kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-05-18 18:50:32 +02:00
Code Issues Packages Projects Releases Wiki Activity
computer-playbook/tests/unit/test_generate_vaulted_credentials.py

75 lines
2.7 KiB
Python
Raw Blame History

import pytest
import sys, os
from pathlib import Path
# 1) Add project root (two levels up) so 'cli' is on the path
PROJECT_ROOT = Path(__file__).parent.parent.parent.resolve()
sys.path.insert(0, str(PROJECT_ROOT))
# 2) Import from the cli package
import cli.create_credentials as gvc
class DummyProc:
def __init__(self, returncode, stdout, stderr=''):
self.returncode = returncode
self.stdout = stdout
self.stderr = stderr
# Monkeypatch subprocess.run for encrypt_with_vault
@pytest.fixture(autouse=True)
def mock_subprocess_run(monkeypatch):
def fake_run(cmd, capture_output, text):
name = None
# find --name=<key> in args
for arg in cmd:
if arg.startswith("--name="):
name = arg.split("=",1)[1]
val = cmd[ cmd.index(name) - 1 ] if name else "key"
# simulate Ansible output
snippet = f"{name or 'key'}: !vault |\n encrypted_{val}"
return DummyProc(0, snippet)
monkeypatch.setattr(gvc.subprocess, 'run', fake_run)
def test_wrap_existing_vaults():
data = {
'a': '$ANSIBLE_VAULT;1.1;AES256...blob',
'b': {'c': 'normal', 'd': '$ANSIBLE_VAULT;1.1;AES256...other'},
'e': ['x', '$ANSIBLE_VAULT;1.1;AES256...list']
}
wrapped = gvc.wrap_existing_vaults(data)
assert isinstance(wrapped['a'], gvc.VaultScalar)
assert isinstance(wrapped['b']['d'], gvc.VaultScalar)
assert isinstance(wrapped['e'][1], gvc.VaultScalar)
assert wrapped['b']['c'] == 'normal'
assert wrapped['e'][0] == 'x'
@pytest.mark.parametrize("pairs,expected", [
(['k=v'], {'k': 'v'}),
(['a.b=1', 'c=two'], {'a.b': '1', 'c': 'two'}),
(['noeq'], {}),
])
def test_parse_overrides(pairs, expected):
assert gvc.parse_overrides(pairs) == expected
def test_apply_schema_and_vault(tmp_path):
schema = {
'cred': {'description':'d','algorithm':'plain','validation':{}},
'nested': {'inner': {'description':'d2','algorithm':'plain','validation':{}}}
}
inv = {}
updated = gvc.apply_schema(schema, inv, 'app', {}, 'pwfile')
apps = updated['applications']['app']
assert isinstance(apps['cred'], gvc.VaultScalar)
assert isinstance(apps['nested']['inner'], gvc.VaultScalar)
def test_encrypt_leaves_and_credentials():
branch = {'p':'v','nested':{'q':'u'}}
gvc.encrypt_leaves(branch, 'pwfile')
assert isinstance(branch['p'], gvc.VaultScalar)
assert isinstance(branch['nested']['q'], gvc.VaultScalar)
inv = {'credentials':{'a':'b'}, 'x':{'credentials':{'c':'d'}}}
gvc.encrypt_credentials_branch(inv, 'pwfile')
assert isinstance(inv['credentials']['a'], gvc.VaultScalar)
assert isinstance(inv['x']['credentials']['c'], gvc.VaultScalar)
Reference in New Issue View Git Blame Copy Permalink