ansible/test/integration/targets/azure_rm_keyvault/tasks/main.yml
2019-07-18 06:55:51 +08:00

270 lines
6.3 KiB
YAML

- name: Prepare random number
set_fact:
rpfx: "{{ resource_group | hash('md5') | truncate(7, True, '') }}{{ 1000 | random }}"
tenant_id: "{{ azure_tenant }}"
run_once: yes
- name: lookup service principal object id
set_fact:
object_id: "{{ lookup('azure_service_principal_attribute',
azure_client_id=azure_client_id,
azure_secret=azure_secret,
azure_tenant=tenant_id) }}"
register: object_id
- name: Create instance of Key Vault -- check mode
azure_rm_keyvault:
resource_group: "{{ resource_group }}"
vault_name: "vault{{ rpfx }}"
enabled_for_deployment: yes
vault_tenant: "{{ tenant_id }}"
sku:
name: standard
family: A
access_policies:
- tenant_id: "{{ tenant_id }}"
object_id: "{{ object_id }}"
keys:
- get
- list
- update
- create
- import
- delete
- recover
- backup
- restore
secrets:
- get
- list
- set
- delete
- recover
- backup
- restore
check_mode: yes
register: output
- name: Assert the resource instance is well created
assert:
that:
- output.changed
- name: Create instance of Key Vault
azure_rm_keyvault:
resource_group: "{{ resource_group }}"
vault_name: "vault{{ rpfx }}"
enabled_for_deployment: yes
vault_tenant: "{{ tenant_id }}"
sku:
name: standard
family: A
access_policies:
- tenant_id: "{{ tenant_id }}"
object_id: "{{ object_id }}"
secrets:
- get
- list
- set
- delete
- recover
- backup
- restore
register: output
- name: Assert the resource instance is well created
assert:
that:
- output.changed
- name: Create instance of Key Vault again
azure_rm_keyvault:
resource_group: "{{ resource_group }}"
vault_name: "vault{{ rpfx }}"
enabled_for_deployment: yes
vault_tenant: "{{ tenant_id }}"
sku:
name: standard
family: A
access_policies:
- tenant_id: "{{ tenant_id }}"
object_id: "{{ object_id }}"
secrets:
- get
- list
- set
- delete
- recover
- backup
- restore
register: output
- name: Assert the state has not changed
assert:
that:
- output.changed == false
- name: Update existing Key Vault (add a rule and tags)
azure_rm_keyvault:
resource_group: "{{ resource_group }}"
vault_name: "vault{{ rpfx }}"
enabled_for_deployment: yes
vault_tenant: "{{ tenant_id }}"
sku:
name: standard
family: A
access_policies:
- tenant_id: "{{ tenant_id }}"
object_id: "{{ object_id }}"
keys:
- get
- list
- update
- create
- import
- delete
- recover
- backup
- restore
secrets:
- get
- list
- set
- delete
- recover
- backup
- restore
tags:
aaa: bbb
register: output
- name: Assert the state has changed
assert:
that:
- output.changed == true
- name: Get key vault facts
azure_rm_keyvault_info:
resource_group: "{{ resource_group }}"
name: "vault{{ rpfx }}"
register: facts
- name: Assert the facts are properly set
assert:
that:
- facts['keyvaults'] | length == 1
- facts['keyvaults'][0]['vault_uri'] != None
- facts['keyvaults'][0]['name'] != None
- facts['keyvaults'][0]['access_policies'] != None
- facts['keyvaults'][0]['sku'] != None
- facts['keyvaults'][0]['id'] != None
#
# azure_rm_keyvaultkey tests
#
- name: create a keyvault key
block:
- azure_rm_keyvaultkey:
keyvault_uri: https://vault{{ rpfx }}.vault.azure.net
key_name: testkey
tags:
testing: test
delete: on-exit
register: output
- assert:
that: output.changed
rescue:
- azure_rm_keyvaultkey:
keyvault_uri: https://vault{{ rpfx }}.vault.azure.net
state: absent
key_name: testkey
- name: Get key current version
azure_rm_keyvaultkey_info:
vault_uri: https://vault{{ rpfx }}.vault.azure.net
name: testkey
register: facts
- name: Assert key facts
assert:
that:
- facts['keys'] | length == 1
- facts['keys'][0]['kid']
- facts['keys'][0]['permitted_operations'] | length > 0
- facts['keys'][0]['type']
- facts['keys'][0]['version']
- name: delete a kevyault key
azure_rm_keyvaultkey:
keyvault_uri: https://vault{{ rpfx }}.vault.azure.net
state: absent
key_name: testkey
register: output
- assert:
that: output.changed
#
# azure_rm_keyvaultsecret tests
#
- name: create a keyvault secret
block:
- azure_rm_keyvaultsecret:
keyvault_uri: https://vault{{ rpfx }}.vault.azure.net
secret_name: testsecret
secret_value: 'mysecret'
tags:
testing: test
delete: on-exit
register: output
- assert:
that: output.changed
rescue:
- azure_rm_keyvaultsecret:
keyvault_uri: https://vault{{ rpfx }}.vault.azure.net
state: absent
secret_name: testsecret
- name: delete a keyvault secret
azure_rm_keyvaultsecret:
keyvault_uri: https://vault{{ rpfx }}.vault.azure.net
state: absent
secret_name: testsecret
register: output
- assert:
that: output.changed
#
# azure_rm_keyvault finalize & clean up
#
- name: Delete instance of Key Vault -- check mode
azure_rm_keyvault:
resource_group: "{{ resource_group }}"
vault_name: "vault{{ rpfx }}"
state: absent
check_mode: yes
register: output
- name: Assert the state has changed
assert:
that:
- output.changed
- name: Delete instance of Key Vault
azure_rm_keyvault:
resource_group: "{{ resource_group }}"
vault_name: "vault{{ rpfx }}"
state: absent
register: output
- name: Assert the state has changed
assert:
that:
- output.changed
- name: Delete unexisting instance of Key Vault
azure_rm_keyvault:
resource_group: "{{ resource_group }}"
vault_name: "vault{{ rpfx }}"
state: absent
register: output
- name: Assert the state has changed
assert:
that:
- output.changed == false