Commit graph

79 commits

Author SHA1 Message Date
Adrian Likins
e396d5d508 Implement vault encrypted yaml variables. (#16274)
Make !vault-encrypted create a AnsibleVaultUnicode
yaml object that can be used as a regular string object.

This allows a playbook to include a encrypted vault
blob for the value of a yaml variable. A 'secret_password'
variable can have it's value encrypted instead of having
to vault encrypt an entire vars file.

Add __ENCRYPTED__ to the vault yaml types so
template.Template can treat it similar
to __UNSAFE__ flags.

vault.VaultLib api changes:
    - Split VaultLib.encrypt to encrypt and encrypt_bytestring

    - VaultLib.encrypt() previously accepted the plaintext data
      as either a byte string or a unicode string.
      Doing the right thing based on the input type would fail
      on py3 if given a arg of type 'bytes'. To simplify the
      API, vaultlib.encrypt() now assumes input plaintext is a
      py2 unicode or py3 str. It will encode to utf-8 then call
      the new encrypt_bytestring(). The new methods are less
      ambiguous.

    - moved VaultLib.is_encrypted logic to vault module scope
      and split to is_encrypted() and is_encrypted_file().

Add a test/unit/mock/yaml_helper.py
It has some helpers for testing parsing/yaml

Integration tests added as roles test_vault and test_vault_embedded
2016-08-23 20:03:11 -04:00
James Cammarata
5fdac707fd New unit tests for #13630 fix 2016-03-28 15:54:07 -04:00
James Cammarata
c56e3aabfb Clean up jsonify unit test with format to remove json lib differences 2016-02-29 15:08:59 -05:00
James Cammarata
7c049c3200 Fixing up jsonify and adding unit tests 2016-02-29 14:51:23 -05:00
Toshio Kuratomi
7cb29cdbec Workaround py2.6's StringIO 2016-02-26 17:59:00 -08:00
Toshio Kuratomi
b70bf3b056 Use io.StringIO and io.BytesIO instead of StringIO.StringIO for compat with py3 2016-02-26 16:43:05 -08:00
Brian Coca
75e94e0cba allow for non standard hostnames
* Changed parse_addresses to throw exceptions instead of passing None
* Switched callers to trap and pass through the original values.
* Added very verbose notice
* Look at deprecating this and possibly validate at plugin instead
fixes #13608
2015-12-21 13:42:34 -05:00
Toshio Kuratomi
4203850d1a Break apart a looped dependency to show a warning when parsing playbooks
Display a warning when a dict key is overwritten by pyyaml
Fixes #12888
2015-10-27 12:39:42 -07:00
James Cammarata
86de1429e5 Cleaning up FIXMEs 2015-10-22 16:03:50 -04:00
Marius Gedminas
ec3ada1cda Fix test on Python 3: vault code expects bytes
(All tests now succeed on Python 3.5)
2015-10-16 09:13:46 +03:00
Marius Gedminas
5c70f932bd Fix test on Python 3: vault code expects bytes
(Third failing test out of four.)
2015-10-16 09:12:49 +03:00
Marius Gedminas
a1d95536f9 Fix test on Python 3: vault code expects bytes
(Different test than the last commit.)
2015-10-16 09:11:34 +03:00
Marius Gedminas
f58f0c62e1 Fix test on Python 3: vault code expects bytes 2015-10-16 09:10:25 +03:00
Brian Coca
abf2e13955 Revert "Track local_action internally to prevent it from being overridden"
This reverts commit 49ca0eb797.
2015-10-09 13:01:32 -04:00
Abhijit Menon-Sen
838e71edb7 Add more exhaustive tests for various IPv6 address notations 2015-09-30 16:15:39 +05:30
Abhijit Menon-Sen
2d420a9bb7 Allow hexadecimal ranges in IPv6 addresses, not only 0-9 2015-09-17 23:32:58 +05:30
James Cammarata
49ca0eb797 Track local_action internally to prevent it from being overridden
Fixes #12053
2015-09-14 12:11:58 -04:00
Abhijit Menon-Sen
7479ab47e0 Be stricter about parsing hostname labels
Labels must start with an alphanumeric character, may contain
alphanumeric characters or hyphens, but must not end with a hyphen.
We enforce those rules, but allow underscores wherever hyphens are
accepted, and allow alphanumeric ranges anywhere.

We relax the definition of "alphanumeric" to include Unicode characters
even though such inventory hostnames cannot be used in practice unless
an ansible_ssh_host is set for each of them.

We still don't enforce length restrictions—the fact that we have to
accept ranges makes it more complex, and it doesn't seem especially
worthwhile.
2015-09-11 21:47:19 +05:30
Abhijit Menon-Sen
065bb52109 Be systematic about parsing and validating hostnames and addresses
This adds a parse_address(pattern) utility function that returns
(host,port), and uses it wherever where we accept IPv4 and IPv6
addresses and hostnames (or host patterns): the inventory parser
the the add_host action plugin.

It also introduces a more extensive set of unit tests that supersedes
the old add_host unit tests (which didn't actually test add_host, but
only the parsing function).
2015-09-11 21:47:18 +05:30
Toshio Kuratomi
c1039de70c Compatibility with six-1.3.0 2015-09-08 09:46:12 -07:00
James Cammarata
ff9f5d7dc8 Starting to add additional unit tests for VariableManager
Required some rewiring in inventory code to make sure we're using
the DataLoader class for some data file operations, which makes mocking
them much easier.

Also identified two corner cases not currently handled by the code, related
to inventory variable sources and which one "wins". Also noticed we weren't
properly merging variables from multiple group/host_var file locations
(inventory directory vs. playbook directory locations) so fixed as well.
2015-09-04 16:41:38 -04:00
Abhijit Menon-Sen
4f3a98eff6 Update Vault tests to make sure AES decryption works
Note that this test was broken in devel because it was really just
duplicating the AES256 test because setting v.cipher_name to 'AES'
no longer selected AES after it was de-write-whitelisted.

Now that we've removed the VaultAES encryption code, we embed static
output from an earlier version and test that we can decrypt it.
2015-08-27 18:36:05 +05:30
Abhijit Menon-Sen
b84053019a Make the filename the first argument to rekey_file 2015-08-26 19:54:59 +05:30
Abhijit Menon-Sen
c4b2540ecc Update tests for VaultEditor API changes 2015-08-26 19:52:20 +05:30
Toshio Kuratomi
a3fd4817ef Unicode and other fixes for vault 2015-08-25 12:43:09 -07:00
Brian Coca
69f380da3a changed mod_args test to match connection 2015-08-19 00:34:37 -04:00
Toshio Kuratomi
f44f9569e1 Test unquote works as expected and fix two bugs:
* escaped end quote
* a single quote character
2015-07-06 13:16:42 -07:00
Matt Martz
2cd3a1be00 assertRaises should be given an exception type. Fixes 11441 2015-06-30 11:02:33 -05:00
James Cammarata
ce3ef7f4c1 Making the switch to v2 2015-05-03 21:47:26 -05:00