Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve tests related to vault processing #3306

Merged
merged 2 commits into from
Apr 19, 2023
Merged

Improve tests related to vault processing #3306

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
eb158b1
Improve tests related to vaults
ssbarnea Apr 19, 2023
ec433cb
chore: auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Apr 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/tox.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ jobs:
WSLENV: FORCE_COLOR:PYTEST_REQPASS:TOXENV:GITHUB_STEP_SUMMARY
# Number of expected test passes, safety measure for accidental skip of
# tests. Update value if you add/remove tests.
PYTEST_REQPASS: 793
PYTEST_REQPASS: 794
steps:
- name: Activate WSL1
if: "contains(matrix.shell, 'wsl')"
Expand Down
1 change: 1 addition & 0 deletions examples/playbooks/vars/not_decryptable.yml → examples/playbooks/vars/vault_full.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
---
Copy link

@pascal-hofmann pascal-hofmann Jun 27, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding the document start breaks ansible-vault for me:

ERROR! input is not vault encrypted data. …

% ansible-vault --version
ansible-vault [core 2.14.5]
  python version = 3.11.3
  jinja version = 3.1.2
  libyaml = False

$ANSIBLE_VAULT;1.1;AES256
35366433323361393130396530643233373262666636646439303032366431303363316232313738
3738636130636431623936303932306430316635663136610a353737333966353462333532393631
Expand Down
8 changes: 8 additions & 0 deletions examples/playbooks/vars/vault_partial.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
ldap_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
35323062386261383633623963303361313937653837333033613933623434343138663331336164
3534373564393166656664306537633035613962356662645a316562353832363736313935383665
33306432623765646338303236363061326538653163643466643446716164326364643937623365
6239383765373639390a646361343566353934633532376231653838386231653865386665303733
34336534613538326639306139363538306636383463663437643466653064646363
1 change: 1 addition & 0 deletions src/ansiblelint/rules/schema.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,7 @@ def matchyaml(self, file: Lintable) -> list[MatchError]:
if errors[0].startswith("Failed to load YAML file"):
_logger.debug(
"Ignored failure to load %s for schema validation, as !vault may cause it.",
file,
)
return []

Expand Down
21 changes: 18 additions & 3 deletions test/test_examples.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,13 +54,28 @@ def test_example_custom_module(default_rules_collection: RulesCollection) -> Non
assert len(result) == 0, f"{app.runtime.cache_dir}"


def test_full_vault(default_rules_collection: RulesCollection) -> None:
"""custom_module.yml is expected to pass."""
def test_vault_full(default_rules_collection: RulesCollection) -> None:
"""Check ability to process fully vaulted files."""
result = Runner(
"examples/playbooks/vars/vault_full.yml",
rules=default_rules_collection,
).run()
assert len(result) == 0


def test_vault_partial(
default_rules_collection: RulesCollection,
caplog: pytest.LogCaptureFixture,
) -> None:
"""Check ability to precess files that container !vault inside."""
result = Runner(
"examples/playbooks/vars/not_decryptable.yml",
"examples/playbooks/vars/vault_partial.yml",
rules=default_rules_collection,
).run()
assert len(result) == 0
# Ensure that we do not have side-effect extra logging even if the vault
# content cannot be decrypted.
assert caplog.record_tuples == []


def test_custom_kinds() -> None:
Expand Down