luks_device: add integration tests (#52359)

* Add first version of luks_device tests.

* Do ~ expansion manually.

* Try to enable RHEL8.

* Adjust to older losetup version.

* Make sure cryptsetup is installed.
This commit is contained in:
Felix Fontein 2019-02-18 17:16:57 +01:00 committed by Dag Wieers
parent f67f391730
commit 5b28cd65f0
7 changed files with 359 additions and 0 deletions

View file

@ -0,0 +1,6 @@
shippable/posix/group2
skip/osx
skip/freebsd
skip/docker
needs/root
destructive

View file

@ -0,0 +1 @@
asdf

View file

@ -0,0 +1 @@
test1234

View file

@ -0,0 +1,33 @@
---
- name: Make sure cryptsetup is installed
package:
name: cryptsetup
state: present
become: yes
- name: Create cryptfile
command: dd if=/dev/zero of={{ output_dir.replace('~', ansible_env.HOME) }}/cryptfile bs=1M count=32
- name: Create lookback device
command: losetup -f {{ output_dir.replace('~', ansible_env.HOME) }}/cryptfile
become: yes
- name: Determine loop device name
command: losetup -j {{ output_dir.replace('~', ansible_env.HOME) }}/cryptfile --output name
become: yes
register: cryptfile_device_output
- set_fact:
cryptfile_device: "{{ cryptfile_device_output.stdout_lines[1] }}"
- block:
- include_tasks: run-test.yml
with_fileglob:
- "tests/*.yml"
always:
- name: Make sure LUKS device is gone
luks_device:
device: "{{ cryptfile_device }}"
state: absent
become: yes
ignore_errors: yes
- command: losetup -d "{{ cryptfile_device }}"
become: yes
- file:
dest: "{{ output_dir }}/cryptfile"
state: absent

View file

@ -0,0 +1,8 @@
---
- name: Make sure LUKS device is gone
luks_device:
device: "{{ cryptfile_device }}"
state: absent
become: yes
- name: "Loading tasks from {{ item }}"
include_tasks: "{{ item }}"

View file

@ -0,0 +1,187 @@
---
#- name: Create (check)
# luks_device:
# device: "{{ cryptfile_device }}"
# state: present
# keyfile: "{{ role_path }}/files/keyfile1"
# check_mode: yes
# become: yes
# register: create_check
- name: Create
luks_device:
device: "{{ cryptfile_device }}"
state: present
keyfile: "{{ role_path }}/files/keyfile1"
become: yes
register: create
- name: Create (idempotent)
luks_device:
device: "{{ cryptfile_device }}"
state: present
keyfile: "{{ role_path }}/files/keyfile1"
become: yes
register: create_idem
#- name: Create (idempotent, check)
# luks_device:
# device: "{{ cryptfile_device }}"
# state: present
# keyfile: "{{ role_path }}/files/keyfile1"
# check_mode: yes
# become: yes
# register: create_idem_check
- assert:
that:
#- create_check is changed
- create is changed
- create_idem is not changed
#- create_idem_check is not changed
#- name: Open (check)
# luks_device:
# device: "{{ cryptfile_device }}"
# state: opened
# keyfile: "{{ role_path }}/files/keyfile1"
# check_mode: yes
# become: yes
# register: open_check
- name: Open
luks_device:
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ role_path }}/files/keyfile1"
become: yes
register: open
- name: Open (idempotent)
luks_device:
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ role_path }}/files/keyfile1"
become: yes
register: open_idem
#- name: Open (idempotent, check)
# luks_device:
# device: "{{ cryptfile_device }}"
# state: opened
# keyfile: "{{ role_path }}/files/keyfile1"
# check_mode: yes
# become: yes
# register: open_idem_check
- assert:
that:
#- open_check is changed
- open is changed
- open_idem is not changed
#- open_idem_check is not changed
#- name: Closed (via name, check)
# luks_device:
# name: "{{ open.name }}"
# state: closed
# check_mode: yes
# become: yes
# register: close_check
- name: Closed (via name)
luks_device:
name: "{{ open.name }}"
state: closed
become: yes
register: close
- name: Closed (via name, idempotent)
luks_device:
name: "{{ open.name }}"
state: closed
become: yes
register: close_idem
#- name: Closed (via name, idempotent, check)
# luks_device:
# name: "{{ open.name }}"
# state: closed
# check_mode: yes
# become: yes
# register: close_idem_check
- assert:
that:
#- close_check is changed
- close is changed
- close_idem is not changed
#- close_idem_check is not changed
- name: Re-open
luks_device:
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ role_path }}/files/keyfile1"
become: yes
#- name: Closed (via device, check)
# luks_device:
# device: "{{ cryptfile_device }}"
# state: closed
# check_mode: yes
# become: yes
# register: close_check
- name: Closed (via device)
luks_device:
device: "{{ cryptfile_device }}"
state: closed
become: yes
register: close
- name: Closed (via device, idempotent)
luks_device:
device: "{{ cryptfile_device }}"
state: closed
become: yes
register: close_idem
#- name: Closed (via device, idempotent, check)
# luks_device:
# device: "{{ cryptfile_device }}"
# state: closed
# check_mode: yes
# become: yes
# register: close_idem_check
- assert:
that:
#- close_check is changed
- close is changed
- close_idem is not changed
#- close_idem_check is not changed
- name: Re-opened
luks_device:
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ role_path }}/files/keyfile1"
become: yes
#- name: Absent (check)
# luks_device:
# device: "{{ cryptfile_device }}"
# state: absent
# check_mode: yes
# become: yes
# register: absent_check
- name: Absent
luks_device:
device: "{{ cryptfile_device }}"
state: absent
become: yes
register: absent
- name: Absent (idempotence)
luks_device:
device: "{{ cryptfile_device }}"
state: absent
become: yes
register: absent_idem
#- name: Absent (idempotence, check)
# luks_device:
# device: "{{ cryptfile_device }}"
# state: absent
# check_mode: yes
# become: yes
# register: absent_idem_check
- assert:
that:
#- absent_check is changed
- absent is changed
- absent_idem is not changed
#- absent_idem_check is not changed

View file

@ -0,0 +1,123 @@
---
- name: Create with keyfile1
luks_device:
device: "{{ cryptfile_device }}"
state: closed
keyfile: "{{ role_path }}/files/keyfile1"
become: yes
# Access: keyfile1
- name: Try to open with keyfile1
luks_device:
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ role_path }}/files/keyfile1"
become: yes
ignore_errors: yes
register: open_try
- assert:
that:
- open_try is not failed
- name: Close
luks_device:
device: "{{ cryptfile_device }}"
state: closed
- name: Try to open with keyfile2
luks_device:
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ role_path }}/files/keyfile2"
become: yes
ignore_errors: yes
register: open_try
- assert:
that:
- open_try is failed
- name: Give access to keyfile2
luks_device:
device: "{{ cryptfile_device }}"
state: closed
keyfile: "{{ role_path }}/files/keyfile1"
new_keyfile: "{{ role_path }}/files/keyfile2"
become: yes
# Access: keyfile1 and keyfile2
- name: Try to open with keyfile2
luks_device:
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ role_path }}/files/keyfile2"
become: yes
ignore_errors: yes
register: open_try
- assert:
that:
- open_try is not failed
- name: Close
luks_device:
device: "{{ cryptfile_device }}"
state: closed
- name: Remove access from keyfile1
luks_device:
device: "{{ cryptfile_device }}"
state: closed
keyfile: "{{ role_path }}/files/keyfile1"
remove_keyfile: "{{ role_path }}/files/keyfile1"
become: yes
# Access: keyfile2
- name: Try to open with keyfile1
luks_device:
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ role_path }}/files/keyfile1"
become: yes
ignore_errors: yes
register: open_try
- assert:
that:
- open_try is failed
- name: Try to open with keyfile2
luks_device:
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ role_path }}/files/keyfile2"
become: yes
ignore_errors: yes
register: open_try
- assert:
that:
- open_try is not failed
- name: Close
luks_device:
device: "{{ cryptfile_device }}"
state: closed
- name: Remove access from keyfile2
luks_device:
device: "{{ cryptfile_device }}"
state: closed
keyfile: "{{ role_path }}/files/keyfile2"
remove_keyfile: "{{ role_path }}/files/keyfile2"
become: yes
# Access: none
- name: Try to open with keyfile2
luks_device:
device: "{{ cryptfile_device }}"
state: opened
keyfile: "{{ role_path }}/files/keyfile2"
become: yes
ignore_errors: yes
register: open_try
- assert:
that:
- open_try is failed