fix-apikeys-attribute-as-list (#130)

puzzle · Jun 28, 2024 · 6561646 · 6561646
1 parent 4d5d62b
commit 6561646
Show file tree

Hide file tree

Showing 5 changed files with 725 additions and 485 deletions.
diff --git a/changelogs/fragments/130-fix-apikeys-attribute-as-list.yml b/changelogs/fragments/130-fix-apikeys-attribute-as-list.yml
@@ -0,0 +1,4 @@
+---
+bugfixes:
+    - system_access_users - apikeys parameters are now passed as a list of dicts
+    - system_access_users - apikeys are changed if updated
diff --git a/molecule/system_access_users/converge.yml b/molecule/system_access_users/converge.yml
@@ -12,6 +12,7 @@
       puzzle.opnsense.system_access_users:
         username: test_user_1
         password: test_password_1
+        full_name: "Test User 1: Test minimum requirements User Creation"
 
     # Test User minimum requirements disabled
     - name: "Test User 2: Test disabled User Creation"
@@ -117,9 +118,9 @@
         full_name: "Test User 14: Test User Creation with not existing group as list"
         groups:
             - test
+
       register: test_user_14_result
       ignore_errors: yes
-
     - name: "Verify that the user creation failed due to non-existing group"
       ansible.builtin.assert:
         that:
@@ -156,15 +157,17 @@
       puzzle.opnsense.system_access_users:
             username: test_user_18
             password: test_password_18
-            authorizedkeys: test_authorized_key
+            authorizedkeys: test_authorized_key_mit_fabio
             full_name: "Test User 18: Test User Creation with authorizedkeys"
 
     # Test User with empty api_keys
     - name: "Test User 19: Test User Creation with empty api_keys"
       puzzle.opnsense.system_access_users:
             username: test_user_19
             password: test_password_19
-            apikeys: ""
+            apikeys:
+              - key: ""
+                secret: ""
             full_name: "Test User 19: Test User Creation with empty api_keys"
       register: api_keys_result
 
@@ -180,7 +183,9 @@
       puzzle.opnsense.system_access_users:
             username: test_user_20
             password: test_password_20
-            apikeys: "TEST_API_KEY"
+            apikeys:
+              - key: "TEST_API_KEY"
+                secret: "O0OQc0uNZ1w/ihSAVGyPbPzXmBhOt1hUpytSMU2NGdQfQWYlSDFtwY4xAquJtJLPQS0cN6conp59QGf5+icYvQ=="
             full_name: "Test User 20: Test User Creation with too short api_keys"
       register: test_user_20_result
       ignore_errors: yes
@@ -197,7 +202,9 @@
       puzzle.opnsense.system_access_users:
             username: test_user_21
             password: test_password_21
-            apikeys: "TEST_API_KEY_WITH_RANDOM_CHARS_UNTIL_80_zo5Y3bUpOQFfbQnAOB6GqbHsPAP9Jqbjofnqu9xc"
+            apikeys:
+              - key: "TEST_API_KEY_WITH_RANDOM_CHARS_UNTIL_80_zo5Y3bUpOQFfbQnAOB6GqbHsPAP9Jqbjofnqu900"
+                secret: "O0OQc0uNZ1w/ihSAVGyPbPzXmBhOt1hUpytSMU2NGdQfQWYlSDFtwY4xAquJtJLPQS0cN6conp59QGf5+icYvQ=="
             full_name: "Test User 21: Test User Creation with valid api_keys"
       register: api_keys_result
 
@@ -208,20 +215,22 @@
         - "'generated_apikeys' in api_keys_result"
         - api_keys_result.generated_apikeys | length > 0
 
-    # Test User password escaping
-    - name: "Test User 22: Test password escaping"
+    # Test User password escaping with backslash
+    - name: "Test User 22: Test password escaping with backslash"
       puzzle.opnsense.system_access_users:
         username: test_user_22
         password: test_password_22\
+        full_name: "Test User 22: Test password escaping with backslash"
         shell: /bin/sh
         groups:
             - admins
 
-    # Test User password escaping
-    - name: "Test User 23: Test password escaping"
+    # Test User password escaping with dash
+    - name: "Test User 23: Test password escaping with dash"
       puzzle.opnsense.system_access_users:
         username: test_user_23
         password: test_password_23'
+        full_name: "Test User 23: Test password escaping with dash"
         shell: /bin/sh
         groups:
             - admins
@@ -239,3 +248,17 @@
         that:
           - "'syntax error, unexpected identifier \"cost\", expecting \")\" in Command line code on line 1' not in (current_config.content | b64decode | string)"
           - "'syntax error, unexpected single-quoted string \",PASSWORD_BCRYPT,[ \", expecting \")\" in Command line code on line 1' not in (current_config.content | b64decode | string)"
+
+    # Test User with apikeys as list
+    - name: "Test User 24: Test User Creation with apikeys as list"
+      puzzle.opnsense.system_access_users:
+            username: test_user_24
+            password: test_password_24
+            full_name: "Test User 24: Test User Creation with apikeys as list"
+            groups:
+              - admins
+            apikeys:
+              - key: "TEST_API_KEY_WITH_RANDOM_CHARS_UNTIL_80_zo5Y3bUpOQFfbQnAOB6GqbHsPAP9Jqbjofnqu900"
+                secret: "O0OQc0uNZ1w/ihSAVGyPbPzXmBhOt1hUpytSMU2NGdQfQWYlSDFtwY4xAquJtJLPQS0cN6conp59QGf5+icYvQ=="
+              - key: "TEST_API_KEY_WITH_RANDOM_CHARS_UNTIL_80_zo5Y3bUpOQFfbQnAOB6GqbHsPAP9Jqbjofnqu911"
+                secret: "111Qc0uNZ1w/ihSAVGyPbPzXmBhOt1hUpytSMU2NGdQfQWYlSDFtwY4xAquJtJLPQS0cN6conp59QGf5+icYvQ=="