|
6 | 6 | - name: Set up test environment |
7 | 7 | include_tasks: tasks/setup_test.yml |
8 | 8 |
|
| 9 | + - name: Get the contents of the tang directory before adding keys |
| 10 | + find: |
| 11 | + path: /var/db/tang/ |
| 12 | + patterns: "*.jwk" |
| 13 | + register: tang_dir_contents_before |
| 14 | + |
9 | 15 | # For this test we will create many tang keys, so that the metadata |
10 | 16 | # generated will be too large that it will not fit the LUKS header |
11 | 17 | # after a few binding attempts. |
|
14 | 20 | changed_when: false |
15 | 21 | with_sequence: count=32 |
16 | 22 |
|
17 | | - # Now we will attempt to perform multiple binding operations, and at some |
18 | | - # point it will fail, due to the metadata being too large. We will also |
19 | | - # calculate the checksum of the device before each attempt, and, in case |
20 | | - # the binding fails, we will compare the after checksum to check whether |
21 | | - # any changes were performed, in these failed scenarios. |
22 | | - - name: Run the test for each device type |
23 | | - include_tasks: tasks/bind_repeatedly_single_device.yml |
24 | | - loop: |
25 | | - - "{{ nbde_client_test_device }}" # LUKS2 (with modern cryptsetup). |
26 | | - - "{{ nbde_client_test_device_luks1 }}" # LUKS1. |
27 | | - loop_control: |
28 | | - loop_var: nbde_client_selected_device |
29 | | - |
30 | | - - name: Clean up test environment |
31 | | - include_tasks: tasks/cleanup_test.yml |
| 23 | + - name: Run the test |
| 24 | + block: |
| 25 | + # Now we will attempt to perform multiple binding operations, and at some |
| 26 | + # point it will fail, due to the metadata being too large. We will also |
| 27 | + # calculate the checksum of the device before each attempt, and, in case |
| 28 | + # the binding fails, we will compare the after checksum to check whether |
| 29 | + # any changes were performed, in these failed scenarios. |
| 30 | + - name: Run the test for each device type |
| 31 | + include_tasks: tasks/bind_repeatedly_single_device.yml |
| 32 | + loop: |
| 33 | + - "{{ nbde_client_test_device }}" # LUKS2 (with modern cryptsetup). |
| 34 | + - "{{ nbde_client_test_device_luks1 }}" # LUKS1. |
| 35 | + loop_control: |
| 36 | + loop_var: nbde_client_selected_device |
| 37 | + |
| 38 | + always: |
| 39 | + - name: Get the contents of the tang directory after adding keys |
| 40 | + find: |
| 41 | + path: /var/db/tang/ |
| 42 | + patterns: "*.jwk" |
| 43 | + register: tang_dir_contents_after |
| 44 | + |
| 45 | + - name: Remove any keys added during the test |
| 46 | + file: |
| 47 | + path: "{{ item }}" |
| 48 | + state: absent |
| 49 | + loop: "{{ tang_dir_contents_after.files | map(attribute='path') | list | |
| 50 | + difference(tang_dir_contents_before.files | map(attribute='path') | list) }}" |
| 51 | + |
| 52 | + - name: Ensure directory is same as before |
| 53 | + find: |
| 54 | + path: /var/db/tang/ |
| 55 | + patterns: "*.jwk" |
| 56 | + register: tang_dir_contents_final |
| 57 | + failed_when: tang_dir_contents_before.files | map(attribute='path') | list | |
| 58 | + difference(tang_dir_contents_final.files | map(attribute='path') | list) | list | length > 0 |
| 59 | + |
| 60 | + - name: Clean up test environment |
| 61 | + include_tasks: tasks/cleanup_test.yml |
32 | 62 |
|
33 | 63 | # vim:set ts=2 sw=2 et: |
0 commit comments