diff --git a/.github/workflows/tox.yml b/.github/workflows/tox.yml index 454567801c..d24ce77db3 100644 --- a/.github/workflows/tox.yml +++ b/.github/workflows/tox.yml @@ -59,7 +59,7 @@ jobs: WSLENV: FORCE_COLOR:PYTEST_REQPASS:TOXENV:GITHUB_STEP_SUMMARY # Number of expected test passes, safety measure for accidental skip of # tests. Update value if you add/remove tests. - PYTEST_REQPASS: 793 + PYTEST_REQPASS: 794 steps: - name: Activate WSL1 if: "contains(matrix.shell, 'wsl')" diff --git a/examples/playbooks/vars/not_decryptable.yml b/examples/playbooks/vars/vault_full.yml similarity index 99% rename from examples/playbooks/vars/not_decryptable.yml rename to examples/playbooks/vars/vault_full.yml index 9a19b07173..c432c62e7e 100644 --- a/examples/playbooks/vars/not_decryptable.yml +++ b/examples/playbooks/vars/vault_full.yml @@ -1,3 +1,4 @@ +--- $ANSIBLE_VAULT;1.1;AES256 35366433323361393130396530643233373262666636646439303032366431303363316232313738 3738636130636431623936303932306430316635663136610a353737333966353462333532393631 diff --git a/examples/playbooks/vars/vault_partial.yml b/examples/playbooks/vars/vault_partial.yml new file mode 100644 index 0000000000..9806786540 --- /dev/null +++ b/examples/playbooks/vars/vault_partial.yml @@ -0,0 +1,8 @@ +--- +ldap_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 35323062386261383633623963303361313937653837333033613933623434343138663331336164 + 3534373564393166656664306537633035613962356662645a316562353832363736313935383665 + 33306432623765646338303236363061326538653163643466643446716164326364643937623365 + 6239383765373639390a646361343566353934633532376231653838386231653865386665303733 + 34336534613538326639306139363538306636383463663437643466653064646363 diff --git a/src/ansiblelint/rules/schema.py b/src/ansiblelint/rules/schema.py index 4913d10fab..ab88c5482f 100644 --- a/src/ansiblelint/rules/schema.py +++ b/src/ansiblelint/rules/schema.py @@ -86,6 +86,7 @@ def matchyaml(self, file: Lintable) -> list[MatchError]: if errors[0].startswith("Failed to load YAML file"): _logger.debug( "Ignored failure to load %s for schema validation, as !vault may cause it.", + file, ) return [] diff --git a/test/test_examples.py b/test/test_examples.py index 6f4220bc11..15036e74bf 100644 --- a/test/test_examples.py +++ b/test/test_examples.py @@ -54,13 +54,28 @@ def test_example_custom_module(default_rules_collection: RulesCollection) -> Non assert len(result) == 0, f"{app.runtime.cache_dir}" -def test_full_vault(default_rules_collection: RulesCollection) -> None: - """custom_module.yml is expected to pass.""" +def test_vault_full(default_rules_collection: RulesCollection) -> None: + """Check ability to process fully vaulted files.""" + result = Runner( + "examples/playbooks/vars/vault_full.yml", + rules=default_rules_collection, + ).run() + assert len(result) == 0 + + +def test_vault_partial( + default_rules_collection: RulesCollection, + caplog: pytest.LogCaptureFixture, +) -> None: + """Check ability to precess files that container !vault inside.""" result = Runner( - "examples/playbooks/vars/not_decryptable.yml", + "examples/playbooks/vars/vault_partial.yml", rules=default_rules_collection, ).run() assert len(result) == 0 + # Ensure that we do not have side-effect extra logging even if the vault + # content cannot be decrypted. + assert caplog.record_tuples == [] def test_custom_kinds() -> None: