Remove usage of b64encode in lookup from Vault tests.

There are some issues using a combination of `lookup('file')` and the
`b64encode` filter in Ansible, making tests unstable. This change
removes the usage of b64encode when loading public and private keys
from files in the Vault test playbooks.

tests/vault/env_cleanup.yml

@@ -43,13 +43,17 @@
       path: "{{ ansible_env.HOME }}/{{ item }}"
       state: absent
     with_items:
-    - private.pem
-    - public.pem
-    - old_private.pem
-    - old_public.pem
+    - A_private.pem
+    - A_public.pem
+    - B_private.pem
+    - B_public.pem
+    - A_private.b64
+    - A_public.b64
+    - B_private.b64
+    - B_public.b64
     - password.txt
-    - data.txt
     - in.txt
+    - out.txt
 
   - name: Remove files from controller.
     file:
@@ -58,7 +62,11 @@
     delegate_to: localhost
     become: no
     with_items:
-    - private.pem
-    - public.pem
-    - old_private.pem
-    - old_public.pem
+    - A_private.pem
+    - A_public.pem
+    - B_private.pem
+    - B_public.pem
+    - A_private.b64
+    - A_public.b64
+    - B_private.b64
+    - B_public.b64

tests/vault/env_setup.yml

@@ -8,21 +8,27 @@
       cmd: |
         openssl genrsa -out "{{ item }}private.pem" 2048
         openssl rsa -in "{{ item }}private.pem" -outform PEM -pubout -out "{{ item }}public.pem"
+        base64 "{{ item }}public.pem" -w5000 > "{{ item }}public.b64"
+        base64 "{{ item }}private.pem" -w5000 > "{{ item }}private.b64"
     delegate_to: localhost
     become: no
     with_items:
-    - ""
-    - old_
+    - A_
+    - B_
 
   - name: Copy files to target host.
     copy:
       src: "{{ playbook_dir }}/{{ item }}"
       dest: "{{ ansible_env.HOME }}/{{ item }}"
     with_items:
-    - private.pem
-    - public.pem
-    - old_private.pem
-    - old_public.pem
+    - A_private.pem
+    - A_public.pem
+    - B_private.pem
+    - B_public.pem
+    - A_private.b64
+    - A_public.b64
+    - B_private.b64
+    - B_public.b64
     - password.txt
     - in.txt
 

tests/vault/tasks_vault_members.yml

@@ -27,7 +27,7 @@
       ipaadmin_password: SomeADMINpassword
       name: "{{ vault.name }}"
       vault_type: "{{ vault.vault_type }}"
-      public_key: "{{lookup('file', 'private.pem', rstrip=False) | b64encode}}"
+      public_key: "{{lookup('file', 'A_private.b64')}}"
     register: result
     failed_when: not result.changed
     when: vault.vault_type == 'asymmetric'

tests/vault/test_vault_asymmetric.yml

@@ -14,7 +14,7 @@
       ipaadmin_password: SomeADMINpassword
       name: asymvault
       vault_type: asymmetric
-      public_key: "{{ lookup('file', 'old_public.pem', rstrip=True) | b64encode }}"
+      public_key: "{{ lookup('file', 'A_public.b64') }}"
     register: result
     failed_when: result.failed or not result.changed
 
@@ -23,11 +23,11 @@
       ipaadmin_password: SomeADMINpassword
       name: asymvault
       vault_type: asymmetric
-      public_key: "{{ lookup('file', 'old_public.pem', rstrip=True) | b64encode }}"
+      public_key: "{{ lookup('file', 'A_public.b64') }}"
     register: result
     failed_when: result.failed or result.changed
 
-  - name: Archive data to asymmetric vault using "old" key.
+  - name: Archive data to asymmetric vault.
     ipavault:
       ipaadmin_password: SomeADMINpassword
       name: asymvault
@@ -35,68 +35,68 @@
     register: result
     failed_when: result.failed or not result.changed
 
-  - name: Retrieve data from asymmetric vault using "old" key.
+  - name: Retrieve data from asymmetric vault using key A.
     ipavault:
       ipaadmin_password: SomeADMINpassword
       name: asymvault
-      private_key: "{{ lookup('file', 'old_private.pem', rstrip=True) | b64encode }}"
+      private_key: "{{ lookup('file', 'A_private.b64') }}"
       state: retrieved
     register: result
     failed_when: result.failed or result.changed or result.vault.data != 'SomeValue'
 
-  - name: Change asymmetric vault key to "new" key.
+  - name: Change asymmetric vault key to B.
     ipavault:
       ipaadmin_password: SomeADMINpassword
       name: asymvault
       vault_type: asymmetric
-      public_key: "{{ lookup('file', 'public.pem', rstrip=True) | b64encode }}"
-      private_key: "{{ lookup('file', 'old_private.pem', rstrip=True) | b64encode }}"
+      public_key: "{{ lookup('file', 'B_public.b64') }}"
+      private_key: "{{ lookup('file', 'A_private.b64') }}"
     register: result
     failed_when: result.failed or not result.changed
 
-  - name: Retrieve data from asymmetric vault using "new" key.
+  - name: Retrieve data from asymmetric vault using key B.
     ipavault:
       ipaadmin_password: SomeADMINpassword
       name: asymvault
-      private_key: "{{ lookup('file', 'private.pem', rstrip=True) | b64encode }}"
+      private_key: "{{ lookup('file', 'B_private.b64') }}"
       state: retrieved
     register: result
     failed_when: result.failed or result.changed or result.vault.data != 'SomeValue'
 
-  - name: Change asymmetric vault key from_file to "old"
+  - name: Change asymmetric vault key to A, using key_file
     ipavault:
       ipaadmin_password: SomeADMINpassword
       name: asymvault
       vault_type: asymmetric
-      public_key_file: old_public.pem
-      private_key: "{{ lookup('file', 'private.pem', rstrip=True) | b64encode }}"
+      public_key_file: "{{ ansible_env.HOME }}/A_public.pem"
+      private_key: "{{ lookup('file', 'B_private.b64') }}"
     register: result
     failed_when: result.failed or not result.changed
 
-  - name: Retrieve data from asymmetric vault using old key file.
+  - name: Retrieve data from asymmetric vault using key A, with key_file.
     ipavault:
       ipaadmin_password: SomeADMINpassword
       name: asymvault
-      private_key_file: old_private.pem
+      private_key_file: "{{ ansible_env.HOME }}/A_private.pem"
       state: retrieved
     register: result
     failed_when: result.failed or result.changed or result.vault.data != 'SomeValue'
 
-  - name: Change asymmetric vault key to "new" key, using only files
+  - name: Change asymmetric vault key to B key, using key_files
     ipavault:
       ipaadmin_password: SomeADMINpassword
       name: asymvault
       vault_type: asymmetric
-      public_key_file: public.pem
-      private_key_file: old_private.pem
+      public_key_file: "{{ ansible_env.HOME }}/B_public.pem"
+      private_key_file: "{{ ansible_env.HOME }}/A_private.pem"
     register: result
     failed_when: result.failed or not result.changed
 
-  - name: Retrieve data from asymmetric vault, using new "key".
+  - name: Retrieve data from asymmetric vault, using key B.
     ipavault:
       ipaadmin_password: SomeADMINpassword
       name: asymvault
-      private_key: "{{ lookup('file', 'private.pem', rstrip=True) | b64encode }}"
+      private_key: "{{ lookup('file', 'B_private.b64') }}"
       state: retrieved
     register: result
     failed_when: result.failed or result.changed or result.vault.data != 'SomeValue'
@@ -132,7 +132,7 @@
     ipavault:
       ipaadmin_password: SomeADMINpassword
       name: asymvault
-      private_key: "{{ lookup('file', 'private.pem', rstrip=True) | b64encode }}"
+      private_key: "{{ lookup('file', 'B_private.b64') }}"
       state: retrieved
     register: result
     failed_when: result.vault.data != 'SomeADMINpassword' or result.changed
@@ -149,7 +149,7 @@
     ipavault:
       ipaadmin_password: SomeADMINpassword
       name: asymvault
-      private_key: "{{ lookup('file', 'private.pem', rstrip=True) | b64encode }}"
+      private_key: "{{ lookup('file', 'B_private.b64') }}"
       state: retrieved
     register: result
     failed_when: result.vault.data != 'Hello World.' or result.changed
@@ -159,7 +159,7 @@
       ipaadmin_password: SomeADMINpassword
       name: asymvault
       out: "{{ ansible_env.HOME }}/data.txt"
-      private_key: "{{ lookup('file', 'private.pem', rstrip=True) | b64encode }}"
+      private_key: "{{ lookup('file', 'B_private.b64') }}"
       state: retrieved
     register: result
     failed_when: result.changed or result.failed or (result.vault.data | default(false))
@@ -182,7 +182,7 @@
     ipavault:
       ipaadmin_password: SomeADMINpassword
       name: asymvault
-      private_key: "{{ lookup('file', 'private.pem', rstrip=True) | b64encode }}"
+      private_key: "{{ lookup('file', 'B_private.b64') }}"
       state: retrieved
     register: result
     failed_when: result.vault.data != 'The world of π is half rounded.' or result.changed
@@ -200,7 +200,7 @@
     ipavault:
       ipaadmin_password: SomeADMINpassword
       name: asymvault
-      private_key: "{{ lookup('file', 'private.pem', rstrip=True) | b64encode }}"
+      private_key: "{{ lookup('file', 'B_private.b64') }}"
       state: retrieved
     register: result
     failed_when: result.vault.data != 'Another World.' or result.changed
@@ -217,7 +217,7 @@
     ipavault:
       ipaadmin_password: SomeADMINpassword
       name: asymvault
-      private_key: "{{ lookup('file', 'private.pem', rstrip=True) | b64encode }}"
+      private_key: "{{ lookup('file', 'B_private.b64') }}"
       state: retrieved
     register: result
     failed_when: result.vault.data != 'c' or result.changed
@@ -242,7 +242,7 @@
     ipavault:
       ipaadmin_password: SomeADMINpassword
       name: asymvault
-      public_key_file: "{{ ansible_env.HOME }}/public.pem"
+      public_key_file: "{{ ansible_env.HOME }}/B_public.pem"
       vault_type: asymmetric
     register: result
     failed_when: not result.changed
@@ -251,7 +251,7 @@
     ipavault:
       ipaadmin_password: SomeADMINpassword
       name: asymvault
-      public_key_file: "{{ ansible_env.HOME }}/public.pem"
+      public_key_file: "{{ ansible_env.HOME }}/B_public.pem"
       vault_type: asymmetric
     register: result
     failed_when: result.changed
@@ -268,7 +268,7 @@
     ipavault:
       ipaadmin_password: SomeADMINpassword
       name: asymvault
-      private_key: "{{ lookup('file', 'private.pem', rstrip=True) | b64encode }}"
+      private_key: "{{ lookup('file', 'B_private.b64') }}"
       state: retrieved
     register: result
     failed_when: result.vault.data != 'Hello World.' or result.changed
@@ -277,7 +277,7 @@
     ipavault:
       ipaadmin_password: SomeADMINpassword
       name: asymvault
-      private_key_file: "{{ ansible_env.HOME }}/private.pem"
+      private_key_file: "{{ ansible_env.HOME }}/B_private.pem"
       state: retrieved
     register: result
     failed_when: result.vault.data != 'Hello World.' or result.changed

tests/vault/test_vault_change_type.yml

@@ -26,7 +26,7 @@
       ipaadmin_password: SomeADMINpassword
       name: test_vault
       vault_type: asymmetric
-      public_key: "{{ lookup('file', 'public.pem', rstrip=True) | b64encode }}"
+      public_key: "{{ lookup('file', 'A_public.b64') }}"
     register: result
     failed_when: result.failed or not result.changed
 
@@ -36,7 +36,7 @@
         ipaadmin_password: SomeADMINpassword
         name: test_vault
         vault_type: symmetric
-        private_key: "{{ lookup('file', 'private.pem') | b64encode }}"
+        private_key: "{{ lookup('file', 'A_private.b64') }}"
         password: SomeVAULTpassword
       register: result
       failed_when: result.failed or not result.changed
@@ -89,7 +89,7 @@
         name: test_vault
         vault_type: asymmetric
         password: SomeVAULTpassword
-        public_key: "{{ lookup('file', 'public.pem') | b64encode }}"
+        public_key: "{{ lookup('file', 'A_public.b64') }}"
       register: result
       failed_when: result.failed or not result.changed
 
@@ -110,7 +110,7 @@
         ipaadmin_password: SomeADMINpassword
         name: test_vault
         vault_type: standard
-        private_key: "{{ lookup('file', 'private.pem') | b64encode }}"
+        private_key: "{{ lookup('file', 'A_private.b64') }}"
       register: result
       failed_when: result.failed or not result.changed
 
@@ -143,7 +143,7 @@
       ipaadmin_password: SomeADMINpassword
       name: test_vault
       vault_type: asymmetric
-      public_key: "{{ lookup('file', 'public.pem', rstrip=True) | b64encode }}"
+      public_key: "{{ lookup('file', 'A_public.b64') }}"
     register: result
     failed_when: result.failed or not result.changed
 
@@ -151,7 +151,7 @@
     ipavault:
       ipaadmin_password: SomeADMINpassword
       name: test_vault
-      private_key: "{{ lookup('file', 'private.pem', rstrip=True) | b64encode }}"
+      private_key: "{{ lookup('file', 'A_private.b64') }}"
       state: retrieved
     register: result
     failed_when: result.failed or result.changed or result.vault.data != 'hello'
@@ -162,7 +162,7 @@
         ipaadmin_password: SomeADMINpassword
         name: test_vault
         vault_type: symmetric
-        private_key: "{{ lookup('file', 'private.pem') | b64encode }}"
+        private_key: "{{ lookup('file', 'A_private.b64') }}"
         password: SomeVAULTpassword
       register: result
       failed_when: result.failed or not result.changed
@@ -241,7 +241,7 @@
         name: test_vault
         vault_type: asymmetric
         password: SomeVAULTpassword
-        public_key: "{{ lookup('file', 'public.pem') | b64encode }}"
+        public_key: "{{ lookup('file', 'A_public.b64') }}"
       register: result
       failed_when: result.failed or not result.changed
 
@@ -261,7 +261,7 @@
       ipaadmin_password: SomeADMINpassword
       name: test_vault
       state: retrieved
-      private_key: "{{ lookup('file', 'private.pem', rstrip=True) | b64encode }}"
+      private_key: "{{ lookup('file', 'A_private.b64') }}"
     register: result
     failed_when: result.failed or result.changed or result.vault.data != 'hello'
 
@@ -271,7 +271,7 @@
         ipaadmin_password: SomeADMINpassword
         name: test_vault
         vault_type: standard
-        private_key: "{{ lookup('file', 'private.pem') | b64encode }}"
+        private_key: "{{ lookup('file', 'A_private.b64') }}"
       register: result
       failed_when: result.failed or not result.changed or result.failed