From 8a754e0858d922e955e71b253c139e071ecec432 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 28 Apr 2024 18:04:21 +0200 Subject: Adding upstream version 2.14.3. Signed-off-by: Daniel Baumann --- .../targets/lookup_password/tasks/main.yml | 149 +++++++++++++++++++++ 1 file changed, 149 insertions(+) create mode 100644 test/integration/targets/lookup_password/tasks/main.yml (limited to 'test/integration/targets/lookup_password/tasks/main.yml') diff --git a/test/integration/targets/lookup_password/tasks/main.yml b/test/integration/targets/lookup_password/tasks/main.yml new file mode 100644 index 0000000..dacf032 --- /dev/null +++ b/test/integration/targets/lookup_password/tasks/main.yml @@ -0,0 +1,149 @@ +- name: create a password file + set_fact: + newpass: "{{ lookup('password', output_dir + '/lookup/password length=8') }}" + +- name: stat the password file directory + stat: path="{{output_dir}}/lookup" + register: result + +- name: assert the directory's permissions + assert: + that: + - result.stat.mode == '0700' + +- name: stat the password file + stat: path="{{output_dir}}/lookup/password" + register: result + +- name: assert the directory's permissions + assert: + that: + - result.stat.mode == '0600' + +- name: get password length + shell: wc -c {{output_dir}}/lookup/password | awk '{print $1}' + register: wc_result + +- debug: var=wc_result.stdout + +- name: read password + shell: cat {{output_dir}}/lookup/password + register: cat_result + +- debug: var=cat_result.stdout + +- name: verify password + assert: + that: + - "wc_result.stdout == '9'" + - "cat_result.stdout == newpass" + - "' salt=' not in cat_result.stdout" + +- name: fetch password from an existing file + set_fact: + pass2: "{{ lookup('password', output_dir + '/lookup/password length=8') }}" + +- name: read password (again) + shell: cat {{output_dir}}/lookup/password + register: cat_result2 + +- debug: var=cat_result2.stdout + +- name: verify password (again) + assert: + that: + - "cat_result2.stdout == newpass" + - "' salt=' not in cat_result2.stdout" + + + +- name: create a password (with salt) file + debug: msg={{ lookup('password', output_dir + '/lookup/password_with_salt encrypt=sha256_crypt') }} + +- name: read password and salt + shell: cat {{output_dir}}/lookup/password_with_salt + register: cat_pass_salt + +- debug: var=cat_pass_salt.stdout + +- name: fetch unencrypted password + set_fact: + newpass: "{{ lookup('password', output_dir + '/lookup/password_with_salt') }}" + +- debug: var=newpass + +- name: verify password and salt + assert: + that: + - "cat_pass_salt.stdout != newpass" + - "cat_pass_salt.stdout.startswith(newpass)" + - "' salt=' in cat_pass_salt.stdout" + - "' salt=' not in newpass" + + +- name: fetch unencrypted password (using empty encrypt parameter) + set_fact: + newpass2: "{{ lookup('password', output_dir + '/lookup/password_with_salt encrypt=') }}" + +- name: verify lookup password behavior + assert: + that: + - "newpass == newpass2" + +- name: verify that we can generate a 1st password without writing it + set_fact: + newpass: "{{ lookup('password', '/dev/null') }}" + +- name: verify that we can generate a 2nd password without writing it + set_fact: + newpass2: "{{ lookup('password', '/dev/null') }}" + +- name: verify lookup password behavior with /dev/null + assert: + that: + - "newpass != newpass2" + +- name: test both types of args and that seed guarantees same results + vars: + pns: "{{passwords_noseed['results']}}" + inl: "{{passwords_inline['results']}}" + kv: "{{passwords['results']}}" + l: [1, 2, 3] + block: + - name: generate passwords w/o seed + debug: + msg: '{{ lookup("password", "/dev/null")}}' + loop: "{{ l }}" + register: passwords_noseed + + - name: verify they are all different, this is not guaranteed, but statisically almost impossible + assert: + that: + - pns[0]['msg'] != pns[1]['msg'] + - pns[0]['msg'] != pns[2]['msg'] + - pns[1]['msg'] != pns[2]['msg'] + + - name: generate passwords, with seed inline + debug: + msg: '{{ lookup("password", "/dev/null seed=foo")}}' + loop: "{{ l }}" + register: passwords_inline + + - name: verify they are all the same + assert: + that: + - inl[0]['msg'] == inl[1]['msg'] + - inl[0]['msg'] == inl[2]['msg'] + + - name: generate passwords, with seed k=v + debug: + msg: '{{ lookup("password", "/dev/null", seed="foo")}}' + loop: "{{ l }}" + register: passwords + + - name: verify they are all the same + assert: + that: + - kv[0]['msg'] == kv[1]['msg'] + - kv[0]['msg'] == kv[2]['msg'] + - kv[0]['msg'] == inl[0]['msg'] -- cgit v1.2.3