diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 16:04:21 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 16:04:21 +0000 |
commit | 8a754e0858d922e955e71b253c139e071ecec432 (patch) | |
tree | 527d16e74bfd1840c85efd675fdecad056c54107 /test/integration/targets/uri/tasks/main.yml | |
parent | Initial commit. (diff) | |
download | ansible-core-8a754e0858d922e955e71b253c139e071ecec432.tar.xz ansible-core-8a754e0858d922e955e71b253c139e071ecec432.zip |
Adding upstream version 2.14.3.upstream/2.14.3upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'test/integration/targets/uri/tasks/main.yml')
-rw-r--r-- | test/integration/targets/uri/tasks/main.yml | 779 |
1 files changed, 779 insertions, 0 deletions
diff --git a/test/integration/targets/uri/tasks/main.yml b/test/integration/targets/uri/tasks/main.yml new file mode 100644 index 0000000..d821f28 --- /dev/null +++ b/test/integration/targets/uri/tasks/main.yml @@ -0,0 +1,779 @@ +# test code for the uri module +# (c) 2014, Leonid Evdokimov <leon@darkk.net.ru> + +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <https://www.gnu.org/licenses/>. + +- name: set role facts + set_fact: + http_port: 15260 + files_dir: '{{ remote_tmp_dir|expanduser }}/files' + checkout_dir: '{{ remote_tmp_dir }}/git' + +- name: create a directory to serve files from + file: + dest: "{{ files_dir }}" + state: directory + +- copy: + src: "{{ item }}" + dest: "{{files_dir}}/{{ item }}" + with_sequence: start=0 end=4 format=pass%d.json + +- copy: + src: "{{ item }}" + dest: "{{files_dir}}/{{ item }}" + with_sequence: start=0 end=30 format=fail%d.json + +- copy: + src: "testserver.py" + dest: "{{ remote_tmp_dir }}/testserver.py" + +- name: start SimpleHTTPServer + shell: cd {{ files_dir }} && {{ ansible_python.executable }} {{ remote_tmp_dir}}/testserver.py {{ http_port }} + async: 180 # this test is slower on remotes like FreeBSD, and running split slows it down further + poll: 0 + +- wait_for: port={{ http_port }} + + +- name: checksum pass_json + stat: path={{ files_dir }}/{{ item }}.json get_checksum=yes + register: pass_checksum + with_sequence: start=0 end=4 format=pass%d + +- name: fetch pass_json + uri: return_content=yes url=http://localhost:{{ http_port }}/{{ item }}.json + register: fetch_pass_json + with_sequence: start=0 end=4 format=pass%d + +- name: check pass_json + assert: + that: + - '"json" in item.1' + - item.0.stat.checksum == item.1.content | checksum + with_together: + - "{{pass_checksum.results}}" + - "{{fetch_pass_json.results}}" + + +- name: checksum fail_json + stat: path={{ files_dir }}/{{ item }}.json get_checksum=yes + register: fail_checksum + with_sequence: start=0 end=30 format=fail%d + +- name: fetch fail_json + uri: return_content=yes url=http://localhost:{{ http_port }}/{{ item }}.json + register: fail + with_sequence: start=0 end=30 format=fail%d + +- name: check fail_json + assert: + that: + - item.0.stat.checksum == item.1.content | checksum + - '"json" not in item.1' + with_together: + - "{{fail_checksum.results}}" + - "{{fail.results}}" + +- name: test https fetch to a site with mismatched hostname and certificate + uri: + url: "https://{{ badssl_host }}/" + dest: "{{ remote_tmp_dir }}/shouldnotexist.html" + ignore_errors: True + register: result + +- stat: + path: "{{ remote_tmp_dir }}/shouldnotexist.html" + register: stat_result + +- name: Assert that the file was not downloaded + assert: + that: + - result.failed == true + - "'Failed to validate the SSL certificate' in result.msg or 'Hostname mismatch' in result.msg or (result.msg is match('hostname .* doesn.t match .*'))" + - stat_result.stat.exists == false + - result.status is defined + - result.status == -1 + - result.url == 'https://' ~ badssl_host ~ '/' + +- name: Clean up any cruft from the results directory + file: + name: "{{ remote_tmp_dir }}/kreitz.html" + state: absent + +- name: test https fetch to a site with mismatched hostname and certificate and validate_certs=no + uri: + url: "https://{{ badssl_host }}/" + dest: "{{ remote_tmp_dir }}/kreitz.html" + validate_certs: no + register: result + +- stat: + path: "{{ remote_tmp_dir }}/kreitz.html" + register: stat_result + +- name: Assert that the file was downloaded + assert: + that: + - "stat_result.stat.exists == true" + - "result.changed == true" + +- name: "get ca certificate {{ self_signed_host }}" + get_url: + url: "http://{{ httpbin_host }}/ca2cert.pem" + dest: "{{ remote_tmp_dir }}/ca2cert.pem" + +- name: test https fetch to a site with self signed certificate using ca_path + uri: + url: "https://{{ self_signed_host }}:444/" + dest: "{{ remote_tmp_dir }}/self-signed_using_ca_path.html" + ca_path: "{{ remote_tmp_dir }}/ca2cert.pem" + validate_certs: yes + register: result + +- stat: + path: "{{ remote_tmp_dir }}/self-signed_using_ca_path.html" + register: stat_result + +- name: Assert that the file was downloaded + assert: + that: + - "stat_result.stat.exists == true" + - "result.changed == true" + +- name: test https fetch to a site with self signed certificate without using ca_path + uri: + url: "https://{{ self_signed_host }}:444/" + dest: "{{ remote_tmp_dir }}/self-signed-without_using_ca_path.html" + validate_certs: yes + register: result + ignore_errors: true + +- stat: + path: "{{ remote_tmp_dir }}/self-signed-without_using_ca_path.html" + register: stat_result + +- name: Assure that https access to a host with self-signed certificate without providing ca_path fails + assert: + that: + - "stat_result.stat.exists == false" + - result is failed + - "'certificate verify failed' in result.msg" + +- name: Locate ca-bundle + stat: + path: '{{ item }}' + loop: + - /etc/ssl/certs/ca-bundle.crt + - /etc/ssl/certs/ca-certificates.crt + - /var/lib/ca-certificates/ca-bundle.pem + - /usr/local/share/certs/ca-root-nss.crt + - '{{ cafile_path.stdout_lines|default(["/_i_dont_exist_ca.pem"])|first }}' + - /etc/ssl/cert.pem + register: ca_bundle_candidates + +- name: Test that ca_path can be a full bundle + uri: + url: "https://{{ httpbin_host }}/get" + ca_path: '{{ ca_bundle }}' + vars: + ca_bundle: '{{ ca_bundle_candidates.results|selectattr("stat.exists")|map(attribute="item")|first }}' + +- name: test redirect without follow_redirects + uri: + url: 'https://{{ httpbin_host }}/redirect/2' + follow_redirects: 'none' + status_code: 302 + register: result + +- name: Assert location header + assert: + that: + - 'result.location|default("") == "https://{{ httpbin_host }}/relative-redirect/1"' + +- name: Check SSL with redirect + uri: + url: 'https://{{ httpbin_host }}/redirect/2' + register: result + +- name: Assert SSL with redirect + assert: + that: + - 'result.url|default("") == "https://{{ httpbin_host }}/get"' + +- name: redirect to bad SSL site + uri: + url: 'http://{{ badssl_host }}' + register: result + ignore_errors: true + +- name: Ensure bad SSL site reidrect fails + assert: + that: + - result is failed + - 'badssl_host in result.msg' + +- name: test basic auth + uri: + url: 'https://{{ httpbin_host }}/basic-auth/user/passwd' + user: user + password: passwd + +- name: test basic forced auth + uri: + url: 'https://{{ httpbin_host }}/hidden-basic-auth/user/passwd' + force_basic_auth: true + user: user + password: passwd + +- name: test digest auth + uri: + url: 'https://{{ httpbin_host }}/digest-auth/auth/user/passwd' + user: user + password: passwd + headers: + Cookie: "fake=fake_value" + +- name: test digest auth failure + uri: + url: 'https://{{ httpbin_host }}/digest-auth/auth/user/passwd' + user: user + password: wrong + headers: + Cookie: "fake=fake_value" + register: result + failed_when: result.status != 401 + +- name: test unredirected_headers + uri: + url: 'https://{{ httpbin_host }}/redirect-to?status_code=301&url=/basic-auth/user/passwd' + user: user + password: passwd + force_basic_auth: true + unredirected_headers: + - authorization + ignore_errors: true + register: unredirected_headers + +- name: test omitting unredirected headers + uri: + url: 'https://{{ httpbin_host }}/redirect-to?status_code=301&url=/basic-auth/user/passwd' + user: user + password: passwd + force_basic_auth: true + register: redirected_headers + +- name: ensure unredirected_headers caused auth to fail + assert: + that: + - unredirected_headers is failed + - unredirected_headers.status == 401 + - redirected_headers is successful + - redirected_headers.status == 200 + +- name: test PUT + uri: + url: 'https://{{ httpbin_host }}/put' + method: PUT + body: 'foo=bar' + +- name: test OPTIONS + uri: + url: 'https://{{ httpbin_host }}/' + method: OPTIONS + register: result + +- name: Assert we got an allow header + assert: + that: + - 'result.allow.split(", ")|sort == ["GET", "HEAD", "OPTIONS"]' + +- name: Testing support of https_proxy (with failure expected) + environment: + https_proxy: 'https://localhost:3456' + uri: + url: 'https://httpbin.org/get' + register: result + ignore_errors: true + +- assert: + that: + - result is failed + - result.status == -1 + +- name: Testing use_proxy=no is honored + environment: + https_proxy: 'https://localhost:3456' + uri: + url: 'https://httpbin.org/get' + use_proxy: no + +# Ubuntu12.04 doesn't have python-urllib3, this makes handling required dependencies a pain across all variations +# We'll use this to just skip 12.04 on those tests. We should be sufficiently covered with other OSes and versions +- name: Set fact if running on Ubuntu 12.04 + set_fact: + is_ubuntu_precise: "{{ ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'precise' }}" + +- name: Test that SNI succeeds on python versions that have SNI + uri: + url: 'https://{{ sni_host }}/' + return_content: true + when: ansible_python.has_sslcontext + register: result + +- name: Assert SNI verification succeeds on new python + assert: + that: + - result is successful + - 'sni_host in result.content' + when: ansible_python.has_sslcontext + +- name: Verify SNI verification fails on old python without urllib3 contrib + uri: + url: 'https://{{ sni_host }}' + ignore_errors: true + when: not ansible_python.has_sslcontext + register: result + +- name: Assert SNI verification fails on old python + assert: + that: + - result is failed + when: result is not skipped + +- name: check if urllib3 is installed as an OS package + package: + name: "{{ uri_os_packages[ansible_os_family].urllib3 }}" + check_mode: yes + when: not ansible_python.has_sslcontext and not is_ubuntu_precise|bool and uri_os_packages[ansible_os_family].urllib3|default + register: urllib3 + +- name: uninstall conflicting urllib3 pip package + pip: + name: urllib3 + state: absent + when: not ansible_python.has_sslcontext and not is_ubuntu_precise|bool and uri_os_packages[ansible_os_family].urllib3|default and urllib3.changed + +- name: install OS packages that are needed for SNI on old python + package: + name: "{{ item }}" + with_items: "{{ uri_os_packages[ansible_os_family].step1 | default([]) }}" + when: not ansible_python.has_sslcontext and not is_ubuntu_precise|bool + +- name: install python modules for Older Python SNI verification + pip: + name: "{{ item }}" + with_items: + - ndg-httpsclient + when: not ansible_python.has_sslcontext and not is_ubuntu_precise|bool + +- name: Verify SNI verification succeeds on old python with urllib3 contrib + uri: + url: 'https://{{ sni_host }}' + return_content: true + when: not ansible_python.has_sslcontext and not is_ubuntu_precise|bool + register: result + +- name: Assert SNI verification succeeds on old python + assert: + that: + - result is successful + - 'sni_host in result.content' + when: not ansible_python.has_sslcontext and not is_ubuntu_precise|bool + +- name: Uninstall ndg-httpsclient + pip: + name: "{{ item }}" + state: absent + with_items: + - ndg-httpsclient + when: not ansible_python.has_sslcontext and not is_ubuntu_precise|bool + +- name: uninstall OS packages that are needed for SNI on old python + package: + name: "{{ item }}" + state: absent + with_items: "{{ uri_os_packages[ansible_os_family].step1 | default([]) }}" + when: not ansible_python.has_sslcontext and not is_ubuntu_precise|bool + +- name: install OS packages that are needed for building cryptography + package: + name: "{{ item }}" + with_items: "{{ uri_os_packages[ansible_os_family].step2 | default([]) }}" + when: not ansible_python.has_sslcontext and not is_ubuntu_precise|bool + +- name: create constraints path + set_fact: + remote_constraints: "{{ remote_tmp_dir }}/constraints.txt" + when: not ansible_python.has_sslcontext and not is_ubuntu_precise|bool + +- name: create constraints file + copy: + content: | + cryptography == 2.1.4 + idna == 2.5 + pyopenssl == 17.5.0 + six == 1.13.0 + urllib3 == 1.23 + dest: "{{ remote_constraints }}" + when: not ansible_python.has_sslcontext and not is_ubuntu_precise|bool + +- name: install urllib3 and pyopenssl via pip + pip: + name: "{{ item }}" + extra_args: "-c {{ remote_constraints }}" + with_items: + - urllib3 + - PyOpenSSL + when: not ansible_python.has_sslcontext and not is_ubuntu_precise|bool + +- name: Verify SNI verification succeeds on old python with pip urllib3 contrib + uri: + url: 'https://{{ sni_host }}' + return_content: true + when: not ansible_python.has_sslcontext and not is_ubuntu_precise|bool + register: result + +- name: Assert SNI verification succeeds on old python with pip urllib3 contrib + assert: + that: + - result is successful + - 'sni_host in result.content' + when: not ansible_python.has_sslcontext and not is_ubuntu_precise|bool + +- name: Uninstall urllib3 and PyOpenSSL + pip: + name: "{{ item }}" + state: absent + with_items: + - urllib3 + - PyOpenSSL + when: not ansible_python.has_sslcontext and not is_ubuntu_precise|bool + +- name: validate the status_codes are correct + uri: + url: "https://{{ httpbin_host }}/status/202" + status_code: 202 + method: POST + body: foo + +- name: Validate body_format json does not override content-type in 2.3 or newer + uri: + url: "https://{{ httpbin_host }}/post" + method: POST + body: + foo: bar + body_format: json + headers: + 'Content-Type': 'text/json' + return_content: true + register: result + failed_when: result.json.headers['Content-Type'] != 'text/json' + +- name: Validate body_format form-urlencoded using dicts works + uri: + url: https://{{ httpbin_host }}/post + method: POST + body: + user: foo + password: bar!#@ |&82$M + submit: Sign in + body_format: form-urlencoded + return_content: yes + register: result + +- name: Assert form-urlencoded dict input + assert: + that: + - result is successful + - result.json.headers['Content-Type'] == 'application/x-www-form-urlencoded' + - result.json.form.password == 'bar!#@ |&82$M' + +- name: Validate body_format form-urlencoded using lists works + uri: + url: https://{{ httpbin_host }}/post + method: POST + body: + - [ user, foo ] + - [ password, bar!#@ |&82$M ] + - [ submit, Sign in ] + body_format: form-urlencoded + return_content: yes + register: result + +- name: Assert form-urlencoded list input + assert: + that: + - result is successful + - result.json.headers['Content-Type'] == 'application/x-www-form-urlencoded' + - result.json.form.password == 'bar!#@ |&82$M' + +- name: Validate body_format form-urlencoded of invalid input fails + uri: + url: https://{{ httpbin_host }}/post + method: POST + body: + - foo + - bar: baz + body_format: form-urlencoded + return_content: yes + register: result + ignore_errors: yes + +- name: Assert invalid input fails + assert: + that: + - result is failure + - "'failed to parse body as form_urlencoded: too many values to unpack' in result.msg" + +- name: multipart/form-data + uri: + url: https://{{ httpbin_host }}/post + method: POST + body_format: form-multipart + body: + file1: + filename: formdata.txt + file2: + content: text based file content + filename: fake.txt + mime_type: text/plain + text_form_field1: value1 + text_form_field2: + content: value2 + mime_type: text/plain + register: multipart + +- name: Assert multipart/form-data + assert: + that: + - multipart.json.files.file1 == '_multipart/form-data_\n' + - multipart.json.files.file2 == 'text based file content' + - multipart.json.form.text_form_field1 == 'value1' + - multipart.json.form.text_form_field2 == 'value2' + +# https://github.com/ansible/ansible/issues/74276 - verifies we don't have a traceback +- name: multipart/form-data with invalid value + uri: + url: https://{{ httpbin_host }}/post + method: POST + body_format: form-multipart + body: + integer_value: 1 + register: multipart_invalid + failed_when: 'multipart_invalid.msg != "failed to parse body as form-multipart: value must be a string, or mapping, cannot be type int"' + +- name: Validate invalid method + uri: + url: https://{{ httpbin_host }}/anything + method: UNKNOWN + register: result + ignore_errors: yes + +- name: Assert invalid method fails + assert: + that: + - result is failure + - result.status == 405 + - "'METHOD NOT ALLOWED' in result.msg" + +- name: Test client cert auth, no certs + uri: + url: "https://ansible.http.tests/ssl_client_verify" + status_code: 200 + return_content: true + register: result + failed_when: result.content != "ansible.http.tests:NONE" + when: has_httptester + +- name: Test client cert auth, with certs + uri: + url: "https://ansible.http.tests/ssl_client_verify" + client_cert: "{{ remote_tmp_dir }}/client.pem" + client_key: "{{ remote_tmp_dir }}/client.key" + return_content: true + register: result + failed_when: result.content != "ansible.http.tests:SUCCESS" + when: has_httptester + +- name: Test client cert auth, with no validation + uri: + url: "https://fail.ansible.http.tests/ssl_client_verify" + client_cert: "{{ remote_tmp_dir }}/client.pem" + client_key: "{{ remote_tmp_dir }}/client.key" + return_content: true + validate_certs: no + register: result + failed_when: result.content != "ansible.http.tests:SUCCESS" + when: has_httptester + +- name: Test client cert auth, with validation and ssl mismatch + uri: + url: "https://fail.ansible.http.tests/ssl_client_verify" + client_cert: "{{ remote_tmp_dir }}/client.pem" + client_key: "{{ remote_tmp_dir }}/client.key" + return_content: true + validate_certs: yes + register: result + failed_when: result is not failed + when: has_httptester + +- uri: + url: https://{{ httpbin_host }}/response-headers?Set-Cookie=Foo%3Dbar&Set-Cookie=Baz%3Dqux + register: result + +- assert: + that: + - result['set_cookie'] == 'Foo=bar, Baz=qux' + # Python sorts cookies in order of most specific (ie. longest) path first + # items with the same path are reversed from response order + - result['cookies_string'] == 'Baz=qux; Foo=bar' + +- name: Write out netrc template + template: + src: netrc.j2 + dest: "{{ remote_tmp_dir }}/netrc" + +- name: Test netrc with port + uri: + url: "https://{{ httpbin_host }}:443/basic-auth/user/passwd" + environment: + NETRC: "{{ remote_tmp_dir }}/netrc" + +- name: Test JSON POST with src + uri: + url: "https://{{ httpbin_host}}/post" + src: pass0.json + method: POST + return_content: true + body_format: json + register: result + +- name: Validate POST with src works + assert: + that: + - result.json.json[0] == 'JSON Test Pattern pass1' + +- name: Copy file pass0.json to remote + copy: + src: "{{ role_path }}/files/pass0.json" + dest: "{{ remote_tmp_dir }}/pass0.json" + +- name: Test JSON POST with src and remote_src=True + uri: + url: "https://{{ httpbin_host}}/post" + src: "{{ remote_tmp_dir }}/pass0.json" + remote_src: true + method: POST + return_content: true + body_format: json + register: result + +- name: Validate POST with src and remote_src=True works + assert: + that: + - result.json.json[0] == 'JSON Test Pattern pass1' + +- name: Make request that includes password in JSON keys + uri: + url: "https://{{ httpbin_host}}/get?key-password=value-password" + user: admin + password: password + register: sanitize_keys + +- name: assert that keys were sanitized + assert: + that: + - sanitize_keys.json.args['key-********'] == 'value-********' + +- name: Test gzip encoding + uri: + url: "https://{{ httpbin_host }}/gzip" + register: result + +- name: Validate gzip decoding + assert: + that: + - result.json.gzipped + +- name: test gzip encoding no auto decompress + uri: + url: "https://{{ httpbin_host }}/gzip" + decompress: false + register: result + +- name: Assert gzip wasn't decompressed + assert: + that: + - result.json is undefined + +- name: Create a testing file + copy: + content: "content" + dest: "{{ remote_tmp_dir }}/output" + +- name: Download a file from non existing location + uri: + url: http://does/not/exist + dest: "{{ remote_tmp_dir }}/output" + ignore_errors: yes + +- name: Save testing file's output + command: "cat {{ remote_tmp_dir }}/output" + register: file_out + +- name: Test the testing file was not overwritten + assert: + that: + - "'content' in file_out.stdout" + +- name: Clean up + file: + dest: "{{ remote_tmp_dir }}/output" + state: absent + +- name: Test follow_redirects=none + import_tasks: redirect-none.yml + +- name: Test follow_redirects=safe + import_tasks: redirect-safe.yml + +- name: Test follow_redirects=urllib2 + import_tasks: redirect-urllib2.yml + +- name: Test follow_redirects=all + import_tasks: redirect-all.yml + +- name: Check unexpected failures + import_tasks: unexpected-failures.yml + +- name: Check return-content + import_tasks: return-content.yml + +- name: Test use_gssapi=True + include_tasks: + file: use_gssapi.yml + apply: + environment: + KRB5_CONFIG: '{{ krb5_config }}' + KRB5CCNAME: FILE:{{ remote_tmp_dir }}/krb5.cc + when: krb5_config is defined + +- name: Test ciphers + import_tasks: ciphers.yml + +- name: Test use_netrc.yml + import_tasks: use_netrc.yml |