win_copy: fix for copying encrypted file without pass (#31084)

* win_copy: fix for copying encrypted file without pass * fix pep8 issue * reduced the diff and fixed some minor issues
2025-10-23 04:24:00 -07:00 · 2017-10-04 06:51:57 +11:00 · 2017-10-04 06:51:57 +11:00 · bba941cd5b
commit bba941cd5b
parent 72237b63e7
5 changed files with 63 additions and 10 deletions
--- a/test/integration/targets/win_copy/files-vault/folder/nested-vault-file
+++ b/test/integration/targets/win_copy/files-vault/folder/nested-vault-file
@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+65653164323866373138353632323531393664393563633665373635623763353561386431373366
+3232353263363034313136663062623336663463373966320a333763323032646463386432626161
+36386330356637666362396661653935653064623038333031653335626164376465353235303636
+3335616231663838620a303632343938326538656233393562303162343261383465623261646664
+33613932343461626339333832363930303962633364303736376634396364643861
--- a/test/integration/targets/win_copy/files-vault/readme.txt
+++ b/test/integration/targets/win_copy/files-vault/readme.txt
@ -0,0 +1,5 @@
+This directory contains some files that have been encrypted with ansible-vault.
+
+This is to test out the decrypt parameter in win_copy.
+
+The password is: password
--- a/test/integration/targets/win_copy/files-vault/vault-file
+++ b/test/integration/targets/win_copy/files-vault/vault-file
@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+30353665333635633433356261616636356130386330363962386533303566313463383734373532
+3933643234323638623939613462346361313431363939370a303532656338353035346661353965
+34656231633238396361393131623834316262306533663838336362366137306562646561383766
+6363373965633337640a373666336461613337346131353564383134326139616561393664663563
+3431
--- a/test/integration/targets/win_copy/tasks/tests.yml
+++ b/test/integration/targets/win_copy/tasks/tests.yml
@ -26,6 +26,32 @@
  register: fail_missing_parent_dir
  failed_when: "'Destination directory ' + test_win_copy_path + '\\missing-dir does not exist' not in fail_missing_parent_dir.msg"

+- name: fail to copy an encrypted file without the password set
+  win_copy:
+    src: '{{role_path}}/files-vault/vault-file'
+    dest: '{{test_win_copy_path}}\file'
+  register: fail_copy_encrypted_file
+  ignore_errors: yes # weird failed_when doesn't work in this case
+
+- name: assert failure message when copying an encrypted file without the password set
+  assert:
+    that:
+    - fail_copy_encrypted_file|failed
+    - fail_copy_encrypted_file.msg == 'A vault password or secret must be specified to decrypt {{role_path}}/files-vault/vault-file'
+
+- name: fail to copy a directory with an encrypted file without the password
+  win_copy:
+    src: '{{role_path}}/files-vault'
+    dest: '{{test_win_copy_path}}'
+  register: fail_copy_directory_with_enc_file
+  ignore_errors: yes
+
+- name: assert failure message when copying a directory that contains an encrypted file without the password set
+  assert:
+    that:
+    - fail_copy_directory_with_enc_file|failed
+    - fail_copy_directory_with_enc_file.msg == 'A vault password or secret must be specified to decrypt {{role_path}}/files-vault/vault-file'
+
 - name: copy with content (check mode)
  win_copy:
    content: a