Ensure that *everything* is typed in community.crypto (#917)

* Ensure that *everything* is typed in community.crypto.

* Fix comment.

* Ignore type definitions/imports and AssertionErrors for code coverage.

tests/unit/plugins/module_utils/_acme/backend_data.py

@@ -21,10 +21,20 @@ from ..test__time import TIMEZONES, cartesian_product
 
 
 if t.TYPE_CHECKING:
-    from ansible_collections.community.crypto.plugins.module_utils._acme.backends import (
+    from ansible_collections.community.crypto.plugins.module_utils._acme.backends import (  # pragma: no cover
         Criterium,
     )
 
+    class DatetimeKwarg(t.TypedDict):  # pragma: no cover
+        year: int
+        month: int
+        day: int
+        hour: t.NotRequired[int]
+        minute: t.NotRequired[int]
+        second: t.NotRequired[int]
+        microsecond: t.NotRequired[int]
+        tzinfo: t.NotRequired[datetime.timezone | None]
+
 
 def load_fixture(name: str) -> str:
     with open(
@@ -133,7 +143,7 @@ TEST_CERT_INFO: list[tuple[str, CertificateInformation, str]] = [
 ]
 
 
-TEST_PARSE_ACME_TIMESTAMP: list[tuple[datetime.timedelta, str, dict[str, int]]] = (
+TEST_PARSE_ACME_TIMESTAMP: list[tuple[datetime.timedelta, str, DatetimeKwarg]] = (
     cartesian_product(
         TIMEZONES,
         [
@@ -201,7 +211,7 @@ TEST_PARSE_ACME_TIMESTAMP: list[tuple[datetime.timedelta, str, dict[str, int]]]
 
 
 TEST_INTERPOLATE_TIMESTAMP: list[
-    tuple[datetime.timedelta, dict[str, int], dict[str, int], float, dict[str, int]]
+    tuple[datetime.timedelta, DatetimeKwarg, DatetimeKwarg, float, DatetimeKwarg]
 ] = cartesian_product(
     TIMEZONES,
     [
@@ -233,17 +243,17 @@ class FakeBackend(CryptoBackend):
         *,
         key_file: str | os.PathLike | None = None,
         key_content: str | None = None,
-        passphrase=None,
+        passphrase: str | None = None,
     ) -> t.NoReturn:
-        raise BackendException("Not implemented in fake backend")
+        raise BackendException("Not implemented in fake backend")  # pragma: no cover
 
     def sign(
         self, *, payload64: str, protected64: str, key_data: dict[str, t.Any] | None
     ) -> t.NoReturn:
-        raise BackendException("Not implemented in fake backend")
+        raise BackendException("Not implemented in fake backend")  # pragma: no cover
 
     def create_mac_key(self, *, alg: str, key: str) -> t.NoReturn:
-        raise BackendException("Not implemented in fake backend")
+        raise BackendException("Not implemented in fake backend")  # pragma: no cover
 
     def get_ordered_csr_identifiers(
         self,
@@ -251,7 +261,7 @@ class FakeBackend(CryptoBackend):
         csr_filename: str | os.PathLike | None = None,
         csr_content: str | bytes | None = None,
     ) -> t.NoReturn:
-        raise BackendException("Not implemented in fake backend")
+        raise BackendException("Not implemented in fake backend")  # pragma: no cover
 
     def get_csr_identifiers(
         self,
@@ -259,7 +269,7 @@ class FakeBackend(CryptoBackend):
         csr_filename: str | os.PathLike | None = None,
         csr_content: str | bytes | None = None,
     ) -> t.NoReturn:
-        raise BackendException("Not implemented in fake backend")
+        raise BackendException("Not implemented in fake backend")  # pragma: no cover
 
     def get_cert_days(
         self,
@@ -268,10 +278,10 @@ class FakeBackend(CryptoBackend):
         cert_content: str | bytes | None = None,
         now: datetime.datetime | None = None,
     ) -> t.NoReturn:
-        raise BackendException("Not implemented in fake backend")
+        raise BackendException("Not implemented in fake backend")  # pragma: no cover
 
     def create_chain_matcher(self, *, criterium: Criterium) -> t.NoReturn:
-        raise BackendException("Not implemented in fake backend")
+        raise BackendException("Not implemented in fake backend")  # pragma: no cover
 
     def get_cert_information(
         self,
@@ -279,4 +289,4 @@ class FakeBackend(CryptoBackend):
         cert_filename: str | os.PathLike | None = None,
         cert_content: str | bytes | None = None,
     ) -> t.NoReturn:
-        raise BackendException("Not implemented in fake backend")
+        raise BackendException("Not implemented in fake backend")  # pragma: no cover

tests/unit/plugins/module_utils/_acme/test_backend_cryptography.py

@@ -5,6 +5,7 @@
 from __future__ import annotations
 
 import datetime
+import pathlib
 import typing as t
 from unittest.mock import (
     MagicMock,
@@ -37,10 +38,12 @@ from .backend_data import (
 
 
 if t.TYPE_CHECKING:
-    from ansible_collections.community.crypto.plugins.module_utils._acme.backends import (
+    from ansible_collections.community.crypto.plugins.module_utils._acme.backends import (  # pragma: no cover
         CertificateInformation,
     )
 
+    from .backend_data import DatetimeKwarg  # pragma: no cover
+
 
 if not HAS_CURRENT_CRYPTOGRAPHY:
     pytest.skip("cryptography not found")
@@ -48,10 +51,10 @@ if not HAS_CURRENT_CRYPTOGRAPHY:
 
 @pytest.mark.parametrize("pem, result, dummy", TEST_KEYS)
 def test_eckeyparse_cryptography(
-    pem: str, result: dict[str, t.Any], dummy: str, tmpdir
+    pem: str, result: dict[str, t.Any], dummy: str, tmp_path: pathlib.Path
 ) -> None:
-    fn = tmpdir / "test.pem"
-    fn.write(pem)
+    fn = tmp_path / "test.pem"
+    fn.write_text(pem)
     module = MagicMock()
     backend = CryptographyBackend(module=module)
     key = backend.parse_key(key_file=str(fn))
@@ -64,10 +67,10 @@ def test_eckeyparse_cryptography(
 
 @pytest.mark.parametrize("csr, result, openssl_output", TEST_CSRS)
 def test_csridentifiers_cryptography(
-    csr: str, result: set[tuple[str, str]], openssl_output: str, tmpdir
+    csr: str, result: set[tuple[str, str]], openssl_output: str, tmp_path: pathlib.Path
 ) -> None:
-    fn = tmpdir / "test.csr"
-    fn.write(csr)
+    fn = tmp_path / "test.csr"
+    fn.write_text(csr)
     module = MagicMock()
     backend = CryptographyBackend(module=module)
     identifiers = backend.get_csr_identifiers(csr_filename=str(fn))
@@ -78,11 +81,14 @@ def test_csridentifiers_cryptography(
 
 @pytest.mark.parametrize("timezone, now, expected_days", TEST_CERT_DAYS)
 def test_certdays_cryptography(
-    timezone: datetime.timedelta, now: datetime.datetime, expected_days: int, tmpdir
+    timezone: datetime.timedelta,
+    now: datetime.datetime,
+    expected_days: int,
+    tmp_path: pathlib.Path,
 ) -> None:
     with freeze_time("2024-02-03 04:05:06", tz_offset=timezone):
-        fn = tmpdir / "test-cert.pem"
-        fn.write(TEST_CERT)
+        fn = tmp_path / "test-cert.pem"
+        fn.write_text(TEST_CERT)
         module = MagicMock()
         backend = CryptographyBackend(module=module)
         days = backend.get_cert_days(cert_filename=str(fn), now=now)
@@ -98,10 +104,10 @@ def test_get_cert_information(
     cert_content: str,
     expected_cert_info: CertificateInformation,
     openssl_output: str,
-    tmpdir,
+    tmp_path: pathlib.Path,
 ) -> None:
-    fn = tmpdir / "test-cert.pem"
-    fn.write(cert_content)
+    fn = tmp_path / "test-cert.pem"
+    fn.write_text(cert_content)
     module = MagicMock()
     backend = CryptographyBackend(module=module)
 
@@ -138,7 +144,7 @@ def test_now(timezone: datetime.timedelta) -> None:
 
 @pytest.mark.parametrize("timezone, timestamp_str, expected", TEST_PARSE_ACME_TIMESTAMP)
 def test_parse_acme_timestamp(
-    timezone: datetime.timedelta, timestamp_str: str, expected: dict[str, int]
+    timezone: datetime.timedelta, timestamp_str: str, expected: DatetimeKwarg
 ) -> None:
     with freeze_time("2024-02-03 04:05:06 +00:00", tz_offset=timezone):
         module = MagicMock()
@@ -153,10 +159,10 @@ def test_parse_acme_timestamp(
 )
 def test_interpolate_timestamp(
     timezone: datetime.timedelta,
-    start: dict[str, int],
-    end: dict[str, int],
+    start: DatetimeKwarg,
+    end: DatetimeKwarg,
     percentage: float,
-    expected: dict[str, int],
+    expected: DatetimeKwarg,
 ) -> None:
     with freeze_time("2024-02-03 04:05:06", tz_offset=timezone):
         module = MagicMock()

tests/unit/plugins/module_utils/_acme/test_backend_openssl_cli.py

@@ -5,6 +5,7 @@
 from __future__ import annotations
 
 import datetime
+import pathlib
 import typing as t
 from unittest.mock import (
     MagicMock,
@@ -33,10 +34,12 @@ from .backend_data import (
 
 
 if t.TYPE_CHECKING:
-    from ansible_collections.community.crypto.plugins.module_utils._acme.backends import (
+    from ansible_collections.community.crypto.plugins.module_utils._acme.backends import (  # pragma: no cover
         CertificateInformation,
     )
 
+    from .backend_data import DatetimeKwarg  # pragma: no cover
+
 
 # from ..test_time import TIMEZONES
 
@@ -55,10 +58,10 @@ TEST_IPS = [
 
 @pytest.mark.parametrize("pem, result, openssl_output", TEST_KEYS)
 def test_eckeyparse_openssl(
-    pem: str, result: dict[str, t.Any], openssl_output: str, tmpdir
+    pem: str, result: dict[str, t.Any], openssl_output: str, tmp_path: pathlib.Path
 ) -> None:
-    fn = tmpdir / "test.key"
-    fn.write(pem)
+    fn = tmp_path / "test.key"
+    fn.write_text(pem)
     module = MagicMock()
     module.run_command = MagicMock(return_value=(0, openssl_output, 0))
     backend = OpenSSLCLIBackend(module=module, openssl_binary="openssl")
@@ -69,10 +72,10 @@ def test_eckeyparse_openssl(
 
 @pytest.mark.parametrize("csr, result, openssl_output", TEST_CSRS)
 def test_csridentifiers_openssl(
-    csr: str, result: set[tuple[str, str]], openssl_output: str, tmpdir
+    csr: str, result: set[tuple[str, str]], openssl_output: str, tmp_path: pathlib.Path
 ) -> None:
-    fn = tmpdir / "test.csr"
-    fn.write(csr)
+    fn = tmp_path / "test.csr"
+    fn.write_text(csr)
     module = MagicMock()
     module.run_command = MagicMock(return_value=(0, openssl_output, 0))
     backend = OpenSSLCLIBackend(module=module, openssl_binary="openssl")
@@ -89,11 +92,14 @@ def test_normalize_ip(ip: str, result: str) -> None:
 
 @pytest.mark.parametrize("timezone, now, expected_days", TEST_CERT_DAYS)
 def test_certdays_cryptography(
-    timezone: datetime.timedelta, now: datetime.datetime, expected_days: int, tmpdir
+    timezone: datetime.timedelta,
+    now: datetime.datetime,
+    expected_days: int,
+    tmp_path: pathlib.Path,
 ) -> None:
     with freeze_time("2024-02-03 04:05:06", tz_offset=timezone):
-        fn = tmpdir / "test-cert.pem"
-        fn.write(TEST_CERT)
+        fn = tmp_path / "test-cert.pem"
+        fn.write_text(TEST_CERT)
         module = MagicMock()
         module.run_command = MagicMock(return_value=(0, TEST_CERT_OPENSSL_OUTPUT, 0))
         backend = OpenSSLCLIBackend(module=module, openssl_binary="openssl")
@@ -110,10 +116,10 @@ def test_get_cert_information(
     cert_content: str,
     expected_cert_info: CertificateInformation,
     openssl_output: str,
-    tmpdir,
+    tmp_path: pathlib.Path,
 ) -> None:
-    fn = tmpdir / "test-cert.pem"
-    fn.write(cert_content)
+    fn = tmp_path / "test-cert.pem"
+    fn.write_text(cert_content)
     module = MagicMock()
     module.run_command = MagicMock(return_value=(0, openssl_output, 0))
     backend = OpenSSLCLIBackend(module=module, openssl_binary="openssl")
@@ -144,7 +150,7 @@ def test_now(timezone: datetime.timedelta) -> None:
 
 @pytest.mark.parametrize("timezone, timestamp_str, expected", TEST_PARSE_ACME_TIMESTAMP)
 def test_parse_acme_timestamp(
-    timezone: datetime.timedelta, timestamp_str: str, expected: dict[str, int]
+    timezone: datetime.timedelta, timestamp_str: str, expected: DatetimeKwarg
 ) -> None:
     with freeze_time("2024-02-03 04:05:06", tz_offset=timezone):
         module = MagicMock()
@@ -159,10 +165,10 @@ def test_parse_acme_timestamp(
 )
 def test_interpolate_timestamp(
     timezone: datetime.timedelta,
-    start: dict[str, int],
-    end: dict[str, int],
+    start: DatetimeKwarg,
+    end: DatetimeKwarg,
     percentage: float,
-    expected: dict[str, int],
+    expected: DatetimeKwarg,
 ) -> None:
     with freeze_time("2024-02-03 04:05:06", tz_offset=timezone):
         module = MagicMock()

tests/unit/plugins/module_utils/_acme/test_io.py

@@ -4,6 +4,7 @@
 
 from __future__ import annotations
 
+import pathlib
 from unittest.mock import (
     MagicMock,
 )
@@ -18,14 +19,14 @@ TEST_TEXT = r"""1234
 5678"""
 
 
-def test_read_file(tmpdir) -> None:
-    fn = tmpdir / "test.txt"
-    fn.write(TEST_TEXT)
+def test_read_file(tmp_path: pathlib.Path) -> None:
+    fn = tmp_path / "test.txt"
+    fn.write_text(TEST_TEXT)
     assert read_file(str(fn)) == TEST_TEXT.encode("utf-8")
 
 
-def test_write_file(tmpdir) -> None:
-    fn = tmpdir / "test.txt"
+def test_write_file(tmp_path: pathlib.Path) -> None:
+    fn = tmp_path / "test.txt"
     module = MagicMock()
     write_file(module=module, dest=str(fn), content=TEST_TEXT.encode("utf-8"))
-    assert fn.read() == TEST_TEXT
+    assert fn.read_text() == TEST_TEXT

tests/unit/plugins/module_utils/_acme/test_utils.py

@@ -5,6 +5,7 @@
 from __future__ import annotations
 
 import datetime
+import pathlib
 import typing as t
 
 import pytest
@@ -100,9 +101,9 @@ def test_nopad_b64(value: str, result: str) -> None:
 
 
 @pytest.mark.parametrize("pem, der", TEST_PEM_DERS)
-def test_pem_to_der(pem: str, der: bytes, tmpdir):
-    fn = tmpdir / "test.pem"
-    fn.write(pem)
+def test_pem_to_der(pem: str, der: bytes, tmp_path: pathlib.Path) -> None:
+    fn = tmp_path / "test.pem"
+    fn.write_text(pem)
     assert pem_to_der(pem_filename=str(fn)) == der
     assert pem_to_der(pem_content=pem) == der
 
@@ -111,9 +112,9 @@ def test_pem_to_der(pem: str, der: bytes, tmpdir):
 def test_process_links(
     value: dict[str, t.Any], expected_result: list[tuple[str, str]]
 ) -> None:
-    data = []
+    data: list[tuple[str, str]] = []
 
-    def callback(url, rel):
+    def callback(url: str, rel: str) -> None:
         data.append((url, rel))
 
     process_links(info=value, callback=callback)

tests/unit/plugins/module_utils/_crypto/test_asn1.py

@@ -5,6 +5,7 @@
 from __future__ import annotations
 
 import base64
+import pathlib
 import re
 import subprocess
 
@@ -104,7 +105,7 @@ def test_serialize_asn1_string_as_der_invalid_type() -> None:
 
 @pytest.mark.skip()  # This is to just to build the test case assertions and shouldn't run normally.
 @pytest.mark.parametrize("value, expected", TEST_CASES)
-def test_test_cases(value: str, expected: bytes, tmp_path) -> None:
+def test_test_cases(value: str, expected: bytes, tmp_path: pathlib.Path) -> None:
     test_file = tmp_path / "test.der"
     subprocess.run(
         ["openssl", "asn1parse", "-genstr", value, "-noout", "-out", test_file],

tests/unit/plugins/module_utils/_crypto/test_cryptography_support.py

@@ -254,6 +254,6 @@ def test_parse_dn(name: bytes, expected: list[NameAttribute]) -> None:
         ),
     ],
 )
-def test_parse_dn_failure(name: bytes, message: str):
+def test_parse_dn_failure(name: bytes, message: str) -> None:
     with pytest.raises(OpenSSLObjectError, match=f"^{re.escape(message)}$"):
         _parse_dn(name)

tests/unit/plugins/module_utils/_crypto/test_pem.py

@@ -60,7 +60,7 @@ def test_pem_handling(
     pems: list[str],
     is_pem: bool,
     private_key_type: t.Literal["raw", "pkcs1", "pkcs8", "unknown-pem"],
-):
+) -> None:
     assert identify_pem_format(data) == is_pem
     assert identify_private_key_format(data) == private_key_type
     try:

tests/unit/plugins/module_utils/_openssh/test_certificate.py

@@ -4,6 +4,8 @@
 
 from __future__ import annotations
 
+import pathlib
+
 import pytest
 from ansible_collections.community.crypto.plugins.module_utils._openssh.certificate import (
     OpensshCertificate,
@@ -303,9 +305,9 @@ INVALID_OPTIONS: list[str | list] = [
 ]
 
 
-def test_rsa_certificate(tmpdir) -> None:
-    cert_file = tmpdir / "id_rsa-cert.pub"
-    cert_file.write(RSA_CERT_SIGNED_BY_DSA, mode="wb")
+def test_rsa_certificate(tmp_path: pathlib.Path) -> None:
+    cert_file = tmp_path / "id_rsa-cert.pub"
+    cert_file.write_bytes(RSA_CERT_SIGNED_BY_DSA)
 
     cert = OpensshCertificate.load(str(cert_file))
     assert cert.key_id == "test"
@@ -315,9 +317,9 @@ def test_rsa_certificate(tmpdir) -> None:
     assert cert.signing_key == DSA_FINGERPRINT
 
 
-def test_dsa_certificate(tmpdir) -> None:
-    cert_file = tmpdir / "id_dsa-cert.pub"
-    cert_file.write(DSA_CERT_SIGNED_BY_ECDSA_NO_OPTS)
+def test_dsa_certificate(tmp_path: pathlib.Path) -> None:
+    cert_file = tmp_path / "id_dsa-cert.pub"
+    cert_file.write_bytes(DSA_CERT_SIGNED_BY_ECDSA_NO_OPTS)
 
     cert = OpensshCertificate.load(str(cert_file))
 
@@ -328,9 +330,9 @@ def test_dsa_certificate(tmpdir) -> None:
     assert cert.extensions == []
 
 
-def test_ecdsa_certificate(tmpdir) -> None:
-    cert_file = tmpdir / "id_ecdsa-cert.pub"
-    cert_file.write(ECDSA_CERT_SIGNED_BY_ED25519_VALID_OPTS)
+def test_ecdsa_certificate(tmp_path: pathlib.Path) -> None:
+    cert_file = tmp_path / "id_ecdsa-cert.pub"
+    cert_file.write_bytes(ECDSA_CERT_SIGNED_BY_ED25519_VALID_OPTS)
 
     cert = OpensshCertificate.load(str(cert_file))
     assert cert.type_string == "ecdsa-sha2-nistp256-cert-v01@openssh.com"
@@ -340,9 +342,9 @@ def test_ecdsa_certificate(tmpdir) -> None:
     assert cert.extensions == VALID_EXTENSIONS
 
 
-def test_ed25519_certificate(tmpdir) -> None:
-    cert_file = tmpdir / "id_ed25519-cert.pub"
-    cert_file.write(ED25519_CERT_SIGNED_BY_RSA_INVALID_OPTS)
+def test_ed25519_certificate(tmp_path: pathlib.Path) -> None:
+    cert_file = tmp_path / "id_ed25519-cert.pub"
+    cert_file.write_bytes(ED25519_CERT_SIGNED_BY_RSA_INVALID_OPTS)
 
     cert = OpensshCertificate.load(str(cert_file))
     assert cert.type_string == "ssh-ed25519-cert-v01@openssh.com"
@@ -352,10 +354,10 @@ def test_ed25519_certificate(tmpdir) -> None:
     assert cert.extensions == INVALID_EXTENSIONS
 
 
-def test_invalid_data(tmpdir) -> None:
+def test_invalid_data(tmp_path: pathlib.Path) -> None:
     result = False
-    cert_file = tmpdir / "invalid-cert.pub"
-    cert_file.write(INVALID_DATA)
+    cert_file = tmp_path / "invalid-cert.pub"
+    cert_file.write_bytes(INVALID_DATA)
 
     try:
         OpensshCertificate.load(str(cert_file))

tests/unit/plugins/module_utils/_openssh/test_cryptography.py

@@ -25,7 +25,7 @@ from ansible_collections.community.crypto.plugins.module_utils._openssh.cryptogr
 
 
 if t.TYPE_CHECKING:
-    from ansible_collections.community.crypto.plugins.module_utils._openssh.cryptography import (
+    from ansible_collections.community.crypto.plugins.module_utils._openssh.cryptography import (  # pragma: no cover
         KeyType,
     )
 

tests/unit/plugins/module_utils/test__time.py

@@ -31,8 +31,8 @@ TIMEZONES = [
 
 
 if t.TYPE_CHECKING:
-    _S = t.TypeVar("_S")
-    _Ts = t.TypeVarTuple("_Ts")
+    _S = t.TypeVar("_S")  # pragma: no cover
+    _Ts = t.TypeVarTuple("_Ts")  # pragma: no cover
 
 
 def cartesian_product(

tests/unit/plugins/modules/test_luks_device.py

@@ -12,20 +12,20 @@ from ansible_collections.community.crypto.plugins.modules import luks_device
 
 class DummyModule:
     # module to mock AnsibleModule class
-    def __init__(self):
-        self.params = {}
+    def __init__(self) -> None:
+        self.params: dict[str, t.Any] = {}
 
-    def fail_json(self, msg=""):
+    def fail_json(self, msg: str = "") -> t.NoReturn:
         raise ValueError(msg)
 
-    def get_bin_path(self, command, dummy):
+    def get_bin_path(self, command: str, dummy: bool) -> str | None:
         return command
 
 
 # ===== Handler & CryptHandler methods tests =====
 
 
-def test_generate_luks_name(monkeypatch) -> None:
+def test_generate_luks_name(monkeypatch: pytest.MonkeyPatch) -> None:
     module = DummyModule()
     module.params["passphrase_encoding"] = "text"
     monkeypatch.setattr(
@@ -35,7 +35,7 @@ def test_generate_luks_name(monkeypatch) -> None:
     assert crypt.generate_luks_name("/dev/dummy") == "luks-UUID"
 
 
-def test_get_container_name_by_device(monkeypatch) -> None:
+def test_get_container_name_by_device(monkeypatch: pytest.MonkeyPatch) -> None:
     module = DummyModule()
     module.params["passphrase_encoding"] = "text"
     monkeypatch.setattr(
@@ -47,7 +47,7 @@ def test_get_container_name_by_device(monkeypatch) -> None:
     assert crypt.get_container_name_by_device("/dev/dummy") == "container_name"
 
 
-def test_get_container_device_by_name(monkeypatch) -> None:
+def test_get_container_device_by_name(monkeypatch: pytest.MonkeyPatch) -> None:
     module = DummyModule()
     module.params["passphrase_encoding"] = "text"
     monkeypatch.setattr(
@@ -59,8 +59,10 @@ def test_get_container_device_by_name(monkeypatch) -> None:
     assert crypt.get_container_device_by_name("dummy") == "/dev/luksdevice"
 
 
-def test_run_luks_remove(monkeypatch) -> None:
-    def run_command_check(self, command: list[str]) -> tuple[int, str, str]:
+def test_run_luks_remove(monkeypatch: pytest.MonkeyPatch) -> None:
+    def run_command_check(
+        self: luks_device.Handler, command: list[str]
+    ) -> tuple[int, str, str]:
         # check that wipefs command is actually called
         assert command[0] == "wipefs"
         return 0, "", ""
@@ -249,7 +251,7 @@ def test_luks_create(
     cipher: str | None,
     hash_: str | None,
     expected: bool | t.Literal["exception"],
-    monkeypatch,
+    monkeypatch: pytest.MonkeyPatch,
 ) -> None:
     module = DummyModule()
 
@@ -286,7 +288,7 @@ def test_luks_remove(
     state: t.Literal["present", "absent", "opened", "closed"],
     is_luks: bool,
     expected: bool | t.Literal["exception"],
-    monkeypatch,
+    monkeypatch: pytest.MonkeyPatch,
 ) -> None:
     module = DummyModule()
 
@@ -315,7 +317,7 @@ def test_luks_open(
     name: str | None,
     name_by_dev: str | None,
     expected: bool | t.Literal["exception"],
-    monkeypatch,
+    monkeypatch: pytest.MonkeyPatch,
 ) -> None:
     module = DummyModule()
     module.params["device"] = device
@@ -356,7 +358,7 @@ def test_luks_close(
     state: t.Literal["present", "absent", "opened", "closed"],
     label: str | None,
     expected: bool | t.Literal["exception"],
-    monkeypatch,
+    monkeypatch: pytest.MonkeyPatch,
 ) -> None:
     module = DummyModule()
     module.params["device"] = device
@@ -397,7 +399,7 @@ def test_luks_add_key(
     state: t.Literal["present", "absent", "opened", "closed"],
     label: str | None,
     expected: bool | t.Literal["exception"],
-    monkeypatch,
+    monkeypatch: pytest.MonkeyPatch,
 ) -> None:
     module = DummyModule()
     module.params["device"] = device
@@ -438,7 +440,7 @@ def test_luks_remove_key(
     state: t.Literal["present", "absent", "opened", "closed"],
     label: str | None,
     expected: bool | t.Literal["exception"],
-    monkeypatch,
+    monkeypatch: pytest.MonkeyPatch,
 ) -> None:
     module = DummyModule()
     module.params["device"] = device