From 8ca282e276477b52d0850d4c01feb3d8e7a5be6d Mon Sep 17 00:00:00 2001
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
Date: Fri, 31 Jul 2020 11:44:33 -0300
Subject: [PATCH] Modified and added tests to verify correct `salt` update
 behavior.

---
 tests/vault/test_vault_symmetric.yml | 35 ++++++++++++++++++++++++----
 1 file changed, 31 insertions(+), 4 deletions(-)

diff --git a/tests/vault/test_vault_symmetric.yml b/tests/vault/test_vault_symmetric.yml
index 92943319..1604a018 100644
--- a/tests/vault/test_vault_symmetric.yml
+++ b/tests/vault/test_vault_symmetric.yml
@@ -234,14 +234,41 @@
     register: result
     failed_when: not result.changed
 
+  - name: Try to change symmetric vault salt, without providing any password
     ipavault:
       ipaadmin_password: SomeADMINpassword
-      name: inexistentvault
-      password: SomeVAULTpassword
+      name: symvault
+      salt: MTIzNDU2Nzg5MDEyMzQ1Ngo=
+    register: result
+    failed_when: not result.failed and  "Vault `salt` can only change when changing the password." not in result.msg
+
+  - name: Try to change symmetric vault salt, without providing `password`
+    ipavault:
+      ipaadmin_password: SomeADMINpassword
+      name: symvault
+      salt: MTIzNDU2Nzg5MDEyMzQ1Ngo=
       new_password: SomeVAULTpassword
-      new_password_file: "{{ ansible_env.HOME }}/password.txt"
     register: result
-    failed_when: not result.failed or "parameters are mutually exclusive" not in result.msg
+    failed_when: not result.failed and  "Vault `salt` can only change when changing the password." not in result.msg
+
+  - name: Try to change symmetric vault salt, without providing `new_password`
+    ipavault:
+      ipaadmin_password: SomeADMINpassword
+      name: symvault
+      salt: MTIzNDU2Nzg5MDEyMzQ1Ngo=
+      password: SomeVAULTpassword
+    register: result
+    failed_when: not result.failed and  "Vault `salt` can only change when changing the password." not in result.msg
+
+  - name: Try to change symmetric vault salt, using wrong password.
+    ipavault:
+      ipaadmin_password: SomeADMINpassword
+      name: symvault
+      password: SomeWRONGpassword
+      new_password: SomeWRONGpassword
+      salt: MDEyMzQ1Njc4OTAxMjM0NQo=
+    register: result
+    failed_when: not result.failed
 
   - name: Ensure symmetric vault is absent
     ipavault:
-- 
GitLab