forked from TerryHowe/ansible-modules-hashivault
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtest_write.yml
180 lines (165 loc) · 5.05 KB
/
test_write.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
---
- hosts: localhost
gather_facts: no
vars:
namespace: ''
name_root: '{{namespace}}basic'
name_folder: '{{namespace}}stalks/bean'
name_dict: '{{namespace}}_dict'
name_array: '{{namespace}}_array'
name_ttls: '{{namespace}}_ttls'
dict_value:
foo: 'bar'
baz: 'stuff'
array_value:
- 'one'
- 'two'
- 'three'
tasks:
- hashivault_delete:
secret: '{{name_root}}'
- hashivault_delete:
secret: '{{name_folder}}'
- hashivault_delete:
secret: '{{name_ttls}}'
- name: Write verify it succeeds
hashivault_write:
secret: '{{name_root}}'
data:
foo: 'foe'
fie: 'fum'
register: vault_write
- assert: { that: "{{vault_write.changed}} == True" }
- assert: { that: "'{{vault_write.msg}}' == 'Secret secret/{{name_root}} written'" }
- assert: { that: "{{vault_write.rc}} == 0" }
- name: Write again no update verify changed
hashivault_write:
secret: '{{name_root}}'
data:
foo: 'foe'
fie: 'fum'
register: vault_write
- assert: { that: "{{vault_write.changed}} == True" }
- assert: { that: "'{{vault_write.msg}}' == 'Secret secret/{{name_root}} written'" }
- assert: { that: "{{vault_write.rc}} == 0" }
- name: Update again and verify no change
hashivault_write:
update: True
secret: '{{name_root}}'
data:
foo: 'foe'
fie: 'fum'
register: vault_write
- assert: { that: "{{vault_write.changed}} == False" }
- assert: { that: "{{vault_write.rc}} == 0" }
- name: Update new value and detect change
hashivault_write:
update: True
secret: '{{name_root}}'
data:
foo: 'new'
fie: 'fum'
register: vault_write
- assert: { that: "{{vault_write.changed}} == True" }
- assert: { that: "'{{vault_write.msg}}' == 'Secret secret/{{name_root}} written'" }
- assert: { that: "{{vault_write.rc}} == 0" }
- name: Update a brand new secret in folder
hashivault_write:
update: True
secret: '{{name_folder}}'
data:
height: tall
register: vault_write
- assert: { that: "{{vault_write.changed}} == True" }
- assert: { that: "'{{vault_write.msg}}' == 'Secret secret/{{name_folder}} written'" }
- assert: { that: "{{vault_write.rc}} == 0" }
- name: Write secret dictionary
hashivault_write:
secret: '{{name_dict}}'
data: "{{ dict_value }}"
- assert: { that: "{{vault_write.changed}} == True" }
- assert: { that: "{{vault_write.rc}} == 0" }
- name: Write array type secret
hashivault_write:
secret: '{{name_array}}'
data:
value: "{{array_value}}"
- name: Initial ttl values
hashivault_write:
update: True
secret: '{{name_ttls}}'
data:
ttl: 36000s
max_ttl: 480s
register: vault_write
- assert: { that: "{{vault_write.changed}} == True" }
- name: Update minute ttl secret
hashivault_write:
update: True
secret: '{{name_ttls}}'
data:
ttl: 600m
register: vault_write
- assert: { that: "{{vault_write.changed}} == False" }
- name: Update hour ttl secret
hashivault_write:
update: True
secret: '{{name_ttls}}'
data:
ttl: 10h
register: vault_write
- assert: { that: "{{vault_write.changed}} == False" }
- name: Update second ttl secret
hashivault_write:
update: True
secret: '{{name_ttls}}'
data:
ttl: 36000s
register: vault_write
- assert: { that: "{{vault_write.changed}} == False" }
- name: Update second ttl secret no s
hashivault_write:
update: True
secret: '{{name_ttls}}'
data:
ttl: 36000
register: vault_write
- assert: { that: "{{vault_write.changed}} == False" }
- name: Update second ttl secret new value
hashivault_write:
update: True
secret: '{{name_ttls}}'
data:
ttl: 36001s
register: vault_write
- assert: { that: "{{vault_write.changed}} == True" }
- hashivault_delete:
secret: '{{namespace}}no_log'
- name: Write a secret to mess up no_log
hashivault_write:
update: True
secret: '{{namespace}}no_log'
data:
zero: 0
zero_str: "0"
one: 1
one_str: "1"
false: False
true: True
register: vault_write
- assert: { that: "{{vault_write.changed}} == True" }
- assert: { that: "{{vault_write.rc}} == 0" }
- name: Write a secret to mess up no_log again
hashivault_write:
update: True
secret: '{{namespace}}no_log'
data:
zero: 0
zero_str: "0"
one: 1
one_str: "1"
false: False
true: True
register: vault_write
- assert: { that: "{{vault_write.changed}} == False" }
- assert: { that: "{{vault_write.rc}} == 0" }