mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-06-10 02:35:54 +00:00
da87f1648e
This change split vault tests in several files, organized by vault type and operation (vault vs. member) so that it is easier to add new tests for issues and verify if tests are missing.
193 lines
5.6 KiB
YAML
193 lines
5.6 KiB
YAML
---
|
|
- name: Test vault
|
|
hosts: ipaserver
|
|
become: true
|
|
# Need to gather facts for ansible_env.
|
|
gather_facts: true
|
|
|
|
tasks:
|
|
- name: Setup testing environment.
|
|
import_tasks: env_setup.yml
|
|
|
|
- name: Ensure asymmetric vault is present
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
vault_type: asymmetric
|
|
public_key: "{{ lookup('file', 'public.pem') | b64encode }}"
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure asymmetric vault is present, again
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
vault_type: asymmetric
|
|
public_key: "{{ lookup('file', 'public.pem') | b64encode }}"
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Archive data to asymmetric vault
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
data: Hello World.
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Retrieve data from asymmetric vault.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
private_key: "{{ lookup('file', 'private.pem') | b64encode }}"
|
|
state: retrieved
|
|
register: result
|
|
failed_when: result.data != 'Hello World.' or result.changed
|
|
|
|
- name: Retrieve data from asymmetric vault into file {{ ansible_env.HOME }}/data.txt.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
out: "{{ ansible_env.HOME }}/data.txt"
|
|
private_key: "{{ lookup('file', 'private.pem') | b64encode }}"
|
|
state: retrieved
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Verify retrieved data.
|
|
slurp:
|
|
src: "{{ ansible_env.HOME }}/data.txt"
|
|
register: slurpfile
|
|
failed_when: slurpfile['content'] | b64decode != 'Hello World.'
|
|
|
|
- name: Archive data with non-ASCII characters to asymmetric vault
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
data: The world of π is half rounded.
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Retrieve data from asymmetric vault.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
private_key: "{{ lookup('file', 'private.pem') | b64encode }}"
|
|
state: retrieved
|
|
register: result
|
|
failed_when: result.data != 'The world of π is half rounded.' or result.changed
|
|
|
|
- name: Archive data in asymmetric vault, from file.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
vault_type: asymmetric
|
|
in: "{{ ansible_env.HOME }}/in.txt"
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Retrieve data from asymmetric vault.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
private_key: "{{ lookup('file', 'private.pem') | b64encode }}"
|
|
state: retrieved
|
|
register: result
|
|
failed_when: result.data != 'Another World.' or result.changed
|
|
|
|
- name: Archive data with single character to asymmetric vault
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
data: c
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Retrieve data from asymmetric vault.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
private_key: "{{ lookup('file', 'private.pem') | b64encode }}"
|
|
state: retrieved
|
|
register: result
|
|
failed_when: result.data != 'c' or result.changed
|
|
|
|
- name: Ensure asymmetric vault is absent
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure asymmetric vault is absent, again
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Ensure asymmetric vault is present, with public key from file.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
public_key_file: "{{ ansible_env.HOME }}/public.pem"
|
|
vault_type: asymmetric
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure asymmetric vault is present, with password from file, again.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
public_key_file: "{{ ansible_env.HOME }}/public.pem"
|
|
vault_type: asymmetric
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Archive data to asymmetric vault
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
data: Hello World.
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Retrieve data from asymmetric vault.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
private_key: "{{ lookup('file', 'private.pem') | b64encode }}"
|
|
state: retrieved
|
|
register: result
|
|
failed_when: result.data != 'Hello World.' or result.changed
|
|
|
|
- name: Retrieve data from asymmetric vault, with password file.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
private_key_file: "{{ ansible_env.HOME }}/private.pem"
|
|
state: retrieved
|
|
register: result
|
|
failed_when: result.data != 'Hello World.' or result.changed
|
|
|
|
- name: Ensure asymmetric vault is absent
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure asymmetric vault is absent, again
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Cleanup testing environment.
|
|
import_tasks: env_setup.yml
|