ansible/test/units/modules/source_control/test_gitlab_deploy_key.py

234 lines
7.8 KiB
Python
Raw Normal View History

# -*- coding: utf-8 -*-
# Copyright (c) 2018 Marcus Watkins <marwatk@marcuswatkins.net>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from units.compat.mock import patch
from ansible.modules.source_control import gitlab_deploy_key
from ansible.module_utils._text import to_bytes
from ansible.module_utils import basic
import pytest
import json
AnsiballZ improvements Now that we don't need to worry about python-2.4 and 2.5, we can make some improvements to the way AnsiballZ handles modules. * Change AnsiballZ wrapper to use import to invoke the module We need the module to think of itself as a script because it could be coded as: main() or as: if __name__ == '__main__': main() Or even as: if __name__ == '__main__': random_function_name() A script will invoke all of those. Prior to this change, we invoked a second Python interpreter on the module so that it really was a script. However, this means that we have to run python twice (once for the AnsiballZ wrapper and once for the module). This change makes the module think that it is a script (because __name__ in the module == '__main__') but it's actually being invoked by us importing the module code. There's three ways we've come up to do this. * The most elegant is to use zipimporter and tell the import mechanism that the module being loaded is __main__: * https://github.com/abadger/ansible/blob/5959f11c9ddb7b6eaa9c3214560bd85e631d4055/lib/ansible/executor/module_common.py#L175 * zipimporter is nice because we do not have to extract the module from the zip file and save it to the disk when we do that. The import machinery does it all for us. * The drawback is that modules do not have a __file__ which points to a real file when they do this. Modules could be using __file__ to for a variety of reasons, most of those probably have replacements (the most common one is to find a writable directory for temporary files. AnsibleModule.tmpdir should be used instead) We can monkeypatch __file__ in fom AnsibleModule initialization but that's kind of gross. There's no way I can see to do this from the wrapper. * Next, there's imp.load_module(): * https://github.com/abadger/ansible/blob/340edf7489/lib/ansible/executor/module_common.py#L151 * imp has the nice property of allowing us to set __name__ to __main__ without changing the name of the file itself * We also don't have to do anything special to set __file__ for backwards compatibility (although the reason for that is the drawback): * Its drawback is that it requires the file to exist on disk so we have to explicitly extract it from the zipfile and save it to a temporary file * The last choice is to use exec to execute the module: * https://github.com/abadger/ansible/blob/f47a4ccc76/lib/ansible/executor/module_common.py#L175 * The code we would have to maintain for this looks pretty clean. In the wrapper we create a ModuleType, set __file__ on it, read the module's contents in from the zip file and then exec it. * Drawbacks: We still have to explicitly extract the file's contents from the zip archive instead of letting python's import mechanism handle it. * Exec also has hidden performance issues and breaks certain assumptions that modules could be making about their own code: http://lucumr.pocoo.org/2011/2/1/exec-in-python/ Our plan is to use imp.load_module() for now, deprecate the use of __file__ in modules, and switch to zipimport once the deprecation period for __file__ is over (without monkeypatching a fake __file__ in via AnsibleModule). * Rename the name of the AnsiBallZ wrapped module This makes it obvious that the wrapped module isn't the module file that we distribute. It's part of trying to mitigate the fact that the module is now named __main)).py in tracebacks. * Shield all wrapper symbols inside of a function With the new import code, all symbols in the wrapper become visible in the module. To mitigate the chance of collisions, move most symbols into a toplevel function. The only symbols left in the global namespace are now _ANSIBALLZ_WRAPPER and _ansiballz_main. revised porting guide entry Integrate code coverage collection into AnsiballZ. ci_coverage ci_complete
2018-06-20 18:23:59 +00:00
from units.modules.utils import set_module_args
fake_server_state = [
{
"id": 1,
"title": "Public key",
"key": 'ssh-rsa long/+base64//+string==',
"created_at": "2013-10-02T10:12:29Z",
"can_push": False
},
]
class FakeReader:
def __init__(self, object):
self.content = json.dumps(object, sort_keys=True)
def read(self):
return self.content
class AnsibleExitJson(Exception):
"""Exception class to be raised by module.exit_json and caught by the test case"""
pass
class AnsibleFailJson(Exception):
"""Exception class to be raised by module.fail_json and caught by the test case"""
pass
def exit_json(*args, **kwargs):
"""function to patch over exit_json; package return data into an exception"""
if 'changed' not in kwargs:
kwargs['changed'] = False
raise AnsibleExitJson(kwargs)
def fail_json(*args, **kwargs):
"""function to patch over fail_json; package return data into an exception"""
kwargs['failed'] = True
raise AnsibleFailJson(kwargs)
@pytest.fixture
def fetch_url_mock(mocker):
return mocker.patch('ansible.module_utils.gitlab.fetch_url')
@pytest.fixture
def module_mock(mocker):
return mocker.patch.multiple(basic.AnsibleModule,
exit_json=exit_json,
fail_json=fail_json)
def test_access_token_output(capfd, fetch_url_mock, module_mock):
fetch_url_mock.return_value = [FakeReader(fake_server_state), {'status': 200}]
set_module_args({
'api_url': 'https://gitlab.example.com/api',
'access_token': 'test-access-token',
'project': '10',
'key': 'ssh-key foobar',
'title': 'a title',
'state': 'absent'
})
with pytest.raises(AnsibleExitJson) as result:
gitlab_deploy_key.main()
first_call = fetch_url_mock.call_args_list[0][1]
assert first_call['url'] == 'https://gitlab.example.com/api/v4/projects/10/deploy_keys'
assert first_call['headers']['Authorization'] == 'Bearer test-access-token'
assert 'Private-Token' not in first_call['headers']
assert first_call['method'] == 'GET'
def test_private_token_output(capfd, fetch_url_mock, module_mock):
fetch_url_mock.return_value = [FakeReader(fake_server_state), {'status': 200}]
set_module_args({
'api_url': 'https://gitlab.example.com/api',
'private_token': 'test-private-token',
'project': 'foo/bar',
'key': 'ssh-key foobar',
'title': 'a title',
'state': 'absent'
})
with pytest.raises(AnsibleExitJson) as result:
gitlab_deploy_key.main()
first_call = fetch_url_mock.call_args_list[0][1]
assert first_call['url'] == 'https://gitlab.example.com/api/v4/projects/foo%2Fbar/deploy_keys'
assert first_call['headers']['Private-Token'] == 'test-private-token'
assert 'Authorization' not in first_call['headers']
assert first_call['method'] == 'GET'
def test_bad_http_first_response(capfd, fetch_url_mock, module_mock):
fetch_url_mock.side_effect = [[FakeReader("Permission denied"), {'status': 403}], [FakeReader("Permission denied"), {'status': 403}]]
set_module_args({
'api_url': 'https://gitlab.example.com/api',
'access_token': 'test-access-token',
'project': '10',
'key': 'ssh-key foobar',
'title': 'a title',
'state': 'absent'
})
with pytest.raises(AnsibleFailJson):
gitlab_deploy_key.main()
def test_bad_http_second_response(capfd, fetch_url_mock, module_mock):
fetch_url_mock.side_effect = [[FakeReader(fake_server_state), {'status': 200}], [FakeReader("Permission denied"), {'status': 403}]]
set_module_args({
'api_url': 'https://gitlab.example.com/api',
'access_token': 'test-access-token',
'project': '10',
'key': 'ssh-key foobar',
'title': 'a title',
'state': 'present'
})
with pytest.raises(AnsibleFailJson):
gitlab_deploy_key.main()
def test_delete_non_existing(capfd, fetch_url_mock, module_mock):
fetch_url_mock.return_value = [FakeReader(fake_server_state), {'status': 200}]
set_module_args({
'api_url': 'https://gitlab.example.com/api',
'access_token': 'test-access-token',
'project': '10',
'key': 'ssh-key foobar',
'title': 'a title',
'state': 'absent'
})
with pytest.raises(AnsibleExitJson) as result:
gitlab_deploy_key.main()
assert result.value.args[0]['changed'] is False
def test_delete_existing(capfd, fetch_url_mock, module_mock):
fetch_url_mock.return_value = [FakeReader(fake_server_state), {'status': 200}]
set_module_args({
'api_url': 'https://gitlab.example.com/api',
'access_token': 'test-access-token',
'project': '10',
'key': 'ssh-rsa long/+base64//+string==',
'title': 'a title',
'state': 'absent'
})
with pytest.raises(AnsibleExitJson) as result:
gitlab_deploy_key.main()
second_call = fetch_url_mock.call_args_list[1][1]
assert second_call['url'] == 'https://gitlab.example.com/api/v4/projects/10/deploy_keys/1'
assert second_call['method'] == 'DELETE'
assert result.value.args[0]['changed'] is True
def test_add_new(capfd, fetch_url_mock, module_mock):
fetch_url_mock.return_value = [FakeReader(fake_server_state), {'status': 200}]
set_module_args({
'api_url': 'https://gitlab.example.com/api',
'access_token': 'test-access-token',
'project': '10',
'key': 'ssh-key foobar',
'title': 'a title',
'state': 'present'
})
with pytest.raises(AnsibleExitJson) as result:
gitlab_deploy_key.main()
second_call = fetch_url_mock.call_args_list[1][1]
assert second_call['url'] == 'https://gitlab.example.com/api/v4/projects/10/deploy_keys'
assert second_call['method'] == 'POST'
assert second_call['data'] == '{"can_push": false, "key": "ssh-key foobar", "title": "a title"}'
assert result.value.args[0]['changed'] is True
def test_update_existing(capfd, fetch_url_mock, module_mock):
fetch_url_mock.return_value = [FakeReader(fake_server_state), {'status': 200}]
set_module_args({
'api_url': 'https://gitlab.example.com/api',
'access_token': 'test-access-token',
'project': '10',
'title': 'Public key',
'key': 'ssh-rsa long/+base64//+string==',
'can_push': 'yes',
'state': 'present'
})
with pytest.raises(AnsibleExitJson) as result:
gitlab_deploy_key.main()
second_call = fetch_url_mock.call_args_list[1][1]
assert second_call['url'] == 'https://gitlab.example.com/api/v4/projects/10/deploy_keys/1'
assert second_call['method'] == 'PUT'
assert second_call['data'] == ('{"can_push": true, "key": "ssh-rsa long/+base64//+string==", "title": "Public key"}')
assert result.value.args[0]['changed'] is True
def test_unchanged_existing(capfd, fetch_url_mock, module_mock):
fetch_url_mock.return_value = [FakeReader(fake_server_state), {'status': 200}]
set_module_args({
'api_url': 'https://gitlab.example.com/api',
'access_token': 'test-access-token',
'project': '10',
'title': 'Public key',
'key': 'ssh-rsa long/+base64//+string==',
'can_push': 'no',
'state': 'present'
})
with pytest.raises(AnsibleExitJson) as result:
gitlab_deploy_key.main()
assert result.value.args[0]['changed'] is False
assert fetch_url_mock.call_count == 1