From 22ab85fe2b4427fc9dbf481a57b9dcd01b1fdfe9 Mon Sep 17 00:00:00 2001
From: Felix Fontein <felix@fontein.de>
Date: Mon, 10 Feb 2025 23:54:36 +0100
Subject: [PATCH] docker_context_info: fix some aspects (#1043)

* Extend docker_context_info tests.

* Fix a bug in the context code.

* Fix TLS handling for contexts.

* Adjust code to fix tests.
---
 plugins/module_utils/_api/context/context.py  | 18 +++----
 plugins/modules/docker_context_info.py        |  9 ++--
 .../targets/docker_context_info/meta/main.yml |  1 +
 .../tasks/tests/podman.yml                    | 49 +++++++++++++++++++
 4 files changed, 64 insertions(+), 13 deletions(-)
 create mode 100644 tests/integration/targets/docker_context_info/tasks/tests/podman.yml

diff --git a/plugins/module_utils/_api/context/context.py b/plugins/module_utils/_api/context/context.py
index 3111ee9f..c3e081f4 100644
--- a/plugins/module_utils/_api/context/context.py
+++ b/plugins/module_utils/_api/context/context.py
@@ -34,7 +34,7 @@ class Context(object):
     """A context."""
 
     def __init__(self, name, orchestrator=None, host=None, endpoints=None,
-                 tls=False, description=None):
+                 skip_tls_verify=False, tls=False, description=None):
         if not name:
             raise Exception("Name not provided")
         self.name = name
@@ -54,8 +54,8 @@ class Context(object):
 
             self.endpoints = {
                 default_endpoint: {
-                    "Host": get_context_host(host, tls),
-                    "SkipTLSVerify": not tls
+                    "Host": get_context_host(host, skip_tls_verify or tls),
+                    "SkipTLSVerify": skip_tls_verify,
                 }
             }
             return
@@ -73,15 +73,15 @@ class Context(object):
                 continue
 
             self.endpoints[k]["Host"] = v.get("Host", get_context_host(
-                host, tls))
+                host, skip_tls_verify or tls))
             self.endpoints[k]["SkipTLSVerify"] = bool(v.get(
-                "SkipTLSVerify", not tls))
+                "SkipTLSVerify", skip_tls_verify))
 
     def set_endpoint(
             self, name="docker", host=None, tls_cfg=None,
             skip_tls_verify=False, def_namespace=None):
         self.endpoints[name] = {
-            "Host": get_context_host(host, not skip_tls_verify),
+            "Host": get_context_host(host, not skip_tls_verify or tls_cfg is not None),
             "SkipTLSVerify": skip_tls_verify
         }
         if def_namespace:
@@ -101,7 +101,7 @@ class Context(object):
                 meta["Name"],
                 orchestrator=meta["Metadata"].get("StackOrchestrator", None),
                 endpoints=meta.get("Endpoints", None),
-                description=meta.get('Description'))
+                description=meta["Metadata"].get('Description'))
             instance.context_type = meta["Metadata"].get("Type", None)
             instance._load_certs()
             instance.meta_path = get_meta_dir(name)
@@ -152,13 +152,13 @@ class Context(object):
                     cert = os.path.join(tls_dir, endpoint, filename)
                 elif filename.startswith("key"):
                     key = os.path.join(tls_dir, endpoint, filename)
-            if all([ca_cert, cert, key]):
+            if all([cert, key]) or ca_cert:
                 verify = None
                 if endpoint == "docker" and not self.endpoints["docker"].get(
                         "SkipTLSVerify", False):
                     verify = True
                 certs[endpoint] = TLSConfig(
-                    client_cert=(cert, key), ca_cert=ca_cert, verify=verify)
+                    client_cert=(cert, key) if cert and key else None, ca_cert=ca_cert, verify=verify)
         self.tls_cfg = certs
         self.tls_path = tls_dir
 
diff --git a/plugins/modules/docker_context_info.py b/plugins/modules/docker_context_info.py
index ea2f6b1b..05a74071 100644
--- a/plugins/modules/docker_context_info.py
+++ b/plugins/modules/docker_context_info.py
@@ -229,7 +229,6 @@ def context_to_json(context, current):
 
             # Create config for the modules
             module_config['docker_host'] = host_str
-            module_config['tls'] = not to_bool(endpoint.get('SkipTLSVerify'))
             if context.tls_cfg.get('docker'):
                 tls_cfg = context.tls_cfg['docker']
                 if tls_cfg.ca_cert:
@@ -238,7 +237,9 @@ def context_to_json(context, current):
                     module_config['client_cert'] = tls_cfg.cert[0]
                     module_config['client_key'] = tls_cfg.cert[1]
                 module_config['validate_certs'] = tls_cfg.verify
-                module_config['tls'] = to_bool(tls_cfg.verify)
+                module_config['tls'] = True
+            else:
+                module_config['tls'] = to_bool(endpoint.get('SkipTLSVerify'))
     return {
         'current': current,
         'name': context.name,
@@ -285,10 +286,10 @@ def main():
         else:
             contexts = ContextAPI.contexts()
 
-        json_contexts = [
+        json_contexts = sorted([
             context_to_json(context, context.name == current_context_name)
             for context in contexts
-        ]
+        ], key=lambda entry: entry['name'])
 
         module.exit_json(
             changed=False,
diff --git a/tests/integration/targets/docker_context_info/meta/main.yml b/tests/integration/targets/docker_context_info/meta/main.yml
index 471ddd41..ca004bc0 100644
--- a/tests/integration/targets/docker_context_info/meta/main.yml
+++ b/tests/integration/targets/docker_context_info/meta/main.yml
@@ -6,3 +6,4 @@
 dependencies:
   - setup_docker
   - setup_docker_python_deps
+  - setup_podman
diff --git a/tests/integration/targets/docker_context_info/tasks/tests/podman.yml b/tests/integration/targets/docker_context_info/tasks/tests/podman.yml
new file mode 100644
index 00000000..c0466049
--- /dev/null
+++ b/tests/integration/targets/docker_context_info/tasks/tests/podman.yml
@@ -0,0 +1,49 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+- when: podman_cli_version is version('1.0.0', '>=')
+  block:
+    # The setup_podman role created a 'podman' context that we can use here.
+
+    - name: Get all contexts
+      community.docker.docker_context_info:
+      register: docker_contexts
+
+    - name: Ensure that there are at least two contexts
+      assert:
+        that:
+          - docker_contexts.contexts | length >= 2
+
+    - name: Get Podman context
+      community.docker.docker_context_info:
+        name: podman
+      register: docker_podman_context
+
+    - assert:
+        that:
+          - docker_podman_context.contexts | length == 1
+          - docker_podman_context.contexts[0].name == 'podman'
+          - docker_podman_context.contexts[0].current == false
+          - docker_podman_context.contexts[0].description == 'Podman'
+          - docker_podman_context.contexts[0].meta_path is string
+          - docker_podman_context.contexts[0].tls_path is string
+          - docker_podman_context.contexts[0].config.docker_host is string
+          - docker_podman_context.contexts[0].config.tls == false
+
+    - name: Run basic test with Podman context
+      module_defaults:
+        group/community.docker.docker: "{{ docker_podman_context.contexts[0].config }}"
+      block:
+
+        - name: Get info on Podman host
+          docker_host_info:
+          register: output
+
+        - name: Check for some Podman specific values
+          assert:
+            that:
+              - output.host_info.ProductLicense == 'Apache-2.0'
+              - >-
+                "Rootless" in output.host_info