--- # Copyright (c) Ansible Project # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) # SPDX-License-Identifier: GPL-3.0-or-later - block: - name: Make sure we're not already using Docker swarm community.docker.docker_swarm: state: absent force: true - name: Create a Swarm cluster community.docker.docker_swarm: state: present advertise_addr: "{{ ansible_default_ipv4.address | default('127.0.0.1') }}" - name: Parameter name should be required community.docker.docker_secret: # noqa: args[module] state: present ignore_errors: true register: output - name: assert failure when called with no name ansible.builtin.assert: that: - 'output.failed' - 'output.msg == "missing required arguments: name"' - name: Test parameters community.docker.docker_secret: # noqa: args[module] name: foo state: present ignore_errors: true register: output - name: assert failure when called with no data ansible.builtin.assert: that: - 'output.failed' - 'output.msg == "state is present but any of the following are missing: data, data_src"' - name: Create secret community.docker.docker_secret: name: db_password data: opensesame! state: present register: output - name: Create variable secret_id ansible.builtin.set_fact: secret_id: "{{ output.secret_id }}" - name: Inspect secret ansible.builtin.command: "docker secret inspect {{ secret_id }}" register: inspect ignore_errors: true - ansible.builtin.debug: var=inspect - name: assert secret creation succeeded ansible.builtin.assert: that: - "'db_password' in inspect.stdout" - "'ansible_key' in inspect.stdout" when: inspect is not failed - ansible.builtin.assert: that: - "'is too new. Maximum supported API version is' in inspect.stderr" when: inspect is failed - name: Create secret again community.docker.docker_secret: name: db_password data: opensesame! state: present register: output - name: assert create secret is idempotent ansible.builtin.assert: that: - not output.changed - name: Write secret into file ansible.builtin.copy: dest: "{{ remote_tmp_dir }}/data" content: |- opensesame! - name: Create secret again (from file) community.docker.docker_secret: name: db_password data_src: "{{ remote_tmp_dir }}/data" state: present register: output - name: assert create secret is idempotent ansible.builtin.assert: that: - not output.changed - name: Create secret again (base64) community.docker.docker_secret: name: db_password data: b3BlbnNlc2FtZSE= data_is_b64: true state: present register: output - name: assert create secret (base64) is idempotent ansible.builtin.assert: that: - not output.changed - name: Update secret community.docker.docker_secret: name: db_password data: newpassword! state: present register: output - name: assert secret was updated ansible.builtin.assert: that: - output.changed - output.secret_id != secret_id - name: Remove secret community.docker.docker_secret: name: db_password state: absent - name: Check that secret is removed ansible.builtin.command: "docker secret inspect {{ secret_id }}" register: output ignore_errors: true - name: assert secret was removed ansible.builtin.assert: that: - output.failed # Rolling update - name: Create rolling secret community.docker.docker_secret: name: rolling_password data: opensesame! rolling_versions: true state: present register: original_output - name: Create variable secret_id ansible.builtin.set_fact: secret_id: "{{ original_output.secret_id }}" - name: Inspect secret ansible.builtin.command: "docker secret inspect {{ secret_id }}" register: inspect ignore_errors: true - ansible.builtin.debug: var=inspect - name: assert secret creation succeeded ansible.builtin.assert: that: - "'rolling_password' in inspect.stdout" - "'ansible_key' in inspect.stdout" - "'ansible_version' in inspect.stdout" - original_output.secret_name == 'rolling_password_v1' when: inspect is not failed - ansible.builtin.assert: that: - "'is too new. Maximum supported API version is' in inspect.stderr" when: inspect is failed - name: Create secret again community.docker.docker_secret: name: rolling_password data: newpassword! rolling_versions: true state: present register: new_output - name: assert that new version is created ansible.builtin.assert: that: - new_output.changed - new_output.secret_id != original_output.secret_id - new_output.secret_name != original_output.secret_name - new_output.secret_name == 'rolling_password_v2' - name: Remove rolling secrets community.docker.docker_secret: name: rolling_password rolling_versions: true state: absent - name: Check that secret is removed ansible.builtin.command: "docker secret inspect {{ original_output.secret_id }}" register: output ignore_errors: true - name: assert secret was removed ansible.builtin.assert: that: - output.failed - name: Check that secret is removed ansible.builtin.command: "docker secret inspect {{ new_output.secret_id }}" register: output ignore_errors: true - name: assert secret was removed ansible.builtin.assert: that: - output.failed always: - name: Remove Swarm cluster community.docker.docker_swarm: state: absent force: true