majic-ansible-roles Files · roles/ldap_server/molecule/default/group

Files @ bba096126140

Branch filter:

Location: majic-ansible-roles/roles/ldap_server/molecule/default/group_vars/parameters-optional.yml

bba096126140 2.2 KiB text/x-yaml Show Annotation Show as Raw Download as Raw

branko

MAR-150: Use fixtures for X.509 artefacts in the ldap_server role:

- Removed the statically generated artefacts.
- Generate X.509 artefacts for tests using Gimmecert.
- Updated paths to point to generated artefacts.
- Introduced cleanup playbook for removing generated artefacts.

---

ldap_admin_password: adminpassword

ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/server/{{ inventory_hostname }}_ldap.cert.pem') }}"
ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/server/{{ inventory_hostname }}_ldap.key.pem') }}"

ldap_entries:
  - dn: uid=john,dc=local
    attributes:
      objectClass:
        - inetOrgPerson
        - simpleSecurityObject
      userPassword: johnpassword
      uid: john
      cn: John Doe
      sn: Doe
  - dn: uid=jane,dc=local
    attributes:
      objectClass:
        - inetOrgPerson
        - simpleSecurityObject
      userPassword: janepassword
      uid: jane
      cn: Jane Doe
      sn: Doe

ldap_permissions:
  - >
    to *
    by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
    by self write
    by * read
    by dn="cn=admin,dc=local" write
    by * none

ldap_server_consumers:
  - name: consumer1
    password: consumer1password
  - name: consumer2
    password: consumer2password
    state: present
  - name: consumer3
    password: consumer3password
    state: absent

ldap_server_groups:
  - name: group1
  - name: group2
    state: present
  - name: group3
    state: absent

ldap_server_domain: "local"
ldap_server_organization: "Example"
ldap_server_log_level: 0
ldap_server_ssf: 0
ldap_tls_ciphers: "NONE:+VERS-TLS1.1:+VERS-TLS1.2:+CTYPE-X509:+COMP-NULL:+SIGN-RSA-SHA256:+SIGN-RSA-SHA384:\
+SIGN-RSA-SHA512:+DHE-RSA:+ECDHE-RSA:+SHA1:+SHA256:+SHA384:+AEAD:+AES-128-GCM:+AES-128-CBC:+AES-256-GCM:+AES-256-CBC:+CURVE-ALL"

# ldap_client
ldap_client_config:
  - comment: CA truststore
    option: TLS_CACERT
    value: /etc/ssl/certs/testca.cert.pem
  - comment: Ensure TLS is enforced
    option: TLS_REQCERT
    value: demand

# backup_client
enable_backup: true
backup_client_username: "bak-localhost"
backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}"
backup_server: localhost
backup_server_host_ssh_public_keys:
  - "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}"
  - "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}"
  - "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}"
backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional' ) }}"