First Draft of the User Module

molecule/system_access_users/converge.yml

@@ -0,0 +1,209 @@
+---
+- name: converge
+  hosts: all
+  become: true
+  tasks:
+    - name: "test"
+      ansible.builtin.debug:
+        msg: "test"
+
+      # Test User minimum requirements
+    - name: "Test User 1: Test minimum requirements User Creation"
+      puzzle.opnsense.system_access_users:
+        username: test_user_1
+        password: test_password_1
+
+      # Test User minimum requirements disabled
+    - name: "Test User 2: Test disabled User Creation"
+      puzzle.opnsense.system_access_users:
+        username: test_user_2
+        password: test_password_2
+        full_name: "Test User 2: Test disabled User Creation"
+        disabled: True
+
+      # Test User with Full Name
+    - name: "Test User 3: Test User Creation with Full Name"
+      puzzle.opnsense.system_access_users:
+        username: test_user_3
+        password: test_password_3
+        full_name: "Test User 3: Test User Creation with Full Name"
+
+      # Test User with E-Mail
+    - name: "Test User 4: Test User Creation with E-Mail"
+      puzzle.opnsense.system_access_users:
+        username: test_user_4
+        password: test_password_4
+        email: [email protected]
+        full_name: "Test User 4: Test User Creation with E-Mail"
+
+      # Test User with Comment
+    - name: "Test User 5: Test User Creation with Comment"
+      puzzle.opnsense.system_access_users:
+        username: test_user_5
+        password: test_password_5
+        comment: Test User 5 Comment
+        full_name: "Test User 5: Test User Creation with Comment"
+
+      # Test User with Preferred landing page
+    - name: "Test User 6: Test User Creation with Preferred landing page"
+      puzzle.opnsense.system_access_users:
+        username: test_user_6
+        password: test_password_6
+        landing_page: /ui/ipsec/sessions
+        full_name: "Test User 6: Test User Creation with Preferred landing page"
+
+      # Test User with nologin shell
+    - name: "Test User 7: Test User Creation with nologin shell"
+      puzzle.opnsense.system_access_users:
+        username: test_user_7
+        password: test_password_7
+        shell: /sbin/nologin
+        full_name: "Test User 7: Test User Creation with nologin shell"
+
+      # Test User with csh shell
+    - name: "Test User 8: Test User Creation with csh shell"
+      puzzle.opnsense.system_access_users:
+        username: test_user_8
+        password: test_password_8
+        shell: /bin/csh
+        full_name: "Test User 8: Test User Creation with csh shell"
+
+      # Test User with sh shell
+    - name: "Test User 9: Test User Creation with sh shell"
+      puzzle.opnsense.system_access_users:
+        username: test_user_9
+        password: test_password_9
+        shell: /bin/sh
+        full_name: "Test User 9: Test User Creation with sh shell"
+
+      # Test User with tcsh shell
+    - name: "Test User 10: Test User Creation with tcsh shell"
+      puzzle.opnsense.system_access_users:
+        username: test_user_10
+        password: test_password_10
+        shell: /bin/tcsh
+        full_name: "Test User 10: Test User Creation with tcsh shell"
+
+      # Test User with Expiration date
+    - name: "Test User 11: Test User Creation with Expiration date"
+      puzzle.opnsense.system_access_users:
+        username: test_user_11
+        password: test_password_11
+        expires: 02/27/2024
+        full_name: "Test User 11: Test User Creation with Expiration date"
+
+     # Test User with group as string
+    - name: "Test User 12: Test User Creation with group as string"
+      puzzle.opnsense.system_access_users:
+        username: test_user_12
+        password: test_password_12
+        full_name: "Test User 12: Test User Creation with group as string"
+        groups: admins
+
+      # Test User with group as list
+    - name: "Test User 13: Test User Creation with group as list"
+      puzzle.opnsense.system_access_users:
+        username: test_user_13
+        password: test_password_13
+        full_name: "Test User 13: Test User Creation with group as list"
+        groups:
+          - admins
+
+      # Test User with not existing group as list
+    - name: "Test User 14: Test User Creation with not existing group as list"
+      puzzle.opnsense.system_access_users:
+        username: test_user_14
+        password: test_password_14
+        full_name: "Test User 14: Test User Creation with not existing group as list"
+        groups:
+          - test
+      register: test_user_14_result
+      ignore_errors: yes
+
+    - name: "Verify that the user creation failed due to non-existing group"
+      ansible.builtin.assert:
+        that:
+          - test_user_14_result is failed
+        fail_msg: "User creation should fail due to non-existing group"
+        success_msg: "User creation failed as expected due to non-existing group"
+
+      # Test User with empty otp_seed
+    - name: "Test User 15: Test User Creation with empty otp_seed"
+      puzzle.opnsense.system_access_users:
+        username: test_user_15
+        password: test_password_15
+        otp_seed: ""
+        full_name: "Test User 15: Test User Creation with empty otp_seed"
+
+      # Test User with otp_seed
+    - name: "Test User 16: Test User Creation with otp_seed"
+      puzzle.opnsense.system_access_users:
+        username: test_user_16
+        password: test_password_16
+        otp_seed: test_seed
+        full_name: "Test User 16: Test User Creation with otp_seed"
+
+      # Test User with empty authorizedkeys
+    - name: "Test User 17: Test User Creation with empty authorizedkeys"
+      puzzle.opnsense.system_access_users:
+        username: test_user_17
+        password: test_password_17
+        authorizedkeys: ""
+        full_name: "Test User 17: Test User Creation with empty authorizedkeys"
+
+      # Test User with authorizedkeys
+    - name: "Test User 18: Test User Creation with authorizedkeys"
+      puzzle.opnsense.system_access_users:
+          username: test_user_18
+          password: test_password_18
+          authorizedkeys: test_authorized_key
+          full_name: "Test User 18: Test User Creation with authorizedkeys"
+
+      # Test User with empty api_keys
+    - name: "Test User 19: Test User Creation with empty api_keys"
+      puzzle.opnsense.system_access_users:
+          username: test_user_19
+          password: test_password_19
+          apikeys: ""
+          full_name: "Test User 19: Test User Creation with empty api_keys"
+      register: api_keys_result
+
+    - name: Return the created apikeys and secret of Test User 19
+      ansible.builtin.debug:
+        msg: "The following api_keys were created {{ api_keys_result.generated_apikeys }}"
+      when:
+        - "'generated_apikeys' in api_keys_result"
+        - api_keys_result.generated_apikeys | length > 0
+
+      # Test User with too short api_keys
+    - name: "Test User 20: Test User Creation with too short api_keys"
+      puzzle.opnsense.system_access_users:
+          username: test_user_20
+          password: test_password_20
+          apikeys: "TEST_API_KEY"
+          full_name: "Test User 20: Test User Creation with too short api_keys"
+      register: test_user_20_result
+      ignore_errors: yes
+
+    - name: "Verify that the user creation failed due to too short api key"
+      ansible.builtin.assert:
+        that:
+          - test_user_20_result is failed
+        fail_msg: "The API key: TEST_API_KEY is not a valid string. Must be >= 80 characters."
+        success_msg: "The API key: TEST_API_KEY is not a valid string. Must be >= 80 characters."
+
+      # Test User with valid api_keys
+    - name: "Test User 21: Test User Creation with valid api_keys"
+      puzzle.opnsense.system_access_users:
+          username: test_user_21
+          password: test_password_21
+          apikeys: "TEST_API_KEY_WITH_RANDOM_CHARS_UNTIL_80_zo5Y3bUpOQFfbQnAOB6GqbHsPAP9Jqbjofnqu9xc"
+          full_name: "Test User 21: Test User Creation with valid api_keys"
+      register: api_keys_result
+
+    - name: Return the created apikeys and secret of Test User 21
+      ansible.builtin.debug:
+        msg: "The following api_keys were created {{ api_keys_result.generated_apikeys }}"
+      when:
+        - "'generated_apikeys' in api_keys_result"
+        - api_keys_result.generated_apikeys | length > 0

molecule/system_access_users/molecule.yml

@@ -0,0 +1,69 @@
+---
+scenario:
+    name: system_access_users
+    test_sequence:
+        # - dependency not relevant unless we have requirements
+        - destroy
+        - syntax
+        - create
+#        - prepare
+        - converge
+        - idempotence
+        #- verify
+        - cleanup
+        - destroy
+
+driver:
+    name: vagrant
+    parallel: true
+
+platforms:
+    - name: "22.7"
+      hostname: false
+      box: puzzle/opnsense
+      box_version: "22.7"
+      memory: 1024
+      cpus: 2
+      instance_raw_config_args:
+          - 'vm.guest = :freebsd'
+          - 'ssh.sudo_command = "%c"'
+          - 'ssh.shell = "/bin/sh"'
+    - name: "23.1"
+      box: puzzle/opnsense
+      hostname: false
+      box_version: "23.1"
+      memory: 1024
+      cpus: 2
+      instance_raw_config_args:
+          - 'vm.guest = :freebsd'
+          - 'ssh.sudo_command = "%c"'
+          - 'ssh.shell = "/bin/sh"'
+    - name: "23.7"
+      box: puzzle/opnsense
+      hostname: false
+      box_version: "23.7"
+      memory: 1024
+      cpus: 2
+      instance_raw_config_args:
+        - 'vm.guest = :freebsd'
+        - 'ssh.sudo_command = "%c"'
+        - 'ssh.shell = "/bin/sh"'
+    - name: "24.1"
+      box: puzzle/opnsense
+      hostname: false
+      box_version: "24.1"
+      memory: 1024
+      cpus: 2
+      instance_raw_config_args:
+        - 'vm.guest = :freebsd'
+        - 'ssh.sudo_command = "%c"'
+        - 'ssh.shell = "/bin/sh"'
+
+provisioner:
+    name: ansible
+#    env:
+#        ANSIBLE_VERBOSITY: 3
+verifier:
+    name: ansible
+    options:
+        become: true

molecule/system_access_users/verify.yml

@@ -0,0 +1,6 @@
+---
+- name: Verify connectivity to server
+  hosts: all
+  tasks:
+    - name: Ping the server
+      ansible.builtin.ping: