From 14f682ad7624a7ba4cce4ef37ec0d20f2ba4bc25 Mon Sep 17 00:00:00 2001
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
Date: Wed, 16 Dec 2020 13:01:43 -0300
Subject: [PATCH] Remove usage of b64encode in lookup from Vault tests.
There are some issues using a combination of `lookup('file')` and the
`b64encode` filter in Ansible, making tests unstable. This change
removes the usage of b64encode when loading public and private keys
from files in the Vault test playbooks.
---
tests/vault/env_cleanup.yml | 26 +++++++----
tests/vault/env_setup.yml | 18 +++++---
tests/vault/tasks_vault_members.yml | 6 +--
tests/vault/test_vault_asymmetric.yml | 60 +++++++++++++-------------
tests/vault/test_vault_change_type.yml | 20 ++++-----
5 files changed, 72 insertions(+), 58 deletions(-)
diff --git a/tests/vault/env_cleanup.yml b/tests/vault/env_cleanup.yml
index ed99e091..31cc1799 100644
--- a/tests/vault/env_cleanup.yml
+++ b/tests/vault/env_cleanup.yml
@@ -43,13 +43,17 @@
path: "{{ ansible_env.HOME }}/{{ item }}"
state: absent
with_items:
- - private.pem
- - public.pem
- - old_private.pem
- - old_public.pem
+ - A_private.pem
+ - A_public.pem
+ - B_private.pem
+ - B_public.pem
+ - A_private.b64
+ - A_public.b64
+ - B_private.b64
+ - B_public.b64
- password.txt
- - data.txt
- in.txt
+ - out.txt
- name: Remove files from controller.
file:
@@ -58,7 +62,11 @@
delegate_to: localhost
become: no
with_items:
- - private.pem
- - public.pem
- - old_private.pem
- - old_public.pem
+ - A_private.pem
+ - A_public.pem
+ - B_private.pem
+ - B_public.pem
+ - A_private.b64
+ - A_public.b64
+ - B_private.b64
+ - B_public.b64
diff --git a/tests/vault/env_setup.yml b/tests/vault/env_setup.yml
index 238a931e..47baa292 100644
--- a/tests/vault/env_setup.yml
+++ b/tests/vault/env_setup.yml
@@ -8,21 +8,27 @@
cmd: |
openssl genrsa -out "{{ item }}private.pem" 2048
openssl rsa -in "{{ item }}private.pem" -outform PEM -pubout -out "{{ item }}public.pem"
+ base64 "{{ item }}public.pem" -w5000 > "{{ item }}public.b64"
+ base64 "{{ item }}private.pem" -w5000 > "{{ item }}private.b64"
delegate_to: localhost
become: no
with_items:
- - ""
- - old_
+ - A_
+ - B_
- name: Copy files to target host.
copy:
src: "{{ playbook_dir }}/{{ item }}"
dest: "{{ ansible_env.HOME }}/{{ item }}"
with_items:
- - private.pem
- - public.pem
- - old_private.pem
- - old_public.pem
+ - A_private.pem
+ - A_public.pem
+ - B_private.pem
+ - B_public.pem
+ - A_private.b64
+ - A_public.b64
+ - B_private.b64
+ - B_public.b64
- password.txt
- in.txt
diff --git a/tests/vault/tasks_vault_members.yml b/tests/vault/tasks_vault_members.yml
index 2f975681..99e2fd0c 100644
--- a/tests/vault/tasks_vault_members.yml
+++ b/tests/vault/tasks_vault_members.yml
@@ -25,9 +25,9 @@
- name: Ensure vault is present
ipavault:
ipaadmin_password: SomeADMINpassword
- name: "{{vault.name}}"
- vault_type: "{{vault.vault_type}}"
- public_key: "{{lookup('file', 'private.pem', rstrip=False) | b64encode}}"
+ name: "{{ vault.name }}"
+ vault_type: "{{ vault.vault_type }}"
+ public_key: "{{lookup('file', 'A_private.b64')}}"
register: result
failed_when: not result.changed
when: vault.vault_type == 'asymmetric'
diff --git a/tests/vault/test_vault_asymmetric.yml b/tests/vault/test_vault_asymmetric.yml
index 75bf19c9..d0a7cca7 100644
--- a/tests/vault/test_vault_asymmetric.yml
+++ b/tests/vault/test_vault_asymmetric.yml
@@ -14,7 +14,7 @@
ipaadmin_password: SomeADMINpassword
name: asymvault
vault_type: asymmetric
- public_key: "{{ lookup('file', 'old_public.pem', rstrip=True) | b64encode }}"
+ public_key: "{{ lookup('file', 'A_public.b64') }}"
register: result
failed_when: result.failed or not result.changed
@@ -23,11 +23,11 @@
ipaadmin_password: SomeADMINpassword
name: asymvault
vault_type: asymmetric
- public_key: "{{ lookup('file', 'old_public.pem', rstrip=True) | b64encode }}"
+ public_key: "{{ lookup('file', 'A_public.b64') }}"
register: result
failed_when: result.failed or result.changed
- - name: Archive data to asymmetric vault using "old" key.
+ - name: Archive data to asymmetric vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
@@ -35,68 +35,68 @@
register: result
failed_when: result.failed or not result.changed
- - name: Retrieve data from asymmetric vault using "old" key.
+ - name: Retrieve data from asymmetric vault using key A.
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
- private_key: "{{ lookup('file', 'old_private.pem', rstrip=True) | b64encode }}"
+ private_key: "{{ lookup('file', 'A_private.b64') }}"
state: retrieved
register: result
failed_when: result.failed or result.changed or result.vault.data != 'SomeValue'
- - name: Change asymmetric vault key to "new" key.
+ - name: Change asymmetric vault key to B.
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
vault_type: asymmetric
- public_key: "{{ lookup('file', 'public.pem', rstrip=True) | b64encode }}"
- private_key: "{{ lookup('file', 'old_private.pem', rstrip=True) | b64encode }}"
+ public_key: "{{ lookup('file', 'B_public.b64') }}"
+ private_key: "{{ lookup('file', 'A_private.b64') }}"
register: result
failed_when: result.failed or not result.changed
- - name: Retrieve data from asymmetric vault using "new" key.
+ - name: Retrieve data from asymmetric vault using key B.
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
- private_key: "{{ lookup('file', 'private.pem', rstrip=True) | b64encode }}"
+ private_key: "{{ lookup('file', 'B_private.b64') }}"
state: retrieved
register: result
failed_when: result.failed or result.changed or result.vault.data != 'SomeValue'
- - name: Change asymmetric vault key from_file to "old"
+ - name: Change asymmetric vault key to A, using key_file
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
vault_type: asymmetric
- public_key_file: old_public.pem
- private_key: "{{ lookup('file', 'private.pem', rstrip=True) | b64encode }}"
+ public_key_file: "{{ ansible_env.HOME }}/A_public.pem"
+ private_key: "{{ lookup('file', 'B_private.b64') }}"
register: result
failed_when: result.failed or not result.changed
- - name: Retrieve data from asymmetric vault using old key file.
+ - name: Retrieve data from asymmetric vault using key A, with key_file.
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
- private_key_file: old_private.pem
+ private_key_file: "{{ ansible_env.HOME }}/A_private.pem"
state: retrieved
register: result
failed_when: result.failed or result.changed or result.vault.data != 'SomeValue'
- - name: Change asymmetric vault key to "new" key, using only files
+ - name: Change asymmetric vault key to B key, using key_files
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
vault_type: asymmetric
- public_key_file: public.pem
- private_key_file: old_private.pem
+ public_key_file: "{{ ansible_env.HOME }}/B_public.pem"
+ private_key_file: "{{ ansible_env.HOME }}/A_private.pem"
register: result
failed_when: result.failed or not result.changed
- - name: Retrieve data from asymmetric vault, using new "key".
+ - name: Retrieve data from asymmetric vault, using key B.
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
- private_key: "{{ lookup('file', 'private.pem', rstrip=True) | b64encode }}"
+ private_key: "{{ lookup('file', 'B_private.b64') }}"
state: retrieved
register: result
failed_when: result.failed or result.changed or result.vault.data != 'SomeValue'
@@ -132,7 +132,7 @@
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
- private_key: "{{ lookup('file', 'private.pem', rstrip=True) | b64encode }}"
+ private_key: "{{ lookup('file', 'B_private.b64') }}"
state: retrieved
register: result
failed_when: result.vault.data != 'SomeADMINpassword' or result.changed
@@ -149,7 +149,7 @@
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
- private_key: "{{ lookup('file', 'private.pem', rstrip=True) | b64encode }}"
+ private_key: "{{ lookup('file', 'B_private.b64') }}"
state: retrieved
register: result
failed_when: result.vault.data != 'Hello World.' or result.changed
@@ -159,7 +159,7 @@
ipaadmin_password: SomeADMINpassword
name: asymvault
out: "{{ ansible_env.HOME }}/data.txt"
- private_key: "{{ lookup('file', 'private.pem', rstrip=True) | b64encode }}"
+ private_key: "{{ lookup('file', 'B_private.b64') }}"
state: retrieved
register: result
failed_when: result.changed or result.failed or (result.vault.data | default(false))
@@ -182,7 +182,7 @@
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
- private_key: "{{ lookup('file', 'private.pem', rstrip=True) | b64encode }}"
+ private_key: "{{ lookup('file', 'B_private.b64') }}"
state: retrieved
register: result
failed_when: result.vault.data != 'The world of π is half rounded.' or result.changed
@@ -200,7 +200,7 @@
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
- private_key: "{{ lookup('file', 'private.pem', rstrip=True) | b64encode }}"
+ private_key: "{{ lookup('file', 'B_private.b64') }}"
state: retrieved
register: result
failed_when: result.vault.data != 'Another World.' or result.changed
@@ -217,7 +217,7 @@
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
- private_key: "{{ lookup('file', 'private.pem', rstrip=True) | b64encode }}"
+ private_key: "{{ lookup('file', 'B_private.b64') }}"
state: retrieved
register: result
failed_when: result.vault.data != 'c' or result.changed
@@ -242,7 +242,7 @@
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
- public_key_file: "{{ ansible_env.HOME }}/public.pem"
+ public_key_file: "{{ ansible_env.HOME }}/B_public.pem"
vault_type: asymmetric
register: result
failed_when: not result.changed
@@ -251,7 +251,7 @@
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
- public_key_file: "{{ ansible_env.HOME }}/public.pem"
+ public_key_file: "{{ ansible_env.HOME }}/B_public.pem"
vault_type: asymmetric
register: result
failed_when: result.changed
@@ -268,7 +268,7 @@
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
- private_key: "{{ lookup('file', 'private.pem', rstrip=True) | b64encode }}"
+ private_key: "{{ lookup('file', 'B_private.b64') }}"
state: retrieved
register: result
failed_when: result.vault.data != 'Hello World.' or result.changed
@@ -277,7 +277,7 @@
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
- private_key_file: "{{ ansible_env.HOME }}/private.pem"
+ private_key_file: "{{ ansible_env.HOME }}/B_private.pem"
state: retrieved
register: result
failed_when: result.vault.data != 'Hello World.' or result.changed
diff --git a/tests/vault/test_vault_change_type.yml b/tests/vault/test_vault_change_type.yml
index d519de1d..f7106af1 100644
--- a/tests/vault/test_vault_change_type.yml
+++ b/tests/vault/test_vault_change_type.yml
@@ -26,7 +26,7 @@
ipaadmin_password: SomeADMINpassword
name: test_vault
vault_type: asymmetric
- public_key: "{{ lookup('file', 'public.pem', rstrip=True) | b64encode }}"
+ public_key: "{{ lookup('file', 'A_public.b64') }}"
register: result
failed_when: result.failed or not result.changed
@@ -36,7 +36,7 @@
ipaadmin_password: SomeADMINpassword
name: test_vault
vault_type: symmetric
- private_key: "{{ lookup('file', 'private.pem') | b64encode }}"
+ private_key: "{{ lookup('file', 'A_private.b64') }}"
password: SomeVAULTpassword
register: result
failed_when: result.failed or not result.changed
@@ -89,7 +89,7 @@
name: test_vault
vault_type: asymmetric
password: SomeVAULTpassword
- public_key: "{{ lookup('file', 'public.pem') | b64encode }}"
+ public_key: "{{ lookup('file', 'A_public.b64') }}"
register: result
failed_when: result.failed or not result.changed
@@ -110,7 +110,7 @@
ipaadmin_password: SomeADMINpassword
name: test_vault
vault_type: standard
- private_key: "{{ lookup('file', 'private.pem') | b64encode }}"
+ private_key: "{{ lookup('file', 'A_private.b64') }}"
register: result
failed_when: result.failed or not result.changed
@@ -143,7 +143,7 @@
ipaadmin_password: SomeADMINpassword
name: test_vault
vault_type: asymmetric
- public_key: "{{ lookup('file', 'public.pem', rstrip=True) | b64encode }}"
+ public_key: "{{ lookup('file', 'A_public.b64') }}"
register: result
failed_when: result.failed or not result.changed
@@ -151,7 +151,7 @@
ipavault:
ipaadmin_password: SomeADMINpassword
name: test_vault
- private_key: "{{ lookup('file', 'private.pem', rstrip=True) | b64encode }}"
+ private_key: "{{ lookup('file', 'A_private.b64') }}"
state: retrieved
register: result
failed_when: result.failed or result.changed or result.vault.data != 'hello'
@@ -162,7 +162,7 @@
ipaadmin_password: SomeADMINpassword
name: test_vault
vault_type: symmetric
- private_key: "{{ lookup('file', 'private.pem') | b64encode }}"
+ private_key: "{{ lookup('file', 'A_private.b64') }}"
password: SomeVAULTpassword
register: result
failed_when: result.failed or not result.changed
@@ -241,7 +241,7 @@
name: test_vault
vault_type: asymmetric
password: SomeVAULTpassword
- public_key: "{{ lookup('file', 'public.pem') | b64encode }}"
+ public_key: "{{ lookup('file', 'A_public.b64') }}"
register: result
failed_when: result.failed or not result.changed
@@ -261,7 +261,7 @@
ipaadmin_password: SomeADMINpassword
name: test_vault
state: retrieved
- private_key: "{{ lookup('file', 'private.pem', rstrip=True) | b64encode }}"
+ private_key: "{{ lookup('file', 'A_private.b64') }}"
register: result
failed_when: result.failed or result.changed or result.vault.data != 'hello'
@@ -271,7 +271,7 @@
ipaadmin_password: SomeADMINpassword
name: test_vault
vault_type: standard
- private_key: "{{ lookup('file', 'private.pem') | b64encode }}"
+ private_key: "{{ lookup('file', 'A_private.b64') }}"
register: result
failed_when: result.failed or not result.changed or result.failed
--
GitLab