|
|
|
---
|
|
|
|
|
|
|
|
- name: Registering container name
|
|
|
|
set_fact:
|
|
|
|
service_name: "{{ name_prefix ~ '-secrets' }}"
|
|
|
|
secret_name_1: "{{ name_prefix ~ '-secret-1' }}"
|
|
|
|
secret_name_2: "{{ name_prefix ~ '-secret-2' }}"
|
|
|
|
|
|
|
|
- name: Registering container name
|
|
|
|
set_fact:
|
|
|
|
secret_names: "{{ secret_names + [secret_name_1, secret_name_2] }}"
|
|
|
|
|
|
|
|
- docker_secret:
|
|
|
|
name: "{{ secret_name_1 }}"
|
|
|
|
data: "secret1"
|
|
|
|
state: "present"
|
|
|
|
register: "secret_result_1"
|
|
|
|
when: docker_api_version is version('1.25', '>=') and docker_py_version is version('2.1.0', '>=')
|
|
|
|
|
|
|
|
- docker_secret:
|
|
|
|
name: "{{ secret_name_2 }}"
|
|
|
|
data: "secret2"
|
|
|
|
state: "present"
|
|
|
|
register: "secret_result_2"
|
|
|
|
when: docker_api_version is version('1.25', '>=') and docker_py_version is version('2.1.0', '>=')
|
|
|
|
|
|
|
|
####################################################################
|
|
|
|
## secrets #########################################################
|
|
|
|
####################################################################
|
|
|
|
|
|
|
|
- name: secrets
|
|
|
|
docker_swarm_service:
|
|
|
|
name: "{{ service_name }}"
|
|
|
|
image: alpine:3.8
|
|
|
|
resolve_image: no
|
|
|
|
command: '/bin/sh -v -c "sleep 10m"'
|
|
|
|
secrets:
|
|
|
|
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
|
|
|
|
secret_name: "{{ secret_name_1 }}"
|
|
|
|
filename: "/run/secrets/{{ secret_name_1 }}.txt"
|
|
|
|
register: secrets_1
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- name: secrets (idempotency)
|
|
|
|
docker_swarm_service:
|
|
|
|
name: "{{ service_name }}"
|
|
|
|
image: alpine:3.8
|
|
|
|
resolve_image: no
|
|
|
|
command: '/bin/sh -v -c "sleep 10m"'
|
|
|
|
secrets:
|
|
|
|
- secret_name: "{{ secret_name_1 }}"
|
|
|
|
filename: "/run/secrets/{{ secret_name_1 }}.txt"
|
|
|
|
register: secrets_2
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- name: secrets (add)
|
|
|
|
docker_swarm_service:
|
|
|
|
name: "{{ service_name }}"
|
|
|
|
image: alpine:3.8
|
|
|
|
resolve_image: no
|
|
|
|
command: '/bin/sh -v -c "sleep 10m"'
|
|
|
|
secrets:
|
|
|
|
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
|
|
|
|
secret_name: "{{ secret_name_1 }}"
|
|
|
|
filename: "/run/secrets/{{ secret_name_1 }}.txt"
|
|
|
|
- secret_name: "{{ secret_name_2 }}"
|
|
|
|
filename: "/run/secrets/{{ secret_name_2 }}.txt"
|
|
|
|
register: secrets_3
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- name: secrets (add idempotency)
|
|
|
|
docker_swarm_service:
|
|
|
|
name: "{{ service_name }}"
|
|
|
|
image: alpine:3.8
|
|
|
|
resolve_image: no
|
|
|
|
command: '/bin/sh -v -c "sleep 10m"'
|
|
|
|
secrets:
|
|
|
|
- secret_name: "{{ secret_name_1 }}"
|
|
|
|
filename: "/run/secrets/{{ secret_name_1 }}.txt"
|
|
|
|
- secret_id: "{{ secret_result_2.secret_id|default('') }}"
|
|
|
|
secret_name: "{{ secret_name_2 }}"
|
|
|
|
filename: "/run/secrets/{{ secret_name_2 }}.txt"
|
|
|
|
register: secrets_4
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- name: secrets (add idempotency no id)
|
|
|
|
docker_swarm_service:
|
|
|
|
name: "{{ service_name }}"
|
|
|
|
image: alpine:3.8
|
|
|
|
resolve_image: no
|
|
|
|
command: '/bin/sh -v -c "sleep 10m"'
|
|
|
|
secrets:
|
|
|
|
- secret_name: "{{ secret_name_1 }}"
|
|
|
|
filename: "/run/secrets/{{ secret_name_1 }}.txt"
|
|
|
|
- secret_name: "{{ secret_name_2 }}"
|
|
|
|
filename: "/run/secrets/{{ secret_name_2 }}.txt"
|
|
|
|
register: secrets_5
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- name: secrets (empty)
|
|
|
|
docker_swarm_service:
|
|
|
|
name: "{{ service_name }}"
|
|
|
|
image: alpine:3.8
|
|
|
|
resolve_image: no
|
|
|
|
command: '/bin/sh -v -c "sleep 10m"'
|
|
|
|
secrets: []
|
|
|
|
register: secrets_6
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- name: secrets (empty idempotency)
|
|
|
|
docker_swarm_service:
|
|
|
|
name: "{{ service_name }}"
|
|
|
|
image: alpine:3.8
|
|
|
|
resolve_image: no
|
|
|
|
command: '/bin/sh -v -c "sleep 10m"'
|
|
|
|
secrets: []
|
|
|
|
register: secrets_7
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- name: cleanup
|
|
|
|
docker_swarm_service:
|
|
|
|
name: "{{ service_name }}"
|
|
|
|
state: absent
|
|
|
|
diff: no
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- secrets_1 is changed
|
|
|
|
- secrets_2 is not changed
|
|
|
|
- secrets_3 is changed
|
|
|
|
- secrets_4 is not changed
|
|
|
|
- secrets_5 is not changed
|
|
|
|
- secrets_6 is changed
|
|
|
|
- secrets_7 is not changed
|
|
|
|
when: docker_api_version is version('1.25', '>=') and docker_py_version is version('2.4.0', '>=')
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- secrets_1 is failed
|
|
|
|
- "'Minimum version required' in secrets_1.msg"
|
|
|
|
when: docker_api_version is version('1.25', '<') or docker_py_version is version('2.4.0', '<')
|
|
|
|
|
|
|
|
####################################################################
|
|
|
|
## secrets (uid) ###################################################
|
|
|
|
####################################################################
|
|
|
|
|
|
|
|
- name: secrets (uid int)
|
|
|
|
docker_swarm_service:
|
|
|
|
name: "{{ service_name }}"
|
|
|
|
image: alpine:3.8
|
|
|
|
resolve_image: no
|
|
|
|
command: '/bin/sh -v -c "sleep 10m"'
|
|
|
|
secrets:
|
|
|
|
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
|
|
|
|
secret_name: "{{ secret_name_1 }}"
|
|
|
|
uid: 1000
|
|
|
|
register: secrets_1
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- name: secrets (uid int idempotency)
|
|
|
|
docker_swarm_service:
|
|
|
|
name: "{{ service_name }}"
|
|
|
|
image: alpine:3.8
|
|
|
|
resolve_image: no
|
|
|
|
command: '/bin/sh -v -c "sleep 10m"'
|
|
|
|
secrets:
|
|
|
|
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
|
|
|
|
secret_name: "{{ secret_name_1 }}"
|
|
|
|
uid: 1000
|
|
|
|
register: secrets_2
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- name: secrets (uid int change)
|
|
|
|
docker_swarm_service:
|
|
|
|
name: "{{ service_name }}"
|
|
|
|
image: alpine:3.8
|
|
|
|
resolve_image: no
|
|
|
|
command: '/bin/sh -v -c "sleep 10m"'
|
|
|
|
secrets:
|
|
|
|
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
|
|
|
|
secret_name: "{{ secret_name_1 }}"
|
|
|
|
uid: 1002
|
|
|
|
register: secrets_3
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- name: secrets (uid str)
|
|
|
|
docker_swarm_service:
|
|
|
|
name: "{{ service_name }}"
|
|
|
|
image: alpine:3.8
|
|
|
|
resolve_image: no
|
|
|
|
command: '/bin/sh -v -c "sleep 10m"'
|
|
|
|
secrets:
|
|
|
|
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
|
|
|
|
secret_name: "{{ secret_name_1 }}"
|
|
|
|
uid: "1001"
|
|
|
|
register: secrets_4
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- name: secrets (uid str idempotency)
|
|
|
|
docker_swarm_service:
|
|
|
|
name: "{{ service_name }}"
|
|
|
|
image: alpine:3.8
|
|
|
|
resolve_image: no
|
|
|
|
command: '/bin/sh -v -c "sleep 10m"'
|
|
|
|
secrets:
|
|
|
|
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
|
|
|
|
secret_name: "{{ secret_name_1 }}"
|
|
|
|
uid: "1001"
|
|
|
|
register: secrets_5
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- name: cleanup
|
|
|
|
docker_swarm_service:
|
|
|
|
name: "{{ service_name }}"
|
|
|
|
state: absent
|
|
|
|
diff: no
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- secrets_1 is changed
|
|
|
|
- secrets_2 is not changed
|
|
|
|
- secrets_3 is changed
|
|
|
|
- secrets_4 is changed
|
|
|
|
- secrets_5 is not changed
|
|
|
|
when: docker_api_version is version('1.25', '>=') and docker_py_version is version('2.4.0', '>=')
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- secrets_1 is failed
|
|
|
|
- "'Minimum version required' in secrets_1.msg"
|
|
|
|
when: docker_api_version is version('1.25', '<') or docker_py_version is version('2.4.0', '<')
|
|
|
|
|
|
|
|
####################################################################
|
|
|
|
## secrets (gid) ###################################################
|
|
|
|
####################################################################
|
|
|
|
|
|
|
|
- name: secrets (gid int)
|
|
|
|
docker_swarm_service:
|
|
|
|
name: "{{ service_name }}"
|
|
|
|
image: alpine:3.8
|
|
|
|
resolve_image: no
|
|
|
|
command: '/bin/sh -v -c "sleep 10m"'
|
|
|
|
secrets:
|
|
|
|
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
|
|
|
|
secret_name: "{{ secret_name_1 }}"
|
|
|
|
gid: 1001
|
|
|
|
register: secrets_1
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- name: secrets (gid int idempotency)
|
|
|
|
docker_swarm_service:
|
|
|
|
name: "{{ service_name }}"
|
|
|
|
image: alpine:3.8
|
|
|
|
resolve_image: no
|
|
|
|
command: '/bin/sh -v -c "sleep 10m"'
|
|
|
|
secrets:
|
|
|
|
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
|
|
|
|
secret_name: "{{ secret_name_1 }}"
|
|
|
|
gid: 1001
|
|
|
|
register: secrets_2
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- name: secrets (gid int change)
|
|
|
|
docker_swarm_service:
|
|
|
|
name: "{{ service_name }}"
|
|
|
|
image: alpine:3.8
|
|
|
|
resolve_image: no
|
|
|
|
command: '/bin/sh -v -c "sleep 10m"'
|
|
|
|
secrets:
|
|
|
|
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
|
|
|
|
secret_name: "{{ secret_name_1 }}"
|
|
|
|
gid: 1002
|
|
|
|
register: secrets_3
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- name: secrets (gid str)
|
|
|
|
docker_swarm_service:
|
|
|
|
name: "{{ service_name }}"
|
|
|
|
image: alpine:3.8
|
|
|
|
resolve_image: no
|
|
|
|
command: '/bin/sh -v -c "sleep 10m"'
|
|
|
|
secrets:
|
|
|
|
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
|
|
|
|
secret_name: "{{ secret_name_1 }}"
|
|
|
|
gid: "1003"
|
|
|
|
register: secrets_4
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- name: secrets (gid str idempotency)
|
|
|
|
docker_swarm_service:
|
|
|
|
name: "{{ service_name }}"
|
|
|
|
image: alpine:3.8
|
|
|
|
resolve_image: no
|
|
|
|
command: '/bin/sh -v -c "sleep 10m"'
|
|
|
|
secrets:
|
|
|
|
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
|
|
|
|
secret_name: "{{ secret_name_1 }}"
|
|
|
|
gid: "1003"
|
|
|
|
register: secrets_5
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- name: cleanup
|
|
|
|
docker_swarm_service:
|
|
|
|
name: "{{ service_name }}"
|
|
|
|
state: absent
|
|
|
|
diff: no
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- secrets_1 is changed
|
|
|
|
- secrets_2 is not changed
|
|
|
|
- secrets_3 is changed
|
|
|
|
- secrets_4 is changed
|
|
|
|
- secrets_5 is not changed
|
|
|
|
when: docker_api_version is version('1.25', '>=') and docker_py_version is version('2.4.0', '>=')
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- secrets_1 is failed
|
|
|
|
- "'Minimum version required' in secrets_1.msg"
|
|
|
|
when: docker_api_version is version('1.25', '<') or docker_py_version is version('2.4.0', '<')
|
|
|
|
|
|
|
|
####################################################################
|
|
|
|
## secrets (mode) ##################################################
|
|
|
|
####################################################################
|
|
|
|
|
|
|
|
- name: secrets (mode)
|
|
|
|
docker_swarm_service:
|
|
|
|
name: "{{ service_name }}"
|
|
|
|
image: alpine:3.8
|
|
|
|
resolve_image: no
|
|
|
|
command: '/bin/sh -v -c "sleep 10m"'
|
|
|
|
secrets:
|
|
|
|
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
|
|
|
|
secret_name: "{{ secret_name_1 }}"
|
|
|
|
mode: 0600
|
|
|
|
register: secrets_1
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- name: secrets (mode idempotency)
|
|
|
|
docker_swarm_service:
|
|
|
|
name: "{{ service_name }}"
|
|
|
|
image: alpine:3.8
|
|
|
|
resolve_image: no
|
|
|
|
command: '/bin/sh -v -c "sleep 10m"'
|
|
|
|
secrets:
|
|
|
|
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
|
|
|
|
secret_name: "{{ secret_name_1 }}"
|
|
|
|
mode: 0600
|
|
|
|
register: secrets_2
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- name: secrets (mode change)
|
|
|
|
docker_swarm_service:
|
|
|
|
name: "{{ service_name }}"
|
|
|
|
image: alpine:3.8
|
|
|
|
resolve_image: no
|
|
|
|
command: '/bin/sh -v -c "sleep 10m"'
|
|
|
|
secrets:
|
|
|
|
- secret_id: "{{ secret_result_1.secret_id|default('') }}"
|
|
|
|
secret_name: "{{ secret_name_1 }}"
|
|
|
|
mode: 0777
|
|
|
|
register: secrets_3
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- name: cleanup
|
|
|
|
docker_swarm_service:
|
|
|
|
name: "{{ service_name }}"
|
|
|
|
state: absent
|
|
|
|
diff: no
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- secrets_1 is changed
|
|
|
|
- secrets_2 is not changed
|
|
|
|
- secrets_3 is changed
|
|
|
|
when: docker_api_version is version('1.25', '>=') and docker_py_version is version('2.4.0', '>=')
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- secrets_1 is failed
|
|
|
|
- "'Minimum version required' in secrets_1.msg"
|
|
|
|
when: docker_api_version is version('1.25', '<') or docker_py_version is version('2.4.0', '<')
|
|
|
|
|
|
|
|
####################################################################
|
|
|
|
####################################################################
|
|
|
|
####################################################################
|
|
|
|
|
|
|
|
- name: Delete secrets
|
|
|
|
docker_secret:
|
|
|
|
name: "{{ secret_name }}"
|
|
|
|
state: absent
|
|
|
|
force: yes
|
|
|
|
loop:
|
|
|
|
- "{{ secret_name_1 }}"
|
|
|
|
- "{{ secret_name_2 }}"
|
|
|
|
loop_control:
|
|
|
|
loop_var: secret_name
|
|
|
|
ignore_errors: yes
|
|
|
|
when: docker_api_version is version('1.25', '>=') and docker_py_version is version('2.1.0', '>=')
|