From 260bdb1572b07aff2b54dfe9701de91d8eca85c1 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Sat, 8 Mar 2025 10:48:34 +0100 Subject: [PATCH] Improve tests (#852) * Use no longer needed wrapper. * Improve tests. --- .../targets/acme_ari_info/tests/validate.yml | 4 +- .../filter_openssl_csr_info/tasks/impl.yml | 8 +-- .../tasks/impl.yml | 3 +- .../tasks/impl.yml | 4 +- .../targets/filter_split_pem/tasks/main.yml | 2 +- .../tasks/impl.yml | 8 +-- .../filter_x509_crl_info/tasks/impl.yml | 10 ++-- .../targets/openssl_csr_info/tasks/impl.yml | 5 +- .../openssl_privatekey/tests/validate.yml | 4 +- .../openssl_privatekey_info/tasks/impl.yml | 5 +- .../openssl_publickey_info/tasks/impl.yml | 5 +- .../filter_plugins/helper.py | 27 ++++++++++ .../targets/openssl_signature/meta/main.yml | 1 + .../targets/openssl_signature/tasks/main.yml | 12 +---- .../x509_certificate_info/tasks/impl.yml | 5 +- tests/unit/plugins/modules/utils.py | 54 ------------------- 16 files changed, 67 insertions(+), 90 deletions(-) create mode 100644 tests/integration/targets/openssl_signature/filter_plugins/helper.py delete mode 100644 tests/unit/plugins/modules/utils.py diff --git a/tests/integration/targets/acme_ari_info/tests/validate.yml b/tests/integration/targets/acme_ari_info/tests/validate.yml index 19d446c0..a19c92a7 100644 --- a/tests/integration/targets/acme_ari_info/tests/validate.yml +++ b/tests/integration/targets/acme_ari_info/tests/validate.yml @@ -7,8 +7,8 @@ assert: that: - cert_1 is not changed - - cert_1.renewal_info.explanationURL is string or cert_1.renewal_info.explanationURL is not defined - - cert_1.renewal_info.retryAfter is string or cert_1.renewal_info.retryAfter is not defined + - cert_1.renewal_info.explanationURL is not defined or cert_1.renewal_info.explanationURL is string + - cert_1.renewal_info.retryAfter is not defined or cert_1.renewal_info.retryAfter is string - cert_1.renewal_info.suggestedWindow.start is string - cert_1.renewal_info.suggestedWindow.end is string - >- diff --git a/tests/integration/targets/filter_openssl_csr_info/tasks/impl.yml b/tests/integration/targets/filter_openssl_csr_info/tasks/impl.yml index 0af55893..ce505647 100644 --- a/tests/integration/targets/filter_openssl_csr_info/tasks/impl.yml +++ b/tests/integration/targets/filter_openssl_csr_info/tasks/impl.yml @@ -102,7 +102,7 @@ assert: that: - output is failed - - output.msg is search("^The community.crypto.openssl_csr_info input must be a text type, not <(?:class|type) 'list'>$") + - output.msg is search("The community.crypto.openssl_csr_info input must be a text type, not ") - name: Get invalid certificate info set_fact: @@ -115,7 +115,7 @@ assert: that: - output is failed - - output.msg is search("^Unable to load (?:request|PEM file)(?:\.|$)") + - output.msg is search("Unable to load (?:request|PEM file)(?:\.|$)") - name: Get invalid certificate info set_fact: @@ -128,7 +128,7 @@ assert: that: - output is failed - - output.msg is search("^The name_encoding option must be of a text type, not <(?:class|type) 'list'>$") + - output.msg is search("The name_encoding option must be of a text type, not ") - name: Get invalid name_encoding parameter set_fact: @@ -141,4 +141,4 @@ assert: that: - output is failed - - output.msg is search("^The name_encoding option must be one of the values \"ignore\", \"idna\", or \"unicode\", not \"foo\"$") + - output.msg is search("The name_encoding option must be one of the values \"ignore\", \"idna\", or \"unicode\", not \"foo\"$") diff --git a/tests/integration/targets/filter_openssl_privatekey_info/tasks/impl.yml b/tests/integration/targets/filter_openssl_privatekey_info/tasks/impl.yml index d4f5df0a..ec4e3c6f 100644 --- a/tests/integration/targets/filter_openssl_privatekey_info/tasks/impl.yml +++ b/tests/integration/targets/filter_openssl_privatekey_info/tasks/impl.yml @@ -51,7 +51,8 @@ assert: that: - result is failed - - result.msg == 'Wrong or empty passphrase provided for private key' + - >- + 'Wrong or empty passphrase provided for private key' in result.msg - name: Get key 3 info (with passphrase) set_fact: diff --git a/tests/integration/targets/filter_openssl_publickey_info/tasks/impl.yml b/tests/integration/targets/filter_openssl_publickey_info/tasks/impl.yml index 156f2a74..3bfe1fc1 100644 --- a/tests/integration/targets/filter_openssl_publickey_info/tasks/impl.yml +++ b/tests/integration/targets/filter_openssl_publickey_info/tasks/impl.yml @@ -79,7 +79,7 @@ assert: that: - output is failed - - output.msg is search("^The community.crypto.openssl_publickey_info input must be a text type, not <(?:class|type) 'list'>$") + - output.msg is search("The community.crypto.openssl_publickey_info input must be a text type, not ") - name: Get invalid key info set_fact: @@ -92,4 +92,4 @@ assert: that: - output is failed - - 'output.msg is search("^Error while deserializing key: ")' + - 'output.msg is search("Error while deserializing key: ")' diff --git a/tests/integration/targets/filter_split_pem/tasks/main.yml b/tests/integration/targets/filter_split_pem/tasks/main.yml index 0b1dfdf1..f6f25f10 100644 --- a/tests/integration/targets/filter_split_pem/tasks/main.yml +++ b/tests/integration/targets/filter_split_pem/tasks/main.yml @@ -61,4 +61,4 @@ assert: that: - output is failed - - output.msg is search("^The community.crypto.split_pem input must be a text type, not <(?:class|type) 'list'>$") + - output.msg is search("The community.crypto.split_pem input must be a text type, not ") diff --git a/tests/integration/targets/filter_x509_certificate_info/tasks/impl.yml b/tests/integration/targets/filter_x509_certificate_info/tasks/impl.yml index 6441a544..3ac3782a 100644 --- a/tests/integration/targets/filter_x509_certificate_info/tasks/impl.yml +++ b/tests/integration/targets/filter_x509_certificate_info/tasks/impl.yml @@ -179,7 +179,7 @@ assert: that: - output is failed - - output.msg is search("^The community.crypto.x509_certificate_info input must be a text type, not <(?:class|type) 'list'>$") + - output.msg is search("The community.crypto.x509_certificate_info input must be a text type, not ") - name: Get invalid certificate info set_fact: @@ -192,7 +192,7 @@ assert: that: - output is failed - - output.msg is search("^Unable to load (?:certificate|PEM file)(?:\.|$)") + - output.msg is search("Unable to load (?:certificate|PEM file)(?:\.|$)") - name: Get invalid certificate info set_fact: @@ -205,7 +205,7 @@ assert: that: - output is failed - - output.msg is search("^The name_encoding option must be of a text type, not <(?:class|type) 'list'>$") + - output.msg is search("The name_encoding option must be of a text type, not ") - name: Get invalid name_encoding parameter set_fact: @@ -218,4 +218,4 @@ assert: that: - output is failed - - output.msg is search("^The name_encoding option must be one of the values \"ignore\", \"idna\", or \"unicode\", not \"foo\"$") + - output.msg is search("The name_encoding option must be one of the values \"ignore\", \"idna\", or \"unicode\", not \"foo\"$") diff --git a/tests/integration/targets/filter_x509_crl_info/tasks/impl.yml b/tests/integration/targets/filter_x509_crl_info/tasks/impl.yml index 4f2412d2..cbed96ed 100644 --- a/tests/integration/targets/filter_x509_crl_info/tasks/impl.yml +++ b/tests/integration/targets/filter_x509_crl_info/tasks/impl.yml @@ -291,7 +291,7 @@ assert: that: - output is failed - - output.msg is search("^The community.crypto.x509_crl_info input must be a text type, not <(?:class|type) 'list'>$") + - output.msg is search("The community.crypto.x509_crl_info input must be a text type, not ") - name: Get invalid CRL info set_fact: @@ -304,7 +304,7 @@ assert: that: - output is failed - - output.msg is search("^Error while decoding CRL") + - output.msg is search("Error while decoding CRL") - name: Get invalid CRL info set_fact: @@ -317,7 +317,7 @@ assert: that: - output is failed - - output.msg is search("^The name_encoding option must be of a text type, not <(?:class|type) 'list'>$") + - output.msg is search("The name_encoding option must be of a text type, not ") - name: Get invalid name_encoding parameter set_fact: @@ -330,7 +330,7 @@ assert: that: - output is failed - - output.msg is search("^The name_encoding option must be one of the values \"ignore\", \"idna\", or \"unicode\", not \"foo\"$") + - output.msg is search("The name_encoding option must be one of the values \"ignore\", \"idna\", or \"unicode\", not \"foo\"$") - name: Get invalid list_revoked_certificates parameter set_fact: @@ -343,4 +343,4 @@ assert: that: - output is failed - - output.msg is search("^The list_revoked_certificates option must be a boolean, not <(?:class|type) 'list'>$") + - output.msg is search("The list_revoked_certificates option must be a boolean, not ") diff --git a/tests/integration/targets/openssl_csr_info/tasks/impl.yml b/tests/integration/targets/openssl_csr_info/tasks/impl.yml index 0311d27c..2051b3ed 100644 --- a/tests/integration/targets/openssl_csr_info/tasks/impl.yml +++ b/tests/integration/targets/openssl_csr_info/tasks/impl.yml @@ -84,7 +84,10 @@ - name: "({{ select_crypto_backend }}) Compare output of direct and loaded info" assert: that: - - result == result_direct + - >- + (result | dict2items | rejectattr("key", "equalto", "warnings") | list | items2dict) + == + (result_direct | dict2items | rejectattr("key", "equalto", "warnings") | list | items2dict) - name: "({{ select_crypto_backend }}) Get CSR info" openssl_csr_info: diff --git a/tests/integration/targets/openssl_privatekey/tests/validate.yml b/tests/integration/targets/openssl_privatekey/tests/validate.yml index 4d92c254..6cae2195 100644 --- a/tests/integration/targets/openssl_privatekey/tests/validate.yml +++ b/tests/integration/targets/openssl_privatekey/tests/validate.yml @@ -80,7 +80,7 @@ - name: "({{ select_crypto_backend }}) Validate privatekey5 (assert - Passphrase protected key + idempotence)" assert: that: - - privatekey5.stdout == '{{ default_rsa_key_size }}' + - privatekey5.stdout == (default_rsa_key_size | string) when: openssl_version.stdout is version('0.9.8zh', '>=') - name: "({{ select_crypto_backend }}) Validate privatekey5 idempotence (assert - Passphrase protected key + idempotence)" @@ -97,7 +97,7 @@ - name: "({{ select_crypto_backend }}) Validate privatekey6 (assert - Passphrase protected key with non ascii character)" assert: that: - - privatekey6.stdout == '{{ default_rsa_key_size }}' + - privatekey6.stdout == (default_rsa_key_size | string) when: openssl_version.stdout is version('0.9.8zh', '>=') - name: "({{ select_crypto_backend }}) Validate ECC generation (dump with OpenSSL)" diff --git a/tests/integration/targets/openssl_privatekey_info/tasks/impl.yml b/tests/integration/targets/openssl_privatekey_info/tasks/impl.yml index 00c2320e..dfaad5b7 100644 --- a/tests/integration/targets/openssl_privatekey_info/tasks/impl.yml +++ b/tests/integration/targets/openssl_privatekey_info/tasks/impl.yml @@ -38,7 +38,10 @@ - name: ({{select_crypto_backend}}) Compare output of direct and loaded info assert: that: - - result == result_direct + - >- + (result | dict2items | rejectattr("key", "equalto", "warnings") | list | items2dict) + == + (result_direct | dict2items | rejectattr("key", "equalto", "warnings") | list | items2dict) - name: ({{select_crypto_backend}}) Get key 2 info openssl_privatekey_info: diff --git a/tests/integration/targets/openssl_publickey_info/tasks/impl.yml b/tests/integration/targets/openssl_publickey_info/tasks/impl.yml index 016f6375..3df236e0 100644 --- a/tests/integration/targets/openssl_publickey_info/tasks/impl.yml +++ b/tests/integration/targets/openssl_publickey_info/tasks/impl.yml @@ -36,7 +36,10 @@ - name: ({{select_crypto_backend}}) Compare output of direct and loaded info assert: that: - - result == result_direct + - >- + (result | dict2items | rejectattr("key", "equalto", "warnings") | list | items2dict) + == + (result_direct | dict2items | rejectattr("key", "equalto", "warnings") | list | items2dict) - name: ({{select_crypto_backend}}) Get key 2 info openssl_publickey_info: diff --git a/tests/integration/targets/openssl_signature/filter_plugins/helper.py b/tests/integration/targets/openssl_signature/filter_plugins/helper.py new file mode 100644 index 00000000..684ae6f4 --- /dev/null +++ b/tests/integration/targets/openssl_signature/filter_plugins/helper.py @@ -0,0 +1,27 @@ +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +import itertools + + +def openssl_signatures_combiner(list_of_dicts): + result = [] + for entry_dicts in itertools.product(*list_of_dicts): + entry = {} + for entry_dict in entry_dicts: + entry.update(entry_dict) + result.append(entry) + return result + + +class FilterModule: + ''' Jinja2 compat filters ''' + + def filters(self): + return { + 'openssl_signatures_combiner': openssl_signatures_combiner, + } diff --git a/tests/integration/targets/openssl_signature/meta/main.yml b/tests/integration/targets/openssl_signature/meta/main.yml index 54bf29e9..7c2b4240 100644 --- a/tests/integration/targets/openssl_signature/meta/main.yml +++ b/tests/integration/targets/openssl_signature/meta/main.yml @@ -6,3 +6,4 @@ dependencies: - setup_openssl - setup_remote_tmp_dir + - prepare_jinja2_compat diff --git a/tests/integration/targets/openssl_signature/tasks/main.yml b/tests/integration/targets/openssl_signature/tasks/main.yml index b6201269..d7b8245f 100644 --- a/tests/integration/targets/openssl_signature/tasks/main.yml +++ b/tests/integration/targets/openssl_signature/tasks/main.yml @@ -52,17 +52,7 @@ - name: Create all test combinations set_fact: - # Explanation: see https://serverfault.com/a/1004124 - all_tests: >- - [ - {% for b in backends %} - {% for kt in key_types %} - {% for kp in key_password %} - {{ b | combine (kt) | combine(kp) }}, - {% endfor %} - {% endfor %} - {% endfor %} - ] + all_tests: "{{ [backends, key_types, key_password] | openssl_signatures_combiner }}" - name: Generate private keys openssl_privatekey: diff --git a/tests/integration/targets/x509_certificate_info/tasks/impl.yml b/tests/integration/targets/x509_certificate_info/tasks/impl.yml index ed403151..77bca13d 100644 --- a/tests/integration/targets/x509_certificate_info/tasks/impl.yml +++ b/tests/integration/targets/x509_certificate_info/tasks/impl.yml @@ -116,7 +116,10 @@ - name: ({{select_crypto_backend}}) Compare output of direct and loaded info assert: that: - - result == result_direct + - >- + (result | dict2items | rejectattr("key", "equalto", "warnings") | list | items2dict) + == + (result_direct | dict2items | rejectattr("key", "equalto", "warnings") | list | items2dict) - name: ({{select_crypto_backend}}) Get certificate info x509_certificate_info: diff --git a/tests/unit/plugins/modules/utils.py b/tests/unit/plugins/modules/utils.py deleted file mode 100644 index a55a588a..00000000 --- a/tests/unit/plugins/modules/utils.py +++ /dev/null @@ -1,54 +0,0 @@ -# Copyright (c) Ansible Project -# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) -# SPDX-License-Identifier: GPL-3.0-or-later - -from __future__ import absolute_import, division, print_function -__metaclass__ = type - -import json - -from ansible_collections.community.crypto.tests.unit.compat import unittest -from ansible_collections.community.crypto.tests.unit.compat.mock import patch -from ansible.module_utils import basic -from ansible.module_utils.common.text.converters import to_bytes - - -def set_module_args(args): - if '_ansible_remote_tmp' not in args: - args['_ansible_remote_tmp'] = '/tmp' - if '_ansible_keep_remote_files' not in args: - args['_ansible_keep_remote_files'] = False - - args = json.dumps({'ANSIBLE_MODULE_ARGS': args}) - basic._ANSIBLE_ARGS = to_bytes(args) - - -class AnsibleExitJson(Exception): - pass - - -class AnsibleFailJson(Exception): - pass - - -def exit_json(*args, **kwargs): - if 'changed' not in kwargs: - kwargs['changed'] = False - raise AnsibleExitJson(kwargs) - - -def fail_json(*args, **kwargs): - kwargs['failed'] = True - raise AnsibleFailJson(kwargs) - - -class ModuleTestCase(unittest.TestCase): - - def setUp(self): - self.mock_module = patch.multiple(basic.AnsibleModule, exit_json=exit_json, fail_json=fail_json) - self.mock_module.start() - self.mock_sleep = patch('time.sleep') - self.mock_sleep.start() - set_module_args({}) - self.addCleanup(self.mock_module.stop) - self.addCleanup(self.mock_sleep.stop)