diff options
Diffstat (limited to 'test/integration/targets/no_log')
-rw-r--r-- | test/integration/targets/no_log/aliases | 2 | ||||
-rw-r--r-- | test/integration/targets/no_log/dynamic.yml | 27 | ||||
-rw-r--r-- | test/integration/targets/no_log/library/module.py | 45 | ||||
-rw-r--r-- | test/integration/targets/no_log/no_log_local.yml | 92 | ||||
-rw-r--r-- | test/integration/targets/no_log/no_log_suboptions.yml | 24 | ||||
-rw-r--r-- | test/integration/targets/no_log/no_log_suboptions_invalid.yml | 45 | ||||
-rwxr-xr-x | test/integration/targets/no_log/runme.sh | 21 |
7 files changed, 256 insertions, 0 deletions
diff --git a/test/integration/targets/no_log/aliases b/test/integration/targets/no_log/aliases new file mode 100644 index 0000000..498fedd --- /dev/null +++ b/test/integration/targets/no_log/aliases @@ -0,0 +1,2 @@ +shippable/posix/group4 +context/controller diff --git a/test/integration/targets/no_log/dynamic.yml b/test/integration/targets/no_log/dynamic.yml new file mode 100644 index 0000000..4a1123d --- /dev/null +++ b/test/integration/targets/no_log/dynamic.yml @@ -0,0 +1,27 @@ +- name: test dynamic no log + hosts: testhost + gather_facts: no + ignore_errors: yes + tasks: + - name: no loop, task fails, dynamic no_log + debug: + msg: "SHOW {{ var_does_not_exist }}" + no_log: "{{ not (unsafe_show_logs|bool) }}" + + - name: loop, task succeeds, dynamic does no_log + debug: + msg: "SHOW {{ item }}" + loop: + - a + - b + - c + no_log: "{{ not (unsafe_show_logs|bool) }}" + + - name: loop, task fails, dynamic no_log + debug: + msg: "SHOW {{ var_does_not_exist }}" + loop: + - a + - b + - c + no_log: "{{ not (unsafe_show_logs|bool) }}" diff --git a/test/integration/targets/no_log/library/module.py b/test/integration/targets/no_log/library/module.py new file mode 100644 index 0000000..d4f3c56 --- /dev/null +++ b/test/integration/targets/no_log/library/module.py @@ -0,0 +1,45 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# Copyright (c) 2019 Ansible Project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +from ansible.module_utils.basic import AnsibleModule + + +def main(): + module = AnsibleModule( + argument_spec={ + 'state': {}, + 'secret': {'no_log': True}, + 'subopt_dict': { + 'type': 'dict', + 'options': { + 'str_sub_opt1': {'no_log': True}, + 'str_sub_opt2': {}, + 'nested_subopt': { + 'type': 'dict', + 'options': { + 'n_subopt1': {'no_log': True}, + } + } + } + }, + 'subopt_list': { + 'type': 'list', + 'elements': 'dict', + 'options': { + 'subopt1': {'no_log': True}, + 'subopt2': {}, + } + } + + } + ) + module.exit_json(msg='done') + + +if __name__ == '__main__': + main() diff --git a/test/integration/targets/no_log/no_log_local.yml b/test/integration/targets/no_log/no_log_local.yml new file mode 100644 index 0000000..aacf7de --- /dev/null +++ b/test/integration/targets/no_log/no_log_local.yml @@ -0,0 +1,92 @@ +# TODO: test against real connection plugins to ensure they're not leaking module args + +- name: normal play + hosts: testhost + gather_facts: no + tasks: + - name: args should be logged in the absence of no_log + shell: echo "LOG_ME_TASK_SUCCEEDED" + + - name: failed args should be logged in the absence of no_log + shell: echo "LOG_ME_TASK_FAILED" + failed_when: true + ignore_errors: true + + - name: item args should be logged in the absence of no_log + shell: echo {{ item }} + with_items: [ "LOG_ME_ITEM", "LOG_ME_SKIPPED", "LOG_ME_ITEM_FAILED" ] + when: item != "LOG_ME_SKIPPED" + failed_when: item == "LOG_ME_ITEM_FAILED" + ignore_errors: true + + - name: args should not be logged when task-level no_log set + shell: echo "DO_NOT_LOG_TASK_SUCCEEDED" + no_log: true + + - name: failed args should not be logged when task-level no_log set + shell: echo "DO_NOT_LOG_TASK_FAILED" + no_log: true + failed_when: true + ignore_errors: true + + - name: skipped task args should be suppressed with no_log + shell: echo "DO_NOT_LOG_TASK_SKIPPED" + no_log: true + when: false + + - name: items args should be suppressed with no_log in every state + shell: echo {{ item }} + no_log: true + with_items: [ "DO_NOT_LOG_ITEM", "DO_NOT_LOG_ITEM_SKIPPED", "DO_NOT_LOG_ITEM_FAILED" ] + when: item != "DO_NOT_LOG_ITEM_SKIPPED" + failed_when: item == "DO_NOT_LOG_ITEM_FAILED" + ignore_errors: yes + + - name: async task args should suppressed with no_log + async: 10 + poll: 1 + shell: echo "DO_NOT_LOG_ASYNC_TASK_SUCCEEDED" + no_log: true + +- name: play-level no_log set + hosts: testhost + gather_facts: no + no_log: true + tasks: + - name: args should not be logged when play-level no_log set + shell: echo "DO_NOT_LOG_PLAY" + + - name: args should not be logged when both play- and task-level no_log set + shell: echo "DO_NOT_LOG_TASK_AND_PLAY" + no_log: true + + - name: args should be logged when task-level no_log overrides play-level + shell: echo "LOG_ME_OVERRIDE" + no_log: false + + - name: Add a fake host for next play + add_host: + hostname: fake + +- name: use 'fake' unreachable host to force unreachable error + hosts: fake + gather_facts: no + connection: ssh + tasks: + - name: 'EXPECTED FAILURE: Fail to run a lineinfile task' + vars: + logins: + - machine: foo + login: bar + password: DO_NOT_LOG_UNREACHABLE_ITEM + - machine: two + login: three + password: DO_NOT_LOG_UNREACHABLE_ITEM + lineinfile: + path: /dev/null + mode: 0600 + create: true + insertafter: EOF + line: "machine {{ item.machine }} login {{ item.login }} password {{ item.password }}" + loop: "{{ logins }}" + no_log: true diff --git a/test/integration/targets/no_log/no_log_suboptions.yml b/test/integration/targets/no_log/no_log_suboptions.yml new file mode 100644 index 0000000..e67ecfe --- /dev/null +++ b/test/integration/targets/no_log/no_log_suboptions.yml @@ -0,0 +1,24 @@ +- name: test no log with suboptions + hosts: testhost + gather_facts: no + + tasks: + - name: Task with suboptions + module: + secret: GLAMOROUS + subopt_dict: + str_sub_opt1: AFTERMATH + str_sub_opt2: otherstring + nested_subopt: + n_subopt1: MANPOWER + + subopt_list: + - subopt1: UNTAPPED + subopt2: thridstring + + - subopt1: CONCERNED + + - name: Task with suboptions as string + module: + secret: MARLIN + subopt_dict: str_sub_opt1=FLICK diff --git a/test/integration/targets/no_log/no_log_suboptions_invalid.yml b/test/integration/targets/no_log/no_log_suboptions_invalid.yml new file mode 100644 index 0000000..933a8a9 --- /dev/null +++ b/test/integration/targets/no_log/no_log_suboptions_invalid.yml @@ -0,0 +1,45 @@ +- name: test no log with suboptions + hosts: testhost + gather_facts: no + ignore_errors: yes + + tasks: + - name: Task with suboptions and invalid parameter + module: + secret: SUPREME + invalid: param + subopt_dict: + str_sub_opt1: IDIOM + str_sub_opt2: otherstring + nested_subopt: + n_subopt1: MOCKUP + + subopt_list: + - subopt1: EDUCATED + subopt2: thridstring + - subopt1: FOOTREST + + - name: Task with suboptions as string with invalid parameter + module: + secret: FOOTREST + invalid: param + subopt_dict: str_sub_opt1=CRAFTY + + - name: Task with suboptions with dict instead of list + module: + secret: FELINE + subopt_dict: + str_sub_opt1: CRYSTAL + str_sub_opt2: otherstring + nested_subopt: + n_subopt1: EXPECTANT + subopt_list: + foo: bar + + - name: Task with suboptions with incorrect data type + module: + secret: AGROUND + subopt_dict: 9068.21361 + subopt_list: + - subopt1: GOLIATH + - subopt1: FREEFALL diff --git a/test/integration/targets/no_log/runme.sh b/test/integration/targets/no_log/runme.sh new file mode 100755 index 0000000..bb5c048 --- /dev/null +++ b/test/integration/targets/no_log/runme.sh @@ -0,0 +1,21 @@ +#!/usr/bin/env bash + +set -eux + +# This test expects 7 loggable vars and 0 non-loggable ones. +# If either mismatches it fails, run the ansible-playbook command to debug. +[ "$(ansible-playbook no_log_local.yml -i ../../inventory -vvvvv "$@" | awk \ +'BEGIN { logme = 0; nolog = 0; } /LOG_ME/ { logme += 1;} /DO_NOT_LOG/ { nolog += 1;} END { printf "%d/%d", logme, nolog; }')" = "26/0" ] + +# deal with corner cases with no log and loops +# no log enabled, should produce 6 censored messages +[ "$(ansible-playbook dynamic.yml -i ../../inventory -vvvvv "$@" -e unsafe_show_logs=no|grep -c 'output has been hidden')" = "6" ] + +# no log disabled, should produce 0 censored +[ "$(ansible-playbook dynamic.yml -i ../../inventory -vvvvv "$@" -e unsafe_show_logs=yes|grep -c 'output has been hidden')" = "0" ] + +# test no log for sub options +[ "$(ansible-playbook no_log_suboptions.yml -i ../../inventory -vvvvv "$@" | grep -Ec '(MANPOWER|UNTAPPED|CONCERNED|MARLIN|FLICK)')" = "0" ] + +# test invalid data passed to a suboption +[ "$(ansible-playbook no_log_suboptions_invalid.yml -i ../../inventory -vvvvv "$@" | grep -Ec '(SUPREME|IDIOM|MOCKUP|EDUCATED|FOOTREST|CRAFTY|FELINE|CRYSTAL|EXPECTANT|AGROUND|GOLIATH|FREEFALL)')" = "0" ] |