Initial conversion of tower_credential

2026-05-20 07:17:40 -02:30 · 2020-03-31 00:07:46 -04:00
parent f04e7067e8
commit fd24918ba8
4 changed files with 351 additions and 213 deletions
--- a/awx_collection/tests/integration/targets/tower_credential/tasks/main.yml
+++ b/awx_collection/tests/integration/targets/tower_credential/tasks/main.yml
@@ -1,24 +1,29 @@
 ---
+- name: Generate a random string for test
+  set_fact:
+    test_id: "{{ lookup('password', '/dev/null chars=ascii_letters length=16') }}"
+  when: test_id is not defined
+
 - name: Generate names
  set_fact:
-    ssh_cred_name1: "AWX-Collection-tests-tower_credential-ssh-cred1-{{ lookup('password', '/dev/null chars=ascii_letters length=16') }}"
-    ssh_cred_name2: "AWX-Collection-tests-tower_credential-ssh-cred2-{{ lookup('password', '/dev/null chars=ascii_letters length=16') }}"
-    ssh_cred_name3: "AWX-Collection-tests-tower_credential-ssh-cred-lookup-source-{{ lookup('password', '/dev/null chars=ascii_letters length=16') }}"
-    ssh_cred_name4: "AWX-Collection-tests-tower_credential-ssh-cred-file-source-{{ lookup('password', '/dev/null chars=ascii_letters length=16') }}"
-    vault_cred_name1: "AWX-Collection-tests-tower_credential-vault-cred1-{{ lookup('password', '/dev/null chars=ascii_letters length=16') }}"
-    vault_cred_name2: "AWX-Collection-tests-tower_credential-vault-ssh-cred1-{{ lookup('password', '/dev/null chars=ascii_letters length=16') }}"
-    net_cred_name1: "AWX-Collection-tests-tower_credential-net-cred1-{{ lookup('password', '/dev/null chars=ascii_letters length=16') }}"
-    scm_cred_name1: "AWX-Collection-tests-tower_credential-scm-cred1-{{ lookup('password', '/dev/null chars=ascii_letters length=16') }}"
-    aws_cred_name1: "AWX-Collection-tests-tower_credential-aws-cred1-{{ lookup('password', '/dev/null chars=ascii_letters length=16') }}"
-    vmware_cred_name1: "AWX-Collection-tests-tower_credential-vmware-cred1-{{ lookup('password', '/dev/null chars=ascii_letters length=16') }}"
-    sat6_cred_name1: "AWX-Collection-tests-tower_credential-sat6-cred1-{{ lookup('password', '/dev/null chars=ascii_letters length=16') }}"
-    cf_cred_name1: "AWX-Collection-tests-tower_credential-cf-cred1-{{ lookup('password', '/dev/null chars=ascii_letters length=16') }}"
-    gce_cred_name1: "AWX-Collection-tests-tower_credential-gce-cred1-{{ lookup('password', '/dev/null chars=ascii_letters length=16') }}"
-    azurerm_cred_name1: "AWX-Collection-tests-tower_credential-azurerm-cred1-{{ lookup('password', '/dev/null chars=ascii_letters length=16') }}"
-    openstack_cred_name1: "AWX-Collection-tests-tower_credential-openstack-cred1-{{ lookup('password', '/dev/null chars=ascii_letters length=16') }}"
-    rhv_cred_name1: "AWX-Collection-tests-tower_credential-rhv-cred1-{{ lookup('password', '/dev/null chars=ascii_letters length=16') }}"
-    insights_cred_name1: "AWX-Collection-tests-tower_credential-insights-cred1-{{ lookup('password', '/dev/null chars=ascii_letters length=16') }}"
-    tower_cred_name1: "AWX-Collection-tests-tower_credential-tower-cred1-{{ lookup('password', '/dev/null chars=ascii_letters length=16') }}"
+    ssh_cred_name1: "AWX-Collection-tests-tower_credential-ssh-cred1-{{ test_id }}"
+    ssh_cred_name2: "AWX-Collection-tests-tower_credential-ssh-cred2-{{ test_id }}"
+    ssh_cred_name3: "AWX-Collection-tests-tower_credential-ssh-cred-lookup-source-{{ test_id }}"
+    ssh_cred_name4: "AWX-Collection-tests-tower_credential-ssh-cred-file-source-{{ test_id }}"
+    vault_cred_name1: "AWX-Collection-tests-tower_credential-vault-cred1-{{ test_id }}"
+    vault_cred_name2: "AWX-Collection-tests-tower_credential-vault-ssh-cred1-{{ test_id }}"
+    net_cred_name1: "AWX-Collection-tests-tower_credential-net-cred1-{{ test_id }}"
+    scm_cred_name1: "AWX-Collection-tests-tower_credential-scm-cred1-{{ test_id }}"
+    aws_cred_name1: "AWX-Collection-tests-tower_credential-aws-cred1-{{ test_id }}"
+    vmware_cred_name1: "AWX-Collection-tests-tower_credential-vmware-cred1-{{ test_id }}"
+    sat6_cred_name1: "AWX-Collection-tests-tower_credential-sat6-cred1-{{ test_id }}"
+    cf_cred_name1: "AWX-Collection-tests-tower_credential-cf-cred1-{{ test_id }}"
+    gce_cred_name1: "AWX-Collection-tests-tower_credential-gce-cred1-{{ test_id }}"
+    azurerm_cred_name1: "AWX-Collection-tests-tower_credential-azurerm-cred1-{{ test_id }}"
+    openstack_cred_name1: "AWX-Collection-tests-tower_credential-openstack-cred1-{{ test_id }}"
+    rhv_cred_name1: "AWX-Collection-tests-tower_credential-rhv-cred1-{{ test_id }}"
+    insights_cred_name1: "AWX-Collection-tests-tower_credential-insights-cred1-{{ test_id }}"
+    tower_cred_name1: "AWX-Collection-tests-tower_credential-tower-cred1-{{ test_id }}"

 - name: create a tempdir for an SSH key
  local_action: shell mktemp -d
@@ -31,7 +36,42 @@
  set_fact:
    ssh_key_data: "{{ lookup('file', tempdir.stdout + '/id_rsa') }}"

- name: Create a User-specific credential
+- name: Test deprication warnings
+  tower_credential:
+    name: "{{ ssh_cred_name1 }}"
+    organization: Default
+    user: admin
+    kind: ssh
+    authorize: False
+    authorize_password: 'test'
+    client: 'test'
+    security_token: 'test'
+    secret: 'test'
+    tenant: 'test'
+    subscription: 'test'
+    domain: 'test'
+    become_method: 'test'
+    become_username: 'test'
+    become_password: 'test'
+    vault_password: 'test'
+    project: 'test'
+    host: 'test'
+    username: 'test'
+    password: 'test'
+    ssh_key_data: 'test'
+    vault_id: 'test'
+    ssh_key_unlock: 'test'
+    state: absent
+  ignore_errors: True
+  register: result
+
+- assert:
+    that:
+      - "'deprecations' in result"
+      # The 20 comes from the length of OLD_INPUT_NAMES + 1 for kind
+      - result['deprecations'] | length() == 20
+
+- name: Create a User-specific credential (old school)
  tower_credential:
    name: "{{ ssh_cred_name1 }}"
    organization: Default
@@ -44,6 +84,44 @@
    that:
      - "result is changed"

+- name: Re-create the User-specific credential (new school)
+  tower_credential:
+    name: "{{ ssh_cred_name1 }}"
+    organization: Default
+    user: admin
+    credential_type: 'Machine'
+    state: present
+  register: result
+
+- assert:
+    that:
+      - "result is not changed"
+
+- name: Delete a User-specific credential
+  tower_credential:
+    name: "{{ ssh_cred_name1 }}"
+    organization: Default
+    user: admin
+    state: absent
+    kind: ssh
+  register: result
+
+- assert:
+    that:
+      - "result is changed"
+
+- name: Create the User-specific credential tied to a user, no org
+  tower_credential:
+    name: "{{ ssh_cred_name1 }}"
+    user: admin
+    credential_type: 'Machine'
+    state: present
+  register: result
+
+- assert:
+    that:
+      - "result is changed"
+
 - name: Delete a User-specific credential
  tower_credential:
    name: "{{ ssh_cred_name1 }}"
@@ -57,7 +135,7 @@
    that:
      - "result is changed"

- name: Create a valid SSH credential
+- name: Create a valid SSH credential (old school)
  tower_credential:
    name: "{{ ssh_cred_name2 }}"
    organization: Default
@@ -77,7 +155,48 @@
    that:
      - "result is changed"

- name: Create a valid SSH credential from lookup source
+- name: Create a valid SSH credential (new school)
+  tower_credential:
+    name: "{{ ssh_cred_name2 }}"
+    organization: Default
+    state: present
+    credential_type: Machine
+    description: An example SSH credential
+    inputs:
+      username: joe
+      password: secret
+      become_method: sudo
+      become_username: superuser
+      become_password: supersecret
+      ssh_key_data: "{{ ssh_key_data }}"
+      ssh_key_unlock: "passphrase"
+  register: result
+
+# This will be changed because we are setting ssh_key_data and ssh_key_unlock.
+# These will come out as $encrypted$ which will always compare false to the values.
+- assert:
+    that:
+      - result is changed
+
+- name: Create a valid SSH credential (new school) (no change)
+  tower_credential:
+    name: "{{ ssh_cred_name2 }}"
+    organization: Default
+    state: present
+    credential_type: Machine
+    description: An example SSH credential
+    inputs:
+      username: joe
+      become_method: sudo
+      become_username: superuser
+  register: result
+
+# This should no longer be changed because we aren't passing any secure fields
+- assert:
+    that:
+      - result is not changed
+
+- name: Create a valid SSH credential from lookup source (old school)
  tower_credential:
    name: "{{ ssh_cred_name3 }}"
    organization: Default
@@ -97,7 +216,29 @@
    that:
      - "result is changed"

- name: Create a valid SSH credential from file source
+- name: Create a valid SSH credential from lookup source (new school)
+  tower_credential:
+    name: "{{ ssh_cred_name3 }}"
+    organization: Default
+    state: present
+    credential_type: Machine
+    description: An example SSH credential from lookup source
+    inputs:
+      username: joe
+      password: secret
+      become_method: sudo
+      become_username: superuser
+      become_password: supersecret
+      ssh_key_data: "{{ lookup('file', tempdir.stdout + '/id_rsa') }}"
+      ssh_key_unlock: "passphrase"
+  register: result
+
+# This will be changed because we are passing in ssh_key_data and password
+- assert:
+    that:
+      - result is changed
+
+- name: Fail to create an SSH credential from a file source (old school format)
  tower_credential:
    name: "{{ ssh_cred_name4 }}"
    organization: Default
@@ -112,12 +253,13 @@
    ssh_key_data: "{{ tempdir.stdout }}/id_rsa"
    ssh_key_unlock: "passphrase"
  register: result
+  ignore_errors: True

 - assert:
    that:
-      - "result is changed"
-      - "result is not failed"
-      - "'ssh_key_data should be a string, not a path to a file.' in result.deprecations[0].msg"
+      - result is failed
+      - "'Unable to create credential {{ ssh_cred_name4 }}' in result.msg"
+      - "'Invalid certificate or key' in result.msg"

 - name: Create an invalid SSH credential (passphrase required)
  tower_credential:
@@ -148,7 +290,7 @@
 - assert:
    that:
      - "result is failed"
-      - "'The requested object could not be found' in result.msg"
+      - "'The organizations Missing Organization was not found on the Tower server' in result.msg"

 - name: Delete an SSH credential
  tower_credential:
@@ -182,9 +324,10 @@
    kind: ssh
  register: result

+# This one was never really created so it shouldn't be deleted
 - assert:
    that:
-      - "result is changed"
+      - "result is not changed"

 - name: Create a valid Vault credential
  tower_credential:
@@ -201,7 +344,7 @@
      - "result is changed"

 # We should decide when to delete this test
- name: Create a valid Vault credential w/ kind=ssh (deprecated)
+- name: Create a valid Vault credential w/ kind=ssh (deprecated, will now fail)
  tower_credential:
    name: "{{ vault_cred_name2 }}"
    organization: Default
@@ -210,10 +353,14 @@
    description: An example Vault credential
    vault_password: secret-vault
  register: result
+  ignore_errors: True

 - assert:
    that:
-      - "result is changed"
+      - result is failed
+      - "'Unable to create credential {{ vault_cred_name2 }}' in result.msg"
+      - "'Additional properties are not allowed' in result.msg"
+      - "'\\'vault_password\\' was unexpected' in result.msg"

 - name: Delete a Vault credential
  tower_credential:
@@ -235,9 +382,10 @@
    kind: vault
  register: result

+# The creation of vault_cred_name2 never worked so we shouldn't actually need to delete it
 - assert:
    that:
-      - "result is changed"
+      - "result is not changed"

 - name: Create a valid Network credential
  tower_credential:
@@ -594,4 +742,5 @@

 - assert:
    that:
-      - "result.msg =='Failed to update credential, organization not found: The requested object could not be found.'"
+      - result is failed
+      - "result.msg =='The organizations test-non-existing-org was not found on the Tower server'"