ansible/test/integration/targets/prepare_http_tests/tasks/kerberos.yml
Jordan Borean caba47dd3f
Add support for GSSAPI/Kerberos to urls.py (#72113)
* Add support for GSSAPI/Kerberos to urls.py

* Test out changes with the latest test container

* Get remote hosts working

* Fix up httptester_krb5_password reader

* Fix tests for opensuse and macOS

* Hopefully last lot of testing changes

* Dont do CBT on macOS

* Fixes from review
2020-10-13 14:16:07 +10:00

61 lines
1.9 KiB
YAML

- set_fact:
krb5_config: '{{ remote_tmp_dir }}/krb5.conf'
krb5_realm: '{{ httpbin_host.split(".")[1:] | join(".") | upper }}'
krb5_provider: '{{ (ansible_facts.os_family == "FreeBSD" or ansible_facts.distribution == "MacOSX") | ternary("Heimdal", "MIT") }}'
- set_fact:
krb5_username: admin@{{ krb5_realm }}
- name: Create krb5.conf file
template:
src: krb5.conf.j2
dest: '{{ krb5_config }}'
- name: Include distribution specific variables
include_vars: '{{ lookup("first_found", params) }}'
vars:
params:
files:
- '{{ ansible_facts.distribution }}-{{ ansible_facts.distribution_major_version }}.yml'
- '{{ ansible_facts.os_family }}-{{ ansible_facts.distribution_major_version }}.yml'
- '{{ ansible_facts.distribution }}.yml'
- '{{ ansible_facts.os_family }}.yml'
- default.yml
paths:
- '{{ role_path }}/vars'
- name: Install Kerberos sytem packages
package:
name: '{{ krb5_packages }}'
state: present
when: ansible_facts.distribution not in ['Alpine', 'MacOSX']
# apk isn't available on ansible-base so just call command
- name: Alpine - Install Kerberos system packages
command: apk add {{ krb5_packages | join(' ') }}
when: ansible_facts.distribution == 'Alpine'
- name: Install python gssapi
pip:
name:
- gssapi
- importlib ; python_version < '2.7'
state: present
extra_args: '-c {{ remote_constraints }}'
environment:
# Need this custom path for OpenSUSE as krb5-config is placed there
PATH: '{{ ansible_facts.env.PATH }}:/usr/lib/mit/bin'
notify: Remove python gssapi
- name: test the environment to make sure Kerberos is working properly
httptester_kinit:
username: '{{ krb5_username }}'
password: '{{ krb5_password }}'
environment:
KRB5_CONFIG: '{{ krb5_config }}'
KRB5CCNAME: FILE:{{ remote_tmp_dir }}/krb5.cc
- name: remove test credential cache
file:
path: '{{ remote_tmp_dir }}/krb5.cc'
state: absent