blob: f7a9fa505fa54596cb343790b4c70b7451e8c389 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
|
# Test code for the file module.
# (c) 2014, Richard Isaacson <richard.c.isaacson@gmail.com>
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: Determine if python looks like it will support modern ssl features like SNI
command: "{{ ansible_python.executable }} -c 'from ssl import SSLContext'"
ignore_errors: True
register: python_test
- name: Set python_has_sslcontext if we have it
set_fact:
python_has_ssl_context: True
when: python_test.rc == 0
- name: Set python_has_sslcontext False if we don't have it
set_fact:
python_has_ssl_context: False
when: python_test.rc != 0
- name: Define test files for file schema
set_fact:
geturl_srcfile: "{{ output_dir | expanduser }}/aurlfile.txt"
geturl_dstfile: "{{ output_dir | expanduser }}/aurlfile_copy.txt"
- name: Create source file
copy:
dest: "{{ geturl_srcfile }}"
content: "foobar"
- name: test file fetch
get_url:
url: "{{ 'file://' + geturl_srcfile }}"
dest: "{{ geturl_dstfile }}"
register: result
- name: assert success and change
assert:
that:
- result.changed
- '"OK" in result.msg'
- name: test nonexisting file fetch
get_url:
url: "{{ 'file://' + geturl_srcfile + 'NOFILE' }}"
dest: "{{ geturl_dstfile + 'NOFILE' }}"
register: result
ignore_errors: True
- name: assert success and change
assert:
that:
- result.failed
- name: test HTTP HEAD request for file in check mode
get_url: url="http://{{ httpbin_host }}/get" dest={{ output_dir }}/get_url_check.txt force=yes
check_mode: True
register: result
- name: assert that the HEAD request was successful in check mode
assert:
that:
- result.changed
- '"OK" in result.msg'
- name: test HTTP HEAD for nonexistent URL in check mode
get_url: url="http://{{ httpbin_host }}/DOESNOTEXIST" dest={{ output_dir }}/shouldnotexist.html force=yes
check_mode: True
register: result
ignore_errors: True
- name: assert that HEAD request for nonexistent URL failed
assert:
that:
- result.failed
- name: test https fetch
get_url: url="https://{{ httpbin_host }}/get" dest={{output_dir}}/get_url.txt force=yes
register: result
- name: assert the get_url call was successful
assert:
that:
- result.changed
- '"OK" in result.msg'
- name: test https fetch to a site with mismatched hostname and certificate
get_url:
url: "https://{{ badssl_host }}/"
dest: "{{ output_dir }}/shouldnotexist.html"
ignore_errors: True
register: result
- stat:
path: "{{ output_dir }}/shouldnotexist.html"
register: stat_result
- name: Assert that the file was not downloaded
assert:
that:
- "result|failed"
- "'Failed to validate the SSL certificate' in result.msg"
- "stat_result.stat.exists == false"
- name: test https fetch to a site with mismatched hostname and certificate and validate_certs=no
get_url:
url: "https://{{ badssl_host }}/"
dest: "{{ output_dir }}/get_url_no_validate.html"
validate_certs: no
register: result
- stat:
path: "{{ output_dir }}/get_url_no_validate.html"
register: stat_result
- name: Assert that the file was downloaded
assert:
that:
- "result.changed == true"
- "stat_result.stat.exists == true"
# SNI Tests
# SNI is only built into the stdlib from python-2.7.9 onwards
- name: Test that SNI works
get_url:
url: 'https://{{ sni_host }}/'
dest: "{{ output_dir }}/sni.html"
register: get_url_result
ignore_errors: True
- command: "grep '{{ sni_host }}' {{ output_dir}}/sni.html"
register: data_result
when: "{{ python_has_ssl_context }}"
- debug: var=get_url_result
- name: Assert that SNI works with this python version
assert:
that:
- 'data_result.rc == 0'
when: "{{ python_has_ssl_context }}"
# If the client doesn't support SNI then get_url should have failed with a certificate mismatch
- name: Assert that hostname verification failed because SNI is not supported on this version of python
assert:
that:
- 'get_url_result|failed'
when: "{{ not python_has_ssl_context }}"
# These tests are just side effects of how the site is hosted. It's not
# specifically a test site. So the tests may break due to the hosting changing
- name: Test that SNI works
get_url:
url: 'https://{{ sni_host }}/'
dest: "{{ output_dir }}/sni.html"
register: get_url_result
ignore_errors: True
- command: "grep '{{ sni_host }}' {{ output_dir}}/sni.html"
register: data_result
when: "{{ python_has_ssl_context }}"
- debug: var=get_url_result
- name: Assert that SNI works with this python version
assert:
that:
- 'data_result.rc == 0'
- 'not get_url_result|failed'
when: "{{ python_has_ssl_context }}"
# If the client doesn't support SNI then get_url should have failed with a certificate mismatch
- name: Assert that hostname verification failed because SNI is not supported on this version of python
assert:
that:
- 'get_url_result|failed'
when: "{{ not python_has_ssl_context }}"
# End hacky SNI test section
- name: Test get_url with redirect
get_url:
url: 'http://{{ httpbin_host }}/redirect/6'
dest: "{{ output_dir }}/redirect.json"
- name: Test that setting file modes work
get_url:
url: 'http://{{ httpbin_host }}/'
dest: '{{ output_dir }}/test'
mode: '0707'
register: result
- stat:
path: "{{ output_dir }}/test"
register: stat_result
- name: Assert that the file has the right permissions
assert:
that:
- "result.changed == true"
- "stat_result.stat.mode == '0707'"
- name: Test that setting file modes on an already downlaoded file work
get_url:
url: 'http://{{ httpbin_host }}/'
dest: '{{ output_dir }}/test'
mode: '0070'
register: result
- stat:
path: "{{ output_dir }}/test"
register: stat_result
- name: Assert that the file has the right permissions
assert:
that:
- "result.changed == true"
- "stat_result.stat.mode == '0070'"
#https://github.com/ansible/ansible/issues/16191
- name: Test url split with no filename
get_url:
url: https://{{ httpbin_host }}
dest: "{{ output_dir }}"
- name: Test client cert auth, with certs
get_url:
url: "https://ansible.http.tests/ssl_client_verify"
client_cert: "{{ output_dir }}/client.pem"
client_key: "{{ output_dir }}/client.key"
dest: "{{ output_dir }}/ssl_client_verify"
when: has_httptester
- name: Assert that the ssl_client_verify file contains the correct content
assert:
that:
- 'lookup("file", "{{ output_dir }}/ssl_client_verify") == "ansible.http.tests:SUCCESS"'
when: has_httptester
|