mirror of https://github.com/ansible/ansible.git
Simplify filter_encryption test (#82062)
parent
40263992df
commit
2d2211e4e1
@ -1 +1,2 @@
|
|||||||
shippable/posix/group4
|
shippable/posix/group4
|
||||||
|
gather_facts/no
|
||||||
|
@ -1,49 +0,0 @@
|
|||||||
- hosts: localhost
|
|
||||||
gather_facts: true
|
|
||||||
vars:
|
|
||||||
data: secret
|
|
||||||
data2: 'foo: bar\n'
|
|
||||||
dvault: '{{ "secret"|vault("test")}}'
|
|
||||||
password: test
|
|
||||||
s_32: '{{(2**31-1)}}'
|
|
||||||
s_64: '{{(2**63-1)}}'
|
|
||||||
vaultedstring_32: "$ANSIBLE_VAULT;1.2;AES256;filter_default\n33360a30386436633031333665316161303732656333373131373935623033393964633637346464\n6234613765313539306138373564366363306533356464613334320a666339363037303764636538\n3131633564326637303237313463613864626231\n"
|
|
||||||
vaultedstring_64: "$ANSIBLE_VAULT;1.2;AES256;filter_default\n33370a34333734353636633035656232613935353432656132646533346233326431346232616261\n6133383034376566366261316365633931356133633337396363370a376664386236313834326561\n6338373864623763613165366636633031303739\n"
|
|
||||||
vault: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
33323332333033383335333533383338333333303339333733323339333833303334333133313339
|
|
||||||
33373339333133323331333833373335333933323338333633343338333133343334333733383334
|
|
||||||
33333335333433383337333133303339333433353332333333363339333733363335333233303330
|
|
||||||
3337333733353331333633313335333733373334333733320a373938666533366165653830313163
|
|
||||||
62386564343438653437333564383664646538653364343138303831613039313232636437336530
|
|
||||||
3438376662373764650a633366646563386335623161646262366137393635633464333265613938
|
|
||||||
6661
|
|
||||||
# allow testing against 32b/64b limited archs, normally you can set higher values for random (2**256)
|
|
||||||
is_64: '{{ "64" in ansible_facts["architecture"] }}'
|
|
||||||
salt: '{{ is_64|bool|ternary(s_64, s_32)|random(seed=inventory_hostname)}}'
|
|
||||||
vaultedstring: '{{ is_64|bool|ternary(vaultedstring_64, vaultedstring_32) }}'
|
|
||||||
# command line vaulted data2
|
|
||||||
vaulted_id: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.2;AES256;test1
|
|
||||||
36383733336533656264393332663131613335333332346439356164383935656234663631356430
|
|
||||||
3533353537343834333538356366376233326364613362640a623832636339363966336238393039
|
|
||||||
35316562626335306534356162623030613566306235623863373036626531346364626166656134
|
|
||||||
3063376436656635330a363636376131663362633731313964353061663661376638326461393736
|
|
||||||
3863
|
|
||||||
vaulted_to_id: "{{data2|vault('test1@secret', vault_id='test1')}}"
|
|
||||||
|
|
||||||
tasks:
|
|
||||||
- name: check vaulting
|
|
||||||
assert:
|
|
||||||
that:
|
|
||||||
- data|vault(password, salt=salt) == vaultedstring
|
|
||||||
- "data|vault(password, salt=salt)|type_debug != 'AnsibleVaultEncryptedUnicode'"
|
|
||||||
- "data|vault(password, salt=salt, wrap_object=True)|type_debug == 'AnsibleVaultEncryptedUnicode'"
|
|
||||||
|
|
||||||
- name: check unvaulting
|
|
||||||
assert:
|
|
||||||
that:
|
|
||||||
- vaultedstring|unvault(password) == data
|
|
||||||
- vault|unvault(password) == data
|
|
||||||
- vaulted_id|unvault('test1@secret', vault_id='test1')
|
|
||||||
- vaulted_to_id|unvault('test1@secret', vault_id='test1')
|
|
@ -1,5 +0,0 @@
|
|||||||
#!/usr/bin/env bash
|
|
||||||
|
|
||||||
set -eux
|
|
||||||
|
|
||||||
ANSIBLE_GATHER_SUBSET='min' ansible-playbook base.yml "$@"
|
|
@ -0,0 +1,14 @@
|
|||||||
|
- name: check vaulting
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- data1_plaintext|vault(data1_password, salt=data1_salt) == data1_vaulted_string_with_id
|
||||||
|
- data1_plaintext|vault(data1_password, salt=data1_salt)|type_debug != 'AnsibleVaultEncryptedUnicode'
|
||||||
|
- data1_plaintext|vault(data1_password, salt=data1_salt, wrap_object=True)|type_debug == 'AnsibleVaultEncryptedUnicode'
|
||||||
|
|
||||||
|
- name: check unvaulting
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- data1_vaulted_string_with_id|unvault(data1_password) == data1_plaintext
|
||||||
|
- data1_vaulted|unvault(data1_password) == data1_plaintext
|
||||||
|
- data2_vaulted_with_id|unvault(data2_password, vault_id=data2_vault_id)
|
||||||
|
- data2_vaulted_string_with_id|unvault(data2_password, vault_id=data2_vault_id)
|
@ -0,0 +1,37 @@
|
|||||||
|
data1_salt: 7
|
||||||
|
data1_password: test
|
||||||
|
data1_plaintext: secret
|
||||||
|
# value from template: {{ data1_plaintext | vault(data1_password, vault_id='filter_default', salt=data1_salt) }}
|
||||||
|
data1_vaulted_string_with_id: |
|
||||||
|
$ANSIBLE_VAULT;1.2;AES256;filter_default
|
||||||
|
33370a34333734353636633035656232613935353432656132646533346233326431346232616261
|
||||||
|
6133383034376566366261316365633931356133633337396363370a376664386236313834326561
|
||||||
|
6338373864623763613165366636633031303739
|
||||||
|
data1_vaulted: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
33323332333033383335333533383338333333303339333733323339333833303334333133313339
|
||||||
|
33373339333133323331333833373335333933323338333633343338333133343334333733383334
|
||||||
|
33333335333433383337333133303339333433353332333333363339333733363335333233303330
|
||||||
|
3337333733353331333633313335333733373334333733320a373938666533366165653830313163
|
||||||
|
62386564343438653437333564383664646538653364343138303831613039313232636437336530
|
||||||
|
3438376662373764650a633366646563386335623161646262366137393635633464333265613938
|
||||||
|
6661
|
||||||
|
|
||||||
|
data2_vault_id: test1
|
||||||
|
data2_password: test1@secret
|
||||||
|
data2_plaintext: 'foo: bar\n'
|
||||||
|
# value from template: {{ data2_plaintext | vault(data2_password, vault_id=data2_vault_id) }}
|
||||||
|
data2_vaulted_string_with_id: |
|
||||||
|
$ANSIBLE_VAULT;1.2;AES256;test1
|
||||||
|
65383166333033626133363239373635393635353232316433386430316265316639663234326638
|
||||||
|
6637623162613135623965386334313361383365326466340a316465653939333339393464623664
|
||||||
|
32303038646437326134363662393038666538643065613136316361306132636231336233333362
|
||||||
|
3665646531363138390a643530333038333936343262343638626535653564616537313635353633
|
||||||
|
3865
|
||||||
|
data2_vaulted_with_id: !vault |
|
||||||
|
$ANSIBLE_VAULT;1.2;AES256;test1
|
||||||
|
36383733336533656264393332663131613335333332346439356164383935656234663631356430
|
||||||
|
3533353537343834333538356366376233326364613362640a623832636339363966336238393039
|
||||||
|
35316562626335306534356162623030613566306235623863373036626531346364626166656134
|
||||||
|
3063376436656635330a363636376131663362633731313964353061663661376638326461393736
|
||||||
|
3863
|
Loading…
Reference in New Issue