Ignore encrypted files (#69)

Append the contents of .config/yadm/encrypt to the repo's git ignore
list. This is to help prevent accidentally committing unencrypted
sensitive data.

test/conftest.py

@@ -101,6 +101,7 @@ def supported_configs():
         'local.user',
         'yadm.alt-copy',
         'yadm.auto-alt',
+        'yadm.auto-exclude',
         'yadm.auto-perms',
         'yadm.auto-private-dirs',
         'yadm.git-program',

test/test_encryption.py

@@ -372,6 +372,29 @@ def test_offer_to_add(runner, yadm_y, paths, encrypt_targets, untracked):
         assert f'AM {worktree_archive.basename}' in run.out
 
 
+def test_encrypt_added_to_exclude(runner, yadm_y, paths):
+    """Confirm that .config/yadm/encrypt is added to exclude"""
+
+    expect = [
+        ('passphrase:', PASSPHRASE),
+        ('passphrase:', PASSPHRASE),
+        ]
+
+    exclude_file = paths.repo.join('info/exclude')
+    paths.encrypt.write('test-encrypt-data\n')
+    exclude_file.write('original-data', ensure=True)
+
+    run = runner(
+        yadm_y('encrypt'),
+        expect=expect,
+        )
+
+    assert 'test-encrypt-data' in paths.repo.join('info/exclude').read()
+    assert 'original-data' in paths.repo.join('info/exclude').read()
+    assert run.success
+    assert run.err == ''
+
+
 def encrypted_data_valid(runner, encrypted, expected):
     """Verify encrypted data matches expectations"""
     run = runner([

test/test_introspect.py

@@ -27,7 +27,7 @@ def test_introspect_category(
     expected = []
     if name == 'commands':
         expected = supported_commands
-    elif name == 'config':
+    elif name == 'configs':
         expected = supported_configs
     elif name == 'switches':
         expected = supported_switches

test/test_unit_exclude_encrypted.py

@@ -0,0 +1,66 @@
+"""Unit tests: exclude_encrypted"""
+import pytest
+
+
+@pytest.mark.parametrize(
+    'exclude', ['missing', 'outdated', 'up-to-date'])
+@pytest.mark.parametrize(
+    'encrypt_exists', [True, False], ids=['encrypt', 'no-encrypt'])
+@pytest.mark.parametrize(
+    'auto_exclude', [True, False], ids=['enabled', 'disabled'])
+def test_exclude_encrypted(
+        runner, tmpdir, yadm, encrypt_exists, auto_exclude, exclude):
+    """Test exclude_encrypted()"""
+
+    header = (
+        "# yadm-auto-excludes\n"
+        "# This section is managed by yadm.\n"
+        "# Any edits below will be lost.\n"
+    )
+
+    config_function = 'function config() { echo "false";}'
+    if auto_exclude:
+        config_function = 'function config() { return; }'
+
+    encrypt_file = tmpdir.join('encrypt_file')
+    repo_dir = tmpdir.join('repodir')
+    exclude_file = repo_dir.join('info/exclude')
+
+    if encrypt_exists:
+        encrypt_file.write('test-encrypt-data\n', ensure=True)
+    if exclude == 'outdated':
+        exclude_file.write(
+            f'original-exclude\n{header}outdated\n', ensure=True)
+    elif exclude == 'up-to-date':
+        exclude_file.write(
+            f'original-exclude\n{header}test-encrypt-data\n', ensure=True)
+
+    script = f"""
+        YADM_TEST=1 source {yadm}
+        {config_function}
+        DEBUG=1
+        YADM_ENCRYPT="{encrypt_file}"
+        YADM_REPO="{repo_dir}"
+        exclude_encrypted
+    """
+    run = runner(command=['bash'], inp=script)
+    assert run.success
+    assert run.err == ''
+
+    if auto_exclude:
+        if encrypt_exists:
+            assert exclude_file.exists()
+            if exclude == 'missing':
+                assert exclude_file.read() == f'{header}test-encrypt-data\n'
+            else:
+                assert exclude_file.read() == (
+                    'original-exclude\n'
+                    f'{header}test-encrypt-data\n')
+            if exclude != 'up-to-date':
+                assert f'Updating {exclude_file}' in run.out
+            else:
+                assert run.out == ''
+        else:
+            assert run.out == ''
+    else:
+        assert run.out == ''