2021-01-14 17:49:53 +01:00
|
|
|
- name: create an empty collection skeleton
|
|
|
|
command: ansible-galaxy collection init ansible_test.verify
|
|
|
|
args:
|
|
|
|
chdir: '{{ galaxy_dir }}/scratch'
|
|
|
|
|
|
|
|
- name: build the collection
|
|
|
|
command: ansible-galaxy collection build scratch/ansible_test/verify
|
|
|
|
args:
|
|
|
|
chdir: '{{ galaxy_dir }}'
|
|
|
|
|
|
|
|
- name: publish collection - {{ test_name }}
|
|
|
|
command: ansible-galaxy collection publish ansible_test-verify-1.0.0.tar.gz -s {{ test_name }} {{ galaxy_verbosity }}
|
|
|
|
args:
|
|
|
|
chdir: '{{ galaxy_dir }}'
|
|
|
|
|
|
|
|
- name: test verifying a tarfile
|
|
|
|
command: ansible-galaxy collection verify {{ galaxy_dir }}/ansible_test-verify-1.0.0.tar.gz
|
|
|
|
register: verify
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- verify.failed
|
2021-01-27 22:23:22 +01:00
|
|
|
- >-
|
|
|
|
"ERROR! 'file' type is not supported. The format namespace.name is expected." in verify.stderr
|
2021-01-14 17:49:53 +01:00
|
|
|
|
|
|
|
- name: install the collection from the server
|
|
|
|
command: ansible-galaxy collection install ansible_test.verify:1.0.0
|
|
|
|
environment:
|
|
|
|
ANSIBLE_COLLECTIONS_PATH: '{{ galaxy_dir }}'
|
|
|
|
|
|
|
|
- name: verify the installed collection against the server
|
|
|
|
command: ansible-galaxy collection verify ansible_test.verify:1.0.0
|
|
|
|
environment:
|
|
|
|
ANSIBLE_COLLECTIONS_PATH: '{{ galaxy_dir }}'
|
|
|
|
register: verify
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- verify is success
|
|
|
|
- "'Collection ansible_test.verify contains modified content' not in verify.stdout"
|
|
|
|
|
2021-01-27 22:23:22 +01:00
|
|
|
- name: verify the installed collection against the server, with unspecified version in CLI
|
|
|
|
command: ansible-galaxy collection verify ansible_test.verify
|
|
|
|
environment:
|
|
|
|
ANSIBLE_COLLECTIONS_PATH: '{{ galaxy_dir }}'
|
|
|
|
|
2021-01-14 17:49:53 +01:00
|
|
|
- name: verify a collection that doesn't appear to be installed
|
|
|
|
command: ansible-galaxy collection verify ansible_test.verify:1.0.0
|
|
|
|
register: verify
|
|
|
|
ignore_errors: true
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- verify.failed
|
|
|
|
- "'Collection ansible_test.verify is not installed in any of the collection paths.' in verify.stderr"
|
|
|
|
|
|
|
|
- name: create a modules directory
|
|
|
|
file:
|
|
|
|
state: directory
|
|
|
|
path: '{{ galaxy_dir }}/scratch/ansible_test/verify/plugins/modules'
|
|
|
|
|
|
|
|
- name: add a module to the collection
|
|
|
|
copy:
|
|
|
|
src: test_module.py
|
|
|
|
dest: '{{ galaxy_dir }}/scratch/ansible_test/verify/plugins/modules/test_module.py'
|
|
|
|
|
|
|
|
- name: update the collection version
|
|
|
|
lineinfile:
|
|
|
|
regexp: "version: .*"
|
|
|
|
line: "version: '2.0.0'"
|
|
|
|
path: '{{ galaxy_dir }}/scratch/ansible_test/verify/galaxy.yml'
|
|
|
|
|
|
|
|
- name: build the new version
|
|
|
|
command: ansible-galaxy collection build scratch/ansible_test/verify
|
|
|
|
args:
|
|
|
|
chdir: '{{ galaxy_dir }}'
|
|
|
|
|
|
|
|
- name: publish the new version
|
|
|
|
command: ansible-galaxy collection publish ansible_test-verify-2.0.0.tar.gz -s {{ test_name }} {{ galaxy_verbosity }}
|
|
|
|
args:
|
|
|
|
chdir: '{{ galaxy_dir }}'
|
|
|
|
|
|
|
|
- name: verify a version of a collection that isn't installed
|
|
|
|
command: ansible-galaxy collection verify ansible_test.verify:2.0.0
|
|
|
|
environment:
|
|
|
|
ANSIBLE_COLLECTIONS_PATH: '{{ galaxy_dir }}'
|
|
|
|
register: verify
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- '"ansible_test.verify has the version ''1.0.0'' but is being compared to ''2.0.0''" in verify.stdout'
|
|
|
|
|
|
|
|
- name: install the new version from the server
|
|
|
|
command: ansible-galaxy collection install ansible_test.verify:2.0.0 --force
|
|
|
|
environment:
|
|
|
|
ANSIBLE_COLLECTIONS_PATH: '{{ galaxy_dir }}'
|
|
|
|
|
|
|
|
- name: verify the installed collection against the server
|
|
|
|
command: ansible-galaxy collection verify ansible_test.verify:2.0.0
|
|
|
|
environment:
|
|
|
|
ANSIBLE_COLLECTIONS_PATH: '{{ galaxy_dir }}'
|
|
|
|
register: verify
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- "'Collection ansible_test.verify contains modified content' not in verify.stdout"
|
|
|
|
|
|
|
|
# Test a modified collection
|
|
|
|
|
|
|
|
- set_fact:
|
|
|
|
manifest_path: '{{ galaxy_dir }}/ansible_collections/ansible_test/verify/MANIFEST.json'
|
|
|
|
file_manifest_path: '{{ galaxy_dir }}/ansible_collections/ansible_test/verify/FILES.json'
|
|
|
|
module_path: '{{ galaxy_dir }}/ansible_collections/ansible_test/verify/plugins/modules/test_module.py'
|
|
|
|
|
|
|
|
- name: load the FILES.json
|
|
|
|
set_fact:
|
|
|
|
files_manifest: "{{ lookup('file', file_manifest_path) | from_json }}"
|
|
|
|
|
|
|
|
- name: get the real checksum of a particular module
|
|
|
|
stat:
|
|
|
|
path: "{{ module_path }}"
|
|
|
|
checksum_algorithm: sha256
|
|
|
|
register: file
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- "file.stat.checksum == item.chksum_sha256"
|
|
|
|
loop: "{{ files_manifest.files }}"
|
|
|
|
when: "item.name == 'plugins/modules/aws_s3.py'"
|
|
|
|
|
|
|
|
- name: append a newline to the module to modify the checksum
|
|
|
|
shell: "echo '' >> {{ module_path }}"
|
|
|
|
|
|
|
|
- name: get the new checksum
|
|
|
|
stat:
|
|
|
|
path: "{{ module_path }}"
|
|
|
|
checksum_algorithm: sha256
|
|
|
|
register: updated_file
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- "updated_file.stat.checksum != file.stat.checksum"
|
|
|
|
|
|
|
|
- name: test verifying checksumes of the modified collection
|
|
|
|
command: ansible-galaxy collection verify ansible_test.verify:2.0.0
|
|
|
|
register: verify
|
|
|
|
environment:
|
|
|
|
ANSIBLE_COLLECTIONS_PATH: '{{ galaxy_dir }}'
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
2021-03-29 18:47:15 +02:00
|
|
|
- "'Collection ansible_test.verify contains modified content in the following files:\n plugins/modules/test_module.py' in verify.stdout"
|
2021-01-14 17:49:53 +01:00
|
|
|
|
|
|
|
- name: modify the FILES.json to match the new checksum
|
|
|
|
lineinfile:
|
|
|
|
path: "{{ file_manifest_path }}"
|
|
|
|
regexp: ' "chksum_sha256": "{{ file.stat.checksum }}",'
|
|
|
|
line: ' "chksum_sha256": "{{ updated_file.stat.checksum }}",'
|
|
|
|
state: present
|
|
|
|
diff: true
|
|
|
|
|
|
|
|
- name: ensure a modified FILES.json is validated
|
|
|
|
command: ansible-galaxy collection verify ansible_test.verify:2.0.0
|
|
|
|
register: verify
|
|
|
|
environment:
|
|
|
|
ANSIBLE_COLLECTIONS_PATH: '{{ galaxy_dir }}'
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
2021-03-29 18:47:15 +02:00
|
|
|
- "'Collection ansible_test.verify contains modified content in the following files:\n FILES.json' in verify.stdout"
|
2021-01-14 17:49:53 +01:00
|
|
|
|
|
|
|
- name: get the checksum of the FILES.json
|
|
|
|
stat:
|
|
|
|
path: "{{ file_manifest_path }}"
|
|
|
|
checksum_algorithm: sha256
|
|
|
|
register: manifest_info
|
|
|
|
|
|
|
|
- name: modify the MANIFEST.json to contain a different checksum for FILES.json
|
|
|
|
lineinfile:
|
|
|
|
regexp: ' "chksum_sha256": *'
|
|
|
|
path: "{{ manifest_path }}"
|
|
|
|
line: ' "chksum_sha256": "{{ manifest_info.stat.checksum }}",'
|
|
|
|
|
|
|
|
- name: ensure the MANIFEST.json is validated against the uncorrupted file from the server
|
|
|
|
command: ansible-galaxy collection verify ansible_test.verify:2.0.0
|
|
|
|
register: verify
|
|
|
|
environment:
|
|
|
|
ANSIBLE_COLLECTIONS_PATH: '{{ galaxy_dir }}'
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
2021-03-29 18:47:15 +02:00
|
|
|
- "'Collection ansible_test.verify contains modified content in the following files:\n MANIFEST.json' in verify.stdout"
|
2021-02-01 09:55:21 +01:00
|
|
|
|
|
|
|
- name: remove the artifact metadata to test verifying a collection without it
|
|
|
|
file:
|
|
|
|
path: "{{ item }}"
|
|
|
|
state: absent
|
|
|
|
loop:
|
|
|
|
- "{{ manifest_path }}"
|
|
|
|
- "{{ file_manifest_path }}"
|
|
|
|
|
|
|
|
- name: add some development metadata
|
|
|
|
copy:
|
|
|
|
content: |
|
|
|
|
namespace: 'ansible_test'
|
|
|
|
name: 'verify'
|
|
|
|
version: '2.0.0'
|
|
|
|
readme: 'README.md'
|
|
|
|
authors: ['Ansible']
|
|
|
|
dest: '{{ galaxy_dir }}/ansible_collections/ansible_test/verify/galaxy.yml'
|
|
|
|
|
|
|
|
- name: test we only verify collections containing a MANIFEST.json with the version on the server
|
|
|
|
command: ansible-galaxy collection verify ansible_test.verify:2.0.0
|
|
|
|
register: verify
|
|
|
|
environment:
|
|
|
|
ANSIBLE_COLLECTIONS_PATH: '{{ galaxy_dir }}'
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- verify.failed
|
|
|
|
- "'Collection ansible_test.verify does not have a MANIFEST.json' in verify.stderr"
|
2021-03-29 18:47:15 +02:00
|
|
|
|
|
|
|
- name: update the collection version to something not present on the server
|
|
|
|
lineinfile:
|
|
|
|
regexp: "version: .*"
|
|
|
|
line: "version: '3.0.0'"
|
|
|
|
path: '{{ galaxy_dir }}/scratch/ansible_test/verify/galaxy.yml'
|
|
|
|
|
|
|
|
- name: build the new version
|
|
|
|
command: ansible-galaxy collection build scratch/ansible_test/verify
|
|
|
|
args:
|
|
|
|
chdir: '{{ galaxy_dir }}'
|
|
|
|
|
|
|
|
- name: force-install from local artifact
|
|
|
|
command: ansible-galaxy collection install '{{ galaxy_dir }}/ansible_test-verify-3.0.0.tar.gz' --force
|
|
|
|
environment:
|
|
|
|
ANSIBLE_COLLECTIONS_PATH: '{{ galaxy_dir }}'
|
|
|
|
|
|
|
|
- name: verify locally only, no download or server manifest hash check
|
|
|
|
command: ansible-galaxy collection verify --offline ansible_test.verify
|
|
|
|
environment:
|
|
|
|
ANSIBLE_COLLECTIONS_PATH: '{{ galaxy_dir }}'
|
|
|
|
register: verify
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- >-
|
|
|
|
"Verifying 'ansible_test.verify:3.0.0'." in verify.stdout
|
|
|
|
- '"MANIFEST.json hash: " in verify.stdout'
|
|
|
|
- >-
|
|
|
|
"Successfully verified that checksums for 'ansible_test.verify:3.0.0' are internally consistent with its manifest." in verify.stdout
|
|
|
|
|
|
|
|
- name: append a newline to a module to modify the checksum
|
|
|
|
shell: "echo '' >> {{ module_path }}"
|
|
|
|
|
|
|
|
- name: verify modified collection locally-only (should fail)
|
|
|
|
command: ansible-galaxy collection verify --offline ansible_test.verify
|
|
|
|
register: verify
|
|
|
|
environment:
|
|
|
|
ANSIBLE_COLLECTIONS_PATH: '{{ galaxy_dir }}'
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- "'Collection ansible_test.verify contains modified content in the following files:' in verify.stdout"
|
|
|
|
- "'plugins/modules/test_module.py' in verify.stdout"
|