# test code for the uri module
# (c) 2014, Leonid Evdokimov <leon@darkk.net.ru>
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <https://www.gnu.org/licenses/>.
- name : set role facts
set_fact :
http_port : 15260
files_dir : '{{ output_dir|expanduser }}/files'
checkout_dir : '{{ output_dir }}/git'
- name : create a directory to serve files from
file :
dest : "{{ files_dir }}"
state : directory
- copy :
src : "{{ item }}"
dest : "{{files_dir}}/{{ item }}"
with_sequence : start=0 end=4 format=pass%d.json
- copy :
src : "{{ item }}"
dest : "{{files_dir}}/{{ item }}"
with_sequence : start=0 end=30 format=fail%d.json
- copy :
src : "testserver.py"
dest : "{{ output_dir }}/testserver.py"
- name : start SimpleHTTPServer
shell : cd {{ files_dir }} && {{ ansible_python.executable }} {{ output_dir}}/testserver.py {{ http_port }}
async : 120 # this test set can take ~1m to run on FreeBSD (via Shippable)
poll : 0
- wait_for : port={{ http_port }}
- name : checksum pass_json
stat : path={{ files_dir }}/{{ item }}.json get_checksum=yes
register : pass_checksum
with_sequence : start=0 end=4 format=pass%d
- name : fetch pass_json
uri : return_content=yes url=http://localhost:{{ http_port }}/{{ item }}.json
register : fetch_pass_json
with_sequence : start=0 end=4 format=pass%d
- name : check pass_json
assert :
that :
- '"json" in item.1'
- item.0.stat.checksum == item.1.content | checksum
with_together :
- "{{pass_checksum.results}}"
- "{{fetch_pass_json.results}}"
- name : checksum fail_json
stat : path={{ files_dir }}/{{ item }}.json get_checksum=yes
register : fail_checksum
with_sequence : start=0 end=30 format=fail%d
- name : fetch fail_json
uri : return_content=yes url=http://localhost:{{ http_port }}/{{ item }}.json
register : fail
with_sequence : start=0 end=30 format=fail%d
- name : check fail_json
assert :
that :
- item.0.stat.checksum == item.1.content | checksum
- '"json" not in item.1'
with_together :
- "{{fail_checksum.results}}"
- "{{fail.results}}"
- name : test https fetch to a site with mismatched hostname and certificate
uri :
url : "https://{{ badssl_host }}/"
dest : "{{ output_dir }}/shouldnotexist.html"
ignore_errors : True
register : result
- stat :
path : "{{ output_dir }}/shouldnotexist.html"
register : stat_result
- name : Assert that the file was not downloaded
assert :
that :
- result.failed == true
- "'Failed to validate the SSL certificate' in result.msg or 'Hostname mismatch' in result.msg or (result.msg is match('hostname .* doesn.t match .*'))"
- stat_result.stat.exists == false
- result.status is defined
- result.status == -1
- result.url == 'https://' ~ badssl_host ~ '/'
- name : Clean up any cruft from the results directory
file :
name : "{{ output_dir }}/kreitz.html"
state : absent
- name : test https fetch to a site with mismatched hostname and certificate and validate_certs=no
uri :
url : "https://{{ badssl_host }}/"
dest : "{{ output_dir }}/kreitz.html"
validate_certs : no
register : result
- stat :
path : "{{ output_dir }}/kreitz.html"
register : stat_result
- name : Assert that the file was downloaded
assert :
that :
- "stat_result.stat.exists == true"
- "result.changed == true"
- name : "get ca certificate {{ self_signed_host }}"
get_url :
url : "http://{{ httpbin_host }}/ca2cert.pem"
dest : "{{ remote_tmp_dir }}/ca2cert.pem"
- name : test https fetch to a site with self signed certificate using ca_path
uri :
url : "https://{{ self_signed_host }}:444/"
dest : "{{ output_dir }}/self-signed_using_ca_path.html"
ca_path : "{{ remote_tmp_dir }}/ca2cert.pem"
validate_certs : yes
register : result
- stat :
path : "{{ output_dir }}/self-signed_using_ca_path.html"
register : stat_result
- name : Assert that the file was downloaded
assert :
that :
- "stat_result.stat.exists == true"
- "result.changed == true"
- name : test https fetch to a site with self signed certificate without using ca_path
uri :
url : "https://{{ self_signed_host }}:444/"
dest : "{{ output_dir }}/self-signed-without_using_ca_path.html"
validate_certs : yes
register : result
ignore_errors : true
- stat :
path : "{{ output_dir }}/self-signed-without_using_ca_path.html"
register : stat_result
- name : Assure that https access to a host with self-signed certificate without providing ca_path fails
assert :
that :
- "stat_result.stat.exists == false"
- result is failed
- "'certificate verify failed' in result.msg"
- name : Locate ca-bundle
stat :
path : '{{ item }}'
loop :
- /etc/ssl/certs/ca-bundle.crt
- /etc/ssl/certs/ca-certificates.crt
- /var/lib/ca-certificates/ca-bundle.pem
- /usr/local/share/certs/ca-root-nss.crt
- '{{ macos_cafile.stdout_lines|default(["/_i_dont_exist_ca.pem"])|first }}'
- /etc/ssl/cert.pem
register : ca_bundle_candidates
- name : Test that ca_path can be a full bundle
uri :
url : "https://{{ httpbin_host }}/get"
ca_path : '{{ ca_bundle }}'
vars :
ca_bundle : '{{ ca_bundle_candidates.results|selectattr("stat.exists")|map(attribute="item")|first }}'
- name : test redirect without follow_redirects
uri :
url : 'https://{{ httpbin_host }}/redirect/2'
follow_redirects : 'none'
status_code : 302
register : result
- name : Assert location header
assert :
that :
- 'result.location|default("") == "https://{{ httpbin_host }}/relative-redirect/1"'
- name : Check SSL with redirect
uri :
url : 'https://{{ httpbin_host }}/redirect/2'
register : result
- name : Assert SSL with redirect
assert :
that :
- 'result.url|default("") == "https://{{ httpbin_host }}/get"'
- name : redirect to bad SSL site
uri :
url : 'http://{{ badssl_host }}'
register : result
ignore_errors : true
- name : Ensure bad SSL site reidrect fails
assert :
that :
- result is failed
- 'badssl_host in result.msg'
- name : test basic auth
uri :
url : 'https://{{ httpbin_host }}/basic-auth/user/passwd'
user : user
password : passwd
- name : test basic forced auth
uri :
url : 'https://{{ httpbin_host }}/hidden-basic-auth/user/passwd'
force_basic_auth : true
user : user
password : passwd
- name : test digest auth
uri :
url : 'https://{{ httpbin_host }}/digest-auth/auth/user/passwd'
user : user
password : passwd
headers :
Cookie : "fake=fake_value"
- name : test unredirected_headers
uri :
url : 'https://{{ httpbin_host }}/redirect-to?status_code=301&url=/basic-auth/user/passwd'
user : user
password : passwd
force_basic_auth : true
unredirected_headers :
- authorization
ignore_errors : true
register : unredirected_headers
- name : test omitting unredirected headers
uri :
url : 'https://{{ httpbin_host }}/redirect-to?status_code=301&url=/basic-auth/user/passwd'
user : user
password : passwd
force_basic_auth : true
register : redirected_headers
- name : ensure unredirected_headers caused auth to fail
assert :
that :
- unredirected_headers is failed
- unredirected_headers.status == 401
- redirected_headers is successful
- redirected_headers.status == 200
- name : test PUT
uri :
url : 'https://{{ httpbin_host }}/put'
method : PUT
body : 'foo=bar'
- name : test OPTIONS
uri :
url : 'https://{{ httpbin_host }}/'
method : OPTIONS
register : result
- name : Assert we got an allow header
assert :
that :
- 'result.allow.split(", ")|sort == ["GET", "HEAD", "OPTIONS"]'
# Ubuntu12.04 doesn't have python-urllib3, this makes handling required dependencies a pain across all variations
# We'll use this to just skip 12.04 on those tests. We should be sufficiently covered with other OSes and versions
- name : Set fact if running on Ubuntu 12.04
set_fact :
is_ubuntu_precise : "{{ ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'precise' }}"
- name : Test that SNI succeeds on python versions that have SNI
uri :
url : 'https://{{ sni_host }}/'
return_content : true
when : ansible_python.has_sslcontext
register : result
- name : Assert SNI verification succeeds on new python
assert :
that :
- result is successful
- 'sni_host in result.content'
when : ansible_python.has_sslcontext
- name : Verify SNI verification fails on old python without urllib3 contrib
uri :
url : 'https://{{ sni_host }}'
ignore_errors : true
when : not ansible_python.has_sslcontext
register : result
- name : Assert SNI verification fails on old python
assert :
that :
- result is failed
when : result is not skipped
- name : check if urllib3 is installed as an OS package
package :
name : "{{ uri_os_packages[ansible_os_family].urllib3 }}"
check_mode : yes
when : not ansible_python.has_sslcontext and not is_ubuntu_precise|bool and uri_os_packages[ansible_os_family].urllib3|default
register : urllib3
- name : uninstall conflicting urllib3 pip package
pip :
name : urllib3
state : absent
when : not ansible_python.has_sslcontext and not is_ubuntu_precise|bool and uri_os_packages[ansible_os_family].urllib3|default and urllib3.changed
- name : install OS packages that are needed for SNI on old python
package :
name : "{{ item }}"
with_items : "{{ uri_os_packages[ansible_os_family].step1 | default([]) }}"
when : not ansible_python.has_sslcontext and not is_ubuntu_precise|bool
- name : install python modules for Older Python SNI verification
pip :
name : "{{ item }}"
with_items :
- ndg-httpsclient
when : not ansible_python.has_sslcontext and not is_ubuntu_precise|bool
- name : Verify SNI verification succeeds on old python with urllib3 contrib
uri :
url : 'https://{{ sni_host }}'
return_content : true
when : not ansible_python.has_sslcontext and not is_ubuntu_precise|bool
register : result
- name : Assert SNI verification succeeds on old python
assert :
that :
- result is successful
- 'sni_host in result.content'
when : not ansible_python.has_sslcontext and not is_ubuntu_precise|bool
- name : Uninstall ndg-httpsclient
pip :
name : "{{ item }}"
state : absent
with_items :
- ndg-httpsclient
when : not ansible_python.has_sslcontext and not is_ubuntu_precise|bool
- name : uninstall OS packages that are needed for SNI on old python
package :
name : "{{ item }}"
state : absent
with_items : "{{ uri_os_packages[ansible_os_family].step1 | default([]) }}"
when : not ansible_python.has_sslcontext and not is_ubuntu_precise|bool
- name : install OS packages that are needed for building cryptography
package :
name : "{{ item }}"
with_items : "{{ uri_os_packages[ansible_os_family].step2 | default([]) }}"
when : not ansible_python.has_sslcontext and not is_ubuntu_precise|bool
- name : create constraints path
set_fact :
remote_constraints : "{{ remote_tmp_dir }}/constraints.txt"
when : not ansible_python.has_sslcontext and not is_ubuntu_precise|bool
- name : create constraints file
copy :
content : |
cryptography == 2.1.4
idna == 2.5
pyopenssl == 17.5.0
six == 1.13.0
urllib3 == 1.23
dest : "{{ remote_constraints }}"
when : not ansible_python.has_sslcontext and not is_ubuntu_precise|bool
- name : install urllib3 and pyopenssl via pip
pip :
name : "{{ item }}"
extra_args : "-c {{ remote_constraints }}"
with_items :
- urllib3
- PyOpenSSL
when : not ansible_python.has_sslcontext and not is_ubuntu_precise|bool
- name : Verify SNI verification succeeds on old python with pip urllib3 contrib
uri :
url : 'https://{{ sni_host }}'
return_content : true
when : not ansible_python.has_sslcontext and not is_ubuntu_precise|bool
register : result
- name : Assert SNI verification succeeds on old python with pip urllib3 contrib
assert :
that :
- result is successful
- 'sni_host in result.content'
when : not ansible_python.has_sslcontext and not is_ubuntu_precise|bool
- name : Uninstall urllib3 and PyOpenSSL
pip :
name : "{{ item }}"
state : absent
with_items :
- urllib3
- PyOpenSSL
when : not ansible_python.has_sslcontext and not is_ubuntu_precise|bool
- name : validate the status_codes are correct
uri :
url : "https://{{ httpbin_host }}/status/202"
status_code : 202
method : POST
body : foo
- name : Validate body_format json does not override content-type in 2.3 or newer
uri :
url : "https://{{ httpbin_host }}/post"
method : POST
body :
foo : bar
body_format : json
headers :
'Content-Type' : 'text/json'
return_content : true
register : result
failed_when : result.json.headers['Content-Type'] != 'text/json'
- name : Validate body_format form-urlencoded using dicts works
uri :
url : https://{{ httpbin_host }}/post
method : POST
body :
user : foo
password : bar!#@ |&82$M
submit : Sign in
body_format : form-urlencoded
return_content : yes
register : result
- name : Assert form-urlencoded dict input
assert :
that :
- result is successful
- result.json.headers['Content-Type'] == 'application/x-www-form-urlencoded'
- result.json.form.password == 'bar!#@ |&82$M'
- name : Validate body_format form-urlencoded using lists works
uri :
url : https://{{ httpbin_host }}/post
method : POST
body :
- [ user, foo ]
- [ password, bar!#@ |&82$M ]
- [ submit, Sign in ]
body_format : form-urlencoded
return_content : yes
register : result
- name : Assert form-urlencoded list input
assert :
that :
- result is successful
- result.json.headers['Content-Type'] == 'application/x-www-form-urlencoded'
- result.json.form.password == 'bar!#@ |&82$M'
- name : Validate body_format form-urlencoded of invalid input fails
uri :
url : https://{{ httpbin_host }}/post
method : POST
body :
- foo
- bar : baz
body_format : form-urlencoded
return_content : yes
register : result
ignore_errors : yes
- name : Assert invalid input fails
assert :
that :
- result is failure
- "'failed to parse body as form_urlencoded: too many values to unpack' in result.msg"
- name : multipart/form-data
uri :
url : https://{{ httpbin_host }}/post
method : POST
body_format : form-multipart
body :
file1 :
filename : formdata.txt
file2 :
content : text based file content
filename : fake.txt
mime_type : text/plain
text_form_field1 : value1
text_form_field2 :
content : value2
mime_type : text/plain
register : multipart
- name : Assert multipart/form-data
assert :
that :
- multipart.json.files.file1 == '_multipart/form-data_\n'
- multipart.json.files.file2 == 'text based file content'
- multipart.json.form.text_form_field1 == 'value1'
- multipart.json.form.text_form_field2 == 'value2'
# https://github.com/ansible/ansible/issues/74276 - verifies we don't have a traceback
- name : multipart/form-data with invalid value
uri :
url : https://{{ httpbin_host }}/post
method : POST
body_format : form-multipart
body :
integer_value : 1
register : multipart_invalid
failed_when : 'multipart_invalid.msg != "failed to parse body as form-multipart: value must be a string, or mapping, cannot be type int"'
- name : Validate invalid method
uri :
url : https://{{ httpbin_host }}/anything
method : UNKNOWN
register : result
ignore_errors : yes
- name : Assert invalid method fails
assert :
that :
- result is failure
- result.status == 405
- "'METHOD NOT ALLOWED' in result.msg"
- name : Test client cert auth, no certs
uri :
url : "https://ansible.http.tests/ssl_client_verify"
status_code : 200
return_content : true
register : result
failed_when : result.content != "ansible.http.tests:NONE"
when : has_httptester
- name : Test client cert auth, with certs
uri :
url : "https://ansible.http.tests/ssl_client_verify"
client_cert : "{{ remote_tmp_dir }}/client.pem"
client_key : "{{ remote_tmp_dir }}/client.key"
return_content : true
register : result
failed_when : result.content != "ansible.http.tests:SUCCESS"
when : has_httptester
- name : Test client cert auth, with no validation
uri :
url : "https://fail.ansible.http.tests/ssl_client_verify"
client_cert : "{{ remote_tmp_dir }}/client.pem"
client_key : "{{ remote_tmp_dir }}/client.key"
return_content : true
validate_certs : no
register : result
failed_when : result.content != "ansible.http.tests:SUCCESS"
when : has_httptester
- name : Test client cert auth, with validation and ssl mismatch
uri :
url : "https://fail.ansible.http.tests/ssl_client_verify"
client_cert : "{{ remote_tmp_dir }}/client.pem"
client_key : "{{ remote_tmp_dir }}/client.key"
return_content : true
validate_certs : yes
register : result
failed_when : result is not failed
when : has_httptester
- uri :
url : https://{{ httpbin_host }}/response-headers?Set-Cookie=Foo%3Dbar&Set-Cookie=Baz%3Dqux
register : result
- assert :
that :
- result['set_cookie'] == 'Foo=bar, Baz=qux'
# Python sorts cookies in order of most specific (ie. longest) path first
# items with the same path are reversed from response order
- result['cookies_string'] == 'Baz=qux; Foo=bar'
- name : Write out netrc template
template :
src : netrc.j2
dest : "{{ remote_tmp_dir }}/netrc"
- name : Test netrc with port
uri :
url : "https://{{ httpbin_host }}:443/basic-auth/user/passwd"
environment :
NETRC : "{{ remote_tmp_dir }}/netrc"
- name : Test JSON POST with src
uri :
url : "https://{{ httpbin_host}}/post"
src : pass0.json
method : POST
return_content : true
body_format : json
register : result
- name : Validate POST with src works
assert :
that :
- result.json.json[0] == 'JSON Test Pattern pass1'
- name : Copy file pass0.json to remote
copy :
src : "{{ role_path }}/files/pass0.json"
dest : "{{ remote_tmp_dir }}/pass0.json"
- name : Test JSON POST with src and remote_src=True
uri :
url : "https://{{ httpbin_host}}/post"
src : "{{ remote_tmp_dir }}/pass0.json"
remote_src : true
method : POST
return_content : true
body_format : json
register : result
- name : Validate POST with src and remote_src=True works
assert :
that :
- result.json.json[0] == 'JSON Test Pattern pass1'
- name : Make request that includes password in JSON keys
uri :
url : "https://{{ httpbin_host}}/get?key-password=value-password"
user : admin
password : password
register : sanitize_keys
- name : assert that keys were sanitized
assert :
that :
- sanitize_keys.json.args['key-********'] == 'value-********'
- name : Create a testing file
copy :
content : "content"
dest : "{{ output_dir }}/output"
- name : Download a file from non existing location
uri :
url : http://does/not/exist
dest : "{{ output_dir }}/output"
ignore_errors : yes
- name : Save testing file's output
command : "cat {{ output_dir }}/output"
register : file_out
- name : Test the testing file was not overwritten
assert :
that :
- "'content' in file_out.stdout"
- name : Clean up
file :
dest : "{{ output_dir }}/output"
state : absent
- name : Test follow_redirects=none
uri: check unexpected failure doesn't occur when file cannot be saved (#45824)
* uri: fix TypeError when file can't be saved
Fix the following exception (and others):
Traceback (most recent call last):
File "/home/lilou/debug_dir/__main__.py", line 604, in <module>
main()
File "/home/lilou/debug_dir/__main__.py", line 554, in main
write_file(module, url, dest, content, resp)
File "/home/lilou/debug_dir/__main__.py", line 320, in write_file
module.fail_json(msg="Destination dir '%s' not writable" % os.path.dirname(dest), **resp)
TypeError: fail_json() got multiple values for keyword argument 'msg'
I would rather remove **resp from returned values but this module is
flagged as stableinterface.
* Static imports are more straight forward and preferred unless dynamic inclusion is required.
6 years ago
import_tasks : redirect-none.yml
- name : Test follow_redirects=safe
uri: check unexpected failure doesn't occur when file cannot be saved (#45824)
* uri: fix TypeError when file can't be saved
Fix the following exception (and others):
Traceback (most recent call last):
File "/home/lilou/debug_dir/__main__.py", line 604, in <module>
main()
File "/home/lilou/debug_dir/__main__.py", line 554, in main
write_file(module, url, dest, content, resp)
File "/home/lilou/debug_dir/__main__.py", line 320, in write_file
module.fail_json(msg="Destination dir '%s' not writable" % os.path.dirname(dest), **resp)
TypeError: fail_json() got multiple values for keyword argument 'msg'
I would rather remove **resp from returned values but this module is
flagged as stableinterface.
* Static imports are more straight forward and preferred unless dynamic inclusion is required.
6 years ago
import_tasks : redirect-safe.yml
- name : Test follow_redirects=urllib2
uri: check unexpected failure doesn't occur when file cannot be saved (#45824)
* uri: fix TypeError when file can't be saved
Fix the following exception (and others):
Traceback (most recent call last):
File "/home/lilou/debug_dir/__main__.py", line 604, in <module>
main()
File "/home/lilou/debug_dir/__main__.py", line 554, in main
write_file(module, url, dest, content, resp)
File "/home/lilou/debug_dir/__main__.py", line 320, in write_file
module.fail_json(msg="Destination dir '%s' not writable" % os.path.dirname(dest), **resp)
TypeError: fail_json() got multiple values for keyword argument 'msg'
I would rather remove **resp from returned values but this module is
flagged as stableinterface.
* Static imports are more straight forward and preferred unless dynamic inclusion is required.
6 years ago
import_tasks : redirect-urllib2.yml
- name : Test follow_redirects=all
uri: check unexpected failure doesn't occur when file cannot be saved (#45824)
* uri: fix TypeError when file can't be saved
Fix the following exception (and others):
Traceback (most recent call last):
File "/home/lilou/debug_dir/__main__.py", line 604, in <module>
main()
File "/home/lilou/debug_dir/__main__.py", line 554, in main
write_file(module, url, dest, content, resp)
File "/home/lilou/debug_dir/__main__.py", line 320, in write_file
module.fail_json(msg="Destination dir '%s' not writable" % os.path.dirname(dest), **resp)
TypeError: fail_json() got multiple values for keyword argument 'msg'
I would rather remove **resp from returned values but this module is
flagged as stableinterface.
* Static imports are more straight forward and preferred unless dynamic inclusion is required.
6 years ago
import_tasks : redirect-all.yml
- name : Check unexpected failures
import_tasks : unexpected-failures.yml
- name : Check return-content
import_tasks : return-content.yml
- name : Test use_gssapi=True
include_tasks :
file : use_gssapi.yml
apply :
environment :
KRB5_CONFIG : '{{ krb5_config }}'
KRB5CCNAME : FILE:{{ remote_tmp_dir }}/krb5.cc
when : krb5_config is defined