From c5c519f73bee290e39336b2d77e8c85970d08fbe Mon Sep 17 00:00:00 2001
From: Rich Megginson <rmeggins@redhat.com>
Date: Tue, 25 Apr 2023 12:30:06 -0600
Subject: [PATCH] test: check generated files for ansible_managed, fingerprint

Add the following files: tests/tasks/check_header.yml and
tests/templates/get_ansible_managed.j2.
Use check_header.yml to check generated files for the ansible_managed
and fingerprint headers.
check_header.yml takes these parameters.  `fingerprint` is required,
and one of `__file` or `__file_content`:

* `__file` - the full path of the file to check e.g. `/etc/realmd.conf`
* `__file_content` - the output of `slurp` of the file
* `__fingerprint` - required - the fingerprint string `system_role:$ROLENAME` e.g.
  `__fingerprint: "system_role:postfix"`
* `__comment_type` - optional, default `plain` - the type of comments used

e.g. `__comment_type: c` for C/C++-style comments.  `plain` uses `#`.
See https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_filters.html#adding-comments-to-files
for the different types of comment styles supported.

Example:
```
- name: Check generated files for ansible_managed, fingerprint
  include_tasks: tasks/check_header.yml
  vars:
    __file: /etc/myfile.conf
    __fingerprint: "system_role:my_role"
```

Signed-off-by: Rich Megginson <rmeggins@redhat.com>
---
 .ansible-lint                          |  1 +
 tests/tasks/check_header.yml           | 16 ++++++++++++++++
 tests/templates/get_ansible_managed.j2 |  1 +
 tests/tests_all_options.yml            |  7 +++++++
 4 files changed, 25 insertions(+)
 create mode 100644 tests/tasks/check_header.yml
 create mode 100644 tests/templates/get_ansible_managed.j2

diff --git a/.ansible-lint b/.ansible-lint
index 2ff2bec..272c732 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -1,2 +1,3 @@
 exclude_paths:
   - tests/roles/
+  - .tox/
diff --git a/tests/tasks/check_header.yml b/tests/tasks/check_header.yml
new file mode 100644
index 0000000..f26b9e5
--- /dev/null
+++ b/tests/tasks/check_header.yml
@@ -0,0 +1,16 @@
+# SPDX-License-Identifier: MIT
+---
+- name: Get file
+  ansible.builtin.slurp:
+    path: "{{ __file }}"
+  register: __content
+  when: not __file_content is defined
+
+- name: Check for presence of ansible managed header, fingerprint
+  ansible.builtin.assert:
+    that:
+      - ansible_managed in content
+      - __fingerprint in content
+  vars:
+    content: "{{ (__file_content | d(__content)).content | b64decode }}"
+    ansible_managed: "{{ lookup('template', 'get_ansible_managed.j2') }}"
diff --git a/tests/templates/get_ansible_managed.j2 b/tests/templates/get_ansible_managed.j2
new file mode 100644
index 0000000..c690cfa
--- /dev/null
+++ b/tests/templates/get_ansible_managed.j2
@@ -0,0 +1 @@
+{{ ansible_managed | comment(__comment_type | d("plain")) }}
diff --git a/tests/tests_all_options.yml b/tests/tests_all_options.yml
index 7a20db8..ff66e99 100644
--- a/tests/tests_all_options.yml
+++ b/tests/tests_all_options.yml
@@ -118,5 +118,12 @@
         "{{ sshd_options.stdout_lines }}"
       when: not sshd_skip_test
 
+    - name: Check generated files for ansible_managed, fingerprint
+      ansible.builtin.include_tasks: tasks/check_header.yml
+      vars:
+        __file_content: "{{ config }}"
+        __fingerprint: "willshersystems:ansible-sshd"
+      when: not sshd_skip_test
+
     - name: Restore configuration files
       ansible.builtin.include_tasks: tasks/restore.yml