|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
# Copyright (c) 2018 Marcus Watkins <marwatk@marcuswatkins.net>
|
|
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
|
|
|
|
|
|
from ansible.compat.tests.mock import patch
|
|
|
|
from ansible.modules.source_control import gitlab_deploy_key
|
|
|
|
from ansible.module_utils._text import to_bytes
|
|
|
|
from ansible.module_utils import basic
|
|
|
|
|
|
|
|
import pytest
|
|
|
|
import json
|
|
|
|
|
AnsiballZ improvements
Now that we don't need to worry about python-2.4 and 2.5, we can make
some improvements to the way AnsiballZ handles modules.
* Change AnsiballZ wrapper to use import to invoke the module
We need the module to think of itself as a script because it could be
coded as:
main()
or as:
if __name__ == '__main__':
main()
Or even as:
if __name__ == '__main__':
random_function_name()
A script will invoke all of those. Prior to this change, we invoked
a second Python interpreter on the module so that it really was
a script. However, this means that we have to run python twice (once
for the AnsiballZ wrapper and once for the module). This change makes
the module think that it is a script (because __name__ in the module ==
'__main__') but it's actually being invoked by us importing the module
code.
There's three ways we've come up to do this.
* The most elegant is to use zipimporter and tell the import mechanism
that the module being loaded is __main__:
* https://github.com/abadger/ansible/blob/5959f11c9ddb7b6eaa9c3214560bd85e631d4055/lib/ansible/executor/module_common.py#L175
* zipimporter is nice because we do not have to extract the module from
the zip file and save it to the disk when we do that. The import
machinery does it all for us.
* The drawback is that modules do not have a __file__ which points
to a real file when they do this. Modules could be using __file__
to for a variety of reasons, most of those probably have
replacements (the most common one is to find a writable directory
for temporary files. AnsibleModule.tmpdir should be used instead)
We can monkeypatch __file__ in fom AnsibleModule initialization
but that's kind of gross. There's no way I can see to do this
from the wrapper.
* Next, there's imp.load_module():
* https://github.com/abadger/ansible/blob/340edf7489/lib/ansible/executor/module_common.py#L151
* imp has the nice property of allowing us to set __name__ to
__main__ without changing the name of the file itself
* We also don't have to do anything special to set __file__ for
backwards compatibility (although the reason for that is the
drawback):
* Its drawback is that it requires the file to exist on disk so we
have to explicitly extract it from the zipfile and save it to
a temporary file
* The last choice is to use exec to execute the module:
* https://github.com/abadger/ansible/blob/f47a4ccc76/lib/ansible/executor/module_common.py#L175
* The code we would have to maintain for this looks pretty clean.
In the wrapper we create a ModuleType, set __file__ on it, read
the module's contents in from the zip file and then exec it.
* Drawbacks: We still have to explicitly extract the file's contents
from the zip archive instead of letting python's import mechanism
handle it.
* Exec also has hidden performance issues and breaks certain
assumptions that modules could be making about their own code:
http://lucumr.pocoo.org/2011/2/1/exec-in-python/
Our plan is to use imp.load_module() for now, deprecate the use of
__file__ in modules, and switch to zipimport once the deprecation
period for __file__ is over (without monkeypatching a fake __file__ in
via AnsibleModule).
* Rename the name of the AnsiBallZ wrapped module
This makes it obvious that the wrapped module isn't the module file that
we distribute. It's part of trying to mitigate the fact that the module
is now named __main)).py in tracebacks.
* Shield all wrapper symbols inside of a function
With the new import code, all symbols in the wrapper become visible in
the module. To mitigate the chance of collisions, move most symbols
into a toplevel function. The only symbols left in the global namespace
are now _ANSIBALLZ_WRAPPER and _ansiballz_main.
revised porting guide entry
Integrate code coverage collection into AnsiballZ.
ci_coverage
ci_complete
7 years ago
|
|
|
from units.modules.utils import set_module_args
|
|
|
|
|
|
|
|
|
|
|
|
fake_server_state = [
|
|
|
|
{
|
|
|
|
"id": 1,
|
|
|
|
"title": "Public key",
|
|
|
|
"key": 'ssh-rsa long/+base64//+string==',
|
|
|
|
"created_at": "2013-10-02T10:12:29Z",
|
|
|
|
"can_push": False
|
|
|
|
},
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
class FakeReader:
|
|
|
|
def __init__(self, object):
|
|
|
|
self.content = json.dumps(object, sort_keys=True)
|
|
|
|
|
|
|
|
def read(self):
|
|
|
|
return self.content
|
|
|
|
|
|
|
|
|
|
|
|
class AnsibleExitJson(Exception):
|
|
|
|
"""Exception class to be raised by module.exit_json and caught by the test case"""
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
class AnsibleFailJson(Exception):
|
|
|
|
"""Exception class to be raised by module.fail_json and caught by the test case"""
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
def exit_json(*args, **kwargs):
|
|
|
|
"""function to patch over exit_json; package return data into an exception"""
|
|
|
|
if 'changed' not in kwargs:
|
|
|
|
kwargs['changed'] = False
|
|
|
|
raise AnsibleExitJson(kwargs)
|
|
|
|
|
|
|
|
|
|
|
|
def fail_json(*args, **kwargs):
|
|
|
|
"""function to patch over fail_json; package return data into an exception"""
|
|
|
|
kwargs['failed'] = True
|
|
|
|
raise AnsibleFailJson(kwargs)
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.fixture
|
|
|
|
def fetch_url_mock(mocker):
|
|
|
|
return mocker.patch('ansible.module_utils.gitlab.fetch_url')
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.fixture
|
|
|
|
def module_mock(mocker):
|
|
|
|
return mocker.patch.multiple(basic.AnsibleModule,
|
|
|
|
exit_json=exit_json,
|
|
|
|
fail_json=fail_json)
|
|
|
|
|
|
|
|
|
|
|
|
def test_access_token_output(capfd, fetch_url_mock, module_mock):
|
|
|
|
fetch_url_mock.return_value = [FakeReader(fake_server_state), {'status': 200}]
|
|
|
|
set_module_args({
|
|
|
|
'api_url': 'https://gitlab.example.com/api',
|
|
|
|
'access_token': 'test-access-token',
|
|
|
|
'project': '10',
|
|
|
|
'key': 'ssh-key foobar',
|
|
|
|
'title': 'a title',
|
|
|
|
'state': 'absent'
|
|
|
|
})
|
|
|
|
with pytest.raises(AnsibleExitJson) as result:
|
|
|
|
gitlab_deploy_key.main()
|
|
|
|
|
|
|
|
first_call = fetch_url_mock.call_args_list[0][1]
|
|
|
|
assert first_call['url'] == 'https://gitlab.example.com/api/v4/projects/10/deploy_keys'
|
|
|
|
assert first_call['headers']['Authorization'] == 'Bearer test-access-token'
|
|
|
|
assert 'Private-Token' not in first_call['headers']
|
|
|
|
assert first_call['method'] == 'GET'
|
|
|
|
|
|
|
|
|
|
|
|
def test_private_token_output(capfd, fetch_url_mock, module_mock):
|
|
|
|
fetch_url_mock.return_value = [FakeReader(fake_server_state), {'status': 200}]
|
|
|
|
set_module_args({
|
|
|
|
'api_url': 'https://gitlab.example.com/api',
|
|
|
|
'private_token': 'test-private-token',
|
|
|
|
'project': 'foo/bar',
|
|
|
|
'key': 'ssh-key foobar',
|
|
|
|
'title': 'a title',
|
|
|
|
'state': 'absent'
|
|
|
|
})
|
|
|
|
with pytest.raises(AnsibleExitJson) as result:
|
|
|
|
gitlab_deploy_key.main()
|
|
|
|
|
|
|
|
first_call = fetch_url_mock.call_args_list[0][1]
|
|
|
|
assert first_call['url'] == 'https://gitlab.example.com/api/v4/projects/foo%2Fbar/deploy_keys'
|
|
|
|
assert first_call['headers']['Private-Token'] == 'test-private-token'
|
|
|
|
assert 'Authorization' not in first_call['headers']
|
|
|
|
assert first_call['method'] == 'GET'
|
|
|
|
|
|
|
|
|
|
|
|
def test_bad_http_first_response(capfd, fetch_url_mock, module_mock):
|
|
|
|
fetch_url_mock.side_effect = [[FakeReader("Permission denied"), {'status': 403}], [FakeReader("Permission denied"), {'status': 403}]]
|
|
|
|
set_module_args({
|
|
|
|
'api_url': 'https://gitlab.example.com/api',
|
|
|
|
'access_token': 'test-access-token',
|
|
|
|
'project': '10',
|
|
|
|
'key': 'ssh-key foobar',
|
|
|
|
'title': 'a title',
|
|
|
|
'state': 'absent'
|
|
|
|
})
|
|
|
|
with pytest.raises(AnsibleFailJson):
|
|
|
|
gitlab_deploy_key.main()
|
|
|
|
|
|
|
|
|
|
|
|
def test_bad_http_second_response(capfd, fetch_url_mock, module_mock):
|
|
|
|
fetch_url_mock.side_effect = [[FakeReader(fake_server_state), {'status': 200}], [FakeReader("Permission denied"), {'status': 403}]]
|
|
|
|
set_module_args({
|
|
|
|
'api_url': 'https://gitlab.example.com/api',
|
|
|
|
'access_token': 'test-access-token',
|
|
|
|
'project': '10',
|
|
|
|
'key': 'ssh-key foobar',
|
|
|
|
'title': 'a title',
|
|
|
|
'state': 'present'
|
|
|
|
})
|
|
|
|
with pytest.raises(AnsibleFailJson):
|
|
|
|
gitlab_deploy_key.main()
|
|
|
|
|
|
|
|
|
|
|
|
def test_delete_non_existing(capfd, fetch_url_mock, module_mock):
|
|
|
|
fetch_url_mock.return_value = [FakeReader(fake_server_state), {'status': 200}]
|
|
|
|
set_module_args({
|
|
|
|
'api_url': 'https://gitlab.example.com/api',
|
|
|
|
'access_token': 'test-access-token',
|
|
|
|
'project': '10',
|
|
|
|
'key': 'ssh-key foobar',
|
|
|
|
'title': 'a title',
|
|
|
|
'state': 'absent'
|
|
|
|
})
|
|
|
|
with pytest.raises(AnsibleExitJson) as result:
|
|
|
|
gitlab_deploy_key.main()
|
|
|
|
|
|
|
|
assert result.value.args[0]['changed'] is False
|
|
|
|
|
|
|
|
|
|
|
|
def test_delete_existing(capfd, fetch_url_mock, module_mock):
|
|
|
|
fetch_url_mock.return_value = [FakeReader(fake_server_state), {'status': 200}]
|
|
|
|
set_module_args({
|
|
|
|
'api_url': 'https://gitlab.example.com/api',
|
|
|
|
'access_token': 'test-access-token',
|
|
|
|
'project': '10',
|
|
|
|
'key': 'ssh-rsa long/+base64//+string==',
|
|
|
|
'title': 'a title',
|
|
|
|
'state': 'absent'
|
|
|
|
})
|
|
|
|
with pytest.raises(AnsibleExitJson) as result:
|
|
|
|
gitlab_deploy_key.main()
|
|
|
|
|
|
|
|
second_call = fetch_url_mock.call_args_list[1][1]
|
|
|
|
|
|
|
|
assert second_call['url'] == 'https://gitlab.example.com/api/v4/projects/10/deploy_keys/1'
|
|
|
|
assert second_call['method'] == 'DELETE'
|
|
|
|
|
|
|
|
assert result.value.args[0]['changed'] is True
|
|
|
|
|
|
|
|
|
|
|
|
def test_add_new(capfd, fetch_url_mock, module_mock):
|
|
|
|
fetch_url_mock.return_value = [FakeReader(fake_server_state), {'status': 200}]
|
|
|
|
set_module_args({
|
|
|
|
'api_url': 'https://gitlab.example.com/api',
|
|
|
|
'access_token': 'test-access-token',
|
|
|
|
'project': '10',
|
|
|
|
'key': 'ssh-key foobar',
|
|
|
|
'title': 'a title',
|
|
|
|
'state': 'present'
|
|
|
|
})
|
|
|
|
with pytest.raises(AnsibleExitJson) as result:
|
|
|
|
gitlab_deploy_key.main()
|
|
|
|
|
|
|
|
second_call = fetch_url_mock.call_args_list[1][1]
|
|
|
|
|
|
|
|
assert second_call['url'] == 'https://gitlab.example.com/api/v4/projects/10/deploy_keys'
|
|
|
|
assert second_call['method'] == 'POST'
|
|
|
|
assert second_call['data'] == '{"can_push": false, "key": "ssh-key foobar", "title": "a title"}'
|
|
|
|
assert result.value.args[0]['changed'] is True
|
|
|
|
|
|
|
|
|
|
|
|
def test_update_existing(capfd, fetch_url_mock, module_mock):
|
|
|
|
fetch_url_mock.return_value = [FakeReader(fake_server_state), {'status': 200}]
|
|
|
|
set_module_args({
|
|
|
|
'api_url': 'https://gitlab.example.com/api',
|
|
|
|
'access_token': 'test-access-token',
|
|
|
|
'project': '10',
|
|
|
|
'title': 'Public key',
|
|
|
|
'key': 'ssh-rsa long/+base64//+string==',
|
|
|
|
'can_push': 'yes',
|
|
|
|
'state': 'present'
|
|
|
|
})
|
|
|
|
with pytest.raises(AnsibleExitJson) as result:
|
|
|
|
gitlab_deploy_key.main()
|
|
|
|
|
|
|
|
second_call = fetch_url_mock.call_args_list[1][1]
|
|
|
|
|
|
|
|
assert second_call['url'] == 'https://gitlab.example.com/api/v4/projects/10/deploy_keys/1'
|
|
|
|
assert second_call['method'] == 'PUT'
|
|
|
|
assert second_call['data'] == ('{"can_push": true, "key": "ssh-rsa long/+base64//+string==", "title": "Public key"}')
|
|
|
|
assert result.value.args[0]['changed'] is True
|
|
|
|
|
|
|
|
|
|
|
|
def test_unchanged_existing(capfd, fetch_url_mock, module_mock):
|
|
|
|
fetch_url_mock.return_value = [FakeReader(fake_server_state), {'status': 200}]
|
|
|
|
set_module_args({
|
|
|
|
'api_url': 'https://gitlab.example.com/api',
|
|
|
|
'access_token': 'test-access-token',
|
|
|
|
'project': '10',
|
|
|
|
'title': 'Public key',
|
|
|
|
'key': 'ssh-rsa long/+base64//+string==',
|
|
|
|
'can_push': 'no',
|
|
|
|
'state': 'present'
|
|
|
|
})
|
|
|
|
with pytest.raises(AnsibleExitJson) as result:
|
|
|
|
gitlab_deploy_key.main()
|
|
|
|
|
|
|
|
assert result.value.args[0]['changed'] is False
|
|
|
|
assert fetch_url_mock.call_count == 1
|