-
Notifications
You must be signed in to change notification settings - Fork 155
/
test_secret.yml
193 lines (177 loc) · 5.61 KB
/
test_secret.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
---
- hosts: localhost
gather_facts: no
vars:
namespace: secret
tasks:
- hashivault_secret:
mount_point: '{{namespace}}'
secret: secret_name
state: absent
- hashivault_secret:
mount_point: '{{namespace}}'
secret: name/folder
state: absent
- hashivault_secret:
mount_point: '{{namespace}}'
secret: name_ttls
state: absent
- hashivault_secret:
mount_point: '{{namespace}}'
secret: no_log
state: absent
- name: Write verify it succeeds
hashivault_secret:
secret: secret_name
data:
foo: foe
fie:
- one
- two
- three
register: vault_write
- assert: { that: "{{vault_write.changed}} == True" }
- assert: { that: "'{{vault_write.msg}}' == 'Secret {{namespace}}/secret_name written'" }
- assert: { that: "{{vault_write.rc}} == 0" }
- name: Write again no change
hashivault_secret:
mount_point: '{{namespace}}'
secret: secret_name
data:
foo: foe
fie:
- one
- two
- three
register: vault_write
- assert: { that: "{{vault_write.changed}} == False" }
- assert: { that: "'{{vault_write.msg}}' == 'Secret {{namespace}}/secret_name unchanged'" }
- assert: { that: "{{vault_write.rc}} == 0" }
- name: Write again with change
hashivault_secret:
mount_point: '{{namespace}}'
secret: secret_name
data:
foo: foe
fie:
- one
- two
- four
register: vault_write
- assert: { that: "{{vault_write.changed}} == True" }
- assert: { that: "{{vault_write.rc}} == 0" }
- hashivault_read:
mount_point: '{{namespace}}'
secret: secret_name
version: 2
register: vault_read
- assert: { that: 'vault_read.value == {"fie": ["one", "two", "four"], "foo": "foe"}' }
- assert: { that: "{{vault_read.rc}} == 0" }
- name: Write again with change
hashivault_secret:
state: update
mount_point: '{{namespace}}'
secret: secret_name
data:
foo: future
register: vault_write
- assert: { that: "{{vault_write.changed}} == True" }
- assert: { that: "{{vault_write.rc}} == 0" }
- hashivault_read:
mount_point: '{{namespace}}'
secret: secret_name
version: 2
register: vault_read
- assert: { that: 'vault_read.value == {"fie": ["one", "two", "four"], "foo": "future"}' }
- assert: { that: "{{vault_read.rc}} == 0" }
- name: Write secret in folder
hashivault_secret:
mount_point: '{{namespace}}'
secret: name/folder
data:
height: tall
register: vault_write
- assert: { that: "{{vault_write.changed}} == True" }
- assert: { that: "'{{vault_write.msg}}' == 'Secret {{namespace}}/name/folder written'" }
- assert: { that: "{{vault_write.rc}} == 0" }
- name: Initial ttl values
hashivault_secret:
mount_point: '{{namespace}}'
secret: name_ttls
data:
ttl: 36000s
max_ttl: 480s
register: vault_write
- assert: { that: "{{vault_write.changed}} == True" }
- name: Update minute ttl secret
hashivault_secret:
mount_point: '{{namespace}}'
secret: name_ttls
data:
ttl: 600m
register: vault_write
- assert: { that: "{{vault_write.changed}} == False" }
- name: Update hour ttl secret
hashivault_secret:
mount_point: '{{namespace}}'
secret: name_ttls
data:
ttl: 10h
register: vault_write
- assert: { that: "{{vault_write.changed}} == False" }
- name: Update second ttl secret
hashivault_secret:
mount_point: '{{namespace}}'
secret: name_ttls
data:
ttl: 36000s
register: vault_write
- assert: { that: "{{vault_write.changed}} == False" }
- name: Update second ttl secret no s
hashivault_secret:
mount_point: '{{namespace}}'
secret: name_ttls
data:
ttl: 36000
register: vault_write
- assert: { that: "{{vault_write.changed}} == False" }
- name: Update second ttl secret new value
hashivault_secret:
mount_point: '{{namespace}}'
secret: name_ttls
data:
ttl: 36001s
register: vault_write
- assert: { that: "{{vault_write.changed}} == True" }
- name: Write a secret to mess up no_log
hashivault_secret:
mount_point: '{{namespace}}'
secret: no_log
data:
zero: 0
zero_str: "0"
one: 1
one_str: "1"
false: False
true: True
register: vault_write
- assert: { that: "{{vault_write.changed}} == True" }
- assert: { that: "{{vault_write.rc}} == 0" }
- name: Delete a secret
hashivault_secret:
state: absent
mount_point: '{{namespace}}'
secret: no_log
register: vault_write
- assert: { that: "{{vault_write.changed}} == True" }
- assert: { that: "'{{vault_write.msg}}' == 'Secret {{namespace}}/no_log deleted'" }
- assert: { that: "{{vault_write.rc}} == 0" }
- name: Delete a secret again
hashivault_secret:
state: absent
mount_point: '{{namespace}}'
secret: no_log
register: vault_write
- assert: { that: "{{vault_write.changed}} == False" }
- assert: { that: "'{{vault_write.msg}}' == 'Secret {{namespace}}/no_log nonexistent'" }
- assert: { that: "{{vault_write.rc}} == 0" }