def test_encrypt_missing_file_no_secret(self, mock_setup_vault_secrets):
mock_setup_vault_secrets.return_value = []
cli = VaultCLI(args=['ansible-vault', 'encrypt', '/dev/null/foo'])
cli.parse()
self.assertRaisesRegexp(errors.AnsibleOptionsError,
"A vault password is required to use Ansible's Vault",
cli.run)
def test_encrypt_missing_file_no_secret(self, mock_setup_vault_secrets):
mock_setup_vault_secrets.return_value = []
cli = VaultCLI(args=['ansible-vault', 'encrypt', '/dev/null/foo'])
cli.parse()
self.assertRaisesRegexp(errors.AnsibleOptionsError,
"A vault password is required to use Ansible's Vault",
cli.run)
def run_ansible_vault(command, files):
vault_password_file = VAULT_PASSWORD_FILENAME
if os.path.exists(VAULT_PLAIN_PASSWORD_FILENAME):
vault_password_file = VAULT_PLAIN_PASSWORD_FILENAME
args = ['ansible-vault', command, '--vault-password-file={}'.format(vault_password_file,)] + files
cli = VaultCLI(args)
cli.parse()
return cli.run()
def test_encrypt_string_prompt(self, mock_display, mock_vault_editor, mock_setup_vault_secrets):
mock_setup_vault_secrets.return_value = [('default', TextVaultSecret('password'))]
cli = VaultCLI(args=['ansible-vault',
'encrypt_string',
'--prompt',
'some string to encrypt'])
cli.parse()
cli.run()
def test_encrypt_string_stdin(self, mock_stdin_read, mock_vault_editor, mock_setup_vault_secrets):
mock_setup_vault_secrets.return_value = [('default', TextVaultSecret('password'))]
cli = VaultCLI(args=['ansible-vault',
'encrypt_string',
'--stdin-name',
'the_var_from_stdin',
'-'])
cli.parse()
cli.run()
def test_encrypt_string_more_args_than_names(self, mock_vault_editor, mock_setup_vault_secrets):
mock_setup_vault_secrets.return_value = [('default', TextVaultSecret('password'))]
cli = VaultCLI(args=['ansible-vault', 'encrypt_string',
'--name', 'foo1',
'some string to encrypt',
'other strings',
'a few more string args'])
cli.parse()
cli.run()
def test_verbosity_arguments(cli_args, expected, tmp_path_factory, monkeypatch):
# Add a password file so we don't get a prompt in the test
test_dir = to_text(tmp_path_factory.mktemp('test-ansible-vault'))
pass_file = os.path.join(test_dir, 'pass.txt')
with open(pass_file, 'w') as pass_fd:
pass_fd.write('password')
cli_args.extend(['--vault-id', pass_file])
# Mock out the functions so we don't actually execute anything
for func_name in [f for f in dir(VaultCLI) if f.startswith("execute_")]:
monkeypatch.setattr(VaultCLI, func_name, MagicMock())
cli = VaultCLI(args=cli_args)
cli.run()
assert context.CLIARGS['verbosity'] == expected
def test_encrypt_string(self, mock_vault_editor, mock_setup_vault_secrets):
mock_setup_vault_secrets.return_value = [('default',
TextVaultSecret('password'))]
cli = VaultCLI(
args=['ansible-vault', 'encrypt_string', 'some string to encrypt'])
cli.parse()
cli.run()
def test_encrypt_string_more_args_than_names(self, mock_vault_editor, mock_setup_vault_secrets):
mock_setup_vault_secrets.return_value = [('default', TextVaultSecret('password'))]
cli = VaultCLI(args=['ansible-vault', 'encrypt_string',
'--name', 'foo1',
'some string to encrypt',
'other strings',
'a few more string args'])
cli.parse()
cli.run()
def test_encrypt_string_stdin(self, mock_stdin_read, mock_vault_editor, mock_setup_vault_secrets):
mock_setup_vault_secrets.return_value = [('default', TextVaultSecret('password'))]
cli = VaultCLI(args=['ansible-vault',
'encrypt_string',
'--stdin-name',
'the_var_from_stdin',
'-'])
cli.parse()
cli.run()
def test_shadowed_encrypt_string_prompt(self, mock_display, mock_vault_editor, mock_setup_vault_secrets):
mock_setup_vault_secrets.return_value = [('default', TextVaultSecret('password'))]
cli = VaultCLI(args=['ansible-vault',
'encrypt_string',
'--prompt',
'some string to encrypt'])
cli.parse()
cli.run()
args, kwargs = mock_display.call_args
assert kwargs["private"]
def run_module():
module_args = dict(
src=dict(type='str'),
dest=dict(type='str'),
password_file=dict(type='str', no_log=True),
vartree=dict(type='dict', required=True),
length=dict(type='int', required=False, default=20),
)
result = dict(changed=False, )
module = AnsibleModule(argument_spec=module_args, supports_check_mode=True)
if module.params['password_file']:
# check if password file exists
if not os.path.exists(module.params['password_file']):
create_password_file(module.params['password_file'])
result['changed'] = True
# setup vault
loader = DataLoader()
if module.params['password_file']:
vault_secret = CLI.setup_vault_secrets(
loader=loader,
vault_ids=C.DEFAULT_VAULT_IDENTITY_LIST,
vault_password_files=[module.params['password_file']])
else:
vault_secret = CLI.setup_vault_secrets(
loader=loader, vault_ids=C.DEFAULT_VAULT_IDENTITY_LIST)
vault = VaultLib(vault_secret)
vault_cli = VaultCLI(dict())
# read input file
if module.params['src']:
print(module.params['src'])
with open(module.params['src'], 'r') as stream:
try:
input = yaml.safe_load(stream)
except yaml.YAMLError as exc:
print("YAML is broken.")
print(exc)
else:
input = module.params['vartree']
walk_input(vault, vault_cli, input, module.params)
yaml_out = yaml.dump(input, default_flow_style=False)
# # setup vault
# loader = DataLoader()
# vault_secret = CLI.setup_vault_secrets(
# loader=loader,
# vault_ids=C.DEFAULT_VAULT_IDENTITY_LIST
# )
# vault = VaultLib(vault_secret)
# encrypt it
# vault_out=vault.encrypt(yaml_out)
# write to file
ansible_facts_val = dict(vault_secrets=module.params['vartree'], )
response = {
"NAME": module.params['vartree'],
# "FILE": yaml_out,
# "VAULT": vault_out,
# "LENGTH": module.params['length'],
# module.params['vartree'],
}
module.exit_json(changed=result['changed'],
ansible_facts=ansible_facts_val,
vartree=module.params['vartree'])
def test_parse_view_file(self):
cli = VaultCLI(args=['ansible-vault', 'view', '/dev/null/foo'])
cli.parse()
def test_parse_empty(self):
cli = VaultCLI(['vaultcli'])
self.assertRaises(SystemExit,
cli.parse)
def test_encrypt(self, mock_vault_editor, mock_setup_vault_secrets):
mock_setup_vault_secrets.return_value = [('default', TextVaultSecret('password'))]
cli = VaultCLI(args=['ansible-vault', 'encrypt', '/dev/null/foo'])
cli.parse()
cli.run()
def test_encrypt(self, mock_vault_editor, mock_setup_vault_secrets):
mock_setup_vault_secrets.return_value = [('default', TextVaultSecret('password'))]
cli = VaultCLI(args=['ansible-vault', 'encrypt', '/dev/null/foo'])
cli.parse()
cli.run()
def test_parse_view_file(self):
cli = VaultCLI(args=['ansible-vault', 'view', '/dev/null/foo'])
cli.parse()
def test_parse_empty(self):
cli = VaultCLI([])
self.assertRaisesRegexp(errors.AnsibleOptionsError,
'.*Missing required action.*',
cli.parse)
def test_view_missing_file_no_secret(self):
cli = VaultCLI(args=['ansible-vault', 'view', '/dev/null/foo'])
cli.parse()
self.assertRaisesRegexp(errors.AnsibleOptionsError,
"A vault password is required to use Ansible's Vault",
cli.run)
