summaryrefslogtreecommitdiff
path: root/test/integration/targets/incidental_lookup_hashi_vault/lookup_hashi_vault/tasks/token_test.yml
diff options
context:
space:
mode:
Diffstat (limited to 'test/integration/targets/incidental_lookup_hashi_vault/lookup_hashi_vault/tasks/token_test.yml')
-rw-r--r--test/integration/targets/incidental_lookup_hashi_vault/lookup_hashi_vault/tasks/token_test.yml58
1 files changed, 0 insertions, 58 deletions
diff --git a/test/integration/targets/incidental_lookup_hashi_vault/lookup_hashi_vault/tasks/token_test.yml b/test/integration/targets/incidental_lookup_hashi_vault/lookup_hashi_vault/tasks/token_test.yml
deleted file mode 100644
index 20c1af791e..0000000000
--- a/test/integration/targets/incidental_lookup_hashi_vault/lookup_hashi_vault/tasks/token_test.yml
+++ /dev/null
@@ -1,58 +0,0 @@
-- vars:
- user_token: '{{ user_token_cmd.stdout }}'
- block:
- - name: 'Fetch secrets using "hashi_vault" lookup'
- set_fact:
- gen_secret1: "{{ lookup('hashi_vault', conn_params ~ 'secret=' ~ vault_gen_path ~ '/secret1 auth_method=token token=' ~ user_token) }}"
- gen_secret2: "{{ lookup('hashi_vault', conn_params ~ 'secret=' ~ vault_gen_path ~ '/secret2 token=' ~ user_token) }}"
- kv1_secret1: "{{ lookup('hashi_vault', conn_params ~ 'secret=' ~ vault_kv1_path ~ '/secret1 auth_method=token token=' ~ user_token) }}"
- kv1_secret2: "{{ lookup('hashi_vault', conn_params ~ 'secret=' ~ vault_kv1_path ~ '/secret2 token=' ~ user_token) }}"
- kv2_secret1: "{{ lookup('hashi_vault', conn_params ~ 'secret=' ~ vault_kv2_path ~ '/secret1 auth_method=token token=' ~ user_token) }}"
- kv2_secret2: "{{ lookup('hashi_vault', conn_params ~ 'secret=' ~ vault_kv2_path ~ '/secret2 token=' ~ user_token) }}"
-
- - name: 'Check secret generic values'
- fail:
- msg: 'unexpected secret values'
- when: gen_secret1['value'] != 'foo1' or gen_secret2['value'] != 'foo2'
-
- - name: 'Check secret kv1 values'
- fail:
- msg: 'unexpected secret values'
- when: kv1_secret1['value'] != 'foo1' or kv1_secret2['value'] != 'foo2'
-
- - name: 'Check secret kv2 values'
- fail:
- msg: 'unexpected secret values'
- when: kv2_secret1['value'] != 'foo1' or kv2_secret2['value'] != 'foo2'
-
- - name: 'Failure expected when erroneous credentials are used'
- vars:
- secret_wrong_cred: "{{ lookup('hashi_vault', conn_params ~ 'secret=' ~ vault_kv2_path ~ '/secret2 auth_method=token token=wrong_token') }}"
- debug:
- msg: 'Failure is expected ({{ secret_wrong_cred }})'
- register: test_wrong_cred
- ignore_errors: true
-
- - name: 'Failure expected when unauthorized secret is read'
- vars:
- secret_unauthorized: "{{ lookup('hashi_vault', conn_params ~ 'secret=' ~ vault_kv2_path ~ '/secret3 token=' ~ user_token) }}"
- debug:
- msg: 'Failure is expected ({{ secret_unauthorized }})'
- register: test_unauthorized
- ignore_errors: true
-
- - name: 'Failure expected when inexistent secret is read'
- vars:
- secret_inexistent: "{{ lookup('hashi_vault', conn_params ~ 'secret=' ~ vault_kv2_path ~ '/secret4 token=' ~ user_token) }}"
- debug:
- msg: 'Failure is expected ({{ secret_inexistent }})'
- register: test_inexistent
- ignore_errors: true
-
- - name: 'Check expected failures'
- assert:
- msg: "an expected failure didn't occur"
- that:
- - test_wrong_cred is failed
- - test_unauthorized is failed
- - test_inexistent is failed
View Lorry Controller Status