Skip to content
Snippets Groups Projects
Commit f1381edc authored by Rafael Guterres Jeffman's avatar Rafael Guterres Jeffman
Browse files

ipaservice: Allow execution of plugin in client host. 

Update service README file and add tests for executing plugin with
`ipaapi_context` set to `client`.

A new test playbook can be found at:

    tests/service/test_service_client_context.yml

The new test file can be executed in a FreeIPA client host that is
not a server. In this case, it should be defined in the `ipaclients`
group, in the inventory file.
parent 27b50957
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
README-service.md
+ 1
0
View file @ f1381edc
......@@ -291,6 +291,7 @@ Variable | Description | Required
-------- | ----------- | --------
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
`ipaapi_context` | The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. Valid values are `server` and `client`. | no
`name` \| `service` | The list of service name strings. | yes
`certificate` \| `usercertificate` | Base-64 encoded service certificate. | no
`pac_type` \| `ipakrbauthzdata` | Supported PAC type. It can be one of `MS-PAC`, `PAD`, or `NONE`. | no
......
tests/service/env_cleanup.yml
+ 8
0
View file @ f1381edc
......@@ -3,6 +3,7 @@
- name: Ensure services are absent.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- "HTTP/{{ svc_fqdn }}"
- "HTTP/{{ nohost_fqdn }}"
......@@ -16,6 +17,7 @@
- name: Ensure host "{{ svc_fqdn }}" is absent
ipahost:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "{{ svc_fqdn }}"
update_dns: yes
state: absent
......@@ -23,6 +25,7 @@
- name: Ensure host is absent
ipahost:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- "{{ host1_fqdn }}"
- "{{ host2_fqdn }}"
......@@ -34,6 +37,7 @@
- name: Ensure testing users are absent.
ipauser:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- user01
- user02
......@@ -42,6 +46,7 @@
- name: Ensure testing groups are absent.
ipagroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- group01
- group02
......@@ -50,6 +55,7 @@
- name: Ensure testing hostgroup hostgroup01 is absent.
ipagroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- hostgroup01
state: absent
......@@ -57,6 +63,7 @@
- name: Ensure testing hostgroup hostgroup02 is absent.
ipagroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- hostgroup02
state: absent
......@@ -64,6 +71,7 @@
- name: Remove IP address for "nohost" host.
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
zone_name: "{{ test_domain }}."
name: nohost
del_all: yes
......
tests/service/env_setup.yml
+ 8
0
View file @ f1381edc
......@@ -10,6 +10,7 @@
- name: Add IP address for "nohost" host.
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
zone_name: "{{ test_domain }}."
name: nohost
a_ip_address: "{{ ipv4_prefix + '.100' }}"
......@@ -17,6 +18,7 @@
- name: Add hosts for tests.
ipahost:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
hosts:
- name: "{{ host1_fqdn }}"
ip_address: "{{ ipv4_prefix + '.101' }}"
......@@ -31,6 +33,7 @@
- name: Ensure testing user user01 is present.
ipauser:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: user01
first: user01
last: last
......@@ -38,6 +41,7 @@
- name: Ensure testing user user02 is present.
ipauser:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: user02
first: user02
last: last
......@@ -45,19 +49,23 @@
- name: Ensure testing group group01 is present.
ipagroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: group01
- name: Ensure testing group group02 is present.
ipagroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: group02
- name: Ensure testing hostgroup hostgroup01 is present.
ipahostgroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: hostgroup01
- name: Ensure testing hostgroup hostgroup02 is present.
ipahostgroup:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: hostgroup02
tests/service/test_service.yml
+ 41
1
View file @ f1381edc
......@@ -12,7 +12,7 @@
#
---
- name: Test service
hosts: ipaserver
hosts: "{{ ipa_test_host | default('ipaserver') }}"
become: yes
tasks:
......@@ -28,6 +28,7 @@
- name: Ensure service is present
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ svc_fqdn }}"
pac_type:
- MS-PAC
......@@ -44,6 +45,7 @@
- name: Ensure service is present, again
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ svc_fqdn }}"
pac_type:
- MS-PAC
......@@ -60,6 +62,7 @@
- name: Modify service.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ svc_fqdn }}"
pac_type: NONE
ok_as_delegate: yes
......@@ -70,6 +73,7 @@
- name: Modify service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ svc_fqdn }}"
pac_type: NONE
ok_as_delegate: yes
......@@ -80,6 +84,7 @@
- name: Ensure service is present, without host object.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ nohost_fqdn }}"
skip_host_check: yes
register: result
......@@ -88,6 +93,7 @@
- name: Ensure service is present, without host object, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ nohost_fqdn }}"
skip_host_check: yes
register: result
......@@ -96,6 +102,7 @@
- name: Ensure service is present, with host not in DNS.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: HTTP/svc.ihavenodns.info
skip_host_check: no
force: yes
......@@ -105,6 +112,7 @@
- name: Ensure service is present, with host not in DNS, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: HTTP/svc.ihavenodns.info
skip_host_check: no
force: yes
......@@ -114,6 +122,7 @@
- name: Ensure service is present, whithout host object and with host not in DNS.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: HTTP/no.idontexist.info
skip_host_check: yes
force: yes
......@@ -123,6 +132,7 @@
- name: Ensure service is present, whithout host object and with host not in DNS, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: HTTP/no.idontexist.info
skip_host_check: yes
force: yes
......@@ -132,6 +142,7 @@
- name: Principal host/test.example.com present in service.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ svc_fqdn }}"
principal:
- host/test.example.com
......@@ -142,6 +153,7 @@
- name: Principal host/test.example.com present in service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ svc_fqdn }}"
principal:
- host/test.example.com
......@@ -153,6 +165,7 @@
- name: Principal host/test.example.com absent in service.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ svc_fqdn }}"
principal:
- host/test.example.com
......@@ -164,6 +177,7 @@
- name: Principal host/test.example.com absent in service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ svc_fqdn }}"
principal:
- host/test.example.com
......@@ -176,6 +190,7 @@
- name: Ensure host can manage service.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ svc_fqdn }}"
host:
- "{{ host1_fqdn }}"
......@@ -187,6 +202,7 @@
- name: Ensure host can manage service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ svc_fqdn }}"
host: "{{ host1_fqdn }}"
action: member
......@@ -196,6 +212,7 @@
- name: Ensure host cannot manage service.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ svc_fqdn }}"
host:
- "{{ host1_fqdn }}"
......@@ -208,6 +225,7 @@
- name: Ensure host cannot manage service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ svc_fqdn }}"
host:
- "{{ host1_fqdn }}"
......@@ -220,6 +238,7 @@
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
......@@ -240,6 +259,7 @@
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, groups, hosts and hostgroups, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
......@@ -260,6 +280,7 @@
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
......@@ -281,6 +302,7 @@
- name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, groups, hosts and hostgroups, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ svc_fqdn }}"
allow_create_keytab_user:
- user01
......@@ -302,6 +324,7 @@
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
......@@ -322,6 +345,7 @@
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, groups, hosts and hostgroups, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
......@@ -342,6 +366,7 @@
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
......@@ -363,6 +388,7 @@
- name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, groups, hosts and hostgroups, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ svc_fqdn }}"
allow_retrieve_keytab_user:
- user01
......@@ -384,6 +410,7 @@
- name: Ensure service is absent
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ svc_fqdn }}"
continue: yes
state: absent
......@@ -393,6 +420,7 @@
- name: Ensure service is absent, again
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ svc_fqdn }}"
continue: yes
state: absent
......@@ -402,6 +430,7 @@
- name: Ensure service is present, with multiple auth_ind values.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ svc_fqdn }}"
auth_ind: otp,radius
skip_host_check: no
......@@ -412,6 +441,7 @@
- name: Ensure service is present, with multiple auth_ind values, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ svc_fqdn }}"
auth_ind: otp,radius
skip_host_check: no
......@@ -422,6 +452,7 @@
- name: Clear auth_ind.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ svc_fqdn }}"
auth_ind: ""
skip_host_check: no
......@@ -432,6 +463,7 @@
- name: Clear auth_ind, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "HTTP/{{ svc_fqdn }}"
auth_ind: ""
skip_host_check: no
......@@ -442,6 +474,7 @@
- name: Ensure services are absent.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- "HTTP/{{ svc_fqdn }}"
- "HTTP/{{ nohost_fqdn }}"
......@@ -455,6 +488,7 @@
- name: Ensure services are absent.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name:
- "HTTP/{{ svc_fqdn }}"
- "HTTP/{{ nohost_fqdn }}"
......@@ -468,6 +502,7 @@
- name: Ensure SMB service is present.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "{{ host1_fqdn }}"
pac_type: NONE
smb: yes
......@@ -478,6 +513,7 @@
- name: Ensure SMB service is again.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "{{ host1_fqdn }}"
pac_type: NONE
smb: yes
......@@ -488,6 +524,7 @@
- name: Modify SMB service.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "{{ host1_fqdn }}"
smb: yes
netbiosname: SAMBASVC
......@@ -503,6 +540,7 @@
- name: Modify SMB service, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "{{ host1_fqdn }}"
smb: yes
netbiosname: SAMBASVC
......@@ -518,6 +556,7 @@
- name: Ensure SMB service is absent.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "cifs/{{ host1_fqdn }}"
continue: yes
state: absent
......@@ -527,6 +566,7 @@
- name: Ensure SMB service is absent, again.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: "cifs/{{ host1_fqdn }}"
continue: yes
state: absent
......
tests/service/test_service_client_context.yml 0 → 100644
+ 37
0
View file @ f1381edc
---
- name: Test service
hosts: ipaclients, ipaserver
become: no
gather_facts: no
tasks:
- name: Include FreeIPA facts.
include_tasks: ../env_freeipa_facts.yml
# Test will only be executed if host is not a server.
- name: Execute with server context in the client.
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaapi_context: server
name: ThisShouldNotWork
register: result
failed_when: not (result.failed and result.msg is regex("No module named '*ipaserver'*"))
when: ipa_host_is_client
# Import basic module tests, and execute with ipa_context set to 'client'.
# If ipaclients is set, it will be executed using the client, if not,
# ipaserver will be used.
#
# With this setup, tests can be executed against an IPA client, against
# an IPA server using "client" context, and ensure that tests are executed
# in upstream CI.
- name: Test service using client context, in client host.
import_playbook: test_service.yml
when: groups['ipaclients']
vars:
ipa_test_host: ipaclients
- name: Test service using client context, in server host.
import_playbook: test_service.yml
when: groups['ipaclients'] is not defined or not groups['ipaclients']
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment