functional/test_secret.yml

---
- hosts: localhost
  gather_facts: no
  vars:
    namespace: secret
  tasks:
    - hashivault_secret:
        mount_point: '{{namespace}}'
        secret: secret_name
        state: absent
    - hashivault_secret:
        mount_point: '{{namespace}}'
        secret: name/folder
        state: absent
    - hashivault_secret:
        mount_point: '{{namespace}}'
        secret: name_ttls
        state: absent
    - hashivault_secret:
        mount_point: '{{namespace}}'
        secret: no_log
        state: absent

    - name: Write verify it succeeds
      hashivault_secret:
        secret: secret_name
        data:
            foo: foe
            fie:
              - one
              - two
              - three
      register: vault_write
    - assert: { that: "{{vault_write.changed}} == True" }
    - assert: { that: "'{{vault_write.msg}}' == 'Secret {{namespace}}/secret_name written'" }
    - assert: { that: "{{vault_write.rc}} == 0" }

    - name: Write again no change
      hashivault_secret:
        mount_point: '{{namespace}}'
        secret: secret_name
        data:
          foo: foe
          fie:
            - one
            - two
            - three
      register: vault_write
    - assert: { that: "{{vault_write.changed}} == False" }
    - assert: { that: "'{{vault_write.msg}}' == 'Secret {{namespace}}/secret_name unchanged'" }
    - assert: { that: "{{vault_write.rc}} == 0" }

    - name: Write again with change
      hashivault_secret:
        mount_point: '{{namespace}}'
        secret: secret_name
        data:
          foo: foe
          fie:
            - one
            - two
            - four
      register: vault_write
    - assert: { that: "{{vault_write.changed}} == True" }
    - assert: { that: "{{vault_write.rc}} == 0" }

    - hashivault_read:
        mount_point: '{{namespace}}'
        secret: secret_name
        version: 2
      register: vault_read
    - assert: { that: 'vault_read.value == {"fie": ["one", "two", "four"], "foo": "foe"}' }
    - assert: { that: "{{vault_read.rc}} == 0" }

    - name: Write again with change
      hashivault_secret:
        state: update
        mount_point: '{{namespace}}'
        secret: secret_name
        data:
          foo: future
      register: vault_write
    - assert: { that: "{{vault_write.changed}} == True" }
    - assert: { that: "{{vault_write.rc}} == 0" }

    - hashivault_read:
        mount_point: '{{namespace}}'
        secret: secret_name
        version: 2
      register: vault_read
    - assert: { that: 'vault_read.value == {"fie": ["one", "two", "four"], "foo": "future"}' }
    - assert: { that: "{{vault_read.rc}} == 0" }

    - name: Write secret in folder
      hashivault_secret:
        mount_point: '{{namespace}}'
        secret: name/folder
        data:
          height: tall
      register: vault_write
    - assert: { that: "{{vault_write.changed}} == True" }
    - assert: { that: "'{{vault_write.msg}}' == 'Secret {{namespace}}/name/folder written'" }
    - assert: { that: "{{vault_write.rc}} == 0" }

    - name: Initial ttl values
      hashivault_secret:
        mount_point: '{{namespace}}'
        secret: name_ttls
        data:
          ttl:     36000s
          max_ttl: 480s
      register: vault_write
    - assert: { that: "{{vault_write.changed}} == True" }

    - name: Update minute ttl secret
      hashivault_secret:
        mount_point: '{{namespace}}'
        secret: name_ttls
        data:
          ttl:      600m
      register: vault_write
    - assert: { that: "{{vault_write.changed}} == False" }

    - name: Update hour ttl secret
      hashivault_secret:
        mount_point: '{{namespace}}'
        secret: name_ttls
        data:
          ttl:      10h
      register: vault_write
    - assert: { that: "{{vault_write.changed}} == False" }

    - name: Update second ttl secret
      hashivault_secret:
        mount_point: '{{namespace}}'
        secret: name_ttls
        data:
          ttl:      36000s
      register: vault_write
    - assert: { that: "{{vault_write.changed}} == False" }

    - name: Update second ttl secret no s
      hashivault_secret:
        mount_point: '{{namespace}}'
        secret: name_ttls
        data:
          ttl:      36000
      register: vault_write
    - assert: { that: "{{vault_write.changed}} == False" }

    - name: Update second ttl secret new value
      hashivault_secret:
        mount_point: '{{namespace}}'
        secret: name_ttls
        data:
          ttl:      36001s
      register: vault_write
    - assert: { that: "{{vault_write.changed}} == True" }

    - name: Write a secret to mess up no_log
      hashivault_secret:
        mount_point: '{{namespace}}'
        secret: no_log
        data:
          zero: 0
          zero_str: "0"
          one: 1
          one_str: "1"
          false: False
          true: True
      register: vault_write
    - assert: { that: "{{vault_write.changed}} == True" }
    - assert: { that: "{{vault_write.rc}} == 0" }

    - name: Delete a secret
      hashivault_secret:
        state: absent
        mount_point: '{{namespace}}'
        secret: no_log
      register: vault_write
    - assert: { that: "{{vault_write.changed}} == True" }
    - assert: { that: "'{{vault_write.msg}}' == 'Secret {{namespace}}/no_log deleted'" }
    - assert: { that: "{{vault_write.rc}} == 0" }

    - name: Delete a secret again
      hashivault_secret:
        state: absent
        mount_point: '{{namespace}}'
        secret: no_log
      register: vault_write
    - assert: { that: "{{vault_write.changed}} == False" }
    - assert: { that: "'{{vault_write.msg}}' == 'Secret {{namespace}}/no_log nonexistent'" }
    - assert: { that: "{{vault_write.rc}} == 0" }