Commit Graph

20 Commits (8d059c93a46f21aeea34d967af8e0f326b691b4a)

Author SHA1 Message Date
Matt Clay a0495fc314
Update triple single quotes to triple double quotes (#84099)
* Update triple single quotes to triple double quotes

This change was fully automated.

The updated Python files have been verified to tokenize the same as the originals, except for the expected change in quoting of strings, which were verified through literal_eval.

* Manual conversion of docstring quotes
2 months ago
tobixx 3b823d908e
Enable file cache for vaulted host_vars_files vars plugin (#81995)
Enable file cache for vaulted host_vars_files vars plugin

* fixes #81994
* Changed cache arg from bool to str to allow 'vaulted' only file cache
* removed unused used var
---------
Co-authored-by: Steffen Oschatz <so@ypsilon.net>
9 months ago
Matt Clay 18e8401edd
Remove Python 2.x compat from unit tests (#82109) 1 year ago
Matt Clay 9f899f9492
Require `from __future__ import annotations` (#81902) 1 year ago
Matt Clay 82b5544b09
Improve code coverage of unit tests (#81119)
- Remove unused code
- Remove unnecessary code
- Ignore coverage for unreachable code
- Use previously unused code to increase coverage
1 year ago
Jordan Borean 8db9bd7574
Remove deprecated include (#80752)
* Remove deprecated include

* Add tombstone entry for include

* Use string for date

* Use todays date

* Remove uneeded if statement
2 years ago
Matt Clay 2cd1744be3
Use ansible.module_utils.common.text.converters (#80704)
Replace use of old `ansible.module_utils._text` and add a unit test to maintain backwards compatibility.
2 years ago
Matt Clay 3a9a23fb1a
Use unittest.mock instead of mock. (#77883)
This can only be done for controller tests.
3 years ago
Matt Clay 1a5853d794
Remove obsolete units.compat.mock compat layer. (#77118)
* Remove obsolete units.compat.mock compat layer.
* Update remaining units.compat.mock references.
3 years ago
Matt Clay 97104f1221
Avoid deprecated TestCase functions in unit tests. (#76678)
* Avoid deprecated TestCase functions in unit tests.
* Add assertRaisesRegex for Python 2.7.
* Fix indentation.
3 years ago
Mads Jensen 0f491c0289 Replace TestCase.assertEquals with TestCase.assertEqual. 5 years ago
Mads Jensen c5d61953b1 Remove empty setUp/tearDown/tearDownClass methods in test classes. 5 years ago
Abhijeet Kasurde 2a2e9c4ea2 dataloader: unit tests (#50942)
* dataloader: unit tests

Based on work from Alikins (https://github.com/ansible/ansible/pull/16500)

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>

* review comments

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
6 years ago
Matt Clay 3033fd96b0
Move unit test compat code out of `lib/ansible/`. (#46996)
* Move ansible.compat.tests to test/units/compat/.
* Fix unit test references to ansible.compat.tests.
* Move builtins compat to separate file.
* Fix classification of test/units/compat/ dir.
6 years ago
Miguel Ángel Ajo 8e4f112b39 Fixes #23680 bug with py3.x due to binary string handling (#23688)
* This commit includes a unit test to exercise the _is_role
function and make sure it doesn't break in any Python version.
* Import os.path and other minor fixups
7 years ago
Adrian Likins 934b645191 Support multiple vault passwords (#22756)
Fixes #13243

** Add --vault-id to name/identify multiple vault passwords

Use --vault-id to indicate id and path/type

 --vault-id=prompt  # prompt for default vault id password
 --vault-id=myorg@prompt  # prompt for a vault_id named 'myorg'
 --vault-id=a_password_file  # load ./a_password_file for default id
 --vault-id=myorg@a_password_file # load file for 'myorg' vault id

vault_id's are created implicitly for existing --vault-password-file
and --ask-vault-pass options.

Vault ids are just for UX purposes and bookkeeping. Only the vault
payload and the password bytestring is needed to decrypt a
vault blob.

Replace passing password around everywhere with
a VaultSecrets object.

If we specify a vault_id, mention that in password prompts

Specifying multiple -vault-password-files will
now try each until one works

** Rev vault format in a backwards compatible way

The 1.2 vault format adds the vault_id to the header line
of the vault text. This is backwards compatible with older
versions of ansible. Old versions will just ignore it and
treat it as the default (and only) vault id.

Note: only 2.4+ supports multiple vault passwords, so while
earlier ansible versions can read the vault-1.2 format, it
does not make them magically support multiple vault passwords.

use 1.1 format for 'default' vault_id

Vaulted items that need to include a vault_id will be
written in 1.2 format.

If we set a new DEFAULT_VAULT_IDENTITY, then the default will
use version 1.2

vault will only use a vault_id if one is specified. So if none
is specified and C.DEFAULT_VAULT_IDENTITY is 'default'
we use the old format.

** Changes/refactors needed to implement multiple vault passwords

raise exceptions on decrypt fail, check vault id early

split out parsing the vault plaintext envelope (with the
sha/original plaintext) to _split_plaintext_envelope()

some cli fixups for specifying multiple paths in
the unfrack_paths optparse callback

fix py3 dict.keys() 'dict_keys object is not indexable' error

pluralize cli.options.vault_password_file -> vault_password_files
pluralize cli.options.new_vault_password_file -> new_vault_password_files
pluralize cli.options.vault_id -> cli.options.vault_ids

** Add a config option (vault_id_match) to force vault id matching.

With 'vault_id_match=True' and an ansible
vault that provides a vault_id, then decryption will require
that a matching vault_id is required. (via
--vault-id=my_vault_id@password_file, for ex).

In other words, if the config option is true, then only
the vault secrets with matching vault ids are candidates for
decrypting a vault. If option is false (the default), then
all of the provided vault secrets will be selected.

If a user doesn't want all vault secrets to be tried to
decrypt any vault content, they can enable this option.

Note: The vault id used for the match is not encrypted or
cryptographically signed. It is just a label/id/nickname used
for referencing a specific vault secret.
7 years ago
Pilou 556a1daa33 fix searched paths in DataLoader.path_dwim_relative (avoid AnsibleFileNotFound) (#26729)
* add unit test: nested dynamic includes

* nested dynamic includes: avoid AnsibleFileNotFound error

Error was:
Unable to retrieve file contents
Could not find or access 'include2.yml'

Before 8f758204cf, at the end of
'path_dwim_relative' method, the 'search' variable contained amongst
others paths:
'/tmp/roles/testrole/tasks/tasks/included.yml' and
'/tmp/roles/testrole/tasks/included.yml'.
The commit mentioned before removed the last one despite the method
docstrings specify 'with or without explicitly named dirname subdirs'.

* add integration test: nested includes
7 years ago
Dag Wieers 4efec414e7 test/: PEP8 compliancy (#24803)
* test/: PEP8 compliancy

- Make PEP8 compliant

* Python3 chokes on casting int to bytes (#24952)

But if we tell the formatter that the var is a number, it works
8 years ago
Toshio Kuratomi 2fff690caa Update module_utils.six to latest (#22855)
* Update module_utils.six to latest

We've been held back on the version of six we could use on the module
side to 1.4.x because of python-2.4 compatibility.  Now that our minimum
is Python-2.6, we can update to the latest version of six in
module_utils and get rid of the second copy in lib/ansible/compat.
8 years ago
Matt Clay ac8842eee8 Fix unit test dirs to match code under test. 8 years ago