community.general/test/integration/targets/luks_device/tasks/tests/key-management.yml

---
- name: Create with keyfile1
  luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    keyfile: "{{ role_path }}/files/keyfile1"
  become: yes

# Access: keyfile1

- name: Try to open with keyfile1
  luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    keyfile: "{{ role_path }}/files/keyfile1"
  become: yes
  ignore_errors: yes
  register: open_try
- assert:
    that:
    - open_try is not failed
- name: Close
  luks_device:
    device: "{{ cryptfile_device }}"
    state: closed

- name: Try to open with keyfile2
  luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    keyfile: "{{ role_path }}/files/keyfile2"
  become: yes
  ignore_errors: yes
  register: open_try
- assert:
    that:
    - open_try is failed

- name: Give access to keyfile2
  luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    keyfile: "{{ role_path }}/files/keyfile1"
    new_keyfile: "{{ role_path }}/files/keyfile2"
  become: yes

# Access: keyfile1 and keyfile2

- name: Try to open with keyfile2
  luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    keyfile: "{{ role_path }}/files/keyfile2"
  become: yes
  ignore_errors: yes
  register: open_try
- assert:
    that:
    - open_try is not failed
- name: Close
  luks_device:
    device: "{{ cryptfile_device }}"
    state: closed

- name: Remove access from keyfile1
  luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    keyfile: "{{ role_path }}/files/keyfile1"
    remove_keyfile: "{{ role_path }}/files/keyfile1"
  become: yes

# Access: keyfile2

- name: Try to open with keyfile1
  luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    keyfile: "{{ role_path }}/files/keyfile1"
  become: yes
  ignore_errors: yes
  register: open_try
- assert:
    that:
    - open_try is failed

- name: Try to open with keyfile2
  luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    keyfile: "{{ role_path }}/files/keyfile2"
  become: yes
  ignore_errors: yes
  register: open_try
- assert:
    that:
    - open_try is not failed
- name: Close
  luks_device:
    device: "{{ cryptfile_device }}"
    state: closed

- name: Remove access from keyfile2
  luks_device:
    device: "{{ cryptfile_device }}"
    state: closed
    keyfile: "{{ role_path }}/files/keyfile2"
    remove_keyfile: "{{ role_path }}/files/keyfile2"
  become: yes

# Access: none

- name: Try to open with keyfile2
  luks_device:
    device: "{{ cryptfile_device }}"
    state: opened
    keyfile: "{{ role_path }}/files/keyfile2"
  become: yes
  ignore_errors: yes
  register: open_try
- assert:
    that:
    - open_try is failed
luks_device: add integration tests (#52359) * Add first version of luks_device tests. * Do ~ expansion manually. * Try to enable RHEL8. * Adjust to older losetup version. * Make sure cryptsetup is installed. 2019-02-18 17:16:57 +01:00			`---`
			`- name: Create with keyfile1`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: closed`
			`keyfile: "{{ role_path }}/files/keyfile1"`
			`become: yes`

			`# Access: keyfile1`

			`- name: Try to open with keyfile1`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: opened`
			`keyfile: "{{ role_path }}/files/keyfile1"`
			`become: yes`
			`ignore_errors: yes`
			`register: open_try`
			`- assert:`
			`that:`
			`- open_try is not failed`
			`- name: Close`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: closed`

			`- name: Try to open with keyfile2`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: opened`
			`keyfile: "{{ role_path }}/files/keyfile2"`
			`become: yes`
			`ignore_errors: yes`
			`register: open_try`
			`- assert:`
			`that:`
			`- open_try is failed`

			`- name: Give access to keyfile2`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: closed`
			`keyfile: "{{ role_path }}/files/keyfile1"`
			`new_keyfile: "{{ role_path }}/files/keyfile2"`
			`become: yes`

			`# Access: keyfile1 and keyfile2`

			`- name: Try to open with keyfile2`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: opened`
			`keyfile: "{{ role_path }}/files/keyfile2"`
			`become: yes`
			`ignore_errors: yes`
			`register: open_try`
			`- assert:`
			`that:`
			`- open_try is not failed`
			`- name: Close`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: closed`

			`- name: Remove access from keyfile1`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: closed`
			`keyfile: "{{ role_path }}/files/keyfile1"`
			`remove_keyfile: "{{ role_path }}/files/keyfile1"`
			`become: yes`

			`# Access: keyfile2`

			`- name: Try to open with keyfile1`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: opened`
			`keyfile: "{{ role_path }}/files/keyfile1"`
			`become: yes`
			`ignore_errors: yes`
			`register: open_try`
			`- assert:`
			`that:`
			`- open_try is failed`

			`- name: Try to open with keyfile2`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: opened`
			`keyfile: "{{ role_path }}/files/keyfile2"`
			`become: yes`
			`ignore_errors: yes`
			`register: open_try`
			`- assert:`
			`that:`
			`- open_try is not failed`
			`- name: Close`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: closed`

			`- name: Remove access from keyfile2`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: closed`
			`keyfile: "{{ role_path }}/files/keyfile2"`
			`remove_keyfile: "{{ role_path }}/files/keyfile2"`
			`become: yes`

			`# Access: none`

			`- name: Try to open with keyfile2`
			`luks_device:`
			`device: "{{ cryptfile_device }}"`
			`state: opened`
			`keyfile: "{{ role_path }}/files/keyfile2"`
			`become: yes`
			`ignore_errors: yes`
			`register: open_try`
			`- assert:`
			`that:`
			`- open_try is failed`