--- - name: Generate a random string for test set_fact: test_id: "{{ lookup('password', '/dev/null chars=ascii_letters length=16') }}" when: test_id is not defined - name: Generate names set_fact: ssh_cred_name1: "AWX-Collection-tests-credential-ssh-cred1-{{ test_id }}" ssh_cred_name2: "AWX-Collection-tests-credential-ssh-cred2-{{ test_id }}" ssh_cred_name3: "AWX-Collection-tests-credential-ssh-cred-lookup-source-{{ test_id }}" ssh_cred_name4: "AWX-Collection-tests-credential-ssh-cred-file-source-{{ test_id }}" vault_cred_name1: "AWX-Collection-tests-credential-vault-cred1-{{ test_id }}" vault_cred_name2: "AWX-Collection-tests-credential-vault-ssh-cred1-{{ test_id }}" net_cred_name1: "AWX-Collection-tests-credential-net-cred1-{{ test_id }}" scm_cred_name1: "AWX-Collection-tests-credential-scm-cred1-{{ test_id }}" aws_cred_name1: "AWX-Collection-tests-credential-aws-cred1-{{ test_id }}" vmware_cred_name1: "AWX-Collection-tests-credential-vmware-cred1-{{ test_id }}" sat6_cred_name1: "AWX-Collection-tests-credential-sat6-cred1-{{ test_id }}" gce_cred_name1: "AWX-Collection-tests-credential-gce-cred1-{{ test_id }}" azurerm_cred_name1: "AWX-Collection-tests-credential-azurerm-cred1-{{ test_id }}" openstack_cred_name1: "AWX-Collection-tests-credential-openstack-cred1-{{ test_id }}" rhv_cred_name1: "AWX-Collection-tests-credential-rhv-cred1-{{ test_id }}" insights_cred_name1: "AWX-Collection-tests-credential-insights-cred1-{{ test_id }}" tower_cred_name1: "AWX-Collection-tests-credential-tower-cred1-{{ test_id }}" - name: create a tempdir for an SSH key local_action: shell mktemp -d register: tempdir - name: Generate a local SSH key local_action: "shell ssh-keygen -b 2048 -t rsa -f {{ tempdir.stdout }}/id_rsa -q -N 'passphrase'" - name: Read the generated key set_fact: ssh_key_data: "{{ lookup('file', tempdir.stdout + '/id_rsa') }}" - name: Create an Org-specific credential with an ID credential: name: "{{ ssh_cred_name1 }}" organization: Default credential_type: Machine state: present register: result - assert: that: - "result is changed" - name: Create an Org-specific credential with an ID with exists credential: name: "{{ ssh_cred_name1 }}" organization: Default credential_type: Machine state: exists register: result - assert: that: - "result is not changed" - name: Delete an Org-specific credential with an ID credential: name: "{{ ssh_cred_name1 }}" organization: Default credential_type: Machine state: absent register: result - assert: that: - "result is changed" - name: Delete a credential without credential_type credential: name: "{{ ssh_cred_name1 }}" organization: Default state: absent register: result ignore_errors: true - assert: that: - "result is failed" - name: Create an Org-specific credential with an ID with exists credential: name: "{{ ssh_cred_name1 }}" organization: Default credential_type: Machine state: exists register: result - assert: that: - "result is changed" - name: Delete a Org-specific credential credential: name: "{{ ssh_cred_name1 }}" organization: Default state: absent credential_type: Machine register: result - assert: that: - "result is changed" - name: Create the User-specific credential credential: name: "{{ ssh_cred_name1 }}" user: admin credential_type: 'Machine' state: present register: result - assert: that: - "result is changed" - name: Delete a User-specific credential credential: name: "{{ ssh_cred_name1 }}" user: admin state: absent credential_type: 'Machine' register: result - assert: that: - "result is changed" - name: Create a valid SSH credential credential: name: "{{ ssh_cred_name2 }}" organization: Default state: present credential_type: Machine description: An example SSH credential inputs: username: joe password: secret become_method: sudo become_username: superuser become_password: supersecret ssh_key_data: "{{ ssh_key_data }}" ssh_key_unlock: "passphrase" register: result - assert: that: - result is changed - name: Create a valid SSH credential credential: name: "{{ ssh_cred_name2 }}" organization: Default state: present credential_type: Machine description: An example SSH credential inputs: username: joe become_method: sudo become_username: superuser register: result - assert: that: - result is changed - name: Check for inputs idempotency (when "inputs" is blank) credential: name: "{{ ssh_cred_name2 }}" organization: Default state: present credential_type: Machine description: An example SSH credential register: result - assert: that: - result is not changed - name: Copy ssh Credential credential: name: "copy_{{ ssh_cred_name2 }}" copy_from: "{{ ssh_cred_name2 }}" credential_type: Machine register: result - assert: that: - result.copied - name: Delete an SSH credential credential: name: "copy_{{ ssh_cred_name2 }}" organization: Default state: absent credential_type: Machine register: result - assert: that: - "result is changed" - name: Create a valid SSH credential from lookup source credential: name: "{{ ssh_cred_name3 }}" organization: Default state: present credential_type: Machine description: An example SSH credential from lookup source inputs: username: joe password: secret become_method: sudo become_username: superuser become_password: supersecret ssh_key_data: "{{ lookup('file', tempdir.stdout + '/id_rsa') }}" ssh_key_unlock: "passphrase" register: result - assert: that: - result is changed - name: Delete an SSH credential credential: name: "{{ ssh_cred_name2 }}" organization: Default state: absent credential_type: Machine register: result - assert: that: - "result is changed" - name: Ensure existence of SSH credential credential: name: "{{ ssh_cred_name2 }}" organization: Default state: exists credential_type: Machine description: An example SSH awx.awx.credential inputs: username: joe password: secret become_method: sudo become_username: superuser become_password: supersecret ssh_key_data: "{{ ssh_key_data }}" ssh_key_unlock: "passphrase" register: result - assert: that: - result is changed - name: Ensure existence of SSH credential, not updating any inputs credential: name: "{{ ssh_cred_name2 }}" organization: Default state: exists credential_type: Machine description: An example SSH awx.awx.credential inputs: username: joe password: no-update-secret become_method: sudo become_username: some-other-superuser become_password: some-other-secret ssh_key_data: "{{ ssh_key_data }}" ssh_key_unlock: "another-pass-phrase" register: result - assert: that: - result is not changed - name: Create an invalid SSH credential (passphrase required) credential: name: SSH Credential organization: Default state: present credential_type: Machine inputs: username: joe ssh_key_data: "{{ ssh_key_data }}" ignore_errors: true register: result - assert: that: - "result is failed" - "'must be set when SSH key is encrypted' in result.msg" - name: Create an invalid SSH credential (Organization not found) credential: name: SSH Credential organization: Missing_Organization state: present credential_type: Machine inputs: username: joe ignore_errors: true register: result - assert: that: - "result is failed" - "result is not changed" - "'Missing_Organization' in result.msg" - "result.total_results == 0" - name: Delete an SSH credential credential: name: "{{ ssh_cred_name2 }}" organization: Default state: absent credential_type: Machine register: result - assert: that: - "result is changed" - name: Delete an SSH credential credential: name: "{{ ssh_cred_name3 }}" organization: Default state: absent credential_type: Machine register: result - assert: that: - "result is changed" - name: Delete an SSH credential credential: name: "{{ ssh_cred_name4 }}" organization: Default state: absent credential_type: Machine register: result # This one was never really created so it shouldn't be deleted - assert: that: - "result is not changed" - name: Create a valid Vault credential credential: name: "{{ vault_cred_name1 }}" organization: Default state: present credential_type: Vault description: An example Vault credential inputs: vault_id: bar vault_password: secret-vault register: result - assert: that: - "result is changed" - name: Delete a Vault credential credential: name: "{{ vault_cred_name1 }}" organization: Default state: absent credential_type: Vault register: result - assert: that: - "result is changed" - name: Delete a Vault credential credential: name: "{{ vault_cred_name2 }}" organization: Default state: absent credential_type: Vault register: result # The creation of vault_cred_name2 never worked so we shouldn't actually need to delete it - assert: that: - "result is not changed" - name: Create a valid Network credential credential: name: "{{ net_cred_name1 }}" organization: Default state: present credential_type: Network inputs: username: joe password: secret authorize: true authorize_password: authorize-me register: result - assert: that: - "result is changed" - name: Delete a Network credential credential: name: "{{ net_cred_name1 }}" organization: Default state: absent credential_type: Network register: result - assert: that: - "result is changed" - name: Create a valid SCM credential credential: name: "{{ scm_cred_name1 }}" organization: Default state: present credential_type: Source Control inputs: username: joe password: secret ssh_key_data: "{{ ssh_key_data }}" ssh_key_unlock: "passphrase" register: result - assert: that: - "result is changed" - name: Delete an SCM credential credential: name: "{{ scm_cred_name1 }}" organization: Default state: absent credential_type: Source Control register: result - assert: that: - "result is changed" - name: Create a valid AWS credential credential: name: "{{ aws_cred_name1 }}" organization: Default state: present credential_type: Amazon Web Services inputs: username: joe password: secret security_token: aws-token register: result - assert: that: - "result is changed" - name: Delete an AWS credential credential: name: "{{ aws_cred_name1 }}" organization: Default state: absent credential_type: Amazon Web Services register: result - assert: that: - "result is changed" - name: Create a valid VMWare credential credential: name: "{{ vmware_cred_name1 }}" organization: Default state: present credential_type: VMware vCenter inputs: host: https://example.org username: joe password: secret register: result - assert: that: - "result is changed" - name: Delete an VMWare credential credential: name: "{{ vmware_cred_name1 }}" organization: Default state: absent credential_type: VMware vCenter register: result - assert: that: - "result is changed" - name: Create a valid Satellite6 credential credential: name: "{{ sat6_cred_name1 }}" organization: Default state: present credential_type: Red Hat Satellite 6 inputs: host: https://example.org username: joe password: secret register: result - assert: that: - "result is changed" - name: Delete a Satellite6 credential credential: name: "{{ sat6_cred_name1 }}" organization: Default state: absent credential_type: Red Hat Satellite 6 register: result - assert: that: - "result is changed" - name: Create a valid GCE credential credential: name: "{{ gce_cred_name1 }}" organization: Default state: present credential_type: Google Compute Engine inputs: username: joe project: ABC123 ssh_key_data: "{{ ssh_key_data }}" register: result - assert: that: - "result is changed" - name: Delete a GCE credential credential: name: "{{ gce_cred_name1 }}" organization: Default state: absent credential_type: Google Compute Engine register: result - assert: that: - "result is changed" - name: Create a valid AzureRM credential credential: name: "{{ azurerm_cred_name1 }}" organization: Default state: present credential_type: Microsoft Azure Resource Manager inputs: username: joe password: secret subscription: some-subscription register: result - assert: that: - "result is changed" - name: Create a valid AzureRM credential with a tenant credential: name: "{{ azurerm_cred_name1 }}" organization: Default state: present credential_type: Microsoft Azure Resource Manager inputs: client: some-client secret: some-secret tenant: some-tenant subscription: some-subscription register: result - assert: that: - "result is changed" - name: Delete an AzureRM credential credential: name: "{{ azurerm_cred_name1 }}" organization: Default state: absent credential_type: Microsoft Azure Resource Manager register: result - assert: that: - "result is changed" - name: Create a valid OpenStack credential credential: name: "{{ openstack_cred_name1 }}" organization: Default state: present credential_type: OpenStack inputs: host: https://keystone.example.org username: joe password: secret project: tenant123 domain: some-domain register: result - assert: that: - "result is changed" - name: Delete a OpenStack credential credential: name: "{{ openstack_cred_name1 }}" organization: Default state: absent credential_type: OpenStack register: result - assert: that: - "result is changed" - name: Create a valid RHV credential credential: name: "{{ rhv_cred_name1 }}" organization: Default state: present credential_type: Red Hat Virtualization inputs: host: https://example.org username: joe password: secret register: result - assert: that: - "result is changed" - name: Delete an RHV credential credential: name: "{{ rhv_cred_name1 }}" organization: Default state: absent credential_type: Red Hat Virtualization register: result - assert: that: - "result is changed" - name: Create a valid Insights credential credential: name: "{{ insights_cred_name1 }}" organization: Default state: present credential_type: Insights inputs: username: joe password: secret register: result - assert: that: - "result is changed" - name: Delete an Insights credential credential: name: "{{ insights_cred_name1 }}" organization: Default state: absent credential_type: Insights register: result - assert: that: - "result is changed" - name: Create a valid Tower-to-Tower credential credential: name: "{{ tower_cred_name1 }}" organization: Default state: present credential_type: Red Hat Ansible Automation Platform inputs: host: https://controller.example.org username: joe password: secret register: result - assert: that: - "result is changed" - name: Delete a Tower-to-Tower credential credential: name: "{{ tower_cred_name1 }}" organization: Default state: absent credential_type: Red Hat Ansible Automation Platform register: result - assert: that: - "result is changed" - name: Check module fails with correct msg credential: name: test-credential description: Credential Description credential_type: Machine organization: test-non-existing-org state: present register: result ignore_errors: true - assert: that: - "result is failed" - "result is not changed" - "'test-non-existing-org' in result.msg" - "result.total_results == 0"