# Test code for the ACI modules # Copyright: (c) 2017, Dag Wieers (dagwieers) # # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) - name: Test that we have an ACI APIC host, ACI username and ACI password fail: msg: 'Please define the following variables: aci_hostname, aci_username and aci_password.' when: aci_hostname is not defined or aci_username is not defined or aci_password is not defined # CLEAN ENVIRONMENT - name: Remove any pre-existing certificate aci_aaa_user_certificate: &cert_absent host: '{{ aci_hostname }}' username: '{{ aci_username }}' password: '{{ aci_password }}' validate_certs: '{{ aci_validate_certs | default(false) }}' use_ssl: '{{ aci_use_ssl | default(true) }}' use_proxy: '{{ aci_use_proxy | default(true) }}' aaa_user: admin certificate_name: admin state: absent # ADD USER CERTIFICATE - name: Add user certificate (check_mode) aci_aaa_user_certificate: &cert_present host: '{{ aci_hostname }}' username: '{{ aci_username }}' password: '{{ aci_password }}' validate_certs: '{{ aci_validate_certs | default(false) }}' use_ssl: '{{ aci_use_ssl | default(true) }}' use_proxy: '{{ aci_use_proxy | default(true) }}' aaa_user: admin certificate_name: admin certificate: "{{ lookup('file', 'pki/admin.crt') }}" state: present check_mode: yes register: cm_add_cert - name: Add user certificate (normal mode) aci_aaa_user_certificate: *cert_present register: nm_add_cert - name: Add user certificate again (check mode) aci_aaa_user_certificate: *cert_present check_mode: yes register: cm_add_cert_again - name: Add user certificate again (normal mode) aci_aaa_user_certificate: *cert_present register: nm_add_cert_again - name: Verify add_cert assert: that: - cm_add_cert.changed == nm_add_cert.changed == true - cm_add_cert_again.changed == nm_add_cert_again.changed == false # QUERY ALL USER CERTIFICATES - name: Query all user certificates using signature-based authentication (check_mode) aci_aaa_user_certificate: &cert_query host: '{{ aci_hostname }}' username: '{{ aci_username }}' #password: '{{ aci_password }}' private_key: '{{ role_path }}/pki/admin.key' validate_certs: '{{ aci_validate_certs | default(false) }}' use_ssl: '{{ aci_use_ssl | default(true) }}' use_proxy: '{{ aci_use_proxy | default(true) }}' aaa_user: admin state: query check_mode: yes register: cm_query_all_certs - name: Query all user certificates using signature-based authentication (normal mode) aci_aaa_user_certificate: *cert_query register: nm_query_all_certs - name: Verify query_all_certs assert: that: - cm_query_all_certs.changed == nm_query_all_certs.changed == false # NOTE: Order of certs is not stable between calls #- cm_query_all_certs == nm_query_all_certs # QUERY OUR USER CERTIFICATE - name: Query our certificate using signature-based authentication (check_mode) aci_aaa_user_certificate: <<: *cert_query certificate_name: admin check_mode: yes register: cm_query_cert - name: Query our certificate using signature-based authentication (normal mode) aci_aaa_user_certificate: <<: *cert_query certificate_name: admin register: nm_query_cert - name: Verify query_cert assert: that: - cm_query_cert.changed == nm_query_cert.changed == false - cm_query_cert == nm_query_cert # REMOVE CERTIFICATE - name: Remove certificate (check_mode) aci_aaa_user_certificate: *cert_absent check_mode: yes register: cm_remove_cert - name: Remove certificate (normal mode) aci_aaa_user_certificate: *cert_absent register: nm_remove_cert - name: Remove certificate again (check_mode) aci_aaa_user_certificate: *cert_absent check_mode: yes register: cm_remove_cert_again - name: Remove certificate again (normal mode) aci_aaa_user_certificate: *cert_absent register: nm_remove_cert_again - name: Verify remove_cert assert: that: - cm_remove_cert.changed == nm_remove_cert.changed == true - cm_remove_cert_again.changed == nm_remove_cert_again.changed == false