diff options
Diffstat (limited to 'ansible_collections/community/docker/tests')
18 files changed, 281 insertions, 5 deletions
diff --git a/ansible_collections/community/docker/tests/integration/targets/docker_compose_v2/tasks/main.yml b/ansible_collections/community/docker/tests/integration/targets/docker_compose_v2/tasks/main.yml index 8813f0e71..dbb2ece71 100644 --- a/ansible_collections/community/docker/tests/integration/targets/docker_compose_v2/tasks/main.yml +++ b/ansible_collections/community/docker/tests/integration/targets/docker_compose_v2/tasks/main.yml @@ -20,7 +20,8 @@ # Run the tests - block: - - command: docker compose --help + - name: Show docker compose --help output + command: docker compose --help - include_tasks: run-test.yml with_fileglob: diff --git a/ansible_collections/community/docker/tests/integration/targets/docker_compose_v2_pull/tasks/main.yml b/ansible_collections/community/docker/tests/integration/targets/docker_compose_v2_pull/tasks/main.yml index 8813f0e71..d2c8497b1 100644 --- a/ansible_collections/community/docker/tests/integration/targets/docker_compose_v2_pull/tasks/main.yml +++ b/ansible_collections/community/docker/tests/integration/targets/docker_compose_v2_pull/tasks/main.yml @@ -18,9 +18,13 @@ - debug: msg: "Using name prefix {{ name_prefix }}" +- name: Show images + command: docker images --all --digests + # Run the tests - block: - - command: docker compose --help + - name: Show docker compose --help output + command: docker compose --help - include_tasks: run-test.yml with_fileglob: diff --git a/ansible_collections/community/docker/tests/integration/targets/docker_image_build/tasks/test.yml b/ansible_collections/community/docker/tests/integration/targets/docker_image_build/tasks/test.yml index af6e75b22..57130ef1a 100644 --- a/ansible_collections/community/docker/tests/integration/targets/docker_image_build/tasks/test.yml +++ b/ansible_collections/community/docker/tests/integration/targets/docker_image_build/tasks/test.yml @@ -28,12 +28,24 @@ - Dockerfile - EtcHostsDockerfile - MyDockerfile + - SecretsDockerfile - StagedDockerfile - debug: msg: "Has buildx plugin: {{ docker_has_buildx }}" - block: + - name: Determine plugin versions + command: docker info -f '{{ "{{" }}json .ClientInfo.Plugins{{ "}}" }}' + register: plugin_versions + + - name: Determine buildx plugin version + set_fact: + buildx_version: >- + {{ + (plugin_versions.stdout | from_json | selectattr('Name', 'eq', 'buildx') | map(attribute='Version') | first).lstrip('v') + }} + - include_tasks: run-test.yml with_fileglob: - "tests/*.yml" diff --git a/ansible_collections/community/docker/tests/integration/targets/docker_image_build/tasks/tests/options.yml b/ansible_collections/community/docker/tests/integration/targets/docker_image_build/tasks/tests/options.yml index 990035788..5c1211c71 100644 --- a/ansible_collections/community/docker/tests/integration/targets/docker_image_build/tasks/tests/options.yml +++ b/ansible_collections/community/docker/tests/integration/targets/docker_image_build/tasks/tests/options.yml @@ -202,3 +202,88 @@ - labels_1 is changed - labels_1.image.Config.Labels.FOO == 'BAR' - labels_1.image.Config.Labels["this is a label"] == "this is the label's value" + +#################################################################### +## secrets ######################################################### +#################################################################### + +- name: Generate secret + set_fact: + docker_image_build_secret_value: this is my secret {{ '%0x' % ((2**32) | random) }} + +- when: buildx_version is version('0.6.0', '>=') + block: + - name: Build image with secrets via environment variables + docker_image_build: + name: "{{ iname }}" + path: "{{ remote_tmp_dir }}/files" + dockerfile: "SecretsDockerfile" + pull: false + secrets: + - id: my-awesome-secret + type: value + value: '{{ docker_image_build_secret_value }}' + nocache: true # using a cache can result in the output step being CACHED + register: secrets_1 + + - name: cleanup + docker_image_remove: + name: "{{ iname }}" + + - name: Show image information + debug: + var: secrets_1.stderr_lines + + - assert: + that: + - secrets_1 is changed + - (docker_image_build_secret_value | b64encode) in secrets_1.stderr + +#################################################################### +## outputs ######################################################### +#################################################################### + +- name: Make sure the image is not there + docker_image_remove: + name: "{{ iname }}" + +- name: Make sure the image tarball is not there + file: + path: "{{ remote_tmp_dir }}/container.tar" + state: absent + +- name: Build image with outputs + docker_image_build: + name: "{{ iname }}" + path: "{{ remote_tmp_dir }}/files" + dockerfile: "Dockerfile" + pull: false + outputs: + - type: tar + dest: "{{ remote_tmp_dir }}/container.tar" + register: outputs_1 + +- name: cleanup (should not be changed) + docker_image_remove: + name: "{{ iname }}" + register: outputs_1_cleanup + +- name: Gather information on tarball + stat: + path: "{{ remote_tmp_dir }}/container.tar" + register: outputs_1_stat + +- name: Show image information + debug: + var: outputs_1.image + +- name: Show tarball information + debug: + var: outputs_1_stat.stat + +- assert: + that: + - outputs_1 is changed + - outputs_1.image | length == 0 + - outputs_1_cleanup is not changed + - outputs_1_stat.stat.exists diff --git a/ansible_collections/community/docker/tests/integration/targets/docker_image_build/templates/SecretsDockerfile b/ansible_collections/community/docker/tests/integration/targets/docker_image_build/templates/SecretsDockerfile new file mode 100644 index 000000000..31bec8262 --- /dev/null +++ b/ansible_collections/community/docker/tests/integration/targets/docker_image_build/templates/SecretsDockerfile @@ -0,0 +1,7 @@ +# Copyright (c) 2024, Felix Fontein +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +FROM {{ docker_test_image_busybox }} +RUN --mount=type=secret,id=my-awesome-secret \ + cat /run/secrets/my-awesome-secret | base64 diff --git a/ansible_collections/community/docker/tests/integration/targets/docker_prune/tasks/main.yml b/ansible_collections/community/docker/tests/integration/targets/docker_prune/tasks/main.yml index b2160ef0e..8c1309bc4 100644 --- a/ansible_collections/community/docker/tests/integration/targets/docker_prune/tasks/main.yml +++ b/ansible_collections/community/docker/tests/integration/targets/docker_prune/tasks/main.yml @@ -126,6 +126,28 @@ debug: var: result + - name: Prune build cache (API version 1.39+) + when: docker_api_version is version('1.39', '>=') + block: + - name: Prune build cache with option + docker_prune: + builder_cache: true + builder_cache_all: true + builder_cache_filters: + until: 10m + builder_cache_keep_storage: 1MB + register: result + + - name: Show results + debug: + var: result + + - name: Check results + assert: + that: + - "'builder_cache_space_reclaimed' in result" + - "'builder_cache_caches_deleted' in result" + - name: Prune volumes with all filter (API version 1.42+) when: docker_api_version is version('1.42', '>=') block: diff --git a/ansible_collections/community/docker/tests/integration/targets/docker_swarm_service/vars/main.yml b/ansible_collections/community/docker/tests/integration/targets/docker_swarm_service/vars/main.yml index 836ee41c4..bd8c799e2 100644 --- a/ansible_collections/community/docker/tests/integration/targets/docker_swarm_service/vars/main.yml +++ b/ansible_collections/community/docker/tests/integration/targets/docker_swarm_service/vars/main.yml @@ -58,3 +58,4 @@ service_expected_output: user: null working_dir: null init: null + sysctls: null diff --git a/ansible_collections/community/docker/tests/integration/targets/generic_connection_tests/tasks/main.yml b/ansible_collections/community/docker/tests/integration/targets/generic_connection_tests/tasks/main.yml index abbb02956..e43833b8d 100644 --- a/ansible_collections/community/docker/tests/integration/targets/generic_connection_tests/tasks/main.yml +++ b/ansible_collections/community/docker/tests/integration/targets/generic_connection_tests/tasks/main.yml @@ -174,7 +174,8 @@ - (output_direct.host_info | sanitize_host_info) == (output_https.host_info | sanitize_host_info) always: - - command: docker logs {{ daemon_nginx_frontend }} + - name: Obtain logs from the nginx frontend + command: docker logs {{ daemon_nginx_frontend }} register: output ignore_errors: true - debug: diff --git a/ansible_collections/community/docker/tests/integration/targets/setup_docker/tasks/main.yml b/ansible_collections/community/docker/tests/integration/targets/setup_docker/tasks/main.yml index e3d7c413f..54c27e43e 100644 --- a/ansible_collections/community/docker/tests/integration/targets/setup_docker/tasks/main.yml +++ b/ansible_collections/community/docker/tests/integration/targets/setup_docker/tasks/main.yml @@ -91,7 +91,8 @@ - block: # Cleanup docker daemon - - command: 'docker ps --no-trunc --format {% raw %}"{{.Names}}"{% endraw %}' + - name: Show all containers + command: 'docker ps --no-trunc --format {% raw %}"{{.Names}}"{% endraw %}' - name: "Remove all ansible-docker-test-* docker containers" shell: 'docker ps --no-trunc --format {% raw %}"{{.Names}}"{% endraw %} | grep "^ansible-docker-test-" | xargs -r docker rm -f' diff --git a/ansible_collections/community/docker/tests/integration/targets/setup_docker_cli_compose/tasks/main.yml b/ansible_collections/community/docker/tests/integration/targets/setup_docker_cli_compose/tasks/main.yml index 7a971c229..5a58c982c 100644 --- a/ansible_collections/community/docker/tests/integration/targets/setup_docker_cli_compose/tasks/main.yml +++ b/ansible_collections/community/docker/tests/integration/targets/setup_docker_cli_compose/tasks/main.yml @@ -52,7 +52,8 @@ - name: Obtain Docker Compose version when: docker_has_compose block: - - command: + - name: Obtain docker info + command: cmd: docker info --format '{% raw %}{{ json .ClientInfo.Plugins }}{% endraw %}' register: docker_cli_plugins_stdout - set_fact: diff --git a/ansible_collections/community/docker/tests/integration/targets/setup_docker_compose_v1/vars/Alpine.yml b/ansible_collections/community/docker/tests/integration/targets/setup_docker_compose_v1/vars/Alpine.yml index fb03ae738..65f6f4326 100644 --- a/ansible_collections/community/docker/tests/integration/targets/setup_docker_compose_v1/vars/Alpine.yml +++ b/ansible_collections/community/docker/tests/integration/targets/setup_docker_compose_v1/vars/Alpine.yml @@ -9,3 +9,5 @@ docker_compose_pip_packages: - docker-compose # Force PyYAML to 5.3.1 - PyYAML==5.3.1 + # Force requests to < 2.32.0 (https://github.com/docker/docker-py/issues/3256) + - requests<2.32.0 diff --git a/ansible_collections/community/docker/tests/sanity/ignore-2.11.txt b/ansible_collections/community/docker/tests/sanity/ignore-2.11.txt index 2bc38ac22..8dce572fc 100644 --- a/ansible_collections/community/docker/tests/sanity/ignore-2.11.txt +++ b/ansible_collections/community/docker/tests/sanity/ignore-2.11.txt @@ -11,3 +11,4 @@ plugins/modules/docker_compose_v2.py validate-modules:return-syntax-error plugins/modules/docker_compose_v2_pull.py validate-modules:return-syntax-error plugins/modules/docker_container.py import-2.6!skip # Import uses Python 2.7+ syntax plugins/modules/docker_container_copy_into.py validate-modules:undocumented-parameter # _max_file_size_for_diff is used by the action plugin +plugins/modules/docker_image_build.py validate-modules:invalid-documentation diff --git a/ansible_collections/community/docker/tests/sanity/ignore-2.12.txt b/ansible_collections/community/docker/tests/sanity/ignore-2.12.txt index f3c4575fb..a3d961e4d 100644 --- a/ansible_collections/community/docker/tests/sanity/ignore-2.12.txt +++ b/ansible_collections/community/docker/tests/sanity/ignore-2.12.txt @@ -3,3 +3,4 @@ plugins/modules/current_container_facts.py validate-modules:return-syntax-error plugins/modules/docker_compose_v2.py validate-modules:return-syntax-error plugins/modules/docker_compose_v2_pull.py validate-modules:return-syntax-error plugins/modules/docker_container_copy_into.py validate-modules:undocumented-parameter # _max_file_size_for_diff is used by the action plugin +plugins/modules/docker_image_build.py validate-modules:invalid-documentation diff --git a/ansible_collections/community/docker/tests/sanity/ignore-2.13.txt b/ansible_collections/community/docker/tests/sanity/ignore-2.13.txt index c0d5c549c..ef8aab6c4 100644 --- a/ansible_collections/community/docker/tests/sanity/ignore-2.13.txt +++ b/ansible_collections/community/docker/tests/sanity/ignore-2.13.txt @@ -1,3 +1,4 @@ .azure-pipelines/scripts/publish-codecov.py replace-urlopen plugins/modules/docker_compose_v2.py validate-modules:return-syntax-error plugins/modules/docker_container_copy_into.py validate-modules:undocumented-parameter # _max_file_size_for_diff is used by the action plugin +plugins/modules/docker_image_build.py validate-modules:invalid-documentation diff --git a/ansible_collections/community/docker/tests/sanity/ignore-2.14.txt b/ansible_collections/community/docker/tests/sanity/ignore-2.14.txt index 2a06013da..f717d24a7 100644 --- a/ansible_collections/community/docker/tests/sanity/ignore-2.14.txt +++ b/ansible_collections/community/docker/tests/sanity/ignore-2.14.txt @@ -1,2 +1,3 @@ .azure-pipelines/scripts/publish-codecov.py replace-urlopen plugins/modules/docker_container_copy_into.py validate-modules:undocumented-parameter # _max_file_size_for_diff is used by the action plugin +plugins/modules/docker_image_build.py validate-modules:invalid-documentation diff --git a/ansible_collections/community/docker/tests/sanity/ignore-2.15.txt b/ansible_collections/community/docker/tests/sanity/ignore-2.15.txt index 2a06013da..f717d24a7 100644 --- a/ansible_collections/community/docker/tests/sanity/ignore-2.15.txt +++ b/ansible_collections/community/docker/tests/sanity/ignore-2.15.txt @@ -1,2 +1,3 @@ .azure-pipelines/scripts/publish-codecov.py replace-urlopen plugins/modules/docker_container_copy_into.py validate-modules:undocumented-parameter # _max_file_size_for_diff is used by the action plugin +plugins/modules/docker_image_build.py validate-modules:invalid-documentation diff --git a/ansible_collections/community/docker/tests/sanity/ignore-2.16.txt b/ansible_collections/community/docker/tests/sanity/ignore-2.16.txt index 12e0b26f9..b60ad3445 100644 --- a/ansible_collections/community/docker/tests/sanity/ignore-2.16.txt +++ b/ansible_collections/community/docker/tests/sanity/ignore-2.16.txt @@ -1 +1,2 @@ plugins/modules/docker_container_copy_into.py validate-modules:undocumented-parameter # _max_file_size_for_diff is used by the action plugin +plugins/modules/docker_image_build.py validate-modules:invalid-documentation diff --git a/ansible_collections/community/docker/tests/unit/plugins/plugin_utils/test_unsafe.py b/ansible_collections/community/docker/tests/unit/plugins/plugin_utils/test_unsafe.py new file mode 100644 index 000000000..286c51cfe --- /dev/null +++ b/ansible_collections/community/docker/tests/unit/plugins/plugin_utils/test_unsafe.py @@ -0,0 +1,133 @@ +# -*- coding: utf-8 -*- +# Copyright (c) 2024, Felix Fontein <felix@fontein.de> +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +# Make coding more python3-ish +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + + +import pytest + +from ansible.utils.unsafe_proxy import AnsibleUnsafe + +from ansible_collections.community.docker.plugins.plugin_utils.unsafe import ( + make_unsafe, +) + + +TEST_MAKE_UNSAFE = [ + ( + u'text', + [], + [ + (), + ], + ), + ( + u'{{text}}', + [ + (), + ], + [], + ), + ( + b'text', + [], + [ + (), + ], + ), + ( + b'{{text}}', + [ + (), + ], + [], + ), + ( + { + 'skey': 'value', + 'ukey': '{{value}}', + 1: [ + 'value', + '{{value}}', + { + 1.0: '{{value}}', + 2.0: 'value', + }, + ], + }, + [ + ('ukey', ), + (1, 1), + (1, 2, 1.0), + ], + [ + ('skey', ), + (1, 0), + (1, 2, 2.0), + ], + ), + ( + ['value', '{{value}}'], + [ + (1, ), + ], + [ + (0, ), + ], + ), +] + + +@pytest.mark.parametrize("value, check_unsafe_paths, check_safe_paths", TEST_MAKE_UNSAFE) +def test_make_unsafe(value, check_unsafe_paths, check_safe_paths): + unsafe_value = make_unsafe(value) + assert unsafe_value == value + for check_path in check_unsafe_paths: + obj = unsafe_value + for elt in check_path: + obj = obj[elt] + assert isinstance(obj, AnsibleUnsafe) + for check_path in check_safe_paths: + obj = unsafe_value + for elt in check_path: + obj = obj[elt] + assert not isinstance(obj, AnsibleUnsafe) + + +def test_make_unsafe_dict_key(): + value = { + b'test': 1, + u'test': 2, + } + unsafe_value = make_unsafe(value) + assert unsafe_value == value + for obj in unsafe_value: + assert not isinstance(obj, AnsibleUnsafe) + + value = { + b'{{test}}': 1, + u'{{test}}': 2, + } + unsafe_value = make_unsafe(value) + assert unsafe_value == value + for obj in unsafe_value: + assert isinstance(obj, AnsibleUnsafe) + + +def test_make_unsafe_set(): + value = set([b'test', u'test']) + unsafe_value = make_unsafe(value) + assert unsafe_value == value + for obj in unsafe_value: + assert not isinstance(obj, AnsibleUnsafe) + + value = set([b'{{test}}', u'{{test}}']) + unsafe_value = make_unsafe(value) + assert unsafe_value == value + for obj in unsafe_value: + assert isinstance(obj, AnsibleUnsafe) |