mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
6fae1d2bbf
I have from time to time a need of random password without wanting to write them down (one example is mailman list creation, that requires a password to be given to be sent to the list owner). But using /dev/null do not return null, but the empty string, which doesn't generate a password at all and so do not achieve my use case.
293 lines
7.3 KiB
YAML
293 lines
7.3 KiB
YAML
# test code for lookup plugins
|
|
# (c) 2014, James Tanner <tanner.jc@gmail.com>
|
|
|
|
# This file is part of Ansible
|
|
#
|
|
# Ansible is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# Ansible is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
# FILE LOOKUP
|
|
|
|
- name: make a new file to read
|
|
copy: dest={{output_dir}}/foo.txt mode=0644 content="bar"
|
|
|
|
- name: load the file as a fact
|
|
set_fact:
|
|
foo: "{{ lookup('file', output_dir + '/foo.txt' ) }}"
|
|
|
|
- debug: var=foo
|
|
|
|
- name: verify file lookup
|
|
assert:
|
|
that:
|
|
- "foo == 'bar'"
|
|
|
|
|
|
# PASSWORD LOOKUP
|
|
|
|
- name: remove previous password files and directory
|
|
file: dest={{item}} state=absent
|
|
with_items:
|
|
- "{{output_dir}}/lookup/password"
|
|
- "{{output_dir}}/lookup/password_with_salt"
|
|
- "{{output_dir}}/lookup"
|
|
|
|
- name: create a password file
|
|
set_fact:
|
|
newpass: "{{ lookup('password', output_dir + '/lookup/password length=8') }}"
|
|
|
|
- name: stat the password file directory
|
|
stat: path="{{output_dir}}/lookup"
|
|
register: result
|
|
|
|
- name: assert the directory's permissions
|
|
assert:
|
|
that:
|
|
- result.stat.mode == '0700'
|
|
|
|
- name: stat the password file
|
|
stat: path="{{output_dir}}/lookup/password"
|
|
register: result
|
|
|
|
- name: assert the directory's permissions
|
|
assert:
|
|
that:
|
|
- result.stat.mode == '0600'
|
|
|
|
- name: get password length
|
|
shell: wc -c {{output_dir}}/lookup/password | awk '{print $1}'
|
|
register: wc_result
|
|
|
|
- debug: var=wc_result.stdout
|
|
|
|
- name: read password
|
|
shell: cat {{output_dir}}/lookup/password
|
|
register: cat_result
|
|
|
|
- debug: var=cat_result.stdout
|
|
|
|
- name: verify password
|
|
assert:
|
|
that:
|
|
- "wc_result.stdout == '9'"
|
|
- "cat_result.stdout == newpass"
|
|
- "' salt=' not in cat_result.stdout"
|
|
|
|
- name: fetch password from an existing file
|
|
set_fact:
|
|
pass2: "{{ lookup('password', output_dir + '/lookup/password length=8') }}"
|
|
|
|
- name: read password (again)
|
|
shell: cat {{output_dir}}/lookup/password
|
|
register: cat_result2
|
|
|
|
- debug: var=cat_result2.stdout
|
|
|
|
- name: verify password (again)
|
|
assert:
|
|
that:
|
|
- "cat_result2.stdout == newpass"
|
|
- "' salt=' not in cat_result2.stdout"
|
|
|
|
|
|
|
|
- name: create a password (with salt) file
|
|
debug: msg={{ lookup('password', output_dir + '/lookup/password_with_salt encrypt=sha256_crypt') }}
|
|
|
|
- name: read password and salt
|
|
shell: cat {{output_dir}}/lookup/password_with_salt
|
|
register: cat_pass_salt
|
|
|
|
- debug: var=cat_pass_salt.stdout
|
|
|
|
- name: fetch unencrypted password
|
|
set_fact:
|
|
newpass: "{{ lookup('password', output_dir + '/lookup/password_with_salt') }}"
|
|
|
|
- debug: var=newpass
|
|
|
|
- name: verify password and salt
|
|
assert:
|
|
that:
|
|
- "cat_pass_salt.stdout != newpass"
|
|
- "cat_pass_salt.stdout.startswith(newpass)"
|
|
- "' salt=' in cat_pass_salt.stdout"
|
|
- "' salt=' not in newpass"
|
|
|
|
|
|
- name: fetch unencrypted password (using empty encrypt parameter)
|
|
set_fact:
|
|
newpass2: "{{ lookup('password', output_dir + '/lookup/password_with_salt encrypt=') }}"
|
|
|
|
- name: verify lookup password behavior
|
|
assert:
|
|
that:
|
|
- "newpass == newpass2"
|
|
|
|
- name: verify that we can generate a 1st password without writing it
|
|
set_fact:
|
|
newpass: "{{ lookup('password', '/dev/null') }}"
|
|
|
|
- name: verify that we can generate a 2nd password without writing it
|
|
set_fact:
|
|
newpass2: "{{ lookup('password', '/dev/null') }}"
|
|
|
|
- name: verify lookup password behavior with /dev/null
|
|
assert:
|
|
that:
|
|
- "newpass != newpass2"
|
|
|
|
# ENV LOOKUP
|
|
|
|
- name: get first environment var name
|
|
shell: env | fgrep -v '.' | head -n1 | cut -d\= -f1
|
|
register: known_var_name
|
|
|
|
- name: get first environment var value
|
|
shell: echo {{ '$' + known_var_name.stdout }}
|
|
register: known_var_value
|
|
|
|
- name: use env lookup to get known var
|
|
set_fact:
|
|
test_val: "{{ lookup('env', known_var_name.stdout) }}"
|
|
|
|
- debug: var=known_var_name.stdout
|
|
- debug: var=known_var_value.stdout
|
|
- debug: var=test_val
|
|
|
|
- name: compare values
|
|
assert:
|
|
that:
|
|
- "test_val == known_var_value.stdout"
|
|
|
|
|
|
# PIPE LOOKUP
|
|
|
|
# https://github.com/ansible/ansible/issues/6550
|
|
- name: confirm pipe lookup works with a single positional arg
|
|
debug: msg="{{ lookup('pipe', 'ls') }}"
|
|
|
|
|
|
# LOOKUP TEMPLATING
|
|
|
|
- name: use bare interpolation
|
|
debug: msg="got {{item}}"
|
|
with_items: "{{things1}}"
|
|
register: bare_var
|
|
|
|
- name: verify that list was interpolated
|
|
assert:
|
|
that:
|
|
- "bare_var.results[0].item == 1"
|
|
- "bare_var.results[1].item == 2"
|
|
|
|
- name: use list with bare strings in it
|
|
debug: msg={{item}}
|
|
with_items:
|
|
- things2
|
|
- things1
|
|
|
|
- name: use list with undefined var in it
|
|
debug: msg={{item}}
|
|
with_items: "{{things2}}"
|
|
ignore_errors: True
|
|
|
|
|
|
# BUG #10073 nested template handling
|
|
|
|
- name: set variable that clashes
|
|
set_fact:
|
|
LOGNAME: foobar
|
|
|
|
|
|
- name: get LOGNAME environment var value
|
|
shell: echo {{ '$LOGNAME' }}
|
|
register: known_var_value
|
|
|
|
- name: do the lookup for env LOGNAME
|
|
set_fact:
|
|
test_val: "{{ lookup('env', 'LOGNAME') }}"
|
|
|
|
- debug: var=test_val
|
|
|
|
- name: compare values
|
|
assert:
|
|
that:
|
|
- "test_val == known_var_value.stdout"
|
|
|
|
|
|
- name: set with_dict
|
|
shell: echo "{{ item.key + '=' + item.value }}"
|
|
with_dict: "{{ mydict }}"
|
|
|
|
# URL Lookups
|
|
|
|
- name: Test that retrieving a url works
|
|
set_fact:
|
|
web_data: "{{ lookup('url', 'https://gist.githubusercontent.com/abadger/9858c22712f62a8effff/raw/43dd47ea691c90a5fa7827892c70241913351963/test') }}"
|
|
|
|
- name: Assert that the url was retrieved
|
|
assert:
|
|
that:
|
|
- "'one' in web_data"
|
|
|
|
- name: Test that retrieving a url with invalid cert fails
|
|
set_fact:
|
|
web_data: "{{ lookup('url', 'https://{{ badssl_host }}/') }}"
|
|
ignore_errors: True
|
|
register: url_invalid_cert
|
|
|
|
- assert:
|
|
that:
|
|
- "url_invalid_cert.failed"
|
|
- "'Error validating the server' in url_invalid_cert.msg"
|
|
|
|
- name: Test that retrieving a url with invalid cert with validate_certs=False works
|
|
set_fact:
|
|
web_data: "{{ lookup('url', 'https://{{ badssl_host }}/', validate_certs=False) }}"
|
|
register: url_no_validate_cert
|
|
|
|
- assert:
|
|
that:
|
|
- "'{{ badssl_host_substring }}' in web_data"
|
|
|
|
- name: Test cartesian lookup
|
|
debug: var={{item}}
|
|
with_cartesian:
|
|
- ["A", "B", "C"]
|
|
- ["1", "2", "3"]
|
|
register: product
|
|
|
|
- name: Verify cartesian lookup
|
|
assert:
|
|
that:
|
|
- product.results[0]['item'] == ["A", "1"]
|
|
- product.results[1]['item'] == ["A", "2"]
|
|
- product.results[2]['item'] == ["A", "3"]
|
|
- product.results[3]['item'] == ["B", "1"]
|
|
- product.results[4]['item'] == ["B", "2"]
|
|
- product.results[5]['item'] == ["B", "3"]
|
|
- product.results[6]['item'] == ["C", "1"]
|
|
- product.results[7]['item'] == ["C", "2"]
|
|
- product.results[8]['item'] == ["C", "3"]
|
|
|
|
# Template lookups
|
|
|
|
# ref #18526
|
|
- name: Test that we have a proper jinja search path in template lookup
|
|
set_fact:
|
|
hello_world: "{{ lookup('template', 'hello.txt') }}"
|
|
|
|
- assert:
|
|
that:
|
|
- "hello_world|trim == 'Hello world!'"
|