Allow tests to have min/max SOPS version; add tests for handle_unencr…

…ypted_files.
ansible-collections · Jul 6, 2024 · 383cb7f · 383cb7f
1 parent 3119d8b
commit 383cb7f
Show file tree

Hide file tree

Showing 17 changed files with 129 additions and 5 deletions.
diff --git a/tests/integration/targets/vars_sops/run-test.sh b/tests/integration/targets/vars_sops/run-test.sh
@@ -10,13 +10,27 @@ if [ "$(command -v sops)" == "" ]; then
     exit 1
 fi
 
-TEST="$1"
-if [ "${TEST}" == "" ]; then
-    echo "First parameter must be test name!"
+if [ $# -lt 2 ]; then
+    echo "First parameter must be test name, second parameter the SOPS version!"
     exit 1
 fi
+TEST="$1"
+SOPS_VERSION="$2"
+
+if [ -e "${TEST}/min-version" ]; then
+    MIN_VERSION="$(cat "${TEST}/min-version")"
+    if [ "$(echo -e "${SOPS_VERSION}\n${MIN_VERSION}" | sort -V | head -1)" != "${MIN_VERSION}" ]; then
+        exit
+    fi
+fi
+if [ -e "${TEST}/max-version" ]; then
+    MAX_VERSION="$(cat "${TEST}/max-version")"
+    if [ "$(echo -e "${SOPS_VERSION}\n${MAX_VERSION}" | sort -V | head -1)" != "${SOPS_VERSION}" ]; then
+        exit
+    fi
+fi
 
-shift
+shift 2
 
 (
     cd "${TEST}"

diff --git a/tests/integration/targets/vars_sops/run-tests.sh b/tests/integration/targets/vars_sops/run-tests.sh
@@ -10,6 +10,13 @@ if [ "$(command -v sops)" == "" ]; then
     exit 1
 fi
 
+# Get hold of SOPS version
+set +e
+SOPS_VERSION_RAW="$(sops --version --disable-version-check)" || SOPS_VERSION_RAW="$(sops --version)"
+set -e
+SOPS_VERSION="$(echo "${SOPS_VERSION_RAW}" | sed -E 's/^sops ([0-9.]+).*/\1/g')"
+
+# Run all tests
 for TEST in $(find . -maxdepth 1 -type d -name 'test-*' | sort); do
-    ./run-test.sh "${TEST}" "$@"
+    ./run-test.sh "${TEST}" "${SOPS_VERSION}" "$@"
 done
diff --git a/tests/integration/targets/vars_sops/test-bad-file-error/validate.sh b/tests/integration/targets/vars_sops/test-bad-file-error/validate.sh
@@ -10,3 +10,4 @@ if [ "$1" != 4 ]; then
 fi
 
 ( grep -F "ERROR! error with file" "$2" && grep "sops metadata not found" "$2" ) || ( grep -F "ERROR! SOPS vars plugin: file" "$2" && grep "is not encrypted" "$2" )
+( grep -vF "[WARNING]: SOPS vars plugin: skipping unencrypted file" "$2" )
diff --git a/tests/integration/targets/vars_sops/test-bad-file-skip/group_vars/all.sops.yml b/tests/integration/targets/vars_sops/test-bad-file-skip/group_vars/all.sops.yml
@@ -0,0 +1,6 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+this-is-not: a sops file
diff --git a/tests/integration/targets/vars_sops/test-bad-file-skip/hosts b/tests/integration/targets/vars_sops/test-bad-file-skip/hosts
@@ -0,0 +1,6 @@
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+[all]
+localhost ansible_connection=local ansible_python_interpreter="{{ ansible_playbook_python }}"
diff --git a/tests/integration/targets/vars_sops/test-bad-file-skip/min-version b/tests/integration/targets/vars_sops/test-bad-file-skip/min-version
@@ -0,0 +1 @@
+3.9.0
diff --git a/tests/integration/targets/vars_sops/test-bad-file-skip/min-version.license b/tests/integration/targets/vars_sops/test-bad-file-skip/min-version.license
@@ -0,0 +1,3 @@
+GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+SPDX-License-Identifier: GPL-3.0-or-later
+SPDX-FileCopyrightText: Ansible Project
diff --git a/tests/integration/targets/vars_sops/test-bad-file-skip/playbook.yml b/tests/integration/targets/vars_sops/test-bad-file-skip/playbook.yml
@@ -0,0 +1,14 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+- hosts: localhost
+  gather_facts: false
+  tasks:
+    - name: Make sure group_vars/all.sops.yaml was found
+      debug:
+        msg: '{{ foo }}'
+    - name: Make sure group_vars/all/test.sops.yaml was found
+      debug:
+        msg: '{{ bar }}'
diff --git a/tests/integration/targets/vars_sops/test-bad-file-skip/run.sh b/tests/integration/targets/vars_sops/test-bad-file-skip/run.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+set -e
+ANSIBLE_VARS_SOPS_PLUGIN_HANDLE_UNENCRYPTED_FILES=skip \
+ansible-playbook playbook.yml -i hosts -v "$@"
diff --git a/tests/integration/targets/vars_sops/test-bad-file-skip/validate.sh b/tests/integration/targets/vars_sops/test-bad-file-skip/validate.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+set -eux
+
+if [ "$1" != 2 ]; then
+    exit 1
+fi
+
+( grep -vF "ERROR! SOPS vars plugin: file" "$2" && grep -v "is not encrypted" "$2" )
+( grep -vF "[WARNING]: SOPS vars plugin: skipping unencrypted file" "$2" )
diff --git a/tests/integration/targets/vars_sops/test-bad-file-warn/group_vars/all.sops.yml b/tests/integration/targets/vars_sops/test-bad-file-warn/group_vars/all.sops.yml
@@ -0,0 +1,6 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+this-is-not: a sops file
diff --git a/tests/integration/targets/vars_sops/test-bad-file-warn/hosts b/tests/integration/targets/vars_sops/test-bad-file-warn/hosts
@@ -0,0 +1,6 @@
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+[all]
+localhost ansible_connection=local ansible_python_interpreter="{{ ansible_playbook_python }}"
diff --git a/tests/integration/targets/vars_sops/test-bad-file-warn/min-version b/tests/integration/targets/vars_sops/test-bad-file-warn/min-version
@@ -0,0 +1 @@
+3.9.0
diff --git a/tests/integration/targets/vars_sops/test-bad-file-warn/min-version.license b/tests/integration/targets/vars_sops/test-bad-file-warn/min-version.license
@@ -0,0 +1,3 @@
+GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+SPDX-License-Identifier: GPL-3.0-or-later
+SPDX-FileCopyrightText: Ansible Project
diff --git a/tests/integration/targets/vars_sops/test-bad-file-warn/playbook.yml b/tests/integration/targets/vars_sops/test-bad-file-warn/playbook.yml
@@ -0,0 +1,14 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+- hosts: localhost
+  gather_facts: false
+  tasks:
+    - name: Make sure group_vars/all.sops.yaml was found
+      debug:
+        msg: '{{ foo }}'
+    - name: Make sure group_vars/all/test.sops.yaml was found
+      debug:
+        msg: '{{ bar }}'
diff --git a/tests/integration/targets/vars_sops/test-bad-file-warn/run.sh b/tests/integration/targets/vars_sops/test-bad-file-warn/run.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+set -e
+ANSIBLE_VARS_SOPS_PLUGIN_HANDLE_UNENCRYPTED_FILES=warn \
+ansible-playbook playbook.yml -i hosts -v "$@"
diff --git a/tests/integration/targets/vars_sops/test-bad-file-warn/validate.sh b/tests/integration/targets/vars_sops/test-bad-file-warn/validate.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+set -eux
+
+if [ "$1" != 2 ]; then
+    exit 1
+fi
+
+( grep -vF "ERROR! SOPS vars plugin: file" "$2" && grep -v "is not encrypted" "$2" )
+( grep -F "[WARNING]: SOPS vars plugin: skipping unencrypted file" "$2" )