78 lines
2.1 KiB
YAML
78 lines
2.1 KiB
YAML
|
---
|
||
|
|
||
|
- name: create an ACL with rules
|
||
|
consul_acl:
|
||
|
host: "{{ acl_host }}"
|
||
|
mgmt_token: "{{ mgmt_token }}"
|
||
|
name: "{{ test_consul_acl_token_name }}"
|
||
|
rules:
|
||
|
- event: "bbq"
|
||
|
policy: write
|
||
|
- key: "foo"
|
||
|
policy: read
|
||
|
- key: "private"
|
||
|
policy: deny
|
||
|
- keyring: write
|
||
|
- node: "hgs4"
|
||
|
policy: write
|
||
|
- operator: read
|
||
|
- query: ""
|
||
|
policy: write
|
||
|
- service: "consul"
|
||
|
policy: write
|
||
|
- session: "standup"
|
||
|
policy: write
|
||
|
register: created_acl
|
||
|
|
||
|
- name: verify created ACL's rules
|
||
|
assert:
|
||
|
that:
|
||
|
- created_acl.changed
|
||
|
- created_acl.operation == "create"
|
||
|
- created_acl.token | length == 36
|
||
|
- (created_acl.rules | json_query("event.bbq.policy")) == "write"
|
||
|
- (created_acl.rules | json_query("key.foo.policy")) == "read"
|
||
|
- (created_acl.rules | json_query("key.private.policy")) == "deny"
|
||
|
- (created_acl.rules | json_query("keyring")) == "write"
|
||
|
- (created_acl.rules | json_query("node.hgs4.policy")) == "write"
|
||
|
- (created_acl.rules | json_query("operator")) == "read"
|
||
|
- (created_acl.rules | json_query('query."".policy')) == "write"
|
||
|
- (created_acl.rules | json_query("service.consul.policy")) == "write"
|
||
|
- (created_acl.rules | json_query("session.standup.policy")) == "write"
|
||
|
|
||
|
- name: create same ACL
|
||
|
consul_acl:
|
||
|
host: "{{ acl_host }}"
|
||
|
mgmt_token: "{{ mgmt_token }}"
|
||
|
name: "{{ test_consul_acl_token_name }}"
|
||
|
rules:
|
||
|
- event: "bbq"
|
||
|
policy: write
|
||
|
- key: "foo"
|
||
|
policy: read
|
||
|
- key: "private"
|
||
|
policy: deny
|
||
|
- keyring: write
|
||
|
- node: "hgs4"
|
||
|
policy: write
|
||
|
- operator: read
|
||
|
- query: ""
|
||
|
policy: write
|
||
|
- service: "consul"
|
||
|
policy: write
|
||
|
- session: "standup"
|
||
|
policy: write
|
||
|
register: doubly_created_acl
|
||
|
|
||
|
- name: verify idempotence when creating ACL
|
||
|
assert:
|
||
|
that:
|
||
|
- not doubly_created_acl.changed
|
||
|
|
||
|
- name: clean up
|
||
|
consul_acl:
|
||
|
host: "{{ acl_host }}"
|
||
|
mgmt_token: "{{ mgmt_token }}"
|
||
|
token: "{{ doubly_created_acl.token }}"
|
||
|
state: absent
|