1--- 2- when: sops_installed 3 block: 4 5 - name: Test lookup with missing file 6 set_fact: 7 sops_file_does_not_exists: "{{ lookup('community.sops.sops', 'file-does-not-exists.sops.yml') }}" 8 ignore_errors: yes 9 register: sops_lookup_missing_file 10 11 - assert: 12 that: 13 - "sops_lookup_missing_file is failed" 14 - "'could not locate file in lookup: file-does-not-exists.sops.yml' in sops_lookup_missing_file.msg" 15 16 - name: Test lookup with missing file with empty_on_not_exist 17 set_fact: 18 sops_file_does_not_exists_empty: "{{ lookup('community.sops.sops', 'file-does-not-exists.sops.yml', empty_on_not_exist=true) }}" 19 register: sops_lookup_missing_file_empty_on_not_exist 20 21 - assert: 22 that: 23 - "sops_lookup_missing_file_empty_on_not_exist is success" 24 - "sops_file_does_not_exists_empty == ''" 25 26 - name: Test lookup of non-sops file 27 set_fact: 28 sops_wrong_file: "{{ lookup('community.sops.sops', 'wrong.yaml') }}" 29 ignore_errors: yes 30 register: sops_lookup_wrong_file 31 32 - assert: 33 that: 34 - "sops_lookup_wrong_file is failed" 35 - "'sops metadata not found' in sops_lookup_wrong_file.msg" 36 37 - name: Test simple lookup 38 set_fact: 39 sops_success: "{{ lookup('community.sops.sops', 'simple.sops.yaml') }}" 40 ignore_errors: yes 41 register: sops_lookup_simple 42 43 - assert: 44 that: 45 - "sops_lookup_simple is success" 46 - "sops_success == 'foo: bar'" 47 48 - name: Test rstrip 49 set_fact: 50 with_rstrip: "{{ lookup('community.sops.sops', 'rstrip.sops', rstrip=true) }}" 51 without_rstrip: "{{ lookup('community.sops.sops', 'rstrip.sops', rstrip=false) }}" 52 default_rstrip: "{{ lookup('community.sops.sops', 'rstrip.sops') }}" 53 54 - assert: 55 that: 56 - with_rstrip == 'This file has three newlines at the end.' 57 - without_rstrip == 'This file has three newlines at the end.\n\n\n' 58 - default_rstrip == 'This file has three newlines at the end.' 59 60 - name: Test binary 61 set_fact: 62 binary_with_rstrip: "{{ lookup('community.sops.sops', 'binary.sops', rstrip=true, base64=true) }}" 63 binary_without_rstrip: "{{ lookup('community.sops.sops', 'binary.sops', rstrip=false, base64=true) }}" 64 65 - assert: 66 that: 67 - binary_with_rstrip == 'AQIDAAQ=' 68 - binary_without_rstrip == 'AQIDAAQgCg==' 69 70 - name: Test hidden binary 71 set_fact: 72 hidden_binary: "{{ lookup('community.sops.sops', 'hidden-binary', output_type='binary') }}" 73 hidden_binary__json: "{{ lookup('community.sops.sops', 'hidden-binary.json', output_type='binary') }}" 74 hidden_binary__yaml: "{{ lookup('community.sops.sops', 'hidden-binary.yaml', output_type='binary') }}" 75 hidden_binary_yaml: "{{ lookup('community.sops.sops', 'hidden-binary-yaml', input_type='yaml', output_type='binary') }}" 76 hidden_binary_yaml__json: "{{ lookup('community.sops.sops', 'hidden-binary-yaml.json', input_type='yaml', output_type='binary') }}" 77 hidden_binary_yaml__yaml: "{{ lookup('community.sops.sops', 'hidden-binary-yaml.yaml', input_type='yaml', output_type='binary') }}" 78 hidden_json: "{{ lookup('community.sops.sops', 'hidden-json', input_type='json', output_type='json') }}" 79 hidden_json__json: "{{ lookup('community.sops.sops', 'hidden-json.json', input_type='json', output_type='json') }}" 80 hidden_json__yaml: "{{ lookup('community.sops.sops', 'hidden-json.yaml', input_type='json', output_type='json') }}" 81 hidden_yaml: "{{ lookup('community.sops.sops', 'hidden-yaml', input_type='yaml', output_type='yaml') }}" 82 hidden_yaml__json: "{{ lookup('community.sops.sops', 'hidden-yaml.json', input_type='yaml', output_type='yaml') }}" 83 hidden_yaml__yaml: "{{ lookup('community.sops.sops', 'hidden-yaml.yaml', input_type='yaml', output_type='yaml') }}" 84 hidden_json__as_yaml: "{{ lookup('community.sops.sops', 'hidden-json', input_type='json', output_type='yaml') }}" 85 hidden_json__json__as_yaml: "{{ lookup('community.sops.sops', 'hidden-json.json', input_type='json', output_type='yaml') }}" 86 hidden_json__yaml__as_yaml: "{{ lookup('community.sops.sops', 'hidden-json.yaml', input_type='json', output_type='yaml') }}" 87 hidden_yaml__as_json: "{{ lookup('community.sops.sops', 'hidden-yaml', input_type='yaml', output_type='json') }}" 88 hidden_yaml__json__as_json: "{{ lookup('community.sops.sops', 'hidden-yaml.json', input_type='yaml', output_type='json') }}" 89 hidden_yaml__yaml__as_json: "{{ lookup('community.sops.sops', 'hidden-yaml.yaml', input_type='yaml', output_type='json') }}" 90 91 - assert: 92 that: 93 - hidden_binary == test_str_abcd 94 - hidden_binary__json == test_str_abcd 95 - hidden_binary__yaml == test_str_abcd 96 - hidden_binary_yaml == test_str_binary_data 97 - hidden_binary_yaml__json == test_str_binary_data 98 - hidden_binary_yaml__yaml == test_str_binary_data 99 - hidden_json == test_dict 100 - hidden_json__json == test_dict 101 - hidden_json__yaml == test_dict 102 - hidden_yaml == test_dict_yaml 103 - hidden_yaml__json == test_dict_yaml 104 - hidden_yaml__yaml == test_dict_yaml 105 - hidden_json__as_yaml == test_dict_yaml 106 - hidden_json__json__as_yaml == test_dict_yaml 107 - hidden_json__yaml__as_yaml == test_dict_yaml 108 - hidden_yaml__as_json == test_dict 109 - hidden_yaml__json__as_json == test_dict 110 - hidden_yaml__yaml__as_json == test_dict 111 vars: 112 test_dict: 113 a: b 114 c: d 115 test_dict_yaml: 116 "a: b\nc: d" 117 test_str_binary_data: This is binary data. 118 test_str_abcd: a is b, and c is d 119 120 - name: Test fake sops binary (lookup parameters) 121 set_fact: 122 fake_sops_output: "{{ lookup('community.sops.sops', 'simple.sops.yaml', sops_binary=role_path ~ '/files/fake-sops.sh', enable_local_keyservice=True, aws_access_key_id='xxx') }}" 123 fake_sops_output_2: "{{ lookup('community.sops.sops', 'simple.sops.yaml', sops_binary=role_path ~ '/files/fake-sops-val.sh', config_path='/path/to/asdf', aws_secret_access_key='yyy') }}" 124 fake_sops_output_3: "{{ lookup('community.sops.sops', 'simple.sops.yaml', sops_binary=role_path ~ '/files/fake-sops-rep.sh', keyservice=['a', 'b'], aws_session_token='zzz') }}" 125 126 - assert: 127 that: 128 - fake_sops_output == 'fake sops output' 129 - fake_sops_output_2 == 'fake sops output 2' 130 - fake_sops_output_3 == 'fake sops output 3' 131 132 - name: Work around Ansible bug for next test 133 # https://github.com/ansible/ansible/issues/73268 134 set_fact: 135 sops_binary: "{{ role_path }}/files/fake-sops.sh" 136 - name: Test fake sops binary (Ansible variables, 1/3) 137 set_fact: 138 fake_sops_output: "{{ lookup('community.sops.sops', 'simple.sops.yaml') }}" 139 vars: 140 # sops_binary: "{{ role_path }}/files/fake-sops.sh" 141 sops_enable_local_keyservice: true 142 sops_aws_access_key_id: xxx 143 144 - name: Work around Ansible bug for next test 145 # https://github.com/ansible/ansible/issues/73268 146 set_fact: 147 sops_binary: "{{ role_path }}/files/fake-sops-val.sh" 148 - name: Test fake sops binary (Ansible variables, 2/3) 149 set_fact: 150 fake_sops_output_2: "{{ lookup('community.sops.sops', 'simple.sops.yaml') }}" 151 vars: 152 # sops_binary: "{{ role_path }}/files/fake-sops-val.sh" 153 sops_config_path: /path/to/asdf 154 sops_aws_secret_access_key: yyy 155 156 - name: Work around Ansible bug for next test 157 # https://github.com/ansible/ansible/issues/73268 158 set_fact: 159 sops_binary: "{{ role_path }}/files/fake-sops-rep.sh" 160 - name: Test fake sops binary (Ansible variables, 3/3) 161 set_fact: 162 fake_sops_output_3: "{{ lookup('community.sops.sops', 'simple.sops.yaml') }}" 163 vars: 164 # sops_binary: "{{ role_path }}/files/fake-sops-rep.sh" 165 sops_keyservice: 166 - a 167 - b 168 sops_session_token: zzz 169 170 - assert: 171 that: 172 - fake_sops_output == 'fake sops output' 173 - fake_sops_output_2 == 'fake sops output 2' 174 - fake_sops_output_3 == 'fake sops output 3' 175