def test_encrypt_missing_file_no_secret(self, mock_setup_vault_secrets): mock_setup_vault_secrets.return_value = [] cli = VaultCLI(args=['ansible-vault', 'encrypt', '/dev/null/foo']) cli.parse() self.assertRaisesRegexp(errors.AnsibleOptionsError, "A vault password is required to use Ansible's Vault", cli.run)
def run_ansible_vault(command, files): vault_password_file = VAULT_PASSWORD_FILENAME if os.path.exists(VAULT_PLAIN_PASSWORD_FILENAME): vault_password_file = VAULT_PLAIN_PASSWORD_FILENAME args = ['ansible-vault', command, '--vault-password-file={}'.format(vault_password_file,)] + files cli = VaultCLI(args) cli.parse() return cli.run()
def test_encrypt_string_prompt(self, mock_display, mock_vault_editor, mock_setup_vault_secrets): mock_setup_vault_secrets.return_value = [('default', TextVaultSecret('password'))] cli = VaultCLI(args=['ansible-vault', 'encrypt_string', '--prompt', 'some string to encrypt']) cli.parse() cli.run()
def test_encrypt_string_stdin(self, mock_stdin_read, mock_vault_editor, mock_setup_vault_secrets): mock_setup_vault_secrets.return_value = [('default', TextVaultSecret('password'))] cli = VaultCLI(args=['ansible-vault', 'encrypt_string', '--stdin-name', 'the_var_from_stdin', '-']) cli.parse() cli.run()
def test_encrypt_string_more_args_than_names(self, mock_vault_editor, mock_setup_vault_secrets): mock_setup_vault_secrets.return_value = [('default', TextVaultSecret('password'))] cli = VaultCLI(args=['ansible-vault', 'encrypt_string', '--name', 'foo1', 'some string to encrypt', 'other strings', 'a few more string args']) cli.parse() cli.run()
def test_verbosity_arguments(cli_args, expected, tmp_path_factory, monkeypatch): # Add a password file so we don't get a prompt in the test test_dir = to_text(tmp_path_factory.mktemp('test-ansible-vault')) pass_file = os.path.join(test_dir, 'pass.txt') with open(pass_file, 'w') as pass_fd: pass_fd.write('password') cli_args.extend(['--vault-id', pass_file]) # Mock out the functions so we don't actually execute anything for func_name in [f for f in dir(VaultCLI) if f.startswith("execute_")]: monkeypatch.setattr(VaultCLI, func_name, MagicMock()) cli = VaultCLI(args=cli_args) cli.run() assert context.CLIARGS['verbosity'] == expected
def test_encrypt_string(self, mock_vault_editor, mock_setup_vault_secrets): mock_setup_vault_secrets.return_value = [('default', TextVaultSecret('password'))] cli = VaultCLI( args=['ansible-vault', 'encrypt_string', 'some string to encrypt']) cli.parse() cli.run()
def test_shadowed_encrypt_string_prompt(self, mock_display, mock_vault_editor, mock_setup_vault_secrets): mock_setup_vault_secrets.return_value = [('default', TextVaultSecret('password'))] cli = VaultCLI(args=['ansible-vault', 'encrypt_string', '--prompt', 'some string to encrypt']) cli.parse() cli.run() args, kwargs = mock_display.call_args assert kwargs["private"]
def run_module(): module_args = dict( src=dict(type='str'), dest=dict(type='str'), password_file=dict(type='str', no_log=True), vartree=dict(type='dict', required=True), length=dict(type='int', required=False, default=20), ) result = dict(changed=False, ) module = AnsibleModule(argument_spec=module_args, supports_check_mode=True) if module.params['password_file']: # check if password file exists if not os.path.exists(module.params['password_file']): create_password_file(module.params['password_file']) result['changed'] = True # setup vault loader = DataLoader() if module.params['password_file']: vault_secret = CLI.setup_vault_secrets( loader=loader, vault_ids=C.DEFAULT_VAULT_IDENTITY_LIST, vault_password_files=[module.params['password_file']]) else: vault_secret = CLI.setup_vault_secrets( loader=loader, vault_ids=C.DEFAULT_VAULT_IDENTITY_LIST) vault = VaultLib(vault_secret) vault_cli = VaultCLI(dict()) # read input file if module.params['src']: print(module.params['src']) with open(module.params['src'], 'r') as stream: try: input = yaml.safe_load(stream) except yaml.YAMLError as exc: print("YAML is broken.") print(exc) else: input = module.params['vartree'] walk_input(vault, vault_cli, input, module.params) yaml_out = yaml.dump(input, default_flow_style=False) # # setup vault # loader = DataLoader() # vault_secret = CLI.setup_vault_secrets( # loader=loader, # vault_ids=C.DEFAULT_VAULT_IDENTITY_LIST # ) # vault = VaultLib(vault_secret) # encrypt it # vault_out=vault.encrypt(yaml_out) # write to file ansible_facts_val = dict(vault_secrets=module.params['vartree'], ) response = { "NAME": module.params['vartree'], # "FILE": yaml_out, # "VAULT": vault_out, # "LENGTH": module.params['length'], # module.params['vartree'], } module.exit_json(changed=result['changed'], ansible_facts=ansible_facts_val, vartree=module.params['vartree'])
def test_parse_view_file(self): cli = VaultCLI(args=['ansible-vault', 'view', '/dev/null/foo']) cli.parse()
def test_parse_empty(self): cli = VaultCLI(['vaultcli']) self.assertRaises(SystemExit, cli.parse)
def test_encrypt(self, mock_vault_editor, mock_setup_vault_secrets): mock_setup_vault_secrets.return_value = [('default', TextVaultSecret('password'))] cli = VaultCLI(args=['ansible-vault', 'encrypt', '/dev/null/foo']) cli.parse() cli.run()
def test_parse_empty(self): cli = VaultCLI([]) self.assertRaisesRegexp(errors.AnsibleOptionsError, '.*Missing required action.*', cli.parse)
def test_view_missing_file_no_secret(self): cli = VaultCLI(args=['ansible-vault', 'view', '/dev/null/foo']) cli.parse() self.assertRaisesRegexp(errors.AnsibleOptionsError, "A vault password is required to use Ansible's Vault", cli.run)