diff options
| author | Kellin <kellin@retromud.org> | 2024-08-12 16:13:39 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-12 16:13:39 +0200 |
| commit | 0d6b0341030f33c3003103a9547f16aa0fe28524 (patch) | |
| tree | d50a11106196c77ec0e30c9d3dba3781259da4bd /test/integration | |
| parent | fix: `COLOR_INCLUDED` to colorize `included` output (#83711) (diff) | |
| download | ansible-0d6b0341030f33c3003103a9547f16aa0fe28524.tar.xz ansible-0d6b0341030f33c3003103a9547f16aa0fe28524.zip | |
Enable validation of subkeys in rpm key module (#83716)
* Enable validation of subkeys in rpm key module
A gpg subkey may change while the primary key remains the same. Due to
this behavior, there are situations where validation of the primary gpg
key fingerprint is not sufficient because the desired target is actually
the gpg subkey. This change allows the user to validate against either
the fingerprint of the primary gpg key or its subkey.
Signed-off-by: Kellin <kellin@retromud.org>
* Improve tests, add multi-fingerprint
- Improve tests to cover all cases
- add multi fingerprint validation
Signed-off-by: Kellin <kellin@retromud.org>
Diffstat (limited to 'test/integration')
| -rw-r--r-- | test/integration/targets/rpm_key/tasks/rpm_key.yaml | 63 |
1 files changed, 62 insertions, 1 deletions
diff --git a/test/integration/targets/rpm_key/tasks/rpm_key.yaml b/test/integration/targets/rpm_key/tasks/rpm_key.yaml index fb0139b3ae..77cdd586d4 100644 --- a/test/integration/targets/rpm_key/tasks/rpm_key.yaml +++ b/test/integration/targets/rpm_key/tasks/rpm_key.yaml @@ -161,7 +161,7 @@ that: - result is success - result is not changed - - "'does not match the key fingerprint' in result.msg" + - "'does not match any key fingerprints' in result.msg" - name: Issue 20325 - Verify fingerprint of key, valid fingerprint rpm_key: @@ -187,6 +187,67 @@ - result is success - result is not changed +# Reset to test subkey validation +- name: remove all keys from key ring + shell: "rpm -q gpg-pubkey | xargs rpm -e" + +- name: Verify fingerprint of subkey, valid fingerprint + rpm_key: + key: https://ci-files.testing.ansible.com/test/integration/targets/rpm_key/RPM-GPG-KEY.dag + fingerprint: 19B7 913E 6284 8E3F 4D78 D6B4 ECD9 1AB2 2EB6 8D86 + register: result + +- name: Assert Verify fingerprint of key, valid fingerprint + assert: + that: + - result is success + - result is changed + +- name: Verify fingerprint of subkey, valid fingerprint - Idempotent check + rpm_key: + key: https://ci-files.testing.ansible.com/test/integration/targets/rpm_key/RPM-GPG-KEY.dag + fingerprint: 19B7 913E 6284 8E3F 4D78 D6B4 ECD9 1AB2 2EB6 8D86 + register: result + +- name: Assert Verify fingerprint of subkey, valid fingerprint - Idempotent check + assert: + that: + - result is success + - result is not changed + +# Reset to test multi-key validation +- name: remove all keys from key ring + shell: "rpm -q gpg-pubkey | xargs rpm -e" + +- name: Verify fingerprint of primary and subkey, valid fingerprint + rpm_key: + key: https://ci-files.testing.ansible.com/test/integration/targets/rpm_key/RPM-GPG-KEY.dag + fingerprint: + - 19B7 913E 6284 8E3F 4D78 D6B4 ECD9 1AB2 2EB6 8D86 + - EBC6 E12C 62B1 C734 026B 2122 A20E 5214 6B8D 79E6 + register: result + +- name: Assert Verify fingerprint of primary and subkey, valid fingerprint + assert: + that: + - result is success + - result is changed + +- name: Verify fingerprint of primary and subkey, valid fingerprint - Idempotent check + rpm_key: + key: https://ci-files.testing.ansible.com/test/integration/targets/rpm_key/RPM-GPG-KEY.dag + fingerprint: + - 19B7 913E 6284 8E3F 4D78 D6B4 ECD9 1AB2 2EB6 8D86 + - EBC6 E12C 62B1 C734 026B 2122 A20E 5214 6B8D 79E6 + register: result + +- name: Assert Verify fingerprint of primary and subkey, valid fingerprint - Idempotent check + assert: + that: + - result is success + - result is not changed + + # # Cleanup # |