diff options
Diffstat (limited to 'test/integration/targets/get_url/tasks')
-rw-r--r-- | test/integration/targets/get_url/tasks/ciphers.yml | 19 | ||||
-rw-r--r-- | test/integration/targets/get_url/tasks/main.yml | 674 | ||||
-rw-r--r-- | test/integration/targets/get_url/tasks/use_gssapi.yml | 45 | ||||
-rw-r--r-- | test/integration/targets/get_url/tasks/use_netrc.yml | 67 |
4 files changed, 805 insertions, 0 deletions
diff --git a/test/integration/targets/get_url/tasks/ciphers.yml b/test/integration/targets/get_url/tasks/ciphers.yml new file mode 100644 index 0000000..c7d9979 --- /dev/null +++ b/test/integration/targets/get_url/tasks/ciphers.yml @@ -0,0 +1,19 @@ +- name: test good cipher + get_url: + url: https://{{ httpbin_host }}/get + ciphers: ECDHE-RSA-AES128-SHA256 + dest: '{{ remote_tmp_dir }}/good_cipher_get.json' + register: good_ciphers + +- name: test bad cipher + get_url: + url: https://{{ httpbin_host }}/get + ciphers: ECDHE-ECDSA-AES128-SHA + dest: '{{ remote_tmp_dir }}/bad_cipher_get.json' + ignore_errors: true + register: bad_ciphers + +- assert: + that: + - good_ciphers is successful + - bad_ciphers is failed diff --git a/test/integration/targets/get_url/tasks/main.yml b/test/integration/targets/get_url/tasks/main.yml new file mode 100644 index 0000000..09814c7 --- /dev/null +++ b/test/integration/targets/get_url/tasks/main.yml @@ -0,0 +1,674 @@ +# Test code for the get_url module +# (c) 2014, Richard Isaacson <richard.c.isaacson@gmail.com> + +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <https://www.gnu.org/licenses/>. + +- name: Determine if python looks like it will support modern ssl features like SNI + command: "{{ ansible_python.executable }} -c 'from ssl import SSLContext'" + ignore_errors: True + register: python_test + +- name: Set python_has_sslcontext if we have it + set_fact: + python_has_ssl_context: True + when: python_test.rc == 0 + +- name: Set python_has_sslcontext False if we don't have it + set_fact: + python_has_ssl_context: False + when: python_test.rc != 0 + +- name: Define test files for file schema + set_fact: + geturl_srcfile: "{{ remote_tmp_dir }}/aurlfile.txt" + geturl_dstfile: "{{ remote_tmp_dir }}/aurlfile_copy.txt" + +- name: Create source file + copy: + dest: "{{ geturl_srcfile }}" + content: "foobar" + register: source_file_copied + +- name: test file fetch + get_url: + url: "file://{{ source_file_copied.dest }}" + dest: "{{ geturl_dstfile }}" + register: result + +- name: assert success and change + assert: + that: + - result is changed + - '"OK" in result.msg' + +- name: test nonexisting file fetch + get_url: + url: "file://{{ source_file_copied.dest }}NOFILE" + dest: "{{ geturl_dstfile }}NOFILE" + register: result + ignore_errors: True + +- name: assert success and change + assert: + that: + - result is failed + +- name: test HTTP HEAD request for file in check mode + get_url: + url: "https://{{ httpbin_host }}/get" + dest: "{{ remote_tmp_dir }}/get_url_check.txt" + force: yes + check_mode: True + register: result + +- name: assert that the HEAD request was successful in check mode + assert: + that: + - result is changed + - '"OK" in result.msg' + +- name: test HTTP HEAD for nonexistent URL in check mode + get_url: + url: "https://{{ httpbin_host }}/DOESNOTEXIST" + dest: "{{ remote_tmp_dir }}/shouldnotexist.html" + force: yes + check_mode: True + register: result + ignore_errors: True + +- name: assert that HEAD request for nonexistent URL failed + assert: + that: + - result is failed + +- name: test https fetch + get_url: url="https://{{ httpbin_host }}/get" dest={{remote_tmp_dir}}/get_url.txt force=yes + register: result + +- name: assert the get_url call was successful + assert: + that: + - result is changed + - '"OK" in result.msg' + +- name: test https fetch to a site with mismatched hostname and certificate + get_url: + url: "https://{{ badssl_host }}/" + dest: "{{ remote_tmp_dir }}/shouldnotexist.html" + ignore_errors: True + register: result + +- stat: + path: "{{ remote_tmp_dir }}/shouldnotexist.html" + register: stat_result + +- name: Assert that the file was not downloaded + assert: + that: + - "result is failed" + - "'Failed to validate the SSL certificate' in result.msg or 'Hostname mismatch' in result.msg or ( result.msg is match('hostname .* doesn.t match .*'))" + - "stat_result.stat.exists == false" + +- name: test https fetch to a site with mismatched hostname and certificate and validate_certs=no + get_url: + url: "https://{{ badssl_host }}/" + dest: "{{ remote_tmp_dir }}/get_url_no_validate.html" + validate_certs: no + register: result + +- stat: + path: "{{ remote_tmp_dir }}/get_url_no_validate.html" + register: stat_result + +- name: Assert that the file was downloaded + assert: + that: + - result is changed + - "stat_result.stat.exists == true" + +# SNI Tests +# SNI is only built into the stdlib from python-2.7.9 onwards +- name: Test that SNI works + get_url: + url: 'https://{{ sni_host }}/' + dest: "{{ remote_tmp_dir }}/sni.html" + register: get_url_result + ignore_errors: True + +- command: "grep '{{ sni_host }}' {{ remote_tmp_dir}}/sni.html" + register: data_result + when: python_has_ssl_context + +- debug: + var: get_url_result + +- name: Assert that SNI works with this python version + assert: + that: + - 'data_result.rc == 0' + when: python_has_ssl_context + +# If the client doesn't support SNI then get_url should have failed with a certificate mismatch +- name: Assert that hostname verification failed because SNI is not supported on this version of python + assert: + that: + - 'get_url_result is failed' + when: not python_has_ssl_context + +# These tests are just side effects of how the site is hosted. It's not +# specifically a test site. So the tests may break due to the hosting changing +- name: Test that SNI works + get_url: + url: 'https://{{ sni_host }}/' + dest: "{{ remote_tmp_dir }}/sni.html" + register: get_url_result + ignore_errors: True + +- command: "grep '{{ sni_host }}' {{ remote_tmp_dir}}/sni.html" + register: data_result + when: python_has_ssl_context + +- debug: + var: get_url_result + +- name: Assert that SNI works with this python version + assert: + that: + - 'data_result.rc == 0' + - 'get_url_result is not failed' + when: python_has_ssl_context + +# If the client doesn't support SNI then get_url should have failed with a certificate mismatch +- name: Assert that hostname verification failed because SNI is not supported on this version of python + assert: + that: + - 'get_url_result is failed' + when: not python_has_ssl_context +# End hacky SNI test section + +- name: Test get_url with redirect + get_url: + url: 'https://{{ httpbin_host }}/redirect/6' + dest: "{{ remote_tmp_dir }}/redirect.json" + +- name: Test that setting file modes work + get_url: + url: 'https://{{ httpbin_host }}/' + dest: '{{ remote_tmp_dir }}/test' + mode: '0707' + register: result + +- stat: + path: "{{ remote_tmp_dir }}/test" + register: stat_result + +- name: Assert that the file has the right permissions + assert: + that: + - result is changed + - "stat_result.stat.mode == '0707'" + +- name: Test that setting file modes on an already downloaded file work + get_url: + url: 'https://{{ httpbin_host }}/' + dest: '{{ remote_tmp_dir }}/test' + mode: '0070' + register: result + +- stat: + path: "{{ remote_tmp_dir }}/test" + register: stat_result + +- name: Assert that the file has the right permissions + assert: + that: + - result is changed + - "stat_result.stat.mode == '0070'" + +# https://github.com/ansible/ansible/pull/65307/ +- name: Test that on http status 304, we get a status_code field. + get_url: + url: 'https://{{ httpbin_host }}/status/304' + dest: '{{ remote_tmp_dir }}/test' + register: result + +- name: Assert that we get the appropriate status_code + assert: + that: + - "'status_code' in result" + - "result.status_code == 304" + +# https://github.com/ansible/ansible/issues/29614 +- name: Change mode on an already downloaded file and specify checksum + get_url: + url: 'https://{{ httpbin_host }}/base64/cHR1eA==' + dest: '{{ remote_tmp_dir }}/test' + checksum: 'sha256:b1b6ce5073c8fac263a8fc5edfffdbd5dec1980c784e09c5bc69f8fb6056f006.' + mode: '0775' + register: result + +- stat: + path: "{{ remote_tmp_dir }}/test" + register: stat_result + +- name: Assert that file permissions on already downloaded file were changed + assert: + that: + - result is changed + - "stat_result.stat.mode == '0775'" + +- name: test checksum match in check mode + get_url: + url: 'https://{{ httpbin_host }}/base64/cHR1eA==' + dest: '{{ remote_tmp_dir }}/test' + checksum: 'sha256:b1b6ce5073c8fac263a8fc5edfffdbd5dec1980c784e09c5bc69f8fb6056f006.' + check_mode: True + register: result + +- name: Assert that check mode was green + assert: + that: + - result is not changed + +- name: Get a file that already exists with a checksum + get_url: + url: 'https://{{ httpbin_host }}/cache' + dest: '{{ remote_tmp_dir }}/test' + checksum: 'sha1:{{ stat_result.stat.checksum }}' + register: result + +- name: Assert that the file was not downloaded + assert: + that: + - result.msg == 'file already exists' + +- name: Get a file that already exists + get_url: + url: 'https://{{ httpbin_host }}/cache' + dest: '{{ remote_tmp_dir }}/test' + register: result + +- name: Assert that we didn't re-download unnecessarily + assert: + that: + - result is not changed + - "'304' in result.msg" + +- name: get a file that doesn't respond to If-Modified-Since without checksum + get_url: + url: 'https://{{ httpbin_host }}/get' + dest: '{{ remote_tmp_dir }}/test' + register: result + +- name: Assert that we downloaded the file + assert: + that: + - result is changed + +# https://github.com/ansible/ansible/issues/27617 + +- name: set role facts + set_fact: + http_port: 27617 + files_dir: '{{ remote_tmp_dir }}/files' + +- name: create files_dir + file: + dest: "{{ files_dir }}" + state: directory + +- name: create src file + copy: + dest: '{{ files_dir }}/27617.txt' + content: "ptux" + +- name: create duplicate src file + copy: + dest: '{{ files_dir }}/71420.txt' + content: "ptux" + +- name: create sha1 checksum file of src + copy: + dest: '{{ files_dir }}/sha1sum.txt' + content: | + a97e6837f60cec6da4491bab387296bbcd72bdba 27617.txt + a97e6837f60cec6da4491bab387296bbcd72bdba 71420.txt + 3911340502960ca33aece01129234460bfeb2791 not_target1.txt + 1b4b6adf30992cedb0f6edefd6478ff0a593b2e4 not_target2.txt + +- name: create sha256 checksum file of src + copy: + dest: '{{ files_dir }}/sha256sum.txt' + content: | + b1b6ce5073c8fac263a8fc5edfffdbd5dec1980c784e09c5bc69f8fb6056f006. 27617.txt + b1b6ce5073c8fac263a8fc5edfffdbd5dec1980c784e09c5bc69f8fb6056f006. 71420.txt + 30949cc401e30ac494d695ab8764a9f76aae17c5d73c67f65e9b558f47eff892 not_target1.txt + d0dbfc1945bc83bf6606b770e442035f2c4e15c886ee0c22fb3901ba19900b5b not_target2.txt + +- name: create sha256 checksum file of src with a dot leading path + copy: + dest: '{{ files_dir }}/sha256sum_with_dot.txt' + content: | + b1b6ce5073c8fac263a8fc5edfffdbd5dec1980c784e09c5bc69f8fb6056f006. ./27617.txt + b1b6ce5073c8fac263a8fc5edfffdbd5dec1980c784e09c5bc69f8fb6056f006. ./71420.txt + 30949cc401e30ac494d695ab8764a9f76aae17c5d73c67f65e9b558f47eff892 ./not_target1.txt + d0dbfc1945bc83bf6606b770e442035f2c4e15c886ee0c22fb3901ba19900b5b ./not_target2.txt + +- name: create sha256 checksum file of src with a * leading path + copy: + dest: '{{ files_dir }}/sha256sum_with_asterisk.txt' + content: | + b1b6ce5073c8fac263a8fc5edfffdbd5dec1980c784e09c5bc69f8fb6056f006. *27617.txt + b1b6ce5073c8fac263a8fc5edfffdbd5dec1980c784e09c5bc69f8fb6056f006. *71420.txt + 30949cc401e30ac494d695ab8764a9f76aae17c5d73c67f65e9b558f47eff892 *not_target1.txt + d0dbfc1945bc83bf6606b770e442035f2c4e15c886ee0c22fb3901ba19900b5b *not_target2.txt + +# completing 27617 with bug 54390 +- name: create sha256 checksum only with no filename inside + copy: + dest: '{{ files_dir }}/sha256sum_checksum_only.txt' + content: | + b1b6ce5073c8fac263a8fc5edfffdbd5dec1980c784e09c5bc69f8fb6056f006 + +- copy: + src: "testserver.py" + dest: "{{ remote_tmp_dir }}/testserver.py" + +- name: start SimpleHTTPServer for issues 27617 + shell: cd {{ files_dir }} && {{ ansible_python.executable }} {{ remote_tmp_dir}}/testserver.py {{ http_port }} + async: 90 + poll: 0 + +- name: Wait for SimpleHTTPServer to come up online + wait_for: + host: 'localhost' + port: '{{ http_port }}' + state: started + +- name: download src with sha1 checksum url in check mode + get_url: + url: 'http://localhost:{{ http_port }}/27617.txt' + dest: '{{ remote_tmp_dir }}' + checksum: 'sha1:http://localhost:{{ http_port }}/sha1sum.txt' + register: result_sha1_check_mode + check_mode: True + +- name: download src with sha1 checksum url + get_url: + url: 'http://localhost:{{ http_port }}/27617.txt' + dest: '{{ remote_tmp_dir }}' + checksum: 'sha1:http://localhost:{{ http_port }}/sha1sum.txt' + register: result_sha1 + +- stat: + path: "{{ remote_tmp_dir }}/27617.txt" + register: stat_result_sha1 + +- name: download src with sha256 checksum url + get_url: + url: 'http://localhost:{{ http_port }}/27617.txt' + dest: '{{ remote_tmp_dir }}/27617sha256.txt' + checksum: 'sha256:http://localhost:{{ http_port }}/sha256sum.txt' + register: result_sha256 + +- stat: + path: "{{ remote_tmp_dir }}/27617.txt" + register: stat_result_sha256 + +- name: download src with sha256 checksum url with dot leading paths + get_url: + url: 'http://localhost:{{ http_port }}/27617.txt' + dest: '{{ remote_tmp_dir }}/27617sha256_with_dot.txt' + checksum: 'sha256:http://localhost:{{ http_port }}/sha256sum_with_dot.txt' + register: result_sha256_with_dot + +- stat: + path: "{{ remote_tmp_dir }}/27617sha256_with_dot.txt" + register: stat_result_sha256_with_dot + +- name: download src with sha256 checksum url with asterisk leading paths + get_url: + url: 'http://localhost:{{ http_port }}/27617.txt' + dest: '{{ remote_tmp_dir }}/27617sha256_with_asterisk.txt' + checksum: 'sha256:http://localhost:{{ http_port }}/sha256sum_with_asterisk.txt' + register: result_sha256_with_asterisk + +- stat: + path: "{{ remote_tmp_dir }}/27617sha256_with_asterisk.txt" + register: stat_result_sha256_with_asterisk + +- name: download src with sha256 checksum url with file scheme + get_url: + url: 'http://localhost:{{ http_port }}/27617.txt' + dest: '{{ remote_tmp_dir }}/27617sha256_with_file_scheme.txt' + checksum: 'sha256:file://{{ files_dir }}/sha256sum.txt' + register: result_sha256_with_file_scheme + +- stat: + path: "{{ remote_tmp_dir }}/27617sha256_with_dot.txt" + register: stat_result_sha256_with_file_scheme + +- name: download 71420.txt with sha1 checksum url + get_url: + url: 'http://localhost:{{ http_port }}/71420.txt' + dest: '{{ remote_tmp_dir }}' + checksum: 'sha1:http://localhost:{{ http_port }}/sha1sum.txt' + register: result_sha1_71420 + +- stat: + path: "{{ remote_tmp_dir }}/71420.txt" + register: stat_result_sha1_71420 + +- name: download 71420.txt with sha256 checksum url + get_url: + url: 'http://localhost:{{ http_port }}/71420.txt' + dest: '{{ remote_tmp_dir }}/71420sha256.txt' + checksum: 'sha256:http://localhost:{{ http_port }}/sha256sum.txt' + register: result_sha256_71420 + +- stat: + path: "{{ remote_tmp_dir }}/71420.txt" + register: stat_result_sha256_71420 + +- name: download 71420.txt with sha256 checksum url with dot leading paths + get_url: + url: 'http://localhost:{{ http_port }}/71420.txt' + dest: '{{ remote_tmp_dir }}/71420sha256_with_dot.txt' + checksum: 'sha256:http://localhost:{{ http_port }}/sha256sum_with_dot.txt' + register: result_sha256_with_dot_71420 + +- stat: + path: "{{ remote_tmp_dir }}/71420sha256_with_dot.txt" + register: stat_result_sha256_with_dot_71420 + +- name: download 71420.txt with sha256 checksum url with asterisk leading paths + get_url: + url: 'http://localhost:{{ http_port }}/71420.txt' + dest: '{{ remote_tmp_dir }}/71420sha256_with_asterisk.txt' + checksum: 'sha256:http://localhost:{{ http_port }}/sha256sum_with_asterisk.txt' + register: result_sha256_with_asterisk_71420 + +- stat: + path: "{{ remote_tmp_dir }}/71420sha256_with_asterisk.txt" + register: stat_result_sha256_with_asterisk_71420 + +- name: download 71420.txt with sha256 checksum url with file scheme + get_url: + url: 'http://localhost:{{ http_port }}/71420.txt' + dest: '{{ remote_tmp_dir }}/71420sha256_with_file_scheme.txt' + checksum: 'sha256:file://{{ files_dir }}/sha256sum.txt' + register: result_sha256_with_file_scheme_71420 + +- stat: + path: "{{ remote_tmp_dir }}/71420sha256_with_dot.txt" + register: stat_result_sha256_with_file_scheme_71420 + +- name: download src with sha256 checksum url with no filename + get_url: + url: 'http://localhost:{{ http_port }}/27617.txt' + dest: '{{ remote_tmp_dir }}/27617sha256_with_no_filename.txt' + checksum: 'sha256:http://localhost:{{ http_port }}/sha256sum_checksum_only.txt' + register: result_sha256_checksum_only + +- stat: + path: "{{ remote_tmp_dir }}/27617.txt" + register: stat_result_sha256_checksum_only + +- name: Assert that the file was downloaded + assert: + that: + - result_sha1 is changed + - result_sha1_check_mode is changed + - result_sha256 is changed + - result_sha256_with_dot is changed + - result_sha256_with_asterisk is changed + - result_sha256_with_file_scheme is changed + - "stat_result_sha1.stat.exists == true" + - "stat_result_sha256.stat.exists == true" + - "stat_result_sha256_with_dot.stat.exists == true" + - "stat_result_sha256_with_asterisk.stat.exists == true" + - "stat_result_sha256_with_file_scheme.stat.exists == true" + - result_sha1_71420 is changed + - result_sha256_71420 is changed + - result_sha256_with_dot_71420 is changed + - result_sha256_with_asterisk_71420 is changed + - result_sha256_checksum_only is changed + - result_sha256_with_file_scheme_71420 is changed + - "stat_result_sha1_71420.stat.exists == true" + - "stat_result_sha256_71420.stat.exists == true" + - "stat_result_sha256_with_dot_71420.stat.exists == true" + - "stat_result_sha256_with_asterisk_71420.stat.exists == true" + - "stat_result_sha256_with_file_scheme_71420.stat.exists == true" + - "stat_result_sha256_checksum_only.stat.exists == true" + +#https://github.com/ansible/ansible/issues/16191 +- name: Test url split with no filename + get_url: + url: https://{{ httpbin_host }} + dest: "{{ remote_tmp_dir }}" + +- name: Test headers dict + get_url: + url: https://{{ httpbin_host }}/headers + headers: + Foo: bar + Baz: qux + dest: "{{ remote_tmp_dir }}/headers_dict.json" + +- name: Get downloaded file + slurp: + src: "{{ remote_tmp_dir }}/headers_dict.json" + register: result + +- name: Test headers dict + assert: + that: + - (result.content | b64decode | from_json).headers.get('Foo') == 'bar' + - (result.content | b64decode | from_json).headers.get('Baz') == 'qux' + +- name: Test gzip decompression + get_url: + url: https://{{ httpbin_host }}/gzip + dest: "{{ remote_tmp_dir }}/gzip.json" + +- name: Get gzip file contents + slurp: + path: "{{ remote_tmp_dir }}/gzip.json" + register: gzip_json + +- name: validate gzip decompression + assert: + that: + - (gzip_json.content|b64decode|from_json).gzipped + +- name: Test gzip no decompression + get_url: + url: https://{{ httpbin_host }}/gzip + dest: "{{ remote_tmp_dir }}/gzip.json.gz" + decompress: no + +- name: Get gzip file contents + command: 'gunzip -c {{ remote_tmp_dir }}/gzip.json.gz' + register: gzip_json + +- name: validate gzip no decompression + assert: + that: + - (gzip_json.stdout|from_json).gzipped + +- name: Test client cert auth, with certs + get_url: + url: "https://ansible.http.tests/ssl_client_verify" + client_cert: "{{ remote_tmp_dir }}/client.pem" + client_key: "{{ remote_tmp_dir }}/client.key" + dest: "{{ remote_tmp_dir }}/ssl_client_verify" + when: has_httptester + +- name: Get downloaded file + slurp: + src: "{{ remote_tmp_dir }}/ssl_client_verify" + register: result + when: has_httptester + +- name: Assert that the ssl_client_verify file contains the correct content + assert: + that: + - '(result.content | b64decode) == "ansible.http.tests:SUCCESS"' + when: has_httptester + +- name: test unredirected_headers + get_url: + url: 'https://{{ httpbin_host }}/redirect-to?status_code=301&url=/basic-auth/user/passwd' + username: user + password: passwd + force_basic_auth: true + unredirected_headers: + - authorization + dest: "{{ remote_tmp_dir }}/doesnt_matter" + ignore_errors: true + register: unredirected_headers + +- name: test unredirected_headers + get_url: + url: 'https://{{ httpbin_host }}/redirect-to?status_code=301&url=/basic-auth/user/passwd' + username: user + password: passwd + force_basic_auth: true + dest: "{{ remote_tmp_dir }}/doesnt_matter" + register: redirected_headers + +- name: ensure unredirected_headers caused auth to fail + assert: + that: + - unredirected_headers is failed + - unredirected_headers.status_code == 401 + - redirected_headers is successful + - redirected_headers.status_code == 200 + +- name: Test use_gssapi=True + include_tasks: + file: use_gssapi.yml + apply: + environment: + KRB5_CONFIG: '{{ krb5_config }}' + KRB5CCNAME: FILE:{{ remote_tmp_dir }}/krb5.cc + when: krb5_config is defined + +- name: Test ciphers + import_tasks: ciphers.yml + +- name: Test use_netrc=False + import_tasks: use_netrc.yml diff --git a/test/integration/targets/get_url/tasks/use_gssapi.yml b/test/integration/targets/get_url/tasks/use_gssapi.yml new file mode 100644 index 0000000..f3d2d1f --- /dev/null +++ b/test/integration/targets/get_url/tasks/use_gssapi.yml @@ -0,0 +1,45 @@ +- name: test Negotiate auth over HTTP with explicit credentials + get_url: + url: http://{{ httpbin_host }}/gssapi + dest: '{{ remote_tmp_dir }}/gssapi_explicit.txt' + use_gssapi: yes + url_username: '{{ krb5_username }}' + url_password: '{{ krb5_password }}' + register: http_explicit + +- name: get result of test Negotiate auth over HTTP with explicit credentials + slurp: + path: '{{ remote_tmp_dir }}/gssapi_explicit.txt' + register: http_explicit_actual + +- name: assert test Negotiate auth with implicit credentials + assert: + that: + - http_explicit.status_code == 200 + - http_explicit_actual.content | b64decode | trim == 'Microsoft Rulz' + +- name: skip tests on macOS, I cannot seem to get it to read a credential from a custom ccache + when: ansible_facts.distribution != 'MacOSX' + block: + - name: get Kerberos ticket for implicit auth tests + httptester_kinit: + username: '{{ krb5_username }}' + password: '{{ krb5_password }}' + + - name: test Negotiate auth over HTTPS with implicit credentials + get_url: + url: https://{{ httpbin_host }}/gssapi + dest: '{{ remote_tmp_dir }}/gssapi_implicit.txt' + use_gssapi: yes + register: https_implicit + + - name: get result of test Negotiate auth over HTTPS with implicit credentials + slurp: + path: '{{ remote_tmp_dir }}/gssapi_implicit.txt' + register: https_implicit_actual + + - name: assert test Negotiate auth with implicit credentials + assert: + that: + - https_implicit.status_code == 200 + - https_implicit_actual.content | b64decode | trim == 'Microsoft Rulz' diff --git a/test/integration/targets/get_url/tasks/use_netrc.yml b/test/integration/targets/get_url/tasks/use_netrc.yml new file mode 100644 index 0000000..e1852a8 --- /dev/null +++ b/test/integration/targets/get_url/tasks/use_netrc.yml @@ -0,0 +1,67 @@ +- name: Write out netrc + copy: + dest: "{{ remote_tmp_dir }}/netrc" + content: | + machine {{ httpbin_host }} + login foo + password bar + +- name: Test Bearer authorization is failed with netrc + get_url: + url: https://{{ httpbin_host }}/bearer + headers: + Authorization: Bearer foobar + dest: "{{ remote_tmp_dir }}/msg.txt" + ignore_errors: yes + environment: + NETRC: "{{ remote_tmp_dir }}/netrc" + +- name: Read msg.txt file + ansible.builtin.slurp: + src: "{{ remote_tmp_dir }}/msg.txt" + register: response_failed + +- name: Parse token from msg.txt + set_fact: + token: "{{ (response_failed['content'] | b64decode | from_json).token }}" + +- name: assert Test Bearer authorization is failed with netrc + assert: + that: + - "token.find('v=' ~ 'Zm9vOmJhcg') == -1" + fail_msg: "Was expecting 'foo:bar' in base64, but received: {{ response_failed['content'] | b64decode | from_json }}" + success_msg: "Expected Basic authentication even Bearer headers were sent" + +- name: Test Bearer authorization is successfull with use_netrc=False + get_url: + url: https://{{ httpbin_host }}/bearer + use_netrc: false + headers: + Authorization: Bearer foobar + dest: "{{ remote_tmp_dir }}/msg.txt" + environment: + NETRC: "{{ remote_tmp_dir }}/netrc" + +- name: Read msg.txt file + ansible.builtin.slurp: + src: "{{ remote_tmp_dir }}/msg.txt" + register: response + +- name: Parse token from msg.txt + set_fact: + token: "{{ (response['content'] | b64decode | from_json).token }}" + +- name: assert Test Bearer authorization is successfull with use_netrc=False + assert: + that: + - "token.find('v=' ~ 'foobar') == -1" + fail_msg: "Was expecting Bearer token 'foobar', but received: {{ response['content'] | b64decode | from_json }}" + success_msg: "Bearer authentication successfull without netrc" + +- name: Clean up + file: + path: "{{ item }}" + state: absent + with_items: + - "{{ remote_tmp_dir }}/netrc" + - "{{ remote_tmp_dir }}/msg.txt"
\ No newline at end of file |