mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-06-10 02:35:54 +00:00
b866c56e7e
The file lookup is by default setting `rstrip=True` which could lead into a stripped new line. This is not happening always but resulted in failed tests sometimes with certificates pasted to the b64encode filter. For calls of lookup in the certificae tests `rstrip=False` has been added to make sure that this is not happening any more. Not in test_dnsrecord as lookup(..., rstrip=False) is adding a new line if there was not a new line and this is an issue for dnsrecord. The user and host tests have also been simplified to create the base64 encoded file in the beginning and use this file then later on in the tests without the need to use the b64encode filter. Ref: https://github.com/ansible/ansible/issues/57521#issuecomment-502238000
210 lines
6.4 KiB
YAML
210 lines
6.4 KiB
YAML
---
|
|
- name: Test vault
|
|
hosts: ipaserver
|
|
become: true
|
|
# Need to gather facts for ansible_env.
|
|
gather_facts: true
|
|
|
|
tasks:
|
|
- name: Setup testing environment.
|
|
import_tasks: env_setup.yml
|
|
|
|
- name: Ensure asymmetric vault is present
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
vault_type: asymmetric
|
|
public_key: "{{ lookup('file', 'public.pem', rstrip=False) | b64encode }}"
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure asymmetric vault is present, again
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
vault_type: asymmetric
|
|
public_key: "{{ lookup('file', 'public.pem', rstrip=False) | b64encode }}"
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Archive data to asymmetric vault, matching `no_log` field.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
vault_data: SomeADMINpassword
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Retrieve data from asymmetric vault.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
private_key: "{{ lookup('file', 'private.pem', rstrip=False) | b64encode }}"
|
|
state: retrieved
|
|
register: result
|
|
failed_when: result.vault.data != 'SomeADMINpassword' or result.changed
|
|
|
|
- name: Archive data to asymmetric vault
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
data: Hello World.
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Retrieve data from asymmetric vault.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
private_key: "{{ lookup('file', 'private.pem', rstrip=False) | b64encode }}"
|
|
state: retrieved
|
|
register: result
|
|
failed_when: result.vault.data != 'Hello World.' or result.changed
|
|
|
|
- name: Retrieve data from asymmetric vault into file {{ ansible_env.HOME }}/data.txt.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
out: "{{ ansible_env.HOME }}/data.txt"
|
|
private_key: "{{ lookup('file', 'private.pem', rstrip=False) | b64encode }}"
|
|
state: retrieved
|
|
register: result
|
|
failed_when: result.changed or result.failed or (result.vault.data | default(false))
|
|
|
|
- name: Verify retrieved data.
|
|
slurp:
|
|
src: "{{ ansible_env.HOME }}/data.txt"
|
|
register: slurpfile
|
|
failed_when: slurpfile['content'] | b64decode != 'Hello World.'
|
|
|
|
- name: Archive data with non-ASCII characters to asymmetric vault
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
data: The world of π is half rounded.
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Retrieve data from asymmetric vault.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
private_key: "{{ lookup('file', 'private.pem', rstrip=False) | b64encode }}"
|
|
state: retrieved
|
|
register: result
|
|
failed_when: result.vault.data != 'The world of π is half rounded.' or result.changed
|
|
|
|
- name: Archive data in asymmetric vault, from file.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
vault_type: asymmetric
|
|
in: "{{ ansible_env.HOME }}/in.txt"
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Retrieve data from asymmetric vault.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
private_key: "{{ lookup('file', 'private.pem', rstrip=False) | b64encode }}"
|
|
state: retrieved
|
|
register: result
|
|
failed_when: result.vault.data != 'Another World.' or result.changed
|
|
|
|
- name: Archive data with single character to asymmetric vault
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
data: c
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Retrieve data from asymmetric vault.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
private_key: "{{ lookup('file', 'private.pem', rstrip=False) | b64encode }}"
|
|
state: retrieved
|
|
register: result
|
|
failed_when: result.vault.data != 'c' or result.changed
|
|
|
|
- name: Ensure asymmetric vault is absent
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure asymmetric vault is absent, again
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Ensure asymmetric vault is present, with public key from file.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
public_key_file: "{{ ansible_env.HOME }}/public.pem"
|
|
vault_type: asymmetric
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure asymmetric vault is present, with password from file, again.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
public_key_file: "{{ ansible_env.HOME }}/public.pem"
|
|
vault_type: asymmetric
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Archive data to asymmetric vault
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
data: Hello World.
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Retrieve data from asymmetric vault.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
private_key: "{{ lookup('file', 'private.pem', rstrip=False) | b64encode }}"
|
|
state: retrieved
|
|
register: result
|
|
failed_when: result.vault.data != 'Hello World.' or result.changed
|
|
|
|
- name: Retrieve data from asymmetric vault, with password file.
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
private_key_file: "{{ ansible_env.HOME }}/private.pem"
|
|
state: retrieved
|
|
register: result
|
|
failed_when: result.vault.data != 'Hello World.' or result.changed
|
|
|
|
- name: Ensure asymmetric vault is absent
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
state: absent
|
|
register: result
|
|
failed_when: not result.changed
|
|
|
|
- name: Ensure asymmetric vault is absent, again
|
|
ipavault:
|
|
ipaadmin_password: SomeADMINpassword
|
|
name: asymvault
|
|
state: absent
|
|
register: result
|
|
failed_when: result.changed
|
|
|
|
- name: Cleanup testing environment.
|
|
import_tasks: env_setup.yml
|