diff options
Diffstat (limited to '')
28 files changed, 1433 insertions, 39 deletions
diff --git a/ansible_collections/containers/podman/tests/integration/targets/connection_podman/test_connection.inventory b/ansible_collections/containers/podman/tests/integration/targets/connection_podman/test_connection.inventory index c64c399f6..31bce66bd 100644 --- a/ansible_collections/containers/podman/tests/integration/targets/connection_podman/test_connection.inventory +++ b/ansible_collections/containers/podman/tests/integration/targets/connection_podman/test_connection.inventory @@ -3,8 +3,8 @@ podman-container [podman:vars] # 1. install podman # 2. create container: -# podman pull python:3-alpine -# podman run -d --name podman-container python:3-alpine sleep 999999 +# podman pull python:3.10-alpine +# podman run -d --name podman-container python:3.10-alpine sleep 999999 # 3. run test: # ./bin/ansible-test integration connection_podman # 6. remove container diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_container/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_container/tasks/main.yml index 3a66f6a82..a6fd44083 100644 --- a/ansible_collections/containers/podman/tests/integration/targets/podman_container/tasks/main.yml +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_container/tasks/main.yml @@ -1,5 +1,20 @@ - name: Test podman_container block: + + - name: Discover podman version + shell: podman version | grep "^Version:" | awk {'print $2'} + register: podman_v + + - name: Set podman version to 3 + set_fact: + podman_version: 3 + when: podman_v.stdout is version('4.0.0', 'lt') + + - name: Set podman version to 4 + set_fact: + podman_version: 4 + when: podman_v.stdout is version('4.0.0', '>=') + - name: Delete all container leftovers from tests containers.podman.podman_container: executable: "{{ test_executable | default('podman') }}" @@ -220,6 +235,26 @@ fail_msg: "Creating stopped container test failed!" success_msg: "Creating stopped container test passed!" + - name: Force recreate stopped container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + image: alpine:3.7 + state: started + command: sleep 1d + recreate: true + register: recreate_stopped + + - name: Check output is correct + assert: + that: + - recreate_stopped is changed + - recreate_stopped.container is defined + - recreate_stopped.container['State']['Running']|bool + - "'recreated container' in recreate_stopped.actions" + fail_msg: Force recreate stopped test failed! + success_msg: Force recreate stopped test passed! + - name: Delete created container containers.podman.podman_container: executable: "{{ test_executable | default('podman') }}" @@ -348,6 +383,48 @@ fail_msg: Deleting started container test failed! success_msg: Deleting started container test passed! + - name: Create container with security_opt + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + image: docker.io/alpine:3.7 + state: started + command: sleep 1d + security_opt: + - label=level:s0 + - label=type:spc_t + - label=filetype:container_share_t + - seccomp=unconfined + + - name: Recreate container with same security_opt flags + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + image: docker.io/alpine:3.7 + state: started + command: sleep 1d + security_opt: + - label=level:s0 + - label=type:spc_t + - label=filetype:container_share_t + - seccomp=unconfined + register: recreate_security_opt + + - name: Check if output is correct + assert: + that: + - recreate_security_opt is not changed + - recreate_security_opt.container is defined + - recreate_security_opt.container != {} + - recreate_security_opt.container['State']['Running'] + - "'recreated container' not in recreate_security_opt.actions" + + - name: Remove container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + state: absent + - name: Recreate container with parameters containers.podman.podman_container: executable: "{{ test_executable | default('podman') }}" @@ -533,7 +610,7 @@ - name: Check podman_actions assert: that: - - "'podman rm -f testidem' in remove.podman_actions" + - "'podman rm --force testidem' in remove.podman_actions" # - name: Create a pod # shell: podman pod create --name testidempod @@ -580,7 +657,7 @@ - idem4.podman_systemd.keys() | list | length > 0 - idem4.podman_systemd.values() | list | length > 0 - - name: Run container with systemd generation parameters + - name: Run container with systemd generation parameters v4 containers.podman.podman_container: executable: "{{ test_executable | default('podman') }}" name: container1 @@ -590,30 +667,65 @@ generate_systemd: path: /tmp/ restart_policy: always + no_header: true + names: true + pod_prefix: whocares + separator: zzzz + container_prefix: contain + restart_sec: 10 + start_timeout: 20 + stop_timeout: 15 + register: system14 + when: podman_version == 4 + + - name: Run container with systemd generation parameters v3 + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container1 + image: alpine + state: started + command: sleep 20m + generate_systemd: + path: /tmp/ time: 120 + restart_policy: always no_header: true names: true pod_prefix: whocares separator: zzzz container_prefix: contain - register: system1 + register: system13 + when: podman_version == 3 - name: Check service file presents stat: path: /tmp/containzzzzcontainer1.service register: service_file - - name: Check that container has correct systemd output + - name: Check that container has correct systemd output v4 + assert: + that: + - system14.podman_systemd.keys() | list | first == 'containzzzzcontainer1' + - system14.podman_systemd.values() | list | length > 0 + - service_file.stat.exists | bool + - "'Restart=always' in system14.podman_systemd.values() | list | first" + - "'autogenerated by Podman' not in system14.podman_systemd.values() | list | first" + - "'RestartSec=10' in system14.podman_systemd.values() | list | first" + - "'TimeoutStartSec=20' in system14.podman_systemd.values() | list | first" + when: podman_version == 4 + + - name: Check that container has correct systemd output v3 assert: that: - - system1.podman_systemd.keys() | list | first == 'containzzzzcontainer1' - - system1.podman_systemd.values() | list | length > 0 + - system13.podman_systemd.keys() | list | first == 'containzzzzcontainer1' + - system13.podman_systemd.values() | list | length > 0 - service_file.stat.exists | bool - - "'-t 120 container1' in system1.podman_systemd.values() | list | first" - - "'Restart=always' in system1.podman_systemd.values() | list | first" - - "'autogenerated by Podman' not in system1.podman_systemd.values() | list | first" + - "'Restart=always' in system13.podman_systemd.values() | list | first" + - "'autogenerated by Podman' not in system13.podman_systemd.values() | list | first" + - "'-t 120 ' in system13.podman_systemd.values() | list | first" + when: podman_version == 3 - - name: Delete container with systemd generation parameters + - name: Delete container with systemd generation parameters v3 containers.podman.podman_container: executable: "{{ test_executable | default('podman') }}" name: container1 @@ -622,14 +734,36 @@ command: sleep 20m generate_systemd: path: /tmp/ - restart_policy: always time: 120 + restart_policy: always no_header: true names: true pod_prefix: whocares separator: zzzz container_prefix: contain register: system1 + when: podman_version == 3 + + - name: Delete container with systemd generation parameters v4 + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container1 + image: alpine + state: absent + command: sleep 20m + generate_systemd: + path: /tmp/ + restart_policy: always + no_header: true + names: true + pod_prefix: whocares + separator: zzzz + container_prefix: contain + restart_sec: 10 + start_timeout: 20 + stop_timeout: 15 + register: system1 + when: podman_version == 4 - name: Check service file doesn't present stat: @@ -641,6 +775,71 @@ that: - not service2_file.stat.exists | bool + - name: Create environment variables files + copy: + dest: /tmp/envfile + content: | + FOO=bar + BAR=foo + TEST=1 + BOOL=false + + - name: Create another environment variables files + copy: + dest: /tmp/envfile2 + content: | + TESTVAR=qwerty + + - name: Create container with environment variables file + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container1 + image: alpine + state: started + command: + - sh + - -c + - echo $BAR + attach: + - stdout + - stderr + env_file: /tmp/envfile + register: envfile + + - name: Check output is correct for env file + assert: + that: + - envfile.stdout == "foo\n" + + - name: Create container with multiple environment variables files + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container1 + image: alpine + state: started + command: + - sh + - -c + - echo $TESTVAR + attach: + - stdout + - stderr + env_file: + - /tmp/envfile + - /tmp/envfile2 + register: envfile2 + + - name: Check output is correct for multiple env files + assert: + that: + - envfile2.stdout == "qwerty\n" + + - name: Delete container with environment variables file + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container1 + state: absent + - name: Create temporary rootfs directory ansible.builtin.tempfile: state: directory @@ -700,7 +899,7 @@ - image.container is defined - image.container['State']['Running'] - image.container['Image'] == "" - - image.container['Rootfs'] == "{{ container_tempdir.path }}" + - image.container['Rootfs'] == container_tempdir.path - "'started container3' in image.actions" fail_msg: Rootfs container test failed! success_msg: Rootfs container test passed! @@ -762,11 +961,120 @@ - image.container is defined - image.container['State']['Running'] - image.container['Image'] == "" - - image.container['Rootfs'] == "{{ container_tempdir.path }}" + - image.container['Rootfs'] == container_tempdir.path - "'recreated container3' in image.actions" fail_msg: Rootfs container test failed! success_msg: Rootfs container test passed! + - name: Run started container with attaching + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container1 + image: alpine:3.7 + state: started + command: ls /nonexists + attach: + - stdout + - stderr + register: attach + ignore_errors: true + + - name: Check output is correct for started container with attaching + assert: + that: + - attach is failed + - "'No such file or directory' in attach.stderr" + + - name: Delete container with attaching + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container1 + state: absent + + - name: Create container with attaching in created state + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container1 + image: alpine:3.7 + state: created + command: ls /nonexists + attach: + - stdout + - stderr + + - name: Start container with attaching from created state + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container1 + state: started + attach: + - stdout + - stderr + register: attach2 + ignore_errors: true + + - name: Check output is correct for started container with attaching from created state + assert: + that: + - attach2 is failed + - "'No such file or directory' in attach2.stderr" + + - name: Delete container with attaching from created state + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container1 + state: absent + + - name: Create container without attaching in created state + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container1 + image: alpine:3.7 + state: created + command: ls /nonexists + + - name: Start container without attaching from created state + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container1 + state: started + register: attach21 + + - name: Check output is correct for container without attaching from created state + assert: + that: + - attach21 is success + + - name: Delete container without attaching from created state + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container1 + state: absent + + - name: Create container with detach False + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container1 + image: alpine:3.7 + state: created + command: ls /nonexists + detach: false + + - name: Start container with detach False + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container1 + state: started + detach: false + register: attach3 + ignore_errors: true + + - name: Check output is correct for started container with detach False + assert: + that: + - attach3 is failed + - "'No such file or directory' in attach3.stderr" + always: - name: Remove container diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_container_exec/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_container_exec/tasks/main.yml new file mode 100644 index 000000000..2d2874325 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_container_exec/tasks/main.yml @@ -0,0 +1,67 @@ +- name: Test podman_container_exec + block: + - name: Generate random value for container name + set_fact: + container_name: "{{ 'ansible-test-podman-%0x' % ((2**32) | random) }}" + + - name: Make sure container doesn't exist + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: "{{ container_name }}" + state: absent + + - name: Test exec when the container doesn't exist + containers.podman.podman_container_exec: + name: "{{ container_name }}" + command: "cat /etc/redhat-release" + ignore_errors: true + register: no_container + + - name: Create and start a container for testing + containers.podman.podman_container: + name: "{{ container_name }}" + image: registry.access.redhat.com/ubi8 + command: sleep 1d + state: started + + - name: Test exec with command and workdir options + containers.podman.podman_container_exec: + name: "{{ container_name }}" + command: "cat redhat-release" + workdir: /etc + register: exec1 + + - name: Test exec with argv and env options + containers.podman.podman_container_exec: + name: "{{ container_name }}" + argv: + - /bin/sh + - -c + - echo $HELLO $BYE + env: + HELLO: hello world + BYE: goodbye world + register: exec2 + + - name: Test exec with detach option + containers.podman.podman_container_exec: + name: "{{ container_name }}" + command: "cat redhat-release" + detach: true + register: exec3 + + - name: Check if the result is as expected + assert: + that: + - no_container is failed + - "'Red Hat Enterprise Linux' in exec1.stdout" + - "'hello world' in exec2.stdout" + - "'goodbye world' in exec2.stdout" + - exec3.exec_id is defined + + always: + - name: Cleanup + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: "{{ container_name }}" + state: absent diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_all.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_all.yml index 48247d71f..023878349 100644 --- a/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_all.yml +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_all.yml @@ -332,6 +332,63 @@ assert: that: test25 is changed +- name: Run container for linking with PID + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: present + register: test26 + +- name: Check info with PID + assert: + that: test26 is not changed + +- name: Run second container for linking with PID + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency2 + state: present + pid: "container:idempotency" + register: test27 + +- name: Check info of second container with PID + assert: + that: test27 is changed + +- name: Run second container for linking with PID + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency2 + state: present + pid: "container:idempotency" + register: test28 + +- name: Check info of second container with PID again + assert: + that: test28 is not changed + +- name: Run second container for linking with PID with container ID + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency2 + state: present + pid: "container:{{ test26.container.Id }}" + register: test29 + +- name: Check info of second container with PID of container ID again + assert: + that: test29 is not changed + +- name: Remove dependent test container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: idempotency2 + state: absent + - name: Remove test container containers.podman.podman_container: executable: "{{ test_executable | default('podman') }}" diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_ports.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_ports.yml index 54a667c86..81b7baf06 100644 --- a/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_ports.yml +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_ports.yml @@ -40,6 +40,7 @@ - "127.0.0.1:43423:8872" - "127.0.0.2:43423:8872/tcp" - "127.0.0.3:43423:8872" + - "0.0.0.0:15674:7846" register: test2 - name: check test2 @@ -63,6 +64,7 @@ - "127.0.0.1:43423:8872" - "127.0.0.2:43423:8872/tcp" - "127.0.0.3:43423:8872" + - "0.0.0.0:15674:7846" register: test3 - name: check test3 diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_systemd.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_systemd.yml new file mode 100644 index 000000000..86e8097db --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/idem_systemd.yml @@ -0,0 +1,133 @@ +# Systemd generation +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: idempotency + state: absent + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: started + command: 1h + generate_systemd: + path: /tmp/ + restart_policy: always + no_header: true + names: true + pod_prefix: whocares + separator: zzzz + container_prefix: contain + restart_sec: 10 + start_timeout: 20 + stop_timeout: 15 + register: system0 + +- name: Check if the result is changed + assert: + that: + - system0 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: started + command: 1h + generate_systemd: + path: /tmp/ + restart_policy: always + no_header: true + names: true + pod_prefix: whocares + separator: zzzz + container_prefix: contain + restart_sec: 10 + start_timeout: 20 + stop_timeout: 15 + register: system1 + +- name: Check if the result is not changed + assert: + that: + - system1 is not changed + +- name: Remove the systemd unit file + ansible.builtin.file: + path: /tmp/containzzzzidempotency.service + state: absent + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: started + command: 1h + generate_systemd: + path: /tmp/ + restart_policy: always + no_header: true + names: true + pod_prefix: whocares + separator: zzzz + container_prefix: contain + restart_sec: 10 + start_timeout: 20 + stop_timeout: 15 + register: system2 + +- name: Check if the result is changed + assert: + that: + - system2 is changed + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: started + command: 1h + generate_systemd: + path: /tmp/ + restart_policy: always + no_header: true + names: true + pod_prefix: whocares + separator: zzzz + container_prefix: contain + restart_sec: 10 + start_timeout: 20 + stop_timeout: 15 + register: system3 + +- name: Check if the result is not changed + assert: + that: + - system3 is not changed + +- name: Add string to change the systemd unit file + ansible.builtin.shell: echo 'test=onetwo' >> /tmp/containzzzzidempotency.service + +- containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + image: "{{ idem_image }}" + name: idempotency + state: started + command: 1h + generate_systemd: + path: /tmp/ + restart_policy: always + no_header: true + names: true + pod_prefix: whocares + separator: zzzz + container_prefix: contain + restart_sec: 10 + start_timeout: 20 + stop_timeout: 15 + register: system4 + +- name: Check if the result is changed + assert: + that: + - system4 is changed diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/main.yml index 0b538ad85..3d3654aea 100644 --- a/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/main.yml +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_container_idempotency/tasks/main.yml @@ -23,6 +23,9 @@ - name: Test idempotency of containers in pods include_tasks: idem_pods.yml +- name: Test idempotency of systemd generation + include_tasks: idem_systemd.yml + - name: Test idempotency of other settings include_tasks: idem_all.yml diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_containers/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_containers/tasks/main.yml index 69c94b313..9eabd500c 100644 --- a/ansible_collections/containers/podman/tests/integration/targets/podman_containers/tasks/main.yml +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_containers/tasks/main.yml @@ -612,7 +612,7 @@ - name: Check podman_actions assert: that: - - "'podman rm -f testidem' in remove.podman_actions" + - "'podman rm --force testidem' in remove.podman_actions" - name: Create a pod containers.podman.podman_pod: diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_export/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_export/tasks/main.yml index 70f8d3852..39ac61faa 100644 --- a/ansible_collections/containers/podman/tests/integration/targets/podman_export/tasks/main.yml +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_export/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: Test podman export +- name: Test podman container export block: - name: Start container containers.podman.podman_container: @@ -69,3 +69,83 @@ executable: "{{ test_executable | default('podman') }}" name: container state: absent + +- name: Test podman volume export + block: + - name: Start container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + image: alpine:3.7 + state: started + volume: + - "volume:/test" + command: sleep 1d + + - name: Export volume + containers.podman.podman_export: + executable: "{{ test_executable | default('podman') }}" + volume: volume + dest: /tmp/volume + + - name: Check file + stat: + path: /tmp/volume + register: vlm + + - name: Check it's exported + assert: + that: + - vlm.stat.exists + + - name: Import volume + containers.podman.podman_import: + executable: "{{ test_executable | default('podman') }}" + src: /tmp/volume + volume: "volume" + register: volume + + - name: Check it's imported + assert: + that: + - volume is success + + - name: Export volume without force + containers.podman.podman_export: + executable: "{{ test_executable | default('podman') }}" + volume: volume + dest: /tmp/volume + force: false + register: volume2 + + - name: Check it's exported + assert: + that: + - volume2 is success + - volume2 is not changed + + - name: Export volume with force + containers.podman.podman_export: + executable: "{{ test_executable | default('podman') }}" + volume: volume + dest: /tmp/volume + force: true + register: volume3 + + - name: Check it's not exported + assert: + that: + - volume3 is changed + + always: + - name: Remove container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + state: absent + + - name: Remove volume + containers.podman.podman_volume: + executable: "{{ test_executable | default('podman') }}" + name: test_volume + state: absent diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_generate_systemd/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_generate_systemd/tasks/main.yml index 6b0d18cb2..1e48a11dc 100644 --- a/ansible_collections/containers/podman/tests/integration/targets/podman_generate_systemd/tasks/main.yml +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_generate_systemd/tasks/main.yml @@ -39,6 +39,48 @@ path: "/tmp/podman_generate_systemd/{{ item.key }}.service" loop: "{{ postgres_local_systemd_unit.systemd_units | dict2items }}" +- name: Try to create a systemd unit file on the same path + containers.podman.podman_generate_systemd: + name: postgres_local + dest: /tmp/podman_generate_systemd + register: generate1 + +- name: Check the unit files exists + ansible.builtin.stat: + path: "/tmp/podman_generate_systemd/{{ item.key }}.service" + loop: "{{ generate1.systemd_units | dict2items }}" + register: unitfile1 + +- name: Get checksum value + set_fact: + checksum1: "{{ item.stat.checksum }}" + with_items: "{{ unitfile1.results }}" + +- name: Force to create a systemd unit file on the same path + containers.podman.podman_generate_systemd: + name: postgres_local + dest: /tmp/podman_generate_systemd + force: true + register: generate2 + +- name: Check the unit files exists again + ansible.builtin.stat: + path: "/tmp/podman_generate_systemd/{{ item.key }}.service" + loop: "{{ generate2.systemd_units | dict2items }}" + register: unitfile2 + +- name: Get checksum value again + set_fact: + checksum2: "{{ item.stat.checksum }}" + with_items: "{{ unitfile2.results }}" + +- name: Check if the systemd unit files are as expected + assert: + that: + - generate1 is not changed + - generate2 is changed + - checksum1 != checksum2 + - name: Regenerate the systemd units with all the options containers.podman.podman_generate_systemd: name: postgres_local diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_image/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_image/tasks/main.yml index 645d0a033..0db4c050c 100644 --- a/ansible_collections/containers/podman/tests/integration/targets/podman_image/tasks/main.yml +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_image/tasks/main.yml @@ -1,5 +1,18 @@ - name: Test podman_image block: + - name: List all images on host before test + containers.podman.podman_image_info: + + - name: Remove images for test + containers.podman.podman_image: + name: "{{ item }}" + state: absent + loop: + - quay.io/coreos/alpine-sh + - docker.io/alpine + - docker.io/library/ubuntu + - docker.io/library/alpine + - name: Pull image containers.podman.podman_image: executable: "{{ test_executable | default('podman') }}" @@ -47,7 +60,7 @@ - pull1.podman_actions is defined - pull2 is not changed - pull3 is changed - - pull4 is changed + - pull4 is not changed - pull5 is not changed - pull6 is changed - "'alpine-sh' in images.stdout" @@ -83,14 +96,14 @@ state: absent register: rmi3 - - name: Try to remove docker.io image using short url + - name: Remove docker.io image using short url containers.podman.podman_image: executable: "{{ test_executable | default('podman') }}" name: docker.io/alpine state: absent register: rmi4 - - name: Remove docker.io image using normalised url + - name: Try to remove docker.io image using normalised url containers.podman.podman_image: executable: "{{ test_executable | default('podman') }}" name: docker.io/library/alpine @@ -121,8 +134,8 @@ - rmi1 is changed - rmi2 is not changed - rmi3 is changed - - rmi4 is not changed - - rmi5 is changed + - rmi4 is changed + - rmi5 is not changed - rmi6 is changed - "'alpine-sh' not in images.stdout" - "'library/ubuntu' not in images.stdout" diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_image_info/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_image_info/tasks/main.yml index 105ffcd1f..adbd49478 100644 --- a/ansible_collections/containers/podman/tests/integration/targets/podman_image_info/tasks/main.yml +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_image_info/tasks/main.yml @@ -39,7 +39,7 @@ containers.podman.podman_image_info: executable: "{{ test_executable | default('podman') }}" name: nope - register: single_nonexistant + register: single_nonexistent - name: Get info on multiple images that do not exist containers.podman.podman_image_info: @@ -47,7 +47,7 @@ name: - nope - reallynope - register: multiple_nonexistant + register: multiple_nonexistent - name: Get info with one image that does not exist containers.podman.podman_image_info: @@ -56,11 +56,11 @@ - dnsmasq - nope - etcd - register: mixed_nonexistant + register: mixed_nonexistent - - name: Ensure image info was returned when non-existant image info was requisted + - name: Ensure image info was returned when non-existent image info was requisted assert: that: - - single_nonexistant.images | length == 0 - - multiple_nonexistant.images | length == 0 - - mixed_nonexistant.images | length == 2 + - single_nonexistent.images | length == 0 + - multiple_nonexistent.images | length == 0 + - mixed_nonexistent.images | length == 2 diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_import/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_import/tasks/main.yml index db8254e87..9ec11339d 100644 --- a/ansible_collections/containers/podman/tests/integration/targets/podman_import/tasks/main.yml +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_import/tasks/main.yml @@ -64,9 +64,86 @@ - test2.image.User == 'someuser' - test2.image["Config"]["Cmd"][2] == "/bin/nonsh" +- name: Test podman volume import + block: + - name: Start container + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + image: alpine:3.7 + state: started + volume: + - "volume:/test" + command: touch /test/test_file + + - name: Export volume + containers.podman.podman_export: + executable: "{{ test_executable | default('podman') }}" + volume: volume + dest: /tmp/volume + + - name: Check file + stat: + path: /tmp/volume + register: vlm + + - name: Check it's exported + assert: + that: + - vlm.stat.exists + + - name: delete container + containers.podman.podman_container: + state: absent + name: container + + - name: delete volume + containers.podman.podman_volume: + state: absent + name: volume + + # podman needs a volume to exist before import + - name: creating volume before importing + containers.podman.podman_volume: + name: volume + state: present + + - name: Import volume + containers.podman.podman_import: + executable: "{{ test_executable | default('podman') }}" + src: /tmp/volume + volume: "volume" + register: volume + + - name: Check it's imported + assert: + that: + - volume is success + + - name: Check file is there + containers.podman.podman_container: + executable: "{{ test_executable | default('podman') }}" + name: container + image: alpine:3.7 + state: started + volume: + - "volume:/test" + command: ls /test/test_file + register: ls + + - name: Check it's imported + assert: + that: + - ls is success + always: - name: Remove container containers.podman.podman_container: executable: "{{ test_executable | default('podman') }}" name: container state: absent + - name: Remove volume + containers.podman.podman_volume: + executable: "{{ test_executable | default('podman') }}" + name: volume + state: absent diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/Containerfile b/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/Containerfile new file mode 100644 index 000000000..2530caed7 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/Containerfile @@ -0,0 +1,3 @@ +FROM ubi8-init +RUN dnf -y install httpd; dnf -y clean all +RUN systemctl enable httpd.service
\ No newline at end of file diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/kube-buil-test.yaml b/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/kube-buil-test.yaml new file mode 100644 index 000000000..3ccd0ca88 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/kube-buil-test.yaml @@ -0,0 +1,21 @@ +# Save the output of this file and use kubectl create -f to import +# it into Kubernetes. +# +# Created with podman-4.4.1 +apiVersion: v1 +kind: Pod +metadata: + annotations: + org.opencontainers.image.base.digest/buil-test: sha256:e08f47885d5794a7d8b6404e9db9b0c0a9fc6c633da3c3af0c355299 + org.opencontainers.image.base.name/buil-test: registry.redhat.io/ubi8-init:latest + creationTimestamp: "2023-09-28T01:12:34Z" + labels: + app: buil-test-pod + name: buil-test-pod +spec: + containers: + - image: localhost/build-test:latest + name: buil-test + ports: + - containerPort: 80 + hostPort: 8080 diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/play-pod.yaml b/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/play-pod.yaml new file mode 100644 index 000000000..e238bcc79 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/files/play-pod.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Pod +metadata: + name: web-deploy + labels: + app: webapp +spec: + containers: + - name: alpinex + image: alpine + command: ['sleep', '1d'] + - name: alpiney + image: alpine + command: ['sleep', '1d']
\ No newline at end of file diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/main.yml index 30f53fa5f..ae9d8572b 100644 --- a/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/main.yml +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/main.yml @@ -128,3 +128,21 @@ args: apply: become: true + +- name: Test play kube with on-demand image build + include_tasks: play-with-build.yml + vars: + ansible_python_interpreter: "/usr/bin/python" + +- name: Test play kube options + include_tasks: play-with-options.yml + vars: + ansible_python_interpreter: "/usr/bin/python" + target_pod: web-deploy + target_container: web-deploy-alpinex + log_opt: + path: /tmp/mycontainer.json + size: 10mb + userns: host + kube_dir: /tmp + kube_file: play-pod.yaml
\ No newline at end of file diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/play-with-build.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/play-with-build.yml new file mode 100644 index 000000000..e7601f531 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/play-with-build.yml @@ -0,0 +1,51 @@ +--- +- name: Test play kube with on-demand image build + vars: + image_name: build-test + build_context_dir: /tmp/contextdir + kube_dir: /tmp + success_msg: "Successfully tagged localhost/{{ image_name }}:latest" + block: + + - name: Make sure that {{ image_name }} image is absent + containers.podman.podman_image: + name: "{{ image_name }}" + state: absent + + - name: Copy files to known place + copy: + src: kube-buil-test.yaml + dest: "{{ kube_dir }}/kube-buil-test.yaml" + remote_src: false + + - name: Create context dir for build + file: + path: "{{ build_context_dir }}/{{ image_name }}" + state: directory + + - name: Copy Containerfile for build + copy: + src: Containerfile + dest: "{{ build_context_dir }}/{{ image_name }}/Containerfile" + remote_src: false + + - name: Play kube file with image build + containers.podman.podman_play: + kube_file: "{{ kube_dir }}/kube-buil-test.yaml" + build: true + context_dir: "{{ build_context_dir }}" + state: started + register: play_with_build + + - name: Check if the result is changed + assert: + that: + - play_with_build is changed + - success_msg in play_with_build.stdout + + always: + + - name: Cleanup pods + containers.podman.podman_play: + kube_file: "{{ kube_dir }}/kube-buil-test.yaml" + state: absent diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/play-with-options.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/play-with-options.yml new file mode 100644 index 000000000..aeb79a5bc --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_play/tasks/play-with-options.yml @@ -0,0 +1,52 @@ +--- +- name: Test play pod with options + block: + - name: Copy kube file + copy: + src: "{{ kube_file }}" + dest: "{{ kube_dir }}/{{ kube_file }}" + remote_src: false + + - name: Create Pod with many options + containers.podman.podman_play: + kube_file: "{{ kube_dir }}/{{ kube_file }}" + state: started + recreate: true + annotation: + greeting: hello + greet_to: world + userns: "{{ userns }}" + log_opt: + path: "{{ log_opt.path }}" + max_size: "{{ log_opt.size }}" + register: play_pod + + - name: Get pod info + containers.podman.podman_pod_info: + name: "{{ target_pod }}" + register: play_pod_info + + - name: Check userns is set in Pod + assert: + that: + - play_pod_info.pods.0.InfraConfig.userns == userns + + - name: Get container info + containers.podman.podman_container_info: + name: "{{ target_container }}" + register: play_container_info + + - name: Check annotations and log options are set in Pod + assert: + that: + - play_container_info.containers.0.Config.Annotations["greeting"] == "hello" + - play_container_info.containers.0.Config.Annotations["greet_to"] == "world" + - play_container_info.containers.0.HostConfig.LogConfig["Path"] == log_opt.path + - play_container_info.containers.0.HostConfig.LogConfig["Size"] | lower == log_opt.size + + always: + + - name: Cleanup pods + containers.podman.podman_play: + kube_file: "{{ kube_dir }}/{{ kube_file }}" + state: absent diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_pod/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_pod/tasks/main.yml index 491d4a8a8..abee17596 100644 --- a/ansible_collections/containers/podman/tests/integration/targets/podman_pod/tasks/main.yml +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_pod/tasks/main.yml @@ -333,7 +333,7 @@ that: - pod15_a_info is changed - - name: Start pod with share for idempotency + - name: Start pod with gidmap and uidmap for idempotency containers.podman.podman_pod: executable: "{{ test_executable | default('podman') }}" name: pod1 @@ -347,6 +347,47 @@ that: - pod15_b_info is not changed + # Reset the namespace check. + # This is because changing from `uidmap/gidmap` to `userns` does not + # report a difference currently + - name: Start pod without uidmap to reset + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + state: created + register: pod15_c_info + + - name: Check info + assert: + that: + - pod15_c_info is changed + + - name: Start pod with userns + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + userns: auto + state: created + register: pod_userns_a_info + + - name: Check info + assert: + that: + - pod_userns_a_info is changed + + - name: Start pod with userns for idempotency + containers.podman.podman_pod: + executable: "{{ test_executable | default('podman') }}" + name: pod1 + userns: auto + state: created + register: pod_userns_b_info + + - name: Check info + assert: + that: + - pod_userns_b_info is not changed + - name: Start pod with labels containers.podman.podman_pod: executable: "{{ test_executable | default('podman') }}" @@ -737,11 +778,13 @@ generate_systemd: path: /tmp/dir1 restart_policy: always - time: 120 no_header: true names: true pod_prefix: poditto container_prefix: ainer + restart_sec: 10 + start_timeout: 20 + stop_timeout: 15 register: system1 - name: Check systemd file exists @@ -753,8 +796,9 @@ assert: that: - system1.podman_systemd.keys() | list | length == 3 - - "'-t 120 ' in system1.podman_systemd['poditto-pod2']" + - "'-t 15 ' in system1.podman_systemd['poditto-pod2']" - "'Restart=always' in system1.podman_systemd['poditto-pod2']" + - "'RestartSec=10' in system1.podman_systemd['poditto-pod2']" - "'autogenerated by Podman' not in system1.podman_systemd['poditto-pod2']" - podsys_stat.stat.exists | bool @@ -881,3 +925,11 @@ args: apply: become: true + +- name: Test podman_pod for limiting resources + include_tasks: resource-limit.yml + vars: + ansible_python_interpreter: "/usr/bin/python3" + args: + apply: + become: true diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_pod/tasks/net-pod.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_pod/tasks/net-pod.yml index 3341f52a8..626a60cee 100644 --- a/ansible_collections/containers/podman/tests/integration/targets/podman_pod/tasks/net-pod.yml +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_pod/tasks/net-pod.yml @@ -12,6 +12,7 @@ executable: "{{ test_executable | default('podman') }}" name: "{{ item }}" state: absent + force: true loop: - testnet - anothernet @@ -73,6 +74,7 @@ executable: "{{ test_executable | default('podman') }}" name: "{{ item }}" state: absent + force: true loop: - testnet - anothernet diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_pod/tasks/resource-limit.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_pod/tasks/resource-limit.yml new file mode 100644 index 000000000..94017d9f9 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_pod/tasks/resource-limit.yml @@ -0,0 +1,38 @@ +- name: Test podman_pod for limiting resources + block: + + - name: Set variables for limiting resources + set_fact: + limit: + blkio_weight: 123 + cpuset_mems: '0-1' + cpu_shares: 1024 + device_write_bps: ['/dev/zero:1048576'] + + - name: Create pod for limiting resources + containers.podman.podman_pod: + name: limited-pod + state: created + blkio_weight: "{{ limit.blkio_weight }}" + cpuset_mems: "{{ limit.cpuset_mems }}" + cpu_shares: "{{ limit.cpu_shares }}" + device_write_bps: "{{ limit.device_write_bps }}" + + - name: Get information on pod for limiting resources + containers.podman.podman_pod_info: + name: limited-pod + register: pod_info + + - name: Check if the result is as expected + assert: + that: + - item.blkio_weight == limit.blkio_weight + - item.cpuset_mems == limit.cpuset_mems + - item.cpu_shares == limit.cpu_shares + with_items: "{{ pod_info.pods }}" + + always: + - name: Cleanup + containers.podman.podman_pod: + name: limited-pod + state: absent diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_runlabel/files/Dockerfile b/ansible_collections/containers/podman/tests/integration/targets/podman_runlabel/files/Dockerfile new file mode 100644 index 000000000..8c97ff6d9 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_runlabel/files/Dockerfile @@ -0,0 +1,6 @@ +FROM alpine + +LABEL install="podman run --env IMAGE=IMAGE --rm IMAGE /bin/sh /testinstall.sh" +LABEL run="/usr/bin/touch /tmp/testedrunfortests" + +ADD testinstall.sh / diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_runlabel/files/testinstall.sh b/ansible_collections/containers/podman/tests/integration/targets/podman_runlabel/files/testinstall.sh new file mode 100644 index 000000000..d9fe1ee5a --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_runlabel/files/testinstall.sh @@ -0,0 +1,2 @@ +#!/usr/bin/env bash +echo -n "Installed." diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_runlabel/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_runlabel/tasks/main.yml new file mode 100644 index 000000000..2ddc8bff6 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_runlabel/tasks/main.yml @@ -0,0 +1,48 @@ +--- +- name: Create directory for user build images + file: + path: /tmp/usr_img + state: directory + +- name: Copy Dockerfile to container build directory + copy: + src: "{{ item }}" + dest: "/tmp/usr_img/{{ item }}" + mode: 755 + loop: + - Dockerfile + - testinstall.sh + +- name: Build test docker image for regular user + containers.podman.podman_image: + executable: "{{ test_executable | default('podman') }}" + name: "{{ runlabel_image }}" + path: /tmp/usr_img + build: + format: docker + extra_args: --cgroup-manager=cgroupfs + +- name: Run container label install + containers.podman.podman_runlabel: + image: "{{ runlabel_image }}" + label: install + register: install_runlabel + +- name: Run container label run + containers.podman.podman_runlabel: + image: "{{ runlabel_image }}" + label: run + +- name: Check file for run exists + stat: + path: /tmp/testedrunfortests + register: testedrunfortests + +- name: Make sure files exist + assert: + that: + - testedrunfortests.stat.exists + +- name: Make sure install label exited with 128 + assert: + that: install_runlabel.stdout == 'Installed.' diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_save/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_save/tasks/main.yml index 97c8a66f3..f78753f7d 100644 --- a/ansible_collections/containers/podman/tests/integration/targets/podman_save/tasks/main.yml +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_save/tasks/main.yml @@ -2,12 +2,15 @@ - name: Pull image containers.podman.podman_image: executable: "{{ test_executable | default('podman') }}" - name: k8s.gcr.io/pause + name: "{{ item }}" + loop: + - registry.k8s.io/pause + - registry.k8s.io/coredns/coredns:v1.9.3 - name: Save image containers.podman.podman_save: executable: "{{ test_executable | default('podman') }}" - image: k8s.gcr.io/pause + image: registry.k8s.io/pause dest: /tmp/image.tar - name: Check file @@ -23,7 +26,7 @@ - name: Save image containers.podman.podman_save: executable: "{{ test_executable | default('podman') }}" - image: k8s.gcr.io/pause + image: registry.k8s.io/pause dest: /tmp/image.tar force: true @@ -40,7 +43,7 @@ - name: Save image containers.podman.podman_save: executable: "{{ test_executable | default('podman') }}" - image: k8s.gcr.io/pause + image: registry.k8s.io/pause dest: /tmp/imagedir format: oci-dir @@ -57,7 +60,7 @@ - name: Save image containers.podman.podman_save: executable: "{{ test_executable | default('podman') }}" - image: k8s.gcr.io/pause + image: registry.k8s.io/pause dest: /tmp/imagedir-docker force: true format: docker-dir @@ -66,7 +69,7 @@ - name: Save image containers.podman.podman_save: executable: "{{ test_executable | default('podman') }}" - image: k8s.gcr.io/pause + image: registry.k8s.io/pause dest: /tmp/imagedir force: true format: oci-dir @@ -84,7 +87,7 @@ - name: Save image containers.podman.podman_save: executable: "{{ test_executable | default('podman') }}" - image: k8s.gcr.io/pause + image: registry.k8s.io/pause dest: /tmp/image2.tar multi_image_archive: true @@ -97,3 +100,22 @@ assert: that: - img.stat.exists + +- name: Save multi image + containers.podman.podman_save: + executable: "{{ test_executable | default('podman') }}" + image: + - registry.k8s.io/pause + - registry.k8s.io/coredns/coredns:v1.9.3 + dest: /tmp/image-multi.tar + multi_image_archive: true + +- name: Check mult image file + stat: + path: /tmp/image-multi.tar + register: img + +- name: Check multi image is saved + assert: + that: + - img.stat.exists diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_secret/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_secret/tasks/main.yml index c6c90de90..66f827df5 100644 --- a/ansible_collections/containers/podman/tests/integration/targets/podman_secret/tasks/main.yml +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_secret/tasks/main.yml @@ -1,6 +1,18 @@ - name: Test podman_secret block: + - name: Discover podman version + shell: podman version | grep "^Version:" | awk {'print $2'} + register: podman_v + + - name: Set podman version fact + set_fact: + podman_version: "{{ podman_v.stdout | string }}" + + - name: Set podman version fact to gt than 4.7.0 if so + set_fact: + podman_version_gt470: "{{ podman_version is version('4.7.0', '>=') }}" + - name: Make sure secret doesn't exist containers.podman.podman_secret: executable: "{{ test_executable | default('podman') }}" @@ -11,6 +23,7 @@ containers.podman.podman_secret: executable: "{{ test_executable | default('podman') }}" name: mysecret + debug: true data: secret content - name: Recreate secret @@ -27,13 +40,33 @@ name: mysecret data: super secret content skip_existing: true + debug: true register: skipped + - name: Force secret to same + containers.podman.podman_secret: + executable: "{{ test_executable | default('podman') }}" + name: mysecret + data: super secret content + force: true + debug: true + register: forced2 + - name: Check assertions assert: that: - forced is changed - skipped is not changed + - forced2 is changed + when: not podman_version_gt470 + + - name: Check assertions for podman >= 4.7.0 + assert: + that: + - forced is changed + - skipped is not changed + - forced2 is not changed + when: podman_version_gt470 - name: Create container that uses secret containers.podman.podman_container: @@ -93,6 +126,24 @@ that: - removed is not changed + - name: Create secret with file driver labels + containers.podman.podman_secret: + executable: "{{ test_executable | default('podman') }}" + name: mysecret + data: secret content + driver: file + labels: + lab1: somestringhere + label2: "some value is there" + "long label": onestring + "boring label": "multi string value" + + - name: Remove secret + containers.podman.podman_secret: + executable: "{{ test_executable | default('podman') }}" + state: absent + name: mysecret + - name: Create secret with file driver and custom options containers.podman.podman_secret: executable: "{{ test_executable | default('podman') }}" @@ -103,6 +154,131 @@ a: b c: d + - when: podman_version_gt470 + block: + + - name: Create secret with file driver and different options + containers.podman.podman_secret: + executable: "{{ test_executable | default('podman') }}" + name: mysecret + data: secret content + driver: file + driver_opts: + a: b + c: e + register: opts_changed + + - name: Create secret with file driver and different options again + containers.podman.podman_secret: + executable: "{{ test_executable | default('podman') }}" + name: mysecret + data: secret content + driver: file + driver_opts: + a: b + c: e + register: opts_changed2 + + - name: Create secret with different content + containers.podman.podman_secret: + executable: "{{ test_executable | default('podman') }}" + name: mysecret + data: other secret content + driver_opts: + a: b + c: e + register: secret_changed + + - name: Create secret with different content again + containers.podman.podman_secret: + executable: "{{ test_executable | default('podman') }}" + name: mysecret + data: other secret content + driver_opts: + a: b + c: e + register: secret_changed2 + + - name: Create secret with different content but skipped + containers.podman.podman_secret: + executable: "{{ test_executable | default('podman') }}" + name: mysecret + data: other secret content and skipped + skip_existing: true + debug: true + driver_opts: + a: b + c: e + register: skip_secret_changed + + - name: Create secret with different content but forced + containers.podman.podman_secret: + executable: "{{ test_executable | default('podman') }}" + name: mysecret + data: other secret content and skipped + force: true + debug: true + driver_opts: + a: b + c: e + register: force_secret_changed + + - name: Check opts changes + assert: + that: + - opts_changed is changed + - opts_changed2 is not changed + - secret_changed is changed + - secret_changed2 is not changed + - skip_secret_changed is not changed + - force_secret_changed is changed + + - name: Create secret with file driver and labels + containers.podman.podman_secret: + executable: "{{ test_executable | default('podman') }}" + name: mysecret + data: secret content + driver: file + labels: + lab1: somestringhere + label2: "some value is there" + "long label": onestring + "boring label": "multi string value" + register: secretlabels + + - name: Create secret with file driver and labels again + containers.podman.podman_secret: + executable: "{{ test_executable | default('podman') }}" + name: mysecret + data: secret content + driver: file + labels: + lab1: somestringhere + label2: "some value is there" + "long label": onestring + "boring label": "multi string value" + register: secretlabels2 + + - name: Create secret with file driver and different labels + containers.podman.podman_secret: + executable: "{{ test_executable | default('podman') }}" + name: mysecret + data: secret content + driver: file + labels: + lab1: somestringhere + label2: "some value is not there" + "long label": onestring + "boring label": "multi string value" + register: secretlabels3 + + - name: Check labels changes + assert: + that: + - secretlabels is changed + - secretlabels2 is not changed + - secretlabels3 is changed + - name: Remove secret containers.podman.podman_secret: executable: "{{ test_executable | default('podman') }}" diff --git a/ansible_collections/containers/podman/tests/integration/targets/podman_secret_info/tasks/main.yml b/ansible_collections/containers/podman/tests/integration/targets/podman_secret_info/tasks/main.yml new file mode 100644 index 000000000..90c588f63 --- /dev/null +++ b/ansible_collections/containers/podman/tests/integration/targets/podman_secret_info/tasks/main.yml @@ -0,0 +1,107 @@ +- name: Test podman_secret + block: + + - name: Discover podman version + shell: podman version | grep "^Version:" | awk {'print $2'} + register: podman_v + + - name: Set podman version fact + set_fact: + podman_version: "{{ podman_v.stdout | string }}" + + - name: Set podman version fact to gt than 4.7.0 if so + set_fact: + podman_version_gt470: "{{ podman_version is version('4.7.0', '>=') }}" + + - name: Make sure secrets don't exist + containers.podman.podman_secret: + executable: "{{ test_executable | default('podman') }}" + state: absent + name: "{{ item }}" + loop: + - mysecret + - second_secret + + - name: Create secret + containers.podman.podman_secret: + executable: "{{ test_executable | default('podman') }}" + name: mysecret + debug: true + data: secret content + + - name: Create another secret + containers.podman.podman_secret: + executable: "{{ test_executable | default('podman') }}" + name: second_secret + debug: true + data: "not secret content" + + - name: Get info about all secrets + containers.podman.podman_secret_info: + executable: "{{ test_executable | default('podman') }}" + register: secrets_info + + - name: Get info about one secret + containers.podman.podman_secret_info: + executable: "{{ test_executable | default('podman') }}" + name: mysecret + register: mysecret_info + + - name: Get info about second secret with secret data + containers.podman.podman_secret_info: + executable: "{{ test_executable | default('podman') }}" + name: second_secret + showsecret: true + register: second_secret_info + when: podman_version_gt470 + + - name: Get info about secret that does not exist + containers.podman.podman_secret_info: + executable: "{{ test_executable | default('podman') }}" + name: doesnotexist + register: notfound + ignore_errors: true + + # Delete all secrets + - name: Remove secrets + containers.podman.podman_secret: + executable: "{{ test_executable | default('podman') }}" + state: absent + name: "{{ item }}" + loop: + - mysecret + - second_secret + + - name: Get info about all secrets when no secrets + containers.podman.podman_secret_info: + executable: "{{ test_executable | default('podman') }}" + register: secrets_info2 + + - name: Check secrets info + assert: + that: + - secrets_info.secrets | length == 2 + - mysecret_info.secrets | length == 1 + - mysecret_info.secrets[0].Spec.Name == 'mysecret' + - "'SecretData' not in mysecret_info.secrets[0]" + - notfound is failed + - secrets_info2.secrets | length == 0 + + - name: Check secrets info for Podman > 4.7.0 + assert: + that: + - second_secret_info.secrets[0].SecretData == 'not secret content' + - second_secret_info.secrets | length == 1 + - second_secret_info.secrets[0].Spec.Name == 'second_secret' + when: podman_version_gt470 + + always: + + - name: Remove secrets + containers.podman.podman_secret: + executable: "{{ test_executable | default('podman') }}" + state: absent + name: "{{ item }}" + loop: + - mysecret + - second_secret |