2019-08-18 05:37:57 +02:00
|
|
|
from __future__ import absolute_import, division, print_function
|
|
|
|
__metaclass__ = type
|
|
|
|
|
2019-02-15 10:25:14 +01:00
|
|
|
import pytest
|
|
|
|
from ansible.modules.crypto import luks_device
|
2019-09-03 05:40:09 +02:00
|
|
|
from units.compat.mock import patch
|
|
|
|
from ansible.module_utils import basic
|
2019-02-15 10:25:14 +01:00
|
|
|
|
|
|
|
|
|
|
|
class DummyModule(object):
|
|
|
|
# module to mock AnsibleModule class
|
|
|
|
def __init__(self):
|
|
|
|
self.params = dict()
|
|
|
|
|
|
|
|
def fail_json(self, msg=""):
|
|
|
|
raise ValueError(msg)
|
|
|
|
|
|
|
|
def get_bin_path(self, command, dummy):
|
|
|
|
return command
|
|
|
|
|
|
|
|
|
|
|
|
# ===== Handler & CryptHandler methods tests =====
|
|
|
|
|
|
|
|
def test_generate_luks_name(monkeypatch):
|
|
|
|
module = DummyModule()
|
|
|
|
monkeypatch.setattr(luks_device.Handler, "_run_command",
|
|
|
|
lambda x, y: [0, "UUID", ""])
|
|
|
|
crypt = luks_device.CryptHandler(module)
|
|
|
|
assert crypt.generate_luks_name("/dev/dummy") == "luks-UUID"
|
|
|
|
|
|
|
|
|
|
|
|
def test_get_container_name_by_device(monkeypatch):
|
|
|
|
module = DummyModule()
|
|
|
|
monkeypatch.setattr(luks_device.Handler, "_run_command",
|
|
|
|
lambda x, y: [0, "crypt container_name", ""])
|
|
|
|
crypt = luks_device.CryptHandler(module)
|
|
|
|
assert crypt.get_container_name_by_device("/dev/dummy") == "container_name"
|
|
|
|
|
|
|
|
|
|
|
|
def test_get_container_device_by_name(monkeypatch):
|
|
|
|
module = DummyModule()
|
|
|
|
monkeypatch.setattr(luks_device.Handler, "_run_command",
|
|
|
|
lambda x, y: [0, "device: /dev/luksdevice", ""])
|
|
|
|
crypt = luks_device.CryptHandler(module)
|
|
|
|
assert crypt.get_container_device_by_name("dummy") == "/dev/luksdevice"
|
|
|
|
|
|
|
|
|
|
|
|
def test_run_luks_remove(monkeypatch):
|
|
|
|
def run_command_check(self, command):
|
|
|
|
# check that wipefs command is actually called
|
|
|
|
assert command[0] == "wipefs"
|
|
|
|
return [0, "", ""]
|
|
|
|
|
|
|
|
module = DummyModule()
|
|
|
|
monkeypatch.setattr(luks_device.CryptHandler,
|
|
|
|
"get_container_name_by_device",
|
|
|
|
lambda x, y: None)
|
|
|
|
monkeypatch.setattr(luks_device.Handler,
|
|
|
|
"_run_command",
|
|
|
|
run_command_check)
|
|
|
|
crypt = luks_device.CryptHandler(module)
|
|
|
|
crypt.run_luks_remove("dummy")
|
|
|
|
|
|
|
|
|
|
|
|
# ===== ConditionsHandler methods data and tests =====
|
|
|
|
|
2019-11-30 20:50:30 +01:00
|
|
|
# device, key, passphrase, state, is_luks, label, expected
|
2019-02-15 10:25:14 +01:00
|
|
|
LUKS_CREATE_DATA = (
|
2019-11-30 20:50:30 +01:00
|
|
|
("dummy", "key", None, "present", False, None, True),
|
|
|
|
(None, "key", None, "present", False, None, False),
|
|
|
|
(None, "key", None, "present", False, "labelName", True),
|
|
|
|
("dummy", None, None, "present", False, None, False),
|
|
|
|
("dummy", "key", None, "absent", False, None, False),
|
|
|
|
("dummy", "key", None, "opened", True, None, False),
|
|
|
|
("dummy", "key", None, "closed", True, None, False),
|
|
|
|
("dummy", "key", None, "present", True, None, False),
|
|
|
|
("dummy", None, "foo", "present", False, None, True),
|
|
|
|
(None, None, "bar", "present", False, None, False),
|
|
|
|
(None, None, "baz", "present", False, "labelName", True),
|
|
|
|
("dummy", None, None, "present", False, None, False),
|
|
|
|
("dummy", None, "quz", "absent", False, None, False),
|
|
|
|
("dummy", None, "qux", "opened", True, None, False),
|
|
|
|
("dummy", None, "quux", "closed", True, None, False),
|
|
|
|
("dummy", None, "corge", "present", True, None, False))
|
2019-02-15 10:25:14 +01:00
|
|
|
|
|
|
|
# device, state, is_luks, expected
|
|
|
|
LUKS_REMOVE_DATA = (
|
|
|
|
("dummy", "absent", True, True),
|
|
|
|
(None, "absent", True, False),
|
|
|
|
("dummy", "present", True, False),
|
|
|
|
("dummy", "absent", False, False))
|
|
|
|
|
2019-11-30 20:50:30 +01:00
|
|
|
# device, key, passphrase, state, name, name_by_dev, expected
|
2019-02-15 10:25:14 +01:00
|
|
|
LUKS_OPEN_DATA = (
|
2019-11-30 20:50:30 +01:00
|
|
|
("dummy", "key", None, "present", "name", None, False),
|
|
|
|
("dummy", "key", None, "absent", "name", None, False),
|
|
|
|
("dummy", "key", None, "closed", "name", None, False),
|
|
|
|
("dummy", "key", None, "opened", "name", None, True),
|
|
|
|
(None, "key", None, "opened", "name", None, False),
|
|
|
|
("dummy", None, None, "opened", "name", None, False),
|
|
|
|
("dummy", "key", None, "opened", "name", "name", False),
|
|
|
|
("dummy", "key", None, "opened", "beer", "name", "exception"),
|
|
|
|
("dummy", None, "foo", "present", "name", None, False),
|
|
|
|
("dummy", None, "bar", "absent", "name", None, False),
|
|
|
|
("dummy", None, "baz", "closed", "name", None, False),
|
|
|
|
("dummy", None, "qux", "opened", "name", None, True),
|
|
|
|
(None, None, "quux", "opened", "name", None, False),
|
|
|
|
("dummy", None, None, "opened", "name", None, False),
|
|
|
|
("dummy", None, "quuz", "opened", "name", "name", False),
|
|
|
|
("dummy", None, "corge", "opened", "beer", "name", "exception"))
|
2019-02-15 10:25:14 +01:00
|
|
|
|
2019-09-03 05:40:09 +02:00
|
|
|
# device, dev_by_name, name, name_by_dev, state, label, expected
|
2019-02-15 10:25:14 +01:00
|
|
|
LUKS_CLOSE_DATA = (
|
2019-09-03 05:40:09 +02:00
|
|
|
("dummy", "dummy", "name", "name", "present", None, False),
|
|
|
|
("dummy", "dummy", "name", "name", "absent", None, False),
|
|
|
|
("dummy", "dummy", "name", "name", "opened", None, False),
|
|
|
|
("dummy", "dummy", "name", "name", "closed", None, True),
|
|
|
|
(None, "dummy", "name", "name", "closed", None, True),
|
|
|
|
("dummy", "dummy", None, "name", "closed", None, True),
|
|
|
|
(None, "dummy", None, "name", "closed", None, False))
|
|
|
|
|
2019-11-30 20:50:30 +01:00
|
|
|
# device, key, passphrase, new_key, new_passphrase, state, label, expected
|
2019-02-15 10:25:14 +01:00
|
|
|
LUKS_ADD_KEY_DATA = (
|
2019-11-30 20:50:30 +01:00
|
|
|
("dummy", "key", None, "new_key", None, "present", None, True),
|
|
|
|
(None, "key", None, "new_key", None, "present", "labelName", True),
|
|
|
|
(None, "key", None, "new_key", None, "present", None, False),
|
|
|
|
("dummy", None, None, "new_key", None, "present", None, False),
|
|
|
|
("dummy", "key", None, None, None, "present", None, False),
|
|
|
|
("dummy", "key", None, "new_key", None, "absent", None, "exception"),
|
|
|
|
("dummy", None, "pass", "new_key", None, "present", None, True),
|
|
|
|
(None, None, "pass", "new_key", None, "present", "labelName", True),
|
|
|
|
("dummy", "key", None, None, "new_pass", "present", None, True),
|
|
|
|
(None, "key", None, None, "new_pass", "present", "labelName", True),
|
|
|
|
(None, "key", None, None, "new_pass", "present", None, False),
|
|
|
|
("dummy", None, None, None, "new_pass", "present", None, False),
|
|
|
|
("dummy", "key", None, None, None, "present", None, False),
|
|
|
|
("dummy", "key", None, None, "new_pass", "absent", None, "exception"),
|
|
|
|
("dummy", None, "pass", None, "new_pass", "present", None, True),
|
|
|
|
(None, None, "pass", None, "new_pass", "present", "labelName", True))
|
|
|
|
|
|
|
|
# device, remove_key, remove_passphrase, state, label, expected
|
2019-02-15 10:25:14 +01:00
|
|
|
LUKS_REMOVE_KEY_DATA = (
|
2019-11-30 20:50:30 +01:00
|
|
|
("dummy", "key", None, "present", None, True),
|
|
|
|
(None, "key", None, "present", None, False),
|
|
|
|
(None, "key", None, "present", "labelName", True),
|
|
|
|
("dummy", None, None, "present", None, False),
|
|
|
|
("dummy", "key", None, "absent", None, "exception"),
|
|
|
|
("dummy", None, "foo", "present", None, True),
|
|
|
|
(None, None, "foo", "present", None, False),
|
|
|
|
(None, None, "foo", "present", "labelName", True),
|
|
|
|
("dummy", None, None, "present", None, False),
|
|
|
|
("dummy", None, "foo", "absent", None, "exception"))
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.parametrize("device, keyfile, passphrase, state, is_luks, " +
|
|
|
|
"label, expected",
|
|
|
|
((d[0], d[1], d[2], d[3], d[4], d[5], d[6])
|
2019-02-15 10:25:14 +01:00
|
|
|
for d in LUKS_CREATE_DATA))
|
2019-11-30 20:50:30 +01:00
|
|
|
def test_luks_create(device, keyfile, passphrase, state, is_luks, label,
|
|
|
|
expected, monkeypatch):
|
2019-02-15 10:25:14 +01:00
|
|
|
module = DummyModule()
|
|
|
|
|
|
|
|
module.params["device"] = device
|
|
|
|
module.params["keyfile"] = keyfile
|
2019-11-30 20:50:30 +01:00
|
|
|
module.params["passphrase"] = passphrase
|
2019-02-15 10:25:14 +01:00
|
|
|
module.params["state"] = state
|
2019-09-03 05:40:09 +02:00
|
|
|
module.params["label"] = label
|
2019-02-15 10:25:14 +01:00
|
|
|
|
|
|
|
monkeypatch.setattr(luks_device.CryptHandler, "is_luks",
|
|
|
|
lambda x, y: is_luks)
|
|
|
|
crypt = luks_device.CryptHandler(module)
|
2019-09-03 05:40:09 +02:00
|
|
|
if device is None:
|
|
|
|
monkeypatch.setattr(luks_device.Handler, "get_device_by_label",
|
|
|
|
lambda x, y: [0, "/dev/dummy", ""])
|
|
|
|
try:
|
|
|
|
conditions = luks_device.ConditionsHandler(module, crypt)
|
|
|
|
assert conditions.luks_create() == expected
|
|
|
|
except ValueError:
|
|
|
|
assert expected == "exception"
|
2019-02-15 10:25:14 +01:00
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.parametrize("device, state, is_luks, expected",
|
|
|
|
((d[0], d[1], d[2], d[3])
|
|
|
|
for d in LUKS_REMOVE_DATA))
|
|
|
|
def test_luks_remove(device, state, is_luks, expected, monkeypatch):
|
|
|
|
module = DummyModule()
|
|
|
|
|
|
|
|
module.params["device"] = device
|
|
|
|
module.params["state"] = state
|
|
|
|
|
|
|
|
monkeypatch.setattr(luks_device.CryptHandler, "is_luks",
|
|
|
|
lambda x, y: is_luks)
|
|
|
|
crypt = luks_device.CryptHandler(module)
|
2019-09-03 05:40:09 +02:00
|
|
|
try:
|
|
|
|
conditions = luks_device.ConditionsHandler(module, crypt)
|
|
|
|
assert conditions.luks_remove() == expected
|
|
|
|
except ValueError:
|
|
|
|
assert expected == "exception"
|
2019-02-15 10:25:14 +01:00
|
|
|
|
|
|
|
|
2019-11-30 20:50:30 +01:00
|
|
|
@pytest.mark.parametrize("device, keyfile, passphrase, state, name, "
|
2019-02-15 10:25:14 +01:00
|
|
|
"name_by_dev, expected",
|
2019-11-30 20:50:30 +01:00
|
|
|
((d[0], d[1], d[2], d[3], d[4], d[5], d[6])
|
2019-02-15 10:25:14 +01:00
|
|
|
for d in LUKS_OPEN_DATA))
|
2019-11-30 20:50:30 +01:00
|
|
|
def test_luks_open(device, keyfile, passphrase, state, name, name_by_dev,
|
2019-02-15 10:25:14 +01:00
|
|
|
expected, monkeypatch):
|
|
|
|
module = DummyModule()
|
|
|
|
module.params["device"] = device
|
|
|
|
module.params["keyfile"] = keyfile
|
2019-11-30 20:50:30 +01:00
|
|
|
module.params["passphrase"] = passphrase
|
2019-02-15 10:25:14 +01:00
|
|
|
module.params["state"] = state
|
|
|
|
module.params["name"] = name
|
|
|
|
|
|
|
|
monkeypatch.setattr(luks_device.CryptHandler,
|
|
|
|
"get_container_name_by_device",
|
|
|
|
lambda x, y: name_by_dev)
|
2019-09-03 05:40:09 +02:00
|
|
|
monkeypatch.setattr(luks_device.CryptHandler,
|
|
|
|
"get_container_device_by_name",
|
|
|
|
lambda x, y: device)
|
|
|
|
monkeypatch.setattr(luks_device.Handler, "_run_command",
|
|
|
|
lambda x, y: [0, device, ""])
|
2019-02-15 10:25:14 +01:00
|
|
|
crypt = luks_device.CryptHandler(module)
|
|
|
|
try:
|
2019-09-03 05:40:09 +02:00
|
|
|
conditions = luks_device.ConditionsHandler(module, crypt)
|
2019-02-15 10:25:14 +01:00
|
|
|
assert conditions.luks_open() == expected
|
|
|
|
except ValueError:
|
|
|
|
assert expected == "exception"
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.parametrize("device, dev_by_name, name, name_by_dev, "
|
2019-09-03 05:40:09 +02:00
|
|
|
"state, label, expected",
|
|
|
|
((d[0], d[1], d[2], d[3], d[4], d[5], d[6])
|
2019-02-15 10:25:14 +01:00
|
|
|
for d in LUKS_CLOSE_DATA))
|
|
|
|
def test_luks_close(device, dev_by_name, name, name_by_dev, state,
|
2019-09-03 05:40:09 +02:00
|
|
|
label, expected, monkeypatch):
|
2019-02-15 10:25:14 +01:00
|
|
|
module = DummyModule()
|
|
|
|
module.params["device"] = device
|
|
|
|
module.params["name"] = name
|
|
|
|
module.params["state"] = state
|
2019-09-03 05:40:09 +02:00
|
|
|
module.params["label"] = label
|
2019-02-15 10:25:14 +01:00
|
|
|
|
|
|
|
monkeypatch.setattr(luks_device.CryptHandler,
|
|
|
|
"get_container_name_by_device",
|
|
|
|
lambda x, y: name_by_dev)
|
|
|
|
monkeypatch.setattr(luks_device.CryptHandler,
|
|
|
|
"get_container_device_by_name",
|
|
|
|
lambda x, y: dev_by_name)
|
|
|
|
crypt = luks_device.CryptHandler(module)
|
2019-09-03 05:40:09 +02:00
|
|
|
try:
|
|
|
|
conditions = luks_device.ConditionsHandler(module, crypt)
|
|
|
|
assert conditions.luks_close() == expected
|
|
|
|
except ValueError:
|
|
|
|
assert expected == "exception"
|
2019-02-15 10:25:14 +01:00
|
|
|
|
|
|
|
|
2019-11-30 20:50:30 +01:00
|
|
|
@pytest.mark.parametrize("device, keyfile, passphrase, new_keyfile, " +
|
|
|
|
"new_passphrase, state, label, expected",
|
|
|
|
((d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7])
|
2019-02-15 10:25:14 +01:00
|
|
|
for d in LUKS_ADD_KEY_DATA))
|
2019-11-30 20:50:30 +01:00
|
|
|
def test_luks_add_key(device, keyfile, passphrase, new_keyfile, new_passphrase,
|
|
|
|
state, label, expected, monkeypatch):
|
2019-02-15 10:25:14 +01:00
|
|
|
module = DummyModule()
|
|
|
|
module.params["device"] = device
|
|
|
|
module.params["keyfile"] = keyfile
|
2019-11-30 20:50:30 +01:00
|
|
|
module.params["passphrase"] = passphrase
|
2019-02-15 10:25:14 +01:00
|
|
|
module.params["new_keyfile"] = new_keyfile
|
2019-11-30 20:50:30 +01:00
|
|
|
module.params["new_passphrase"] = new_passphrase
|
2019-02-15 10:25:14 +01:00
|
|
|
module.params["state"] = state
|
2019-09-03 05:40:09 +02:00
|
|
|
module.params["label"] = label
|
|
|
|
|
|
|
|
monkeypatch.setattr(luks_device.Handler, "get_device_by_label",
|
|
|
|
lambda x, y: [0, "/dev/dummy", ""])
|
2019-02-15 10:25:14 +01:00
|
|
|
|
|
|
|
try:
|
2019-09-03 05:40:09 +02:00
|
|
|
conditions = luks_device.ConditionsHandler(module, module)
|
2019-02-15 10:25:14 +01:00
|
|
|
assert conditions.luks_add_key() == expected
|
|
|
|
except ValueError:
|
|
|
|
assert expected == "exception"
|
|
|
|
|
|
|
|
|
2019-11-30 20:50:30 +01:00
|
|
|
@pytest.mark.parametrize("device, remove_keyfile, remove_passphrase, state, " +
|
|
|
|
"label, expected",
|
|
|
|
((d[0], d[1], d[2], d[3], d[4], d[5])
|
2019-02-15 10:25:14 +01:00
|
|
|
for d in LUKS_REMOVE_KEY_DATA))
|
2019-11-30 20:50:30 +01:00
|
|
|
def test_luks_remove_key(device, remove_keyfile, remove_passphrase, state,
|
|
|
|
label, expected, monkeypatch):
|
2019-02-15 10:25:14 +01:00
|
|
|
|
|
|
|
module = DummyModule()
|
|
|
|
module.params["device"] = device
|
|
|
|
module.params["remove_keyfile"] = remove_keyfile
|
2019-11-30 20:50:30 +01:00
|
|
|
module.params["remove_passphrase"] = remove_passphrase
|
2019-02-15 10:25:14 +01:00
|
|
|
module.params["state"] = state
|
2019-09-03 05:40:09 +02:00
|
|
|
module.params["label"] = label
|
2019-02-15 10:25:14 +01:00
|
|
|
|
2019-09-03 05:40:09 +02:00
|
|
|
monkeypatch.setattr(luks_device.Handler, "get_device_by_label",
|
|
|
|
lambda x, y: [0, "/dev/dummy", ""])
|
|
|
|
monkeypatch.setattr(luks_device.Handler, "_run_command",
|
|
|
|
lambda x, y: [0, device, ""])
|
|
|
|
|
|
|
|
crypt = luks_device.CryptHandler(module)
|
2019-02-15 10:25:14 +01:00
|
|
|
try:
|
2019-09-03 05:40:09 +02:00
|
|
|
conditions = luks_device.ConditionsHandler(module, crypt)
|
2019-02-15 10:25:14 +01:00
|
|
|
assert conditions.luks_remove_key() == expected
|
|
|
|
except ValueError:
|
|
|
|
assert expected == "exception"
|