130 lines
3.7 KiB
YAML
130 lines
3.7 KiB
YAML
# Test code for the ACI modules
|
|
# Copyright: (c) 2017, Dag Wieers (dagwieers) <dag@wieers.com>
|
|
#
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
|
|
- name: Test that we have an ACI APIC host, ACI username and ACI password
|
|
fail:
|
|
msg: 'Please define the following variables: aci_hostname, aci_username and aci_password.'
|
|
when: aci_hostname is not defined or aci_username is not defined or aci_password is not defined
|
|
|
|
|
|
# CLEAN ENVIRONMENT
|
|
- name: Remove any pre-existing certificate
|
|
aci_aaa_user_certificate: &cert_absent
|
|
hostname: '{{ aci_hostname }}'
|
|
username: '{{ aci_username }}'
|
|
password: '{{ aci_password }}'
|
|
use_proxy: no
|
|
validate_certs: no
|
|
user: admin
|
|
certificate_name: admin
|
|
state: absent
|
|
|
|
|
|
# ADD USER CERTIFICATE
|
|
- name: Add user certificate (check_mode)
|
|
aci_aaa_user_certificate: &cert_present
|
|
hostname: '{{ aci_hostname }}'
|
|
username: '{{ aci_username }}'
|
|
password: '{{ aci_password }}'
|
|
use_proxy: no
|
|
validate_certs: no
|
|
user: admin
|
|
certificate_name: admin
|
|
certificate: "{{ lookup('file', 'pki/admin.crt') }}"
|
|
state: present
|
|
check_mode: yes
|
|
register: cm_add_cert
|
|
|
|
- name: Add user certificate (normal mode)
|
|
aci_aaa_user_certificate: *cert_present
|
|
register: nm_add_cert
|
|
|
|
- name: Add user certificate again (check mode)
|
|
aci_aaa_user_certificate: *cert_present
|
|
check_mode: yes
|
|
register: cm_add_cert_again
|
|
|
|
- name: Add user certificate again (normal mode)
|
|
aci_aaa_user_certificate: *cert_present
|
|
register: nm_add_cert_again
|
|
|
|
- name: Verify add_cert
|
|
assert:
|
|
that:
|
|
- cm_add_cert.changed == nm_add_cert.changed == true
|
|
- cm_add_cert_again.changed == nm_add_cert_again.changed == false
|
|
|
|
|
|
# QUERY ALL USER CERTIFICATES
|
|
- name: Query all user certificates using signature-based authentication (check_mode)
|
|
aci_aaa_user_certificate: &cert_query
|
|
hostname: '{{ aci_hostname }}'
|
|
username: '{{ aci_username }}'
|
|
#password: '{{ aci_password }}'
|
|
private_key: '{{ role_path }}/pki/admin.key'
|
|
use_proxy: no
|
|
validate_certs: no
|
|
user: admin
|
|
state: query
|
|
check_mode: yes
|
|
register: cm_query_all_certs
|
|
|
|
- name: Query all user certificates using signature-based authentication (normal mode)
|
|
aci_aaa_user_certificate: *cert_query
|
|
register: nm_query_all_certs
|
|
|
|
- name: Verify query_all_certs
|
|
assert:
|
|
that:
|
|
- cm_query_all_certs.changed == nm_query_all_certs.changed == false
|
|
# NOTE: Order of certs is not stable between calls
|
|
#- cm_query_all_certs == nm_query_all_certs
|
|
|
|
|
|
# QUERY OUR USER CERTIFICATE
|
|
- name: Query our certificate using signature-based authentication (check_mode)
|
|
aci_aaa_user_certificate:
|
|
<<: *cert_query
|
|
certificate_name: admin
|
|
check_mode: yes
|
|
register: cm_query_cert
|
|
|
|
- name: Query our certificate using signature-based authentication (normal mode)
|
|
aci_aaa_user_certificate:
|
|
<<: *cert_query
|
|
certificate_name: admin
|
|
register: nm_query_cert
|
|
|
|
- name: Verify query_cert
|
|
assert:
|
|
that:
|
|
- cm_query_cert.changed == nm_query_cert.changed == false
|
|
- cm_query_cert == nm_query_cert
|
|
|
|
|
|
# REMOVE CERTIFICATE
|
|
- name: Remove certificate (check_mode)
|
|
aci_aaa_user_certificate: *cert_absent
|
|
check_mode: yes
|
|
register: cm_remove_cert
|
|
|
|
- name: Remove certificate (normal mode)
|
|
aci_aaa_user_certificate: *cert_absent
|
|
register: nm_remove_cert
|
|
|
|
- name: Remove certificate again (check_mode)
|
|
aci_aaa_user_certificate: *cert_absent
|
|
check_mode: yes
|
|
register: cm_remove_cert_again
|
|
|
|
- name: Remove certificate again (normal mode)
|
|
aci_aaa_user_certificate: *cert_absent
|
|
register: nm_remove_cert_again
|
|
|
|
- name: Verify remove_cert
|
|
assert:
|
|
that:
|
|
- cm_remove_cert.changed == nm_remove_cert.changed == true
|
|
- cm_remove_cert_again.changed == nm_remove_cert_again.changed == false
|