From 4ef4e706b79fdbb43e462b1a7130fc2cad5894b2 Mon Sep 17 00:00:00 2001
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
Date: Fri, 31 Jul 2020 11:42:13 -0300
Subject: [PATCH] Modify tests to verify password was changed correctly.

Modify and add tests to verify that a password change has the correct
effect on ipavault.
---
 tests/vault/test_vault_symmetric.yml | 36 ++++++++++++++++++----------
 1 file changed, 23 insertions(+), 13 deletions(-)

diff --git a/tests/vault/test_vault_symmetric.yml b/tests/vault/test_vault_symmetric.yml
index bedc221d..92943319 100644
--- a/tests/vault/test_vault_symmetric.yml
+++ b/tests/vault/test_vault_symmetric.yml
@@ -178,6 +178,15 @@
     register: result
     failed_when: result.vault.data != 'Hello World.' or result.changed
 
+  - name: Retrieve data from symmetric vault, with wrong password.
+    ipavault:
+      ipaadmin_password: SomeADMINpassword
+      name: symvault
+      password: SomeWRONGpassword
+      state: retrieved
+    register: result
+    failed_when: not result.failed or "Invalid credentials" not in result.msg
+
   - name: Change vault password.
     ipavault:
       ipaadmin_password: SomeADMINpassword
@@ -187,43 +196,44 @@
     register: result
     failed_when: not result.changed
 
-  - name: Retrieve data from symmetric vault, with wrong password.
+  - name: Retrieve data from symmetric vault, with new password.
     ipavault:
       ipaadmin_password: SomeADMINpassword
       name: symvault
-      password: SomeVAULTpassword
+      password: SomeNEWpassword
       state: retrieved
     register: result
-    failed_when: not result.failed or "Invalid credentials" not in result.msg
+    failed_when: result.data != 'Hello World.' or result.changed
 
-  - name: Change vault password, with wrong `old_password`.
+  - name: Retrieve data from symmetric vault, with old password.
     ipavault:
       ipaadmin_password: SomeADMINpassword
       name: symvault
       password: SomeVAULTpassword
-      new_password: SomeNEWpassword
+      state: retrieved
     register: result
     failed_when: not result.failed or "Invalid credentials" not in result.msg
 
-  - name: Retrieve data from symmetric vault, with new password.
+  - name: Change symmetric vault salt, changing password
     ipavault:
       ipaadmin_password: SomeADMINpassword
       name: symvault
       password: SomeNEWpassword
-      state: retrieved
+      new_password: SomeVAULTpassword
+      salt: AAAAAAAAAAAAAAAAAAAAAAA=
     register: result
-    failed_when: result.vault.data != 'Hello World.' or result.changed
+    failed_when: not result.changed
 
-  - name: Try to add vault with multiple passwords.
+  - name: Change symmetric vault salt, without changing password
     ipavault:
       ipaadmin_password: SomeADMINpassword
-      name: inexistentvault
+      name: symvault
       password: SomeVAULTpassword
-      password_file: "{{ ansible_env.HOME }}/password.txt"
+      new_password: SomeVAULTpassword
+      salt: MTIzNDU2Nzg5MDEyMzQ1Ngo=
     register: result
-    failed_when: not result.failed or "parameters are mutually exclusive" not in result.msg
+    failed_when: not result.changed
 
-  - name: Try to add vault with multiple new passwords.
     ipavault:
       ipaadmin_password: SomeADMINpassword
       name: inexistentvault
-- 
GitLab