Skip to content
Snippets Groups Projects
Commit da87f164 authored by Rafael Guterres Jeffman's avatar Rafael Guterres Jeffman
Browse files

Split vault tests in different files. 

This change split vault tests in several files, organized by vault
type and operation (vault vs. member) so that it is easier to add
new tests for issues and verify if tests are missing.
parent 0bcb4eaf
No related branches found
No related tags found
No related merge requests found
Expand all Show whitespace changes
Inline Side-by-side
Showing
with 972 additions and 961 deletions
tests/vault/env_cleanup.yml 0 → 100644
+ 64
0
View file @ da87f164
# Tasks executed to clean up test environment for Vault module.
- name: Ensure user vaults are absent
ipavault:
ipaadmin_password: SomeADMINpassword
name:
- stdvault
- symvault
- asymvault
username: "{{username}}"
state: absent
loop:
- admin
- user01
loop_control:
loop_var: username
- name: Ensure shared vaults are absent
ipavault:
ipaadmin_password: SomeADMINpassword
name:
- sharedvault
- svcvault
state: absent
- name: Ensure test users do not exist.
ipauser:
ipaadmin_password: SomeADMINpassword
name:
- user01
- user02
- user03
state: absent
- name: Ensure test groups do not exist.
ipagroup:
ipaadmin_password: SomeADMINpassword
name: vaultgroup
state: absent
- name: Remove password file from target host.
file:
path: "{{ ansible_env.HOME }}/password.txt"
state: absent
- name: Remove public key file from target host.
file:
path: "{{ ansible_env.HOME }}/public.pem"
state: absent
- name: Remove private key file from target host.
file:
path: "{{ ansible_env.HOME }}/private.pem"
state: absent
- name: Remove output data file from target host.
file:
path: "{{ ansible_env.HOME }}/data.txt"
state: absent
- name: Remove input data file from target host.
file:
path: "{{ ansible_env.HOME }}/in.txt"
state: absent
tests/vault/env_setup.yml 0 → 100644
+ 55
0
View file @ da87f164
# Tasks executed to ensure a sane environment to test IPA Vault module.
- name: Create private key file.
shell:
cmd: openssl genrsa -out private.pem 2048
delegate_to: localhost
become: no
- name: Create public key file.
shell:
cmd: openssl rsa -in private.pem -outform PEM -pubout -out public.pem
delegate_to: localhost
become: no
- name: Ensure environment is clean.
import_tasks: env_cleanup.yml
- name: Copy password file to target host.
copy:
src: "{{ playbook_dir }}/password.txt"
dest: "{{ ansible_env.HOME }}/password.txt"
- name: Copy public key file to target host.
copy:
src: "{{ playbook_dir }}/public.pem"
dest: "{{ ansible_env.HOME }}/public.pem"
- name: Copy private key file to target host.
copy:
src: "{{ playbook_dir }}/private.pem"
dest: "{{ ansible_env.HOME }}/private.pem"
- name: Copy input data file to target host.
copy:
src: "{{ playbook_dir }}/in.txt"
dest: "{{ ansible_env.HOME }}/in.txt"
- name: Ensure vaultgroup exists.
ipagroup:
ipaadmin_password: SomeADMINpassword
name: vaultgroup
- name: Ensure testing users exist.
ipauser:
ipaadmin_password: SomeADMINpassword
users:
- name: user01
first: First
last: Start
- name: user02
first: Second
last: Middle
- name: user03
first: Third
last: Last
tests/vault/private.pem deleted 100644 → 0
+ 0
27
View file @ 0bcb4eaf
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEArM5/f6dd/YIm/a9eoGVTW8jobEgrf9PXRA3aHsA7kJo6fB18
HD4+RVUwx/lqlkPYbUi9bXV/rJAkUwAEDOnJeqXESZ+gVCVmigRzmKWK2ad9agmY
SiqyyNxFIJvZAo0dG4CAWjYK27tLg4Ih6oGsZIDG+WVES5W89K+L0bwVjq4tshhe
DMO57unvmIKEmaBE0ewPfvkdZh5k8Gts9H4fh0fGk5tbIYa0bhwMUpL+WHOm6nbd
+n7BbaVc820TgZDO/rSYtnuXaIc6Wx0U9LXZkUmk3apMnzknNaTqguAQdTn79G8P
qrGqmyWd/E1cH2b5jzIxiGo8psL5sxWVY7WJdwIDAQABAoIBAA6e9iit14UAgx4J
vX7is9fbOtcWkB+jo94NMfxSFXgZpIMl139oQMqK97KjxsHqAaDVe7mMLH5EP96J
7M3O5g4rgl0cVWtpMrDQyZsLvqDFzBWxtCHqVPAruumUZhsSJ3lROQro8ag/w5bf
5tC5ogVq4+rsB4hBphgp1jGrsUM+E8O7DXXFH68F8WgBi725WvcjnbI9irkb0Gcq
1bCPJwN3fA1i2VWiRwVYWbNTWnDoNM9ZdYYxK0kuUkD+QtreycWPf9V49lvUi1Vp
FVNmBUDvGK3K1MwbgXRwOXhacY7Ptjkdvaeb2Qcu5RjTkruGhzUYsOP3p/cw+wKV
vzQqceECgYEA5Wz7V2SlRa2r//z+ETQkJfENJ0KDnCb0pMClCQh3jTNPA6DbhiMk
FTkcoNbqcpTiVSlvhh6TKscSgqYQUjQ/OqyG7SkjKVjQ72j5beQLxiLTtUyj1OmP
Xh9cWJXx8iQ+45cPon+kMOAIiTwiB3mmFRfQjIGve1DPUo9J+NZ4XdECgYEAwNKg
OdGYxxKtCrXVz1mdg6PDlV8qh7nxxZbPch+aMIQl1+oTCgSiw8oOYEd8g0HOdV6t
1G+IWhvPxiiWy3/AE0QhgoKk2GUsSjWSMLcJbaUzDoEHFjTLjecRlqdzo7qxRXqB
meN4L5WJYKnLC482K7hvufS+uo5fB5qwPmt13McCgYAe4TVPRP+tyjttYCr+O8tl
w/UmRKCcQu4Iwtkzxwz4V2CaN2t0uYQgyygcSfESbRGtrr8RCUp7poHKTfnCZr/f
8NrUTwYpiYfNwY5ZCSnAiG2AaIlgnfMrEwOF9OC028YPMgTrtUxvO6hKeGqIIQqG
qkbqsoXhDjZpgVnOgWeAEQKBgGuiZ0w/IqAlXbC31fUb2iBMfvXXnJ8M/dfFGmFj
IKfqbFF9WUljUxQlqya1YNzIFB5STohiBeP+2FmN+Lb5xdc7VdVLZgdhWnrGMqe8
1Kd+6uQyxCjyKZo5nQjSymtf4GqfOs8TOdieCYSK40u9koiPONa9tuXeaU+OWslN
JQqrAoGBAJ3MKOvsnQzuZVP2vz0ZqLwIE3XjRiFGveVpizq4hwOVeuNsV08JvA0t
pueNIy9klPScFc9OUdiZWkEX09BwJkVIrOHotuSB8AStO5UAntNnuyWLJEFC4Uq4
GpB8lbj9jkxSKaU7X3Gac23K9JL8euLh7E7rPuZRYa6mYN4nbKqu
-----END RSA PRIVATE KEY-----
tests/vault/public.pem deleted 100644 → 0
+ 0
9
View file @ 0bcb4eaf
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArM5/f6dd/YIm/a9eoGVT
W8jobEgrf9PXRA3aHsA7kJo6fB18HD4+RVUwx/lqlkPYbUi9bXV/rJAkUwAEDOnJ
eqXESZ+gVCVmigRzmKWK2ad9agmYSiqyyNxFIJvZAo0dG4CAWjYK27tLg4Ih6oGs
ZIDG+WVES5W89K+L0bwVjq4tshheDMO57unvmIKEmaBE0ewPfvkdZh5k8Gts9H4f
h0fGk5tbIYa0bhwMUpL+WHOm6nbd+n7BbaVc820TgZDO/rSYtnuXaIc6Wx0U9LXZ
kUmk3apMnzknNaTqguAQdTn79G8PqrGqmyWd/E1cH2b5jzIxiGo8psL5sxWVY7WJ
dwIDAQAB
-----END PUBLIC KEY-----
tests/vault/tasks_vault_members.yml 0 → 100644
+ 318
0
View file @ da87f164
---
# Tasks to test member management for Vault module.
- name: Setup testing environment.
import_tasks: env_setup.yml
- name: Ensure vault is present
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
vault_type: "{{vault.vault_type}}"
register: result
failed_when: not result.changed
when: vault.vault_type == 'standard'
- name: Ensure vault is present
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
vault_password: SomeVAULTpassword
vault_type: "{{vault.vault_type}}"
register: result
failed_when: not result.changed
when: vault.vault_type == 'symmetric'
- name: Ensure vault is present
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
vault_type: "{{vault.vault_type}}"
public_key: "{{lookup('file', 'private.pem') | b64encode}}"
register: result
failed_when: not result.changed
when: vault.vault_type == 'asymmetric'
- name: Ensure vault member user is present.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
users:
- user02
register: result
failed_when: not result.changed
- name: Ensure vault member user is present, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
users:
- user02
register: result
failed_when: result.changed
- name: Ensure more vault member users are present.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
users:
- admin
- user02
register: result
failed_when: not result.changed
- name: Ensure vault member user is still present.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
users:
- user02
register: result
failed_when: result.changed
- name: Ensure vault users are absent.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
users:
- admin
- user02
state: absent
register: result
failed_when: not result.changed
- name: Ensure vault users are absent, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
users:
- admin
- user02
state: absent
register: result
failed_when: result.changed
- name: Ensure vault user is absent, once more.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
users:
- admin
state: absent
register: result
failed_when: result.changed
- name: Ensure vault member group is present.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
groups: vaultgroup
register: result
failed_when: not result.changed
- name: Ensure vault member group is present, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
groups: vaultgroup
register: result
failed_when: result.changed
- name: Ensure vault member group is absent.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
groups: vaultgroup
state: absent
register: result
failed_when: not result.changed
- name: Ensure vault member group is absent, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
groups: vaultgroup
state: absent
register: result
failed_when: result.changed
- name: Ensure vault member service is present.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
services: "HTTP/{{ groups.ipaserver[0] }}"
register: result
failed_when: not result.changed
- name: Ensure vault member service is present, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
services: "HTTP/{{ groups.ipaserver[0] }}"
register: result
failed_when: result.changed
- name: Ensure vault member service is absent.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
services: "HTTP/{{ groups.ipaserver[0] }}"
state: absent
register: result
failed_when: not result.changed
- name: Ensure vault member service is absent, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
services: "HTTP/{{ groups.ipaserver[0] }}"
state: absent
register: result
failed_when: result.changed
- name: Ensure user03 is an owner of vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
owners: user03
action: member
register: result
failed_when: not result.changed
- name: Ensure user03 is an owner of vault, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
owners: user03
action: member
register: result
failed_when: result.changed
- name: Ensure user03 is not owner of vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
owners: user03
state: absent
action: member
register: result
failed_when: not result.changed
- name: Ensure user03 is not owner of vault, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
owners: user03
state: absent
action: member
register: result
failed_when: result.changed
- name: Ensure vaultgroup is an ownergroup of vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownergroups: vaultgroup
action: member
register: result
failed_when: not result.changed
- name: Ensure vaultgroup is an ownergroup of vault, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownergroups: vaultgroup
action: member
register: result
failed_when: result.changed
- name: Ensure vaultgroup is not ownergroup of vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownergroups: vaultgroup
state: absent
action: member
register: result
failed_when: not result.changed
- name: Ensure vaultgroup is not ownergroup of vault, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownergroups: vaultgroup
state: absent
action: member
register: result
failed_when: result.changed
- name: Ensure service is an owner of vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownerservices: "HTTP/{{ groups.ipaserver[0] }}"
action: member
register: result
failed_when: not result.changed
- name: Ensure service is an owner of vault, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownerservices: "HTTP/{{ groups.ipaserver[0] }}"
action: member
register: result
failed_when: result.changed
- name: Ensure service is not owner of vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownerservices: "HTTP/{{ groups.ipaserver[0] }}"
state: absent
action: member
register: result
failed_when: not result.changed
- name: Ensure service is not owner of vault, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownerservices: "HTTP/{{ groups.ipaserver[0] }}"
state: absent
action: member
register: result
failed_when: result.changed
- name: Ensure {{vault.vault_type}} vault is absent
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
state: absent
register: result
failed_when: not result.changed
- name: Ensure {{vault.vault_type}} vault is absent, again
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
state: absent
register: result
failed_when: result.changed
- name: Cleanup testing environment.
import_tasks: env_cleanup.yml
tests/vault/test_vault.yml deleted 100644 → 0
+ 0
925
View file @ 0bcb4eaf
This diff is collapsed.
tests/vault/test_vault_asymmetric.yml 0 → 100644
+ 192
0
View file @ da87f164
---
- name: Test vault
hosts: ipaserver
become: true
# Need to gather facts for ansible_env.
gather_facts: true
tasks:
- name: Setup testing environment.
import_tasks: env_setup.yml
- name: Ensure asymmetric vault is present
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
vault_type: asymmetric
public_key: "{{ lookup('file', 'public.pem') | b64encode }}"
register: result
failed_when: not result.changed
- name: Ensure asymmetric vault is present, again
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
vault_type: asymmetric
public_key: "{{ lookup('file', 'public.pem') | b64encode }}"
register: result
failed_when: result.changed
- name: Archive data to asymmetric vault
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
data: Hello World.
register: result
failed_when: not result.changed
- name: Retrieve data from asymmetric vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
private_key: "{{ lookup('file', 'private.pem') | b64encode }}"
state: retrieved
register: result
failed_when: result.data != 'Hello World.' or result.changed
- name: Retrieve data from asymmetric vault into file {{ ansible_env.HOME }}/data.txt.
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
out: "{{ ansible_env.HOME }}/data.txt"
private_key: "{{ lookup('file', 'private.pem') | b64encode }}"
state: retrieved
register: result
failed_when: result.changed
- name: Verify retrieved data.
slurp:
src: "{{ ansible_env.HOME }}/data.txt"
register: slurpfile
failed_when: slurpfile['content'] | b64decode != 'Hello World.'
- name: Archive data with non-ASCII characters to asymmetric vault
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
data: The world of π is half rounded.
register: result
failed_when: not result.changed
- name: Retrieve data from asymmetric vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
private_key: "{{ lookup('file', 'private.pem') | b64encode }}"
state: retrieved
register: result
failed_when: result.data != 'The world of π is half rounded.' or result.changed
- name: Archive data in asymmetric vault, from file.
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
vault_type: asymmetric
in: "{{ ansible_env.HOME }}/in.txt"
register: result
failed_when: not result.changed
- name: Retrieve data from asymmetric vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
private_key: "{{ lookup('file', 'private.pem') | b64encode }}"
state: retrieved
register: result
failed_when: result.data != 'Another World.' or result.changed
- name: Archive data with single character to asymmetric vault
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
data: c
register: result
failed_when: not result.changed
- name: Retrieve data from asymmetric vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
private_key: "{{ lookup('file', 'private.pem') | b64encode }}"
state: retrieved
register: result
failed_when: result.data != 'c' or result.changed
- name: Ensure asymmetric vault is absent
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
state: absent
register: result
failed_when: not result.changed
- name: Ensure asymmetric vault is absent, again
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
state: absent
register: result
failed_when: result.changed
- name: Ensure asymmetric vault is present, with public key from file.
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
public_key_file: "{{ ansible_env.HOME }}/public.pem"
vault_type: asymmetric
register: result
failed_when: not result.changed
- name: Ensure asymmetric vault is present, with password from file, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
public_key_file: "{{ ansible_env.HOME }}/public.pem"
vault_type: asymmetric
register: result
failed_when: result.changed
- name: Archive data to asymmetric vault
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
data: Hello World.
register: result
failed_when: not result.changed
- name: Retrieve data from asymmetric vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
private_key: "{{ lookup('file', 'private.pem') | b64encode }}"
state: retrieved
register: result
failed_when: result.data != 'Hello World.' or result.changed
- name: Retrieve data from asymmetric vault, with password file.
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
private_key_file: "{{ ansible_env.HOME }}/private.pem"
state: retrieved
register: result
failed_when: result.data != 'Hello World.' or result.changed
- name: Ensure asymmetric vault is absent
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
state: absent
register: result
failed_when: not result.changed
- name: Ensure asymmetric vault is absent, again
ipavault:
ipaadmin_password: SomeADMINpassword
name: asymvault
state: absent
register: result
failed_when: result.changed
- name: Cleanup testing environment.
import_tasks: env_setup.yml
tests/vault/test_vault_members.yml 0 → 100644
+ 20
0
View file @ da87f164
---
- name: Test vault
hosts: ipaserver
become: true
# Need to gather facts for ansible_env.
gather_facts: true
tasks:
- name: Test vault module member operations.
include_tasks:
file: tasks_vault_members.yml
apply:
tags:
- "{{ vault.vault_type }}"
loop_control:
loop_var: vault
loop:
- { name: "stdvault", vault_type: "standard" }
- { name: "symvault", vault_type: "symmetric" }
- { name: "asymvault", vault_type: "asymmetric" }
tests/vault/test_vault_standard.yml 0 → 100644
+ 125
0
View file @ da87f164
---
- name: Test vault
hosts: ipaserver
become: true
# Need to gather facts for ansible_env.
gather_facts: true
tasks:
- name: Setup testing environment.
import_tasks: env_setup.yml
- name: Ensure standard vault is present
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
vault_type: standard
register: result
failed_when: not result.changed
- name: Ensure standard vault is present, again
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
vault_type: standard
register: result
failed_when: result.changed
- name: Archive data to standard vault
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
vault_data: Hello World.
register: result
failed_when: not result.changed
- name: Retrieve data from standard vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
state: retrieved
register: result
failed_when: result.data != 'Hello World.' or result.changed
- name: Retrieve data from standard vault into file {{ ansible_env.HOME }}/data.txt.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
out: "{{ ansible_env.HOME }}/data.txt"
state: retrieved
register: result
failed_when: result.changed
- name: Verify retrieved data.
slurp:
src: "{{ ansible_env.HOME }}/data.txt"
register: slurpfile
failed_when: slurpfile['content'] | b64decode != 'Hello World.'
- name: Archive data with non-ASCII characters to standard vault
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
vault_data: The world of π is half rounded.
register: result
failed_when: not result.changed
- name: Retrieve data from standard vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
state: retrieved
register: result
failed_when: result.data != 'The world of π is half rounded.' or result.changed
- name: Archive data in standard vault, from file.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
vault_type: standard
in: "{{ ansible_env.HOME }}/in.txt"
register: result
failed_when: not result.changed
- name: Retrieve data from standard vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
state: retrieved
register: result
failed_when: result.data != 'Another World.' or result.changed
- name: Archive data with single character to standard vault
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
vault_data: c
register: result
failed_when: not result.changed
- name: Retrieve data from standard vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
state: retrieved
register: result
failed_when: result.data != 'c' or result.changed
- name: Ensure standard vault is absent
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
state: absent
register: result
failed_when: not result.changed
- name: Ensure standard vault is absent, again
ipavault:
ipaadmin_password: SomeADMINpassword
name: stdvault
state: absent
register: result
failed_when: result.changed
- name: Cleanup testing environment.
import_tasks: env_setup.yml
tests/vault/test_vault_symmetric.yml 0 → 100644
+ 198
0
View file @ da87f164
---
- name: Test vault
hosts: ipaserver
become: true
# Need to gather facts for ansible_env.
gather_facts: true
tasks:
- name: Setup testing environment.
import_tasks: env_setup.yml
- name: Ensure symmetric vault is present
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
vault_type: symmetric
password: SomeVAULTpassword
register: result
failed_when: not result.changed
- name: Ensure symmetric vault is present, again
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
vault_type: symmetric
password: SomeVAULTpassword
register: result
failed_when: result.changed
- name: Archive data to symmetric vault
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
vault_data: Hello World.
password: SomeVAULTpassword
register: result
failed_when: not result.changed
- name: Retrieve data from symmetric vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
password: SomeVAULTpassword
state: retrieved
register: result
failed_when: result.data != 'Hello World.' or result.changed
- name: Retrieve data from symmetric vault into file {{ ansible_env.HOME }}/data.txt.
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
password: SomeVAULTpassword
out: "{{ ansible_env.HOME }}/data.txt"
state: retrieved
register: result
failed_when: result.changed
- name: Verify retrieved data.
slurp:
src: "{{ ansible_env.HOME }}/data.txt"
register: slurpfile
failed_when: slurpfile['content'] | b64decode != 'Hello World.'
- name: Archive data with non-ASCII characters to symmetric vault
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
password: SomeVAULTpassword
vault_data: The world of π is half rounded.
register: result
failed_when: not result.changed
- name: Retrieve data from symmetric vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
password: SomeVAULTpassword
state: retrieved
register: result
failed_when: result.data != 'The world of π is half rounded.' or result.changed
- name: Archive data in symmetric vault, from file.
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
in: "{{ ansible_env.HOME }}/in.txt"
password: SomeVAULTpassword
register: result
failed_when: not result.changed
- name: Retrieve data from symmetric vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
password: SomeVAULTpassword
state: retrieved
register: result
failed_when: result.data != 'Another World.' or result.changed
- name: Archive data with single character to symmetric vault
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
password: SomeVAULTpassword
vault_data: c
register: result
failed_when: not result.changed
- name: Retrieve data from symmetric vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
password: SomeVAULTpassword
state: retrieved
register: result
failed_when: result.data != 'c' or result.changed
- name: Ensure symmetric vault is absent
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
state: absent
register: result
failed_when: not result.changed
- name: Ensure symmetric vault is absent, again
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
state: absent
register: result
failed_when: result.changed
- name: Ensure symmetric vault is present, with password from file.
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
username: user01
password_file: "{{ ansible_env.HOME }}/password.txt"
vault_type: symmetric
register: result
failed_when: not result.changed
- name: Ensure symmetric vault is present, with password from file, again.
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
username: user01
password_file: "{{ ansible_env.HOME }}/password.txt"
vault_type: symmetric
register: result
failed_when: result.changed
- name: Archive data to symmetric vault
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
vault_data: Hello World.
password: SomeVAULTpassword
register: result
failed_when: not result.changed
- name: Retrieve data from symmetric vault.
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
password: SomeVAULTpassword
state: retrieved
register: result
failed_when: result.data != 'Hello World.' or result.changed
- name: Retrieve data from symmetric vault, with password file.
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
password_file: "{{ ansible_env.HOME }}/password.txt"
state: retrieved
register: result
failed_when: result.data != 'Hello World.' or result.changed
- name: Ensure symmetric vault is absent
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
state: absent
register: result
failed_when: not result.changed
- name: Ensure symmetric vault is absent, again
ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
state: absent
register: result
failed_when: result.changed
- name: Cleanup testing environment.
import_tasks: env_cleanup.yml
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment