diff --git a/tests/integration/targets/setup_sops/tasks/main.yml b/tests/integration/targets/setup_sops/tasks/main.yml index f40ecd1c..41c9ff61 100644 --- a/tests/integration/targets/setup_sops/tasks/main.yml +++ b/tests/integration/targets/setup_sops/tasks/main.yml @@ -26,3 +26,47 @@ set_fact: sops_installed: true age_installed: '{{ age_version_command.rc == 0 }}' + +- name: Determine SOPS versions + when: sops_version_remote is not defined or sops_version_controller is not defined + block: + - name: Determine SOPS version on remote + command: sops --version --disable-version-check + changed_when: false + ignore_errors: true + register: sops_version_remote_tmp + + - name: Determine SOPS version on remote, try 2 + command: sops --version + changed_when: false + register: sops_version_remote_tmp_2 + when: sops_version_remote_tmp is failed + + - name: Determine SOPS version on controller + command: sops --version --disable-version-check + delegate_to: localhost + changed_when: false + ignore_errors: true + register: sops_version_controller_tmp + + - name: Determine SOPS version on controller, try 2 + command: sops --version {{ '--disable-version-check' if sops_version_controller_tmp is not defined else '' }} + delegate_to: localhost + changed_when: false + register: sops_version_controller_tmp_2 + when: sops_version_controller_tmp is failed + + - name: Set versions + set_fact: + sops_version_remote: >- + {{ + (sops_version_remote_tmp_2 if sops_version_remote_tmp is failed else sops_version_remote_tmp).stdout_lines[0] + | regex_replace(".*sops ([0-9]+\.[0-9]+\.[0-9]+).*", "\1") + | trim + }} + sops_version_controller: >- + {{ + (sops_version_controller_tmp_2 if sops_version_controller_tmp is failed else sops_version_controller_tmp).stdout_lines[0] + | regex_replace(".*sops ([0-9]+\.[0-9]+\.[0-9]+).*", "\1") + | trim + }} diff --git a/tests/integration/targets/sops_encrypt/files/.sops.yaml b/tests/integration/targets/sops_encrypt/files/.sops.yaml index e28ce962..64b47f7d 100644 --- a/tests/integration/targets/sops_encrypt/files/.sops.yaml +++ b/tests/integration/targets/sops_encrypt/files/.sops.yaml @@ -4,4 +4,7 @@ # SPDX-License-Identifier: GPL-3.0-or-later creation_rules: - - pgp: FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4 + - path_regex: test_json + unencrypted_regex: ^key1$ + pgp: FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4 + - pgp: FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4 diff --git a/tests/integration/targets/sops_encrypt/tasks/main.yml b/tests/integration/targets/sops_encrypt/tasks/main.yml index 6d843153..615a3342 100644 --- a/tests/integration/targets/sops_encrypt/tasks/main.yml +++ b/tests/integration/targets/sops_encrypt/tasks/main.yml @@ -245,6 +245,23 @@ value_1_raw: "{{ slurp.content | b64decode | community.sops.decrypt(output_type='json') | b64encode }}" value_1: "{{ slurp.content | b64decode | community.sops.decrypt(output_type='json') | from_json }}" + - name: "SOPS 3.9.0+: check whether path_regex in .sops.yaml works" + assert: + that: + - >- + '"key1": "value1"' in slurp.content | b64decode + - >- + '"unencrypted_regex": "^key1$"' in slurp.content | b64decode + when: sops_version_controller is version('3.9.0', '>=') + - name: "SOPS before 3.9.0: check whether path_regex in .sops.yaml did not work" + assert: + that: + - >- + '"key1": "value1"' not in slurp.content | b64decode + - >- + '"unencrypted_regex": "^key1$"' not in slurp.content | b64decode + when: sops_version_controller is version('3.9.0', '<') + - name: Create JSON file (idempotency, check mode) community.sops.sops_encrypt: path: "{{ remote_tmp_dir }}/test_json"