Skip to content

Unify nextcloud/sqlite/gpg_key/ipa_diff plugins + safe fixes + tests#269

Merged
markuslf merged 1 commit into
mainfrom
refactor/plugins-nextcloud-sqlite-gpg
May 25, 2026
Merged

Unify nextcloud/sqlite/gpg_key/ipa_diff plugins + safe fixes + tests#269
markuslf merged 1 commit into
mainfrom
refactor/plugins-nextcloud-sqlite-gpg

Conversation

@markuslf
Copy link
Copy Markdown
Member

@markuslf markuslf commented May 25, 2026

Phase 5 (final family): the nextcloud_occ_* modules, sqlite_query, gpg_key, and the ipa_diff module_util. This completes the in-house plugin unification (vendored ipa* / lvm_pv / gnupg stay as-is).

Style unification (no behavior change)

  • Standard Linuxfabrik file header on all six files (ipa_diff had none).
  • Single quotes, f-strings (replacing the last .format() calls in sqlite_query and gpg_key), ansible.module_utils.common.text.converters instead of the deprecated _text, fixed import ordering in sqlite_query, from __future__ without parens.
  • Removed leftover Ansible-template boilerplate comments (nextcloud config modules), commented-out debug code (gpg_key), the no-op f prefix on placeholder-less strings, and the (object) base class (ipa_diff).

Security

  • gpg_key no longer passes input_data (which contains the cleartext passphrase) into fail_json when key generation fails.

Safe fixes

  • sqlite_query: a REGEXP query against a column containing NULL no longer raises (NULL simply does not match); bare except: narrowed to except Exception:; mutable default argument replaced with None.

Deferred (behavior-changing, separate PRs)

  • sqlite_query reports a failed query as a successful run (the select() success flag is ignored in main()).
  • nextcloud_occ_app_config array values are compared as str(list) vs JSON string and never match (needs verification against real occ output per the empirical-facts rule).

Tests

  • test_ipa_diff.py (pure diff helpers), test_sqlite_query.py (connect / select / regexp / close against a real temp DB, incl. the NULL-REGEXP case), test_gpg_key.py (match_key).

Validation

  • Full tox matrix green (94 tests across 13 envs).
  • ansible-doc renders all five modules; the doc guard passes.
  • pre-commit (bandit, vulture, pytest) green.

@markuslf
refactor(plugins): unify nextcloud/sqlite/gpg_key/ipa_diff + safe fix…
2811062 
…es + tests

Bring the remaining in-house plugins to the standard style: standard
file header, single quotes, f-strings (replacing the last .format()
calls in sqlite_query and gpg_key), modern
ansible.module_utils.common.text.converters instead of the deprecated
_text, fixed import ordering, and removal of leftover boilerplate /
commented-out debug code. ipa_diff gains the standard header it lacked.

Security:
- gpg_key no longer passes input_data (which contains the cleartext
  passphrase) into fail_json on a failed key generation.

Safe fixes:
- sqlite_query: REGEXP no longer raises on NULL column values (returns
  no-match); bare 'except:' narrowed to 'except Exception:'; mutable
  default argument replaced with None.

Add unit tests: ipa_diff (pure diff helpers), sqlite_query (connect /
select / regexp / close against a real temp DB) and gpg_key (match_key).

Deferred (behaviour-changing, separate PRs): sqlite_query reporting a
failed query as a successful run, and nextcloud_occ_app_config array
idempotency.
@markuslf markuslf requested a review from NavidSassan May 25, 2026 08:04
@markuslf markuslf merged commit 456541b into main May 25, 2026
10 checks passed
@markuslf markuslf deleted the refactor/plugins-nextcloud-sqlite-gpg branch May 25, 2026 08:08
ebuerki-lf pushed a commit that referenced this pull request May 26, 2026
@markuslf @ebuerki-lf
refactor(plugins): unify nextcloud/sqlite/gpg_key/ipa_diff + safe fix…
b7701b9 
…es + tests (#269)

Bring the remaining in-house plugins to the standard style: standard
file header, single quotes, f-strings (replacing the last .format()
calls in sqlite_query and gpg_key), modern
ansible.module_utils.common.text.converters instead of the deprecated
_text, fixed import ordering, and removal of leftover boilerplate /
commented-out debug code. ipa_diff gains the standard header it lacked.

Security:
- gpg_key no longer passes input_data (which contains the cleartext
  passphrase) into fail_json on a failed key generation.

Safe fixes:
- sqlite_query: REGEXP no longer raises on NULL column values (returns
  no-match); bare 'except:' narrowed to 'except Exception:'; mutable
  default argument replaced with None.

Add unit tests: ipa_diff (pure diff helpers), sqlite_query (connect /
select / regexp / close against a real temp DB) and gpg_key (match_key).

Deferred (behaviour-changing, separate PRs): sqlite_query reporting a
failed query as a successful run, and nextcloud_occ_app_config array
idempotency.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@NavidSassan NavidSassan Awaiting requested review from NavidSassan

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@markuslf