added integration tests for rpm_key (#26134)

This commit is contained in:
David Newswanger 2017-06-29 04:46:42 -04:00 committed by John R Barker
parent ed17d7a0a5
commit 5242ff1b59
4 changed files with 87 additions and 0 deletions

View file

@ -0,0 +1,2 @@
destructive
posix/ci/group1

View file

@ -0,0 +1,2 @@
- include: 'rpm_key.yaml'
when: ansible_os_family == "RedHat"

View file

@ -0,0 +1,83 @@
---
- name: download EPEL GPG key
get_url:
url: https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
dest: /tmp/RPM-GPG-KEY-EPEL-7
- name: download sl rpm
get_url:
url: https://download.fedoraproject.org/pub/epel/7/x86_64/s/sl-5.02-1.el7.x86_64.rpm
dest: /tmp/sl.rpm
- name: remove EPEL GPG key from keyring
rpm_key:
state: absent
key: /tmp/RPM-GPG-KEY-EPEL-7
- name: check GPG signature of sl. Should fail
shell: "rpm --checksig /tmp/sl.rpm"
register: sl_check
ignore_errors: yes
- name: confirm that signature check failed
assert:
that:
- "'MISSING KEYS' in sl_check.stdout"
- "sl_check.failed"
- name: remove EPEL GPG key from keyring (Idempotant)
rpm_key:
state: absent
key: /tmp/RPM-GPG-KEY-EPEL-7
register: idempotant_test
- name: check Idempotant
assert:
that: "not idempotant_test.changed"
- name: add EPEL GPG key to key ring
rpm_key:
state: present
key: /tmp/RPM-GPG-KEY-EPEL-7
- name: add EPEL GPG key to key ring (Idempotant)
rpm_key:
state: present
key: /tmp/RPM-GPG-KEY-EPEL-7
- name: check GPG signature of sl. Should return okay
shell: "rpm --checksig /tmp/sl.rpm"
register: sl_check
- name: confirm that signature check succeeded
assert:
that: "'rsa sha1 (md5) pgp md5 OK' in sl_check.stdout"
- name: remove GPG key from url
rpm_key:
state: absent
key: https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
- name: Confirm key is missing
shell: "rpm --checksig /tmp/sl.rpm"
register: sl_check
ignore_errors: yes
- name: confirm that signature check failed
assert:
that:
- "'MISSING KEYS' in sl_check.stdout"
- "sl_check.failed"
- name: add GPG key from url
rpm_key:
state: present
key: https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
- name: check GPG signature of sl. Should return okay
shell: "rpm --checksig /tmp/sl.rpm"
register: sl_check
- name: confirm that signature check succeeded
assert:
that: "'rsa sha1 (md5) pgp md5 OK' in sl_check.stdout"