ansible/test/integration/targets/docker_secret/tasks/test_secrets.yml

105 lines
2.1 KiB
YAML
Raw Normal View History

2017-07-06 15:22:04 +02:00
- name: Install Python requirements
pip:
state: present
name: "{{ item }}"
with_items:
- docker>=2.1.0
- name: Check if already in swarm
shell: docker node ls 2>&1 | grep 'docker swarm init'
register: output
ignore_errors: yes
- name: Enable swarm mode
command: docker swarm init
when: output.rc == 0
notify: disable_swarm
- name: Parameter name should be required
docker_secret:
state: present
ignore_errors: yes
register: output
- name: assert failure when called with no name
assert:
that:
- 'output.failed'
- 'output.msg == "missing required arguments: name"'
- name: Test parameters
docker_secret:
name: foo
state: present
ignore_errors: yes
register: output
- name: assert failure when called with no data
assert:
that:
- 'output.failed'
- 'output.msg == "state is present but all of the following are missing: data"'
2017-07-06 15:22:04 +02:00
- name: Create secret
docker_secret:
name: db_password
data: opensesame!
state: present
register: output
- name: Create variable secret_id
set_fact:
secret_id: "{{ output.secret_id }}"
- name: Inspect secret
command: "docker secret inspect {{ secret_id }}"
register: inspect
- debug: var=inspect
- name: assert secret creation succeeded
assert:
that:
- "'db_password' in inspect.stdout"
- "'ansible_key' in inspect.stdout"
- name: Create secret again
docker_secret:
name: db_password
data: opensesame!
state: present
register: output
- name: assert create secret is idempotent
assert:
that:
- not output.changed
- name: Update secret
docker_secret:
name: db_password
data: newpassword!
state: present
register: output
- name: assert secret was updated
assert:
that:
- output.changed
- output.secret_id != secret_id
- name: Remove secret
docker_secret:
name: db_password
state: absent
- name: Check that secret is removed
command: "docker secret inspect {{ secret_id }}"
register: output
ignore_errors: yes
- name: assert secret was removed
assert:
that:
- output.failed