Commit 97bd0b8b authored by Fabien Combernous's avatar Fabien Combernous

Merge branch '97-use-tasks-to-create-and-delete-human-admins-accounts' into 'master'

Resolve "rename task create_admin as manage_admin"

Closes #97

See merge request !102
parents 42bd36db c70087ae
Pipeline #6527 canceled with stages
in 0 seconds
...@@ -47,9 +47,10 @@ But, the module is more an idempotent installer of FreeIPA. So changing a value ...@@ -47,9 +47,10 @@ But, the module is more an idempotent installer of FreeIPA. So changing a value
## Usage ## Usage
### Example usage: ### Examples of usage:
Deploy an IPA master :
Creating an IPA master :
```puppet ```puppet
class {'freeipa': class {'freeipa':
ipa_role => 'master', ipa_role => 'master',
...@@ -66,7 +67,8 @@ class {'freeipa': ...@@ -66,7 +67,8 @@ class {'freeipa':
} }
``` ```
Adding a replica: Add a replica:
```puppet ```puppet
class {'freeipa': class {'freeipa':
ipa_role => 'replica', ipa_role => 'replica',
...@@ -83,7 +85,8 @@ class {'freeipa': ...@@ -83,7 +85,8 @@ class {'freeipa':
} }
``` ```
Adding a client: Add a client:
```puppet ```puppet
class {'freeipa': class {'freeipa':
ipa_role => 'client', ipa_role => 'client',
...@@ -94,6 +97,14 @@ ipa_master_fqdn => 'ipa-server-1.example.lan', ...@@ -94,6 +97,14 @@ ipa_master_fqdn => 'ipa-server-1.example.lan',
} }
``` ```
Create an admin account with task :
`bolt task run freeipa::manage_admin operator_login='mylogin' operator_password='mysecret' ensure='present' login='jaimarre' firstname='Jean' lastname='Aimarre' password='newadminsecret' --nodes <ipamaster> --modulepath ~/modules`
Delete an admin account with task :
`bolt task run freeipa::manage_admin operator_login='mylogin' operator_password='mysecret' ensure='present' login='jaimarre' --nodes <ipamaster> --modulepath ~/modules`
### REFERENCE ### REFERENCE
A full description can be found in `REFERENCE.md`. A full description can be found in `REFERENCE.md`.
......
...@@ -23,7 +23,7 @@ _Private Classes_ ...@@ -23,7 +23,7 @@ _Private Classes_
**Tasks** **Tasks**
* [`create_admin`](#create_admin): Create a new FreeIPA admin account * [`manage_admin`](#manage_admin): Create a new FreeIPA admin account
## Classes ## Classes
...@@ -353,7 +353,7 @@ include freeipa::install::autofs ...@@ -353,7 +353,7 @@ include freeipa::install::autofs
## Tasks ## Tasks
### create_admin ### manage_admin
Create a new FreeIPA admin account Create a new FreeIPA admin account
...@@ -377,23 +377,29 @@ Password of operator running the task ...@@ -377,23 +377,29 @@ Password of operator running the task
Data type: `String[1]` Data type: `String[1]`
Login name of created administrator account Login name of managed administrator account
##### `ensure`
Data type: `Enum['present','absent']`
Whether the login account should exist or not
##### `firstname` ##### `firstname`
Data type: `String[1]` Data type: `Optional[String[1]]`
First name of created administrator account First name of managed administrator account
##### `lastname` ##### `lastname`
Data type: `String[1]` Data type: `Optional[String[1]]`
Last name of created administrator account Last name of managed administrator account
##### `password` ##### `password`
Data type: `String[8]` Data type: `Optional[String[8]]`
Password of created administrator account Password of managed administrator account
...@@ -2,7 +2,7 @@ require 'spec_helper_acceptance' ...@@ -2,7 +2,7 @@ require 'spec_helper_acceptance'
require 'beaker-task_helper/inventory' require 'beaker-task_helper/inventory'
require 'bolt_spec/run' require 'bolt_spec/run'
describe 'create_admin task' do describe 'manage_admin task' do
include Beaker::TaskHelper::Inventory include Beaker::TaskHelper::Inventory
include BoltSpec::Run include BoltSpec::Run
...@@ -14,14 +14,29 @@ describe 'create_admin task' do ...@@ -14,14 +14,29 @@ describe 'create_admin task' do
hosts_to_inventory hosts_to_inventory
end end
it 'creates admin account' do context 'with ensure present' do
# rubocop:disable Style/BracesAroundHashParameters it 'creates admin account' do
result = run_task( # rubocop:disable Style/BracesAroundHashParameters
'freeipa::create_admin', result = run_task(
'master', 'freeipa::manage_admin',
{ 'operator_login' => 'admin', 'operator_password' => 's^ecr@et.ea;R/O*=?j!.QsAu+$', 'login' => 'jaimarre', 'firstname' => 'Jean', 'lastname' => 'Aimarre', 'password' => 'adminsecret' } 'master',
) { 'operator_login' => 'admin', 'operator_password' => 's^ecr@et.ea;R/O*=?j!.QsAu+$', 'ensure' => 'present', 'login' => 'jaimarre', 'firstname' => 'Jean', 'lastname' => 'Aimarre', 'password' => 'adminsecret' }
# rubocop:enable Style/BracesAroundHashParameters )
expect(result.first).to include('status' => 'success') # rubocop:enable Style/BracesAroundHashParameters
expect(result.first).to include('status' => 'success')
end
end
context 'with ensure absent' do
it 'deletes admin account' do
# rubocop:disable Style/BracesAroundHashParameters
result = run_task(
'freeipa::manage_admin',
'master',
{ 'operator_login' => 'admin', 'operator_password' => 's^ecr@et.ea;R/O*=?j!.QsAu+$', 'ensure' => 'absent', 'login' => 'jaimarre' }
)
# rubocop:enable Style/BracesAroundHashParameters
expect(result.first).to include('status' => 'success')
end
end end
end end
{
"puppet_task_version": 1,
"supports_noop": false,
"description": "Create a new FreeIPA admin account",
"parameters": {
"operator_login": {
"description": "FreeIPA login of operator running the task",
"type": "String[1]"
},
"operator_password": {
"description": "Password of operator running the task",
"type": "String[1]"
},
"login": {
"description": "Login name of created administrator account",
"type": "String[1]"
},
"firstname": {
"description": "First name of created administrator account",
"type": "String[1]"
},
"lastname": {
"description": "Last name of created administrator account",
"type": "String[1]"
},
"password": {
"description": "Password of created administrator account",
"type": "String[8]"
}
}
}
{
"puppet_task_version": 1,
"supports_noop": false,
"description": "Create a new FreeIPA admin account",
"parameters": {
"operator_login": {
"description": "FreeIPA login of operator running the task",
"type": "String[1]"
},
"operator_password": {
"description": "Password of operator running the task",
"type": "String[1]"
},
"login": {
"description": "Login name of managed administrator account",
"type": "String[1]"
},
"ensure": {
"description": "Whether the login account should exist or not",
"type": "Enum['present','absent']"
},
"firstname": {
"description": "First name of managed administrator account",
"type": "Optional[String[1]]"
},
"lastname": {
"description": "Last name of managed administrator account",
"type": "Optional[String[1]]"
},
"password": {
"description": "Password of managed administrator account",
"type": "Optional[String[8]]"
}
}
}
#!/usr/bin/env bash #!/usr/bin/env bash
# #
# Create an admin account of FreeIPA # Create and delete an admin account of FreeIPA
KINIT_CMD='/usr/bin/kinit' KINIT_CMD='/usr/bin/kinit'
KDESTROY_CMD='/usr/bin/kdestroy' KDESTROY_CMD='/usr/bin/kdestroy'
...@@ -27,7 +27,7 @@ message() { ...@@ -27,7 +27,7 @@ message() {
msg="action '${action}' on Kerberos ticket-granting ticket has failed." msg="action '${action}' on Kerberos ticket-granting ticket has failed."
fi fi
;; ;;
user-add | group-add-member) user-add | group-add-member | user-del)
if [ $status -eq 0 ]; then if [ $status -eq 0 ]; then
msg="action '${action}' on IPA object is done." msg="action '${action}' on IPA object is done."
else else
...@@ -138,6 +138,26 @@ ipa_group_add_admins() { ...@@ -138,6 +138,26 @@ ipa_group_add_admins() {
fi fi
} }
#
# Delete user from FreeIPA
#
ipa_del_user() {
local login= retval=
login=$1
$IPA_CMD user-del $login
retval=$?
message 'user-del' $retval
if [ $retval -ne 0 ]; then
krb_tgt destroy
exit $retval
else
return $retval
fi
}
# #
# Main # Main
...@@ -147,8 +167,18 @@ is_commands_installed $USED_COMMANDS ...@@ -147,8 +167,18 @@ is_commands_installed $USED_COMMANDS
krb_tgt init $PT_operator_login $PT_operator_password krb_tgt init $PT_operator_login $PT_operator_password
ipa_add_user $PT_login $PT_firstname $PT_lastname $PT_password case $PT_ensure in
present)
ipa_group_add_admins $PT_login ipa_add_user $PT_login $PT_firstname $PT_lastname $PT_password
ipa_group_add_admins $PT_login
;;
absent)
ipa_del_user $PT_login
;;
*)
msg="Unexpected ensure value '${PT_ensure}'"
exit 1
;;
esac
krb_tgt destroy krb_tgt destroy
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment