diff options
Diffstat (limited to 'test/integration/targets/incidental_lookup_hashi_vault/lookup_hashi_vault/tasks/token_test.yml')
-rw-r--r-- | test/integration/targets/incidental_lookup_hashi_vault/lookup_hashi_vault/tasks/token_test.yml | 58 |
1 files changed, 0 insertions, 58 deletions
diff --git a/test/integration/targets/incidental_lookup_hashi_vault/lookup_hashi_vault/tasks/token_test.yml b/test/integration/targets/incidental_lookup_hashi_vault/lookup_hashi_vault/tasks/token_test.yml deleted file mode 100644 index 20c1af791e..0000000000 --- a/test/integration/targets/incidental_lookup_hashi_vault/lookup_hashi_vault/tasks/token_test.yml +++ /dev/null @@ -1,58 +0,0 @@ -- vars: - user_token: '{{ user_token_cmd.stdout }}' - block: - - name: 'Fetch secrets using "hashi_vault" lookup' - set_fact: - gen_secret1: "{{ lookup('hashi_vault', conn_params ~ 'secret=' ~ vault_gen_path ~ '/secret1 auth_method=token token=' ~ user_token) }}" - gen_secret2: "{{ lookup('hashi_vault', conn_params ~ 'secret=' ~ vault_gen_path ~ '/secret2 token=' ~ user_token) }}" - kv1_secret1: "{{ lookup('hashi_vault', conn_params ~ 'secret=' ~ vault_kv1_path ~ '/secret1 auth_method=token token=' ~ user_token) }}" - kv1_secret2: "{{ lookup('hashi_vault', conn_params ~ 'secret=' ~ vault_kv1_path ~ '/secret2 token=' ~ user_token) }}" - kv2_secret1: "{{ lookup('hashi_vault', conn_params ~ 'secret=' ~ vault_kv2_path ~ '/secret1 auth_method=token token=' ~ user_token) }}" - kv2_secret2: "{{ lookup('hashi_vault', conn_params ~ 'secret=' ~ vault_kv2_path ~ '/secret2 token=' ~ user_token) }}" - - - name: 'Check secret generic values' - fail: - msg: 'unexpected secret values' - when: gen_secret1['value'] != 'foo1' or gen_secret2['value'] != 'foo2' - - - name: 'Check secret kv1 values' - fail: - msg: 'unexpected secret values' - when: kv1_secret1['value'] != 'foo1' or kv1_secret2['value'] != 'foo2' - - - name: 'Check secret kv2 values' - fail: - msg: 'unexpected secret values' - when: kv2_secret1['value'] != 'foo1' or kv2_secret2['value'] != 'foo2' - - - name: 'Failure expected when erroneous credentials are used' - vars: - secret_wrong_cred: "{{ lookup('hashi_vault', conn_params ~ 'secret=' ~ vault_kv2_path ~ '/secret2 auth_method=token token=wrong_token') }}" - debug: - msg: 'Failure is expected ({{ secret_wrong_cred }})' - register: test_wrong_cred - ignore_errors: true - - - name: 'Failure expected when unauthorized secret is read' - vars: - secret_unauthorized: "{{ lookup('hashi_vault', conn_params ~ 'secret=' ~ vault_kv2_path ~ '/secret3 token=' ~ user_token) }}" - debug: - msg: 'Failure is expected ({{ secret_unauthorized }})' - register: test_unauthorized - ignore_errors: true - - - name: 'Failure expected when inexistent secret is read' - vars: - secret_inexistent: "{{ lookup('hashi_vault', conn_params ~ 'secret=' ~ vault_kv2_path ~ '/secret4 token=' ~ user_token) }}" - debug: - msg: 'Failure is expected ({{ secret_inexistent }})' - register: test_inexistent - ignore_errors: true - - - name: 'Check expected failures' - assert: - msg: "an expected failure didn't occur" - that: - - test_wrong_cred is failed - - test_unauthorized is failed - - test_inexistent is failed |