External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-17 03:00:04 -03:30
Code Issues Packages Projects Releases Wiki Activity
Files
cd33db037d12612ea960efd2ec79917ad64e316f
awx/awx_collection/tests/integration/targets/credential/tasks/main.yml

735 lines
16 KiB
YAML
Raw Blame History

---
- name: Generate a random string for test
set_fact:
test_id: "{{ lookup('password', '/dev/null chars=ascii_letters length=16') }}"
when: test_id is not defined
- name: Generate names
set_fact:
ssh_cred_name1: "AWX-Collection-tests-credential-ssh-cred1-{{ test_id }}"
ssh_cred_name2: "AWX-Collection-tests-credential-ssh-cred2-{{ test_id }}"
ssh_cred_name3: "AWX-Collection-tests-credential-ssh-cred-lookup-source-{{ test_id }}"
ssh_cred_name4: "AWX-Collection-tests-credential-ssh-cred-file-source-{{ test_id }}"
vault_cred_name1: "AWX-Collection-tests-credential-vault-cred1-{{ test_id }}"
vault_cred_name2: "AWX-Collection-tests-credential-vault-ssh-cred1-{{ test_id }}"
net_cred_name1: "AWX-Collection-tests-credential-net-cred1-{{ test_id }}"
scm_cred_name1: "AWX-Collection-tests-credential-scm-cred1-{{ test_id }}"
aws_cred_name1: "AWX-Collection-tests-credential-aws-cred1-{{ test_id }}"
vmware_cred_name1: "AWX-Collection-tests-credential-vmware-cred1-{{ test_id }}"
sat6_cred_name1: "AWX-Collection-tests-credential-sat6-cred1-{{ test_id }}"
gce_cred_name1: "AWX-Collection-tests-credential-gce-cred1-{{ test_id }}"
azurerm_cred_name1: "AWX-Collection-tests-credential-azurerm-cred1-{{ test_id }}"
openstack_cred_name1: "AWX-Collection-tests-credential-openstack-cred1-{{ test_id }}"
rhv_cred_name1: "AWX-Collection-tests-credential-rhv-cred1-{{ test_id }}"
insights_cred_name1: "AWX-Collection-tests-credential-insights-cred1-{{ test_id }}"
tower_cred_name1: "AWX-Collection-tests-credential-tower-cred1-{{ test_id }}"
- name: create a tempdir for an SSH key
local_action: shell mktemp -d
register: tempdir
- name: Generate a local SSH key
local_action: "shell ssh-keygen -b 2048 -t rsa -f {{ tempdir.stdout }}/id_rsa -q -N 'passphrase'"
- name: Read the generated key
set_fact:
ssh_key_data: "{{ lookup('file', tempdir.stdout + '/id_rsa') }}"
- name: Test deprecation warnings
credential:
name: "{{ ssh_cred_name1 }}"
organization: Default
kind: ssh
authorize: false
authorize_password: 'test'
client: 'test'
security_token: 'test'
secret: 'test'
tenant: 'test'
subscription: 'test'
domain: 'test'
become_method: 'test'
become_username: 'test'
become_password: 'test'
vault_password: 'test'
project: 'test'
host: 'test'
username: 'test'
password: 'test'
ssh_key_data: 'test'
vault_id: 'test'
ssh_key_unlock: 'test'
state: absent
ignore_errors: true
register: result
- assert:
that:
- "'deprecations' in result"
# The 20 comes from the length of OLD_INPUT_NAMES + 1 for kind
- result['deprecations'] | length() == 20
- name: Create an Org-specific credential (old school)
credential:
name: "{{ ssh_cred_name1 }}"
organization: Default
state: present
kind: ssh
register: result
- assert:
that:
- "result is changed"
- name: Re-create the Org-specific credential (new school) with an ID
credential:
name: "{{ result.id }}"
organization: Default
credential_type: 'Machine'
state: present
register: result
- assert:
that:
- "result is not changed"
- name: Delete a Org-specific credential
credential:
name: "{{ ssh_cred_name1 }}"
organization: Default
state: absent
kind: ssh
register: result
- assert:
that:
- "result is changed"
- name: Create the User-specific credential
credential:
name: "{{ ssh_cred_name1 }}"
user: admin
credential_type: 'Machine'
state: present
register: result
- assert:
that:
- "result is changed"
- name: Delete a User-specific credential
credential:
name: "{{ ssh_cred_name1 }}"
user: admin
state: absent
kind: ssh
register: result
- assert:
that:
- "result is changed"
- name: Create a valid SSH credential (old school)
credential:
name: "{{ ssh_cred_name2 }}"
organization: Default
state: present
kind: ssh
description: An example SSH credential
username: joe
password: secret
become_method: sudo
become_username: superuser
become_password: supersecret
ssh_key_data: "{{ ssh_key_data }}"
ssh_key_unlock: "passphrase"
register: result
- assert:
that:
- "result is changed"
- name: Create a valid SSH credential (new school)
credential:
name: "{{ ssh_cred_name2 }}"
organization: Default
state: present
credential_type: Machine
description: An example SSH credential
inputs:
username: joe
password: secret
become_method: sudo
become_username: superuser
become_password: supersecret
ssh_key_data: "{{ ssh_key_data }}"
ssh_key_unlock: "passphrase"
register: result
# This will be changed because we are setting ssh_key_data and ssh_key_unlock.
# These will come out as $encrypted$ which will always compare false to the values.
- assert:
that:
- result is changed
- name: Create a valid SSH credential (new school)
credential:
name: "{{ ssh_cred_name2 }}"
organization: Default
state: present
credential_type: Machine
description: An example SSH credential
inputs:
username: joe
become_method: sudo
become_username: superuser
register: result
# This shows as "changed" because these listed inputs replace the existing inputs from the previous task
- assert:
that:
- result is changed
- name: Check for inputs idempotency (when "inputs" is blank)
credential:
name: "{{ ssh_cred_name2 }}"
organization: Default
state: present
credential_type: Machine
description: An example SSH credential
register: result
- assert:
that:
- result is not changed
- name: Copy ssh Credential
credential:
name: "copy_{{ ssh_cred_name2 }}"
copy_from: "{{ ssh_cred_name2 }}"
credential_type: Machine
register: result
- assert:
that:
- result.copied
- name: Delete an SSH credential
credential:
name: "copy_{{ ssh_cred_name2 }}"
organization: Default
state: absent
credential_type: Machine
register: result
- assert:
that:
- "result is changed"
- name: Create a valid SSH credential from lookup source (old school)
credential:
name: "{{ ssh_cred_name3 }}"
organization: Default
state: present
kind: ssh
description: An example SSH credential from lookup source
username: joe
password: secret
become_method: sudo
become_username: superuser
become_password: supersecret
ssh_key_data: "{{ lookup('file', tempdir.stdout + '/id_rsa') }}"
ssh_key_unlock: "passphrase"
register: result
- assert:
that:
- "result is changed"
- name: Create a valid SSH credential from lookup source (new school)
credential:
name: "{{ ssh_cred_name3 }}"
organization: Default
state: present
credential_type: Machine
description: An example SSH credential from lookup source
inputs:
username: joe
password: secret
become_method: sudo
become_username: superuser
become_password: supersecret
ssh_key_data: "{{ lookup('file', tempdir.stdout + '/id_rsa') }}"
ssh_key_unlock: "passphrase"
register: result
# This will be changed because we are passing in ssh_key_data and password
- assert:
that:
- result is changed
- name: Fail to create an SSH credential from a file source (old school format)
credential:
name: "{{ ssh_cred_name4 }}"
organization: Default
state: present
kind: ssh
description: An example SSH credential from file source
username: joe
password: secret
become_method: sudo
become_username: superuser
become_password: supersecret
ssh_key_data: "{{ tempdir.stdout }}/id_rsa"
ssh_key_unlock: "passphrase"
register: result
ignore_errors: true
- assert:
that:
- result is failed
- "'Unable to create credential {{ ssh_cred_name4 }}' in result.msg"
- "'Invalid certificate or key' in result.msg"
- name: Create an invalid SSH credential (passphrase required)
credential:
name: SSH Credential
organization: Default
state: present
kind: ssh
username: joe
ssh_key_data: "{{ ssh_key_data }}"
ignore_errors: true
register: result
- assert:
that:
- "result is failed"
- "'must be set when SSH key is encrypted' in result.msg"
- name: Create an invalid SSH credential (Organization not found)
credential:
name: SSH Credential
organization: Missing_Organization
state: present
kind: ssh
username: joe
ignore_errors: true
register: result
- assert:
that:
- "result is failed"
- "result is not changed"
- "'Missing_Organization' in result.msg"
- "result.total_results == 0"
- name: Delete an SSH credential
credential:
name: "{{ ssh_cred_name2 }}"
organization: Default
state: absent
kind: ssh
register: result
- assert:
that:
- "result is changed"
- name: Delete an SSH credential
credential:
name: "{{ ssh_cred_name3 }}"
organization: Default
state: absent
kind: ssh
register: result
- assert:
that:
- "result is changed"
- name: Delete an SSH credential
credential:
name: "{{ ssh_cred_name4 }}"
organization: Default
state: absent
kind: ssh
register: result
# This one was never really created so it shouldn't be deleted
- assert:
that:
- "result is not changed"
- name: Create a valid Vault credential
credential:
name: "{{ vault_cred_name1 }}"
organization: Default
state: present
kind: vault
description: An example Vault credential
vault_password: secret-vault
register: result
- assert:
that:
- "result is changed"
- name: Delete a Vault credential
credential:
name: "{{ vault_cred_name1 }}"
organization: Default
state: absent
kind: vault
register: result
- assert:
that:
- "result is changed"
- name: Delete a Vault credential
credential:
name: "{{ vault_cred_name2 }}"
organization: Default
state: absent
kind: vault
register: result
# The creation of vault_cred_name2 never worked so we shouldn't actually need to delete it
- assert:
that:
- "result is not changed"
- name: Create a valid Network credential
credential:
name: "{{ net_cred_name1 }}"
organization: Default
state: present
kind: net
username: joe
password: secret
authorize: true
authorize_password: authorize-me
register: result
- assert:
that:
- "result is changed"
- name: Delete a Network credential
credential:
name: "{{ net_cred_name1 }}"
organization: Default
state: absent
kind: net
register: result
- assert:
that:
- "result is changed"
- name: Create a valid SCM credential
credential:
name: "{{ scm_cred_name1 }}"
organization: Default
state: present
kind: scm
username: joe
password: secret
ssh_key_data: "{{ ssh_key_data }}"
ssh_key_unlock: "passphrase"
register: result
- assert:
that:
- "result is changed"
- name: Delete an SCM credential
credential:
name: "{{ scm_cred_name1 }}"
organization: Default
state: absent
kind: scm
register: result
- assert:
that:
- "result is changed"
- name: Create a valid AWS credential
credential:
name: "{{ aws_cred_name1 }}"
organization: Default
state: present
kind: aws
username: joe
password: secret
security_token: aws-token
register: result
- assert:
that:
- "result is changed"
- name: Delete an AWS credential
credential:
name: "{{ aws_cred_name1 }}"
organization: Default
state: absent
kind: aws
register: result
- assert:
that:
- "result is changed"
- name: Create a valid VMWare credential
credential:
name: "{{ vmware_cred_name1 }}"
organization: Default
state: present
kind: vmware
host: https://example.org
username: joe
password: secret
register: result
- assert:
that:
- "result is changed"
- name: Delete an VMWare credential
credential:
name: "{{ vmware_cred_name1 }}"
organization: Default
state: absent
kind: vmware
register: result
- assert:
that:
- "result is changed"
- name: Create a valid Satellite6 credential
credential:
name: "{{ sat6_cred_name1 }}"
organization: Default
state: present
kind: satellite6
host: https://example.org
username: joe
password: secret
register: result
- assert:
that:
- "result is changed"
- name: Delete a Satellite6 credential
credential:
name: "{{ sat6_cred_name1 }}"
organization: Default
state: absent
kind: satellite6
register: result
- assert:
that:
- "result is changed"
- name: Create a valid GCE credential
credential:
name: "{{ gce_cred_name1 }}"
organization: Default
state: present
kind: gce
username: joe
project: ABC123
ssh_key_data: "{{ ssh_key_data }}"
register: result
- assert:
that:
- "result is changed"
- name: Delete a GCE credential
credential:
name: "{{ gce_cred_name1 }}"
organization: Default
state: absent
kind: gce
register: result
- assert:
that:
- "result is changed"
- name: Create a valid AzureRM credential
credential:
name: "{{ azurerm_cred_name1 }}"
organization: Default
state: present
kind: azure_rm
username: joe
password: secret
subscription: some-subscription
register: result
- assert:
that:
- "result is changed"
- name: Create a valid AzureRM credential with a tenant
credential:
name: "{{ azurerm_cred_name1 }}"
organization: Default
state: present
kind: azure_rm
client: some-client
secret: some-secret
tenant: some-tenant
subscription: some-subscription
register: result
- assert:
that:
- "result is changed"
- name: Delete an AzureRM credential
credential:
name: "{{ azurerm_cred_name1 }}"
organization: Default
state: absent
kind: azure_rm
register: result
- assert:
that:
- "result is changed"
- name: Create a valid OpenStack credential
credential:
name: "{{ openstack_cred_name1 }}"
organization: Default
state: present
kind: openstack
host: https://keystone.example.org
username: joe
password: secret
project: tenant123
domain: some-domain
register: result
- assert:
that:
- "result is changed"
- name: Delete a OpenStack credential
credential:
name: "{{ openstack_cred_name1 }}"
organization: Default
state: absent
kind: openstack
register: result
- assert:
that:
- "result is changed"
- name: Create a valid RHV credential
credential:
name: "{{ rhv_cred_name1 }}"
organization: Default
state: present
kind: rhv
host: https://example.org
username: joe
password: secret
register: result
- assert:
that:
- "result is changed"
- name: Delete an RHV credential
credential:
name: "{{ rhv_cred_name1 }}"
organization: Default
state: absent
kind: rhv
register: result
- assert:
that:
- "result is changed"
- name: Create a valid Insights credential
credential:
name: "{{ insights_cred_name1 }}"
organization: Default
state: present
kind: insights
username: joe
password: secret
register: result
- assert:
that:
- "result is changed"
- name: Delete an Insights credential
credential:
name: "{{ insights_cred_name1 }}"
organization: Default
state: absent
kind: insights
register: result
- assert:
that:
- "result is changed"
- name: Create a valid Tower-to-Tower credential
credential:
name: "{{ tower_cred_name1 }}"
organization: Default
state: present
kind: tower
host: https://controller.example.org
username: joe
password: secret
register: result
- assert:
that:
- "result is changed"
- name: Delete a Tower-to-Tower credential
credential:
name: "{{ tower_cred_name1 }}"
organization: Default
state: absent
kind: tower
register: result
- assert:
that:
- "result is changed"
- name: Check module fails with correct msg
credential:
name: test-credential
description: Credential Description
kind: ssh
organization: test-non-existing-org
state: present
register: result
ignore_errors: true
- assert:
that:
- "result is failed"
- "result is not changed"
- "'test-non-existing-org' in result.msg"
- "result.total_results == 0"
Reference in New Issue View Git Blame Copy Permalink