ec2_key: add a test for the force option (#32748)

* ec2_key: test force option * ec2_key: changes requested via review comments
2024-09-14 20:13:21 +02:00 · 2017-11-15 04:53:41 -08:00 · 2017-11-15 04:53:41 -08:00 · 239464f804
commit 239464f804
parent d5e247243f
2 changed files with 39 additions and 15 deletions
--- a/test/integration/targets/ec2_key/tasks/main.yml
+++ b/test/integration/targets/ec2_key/tasks/main.yml
@ -5,9 +5,6 @@
 #  - EC2_SECRET_KEY -> AWS_SECRET_ACCESS_KEY -> AWX_SECRET_KEY
 #  - EC2_REGION -> AWS_REGION
 #
-# TODO - name: test 'region' parameter
-# TODO - name: test 'state=absent' parameter for existing key
-# TODO - name: test 'state=absent' parameter for missing key
 # TODO - name: test 'validate_certs' parameter

 # ============================================================
@ -147,7 +144,7 @@
           - '"EC2ResponseError: 401 Unauthorized" in result.module_stderr'

    # ============================================================
-    - name: test state=absent with key_material
+    - name: test removing a non-existent keypair
      ec2_key:
        name='{{ec2_key_name}}'
        ec2_region={{ec2_region}}
@ -296,6 +293,25 @@
           - '"private_key" not in result.results[0].key'
           - 'result.results[0].key.fingerprint == "{{fingerprint}}"'

+    # ============================================================
+
+    - name: test force=no with another_key_material (expect changed=false)
+      ec2_key:
+        name: '{{ ec2_key_name }}'
+        ec2_region: '{{ ec2_region }}'
+        ec2_access_key: '{{ ec2_access_key }}'
+        ec2_secret_key: '{{ ec2_secret_key }}'
+        security_token: '{{ security_token }}'
+        key_material: '{{ another_key_material }}'
+        force: no
+      register: result
+
+    - name: assert force=no with another_key_material (expect changed=false)
+      assert:
+        that:
+          - 'not result.changed'
+          - 'result.key.fingerprint == "{{ fingerprint }}"'
+
    # ============================================================
    - name: test state=absent with key_material (expect changed=true)
      ec2_key:
--- a/test/integration/targets/setup_sshkey/tasks/main.yml
+++ b/test/integration/targets/setup_sshkey/tasks/main.yml
@ -15,33 +15,41 @@
 # You should have received a copy of the GNU General Public License
 # along with Ansible.  If not, see <http://www.gnu.org/licenses/>.

- name: create random file
-  shell: mktemp /tmp/id_rsa.XXXXXX
-  register: sshkey
+- name: create a temp file
+  tempfile:
+    state: file
+  register: sshkey_file
  tags:
    - prepare

 - name: generate sshkey
-  shell: echo 'y' | ssh-keygen -P '' -f {{sshkey.stdout}}
+  shell: echo 'y' | ssh-keygen -P '' -f {{ sshkey_file.path }}
  tags:
    - prepare

- name: record key_material
-  command: cat {{sshkey.stdout}}.pub
-  register: key_material
+- name: create another temp file
+  tempfile:
+    state: file
+  register: another_sshkey_file
+  tags:
+    - prepare
+
+- name: generate another_sshkey
+  shell: echo 'y' | ssh-keygen -P '' -f {{ another_sshkey_file.path }}
  tags:
    - prepare

 - name: record fingerprint
-  shell: openssl rsa -in {{sshkey.stdout}} -pubout -outform DER 2>/dev/null | openssl md5 -c
+  shell: openssl rsa -in {{ sshkey_file.path }} -pubout -outform DER 2>/dev/null | openssl md5 -c
  register: fingerprint
  tags:
    - prepare

 - name: set facts for future roles
  set_fact:
-    sshkey: '{{sshkey.stdout}}'
-    key_material: '{{key_material.stdout}}'
-    fingerprint: '{{fingerprint.stdout.split()[1]}}'
+    sshkey: '{{ sshkey_file.path }}'
+    key_material: "{{ lookup('file', sshkey_file.path ~ '.pub') }}"
+    another_key_material: "{{ lookup('file', another_sshkey_file.path ~ '.pub') }}"
+    fingerprint: '{{ fingerprint.stdout.split()[1] }}'
  tags:
    - prepare