e396d5d508
Make !vault-encrypted create a AnsibleVaultUnicode
yaml object that can be used as a regular string object.
This allows a playbook to include a encrypted vault
blob for the value of a yaml variable. A 'secret_password'
variable can have it's value encrypted instead of having
to vault encrypt an entire vars file.
Add __ENCRYPTED__ to the vault yaml types so
template.Template can treat it similar
to __UNSAFE__ flags.
vault.VaultLib api changes:
- Split VaultLib.encrypt to encrypt and encrypt_bytestring
- VaultLib.encrypt() previously accepted the plaintext data
as either a byte string or a unicode string.
Doing the right thing based on the input type would fail
on py3 if given a arg of type 'bytes'. To simplify the
API, vaultlib.encrypt() now assumes input plaintext is a
py2 unicode or py3 str. It will encode to utf-8 then call
the new encrypt_bytestring(). The new methods are less
ambiguous.
- moved VaultLib.is_encrypted logic to vault module scope
and split to is_encrypted() and is_encrypted_file().
Add a test/unit/mock/yaml_helper.py
It has some helpers for testing parsing/yaml
Integration tests added as roles test_vault and test_vault_embedded
|
||
|---|---|---|
| .. | ||
| code-smell | ||
| integration | ||
| samples | ||
| units | ||
| utils | ||
| README.md | ||
Ansible Test System
Folders
unit
Unit tests that test small pieces of code not suited for the integration test layer, usually very API based, and should leverage mock interfaces rather than producing side effects.
Playbook engine code is better suited for integration tests.
Requirements: sudo pip install paramiko PyYAML jinja2 httplib2 passlib nose mock
integration
Integration test layer, constructed using playbooks.
Some tests may require cloud credentials, others will not, and destructive tests are separated from non-destructive so a subset can be run on development machines.
learn more
hop into a subdirectory and see the associated README.md for more info.