blob: 87408cf96832de7767267258a69842353ef4af75 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
|
# Test code for the ACI modules
# Copyright: (c) 2017, Dag Wieers (dagwieers) <dag@wieers.com>
#
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- name: Test that we have an ACI APIC host, ACI username and ACI password
fail:
msg: 'Please define the following variables: aci_hostname, aci_username and aci_password.'
when: aci_hostname is not defined or aci_username is not defined or aci_password is not defined
# CLEAN ENVIRONMENT
- name: Remove any pre-existing user
aci_aaa_user: &user_absent
host: '{{ aci_hostname }}'
username: '{{ aci_username }}'
password: '{{ aci_password }}'
validate_certs: '{{ aci_validate_certs | default(false) }}'
use_ssl: '{{ aci_use_ssl | default(true) }}'
use_proxy: '{{ aci_use_proxy | default(true) }}'
output_level: '{{ aci_output_level | default("info") }}'
aaa_user: ansible
state: absent
# ADD USER
- name: Add user (check_mode)
aci_aaa_user: &user_present
host: '{{ aci_hostname }}'
username: '{{ aci_username }}'
password: '{{ aci_password }}'
validate_certs: '{{ aci_validate_certs | default(false) }}'
use_ssl: '{{ aci_use_ssl | default(true) }}'
use_proxy: '{{ aci_use_proxy | default(true) }}'
output_level: '{{ aci_output_level | default("info") }}'
aaa_user: ansible
description: Ansible test user
email: ansible@ansible.lan
enabled: yes
expiration: never
expires: no
first_name: Test
last_name: User
phone: 1-234-555-678
check_mode: yes
register: cm_add_user
# NOTE: Setting password is not idempotent, see #35544
- name: Add user (normal mode)
aci_aaa_user:
<<: *user_present
aaa_password: 12!Ab:cD!34
register: nm_add_user
- name: Add user again (check mode)
aci_aaa_user: *user_present
check_mode: yes
register: cm_add_user_again
- name: Add user again (normal mode)
aci_aaa_user: *user_present
register: nm_add_user_again
- name: Verify add user
assert:
that:
- cm_add_user.changed == nm_add_user.changed == true
- cm_add_user_again.changed == nm_add_user_again.changed == false
# MODIFY USER
- name: Modify user (check_mode)
aci_aaa_user: &user_changed
host: '{{ aci_hostname }}'
username: '{{ aci_username }}'
password: '{{ aci_password }}'
validate_certs: '{{ aci_validate_certs | default(false) }}'
use_ssl: '{{ aci_use_ssl | default(true) }}'
use_proxy: '{{ aci_use_proxy | default(true) }}'
output_level: '{{ aci_output_level | default("info") }}'
aaa_user: ansible
description: Ansible test user for integration tests
email: aci-ansible@ansible.lan
expiration: '2123-12-12'
expires: yes
phone: 2-345-555-678
check_mode: yes
register: cm_modify_user
- name: Modify user (normal mode)
aci_aaa_user: *user_changed
register: nm_modify_user
- name: Modify user again (check mode)
aci_aaa_user: *user_changed
check_mode: yes
register: cm_modify_user_again
- name: Modify user again (normal mode)
aci_aaa_user: *user_changed
register: nm_modify_user_again
- name: Verify modify user
assert:
that:
- cm_modify_user.changed == nm_modify_user.changed == true
- cm_modify_user_again.changed == nm_modify_user_again.changed == false
# QUERY ALL USERS
- name: Query all users (check_mode)
aci_aaa_user: &user_query
host: '{{ aci_hostname }}'
username: '{{ aci_username }}'
password: '{{ aci_password }}'
validate_certs: '{{ aci_validate_certs | default(false) }}'
use_ssl: '{{ aci_use_ssl | default(true) }}'
use_proxy: '{{ aci_use_proxy | default(true) }}'
output_level: '{{ aci_output_level | default("info") }}'
aaa_user: ansible
state: query
check_mode: yes
register: cm_query_all_users
- name: Query all users (normal mode)
aci_aaa_user: *user_query
register: nm_query_all_users
- name: Verify query_all_users
assert:
that:
- cm_query_all_users.changed == nm_query_all_users.changed == false
# NOTE: Order of users is not stable between calls
#- cm_query_all_users == nm_query_all_users
# QUERY OUR USER
- name: Query our user (check_mode)
aci_aaa_user:
<<: *user_query
check_mode: yes
register: cm_query_user
- name: Query our user (normal mode)
aci_aaa_user:
<<: *user_query
register: nm_query_user
- name: Verify query_user
assert:
that:
- cm_query_user.changed == nm_query_user.changed == false
- cm_query_user == nm_query_user
# REMOVE USER
- name: Remove user (check_mode)
aci_aaa_user: *user_absent
check_mode: yes
register: cm_remove_user
- name: Remove user (normal mode)
aci_aaa_user: *user_absent
register: nm_remove_user
- name: Remove user again (check_mode)
aci_aaa_user: *user_absent
check_mode: yes
register: cm_remove_user_again
- name: Remove user again (normal mode)
aci_aaa_user: *user_absent
register: nm_remove_user_again
- name: Verify remove_user
assert:
that:
- cm_remove_user.changed == nm_remove_user.changed == true
- cm_remove_user_again.changed == nm_remove_user_again.changed == false
|