mirror of https://github.com/ansible/ansible.git
luks_device: add integration tests (#52359)
* Add first version of luks_device tests. * Do ~ expansion manually. * Try to enable RHEL8. * Adjust to older losetup version. * Make sure cryptsetup is installed.pull/52503/head
parent
f67f391730
commit
5b28cd65f0
@ -0,0 +1,6 @@
|
|||||||
|
shippable/posix/group2
|
||||||
|
skip/osx
|
||||||
|
skip/freebsd
|
||||||
|
skip/docker
|
||||||
|
needs/root
|
||||||
|
destructive
|
@ -0,0 +1 @@
|
|||||||
|
asdf
|
@ -0,0 +1 @@
|
|||||||
|
test1234
|
@ -0,0 +1,33 @@
|
|||||||
|
---
|
||||||
|
- name: Make sure cryptsetup is installed
|
||||||
|
package:
|
||||||
|
name: cryptsetup
|
||||||
|
state: present
|
||||||
|
become: yes
|
||||||
|
- name: Create cryptfile
|
||||||
|
command: dd if=/dev/zero of={{ output_dir.replace('~', ansible_env.HOME) }}/cryptfile bs=1M count=32
|
||||||
|
- name: Create lookback device
|
||||||
|
command: losetup -f {{ output_dir.replace('~', ansible_env.HOME) }}/cryptfile
|
||||||
|
become: yes
|
||||||
|
- name: Determine loop device name
|
||||||
|
command: losetup -j {{ output_dir.replace('~', ansible_env.HOME) }}/cryptfile --output name
|
||||||
|
become: yes
|
||||||
|
register: cryptfile_device_output
|
||||||
|
- set_fact:
|
||||||
|
cryptfile_device: "{{ cryptfile_device_output.stdout_lines[1] }}"
|
||||||
|
- block:
|
||||||
|
- include_tasks: run-test.yml
|
||||||
|
with_fileglob:
|
||||||
|
- "tests/*.yml"
|
||||||
|
always:
|
||||||
|
- name: Make sure LUKS device is gone
|
||||||
|
luks_device:
|
||||||
|
device: "{{ cryptfile_device }}"
|
||||||
|
state: absent
|
||||||
|
become: yes
|
||||||
|
ignore_errors: yes
|
||||||
|
- command: losetup -d "{{ cryptfile_device }}"
|
||||||
|
become: yes
|
||||||
|
- file:
|
||||||
|
dest: "{{ output_dir }}/cryptfile"
|
||||||
|
state: absent
|
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
- name: Make sure LUKS device is gone
|
||||||
|
luks_device:
|
||||||
|
device: "{{ cryptfile_device }}"
|
||||||
|
state: absent
|
||||||
|
become: yes
|
||||||
|
- name: "Loading tasks from {{ item }}"
|
||||||
|
include_tasks: "{{ item }}"
|
@ -0,0 +1,187 @@
|
|||||||
|
---
|
||||||
|
#- name: Create (check)
|
||||||
|
# luks_device:
|
||||||
|
# device: "{{ cryptfile_device }}"
|
||||||
|
# state: present
|
||||||
|
# keyfile: "{{ role_path }}/files/keyfile1"
|
||||||
|
# check_mode: yes
|
||||||
|
# become: yes
|
||||||
|
# register: create_check
|
||||||
|
- name: Create
|
||||||
|
luks_device:
|
||||||
|
device: "{{ cryptfile_device }}"
|
||||||
|
state: present
|
||||||
|
keyfile: "{{ role_path }}/files/keyfile1"
|
||||||
|
become: yes
|
||||||
|
register: create
|
||||||
|
- name: Create (idempotent)
|
||||||
|
luks_device:
|
||||||
|
device: "{{ cryptfile_device }}"
|
||||||
|
state: present
|
||||||
|
keyfile: "{{ role_path }}/files/keyfile1"
|
||||||
|
become: yes
|
||||||
|
register: create_idem
|
||||||
|
#- name: Create (idempotent, check)
|
||||||
|
# luks_device:
|
||||||
|
# device: "{{ cryptfile_device }}"
|
||||||
|
# state: present
|
||||||
|
# keyfile: "{{ role_path }}/files/keyfile1"
|
||||||
|
# check_mode: yes
|
||||||
|
# become: yes
|
||||||
|
# register: create_idem_check
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
#- create_check is changed
|
||||||
|
- create is changed
|
||||||
|
- create_idem is not changed
|
||||||
|
#- create_idem_check is not changed
|
||||||
|
|
||||||
|
#- name: Open (check)
|
||||||
|
# luks_device:
|
||||||
|
# device: "{{ cryptfile_device }}"
|
||||||
|
# state: opened
|
||||||
|
# keyfile: "{{ role_path }}/files/keyfile1"
|
||||||
|
# check_mode: yes
|
||||||
|
# become: yes
|
||||||
|
# register: open_check
|
||||||
|
- name: Open
|
||||||
|
luks_device:
|
||||||
|
device: "{{ cryptfile_device }}"
|
||||||
|
state: opened
|
||||||
|
keyfile: "{{ role_path }}/files/keyfile1"
|
||||||
|
become: yes
|
||||||
|
register: open
|
||||||
|
- name: Open (idempotent)
|
||||||
|
luks_device:
|
||||||
|
device: "{{ cryptfile_device }}"
|
||||||
|
state: opened
|
||||||
|
keyfile: "{{ role_path }}/files/keyfile1"
|
||||||
|
become: yes
|
||||||
|
register: open_idem
|
||||||
|
#- name: Open (idempotent, check)
|
||||||
|
# luks_device:
|
||||||
|
# device: "{{ cryptfile_device }}"
|
||||||
|
# state: opened
|
||||||
|
# keyfile: "{{ role_path }}/files/keyfile1"
|
||||||
|
# check_mode: yes
|
||||||
|
# become: yes
|
||||||
|
# register: open_idem_check
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
#- open_check is changed
|
||||||
|
- open is changed
|
||||||
|
- open_idem is not changed
|
||||||
|
#- open_idem_check is not changed
|
||||||
|
|
||||||
|
#- name: Closed (via name, check)
|
||||||
|
# luks_device:
|
||||||
|
# name: "{{ open.name }}"
|
||||||
|
# state: closed
|
||||||
|
# check_mode: yes
|
||||||
|
# become: yes
|
||||||
|
# register: close_check
|
||||||
|
- name: Closed (via name)
|
||||||
|
luks_device:
|
||||||
|
name: "{{ open.name }}"
|
||||||
|
state: closed
|
||||||
|
become: yes
|
||||||
|
register: close
|
||||||
|
- name: Closed (via name, idempotent)
|
||||||
|
luks_device:
|
||||||
|
name: "{{ open.name }}"
|
||||||
|
state: closed
|
||||||
|
become: yes
|
||||||
|
register: close_idem
|
||||||
|
#- name: Closed (via name, idempotent, check)
|
||||||
|
# luks_device:
|
||||||
|
# name: "{{ open.name }}"
|
||||||
|
# state: closed
|
||||||
|
# check_mode: yes
|
||||||
|
# become: yes
|
||||||
|
# register: close_idem_check
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
#- close_check is changed
|
||||||
|
- close is changed
|
||||||
|
- close_idem is not changed
|
||||||
|
#- close_idem_check is not changed
|
||||||
|
|
||||||
|
- name: Re-open
|
||||||
|
luks_device:
|
||||||
|
device: "{{ cryptfile_device }}"
|
||||||
|
state: opened
|
||||||
|
keyfile: "{{ role_path }}/files/keyfile1"
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
#- name: Closed (via device, check)
|
||||||
|
# luks_device:
|
||||||
|
# device: "{{ cryptfile_device }}"
|
||||||
|
# state: closed
|
||||||
|
# check_mode: yes
|
||||||
|
# become: yes
|
||||||
|
# register: close_check
|
||||||
|
- name: Closed (via device)
|
||||||
|
luks_device:
|
||||||
|
device: "{{ cryptfile_device }}"
|
||||||
|
state: closed
|
||||||
|
become: yes
|
||||||
|
register: close
|
||||||
|
- name: Closed (via device, idempotent)
|
||||||
|
luks_device:
|
||||||
|
device: "{{ cryptfile_device }}"
|
||||||
|
state: closed
|
||||||
|
become: yes
|
||||||
|
register: close_idem
|
||||||
|
#- name: Closed (via device, idempotent, check)
|
||||||
|
# luks_device:
|
||||||
|
# device: "{{ cryptfile_device }}"
|
||||||
|
# state: closed
|
||||||
|
# check_mode: yes
|
||||||
|
# become: yes
|
||||||
|
# register: close_idem_check
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
#- close_check is changed
|
||||||
|
- close is changed
|
||||||
|
- close_idem is not changed
|
||||||
|
#- close_idem_check is not changed
|
||||||
|
|
||||||
|
- name: Re-opened
|
||||||
|
luks_device:
|
||||||
|
device: "{{ cryptfile_device }}"
|
||||||
|
state: opened
|
||||||
|
keyfile: "{{ role_path }}/files/keyfile1"
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
#- name: Absent (check)
|
||||||
|
# luks_device:
|
||||||
|
# device: "{{ cryptfile_device }}"
|
||||||
|
# state: absent
|
||||||
|
# check_mode: yes
|
||||||
|
# become: yes
|
||||||
|
# register: absent_check
|
||||||
|
- name: Absent
|
||||||
|
luks_device:
|
||||||
|
device: "{{ cryptfile_device }}"
|
||||||
|
state: absent
|
||||||
|
become: yes
|
||||||
|
register: absent
|
||||||
|
- name: Absent (idempotence)
|
||||||
|
luks_device:
|
||||||
|
device: "{{ cryptfile_device }}"
|
||||||
|
state: absent
|
||||||
|
become: yes
|
||||||
|
register: absent_idem
|
||||||
|
#- name: Absent (idempotence, check)
|
||||||
|
# luks_device:
|
||||||
|
# device: "{{ cryptfile_device }}"
|
||||||
|
# state: absent
|
||||||
|
# check_mode: yes
|
||||||
|
# become: yes
|
||||||
|
# register: absent_idem_check
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
#- absent_check is changed
|
||||||
|
- absent is changed
|
||||||
|
- absent_idem is not changed
|
||||||
|
#- absent_idem_check is not changed
|
@ -0,0 +1,123 @@
|
|||||||
|
---
|
||||||
|
- name: Create with keyfile1
|
||||||
|
luks_device:
|
||||||
|
device: "{{ cryptfile_device }}"
|
||||||
|
state: closed
|
||||||
|
keyfile: "{{ role_path }}/files/keyfile1"
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
# Access: keyfile1
|
||||||
|
|
||||||
|
- name: Try to open with keyfile1
|
||||||
|
luks_device:
|
||||||
|
device: "{{ cryptfile_device }}"
|
||||||
|
state: opened
|
||||||
|
keyfile: "{{ role_path }}/files/keyfile1"
|
||||||
|
become: yes
|
||||||
|
ignore_errors: yes
|
||||||
|
register: open_try
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- open_try is not failed
|
||||||
|
- name: Close
|
||||||
|
luks_device:
|
||||||
|
device: "{{ cryptfile_device }}"
|
||||||
|
state: closed
|
||||||
|
|
||||||
|
- name: Try to open with keyfile2
|
||||||
|
luks_device:
|
||||||
|
device: "{{ cryptfile_device }}"
|
||||||
|
state: opened
|
||||||
|
keyfile: "{{ role_path }}/files/keyfile2"
|
||||||
|
become: yes
|
||||||
|
ignore_errors: yes
|
||||||
|
register: open_try
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- open_try is failed
|
||||||
|
|
||||||
|
- name: Give access to keyfile2
|
||||||
|
luks_device:
|
||||||
|
device: "{{ cryptfile_device }}"
|
||||||
|
state: closed
|
||||||
|
keyfile: "{{ role_path }}/files/keyfile1"
|
||||||
|
new_keyfile: "{{ role_path }}/files/keyfile2"
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
# Access: keyfile1 and keyfile2
|
||||||
|
|
||||||
|
- name: Try to open with keyfile2
|
||||||
|
luks_device:
|
||||||
|
device: "{{ cryptfile_device }}"
|
||||||
|
state: opened
|
||||||
|
keyfile: "{{ role_path }}/files/keyfile2"
|
||||||
|
become: yes
|
||||||
|
ignore_errors: yes
|
||||||
|
register: open_try
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- open_try is not failed
|
||||||
|
- name: Close
|
||||||
|
luks_device:
|
||||||
|
device: "{{ cryptfile_device }}"
|
||||||
|
state: closed
|
||||||
|
|
||||||
|
- name: Remove access from keyfile1
|
||||||
|
luks_device:
|
||||||
|
device: "{{ cryptfile_device }}"
|
||||||
|
state: closed
|
||||||
|
keyfile: "{{ role_path }}/files/keyfile1"
|
||||||
|
remove_keyfile: "{{ role_path }}/files/keyfile1"
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
# Access: keyfile2
|
||||||
|
|
||||||
|
- name: Try to open with keyfile1
|
||||||
|
luks_device:
|
||||||
|
device: "{{ cryptfile_device }}"
|
||||||
|
state: opened
|
||||||
|
keyfile: "{{ role_path }}/files/keyfile1"
|
||||||
|
become: yes
|
||||||
|
ignore_errors: yes
|
||||||
|
register: open_try
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- open_try is failed
|
||||||
|
|
||||||
|
- name: Try to open with keyfile2
|
||||||
|
luks_device:
|
||||||
|
device: "{{ cryptfile_device }}"
|
||||||
|
state: opened
|
||||||
|
keyfile: "{{ role_path }}/files/keyfile2"
|
||||||
|
become: yes
|
||||||
|
ignore_errors: yes
|
||||||
|
register: open_try
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- open_try is not failed
|
||||||
|
- name: Close
|
||||||
|
luks_device:
|
||||||
|
device: "{{ cryptfile_device }}"
|
||||||
|
state: closed
|
||||||
|
|
||||||
|
- name: Remove access from keyfile2
|
||||||
|
luks_device:
|
||||||
|
device: "{{ cryptfile_device }}"
|
||||||
|
state: closed
|
||||||
|
keyfile: "{{ role_path }}/files/keyfile2"
|
||||||
|
remove_keyfile: "{{ role_path }}/files/keyfile2"
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
# Access: none
|
||||||
|
|
||||||
|
- name: Try to open with keyfile2
|
||||||
|
luks_device:
|
||||||
|
device: "{{ cryptfile_device }}"
|
||||||
|
state: opened
|
||||||
|
keyfile: "{{ role_path }}/files/keyfile2"
|
||||||
|
become: yes
|
||||||
|
ignore_errors: yes
|
||||||
|
register: open_try
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- open_try is failed
|
Loading…
Reference in New Issue