ansible-collections/community.docker
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.docker.git synced 2025-12-15 11:32:05 +00:00
Code Packages Projects Releases Wiki Activity
95bdce75e6
community.docker/tests/integration/targets/docker_secret/tasks/test_secrets.yml
Felix Fontein 95bdce75e6
Add ansible-lint to CI (#1181) 
* Improve Ansible code.

* Add some ansible-lint ignores.

* Add ansible-lint to CI.
2025-10-25 11:07:40 +02:00

223 lines
6.2 KiB
YAML
Raw Blame History

---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
- block:
- name: Make sure we're not already using Docker swarm
community.docker.docker_swarm:
state: absent
force: true
- name: Create a Swarm cluster
community.docker.docker_swarm:
state: present
advertise_addr: "{{ ansible_default_ipv4.address | default('127.0.0.1') }}"
- name: Parameter name should be required
community.docker.docker_secret: # noqa: args[module]
state: present
ignore_errors: true
register: output
- name: assert failure when called with no name
ansible.builtin.assert:
that:
- 'output.failed'
- 'output.msg == "missing required arguments: name"'
- name: Test parameters
community.docker.docker_secret: # noqa: args[module]
name: foo
state: present
ignore_errors: true
register: output
- name: assert failure when called with no data
ansible.builtin.assert:
that:
- 'output.failed'
- 'output.msg == "state is present but any of the following are missing: data, data_src"'
- name: Create secret
community.docker.docker_secret:
name: db_password
data: opensesame!
state: present
register: output
- name: Create variable secret_id
ansible.builtin.set_fact:
secret_id: "{{ output.secret_id }}"
- name: Inspect secret
ansible.builtin.command: "docker secret inspect {{ secret_id }}"
register: inspect
ignore_errors: true
- ansible.builtin.debug: var=inspect
- name: assert secret creation succeeded
ansible.builtin.assert:
that:
- "'db_password' in inspect.stdout"
- "'ansible_key' in inspect.stdout"
when: inspect is not failed
- ansible.builtin.assert:
that:
- "'is too new. Maximum supported API version is' in inspect.stderr"
when: inspect is failed
- name: Create secret again
community.docker.docker_secret:
name: db_password
data: opensesame!
state: present
register: output
- name: assert create secret is idempotent
ansible.builtin.assert:
that:
- not output.changed
- name: Write secret into file
ansible.builtin.copy:
dest: "{{ remote_tmp_dir }}/data"
content: |-
opensesame!
- name: Create secret again (from file)
community.docker.docker_secret:
name: db_password
data_src: "{{ remote_tmp_dir }}/data"
state: present
register: output
- name: assert create secret is idempotent
ansible.builtin.assert:
that:
- not output.changed
- name: Create secret again (base64)
community.docker.docker_secret:
name: db_password
data: b3BlbnNlc2FtZSE=
data_is_b64: true
state: present
register: output
- name: assert create secret (base64) is idempotent
ansible.builtin.assert:
that:
- not output.changed
- name: Update secret
community.docker.docker_secret:
name: db_password
data: newpassword!
state: present
register: output
- name: assert secret was updated
ansible.builtin.assert:
that:
- output.changed
- output.secret_id != secret_id
- name: Remove secret
community.docker.docker_secret:
name: db_password
state: absent
- name: Check that secret is removed
ansible.builtin.command: "docker secret inspect {{ secret_id }}"
register: output
ignore_errors: true
- name: assert secret was removed
ansible.builtin.assert:
that:
- output.failed
# Rolling update
- name: Create rolling secret
community.docker.docker_secret:
name: rolling_password
data: opensesame!
rolling_versions: true
state: present
register: original_output
- name: Create variable secret_id
ansible.builtin.set_fact:
secret_id: "{{ original_output.secret_id }}"
- name: Inspect secret
ansible.builtin.command: "docker secret inspect {{ secret_id }}"
register: inspect
ignore_errors: true
- ansible.builtin.debug: var=inspect
- name: assert secret creation succeeded
ansible.builtin.assert:
that:
- "'rolling_password' in inspect.stdout"
- "'ansible_key' in inspect.stdout"
- "'ansible_version' in inspect.stdout"
- original_output.secret_name == 'rolling_password_v1'
when: inspect is not failed
- ansible.builtin.assert:
that:
- "'is too new. Maximum supported API version is' in inspect.stderr"
when: inspect is failed
- name: Create secret again
community.docker.docker_secret:
name: rolling_password
data: newpassword!
rolling_versions: true
state: present
register: new_output
- name: assert that new version is created
ansible.builtin.assert:
that:
- new_output.changed
- new_output.secret_id != original_output.secret_id
- new_output.secret_name != original_output.secret_name
- new_output.secret_name == 'rolling_password_v2'
- name: Remove rolling secrets
community.docker.docker_secret:
name: rolling_password
rolling_versions: true
state: absent
- name: Check that secret is removed
ansible.builtin.command: "docker secret inspect {{ original_output.secret_id }}"
register: output
ignore_errors: true
- name: assert secret was removed
ansible.builtin.assert:
that:
- output.failed
- name: Check that secret is removed
ansible.builtin.command: "docker secret inspect {{ new_output.secret_id }}"
register: output
ignore_errors: true
- name: assert secret was removed
ansible.builtin.assert:
that:
- output.failed
always:
- name: Remove Swarm cluster
community.docker.docker_swarm:
state: absent
force: true
View Git Blame Copy Permalink