diff options
| author | Adrian Likins <alikins@redhat.com> | 2017-08-15 17:56:17 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-08-15 17:56:17 +0200 |
| commit | 5739bb075f7bcb0d9b360b0de8f37be721f762e0 (patch) | |
| tree | 1d5bf734409bf714b10c9bbe7533dda227ff8f4b /test/units/cli | |
| parent | Support list for baseurl and gpgkey params in yum_repository (fixes #24948) (... (diff) | |
| download | ansible-5739bb075f7bcb0d9b360b0de8f37be721f762e0.tar.xz ansible-5739bb075f7bcb0d9b360b0de8f37be721f762e0.zip | |
Vault secrets default vault ids list (#28190)
* Add config option for a default list of vault-ids
This is the vault-id equilivent of ANSIBLE_DEFAULT_PASSWORD_FILE
except ANSIBLE_DEFAULT_VAULT_IDENTITY_LIST is a list.
Diffstat (limited to 'test/units/cli')
| -rw-r--r-- | test/units/cli/test_cli.py | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/test/units/cli/test_cli.py b/test/units/cli/test_cli.py index 706eea08b0..db2fae0dfb 100644 --- a/test/units/cli/test_cli.py +++ b/test/units/cli/test_cli.py @@ -121,7 +121,7 @@ class TestCliSetupVaultSecrets(unittest.TestCase): vault_id_names = ['prompt1', 'prompt2', 'prompt3', 'default'] self._assert_ids(vault_id_names, res) - @patch('ansible.cli.C', name='MockConfig') + @patch('ansible.cli.C') @patch('ansible.cli.get_file_vault_secret') @patch('ansible.cli.PromptVaultSecret') def test_default_file_vault(self, mock_prompt_secret, @@ -146,6 +146,35 @@ class TestCliSetupVaultSecrets(unittest.TestCase): self.assertEqual(matches[0][1].bytes, b'file1_password') self.assertEqual(matches[1][1].bytes, b'prompt1_password') + @patch('ansible.cli.get_file_vault_secret') + @patch('ansible.cli.PromptVaultSecret') + def test_default_file_vault_identity_list(self, mock_prompt_secret, + mock_file_secret): + default_vault_ids = ['some_prompt@prompt', + 'some_file@/dev/null/secret'] + + mock_prompt_secret.return_value = MagicMock(bytes=b'some_prompt_password', + vault_id='some_prompt') + + filename = '/dev/null/secret' + mock_file_secret.return_value = MagicMock(bytes=b'some_file_password', + vault_id='some_file', + filename=filename) + + vault_ids = default_vault_ids + res = cli.CLI.setup_vault_secrets(loader=self.fake_loader, + vault_ids=vault_ids, + create_new_password=False, + ask_vault_pass=True) + + self.assertIsInstance(res, list) + matches = vault.match_secrets(res, ['some_file']) + # --vault-password-file/DEFAULT_VAULT_PASSWORD_FILE is higher precendce than prompts + # if the same vault-id ('default') regardless of cli order since it didn't matter in 2.3 + self.assertEqual(matches[0][1].bytes, b'some_file_password') + matches = vault.match_secrets(res, ['some_prompt']) + self.assertEqual(matches[0][1].bytes, b'some_prompt_password') + @patch('ansible.cli.PromptVaultSecret') def test_prompt_just_ask_vault_pass(self, mock_prompt_secret): mock_prompt_secret.return_value = MagicMock(bytes=b'prompt1_password', |