From 0ad262e3ecd09cd84839a3dbeba7dcc2cdc73c86 Mon Sep 17 00:00:00 2001 From: Zim Kalinowski Date: Wed, 5 Sep 2018 17:48:27 +0800 Subject: [PATCH] Consolidate keyvault tests (#45196) --- .../targets/azure_rm_keyvault/aliases | 2 + .../azure_service_principal_attribute.py | 0 .../targets/azure_rm_keyvault/tasks/main.yml | 150 ++++++++++++++++-- .../targets/azure_rm_keyvaultkey/aliases | 3 - .../azure_rm_keyvaultkey/meta/main.yml | 2 - .../azure_rm_keyvaultkey/tasks/main.yml | 90 ----------- .../targets/azure_rm_keyvaultsecret/aliases | 3 - .../azure_service_principal_attribute.py | 94 ----------- .../azure_rm_keyvaultsecret/meta/main.yml | 2 - .../azure_rm_keyvaultsecret/tasks/main.yml | 79 --------- 10 files changed, 137 insertions(+), 288 deletions(-) rename test/integration/targets/{azure_rm_keyvaultkey => azure_rm_keyvault}/lookup_plugins/azure_service_principal_attribute.py (100%) delete mode 100644 test/integration/targets/azure_rm_keyvaultkey/aliases delete mode 100644 test/integration/targets/azure_rm_keyvaultkey/meta/main.yml delete mode 100644 test/integration/targets/azure_rm_keyvaultkey/tasks/main.yml delete mode 100644 test/integration/targets/azure_rm_keyvaultsecret/aliases delete mode 100644 test/integration/targets/azure_rm_keyvaultsecret/lookup_plugins/azure_service_principal_attribute.py delete mode 100644 test/integration/targets/azure_rm_keyvaultsecret/meta/main.yml delete mode 100644 test/integration/targets/azure_rm_keyvaultsecret/tasks/main.yml diff --git a/test/integration/targets/azure_rm_keyvault/aliases b/test/integration/targets/azure_rm_keyvault/aliases index 095e5ec3479..af2c60f3a57 100644 --- a/test/integration/targets/azure_rm_keyvault/aliases +++ b/test/integration/targets/azure_rm_keyvault/aliases @@ -1,3 +1,5 @@ cloud/azure destructive shippable/azure/group1 +azure_rm_keyvaultkey +azure_rm_keyvaultsecret diff --git a/test/integration/targets/azure_rm_keyvaultkey/lookup_plugins/azure_service_principal_attribute.py b/test/integration/targets/azure_rm_keyvault/lookup_plugins/azure_service_principal_attribute.py similarity index 100% rename from test/integration/targets/azure_rm_keyvaultkey/lookup_plugins/azure_service_principal_attribute.py rename to test/integration/targets/azure_rm_keyvault/lookup_plugins/azure_service_principal_attribute.py diff --git a/test/integration/targets/azure_rm_keyvault/tasks/main.yml b/test/integration/targets/azure_rm_keyvault/tasks/main.yml index d477a9b8c6d..90d6ff29474 100644 --- a/test/integration/targets/azure_rm_keyvault/tasks/main.yml +++ b/test/integration/targets/azure_rm_keyvault/tasks/main.yml @@ -1,22 +1,53 @@ - name: Prepare random number set_fact: rpfx: "{{ resource_group | hash('md5') | truncate(7, True, '') }}{{ 1000 | random }}" + tenant_id: "{{ lookup('env','AZURE_TENANT') }}" run_once: yes +- name: set service principal info + set_fact: + azure_client_id: "{{ lookup('env','AZURE_CLIENT_ID') }}" + azure_secret: "{{ lookup('env','AZURE_SECRET') }}" + no_log: yes + +- name: lookup service principal object id + set_fact: + object_id: "{{ lookup('azure_service_principal_attribute', + azure_client_id=azure_client_id, + azure_secret=azure_secret, + azure_tenant=tenant_id) }}" + register: object_id + - name: Create instance of Key Vault -- check mode azure_rm_keyvault: resource_group: "{{ resource_group }}" vault_name: "vault{{ rpfx }}" - vault_tenant: 11111111-1111-1111-1111-111122223333 enabled_for_deployment: yes + vault_tenant: "{{ tenant_id }}" sku: name: standard family: A access_policies: - - object_id: 99998888-8666-4144-9199-2d7cd0111111 + - tenant_id: "{{ tenant_id }}" + object_id: "{{ object_id }}" keys: - get - list + - update + - create + - import + - delete + - recover + - backup + - restore + secrets: + - get + - list + - set + - delete + - recover + - backup + - restore check_mode: yes register: output - name: Assert the resource instance is well created @@ -28,36 +59,48 @@ azure_rm_keyvault: resource_group: "{{ resource_group }}" vault_name: "vault{{ rpfx }}" - vault_tenant: 11111111-1111-1111-1111-111122223333 enabled_for_deployment: yes + vault_tenant: "{{ tenant_id }}" sku: name: standard family: A access_policies: - - object_id: 99998888-8666-4144-9199-2d7cd0111111 - keys: + - tenant_id: "{{ tenant_id }}" + object_id: "{{ object_id }}" + secrets: - get - list + - set + - delete + - recover + - backup + - restore register: output - name: Assert the resource instance is well created assert: that: - output.changed -- name: Create again instance of Key Vault +- name: Create instance of Key Vault again azure_rm_keyvault: resource_group: "{{ resource_group }}" vault_name: "vault{{ rpfx }}" - vault_tenant: 11111111-1111-1111-1111-111122223333 enabled_for_deployment: yes + vault_tenant: "{{ tenant_id }}" sku: name: standard family: A access_policies: - - object_id: 99998888-8666-4144-9199-2d7cd0111111 - keys: + - tenant_id: "{{ tenant_id }}" + object_id: "{{ object_id }}" + secrets: - get - list + - set + - delete + - recover + - backup + - restore register: output - name: Assert the state has not changed assert: @@ -68,20 +111,32 @@ azure_rm_keyvault: resource_group: "{{ resource_group }}" vault_name: "vault{{ rpfx }}" - vault_tenant: 11111111-1111-1111-1111-111122223333 enabled_for_deployment: yes + vault_tenant: "{{ tenant_id }}" sku: name: standard family: A access_policies: - - object_id: 99998888-8666-4144-9199-2d7cd0111111 - certificates: - - get - - list - - object_id: 11112222-8666-4144-9199-2d7cd0111111 + - tenant_id: "{{ tenant_id }}" + object_id: "{{ object_id }}" keys: - get - list + - update + - create + - import + - delete + - recover + - backup + - restore + secrets: + - get + - list + - set + - delete + - recover + - backup + - restore tags: aaa: bbb register: output @@ -102,6 +157,71 @@ assert: that: - output.response[0].tags.aaa == "bbb" +# +# azure_rm_keyvaultkey tests +# + +- name: create a kevyault key + block: + - azure_rm_keyvaultkey: + keyvault_uri: https://vault{{ rpfx }}.vault.azure.net + key_name: testkey + tags: + testing: test + delete: on-exit + register: output + - assert: + that: output.changed + rescue: + - azure_rm_keyvaultkey: + keyvault_uri: https://vault{{ rpfx }}.vault.azure.net + state: absent + key_name: testkey + +- name: delete a kevyault key + azure_rm_keyvaultkey: + keyvault_uri: https://vault{{ rpfx }}.vault.azure.net + state: absent + key_name: testkey + register: output + +- assert: + that: output.changed + +# +# azure_rm_keyvaultsecret tests +# +- name: create a kevyault secret + block: + - azure_rm_keyvaultsecret: + keyvault_uri: https://vault{{ rpfx }}.vault.azure.net + secret_name: testsecret + secret_value: 'mysecret' + tags: + testing: test + delete: on-exit + register: output + - assert: + that: output.changed + rescue: + - azure_rm_keyvaultsecret: + keyvault_uri: https://vault{{ rpfx }}.vault.azure.net + state: absent + secret_name: testsecret + +- name: delete a kevyault secret + azure_rm_keyvaultsecret: + keyvault_uri: https://vault{{ rpfx }}.vault.azure.net + state: absent + secret_name: testsecret + register: output + +- assert: + that: output.changed + +# +# azure_rm_keyvault finalize & clean up +# - name: Delete instance of Key Vault -- check mode azure_rm_keyvault: diff --git a/test/integration/targets/azure_rm_keyvaultkey/aliases b/test/integration/targets/azure_rm_keyvaultkey/aliases deleted file mode 100644 index 8f7a9a2e560..00000000000 --- a/test/integration/targets/azure_rm_keyvaultkey/aliases +++ /dev/null @@ -1,3 +0,0 @@ -cloud/azure -shippable/azure/group1 -destructive diff --git a/test/integration/targets/azure_rm_keyvaultkey/meta/main.yml b/test/integration/targets/azure_rm_keyvaultkey/meta/main.yml deleted file mode 100644 index 95e1952f989..00000000000 --- a/test/integration/targets/azure_rm_keyvaultkey/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - - setup_azure diff --git a/test/integration/targets/azure_rm_keyvaultkey/tasks/main.yml b/test/integration/targets/azure_rm_keyvaultkey/tasks/main.yml deleted file mode 100644 index d4d5b09e18b..00000000000 --- a/test/integration/targets/azure_rm_keyvaultkey/tasks/main.yml +++ /dev/null @@ -1,90 +0,0 @@ -- name: Prepare random number - set_fact: - rpfx: "{{ resource_group | hash('md5') | truncate(7, True, '') }}{{ 1000 | random }}" - tenant_id: "{{ lookup('env','AZURE_TENANT') }}" - run_once: yes - -- name: set service principal info - set_fact: - azure_client_id: "{{ lookup('env','AZURE_CLIENT_ID') }}" - azure_secret: "{{ lookup('env','AZURE_SECRET') }}" - no_log: yes - -- name: lookup service principal object id - set_fact: - object_id: "{{ lookup('azure_service_principal_attribute', - azure_client_id=azure_client_id, - azure_secret=azure_secret, - azure_tenant=tenant_id) }}" - register: object_id - -- name: Create instance of Key Vault - azure_rm_keyvault: - resource_group: "{{ resource_group }}" - vault_name: "vault{{ rpfx }}" - enabled_for_deployment: yes - vault_tenant: "{{ tenant_id }}" - sku: - name: standard - family: A - access_policies: - - tenant_id: "{{ tenant_id }}" - object_id: '{{ object_id }}' - keys: - - get - - list - - update - - create - - import - - delete - - recover - - backup - - restore - - encrypt - - decrypt - - wrapkey - - unwrapkey - - sign - - verify - secrets: - - get - - list - - set - - delete - - recover - - backup - - restore - register: output - -- name: create a kevyault key - block: - - azure_rm_keyvaultkey: - keyvault_uri: https://vault{{ rpfx }}.vault.azure.net - key_name: testkey - tags: - testing: test - delete: on-exit - register: output - - assert: - that: output.changed - rescue: - - azure_rm_keyvaultkey: - keyvault_uri: https://vault{{ rpfx }}.vault.azure.net - state: absent - key_name: testkey - -- name: delete a kevyault key - azure_rm_keyvaultkey: - keyvault_uri: https://vault{{ rpfx }}.vault.azure.net - state: absent - key_name: testkey - register: output - -- assert: - that: output.changed - -- name: Delete instance of Key Vault - azure_rm_keyvault: - resource_group: "{{ resource_group }}" - vault_name: "vault{{ rpfx }}" - state: absent diff --git a/test/integration/targets/azure_rm_keyvaultsecret/aliases b/test/integration/targets/azure_rm_keyvaultsecret/aliases deleted file mode 100644 index fd1a5ed5a8c..00000000000 --- a/test/integration/targets/azure_rm_keyvaultsecret/aliases +++ /dev/null @@ -1,3 +0,0 @@ -cloud/azure -shippable/azure/group1 -destructive \ No newline at end of file diff --git a/test/integration/targets/azure_rm_keyvaultsecret/lookup_plugins/azure_service_principal_attribute.py b/test/integration/targets/azure_rm_keyvaultsecret/lookup_plugins/azure_service_principal_attribute.py deleted file mode 100644 index 1b7d0318f00..00000000000 --- a/test/integration/targets/azure_rm_keyvaultsecret/lookup_plugins/azure_service_principal_attribute.py +++ /dev/null @@ -1,94 +0,0 @@ -# (c) 2018 Yunge Zhu, -# (c) 2017 Ansible Project -# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -DOCUMENTATION = """ -lookup: azure_service_principal_attribute - -requirements: - - azure-graphrbac - -author: - - Yunge Zhu - -version_added: "2.7" - -short_description: Look up Azure service principal attributes. - -description: - - Describes object id of your Azure service principal account. -options: - azure_client_id: - description: azure service principal client id. - azure_secret: - description: azure service principal secret - azure_tenant: - description: azure tenant - azure_cloud_environment: - description: azure cloud environment -""" - -EXAMPLES = """ -set_fact: - object_id: "{{ lookup('azure_service_principal_attribute', - azure_client_id=azure_client_id, - azure_secret=azure_secret, - azure_tenant=azure_secret) }}" -""" - -RETURN = """ -_raw: - description: - Returns object id of service principal. -""" - -from ansible.errors import AnsibleError -from ansible.plugins import AnsiblePlugin -from ansible.plugins.lookup import LookupBase -from ansible.module_utils._text import to_native - -try: - from azure.common.credentials import ServicePrincipalCredentials - from azure.graphrbac import GraphRbacManagementClient - from msrestazure import azure_cloud - from msrestazure.azure_exceptions import CloudError -except ImportError: - raise AnsibleError( - "The lookup azure_service_principal_attribute requires azure.graphrbac, msrest") - - -class LookupModule(LookupBase): - def run(self, terms, variables, **kwargs): - - self.set_options(direct=kwargs) - - credentials = {} - credentials['azure_client_id'] = self.get_option('azure_client_id', None) - credentials['azure_secret'] = self.get_option('azure_secret', None) - credentials['azure_tenant'] = self.get_option('azure_tenant', 'common') - - if credentials['azure_client_id'] is None or credentials['azure_secret'] is None: - raise AnsibleError("Must specify azure_client_id and azure_secret") - - _cloud_environment = azure_cloud.AZURE_PUBLIC_CLOUD - if self.get_option('azure_cloud_environment', None) is not None: - cloud_environment = azure_cloud.get_cloud_from_metadata_endpoint(credentials['azure_cloud_environment']) - - try: - azure_credentials = ServicePrincipalCredentials(client_id=credentials['azure_client_id'], - secret=credentials['azure_secret'], - tenant=credentials['azure_tenant'], - resource=_cloud_environment.endpoints.active_directory_graph_resource_id) - - client = GraphRbacManagementClient(azure_credentials, credentials['azure_tenant'], - base_url=_cloud_environment.endpoints.active_directory_graph_resource_id) - - response = list(client.service_principals.list(filter="appId eq '{0}'".format(credentials['azure_client_id']))) - sp = response[0] - - return sp.object_id.split(',') - except CloudError as ex: - raise AnsibleError("Failed to get service principal object id: %s" % to_native(ex)) - return False diff --git a/test/integration/targets/azure_rm_keyvaultsecret/meta/main.yml b/test/integration/targets/azure_rm_keyvaultsecret/meta/main.yml deleted file mode 100644 index 95e1952f989..00000000000 --- a/test/integration/targets/azure_rm_keyvaultsecret/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - - setup_azure diff --git a/test/integration/targets/azure_rm_keyvaultsecret/tasks/main.yml b/test/integration/targets/azure_rm_keyvaultsecret/tasks/main.yml deleted file mode 100644 index d8c0e7466f1..00000000000 --- a/test/integration/targets/azure_rm_keyvaultsecret/tasks/main.yml +++ /dev/null @@ -1,79 +0,0 @@ -- name: Prepare random number - set_fact: - rpfx: "{{ resource_group | hash('md5') | truncate(7, True, '') }}{{ 1000 | random }}" - tenant_id: "{{ lookup('env','AZURE_TENANT') }}" - run_once: yes - -- name: set service principal info - set_fact: - azure_client_id: "{{ lookup('env','AZURE_CLIENT_ID') }}" - azure_secret: "{{ lookup('env','AZURE_SECRET') }}" - no_log: yes - -- name: lookup service principal object id - set_fact: - object_id: "{{ lookup('azure_service_principal_attribute', - azure_client_id=azure_client_id, - azure_secret=azure_secret, - azure_tenant=tenant_id) }}" - register: object_id - -- name: Create instance of Key Vault - azure_rm_keyvault: - resource_group: "{{ resource_group }}" - vault_name: "vault{{ rpfx }}" - enabled_for_deployment: yes - vault_tenant: "{{ tenant_id }}" - sku: - name: standard - family: A - access_policies: - - tenant_id: "{{ tenant_id }}" - object_id: "{{ object_id }}" - keys: - - get - - list - - update - - create - - import - - delete - - recover - - backup - - restore - secrets: - - get - - list - - set - - delete - - recover - - backup - - restore - register: output - -- name: create a kevyault secret - block: - - azure_rm_keyvaultsecret: - keyvault_uri: https://vault{{ rpfx }}.vault.azure.net - secret_name: testsecret - secret_value: 'mysecret' - tags: - testing: test - delete: on-exit - register: output - - assert: - that: output.changed - rescue: - - azure_rm_keyvaultsecret: - keyvault_uri: https://vault{{ rpfx }}.vault.azure.net - state: absent - secret_name: testsecret - -- name: delete a kevyault secret - azure_rm_keyvaultsecret: - keyvault_uri: https://vault{{ rpfx }}.vault.azure.net - state: absent - secret_name: testsecret - register: output - -- assert: - that: output.changed \ No newline at end of file