Merge pull request #23 from mbaldessari/v1-from-main

v1 from main

.github/workflows/jsonschema.yaml

@@ -0,0 +1,31 @@
+---
+name: Verify json schema
+
+on: [push, pull_request]
+
+jobs:
+  jsonschema_tests:
+    name: Json Schema tests
+    strategy:
+      matrix:
+        python-version: [3.11.3]
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install check-jsonschema
+
+      - name: Verify secrets json schema
+        run: |
+          set -e
+          for i in values-secret-v2-base values-secret-v2-generic-onlygenerate values-secret-v2-block-yamlstring; do echo "$i"; check-jsonschema --fill-defaults --schemafile ./roles/vault_utils/values-secrets.v2.schema.json "tests/unit/v2/$i.yaml"; done

Makefile

@@ -43,3 +43,8 @@ ansible-unittest: ## run ansible unit tests
 
 .PHONY: test
 test: ansible-sanitytest ansible-unittest
+
+.PHONY: check-jsonschema
+check-jsonschema: ## Runs check-jsonschema against all unit test files except known broken ones
+	set -e; \
+	for i in values-secret-v2-base values-secret-v2-generic-onlygenerate values-secret-v2-block-yamlstring; do echo "$$i"; check-jsonschema --schemafile ./roles/vault_utils/values-secrets.v2.schema.json "tests/unit/v2/$$i.yaml"; done

README.md

@@ -1,4 +1,4 @@
-# Ansible Collection - rhvp.cluser_utils
+# Ansible Collection - rhvp.cluster_utils
 
 This collection represents the collected Ansible code from the Validated Patterns framework common repository.
 

galaxy.yml

@@ -8,7 +8,7 @@ namespace: rhvp
 name: cluster_utils
 
 # The version of the collection. Must be compatible with semantic versioning
-version: 1.0.1
+version: 1.0.2
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md

plugins/module_utils/parse_secrets_v2.py

@@ -96,7 +96,11 @@ def _get_vault_policies(self, enable_default_vp_policies=True):
         return policies
 
     def _get_secrets(self):
-        return self.syaml.get("secrets", {})
+        secrets = self.syaml.get("secrets", [])
+        # We check for "None" here because the yaml file is currently
+        # filtered thru' from_yaml in module
+        # We also check for None here to cover when there is no jinja filter is used (unit tests)
+        return [] if secrets == "None" or secrets is None else secrets
 
     def _get_field_on_missing_value(self, f):
         # By default if 'onMissingValue' is missing we assume we need to
@@ -194,6 +198,11 @@ def parse(self):
         secrets = self._get_secrets()
 
         total_secrets = 0  # Counter for all the secrets uploaded
+
+        if len(secrets) == 0:
+            self.module.warn("No secrets were parsed")
+            return total_secrets
+
         for s in secrets:
             total_secrets += 1
             counter = 0  # This counter is to use kv put on first secret and kv patch on latter
@@ -323,7 +332,8 @@ def _validate_secrets(self):
         backing_store = self._get_backingstore()
         secrets = self._get_secrets()
         if len(secrets) == 0:
-            self.module.fail_json("No secrets found")
+            self.module.warn("No secrets found")
+            return (True, "")
 
         names = []
         for s in secrets:

roles/vault_utils/values-secrets.v2.schema.json

@@ -276,12 +276,12 @@
          "base64": {
            "type": "boolean",
            "description": "Before uploading the secret the content is base-64 encoded. It is recommended to set this to true when dealing with files",
-           "default": "false"
+           "default": false
          },
          "override": {
            "type": "boolean",
            "description": "When onMissingValue is set to 'generate' and the secret already exists in the vault update it",
-           "default": "false"
+           "default": false
          }
       },
       "dependentRequired": {

tests/unit/test_parse_secrets.py

@@ -930,6 +930,48 @@ def test_ensure_generate_errors_on_none_generate(self, getpass):
             == "You cannot have onMissingValue set to 'generate' unless using vault backingstore for secret config-demo field secret"  # noqa: E501
         )
 
+    def test_ensure_success_empty_secrets(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-empty-secret.yaml")
+        )
+        with self.assertRaises(AnsibleExitJson) as ansible_err:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                    "secrets_backing_store": "vault",
+                }
+            )
+            parse_secrets_info.main()
+
+        ret = ansible_err.exception.args[0]
+        self.assertTrue(
+            (ret["failed"] is False)
+            and (ret["changed"] is False)
+            and (len(ret["parsed_secrets"])) == 0
+            and (len(ret["kubernetes_secret_objects"]) == 0)
+        )
+
+    def test_ensure_success_null_secrets(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-null-secret.yaml")
+        )
+        with self.assertRaises(AnsibleExitJson) as ansible_err:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                    "secrets_backing_store": "vault",
+                }
+            )
+            parse_secrets_info.main()
+
+        ret = ansible_err.exception.args[0]
+        self.assertTrue(
+            (ret["failed"] is False)
+            and (ret["changed"] is False)
+            and (len(ret["parsed_secrets"])) == 0
+            and (len(ret["kubernetes_secret_objects"]) == 0)
+        )
+
 
 if __name__ == "__main__":
     unittest.main()

tests/unit/v2/values-secret-v2-empty-secret.yaml

@@ -0,0 +1,2 @@
+version: "2.0"
+secrets: []

tests/unit/v2/values-secret-v2-null-secret.yaml

@@ -0,0 +1,2 @@
+version: "2.0"
+secrets: