cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
ansible/test/units/parsing/test_dataloader.py

240 lines
9.7 KiB
Python
Raw Normal View History

Adding a data parsing class for v2
2014-10-23 22:39:27 +02:00
# (c) 2012-2014, Michael DeHaan <michael.dehaan@gmail.com>
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# Make coding more python3-ish
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
fix searched paths in DataLoader.path_dwim_relative (avoid AnsibleFileNotFound) (#26729) * add unit test: nested dynamic includes * nested dynamic includes: avoid AnsibleFileNotFound error Error was: Unable to retrieve file contents Could not find or access 'include2.yml' Before 8f758204cf379a743332bc9865fb3c002b6c3a6a, at the end of 'path_dwim_relative' method, the 'search' variable contained amongst others paths: '/tmp/roles/testrole/tasks/tasks/included.yml' and '/tmp/roles/testrole/tasks/included.yml'. The commit mentioned before removed the last one despite the method docstrings specify 'with or without explicitly named dirname subdirs'. * add integration test: nested includes
2017-07-20 16:26:13 +02:00
import os
Move unit test compat code out of `lib/ansible/`. (#46996) * Move ansible.compat.tests to test/units/compat/. * Fix unit test references to ansible.compat.tests. * Move builtins compat to separate file. * Fix classification of test/units/compat/ dir.
2018-10-13 05:01:14 +02:00
from units.compat import unittest
from units.compat.mock import patch, mock_open
dataloader: unit tests (#50942) * dataloader: unit tests Based on work from Alikins (https://github.com/ansible/ansible/pull/16500) Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> * review comments Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2019-01-22 15:51:27 +01:00
from ansible.errors import AnsibleParserError, yaml_strings, AnsibleFileNotFound
from ansible.parsing.vault import AnsibleVaultError
fix searched paths in DataLoader.path_dwim_relative (avoid AnsibleFileNotFound) (#26729) * add unit test: nested dynamic includes * nested dynamic includes: avoid AnsibleFileNotFound error Error was: Unable to retrieve file contents Could not find or access 'include2.yml' Before 8f758204cf379a743332bc9865fb3c002b6c3a6a, at the end of 'path_dwim_relative' method, the 'search' variable contained amongst others paths: '/tmp/roles/testrole/tasks/tasks/included.yml' and '/tmp/roles/testrole/tasks/included.yml'. The commit mentioned before removed the last one despite the method docstrings specify 'with or without explicitly named dirname subdirs'. * add integration test: nested includes
2017-07-20 16:26:13 +02:00
from ansible.module_utils._text import to_text
Update module_utils.six to latest (#22855) * Update module_utils.six to latest We've been held back on the version of six we could use on the module side to 1.4.x because of python-2.4 compatibility. Now that our minimum is Python-2.6, we can update to the latest version of six in module_utils and get rid of the second copy in lib/ansible/compat.
2017-03-23 21:35:05 +01:00
from ansible.module_utils.six import PY3
Support multiple vault passwords (#22756) Fixes #13243 ** Add --vault-id to name/identify multiple vault passwords Use --vault-id to indicate id and path/type --vault-id=prompt # prompt for default vault id password --vault-id=myorg@prompt # prompt for a vault_id named 'myorg' --vault-id=a_password_file # load ./a_password_file for default id --vault-id=myorg@a_password_file # load file for 'myorg' vault id vault_id's are created implicitly for existing --vault-password-file and --ask-vault-pass options. Vault ids are just for UX purposes and bookkeeping. Only the vault payload and the password bytestring is needed to decrypt a vault blob. Replace passing password around everywhere with a VaultSecrets object. If we specify a vault_id, mention that in password prompts Specifying multiple -vault-password-files will now try each until one works ** Rev vault format in a backwards compatible way The 1.2 vault format adds the vault_id to the header line of the vault text. This is backwards compatible with older versions of ansible. Old versions will just ignore it and treat it as the default (and only) vault id. Note: only 2.4+ supports multiple vault passwords, so while earlier ansible versions can read the vault-1.2 format, it does not make them magically support multiple vault passwords. use 1.1 format for 'default' vault_id Vaulted items that need to include a vault_id will be written in 1.2 format. If we set a new DEFAULT_VAULT_IDENTITY, then the default will use version 1.2 vault will only use a vault_id if one is specified. So if none is specified and C.DEFAULT_VAULT_IDENTITY is 'default' we use the old format. ** Changes/refactors needed to implement multiple vault passwords raise exceptions on decrypt fail, check vault id early split out parsing the vault plaintext envelope (with the sha/original plaintext) to _split_plaintext_envelope() some cli fixups for specifying multiple paths in the unfrack_paths optparse callback fix py3 dict.keys() 'dict_keys object is not indexable' error pluralize cli.options.vault_password_file -> vault_password_files pluralize cli.options.new_vault_password_file -> new_vault_password_files pluralize cli.options.vault_id -> cli.options.vault_ids ** Add a config option (vault_id_match) to force vault id matching. With 'vault_id_match=True' and an ansible vault that provides a vault_id, then decryption will require that a matching vault_id is required. (via --vault-id=my_vault_id@password_file, for ex). In other words, if the config option is true, then only the vault secrets with matching vault ids are candidates for decrypting a vault. If option is false (the default), then all of the provided vault secrets will be selected. If a user doesn't want all vault secrets to be tried to decrypt any vault content, they can enable this option. Note: The vault id used for the match is not encrypted or cryptographically signed. It is just a label/id/nickname used for referencing a specific vault secret.
2017-07-28 21:20:58 +02:00
from units.mock.vault_helper import TextVaultSecret
Break apart a looped dependency to show a warning when parsing playbooks Display a warning when a dict key is overwritten by pyyaml Fixes #12888
2015-10-26 22:23:09 +01:00
from ansible.parsing.dataloader import DataLoader
Adding a data parsing class for v2
2014-10-23 22:39:27 +02:00
fix searched paths in DataLoader.path_dwim_relative (avoid AnsibleFileNotFound) (#26729) * add unit test: nested dynamic includes * nested dynamic includes: avoid AnsibleFileNotFound error Error was: Unable to retrieve file contents Could not find or access 'include2.yml' Before 8f758204cf379a743332bc9865fb3c002b6c3a6a, at the end of 'path_dwim_relative' method, the 'search' variable contained amongst others paths: '/tmp/roles/testrole/tasks/tasks/included.yml' and '/tmp/roles/testrole/tasks/included.yml'. The commit mentioned before removed the last one despite the method docstrings specify 'with or without explicitly named dirname subdirs'. * add integration test: nested includes
2017-07-20 16:26:13 +02:00
from units.mock.path import mock_unfrackpath_noop
test/: PEP8 compliancy (#24803) * test/: PEP8 compliancy - Make PEP8 compliant * Python3 chokes on casting int to bytes (#24952) But if we tell the formatter that the var is a number, it works
2017-05-30 19:05:19 +02:00
Adding a data parsing class for v2
2014-10-23 22:39:27 +02:00
class TestDataLoader(unittest.TestCase):
def setUp(self):
self._loader = DataLoader()
Fixes #23680 bug with py3.x due to binary string handling (#23688) * This commit includes a unit test to exercise the _is_role function and make sure it doesn't break in any Python version. * Import os.path and other minor fixups
2017-09-10 03:40:07 +02:00
@patch('os.path.exists')
def test__is_role(self, p_exists):
p_exists.side_effect = lambda p: p == b'test_path/tasks/main.yml'
self.assertTrue(self._loader._is_role('test_path/tasks'))
self.assertTrue(self._loader._is_role('test_path/'))
Adding a data parsing class for v2
2014-10-23 22:39:27 +02:00
@patch.object(DataLoader, '_get_file_contents')
def test_parse_json_from_file(self, mock_def):
Fix bug (#18355) where encrypted inventories fail 18355 (#18373) * Fix bug (#18355) where encrypted inventories fail This is first part of fix for #18355 * Make DataLoader._get_file_contents return bytes The issue #18355 is caused by a change to inventory to stop using _get_file_contents so that it can handle text encoding itself to better protect against harmless text encoding errors in ini files (invalid unicode text in comment fields). So this makes _get_file_contents return bytes so it and other callers can handle the to_text(). The data returned by _get_file_contents() is now a bytes object instead of a text object. The callers of _get_file_contents() have been updated to call to_text() themselves on the results. Previously, the ini parser attempted to work around ini files that potentially include non-vailid unicode in comment lines. To do this, it stopped using DataLoader._get_file_contents() which does the decryption of files if vault encrypted. It didn't use that because _get_file_contents previously did to_text() on the read data itself. _get_file_contents() returns a bytestring now, so ini.py can call it and still special case ini file comments when converting to_text(). That also means encrypted inventory files are decrypted first. Fixes #18355
2016-11-07 16:07:26 +01:00
mock_def.return_value = (b"""{"a": 1, "b": 2, "c": 3}""", True)
Adding a data parsing class for v2
2014-10-23 22:39:27 +02:00
output = self._loader.load_from_file('dummy_json.txt')
test/: PEP8 compliancy (#24803) * test/: PEP8 compliancy - Make PEP8 compliant * Python3 chokes on casting int to bytes (#24952) But if we tell the formatter that the var is a number, it works
2017-05-30 19:05:19 +02:00
self.assertEqual(output, dict(a=1, b=2, c=3))
Adding a data parsing class for v2
2014-10-23 22:39:27 +02:00
@patch.object(DataLoader, '_get_file_contents')
def test_parse_yaml_from_file(self, mock_def):
Fix bug (#18355) where encrypted inventories fail 18355 (#18373) * Fix bug (#18355) where encrypted inventories fail This is first part of fix for #18355 * Make DataLoader._get_file_contents return bytes The issue #18355 is caused by a change to inventory to stop using _get_file_contents so that it can handle text encoding itself to better protect against harmless text encoding errors in ini files (invalid unicode text in comment fields). So this makes _get_file_contents return bytes so it and other callers can handle the to_text(). The data returned by _get_file_contents() is now a bytes object instead of a text object. The callers of _get_file_contents() have been updated to call to_text() themselves on the results. Previously, the ini parser attempted to work around ini files that potentially include non-vailid unicode in comment lines. To do this, it stopped using DataLoader._get_file_contents() which does the decryption of files if vault encrypted. It didn't use that because _get_file_contents previously did to_text() on the read data itself. _get_file_contents() returns a bytestring now, so ini.py can call it and still special case ini file comments when converting to_text(). That also means encrypted inventory files are decrypted first. Fixes #18355
2016-11-07 16:07:26 +01:00
mock_def.return_value = (b"""
Adding a data parsing class for v2
2014-10-23 22:39:27 +02:00
a: 1
b: 2
c: 3
""", True)
output = self._loader.load_from_file('dummy_yaml.txt')
test/: PEP8 compliancy (#24803) * test/: PEP8 compliancy - Make PEP8 compliant * Python3 chokes on casting int to bytes (#24952) But if we tell the formatter that the var is a number, it works
2017-05-30 19:05:19 +02:00
self.assertEqual(output, dict(a=1, b=2, c=3))
Adding a data parsing class for v2
2014-10-23 22:39:27 +02:00
@patch.object(DataLoader, '_get_file_contents')
def test_parse_fail_from_file(self, mock_def):
Fix bug (#18355) where encrypted inventories fail 18355 (#18373) * Fix bug (#18355) where encrypted inventories fail This is first part of fix for #18355 * Make DataLoader._get_file_contents return bytes The issue #18355 is caused by a change to inventory to stop using _get_file_contents so that it can handle text encoding itself to better protect against harmless text encoding errors in ini files (invalid unicode text in comment fields). So this makes _get_file_contents return bytes so it and other callers can handle the to_text(). The data returned by _get_file_contents() is now a bytes object instead of a text object. The callers of _get_file_contents() have been updated to call to_text() themselves on the results. Previously, the ini parser attempted to work around ini files that potentially include non-vailid unicode in comment lines. To do this, it stopped using DataLoader._get_file_contents() which does the decryption of files if vault encrypted. It didn't use that because _get_file_contents previously did to_text() on the read data itself. _get_file_contents() returns a bytestring now, so ini.py can call it and still special case ini file comments when converting to_text(). That also means encrypted inventory files are decrypted first. Fixes #18355
2016-11-07 16:07:26 +01:00
mock_def.return_value = (b"""
Adding a data parsing class for v2
2014-10-23 22:39:27 +02:00
TEXT:
***
NOT VALID
""", True)
self.assertRaises(AnsibleParserError, self._loader.load_from_file, 'dummy_yaml_bad.txt')
Add error info if tabs are found in the yaml (#18343) If a yaml file fails to load because of tabs being used for formatting, detect that and show a error message with more details.
2016-11-08 17:43:08 +01:00
@patch('ansible.errors.AnsibleError._get_error_lines_from_file')
@patch.object(DataLoader, '_get_file_contents')
def test_tab_error(self, mock_def, mock_get_error_lines):
mock_def.return_value = (u"""---\nhosts: localhost\nvars:\n foo: bar\n\tblip: baz""", True)
mock_get_error_lines.return_value = ('''\tblip: baz''', '''..foo: bar''')
with self.assertRaises(AnsibleParserError) as cm:
self._loader.load_from_file('dummy_yaml_text.txt')
self.assertIn(yaml_strings.YAML_COMMON_LEADING_TAB_ERROR, str(cm.exception))
self.assertIn('foo: bar', str(cm.exception))
fix searched paths in DataLoader.path_dwim_relative (avoid AnsibleFileNotFound) (#26729) * add unit test: nested dynamic includes * nested dynamic includes: avoid AnsibleFileNotFound error Error was: Unable to retrieve file contents Could not find or access 'include2.yml' Before 8f758204cf379a743332bc9865fb3c002b6c3a6a, at the end of 'path_dwim_relative' method, the 'search' variable contained amongst others paths: '/tmp/roles/testrole/tasks/tasks/included.yml' and '/tmp/roles/testrole/tasks/included.yml'. The commit mentioned before removed the last one despite the method docstrings specify 'with or without explicitly named dirname subdirs'. * add integration test: nested includes
2017-07-20 16:26:13 +02:00
@patch('ansible.parsing.dataloader.unfrackpath', mock_unfrackpath_noop)
@patch.object(DataLoader, '_is_role')
def test_path_dwim_relative(self, mock_is_role):
"""
simulate a nested dynamic include:
playbook.yml:
- hosts: localhost
roles:
- { role: 'testrole' }
testrole/tasks/main.yml:
- include: "include1.yml"
static: no
testrole/tasks/include1.yml:
- include: include2.yml
static: no
testrole/tasks/include2.yml:
- debug: msg="blah"
"""
mock_is_role.return_value = False
with patch('os.path.exists') as mock_os_path_exists:
mock_os_path_exists.return_value = False
self._loader.path_dwim_relative('/tmp/roles/testrole/tasks', 'tasks', 'included2.yml')
# Fetch first args for every call
# mock_os_path_exists.assert_any_call isn't used because os.path.normpath must be used in order to compare paths
called_args = [os.path.normpath(to_text(call[0][0])) for call in mock_os_path_exists.call_args_list]
# 'path_dwim_relative' docstrings say 'with or without explicitly named dirname subdirs':
self.assertIn('/tmp/roles/testrole/tasks/included2.yml', called_args)
self.assertIn('/tmp/roles/testrole/tasks/tasks/included2.yml', called_args)
# relative directories below are taken in account too:
self.assertIn('tasks/included2.yml', called_args)
self.assertIn('included2.yml', called_args)
dataloader: unit tests (#50942) * dataloader: unit tests Based on work from Alikins (https://github.com/ansible/ansible/pull/16500) Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> * review comments Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2019-01-22 15:51:27 +01:00
def test_path_dwim_root(self):
self.assertEqual(self._loader.path_dwim('/'), '/')
def test_path_dwim_home(self):
self.assertEqual(self._loader.path_dwim('~'), os.path.expanduser('~'))
def test_path_dwim_tilde_slash(self):
self.assertEqual(self._loader.path_dwim('~/'), os.path.expanduser('~'))
def test_get_real_file(self):
self.assertEqual(self._loader.get_real_file(__file__), __file__)
def test_is_file(self):
self.assertTrue(self._loader.is_file(__file__))
def test_is_directory_positive(self):
self.assertTrue(self._loader.is_directory(os.path.dirname(__file__)))
def test_get_file_contents_none_path(self):
self.assertRaisesRegexp(AnsibleParserError, 'Invalid filename',
self._loader._get_file_contents, None)
def test_get_file_contents_non_existent_path(self):
self.assertRaises(AnsibleFileNotFound, self._loader._get_file_contents, '/non_existent_file')
class TestPathDwimRelativeDataLoader(unittest.TestCase):
def setUp(self):
self._loader = DataLoader()
def test_all_slash(self):
Replace TestCase.assertEquals with TestCase.assertEqual.
2019-11-06 14:54:25 +01:00
self.assertEqual(self._loader.path_dwim_relative('/', '/', '/'), '/')
dataloader: unit tests (#50942) * dataloader: unit tests Based on work from Alikins (https://github.com/ansible/ansible/pull/16500) Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> * review comments Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2019-01-22 15:51:27 +01:00
def test_path_endswith_role(self):
Replace TestCase.assertEquals with TestCase.assertEqual.
2019-11-06 14:54:25 +01:00
self.assertEqual(self._loader.path_dwim_relative(path='foo/bar/tasks/', dirname='/', source='/'), '/')
dataloader: unit tests (#50942) * dataloader: unit tests Based on work from Alikins (https://github.com/ansible/ansible/pull/16500) Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> * review comments Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2019-01-22 15:51:27 +01:00
def test_path_endswith_role_main_yml(self):
self.assertIn('main.yml', self._loader.path_dwim_relative(path='foo/bar/tasks/', dirname='/', source='main.yml'))
def test_path_endswith_role_source_tilde(self):
Replace TestCase.assertEquals with TestCase.assertEqual.
2019-11-06 14:54:25 +01:00
self.assertEqual(self._loader.path_dwim_relative(path='foo/bar/tasks/', dirname='/', source='~/'), os.path.expanduser('~'))
dataloader: unit tests (#50942) * dataloader: unit tests Based on work from Alikins (https://github.com/ansible/ansible/pull/16500) Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> * review comments Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2019-01-22 15:51:27 +01:00
class TestPathDwimRelativeStackDataLoader(unittest.TestCase):
def setUp(self):
self._loader = DataLoader()
def test_none(self):
self.assertRaisesRegexp(AnsibleFileNotFound, 'on the Ansible Controller', self._loader.path_dwim_relative_stack, None, None, None)
def test_empty_strings(self):
self.assertEqual(self._loader.path_dwim_relative_stack('', '', ''), './')
def test_empty_lists(self):
self.assertEqual(self._loader.path_dwim_relative_stack([], '', '~/'), os.path.expanduser('~'))
def test_all_slash(self):
Replace TestCase.assertEquals with TestCase.assertEqual.
2019-11-06 14:54:25 +01:00
self.assertEqual(self._loader.path_dwim_relative_stack('/', '/', '/'), '/')
dataloader: unit tests (#50942) * dataloader: unit tests Based on work from Alikins (https://github.com/ansible/ansible/pull/16500) Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> * review comments Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2019-01-22 15:51:27 +01:00
def test_path_endswith_role(self):
Replace TestCase.assertEquals with TestCase.assertEqual.
2019-11-06 14:54:25 +01:00
self.assertEqual(self._loader.path_dwim_relative_stack(paths=['foo/bar/tasks/'], dirname='/', source='/'), '/')
dataloader: unit tests (#50942) * dataloader: unit tests Based on work from Alikins (https://github.com/ansible/ansible/pull/16500) Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> * review comments Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2019-01-22 15:51:27 +01:00
def test_path_endswith_role_source_tilde(self):
Replace TestCase.assertEquals with TestCase.assertEqual.
2019-11-06 14:54:25 +01:00
self.assertEqual(self._loader.path_dwim_relative_stack(paths=['foo/bar/tasks/'], dirname='/', source='~/'), os.path.expanduser('~'))
dataloader: unit tests (#50942) * dataloader: unit tests Based on work from Alikins (https://github.com/ansible/ansible/pull/16500) Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> * review comments Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2019-01-22 15:51:27 +01:00
def test_path_endswith_role_source_main_yml(self):
self.assertRaises(AnsibleFileNotFound, self._loader.path_dwim_relative_stack, ['foo/bar/tasks/'], '/', 'main.yml')
def test_path_endswith_role_source_main_yml_source_in_dirname(self):
self.assertRaises(AnsibleFileNotFound, self._loader.path_dwim_relative_stack, 'foo/bar/tasks/', 'tasks', 'tasks/main.yml')
Add error info if tabs are found in the yaml (#18343) If a yaml file fails to load because of tabs being used for formatting, detect that and show a error message with more details.
2016-11-08 17:43:08 +01:00
Add a vault test to data_loader test and some additional yaml tests to parsing/yaml/test_loader
2015-04-03 20:35:01 +02:00
class TestDataLoaderWithVault(unittest.TestCase):
def setUp(self):
Starting to add additional unit tests for VariableManager Required some rewiring in inventory code to make sure we're using the DataLoader class for some data file operations, which makes mocking them much easier. Also identified two corner cases not currently handled by the code, related to inventory variable sources and which one "wins". Also noticed we weren't properly merging variables from multiple group/host_var file locations (inventory directory vs. playbook directory locations) so fixed as well.
2015-09-04 22:41:38 +02:00
self._loader = DataLoader()
Support multiple vault passwords (#22756) Fixes #13243 ** Add --vault-id to name/identify multiple vault passwords Use --vault-id to indicate id and path/type --vault-id=prompt # prompt for default vault id password --vault-id=myorg@prompt # prompt for a vault_id named 'myorg' --vault-id=a_password_file # load ./a_password_file for default id --vault-id=myorg@a_password_file # load file for 'myorg' vault id vault_id's are created implicitly for existing --vault-password-file and --ask-vault-pass options. Vault ids are just for UX purposes and bookkeeping. Only the vault payload and the password bytestring is needed to decrypt a vault blob. Replace passing password around everywhere with a VaultSecrets object. If we specify a vault_id, mention that in password prompts Specifying multiple -vault-password-files will now try each until one works ** Rev vault format in a backwards compatible way The 1.2 vault format adds the vault_id to the header line of the vault text. This is backwards compatible with older versions of ansible. Old versions will just ignore it and treat it as the default (and only) vault id. Note: only 2.4+ supports multiple vault passwords, so while earlier ansible versions can read the vault-1.2 format, it does not make them magically support multiple vault passwords. use 1.1 format for 'default' vault_id Vaulted items that need to include a vault_id will be written in 1.2 format. If we set a new DEFAULT_VAULT_IDENTITY, then the default will use version 1.2 vault will only use a vault_id if one is specified. So if none is specified and C.DEFAULT_VAULT_IDENTITY is 'default' we use the old format. ** Changes/refactors needed to implement multiple vault passwords raise exceptions on decrypt fail, check vault id early split out parsing the vault plaintext envelope (with the sha/original plaintext) to _split_plaintext_envelope() some cli fixups for specifying multiple paths in the unfrack_paths optparse callback fix py3 dict.keys() 'dict_keys object is not indexable' error pluralize cli.options.vault_password_file -> vault_password_files pluralize cli.options.new_vault_password_file -> new_vault_password_files pluralize cli.options.vault_id -> cli.options.vault_ids ** Add a config option (vault_id_match) to force vault id matching. With 'vault_id_match=True' and an ansible vault that provides a vault_id, then decryption will require that a matching vault_id is required. (via --vault-id=my_vault_id@password_file, for ex). In other words, if the config option is true, then only the vault secrets with matching vault ids are candidates for decrypting a vault. If option is false (the default), then all of the provided vault secrets will be selected. If a user doesn't want all vault secrets to be tried to decrypt any vault content, they can enable this option. Note: The vault id used for the match is not encrypted or cryptographically signed. It is just a label/id/nickname used for referencing a specific vault secret.
2017-07-28 21:20:58 +02:00
vault_secrets = [('default', TextVaultSecret('ansible'))]
self._loader.set_vault_secrets(vault_secrets)
dataloader: unit tests (#50942) * dataloader: unit tests Based on work from Alikins (https://github.com/ansible/ansible/pull/16500) Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> * review comments Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2019-01-22 15:51:27 +01:00
self.test_vault_data_path = os.path.join(os.path.dirname(__file__), 'fixtures', 'vault.yml')
Add a vault test to data_loader test and some additional yaml tests to parsing/yaml/test_loader
2015-04-03 20:35:01 +02:00
def tearDown(self):
pass
dataloader: unit tests (#50942) * dataloader: unit tests Based on work from Alikins (https://github.com/ansible/ansible/pull/16500) Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> * review comments Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2019-01-22 15:51:27 +01:00
def test_get_real_file_vault(self):
real_file_path = self._loader.get_real_file(self.test_vault_data_path)
self.assertTrue(os.path.exists(real_file_path))
def test_get_real_file_vault_no_vault(self):
self._loader.set_vault_secrets(None)
self.assertRaises(AnsibleParserError, self._loader.get_real_file, self.test_vault_data_path)
def test_get_real_file_vault_wrong_password(self):
wrong_vault = [('default', TextVaultSecret('wrong_password'))]
self._loader.set_vault_secrets(wrong_vault)
self.assertRaises(AnsibleVaultError, self._loader.get_real_file, self.test_vault_data_path)
def test_get_real_file_not_a_path(self):
self.assertRaisesRegexp(AnsibleParserError, 'Invalid filename', self._loader.get_real_file, None)
Add a vault test to data_loader test and some additional yaml tests to parsing/yaml/test_loader
2015-04-03 20:35:01 +02:00
@patch.multiple(DataLoader, path_exists=lambda s, x: True, is_file=lambda s, x: True)
def test_parse_from_vault_1_1_file(self):
vaulted_data = """$ANSIBLE_VAULT;1.1;AES256
33343734386261666161626433386662623039356366656637303939306563376130623138626165
6436333766346533353463636566313332623130383662340a393835656134633665333861393331
37666233346464636263636530626332623035633135363732623332313534306438393366323966
3135306561356164310a343937653834643433343734653137383339323330626437313562306630
3035
"""
Compatibility with six-1.3.0
2015-09-08 18:46:12 +02:00
if PY3:
Applied some stashed fixes. * Fixed file.close() typo in test_vault_editor * Updated unicode.py to redefine basestring properly in python3 and fixed a couple missed py27 specific code. * Realized the patch in test_data_loader was still failing cause we are passing the string 'builtins.open' and not actually using it in that file and soe instead of failing in py34 it would fail in py27.
2015-04-16 22:01:13 +02:00
builtins_name = 'builtins'
Compatibility with six-1.3.0
2015-09-08 18:46:12 +02:00
else:
builtins_name = '__builtin__'
Applied some stashed fixes. * Fixed file.close() typo in test_vault_editor * Updated unicode.py to redefine basestring properly in python3 and fixed a couple missed py27 specific code. * Realized the patch in test_data_loader was still failing cause we are passing the string 'builtins.open' and not actually using it in that file and soe instead of failing in py34 it would fail in py27.
2015-04-16 22:01:13 +02:00
Implement vault encrypted yaml variables. (#16274) Make !vault-encrypted create a AnsibleVaultUnicode yaml object that can be used as a regular string object. This allows a playbook to include a encrypted vault blob for the value of a yaml variable. A 'secret_password' variable can have it's value encrypted instead of having to vault encrypt an entire vars file. Add __ENCRYPTED__ to the vault yaml types so template.Template can treat it similar to __UNSAFE__ flags. vault.VaultLib api changes: - Split VaultLib.encrypt to encrypt and encrypt_bytestring - VaultLib.encrypt() previously accepted the plaintext data as either a byte string or a unicode string. Doing the right thing based on the input type would fail on py3 if given a arg of type 'bytes'. To simplify the API, vaultlib.encrypt() now assumes input plaintext is a py2 unicode or py3 str. It will encode to utf-8 then call the new encrypt_bytestring(). The new methods are less ambiguous. - moved VaultLib.is_encrypted logic to vault module scope and split to is_encrypted() and is_encrypted_file(). Add a test/unit/mock/yaml_helper.py It has some helpers for testing parsing/yaml Integration tests added as roles test_vault and test_vault_embedded
2016-08-24 02:03:11 +02:00
with patch(builtins_name + '.open', mock_open(read_data=vaulted_data.encode('utf-8'))):
Add a vault test to data_loader test and some additional yaml tests to parsing/yaml/test_loader
2015-04-03 20:35:01 +02:00
output = self._loader.load_from_file('dummy_vault.txt')
self.assertEqual(output, dict(foo='bar'))
Reference in a new issue Copy permalink