diff options
Diffstat (limited to 'test/integration/targets/filter_encryption')
-rw-r--r-- | test/integration/targets/filter_encryption/aliases | 1 | ||||
-rw-r--r-- | test/integration/targets/filter_encryption/base.yml | 37 | ||||
-rwxr-xr-x | test/integration/targets/filter_encryption/runme.sh | 5 |
3 files changed, 43 insertions, 0 deletions
diff --git a/test/integration/targets/filter_encryption/aliases b/test/integration/targets/filter_encryption/aliases new file mode 100644 index 0000000..3005e4b --- /dev/null +++ b/test/integration/targets/filter_encryption/aliases @@ -0,0 +1 @@ +shippable/posix/group4 diff --git a/test/integration/targets/filter_encryption/base.yml b/test/integration/targets/filter_encryption/base.yml new file mode 100644 index 0000000..8bf25f7 --- /dev/null +++ b/test/integration/targets/filter_encryption/base.yml @@ -0,0 +1,37 @@ +- hosts: localhost + gather_facts: true + vars: + data: secret + dvault: '{{ "secret"|vault("test")}}' + password: test + s_32: '{{(2**31-1)}}' + s_64: '{{(2**63-1)}}' + vaultedstring_32: "$ANSIBLE_VAULT;1.2;AES256;filter_default\n33360a30386436633031333665316161303732656333373131373935623033393964633637346464\n6234613765313539306138373564366363306533356464613334320a666339363037303764636538\n3131633564326637303237313463613864626231\n" + vaultedstring_64: "$ANSIBLE_VAULT;1.2;AES256;filter_default\n33370a34333734353636633035656232613935353432656132646533346233326431346232616261\n6133383034376566366261316365633931356133633337396363370a376664386236313834326561\n6338373864623763613165366636633031303739\n" + vault: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 33323332333033383335333533383338333333303339333733323339333833303334333133313339 + 33373339333133323331333833373335333933323338333633343338333133343334333733383334 + 33333335333433383337333133303339333433353332333333363339333733363335333233303330 + 3337333733353331333633313335333733373334333733320a373938666533366165653830313163 + 62386564343438653437333564383664646538653364343138303831613039313232636437336530 + 3438376662373764650a633366646563386335623161646262366137393635633464333265613938 + 6661 + # allow testing against 32b/64b limited archs, normally you can set higher values for random (2**256) + is_64: '{{ "64" in ansible_facts["architecture"] }}' + salt: '{{ is_64|bool|ternary(s_64, s_32)|random(seed=inventory_hostname)}}' + vaultedstring: '{{ is_64|bool|ternary(vaultedstring_64, vaultedstring_32) }}' + + tasks: + - name: check vaulting + assert: + that: + - data|vault(password, salt=salt) == vaultedstring + - "data|vault(password, salt=salt)|type_debug != 'AnsibleVaultEncryptedUnicode'" + - "data|vault(password, salt=salt, wrap_object=True)|type_debug == 'AnsibleVaultEncryptedUnicode'" + + - name: check unvaulting + assert: + that: + - vaultedstring|unvault(password) == data + - vault|unvault(password) == data diff --git a/test/integration/targets/filter_encryption/runme.sh b/test/integration/targets/filter_encryption/runme.sh new file mode 100755 index 0000000..41b30b1 --- /dev/null +++ b/test/integration/targets/filter_encryption/runme.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +set -eux + +ANSIBLE_GATHER_SUBSET='min' ansible-playbook base.yml "$@" |