From 383cb7f196f39e76b74c7e0f3f84bc18c4ba8829 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Sat, 6 Jul 2024 22:21:05 +0200 Subject: [PATCH] Allow tests to have min/max SOPS version; add tests for handle_unencrypted_files. --- .../integration/targets/vars_sops/run-test.sh | 22 +++++++++++++++---- .../targets/vars_sops/run-tests.sh | 9 +++++++- .../vars_sops/test-bad-file-error/validate.sh | 1 + .../group_vars/all.sops.yml | 6 +++++ .../vars_sops/test-bad-file-skip/hosts | 6 +++++ .../vars_sops/test-bad-file-skip/min-version | 1 + .../test-bad-file-skip/min-version.license | 3 +++ .../vars_sops/test-bad-file-skip/playbook.yml | 14 ++++++++++++ .../vars_sops/test-bad-file-skip/run.sh | 8 +++++++ .../vars_sops/test-bad-file-skip/validate.sh | 13 +++++++++++ .../group_vars/all.sops.yml | 6 +++++ .../vars_sops/test-bad-file-warn/hosts | 6 +++++ .../vars_sops/test-bad-file-warn/min-version | 1 + .../test-bad-file-warn/min-version.license | 3 +++ .../vars_sops/test-bad-file-warn/playbook.yml | 14 ++++++++++++ .../vars_sops/test-bad-file-warn/run.sh | 8 +++++++ .../vars_sops/test-bad-file-warn/validate.sh | 13 +++++++++++ 17 files changed, 129 insertions(+), 5 deletions(-) create mode 100644 tests/integration/targets/vars_sops/test-bad-file-skip/group_vars/all.sops.yml create mode 100644 tests/integration/targets/vars_sops/test-bad-file-skip/hosts create mode 100644 tests/integration/targets/vars_sops/test-bad-file-skip/min-version create mode 100644 tests/integration/targets/vars_sops/test-bad-file-skip/min-version.license create mode 100644 tests/integration/targets/vars_sops/test-bad-file-skip/playbook.yml create mode 100755 tests/integration/targets/vars_sops/test-bad-file-skip/run.sh create mode 100755 tests/integration/targets/vars_sops/test-bad-file-skip/validate.sh create mode 100644 tests/integration/targets/vars_sops/test-bad-file-warn/group_vars/all.sops.yml create mode 100644 tests/integration/targets/vars_sops/test-bad-file-warn/hosts create mode 100644 tests/integration/targets/vars_sops/test-bad-file-warn/min-version create mode 100644 tests/integration/targets/vars_sops/test-bad-file-warn/min-version.license create mode 100644 tests/integration/targets/vars_sops/test-bad-file-warn/playbook.yml create mode 100755 tests/integration/targets/vars_sops/test-bad-file-warn/run.sh create mode 100755 tests/integration/targets/vars_sops/test-bad-file-warn/validate.sh diff --git a/tests/integration/targets/vars_sops/run-test.sh b/tests/integration/targets/vars_sops/run-test.sh index ef91a8e8..fa937d54 100755 --- a/tests/integration/targets/vars_sops/run-test.sh +++ b/tests/integration/targets/vars_sops/run-test.sh @@ -10,13 +10,27 @@ if [ "$(command -v sops)" == "" ]; then exit 1 fi -TEST="$1" -if [ "${TEST}" == "" ]; then - echo "First parameter must be test name!" +if [ $# -lt 2 ]; then + echo "First parameter must be test name, second parameter the SOPS version!" exit 1 fi +TEST="$1" +SOPS_VERSION="$2" + +if [ -e "${TEST}/min-version" ]; then + MIN_VERSION="$(cat "${TEST}/min-version")" + if [ "$(echo -e "${SOPS_VERSION}\n${MIN_VERSION}" | sort -V | head -1)" != "${MIN_VERSION}" ]; then + exit + fi +fi +if [ -e "${TEST}/max-version" ]; then + MAX_VERSION="$(cat "${TEST}/max-version")" + if [ "$(echo -e "${SOPS_VERSION}\n${MAX_VERSION}" | sort -V | head -1)" != "${SOPS_VERSION}" ]; then + exit + fi +fi -shift +shift 2 ( cd "${TEST}" diff --git a/tests/integration/targets/vars_sops/run-tests.sh b/tests/integration/targets/vars_sops/run-tests.sh index 91714d08..002f2b19 100755 --- a/tests/integration/targets/vars_sops/run-tests.sh +++ b/tests/integration/targets/vars_sops/run-tests.sh @@ -10,6 +10,13 @@ if [ "$(command -v sops)" == "" ]; then exit 1 fi +# Get hold of SOPS version +set +e +SOPS_VERSION_RAW="$(sops --version --disable-version-check)" || SOPS_VERSION_RAW="$(sops --version)" +set -e +SOPS_VERSION="$(echo "${SOPS_VERSION_RAW}" | sed -E 's/^sops ([0-9.]+).*/\1/g')" + +# Run all tests for TEST in $(find . -maxdepth 1 -type d -name 'test-*' | sort); do - ./run-test.sh "${TEST}" "$@" + ./run-test.sh "${TEST}" "${SOPS_VERSION}" "$@" done diff --git a/tests/integration/targets/vars_sops/test-bad-file-error/validate.sh b/tests/integration/targets/vars_sops/test-bad-file-error/validate.sh index 8e66c4c3..b193a273 100755 --- a/tests/integration/targets/vars_sops/test-bad-file-error/validate.sh +++ b/tests/integration/targets/vars_sops/test-bad-file-error/validate.sh @@ -10,3 +10,4 @@ if [ "$1" != 4 ]; then fi ( grep -F "ERROR! error with file" "$2" && grep "sops metadata not found" "$2" ) || ( grep -F "ERROR! SOPS vars plugin: file" "$2" && grep "is not encrypted" "$2" ) +( grep -vF "[WARNING]: SOPS vars plugin: skipping unencrypted file" "$2" ) diff --git a/tests/integration/targets/vars_sops/test-bad-file-skip/group_vars/all.sops.yml b/tests/integration/targets/vars_sops/test-bad-file-skip/group_vars/all.sops.yml new file mode 100644 index 00000000..3f3fff63 --- /dev/null +++ b/tests/integration/targets/vars_sops/test-bad-file-skip/group_vars/all.sops.yml @@ -0,0 +1,6 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +this-is-not: a sops file diff --git a/tests/integration/targets/vars_sops/test-bad-file-skip/hosts b/tests/integration/targets/vars_sops/test-bad-file-skip/hosts new file mode 100644 index 00000000..f43ae790 --- /dev/null +++ b/tests/integration/targets/vars_sops/test-bad-file-skip/hosts @@ -0,0 +1,6 @@ +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +[all] +localhost ansible_connection=local ansible_python_interpreter="{{ ansible_playbook_python }}" diff --git a/tests/integration/targets/vars_sops/test-bad-file-skip/min-version b/tests/integration/targets/vars_sops/test-bad-file-skip/min-version new file mode 100644 index 00000000..b72ad011 --- /dev/null +++ b/tests/integration/targets/vars_sops/test-bad-file-skip/min-version @@ -0,0 +1 @@ +3.9.0 \ No newline at end of file diff --git a/tests/integration/targets/vars_sops/test-bad-file-skip/min-version.license b/tests/integration/targets/vars_sops/test-bad-file-skip/min-version.license new file mode 100644 index 00000000..edff8c76 --- /dev/null +++ b/tests/integration/targets/vars_sops/test-bad-file-skip/min-version.license @@ -0,0 +1,3 @@ +GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +SPDX-License-Identifier: GPL-3.0-or-later +SPDX-FileCopyrightText: Ansible Project diff --git a/tests/integration/targets/vars_sops/test-bad-file-skip/playbook.yml b/tests/integration/targets/vars_sops/test-bad-file-skip/playbook.yml new file mode 100644 index 00000000..b5329165 --- /dev/null +++ b/tests/integration/targets/vars_sops/test-bad-file-skip/playbook.yml @@ -0,0 +1,14 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +- hosts: localhost + gather_facts: false + tasks: + - name: Make sure group_vars/all.sops.yaml was found + debug: + msg: '{{ foo }}' + - name: Make sure group_vars/all/test.sops.yaml was found + debug: + msg: '{{ bar }}' diff --git a/tests/integration/targets/vars_sops/test-bad-file-skip/run.sh b/tests/integration/targets/vars_sops/test-bad-file-skip/run.sh new file mode 100755 index 00000000..8d952bae --- /dev/null +++ b/tests/integration/targets/vars_sops/test-bad-file-skip/run.sh @@ -0,0 +1,8 @@ +#!/bin/sh +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +set -e +ANSIBLE_VARS_SOPS_PLUGIN_HANDLE_UNENCRYPTED_FILES=skip \ +ansible-playbook playbook.yml -i hosts -v "$@" diff --git a/tests/integration/targets/vars_sops/test-bad-file-skip/validate.sh b/tests/integration/targets/vars_sops/test-bad-file-skip/validate.sh new file mode 100755 index 00000000..11b12e90 --- /dev/null +++ b/tests/integration/targets/vars_sops/test-bad-file-skip/validate.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +set -eux + +if [ "$1" != 2 ]; then + exit 1 +fi + +( grep -vF "ERROR! SOPS vars plugin: file" "$2" && grep -v "is not encrypted" "$2" ) +( grep -vF "[WARNING]: SOPS vars plugin: skipping unencrypted file" "$2" ) diff --git a/tests/integration/targets/vars_sops/test-bad-file-warn/group_vars/all.sops.yml b/tests/integration/targets/vars_sops/test-bad-file-warn/group_vars/all.sops.yml new file mode 100644 index 00000000..3f3fff63 --- /dev/null +++ b/tests/integration/targets/vars_sops/test-bad-file-warn/group_vars/all.sops.yml @@ -0,0 +1,6 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +this-is-not: a sops file diff --git a/tests/integration/targets/vars_sops/test-bad-file-warn/hosts b/tests/integration/targets/vars_sops/test-bad-file-warn/hosts new file mode 100644 index 00000000..f43ae790 --- /dev/null +++ b/tests/integration/targets/vars_sops/test-bad-file-warn/hosts @@ -0,0 +1,6 @@ +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +[all] +localhost ansible_connection=local ansible_python_interpreter="{{ ansible_playbook_python }}" diff --git a/tests/integration/targets/vars_sops/test-bad-file-warn/min-version b/tests/integration/targets/vars_sops/test-bad-file-warn/min-version new file mode 100644 index 00000000..b72ad011 --- /dev/null +++ b/tests/integration/targets/vars_sops/test-bad-file-warn/min-version @@ -0,0 +1 @@ +3.9.0 \ No newline at end of file diff --git a/tests/integration/targets/vars_sops/test-bad-file-warn/min-version.license b/tests/integration/targets/vars_sops/test-bad-file-warn/min-version.license new file mode 100644 index 00000000..edff8c76 --- /dev/null +++ b/tests/integration/targets/vars_sops/test-bad-file-warn/min-version.license @@ -0,0 +1,3 @@ +GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +SPDX-License-Identifier: GPL-3.0-or-later +SPDX-FileCopyrightText: Ansible Project diff --git a/tests/integration/targets/vars_sops/test-bad-file-warn/playbook.yml b/tests/integration/targets/vars_sops/test-bad-file-warn/playbook.yml new file mode 100644 index 00000000..b5329165 --- /dev/null +++ b/tests/integration/targets/vars_sops/test-bad-file-warn/playbook.yml @@ -0,0 +1,14 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +- hosts: localhost + gather_facts: false + tasks: + - name: Make sure group_vars/all.sops.yaml was found + debug: + msg: '{{ foo }}' + - name: Make sure group_vars/all/test.sops.yaml was found + debug: + msg: '{{ bar }}' diff --git a/tests/integration/targets/vars_sops/test-bad-file-warn/run.sh b/tests/integration/targets/vars_sops/test-bad-file-warn/run.sh new file mode 100755 index 00000000..284a5229 --- /dev/null +++ b/tests/integration/targets/vars_sops/test-bad-file-warn/run.sh @@ -0,0 +1,8 @@ +#!/bin/sh +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +set -e +ANSIBLE_VARS_SOPS_PLUGIN_HANDLE_UNENCRYPTED_FILES=warn \ +ansible-playbook playbook.yml -i hosts -v "$@" diff --git a/tests/integration/targets/vars_sops/test-bad-file-warn/validate.sh b/tests/integration/targets/vars_sops/test-bad-file-warn/validate.sh new file mode 100755 index 00000000..cc18c07b --- /dev/null +++ b/tests/integration/targets/vars_sops/test-bad-file-warn/validate.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +set -eux + +if [ "$1" != 2 ]; then + exit 1 +fi + +( grep -vF "ERROR! SOPS vars plugin: file" "$2" && grep -v "is not encrypted" "$2" ) +( grep -F "[WARNING]: SOPS vars plugin: skipping unencrypted file" "$2" )