{ host1_fqdn }}"
- action: member
- register: result
- failed_when: result.changed
-
- - name: Ensure host cannot manage service.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- action: member
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Ensure host cannot manage service, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- action: member
- state: absent
- register: result
- failed_when: result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_user:
- - user01
- - user02
- allow_create_keytab_group:
- - group01
- - group02
- allow_create_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- allow_create_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_user:
- - user01
- - user02
- allow_create_keytab_group:
- - group01
- - group02
- allow_create_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- allow_create_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- register: result
- failed_when: result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_user:
- - user01
- - user02
- allow_create_keytab_group:
- - group01
- - group02
- allow_create_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- allow_create_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_user:
- - user01
- - user02
- allow_create_keytab_group:
- - group01
- - group02
- allow_create_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- allow_create_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- state: absent
- register: result
- failed_when: result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_user:
- - user01
- - user02
- allow_retrieve_keytab_group:
- - group01
- - group02
- allow_retrieve_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- allow_retrieve_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_user:
- - user01
- - user02
- allow_retrieve_keytab_group:
- - group01
- - group02
- allow_retrieve_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- allow_retrieve_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- register: result
- failed_when: result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_user:
- - user01
- - user02
- allow_retrieve_keytab_group:
- - group01
- - group02
- allow_retrieve_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- allow_retrieve_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_user:
- - user01
- - user02
- allow_retrieve_keytab_group:
- - group01
- - group02
- allow_retrieve_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- allow_retrieve_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- state: absent
- register: result
- failed_when: result.changed
-
- - name: Ensure service is absent
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Ensure service is absent, again
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- state: absent
- register: result
- failed_when: result.changed
-
- - name: Ensure service is present, with multiple auth_ind values.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- auth_ind: otp,radius
- skip_host_check: no
- force: yes
- register: result
- failed_when: not result.changed
-
- - name: Ensure service is present, with multiple auth_ind values, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- auth_ind: otp,radius
- skip_host_check: no
- force: yes
- register: result
- failed_when: result.changed
-
- - name: Clear auth_ind.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- auth_ind: ""
- skip_host_check: no
- force: yes
- register: result
- failed_when: not result.changed
-
- - name: Clear auth_ind, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- auth_ind: ""
- skip_host_check: no
- force: yes
- register: result
- failed_when: result.changed
-
- - name: Ensure services are absent.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name:
- - "HTTP/{{ svc_fqdn }}"
- - "HTTP/{{ nohost_fqdn }}"
- - HTTP/svc.ihavenodns.info
- - HTTP/no.idontexist.local
- continue: yes
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Ensure services are absent.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name:
- - "HTTP/{{ svc_fqdn }}"
- - "HTTP/{{ nohost_fqdn }}"
- - HTTP/svc.ihavenodns.info
- - HTTP/no.idontexist.local
- continue: yes
- state: absent
- register: result
- failed_when: result.changed
-
- - name: Ensure SMB service is present.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "{{ host1_fqdn }}"
- smb: yes
- netbiosname: SAMBASVC
- register: result
- failed_when: not result.changed
-
- - name: Ensure SMB service is again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "{{ host1_fqdn }}"
- smb: yes
- netbiosname: SAMBASVC
- register: result
- failed_when: result.changed
-
- - name: Ensure SMB service is absent.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "cifs/{{ host1_fqdn }}"
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Ensure SMB service is absent, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "cifs/{{ host1_fqdn }}"
- state: absent
- register: result
- failed_when: result.changed
-
- # cleanup
- - name: Cleanup test environment
- include_tasks: env_cleanup.yml
+ - name: Tests with skip_host_check, require IPA version 4.8.0+.
+ block:
+ - name: Setup test environment
+ include_tasks: env_setup.yml
+
+ - name: Ensure service is present
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ pac_type:
+ - MS-PAC
+ - PAD
+ auth_ind: otp
+ skip_host_check: no
+ force: yes
+ requires_pre_auth: yes
+ ok_as_delegate: no
+ ok_to_auth_as_delegate: no
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure service is present, again
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ pac_type:
+ - MS_PAC
+ - PAD
+ auth_ind: otp
+ skip_host_check: no
+ force: no
+ requires_pre_auth: yes
+ ok_as_delegate: no
+ ok_to_auth_as_delegate: no
+ register: result
+ failed_when: result.changed
+
+ - name: Modify service.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ pac_type: NONE
+ ok_as_delegate: yes
+ ok_to_auth_as_delegate: yes
+ register: result
+ failed_when: not result.changed
+
+ - name: Modify service, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ pac_type: NONE
+ ok_as_delegate: yes
+ ok_to_auth_as_delegate: yes
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure service is present, without host object.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ nohost_fqdn }}"
+ skip_host_check: yes
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure service is present, without host object, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ nohost_fqdn }}"
+ skip_host_check: yes
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure service is present, with host not in DNS.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: HTTP/svc.ihavenodns.info
+ skip_host_check: no
+ force: yes
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure service is present, with host not in DNS, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: HTTP/svc.ihavenodns.info
+ skip_host_check: no
+ force: yes
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure service is present, whithout host object and with host not in DNS.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: HTTP/no.idontexist.info
+ skip_host_check: yes
+ force: yes
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure service is present, whithout host object and with host not in DNS, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: HTTP/no.idontexist.info
+ skip_host_check: yes
+ force: yes
+ register: result
+ failed_when: result.changed
+
+ - name: Principal host/test.example.com present in service.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ principal:
+ - host/test.example.com
+ action: member
+ register: result
+ failed_when: not result.changed
+
+ - name: Principal host/test.example.com present in service, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ principal:
+ - host/test.example.com
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Principal host/test.example.com absent in service.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ principal:
+ - host/test.example.com
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Principal host/test.example.com absent in service, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ principal:
+ - host/test.example.com
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure host can manage service.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ action: member
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure host can manage service, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ host: "{{ host1_fqdn }}"
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure host cannot manage service.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure host cannot manage service, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_user:
+ - user01
+ - user02
+ allow_create_keytab_group:
+ - group01
+ - group02
+ allow_create_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ allow_create_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_user:
+ - user01
+ - user02
+ allow_create_keytab_group:
+ - group01
+ - group02
+ allow_create_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ allow_create_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_user:
+ - user01
+ - user02
+ allow_create_keytab_group:
+ - group01
+ - group02
+ allow_create_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ allow_create_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_user:
+ - user01
+ - user02
+ allow_create_keytab_group:
+ - group01
+ - group02
+ allow_create_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ allow_create_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_user:
+ - user01
+ - user02
+ allow_retrieve_keytab_group:
+ - group01
+ - group02
+ allow_retrieve_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ allow_retrieve_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_user:
+ - user01
+ - user02
+ allow_retrieve_keytab_group:
+ - group01
+ - group02
+ allow_retrieve_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ allow_retrieve_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_user:
+ - user01
+ - user02
+ allow_retrieve_keytab_group:
+ - group01
+ - group02
+ allow_retrieve_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ allow_retrieve_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_user:
+ - user01
+ - user02
+ allow_retrieve_keytab_group:
+ - group01
+ - group02
+ allow_retrieve_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ allow_retrieve_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure service is absent
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure service is absent, again
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure service is present, with multiple auth_ind values.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ auth_ind: otp,radius
+ skip_host_check: no
+ force: yes
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure service is present, with multiple auth_ind values, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ auth_ind: otp,radius
+ skip_host_check: no
+ force: yes
+ register: result
+ failed_when: result.changed
+
+ - name: Clear auth_ind.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ auth_ind: ""
+ skip_host_check: no
+ force: yes
+ register: result
+ failed_when: not result.changed
+
+ - name: Clear auth_ind, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ auth_ind: ""
+ skip_host_check: no
+ force: yes
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure services are absent.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - "HTTP/{{ svc_fqdn }}"
+ - "HTTP/{{ nohost_fqdn }}"
+ - HTTP/svc.ihavenodns.info
+ - HTTP/no.idontexist.local
+ continue: yes
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure services are absent.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name:
+ - "HTTP/{{ svc_fqdn }}"
+ - "HTTP/{{ nohost_fqdn }}"
+ - HTTP/svc.ihavenodns.info
+ - HTTP/no.idontexist.local
+ continue: yes
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure SMB service is present.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "{{ host1_fqdn }}"
+ smb: yes
+ netbiosname: SAMBASVC
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure SMB service is again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "{{ host1_fqdn }}"
+ smb: yes
+ netbiosname: SAMBASVC
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure SMB service is absent.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "cifs/{{ host1_fqdn }}"
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure SMB service is absent, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "cifs/{{ host1_fqdn }}"
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ # cleanup
+ - name: Cleanup test environment
+ include_tasks: env_cleanup.yml
+ when: ipa_version is version('4.7.0', '>=')
diff --git a/tests/service/test_service_without_skip_host_check.yml b/tests/service/test_service_without_skip_host_check.yml
index 2b627256bf927fc637acd8a7bed1d695c745cd2a..794750e37bb0702a7cf4aca0e7a332bb6140853d 100644
--- a/tests/service/test_service_without_skip_host_check.yml
+++ b/tests/service/test_service_without_skip_host_check.yml
@@ -4,478 +4,346 @@
become: yes
tasks:
- - include_tasks: ../env_freeipa_facts.yml
- - name: Tests requiring IPA version 4.7.0+
- block:
- # setup
- - name: Get Domain from server name
- set_fact:
- ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
- when: ipaserver_domain is not defined
-
- - name: Set host1, host2 and svc hosts fqdn
- set_fact:
- host1_fqdn: "{{ 'host1.' + ipaserver_domain }}"
- host2_fqdn: "{{ 'host2.' + ipaserver_domain }}"
- svc_fqdn: "{{ 'svc.' + ipaserver_domain }}"
-
- - name: Host absent
- ipahost:
- ipaadmin_password: SomeADMINpassword
- name:
- - svc.ihavenodns.info
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- - "{{ svc_fqdn }}"
- update_dns: yes
- state: absent
-
- - name: Get IPv4 address prefix from server node
- set_fact:
- ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] |
- join('.') }}"
-
- - name: Add hosts for tests.
- ipahost:
- ipaadmin_password: SomeADMINpassword
- hosts:
- - name: "{{ host1_fqdn }}"
- ip_address: "{{ ipv4_prefix + '.201' }}"
- update_dns: yes
- - name: "{{ host2_fqdn }}"
- ip_address: "{{ ipv4_prefix + '.202' }}"
- update_dns: yes
- - name: "{{ svc_fqdn }}"
- ip_address: "{{ ipv4_prefix + '.203' }}"
- update_dns: yes
- - name: svc.ihavenodns.info
- update_dns: no
- force: yes
-
- - name: Ensure testing user user01 is present.
- ipauser:
- ipaadmin_password: SomeADMINpassword
- name: user01
- first: user01
- last: last
-
- - name: Ensure testing user user02 is present.
- ipauser:
- ipaadmin_password: SomeADMINpassword
- name: user02
- first: user02
- last: last
-
- - name: Ensure testing group group01 is present.
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: group01
-
- - name: Ensure testing group group02 is present.
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name: group02
-
- - name: Ensure testing hostgroup hostgroup01 is present.
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: hostgroup01
-
- - name: Ensure testing hostgroup hostgroup02 is present.
- ipahostgroup:
- ipaadmin_password: SomeADMINpassword
- name: hostgroup02
-
- - name: Ensure services are absent.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name:
- - "HTTP/{{ svc_fqdn }}"
- - HTTP/svc.ihavenodns.info
- state: absent
-
- # tests
- - name: Ensure service is present
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- pac_type:
- - MS-PAC
- - PAD
- auth_ind: otp
- force: no
- requires_pre_auth: yes
- ok_as_delegate: no
- ok_to_auth_as_delegate: no
- register: result
- failed_when: not result.changed
-
- - name: Ensure service is present, again
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- pac_type:
- - MS_PAC
- - PAD
- auth_ind: otp
- force: no
- requires_pre_auth: yes
- ok_as_delegate: no
- ok_to_auth_as_delegate: no
- register: result
- failed_when: result.changed
-
- - name: Modify service.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- pac_type: NONE
- ok_as_delegate: yes
- ok_to_auth_as_delegate: yes
- register: result
- failed_when: not result.changed
-
- - name: Modify service, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- pac_type: NONE
- ok_as_delegate: yes
- ok_to_auth_as_delegate: yes
- register: result
- failed_when: result.changed
-
- - name: Ensure service is present, with host not in DNS.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: HTTP/svc.ihavenodns.info
- force: yes
- register: result
- failed_when: not result.changed
-
- - name: Ensure service is present, with host not in DNS, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: HTTP/svc.ihavenodns.info
- force: yes
- register: result
- failed_when: result.changed
-
- - name: Principal host/test.example.com present in service.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- principal:
- - host/test.example.com
- action: member
- register: result
- failed_when: not result.changed
-
- - name: Principal host/test.exabple.com present in service, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- principal:
- - host/test.example.com
- action: member
- register: result
- failed_when: result.changed
-
- - name: Principal host/test.example.com absent in service.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- principal:
- - host/test.example.com
- action: member
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Principal host/test.example.com absent in service, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- principal:
- - host/test.example.com
- action: member
- state: absent
- register: result
- failed_when: result.changed
-
- - name: Ensure host can manage service.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- action: member
- register: result
- failed_when: not result.changed
-
- - name: Ensure host can manage service, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- host: "{{ host1_fqdn }}"
- action: member
- register: result
- failed_when: result.changed
-
- - name: Ensure host cannot manage service.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- action: member
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Ensure host cannot manage service, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- action: member
- state: absent
- register: result
- failed_when: result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_user:
- - user01
- - user02
- allow_create_keytab_group:
- - group01
- - group02
- allow_create_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- allow_create_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_user:
- - user01
- - user02
- allow_create_keytab_group:
- - group01
- - group02
- allow_create_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- allow_create_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- register: result
- failed_when: result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_user:
- - user01
- - user02
- allow_create_keytab_group:
- - group01
- - group02
- allow_create_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- allow_create_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_create_keytab_user:
- - user01
- - user02
- allow_create_keytab_group:
- - group01
- - group02
- allow_create_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- allow_create_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- state: absent
- register: result
- failed_when: result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_user:
- - user01
- - user02
- allow_retrieve_keytab_group:
- - group01
- - group02
- allow_retrieve_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- allow_retrieve_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_user:
- - user01
- - user02
- allow_retrieve_keytab_group:
- - group01
- - group02
- allow_retrieve_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- allow_retrieve_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- register: result
- failed_when: result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_user:
- - user01
- - user02
- allow_retrieve_keytab_group:
- - group01
- - group02
- allow_retrieve_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- allow_retrieve_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups, again.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- allow_retrieve_keytab_user:
- - user01
- - user02
- allow_retrieve_keytab_group:
- - group01
- - group02
- allow_retrieve_keytab_host:
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- allow_retrieve_keytab_hostgroup:
- - hostgroup01
- - hostgroup02
- action: member
- state: absent
- register: result
- failed_when: result.changed
-
- #
- - name: Ensure service is absent
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- state: absent
- register: result
- failed_when: not result.changed
-
- - name: Ensure service is absent, again
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name: "HTTP/{{ svc_fqdn }}"
- state: absent
- register: result
- failed_when: result.changed
-
- # cleanup
-
- - name: Ensure services are absent.
- ipaservice:
- ipaadmin_password: SomeADMINpassword
- name:
- - "HTTP/{{ svc_fqdn }}"
- - HTTP/svc.ihavenodns.info
- state: absent
-
- - name: Ensure host is absent
- ipahost:
- ipaadmin_password: SomeADMINpassword
- name:
- - "{{ svc_fqdn }}"
- - "{{ host1_fqdn }}"
- - "{{ host2_fqdn }}"
- - svc.ihavenodns.info
- state: absent
-
- - name: Ensure testing users are absent.
- ipauser:
- ipaadmin_password: SomeADMINpassword
- name:
- - user01
- - user02
- state: absent
-
- - name: Ensure testing groups are absent.
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name:
- - group01
- - group02
- state: absent
-
- - name: Ensure testing hostgroup hostgroup01 is absent.
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name:
- - hostgroup01
- state: absent
-
- - name: Ensure testing hostgroup hostgroup02 is absent.
- ipagroup:
- ipaadmin_password: SomeADMINpassword
- name:
- - hostgroup02
- state: absent
- when: ipa_version is version('4.7.0', '>=')
+ # setup
+
+ - name: Setup test environment
+ include_tasks: env_setup.yml
+
+ # tests
+ - name: Ensure service is present
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ pac_type:
+ - MS-PAC
+ - PAD
+ auth_ind: otp
+ force: no
+ requires_pre_auth: yes
+ ok_as_delegate: no
+ ok_to_auth_as_delegate: no
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure service is present, again
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ pac_type:
+ - MS_PAC
+ - PAD
+ auth_ind: otp
+ force: no
+ requires_pre_auth: yes
+ ok_as_delegate: no
+ ok_to_auth_as_delegate: no
+ register: result
+ failed_when: result.changed
+
+ - name: Modify service.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ pac_type: NONE
+ ok_as_delegate: yes
+ ok_to_auth_as_delegate: yes
+ register: result
+ failed_when: not result.changed
+
+ - name: Modify service, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ pac_type: NONE
+ ok_as_delegate: yes
+ ok_to_auth_as_delegate: yes
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure service is present, with host not in DNS.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: HTTP/svc.ihavenodns.info
+ force: yes
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure service is present, with host not in DNS, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: HTTP/svc.ihavenodns.info
+ force: yes
+ register: result
+ failed_when: result.changed
+
+ - name: Principal host/test.example.com present in service.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ principal:
+ - host/test.example.com
+ action: member
+ register: result
+ failed_when: not result.changed
+
+ - name: Principal host/test.exabple.com present in service, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ principal:
+ - host/test.example.com
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Principal host/test.example.com absent in service.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ principal:
+ - host/test.example.com
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Principal host/test.example.com absent in service, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ principal:
+ - host/test.example.com
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure host can manage service.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ action: member
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure host can manage service, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ host: "{{ host1_fqdn }}"
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Ensure host cannot manage service.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure host cannot manage service, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_user:
+ - user01
+ - user02
+ allow_create_keytab_group:
+ - group01
+ - group02
+ allow_create_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ allow_create_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_user:
+ - user01
+ - user02
+ allow_create_keytab_group:
+ - group01
+ - group02
+ allow_create_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ allow_create_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_user:
+ - user01
+ - user02
+ allow_create_keytab_group:
+ - group01
+ - group02
+ allow_create_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ allow_create_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_create_keytab_user:
+ - user01
+ - user02
+ allow_create_keytab_group:
+ - group01
+ - group02
+ allow_create_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ allow_create_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_user:
+ - user01
+ - user02
+ allow_retrieve_keytab_group:
+ - group01
+ - group02
+ allow_retrieve_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ allow_retrieve_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_user:
+ - user01
+ - user02
+ allow_retrieve_keytab_group:
+ - group01
+ - group02
+ allow_retrieve_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ allow_retrieve_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ register: result
+ failed_when: result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_user:
+ - user01
+ - user02
+ allow_retrieve_keytab_group:
+ - group01
+ - group02
+ allow_retrieve_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ allow_retrieve_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups, again.
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ allow_retrieve_keytab_user:
+ - user01
+ - user02
+ allow_retrieve_keytab_group:
+ - group01
+ - group02
+ allow_retrieve_keytab_host:
+ - "{{ host1_fqdn }}"
+ - "{{ host2_fqdn }}"
+ allow_retrieve_keytab_hostgroup:
+ - hostgroup01
+ - hostgroup02
+ action: member
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ #
+ - name: Ensure service is absent
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ state: absent
+ register: result
+ failed_when: not result.changed
+
+ - name: Ensure service is absent, again
+ ipaservice:
+ ipaadmin_password: SomeADMINpassword
+ name: "HTTP/{{ svc_fqdn }}"
+ state: absent
+ register: result
+ failed_when: result.changed
+
+ # cleanup
+ - name: Cleanup test environment
+ include_tasks: env_cleanup.yml