generated from ansible-collections/collection_template
-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
First Draft of the User Module (#42)
* updated tests * applied suggestions from @rekup * applied suggestions from @rekup * applied suggestions from @rekup * applied suggestions from @rekup * applied suggestions from @rekup * applied suggestions from @rekup * applied suggestions from @rekup * applied suggestions from @rekup * applied suggestions from @rekup (introduced salted secrets) * ensured correct error handling as @rekup suggested * ensured correct error handling as @rekup suggested * excluded tests from pylint * fixed linter error * fixed last linter erros * added pylinter exception for crypt since this library is used in the core OPNsense and there is no build-in alternative at this time * reformted code * updated docstring methods * updated default value for shell * ran black * changed default shell to /sbin/nologin * added fully qualifed names to the converge file * updated error handling * fixed argument * Update plugins/module_utils/system_access_users_utils.py Co-authored-by: Reto Kupferschmid <[email protected]> * black errors * fixed typo * reformat * initial version of the system_settings_logging module (#61) * initial version of the system_settings_logging module --------- Co-authored-by: KiLLuuuhh <[email protected]> * fixed module_index * fixed module_index * added 2.15 sanity ignore * added 2.16 sanity ignore * added devel sanity ignore * updated devel test * updated devel test python versions * removed sanity ignores * added debug.msg to return apikeys if created * refactored hash_secret creation * added unhashed secret to result * ran black * impemented hash function * removed unused function * removed unused function * added some validation and error handling to _generate_hashed_secret * refactored error * added three tests to confirm functionality of _generate_hashed_secret --------- Co-authored-by: Reto Kupferschmid <[email protected]>
- Loading branch information
Showing
7 changed files
with
2,248 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,209 @@ | ||
| --- | ||
| - name: converge | ||
| hosts: all | ||
| become: true | ||
| tasks: | ||
| - name: "test" | ||
| ansible.builtin.debug: | ||
| msg: "test" | ||
|
|
||
| # Test User minimum requirements | ||
| - name: "Test User 1: Test minimum requirements User Creation" | ||
| puzzle.opnsense.system_access_users: | ||
| username: test_user_1 | ||
| password: test_password_1 | ||
|
|
||
| # Test User minimum requirements disabled | ||
| - name: "Test User 2: Test disabled User Creation" | ||
| puzzle.opnsense.system_access_users: | ||
| username: test_user_2 | ||
| password: test_password_2 | ||
| full_name: "Test User 2: Test disabled User Creation" | ||
| disabled: True | ||
|
|
||
| # Test User with Full Name | ||
| - name: "Test User 3: Test User Creation with Full Name" | ||
| puzzle.opnsense.system_access_users: | ||
| username: test_user_3 | ||
| password: test_password_3 | ||
| full_name: "Test User 3: Test User Creation with Full Name" | ||
|
|
||
| # Test User with E-Mail | ||
| - name: "Test User 4: Test User Creation with E-Mail" | ||
| puzzle.opnsense.system_access_users: | ||
| username: test_user_4 | ||
| password: test_password_4 | ||
| email: [email protected] | ||
| full_name: "Test User 4: Test User Creation with E-Mail" | ||
|
|
||
| # Test User with Comment | ||
| - name: "Test User 5: Test User Creation with Comment" | ||
| puzzle.opnsense.system_access_users: | ||
| username: test_user_5 | ||
| password: test_password_5 | ||
| comment: Test User 5 Comment | ||
| full_name: "Test User 5: Test User Creation with Comment" | ||
|
|
||
| # Test User with Preferred landing page | ||
| - name: "Test User 6: Test User Creation with Preferred landing page" | ||
| puzzle.opnsense.system_access_users: | ||
| username: test_user_6 | ||
| password: test_password_6 | ||
| landing_page: /ui/ipsec/sessions | ||
| full_name: "Test User 6: Test User Creation with Preferred landing page" | ||
|
|
||
| # Test User with nologin shell | ||
| - name: "Test User 7: Test User Creation with nologin shell" | ||
| puzzle.opnsense.system_access_users: | ||
| username: test_user_7 | ||
| password: test_password_7 | ||
| shell: /sbin/nologin | ||
| full_name: "Test User 7: Test User Creation with nologin shell" | ||
|
|
||
| # Test User with csh shell | ||
| - name: "Test User 8: Test User Creation with csh shell" | ||
| puzzle.opnsense.system_access_users: | ||
| username: test_user_8 | ||
| password: test_password_8 | ||
| shell: /bin/csh | ||
| full_name: "Test User 8: Test User Creation with csh shell" | ||
|
|
||
| # Test User with sh shell | ||
| - name: "Test User 9: Test User Creation with sh shell" | ||
| puzzle.opnsense.system_access_users: | ||
| username: test_user_9 | ||
| password: test_password_9 | ||
| shell: /bin/sh | ||
| full_name: "Test User 9: Test User Creation with sh shell" | ||
|
|
||
| # Test User with tcsh shell | ||
| - name: "Test User 10: Test User Creation with tcsh shell" | ||
| puzzle.opnsense.system_access_users: | ||
| username: test_user_10 | ||
| password: test_password_10 | ||
| shell: /bin/tcsh | ||
| full_name: "Test User 10: Test User Creation with tcsh shell" | ||
|
|
||
| # Test User with Expiration date | ||
| - name: "Test User 11: Test User Creation with Expiration date" | ||
| puzzle.opnsense.system_access_users: | ||
| username: test_user_11 | ||
| password: test_password_11 | ||
| expires: 02/27/2024 | ||
| full_name: "Test User 11: Test User Creation with Expiration date" | ||
|
|
||
| # Test User with group as string | ||
| - name: "Test User 12: Test User Creation with group as string" | ||
| puzzle.opnsense.system_access_users: | ||
| username: test_user_12 | ||
| password: test_password_12 | ||
| full_name: "Test User 12: Test User Creation with group as string" | ||
| groups: admins | ||
|
|
||
| # Test User with group as list | ||
| - name: "Test User 13: Test User Creation with group as list" | ||
| puzzle.opnsense.system_access_users: | ||
| username: test_user_13 | ||
| password: test_password_13 | ||
| full_name: "Test User 13: Test User Creation with group as list" | ||
| groups: | ||
| - admins | ||
|
|
||
| # Test User with not existing group as list | ||
| - name: "Test User 14: Test User Creation with not existing group as list" | ||
| puzzle.opnsense.system_access_users: | ||
| username: test_user_14 | ||
| password: test_password_14 | ||
| full_name: "Test User 14: Test User Creation with not existing group as list" | ||
| groups: | ||
| - test | ||
| register: test_user_14_result | ||
| ignore_errors: yes | ||
|
|
||
| - name: "Verify that the user creation failed due to non-existing group" | ||
| ansible.builtin.assert: | ||
| that: | ||
| - test_user_14_result is failed | ||
| fail_msg: "User creation should fail due to non-existing group" | ||
| success_msg: "User creation failed as expected due to non-existing group" | ||
|
|
||
| # Test User with empty otp_seed | ||
| - name: "Test User 15: Test User Creation with empty otp_seed" | ||
| puzzle.opnsense.system_access_users: | ||
| username: test_user_15 | ||
| password: test_password_15 | ||
| otp_seed: "" | ||
| full_name: "Test User 15: Test User Creation with empty otp_seed" | ||
|
|
||
| # Test User with otp_seed | ||
| - name: "Test User 16: Test User Creation with otp_seed" | ||
| puzzle.opnsense.system_access_users: | ||
| username: test_user_16 | ||
| password: test_password_16 | ||
| otp_seed: test_seed | ||
| full_name: "Test User 16: Test User Creation with otp_seed" | ||
|
|
||
| # Test User with empty authorizedkeys | ||
| - name: "Test User 17: Test User Creation with empty authorizedkeys" | ||
| puzzle.opnsense.system_access_users: | ||
| username: test_user_17 | ||
| password: test_password_17 | ||
| authorizedkeys: "" | ||
| full_name: "Test User 17: Test User Creation with empty authorizedkeys" | ||
|
|
||
| # Test User with authorizedkeys | ||
| - name: "Test User 18: Test User Creation with authorizedkeys" | ||
| puzzle.opnsense.system_access_users: | ||
| username: test_user_18 | ||
| password: test_password_18 | ||
| authorizedkeys: test_authorized_key | ||
| full_name: "Test User 18: Test User Creation with authorizedkeys" | ||
|
|
||
| # Test User with empty api_keys | ||
| - name: "Test User 19: Test User Creation with empty api_keys" | ||
| puzzle.opnsense.system_access_users: | ||
| username: test_user_19 | ||
| password: test_password_19 | ||
| apikeys: "" | ||
| full_name: "Test User 19: Test User Creation with empty api_keys" | ||
| register: api_keys_result | ||
|
|
||
| - name: Return the created apikeys and secret of Test User 19 | ||
| ansible.builtin.debug: | ||
| msg: "The following api_keys were created {{ api_keys_result.generated_apikeys }}" | ||
| when: | ||
| - "'generated_apikeys' in api_keys_result" | ||
| - api_keys_result.generated_apikeys | length > 0 | ||
|
|
||
| # Test User with too short api_keys | ||
| - name: "Test User 20: Test User Creation with too short api_keys" | ||
| puzzle.opnsense.system_access_users: | ||
| username: test_user_20 | ||
| password: test_password_20 | ||
| apikeys: "TEST_API_KEY" | ||
| full_name: "Test User 20: Test User Creation with too short api_keys" | ||
| register: test_user_20_result | ||
| ignore_errors: yes | ||
|
|
||
| - name: "Verify that the user creation failed due to too short api key" | ||
| ansible.builtin.assert: | ||
| that: | ||
| - test_user_20_result is failed | ||
| fail_msg: "The API key: TEST_API_KEY is not a valid string. Must be >= 80 characters." | ||
| success_msg: "The API key: TEST_API_KEY is not a valid string. Must be >= 80 characters." | ||
|
|
||
| # Test User with valid api_keys | ||
| - name: "Test User 21: Test User Creation with valid api_keys" | ||
| puzzle.opnsense.system_access_users: | ||
| username: test_user_21 | ||
| password: test_password_21 | ||
| apikeys: "TEST_API_KEY_WITH_RANDOM_CHARS_UNTIL_80_zo5Y3bUpOQFfbQnAOB6GqbHsPAP9Jqbjofnqu9xc" | ||
| full_name: "Test User 21: Test User Creation with valid api_keys" | ||
| register: api_keys_result | ||
|
|
||
| - name: Return the created apikeys and secret of Test User 21 | ||
| ansible.builtin.debug: | ||
| msg: "The following api_keys were created {{ api_keys_result.generated_apikeys }}" | ||
| when: | ||
| - "'generated_apikeys' in api_keys_result" | ||
| - api_keys_result.generated_apikeys | length > 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,69 @@ | ||
| --- | ||
| scenario: | ||
| name: system_access_users | ||
| test_sequence: | ||
| # - dependency not relevant unless we have requirements | ||
| - destroy | ||
| - syntax | ||
| - create | ||
| # - prepare | ||
| - converge | ||
| - idempotence | ||
| #- verify | ||
| - cleanup | ||
| - destroy | ||
|
|
||
| driver: | ||
| name: vagrant | ||
| parallel: true | ||
|
|
||
| platforms: | ||
| - name: "22.7" | ||
| hostname: false | ||
| box: puzzle/opnsense | ||
| box_version: "22.7" | ||
| memory: 1024 | ||
| cpus: 2 | ||
| instance_raw_config_args: | ||
| - 'vm.guest = :freebsd' | ||
| - 'ssh.sudo_command = "%c"' | ||
| - 'ssh.shell = "/bin/sh"' | ||
| - name: "23.1" | ||
| box: puzzle/opnsense | ||
| hostname: false | ||
| box_version: "23.1" | ||
| memory: 1024 | ||
| cpus: 2 | ||
| instance_raw_config_args: | ||
| - 'vm.guest = :freebsd' | ||
| - 'ssh.sudo_command = "%c"' | ||
| - 'ssh.shell = "/bin/sh"' | ||
| - name: "23.7" | ||
| box: puzzle/opnsense | ||
| hostname: false | ||
| box_version: "23.7" | ||
| memory: 1024 | ||
| cpus: 2 | ||
| instance_raw_config_args: | ||
| - 'vm.guest = :freebsd' | ||
| - 'ssh.sudo_command = "%c"' | ||
| - 'ssh.shell = "/bin/sh"' | ||
| - name: "24.1" | ||
| box: puzzle/opnsense | ||
| hostname: false | ||
| box_version: "24.1" | ||
| memory: 1024 | ||
| cpus: 2 | ||
| instance_raw_config_args: | ||
| - 'vm.guest = :freebsd' | ||
| - 'ssh.sudo_command = "%c"' | ||
| - 'ssh.shell = "/bin/sh"' | ||
|
|
||
| provisioner: | ||
| name: ansible | ||
| # env: | ||
| # ANSIBLE_VERBOSITY: 3 | ||
| verifier: | ||
| name: ansible | ||
| options: | ||
| become: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| --- | ||
| - name: Verify connectivity to server | ||
| hosts: all | ||
| tasks: | ||
| - name: Ping the server | ||
| ansible.builtin.ping: |
Oops, something went wrong.