diff options
| author | Adrian Likins <alikins@redhat.com> | 2017-08-01 18:07:33 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-08-01 18:07:33 -0400 |
| commit | 75a8be9a5d29b574638f3f6e4176882f1f324781 (patch) | |
| tree | 30b9d248006be99dbbc1591752a1df467d5f7c92 /test/integration/targets/vault | |
| parent | f19ed387a755c350b176a004f14a0f8fa5993470 (diff) | |
| download | ansible-75a8be9a5d29b574638f3f6e4176882f1f324781.tar.gz | |
Add back support for vault_password_file config var (#27597)
Got removed in arg parsing updates. Now added back in
setup_vault_secrets().
The default value for DEFAULT_VAULT_PASSWORD_FILE was also
set to '~' for some reason, change to to no default.
Add integration tests.
Diffstat (limited to 'test/integration/targets/vault')
| -rwxr-xr-x | test/integration/targets/vault/runme.sh | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/test/integration/targets/vault/runme.sh b/test/integration/targets/vault/runme.sh index e0a9984454..c5ce2764ae 100755 --- a/test/integration/targets/vault/runme.sh +++ b/test/integration/targets/vault/runme.sh @@ -87,6 +87,15 @@ echo "rc was $WRONG_RC (1 is expected)" # new 1.2 format, view, using password script with vault-id, ENFORCE_IDENTITY_MATCH=true, 'test_vault_id' provided should work ANSIBLE_VAULT_ID_MATCH=1 ansible-vault view "$@" --vault-id=test_vault_id@password-script.py format_1_2_AES256.yml +# test with a default vault password set via config/env, right password +ANSIBLE_VAULT_PASSWORD_FILE=vault-password ansible-vault view "$@" format_1_1_AES256.yml + +# test with a default vault password set via config/env, wrong password +ANSIBLE_VAULT_PASSWORD_FILE=vault-password-wrong ansible-vault view "$@" format_1_1_AES.yml && : +WRONG_RC=$? +echo "rc was $WRONG_RC (1 is expected)" +[ $WRONG_RC -eq 1 ] + # encrypt it ansible-vault encrypt "$@" --vault-password-file vault-password "${TEST_FILE}" @@ -214,6 +223,9 @@ ansible-playbook test_vault.yml -i ../../inventory -v "$@" --vault-pass ansible-playbook test_vault_embedded.yml -i ../../inventory -v "$@" --vault-password-file vault-password --vault-password-file vault-password-wrong --syntax-check ansible-playbook test_vault_embedded.yml -i ../../inventory -v "$@" --vault-password-file vault-password-wrong --vault-password-file vault-password +# test with a default vault password file set in config +ANSIBLE_VAULT_PASSWORD_FILE=vault-password ansible-playbook test_vault_embedded.yml -i ../../inventory -v "$@" --vault-password-file vault-password-wrong + # test that we can have a vault encrypted yaml file that includes embedded vault vars # that were encrypted with a different vault secret ansible-playbook test_vault_file_encrypted_embedded.yml -i ../../inventory "$@" --vault-id encrypted_file_encrypted_var_password --vault-id vault-password |