summaryrefslogtreecommitdiffstats
path: root/ansible_collections/cyberark/conjur/tests
diff options
context:
space:
mode:
Diffstat (limited to 'ansible_collections/cyberark/conjur/tests')
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/.dockerignore1
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/.pytest_cache/.gitignore2
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/.pytest_cache/CACHEDIR.TAG4
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/.pytest_cache/README.md8
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/.pytest_cache/v/cache/nodeids11
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/.pytest_cache/v/cache/stepwise1
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/Dockerfile31
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/Dockerfile_nginx17
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/docker-compose.yml67
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable1
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-bad-cert-path1
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-bad-certs1
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-disable-verify-certs1
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-into-file1
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-no-cert-provided1
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-with-authn-token1
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-with-authn-token-bad-cert1
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-with-spaces-secret1
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/policy/root.yml21
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/proxy/default.conf29
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/proxy/ssl.conf39
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/pytest.ini2
-rwxr-xr-xansible_collections/cyberark/conjur/tests/conjur_variable/test.sh225
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-cert-path/env1
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-cert-path/playbook.yml15
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-cert-path/tests/test_default.py13
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-certs/bad-cert.pem41
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-certs/env1
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-certs/playbook.yml15
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-certs/tests/test_default.py13
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-disable-verify-certs/playbook.yml14
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-disable-verify-certs/tests/test_default.py17
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-into-file/env1
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-into-file/playbook.yml14
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-into-file/tests/test_default.py22
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-no-cert-provided/playbook.yml15
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-no-cert-provided/tests/test_default.py13
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token-bad-cert/bad-cert.pem41
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token-bad-cert/env4
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token-bad-cert/playbook.yml15
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token-bad-cert/tests/test_default.py13
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/env4
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/playbook.yml14
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/tests/test_default.py17
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/env1
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/playbook.yml14
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/tests/test_default.py17
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable/env1
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable/playbook.yml14
-rw-r--r--ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable/tests/test_default.py17
-rw-r--r--ansible_collections/cyberark/conjur/tests/sanity/ignore-2.10.txt10
-rw-r--r--ansible_collections/cyberark/conjur/tests/sanity/ignore-2.11.txt10
-rw-r--r--ansible_collections/cyberark/conjur/tests/sanity/ignore-2.12.txt10
-rw-r--r--ansible_collections/cyberark/conjur/tests/sanity/ignore-2.13.txt10
-rw-r--r--ansible_collections/cyberark/conjur/tests/sanity/ignore-2.14.txt11
-rw-r--r--ansible_collections/cyberark/conjur/tests/sanity/ignore-2.9.txt8
-rw-r--r--ansible_collections/cyberark/conjur/tests/unit/Dockerfile8
-rw-r--r--ansible_collections/cyberark/conjur/tests/unit/plugins/lookup/__init__.py0
-rw-r--r--ansible_collections/cyberark/conjur/tests/unit/plugins/lookup/test_conjur_variable.py159
-rw-r--r--ansible_collections/cyberark/conjur/tests/unit/requirements.txt14
60 files changed, 1074 insertions, 0 deletions
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/.dockerignore b/ansible_collections/cyberark/conjur/tests/conjur_variable/.dockerignore
new file mode 100644
index 000000000..5ed3ebd29
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/.dockerignore
@@ -0,0 +1 @@
+conjur-intro/ \ No newline at end of file
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/.pytest_cache/.gitignore b/ansible_collections/cyberark/conjur/tests/conjur_variable/.pytest_cache/.gitignore
new file mode 100644
index 000000000..bc1a1f616
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/.pytest_cache/.gitignore
@@ -0,0 +1,2 @@
+# Created by pytest automatically.
+*
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/.pytest_cache/CACHEDIR.TAG b/ansible_collections/cyberark/conjur/tests/conjur_variable/.pytest_cache/CACHEDIR.TAG
new file mode 100644
index 000000000..fce15ad7e
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/.pytest_cache/CACHEDIR.TAG
@@ -0,0 +1,4 @@
+Signature: 8a477f597d28d172789f06886806bc55
+# This file is a cache directory tag created by pytest.
+# For information about cache directory tags, see:
+# https://bford.info/cachedir/spec.html
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/.pytest_cache/README.md b/ansible_collections/cyberark/conjur/tests/conjur_variable/.pytest_cache/README.md
new file mode 100644
index 000000000..b89018ced
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/.pytest_cache/README.md
@@ -0,0 +1,8 @@
+# pytest cache directory #
+
+This directory contains data from the pytest's cache plugin,
+which provides the `--lf` and `--ff` options, as well as the `cache` fixture.
+
+**Do not** commit this to version control.
+
+See [the docs](https://docs.pytest.org/en/stable/how-to/cache.html) for more information.
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/.pytest_cache/v/cache/nodeids b/ansible_collections/cyberark/conjur/tests/conjur_variable/.pytest_cache/v/cache/nodeids
new file mode 100644
index 000000000..c6b2f5e13
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/.pytest_cache/v/cache/nodeids
@@ -0,0 +1,11 @@
+[
+ "test_cases/retrieve-variable-bad-cert-path/tests/test_default.py::test_retrieval_failed[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]",
+ "test_cases/retrieve-variable-bad-certs/tests/test_default.py::test_retrieval_failed[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]",
+ "test_cases/retrieve-variable-disable-verify-certs/tests/test_default.py::test_retrieved_secret[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]",
+ "test_cases/retrieve-variable-into-file/tests/test_default.py::test_retrieved_secret[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]",
+ "test_cases/retrieve-variable-no-cert-provided/tests/test_default.py::test_retrieval_failed[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]",
+ "test_cases/retrieve-variable-with-authn-token-bad-cert/tests/test_default.py::test_retrieve_secret_failed[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]",
+ "test_cases/retrieve-variable-with-authn-token/tests/test_default.py::test_retrieved_secret[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]",
+ "test_cases/retrieve-variable-with-spaces-secret/tests/test_default.py::test_retrieved_secret[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]",
+ "test_cases/retrieve-variable/tests/test_default.py::test_retrieved_secret[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]"
+] \ No newline at end of file
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/.pytest_cache/v/cache/stepwise b/ansible_collections/cyberark/conjur/tests/conjur_variable/.pytest_cache/v/cache/stepwise
new file mode 100644
index 000000000..0637a088a
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/.pytest_cache/v/cache/stepwise
@@ -0,0 +1 @@
+[] \ No newline at end of file
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/Dockerfile b/ansible_collections/cyberark/conjur/tests/conjur_variable/Dockerfile
new file mode 100644
index 000000000..293ccdca0
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/Dockerfile
@@ -0,0 +1,31 @@
+FROM ubuntu:20.04
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+WORKDIR /cyberark
+
+# install python 3
+RUN apt-get update && \
+ apt-get install -y python3-pip && \
+ pip3 install --upgrade pip
+
+ARG ANSIBLE_VERSION
+# install ansible and its test tool
+RUN pip3 install ansible==${ANSIBLE_VERSION}.* pytest-testinfra
+
+# install docker installation requirements
+RUN apt-get update && \
+ apt-get install -y apt-transport-https \
+ ca-certificates \
+ curl \
+ software-properties-common
+
+# install docker
+RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
+RUN add-apt-repository \
+ "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
+ $(lsb_release -cs) \
+ stable"
+
+RUN apt-get update && \
+ apt-get -y install docker-ce
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/Dockerfile_nginx b/ansible_collections/cyberark/conjur/tests/conjur_variable/Dockerfile_nginx
new file mode 100644
index 000000000..6f1e28107
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/Dockerfile_nginx
@@ -0,0 +1,17 @@
+FROM nginx:1.13.3
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+ apt-get update && \
+ apt-get install -y iputils-ping \
+ procps \
+ openssl && \
+ rm -rf /var/lib/apt/lists/*
+
+WORKDIR /etc/nginx/
+
+COPY proxy/ssl.conf /etc/ssl/openssl.cnf
+COPY proxy/default.conf /etc/nginx/conf.d/default.conf
+
+RUN openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+ -config /etc/ssl/openssl.cnf -extensions v3_ca \
+ -keyout cert.key -out cert.crt
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/docker-compose.yml b/ansible_collections/cyberark/conjur/tests/conjur_variable/docker-compose.yml
new file mode 100644
index 000000000..01294d94b
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/docker-compose.yml
@@ -0,0 +1,67 @@
+version: '3'
+services:
+ ansible:
+ image: ansiblecontainername
+ container_name: ${COMPOSE_PROJECT_NAME}-ansible
+ build:
+ context: .
+ dockerfile: Dockerfile
+ args:
+ ANSIBLE_VERSION: ${ANSIBLE_VERSION}
+ entrypoint: sleep
+ command: infinity
+ environment:
+ CONJUR_APPLIANCE_URL: ${CONJUR_APPLIANCE_URL}
+ CONJUR_ACCOUNT: ${CONJUR_ACCOUNT}
+ CONJUR_AUTHN_LOGIN: ${CONJUR_AUTHN_LOGIN}
+ CONJUR_AUTHN_API_KEY: ${ANSIBLE_MASTER_AUTHN_API_KEY}
+ COMPOSE_PROJECT_NAME: ${COMPOSE_PROJECT_NAME}
+ networks:
+ - "${DOCKER_NETWORK}"
+ volumes:
+ - ../../plugins:/root/.ansible/plugins
+ - ../..:/cyberark
+ - /var/run/docker.sock:/var/run/docker.sock
+
+ pg:
+ image: postgres:9.4
+ environment:
+ POSTGRES_HOST_AUTH_METHOD: password
+ POSTGRES_PASSWORD: StrongPass
+
+ conjur:
+ image: cyberark/conjur
+ command: server -a cucumber -p 3000
+ environment:
+ DATABASE_URL: postgres://postgres:StrongPass@pg/postgres
+ CONJUR_DATA_KEY: "W0BuL8iTr/7QvtjIluJbrb5LDAnmXzmcpxkqihO3dXA="
+ depends_on:
+ - pg
+
+ conjur_https:
+ hostname: conjur-https
+ build:
+ context: .
+ dockerfile: Dockerfile_nginx
+ entrypoint: nginx-debug -g 'daemon off;'
+ environment:
+ TERM: xterm
+ depends_on:
+ - conjur
+
+ conjur_cli:
+ image: cyberark/conjur-cli:5
+ entrypoint: sleep
+ command: infinity
+ environment:
+ CONJUR_APPLIANCE_URL: http://conjur:3000
+ CONJUR_ACCOUNT: cucumber
+ CONJUR_AUTHN_LOGIN: admin
+ CONJUR_AUTHN_API_KEY: ${CONJUR_ADMIN_AUTHN_API_KEY}
+ volumes:
+ - ./policy:/policy
+
+networks:
+ dap_net:
+ name: dap_net
+ external: true
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable
new file mode 100644
index 000000000..08c9ccb5e
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable
@@ -0,0 +1 @@
+<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="1" time="0.575" timestamp="2022-09-09T15:07:48.307449" hostname="96989ca8092d"><testcase classname="test_cases.retrieve-variable.tests.test_default" name="test_retrieved_secret[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]" time="0.530" /></testsuite></testsuites> \ No newline at end of file
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-bad-cert-path b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-bad-cert-path
new file mode 100644
index 000000000..0ed22fad7
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-bad-cert-path
@@ -0,0 +1 @@
+<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="1" time="0.458" timestamp="2022-09-09T15:07:51.763243" hostname="96989ca8092d"><testcase classname="test_cases.retrieve-variable-bad-cert-path.tests.test_default" name="test_retrieval_failed[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]" time="0.422" /></testsuite></testsuites> \ No newline at end of file
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-bad-certs b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-bad-certs
new file mode 100644
index 000000000..6b0b865c1
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-bad-certs
@@ -0,0 +1 @@
+<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="1" time="0.459" timestamp="2022-09-09T15:07:55.122204" hostname="96989ca8092d"><testcase classname="test_cases.retrieve-variable-bad-certs.tests.test_default" name="test_retrieval_failed[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]" time="0.423" /></testsuite></testsuites> \ No newline at end of file
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-disable-verify-certs b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-disable-verify-certs
new file mode 100644
index 000000000..9f1fc6494
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-disable-verify-certs
@@ -0,0 +1 @@
+<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="1" time="0.568" timestamp="2022-09-09T15:07:58.851346" hostname="96989ca8092d"><testcase classname="test_cases.retrieve-variable-disable-verify-certs.tests.test_default" name="test_retrieved_secret[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]" time="0.532" /></testsuite></testsuites> \ No newline at end of file
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-into-file b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-into-file
new file mode 100644
index 000000000..5fcc68f80
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-into-file
@@ -0,0 +1 @@
+<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="1" time="0.863" timestamp="2022-09-09T15:08:02.658511" hostname="96989ca8092d"><testcase classname="test_cases.retrieve-variable-into-file.tests.test_default" name="test_retrieved_secret[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]" time="0.828" /></testsuite></testsuites> \ No newline at end of file
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-no-cert-provided b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-no-cert-provided
new file mode 100644
index 000000000..f1c9029a8
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-no-cert-provided
@@ -0,0 +1 @@
+<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="1" time="0.464" timestamp="2022-09-09T15:08:06.406130" hostname="96989ca8092d"><testcase classname="test_cases.retrieve-variable-no-cert-provided.tests.test_default" name="test_retrieval_failed[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]" time="0.429" /></testsuite></testsuites> \ No newline at end of file
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-with-authn-token b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-with-authn-token
new file mode 100644
index 000000000..407145017
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-with-authn-token
@@ -0,0 +1 @@
+<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="1" time="0.551" timestamp="2022-09-09T15:08:10.115226" hostname="96989ca8092d"><testcase classname="test_cases.retrieve-variable-with-authn-token.tests.test_default" name="test_retrieved_secret[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]" time="0.516" /></testsuite></testsuites> \ No newline at end of file
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-with-authn-token-bad-cert b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-with-authn-token-bad-cert
new file mode 100644
index 000000000..680f3913f
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-with-authn-token-bad-cert
@@ -0,0 +1 @@
+<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="1" time="0.460" timestamp="2022-09-09T15:08:13.541799" hostname="96989ca8092d"><testcase classname="test_cases.retrieve-variable-with-authn-token-bad-cert.tests.test_default" name="test_retrieve_secret_failed[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]" time="0.425" /></testsuite></testsuites> \ No newline at end of file
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-with-spaces-secret b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-with-spaces-secret
new file mode 100644
index 000000000..65e72fecb
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-with-spaces-secret
@@ -0,0 +1 @@
+<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="1" time="0.571" timestamp="2022-09-09T15:08:17.207877" hostname="96989ca8092d"><testcase classname="test_cases.retrieve-variable-with-spaces-secret.tests.test_default" name="test_retrieved_secret[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]" time="0.536" /></testsuite></testsuites> \ No newline at end of file
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/policy/root.yml b/ansible_collections/cyberark/conjur/tests/conjur_variable/policy/root.yml
new file mode 100644
index 000000000..dbaea73fa
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/policy/root.yml
@@ -0,0 +1,21 @@
+---
+- !policy
+ id: ansible
+ annotations:
+ description: Policy for Ansible master
+ body:
+
+ - !host
+ id: ansible-master
+ annotations:
+ description: Host for running Ansible on remote targets
+
+ - &variables
+ - !variable test-secret
+ - !variable test-secret-in-file
+ - !variable var with spaces
+
+ - !permit
+ role: !host ansible-master
+ privileges: [ read, execute ]
+ resource: *variables
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/proxy/default.conf b/ansible_collections/cyberark/conjur/tests/conjur_variable/proxy/default.conf
new file mode 100644
index 000000000..578b3c5f8
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/proxy/default.conf
@@ -0,0 +1,29 @@
+server {
+ listen 80;
+ return 301 https://conjur$request_uri;
+}
+
+server {
+ listen 443;
+ server_name localhost;
+ ssl_certificate /etc/nginx/cert.crt;
+ ssl_certificate_key /etc/nginx/cert.key;
+
+ ssl on;
+ ssl_session_cache builtin:1000 shared:SSL:10m;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
+ ssl_prefer_server_ciphers on;
+
+ access_log /var/log/nginx/access.log;
+
+ location / {
+ proxy_pass http://conjur:3000;
+ }
+
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root /usr/share/nginx/html;
+ }
+
+}
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/proxy/ssl.conf b/ansible_collections/cyberark/conjur/tests/conjur_variable/proxy/ssl.conf
new file mode 100644
index 000000000..1b11cd755
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/proxy/ssl.conf
@@ -0,0 +1,39 @@
+[req]
+default_bits = 2048
+prompt = no
+default_md = sha256
+req_extensions = req_ext
+distinguished_name = dn
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+req_extensions = v3_req
+x509_extensions = usr_cert
+
+[ dn ]
+C=IL
+ST=Israel
+L=TLV
+O=Onyx
+OU=CyberArk
+CN=conjur-https
+
+[ usr_cert ]
+basicConstraints=CA:FALSE
+nsCertType = client, server, email
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection
+nsComment = "OpenSSL Generated Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+[ v3_req ]
+extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+subjectAltName = @alt_names
+
+[ alt_names ]
+DNS.1 = localhost
+DNS.2 = conjur-https
+IP.1 = 127.0.0.1
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/pytest.ini b/ansible_collections/cyberark/conjur/tests/conjur_variable/pytest.ini
new file mode 100644
index 000000000..fe55d2ed6
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/pytest.ini
@@ -0,0 +1,2 @@
+[pytest]
+junit_family=xunit2
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test.sh b/ansible_collections/cyberark/conjur/tests/conjur_variable/test.sh
new file mode 100755
index 000000000..464921b81
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test.sh
@@ -0,0 +1,225 @@
+#!/bin/bash -eu
+
+set -o pipefail
+
+# normalises project name by filtering non alphanumeric characters and transforming to lowercase
+declare -x COMPOSE_PROJECT_NAME=''
+declare -x ENTERPRISE_PROJECT='conjur-intro-variable'
+declare -x ANSIBLE_PROJECT=''
+
+declare -x ANSIBLE_MASTER_AUTHN_API_KEY=''
+declare -x CONJUR_ADMIN_AUTHN_API_KEY=''
+declare -x DOCKER_NETWORK="default"
+declare -x ANSIBLE_VERSION="${ANSIBLE_VERSION:-6}"
+
+ANSIBLE_PROJECT=$(echo "${BUILD_TAG:-ansible-plugin-testing}-conjur-variable" | sed -e 's/[^[:alnum:]]//g' | tr '[:upper:]' '[:lower:]')
+
+enterprise="false"
+cli_cid=""
+test_dir="$(pwd)"
+
+function cleanup {
+ echo 'Removing test environment'
+ echo '---'
+
+ # Escape conjur-intro dir if Enterprise setup fails
+ cd "${test_dir}"
+
+ if [[ -d conjur-intro ]]; then
+ pushd conjur-intro
+ COMPOSE_PROJECT_NAME="${ENTERPRISE_PROJECT}"
+ ./bin/dap --stop
+ popd
+ rm -rf conjur-intro
+ fi
+
+ COMPOSE_PROJECT_NAME="${ANSIBLE_PROJECT}"
+ docker-compose down -v
+ rm -f conjur.pem \
+ access_token
+}
+trap cleanup EXIT
+
+while getopts 'e' flag; do
+ case "${flag}" in
+ e) enterprise="true" ;;
+ *) exit 1 ;;
+ esac
+done
+
+cleanup
+
+function wait_for_conjur {
+ echo "Waiting for Conjur server to come up"
+ docker-compose exec -T conjur conjurctl wait -r 30 -p 3000
+}
+
+function fetch_ssl_certs {
+ echo "Fetching SSL certs"
+ service_id="conjur_https"
+ cert_path="cert.crt"
+ if [[ "${enterprise}" == "true" ]]; then
+ service_id="conjur-master.mycompany.local"
+ cert_path="/etc/ssl/certs/ca.pem"
+ fi
+
+ (docker-compose exec -T "${service_id}" cat "${cert_path}") > conjur.pem
+}
+
+function setup_conjur_resources {
+ echo "Configuring Conjur via CLI"
+
+ policy_path="root.yml"
+ if [[ "${enterprise}" == "false" ]]; then
+ policy_path="/policy/${policy_path}"
+ fi
+
+ docker exec "${cli_cid}" bash -c "
+ conjur policy load root ${policy_path}
+ conjur variable values add ansible/test-secret test_secret_password
+ conjur variable values add ansible/test-secret-in-file test_secret_in_file_password
+ conjur variable values add 'ansible/var with spaces' var_with_spaces_secret_password
+ "
+}
+
+function setup_admin_api_key {
+ echo "Fetching admin API key"
+ if [[ "$enterprise" == "true" ]]; then
+ CONJUR_ADMIN_AUTHN_API_KEY="$(docker exec "${cli_cid}" conjur user rotate_api_key)"
+ else
+ CONJUR_ADMIN_AUTHN_API_KEY="$(docker-compose exec -T conjur conjurctl role retrieve-key "${CONJUR_ACCOUNT}":user:admin)"
+ fi
+}
+
+function setup_ansible_api_key {
+ echo "Fetching Ansible master host credentials"
+ ANSIBLE_MASTER_AUTHN_API_KEY="$(docker exec "${cli_cid}" conjur host rotate_api_key --host ansible/ansible-master)"
+}
+
+function setup_access_token {
+ echo "Get Access Token"
+ docker exec "${cli_cid}" bash -c "
+ export CONJUR_AUTHN_LOGIN=host/ansible/ansible-master
+ export CONJUR_AUTHN_API_KEY=\"$ANSIBLE_MASTER_AUTHN_API_KEY\"
+ conjur authn authenticate
+ " > access_token
+}
+
+function setup_conjur_open_source() {
+ docker-compose up -d --build conjur \
+ conjur_https
+
+ wait_for_conjur
+ fetch_ssl_certs
+ setup_admin_api_key
+
+ echo "Creating Conjur CLI with admin credentials"
+ docker-compose up -d conjur_cli
+ cli_cid="$(docker-compose ps -q conjur_cli)"
+
+ setup_conjur_resources
+ setup_ansible_api_key
+ setup_access_token
+}
+
+function setup_conjur_enterprise() {
+ git clone --single-branch --branch main https://github.com/conjurdemos/conjur-intro.git
+ pushd ./conjur-intro
+
+ echo "Provisioning Enterprise leader and follower"
+ ./bin/dap --provision-master
+ ./bin/dap --provision-follower
+
+ cp ../policy/root.yml .
+
+ # Run 'sleep infinity' in the CLI container, so the scripts
+ # have access to an alive and authenticated CLI until the script terminates
+ cli_cid="$(docker-compose run -d \
+ -w /src/cli \
+ --entrypoint sleep client infinity)"
+
+ echo "Authenticate Conjur CLI container"
+ docker exec "${cli_cid}" \
+ /bin/bash -c "
+ if [ ! -e /root/conjur-demo.pem ]; then
+ yes 'yes' | conjur init -u ${CONJUR_APPLIANCE_URL} -a ${CONJUR_ACCOUNT}
+ fi
+ conjur authn login -u admin -p MySecretP@ss1
+ hostname -I
+ "
+
+ fetch_ssl_certs
+ setup_conjur_resources
+ setup_admin_api_key
+ setup_ansible_api_key
+ setup_access_token
+
+ echo "Relocate credential files"
+ mv conjur.pem ../.
+ mv access_token ../.
+ popd
+}
+
+function run_test_cases {
+ for test_case in test_cases/*; do
+ run_test_case "$(basename -- "$test_case")"
+ done
+}
+
+function run_test_case {
+ local test_case=$1
+ echo "---- testing ${test_case} ----"
+
+ if [ -z "$test_case" ]; then
+ echo ERROR: run_test called with no argument 1>&2
+ exit 1
+ fi
+
+ docker-compose exec -T ansible bash -exc "
+ cd tests/conjur_variable
+
+ # If env vars were provided, load them
+ if [ -e 'test_cases/${test_case}/env' ]; then
+ . ./test_cases/${test_case}/env
+ fi
+
+ # You can add -vvvv here for debugging
+ ansible-playbook 'test_cases/${test_case}/playbook.yml'
+
+ py.test --junitxml='./junit/${test_case}' \
+ --connection docker \
+ -v 'test_cases/${test_case}/tests/test_default.py'
+ "
+}
+
+function main() {
+ if [[ "$enterprise" == "true" ]]; then
+ echo "Deploying Conjur Enterprise"
+
+ export CONJUR_APPLIANCE_URL="https://conjur-master.mycompany.local"
+ export CONJUR_ACCOUNT="demo"
+ COMPOSE_PROJECT_NAME="${ENTERPRISE_PROJECT}"
+ DOCKER_NETWORK="dap_net"
+
+ setup_conjur_enterprise
+ else
+ echo "Deploying Conjur Open Source"
+
+ export CONJUR_APPLIANCE_URL="https://conjur-https"
+ export CONJUR_ACCOUNT="cucumber"
+ COMPOSE_PROJECT_NAME="${ANSIBLE_PROJECT}"
+
+ setup_conjur_open_source
+ fi
+
+ COMPOSE_PROJECT_NAME="${ANSIBLE_PROJECT}"
+ export CONJUR_AUTHN_LOGIN="host/ansible/ansible-master"
+
+ echo "Preparing Ansible for test run"
+ docker-compose up -d --build ansible
+
+ echo "Running tests"
+ run_test_cases
+}
+
+main
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-cert-path/env b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-cert-path/env
new file mode 100644
index 000000000..07d7632c0
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-cert-path/env
@@ -0,0 +1 @@
+export CONJUR_CERT_FILE=./bad/cert/path
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-cert-path/playbook.yml b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-cert-path/playbook.yml
new file mode 100644
index 000000000..516faec41
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-cert-path/playbook.yml
@@ -0,0 +1,15 @@
+---
+- name: Retrieve Conjur variable fails with bad cert
+ hosts: localhost
+ connection: local
+ tasks:
+ - name: Clean artifact path
+ file:
+ state: absent
+ path: /conjur_secrets.txt
+
+ - name: Retrieve Conjur variable with bad cert
+ vars:
+ super_secret_key: "{{lookup('conjur_variable', 'ansible/test-secret')}}"
+ shell: echo "{{super_secret_key}}" > /conjur_secrets.txt
+ ignore_errors: True
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-cert-path/tests/test_default.py b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-cert-path/tests/test_default.py
new file mode 100644
index 000000000..a3f2bbdf3
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-cert-path/tests/test_default.py
@@ -0,0 +1,13 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible']
+
+
+def test_retrieval_failed(host):
+ secrets_file = host.file('/conjur_secrets.txt')
+
+ assert not secrets_file.exists
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-certs/bad-cert.pem b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-certs/bad-cert.pem
new file mode 100644
index 000000000..a3831e0ce
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-certs/bad-cert.pem
@@ -0,0 +1,41 @@
+-----BEGIN CERTIFICATE-----
+MIIDqTCCApGgAwIBAgIQN/xr5EKbXSqdyhGyGBWCizANBgkqhkiG9w0BAQsFADAY
+MRYwFAYDVQQDEw1jb25qdXItb3NzLWNhMB4XDTIwMDYxMjIwNTYzOVoXDTIxMDYx
+MjIwNTYzOVowGzEZMBcGA1UEAxMQY29uanVyLm15b3JnLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAOewPeFNcuLuE1tgpINSm4EajDXC+C6qsPhn
+Jf3PhDFCpAEHckx1BVK01kFUdC6FOI6JEuI6pFnV1Tb9+WFYTX6wcGBAy90i+K9u
+Xcjqb3sz5O3p6MjKL4xVvT4TxllT8cslNJix8gFrTYSvBFaUqCioGJAgyQyJ4SV+
+Tm/bXu/KdtfJQaLie+J5Xz/28220hC5NYlIjhMg5YgtRB7JjCj5bPe3PYykN5m8i
+INWEw20EW+54YKNs5RDFNKzXOqF5h6Mrc/RcE1rbCGNOqveQ43DTFUgS4rVF8T8S
+juO+LGfso2w6YvO7pT+ob9GxZytZXQSxrOXe8LpU4jSDS5g0+cECAwEAAaOB6zCB
+6DAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+MAwGA1UdEwEB/wQCMAAwgagGA1UdEQSBoDCBnYIQY29uanVyLm15b3JnLmNvbYIK
+Y29uanVyLW9zc4IhY29uanVyLW9zcy50ZXN0LWRlcGxveS1kZWZhdWx0cy0xgiVj
+b25qdXItb3NzLnRlc3QtZGVwbG95LWRlZmF1bHRzLTEuc3ZjgjNjb25qdXItb3Nz
+LnRlc3QtZGVwbG95LWRlZmF1bHRzLTEuc3ZjLmNsdXN0ZXIubG9jYWwwDQYJKoZI
+hvcNAQELBQADggEBAIdtOYlIdnojqVBbHGKPAJS8ZWDUm97W1KajZ6QGy6X7fD66
+tOb0QNhzLwbi4HQsuNR0rpWa48Z/sN1E6V5WlfG8pTrNRjqAc/sdobERMMS+rhtu
+RfLu1UbYCRLXYIAQFIQFtGDVNXnuvhkCwDz6PV4rniml24qhnGeL3+8ZkW6m5+8u
+XIt4Wq9otR3qj/Jx8eUg9eY/7RKgqCClP5Eg4szO0LaqQNblSR+3OgcGxmdTaJQt
+BlXRIH0CPpX+3p3mO4zfKIDRHZ0tueWLqOVRARyx9n9qBbhlpBJnecS19PNUAGVa
+10H1XkmpVXdadcV/8vBhjEpeq4cVgguS5oozG7Y=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC/TCCAeWgAwIBAgIRAMUGxDd4cpSs7m9hvzTHoi4wDQYJKoZIhvcNAQELBQAw
+GDEWMBQGA1UEAxMNY29uanVyLW9zcy1jYTAeFw0yMDA2MTIyMDU2MzhaFw0yMTA2
+MTIyMDU2MzhaMBgxFjAUBgNVBAMTDWNvbmp1ci1vc3MtY2EwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC111bZxfhVHPerwHXvc+ycgCcI02VtfsrH9Tyk
+cmMsbUO6jF5aKBQj4fKSwbOCdXcqYoGwaQHQzOVMCGGruOYrOwfusOg2t2EQ7KIE
+KWdP0BpAvASvkKwk/GGfaBqtzy1DvVyl0B8b/4C7tnta21Zs5HFOKo0CE+iX/FUQ
+RDjpncE9Zhg2E2f1eCef4D+h2JJLtZPLOUZIUs0IMBPqQiL7iNSfY+e8dy6dRC9v
+AhyFLULpK34aPm1DqwX3rHDPoLJl24sZFo8q9UvpCwj3sqVoABagS32yL/8//LvU
+DaR4pgwuyd9sWf/CQkT0OHsHup5CH7xbYB0DSdmRJPeb07lHAgMBAAGjQjBAMA4G
+A1UdDwEB/wQEAwICpDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYD
+VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEANrAiuLkZGmSQlURpWtvm
+PgfPFPKPt1PAqjNwWhzMjHZg2P3UNBUTLeUdo52yJai6/iajlYTRPVvNUqiVnTay
+/X9LwWH5EXTKCHagfQh4fYtTSFa12BUBlSP7at3S25pMDOpylb3CxdGe/Oh8S0HZ
+gu7MMayFhcGCSJnT+F+JIqwnWkbWPYgHn0VCbBXN+5s7GJWFWwZljQzMCIa/xvwr
+xuSX6Lsgai1Abqo1pDJA8RNyxMtn5V8RHgwjQ/BdeodptqZc/kULVDOZ0dkAKxyH
+UYfqxxk4Ywc2JSSJYRs/RJpjngGnnLIOHgnruEIDtdOHw2yxAJZ/e7p8y9ThSxRo
+5Q==
+-----END CERTIFICATE-----
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-certs/env b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-certs/env
new file mode 100644
index 000000000..73e6e980a
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-certs/env
@@ -0,0 +1 @@
+export CONJUR_CERT_FILE=./test_cases/retrieve-variable-bad-certs/bad_cert.pem
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-certs/playbook.yml b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-certs/playbook.yml
new file mode 100644
index 000000000..516faec41
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-certs/playbook.yml
@@ -0,0 +1,15 @@
+---
+- name: Retrieve Conjur variable fails with bad cert
+ hosts: localhost
+ connection: local
+ tasks:
+ - name: Clean artifact path
+ file:
+ state: absent
+ path: /conjur_secrets.txt
+
+ - name: Retrieve Conjur variable with bad cert
+ vars:
+ super_secret_key: "{{lookup('conjur_variable', 'ansible/test-secret')}}"
+ shell: echo "{{super_secret_key}}" > /conjur_secrets.txt
+ ignore_errors: True
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-certs/tests/test_default.py b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-certs/tests/test_default.py
new file mode 100644
index 000000000..a3f2bbdf3
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-certs/tests/test_default.py
@@ -0,0 +1,13 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible']
+
+
+def test_retrieval_failed(host):
+ secrets_file = host.file('/conjur_secrets.txt')
+
+ assert not secrets_file.exists
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-disable-verify-certs/playbook.yml b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-disable-verify-certs/playbook.yml
new file mode 100644
index 000000000..f1085642f
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-disable-verify-certs/playbook.yml
@@ -0,0 +1,14 @@
+---
+- name: Retrieve Conjur variable with disabled cert verification
+ hosts: localhost
+ connection: local
+ tasks:
+ - name: Clean artifact path
+ file:
+ state: absent
+ path: /conjur_secrets.txt
+
+ - name: Retrieve Conjur variable with disabled cert verification
+ vars:
+ super_secret_key: "{{lookup('conjur_variable', 'ansible/test-secret', validate_certs=False)}}"
+ shell: echo "{{super_secret_key}}" > /conjur_secrets.txt
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-disable-verify-certs/tests/test_default.py b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-disable-verify-certs/tests/test_default.py
new file mode 100644
index 000000000..a98ce29e9
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-disable-verify-certs/tests/test_default.py
@@ -0,0 +1,17 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible']
+
+
+def test_retrieved_secret(host):
+ secrets_file = host.file('/conjur_secrets.txt')
+
+ assert secrets_file.exists
+
+ result = host.check_output("cat /conjur_secrets.txt", shell=True)
+
+ assert result == "test_secret_password"
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-into-file/env b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-into-file/env
new file mode 100644
index 000000000..2363951d1
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-into-file/env
@@ -0,0 +1 @@
+export CONJUR_CERT_FILE=./conjur.pem
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-into-file/playbook.yml b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-into-file/playbook.yml
new file mode 100644
index 000000000..ef982db4f
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-into-file/playbook.yml
@@ -0,0 +1,14 @@
+---
+- name: Retrieve Conjur variable into file
+ hosts: localhost
+ connection: local
+ tasks:
+ - name: Clean artifact path
+ file:
+ state: absent
+ path: /conjur_secret_path.txt
+
+ - name: Retrieve Conjur variable into file using as_file option
+ vars:
+ secret_path: "{{lookup('conjur_variable', 'ansible/test-secret-in-file', as_file=True)}}"
+ shell: echo -n "{{secret_path}}" > /lookup_output.txt
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-into-file/tests/test_default.py b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-into-file/tests/test_default.py
new file mode 100644
index 000000000..5d05f950b
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-into-file/tests/test_default.py
@@ -0,0 +1,22 @@
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+import os
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible']
+
+
+def test_retrieved_secret(host):
+ """
+ Verify that the as_file parameter makes the lookup plugin return the path to a temporary file
+ containing the secret.
+ """
+ lookup_output_file = host.file('/lookup_output.txt')
+ assert lookup_output_file.exists
+
+ secret_file = host.file(lookup_output_file.content_string)
+ assert secret_file.exists
+ assert secret_file.mode == 0o600
+ assert secret_file.content_string == "test_secret_in_file_password"
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-no-cert-provided/playbook.yml b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-no-cert-provided/playbook.yml
new file mode 100644
index 000000000..516faec41
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-no-cert-provided/playbook.yml
@@ -0,0 +1,15 @@
+---
+- name: Retrieve Conjur variable fails with bad cert
+ hosts: localhost
+ connection: local
+ tasks:
+ - name: Clean artifact path
+ file:
+ state: absent
+ path: /conjur_secrets.txt
+
+ - name: Retrieve Conjur variable with bad cert
+ vars:
+ super_secret_key: "{{lookup('conjur_variable', 'ansible/test-secret')}}"
+ shell: echo "{{super_secret_key}}" > /conjur_secrets.txt
+ ignore_errors: True
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-no-cert-provided/tests/test_default.py b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-no-cert-provided/tests/test_default.py
new file mode 100644
index 000000000..a3f2bbdf3
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-no-cert-provided/tests/test_default.py
@@ -0,0 +1,13 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible']
+
+
+def test_retrieval_failed(host):
+ secrets_file = host.file('/conjur_secrets.txt')
+
+ assert not secrets_file.exists
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token-bad-cert/bad-cert.pem b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token-bad-cert/bad-cert.pem
new file mode 100644
index 000000000..a3831e0ce
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token-bad-cert/bad-cert.pem
@@ -0,0 +1,41 @@
+-----BEGIN CERTIFICATE-----
+MIIDqTCCApGgAwIBAgIQN/xr5EKbXSqdyhGyGBWCizANBgkqhkiG9w0BAQsFADAY
+MRYwFAYDVQQDEw1jb25qdXItb3NzLWNhMB4XDTIwMDYxMjIwNTYzOVoXDTIxMDYx
+MjIwNTYzOVowGzEZMBcGA1UEAxMQY29uanVyLm15b3JnLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAOewPeFNcuLuE1tgpINSm4EajDXC+C6qsPhn
+Jf3PhDFCpAEHckx1BVK01kFUdC6FOI6JEuI6pFnV1Tb9+WFYTX6wcGBAy90i+K9u
+Xcjqb3sz5O3p6MjKL4xVvT4TxllT8cslNJix8gFrTYSvBFaUqCioGJAgyQyJ4SV+
+Tm/bXu/KdtfJQaLie+J5Xz/28220hC5NYlIjhMg5YgtRB7JjCj5bPe3PYykN5m8i
+INWEw20EW+54YKNs5RDFNKzXOqF5h6Mrc/RcE1rbCGNOqveQ43DTFUgS4rVF8T8S
+juO+LGfso2w6YvO7pT+ob9GxZytZXQSxrOXe8LpU4jSDS5g0+cECAwEAAaOB6zCB
+6DAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+MAwGA1UdEwEB/wQCMAAwgagGA1UdEQSBoDCBnYIQY29uanVyLm15b3JnLmNvbYIK
+Y29uanVyLW9zc4IhY29uanVyLW9zcy50ZXN0LWRlcGxveS1kZWZhdWx0cy0xgiVj
+b25qdXItb3NzLnRlc3QtZGVwbG95LWRlZmF1bHRzLTEuc3ZjgjNjb25qdXItb3Nz
+LnRlc3QtZGVwbG95LWRlZmF1bHRzLTEuc3ZjLmNsdXN0ZXIubG9jYWwwDQYJKoZI
+hvcNAQELBQADggEBAIdtOYlIdnojqVBbHGKPAJS8ZWDUm97W1KajZ6QGy6X7fD66
+tOb0QNhzLwbi4HQsuNR0rpWa48Z/sN1E6V5WlfG8pTrNRjqAc/sdobERMMS+rhtu
+RfLu1UbYCRLXYIAQFIQFtGDVNXnuvhkCwDz6PV4rniml24qhnGeL3+8ZkW6m5+8u
+XIt4Wq9otR3qj/Jx8eUg9eY/7RKgqCClP5Eg4szO0LaqQNblSR+3OgcGxmdTaJQt
+BlXRIH0CPpX+3p3mO4zfKIDRHZ0tueWLqOVRARyx9n9qBbhlpBJnecS19PNUAGVa
+10H1XkmpVXdadcV/8vBhjEpeq4cVgguS5oozG7Y=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIC/TCCAeWgAwIBAgIRAMUGxDd4cpSs7m9hvzTHoi4wDQYJKoZIhvcNAQELBQAw
+GDEWMBQGA1UEAxMNY29uanVyLW9zcy1jYTAeFw0yMDA2MTIyMDU2MzhaFw0yMTA2
+MTIyMDU2MzhaMBgxFjAUBgNVBAMTDWNvbmp1ci1vc3MtY2EwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC111bZxfhVHPerwHXvc+ycgCcI02VtfsrH9Tyk
+cmMsbUO6jF5aKBQj4fKSwbOCdXcqYoGwaQHQzOVMCGGruOYrOwfusOg2t2EQ7KIE
+KWdP0BpAvASvkKwk/GGfaBqtzy1DvVyl0B8b/4C7tnta21Zs5HFOKo0CE+iX/FUQ
+RDjpncE9Zhg2E2f1eCef4D+h2JJLtZPLOUZIUs0IMBPqQiL7iNSfY+e8dy6dRC9v
+AhyFLULpK34aPm1DqwX3rHDPoLJl24sZFo8q9UvpCwj3sqVoABagS32yL/8//LvU
+DaR4pgwuyd9sWf/CQkT0OHsHup5CH7xbYB0DSdmRJPeb07lHAgMBAAGjQjBAMA4G
+A1UdDwEB/wQEAwICpDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYD
+VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEANrAiuLkZGmSQlURpWtvm
+PgfPFPKPt1PAqjNwWhzMjHZg2P3UNBUTLeUdo52yJai6/iajlYTRPVvNUqiVnTay
+/X9LwWH5EXTKCHagfQh4fYtTSFa12BUBlSP7at3S25pMDOpylb3CxdGe/Oh8S0HZ
+gu7MMayFhcGCSJnT+F+JIqwnWkbWPYgHn0VCbBXN+5s7GJWFWwZljQzMCIa/xvwr
+xuSX6Lsgai1Abqo1pDJA8RNyxMtn5V8RHgwjQ/BdeodptqZc/kULVDOZ0dkAKxyH
+UYfqxxk4Ywc2JSSJYRs/RJpjngGnnLIOHgnruEIDtdOHw2yxAJZ/e7p8y9ThSxRo
+5Q==
+-----END CERTIFICATE-----
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token-bad-cert/env b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token-bad-cert/env
new file mode 100644
index 000000000..b93328faf
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token-bad-cert/env
@@ -0,0 +1,4 @@
+unset CONJUR_AUTHN_API_KEY
+unset CONJUR_AUTHN_LOGIN
+export CONJUR_AUTHN_TOKEN_FILE=./access_token
+export CONJUR_CERT_FILE=./test_cases/retrieve-variable-with-authn-token-bad-cert/bad-cert.pem
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token-bad-cert/playbook.yml b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token-bad-cert/playbook.yml
new file mode 100644
index 000000000..8423a2c13
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token-bad-cert/playbook.yml
@@ -0,0 +1,15 @@
+---
+- name: Retrieve Conjur variable with authn-token fails with bad cert
+ hosts: localhost
+ connection: local
+ tasks:
+ - name: Clean artifact path
+ file:
+ state: absent
+ path: /conjur_secrets.txt
+
+ - name: Retrieve Conjur variable with bad cert
+ vars:
+ super_secret_key: "{{lookup('conjur_variable', 'ansible/test-secret')}}"
+ shell: echo "{{super_secret_key}}" > /conjur_secrets.txt
+ ignore_errors: True
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token-bad-cert/tests/test_default.py b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token-bad-cert/tests/test_default.py
new file mode 100644
index 000000000..c87b160f4
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token-bad-cert/tests/test_default.py
@@ -0,0 +1,13 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible']
+
+
+def test_retrieve_secret_failed(host):
+ secrets_file = host.file('/conjur_secrets.txt')
+
+ assert not secrets_file.exists
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/env b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/env
new file mode 100644
index 000000000..f4e4155ea
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/env
@@ -0,0 +1,4 @@
+export CONJUR_CERT_FILE=./conjur.pem
+unset CONJUR_AUTHN_API_KEY
+unset CONJUR_AUTHN_LOGIN
+export CONJUR_AUTHN_TOKEN_FILE=./access_token
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/playbook.yml b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/playbook.yml
new file mode 100644
index 000000000..e515b0f11
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/playbook.yml
@@ -0,0 +1,14 @@
+---
+- name: Retrieve Conjur variable with authn-token
+ hosts: localhost
+ connection: local
+ tasks:
+ - name: Clean artifact path
+ file:
+ state: absent
+ path: /conjur_secrets.txt
+
+ - name: Retrieve Conjur variable
+ vars:
+ super_secret_key: "{{lookup('conjur_variable', 'ansible/test-secret')}}"
+ shell: echo "{{super_secret_key}}" > /conjur_secrets.txt
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/tests/test_default.py b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/tests/test_default.py
new file mode 100644
index 000000000..a98ce29e9
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/tests/test_default.py
@@ -0,0 +1,17 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible']
+
+
+def test_retrieved_secret(host):
+ secrets_file = host.file('/conjur_secrets.txt')
+
+ assert secrets_file.exists
+
+ result = host.check_output("cat /conjur_secrets.txt", shell=True)
+
+ assert result == "test_secret_password"
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/env b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/env
new file mode 100644
index 000000000..2363951d1
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/env
@@ -0,0 +1 @@
+export CONJUR_CERT_FILE=./conjur.pem
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/playbook.yml b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/playbook.yml
new file mode 100644
index 000000000..103d7e082
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/playbook.yml
@@ -0,0 +1,14 @@
+---
+- name: Retrieve Conjur variable with spaces in the variable name
+ hosts: localhost
+ connection: local
+ tasks:
+ - name: Clean artifact path
+ file:
+ state: absent
+ path: /conjur_secrets.txt
+
+ - name: Retrieve Conjur variable with spaces in the variable name
+ vars:
+ super_secret_key: "{{lookup('conjur_variable', 'ansible/var with spaces')}}"
+ shell: echo "{{super_secret_key}}" > /conjur_secrets.txt
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/tests/test_default.py b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/tests/test_default.py
new file mode 100644
index 000000000..145cbb2eb
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/tests/test_default.py
@@ -0,0 +1,17 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible']
+
+
+def test_retrieved_secret(host):
+ secrets_file = host.file('/conjur_secrets.txt')
+
+ assert secrets_file.exists
+
+ result = host.check_output("cat /conjur_secrets.txt", shell=True)
+
+ assert result == "var_with_spaces_secret_password"
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable/env b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable/env
new file mode 100644
index 000000000..2363951d1
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable/env
@@ -0,0 +1 @@
+export CONJUR_CERT_FILE=./conjur.pem
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable/playbook.yml b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable/playbook.yml
new file mode 100644
index 000000000..44e993f97
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable/playbook.yml
@@ -0,0 +1,14 @@
+---
+- name: Retrieve Conjur variable
+ hosts: localhost
+ connection: local
+ tasks:
+ - name: Clean artifact path
+ file:
+ state: absent
+ path: /conjur_secrets.txt
+
+ - name: Retrieve Conjur variable
+ vars:
+ super_secret_key: "{{lookup('conjur_variable', 'ansible/test-secret')}}"
+ shell: echo "{{super_secret_key}}" > /conjur_secrets.txt
diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable/tests/test_default.py b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable/tests/test_default.py
new file mode 100644
index 000000000..a98ce29e9
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable/tests/test_default.py
@@ -0,0 +1,17 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible']
+
+
+def test_retrieved_secret(host):
+ secrets_file = host.file('/conjur_secrets.txt')
+
+ assert secrets_file.exists
+
+ result = host.check_output("cat /conjur_secrets.txt", shell=True)
+
+ assert result == "test_secret_password"
diff --git a/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.10.txt b/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.10.txt
new file mode 100644
index 000000000..92bf04480
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.10.txt
@@ -0,0 +1,10 @@
+dev/start.sh shebang
+Jenkinsfile shebang
+tests/conjur_variable/policy/root.yml yamllint:unparsable-with-libyaml
+roles/conjur_host_identity/tests/policy/root.yml yamllint:unparsable-with-libyaml # File loaded by summon utility (in Jenkinsfile), not via Python
+ci/build_release shebang
+ci/parse-changelog.sh shebang
+ci/publish_to_galaxy shebang
+ci/test.sh shebang
+secrets.yml yamllint:unparsable-with-libyaml # File loaded by Conjur server, not via Python
+dev/policy/root.yml yamllint:unparsable-with-libyaml \ No newline at end of file
diff --git a/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.11.txt b/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.11.txt
new file mode 100644
index 000000000..6049963fb
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.11.txt
@@ -0,0 +1,10 @@
+Jenkinsfile shebang
+dev/start.sh shebang
+tests/conjur_variable/policy/root.yml yamllint:unparsable-with-libyaml
+roles/conjur_host_identity/tests/policy/root.yml yamllint:unparsable-with-libyaml # File loaded by summon utility (in Jenkinsfile), not via Python
+ci/build_release shebang
+ci/parse-changelog.sh shebang
+ci/publish_to_galaxy shebang
+ci/test.sh shebang
+secrets.yml yamllint:unparsable-with-libyaml # File loaded by Conjur server, not via Python
+dev/policy/root.yml yamllint:unparsable-with-libyaml \ No newline at end of file
diff --git a/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.12.txt b/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.12.txt
new file mode 100644
index 000000000..5d750b26c
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.12.txt
@@ -0,0 +1,10 @@
+Jenkinsfile shebang
+dev/start.sh shebang
+tests/conjur_variable/policy/root.yml yamllint:unparsable-with-libyaml # File loaded by Conjur server, not via Python
+roles/conjur_host_identity/tests/policy/root.yml yamllint:unparsable-with-libyaml # File loaded by Conjur server, not via Python
+ci/build_release shebang
+ci/parse-changelog.sh shebang
+ci/publish_to_galaxy shebang
+ci/test.sh shebang
+secrets.yml yamllint:unparsable-with-libyaml # File loaded by Summon utility (in Jenkinsfile), not via Python
+dev/policy/root.yml yamllint:unparsable-with-libyaml \ No newline at end of file
diff --git a/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.13.txt b/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.13.txt
new file mode 100644
index 000000000..5d750b26c
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.13.txt
@@ -0,0 +1,10 @@
+Jenkinsfile shebang
+dev/start.sh shebang
+tests/conjur_variable/policy/root.yml yamllint:unparsable-with-libyaml # File loaded by Conjur server, not via Python
+roles/conjur_host_identity/tests/policy/root.yml yamllint:unparsable-with-libyaml # File loaded by Conjur server, not via Python
+ci/build_release shebang
+ci/parse-changelog.sh shebang
+ci/publish_to_galaxy shebang
+ci/test.sh shebang
+secrets.yml yamllint:unparsable-with-libyaml # File loaded by Summon utility (in Jenkinsfile), not via Python
+dev/policy/root.yml yamllint:unparsable-with-libyaml \ No newline at end of file
diff --git a/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.14.txt b/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.14.txt
new file mode 100644
index 000000000..00a2d8432
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.14.txt
@@ -0,0 +1,11 @@
+Jenkinsfile shebang
+dev/start.sh shebang
+tests/conjur_variable/policy/root.yml yamllint:unparsable-with-libyaml # File loaded by Conjur server, not via Python
+roles/conjur_host_identity/tests/policy/root.yml yamllint:unparsable-with-libyaml # File loaded by Conjur server, not via Python
+ci/build_release shebang
+ci/parse-changelog.sh shebang
+ci/publish_to_galaxy shebang
+ci/test.sh shebang
+secrets.yml yamllint:unparsable-with-libyaml # File loaded by Summon utility (in Jenkinsfile), not via Python
+dev/policy/root.yml yamllint:unparsable-with-libyaml
+plugins/lookup/conjur_variable.py validate-modules:version-added-must-be-major-or-minor # Lookup plugin added in v1.0.2 \ No newline at end of file
diff --git a/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.9.txt b/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.9.txt
new file mode 100644
index 000000000..45c7c7e97
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.9.txt
@@ -0,0 +1,8 @@
+Jenkinsfile shebang
+dev/start.sh shebang
+tests/conjur_variable/test.sh shebang
+roles/conjur_host_identity/tests/test.sh shebang
+ci/build_release shebang
+ci/parse-changelog.sh shebang
+ci/publish_to_galaxy shebang
+ci/test.sh shebang \ No newline at end of file
diff --git a/ansible_collections/cyberark/conjur/tests/unit/Dockerfile b/ansible_collections/cyberark/conjur/tests/unit/Dockerfile
new file mode 100644
index 000000000..66e584669
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/unit/Dockerfile
@@ -0,0 +1,8 @@
+ARG PYTHON_VERSION
+FROM python:${PYTHON_VERSION}
+
+ARG ANSIBLE_VERSION
+RUN pip install https://github.com/ansible/ansible/archive/${ANSIBLE_VERSION}.tar.gz --disable-pip-version-check
+
+COPY tests/unit/requirements.txt /tmp/requirements.txt
+RUN pip install -r /tmp/requirements.txt
diff --git a/ansible_collections/cyberark/conjur/tests/unit/plugins/lookup/__init__.py b/ansible_collections/cyberark/conjur/tests/unit/plugins/lookup/__init__.py
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/unit/plugins/lookup/__init__.py
diff --git a/ansible_collections/cyberark/conjur/tests/unit/plugins/lookup/test_conjur_variable.py b/ansible_collections/cyberark/conjur/tests/unit/plugins/lookup/test_conjur_variable.py
new file mode 100644
index 000000000..7a0db1e12
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/unit/plugins/lookup/test_conjur_variable.py
@@ -0,0 +1,159 @@
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+from unittest import TestCase
+from unittest.mock import call, MagicMock, patch
+from ansible.errors import AnsibleError
+from ansible.plugins.loader import lookup_loader
+
+from ansible_collections.cyberark.conjur.plugins.lookup.conjur_variable import _merge_dictionaries, _fetch_conjur_token, _fetch_conjur_variable
+from ansible_collections.cyberark.conjur.plugins.lookup.conjur_variable import _load_identity_from_file, _load_conf_from_file
+
+
+class MockMergeDictionaries(MagicMock):
+ RESPONSE = {'id': 'host/ansible/ansible-fake', 'api_key': 'fakekey'}
+
+
+class MockFileload(MagicMock):
+ RESPONSE = {}
+
+
+class TestConjurLookup(TestCase):
+ def setUp(self):
+ self.lookup = lookup_loader.get("conjur_variable")
+
+ def test_merge_dictionaries(self):
+ functionOutput = _merge_dictionaries(
+ {},
+ {'id': 'host/ansible/ansible-fake', 'api_key': 'fakekey'}
+ )
+ self.assertEquals(MockMergeDictionaries.RESPONSE, functionOutput)
+
+ def test_load_identity_from_file(self):
+ load_identity = _load_identity_from_file("/etc/conjur.identity", "https://conjur-fake")
+ self.assertEquals(MockFileload.RESPONSE, load_identity)
+
+ def test_load_conf_from_file(self):
+ load_conf = _load_conf_from_file("/etc/conjur.conf")
+ self.assertEquals(MockFileload.RESPONSE, load_conf)
+
+ @patch('ansible_collections.cyberark.conjur.plugins.lookup.conjur_variable.open_url')
+ def test_fetch_conjur_token(self, mock_open_url):
+ mock_response = MagicMock()
+ mock_response.getcode.return_value = 200
+ mock_response.read.return_value = "response body"
+ mock_open_url.return_value = mock_response
+ result = _fetch_conjur_token("url", "account", "username", "api_key", True, "cert_file")
+ mock_open_url.assert_called_with("url/authn/account/username/authenticate",
+ data="api_key",
+ method="POST",
+ validate_certs=True,
+ ca_path="cert_file")
+ self.assertEquals("response body", result)
+
+ @patch('ansible_collections.cyberark.conjur.plugins.lookup.conjur_variable._repeat_open_url')
+ def test_fetch_conjur_variable(self, mock_repeat_open_url):
+ mock_response = MagicMock()
+ mock_response.getcode.return_value = 200
+ mock_response.read.return_value = "response body".encode("utf-8")
+ mock_repeat_open_url.return_value = mock_response
+ result = _fetch_conjur_variable("variable", b'{"protected":"fakeid"}', "url", "account", True, "cert_file")
+ mock_repeat_open_url.assert_called_with("url/secrets/account/variable/variable",
+ headers={'Authorization': 'Token token="eyJwcm90ZWN0ZWQiOiJmYWtlaWQifQ=="'},
+ method="GET",
+ validate_certs=True,
+ ca_path="cert_file")
+ self.assertEquals(['response body'], result)
+
+ @patch('ansible_collections.cyberark.conjur.plugins.lookup.conjur_variable._fetch_conjur_variable')
+ @patch('ansible_collections.cyberark.conjur.plugins.lookup.conjur_variable._fetch_conjur_token')
+ @patch('ansible_collections.cyberark.conjur.plugins.lookup.conjur_variable._merge_dictionaries')
+ def test_run(self, mock_merge_dictionaries, mock_fetch_conjur_token, mock_fetch_conjur_variable):
+ mock_fetch_conjur_token.return_value = "token"
+ mock_fetch_conjur_variable.return_value = ["conjur_variable"]
+ mock_merge_dictionaries.side_effect = [
+ {'account': 'fakeaccount', 'appliance_url': 'https://conjur-fake', 'cert_file': './conjurfake.pem'},
+ {'id': 'host/ansible/ansible-fake', 'api_key': 'fakekey'}
+ ]
+
+ terms = ['ansible/fake-secret']
+ kwargs = {'as_file': False, 'conf_file': 'conf_file', 'validate_certs': False}
+ result = self.lookup.run(terms, **kwargs)
+
+ self.assertEquals(result, ["conjur_variable"])
+
+ @patch('ansible_collections.cyberark.conjur.plugins.lookup.conjur_variable._fetch_conjur_variable')
+ @patch('ansible_collections.cyberark.conjur.plugins.lookup.conjur_variable._fetch_conjur_token')
+ @patch('ansible_collections.cyberark.conjur.plugins.lookup.conjur_variable._merge_dictionaries')
+ def test_retrieve_to_file(self, mock_merge_dictionaries, mock_fetch_conjur_token, mock_fetch_conjur_variable):
+ mock_fetch_conjur_token.return_value = "token"
+ mock_fetch_conjur_variable.return_value = ["conjur_variable"]
+ mock_merge_dictionaries.side_effect = [
+ {'account': 'fakeaccount', 'appliance_url': 'https://conjur-fake', 'cert_file': './conjurfake.pem'},
+ {'id': 'host/ansible/ansible-fake', 'api_key': 'fakekey'}
+ ]
+
+ terms = ['ansible/fake-secret']
+ kwargs = {'as_file': True, 'conf_file': 'conf_file', 'validate_certs': False}
+ filepaths = self.lookup.run(terms, **kwargs)
+ self.assertRegex(filepaths[0], '/dev/shm/.*')
+
+ with open(filepaths[0], "r") as file:
+ content = file.read()
+ self.assertEqual(content, "conjur_variable")
+
+ # Negative test cases
+
+ @patch('ansible_collections.cyberark.conjur.plugins.lookup.conjur_variable._merge_dictionaries')
+ def test_run_bad_config(self, mock_merge_dictionaries):
+ # Withhold 'account' field
+ mock_merge_dictionaries.side_effect = [
+ {'appliance_url': 'https://conjur-fake', 'cert_file': './conjurfake.pem'},
+ {'id': 'host/ansible/ansible-fake', 'api_key': 'fakekey'}
+ ]
+
+ terms = ['ansible/fake-secret']
+ kwargs = {'as_file': False, 'conf_file': 'conf_file', 'validate_certs': True}
+ with self.assertRaises(AnsibleError) as context:
+ self.lookup.run(terms, **kwargs)
+ self.assertEqual(
+ context.exception.message,
+ "Configuration file on the controlling host must define `account` and `appliance_url` entries or they should be environment variables"
+ )
+
+ # Withhold 'id' and 'api_key' fields
+ mock_merge_dictionaries.side_effect = [
+ {'account': 'fakeaccount', 'appliance_url': 'https://conjur-fake', 'cert_file': './conjurfake.pem'},
+ {}
+ ]
+
+ with self.assertRaises(AnsibleError) as context:
+ self.lookup.run(terms, **kwargs)
+ self.assertEqual(
+ context.exception.message,
+ ("Identity file on the controlling host must contain `login` and `password` "
+ "entries for Conjur appliance URL or they should be environment variables")
+ )
+
+ @patch('ansible_collections.cyberark.conjur.plugins.lookup.conjur_variable._merge_dictionaries')
+ def test_run_bad_cert_path(self, mock_merge_dictionaries):
+ mock_merge_dictionaries.side_effect = [
+ {'account': 'fakeaccount', 'appliance_url': 'https://conjur-fake', 'cert_file': './conjurfake.pem'},
+ {'id': 'host/ansible/ansible-fake', 'api_key': 'fakekey'}
+ ]
+
+ terms = ['ansible/fake-secret']
+ kwargs = {'as_file': False, 'conf_file': 'conf_file', 'validate_certs': True}
+ with self.assertRaises(FileNotFoundError):
+ self.lookup.run(terms, **kwargs)
+
+ def test_run_no_variable_path(self):
+ kwargs = {'as_file': False, 'conf_file': 'conf_file', 'validate_certs': True}
+
+ with self.assertRaises(AnsibleError) as context:
+ self.lookup.run([], **kwargs)
+ self.assertEqual(context.exception.message, "Invalid secret path: no secret path provided.")
+
+ with self.assertRaises(AnsibleError) as context:
+ self.lookup.run([''], **kwargs)
+ self.assertEqual(context.exception.message, "Invalid secret path: empty secret path not accepted.")
diff --git a/ansible_collections/cyberark/conjur/tests/unit/requirements.txt b/ansible_collections/cyberark/conjur/tests/unit/requirements.txt
new file mode 100644
index 000000000..9b481ce1d
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/tests/unit/requirements.txt
@@ -0,0 +1,14 @@
+mock
+pytest
+pytest-mock
+pytest-xdist
+pytest-forked
+pyyaml # required by the collection loader (only needed for collections)
+coverage==4.5.4
+
+bcrypt ; python_version >= '3.8' # controller only
+passlib ; python_version >= '3.8' # controller only
+pexpect ; python_version >= '3.8' # controller only
+pytz
+pywinrm ; python_version >= '3.8' # controller only
+unittest2 ; python_version < '2.7'