Modify tests to verify password was changed correctly.

Modify and add tests to verify that a password change has the correct effect on ipavault.
2026-05-06 13:23:14 +00:00 · 2020-07-31 11:42:13 -03:00
parent daee6a6c74
commit 4ef4e706b7
1 changed files with 34 additions and 24 deletions
--- a/tests/vault/test_vault_symmetric.yml
+++ b/tests/vault/test_vault_symmetric.yml
@@ -178,6 +178,15 @@
    register: result
    failed_when: result.vault.data != 'Hello World.' or result.changed

+  - name: Retrieve data from symmetric vault, with wrong password.
+    ipavault:
+      ipaadmin_password: SomeADMINpassword
+      name: symvault
+      password: SomeWRONGpassword
+      state: retrieved
+    register: result
+    failed_when: not result.failed or "Invalid credentials" not in result.msg
+
  - name: Change vault password.
    ipavault:
      ipaadmin_password: SomeADMINpassword
@@ -187,24 +196,6 @@
    register: result
    failed_when: not result.changed

-  - name: Retrieve data from symmetric vault, with wrong password.
-    ipavault:
-      ipaadmin_password: SomeADMINpassword
-      name: symvault
-      password: SomeVAULTpassword
-      state: retrieved
-    register: result
-    failed_when: not result.failed or "Invalid credentials" not in result.msg
-
-  - name: Change vault password, with wrong `old_password`.
-    ipavault:
-      ipaadmin_password: SomeADMINpassword
-      name: symvault
-      password: SomeVAULTpassword
-      new_password: SomeNEWpassword
-    register: result
-    failed_when: not result.failed or "Invalid credentials" not in result.msg
-
  - name: Retrieve data from symmetric vault, with new password.
    ipavault:
      ipaadmin_password: SomeADMINpassword
@@ -212,18 +203,37 @@
      password: SomeNEWpassword
      state: retrieved
    register: result
-    failed_when: result.vault.data != 'Hello World.' or result.changed
+    failed_when: result.data != 'Hello World.' or result.changed

-  - name: Try to add vault with multiple passwords.
+  - name: Retrieve data from symmetric vault, with old password.
    ipavault:
      ipaadmin_password: SomeADMINpassword
-      name: inexistentvault
+      name: symvault
      password: SomeVAULTpassword
-      password_file: "{{ ansible_env.HOME }}/password.txt"
+      state: retrieved
    register: result
-    failed_when: not result.failed or "parameters are mutually exclusive" not in result.msg
+    failed_when: not result.failed or "Invalid credentials" not in result.msg
+
+  - name: Change symmetric vault salt, changing password
+    ipavault:
+      ipaadmin_password: SomeADMINpassword
+      name: symvault
+      password: SomeNEWpassword
+      new_password: SomeVAULTpassword
+      salt: AAAAAAAAAAAAAAAAAAAAAAA=
+    register: result
+    failed_when: not result.changed
+
+  - name: Change symmetric vault salt, without changing password
+    ipavault:
+      ipaadmin_password: SomeADMINpassword
+      name: symvault
+      password: SomeVAULTpassword
+      new_password: SomeVAULTpassword
+      salt: MTIzNDU2Nzg5MDEyMzQ1Ngo=
+    register: result
+    failed_when: not result.changed

-  - name: Try to add vault with multiple new passwords.
    ipavault:
      ipaadmin_password: SomeADMINpassword
      name: inexistentvault