rpms / ansible-freeipa

Clone
Source Code
GIT

Blame SOURCES/ansible-freeipa-0.1.12-Fix-allow_retrieve_keytab_host-in-service-module_rhbz#1868020.patch

c8 c8-beta c8s c9 c9-beta
  1.   c235c433825a3ffa619340414ee4bf27ac09b11e
  2.   SOURCES
  3.   ansible-freeipa-0.1.12-Fix-allow_retrieve_keytab_host-in-service-module_rhbz#1868020.patch
Blob History Raw
c235c4 
# Skipping 3ab575bcac310166e7d29c5a5349d90482f4e629 as it is reorganizing
c235c4 
# service module test test_service.yml and
c235c4 
# test_service_without_skip_host_check.yml
c235c4
c235c4 
From b5e93c705fc56f6592121aa09bfb9f6dce5cee35 Mon Sep 17 00:00:00 2001
c235c4 
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
c235c4 
Date: Tue, 11 Aug 2020 16:23:15 -0300
c235c4 
Subject: [PATCH] Fix `allow_retrieve_keytab_host` in service module.
c235c4
c235c4 
The attribute `allow_retrieve_keytab_host` was not working due to
c235c4 
wrong processing of the input and verification if the values should
c235c4 
be updated. Both the issues are fixed by this change.
c235c4
c235c4 
Tests were added to better verify service keytab members.
c235c4 
---
c235c4 
 plugins/modules/ipaservice.py         |   4 +-
c235c4 
 tests/service/env_cleanup.yml         |  68 +++++
c235c4 
 tests/service/env_setup.yml           |  73 +++++
c235c4 
 tests/service/env_vars.yml            |  15 +
c235c4 
 tests/service/test_service_keytab.yml | 397 ++++++++++++++++++++++++++
c235c4 
 5 files changed, 555 insertions(+), 2 deletions(-)
c235c4 
 create mode 100644 tests/service/env_cleanup.yml
c235c4 
 create mode 100644 tests/service/env_setup.yml
c235c4 
 create mode 100644 tests/service/env_vars.yml
c235c4 
 create mode 100644 tests/service/test_service_keytab.yml
c235c4
c235c4 
diff --git a/plugins/modules/ipaservice.py b/plugins/modules/ipaservice.py
c235c4 
index b0d2535..8bc390d 100644
c235c4 
--- a/plugins/modules/ipaservice.py
c235c4 
+++ b/plugins/modules/ipaservice.py
c235c4 
@@ -460,7 +460,7 @@ def main():
c235c4 
     allow_retrieve_keytab_group = module_params_get(
c235c4 
         ansible_module, "allow_retrieve_keytab_group")
c235c4 
     allow_retrieve_keytab_host = module_params_get(
c235c4 
-        ansible_module, "allow_create_keytab_host")
c235c4 
+        ansible_module, "allow_retrieve_keytab_host")
c235c4 
     allow_retrieve_keytab_hostgroup = module_params_get(
c235c4 
         ansible_module, "allow_retrieve_keytab_hostgroup")
c235c4 
     delete_continue = module_params_get(ansible_module, "delete_continue")
c235c4 
@@ -727,7 +727,7 @@ def main():
c235c4 
                 # Allow retrieve keytab
c235c4 
                 if len(allow_retrieve_keytab_user_add) > 0 or \
c235c4 
                    len(allow_retrieve_keytab_group_add) > 0 or \
c235c4 
-                   len(allow_retrieve_keytab_hostgroup_add) > 0 or \
c235c4 
+                   len(allow_retrieve_keytab_host_add) > 0 or \
c235c4 
                    len(allow_retrieve_keytab_hostgroup_add) > 0:
c235c4 
                     commands.append(
c235c4 
                         [name, "service_allow_retrieve_keytab",
c235c4 
diff --git a/tests/service/env_cleanup.yml b/tests/service/env_cleanup.yml
c235c4 
new file mode 100644
c235c4 
index 0000000..f96a75b
c235c4 
--- /dev/null
c235c4 
+++ b/tests/service/env_cleanup.yml
c235c4 
@@ -0,0 +1,68 @@
c235c4 
+---
c235c4 
+# Cleanup tasks for the service module tests.
c235c4 
+- name: Ensure services are absent.
c235c4 
+  ipaservice:
c235c4 
+    ipaadmin_password: SomeADMINpassword
c235c4 
+    name:
c235c4 
+      - "HTTP/{{ svc_fqdn }}"
c235c4 
+      - "HTTP/{{ nohost_fqdn }}"
c235c4 
+      - HTTP/svc.ihavenodns.info
c235c4 
+      - HTTP/no.idontexist.local
c235c4 
+      - "cifs/{{ host1_fqdn }}"
c235c4 
+    state: absent
c235c4 
+
c235c4 
+- name: Ensure host "{{ svc_fqdn }}" is absent
c235c4 
+  ipahost:
c235c4 
+    ipaadmin_password: SomeADMINpassword
c235c4 
+    name: "{{ svc_fqdn }}"
c235c4 
+    update_dns: yes
c235c4 
+    state: absent
c235c4 
+
c235c4 
+- name: Ensure host is absent
c235c4 
+  ipahost:
c235c4 
+    ipaadmin_password: SomeADMINpassword
c235c4 
+    name:
c235c4 
+      - "{{ host1_fqdn }}"
c235c4 
+      - "{{ host2_fqdn }}"
c235c4 
+      - "{{ nohost_fqdn }}"
c235c4 
+      - svc.ihavenodns.info
c235c4 
+    update_dns: no
c235c4 
+    state: absent
c235c4 
+
c235c4 
+- name: Ensure testing users are absent.
c235c4 
+  ipauser:
c235c4 
+    ipaadmin_password: SomeADMINpassword
c235c4 
+    name:
c235c4 
+    - user01
c235c4 
+    - user02
c235c4 
+    state: absent
c235c4 
+
c235c4 
+- name: Ensure testing groups are absent.
c235c4 
+  ipagroup:
c235c4 
+    ipaadmin_password: SomeADMINpassword
c235c4 
+    name:
c235c4 
+    - group01
c235c4 
+    - group02
c235c4 
+    state: absent
c235c4 
+
c235c4 
+- name: Ensure testing hostgroup hostgroup01 is absent.
c235c4 
+  ipagroup:
c235c4 
+    ipaadmin_password: SomeADMINpassword
c235c4 
+    name:
c235c4 
+      - hostgroup01
c235c4 
+    state: absent
c235c4 
+
c235c4 
+- name: Ensure testing hostgroup hostgroup02 is absent.
c235c4 
+  ipagroup:
c235c4 
+    ipaadmin_password: SomeADMINpassword
c235c4 
+    name:
c235c4 
+      - hostgroup02
c235c4 
+    state: absent
c235c4 
+
c235c4 
+- name: Remove IP address for "nohost" host.
c235c4 
+  ipadnsrecord:
c235c4 
+    ipaadmin_password: SomeADMINpassword
c235c4 
+    zone_name: "{{ test_domain }}."
c235c4 
+    name: nohost
c235c4 
+    del_all: yes
c235c4 
+    state: absent
c235c4 
diff --git a/tests/service/env_setup.yml b/tests/service/env_setup.yml
c235c4 
new file mode 100644
c235c4 
index 0000000..309cfc0
c235c4 
--- /dev/null
c235c4 
+++ b/tests/service/env_setup.yml
c235c4 
@@ -0,0 +1,73 @@
c235c4 
+# Setup environment for service module tests.
c235c4 
+---
c235c4 
+- name: Setup variables and facts.
c235c4 
+  include_tasks: env_vars.yml
c235c4 
+
c235c4 
+# Cleanup before setup.
c235c4 
+- name: Cleanup test environment.
c235c4 
+  include_tasks: env_cleanup.yml
c235c4 
+
c235c4 
+- name: Add IP address for "nohost" host.
c235c4 
+  ipadnsrecord:
c235c4 
+    ipaadmin_password: SomeADMINpassword
c235c4 
+    zone_name: "{{ test_domain }}."
c235c4 
+    name: nohost
c235c4 
+    a_ip_address: "{{ ipv4_prefix + '.100' }}"
c235c4 
+
c235c4 
+- name: Add hosts for tests.
c235c4 
+  ipahost:
c235c4 
+    ipaadmin_password: SomeADMINpassword
c235c4 
+    hosts:
c235c4 
+      - name: "{{ host1_fqdn }}"
c235c4 
+        ip_address: "{{ ipv4_prefix + '.101' }}"
c235c4 
+      - name: "{{ host2_fqdn }}"
c235c4 
+        ip_address: "{{ ipv4_prefix + '.102' }}"
c235c4 
+      - name: "{{ svc_fqdn }}"
c235c4 
+        ip_address: "{{ ipv4_prefix + '.201' }}"
c235c4 
+      - name: svc.ihavenodns.info
c235c4 
+        force: yes
c235c4 
+    update_dns: yes
c235c4 
+
c235c4 
+- name: Ensure testing user user01 is present.
c235c4 
+  ipauser:
c235c4 
+    ipaadmin_password: SomeADMINpassword
c235c4 
+    name: user01
c235c4 
+    first: user01
c235c4 
+    last: last
c235c4 
+
c235c4 
+- name: Ensure testing user user02 is present.
c235c4 
+  ipauser:
c235c4 
+    ipaadmin_password: SomeADMINpassword
c235c4 
+    name: user02
c235c4 
+    first: user02
c235c4 
+    last: last
c235c4 
+
c235c4 
+- name: Ensure testing group group01 is present.
c235c4 
+  ipagroup:
c235c4 
+    ipaadmin_password: SomeADMINpassword
c235c4 
+    name: group01
c235c4 
+
c235c4 
+- name: Ensure testing group group02 is present.
c235c4 
+  ipagroup:
c235c4 
+    ipaadmin_password: SomeADMINpassword
c235c4 
+    name: group02
c235c4 
+
c235c4 
+- name: Ensure testing hostgroup hostgroup01 is present.
c235c4 
+  ipahostgroup:
c235c4 
+    ipaadmin_password: SomeADMINpassword
c235c4 
+    name: hostgroup01
c235c4 
+
c235c4 
+- name: Ensure testing hostgroup hostgroup02 is present.
c235c4 
+  ipahostgroup:
c235c4 
+    ipaadmin_password: SomeADMINpassword
c235c4 
+    name: hostgroup02
c235c4 
+
c235c4 
+- name: Ensure services are absent.
c235c4 
+  ipaservice:
c235c4 
+    ipaadmin_password: SomeADMINpassword
c235c4 
+    name:
c235c4 
+    - "HTTP/{{ svc_fqdn }}"
c235c4 
+    - "HTTP/{{ nohost_fqdn }}"
c235c4 
+    - HTTP/svc.ihavenodns.info
c235c4 
+    - HTTP/no.idontexist.info
c235c4 
+    state: absent
c235c4 
diff --git a/tests/service/env_vars.yml b/tests/service/env_vars.yml
c235c4 
new file mode 100644
c235c4 
index 0000000..eb53c7a
c235c4 
--- /dev/null
c235c4 
+++ b/tests/service/env_vars.yml
c235c4 
@@ -0,0 +1,15 @@
c235c4 
+---
c235c4 
+    - name: Get Domain from server name
c235c4 
+      set_fact:
c235c4 
+        test_domain: "{{ ansible_fqdn.split('.')[1:] | join('.') }}"
c235c4 
+
c235c4 
+    - name: Set host1, host2 and svc hosts fqdn
c235c4 
+      set_fact:
c235c4 
+        host1_fqdn: "{{ 'host1.' + test_domain }}"
c235c4 
+        host2_fqdn: "{{ 'host2.' + test_domain }}"
c235c4 
+        svc_fqdn: "{{ 'svc.' + test_domain }}"
c235c4 
+        nohost_fqdn: "{{ 'nohost.' + test_domain }}"
c235c4 
+
c235c4 
+    - name: Get IPv4 address prefix from server node
c235c4 
+      set_fact:
c235c4 
+        ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] | join('.') }}"
c235c4 
diff --git a/tests/service/test_service_keytab.yml b/tests/service/test_service_keytab.yml
c235c4 
new file mode 100644
c235c4 
index 0000000..0918802
c235c4 
--- /dev/null
c235c4 
+++ b/tests/service/test_service_keytab.yml
c235c4 
@@ -0,0 +1,397 @@
c235c4 
+---
c235c4 
+- name: Test service
c235c4 
+  hosts: ipaserver
c235c4 
+  become: yes
c235c4 
+
c235c4 
+  tasks:
c235c4 
+  # setup
c235c4 
+  - name: Setup test envirnoment.
c235c4 
+    include_tasks: env_setup.yml
c235c4 
+
c235c4 
+  # Add service to test keytab create/retrieve attributes.
c235c4 
+  - name: Ensure test service is present
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      pac_type:
c235c4 
+        - MS-PAC
c235c4 
+        - PAD
c235c4 
+      auth_ind: otp
c235c4 
+      force: yes
c235c4 
+      requires_pre_auth: yes
c235c4 
+      ok_as_delegate: no
c235c4 
+      ok_to_auth_as_delegate: no
c235c4 
+
c235c4 
+  # tests
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_create_keytab_user:
c235c4 
+      - user01
c235c4 
+      - user02
c235c4 
+      action: member
c235c4 
+    register: result
c235c4 
+    failed_when: not result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for users, again.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_create_keytab_user:
c235c4 
+      - user01
c235c4 
+      - user02
c235c4 
+      action: member
c235c4 
+    register: result
c235c4 
+    failed_when: result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_create_keytab_user:
c235c4 
+      - user01
c235c4 
+      - user02
c235c4 
+      action: member
c235c4 
+      state: absent
c235c4 
+    register: result
c235c4 
+    failed_when: not result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for users, again.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_create_keytab_user:
c235c4 
+      - user01
c235c4 
+      - user02
c235c4 
+      action: member
c235c4 
+      state: absent
c235c4 
+    register: result
c235c4 
+    failed_when: result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for group.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_create_keytab_group:
c235c4 
+      - group01
c235c4 
+      - group02
c235c4 
+      action: member
c235c4 
+    register: result
c235c4 
+    failed_when: not result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for group, again.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_create_keytab_group:
c235c4 
+      - group01
c235c4 
+      - group02
c235c4 
+      action: member
c235c4 
+    register: result
c235c4 
+    failed_when: result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for group.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_create_keytab_group:
c235c4 
+      - group01
c235c4 
+      - group02
c235c4 
+      action: member
c235c4 
+      state: absent
c235c4 
+    register: result
c235c4 
+    failed_when: not result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for group, again.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_create_keytab_group:
c235c4 
+      - group01
c235c4 
+      - group02
c235c4 
+      action: member
c235c4 
+      state: absent
c235c4 
+    register: result
c235c4 
+    failed_when: result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for host.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_create_keytab_host:
c235c4 
+      - "{{ host1_fqdn }}"
c235c4 
+      - "{{ host2_fqdn }}"
c235c4 
+      action: member
c235c4 
+    register: result
c235c4 
+    failed_when: not result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for host, again.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_create_keytab_host:
c235c4 
+      - "{{ host1_fqdn }}"
c235c4 
+      - "{{ host2_fqdn }}"
c235c4 
+      action: member
c235c4 
+    register: result
c235c4 
+    failed_when: result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for host.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_create_keytab_host:
c235c4 
+      - "{{ host1_fqdn }}"
c235c4 
+      - "{{ host2_fqdn }}"
c235c4 
+      action: member
c235c4 
+      state: absent
c235c4 
+    register: result
c235c4 
+    failed_when: not result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for host, again.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_create_keytab_host:
c235c4 
+      - "{{ host1_fqdn }}"
c235c4 
+      - "{{ host2_fqdn }}"
c235c4 
+      action: member
c235c4 
+      state: absent
c235c4 
+    register: result
c235c4 
+    failed_when: result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for hostgroup.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_create_keytab_hostgroup:
c235c4 
+      - hostgroup01
c235c4 
+      - hostgroup02
c235c4 
+      action: member
c235c4 
+    register: result
c235c4 
+    failed_when: not result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab present for hostgroup, again.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_create_keytab_hostgroup:
c235c4 
+      - hostgroup01
c235c4 
+      - hostgroup02
c235c4 
+      action: member
c235c4 
+    register: result
c235c4 
+    failed_when: result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for hostgroup.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_create_keytab_hostgroup:
c235c4 
+      - hostgroup01
c235c4 
+      - hostgroup02
c235c4 
+      state: absent
c235c4 
+      action: member
c235c4 
+    register: result
c235c4 
+    failed_when: not result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_create_keytab absent for hostgroup, again.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_create_keytab_hostgroup:
c235c4 
+      - hostgroup01
c235c4 
+      - hostgroup02
c235c4 
+      action: member
c235c4 
+      state: absent
c235c4 
+    register: result
c235c4 
+    failed_when: result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_retrieve_keytab_user:
c235c4 
+      - user01
c235c4 
+      - user02
c235c4 
+      action: member
c235c4 
+    register: result
c235c4 
+    failed_when: not result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for users, again.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_retrieve_keytab_user:
c235c4 
+      - user01
c235c4 
+      - user02
c235c4 
+      action: member
c235c4 
+    register: result
c235c4 
+    failed_when: result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_retrieve_keytab_user:
c235c4 
+      - user01
c235c4 
+      - user02
c235c4 
+      action: member
c235c4 
+      state: absent
c235c4 
+    register: result
c235c4 
+    failed_when: not result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for users, again.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_retrieve_keytab_user:
c235c4 
+      - user01
c235c4 
+      - user02
c235c4 
+      action: member
c235c4 
+      state: absent
c235c4 
+    register: result
c235c4 
+    failed_when: result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for group.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_retrieve_keytab_group:
c235c4 
+      - group01
c235c4 
+      - group02
c235c4 
+      action: member
c235c4 
+    register: result
c235c4 
+    failed_when: not result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for group, again.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_retrieve_keytab_group:
c235c4 
+      - group01
c235c4 
+      - group02
c235c4 
+      action: member
c235c4 
+    register: result
c235c4 
+    failed_when: result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for group.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_retrieve_keytab_group:
c235c4 
+      - group01
c235c4 
+      - group02
c235c4 
+      action: member
c235c4 
+      state: absent
c235c4 
+    register: result
c235c4 
+    failed_when: not result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for group, again.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_retrieve_keytab_group:
c235c4 
+      - group01
c235c4 
+      - group02
c235c4 
+      action: member
c235c4 
+      state: absent
c235c4 
+    register: result
c235c4 
+    failed_when: result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for host.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_retrieve_keytab_host:
c235c4 
+      - "{{ host1_fqdn }}"
c235c4 
+      - "{{ host2_fqdn }}"
c235c4 
+      action: member
c235c4 
+    register: result
c235c4 
+    failed_when: not result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for host, again.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_retrieve_keytab_host:
c235c4 
+      - "{{ host1_fqdn }}"
c235c4 
+      - "{{ host2_fqdn }}"
c235c4 
+      action: member
c235c4 
+    register: result
c235c4 
+    failed_when: result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for host.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_retrieve_keytab_host:
c235c4 
+      - "{{ host1_fqdn }}"
c235c4 
+      - "{{ host2_fqdn }}"
c235c4 
+      action: member
c235c4 
+      state: absent
c235c4 
+    register: result
c235c4 
+    failed_when: not result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for host, again.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_retrieve_keytab_host:
c235c4 
+      - "{{ host1_fqdn }}"
c235c4 
+      - "{{ host2_fqdn }}"
c235c4 
+      action: member
c235c4 
+      state: absent
c235c4 
+    register: result
c235c4 
+    failed_when: result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for hostgroup.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_retrieve_keytab_hostgroup:
c235c4 
+      - hostgroup01
c235c4 
+      - hostgroup02
c235c4 
+      action: member
c235c4 
+    register: result
c235c4 
+    failed_when: not result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab present for hostgroup, again.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_retrieve_keytab_hostgroup:
c235c4 
+      - hostgroup01
c235c4 
+      - hostgroup02
c235c4 
+      action: member
c235c4 
+    register: result
c235c4 
+    failed_when: result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for hostgroup.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_retrieve_keytab_hostgroup:
c235c4 
+      - hostgroup01
c235c4 
+      - hostgroup02
c235c4 
+      action: member
c235c4 
+      state: absent
c235c4 
+    register: result
c235c4 
+    failed_when: not result.changed
c235c4 
+
c235c4 
+  - name: Service "HTTP/{{ svc_fqdn }}" members allow_retrieve_keytab absent for hostgroup, again.
c235c4 
+    ipaservice:
c235c4 
+      ipaadmin_password: SomeADMINpassword
c235c4 
+      name: "HTTP/{{ svc_fqdn }}"
c235c4 
+      allow_retrieve_keytab_hostgroup:
c235c4 
+      - hostgroup01
c235c4 
+      - hostgroup02
c235c4 
+      action: member
c235c4 
+      state: absent
c235c4 
+    register: result
c235c4 
+    failed_when: result.changed
c235c4 
+
c235c4 
+  # cleanup
c235c4 
+  - name: Clean-up envirnoment.
c235c4 
+    include_tasks: env_cleanup.yml
c235c4 
--
c235c4 
2.26.2
c235c4

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation