You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ansible/test/integration/targets/docker_swarm_service/tasks/tests/secrets.yml

397 lines
11 KiB
YAML

---
- name: Registering container name
set_fact:
service_name: "{{ name_prefix ~ '-secrets' }}"
secret_name_1: "{{ name_prefix ~ '-secret-1' }}"
secret_name_2: "{{ name_prefix ~ '-secret-2' }}"
- name: Registering container name
set_fact:
secret_names: "{{ secret_names + [secret_name_1, secret_name_2] }}"
- docker_secret:
name: "{{ secret_name_1 }}"
data: "secret1"
state: "present"
register: "secret_result_1"
when: docker_api_version is version('1.25', '>=') and docker_py_version is version('2.1.0', '>=')
- docker_secret:
name: "{{ secret_name_2 }}"
data: "secret2"
state: "present"
register: "secret_result_2"
when: docker_api_version is version('1.25', '>=') and docker_py_version is version('2.1.0', '>=')
####################################################################
## secrets #########################################################
####################################################################
- name: secrets
docker_swarm_service:
name: "{{ service_name }}"
image: alpine:3.8
resolve_image: no
command: '/bin/sh -v -c "sleep 10m"'
secrets:
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
secret_name: "{{ secret_name_1 }}"
filename: "/run/secrets/{{ secret_name_1 }}.txt"
register: secrets_1
ignore_errors: yes
- name: secrets (idempotency)
docker_swarm_service:
name: "{{ service_name }}"
image: alpine:3.8
resolve_image: no
command: '/bin/sh -v -c "sleep 10m"'
secrets:
- secret_name: "{{ secret_name_1 }}"
filename: "/run/secrets/{{ secret_name_1 }}.txt"
register: secrets_2
ignore_errors: yes
- name: secrets (add)
docker_swarm_service:
name: "{{ service_name }}"
image: alpine:3.8
resolve_image: no
command: '/bin/sh -v -c "sleep 10m"'
secrets:
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
secret_name: "{{ secret_name_1 }}"
filename: "/run/secrets/{{ secret_name_1 }}.txt"
- secret_name: "{{ secret_name_2 }}"
filename: "/run/secrets/{{ secret_name_2 }}.txt"
register: secrets_3
ignore_errors: yes
- name: secrets (add idempotency)
docker_swarm_service:
name: "{{ service_name }}"
image: alpine:3.8
resolve_image: no
command: '/bin/sh -v -c "sleep 10m"'
secrets:
- secret_name: "{{ secret_name_1 }}"
filename: "/run/secrets/{{ secret_name_1 }}.txt"
- secret_id: "{{ secret_result_2.secret_id|default('') }}"
secret_name: "{{ secret_name_2 }}"
filename: "/run/secrets/{{ secret_name_2 }}.txt"
register: secrets_4
ignore_errors: yes
- name: secrets (add idempotency no id)
docker_swarm_service:
name: "{{ service_name }}"
image: alpine:3.8
resolve_image: no
command: '/bin/sh -v -c "sleep 10m"'
secrets:
- secret_name: "{{ secret_name_1 }}"
filename: "/run/secrets/{{ secret_name_1 }}.txt"
- secret_name: "{{ secret_name_2 }}"
filename: "/run/secrets/{{ secret_name_2 }}.txt"
register: secrets_5
ignore_errors: yes
- name: secrets (empty)
docker_swarm_service:
name: "{{ service_name }}"
image: alpine:3.8
resolve_image: no
command: '/bin/sh -v -c "sleep 10m"'
secrets: []
register: secrets_6
ignore_errors: yes
- name: secrets (empty idempotency)
docker_swarm_service:
name: "{{ service_name }}"
image: alpine:3.8
resolve_image: no
command: '/bin/sh -v -c "sleep 10m"'
secrets: []
register: secrets_7
ignore_errors: yes
- name: cleanup
docker_swarm_service:
name: "{{ service_name }}"
state: absent
diff: no
- assert:
that:
- secrets_1 is changed
- secrets_2 is not changed
- secrets_3 is changed
- secrets_4 is not changed
- secrets_5 is not changed
- secrets_6 is changed
- secrets_7 is not changed
when: docker_api_version is version('1.25', '>=') and docker_py_version is version('2.4.0', '>=')
- assert:
that:
- secrets_1 is failed
- "'Minimum version required' in secrets_1.msg"
when: docker_api_version is version('1.25', '<') or docker_py_version is version('2.4.0', '<')
####################################################################
## secrets (uid) ###################################################
####################################################################
- name: secrets (uid int)
docker_swarm_service:
name: "{{ service_name }}"
image: alpine:3.8
resolve_image: no
command: '/bin/sh -v -c "sleep 10m"'
secrets:
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
secret_name: "{{ secret_name_1 }}"
uid: 1000
register: secrets_1
ignore_errors: yes
- name: secrets (uid int idempotency)
docker_swarm_service:
name: "{{ service_name }}"
image: alpine:3.8
resolve_image: no
command: '/bin/sh -v -c "sleep 10m"'
secrets:
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
secret_name: "{{ secret_name_1 }}"
uid: 1000
register: secrets_2
ignore_errors: yes
- name: secrets (uid int change)
docker_swarm_service:
name: "{{ service_name }}"
image: alpine:3.8
resolve_image: no
command: '/bin/sh -v -c "sleep 10m"'
secrets:
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
secret_name: "{{ secret_name_1 }}"
uid: 1002
register: secrets_3
ignore_errors: yes
- name: secrets (uid str)
docker_swarm_service:
name: "{{ service_name }}"
image: alpine:3.8
resolve_image: no
command: '/bin/sh -v -c "sleep 10m"'
secrets:
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
secret_name: "{{ secret_name_1 }}"
uid: "1001"
register: secrets_4
ignore_errors: yes
- name: secrets (uid str idempotency)
docker_swarm_service:
name: "{{ service_name }}"
image: alpine:3.8
resolve_image: no
command: '/bin/sh -v -c "sleep 10m"'
secrets:
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
secret_name: "{{ secret_name_1 }}"
uid: "1001"
register: secrets_5
ignore_errors: yes
- name: cleanup
docker_swarm_service:
name: "{{ service_name }}"
state: absent
diff: no
- assert:
that:
- secrets_1 is changed
- secrets_2 is not changed
- secrets_3 is changed
- secrets_4 is changed
- secrets_5 is not changed
when: docker_api_version is version('1.25', '>=') and docker_py_version is version('2.4.0', '>=')
- assert:
that:
- secrets_1 is failed
- "'Minimum version required' in secrets_1.msg"
when: docker_api_version is version('1.25', '<') or docker_py_version is version('2.4.0', '<')
####################################################################
## secrets (gid) ###################################################
####################################################################
- name: secrets (gid int)
docker_swarm_service:
name: "{{ service_name }}"
image: alpine:3.8
resolve_image: no
command: '/bin/sh -v -c "sleep 10m"'
secrets:
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
secret_name: "{{ secret_name_1 }}"
gid: 1001
register: secrets_1
ignore_errors: yes
- name: secrets (gid int idempotency)
docker_swarm_service:
name: "{{ service_name }}"
image: alpine:3.8
resolve_image: no
command: '/bin/sh -v -c "sleep 10m"'
secrets:
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
secret_name: "{{ secret_name_1 }}"
gid: 1001
register: secrets_2
ignore_errors: yes
- name: secrets (gid int change)
docker_swarm_service:
name: "{{ service_name }}"
image: alpine:3.8
resolve_image: no
command: '/bin/sh -v -c "sleep 10m"'
secrets:
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
secret_name: "{{ secret_name_1 }}"
gid: 1002
register: secrets_3
ignore_errors: yes
- name: secrets (gid str)
docker_swarm_service:
name: "{{ service_name }}"
image: alpine:3.8
resolve_image: no
command: '/bin/sh -v -c "sleep 10m"'
secrets:
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
secret_name: "{{ secret_name_1 }}"
gid: "1003"
register: secrets_4
ignore_errors: yes
- name: secrets (gid str idempotency)
docker_swarm_service:
name: "{{ service_name }}"
image: alpine:3.8
resolve_image: no
command: '/bin/sh -v -c "sleep 10m"'
secrets:
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
secret_name: "{{ secret_name_1 }}"
gid: "1003"
register: secrets_5
ignore_errors: yes
- name: cleanup
docker_swarm_service:
name: "{{ service_name }}"
state: absent
diff: no
- assert:
that:
- secrets_1 is changed
- secrets_2 is not changed
- secrets_3 is changed
- secrets_4 is changed
- secrets_5 is not changed
when: docker_api_version is version('1.25', '>=') and docker_py_version is version('2.4.0', '>=')
- assert:
that:
- secrets_1 is failed
- "'Minimum version required' in secrets_1.msg"
when: docker_api_version is version('1.25', '<') or docker_py_version is version('2.4.0', '<')
####################################################################
## secrets (mode) ##################################################
####################################################################
- name: secrets (mode)
docker_swarm_service:
name: "{{ service_name }}"
image: alpine:3.8
resolve_image: no
command: '/bin/sh -v -c "sleep 10m"'
secrets:
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
secret_name: "{{ secret_name_1 }}"
mode: 0600
register: secrets_1
ignore_errors: yes
- name: secrets (mode idempotency)
docker_swarm_service:
name: "{{ service_name }}"
image: alpine:3.8
resolve_image: no
command: '/bin/sh -v -c "sleep 10m"'
secrets:
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
secret_name: "{{ secret_name_1 }}"
mode: 0600
register: secrets_2
ignore_errors: yes
- name: secrets (mode change)
docker_swarm_service:
name: "{{ service_name }}"
image: alpine:3.8
resolve_image: no
command: '/bin/sh -v -c "sleep 10m"'
secrets:
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
secret_name: "{{ secret_name_1 }}"
mode: 0777
register: secrets_3
ignore_errors: yes
- name: cleanup
docker_swarm_service:
name: "{{ service_name }}"
state: absent
diff: no
- assert:
that:
- secrets_1 is changed
- secrets_2 is not changed
- secrets_3 is changed
when: docker_api_version is version('1.25', '>=') and docker_py_version is version('2.4.0', '>=')
- assert:
that:
- secrets_1 is failed
- "'Minimum version required' in secrets_1.msg"
when: docker_api_version is version('1.25', '<') or docker_py_version is version('2.4.0', '<')
####################################################################
####################################################################
####################################################################
- name: Delete secrets
docker_secret:
name: "{{ secret_name }}"
state: absent
force: yes
loop:
- "{{ secret_name_1 }}"
- "{{ secret_name_2 }}"
loop_control:
loop_var: secret_name
ignore_errors: yes
when: docker_api_version is version('1.25', '>=') and docker_py_version is version('2.1.0', '>=')