caba47dd3f
* Add support for GSSAPI/Kerberos to urls.py * Test out changes with the latest test container * Get remote hosts working * Fix up httptester_krb5_password reader * Fix tests for opensuse and macOS * Hopefully last lot of testing changes * Dont do CBT on macOS * Fixes from review
60 lines
2.3 KiB
YAML
60 lines
2.3 KiB
YAML
- name: Skip explicit auth tests on FreeBSD as Heimdal there does not have gss_acquire_cred_with_password
|
|
when: ansible_facts.os_family != 'FreeBSD'
|
|
block:
|
|
- name: test Negotiate auth over HTTP with explicit credentials
|
|
get_url:
|
|
url: http://{{ httpbin_host }}/gssapi
|
|
dest: '{{ remote_tmp_dir }}/gssapi_explicit.txt'
|
|
use_gssapi: yes
|
|
url_username: '{{ krb5_username }}'
|
|
url_password: '{{ krb5_password }}'
|
|
register: http_explicit
|
|
|
|
- name: get result of test Negotiate auth over HTTP with explicit credentials
|
|
slurp:
|
|
path: '{{ remote_tmp_dir }}/gssapi_explicit.txt'
|
|
register: http_explicit_actual
|
|
|
|
- name: assert test Negotiate auth with implicit credentials
|
|
assert:
|
|
that:
|
|
- http_explicit.status_code == 200
|
|
- http_explicit_actual.content | b64decode | trim == 'Microsoft Rulz'
|
|
|
|
- name: FreeBSD - verify it fails with explicit credential
|
|
get_url:
|
|
url: http://{{ httpbin_host }}/gssapi
|
|
dest: '{{ remote_tmp_dir }}/gssapi_explicit.txt'
|
|
use_gssapi: yes
|
|
url_username: '{{ krb5_username }}'
|
|
url_password: '{{ krb5_password }}'
|
|
register: explicit_failure
|
|
when: ansible_facts.os_family == 'FreeBSD'
|
|
failed_when:
|
|
- '"Platform GSSAPI library does not support gss_acquire_cred_with_password, cannot acquire GSSAPI credential with explicit username and password" not in explicit_failure.msg'
|
|
|
|
- name: skip tests on macOS, I cannot seem to get it to read a credential from a custom ccache
|
|
when: ansible_facts.distribution != 'MacOSX'
|
|
block:
|
|
- name: get Kerberos ticket for implicit auth tests
|
|
httptester_kinit:
|
|
username: '{{ krb5_username }}'
|
|
password: '{{ krb5_password }}'
|
|
|
|
- name: test Negotiate auth over HTTPS with implicit credentials
|
|
get_url:
|
|
url: https://{{ httpbin_host }}/gssapi
|
|
dest: '{{ remote_tmp_dir }}/gssapi_implicit.txt'
|
|
use_gssapi: yes
|
|
register: https_implicit
|
|
|
|
- name: get result of test Negotiate auth over HTTPS with implicit credentials
|
|
slurp:
|
|
path: '{{ remote_tmp_dir }}/gssapi_implicit.txt'
|
|
register: https_implicit_actual
|
|
|
|
- name: assert test Negotiate auth with implicit credentials
|
|
assert:
|
|
that:
|
|
- https_implicit.status_code == 200
|
|
- https_implicit_actual.content | b64decode | trim == 'Microsoft Rulz'
|