mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-10-23 20:44:00 -07:00
Vault secrets default vault ids list (#28190)
* Add config option for a default list of vault-ids This is the vault-id equilivent of ANSIBLE_DEFAULT_PASSWORD_FILE except ANSIBLE_DEFAULT_VAULT_IDENTITY_LIST is a list.
This commit is contained in:
parent
1b8fe94e5a
commit
5739bb075f
6 changed files with 59 additions and 4 deletions
|
@ -121,7 +121,7 @@ class TestCliSetupVaultSecrets(unittest.TestCase):
|
|||
vault_id_names = ['prompt1', 'prompt2', 'prompt3', 'default']
|
||||
self._assert_ids(vault_id_names, res)
|
||||
|
||||
@patch('ansible.cli.C', name='MockConfig')
|
||||
@patch('ansible.cli.C')
|
||||
@patch('ansible.cli.get_file_vault_secret')
|
||||
@patch('ansible.cli.PromptVaultSecret')
|
||||
def test_default_file_vault(self, mock_prompt_secret,
|
||||
|
@ -146,6 +146,35 @@ class TestCliSetupVaultSecrets(unittest.TestCase):
|
|||
self.assertEqual(matches[0][1].bytes, b'file1_password')
|
||||
self.assertEqual(matches[1][1].bytes, b'prompt1_password')
|
||||
|
||||
@patch('ansible.cli.get_file_vault_secret')
|
||||
@patch('ansible.cli.PromptVaultSecret')
|
||||
def test_default_file_vault_identity_list(self, mock_prompt_secret,
|
||||
mock_file_secret):
|
||||
default_vault_ids = ['some_prompt@prompt',
|
||||
'some_file@/dev/null/secret']
|
||||
|
||||
mock_prompt_secret.return_value = MagicMock(bytes=b'some_prompt_password',
|
||||
vault_id='some_prompt')
|
||||
|
||||
filename = '/dev/null/secret'
|
||||
mock_file_secret.return_value = MagicMock(bytes=b'some_file_password',
|
||||
vault_id='some_file',
|
||||
filename=filename)
|
||||
|
||||
vault_ids = default_vault_ids
|
||||
res = cli.CLI.setup_vault_secrets(loader=self.fake_loader,
|
||||
vault_ids=vault_ids,
|
||||
create_new_password=False,
|
||||
ask_vault_pass=True)
|
||||
|
||||
self.assertIsInstance(res, list)
|
||||
matches = vault.match_secrets(res, ['some_file'])
|
||||
# --vault-password-file/DEFAULT_VAULT_PASSWORD_FILE is higher precendce than prompts
|
||||
# if the same vault-id ('default') regardless of cli order since it didn't matter in 2.3
|
||||
self.assertEqual(matches[0][1].bytes, b'some_file_password')
|
||||
matches = vault.match_secrets(res, ['some_prompt'])
|
||||
self.assertEqual(matches[0][1].bytes, b'some_prompt_password')
|
||||
|
||||
@patch('ansible.cli.PromptVaultSecret')
|
||||
def test_prompt_just_ask_vault_pass(self, mock_prompt_secret):
|
||||
mock_prompt_secret.return_value = MagicMock(bytes=b'prompt1_password',
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue