From 2d2211e4e11d034b3fc0f955f447a44b4d2ab1d9 Mon Sep 17 00:00:00 2001 From: Matt Clay Date: Mon, 23 Oct 2023 12:11:31 -0700 Subject: [PATCH] Simplify filter_encryption test (#82062) --- .../targets/filter_encryption/aliases | 1 + .../targets/filter_encryption/base.yml | 49 ------------------- .../targets/filter_encryption/runme.sh | 5 -- .../targets/filter_encryption/tasks/main.yml | 14 ++++++ .../targets/filter_encryption/vars/main.yml | 37 ++++++++++++++ 5 files changed, 52 insertions(+), 54 deletions(-) delete mode 100644 test/integration/targets/filter_encryption/base.yml delete mode 100755 test/integration/targets/filter_encryption/runme.sh create mode 100644 test/integration/targets/filter_encryption/tasks/main.yml create mode 100644 test/integration/targets/filter_encryption/vars/main.yml diff --git a/test/integration/targets/filter_encryption/aliases b/test/integration/targets/filter_encryption/aliases index 3005e4b26d0..4d41cf4af0d 100644 --- a/test/integration/targets/filter_encryption/aliases +++ b/test/integration/targets/filter_encryption/aliases @@ -1 +1,2 @@ shippable/posix/group4 +gather_facts/no diff --git a/test/integration/targets/filter_encryption/base.yml b/test/integration/targets/filter_encryption/base.yml deleted file mode 100644 index 1479f73455a..00000000000 --- a/test/integration/targets/filter_encryption/base.yml +++ /dev/null @@ -1,49 +0,0 @@ -- hosts: localhost - gather_facts: true - vars: - data: secret - data2: 'foo: bar\n' - dvault: '{{ "secret"|vault("test")}}' - password: test - s_32: '{{(2**31-1)}}' - s_64: '{{(2**63-1)}}' - vaultedstring_32: "$ANSIBLE_VAULT;1.2;AES256;filter_default\n33360a30386436633031333665316161303732656333373131373935623033393964633637346464\n6234613765313539306138373564366363306533356464613334320a666339363037303764636538\n3131633564326637303237313463613864626231\n" - vaultedstring_64: "$ANSIBLE_VAULT;1.2;AES256;filter_default\n33370a34333734353636633035656232613935353432656132646533346233326431346232616261\n6133383034376566366261316365633931356133633337396363370a376664386236313834326561\n6338373864623763613165366636633031303739\n" - vault: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 33323332333033383335333533383338333333303339333733323339333833303334333133313339 - 33373339333133323331333833373335333933323338333633343338333133343334333733383334 - 33333335333433383337333133303339333433353332333333363339333733363335333233303330 - 3337333733353331333633313335333733373334333733320a373938666533366165653830313163 - 62386564343438653437333564383664646538653364343138303831613039313232636437336530 - 3438376662373764650a633366646563386335623161646262366137393635633464333265613938 - 6661 - # allow testing against 32b/64b limited archs, normally you can set higher values for random (2**256) - is_64: '{{ "64" in ansible_facts["architecture"] }}' - salt: '{{ is_64|bool|ternary(s_64, s_32)|random(seed=inventory_hostname)}}' - vaultedstring: '{{ is_64|bool|ternary(vaultedstring_64, vaultedstring_32) }}' - # command line vaulted data2 - vaulted_id: !vault | - $ANSIBLE_VAULT;1.2;AES256;test1 - 36383733336533656264393332663131613335333332346439356164383935656234663631356430 - 3533353537343834333538356366376233326364613362640a623832636339363966336238393039 - 35316562626335306534356162623030613566306235623863373036626531346364626166656134 - 3063376436656635330a363636376131663362633731313964353061663661376638326461393736 - 3863 - vaulted_to_id: "{{data2|vault('test1@secret', vault_id='test1')}}" - - tasks: - - name: check vaulting - assert: - that: - - data|vault(password, salt=salt) == vaultedstring - - "data|vault(password, salt=salt)|type_debug != 'AnsibleVaultEncryptedUnicode'" - - "data|vault(password, salt=salt, wrap_object=True)|type_debug == 'AnsibleVaultEncryptedUnicode'" - - - name: check unvaulting - assert: - that: - - vaultedstring|unvault(password) == data - - vault|unvault(password) == data - - vaulted_id|unvault('test1@secret', vault_id='test1') - - vaulted_to_id|unvault('test1@secret', vault_id='test1') diff --git a/test/integration/targets/filter_encryption/runme.sh b/test/integration/targets/filter_encryption/runme.sh deleted file mode 100755 index 41b30b1d6ad..00000000000 --- a/test/integration/targets/filter_encryption/runme.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env bash - -set -eux - -ANSIBLE_GATHER_SUBSET='min' ansible-playbook base.yml "$@" diff --git a/test/integration/targets/filter_encryption/tasks/main.yml b/test/integration/targets/filter_encryption/tasks/main.yml new file mode 100644 index 00000000000..ad83f3c1f8e --- /dev/null +++ b/test/integration/targets/filter_encryption/tasks/main.yml @@ -0,0 +1,14 @@ +- name: check vaulting + assert: + that: + - data1_plaintext|vault(data1_password, salt=data1_salt) == data1_vaulted_string_with_id + - data1_plaintext|vault(data1_password, salt=data1_salt)|type_debug != 'AnsibleVaultEncryptedUnicode' + - data1_plaintext|vault(data1_password, salt=data1_salt, wrap_object=True)|type_debug == 'AnsibleVaultEncryptedUnicode' + +- name: check unvaulting + assert: + that: + - data1_vaulted_string_with_id|unvault(data1_password) == data1_plaintext + - data1_vaulted|unvault(data1_password) == data1_plaintext + - data2_vaulted_with_id|unvault(data2_password, vault_id=data2_vault_id) + - data2_vaulted_string_with_id|unvault(data2_password, vault_id=data2_vault_id) diff --git a/test/integration/targets/filter_encryption/vars/main.yml b/test/integration/targets/filter_encryption/vars/main.yml new file mode 100644 index 00000000000..c7314230e94 --- /dev/null +++ b/test/integration/targets/filter_encryption/vars/main.yml @@ -0,0 +1,37 @@ +data1_salt: 7 +data1_password: test +data1_plaintext: secret +# value from template: {{ data1_plaintext | vault(data1_password, vault_id='filter_default', salt=data1_salt) }} +data1_vaulted_string_with_id: | + $ANSIBLE_VAULT;1.2;AES256;filter_default + 33370a34333734353636633035656232613935353432656132646533346233326431346232616261 + 6133383034376566366261316365633931356133633337396363370a376664386236313834326561 + 6338373864623763613165366636633031303739 +data1_vaulted: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 33323332333033383335333533383338333333303339333733323339333833303334333133313339 + 33373339333133323331333833373335333933323338333633343338333133343334333733383334 + 33333335333433383337333133303339333433353332333333363339333733363335333233303330 + 3337333733353331333633313335333733373334333733320a373938666533366165653830313163 + 62386564343438653437333564383664646538653364343138303831613039313232636437336530 + 3438376662373764650a633366646563386335623161646262366137393635633464333265613938 + 6661 + +data2_vault_id: test1 +data2_password: test1@secret +data2_plaintext: 'foo: bar\n' +# value from template: {{ data2_plaintext | vault(data2_password, vault_id=data2_vault_id) }} +data2_vaulted_string_with_id: | + $ANSIBLE_VAULT;1.2;AES256;test1 + 65383166333033626133363239373635393635353232316433386430316265316639663234326638 + 6637623162613135623965386334313361383365326466340a316465653939333339393464623664 + 32303038646437326134363662393038666538643065613136316361306132636231336233333362 + 3665646531363138390a643530333038333936343262343638626535653564616537313635353633 + 3865 +data2_vaulted_with_id: !vault | + $ANSIBLE_VAULT;1.2;AES256;test1 + 36383733336533656264393332663131613335333332346439356164383935656234663631356430 + 3533353537343834333538356366376233326364613362640a623832636339363966336238393039 + 35316562626335306534356162623030613566306235623863373036626531346364626166656134 + 3063376436656635330a363636376131663362633731313964353061663661376638326461393736 + 3863