diff options
author | Adrian Likins <alikins@redhat.com> | 2017-08-15 13:09:24 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-08-15 13:09:24 -0400 |
commit | 8003437ebca1ec2e9c2d79f868eb411c41944ecb (patch) | |
tree | 79bfcee1fe56b299db5e0c1f13be38253e577aae /test/units/cli/test_cli.py | |
parent | 09cc84c7965fd71f489dfd477010c5a55df57531 (diff) | |
download | ansible-8003437ebca1ec2e9c2d79f868eb411c41944ecb.tar.gz |
prompt for new pass on create/encrypt if none specified (#28185)
* prompt for new pass on create/encrypt if none specified
Make 'ansible-vault' edit or encrypt prompt for a password
if none or provided elsewhere.
Note: ansible-playbook does not prompt if not vault password
is provided
* dont show vault password prompts if not a tty
Diffstat (limited to 'test/units/cli/test_cli.py')
-rw-r--r-- | test/units/cli/test_cli.py | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/test/units/cli/test_cli.py b/test/units/cli/test_cli.py index db2fae0dfb..39ae28c871 100644 --- a/test/units/cli/test_cli.py +++ b/test/units/cli/test_cli.py @@ -45,9 +45,51 @@ class TestCliVersion(unittest.TestCase): self.assertIn('python version', version_info['string']) +class TestCliBuildVaultIds(unittest.TestCase): + def test(self): + res = cli.CLI.build_vault_ids(['foo@bar']) + self.assertEqual(res, ['foo@bar']) + + def test_create_new_password_no_vault_id(self): + res = cli.CLI.build_vault_ids([], create_new_password=True) + self.assertEqual(res, ['default@prompt_ask_vault_pass']) + + def test_create_new_password_no_vault_id_ask_vault_pass(self): + res = cli.CLI.build_vault_ids([], ask_vault_pass=True, + create_new_password=True) + self.assertEqual(res, ['default@prompt_ask_vault_pass']) + + def test_create_new_password_with_vault_ids(self): + res = cli.CLI.build_vault_ids(['foo@bar'], create_new_password=True) + self.assertEqual(res, ['foo@bar']) + + def test_create_new_password_no_vault_ids_password_files(self): + res = cli.CLI.build_vault_ids([], vault_password_files=['some-password-file'], + create_new_password=True) + self.assertEqual(res, ['default@some-password-file']) + + def test_everything(self): + res = cli.CLI.build_vault_ids(['blip@prompt', 'baz@prompt_ask_vault_pass', + 'some-password-file', 'qux@another-password-file'], + vault_password_files=['yet-another-password-file', + 'one-more-password-file'], + ask_vault_pass=True, + create_new_password=True) + self.assertEqual(set(res), set(['blip@prompt', 'baz@prompt_ask_vault_pass', + 'default@prompt_ask_vault_pass', + 'some-password-file', 'qux@another-password-file', + 'default@yet-another-password-file', + 'default@one-more-password-file'])) + + class TestCliSetupVaultSecrets(unittest.TestCase): def setUp(self): self.fake_loader = DictDataLoader({}) + self.tty_patcher = patch('ansible.cli.sys.stdin.isatty', return_value=True) + self.mock_isatty = self.tty_patcher.start() + + def tearDown(self): + self.tty_patcher.stop() def test(self): res = cli.CLI.setup_vault_secrets(None, None) @@ -83,6 +125,43 @@ class TestCliSetupVaultSecrets(unittest.TestCase): match = matches[0][1] self.assertEqual(match.bytes, b'prompt1_password') + @patch('ansible.cli.PromptVaultSecret') + def test_prompt_no_tty(self, mock_prompt_secret): + self.mock_isatty.return_value = False + mock_prompt_secret.return_value = MagicMock(bytes=b'prompt1_password', + vault_id='prompt1') + res = cli.CLI.setup_vault_secrets(loader=self.fake_loader, + vault_ids=['prompt1@prompt'], + ask_vault_pass=True) + + print('res: %s' % res) + self.assertIsInstance(res, list) + self.assertEqual(len(res), 0) + matches = vault.match_secrets(res, ['prompt1']) + self.assertEquals(len(matches), 0) + + @patch('ansible.cli.get_file_vault_secret') + @patch('ansible.cli.PromptVaultSecret') + def test_prompt_no_tty_and_password_file(self, mock_prompt_secret, mock_file_secret): + self.mock_isatty.return_value = False + mock_prompt_secret.return_value = MagicMock(bytes=b'prompt1_password', + vault_id='prompt1') + filename = '/dev/null/secret' + mock_file_secret.return_value = MagicMock(bytes=b'file1_password', + vault_id='file1', + filename=filename) + + res = cli.CLI.setup_vault_secrets(loader=self.fake_loader, + vault_ids=['prompt1@prompt', 'file1@/dev/null/secret'], + ask_vault_pass=True) + + self.assertIsInstance(res, list) + matches = vault.match_secrets(res, ['file1']) + self.assertIn('file1', [x[0] for x in matches]) + self.assertNotIn('prompt1', [x[0] for x in matches]) + match = matches[0][1] + self.assertEqual(match.bytes, b'file1_password') + def _assert_ids(self, vault_id_names, res, password=b'prompt1_password'): self.assertIsInstance(res, list) len_ids = len(vault_id_names) |