diff --git a/roles/ldap_server/molecule/default/playbook.yml b/roles/ldap_server/molecule/default/playbook.yml index 0580673e76cdf8987c99773861711f7b1271402c..de7f80f63f00a32fc3b05f340dc035ef083bc220 100644 --- a/roles/ldap_server/molecule/default/playbook.yml +++ b/roles/ldap_server/molecule/default/playbook.yml @@ -1,114 +1,6 @@ --- -- hosts: parameters-mandatory - become: yes +- hosts: parameters-mandatory,parameters-optional + become: true roles: - - role: ldap_server - ldap_admin_password: adminpassword - - # ldap_client - ldap_client_config: - - comment: CA truststore - option: TLS_CACERT - value: /etc/ssl/certs/testca.cert.pem - - comment: Ensure TLS is enforced - option: TLS_REQCERT - value: demand - - # common vars (not the role, global common) - tls_private_key_dir: tests/data/x509/ - tls_certificate_dir: tests/data/x509/ - -- hosts: parameters-optional - become: yes - roles: - - role: backup_server - backup_host_ssh_private_keys: - dsa: "{{ lookup('file', 'tests/data/ssh/server_dsa') }}" - rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}" - ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}" - ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}" - backup_clients: - - server: localhost - ip: 127.0.0.1 - public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}" - -- hosts: parameters-optional - become: yes - roles: - - role: ldap_server - ldap_admin_password: adminpassword - ldap_entries: - - dn: uid=john,dc=local - attributes: - objectClass: - - inetOrgPerson - - simpleSecurityObject - userPassword: johnpassword - uid: john - cn: John Doe - sn: Doe - - dn: uid=jane,dc=local - attributes: - objectClass: - - inetOrgPerson - - simpleSecurityObject - userPassword: janepassword - uid: jane - cn: Jane Doe - sn: Doe - - ldap_permissions: - - > - to * - by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage - by self write - by * read - by dn="cn=admin,dc=local" write - by * none - - ldap_server_consumers: - - name: consumer1 - password: consumer1password - - name: consumer2 - password: consumer2password - state: present - - name: consumer3 - password: consumer3password - state: absent - - ldap_server_groups: - - name: group1 - - name: group2 - state: present - - name: group3 - state: absent - - ldap_server_domain: "local" - ldap_server_organization: "Example" - ldap_server_log_level: 0 - ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional.cert.pem') }}" - ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional.key.pem') }}" - ldap_server_ssf: 0 - ldap_tls_ciphers: "NONE:+VERS-TLS1.1:+VERS-TLS1.2:+CTYPE-X509:+COMP-NULL:+SIGN-RSA-SHA256:+SIGN-RSA-SHA384:+SIGN-RSA-SHA512:+DHE-RSA:+ECDHE-RSA:+SHA1:+SHA256:+SHA384:+AEAD:+AES-128-GCM:+AES-128-CBC:+AES-256-GCM:+AES-256-CBC:+CURVE-ALL" - - # ldap_client - ldap_client_config: - - comment: CA truststore - option: TLS_CACERT - value: /etc/ssl/certs/testca.cert.pem - - comment: Ensure TLS is enforced - option: TLS_REQCERT - value: demand - - # backup_client - enable_backup: yes - backup_client_username: "bak-localhost" - backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}" - backup_server: localhost - backup_server_host_ssh_public_keys: - - "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}" - - "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}" - - "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}" - - "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}" - backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional' ) }}" + - ldap_server