Use common tasks and vars for AD related tests

Some tests require AD trust and some common variables related to the
domain controller and AD users.

This patch modifies the tests that require these tasks and vars to use
the same sources. With this change configuring the variables with
inventory files is easier and ensures that data used is valid.

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>

tests/env_freeipa_facts.yml

@@ -67,3 +67,22 @@
   ansible.builtin.set_fact:
     ipaserver_realm: "{{ ipaserver_domain | upper }}"
   when: ipaserver_realm is not defined
+
+- name: Ensure AD variables are set
+  ansible.builtin.set_fact:
+    adserver:
+      domain: "{{ winserver_domain | default('windows.local') }}"
+      realm: "{{ winserver_realm | default(winserver_domain) | default('windows.local') | upper }}"
+      password: "{{ winserver_admin_password | default('SomeW1Npassword') }}"
+      ip_address: "{{ winserver_ip | default(omit) }}"
+  when: trust_test_is_supported | default(false)
+
+- name: Ensure ad_user is set
+  ansible.builtin.set_fact:
+    ad_user: "{{ test_ad_user | default('AD\\aduser') }}"
+  when: trust_test_is_supported | default(false)
+
+- name: Ensure alt_user is set
+  ansible.builtin.set_fact:
+    alt_user: "{{ test_alt_user | default('aduser@ad.ipa.test') }}"
+  when: trust_test_is_supported | default(false)

tests/group/test_group_ad_users.yml

@@ -8,10 +8,6 @@
       ipaadmin_password: SomeADMINpassword
       ipaapi_context: server  # external_member requires 'server' context
 
-  vars:
-    ad_user: "{{ test_ad_user | default('AD\\aduser') }}"
-    alt_user: "{{ test_alt_user | default('aduser@ad.ipa.test') }}"
-
   tasks:
   - name: Include tasks ../env_freeipa_facts.yml
     ansible.builtin.include_tasks: ../env_freeipa_facts.yml
@@ -24,6 +20,12 @@
   - name: Execute group tests if trust test environment is supported
     when: trust_test_is_supported | default(false)
     block:
+      - name: Ensure trust is absent
+        ansible.builtin.include_tasks: ../tasks_remove_trust.yml
+
+      - name: Ensure trust is present
+        ansible.builtin.include_tasks: ../tasks_set_trust.yml
+
       - name: Ensure external group, with AD users, is present.
         ipagroup:
           name: extgroup
@@ -71,3 +73,6 @@
         ipagroup:
           name: extgroup
           state: absent
+
+      - name: Ensure trust is absent
+        ansible.builtin.include_tasks: ../tasks_remove_trust.yml

tests/group/test_group_client_context.yml

@@ -1,11 +1,8 @@
 ---
 - name: Test group
   hosts: ipaclients, ipaserver
-  become: no
-  gather_facts: no
-
-  vars:
-    ad_user: "{{ test_ad_user | default('AD\\aduser') }}"
+  become: false
+  gather_facts: false
 
   tasks:
   - name: Include FreeIPA facts.

tests/group/test_group_external_members.yml

@@ -8,12 +8,7 @@
       ipaadmin_password: SomeADMINpassword
       ipaapi_context: server  # external_member requires 'server' context
 
-  vars:
-    ad_user: "{{ test_ad_user | default('AD\\aduser') }}"
-    alt_user: "{{ test_alt_user | default('aduser@ad.ipa.test') }}"
-
   tasks:
-
   - name: Include tasks ../env_freeipa_facts.yml
     ansible.builtin.include_tasks: ../env_freeipa_facts.yml
 
@@ -27,6 +22,11 @@
   - name: Execute group tests if trust test environment is supported
     when: trust_test_is_supported | default(false)
     block:
+    - name: Ensure AD trust is absent
+      ansible.builtin.include_tasks: ../tasks_remove_trust.yml
+
+    - name: Ensure AD trust is avaiable
+      ansible.builtin.include_tasks: ../tasks_set_trust.yml
 
     - name: Ensure nonposix group is present
       ipagroup:
@@ -49,14 +49,14 @@
       register: result
       failed_when: result.failed or not result.changed
 
-    - name: Ensure nonposix group has AD users
+    - name: Ensure nonposix group has AD user "{{ ad_user }}"
       ipagroup:
         name: extgroup
         external_member: "{{ ad_user }}"
       register: result
       failed_when: result.failed or not result.changed
 
-    - name: Ensure nonposix group has AD users, again
+    - name: Ensure nonposix group has AD user "{{ ad_user }}", again
       ipagroup:
         name: extgroup
         external_member: "{{ ad_user }}"
@@ -77,23 +77,23 @@
       register: result
       failed_when: result.failed or result.changed
 
-    - name: Ensure external group is present, with AD users.
+    - name: Ensure external group is present, with AD user.
       ipagroup:
         name: extgroup
         external: true
         external_member: "{{ ad_user }}"
       register: result
       failed_when: result.failed or not result.changed
 
-    - name: Ensure external group is present, with AD alternate users.
+    - name: Ensure external group is present, with AD alternate user.
       ipagroup:
         name: extgroup
         external: true
         external_member: "{{ alt_user }}"
       register: result
       failed_when: result.failed or result.changed
 
-    - name: Ensure external group is present, with AD users, again.
+    - name: Ensure external group is present, with AD user, again.
       ipagroup:
         name: extgroup
         external: true
@@ -122,7 +122,7 @@
       register: result
       failed_when: result.failed or not result.changed
 
-    - name: Ensure group is external, and has AD users.
+    - name: Ensure group is external, and has AD user.
       ipagroup:
         name: extgroup
         external: true
@@ -138,7 +138,7 @@
       register: result
       failed_when: result.failed or result.changed
 
-    - name: Ensure group is external, and has AD users, again.
+    - name: Ensure group is external, and has AD user, again.
       ipagroup:
         name: extgroup
         external: true
@@ -196,6 +196,9 @@
       register: result
       failed_when: result.failed or result.changed
 
+    - name: Ensure AD trust is absent
+      ansible.builtin.include_tasks: ../tasks_remove_trust.yml
+
   - name: Ensure tests groups are absent
     ipagroup:
       name:

tests/group/test_group_idoverrideuser.yml

@@ -9,17 +9,19 @@
     ipaidoverrideuser:
       ipaadmin_password: SomeADMINpassword
 
-  vars:
-    ad_user: "{{ test_ad_user | default('AD\\aduser') }}"
-    alt_user: "{{ test_alt_user | default('aduser@ad.ipa.test') }}"
-
   tasks:
     - name: Include tasks ../env_freeipa_facts.yml
       ansible.builtin.include_tasks: ../env_freeipa_facts.yml
 
     - name: Execute tests if ipa_verison >= 4.8.7 and trust test environment is supported
       when: ipa_version is version("4.8.7", ">=") and trust_test_is_supported | default(false)
       block:
+      - name: Ensure AD trust is absent
+        ansible.builtin.include_tasks: ../tasks_remove_trust.yml
+
+      - name: Ensure AD trust is avaiable
+        ansible.builtin.include_tasks: ../tasks_set_trust.yml
+
       - name: Ensure test idoverrideuser is present
         ipaidoverrideuser:
           idview: "Default Trust View"
@@ -104,3 +106,6 @@
           anchor: "{{ ad_user }}"
           continue: true
           state: absent
+
+      - name: Ensure AD trust is absent
+        ansible.builtin.include_tasks: ../tasks_remove_trust.yml

tests/idrange/test_idrange.yml

@@ -1,23 +1,16 @@
 ---
 - name: Test idrange
   hosts: "{{ ipa_test_host | default('ipaserver') }}"
-  become: no
-  gather_facts: no
-
-  vars:
-    adserver:
-      domain: "{{ winserver_domain | default('windows.local')}}"
-      realm: "{{ winserver_realm | default(winserver_domain) | default('windows.local') | upper }}"
-      password: "{{ winserver_admin_password | default('SomeW1Npassword') }}"
-      ip_address: "{{ winserver_ip | default(omit) }}"
+  become: false
+  gather_facts: false
 
   tasks:
   - name: Retrieve FreeIPA facts
     ansible.builtin.include_tasks: ../env_freeipa_facts.yml
 
   # CLEANUP TEST ITEMS
   - name: Remove test trust.
-    ansible.builtin.include_tasks: tasks_remove_trust.yml
+    ansible.builtin.include_tasks: ../tasks_remove_trust.yml
     when: trust_test_is_supported | default(false)
 
   - name: Ensure testing idranges are absent
@@ -127,7 +120,7 @@
     block:
       # Create trust with range_type: ipa-ad-trust
       - name: Create trust with range_type 'ipa-ad-trust'
-        ansible.builtin.include_tasks: tasks_set_trust.yml
+        ansible.builtin.include_tasks: ../tasks_set_trust.yml
         vars:
           trust_base_id: 10000000
           trust_range_size: 200000
@@ -224,7 +217,7 @@
 
       # Remove trust and idrange
       - name: Remove test trust.
-        ansible.builtin.include_tasks: tasks_remove_trust.yml
+        ansible.builtin.include_tasks: ../tasks_remove_trust.yml
 
       - name: Ensure AD-trust idrange is absent
         ipaidrange:
@@ -235,7 +228,7 @@
 
       # Create trust with range_type: ipa-ad-trust-posix
       - name: Create trust with range_type 'ipa-ad-trust'
-        ansible.builtin.include_tasks: tasks_set_trust.yml
+        ansible.builtin.include_tasks: ../tasks_set_trust.yml
         vars:
           trust_base_id: 10000000
           trust_range_size: 200000
@@ -257,7 +250,7 @@
 
       # Remove trust and idrange
       - name: Remove test trust.
-        ansible.builtin.include_tasks: tasks_remove_trust.yml
+        ansible.builtin.include_tasks: ../tasks_remove_trust.yml
 
       - name: Ensure AD-trust idrange is absent
         ipaidrange:
@@ -268,7 +261,7 @@
 
       # Remove trust and idrange
       - name: Remove test trust.
-        ansible.builtin.include_tasks: tasks_remove_trust.yml
+        ansible.builtin.include_tasks: ../tasks_remove_trust.yml
 
       - name: Ensure AD-trust idrange is absent
         ipaidrange:
@@ -279,7 +272,7 @@
 
       # Create trust with range_type: ipa-ad-trust-posix
       - name: Create trust with range_type 'ipa-ad-trust-posix'
-        ansible.builtin.include_tasks: tasks_set_trust.yml
+        ansible.builtin.include_tasks: ../tasks_set_trust.yml
         vars:
           trust_base_id: 10000000
           trust_range_size: 2000000
@@ -325,7 +318,7 @@
 
       # Remove trust and idrange
       - name: Remove test trust.
-        ansible.builtin.include_tasks: tasks_remove_trust.yml
+        ansible.builtin.include_tasks: ../tasks_remove_trust.yml
 
       - name: Ensure AD-trust idrange is absent
         ipaidrange:
@@ -336,7 +329,7 @@
 
       # Create trust with range_type: ipa-ad-trust-posix
       - name: Create trust with range_type 'ipa-ad-trust-posix'
-        ansible.builtin.include_tasks: tasks_set_trust.yml
+        ansible.builtin.include_tasks: ../tasks_set_trust.yml
         vars:
           trust_base_id: 10000000
           trust_range_size: 2000000
@@ -358,7 +351,7 @@
     always:
       # CLEANUP TEST ITEMS
       - name: Remove test trust.
-        ansible.builtin.include_tasks: tasks_remove_trust.yml
+        ansible.builtin.include_tasks: ../tasks_remove_trust.yml
 
       - name: Ensure testing idranges are absent
         ipaidrange:

tests/trust/test_trust.yml

@@ -1,14 +1,10 @@
 ---
 - name: Test ipatrust
   hosts: "{{ ipa_test_host | default('ipaserver') }}"
-  become: true
+  become: false
   gather_facts: false
 
   vars:
-    adserver:
-      domain: "{{ winserver_domain | default('windows.local')}}"
-      realm: "{{ winserver_realm | default(winserver_domain) | default('windows.local') | upper }}"
-      password: "{{ winserver_admin_password | default('SomeW1Npassword') }}"
     ipaserver:
       domain: "{{ ipaserver_domain | default('ipa.test')}}"
       realm: "{{ ipaserver_realm | default(ipaserver_domain) | default('ipa.test') | upper }}"