|
 |
01db47 |
# Skipping 3ab575bcac310166e7d29c5a5349d90482f4e629 as it is reorganizing
|
|
|
01db47 |
# service module test test_service.yml and
|
|
|
01db47 |
# test_service_without_skip_host_check.yml
|
|
|
01db47 |
|
|
|
01db47 |
From b5e93c705fc56f6592121aa09bfb9f6dce5cee35 Mon Sep 17 00:00:00 2001
|
|
|
01db47 |
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
|
|
|
01db47 |
Date: Tue, 11 Aug 2020 16:23:15 -0300
|
|
|
01db47 |
Subject: [PATCH] Fix `allow_retrieve_keytab_host` in service module.
|
|
|
01db47 |
|
|
|
01db47 |
The attribute `allow_retrieve_keytab_host` was not working due to
|
|
|
01db47 |
wrong processing of the input and verification if the values should
|
|
|
01db47 |
be updated. Both the issues are fixed by this change.
|
|
|
01db47 |
|
|
|
01db47 |
Tests were added to better verify service keytab members.
|
|
|
01db47 |
---
|
|
|
01db47 |
plugins/modules/ipaservice.py | 4 +-
|
|
|
01db47 |
tests/service/env_cleanup.yml | 68 +++++
|
|
|
01db47 |
tests/service/env_setup.yml | 73 +++++
|
|
|
01db47 |
tests/service/env_vars.yml | 15 +
|
|
|
01db47 |
tests/service/test_service_keytab.yml | 397 ++++++++++++++++++++++++++
|
|
|
01db47 |
5 files changed, 555 insertions(+), 2 deletions(-)
|
|
|
01db47 |
create mode 100644 tests/service/env_cleanup.yml
|
|
|
01db47 |
create mode 100644 tests/service/env_setup.yml
|
|
|
01db47 |
create mode 100644 tests/service/env_vars.yml
|
|
|
01db47 |
create mode 100644 tests/service/test_service_keytab.yml
|
|
|
01db47 |
|
|
|
01db47 |
diff --git a/plugins/modules/ipaservice.py b/plugins/modules/ipaservice.py
|
|
|
01db47 |
index b0d2535..8bc390d 100644
|
|
|
01db47 |
--- a/plugins/modules/ipaservice.py
|
|
|
01db47 |
+++ b/plugins/modules/ipaservice.py
|
|
|
01db47 |
@@ -460,7 +460,7 @@ def main():
|
|
|
01db47 |
allow_retrieve_keytab_group = module_params_get(
|
|
|
01db47 |
ansible_module, "allow_retrieve_keytab_group")
|
|
|
01db47 |
allow_retrieve_keytab_host = module_params_get(
|
|
|
01db47 |
- ansible_module, "allow_create_keytab_host")
|
|
|
01db47 |
+ ansible_module, "allow_retrieve_keytab_host")
|
|
|
01db47 |
allow_retrieve_keytab_hostgroup = module_params_get(
|
|
|
01db47 |
ansible_module, "allow_retrieve_keytab_hostgroup")
|
|
|
01db47 |
delete_continue = module_params_get(ansible_module, "delete_continue")
|
|
|
01db47 |
@@ -727,7 +727,7 @@ def main():
|
|
|
01db47 |
# Allow retrieve keytab
|
|
|
01db47 |
if len(allow_retrieve_keytab_user_add) > 0 or \
|
|
|
01db47 |
len(allow_retrieve_keytab_group_add) > 0 or \
|
|
|
01db47 |
- len(allow_retrieve_keytab_hostgroup_add) > 0 or \
|
|
|
01db47 |
+ len(allow_retrieve_keytab_host_add) > 0 or \
|
|
|
01db47 |
len(allow_retrieve_keytab_hostgroup_add) > 0:
|
|
|
01db47 |
commands.append(
|
|
|
01db47 |
[name, "service_allow_retrieve_keytab",
|
|
|
01db47 |
diff --git a/tests/service/env_cleanup.yml b/tests/service/env_cleanup.yml
|
|
|
01db47 |
new file mode 100644
|
|
|
01db47 |
index 0000000..f96a75b
|
|
|
01db47 |
--- /dev/null
|
|
|
01db47 |
+++ b/tests/service/env_cleanup.yml
|
|
|
01db47 |
@@ -0,0 +1,68 @@
|
|
|
01db47 |
+---
|
|
|
01db47 |
+# Cleanup tasks for the service module tests.
|
|
|
01db47 |
+- name: Ensure services are absent.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name:
|
|
|
01db47 |
+ - "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ - "HTTP/{{ nohost_fqdn }}"
|
|
|
01db47 |
+ - HTTP/svc.ihavenodns.info
|
|
|
01db47 |
+ - HTTP/no.idontexist.local
|
|
|
01db47 |
+ - "cifs/{{ host1_fqdn }}"
|
|
|
01db47 |
+ state: absent
|
|
|
01db47 |
+
|
|
|
01db47 |
+- name: Ensure host "{{ svc_fqdn }}" is absent
|
|
|
01db47 |
+ ipahost:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "{{ svc_fqdn }}"
|
|
|
01db47 |
+ update_dns: yes
|
|
|
01db47 |
+ state: absent
|
|
|
01db47 |
+
|
|
|
01db47 |
+- name: Ensure host is absent
|
|
|
01db47 |
+ ipahost:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name:
|
|
|
01db47 |
+ - "{{ host1_fqdn }}"
|
|
|
01db47 |
+ - "{{ host2_fqdn }}"
|
|
|
01db47 |
+ - "{{ nohost_fqdn }}"
|
|
|
01db47 |
+ - svc.ihavenodns.info
|
|
|
01db47 |
+ update_dns: no
|
|
|
01db47 |
+ state: absent
|
|
|
01db47 |
+
|
|
|
01db47 |
+- name: Ensure testing users are absent.
|
|
|
01db47 |
+ ipauser:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name:
|
|
|
01db47 |
+ - user01
|
|
|
01db47 |
+ - user02
|
|
|
01db47 |
+ state: absent
|
|
|
01db47 |
+
|
|
|
01db47 |
+- name: Ensure testing groups are absent.
|
|
|
01db47 |
+ ipagroup:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name:
|
|
|
01db47 |
+ - group01
|
|
|
01db47 |
+ - group02
|
|
|
01db47 |
+ state: absent
|
|
|
01db47 |
+
|
|
|
01db47 |
+- name: Ensure testing hostgroup hostgroup01 is absent.
|
|
|
01db47 |
+ ipagroup:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name:
|
|
|
01db47 |
+ - hostgroup01
|
|
|
01db47 |
+ state: absent
|
|
|
01db47 |
+
|
|
|
01db47 |
+- name: Ensure testing hostgroup hostgroup02 is absent.
|
|
|
01db47 |
+ ipagroup:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name:
|
|
|
01db47 |
+ - hostgroup02
|
|
|
01db47 |
+ state: absent
|
|
|
01db47 |
+
|
|
|
01db47 |
+- name: Remove IP address for "nohost" host.
|
|
|
01db47 |
+ ipadnsrecord:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ zone_name: "{{ test_domain }}."
|
|
|
01db47 |
+ name: nohost
|
|
|
01db47 |
+ del_all: yes
|
|
|
01db47 |
+ state: absent
|
|
|
01db47 |
diff --git a/tests/service/env_setup.yml b/tests/service/env_setup.yml
|
|
|
01db47 |
new file mode 100644
|
|
|
01db47 |
index 0000000..309cfc0
|
|
|
01db47 |
--- /dev/null
|
|
|
01db47 |
+++ b/tests/service/env_setup.yml
|
|
|
01db47 |
@@ -0,0 +1,73 @@
|
|
|
01db47 |
+# Setup environment for service module tests.
|
|
|
01db47 |
+---
|
|
|
01db47 |
+- name: Setup variables and facts.
|
|
|
01db47 |
+ include_tasks: env_vars.yml
|
|
|
01db47 |
+
|
|
|
01db47 |
+# Cleanup before setup.
|
|
|
01db47 |
+- name: Cleanup test environment.
|
|
|
01db47 |
+ include_tasks: env_cleanup.yml
|
|
|
01db47 |
+
|
|
|
01db47 |
+- name: Add IP address for "nohost" host.
|
|
|
01db47 |
+ ipadnsrecord:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ zone_name: "{{ test_domain }}."
|
|
|
01db47 |
+ name: nohost
|
|
|
01db47 |
+ a_ip_address: "{{ ipv4_prefix + '.100' }}"
|
|
|
01db47 |
+
|
|
|
01db47 |
+- name: Add hosts for tests.
|
|
|
01db47 |
+ ipahost:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ hosts:
|
|
|
01db47 |
+ - name: "{{ host1_fqdn }}"
|
|
|
01db47 |
+ ip_address: "{{ ipv4_prefix + '.101' }}"
|
|
|
01db47 |
+ - name: "{{ host2_fqdn }}"
|
|
|
01db47 |
+ ip_address: "{{ ipv4_prefix + '.102' }}"
|
|
|
01db47 |
+ - name: "{{ svc_fqdn }}"
|
|
|
01db47 |
+ ip_address: "{{ ipv4_prefix + '.201' }}"
|
|
|
01db47 |
+ - name: svc.ihavenodns.info
|
|
|
01db47 |
+ force: yes
|
|
|
01db47 |
+ update_dns: yes
|
|
|
01db47 |
+
|
|
|
01db47 |
+- name: Ensure testing user user01 is present.
|
|
|
01db47 |
+ ipauser:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: user01
|
|
|
01db47 |
+ first: user01
|
|
|
01db47 |
+ last: last
|
|
|
01db47 |
+
|
|
|
01db47 |
+- name: Ensure testing user user02 is present.
|
|
|
01db47 |
+ ipauser:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: user02
|
|
|
01db47 |
+ first: user02
|
|
|
01db47 |
+ last: last
|
|
|
01db47 |
+
|
|
|
01db47 |
+- name: Ensure testing group group01 is present.
|
|
|
01db47 |
+ ipagroup:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: group01
|
|
|
01db47 |
+
|
|
|
01db47 |
+- name: Ensure testing group group02 is present.
|
|
|
01db47 |
+ ipagroup:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: group02
|
|
|
01db47 |
+
|
|
|
01db47 |
+- name: Ensure testing hostgroup hostgroup01 is present.
|
|
|
01db47 |
+ ipahostgroup:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: hostgroup01
|
|
|
01db47 |
+
|
|
|
01db47 |
+- name: Ensure testing hostgroup hostgroup02 is present.
|
|
|
01db47 |
+ ipahostgroup:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: hostgroup02
|
|
|
01db47 |
+
|
|
|
01db47 |
+- name: Ensure services are absent.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name:
|
|
|
01db47 |
+ - "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ - "HTTP/{{ nohost_fqdn }}"
|
|
|
01db47 |
+ - HTTP/svc.ihavenodns.info
|
|
|
01db47 |
+ - HTTP/no.idontexist.info
|
|
|
01db47 |
+ state: absent
|
|
|
01db47 |
diff --git a/tests/service/env_vars.yml b/tests/service/env_vars.yml
|
|
|
01db47 |
new file mode 100644
|
|
|
01db47 |
index 0000000..eb53c7a
|
|
|
01db47 |
--- /dev/null
|
|
|
01db47 |
+++ b/tests/service/env_vars.yml
|
|
|
01db47 |
@@ -0,0 +1,15 @@
|
|
|
01db47 |
+---
|
|
|
01db47 |
+ - name: Get Domain from server name
|
|
|
01db47 |
+ set_fact:
|
|
|
01db47 |
+ test_domain: "{{ ansible_fqdn.split('.')[1:] | join('.') }}"
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Set host1, host2 and svc hosts fqdn
|
|
|
01db47 |
+ set_fact:
|
|
|
01db47 |
+ host1_fqdn: "{{ 'host1.' + test_domain }}"
|
|
|
01db47 |
+ host2_fqdn: "{{ 'host2.' + test_domain }}"
|
|
|
01db47 |
+ svc_fqdn: "{{ 'svc.' + test_domain }}"
|
|
|
01db47 |
+ nohost_fqdn: "{{ 'nohost.' + test_domain }}"
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Get IPv4 address prefix from server node
|
|
|
01db47 |
+ set_fact:
|
|
|
01db47 |
+ ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] | join('.') }}"
|
|
|
01db47 |
diff --git a/tests/service/test_service_keytab.yml b/tests/service/test_service_keytab.yml
|
|
|
01db47 |
new file mode 100644
|
|
|
01db47 |
index 0000000..0918802
|
|
|
01db47 |
--- /dev/null
|
|
|
01db47 |
+++ b/tests/service/test_service_keytab.yml
|
|
|
01db47 |
@@ -0,0 +1,397 @@
|
|
|
01db47 |
+---
|
|
|
01db47 |
+- name: Test service
|
|
|
01db47 |
+ hosts: ipaserver
|
|
|
01db47 |
+ become: yes
|
|
|
01db47 |
+
|
|
|
01db47 |
+ tasks:
|
|
|
01db47 |
+ # setup
|
|
|
01db47 |
+ - name: Setup test envirnoment.
|
|
|
01db47 |
+ include_tasks: env_setup.yml
|
|
|
01db47 |
+
|
|
|
01db47 |
+ # Add service to test keytab create/retrieve attributes.
|
|
|
01db47 |
+ - name: Ensure test service is present
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ pac_type:
|
|
|
01db47 |
+ - MS-PAC
|
|
|
01db47 |
+ - PAD
|
|
|
01db47 |
+ auth_ind: otp
|
|
|
01db47 |
+ force: yes
|
|
|
01db47 |
+ requires_pre_auth: yes
|
|
|
01db47 |
+ ok_as_delegate: no
|
|
|
01db47 |
+ ok_to_auth_as_delegate: no
|
|
|
01db47 |
+
|
|
|
01db47 |
+ # tests
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_create_keytab_user:
|
|
|
01db47 |
+ - user01
|
|
|
01db47 |
+ - user02
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: not result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, again.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_create_keytab_user:
|
|
|
01db47 |
+ - user01
|
|
|
01db47 |
+ - user02
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_create_keytab_user:
|
|
|
01db47 |
+ - user01
|
|
|
01db47 |
+ - user02
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ state: absent
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: not result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, again.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_create_keytab_user:
|
|
|
01db47 |
+ - user01
|
|
|
01db47 |
+ - user02
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ state: absent
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for group.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_create_keytab_group:
|
|
|
01db47 |
+ - group01
|
|
|
01db47 |
+ - group02
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: not result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for group, again.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_create_keytab_group:
|
|
|
01db47 |
+ - group01
|
|
|
01db47 |
+ - group02
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for group.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_create_keytab_group:
|
|
|
01db47 |
+ - group01
|
|
|
01db47 |
+ - group02
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ state: absent
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: not result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for group, again.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_create_keytab_group:
|
|
|
01db47 |
+ - group01
|
|
|
01db47 |
+ - group02
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ state: absent
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for host.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_create_keytab_host:
|
|
|
01db47 |
+ - "{{ host1_fqdn }}"
|
|
|
01db47 |
+ - "{{ host2_fqdn }}"
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: not result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for host, again.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_create_keytab_host:
|
|
|
01db47 |
+ - "{{ host1_fqdn }}"
|
|
|
01db47 |
+ - "{{ host2_fqdn }}"
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for host.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_create_keytab_host:
|
|
|
01db47 |
+ - "{{ host1_fqdn }}"
|
|
|
01db47 |
+ - "{{ host2_fqdn }}"
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ state: absent
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: not result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for host, again.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_create_keytab_host:
|
|
|
01db47 |
+ - "{{ host1_fqdn }}"
|
|
|
01db47 |
+ - "{{ host2_fqdn }}"
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ state: absent
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for hostgroup.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_create_keytab_hostgroup:
|
|
|
01db47 |
+ - hostgroup01
|
|
|
01db47 |
+ - hostgroup02
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: not result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for hostgroup, again.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_create_keytab_hostgroup:
|
|
|
01db47 |
+ - hostgroup01
|
|
|
01db47 |
+ - hostgroup02
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for hostgroup.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_create_keytab_hostgroup:
|
|
|
01db47 |
+ - hostgroup01
|
|
|
01db47 |
+ - hostgroup02
|
|
|
01db47 |
+ state: absent
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: not result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for hostgroup, again.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_create_keytab_hostgroup:
|
|
|
01db47 |
+ - hostgroup01
|
|
|
01db47 |
+ - hostgroup02
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ state: absent
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_retrieve_keytab_user:
|
|
|
01db47 |
+ - user01
|
|
|
01db47 |
+ - user02
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: not result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, again.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_retrieve_keytab_user:
|
|
|
01db47 |
+ - user01
|
|
|
01db47 |
+ - user02
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_retrieve_keytab_user:
|
|
|
01db47 |
+ - user01
|
|
|
01db47 |
+ - user02
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ state: absent
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: not result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, again.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_retrieve_keytab_user:
|
|
|
01db47 |
+ - user01
|
|
|
01db47 |
+ - user02
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ state: absent
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for group.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_retrieve_keytab_group:
|
|
|
01db47 |
+ - group01
|
|
|
01db47 |
+ - group02
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: not result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for group, again.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_retrieve_keytab_group:
|
|
|
01db47 |
+ - group01
|
|
|
01db47 |
+ - group02
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for group.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_retrieve_keytab_group:
|
|
|
01db47 |
+ - group01
|
|
|
01db47 |
+ - group02
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ state: absent
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: not result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for group, again.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_retrieve_keytab_group:
|
|
|
01db47 |
+ - group01
|
|
|
01db47 |
+ - group02
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ state: absent
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for host.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_retrieve_keytab_host:
|
|
|
01db47 |
+ - "{{ host1_fqdn }}"
|
|
|
01db47 |
+ - "{{ host2_fqdn }}"
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: not result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for host, again.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_retrieve_keytab_host:
|
|
|
01db47 |
+ - "{{ host1_fqdn }}"
|
|
|
01db47 |
+ - "{{ host2_fqdn }}"
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for host.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_retrieve_keytab_host:
|
|
|
01db47 |
+ - "{{ host1_fqdn }}"
|
|
|
01db47 |
+ - "{{ host2_fqdn }}"
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ state: absent
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: not result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for host, again.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_retrieve_keytab_host:
|
|
|
01db47 |
+ - "{{ host1_fqdn }}"
|
|
|
01db47 |
+ - "{{ host2_fqdn }}"
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ state: absent
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for hostgroup.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_retrieve_keytab_hostgroup:
|
|
|
01db47 |
+ - hostgroup01
|
|
|
01db47 |
+ - hostgroup02
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: not result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for hostgroup, again.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_retrieve_keytab_hostgroup:
|
|
|
01db47 |
+ - hostgroup01
|
|
|
01db47 |
+ - hostgroup02
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for hostgroup.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_retrieve_keytab_hostgroup:
|
|
|
01db47 |
+ - hostgroup01
|
|
|
01db47 |
+ - hostgroup02
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ state: absent
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: not result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for hostgroup, again.
|
|
|
01db47 |
+ ipaservice:
|
|
|
01db47 |
+ ipaadmin_password: SomeADMINpassword
|
|
|
01db47 |
+ name: "HTTP/{{ svc_fqdn }}"
|
|
|
01db47 |
+ allow_retrieve_keytab_hostgroup:
|
|
|
01db47 |
+ - hostgroup01
|
|
|
01db47 |
+ - hostgroup02
|
|
|
01db47 |
+ action: member
|
|
|
01db47 |
+ state: absent
|
|
|
01db47 |
+ register: result
|
|
|
01db47 |
+ failed_when: result.changed
|
|
|
01db47 |
+
|
|
|
01db47 |
+ # cleanup
|
|
|
01db47 |
+ - name: Clean-up envirnoment.
|
|
|
01db47 |
+ include_tasks: env_cleanup.yml
|
|
|
01db47 |
--
|
|
|
01db47 |
2.26.2
|
|
|
01db47 |
|