-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
updated the lookup plugin and tests to support certificate content
- Loading branch information
1 parent
552b6d9
commit 9e4ffe2
Showing
33 changed files
with
688 additions
and
33 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 change: 1 addition & 0 deletions
1
tests/conjur_variable/test_cases/retrieve-variable-bad-cert-content/env
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
export CONJUR_CERT_CONTENT="MIBIADERGYHHFV5ANBgkqhkiG9w0BAQEFAAerdfhBCgKCAQEA..." |
22 changes: 22 additions & 0 deletions
22
tests/conjur_variable/test_cases/retrieve-variable-bad-cert-content/playbook.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
--- | ||
- name: Retrieve Conjur variable fails with bad cert content | ||
hosts: localhost | ||
connection: local | ||
tasks: | ||
- name: Clean artifact path | ||
file: | ||
state: absent | ||
path: /conjur_secrets.txt | ||
|
||
- name: Determine lookup path based on CONJUR flavour | ||
set_fact: | ||
lookup_path: >- | ||
{{ | ||
'data/ansible' if lookup('env', 'IS_CLOUD') | bool else 'ansible' | ||
}} | ||
- name: Retrieve Conjur variable with bad cert content | ||
vars: | ||
super_secret_key: "{{ lookup('conjur_variable', lookup_path + '/test-secret') }}" | ||
shell: echo "{{super_secret_key}}" > /conjur_secrets.txt | ||
ignore_errors: True |
12 changes: 12 additions & 0 deletions
12
tests/conjur_variable/test_cases/retrieve-variable-bad-cert-content/tests/test_default.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
from __future__ import (absolute_import, division, print_function) | ||
__metaclass__ = type | ||
|
||
import os | ||
|
||
testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible-1'] | ||
|
||
|
||
def test_retrieval_failed(host): | ||
secrets_file = host.file('/conjur_secrets.txt') | ||
|
||
assert not secrets_file.exists |
1 change: 1 addition & 0 deletions
1
tests/conjur_variable/test_cases/retrieve-variable-no-cert-provided/env
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,2 @@ | ||
export CONJUR_CERT_FILE="" | ||
export CONJUR_CERT_CONTENT="" |
1 change: 1 addition & 0 deletions
1
tests/conjur_variable/test_cases/retrieve-variable-with-CR-normalization/env
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
export CONJUR_CERT_CONTENT=$(cat /cyberark/dev/conjur.pem | sed 's/$/\r/') |
21 changes: 21 additions & 0 deletions
21
tests/conjur_variable/test_cases/retrieve-variable-with-CR-normalization/playbook.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
--- | ||
- name: Retrieve Conjur variable | ||
hosts: localhost | ||
connection: local | ||
tasks: | ||
- name: Clean artifact path | ||
file: | ||
state: absent | ||
path: /conjur_secrets.txt | ||
|
||
- name: Determine lookup path based on CONJUR flavour | ||
set_fact: | ||
lookup_path: >- | ||
{{ | ||
'data/ansible' if lookup('env', 'IS_CLOUD') | bool else 'ansible' | ||
}} | ||
- name: Retrieve Conjur variable | ||
vars: | ||
super_secret_key: "{{ lookup('conjur_variable', lookup_path + '/test-secret') }}" | ||
shell: echo "{{super_secret_key}}" > /conjur_secrets.txt |
17 changes: 17 additions & 0 deletions
17
.../conjur_variable/test_cases/retrieve-variable-with-CR-normalization/tests/test_default.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
from __future__ import (absolute_import, division, print_function) | ||
__metaclass__ = type | ||
|
||
import os | ||
|
||
|
||
testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible-1'] | ||
|
||
|
||
def test_retrieved_secret(host): | ||
secrets_file = host.file('/conjur_secrets.txt') | ||
|
||
assert secrets_file.exists | ||
|
||
result = host.check_output("cat /conjur_secrets.txt", shell=True) | ||
|
||
assert result == "test_secret_password" |
1 change: 1 addition & 0 deletions
1
tests/conjur_variable/test_cases/retrieve-variable-with-CRLF-normalization/env
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
export CONJUR_CERT_CONTENT=$(cat /cyberark/dev/conjur.pem | sed 's/$/\r\n/') |
21 changes: 21 additions & 0 deletions
21
tests/conjur_variable/test_cases/retrieve-variable-with-CRLF-normalization/playbook.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
--- | ||
- name: Retrieve Conjur variable | ||
hosts: localhost | ||
connection: local | ||
tasks: | ||
- name: Clean artifact path | ||
file: | ||
state: absent | ||
path: /conjur_secrets.txt | ||
|
||
- name: Determine lookup path based on CONJUR flavour | ||
set_fact: | ||
lookup_path: >- | ||
{{ | ||
'data/ansible' if lookup('env', 'IS_CLOUD') | bool else 'ansible' | ||
}} | ||
- name: Retrieve Conjur variable | ||
vars: | ||
super_secret_key: "{{ lookup('conjur_variable', lookup_path + '/test-secret') }}" | ||
shell: echo "{{super_secret_key}}" > /conjur_secrets.txt |
17 changes: 17 additions & 0 deletions
17
...onjur_variable/test_cases/retrieve-variable-with-CRLF-normalization/tests/test_default.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
from __future__ import (absolute_import, division, print_function) | ||
__metaclass__ = type | ||
|
||
import os | ||
|
||
|
||
testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible-1'] | ||
|
||
|
||
def test_retrieved_secret(host): | ||
secrets_file = host.file('/conjur_secrets.txt') | ||
|
||
assert secrets_file.exists | ||
|
||
result = host.check_output("cat /conjur_secrets.txt", shell=True) | ||
|
||
assert result == "test_secret_password" |
4 changes: 4 additions & 0 deletions
4
tests/conjur_variable/test_cases/retrieve-variable-with-authn-token-bad-cert-content/env
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
unset CONJUR_AUTHN_API_KEY | ||
unset CONJUR_AUTHN_LOGIN | ||
export CONJUR_AUTHN_TOKEN_FILE=/cyberark/dev/access_token | ||
export CONJUR_CERT_CONTENT="MIBIADERGYHHFV5ANBgkqhkiG9w0BAQEFAAerdfhBCgKCAQEA..." |
Oops, something went wrong.