From 0342e4b1bec0ed1ed123a8b0158f5d2dcd3237be Mon Sep 17 00:00:00 2001
From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com>
Date: Wed, 2 Jul 2025 14:16:56 +0200
Subject: [PATCH 1/3] feat: create AD users and groups for OPA integration
 tests

---
 roles/ad-dc/tasks/main.yaml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/roles/ad-dc/tasks/main.yaml b/roles/ad-dc/tasks/main.yaml
index fdde98d..e88b01b 100644
--- a/roles/ad-dc/tasks/main.yaml
+++ b/roles/ad-dc/tasks/main.yaml
@@ -94,3 +94,34 @@
     dest_path: target/ca.crt
     format: pem
   delegate_to: localhost
+
+# Create users and groups used by the OPA ad-ad-userinfo test
+
+- name: Create Superset Admins group
+  microsoft.ad.group:
+    name: Superset Admins
+    scope: global
+    state: present
+
+- name: Create user alice
+  microsoft.ad.user:
+    name: alice
+    sam_account_name: sam-alice
+    password: Asdf1234
+    enabled: true
+    upn: "alice@{{ ansible_facts.domain | upper }}"
+    groups:
+      set:
+        - Domain Users
+        - Superset Admins
+
+- name: Create user bob
+  microsoft.ad.user:
+    name: bob
+    sam_account_name: sam-bob
+    password: Asdf1234
+    enabled: true
+    upn: "bob@{{ ansible_facts.domain | upper }}"
+    groups:
+      set:
+        - Domain Users

From 470c944d5a3c12592acc4b3abc6564b1f74113a3 Mon Sep 17 00:00:00 2001
From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com>
Date: Wed, 2 Jul 2025 15:13:02 +0200
Subject: [PATCH 2/3] review feedback

---
 roles/ad-dc/tasks/main.yaml | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/roles/ad-dc/tasks/main.yaml b/roles/ad-dc/tasks/main.yaml
index e88b01b..b3e660a 100644
--- a/roles/ad-dc/tasks/main.yaml
+++ b/roles/ad-dc/tasks/main.yaml
@@ -106,7 +106,7 @@
 - name: Create user alice
   microsoft.ad.user:
     name: alice
-    sam_account_name: sam-alice
+    sam_account_name: sam-alice # different than upn prefix (name)
     password: Asdf1234
     enabled: true
     upn: "alice@{{ ansible_facts.domain | upper }}"
@@ -118,10 +118,21 @@
 - name: Create user bob
   microsoft.ad.user:
     name: bob
-    sam_account_name: sam-bob
+    sam_account_name: bob # same as upn prefix (name)
     password: Asdf1234
     enabled: true
     upn: "bob@{{ ansible_facts.domain | upper }}"
     groups:
       set:
         - Domain Users
+
+- name: Create user charlie
+  microsoft.ad.user:
+    name: charlie
+    sam_account_name: charlie
+    password: Asdf1234
+    enabled: true
+    upn: "charlie@CUSTOM.TEST" # custom suffix
+    groups:
+      set:
+        - Domain Users

From 00d795481cff914072af2b51ac9f830491ddc324 Mon Sep 17 00:00:00 2001
From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com>
Date: Wed, 2 Jul 2025 15:32:13 +0200
Subject: [PATCH 3/3] lowercase upn suffix

---
 roles/ad-dc/tasks/main.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/ad-dc/tasks/main.yaml b/roles/ad-dc/tasks/main.yaml
index b3e660a..39aeda0 100644
--- a/roles/ad-dc/tasks/main.yaml
+++ b/roles/ad-dc/tasks/main.yaml
@@ -109,7 +109,7 @@
     sam_account_name: sam-alice # different than upn prefix (name)
     password: Asdf1234
     enabled: true
-    upn: "alice@{{ ansible_facts.domain | upper }}"
+    upn: "alice@{{ ansible_facts.domain | lower }}"
     groups:
       set:
         - Domain Users
@@ -132,7 +132,7 @@
     sam_account_name: charlie
     password: Asdf1234
     enabled: true
-    upn: "charlie@CUSTOM.TEST" # custom suffix
+    upn: "charlie@custom.test" # custom suffix
     groups:
       set:
         - Domain Users