internet/community.general
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2026-05-06 21:32:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

luks_device: add allow_to_remove_last_key option (#52371)

Browse Source 
* Add allow_to_remove_last_key option.

* Dump headers.

* Add support for old versions of cryptsetup luksDump.

* Update lib/ansible/modules/crypto/luks_device.py

Co-Authored-By: felixfontein <felix@fontein.de>

* Rename allow_to_remove_last_key -> force_remove_last_key.
This commit is contained in:
Felix Fontein
2019-03-14 10:55:35 +01:00
committed by John R Barker
parent fbbab7429e
commit 4573f349ea
2 changed files with 88 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
test/integration/targets/luks_device/tasks/tests/key-management.yml
View File

@@ -62,6 +62,9 @@
device: "{{ cryptfile_device }}"
state: closed
- name: Dump LUKS header
command: "cryptsetup luksDump {{ cryptfile_device }}"
- name: Remove access from keyfile1
luks_device:
device: "{{ cryptfile_device }}"
@@ -100,6 +103,9 @@
device: "{{ cryptfile_device }}"
state: closed
- name: Dump LUKS header
command: "cryptsetup luksDump {{ cryptfile_device }}"
- name: Remove access from keyfile2
luks_device:
device: "{{ cryptfile_device }}"
@@ -107,6 +113,39 @@
keyfile: "{{ role_path }}/files/keyfile2"
remove_keyfile: "{{ role_path }}/files/keyfile2"
become: yes
ignore_errors: yes
register: remove_last_key
- assert:
that:
- remove_last_key is failed
- "'force_remove_last_key' in remove_last_key.msg"
# Access: keyfile2
- name: Try to open with keyfile2
luks_device:
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ role_path }}/files/keyfile2"
become: yes
ignore_errors: yes
register: open_try
- assert:
that:
- open_try is not failed
- name: Close
luks_device:
device: "{{ cryptfile_device }}"
state: closed
- name: Remove access from keyfile2
luks_device:
device: "{{ cryptfile_device }}"
state: closed
keyfile: "{{ role_path }}/files/keyfile2"
remove_keyfile: "{{ role_path }}/files/keyfile2"
force_remove_last_key: yes
become: yes
# Access: none