Initial commit

tests/integration/targets/lookup_passwordstore/tasks/main.yml

@@ -0,0 +1,7 @@
+- block:
+    - include_tasks: package.yml
+    - include_tasks: tests.yml
+  when:
+    # The pass package is no longer available in EPEL, so only test on Fedora, OpenSUSE, FreeBSD, macOS, and Ubuntu
+    # https://lists.zx2c4.com/pipermail/password-store/2019-July/003689.html
+    - ansible_facts.distribution in ['FreeBSD', 'MacOSX', 'openSUSE Leap', 'Ubuntu']

tests/integration/targets/lookup_passwordstore/tasks/package.yml

@@ -0,0 +1,58 @@
+- name: Include distribution specific variables
+  include_vars: "{{ lookup('first_found', params) }}"
+  vars:
+    params:
+      files:
+        - "{{ ansible_facts.distribution }}.yml"
+        - "{{ ansible_facts.os_family }}.yml"
+        - default.yml
+      paths:
+        - "{{ role_path }}/vars"
+
+- name: Install package
+  action: "{{ ansible_facts.pkg_mgr }}"
+  args:
+    name: "{{ passwordstore_packages }}"
+    state: present
+  when: ansible_facts.pkg_mgr in ['apt', 'dnf', 'yum', 'pkgng']
+
+- block:
+  # OpenSUSE Leap>=15.0 don't include password-store in main repo
+  - name: SUSE | Add security:privacy repo
+    template:
+      src: security-privacy.repo.j2
+      dest: /etc/zypp/repos.d/security:privacy.repo
+
+  - name: SUSE | Install package
+    package:
+      name: password-store
+      state: present
+      update_cache: yes
+      disable_gpg_check: yes
+  when: ansible_pkg_mgr == 'zypper'
+
+- name: Install on macOS
+  when: ansible_facts.distribution == 'MacOSX'
+  block:
+    - name: MACOS | Find brew binary
+      command: which brew
+      register: brew_which
+
+    - name: MACOS | Get owner of brew binary
+      stat:
+        path: "{{ brew_which.stdout }}"
+      register: brew_stat
+
+    - name: MACOS | Install package
+      homebrew:
+        name:
+          - gnupg2
+          - pass
+        state: present
+        update_homebrew: no
+      become: yes
+      become_user: "{{ brew_stat.stat.pw_name }}"
+      # Newer versions of brew want to compile a package which takes a long time. Do not upgrade homebrew until a
+      # proper solution can be found
+      environment:
+        HOMEBREW_NO_AUTO_UPDATE: True

tests/integration/targets/lookup_passwordstore/tasks/tests.yml

@@ -0,0 +1,49 @@
+- name: Check name of gpg2 binary
+  command: which gpg2
+  register: gpg2_check
+  ignore_errors: true
+
+- name: Set gpg2 binary name
+  set_fact:
+    gpg2_bin: '{{ "gpg2" if gpg2_check is successful else "gpg" }}'
+
+- name: Stop gpg-agent so we can remove any locks on the GnuPG dir
+  command: gpgconf --kill gpg-agent
+  ignore_errors: yes
+
+- name: Remove previous password files and directory
+  file:
+    dest: "{{ item }}"
+    state: absent
+  loop:
+    - "~/.gnupg"
+    - "~/.password-store"
+
+# How to generate a new GPG key:
+#   gpg2 --batch --gen-key input  # See templates/input
+#   gpg2 --list-secret-keys --keyid-format LONG
+#   gpg2 --armor --export-secret-keys [key id]
+#   # Get the fingerprint
+#   gpg2 --fingerprint --keyid-format LONG | grep [key id] -A 1 | tail -1 | tr -d '[:space:]' | awk -F '=' '{print $2":6:"}'
+
+- name: Import GPG private key
+  shell: echo "{{ passwordstore_privkey }}" | {{ gpg2_bin }} --import --allow-secret-key-import -
+
+- name: Trust  key
+  shell: echo "D3E1CC8934E97270CEB066023AF1BD3619AB496A:6:" | {{ gpg2_bin }} --import-ownertrust
+
+- name: Initialise passwordstore
+  command: pass init ansible-test
+
+- name: Create a password
+  set_fact:
+    newpass: "{{ lookup('passwordstore', 'test-pass length=8 create=yes') }}"
+
+- name: Fetch password from an existing file
+  set_fact:
+    readpass: "{{ lookup('passwordstore', 'test-pass') }}"
+
+- name: Verify password
+  assert:
+    that:
+      - readpass == newpass