summaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
authorDanilo Bargen <mail@dbrgn.ch>2024-06-20 16:55:59 +0200
committerGitHub <noreply@github.com>2024-06-20 16:55:59 +0200
commitc2c6005842965296ef2c17198c2effc75cb34dfd (patch)
treed243359a335942c4a4d1f6bc56e76d3ea0238e51 /test
parentansible-test - Update PyPI and utility container (#83475) (diff)
downloadansible-c2c6005842965296ef2c17198c2effc75cb34dfd.tar.xz
ansible-c2c6005842965296ef2c17198c2effc75cb34dfd.zip
get_url: Verify checksum using tmpsrc, not dest (#64092)
Previously, if the checksum of the downloaded file did not match the specified checksum, the *destination* file was removed. This possibly leaves the system that is being provisioned in an invalid state. Instead, the checksum should be calculated on the temporary file only. If there's a mismatch, delete the *temporary* file, not the destination file. This requires checking the checksum before moving the file.
Diffstat (limited to 'test')
-rw-r--r--test/integration/targets/get_url/tasks/main.yml43
1 files changed, 43 insertions, 0 deletions
diff --git a/test/integration/targets/get_url/tasks/main.yml b/test/integration/targets/get_url/tasks/main.yml
index 51cb437b6a..2f50b4366c 100644
--- a/test/integration/targets/get_url/tasks/main.yml
+++ b/test/integration/targets/get_url/tasks/main.yml
@@ -676,3 +676,46 @@
- name: Test use_netrc=False
import_tasks: use_netrc.yml
+
+# https://github.com/ansible/ansible/pull/64092
+# Calling get_url with bad checksum should not delete the target file
+- name: Define test files for checksum verification
+ set_fact:
+ checksum_verify_dstfile: "{{ remote_tmp_dir }}/checksum-verify-test.txt"
+
+- name: Download file
+ get_url:
+ url: https://{{ httpbin_host }}/get
+ dest: "{{ checksum_verify_dstfile}}"
+ register: result
+
+- stat:
+ path: "{{ checksum_verify_dstfile }}"
+ register: stat_result_checksum_verify
+
+- name: Assert success
+ assert:
+ that:
+ - result is changed
+ - '"OK" in result.msg'
+ - stat_result_checksum_verify.stat.exists
+
+- name: Download file again, with wrong checksum
+ get_url:
+ url: https://{{ httpbin_host }}/get
+ dest: "{{ checksum_verify_dstfile}}"
+ checksum: "sha256:18b2a70b53c350ad49e4eafb69560bf77ba2ef4f3c93376b65f18b753c912809"
+ register: result
+ failed_when:
+ - result is successful
+
+- stat:
+ path: "{{ checksum_verify_dstfile }}"
+ register: stat_result_checksum_verify
+
+- name: Assert destination file was not removed
+ assert:
+ that:
+ - result is not changed
+ - '"did not match" in result.msg'
+ - stat_result_checksum_verify.stat.exists