# Test code for the ACI modules # Copyright: (c) 2017, Dag Wieers (dagwieers) # # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # - name: Test that we have an ACI APIC host, ACI username and ACI password fail: msg: 'Please define the following variables: aci_hostname, aci_username and aci_password.' when: aci_hostname is not defined or aci_username is not defined or aci_password is not defined # CLEAN ENVIRONMENT - name: Remove any pre-existing certificate aci_aaa_user_certificate: &cert_absent hostname: '{{ aci_hostname }}' username: '{{ aci_username }}' password: '{{ aci_password }}' use_proxy: no validate_certs: no user: admin certificate_name: admin state: absent delegate_to: localhost # ADD USER CERTIFICATE - name: Add user certificate (check_mode) aci_aaa_user_certificate: &cert_present hostname: '{{ aci_hostname }}' username: '{{ aci_username }}' password: '{{ aci_password }}' use_proxy: no validate_certs: no user: admin certificate_name: admin certificate: "{{ lookup('file', 'pki/admin.crt') }}" state: present check_mode: yes delegate_to: localhost register: cm_add_cert - name: Add user certificate (normal mode) aci_aaa_user_certificate: *cert_present delegate_to: localhost register: nm_add_cert - name: Add user certificate again (check mode) aci_aaa_user_certificate: *cert_present check_mode: yes delegate_to: localhost register: cm_add_cert_again - name: Add user certificate again (normal mode) aci_aaa_user_certificate: *cert_present delegate_to: localhost register: nm_add_cert_again - name: Verify add_cert assert: that: - cm_add_cert.changed == nm_add_cert.changed == true - cm_add_cert_again.changed == nm_add_cert_again.changed == false # QUERY ALL USER CERTIFICATES - name: Query all user certificates (check_mode) aci_aaa_user_certificate: &cert_query hostname: '{{ aci_hostname }}' username: '{{ aci_username }}' password: '{{ aci_password }}' use_proxy: no validate_certs: no user: admin state: query check_mode: yes delegate_to: localhost register: cm_query_all_certs - name: Query all user certificates (normal mode) aci_aaa_user_certificate: *cert_query delegate_to: localhost register: nm_query_all_certs - name: Verify query_all_certs assert: that: - cm_query_all_certs.changed == nm_query_all_certs.changed == false # NOTE: Order of certs is not stable between calls #- cm_query_all_certs == nm_query_all_certs # QUERY OUR USER CERTIFICATE - name: Query our certificate (check_mode) aci_aaa_user_certificate: <<: *cert_query certificate_name: admin check_mode: yes register: cm_query_cert - name: Query our certificate (normal mode) aci_aaa_user_certificate: <<: *cert_query certificate_name: admin register: nm_query_cert - name: Verify query_cert assert: that: - cm_query_cert.changed == nm_query_cert.changed == false - cm_query_cert == nm_query_cert # REMOVE CERTIFICATE - name: Remove certificate (check_mode) aci_tenant: *cert_absent check_mode: yes register: cm_remove_cert - name: Remove certificate (normal mode) aci_tenant: *cert_absent register: nm_remove_cert - name: Remove certificate again (check_mode) aci_tenant: *cert_absent check_mode: yes register: cm_remove_cert_again - name: Remove certificate again (normal mode) aci_tenant: *cert_absent register: nm_remove_cert_again - name: Verify remove_cert assert: that: - cm_remove_cert.changed == nm_remove_cert.changed == true - cm_remove_cert_again.changed == nm_remove_cert_again.changed == false