Skip to content
Snippets Groups Projects
Commit f7ca62e5 authored by Rafael Guterres Jeffman's avatar Rafael Guterres Jeffman
Browse files

Add support for missing attributes, and enhance ipaconfig tests. 

This patch add support for the attributes `maxtostname` and
`ca_renewal_master_server` attributes that were missing and
also provide a more complete set of tests.
parent 89ba344a
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
README-config.md
+ 25
21
View file @ f7ca62e5
......@@ -90,25 +90,27 @@ Variable | Description | Required
-------- | ----------- | --------
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
`maxusername` \| `ipamaxusernamelength` | Set the maximum username length (1 to 255) | false
`homedirectory` \| `ipahomesrootdir` | Set the default location of home directories | false
`defaultshell` \| `ipadefaultloginshell` | Set the default shell for new users | false
`defaultgroup` \| `ipadefaultprimarygroup` | Set the default group for new users | false
`maxusername` \| `ipamaxusernamelength` | Set the maximum username length (1 to 255) | no
`maxhostname` \| `ipamaxhostnamelength` | Set the maximum hostname length between 64-255 | no
`homedirectory` \| `ipahomesrootdir` | Set the default location of home directories | no
`defaultshell` \| `ipadefaultloginshell` | Set the default shell for new users | no
`defaultgroup` \| `ipadefaultprimarygroup` | Set the default group for new users | no
`emaildomain`\| `ipadefaultemaildomain` | Set the default e-mail domain | false
`searchtimelimit` \| `ipasearchtimelimit` | Set maximum amount of time (seconds) for a search -1 to 2147483647 (-1 or 0 is unlimited) | false
`searchrecordslimit` \| `ipasearchrecordslimit` | Set maximum number of records to search -1 to 2147483647 (-1 or 0 is unlimited) | false
`usersearch` \| `ipausersearchfields` | Set list of fields to search when searching for users | false
`groupsearch` \| `ipagroupsearchfields` | Set list of fields to search in when searching for groups | false
`enable_migration` \| `ipamigrationenabled` | Enable migration mode (choices: True, False ) | false
`groupobjectclasses` \| `ipagroupobjectclasses` | Set default group objectclasses (list) | false
`userobjectclasses` \| `ipauserobjectclasses` | Set default user objectclasses (list) | false
`pwdexpnotify` \| `ipapwdexpadvnotify` | Set number of days's notice of impending password expiration (0 to 2147483647) | false
`configstring` \| `ipaconfigstring` | Set extra hashes to generate in password plug-in (choices:`AllowNThash`, `KDC:Disable Last Success`, `KDC:Disable Lockout`, `KDC:Disable Default Preauth for SPNs`) | false
`selinuxusermaporder` \| `ipaselinuxusermaporder`| Set ordered list in increasing priority of SELinux users | false
`selinuxusermapdefault`\| `ipaselinuxusermapdefault` | Set default SELinux user when no match is found in SELinux map rule | false
`pac_type` \| `ipakrbauthzdata` | set default types of PAC supported for services (choices: `MS-PAC`, `PAD`, `nfs:NONE`)
`user_auth_type` \| `ipauserauthtype` | set default types of supported user authentication (choices: `password`, `radius`, `otp`, `disabled`) | false
`domain_resolution_order` \| `ipadomainresolutionorder` | Set list of domains used for short name qualification | false
`searchtimelimit` \| `ipasearchtimelimit` | Set maximum amount of time (seconds) for a search -1 to 2147483647 (-1 or 0 is unlimited) | no
`searchrecordslimit` \| `ipasearchrecordslimit` | Set maximum number of records to search -1 to 2147483647 (-1 or 0 is unlimited) | no
`usersearch` \| `ipausersearchfields` | Set list of fields to search when searching for users | no
`groupsearch` \| `ipagroupsearchfields` | Set list of fields to search in when searching for groups | no
`enable_migration` \| `ipamigrationenabled` | Enable migration mode (choices: True, False ) | no
`groupobjectclasses` \| `ipagroupobjectclasses` | Set default group objectclasses (list) | no
`userobjectclasses` \| `ipauserobjectclasses` | Set default user objectclasses (list) | no
`pwdexpnotify` \| `ipapwdexpadvnotify` | Set number of days's notice of impending password expiration (0 to 2147483647) | no
`configstring` \| `ipaconfigstring` | Set extra hashes to generate in password plug-in (choices:`AllowNThash`, `KDC:Disable Last Success`, `KDC:Disable Lockout`, `KDC:Disable Default Preauth for SPNs`). Use `""` to clear this variable. | no
`selinuxusermaporder` \| `ipaselinuxusermaporder`| Set ordered list in increasing priority of SELinux users | no
`selinuxusermapdefault`\| `ipaselinuxusermapdefault` | Set default SELinux user when no match is found in SELinux map rule | no
`pac_type` \| `ipakrbauthzdata` | set default types of PAC supported for services (choices: `MS-PAC`, `PAD`, `nfs:NONE`). Use `""` to clear this variable. | no
`user_auth_type` \| `ipauserauthtype` | set default types of supported user authentication (choices: `password`, `radius`, `otp`, `disabled`). Use `""` to clear this variable. | no
`domain_resolution_order` \| `ipadomainresolutionorder` | Set list of domains used for short name qualification | no
`ca_renewal_master_server` \| `ipacarenewalmasterserver`| Renewal master for IPA certificate authority. | no
Return Values
......@@ -117,6 +119,8 @@ Return Values
Variable | Description | Returned When
-------- | ----------- | -------------
`config` | config dict <br />Fields: | No values to configure are specified
&nbsp; | `maxusername` | &nbsp;
&nbsp; | `maxhostname` | &nbsp;
&nbsp; | `homedirectory` | &nbsp;
&nbsp; | `defaultshell` | &nbsp;
&nbsp; | `defaultgroup` | &nbsp;
......@@ -130,12 +134,12 @@ Variable | Description | Returned When
&nbsp; | `userobjectclasses` | &nbsp;
&nbsp; | `pwdexpnotify` | &nbsp;
&nbsp; | `configstring` | &nbsp;
&nbsp; | `selinuxusermaporder` | &nbsp;
&nbsp; | `selinuxusermapdefault` | &nbsp;
&nbsp; | `selinuxusermaporder` | &nbsp;
&nbsp; | `pac_type` | &nbsp;
&nbsp; | `user_auth_type` | &nbsp;
&nbsp; | `domain_resolution_order` | &nbsp;
&nbsp; | `ca_renewal_master_server` | &nbsp;
All returned fields take the same form as their namesake input parameters
......
playbooks/config/retrieve-config.yml 0 → 100644
+ 14
0
View file @ f7ca62e5
---
- name: Playbook to handle global DNS configuration
hosts: ipaserver
become: no
gather_facts: no
tasks:
- name: Query IPA global configuration
ipaconfig:
ipaadmin_password: SomeADMINpassword
register: serverconfig
- debug:
msg: "{{ serverconfig }}"
playbooks/config/set-ca-renewal-master-server.yml 0 → 100644
+ 11
0
View file @ f7ca62e5
---
- name: Playbook to handle global DNS configuration
hosts: ipaserver
become: no
gather_facts: no
tasks:
- name: set ca_renewal_master_server
ipaconfig:
ipaadmin_password: SomeADMINpassword
ca_renewal_master_server: carenewal.example.com
plugins/modules/ipaconfig.py
+ 57
38
View file @ f7ca62e5
......@@ -45,6 +45,10 @@ options:
description: Set the maximum username length between 1-255
required: false
aliases: ['ipamaxusernamelength']
maxhostname:
description: Set the maximum hostname length between 64-255
required: false
aliases: ['ipamaxhostnamelength']
homedirectory:
description: Set the default location of home directories
required: false
......@@ -87,7 +91,7 @@ options:
description: Enable migration mode
type: bool
required: false
aliases: ['enable-migration','ipamigrationenabled']
aliases: ['ipamigrationenabled']
groupobjectclasses:
description: Set default group objectclasses (comma-separated list)
required: false
......@@ -113,6 +117,7 @@ options:
- "KDC:Disable Last Success"
- "KDC:Disable Lockout"
- "KDC:Disable Default Preauth for SPNs"
- ""
aliases: ['ipaconfigstring']
selinuxusermaporder:
description: Set order in increasing priority of SELinux users
......@@ -127,21 +132,23 @@ options:
description: set default types of PAC supported for services
required: false
type: list
choices: ["MS-PAC", "PAD", "nfs:NONE"]
aliases: ["pac-type","ipakrbauthzdata"]
choices: ["MS-PAC", "PAD", "nfs:NONE", ""]
aliases: ["ipakrbauthzdata"]
user_auth_type:
description: set default types of supported user authentication
required: false
type: list
choices: ["password", "radius", "otp", "disabled"]
aliases: ["user-auth_type","user-auth-type","ipauserauthtype"]
choices: ["password", "radius", "otp", "disabled", ""]
aliases: ["ipauserauthtype"]
ca_renewal_master_server:
description: Renewal master for IPA certificate authority.
required: false
type: string
domain_resolution_order:
description: set list of domains used for short name qualification
required: false
type: list
aliases: ["domain-resolution_order",
"domain-resolution-order",
"ipadomainresolutionorder"]
aliases: ["ipadomainresolutionorder"]
'''
EXAMPLES = '''
......@@ -174,6 +181,9 @@ config:
maxusername:
description: maximum username length
returned: always
maxhostname:
description: maximum hostname length
returned: always
homedirectory:
description: default location of home directories
returned: always
......@@ -232,6 +242,9 @@ config:
user_auth_type:
description: default types of supported user authentication
returned: always
ca_renewal_master_server:
description: master for IPA certificate authority.
returned: always
domain_resolution_order:
description: list of domains used for short name qualification
returned: always
......@@ -242,6 +255,7 @@ from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_freeipa_module import temp_kinit, \
temp_kdestroy, valid_creds, api_connect, api_command_no_name, \
compare_args_ipa, module_params_get
import ipalib.errors
def config_show(module):
......@@ -267,6 +281,8 @@ def main():
ipaadmin_password=dict(type="str", required=False, no_log=True),
maxusername=dict(type="int", required=False,
aliases=['ipamaxusernamelength']),
maxhostname=dict(type="int", required=False,
aliases=['ipamaxhostnamelength']),
homedirectory=dict(type="str", required=False,
aliases=['ipahomesrootdir']),
defaultshell=dict(type="str", required=False,
......@@ -285,8 +301,7 @@ def main():
groupsearch=dict(type="list", required=False,
aliases=['ipagroupsearchfields']),
enable_migration=dict(type="bool", required=False,
aliases=['ipamigrationenabled',
'enable-migration']),
aliases=['ipamigrationenabled']),
groupobjectclasses=dict(type="list", required=False,
aliases=['ipagroupobjectclasses']),
userobjectclasses=dict(type="list", required=False,
......@@ -298,22 +313,22 @@ def main():
choices=["AllowNThash",
"KDC:Disable Last Success",
"KDC:Disable Lockout",
"KDC:Disable Default Preauth for SPNs"]), # noqa E128
"KDC:Disable Default Preauth for SPNs",
""]), # noqa E128
selinuxusermaporder=dict(type="list", required=False,
aliases=['ipaselinuxusermaporder']),
selinuxusermapdefault=dict(type="str", required=False,
aliases=['ipaselinuxusermapdefault']),
pac_type=dict(type="list", required=False,
aliases=["ipakrbauthzdata", "pac-type"],
choices=["MS-PAC", "PAD", "nfs:NONE"]),
aliases=["ipakrbauthzdata"],
choices=["MS-PAC", "PAD", "nfs:NONE", ""]),
user_auth_type=dict(type="list", required=False,
aliases=["ipauserauthtype",
"user-auth_type",
"user-auth-type"]),
choices=["password", "radius", "otp",
"disabled", ""],
aliases=["ipauserauthtype"]),
ca_renewal_master_server=dict(type="str", required=False),
domain_resolution_order=dict(type="list", required=False,
aliases=["ipadomainresolutionorder",
"domain-resolution_order",
"domain-resolution-order"])
aliases=["ipadomainresolutionorder"])
),
supports_check_mode=True,
)
......@@ -330,6 +345,7 @@ def main():
field_map = {
"maxusername": "ipamaxusernamelength",
"maxhostname": "ipamaxhostnamelength",
"homedirectory": "ipahomesrootdir",
"defaultshell": "ipadefaultloginshell",
"defaultgroup": "ipadefaultprimarygroup",
......@@ -347,6 +363,7 @@ def main():
"selinuxusermapdefault": "ipaselinuxusermapdefault",
"pac_type": "ipakrbauthzdata",
"user_auth_type": "ipauserauthtype",
"ca_renewal_master_server": "ca_renewal_master_server",
"domain_resolution_order": "ipadomainresolutionorder"
}
reverse_field_map = {v: k for k, v in field_map.items()}
......@@ -378,22 +395,19 @@ def main():
params["ipagroupsearchfields"] = \
",".join(params["ipagroupsearchfields"])
if params.get("ipamaxusernamelength", 0) > 255 \
or params.get("ipamaxusernamelength", 2) < 1:
ansible_module.fail_json(
msg="Argument 'maxusername' mustn range 1 to 255")
for x in ["ipasearchtimelimit",
"ipasearchrecordslimit",
"ipapwdexpadvnotify"]:
if params.get(x, 0) > 2147483647:
# verify limits on INT values.
args_with_limits = [
("ipamaxusernamelength", 1, 255),
("ipamaxhostnamelength", 64, 255),
("ipasearchtimelimit", -1, 2147483647),
("ipasearchrecordslimit", -1, 2147483647),
("ipapwdexpadvnotify", 0, 2147483647),
]
for arg, min, max in args_with_limits:
if arg in params and (params[arg] > max or params[arg] < min):
ansible_module.fail_json(
msg="Argument '%s' has a maximum value of 2147483647" % (x))
for x in ["ipasearchtimelimit", "ipasearchrecordslimit"]:
if params.get(x, 0) < -2147483648:
ansible_module.fail_json(
msg="Argument '%s' has minimum value of -2147483648" % (x))
msg="Argument '%s' must be between %d and %d."
% (arg, min, max))
changed = False
exit_args = {}
......@@ -405,10 +419,14 @@ def main():
ccache_dir, ccache_name = temp_kinit(ipaadmin_principal,
ipaadmin_password)
api_connect()
if params.keys():
if params:
res_show = config_show(ansible_module)
if not compare_args_ipa(ansible_module, params, res_show):
params = {
k: v for k, v in params.items()
if k not in res_show or res_show[k] != v
}
if params \
and not compare_args_ipa(ansible_module, params, res_show):
changed = True
api_command_no_name(ansible_module, "config_mod", params)
......@@ -445,7 +463,8 @@ def main():
exit_args[k] = (v[0] == "TRUE")
else:
exit_args[k] = v
except ipalib.errors.EmptyModlist:
changed = False
except Exception as e:
ansible_module.fail_json(msg="%s %s" % (params, str(e)))
......
tests/config/test_config.yml
+ 305
60
View file @ f7ca62e5
......@@ -5,6 +5,7 @@
gather_facts: false
tasks:
# Retrieve current configuration.
- name: return current values of the global configuration options
ipaconfig:
ipaadmin_password: SomeADMINpassword
......@@ -13,131 +14,375 @@
- debug:
msg: "{{previousconfig}}"
- name: set default shell to default value
# setup environment.
- name: create test group
ipagroup:
ipaadmin_password: 'SomeADMINpassword'
name: somedefaultgroup
- name: Ensure the default e-mail domain is ipa.test.
ipaconfig:
ipaadmin_password: SomeADMINpassword
emaildomain: ipa.test
- name: set default shell to '/bin/sh'
ipaconfig:
ipaadmin_password: SomeADMINpassword
defaultshell: /bin/sh
- name: set default group
ipaconfig:
ipaadmin_password: SomeADMINpassword
defaultgroup: ipausers
- name: set default home directory
ipaconfig:
ipaadmin_password: SomeADMINpassword
homedirectory: /home
- name: clear pac-type
ipaconfig:
ipaadmin_password: SomeADMINpassword
pac_type: ""
- name: set maxusername to 255
ipaconfig:
ipaadmin_password: SomeADMINpassword
maxusername: 255
- name: set maxhostname to 255
ipaconfig:
ipaadmin_password: SomeADMINpassword
maxhostname: 255
- name: set pwdexpnotify to 0
ipaconfig:
ipaadmin_password: SomeADMINpassword
pwdexpnotify: 0
- name: set searchrecordslimit to 10
ipaconfig:
ipaadmin_password: SomeADMINpassword
searchrecordslimit: 10
- name: set searchtimelimit to 1
ipaconfig:
ipaadmin_password: SomeADMINpassword
searchtimelimit: 1
- name: clear configstring
ipaconfig:
ipaadmin_password: SomeADMINpassword
configstring: ""
- name: set configstring to AllowNThash
ipaconfig:
ipaadmin_password: SomeADMINpassword
configstring: 'KDC:Disable Lockout'
- name: set selinuxusermapdefault
ipaconfig:
ipaadmin_password: SomeADMINpassword
selinuxusermapdefault: "staff_u:s0-s0:c0.c1023"
- name: set selinuxusermaporder
ipaconfig:
ipaadmin_password: SomeADMINpassword
selinuxusermaporder: 'user_u:s0$staff_u:s0-s0:c0.c1023'
- name: set usersearch to `uid`
ipaconfig:
ipaadmin_password: SomeADMINpassword
usersearch: uid
- name: set groupsearch to `cn`
ipaconfig:
ipaadmin_password: SomeADMINpassword
groupsearch: cn
# tests
- name: Ensure the default e-mail domain is somedomain.test.
ipaconfig:
ipaadmin_password: SomeADMINpassword
emaildomain: somedomain.test
register: result
failed_when: not result.changed
- name: Ensure the default e-mail domain is somedomain.test, again.
ipaconfig:
ipaadmin_password: SomeADMINpassword
emaildomain: somedomain.test
register: result
failed_when: result.changed
- name: set default shell to new value
- name: set default shell to '/bin/someshell'
ipaconfig:
ipaadmin_password: SomeADMINpassword
defaultshell: /bin/bash
defaultshell: /bin/someshell
register: result
failed_when: not result.changed
- name: check default shell is changed
- name: set default shell to '/bin/someshell', again.
ipaconfig:
ipaadmin_password: SomeADMINpassword
defaultshell: /bin/bash
defaultshell: /bin/someshell
register: result
failed_when: result.changed
- name: reset default shell to old value
- name: set default group
ipaconfig:
ipaadmin_password: SomeADMINpassword
defaultshell: '{{previousconfig.config.defaultshell }}'
defaultgroup: somedefaultgroup
register: result
failed_when: not result.changed
- name: check default shell is reset
- name: set default group
ipaconfig:
ipaadmin_password: SomeADMINpassword
defaultshell: '{{previousconfig.config.defaultshell }}'
defaultgroup: somedefaultgroup
register: result
failed_when: result.changed
- name: Ensure the default e-mail domain is ansible.com.
- name: set default home directory
ipaconfig:
ipaadmin_password: SomeADMINpassword
emaildomain: ansible.com
homedirectory: /Users
register: result
failed_when: not result.changed
- name: Ensure the default e-mail domain is set
- name: set default home directory
ipaconfig:
ipaadmin_password: SomeADMINpassword
emaildomain: ansible.com
homedirectory: /Users
register: result
failed_when: result.changed
- name: reset default e-mail domain
- name: set pac-type
ipaconfig:
ipaadmin_password: SomeADMINpassword
emaildomain: '{{previousconfig.config.emaildomain }}'
pac_type: "nfs:NONE"
register: result
failed_when: not result.changed
- name: set pac-type
- name: set pac-type, again.
ipaconfig:
ipaadmin_password: SomeADMINpassword
pac_type: "nfs:NONE"
register: result
failed_when: result.changed
- name: set maxusername to 33
ipaconfig:
ipaadmin_password: SomeADMINpassword
maxusername: 33
register: result
failed_when: not result.changed
- name: set maxusername to 33, again.
ipaconfig:
ipaadmin_password: SomeADMINpassword
maxusername: 33
register: result
failed_when: result.changed
- name: set maxhostname to 77
ipaconfig:
ipaadmin_password: SomeADMINpassword
maxhostname: 77
register: result
failed_when: not result.changed
- name: set maxhostname to 77, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
maxhostname: 77
register: result
failed_when: result.changed
- name: set pwdexpnotify to 17
ipaconfig:
ipaadmin_password: SomeADMINpassword
pwdexpnotify: 17
register: result
failed_when: not result.changed
- name: set pwdexpnotify to 17, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
pwdexpnotify: 17
register: result
failed_when: result.changed
- name: set searchrecordslimit to -1
ipaconfig:
ipaadmin_password: SomeADMINpassword
searchrecordslimit: -1
register: result
failed_when: not result.changed
- name: set searchrecordslimit to -1, again.
ipaconfig:
ipaadmin_password: SomeADMINpassword
searchrecordslimit: -1
register: result
failed_when: result.changed
- name: set searchtimelimit to 12345
ipaconfig:
ipaadmin_password: SomeADMINpassword
pac_type:
- nfs:NONE
searchtimelimit: 12345
register: result
failed_when: not result.changed
- name: reset pac-type
- name: set searchtimelimit to 12345, again.
ipaconfig:
ipaadmin_password: SomeADMINpassword
searchtimelimit: 12345
register: result
failed_when: result.changed
- name: change enable_migration
ipaconfig:
ipaadmin_password: SomeADMINpassword
pac_type: '{{previousconfig.config.pac_type}}'
enable_migration: '{{ not previousconfig.config.enable_migration }}'
register: result
failed_when: not result.changed
- name: set usersearch
- name: change enable_migration, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
enable_migration: '{{ not previousconfig.config.enable_migration }}'
register: result
failed_when: result.changed
- name: set configstring to AllowNThash
ipaconfig:
ipaadmin_password: SomeADMINpassword
usersearch:
- uid
configstring: AllowNThash
register: result
failed_when: not result.changed
- name: check usersearch
- name: set configstring to AllowNThash, again.
ipaconfig:
ipaadmin_password: SomeADMINpassword
usersearch:
- uid
configstring: AllowNThash
register: result
failed_when: result.changed
- name: set selinuxusermaporder
ipaconfig:
ipaadmin_password: SomeADMINpassword
selinuxusermaporder: 'user_u:s0$staff_u:s0-s0:c0.c1023$sysadm_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023'
register: result
failed_when: not result.changed
- name: set selinuxusermaporder, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
selinuxusermaporder: 'user_u:s0$staff_u:s0-s0:c0.c1023$sysadm_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023'
register: result
failed_when: result.changed
- name: set selinuxusermapdefault
ipaconfig:
ipaadmin_password: SomeADMINpassword
selinuxusermapdefault: 'user_u:s0'
register: result
failed_when: not result.changed
- name: set selinuxusermapdefault, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
selinuxusermapdefault: 'user_u:s0'
register: result
failed_when: result.changed
- name: set groupsearch to `description`
ipaconfig:
ipaadmin_password: SomeADMINpassword
groupsearch: description
register: result
failed_when: not result.changed
- name: set groupsearch to `gidNumber`, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
groupsearch: description
register: result
failed_when: result.changed
- name: set usersearch to `uidNumber`
ipaconfig:
ipaadmin_password: SomeADMINpassword
usersearch: uidNumber
register: result
failed_when: not result.changed
- name: set usersearch to `uidNumber`, again
ipaconfig:
ipaadmin_password: SomeADMINpassword
usersearch: uidNumber
register: result
failed_when: result.changed
- name: reset changed fields
ipaconfig:
ipaadmin_password: 'SomeADMINpassword'
configstring: '{{previousconfig.config.configstring}}'
emaildomain: '{{previousconfig.config.emaildomain}}'
defaultshell: '{{previousconfig.config.defaultshell}}'
defaultgroup: '{{previousconfig.config.defaultgroup}}'
groupsearch: '{{previousconfig.config.groupsearch}}'
homedirectory: '{{previousconfig.config.homedirectory}}'
pac_type: '{{previousconfig.config.pac_type}}'
maxusername: '{{previousconfig.config.maxusername}}'
enable_migration: '{{previousconfig.config.enable_migration}}'
pwdexpnotify: '{{previousconfig.config.pwdexpnotify}}'
searchrecordslimit: '{{previousconfig.config.searchrecordslimit}}'
searchtimelimit: '{{previousconfig.config.searchtimelimit}}'
selinuxusermapdefault: '{{previousconfig.config.selinuxusermapdefault}}'
selinuxusermaporder: '{{previousconfig.config.selinuxusermaporder}}'
usersearch: '{{previousconfig.config.usersearch}}'
register: result
failed_when: not result.changed
- name: check reset fields
maxusername: '{{previousconfig.config.maxusername | default(omit)}}'
maxhostname: '{{previousconfig.config.maxhostname | default(omit)}}'
homedirectory: '{{previousconfig.config.homedirectory | default(omit)}}'
defaultshell: '{{previousconfig.config.defaultshell | default(omit)}}'
defaultgroup: '{{previousconfig.config.defaultgroup | default(omit)}}'
emaildomain: '{{previousconfig.config.emaildomain | default(omit)}}'
searchtimelimit: '{{previousconfig.config.searchtimelimit | default(omit)}}'
searchrecordslimit: '{{previousconfig.config.searchrecordslimit | default(omit)}}'
usersearch: '{{previousconfig.config.usersearch | default(omit)}}'
groupsearch: '{{previousconfig.config.groupsearch | default(omit)}}'
enable_migration: '{{previousconfig.config.enable_migration | default(omit)}}'
groupobjectclasses: '{{previousconfig.config.groupobjectclasses | default(omit)}}'
userobjectclasses: '{{previousconfig.config.userobjectclasses | default(omit)}}'
pwdexpnotify: '{{previousconfig.config.pwdexpnotify | default(omit)}}'
configstring: '{{previousconfig.config.configstring | default(omit)}}'
selinuxusermapdefault: '{{previousconfig.config.selinuxusermapdefault | default(omit)}}'
selinuxusermaporder: '{{previousconfig.config.selinuxusermaporder | default(omit)}}'
pac_type: '{{previousconfig.config.pac_type | default(omit)}}'
user_auth_type: '{{previousconfig.config.user_auth_type | default(omit)}}'
domain_resolution_order: '{{previousconfig.config.domain_resolution_order | default(omit)}}'
ca_renewal_master_server: '{{previousconfig.config.ca_renewal_master_server | default(omit)}}'
register: result
failed_when: not result.changed
- name: reset changed fields, again
ipaconfig:
ipaadmin_password: 'SomeADMINpassword'
configstring: '{{previousconfig.config.configstring}}'
emaildomain: '{{previousconfig.config.emaildomain}}'
defaultshell: '{{previousconfig.config.defaultshell}}'
defaultgroup: '{{previousconfig.config.defaultgroup}}'
groupsearch: '{{previousconfig.config.groupsearch}}'
homedirectory: '{{previousconfig.config.homedirectory}}'
pac_type: '{{previousconfig.config.pac_type}}'
maxusername: '{{previousconfig.config.maxusername}}'
enable_migration: '{{previousconfig.config.enable_migration}}'
pwdexpnotify: '{{previousconfig.config.pwdexpnotify}}'
searchrecordslimit: '{{previousconfig.config.searchrecordslimit}}'
searchtimelimit: '{{previousconfig.config.searchtimelimit}}'
selinuxusermapdefault: '{{previousconfig.config.selinuxusermapdefault}}'
selinuxusermaporder: '{{previousconfig.config.selinuxusermaporder}}'
usersearch: '{{previousconfig.config.usersearch}}'
maxusername: '{{previousconfig.config.maxusername | default(omit)}}'
maxhostname: '{{previousconfig.config.maxhostname | default(omit)}}'
homedirectory: '{{previousconfig.config.homedirectory | default(omit)}}'
defaultshell: '{{previousconfig.config.defaultshell | default(omit)}}'
defaultgroup: '{{previousconfig.config.defaultgroup | default(omit)}}'
emaildomain: '{{previousconfig.config.emaildomain | default(omit)}}'
searchtimelimit: '{{previousconfig.config.searchtimelimit | default(omit)}}'
searchrecordslimit: '{{previousconfig.config.searchrecordslimit | default(omit)}}'
usersearch: '{{previousconfig.config.usersearch | default(omit)}}'
groupsearch: '{{previousconfig.config.groupsearch | default(omit)}}'
enable_migration: '{{previousconfig.config.enable_migration | default(omit)}}'
groupobjectclasses: '{{previousconfig.config.groupobjectclasses | default(omit)}}'
userobjectclasses: '{{previousconfig.config.userobjectclasses | default(omit)}}'
pwdexpnotify: '{{previousconfig.config.pwdexpnotify | default(omit)}}'
configstring: '{{previousconfig.config.configstring | default(omit)}}'
selinuxusermapdefault: '{{previousconfig.config.selinuxusermapdefault | default(omit)}}'
selinuxusermaporder: '{{previousconfig.config.selinuxusermaporder | default(omit)}}'
pac_type: '{{previousconfig.config.pac_type | default(omit)}}'
user_auth_type: '{{previousconfig.config.user_auth_type | default(omit)}}'
domain_resolution_order: '{{previousconfig.config.domain_resolution_order | default(omit)}}'
ca_renewal_master_server: '{{previousconfig.config.ca_renewal_master_server | default(omit)}}'
register: result
failed_when: result.changed
# cleanup
- name: cleanup test group
ipagroup:
ipaadmin_password: 'SomeADMINpassword'
name: somedefaultgroup
state: absent
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment