diff options
author | Gaudenz Steinlin <gaudenz@users.noreply.github.com> | 2022-11-29 16:26:30 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-11-29 16:26:30 +0100 |
commit | c33a782a9c1e6d1e6b900c0eed642dfd3defac1c (patch) | |
tree | 5825886dc8fbaa0cc0ddf34c16bfc7b320a0c14e /test/units | |
parent | 3936b5c471068d86c3e51a454a1de2f0d2942845 (diff) | |
download | ansible-c33a782a9c1e6d1e6b900c0eed642dfd3defac1c.tar.gz |
Fix password lookup rewrites file when using encrypt (#79431)
* Remove unused mock from test_password_already_created_encrypt
The _get_paths mock is never used in the
test_password_already_created_encrypt test case.
* Add test to assert the password file is not rewritten
If the password file already contains the salt and the hasing algorithm
does not use the ident parameter, the password lookup should not write
to the password file.
* Fix "changed" if using "encrypt" in password lookup
When using the "encrypt" parameter to the password lookup without the
ident parameter, the password file was always marked as "changed". This
caused the file to be rewritten with the same content. This is fixed by
only marking the file as changed, if an "ident" value needs to be added
to the file.
Fixes #79430.
Add changelog entry
Diffstat (limited to 'test/units')
-rw-r--r-- | test/units/plugins/lookup/test_password.py | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/test/units/plugins/lookup/test_password.py b/test/units/plugins/lookup/test_password.py index 15207b2f39..39aa8b9a7b 100644 --- a/test/units/plugins/lookup/test_password.py +++ b/test/units/plugins/lookup/test_password.py @@ -520,10 +520,8 @@ class TestLookupModuleWithPasslib(BaseTestLookupModule): self.assertEqual(int(str_parts[2]), crypt_parts['rounds']) self.assertIsInstance(result, text_type) - @patch.object(PluginLoader, '_get_paths') @patch('ansible.plugins.lookup.password._write_password_file') - def test_password_already_created_encrypt(self, mock_get_paths, mock_write_file): - mock_get_paths.return_value = ['/path/one', '/path/two', '/path/three'] + def test_password_already_created_encrypt(self, mock_write_file): password.os.path.exists = lambda x: x == to_bytes('/path/to/somewhere') with patch.object(builtins, 'open', mock_open(read_data=b'hunter42 salt=87654321\n')) as m: @@ -531,6 +529,9 @@ class TestLookupModuleWithPasslib(BaseTestLookupModule): for result in results: self.assertEqual(result, u'$pbkdf2-sha256$20000$ODc2NTQzMjE$Uikde0cv0BKaRaAXMrUQB.zvG4GmnjClwjghwIRf2gU') + # Assert the password file is not rewritten + mock_write_file.assert_not_called() + @pytest.mark.skipif(passlib is None, reason='passlib must be installed to run these tests') class TestLookupModuleWithPasslibWrappedAlgo(BaseTestLookupModule): |