ansible/test/integration/targets/luks_device/tasks/tests/passphrase.yml

---
- name: Create with passphrase1
  luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    passphrase: "{{ cryptfile_passphrase1 }}"
  become: yes

- name: Open with passphrase1
  luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    passphrase: "{{ cryptfile_passphrase1 }}"
  become: yes
  ignore_errors: yes
  register: open_try
- assert:
    that:
    - open_try is not failed
- name: Close
  luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
  become: yes

- name: Give access with ambiguous new_ arguments
  luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    passphrase: "{{ cryptfile_passphrase1 }}"
    new_passphrase: "{{ cryptfile_passphrase2 }}"
    new_keyfile: "{{ role_path }}/files/keyfile1"
  become: yes
  ignore_errors: yes
  register: new_try
- assert:
    that:
      - new_try is failed

- name: Try to open with passphrase2
  luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    passphrase: "{{ cryptfile_passphrase2 }}"
  become: yes
  ignore_errors: yes
  register: open_try
- assert:
    that:
    - open_try is failed

- name: Give access to passphrase2
  luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    passphrase: "{{ cryptfile_passphrase1 }}"
    new_passphrase: "{{ cryptfile_passphrase2 }}"
  become: yes

- name: Open with passphrase2
  luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    passphrase: "{{ cryptfile_passphrase2 }}"
  become: yes
  ignore_errors: yes
  register: open_try
- assert:
    that:
    - open_try is not failed
- name: Close
  luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
  become: yes

- name: Try to open with keyfile1
  luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    keyfile: "{{ role_path }}/files/keyfile1"
  become: yes
  ignore_errors: yes
  register: open_try
- assert:
    that:
    - open_try is failed

- name: Give access to keyfile1 from passphrase1
  luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    passphrase: "{{ cryptfile_passphrase1 }}"
    new_keyfile: "{{ role_path }}/files/keyfile1"
  become: yes

- name: Remove access with ambiguous remove_ arguments
  luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    remove_keyfile: "{{ role_path }}/files/keyfile1"
    remove_passphrase: "{{ cryptfile_passphrase1 }}"
  become: yes
  ignore_errors: yes
  register: remove_try
- assert:
    that:
      - remove_try is failed

- name: Open with keyfile1
  luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    keyfile: "{{ role_path }}/files/keyfile1"
  become: yes
  ignore_errors: yes
  register: open_try
- assert:
    that:
    - open_try is not failed
- name: Close
  luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
  become: yes

- name: Remove access for passphrase1
  luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    remove_passphrase: "{{ cryptfile_passphrase1 }}"
  become: yes

- name: Try to open with passphrase1
  luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    passphrase: "{{ cryptfile_passphrase1 }}"
  become: yes
  ignore_errors: yes
  register: open_try
- assert:
    that:
    - open_try is failed

- name: Try to open with passphrase3
  luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    passphrase: "{{ cryptfile_passphrase3 }}"
  become: yes
  ignore_errors: yes
  register: open_try
- assert:
    that:
    - open_try is failed

- name: Give access to passphrase3 from keyfile1
  luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    keyfile: "{{ role_path }}/files/keyfile1"
    new_passphrase: "{{ cryptfile_passphrase3 }}"
  become: yes

- name: Open with passphrase3
  luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    passphrase: "{{ cryptfile_passphrase3 }}"
  become: yes
  ignore_errors: yes
  register: open_try
- assert:
    that:
    - open_try is not failed
- name: Close
  luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
  become: yes
Add passphrase support for luks_device (#65050) * Elevate privileges for luks_device integration tests Several tests in `key-management.yml` don't `become` before executing, despite needing elevated privileges. This commit fixes that. * Add passphrase support for luks_device Previously, the luks_device module only worked with keyfiles. The implication was that the key had to be written to disk before the module could be used. This commit implements support for opening, adding and removing passphrases supplied as strings to the module. Closes #52408 2019-11-30 20:50:30 +01:00			`---`
			`- name: Create with passphrase1`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: closed`
			`passphrase: "{{ cryptfile_passphrase1 }}"`
			`become: yes`

			`- name: Open with passphrase1`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: opened`
			`passphrase: "{{ cryptfile_passphrase1 }}"`
			`become: yes`
			`ignore_errors: yes`
			`register: open_try`
			`- assert:`
			`that:`
			`- open_try is not failed`
			`- name: Close`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: closed`
			`become: yes`

			`- name: Give access with ambiguous new_ arguments`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: closed`
			`passphrase: "{{ cryptfile_passphrase1 }}"`
			`new_passphrase: "{{ cryptfile_passphrase2 }}"`
			`new_keyfile: "{{ role_path }}/files/keyfile1"`
			`become: yes`
			`ignore_errors: yes`
			`register: new_try`
			`- assert:`
			`that:`
			`- new_try is failed`

			`- name: Try to open with passphrase2`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: opened`
			`passphrase: "{{ cryptfile_passphrase2 }}"`
			`become: yes`
			`ignore_errors: yes`
			`register: open_try`
			`- assert:`
			`that:`
			`- open_try is failed`

			`- name: Give access to passphrase2`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: closed`
			`passphrase: "{{ cryptfile_passphrase1 }}"`
			`new_passphrase: "{{ cryptfile_passphrase2 }}"`
			`become: yes`

			`- name: Open with passphrase2`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: opened`
			`passphrase: "{{ cryptfile_passphrase2 }}"`
			`become: yes`
			`ignore_errors: yes`
			`register: open_try`
			`- assert:`
			`that:`
			`- open_try is not failed`
			`- name: Close`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: closed`
			`become: yes`

			`- name: Try to open with keyfile1`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: opened`
			`keyfile: "{{ role_path }}/files/keyfile1"`
			`become: yes`
			`ignore_errors: yes`
			`register: open_try`
			`- assert:`
			`that:`
			`- open_try is failed`

			`- name: Give access to keyfile1 from passphrase1`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: closed`
			`passphrase: "{{ cryptfile_passphrase1 }}"`
			`new_keyfile: "{{ role_path }}/files/keyfile1"`
			`become: yes`

			`- name: Remove access with ambiguous remove_ arguments`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: closed`
			`remove_keyfile: "{{ role_path }}/files/keyfile1"`
			`remove_passphrase: "{{ cryptfile_passphrase1 }}"`
			`become: yes`
			`ignore_errors: yes`
			`register: remove_try`
			`- assert:`
			`that:`
			`- remove_try is failed`

			`- name: Open with keyfile1`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: opened`
			`keyfile: "{{ role_path }}/files/keyfile1"`
			`become: yes`
			`ignore_errors: yes`
			`register: open_try`
			`- assert:`
			`that:`
			`- open_try is not failed`
			`- name: Close`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: closed`
			`become: yes`

			`- name: Remove access for passphrase1`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: closed`
			`remove_passphrase: "{{ cryptfile_passphrase1 }}"`
			`become: yes`

			`- name: Try to open with passphrase1`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: opened`
			`passphrase: "{{ cryptfile_passphrase1 }}"`
			`become: yes`
			`ignore_errors: yes`
			`register: open_try`
			`- assert:`
			`that:`
			`- open_try is failed`

			`- name: Try to open with passphrase3`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: opened`
			`passphrase: "{{ cryptfile_passphrase3 }}"`
			`become: yes`
			`ignore_errors: yes`
			`register: open_try`
			`- assert:`
			`that:`
			`- open_try is failed`

			`- name: Give access to passphrase3 from keyfile1`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: closed`
			`keyfile: "{{ role_path }}/files/keyfile1"`
			`new_passphrase: "{{ cryptfile_passphrase3 }}"`
			`become: yes`

			`- name: Open with passphrase3`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: opened`
			`passphrase: "{{ cryptfile_passphrase3 }}"`
			`become: yes`
			`ignore_errors: yes`
			`register: open_try`
			`- assert:`
			`that:`
			`- open_try is not failed`
			`- name: Close`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: closed`
			`become: yes`