Enforce Ansible availability via Nix and validate requirements.yml

- Add ansiblePkg as propagated dependency in flake.nix so ansible-galaxy is available on host - Introduce strict requirements.yml validator for AnsibleRequirementsInstaller - Accept roles entries with either 'name' or 'src' - Ensure run() always validates requirements before installing dependencies - Extend unit tests to cover valid, invalid and warning-only requirements.yml cases See: https://chatgpt.com/share/69332bc4-a128-800f-a69c-fdc24c4cc7fe
2025-12-05 20:00:47 +01:00
parent f5475d86e2
commit a435745c02
3 changed files with 191 additions and 21 deletions
--- a/tests/unit/pkgmgr/installers/test_ansible_requirements.py
+++ b/tests/unit/pkgmgr/installers/test_ansible_requirements.py
@@ -66,6 +66,103 @@ roles:
            cmds,
        )

+    # --- Neue Tests für den Validator -------------------------------------
+
+    @patch("pkgmgr.installers.ansible_requirements.run_command")
+    @patch(
+        "builtins.open",
+        new_callable=mock_open,
+        read_data="""
+- not:
+  - a: mapping
+""",
+    )
+    @patch("os.path.exists", return_value=True)
+    def test_run_raises_when_top_level_is_not_mapping(
+        self, mock_exists, mock_file, mock_run_command
+    ):
+        # YAML ist eine Liste -> Validator soll fehlschlagen
+        with self.assertRaises(SystemExit):
+            self.installer.run(self.ctx)
+
+        mock_run_command.assert_not_called()
+
+    @patch("pkgmgr.installers.ansible_requirements.run_command")
+    @patch(
+        "builtins.open",
+        new_callable=mock_open,
+        read_data="""
+collections: community.docker
+roles:
+  - src: geerlingguy.docker
+""",
+    )
+    @patch("os.path.exists", return_value=True)
+    def test_run_raises_when_collections_is_not_list(
+        self, mock_exists, mock_file, mock_run_command
+    ):
+        # collections ist ein String statt Liste -> invalid
+        with self.assertRaises(SystemExit):
+            self.installer.run(self.ctx)
+
+        mock_run_command.assert_not_called()
+
+    @patch("pkgmgr.installers.ansible_requirements.run_command")
+    @patch(
+        "builtins.open",
+        new_callable=mock_open,
+        read_data="""
+collections:
+  - name: community.docker
+roles:
+  - version: "latest"
+""",
+    )
+    @patch("os.path.exists", return_value=True)
+    def test_run_raises_when_role_mapping_has_no_name(
+        self, mock_exists, mock_file, mock_run_command
+    ):
+        # roles-Eintrag ist Mapping ohne 'name' -> invalid
+        with self.assertRaises(SystemExit):
+            self.installer.run(self.ctx)
+
+        mock_run_command.assert_not_called()
+
+    @patch("pkgmgr.installers.ansible_requirements.run_command")
+    @patch("tempfile.NamedTemporaryFile")
+    @patch(
+        "builtins.open",
+        new_callable=mock_open,
+        read_data="""
+collections:
+  - name: community.docker
+extra_key: should_be_ignored_but_warned
+""",
+    )
+    @patch("os.path.exists", return_value=True)
+    def test_run_accepts_unknown_top_level_keys(
+        self, mock_exists, mock_file, mock_tmp, mock_run_command
+    ):
+        """
+        Unknown top-level keys (z.B. 'extra_key') sollen nur eine Warnung
+        auslösen, aber keine Validation-Exception.
+        """
+        mock_tmp().__enter__().name = "/tmp/req.yml"
+
+        # Erwartung: kein SystemExit, run_command wird für collections aufgerufen
+        self.installer.run(self.ctx)
+
+        cmds = [call[0][0] for call in mock_run_command.call_args_list]
+        self.assertIn(
+            "ansible-galaxy collection install -r /tmp/req.yml",
+            cmds,
+        )
+        # Keine roles definiert -> kein role-install
+        self.assertNotIn(
+            "ansible-galaxy role install -r /tmp/req.yml",
+            cmds,
+        )
+

 if __name__ == "__main__":
    unittest.main()