Add tests for state module and issue 63144

tests/pytests/unit/modules/test_gpg.py

@@ -15,7 +15,7 @@ import psutil
 import pytest
 
 import salt.modules.gpg as gpg
-from tests.support.mock import MagicMock, call, patch
+from tests.support.mock import MagicMock, Mock, call, patch
 
 pytest.importorskip("gnupg")
 
@@ -1039,3 +1039,37 @@ def test_gpg_decrypt_message_with_gpg_passphrase_in_pillar(gpghome):
                     gnupghome=str(gpghome.path),
                 )
                 assert ret["res"] is True
+
+
+def test_gpg_receive_keys_no_user_id():
+    with patch("salt.modules.gpg._create_gpg") as create:
+        with patch.dict(
+            gpg.__salt__, {"user.info": MagicMock(), "config.option": Mock()}
+        ):
+            import_result = MagicMock()
+            import_result.__bool__.return_value = False
+            for var, val in {
+                "gpg": Mock(),
+                "imported": 0,
+                "results": [],
+                "fingerprints": [],
+                "count": 1,
+                "no_user_id": 0,
+                "imported_rsa": 0,
+                "unchanged": 0,
+                "n_uids": 0,
+                "n_subk": 0,
+                "n_sigs": 0,
+                "n_revoc": 0,
+                "sec_read": 0,
+                "sec_imported": 0,
+                "sec_dups": 0,
+                "not_imported": 0,
+                "stderr": "gpg: key ABCDEF0123456789: no user ID\ngpg: Total number processed: 1\n[GNUPG:] IMPORT_RES 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0\n",
+                "data": b"",
+            }.items():
+                setattr(import_result, var, val)
+            create.return_value.recv_keys.return_value = import_result
+            res = gpg.receive_keys(keys="abc", user="abc")
+            assert res["res"] is False
+            assert "no user ID" in res["message"]

tests/pytests/unit/states/test_gpg.py

@@ -0,0 +1,206 @@
+import pytest
+
+import salt.states.gpg as gpg
+from tests.support.mock import Mock, patch
+
+
+@pytest.fixture
+def configure_loader_modules():
+    return {gpg: {"__opts__": {"test": False}}}
+
+
+@pytest.fixture
+def keys_list():
+    return [
+        {
+            "keyid": "A",
+            "fingerprint": "A",
+            "uids": ["Key A"],
+            "created": "2010-04-01",
+            "keyLength": "4096",
+            "ownerTrust": "Ultimately Trusted",
+            "trust": "Ultimately Trusted",
+        },
+        {
+            "keyid": "B",
+            "fingerprint": "B",
+            "uids": ["Key B"],
+            "created": "2017-03-06",
+            "keyLength": "4096",
+            "ownerTrust": "Unknown",
+            "trust": "Fully Trusted",
+        },
+        {
+            "keyid": "C",
+            "fingerprint": "C",
+            "uids": ["Key C"],
+            "expires": "2022-06-24",
+            "created": "2018-06-24",
+            "keyLength": "4096",
+            "ownerTrust": "Unknown",
+            "trust": "Expired",
+        },
+        {
+            "keyid": "D",
+            "fingerprint": "D",
+            "uids": ["Key D"],
+            "created": "2018-01-18",
+            "keyLength": "3072",
+            "ownerTrust": "Unknown",
+            "trust": "Unknown",
+        },
+        {
+            "keyid": "E",
+            "fingerprint": "E",
+            "uids": ["Key E"],
+            "expires": "2222-11-18",
+            "created": "2019-11-20",
+            "keyLength": "4096",
+            "ownerTrust": "Unknown",
+            "trust": "Unknown",
+        },
+    ]
+
+
+@pytest.fixture
+def gpg_list_keys(request, keys_list):
+    list_ = Mock(spec="salt.modules.gpg.list_keys")
+    list_.return_value = getattr(request, "param", keys_list)
+    with patch.dict(gpg.__salt__, {"gpg.list_keys": list_}):
+        yield list_
+
+
+@pytest.fixture
+def gpg_trust(request):
+    trust = Mock(spec="salt.modules.gpg.trust_key")
+    trust.return_value = getattr(request, "param", {})
+    with patch.dict(gpg.__salt__, {"gpg.trust_key": trust}):
+        yield trust
+
+
+@pytest.fixture()
+def gpg_receive(request):
+    recv = Mock(spec="salt.modules.gpg.receive_keys")
+    recv.return_value = getattr(request, "param", {})
+    with patch.dict(gpg.__salt__, {"gpg.receive_keys": recv}):
+        yield recv
+
+
+@pytest.fixture()
+def gpg_delete(request):
+    delete = Mock(spec="salt.modules.gpg.delete_key")
+    delete.return_value = getattr(
+        request, "param", {"res": True, "message": ["Public key for A deleted"]}
+    )
+    with patch.dict(gpg.__salt__, {"gpg.delete_key": delete}):
+        yield delete
+
+
+@pytest.mark.usefixtures("gpg_list_keys")
+def test_gpg_present_no_changes(gpg_receive, gpg_trust):
+    ret = gpg.present("A")
+    assert ret["result"]
+    assert not ret["changes"]
+    gpg_receive.assert_not_called()
+    gpg_trust.assert_not_called()
+
+
+@pytest.mark.usefixtures("gpg_list_keys")
+@pytest.mark.parametrize(
+    "gpg_trust,expected",
+    [
+        ({"res": True, "message": ["Setting ownership trust to Marginally"]}, True),
+        ({"res": False, "message": ["KeyID A not in GPG keychain"]}, False),
+    ],
+    indirect=["gpg_trust"],
+)
+def test_gpg_present_trust_change(gpg_receive, gpg_trust, expected):
+    ret = gpg.present("A", trust="marginally")
+    assert ret["result"] == expected
+    assert bool(ret["changes"]) == expected
+    gpg_trust.assert_called_once()
+    gpg_receive.assert_not_called()
+
+
+@pytest.mark.usefixtures("gpg_list_keys")
+@pytest.mark.parametrize(
+    "gpg_receive,expected",
+    [
+        ({"res": True, "message": ["Key new added to keychain"]}, True),
+        (
+            {
+                "res": False,
+                "message": [
+                    "Something went wrong during gpg call: gpg: key new: no user ID"
+                ],
+            },
+            False,
+        ),
+    ],
+    indirect=["gpg_receive"],
+)
+def test_gpg_present_new_key(gpg_receive, gpg_trust, expected):
+    ret = gpg.present("new")
+    assert ret["result"] == expected
+    assert bool(ret["changes"]) == expected
+    gpg_receive.assert_called_once()
+    gpg_trust.assert_not_called()
+
+
+@pytest.mark.usefixtures("gpg_list_keys")
+@pytest.mark.parametrize(
+    "gpg_receive",
+    [
+        {"res": True, "message": ["Key new added to keychain"]},
+    ],
+    indirect=True,
+)
+@pytest.mark.parametrize(
+    "gpg_trust,expected",
+    [
+        ({"res": True, "message": ["Setting ownership trust to Marginally"]}, True),
+        ({"res": False, "message": ["KeyID A not in GPG keychain"]}, False),
+    ],
+    indirect=["gpg_trust"],
+)
+@pytest.mark.usefixtures("gpg_list_keys")
+def test_gpg_present_new_key_and_trust(gpg_receive, gpg_trust, expected):
+    ret = gpg.present("new", trust="marginally")
+    assert ret["result"] == expected
+    # the key is always marked as added
+    assert bool(ret["changes"])
+    gpg_receive.assert_called_once()
+    gpg_trust.assert_called_once()
+
+
+@pytest.mark.usefixtures("gpg_list_keys")
+def test_gpg_absent_no_changes(gpg_delete):
+    ret = gpg.absent("nonexistent")
+    assert ret["result"]
+    assert not ret["changes"]
+    gpg_delete.assert_not_called()
+
+
+@pytest.mark.usefixtures("gpg_list_keys")
+@pytest.mark.parametrize(
+    "gpg_delete,expected",
+    [
+        ({"res": True, "message": ["Public key for A deleted"]}, True),
+        (
+            {
+                "res": False,
+                "message": [
+                    "Secret key exists, delete first or pass delete_secret=True."
+                ],
+            },
+            False,
+        ),
+    ],
+    indirect=["gpg_delete"],
+)
+@pytest.mark.usefixtures("gpg_list_keys")
+def test_gpg_absent_delete_key(gpg_delete, expected):
+    ret = gpg.absent("A")
+    assert ret["result"] == expected
+    assert bool(ret["changes"]) == expected
+    gpg_delete.assert_called_once()