# test code for lookup plugins # Copyright: (c) 2014, James Tanner # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # FILE LOOKUP - set_fact: output_dir: "{{ lookup('env', 'OUTPUT_DIR') }}" - name: make a new file to read copy: dest={{output_dir}}/foo.txt mode=0644 content="bar" - name: load the file as a fact set_fact: foo: "{{ lookup('file', output_dir + '/foo.txt' ) }}" - debug: var=foo - name: verify file lookup assert: that: - "foo == 'bar'" # PASSWORD LOOKUP - name: remove previous password files and directory file: dest={{item}} state=absent with_items: - "{{output_dir}}/lookup/password" - "{{output_dir}}/lookup/password_with_salt" - "{{output_dir}}/lookup" - name: create a password file set_fact: newpass: "{{ lookup('password', output_dir + '/lookup/password length=8') }}" - name: stat the password file directory stat: path="{{output_dir}}/lookup" register: result - name: assert the directory's permissions assert: that: - result.stat.mode == '0700' - name: stat the password file stat: path="{{output_dir}}/lookup/password" register: result - name: assert the directory's permissions assert: that: - result.stat.mode == '0600' - name: get password length shell: wc -c {{output_dir}}/lookup/password | awk '{print $1}' register: wc_result - debug: var=wc_result.stdout - name: read password shell: cat {{output_dir}}/lookup/password register: cat_result - debug: var=cat_result.stdout - name: verify password assert: that: - "wc_result.stdout == '9'" - "cat_result.stdout == newpass" - "' salt=' not in cat_result.stdout" - name: fetch password from an existing file set_fact: pass2: "{{ lookup('password', output_dir + '/lookup/password length=8') }}" - name: read password (again) shell: cat {{output_dir}}/lookup/password register: cat_result2 - debug: var=cat_result2.stdout - name: verify password (again) assert: that: - "cat_result2.stdout == newpass" - "' salt=' not in cat_result2.stdout" - name: create a password (with salt) file debug: msg={{ lookup('password', output_dir + '/lookup/password_with_salt encrypt=sha256_crypt') }} - name: read password and salt shell: cat {{output_dir}}/lookup/password_with_salt register: cat_pass_salt - debug: var=cat_pass_salt.stdout - name: fetch unencrypted password set_fact: newpass: "{{ lookup('password', output_dir + '/lookup/password_with_salt') }}" - debug: var=newpass - name: verify password and salt assert: that: - "cat_pass_salt.stdout != newpass" - "cat_pass_salt.stdout.startswith(newpass)" - "' salt=' in cat_pass_salt.stdout" - "' salt=' not in newpass" - name: fetch unencrypted password (using empty encrypt parameter) set_fact: newpass2: "{{ lookup('password', output_dir + '/lookup/password_with_salt encrypt=') }}" - name: verify lookup password behavior assert: that: - "newpass == newpass2" - name: verify that we can generate a 1st password without writing it set_fact: newpass: "{{ lookup('password', '/dev/null') }}" - name: verify that we can generate a 2nd password without writing it set_fact: newpass2: "{{ lookup('password', '/dev/null') }}" - name: verify lookup password behavior with /dev/null assert: that: - "newpass != newpass2" # ENV LOOKUP - name: get HOME environment var value shell: "echo $HOME" register: home_var_value - name: use env lookup to get HOME var set_fact: test_val: "{{ lookup('env', 'HOME') }}" - debug: var=home_var_value.stdout - debug: var=test_val - name: compare values assert: that: - "test_val == home_var_value.stdout" # UNICODE LOOKUP # https://github.com/ansible/ansible/issues/65297 - name: get UNICODE_VAR environment var value shell: "echo $UNICODE_VAR" register: unicode_var_value - name: use env lookup to get UNICODE_VAR value set_fact: test_unicode_val: "{{ lookup('env', 'UNICODE_VAR') }}" - debug: var=unicode_var_value - debug: var=test_unicode_val - name: compare unicode values assert: that: - "test_unicode_val == unicode_var_value.stdout" # PIPE LOOKUP # https://github.com/ansible/ansible/issues/6550 - name: confirm pipe lookup works with a single positional arg debug: msg="{{ lookup('pipe', 'ls') }}" # LOOKUP TEMPLATING - name: use bare interpolation debug: msg="got {{item}}" with_items: "{{things1}}" register: bare_var - name: verify that list was interpolated assert: that: - "bare_var.results[0].item == 1" - "bare_var.results[1].item == 2" - name: use list with bare strings in it debug: msg={{item}} with_items: - things2 - things1 - name: use list with undefined var in it debug: msg={{item}} with_items: "{{things2}}" ignore_errors: True # BUG #10073 nested template handling - name: set variable that clashes set_fact: PATH: foobar - name: get PATH environment var value set_fact: known_var_value: "{{ lookup('pipe', 'echo $PATH') }}" - name: do the lookup for env PATH set_fact: test_val: "{{ lookup('env', 'PATH') }}" - debug: var=test_val - name: compare values assert: that: - "test_val != ''" - "test_val == known_var_value" - name: set with_dict shell: echo "{{ item.key + '=' + item.value }}" with_dict: "{{ mydict }}" # URL Lookups - name: Test that retrieving a url works set_fact: web_data: "{{ lookup('url', 'https://gist.githubusercontent.com/abadger/9858c22712f62a8effff/raw/43dd47ea691c90a5fa7827892c70241913351963/test') }}" - name: Assert that the url was retrieved assert: that: - "'one' in web_data" - name: Test that retrieving a url with invalid cert fails set_fact: web_data: "{{ lookup('url', 'https://{{ badssl_host }}/') }}" ignore_errors: True register: url_invalid_cert - assert: that: - "url_invalid_cert.failed" - "'Error validating the server' in url_invalid_cert.msg or 'Hostname mismatch' in url_invalid_cert.msg or ( url_invalid_cert.msg is search('hostname .* doesn.t match .*'))" - name: Test that retrieving a url with invalid cert with validate_certs=False works set_fact: web_data: "{{ lookup('url', 'https://{{ badssl_host }}/', validate_certs=False) }}" register: url_no_validate_cert - assert: that: - "'{{ badssl_host_substring }}' in web_data" - name: Test cartesian lookup debug: var=item with_cartesian: - ["A", "B", "C"] - ["1", "2", "3"] register: product - name: Verify cartesian lookup assert: that: - product.results[0]['item'] == ["A", "1"] - product.results[1]['item'] == ["A", "2"] - product.results[2]['item'] == ["A", "3"] - product.results[3]['item'] == ["B", "1"] - product.results[4]['item'] == ["B", "2"] - product.results[5]['item'] == ["B", "3"] - product.results[6]['item'] == ["C", "1"] - product.results[7]['item'] == ["C", "2"] - product.results[8]['item'] == ["C", "3"] # Template lookups # ref #18526 - name: Test that we have a proper jinja search path in template lookup set_fact: hello_world: "{{ lookup('template', 'hello.txt') }}" - assert: that: - "hello_world|trim == 'Hello world!'" - name: Test that we have a proper jinja search path in template lookup with different variable start and end string vars: my_var: world set_fact: hello_world_string: "{{ lookup('template', 'hello_string.txt', variable_start_string='[%', variable_end_string='%]') }}" - assert: that: - "hello_world_string|trim == 'Hello world!'" # Vars lookups - name: Test that we can give it a single value and receive a single value set_fact: var_host: '{{ lookup("vars", "ansible_host") }}' - assert: that: - 'var_host == ansible_host' - name: Test that we can give a list of values to var and receive a list of values back set_fact: var_host_info: '{{ query("vars", "ansible_host", "ansible_connection") }}' - assert: that: - 'var_host_info[0] == ansible_host' - 'var_host_info[1] == ansible_connection'