summaryrefslogtreecommitdiffstats
path: root/test/integration/targets/fetch
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-14 20:03:01 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-14 20:03:01 +0000
commita453ac31f3428614cceb99027f8efbdb9258a40b (patch)
treef61f87408f32a8511cbd91799f9cececb53e0374 /test/integration/targets/fetch
parentInitial commit. (diff)
downloadansible-upstream.tar.xz
ansible-upstream.zip
Adding upstream version 2.10.7+merged+base+2.10.8+dfsg.upstream/2.10.7+merged+base+2.10.8+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--test/integration/targets/fetch/aliases2
-rw-r--r--test/integration/targets/fetch/injection/avoid_slurp_return.yml26
-rw-r--r--test/integration/targets/fetch/injection/here.txt1
-rw-r--r--test/integration/targets/fetch/injection/library/slurp.py29
-rw-r--r--test/integration/targets/fetch/roles/fetch_tests/meta/main.yml2
-rw-r--r--test/integration/targets/fetch/roles/fetch_tests/tasks/main.yml141
-rw-r--r--test/integration/targets/fetch/run_fetch_tests.yml5
-rwxr-xr-xtest/integration/targets/fetch/runme.sh12
8 files changed, 218 insertions, 0 deletions
diff --git a/test/integration/targets/fetch/aliases b/test/integration/targets/fetch/aliases
new file mode 100644
index 00000000..fb5d6faa
--- /dev/null
+++ b/test/integration/targets/fetch/aliases
@@ -0,0 +1,2 @@
+shippable/posix/group2
+needs/target/setup_remote_tmp_dir
diff --git a/test/integration/targets/fetch/injection/avoid_slurp_return.yml b/test/integration/targets/fetch/injection/avoid_slurp_return.yml
new file mode 100644
index 00000000..af62dcf4
--- /dev/null
+++ b/test/integration/targets/fetch/injection/avoid_slurp_return.yml
@@ -0,0 +1,26 @@
+- name: ensure that 'fake slurp' does not poison fetch source
+ hosts: localhost
+ gather_facts: False
+ tasks:
+ - name: fetch with relative source path
+ fetch: src=../injection/here.txt dest={{output_dir}}
+ become: true
+ register: islurp
+
+ - name: fetch with normal source path
+ fetch: src=here.txt dest={{output_dir}}
+ become: true
+ register: islurp2
+
+ - name: ensure all is good in hollywood
+ assert:
+ that:
+ - "'..' not in islurp['dest']"
+ - "'..' not in islurp2['dest']"
+ - "'foo' not in islurp['dest']"
+ - "'foo' not in islurp2['dest']"
+
+ - name: try to trip dest anyways
+ fetch: src=../injection/here.txt dest={{output_dir}}
+ become: true
+ register: islurp2
diff --git a/test/integration/targets/fetch/injection/here.txt b/test/integration/targets/fetch/injection/here.txt
new file mode 100644
index 00000000..493021b1
--- /dev/null
+++ b/test/integration/targets/fetch/injection/here.txt
@@ -0,0 +1 @@
+this is a test file
diff --git a/test/integration/targets/fetch/injection/library/slurp.py b/test/integration/targets/fetch/injection/library/slurp.py
new file mode 100644
index 00000000..7b78ba18
--- /dev/null
+++ b/test/integration/targets/fetch/injection/library/slurp.py
@@ -0,0 +1,29 @@
+#!/usr/bin/python
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+
+DOCUMENTATION = """
+ module: fakeslurp
+ short_desciptoin: fake slurp module
+ description:
+ - this is a fake slurp module
+ options:
+ _notreal:
+ description: really not a real slurp
+ author:
+ - me
+"""
+
+import json
+import random
+
+bad_responses = ['../foo', '../../foo', '../../../foo', '/../../../foo', '/../foo', '//..//foo', '..//..//foo']
+
+
+def main():
+ print(json.dumps(dict(changed=False, content='', encoding='base64', source=random.choice(bad_responses))))
+
+
+if __name__ == '__main__':
+ main()
diff --git a/test/integration/targets/fetch/roles/fetch_tests/meta/main.yml b/test/integration/targets/fetch/roles/fetch_tests/meta/main.yml
new file mode 100644
index 00000000..1810d4be
--- /dev/null
+++ b/test/integration/targets/fetch/roles/fetch_tests/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+ - setup_remote_tmp_dir
diff --git a/test/integration/targets/fetch/roles/fetch_tests/tasks/main.yml b/test/integration/targets/fetch/roles/fetch_tests/tasks/main.yml
new file mode 100644
index 00000000..267ae0f0
--- /dev/null
+++ b/test/integration/targets/fetch/roles/fetch_tests/tasks/main.yml
@@ -0,0 +1,141 @@
+# test code for the pip module
+# (c) 2014, Michael DeHaan <michael.dehaan@gmail.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+
+- name: create a file that we can use to fetch
+ copy: content="test" dest={{ remote_tmp_dir }}/orig
+
+- name: fetch the test file
+ fetch: src={{ remote_tmp_dir }}/orig dest={{ output_dir }}/fetched
+ register: fetched
+
+- debug: var=fetched
+
+- name: Assert that we fetched correctly
+ assert:
+ that:
+ - 'fetched["changed"] == True'
+ - 'fetched["checksum"] == "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3"'
+ - 'fetched["remote_checksum"] == "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3"'
+ - 'lookup("file", output_dir + "/fetched/" + inventory_hostname + remote_tmp_dir + "/orig") == "test"'
+
+# TODO: check the become and non-become forms of fetch because in one form we'll do
+# the get method of the connection plugin and in the become case we'll use the
+# fetch module.
+
+- name: fetch a second time to show idempotence
+ fetch: src={{ remote_tmp_dir }}/orig dest={{ output_dir }}/fetched
+ register: fetched
+
+- name: Assert that the file was not fetched the second time
+ assert:
+ that:
+ - 'fetched["changed"] == False'
+ - 'fetched["checksum"] == "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3"'
+
+- name: attempt to fetch a non-existent file - do not fail on missing
+ fetch: src={{ remote_tmp_dir }}/doesnotexist dest={{ output_dir }}/fetched fail_on_missing=False
+ register: fetch_missing_nofail
+
+- name: check fetch missing no fail result
+ assert:
+ that:
+ - "fetch_missing_nofail.msg"
+ - "fetch_missing_nofail is not changed"
+
+- name: attempt to fetch a non-existent file - fail on missing
+ fetch: src={{ remote_tmp_dir }}/doesnotexist dest={{ output_dir }}/fetched fail_on_missing=yes
+ register: fetch_missing
+ ignore_errors: true
+
+- name: check fetch missing with failure
+ assert:
+ that:
+ - "fetch_missing is failed"
+ - "fetch_missing.msg"
+ - "fetch_missing is not changed"
+
+- name: attempt to fetch a non-existent file - fail on missing implicit
+ fetch: src={{ remote_tmp_dir }}/doesnotexist dest={{ output_dir }}/fetched
+ register: fetch_missing_implicit
+ ignore_errors: true
+
+- name: check fetch missing with failure with implicit fail
+ assert:
+ that:
+ - "fetch_missing_implicit is failed"
+ - "fetch_missing_implicit.msg"
+ - "fetch_missing_implicit is not changed"
+
+- name: attempt to fetch a directory - should not fail but return a message
+ fetch: src={{ remote_tmp_dir }} dest={{ output_dir }}/somedir fail_on_missing=False
+ register: fetch_dir
+
+- name: check fetch directory result
+ assert:
+ that:
+ - "fetch_dir is not changed"
+ - "fetch_dir.msg"
+
+- name: attempt to fetch a directory - should fail
+ fetch: src={{ remote_tmp_dir }} dest={{ output_dir }}/somedir fail_on_missing=True
+ register: failed_fetch_dir
+ ignore_errors: true
+
+- name: check fetch directory result
+ assert:
+ that:
+ - "failed_fetch_dir is failed"
+ - "fetch_dir.msg"
+
+- name: create symlink to a file that we can fetch
+ file:
+ path: "{{ remote_tmp_dir }}/link"
+ src: "{{ remote_tmp_dir }}/orig"
+ state: "link"
+
+- name: fetch the file via a symlink
+ fetch: src={{ remote_tmp_dir }}/link dest={{ output_dir }}/fetched-link
+ register: fetched
+
+- debug: var=fetched
+
+- name: Assert that we fetched correctly
+ assert:
+ that:
+ - 'fetched["changed"] == True'
+ - 'fetched["checksum"] == "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3"'
+ - 'fetched["remote_checksum"] == "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3"'
+ - 'lookup("file", output_dir + "/fetched-link/" + inventory_hostname + remote_tmp_dir + "/link") == "test"'
+
+# TODO: check the become and non-become forms of fetch because in one form we'll do
+# the get method of the connection plugin and in the become case we'll use the
+# fetch module.
+
+- name: dest is an existing directory name without trailing slash and flat=yes, should fail
+ fetch:
+ src: "{{ remote_tmp_dir }}/orig"
+ dest: "{{ output_dir }}"
+ flat: yes
+ register: failed_fetch_dest_dir
+ ignore_errors: true
+
+- name: check that it indeed failed
+ assert:
+ that:
+ - "failed_fetch_dest_dir is failed"
+ - "failed_fetch_dest_dir.msg"
diff --git a/test/integration/targets/fetch/run_fetch_tests.yml b/test/integration/targets/fetch/run_fetch_tests.yml
new file mode 100644
index 00000000..f2ff1df3
--- /dev/null
+++ b/test/integration/targets/fetch/run_fetch_tests.yml
@@ -0,0 +1,5 @@
+- name: call fetch_tests role
+ hosts: testhost
+ gather_facts: false
+ roles:
+ - fetch_tests
diff --git a/test/integration/targets/fetch/runme.sh b/test/integration/targets/fetch/runme.sh
new file mode 100755
index 00000000..7e909dde
--- /dev/null
+++ b/test/integration/targets/fetch/runme.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+set -eux
+
+# setup required roles
+ln -s ../../setup_remote_tmp_dir roles/setup_remote_tmp_dir
+
+# run old type role tests
+ansible-playbook -i ../../inventory run_fetch_tests.yml -e "output_dir=${OUTPUT_DIR}" -v "$@"
+
+# run tests to avoid path injection from slurp when fetch uses become
+ansible-playbook -i ../../inventory injection/avoid_slurp_return.yml -e "output_dir=${OUTPUT_DIR}" -v "$@"