2acfa0e08c
* Elevate privileges for luks_device integration tests Several tests in `key-management.yml` don't `become` before executing, despite needing elevated privileges. This commit fixes that. * Add passphrase support for luks_device Previously, the luks_device module only worked with keyfiles. The implication was that the key had to be written to disk before the module could be used. This commit implements support for opening, adding and removing passphrases supplied as strings to the module. Closes #52408
41 lines
1.2 KiB
YAML
41 lines
1.2 KiB
YAML
---
|
|
- name: Create with keysize
|
|
luks_device:
|
|
device: "{{ cryptfile_device }}"
|
|
state: present
|
|
keyfile: "{{ role_path }}/files/keyfile1"
|
|
keysize: 256
|
|
become: yes
|
|
register: create_with_keysize
|
|
- name: Create with keysize (idempotent)
|
|
luks_device:
|
|
device: "{{ cryptfile_device }}"
|
|
state: present
|
|
keyfile: "{{ role_path }}/files/keyfile1"
|
|
keysize: 256
|
|
become: yes
|
|
register: create_idem_with_keysize
|
|
- name: Create with different keysize (idempotent since we do not update keysize)
|
|
luks_device:
|
|
device: "{{ cryptfile_device }}"
|
|
state: present
|
|
keyfile: "{{ role_path }}/files/keyfile1"
|
|
keysize: 512
|
|
become: yes
|
|
register: create_idem_with_diff_keysize
|
|
- name: Create with ambiguous arguments
|
|
luks_device:
|
|
device: "{{ cryptfile_device }}"
|
|
state: present
|
|
keyfile: "{{ role_path }}/files/keyfile1"
|
|
passphrase: "{{ cryptfile_passphrase1 }}"
|
|
ignore_errors: yes
|
|
become: yes
|
|
register: create_with_ambiguous
|
|
|
|
- assert:
|
|
that:
|
|
- create_with_keysize is changed
|
|
- create_idem_with_keysize is not changed
|
|
- create_idem_with_diff_keysize is not changed
|
|
- create_with_ambiguous is failed
|