Commit Graph

82 Commits (875131982064fb898bc695fd2fa4456a3d402cd8)

Author SHA1 Message Date
Toshio Kuratomi e70066a6f7 Many Cleanups to vault
* Make is_encrypted_file handle both files opened in text and binary mode
  On python3, by default files are opened in text mode.  Since we know
  the encoding of vault files (and especially the header which is the
  first set of bytes) we can decide whether the file is an encrypted
  vault file in either case.
* Fix is_encrypted_file not resetting the file position
* Update is_encrypted_file to check that all the data in the file is ascii
* For is_encrypted_file(), add start_pos and count parameters
  This allows callers to specify reading vaulttext from the middle of
  a file if necessary.
* Combine VaultLib.encrypt() and VaultLib.encrypt_bytestring()
* Change vault's is_encrypted() to take either text or byte strings and to return False if any part of the data is non-ascii.
* Remove unnecessary use of six.b
* Vault Cipher: mark a few methods as private.
* VaultAES256._is_equal throws a TypeError if given non byte strings
* Make VaultAES256 methods that don't need self staticmethods and classmethods
* Mark VaultAES and is_encrypted as deprecated
* Get rid of VaultFile (unused and feature implemented in a different way)
* Normalize variable and parameter names on plaintext, ciphertext, vaulttext
* Normalize variable and parameter names on "b_" prefix when dealing with bytes
* Test changes:
  * Remove redundant tests( both checking the same byte string)
  * Fix use of format string without format operator
  * Enable vault editor tests on python3
  * Initialize the vault_cipher for VaultAES256 testing in setUp()
  * Make assertTrue and assertFalse take the actual method calls for
    better error messages.
  * Test that non-ascii byte strings compare correctly.
  * Test that unicode strings and ints raise TypeError

* Test-specific:
  * Removed test_methods_exist().  We only have one VaultLib so the
    implementation is the assurance that the methods exist. (Can use an abc for
    this if it changes).
  * Add tests for both byte string and text string input where the API takes either.
  * Convert "assert" to unittest assert functions or add a custom message where
    that will make failures easier to debug.
  * Move instantiating the VaultLib into setUp().
8 years ago
Toshio Kuratomi 4ed88512e4 Move uses of to_bytes, to_text, to_native to use the module_utils version (#17423)
We couldn't copy to_unicode, to_bytes, to_str into module_utils because
of licensing.  So once created it we had two sets of functions that did
the same things but had different implementations.  To remedy that, this
change removes the ansible.utils.unicode versions of those functions.
8 years ago
Toshio Kuratomi 44d979c8f5 Enable most unittests on python3 (just some vault unittests and a logging one left) (#17240)
Make some python3 fixes to make the unittests pass:

* galaxy imports
* dictionary iteration in role requirements
* swap_stdout helper for unittests
* Normalize to text string in a facts.py function
8 years ago
Adrian Likins e396d5d508 Implement vault encrypted yaml variables. (#16274)
Make !vault-encrypted create a AnsibleVaultUnicode
yaml object that can be used as a regular string object.

This allows a playbook to include a encrypted vault
blob for the value of a yaml variable. A 'secret_password'
variable can have it's value encrypted instead of having
to vault encrypt an entire vars file.

Add __ENCRYPTED__ to the vault yaml types so
template.Template can treat it similar
to __UNSAFE__ flags.

vault.VaultLib api changes:
    - Split VaultLib.encrypt to encrypt and encrypt_bytestring

    - VaultLib.encrypt() previously accepted the plaintext data
      as either a byte string or a unicode string.
      Doing the right thing based on the input type would fail
      on py3 if given a arg of type 'bytes'. To simplify the
      API, vaultlib.encrypt() now assumes input plaintext is a
      py2 unicode or py3 str. It will encode to utf-8 then call
      the new encrypt_bytestring(). The new methods are less
      ambiguous.

    - moved VaultLib.is_encrypted logic to vault module scope
      and split to is_encrypted() and is_encrypted_file().

Add a test/unit/mock/yaml_helper.py
It has some helpers for testing parsing/yaml

Integration tests added as roles test_vault and test_vault_embedded
8 years ago
James Cammarata 5fdac707fd New unit tests for #13630 fix 9 years ago
James Cammarata c56e3aabfb Clean up jsonify unit test with format to remove json lib differences 9 years ago
James Cammarata 7c049c3200 Fixing up jsonify and adding unit tests 9 years ago
Toshio Kuratomi 7cb29cdbec Workaround py2.6's StringIO 9 years ago
Toshio Kuratomi b70bf3b056 Use io.StringIO and io.BytesIO instead of StringIO.StringIO for compat with py3 9 years ago
Brian Coca 75e94e0cba allow for non standard hostnames
* Changed parse_addresses to throw exceptions instead of passing None
* Switched callers to trap and pass through the original values.
* Added very verbose notice
* Look at deprecating this and possibly validate at plugin instead
fixes #13608
9 years ago
Toshio Kuratomi 4203850d1a Break apart a looped dependency to show a warning when parsing playbooks
Display a warning when a dict key is overwritten by pyyaml
Fixes #12888
9 years ago
James Cammarata 86de1429e5 Cleaning up FIXMEs 9 years ago
Marius Gedminas ec3ada1cda Fix test on Python 3: vault code expects bytes
(All tests now succeed on Python 3.5)
9 years ago
Marius Gedminas 5c70f932bd Fix test on Python 3: vault code expects bytes
(Third failing test out of four.)
9 years ago
Marius Gedminas a1d95536f9 Fix test on Python 3: vault code expects bytes
(Different test than the last commit.)
9 years ago
Marius Gedminas f58f0c62e1 Fix test on Python 3: vault code expects bytes 9 years ago
Brian Coca abf2e13955 Revert "Track local_action internally to prevent it from being overridden"
This reverts commit 49ca0eb797.
9 years ago
Abhijit Menon-Sen 838e71edb7 Add more exhaustive tests for various IPv6 address notations 9 years ago
Abhijit Menon-Sen 2d420a9bb7 Allow hexadecimal ranges in IPv6 addresses, not only 0-9 9 years ago
James Cammarata 49ca0eb797 Track local_action internally to prevent it from being overridden
Fixes #12053
9 years ago
Abhijit Menon-Sen 7479ab47e0 Be stricter about parsing hostname labels
Labels must start with an alphanumeric character, may contain
alphanumeric characters or hyphens, but must not end with a hyphen.
We enforce those rules, but allow underscores wherever hyphens are
accepted, and allow alphanumeric ranges anywhere.

We relax the definition of "alphanumeric" to include Unicode characters
even though such inventory hostnames cannot be used in practice unless
an ansible_ssh_host is set for each of them.

We still don't enforce length restrictions—the fact that we have to
accept ranges makes it more complex, and it doesn't seem especially
worthwhile.
9 years ago
Abhijit Menon-Sen 065bb52109 Be systematic about parsing and validating hostnames and addresses
This adds a parse_address(pattern) utility function that returns
(host,port), and uses it wherever where we accept IPv4 and IPv6
addresses and hostnames (or host patterns): the inventory parser
the the add_host action plugin.

It also introduces a more extensive set of unit tests that supersedes
the old add_host unit tests (which didn't actually test add_host, but
only the parsing function).
9 years ago
Toshio Kuratomi c1039de70c Compatibility with six-1.3.0 9 years ago
James Cammarata ff9f5d7dc8 Starting to add additional unit tests for VariableManager
Required some rewiring in inventory code to make sure we're using
the DataLoader class for some data file operations, which makes mocking
them much easier.

Also identified two corner cases not currently handled by the code, related
to inventory variable sources and which one "wins". Also noticed we weren't
properly merging variables from multiple group/host_var file locations
(inventory directory vs. playbook directory locations) so fixed as well.
9 years ago
Abhijit Menon-Sen 4f3a98eff6 Update Vault tests to make sure AES decryption works
Note that this test was broken in devel because it was really just
duplicating the AES256 test because setting v.cipher_name to 'AES'
no longer selected AES after it was de-write-whitelisted.

Now that we've removed the VaultAES encryption code, we embed static
output from an earlier version and test that we can decrypt it.
9 years ago
Abhijit Menon-Sen b84053019a Make the filename the first argument to rekey_file 9 years ago
Abhijit Menon-Sen c4b2540ecc Update tests for VaultEditor API changes 9 years ago
Toshio Kuratomi a3fd4817ef Unicode and other fixes for vault 9 years ago
Brian Coca 69f380da3a changed mod_args test to match connection 9 years ago
Toshio Kuratomi f44f9569e1 Test unquote works as expected and fix two bugs:
* escaped end quote
* a single quote character
9 years ago
Matt Martz 2cd3a1be00 assertRaises should be given an exception type. Fixes 11441 9 years ago
James Cammarata ce3ef7f4c1 Making the switch to v2 10 years ago