Commit graph

91 commits

Author SHA1 Message Date
Brian Coca
a2c38c47aa added docs for vault and made trigger shorter: !vault (#20985)
* added docs for vault and made trigger shorter: !vault

* added single var valuting

* Update playbooks_vault.rst

Edit pass for spelling and grammar. Ship it!

* Update playbooks_vault.rst

Typo fixes.
2017-02-03 15:28:50 -05:00
Matt Clay
10d9318de7 PEP 8 indent cleanup. (#20800)
* PEP 8 E121 cleanup.

* PEP 8 E126 cleanup.

* PEP 8 E122 cleanup.
2017-01-29 07:28:53 +00:00
Matt Clay
cd3fdca540 Switch tests to pytest and ansible-test.
- Replace nose usage with pytest.
- Remove legacy Shippable integration.sh.
- Update Makefile to use pytest and ansible-test.
- Convert most yield unit tests to pytest parametrize.
2017-01-11 12:34:59 -08:00
Adrian Likins
c771ab34c7 Add a encode() to AnsibleVaultEncryptedUnicode (#19840)
* Add a encode() to AnsibleVaultEncryptedUnicode

Without it, calling encode() on it results in a bytestring
of the encrypted !vault-encrypted string.

ssh connection plugin triggers this if ansible_password
is from a var using !vault-encrypted. That path ends up
calling .encode() instead of using the __str__.

Fixes #19795

* Fix str.encode() errors on py2.6

py2.6 str.encode() does not take keyword arguments.
2017-01-04 12:17:19 -05:00
Matt Clay
ac8842eee8 Fix unit test dirs to match code under test. 2016-11-10 18:59:07 -08:00
Adrian Likins
51e3ef89a9 Add error info if tabs are found in the yaml (#18343)
If a yaml file fails to load because of tabs being used
for formatting, detect that and show a error message
with more details.
2016-11-08 11:43:08 -05:00
Matt Clay
8c270ac75f Add empty-init code-smell script. (#18406)
Also removed boilerplate from otherwise empty __init__.py files
which should not contain any code (checked by empty-init script).
2016-11-07 15:02:13 -08:00
Adrian Likins
dd0189839e Fix bug (#18355) where encrypted inventories fail 18355 (#18373)
* Fix bug (#18355) where encrypted inventories fail

This is first part of fix for #18355
* Make DataLoader._get_file_contents return bytes

The issue #18355 is caused by a change to inventory to
stop using _get_file_contents so that it can handle text
encoding itself to better protect against harmless text
encoding errors in ini files (invalid unicode text in
comment fields).

So this makes _get_file_contents return bytes so it and other
callers can handle the to_text().

The data returned by _get_file_contents() is now a bytes object
instead of a text object. The callers of _get_file_contents() have
been updated to call to_text() themselves on the results.

Previously, the ini parser attempted to work around
ini files that potentially include non-vailid unicode
in comment lines. To do this, it stopped using
DataLoader._get_file_contents() which does the decryption of
files if vault encrypted. It didn't use that because _get_file_contents
previously did to_text() on the read data itself.

_get_file_contents() returns a bytestring now, so ini.py
can call it and still special case ini file comments when
converting to_text(). That also means encrypted inventory files
are decrypted first.

Fixes #18355
2016-11-07 10:07:26 -05:00
Matt Clay
0d46805979 Clean up shebangs for various files.
- Remove shebangs from:
  - ini files
  - unit tests
  - module_utils
  - plugins
  - module_docs_fragments
  - non-executable Makefiles
- Change non-modules from '/usr/bin/python' to '/usr/bin/env python'.
- Change '/bin/env' to '/usr/bin/env'.

Also removed main functions from unit tests (since they no longer
have a shebang) and fixed a python 3 compatibility issue with
update_bundled.py so it does not need to specify a python 2 shebang.

A script was added to check for unexpected shebangs in files.
This script is run during CI on Shippable.
2016-11-02 17:00:27 -07:00
Toshio Kuratomi
e70066a6f7 Many Cleanups to vault
* Make is_encrypted_file handle both files opened in text and binary mode
  On python3, by default files are opened in text mode.  Since we know
  the encoding of vault files (and especially the header which is the
  first set of bytes) we can decide whether the file is an encrypted
  vault file in either case.
* Fix is_encrypted_file not resetting the file position
* Update is_encrypted_file to check that all the data in the file is ascii
* For is_encrypted_file(), add start_pos and count parameters
  This allows callers to specify reading vaulttext from the middle of
  a file if necessary.
* Combine VaultLib.encrypt() and VaultLib.encrypt_bytestring()
* Change vault's is_encrypted() to take either text or byte strings and to return False if any part of the data is non-ascii.
* Remove unnecessary use of six.b
* Vault Cipher: mark a few methods as private.
* VaultAES256._is_equal throws a TypeError if given non byte strings
* Make VaultAES256 methods that don't need self staticmethods and classmethods
* Mark VaultAES and is_encrypted as deprecated
* Get rid of VaultFile (unused and feature implemented in a different way)
* Normalize variable and parameter names on plaintext, ciphertext, vaulttext
* Normalize variable and parameter names on "b_" prefix when dealing with bytes
* Test changes:
  * Remove redundant tests( both checking the same byte string)
  * Fix use of format string without format operator
  * Enable vault editor tests on python3
  * Initialize the vault_cipher for VaultAES256 testing in setUp()
  * Make assertTrue and assertFalse take the actual method calls for
    better error messages.
  * Test that non-ascii byte strings compare correctly.
  * Test that unicode strings and ints raise TypeError

* Test-specific:
  * Removed test_methods_exist().  We only have one VaultLib so the
    implementation is the assurance that the methods exist. (Can use an abc for
    this if it changes).
  * Add tests for both byte string and text string input where the API takes either.
  * Convert "assert" to unittest assert functions or add a custom message where
    that will make failures easier to debug.
  * Move instantiating the VaultLib into setUp().
2016-09-15 15:22:06 -07:00
Toshio Kuratomi
4ed88512e4 Move uses of to_bytes, to_text, to_native to use the module_utils version (#17423)
We couldn't copy to_unicode, to_bytes, to_str into module_utils because
of licensing.  So once created it we had two sets of functions that did
the same things but had different implementations.  To remedy that, this
change removes the ansible.utils.unicode versions of those functions.
2016-09-06 22:54:17 -07:00
Toshio Kuratomi
44d979c8f5 Enable most unittests on python3 (just some vault unittests and a logging one left) (#17240)
Make some python3 fixes to make the unittests pass:

* galaxy imports
* dictionary iteration in role requirements
* swap_stdout helper for unittests
* Normalize to text string in a facts.py function
2016-08-25 07:30:03 -07:00
Adrian Likins
e396d5d508 Implement vault encrypted yaml variables. (#16274)
Make !vault-encrypted create a AnsibleVaultUnicode
yaml object that can be used as a regular string object.

This allows a playbook to include a encrypted vault
blob for the value of a yaml variable. A 'secret_password'
variable can have it's value encrypted instead of having
to vault encrypt an entire vars file.

Add __ENCRYPTED__ to the vault yaml types so
template.Template can treat it similar
to __UNSAFE__ flags.

vault.VaultLib api changes:
    - Split VaultLib.encrypt to encrypt and encrypt_bytestring

    - VaultLib.encrypt() previously accepted the plaintext data
      as either a byte string or a unicode string.
      Doing the right thing based on the input type would fail
      on py3 if given a arg of type 'bytes'. To simplify the
      API, vaultlib.encrypt() now assumes input plaintext is a
      py2 unicode or py3 str. It will encode to utf-8 then call
      the new encrypt_bytestring(). The new methods are less
      ambiguous.

    - moved VaultLib.is_encrypted logic to vault module scope
      and split to is_encrypted() and is_encrypted_file().

Add a test/unit/mock/yaml_helper.py
It has some helpers for testing parsing/yaml

Integration tests added as roles test_vault and test_vault_embedded
2016-08-23 20:03:11 -04:00
James Cammarata
5fdac707fd New unit tests for #13630 fix 2016-03-28 15:54:07 -04:00
James Cammarata
c56e3aabfb Clean up jsonify unit test with format to remove json lib differences 2016-02-29 15:08:59 -05:00
James Cammarata
7c049c3200 Fixing up jsonify and adding unit tests 2016-02-29 14:51:23 -05:00
Toshio Kuratomi
7cb29cdbec Workaround py2.6's StringIO 2016-02-26 17:59:00 -08:00
Toshio Kuratomi
b70bf3b056 Use io.StringIO and io.BytesIO instead of StringIO.StringIO for compat with py3 2016-02-26 16:43:05 -08:00
Brian Coca
75e94e0cba allow for non standard hostnames
* Changed parse_addresses to throw exceptions instead of passing None
* Switched callers to trap and pass through the original values.
* Added very verbose notice
* Look at deprecating this and possibly validate at plugin instead
fixes #13608
2015-12-21 13:42:34 -05:00
Toshio Kuratomi
4203850d1a Break apart a looped dependency to show a warning when parsing playbooks
Display a warning when a dict key is overwritten by pyyaml
Fixes #12888
2015-10-27 12:39:42 -07:00
James Cammarata
86de1429e5 Cleaning up FIXMEs 2015-10-22 16:03:50 -04:00
Marius Gedminas
ec3ada1cda Fix test on Python 3: vault code expects bytes
(All tests now succeed on Python 3.5)
2015-10-16 09:13:46 +03:00
Marius Gedminas
5c70f932bd Fix test on Python 3: vault code expects bytes
(Third failing test out of four.)
2015-10-16 09:12:49 +03:00
Marius Gedminas
a1d95536f9 Fix test on Python 3: vault code expects bytes
(Different test than the last commit.)
2015-10-16 09:11:34 +03:00
Marius Gedminas
f58f0c62e1 Fix test on Python 3: vault code expects bytes 2015-10-16 09:10:25 +03:00
Brian Coca
abf2e13955 Revert "Track local_action internally to prevent it from being overridden"
This reverts commit 49ca0eb797.
2015-10-09 13:01:32 -04:00
Abhijit Menon-Sen
838e71edb7 Add more exhaustive tests for various IPv6 address notations 2015-09-30 16:15:39 +05:30
Abhijit Menon-Sen
2d420a9bb7 Allow hexadecimal ranges in IPv6 addresses, not only 0-9 2015-09-17 23:32:58 +05:30
James Cammarata
49ca0eb797 Track local_action internally to prevent it from being overridden
Fixes #12053
2015-09-14 12:11:58 -04:00
Abhijit Menon-Sen
7479ab47e0 Be stricter about parsing hostname labels
Labels must start with an alphanumeric character, may contain
alphanumeric characters or hyphens, but must not end with a hyphen.
We enforce those rules, but allow underscores wherever hyphens are
accepted, and allow alphanumeric ranges anywhere.

We relax the definition of "alphanumeric" to include Unicode characters
even though such inventory hostnames cannot be used in practice unless
an ansible_ssh_host is set for each of them.

We still don't enforce length restrictions—the fact that we have to
accept ranges makes it more complex, and it doesn't seem especially
worthwhile.
2015-09-11 21:47:19 +05:30
Abhijit Menon-Sen
065bb52109 Be systematic about parsing and validating hostnames and addresses
This adds a parse_address(pattern) utility function that returns
(host,port), and uses it wherever where we accept IPv4 and IPv6
addresses and hostnames (or host patterns): the inventory parser
the the add_host action plugin.

It also introduces a more extensive set of unit tests that supersedes
the old add_host unit tests (which didn't actually test add_host, but
only the parsing function).
2015-09-11 21:47:18 +05:30
Toshio Kuratomi
c1039de70c Compatibility with six-1.3.0 2015-09-08 09:46:12 -07:00
James Cammarata
ff9f5d7dc8 Starting to add additional unit tests for VariableManager
Required some rewiring in inventory code to make sure we're using
the DataLoader class for some data file operations, which makes mocking
them much easier.

Also identified two corner cases not currently handled by the code, related
to inventory variable sources and which one "wins". Also noticed we weren't
properly merging variables from multiple group/host_var file locations
(inventory directory vs. playbook directory locations) so fixed as well.
2015-09-04 16:41:38 -04:00
Abhijit Menon-Sen
4f3a98eff6 Update Vault tests to make sure AES decryption works
Note that this test was broken in devel because it was really just
duplicating the AES256 test because setting v.cipher_name to 'AES'
no longer selected AES after it was de-write-whitelisted.

Now that we've removed the VaultAES encryption code, we embed static
output from an earlier version and test that we can decrypt it.
2015-08-27 18:36:05 +05:30
Abhijit Menon-Sen
b84053019a Make the filename the first argument to rekey_file 2015-08-26 19:54:59 +05:30
Abhijit Menon-Sen
c4b2540ecc Update tests for VaultEditor API changes 2015-08-26 19:52:20 +05:30
Toshio Kuratomi
a3fd4817ef Unicode and other fixes for vault 2015-08-25 12:43:09 -07:00
Brian Coca
69f380da3a changed mod_args test to match connection 2015-08-19 00:34:37 -04:00
Toshio Kuratomi
f44f9569e1 Test unquote works as expected and fix two bugs:
* escaped end quote
* a single quote character
2015-07-06 13:16:42 -07:00
Matt Martz
2cd3a1be00 assertRaises should be given an exception type. Fixes 11441 2015-06-30 11:02:33 -05:00
James Cammarata
ce3ef7f4c1 Making the switch to v2 2015-05-03 21:47:26 -05:00