Merge pull request #20 from darkdoc/fix-parse

Fix secret parsing, when there is no secret in secret yaml file

galaxy.yml

@@ -8,7 +8,7 @@ namespace: rhvp
 name: cluster_utils
 
 # The version of the collection. Must be compatible with semantic versioning
-version: 1.0.1
+version: 1.0.2
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md

plugins/module_utils/parse_secrets_v2.py

@@ -96,7 +96,11 @@ def _get_vault_policies(self, enable_default_vp_policies=True):
         return policies
 
     def _get_secrets(self):
-        return self.syaml.get("secrets", {})
+        secrets = self.syaml.get("secrets", [])
+        # We check for "None" here because the yaml file is currently
+        # filtered thru' from_yaml in module
+        # We also check for None here to cover when there is no jinja filter is used (unit tests)
+        return [] if secrets == "None" or secrets is None else secrets
 
     def _get_field_on_missing_value(self, f):
         # By default if 'onMissingValue' is missing we assume we need to
@@ -194,6 +198,11 @@ def parse(self):
         secrets = self._get_secrets()
 
         total_secrets = 0  # Counter for all the secrets uploaded
+
+        if len(secrets) == 0:
+            self.module.warn("No secrets were parsed")
+            return total_secrets
+
         for s in secrets:
             total_secrets += 1
             counter = 0  # This counter is to use kv put on first secret and kv patch on latter
@@ -323,7 +332,8 @@ def _validate_secrets(self):
         backing_store = self._get_backingstore()
         secrets = self._get_secrets()
         if len(secrets) == 0:
-            self.module.fail_json("No secrets found")
+            self.module.warn("No secrets found")
+            return (True, "")
 
         names = []
         for s in secrets:

tests/unit/test_parse_secrets.py

@@ -930,6 +930,48 @@ def test_ensure_generate_errors_on_none_generate(self, getpass):
             == "You cannot have onMissingValue set to 'generate' unless using vault backingstore for secret config-demo field secret"  # noqa: E501
         )
 
+    def test_ensure_success_empty_secrets(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-empty-secret.yaml")
+        )
+        with self.assertRaises(AnsibleExitJson) as ansible_err:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                    "secrets_backing_store": "vault",
+                }
+            )
+            parse_secrets_info.main()
+
+        ret = ansible_err.exception.args[0]
+        self.assertTrue(
+            (ret["failed"] is False)
+            and (ret["changed"] is False)
+            and (len(ret["parsed_secrets"])) == 0
+            and (len(ret["kubernetes_secret_objects"]) == 0)
+        )
+
+    def test_ensure_success_null_secrets(self, getpass):
+        testfile_output = self.get_file_as_stdout(
+            os.path.join(self.testdir_v2, "values-secret-v2-null-secret.yaml")
+        )
+        with self.assertRaises(AnsibleExitJson) as ansible_err:
+            set_module_args(
+                {
+                    "values_secrets_plaintext": testfile_output,
+                    "secrets_backing_store": "vault",
+                }
+            )
+            parse_secrets_info.main()
+
+        ret = ansible_err.exception.args[0]
+        self.assertTrue(
+            (ret["failed"] is False)
+            and (ret["changed"] is False)
+            and (len(ret["parsed_secrets"])) == 0
+            and (len(ret["kubernetes_secret_objects"]) == 0)
+        )
+
 
 if __name__ == "__main__":
     unittest.main()

tests/unit/v2/values-secret-v2-empty-secret.yaml

@@ -0,0 +1,2 @@
+version: "2.0"
+secrets: []

tests/unit/v2/values-secret-v2-null-secret.yaml

@@ -0,0 +1,2 @@
+version: "2.0"
+secrets: