diff options
| author | Adrian Likins <alikins@redhat.com> | 2017-08-28 16:13:14 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-08-28 16:13:14 +0200 |
| commit | 1f962bd937ddc687562648bdc88d79ee882e6aaf (patch) | |
| tree | 3aaa5609c446778ebe2a246c7cb007167e686419 /test/integration/targets/vault | |
| parent | [cloud] Add DBName to RDS Facts if it exists (#27121) (diff) | |
| download | ansible-1f962bd937ddc687562648bdc88d79ee882e6aaf.tar.xz ansible-1f962bd937ddc687562648bdc88d79ee882e6aaf.zip | |
Fix config value type for VAULT_IDENTITY_LIST (#28678)
Was using the 'value_type' key, but didn't get updated
to the new 'type' key in merge.
Fix playbooks cli so it uses VAULT_IDENTITY_LIST as well.
Diffstat (limited to 'test/integration/targets/vault')
| -rwxr-xr-x | test/integration/targets/vault/runme.sh | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/test/integration/targets/vault/runme.sh b/test/integration/targets/vault/runme.sh index 24a98936e8..2d4db75267 100755 --- a/test/integration/targets/vault/runme.sh +++ b/test/integration/targets/vault/runme.sh @@ -15,6 +15,7 @@ echo "This is a test file for format 1.2" > "${TEST_FILE_1_2}" TEST_FILE_OUTPUT="${MYTMPDIR}/test_file_output" + # old format ansible-vault view "$@" --vault-password-file vault-password-ansible format_1_0_AES.yml @@ -64,6 +65,9 @@ ansible-vault view "$@" --vault-password-file password-script.py format_1_2_AES2 # new 1.2 format, view, using password script with vault-id ansible-vault view "$@" --vault-id password-script.py format_1_2_AES256.yml +# newish 1.1 format, view, using a vault-id list from config env var +ANSIBLE_VAULT_IDENTITY_LIST='wrong-password@vault-password-wrong,default@vault-password' ansible-vault view "$@" --vault-id password-script.py format_1_1_AES256.yml + # new 1.2 format, view, ENFORCE_IDENTITY_MATCH=true, should fail, no 'test_vault_id' vault_id ANSIBLE_VAULT_ID_MATCH=1 ansible-vault view "$@" --vault-password-file vault-password format_1_2_AES256.yml && : WRONG_RC=$? @@ -255,6 +259,9 @@ ansible-playbook test_vault_embedded.yml -i ../../inventory -v "$@" --vault-pass # test with a default vault password file set in config ANSIBLE_VAULT_PASSWORD_FILE=vault-password ansible-playbook test_vault_embedded.yml -i ../../inventory -v "$@" --vault-password-file vault-password-wrong +# test using vault_identity_list config +ANSIBLE_VAULT_IDENTITY_LIST='wrong-password@vault-password-wrong,default@vault-password' ansible-playbook test_vault.yml -i ../../inventory -v "$@" + # test that we can have a vault encrypted yaml file that includes embedded vault vars # that were encrypted with a different vault secret ansible-playbook test_vault_file_encrypted_embedded.yml -i ../../inventory "$@" --vault-id encrypted_file_encrypted_var_password --vault-id vault-password |