luks_device: add integration tests (#52359)
* Add first version of luks_device tests. * Do ~ expansion manually. * Try to enable RHEL8. * Adjust to older losetup version. * Make sure cryptsetup is installed.
This commit is contained in:
parent
f67f391730
commit
5b28cd65f0
7 changed files with 359 additions and 0 deletions
6
test/integration/targets/luks_device/aliases
Normal file
6
test/integration/targets/luks_device/aliases
Normal file
|
@ -0,0 +1,6 @@
|
|||
shippable/posix/group2
|
||||
skip/osx
|
||||
skip/freebsd
|
||||
skip/docker
|
||||
needs/root
|
||||
destructive
|
1
test/integration/targets/luks_device/files/keyfile1
Normal file
1
test/integration/targets/luks_device/files/keyfile1
Normal file
|
@ -0,0 +1 @@
|
|||
asdf
|
1
test/integration/targets/luks_device/files/keyfile2
Normal file
1
test/integration/targets/luks_device/files/keyfile2
Normal file
|
@ -0,0 +1 @@
|
|||
test1234
|
33
test/integration/targets/luks_device/tasks/main.yml
Normal file
33
test/integration/targets/luks_device/tasks/main.yml
Normal file
|
@ -0,0 +1,33 @@
|
|||
---
|
||||
- name: Make sure cryptsetup is installed
|
||||
package:
|
||||
name: cryptsetup
|
||||
state: present
|
||||
become: yes
|
||||
- name: Create cryptfile
|
||||
command: dd if=/dev/zero of={{ output_dir.replace('~', ansible_env.HOME) }}/cryptfile bs=1M count=32
|
||||
- name: Create lookback device
|
||||
command: losetup -f {{ output_dir.replace('~', ansible_env.HOME) }}/cryptfile
|
||||
become: yes
|
||||
- name: Determine loop device name
|
||||
command: losetup -j {{ output_dir.replace('~', ansible_env.HOME) }}/cryptfile --output name
|
||||
become: yes
|
||||
register: cryptfile_device_output
|
||||
- set_fact:
|
||||
cryptfile_device: "{{ cryptfile_device_output.stdout_lines[1] }}"
|
||||
- block:
|
||||
- include_tasks: run-test.yml
|
||||
with_fileglob:
|
||||
- "tests/*.yml"
|
||||
always:
|
||||
- name: Make sure LUKS device is gone
|
||||
luks_device:
|
||||
device: "{{ cryptfile_device }}"
|
||||
state: absent
|
||||
become: yes
|
||||
ignore_errors: yes
|
||||
- command: losetup -d "{{ cryptfile_device }}"
|
||||
become: yes
|
||||
- file:
|
||||
dest: "{{ output_dir }}/cryptfile"
|
||||
state: absent
|
8
test/integration/targets/luks_device/tasks/run-test.yml
Normal file
8
test/integration/targets/luks_device/tasks/run-test.yml
Normal file
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
- name: Make sure LUKS device is gone
|
||||
luks_device:
|
||||
device: "{{ cryptfile_device }}"
|
||||
state: absent
|
||||
become: yes
|
||||
- name: "Loading tasks from {{ item }}"
|
||||
include_tasks: "{{ item }}"
|
|
@ -0,0 +1,187 @@
|
|||
---
|
||||
#- name: Create (check)
|
||||
# luks_device:
|
||||
# device: "{{ cryptfile_device }}"
|
||||
# state: present
|
||||
# keyfile: "{{ role_path }}/files/keyfile1"
|
||||
# check_mode: yes
|
||||
# become: yes
|
||||
# register: create_check
|
||||
- name: Create
|
||||
luks_device:
|
||||
device: "{{ cryptfile_device }}"
|
||||
state: present
|
||||
keyfile: "{{ role_path }}/files/keyfile1"
|
||||
become: yes
|
||||
register: create
|
||||
- name: Create (idempotent)
|
||||
luks_device:
|
||||
device: "{{ cryptfile_device }}"
|
||||
state: present
|
||||
keyfile: "{{ role_path }}/files/keyfile1"
|
||||
become: yes
|
||||
register: create_idem
|
||||
#- name: Create (idempotent, check)
|
||||
# luks_device:
|
||||
# device: "{{ cryptfile_device }}"
|
||||
# state: present
|
||||
# keyfile: "{{ role_path }}/files/keyfile1"
|
||||
# check_mode: yes
|
||||
# become: yes
|
||||
# register: create_idem_check
|
||||
- assert:
|
||||
that:
|
||||
#- create_check is changed
|
||||
- create is changed
|
||||
- create_idem is not changed
|
||||
#- create_idem_check is not changed
|
||||
|
||||
#- name: Open (check)
|
||||
# luks_device:
|
||||
# device: "{{ cryptfile_device }}"
|
||||
# state: opened
|
||||
# keyfile: "{{ role_path }}/files/keyfile1"
|
||||
# check_mode: yes
|
||||
# become: yes
|
||||
# register: open_check
|
||||
- name: Open
|
||||
luks_device:
|
||||
device: "{{ cryptfile_device }}"
|
||||
state: opened
|
||||
keyfile: "{{ role_path }}/files/keyfile1"
|
||||
become: yes
|
||||
register: open
|
||||
- name: Open (idempotent)
|
||||
luks_device:
|
||||
device: "{{ cryptfile_device }}"
|
||||
state: opened
|
||||
keyfile: "{{ role_path }}/files/keyfile1"
|
||||
become: yes
|
||||
register: open_idem
|
||||
#- name: Open (idempotent, check)
|
||||
# luks_device:
|
||||
# device: "{{ cryptfile_device }}"
|
||||
# state: opened
|
||||
# keyfile: "{{ role_path }}/files/keyfile1"
|
||||
# check_mode: yes
|
||||
# become: yes
|
||||
# register: open_idem_check
|
||||
- assert:
|
||||
that:
|
||||
#- open_check is changed
|
||||
- open is changed
|
||||
- open_idem is not changed
|
||||
#- open_idem_check is not changed
|
||||
|
||||
#- name: Closed (via name, check)
|
||||
# luks_device:
|
||||
# name: "{{ open.name }}"
|
||||
# state: closed
|
||||
# check_mode: yes
|
||||
# become: yes
|
||||
# register: close_check
|
||||
- name: Closed (via name)
|
||||
luks_device:
|
||||
name: "{{ open.name }}"
|
||||
state: closed
|
||||
become: yes
|
||||
register: close
|
||||
- name: Closed (via name, idempotent)
|
||||
luks_device:
|
||||
name: "{{ open.name }}"
|
||||
state: closed
|
||||
become: yes
|
||||
register: close_idem
|
||||
#- name: Closed (via name, idempotent, check)
|
||||
# luks_device:
|
||||
# name: "{{ open.name }}"
|
||||
# state: closed
|
||||
# check_mode: yes
|
||||
# become: yes
|
||||
# register: close_idem_check
|
||||
- assert:
|
||||
that:
|
||||
#- close_check is changed
|
||||
- close is changed
|
||||
- close_idem is not changed
|
||||
#- close_idem_check is not changed
|
||||
|
||||
- name: Re-open
|
||||
luks_device:
|
||||
device: "{{ cryptfile_device }}"
|
||||
state: opened
|
||||
keyfile: "{{ role_path }}/files/keyfile1"
|
||||
become: yes
|
||||
|
||||
#- name: Closed (via device, check)
|
||||
# luks_device:
|
||||
# device: "{{ cryptfile_device }}"
|
||||
# state: closed
|
||||
# check_mode: yes
|
||||
# become: yes
|
||||
# register: close_check
|
||||
- name: Closed (via device)
|
||||
luks_device:
|
||||
device: "{{ cryptfile_device }}"
|
||||
state: closed
|
||||
become: yes
|
||||
register: close
|
||||
- name: Closed (via device, idempotent)
|
||||
luks_device:
|
||||
device: "{{ cryptfile_device }}"
|
||||
state: closed
|
||||
become: yes
|
||||
register: close_idem
|
||||
#- name: Closed (via device, idempotent, check)
|
||||
# luks_device:
|
||||
# device: "{{ cryptfile_device }}"
|
||||
# state: closed
|
||||
# check_mode: yes
|
||||
# become: yes
|
||||
# register: close_idem_check
|
||||
- assert:
|
||||
that:
|
||||
#- close_check is changed
|
||||
- close is changed
|
||||
- close_idem is not changed
|
||||
#- close_idem_check is not changed
|
||||
|
||||
- name: Re-opened
|
||||
luks_device:
|
||||
device: "{{ cryptfile_device }}"
|
||||
state: opened
|
||||
keyfile: "{{ role_path }}/files/keyfile1"
|
||||
become: yes
|
||||
|
||||
#- name: Absent (check)
|
||||
# luks_device:
|
||||
# device: "{{ cryptfile_device }}"
|
||||
# state: absent
|
||||
# check_mode: yes
|
||||
# become: yes
|
||||
# register: absent_check
|
||||
- name: Absent
|
||||
luks_device:
|
||||
device: "{{ cryptfile_device }}"
|
||||
state: absent
|
||||
become: yes
|
||||
register: absent
|
||||
- name: Absent (idempotence)
|
||||
luks_device:
|
||||
device: "{{ cryptfile_device }}"
|
||||
state: absent
|
||||
become: yes
|
||||
register: absent_idem
|
||||
#- name: Absent (idempotence, check)
|
||||
# luks_device:
|
||||
# device: "{{ cryptfile_device }}"
|
||||
# state: absent
|
||||
# check_mode: yes
|
||||
# become: yes
|
||||
# register: absent_idem_check
|
||||
- assert:
|
||||
that:
|
||||
#- absent_check is changed
|
||||
- absent is changed
|
||||
- absent_idem is not changed
|
||||
#- absent_idem_check is not changed
|
|
@ -0,0 +1,123 @@
|
|||
---
|
||||
- name: Create with keyfile1
|
||||
luks_device:
|
||||
device: "{{ cryptfile_device }}"
|
||||
state: closed
|
||||
keyfile: "{{ role_path }}/files/keyfile1"
|
||||
become: yes
|
||||
|
||||
# Access: keyfile1
|
||||
|
||||
- name: Try to open with keyfile1
|
||||
luks_device:
|
||||
device: "{{ cryptfile_device }}"
|
||||
state: opened
|
||||
keyfile: "{{ role_path }}/files/keyfile1"
|
||||
become: yes
|
||||
ignore_errors: yes
|
||||
register: open_try
|
||||
- assert:
|
||||
that:
|
||||
- open_try is not failed
|
||||
- name: Close
|
||||
luks_device:
|
||||
device: "{{ cryptfile_device }}"
|
||||
state: closed
|
||||
|
||||
- name: Try to open with keyfile2
|
||||
luks_device:
|
||||
device: "{{ cryptfile_device }}"
|
||||
state: opened
|
||||
keyfile: "{{ role_path }}/files/keyfile2"
|
||||
become: yes
|
||||
ignore_errors: yes
|
||||
register: open_try
|
||||
- assert:
|
||||
that:
|
||||
- open_try is failed
|
||||
|
||||
- name: Give access to keyfile2
|
||||
luks_device:
|
||||
device: "{{ cryptfile_device }}"
|
||||
state: closed
|
||||
keyfile: "{{ role_path }}/files/keyfile1"
|
||||
new_keyfile: "{{ role_path }}/files/keyfile2"
|
||||
become: yes
|
||||
|
||||
# Access: keyfile1 and keyfile2
|
||||
|
||||
- name: Try to open with keyfile2
|
||||
luks_device:
|
||||
device: "{{ cryptfile_device }}"
|
||||
state: opened
|
||||
keyfile: "{{ role_path }}/files/keyfile2"
|
||||
become: yes
|
||||
ignore_errors: yes
|
||||
register: open_try
|
||||
- assert:
|
||||
that:
|
||||
- open_try is not failed
|
||||
- name: Close
|
||||
luks_device:
|
||||
device: "{{ cryptfile_device }}"
|
||||
state: closed
|
||||
|
||||
- name: Remove access from keyfile1
|
||||
luks_device:
|
||||
device: "{{ cryptfile_device }}"
|
||||
state: closed
|
||||
keyfile: "{{ role_path }}/files/keyfile1"
|
||||
remove_keyfile: "{{ role_path }}/files/keyfile1"
|
||||
become: yes
|
||||
|
||||
# Access: keyfile2
|
||||
|
||||
- name: Try to open with keyfile1
|
||||
luks_device:
|
||||
device: "{{ cryptfile_device }}"
|
||||
state: opened
|
||||
keyfile: "{{ role_path }}/files/keyfile1"
|
||||
become: yes
|
||||
ignore_errors: yes
|
||||
register: open_try
|
||||
- assert:
|
||||
that:
|
||||
- open_try is failed
|
||||
|
||||
- name: Try to open with keyfile2
|
||||
luks_device:
|
||||
device: "{{ cryptfile_device }}"
|
||||
state: opened
|
||||
keyfile: "{{ role_path }}/files/keyfile2"
|
||||
become: yes
|
||||
ignore_errors: yes
|
||||
register: open_try
|
||||
- assert:
|
||||
that:
|
||||
- open_try is not failed
|
||||
- name: Close
|
||||
luks_device:
|
||||
device: "{{ cryptfile_device }}"
|
||||
state: closed
|
||||
|
||||
- name: Remove access from keyfile2
|
||||
luks_device:
|
||||
device: "{{ cryptfile_device }}"
|
||||
state: closed
|
||||
keyfile: "{{ role_path }}/files/keyfile2"
|
||||
remove_keyfile: "{{ role_path }}/files/keyfile2"
|
||||
become: yes
|
||||
|
||||
# Access: none
|
||||
|
||||
- name: Try to open with keyfile2
|
||||
luks_device:
|
||||
device: "{{ cryptfile_device }}"
|
||||
state: opened
|
||||
keyfile: "{{ role_path }}/files/keyfile2"
|
||||
become: yes
|
||||
ignore_errors: yes
|
||||
register: open_try
|
||||
- assert:
|
||||
that:
|
||||
- open_try is failed
|
Loading…
Add table
Reference in a new issue