community.general/tests/integration/targets/systemd_creds_decrypt/tasks/main.yaml

---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later

- name: Test systemd_creds_decrypt
  when:
    - ansible_systemd.version is defined
    - ansible_systemd.version | int >= 250
  block:
    - name: Encrypt secret
      become: true
      systemd_creds_encrypt:
        name: api
        not_after: +48hr
        secret: access_token
      register: encrypted_api_secret

    - name: Print the encrypted secret
      ansible.builtin.debug:
        msg: "{{ encrypted_api_secret }}"

    - name: Decrypt secret
      community.general.systemd_creds_decrypt:
        name: api
        newline: false
        secret: "{{ encrypted_api_secret.value }}"
      register: decrypted_secret

    - name: Print the decrypted secret
      ansible.builtin.debug:
        msg: "{{ decrypted_secret }}"

    - name: Assert that the decrypted secret is the same as the original secret
      ansible.builtin.assert:
        that:
          - decrypted_secret.value == 'access_token'
        fail_msg: "Decrypted secret is not the same as the original secret"
        success_msg: "Decrypted secret is the same as the original secret"

    - name: Decrypt secret into hex
      community.general.systemd_creds_decrypt:
        name: api
        newline: false
        secret: "{{ encrypted_api_secret.value }}"
        transcode: hex
      register: decrypted_secret_hex

    - name: Print the trancoded decrypted secret
      ansible.builtin.debug:
        msg: "{{ decrypted_secret_hex }}"

    - name: Assert that the decrypted secret is the same as the original secret
      ansible.builtin.assert:
        that:
          - decrypted_secret_hex.value == '6163636573735f746f6b656e'
        fail_msg: "Decrypted secret is not the same as the original secret"
        success_msg: "Decrypted secret is the same as the original secret"
add support for systemd creds encrypt/decrypt (#9383) * add support for systemd creds encrypt/decrypt Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * add __metaclass__ Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * Python 2.7 issues Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * update version_added and ci test aliases Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * switch to container Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * run tests in docker as well Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * move tasks into tasks/ Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * no need to call echo Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * lint and add become: Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * dont append a newline Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * don't clean newlines Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * only use module name Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * clean Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * change msg to value Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * add return values Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * update attributes and description Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * Update plugins/modules/systemd_creds_decrypt.py Co-authored-by: Felix Fontein <felix@fontein.de> * set newline default Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * Update plugins/modules/systemd_creds_encrypt.py Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com> * Update plugins/modules/systemd_creds_encrypt.py Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com> * Update plugins/modules/systemd_creds_encrypt.py Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com> * update required and spelling Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * use single backslash Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> --------- Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com> 2024-12-29 20:15:57 +00:00			`---`
			`# Copyright (c) Ansible Project`
			`# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)`
			`# SPDX-License-Identifier: GPL-3.0-or-later`

			`- name: Test systemd_creds_decrypt`
			`when:`
			`- ansible_systemd.version is defined`
			`- ansible_systemd.version \| int >= 250`
			`block:`
			`- name: Encrypt secret`
			`become: true`
			`systemd_creds_encrypt:`
			`name: api`
			`not_after: +48hr`
			`secret: access_token`
			`register: encrypted_api_secret`

			`- name: Print the encrypted secret`
			`ansible.builtin.debug:`
			`msg: "{{ encrypted_api_secret }}"`

			`- name: Decrypt secret`
			`community.general.systemd_creds_decrypt:`
			`name: api`
			`newline: false`
			`secret: "{{ encrypted_api_secret.value }}"`
			`register: decrypted_secret`

			`- name: Print the decrypted secret`
			`ansible.builtin.debug:`
			`msg: "{{ decrypted_secret }}"`

			`- name: Assert that the decrypted secret is the same as the original secret`
			`ansible.builtin.assert:`
			`that:`
			`- decrypted_secret.value == 'access_token'`
			`fail_msg: "Decrypted secret is not the same as the original secret"`
			`success_msg: "Decrypted secret is the same as the original secret"`

			`- name: Decrypt secret into hex`
			`community.general.systemd_creds_decrypt:`
			`name: api`
			`newline: false`
			`secret: "{{ encrypted_api_secret.value }}"`
			`transcode: hex`
			`register: decrypted_secret_hex`

			`- name: Print the trancoded decrypted secret`
			`ansible.builtin.debug:`
			`msg: "{{ decrypted_secret_hex }}"`

			`- name: Assert that the decrypted secret is the same as the original secret`
			`ansible.builtin.assert:`
			`that:`
			`- decrypted_secret_hex.value == '6163636573735f746f6b656e'`
			`fail_msg: "Decrypted secret is not the same as the original secret"`
			`success_msg: "Decrypted secret is the same as the original secret"`