Add test coverage for new code (#961).

borgmatic/hooks/credential/passcommand.py

@@ -2,11 +2,9 @@ import functools
 import logging
 import shlex
 
-
 import borgmatic.config.paths
 import borgmatic.execute
 
-
 logger = logging.getLogger(__name__)
 
 

docs/how-to/provide-your-passwords.md

@@ -41,10 +41,11 @@ encryption_passcommand: keepassxc-cli show --show-protected --attributes Passwor
 Borg encryption passphrase in its `Password` field.
 
 <span class="minilink minilink-addedin">New in version 1.9.9</span> Instead of
-letting Borg run the passcommand—potentially mulitple times since borgmatic runs
-Borg multiple times—borgmatic now runs the passcommand itself and passes it
-securely to Borg via an anonymous pipe. This means you should only ever get
-prompted for your password manager's passphrase at most once per borgmatic run.
+letting Borg run the passcommand—potentially multiple times since borgmatic runs
+Borg multiple times—borgmatic now runs the passcommand itself and passes the
+resulting passprhase securely to Borg via an anonymous pipe. This means you
+should only ever get prompted for your password manager's passphrase at most
+once per borgmatic run.
 
 
 ### Using systemd service credentials

tests/unit/hooks/credential/test_passcommand.py

@@ -0,0 +1,65 @@
+import pytest
+from flexmock import flexmock
+
+from borgmatic.hooks.credential import passcommand as module
+
+
+def test_run_passcommand_with_passphrase_configured_bails():
+    flexmock(module.borgmatic.execute).should_receive('execute_command_and_capture_output').never()
+
+    assert (
+        module.run_passcommand('passcommand', passphrase_configured=True, working_directory=None)
+        is None
+    )
+
+
+def test_run_passcommand_without_passphrase_configured_executes_passcommand():
+    flexmock(module.borgmatic.execute).should_receive(
+        'execute_command_and_capture_output'
+    ).and_return('passphrase').once()
+
+    assert (
+        module.run_passcommand('passcommand', passphrase_configured=False, working_directory=None)
+        == 'passphrase'
+    )
+
+
+def test_load_credential_with_unknown_credential_name_errors():
+    with pytest.raises(ValueError):
+        module.load_credential(hook_config={}, config={}, credential_name='wtf')
+
+
+def test_load_credential_with_configured_passcommand_runs_it():
+    flexmock(module.borgmatic.config.paths).should_receive('get_working_directory').and_return(
+        '/working'
+    )
+    flexmock(module).should_receive('run_passcommand').with_args(
+        'command', False, '/working'
+    ).and_return('passphrase').once()
+
+    assert (
+        module.load_credential(
+            hook_config={},
+            config={'encryption_passcommand': 'command'},
+            credential_name='encryption_passphrase',
+        )
+        == 'passphrase'
+    )
+
+
+def test_load_credential_with_configured_passphrase_and_passcommand_detects_passphrase():
+    flexmock(module.borgmatic.config.paths).should_receive('get_working_directory').and_return(
+        '/working'
+    )
+    flexmock(module).should_receive('run_passcommand').with_args(
+        'command', True, '/working'
+    ).and_return(None).once()
+
+    assert (
+        module.load_credential(
+            hook_config={},
+            config={'encryption_passphrase': 'passphrase', 'encryption_passcommand': 'command'},
+            credential_name='encryption_passphrase',
+        )
+        is None
+    )