mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-07-23 13:20:23 -07:00
add support for systemd creds encrypt/decrypt (#9383)
* add support for systemd creds encrypt/decrypt Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * add __metaclass__ Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * Python 2.7 issues Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * update version_added and ci test aliases Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * switch to container Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * run tests in docker as well Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * move tasks into tasks/ Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * no need to call echo Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * lint and add become: Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * dont append a newline Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * don't clean newlines Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * only use module name Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * clean Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * change msg to value Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * add return values Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * update attributes and description Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * Update plugins/modules/systemd_creds_decrypt.py Co-authored-by: Felix Fontein <felix@fontein.de> * set newline default Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * Update plugins/modules/systemd_creds_encrypt.py Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com> * Update plugins/modules/systemd_creds_encrypt.py Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com> * Update plugins/modules/systemd_creds_encrypt.py Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com> * update required and spelling Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * use single backslash Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> --------- Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
This commit is contained in:
parent
d887930e49
commit
482a90e8b4
7 changed files with 445 additions and 0 deletions
11
tests/integration/targets/systemd_creds_decrypt/aliases
Normal file
11
tests/integration/targets/systemd_creds_decrypt/aliases
Normal file
|
@ -0,0 +1,11 @@
|
|||
# Copyright (c) Ansible Project
|
||||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
needs/root
|
||||
|
||||
azp/posix/1
|
||||
skip/aix
|
||||
skip/freebsd
|
||||
skip/osx
|
||||
skip/macos
|
|
@ -0,0 +1,58 @@
|
|||
---
|
||||
# Copyright (c) Ansible Project
|
||||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- name: Test systemd_creds_decrypt
|
||||
when:
|
||||
- ansible_systemd.version is defined
|
||||
- ansible_systemd.version | int >= 250
|
||||
block:
|
||||
- name: Encrypt secret
|
||||
become: true
|
||||
systemd_creds_encrypt:
|
||||
name: api
|
||||
not_after: +48hr
|
||||
secret: access_token
|
||||
register: encrypted_api_secret
|
||||
|
||||
- name: Print the encrypted secret
|
||||
ansible.builtin.debug:
|
||||
msg: "{{ encrypted_api_secret }}"
|
||||
|
||||
- name: Decrypt secret
|
||||
community.general.systemd_creds_decrypt:
|
||||
name: api
|
||||
newline: false
|
||||
secret: "{{ encrypted_api_secret.value }}"
|
||||
register: decrypted_secret
|
||||
|
||||
- name: Print the decrypted secret
|
||||
ansible.builtin.debug:
|
||||
msg: "{{ decrypted_secret }}"
|
||||
|
||||
- name: Assert that the decrypted secret is the same as the original secret
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- decrypted_secret.value == 'access_token'
|
||||
fail_msg: "Decrypted secret is not the same as the original secret"
|
||||
success_msg: "Decrypted secret is the same as the original secret"
|
||||
|
||||
- name: Decrypt secret into hex
|
||||
community.general.systemd_creds_decrypt:
|
||||
name: api
|
||||
newline: false
|
||||
secret: "{{ encrypted_api_secret.value }}"
|
||||
transcode: hex
|
||||
register: decrypted_secret_hex
|
||||
|
||||
- name: Print the trancoded decrypted secret
|
||||
ansible.builtin.debug:
|
||||
msg: "{{ decrypted_secret_hex }}"
|
||||
|
||||
- name: Assert that the decrypted secret is the same as the original secret
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- decrypted_secret_hex.value == '6163636573735f746f6b656e'
|
||||
fail_msg: "Decrypted secret is not the same as the original secret"
|
||||
success_msg: "Decrypted secret is the same as the original secret"
|
11
tests/integration/targets/systemd_creds_encrypt/aliases
Normal file
11
tests/integration/targets/systemd_creds_encrypt/aliases
Normal file
|
@ -0,0 +1,11 @@
|
|||
# Copyright (c) Ansible Project
|
||||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
needs/root
|
||||
|
||||
azp/posix/1
|
||||
skip/aix
|
||||
skip/freebsd
|
||||
skip/osx
|
||||
skip/macos
|
|
@ -0,0 +1,55 @@
|
|||
---
|
||||
# Copyright (c) Ansible Project
|
||||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- name: Test systemd_creds_encrypt
|
||||
when:
|
||||
- ansible_systemd.version is defined
|
||||
- ansible_systemd.version | int >= 250
|
||||
block:
|
||||
- name: Encrypt secret
|
||||
become: true
|
||||
systemd_creds_encrypt:
|
||||
name: db
|
||||
not_after: +48hr
|
||||
secret: access_token
|
||||
register: encrypted_secret
|
||||
|
||||
- name: Assert encrypted secret output is base64 encoded
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- encrypted_secret.value | b64decode
|
||||
fail_msg: "Encrypted secret is not base64 encoded"
|
||||
success_msg: "Encrypted secret is base64 encoded"
|
||||
|
||||
- name: Print the encrypted secret
|
||||
ansible.builtin.debug:
|
||||
msg: "{{ encrypted_secret }}"
|
||||
|
||||
- name: Assert that SetCredentialEncrypted message is not in the output
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- '"SetCredentialEncrypted" not in encrypted_secret.value'
|
||||
fail_msg: "SetCredentialEncrypted is in the output"
|
||||
success_msg: "SetCredentialEncrypted is not in the output"
|
||||
|
||||
- name: Encrypt secret
|
||||
become: true
|
||||
community.general.systemd_creds_encrypt:
|
||||
name: web
|
||||
not_after: +5y
|
||||
pretty: true
|
||||
secret: token
|
||||
register: pretty_encrypted_secret
|
||||
|
||||
- name: Pretty print the encrypted secret
|
||||
ansible.builtin.debug:
|
||||
msg: "{{ pretty_encrypted_secret }}"
|
||||
|
||||
- name: Assert that SetCredentialEncrypted message is in the output
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- '"SetCredentialEncrypted=web: " in pretty_encrypted_secret.value'
|
||||
fail_msg: "SetCredentialEncrypted is not in the output"
|
||||
success_msg: "SetCredentialEncrypted is in the output"
|
Loading…
Add table
Add a link
Reference in a new issue