From 1841afd03d37a839acdb1fca91598df2057dd317 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Herv=C3=A9=20Quatremain?= Date: Wed, 7 Aug 2024 08:29:57 +0200 Subject: [PATCH] Codecov reports (#44) --- .github/workflows/ansible-integration.yml | 1 + plugins/modules/quay_application.py | 8 +- .../targets/quay_api_token/tasks/main.yml | 81 ++++++ .../targets/quay_application/tasks/main.yml | 70 +++++ .../targets/quay_default_perm/tasks/main.yml | 111 ++++++++ .../targets/quay_docker_config/tasks/main.yml | 3 +- .../targets/quay_layer_info/tasks/main.yml | 15 +- .../quay_manifest_label/tasks/main.yml | 70 ++++- .../targets/quay_notification/tasks/main.yml | 265 +++++++++++++++++- .../targets/quay_quota/tasks/main.yml | 97 +++++++ .../quay_repository_mirror/tasks/main.yml | 100 ++++++- .../targets/quay_robot/tasks/main.yml | 72 +++++ .../targets/quay_tag/tasks/main.yml | 149 +++++++++- .../targets/quay_team/tasks/main.yml | 67 +++++ .../quay_vulnerability_info/tasks/main.yml | 13 + .../targets/setup_token/tasks/main.yml | 4 +- 16 files changed, 1102 insertions(+), 24 deletions(-) diff --git a/.github/workflows/ansible-integration.yml b/.github/workflows/ansible-integration.yml index bba2f40..de87c78 100644 --- a/.github/workflows/ansible-integration.yml +++ b/.github/workflows/ansible-integration.yml @@ -54,4 +54,5 @@ jobs: - uses: codecov/codecov-action@v4 with: fail_ci_if_error: false + token: ${{ secrets.CODECOV_TOKEN }} ... diff --git a/plugins/modules/quay_application.py b/plugins/modules/quay_application.py index 4a8155e..973ac7c 100644 --- a/plugins/modules/quay_application.py +++ b/plugins/modules/quay_application.py @@ -285,7 +285,7 @@ def main(): new_fields["name"] = new_name # The original application does not exists... if not app_details: - # and neither the new organization. Create that new organization. + # and neither the new application. Create that new application. if not new_app_details: data = module.create( "application", @@ -297,8 +297,8 @@ def main(): ) exit_module(module, True, data) - # The original organization does not exists but the new one does. - # Update that new organization. + # The original application does not exists but the new one does. + # Update that new application. updated, data = module.update( new_app_details, "application", @@ -310,7 +310,7 @@ def main(): id=new_app_details.get("client_id", ""), ) exit_module(module, updated, data if updated else new_app_details) - # The original organization exists. Rename it. + # The original application exists. Rename it. updated, data = module.update( app_details, "application", diff --git a/tests/integration/targets/quay_api_token/tasks/main.yml b/tests/integration/targets/quay_api_token/tasks/main.yml index a1dce2e..abb3298 100644 --- a/tests/integration/targets/quay_api_token/tasks/main.yml +++ b/tests/integration/targets/quay_api_token/tasks/main.yml @@ -67,6 +67,87 @@ quay_host: "{{ quay_url }}" validate_certs: false +- name: ERROR EXPECTED Non-existing user + herve4m.quay.quay_api_token: + for_user: nonexistinguser + quay_username: testuser1 + quay_password: vs9mrD55NP + client_id: "{{ app_details['client_id'] }}" + rights: + - org:admin + - repo:admin + - repo:create + - repo:read + - repo:write + - user:admin + - user:read + quay_host: "{{ quay_url }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (non-existing user) + +- name: ERROR EXPECTED No rights specified + herve4m.quay.quay_api_token: + quay_username: testuser1 + quay_password: vs9mrD55NP + client_id: "{{ app_details['client_id'] }}" + rights: [] + quay_host: "{{ quay_url }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (non-existing organization) + +- name: Generate an OAuth access token for the current user (check mode) + herve4m.quay.quay_api_token: + quay_username: testuser1 + quay_password: vs9mrD55NP + client_id: "{{ app_details['client_id'] }}" + rights: + - all + quay_host: "{{ quay_url }}" + validate_certs: false + check_mode: true + register: result + +- name: Ensure that the returned data has the access_token key + ansible.builtin.assert: + that: "'access_token' in result" + fail_msg: The result should have the access_token key + +- name: Generate an OAuth access token for ansibletestuser1 (check mode) + herve4m.quay.quay_api_token: + for_user: ansibletestuser1 + quay_username: testuser1 + quay_password: vs9mrD55NP + client_id: "{{ app_details['client_id'] }}" + rights: + - org:admin + - repo:admin + - repo:create + - repo:read + - repo:write + - user:admin + - user:read + quay_host: "{{ quay_url }}" + validate_certs: false + check_mode: true + register: result + +- name: Ensure that the task did change something + ansible.builtin.assert: + that: result['changed'] + fail_msg: The preceding task should created the token + - name: Ensure testteam1 team is removed herve4m.quay.quay_team: name: testteam1 diff --git a/tests/integration/targets/quay_application/tasks/main.yml b/tests/integration/targets/quay_application/tasks/main.yml index 95071f6..935a911 100644 --- a/tests/integration/targets/quay_application/tasks/main.yml +++ b/tests/integration/targets/quay_application/tasks/main.yml @@ -103,6 +103,76 @@ quay_token: "{{ quay_token }}" validate_certs: false +- name: Non-existing organization and state=absent (no change) + herve4m.quay.quay_application: + organization: nonexisting + name: ansibletestapp1 + state: absent + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + register: result + +- name: Ensure that the task did not change anything + ansible.builtin.assert: + that: not result['changed'] + fail_msg: The preceding task should not have changed anything + +- name: ERROR EXPECTED Non-existing organization + herve4m.quay.quay_application: + organization: nonexisting + name: ansibletestapp1 + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (non-existing organization) + +- name: ERROR EXPECTED Already existing application + herve4m.quay.quay_application: + organization: ansibletestorg + name: ansibletestapp2 + new_name: ansibletestapp3 + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (application exists) + +- name: Ensure the application ansibletestapp2 is updated (new_name) + herve4m.quay.quay_application: + organization: ansibletestorg + name: doesnotexist + new_name: ansibletestapp2 + description: Application 2 description + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + +- name: Ensure the application ansibletestapp3 is removed + herve4m.quay.quay_application: + organization: ansibletestorg + name: doesnotexist + new_name: ansibletestapp3 + description: "New ansibletestapp3 application" + state: absent + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + - name: Ensure the applications are removed herve4m.quay.quay_application: organization: ansibletestorg diff --git a/tests/integration/targets/quay_default_perm/tasks/main.yml b/tests/integration/targets/quay_default_perm/tasks/main.yml index 0f30d23..8083623 100644 --- a/tests/integration/targets/quay_default_perm/tasks/main.yml +++ b/tests/integration/targets/quay_default_perm/tasks/main.yml @@ -113,6 +113,117 @@ that: not result['changed'] fail_msg: The preceding task should not have changed anything +- name: Missing organization and state=absent (no change) + herve4m.quay.quay_default_perm: + organization: nonexisting + name: ansibletestteam1 + type: team + role: admin + creator: ansibletestuser2 + state: absent + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + register: result + +- name: Ensure that the task did not change anything + ansible.builtin.assert: + that: not result['changed'] + fail_msg: The preceding task should not have changed anything + +- name: ERROR EXPECTED Non-existing organization + herve4m.quay.quay_default_perm: + organization: nonexisting + name: ansibletestteam1 + type: team + role: admin + creator: ansibletestuser2 + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (non-existing organization) + +- name: ERROR EXPECTED Non-existing user + herve4m.quay.quay_default_perm: + organization: ansibletestorg + name: nonexistinguser + type: user + role: admin + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (non-existing user) + +- name: ERROR EXPECTED Non-existing team + herve4m.quay.quay_default_perm: + organization: ansibletestorg + name: nonexistingteam + type: team + role: admin + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (non-existing team) + +- name: ERROR EXPECTED Non-existing creator + herve4m.quay.quay_default_perm: + organization: ansibletestorg + name: ansibletestteam1 + type: team + role: admin + creator: nonexistingcreator + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (non-existing creator) + +- name: ERROR EXPECTED Creator is a robot account + herve4m.quay.quay_default_perm: + organization: ansibletestorg + name: ansibletestteam1 + type: team + role: admin + creator: ansibletestorg+ansibletestrobot1 + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (creator is a robot) + - name: Ensure default perm anon-read-ansibletestuser1 is removed herve4m.quay.quay_default_perm: organization: ansibletestorg diff --git a/tests/integration/targets/quay_docker_config/tasks/main.yml b/tests/integration/targets/quay_docker_config/tasks/main.yml index 0adc2bc..46dcd34 100644 --- a/tests/integration/targets/quay_docker_config/tasks/main.yml +++ b/tests/integration/targets/quay_docker_config/tasks/main.yml @@ -1,7 +1,8 @@ --- - name: Build a Docker configuration in JSON format ansible.builtin.set_fact: - json_conf: "{{ 'myuser' | herve4m.quay.quay_docker_config('mypassword', + json_conf: "{{ 'myuser' | + herve4m.quay.quay_docker_config('mypassword', 'https://www.example.com:8080', 'myuser@example.com') }}" - name: Ensure that the Docker configuration matches diff --git a/tests/integration/targets/quay_layer_info/tasks/main.yml b/tests/integration/targets/quay_layer_info/tasks/main.yml index 38a29f1..54c7d5c 100644 --- a/tests/integration/targets/quay_layer_info/tasks/main.yml +++ b/tests/integration/targets/quay_layer_info/tasks/main.yml @@ -20,7 +20,7 @@ that: layers1['layers']|length == layers2['layers']|length fail_msg: The same image should have been returned -- name: Retrieve an image with no namespace (error) +- name: ERROR EXPECTED Retrieve an image with no namespace herve4m.quay.quay_layer_info: image: nosuchimageipresume quay_host: quay.io @@ -32,6 +32,19 @@ that: result['failed'] fail_msg: The preceding task should have failed +- name: Retrieve an image in a non-existing namespace + herve4m.quay.quay_layer_info: + image: nonexisting/ansibletestrepo:latest + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + register: result + +- name: Ensure that the task did not change anything + ansible.builtin.assert: + that: not result['changed'] + fail_msg: The preceding task should not have changed anything + - name: Retrieve a non-existing image in my namespace (no change) herve4m.quay.quay_layer_info: image: dnsmasq:v1.0.0 diff --git a/tests/integration/targets/quay_manifest_label/tasks/main.yml b/tests/integration/targets/quay_manifest_label/tasks/main.yml index ec3ba7e..cf6302b 100644 --- a/tests/integration/targets/quay_manifest_label/tasks/main.yml +++ b/tests/integration/targets/quay_manifest_label/tasks/main.yml @@ -11,7 +11,7 @@ # - Tagging it so that it can be pushed to the local Quay Container Registry # - Pushing the image # - Deleting the images from the local system -# The tasks do not use the podman collection because it may not be +# The tasks do not use the podman collection because it might not be # available on the testing system. - name: Ensure the image is prepared with podman when: "podman['rc'] == 0" @@ -74,6 +74,10 @@ cmd: "docker push {{ quay_hostname }}/ansibletestorg/ansibletestrepo:latest" changed_when: true + register: result + retries: 3 + delay: 5 + until: result["rc"] == 0 - name: Ensure the images are removed ansible.builtin.command: @@ -238,6 +242,70 @@ that: not result['changed'] fail_msg: The preceding task should not have changed anything +- name: Non-existing namespace + herve4m.quay.quay_manifest_label: + image: nonexisting/ansibletestrepo:latest + key: architecture + state: absent + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + register: result + +- name: Ensure that the task did not change anything + ansible.builtin.assert: + that: not result['changed'] + fail_msg: The preceding task should not have changed anything + +- name: ERROR EXPECTED Missing organization + herve4m.quay.quay_manifest_label: + image: ansibletestrepo:latest + key: architecture + state: absent + quay_host: quay.io + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (no organization specified) + +- name: ERROR EXPECTED Non-existing namespace + herve4m.quay.quay_manifest_label: + image: nonexisting/ansibletestrepo:latest + key: architecture + value: other + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (non-existing organization) + +- name: ERROR EXPECTED Non-existing tag + herve4m.quay.quay_manifest_label: + image: ansibletestorg/ansibletestrepo:1234567 + key: architecture + value: other + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (non-existing tag) + - name: Ensure the repository is removed herve4m.quay.quay_repository: name: ansibletestorg/ansibletestrepo diff --git a/tests/integration/targets/quay_notification/tasks/main.yml b/tests/integration/targets/quay_notification/tasks/main.yml index f184add..32d0ee1 100644 --- a/tests/integration/targets/quay_notification/tasks/main.yml +++ b/tests/integration/targets/quay_notification/tasks/main.yml @@ -16,10 +16,10 @@ quay_token: "{{ quay_token }}" validate_certs: false -- name: Ensure notification exists (but repo does not exist) +- name: ERROR EXPECTED Ensure notification exists (but repo does not exist) herve4m.quay.quay_notification: repository: myansibletestrepo - title: Test Quay Notification + title: Test Quay Notification 13 event: repo_push method: quay_notification config: @@ -37,7 +37,27 @@ that: result['failed'] fail_msg: The preceding task should have failed (no such repository) -- name: Ensure notification exists (but with missing required parameters) +- name: ERROR EXPECTED Non-existing repository (anonymous) + herve4m.quay.quay_notification: + repository: myansibletestrepo + title: Test Quay Notification 14 + event: repo_push + method: quay_notification + config: + name: ansibletestteam1 + type: team + state: present + quay_host: quay.io + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (no such repository) + +- name: ERROR EXPECTED Missing required parameters herve4m.quay.quay_notification: repository: ansibletestorg/ansibletestrepo state: present @@ -204,6 +224,245 @@ that: not result['changed'] fail_msg: The preceding task should not have changed anything +- name: Non-existing organization and state=absent (no change) + herve4m.quay.quay_notification: + repository: nonexisting/ansibletestrepo + title: Test Quay Notification 11 + event: repo_push + method: quay_notification + config: + name: ansibletestteam1 + type: team + state: absent + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + register: result + +- name: Ensure that the task did not change anything + ansible.builtin.assert: + that: not result['changed'] + fail_msg: The preceding task should not have changed anything + +- name: ERROR EXPECTED Non-existing organization + herve4m.quay.quay_notification: + repository: nonexisting/ansibletestrepo + title: Test Quay Notification 12 + event: repo_push + method: quay_notification + config: + name: ansibletestteam1 + type: team + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (non-existing organization) + +- name: ERROR EXPECTED Missing parameter for notification (1) + herve4m.quay.quay_notification: + repository: ansibletestorg/ansibletestrepo + title: Test Quay Notification 1 + event: repo_push + method: email + config: {} + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (missing parameter) + +- name: ERROR EXPECTED Missing parameter for notification (2) + herve4m.quay.quay_notification: + repository: ansibletestorg/ansibletestrepo + title: Test Quay Notification 2 + event: repo_push + method: flowdock + config: {} + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (missing parameter) + +- name: ERROR EXPECTED Missing parameter for notification (3) + herve4m.quay.quay_notification: + repository: ansibletestorg/ansibletestrepo + title: Test Quay Notification 3 + event: repo_push + method: hipchat + config: {} + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (missing parameter) + +- name: ERROR EXPECTED Missing parameter for notification (4) + herve4m.quay.quay_notification: + repository: ansibletestorg/ansibletestrepo + title: Test Quay Notification 4 + event: repo_push + method: slack + config: {} + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (missing parameter) + +- name: ERROR EXPECTED Missing parameter for notification (5) + herve4m.quay.quay_notification: + repository: ansibletestorg/ansibletestrepo + title: Test Quay Notification 5 + event: repo_push + method: webhook + config: {} + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (missing parameter) + +- name: ERROR EXPECTED Missing parameter for notification (6) + herve4m.quay.quay_notification: + repository: ansibletestorg/ansibletestrepo + title: Test Quay Notification 6 + event: repo_push + method: quay_notification + config: {} + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (missing parameter) + +- name: ERROR EXPECTED Non-existing user + herve4m.quay.quay_notification: + repository: ansibletestorg/ansibletestrepo + title: Test Quay Notification 7 + event: repo_push + method: quay_notification + config: + name: nonexistinguser + type: user + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (non-existing user) + +- name: ERROR EXPECTED Non-existing team + herve4m.quay.quay_notification: + repository: ansibletestorg/ansibletestrepo + title: Test Quay Notification 8 + event: repo_push + method: quay_notification + config: + name: nonexistingteam + type: team + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (non-existing team) + +- name: ERROR EXPECTED Non-existing organization + herve4m.quay.quay_notification: + repository: ansibletestorg/ansibletestrepo + title: Test Quay Notification 9 + event: repo_push + method: quay_notification + config: + name: nonexistingorg + type: org + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (non-existing organization) + +- name: ERROR EXPECTED Robot account not allowed + herve4m.quay.quay_notification: + repository: ansibletestorg/ansibletestrepo + title: Test Quay Notification 10 + event: repo_push + method: quay_notification + config: + name: ansibletestorg+ansibletestrobot1 + type: user + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (robot account) + - name: Ensure Quay Notification is removed herve4m.quay.quay_notification: repository: ansibletestorg/ansibletestrepo diff --git a/tests/integration/targets/quay_quota/tasks/main.yml b/tests/integration/targets/quay_quota/tasks/main.yml index 4b5c623..6de76b2 100644 --- a/tests/integration/targets/quay_quota/tasks/main.yml +++ b/tests/integration/targets/quay_quota/tasks/main.yml @@ -158,13 +158,110 @@ - name: Ensure the quota is updated (3) herve4m.quay.quay_quota: organization: ansibletestorg + quota: 1 GB + warning_pct: 85 + reject_pct: 99 + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + +- name: Ensure the quota is updated (4) + herve4m.quay.quay_quota: + organization: ansibletestorg + quota: 4000000 KIB + warning_pct: 85 + reject_pct: 99 + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + +- name: Ensure the quota is updated (5) + herve4m.quay.quay_quota: + organization: ansibletestorg + quota: 3000000 Kb + warning_pct: 85 + reject_pct: 99 + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + +- name: Ensure the quota is updated (6) + herve4m.quay.quay_quota: + organization: ansibletestorg + quota: 3000 MiB + warning_pct: 85 + reject_pct: 99 + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + +- name: Ensure the quota is updated (7) + herve4m.quay.quay_quota: + organization: ansibletestorg + quota: 4000 MB + warning_pct: 85 + reject_pct: 99 + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + +- name: Missing organization and state=absent (no change) + herve4m.quay.quay_quota: + organization: nonexisting quota: 1 TiB warning_pct: 85 reject_pct: 99 + state: absent + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + register: result + +- name: Ensure that the task did not change anything + ansible.builtin.assert: + that: not result['changed'] + fail_msg: The preceding task should not have changed anything + +- name: ERROR EXPECTED Missing organization + herve4m.quay.quay_quota: + organization: nonexisting + quota: 1 TiB + warning_pct: 85 + reject_pct: 99 + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (non-existing organization) + +- name: ERROR EXPECTED Wrong quota format + herve4m.quay.quay_quota: + organization: ansibletestorg + quota: that is a wrong quota format + warning_pct: 85 + reject_pct: 99 state: present quay_host: "{{ quay_url }}" quay_token: "{{ quay_token }}" validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (wrong quota format) - name: Ensure quota does not exist herve4m.quay.quay_quota: diff --git a/tests/integration/targets/quay_repository_mirror/tasks/main.yml b/tests/integration/targets/quay_repository_mirror/tasks/main.yml index f298a43..52159d4 100644 --- a/tests/integration/targets/quay_repository_mirror/tasks/main.yml +++ b/tests/integration/targets/quay_repository_mirror/tasks/main.yml @@ -13,6 +13,22 @@ quay_token: "{{ quay_token }}" validate_certs: false +- name: ERROR EXPECTED Missing required parameters + herve4m.quay.quay_repository_mirror: + name: ansibletestorg/ansibletestrepo1 + sync_interval: 43200 + sync_start_date: "2021-01-01T12:00:00Z" + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (missing parameters) + - name: Ensure repository mirror configuration for ansibletestrepo1 exists herve4m.quay.quay_repository_mirror: name: ansibletestorg/ansibletestrepo1 @@ -44,7 +60,7 @@ that: not result['changed'] fail_msg: The preceding task should not have changed anything -- name: Ensure repository mirror configutation is updated (1) +- name: Ensure repository mirror configuration is updated (1) herve4m.quay.quay_repository_mirror: name: ansibletestorg/ansibletestrepo1 external_reference: docker.io/library/hello-world @@ -57,7 +73,7 @@ quay_token: "{{ quay_token }}" validate_certs: false -- name: Ensure repository mirror configutation is updated (2) +- name: Ensure repository mirror configuration is updated (2) herve4m.quay.quay_repository_mirror: name: ansibletestorg/ansibletestrepo1 external_reference: docker.io/library/hello-world @@ -73,7 +89,7 @@ quay_token: "{{ quay_token }}" validate_certs: false -- name: Ensure repository mirror configutation is updated (3) +- name: Ensure repository mirror configuration is updated (3) herve4m.quay.quay_repository_mirror: name: ansibletestorg/ansibletestrepo1 https_proxy: "" @@ -83,6 +99,25 @@ quay_token: "{{ quay_token }}" validate_certs: false +- name: Ensure repository mirror configuration is updated (4) + herve4m.quay.quay_repository_mirror: + name: ansibletestorg/ansibletestrepo1 + external_reference: docker.io/library/hello-world + robot_username: ansibletestorg+ansibletestrobot1 + https_proxy: https://proxy.example.com:3128 + http_proxy: "" + no_proxy: quay.io + external_registry_username: jziglar + external_registry_password: vs9mrD55NP + verify_tls: false + sync_interval: 21600 + sync_start_date: "2021-11-02T21:42:00Z" + image_tags: + - linux + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + - name: Ensure repository mirror conf for ansibletestrepo1 is active herve4m.quay.quay_repository_mirror: name: ansibletestorg/ansibletestrepo1 @@ -99,6 +134,65 @@ quay_token: "{{ quay_token }}" validate_certs: false +- name: ERROR EXPECTED Non-existing repository (1) + herve4m.quay.quay_repository_mirror: + name: nonexisting/ansibletestrepo1 + external_reference: docker.io/library/hello-world + robot_username: ansibletestorg+ansibletestrobot1 + image_tags: + - latest + sync_interval: 43200 + sync_start_date: "2021-01-01T12:00:00Z" + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (non-existing repository) + +- name: ERROR EXPECTED Non-existing repository (2) + herve4m.quay.quay_repository_mirror: + name: ansibletestrepo1 + external_reference: docker.io/library/hello-world + robot_username: ansibletestorg+ansibletestrobot1 + image_tags: + - latest + sync_interval: 43200 + sync_start_date: "2021-01-01T12:00:00Z" + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (non-existing repository) + +- name: ERROR EXPECTED Non-existing repository (anonymous) + herve4m.quay.quay_repository_mirror: + name: ansibletestrepo1 + external_reference: docker.io/library/hello-world + robot_username: ansibletestorg+ansibletestrobot1 + image_tags: + - latest + sync_interval: 43200 + sync_start_date: "2021-01-01T12:00:00Z" + quay_host: quay.io + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (non-existing repository) + - name: Ensure repository ansibletestrepo1 is removed herve4m.quay.quay_repository: name: ansibletestorg/ansibletestrepo1 diff --git a/tests/integration/targets/quay_robot/tasks/main.yml b/tests/integration/targets/quay_robot/tasks/main.yml index 9aeb615..9b5a72b 100644 --- a/tests/integration/targets/quay_robot/tasks/main.yml +++ b/tests/integration/targets/quay_robot/tasks/main.yml @@ -62,6 +62,78 @@ quay_token: "{{ quay_token }}" validate_certs: false +- name: Non-existing organization and state=absent (no change) + herve4m.quay.quay_robot: + name: nonexisting+testrobot5 + state: absent + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + register: result + +- name: Ensure that the task did not change anything + ansible.builtin.assert: + that: not result['changed'] + fail_msg: The preceding task should not have changed anything + +- name: ERROR EXPECTED Non-existing organization + herve4m.quay.quay_robot: + name: nonexisting+testrobot5 + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (non-existing organization) + +- name: ERROR EXPECTED No organization specified why anonymous access + herve4m.quay.quay_robot: + name: testrobot5 + state: present + quay_host: quay.io + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (non-existing organization) + +- name: ERROR EXPECTED Not the owner of the namespace + herve4m.quay.quay_robot: + name: ansibletestuser1+testrobot5 + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (not my namespace) + +- name: ERROR EXPECTED Access denied + herve4m.quay.quay_robot: + name: hquatrem+testrobot5 + state: present + quay_host: quay.io + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (access denied) + - name: Ensure robot accounts are removed herve4m.quay.quay_robot: name: "{{ item }}" diff --git a/tests/integration/targets/quay_tag/tasks/main.yml b/tests/integration/targets/quay_tag/tasks/main.yml index 6742d42..c9a6bd8 100644 --- a/tests/integration/targets/quay_tag/tasks/main.yml +++ b/tests/integration/targets/quay_tag/tasks/main.yml @@ -11,7 +11,7 @@ # - Tagging it so that it can be pushed to the local Quay Container Registry # - Pushing the image # - Deleting the images from the local system -# The tasks do not use the podman collection because it may not be +# The tasks do not use the podman collection because it might not be # available on the testing system. - name: Ensure the image is prepared with podman when: "podman['rc'] == 0" @@ -24,25 +24,29 @@ - name: Ensure the image has the correct tag ansible.builtin.command: cmd: "podman tag {{ fake_image }} - {{ quay_hostname }}/ansibletestorg/ansibletestrepo:latest" + {{ quay_hostname }}/ansibletestorg/ansibletestrepo:latest" changed_when: true - name: Ensure podman is logged in ansible.builtin.command: cmd: "podman login --tls-verify=false --username {{ admin_username }} - --password {{ admin_password }} {{ quay_hostname }}" + --password {{ admin_password }} {{ quay_hostname }}" changed_when: true - name: Ensure the image is pushed to Quay Container Registry ansible.builtin.command: cmd: "podman push --tls-verify=false --remove-signatures - {{ quay_hostname }}/ansibletestorg/ansibletestrepo:latest" + {{ quay_hostname }}/ansibletestorg/ansibletestrepo:latest" changed_when: true + register: result + retries: 3 + delay: 5 + until: result["rc"] == 0 - name: Ensure the images are removed ansible.builtin.command: cmd: "podman rmi {{ fake_image }} - {{ quay_hostname }}/ansibletestorg/ansibletestrepo:latest" + {{ quay_hostname }}/ansibletestorg/ansibletestrepo:latest" changed_when: true - name: Ensure the image is prepared with docker @@ -56,25 +60,29 @@ - name: Ensure the image has the correct tag ansible.builtin.command: cmd: "docker tag {{ fake_image }} - {{ quay_hostname }}/ansibletestorg/ansibletestrepo:latest" + {{ quay_hostname }}/ansibletestorg/ansibletestrepo:latest" changed_when: true - name: Ensure docker is logged in ansible.builtin.command: cmd: "docker login --username {{ admin_username }} - --password {{ admin_password }} {{ quay_hostname }}" + --password {{ admin_password }} {{ quay_hostname }}" changed_when: true - name: Ensure the image is pushed to Quay Container Registry ansible.builtin.command: cmd: "docker push - {{ quay_hostname }}/ansibletestorg/ansibletestrepo:latest" + {{ quay_hostname }}/ansibletestorg/ansibletestrepo:latest" changed_when: true + register: result + retries: 3 + delay: 5 + until: result["rc"] == 0 - name: Ensure the images are removed ansible.builtin.command: cmd: "docker rmi {{ fake_image }} - {{ quay_hostname }}/ansibletestorg/ansibletestrepo:latest" + {{ quay_hostname }}/ansibletestorg/ansibletestrepo:latest" changed_when: true - name: Ensure docker is logged out @@ -191,6 +199,20 @@ that: not result['changed'] fail_msg: The preceding task should not have changed anything +- name: Ensure the tag v1.0.0 is set (no change) + herve4m.quay.quay_tag: + image: ansibletestorg/ansibletestrepo:v2.0.0 + tag: v1.0.0 + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + +- name: Ensure that the task did not change anything + ansible.builtin.assert: + that: not result['changed'] + fail_msg: The preceding task should not have changed anything + - name: Ensure the tag v2.0.0 has no expiration herve4m.quay.quay_tag: image: ansibletestorg/ansibletestrepo:v2.0.0 @@ -219,6 +241,115 @@ quay_token: "{{ quay_token }}" validate_certs: false +- name: Non-existing namespace + herve4m.quay.quay_tag: + image: nonexisting/ansibletestrepo:v2.0.0 + tag: v1.0.0 + state: absent + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + register: result + +- name: Ensure that the task did not change anything + ansible.builtin.assert: + that: not result['changed'] + fail_msg: The preceding task should not have changed anything + +- name: ERROR EXPECTED Missing organization + herve4m.quay.quay_tag: + image: ansibletestrepo:latest + tag: v1.0.0 + state: present + quay_host: quay.io + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (no organization specified) + +- name: ERROR EXPECTED Non-existing namespace + herve4m.quay.quay_tag: + image: nonexisting/ansibletestrepo:v2.0.0 + tag: v1.0.0 + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (non-existing organization) + +- name: ERROR EXPECTED Missing tag when digest is set + herve4m.quay.quay_tag: + image: ansibletestorg/ansibletestrepo@{{ t['tags'][0]['manifest_digest'] }} + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (missing tag) + +- name: ERROR EXPECTED Expiration date in the past + herve4m.quay.quay_tag: + image: ansibletestorg/ansibletestrepo:v2.0.0 + expiration: "202112312356.42" + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (date in the past) + +- name: ERROR EXPECTED Wrong format for the expiration date + herve4m.quay.quay_tag: + image: ansibletestorg/ansibletestrepo:v2.0.0 + expiration: ABCEDFGHIJ + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (wrong date format) + +- name: ERROR EXPECTED Non-existing image + herve4m.quay.quay_tag: + image: ansibletestorg/ansibletestrepo:1234567 + tag: v4.0.0 + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (non-existing image) + - name: Ensure the tag v2.0.0 is removed herve4m.quay.quay_tag: image: ansibletestorg/ansibletestrepo:v2.0.0 diff --git a/tests/integration/targets/quay_team/tasks/main.yml b/tests/integration/targets/quay_team/tasks/main.yml index 0e43650..604cfce 100644 --- a/tests/integration/targets/quay_team/tasks/main.yml +++ b/tests/integration/targets/quay_team/tasks/main.yml @@ -79,6 +79,18 @@ that: not result['changed'] fail_msg: The preceding task should not have changed anything +- name: Ensure team testteam3 is updated + herve4m.quay.quay_team: + name: testteam3 + organization: ansibletestorg + # Same role as the role previously assigned to the team + members: + - ansibletestuser4 + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + - name: Ensure non-existing team is deleted (no change) herve4m.quay.quay_team: name: nonexistingteam @@ -94,6 +106,60 @@ that: not result['changed'] fail_msg: The preceding task should not have changed anything +- name: Non-existing organization and state=absent (no change) + herve4m.quay.quay_team: + name: testteam3 + organization: nonexisting + role: member + state: absent + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + register: result + +- name: Ensure that the task did not change anything + ansible.builtin.assert: + that: not result['changed'] + fail_msg: The preceding task should not have changed anything + +- name: ERROR EXPECTED Non-existing organization + herve4m.quay.quay_team: + name: testteam3 + organization: nonexisting + role: member + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (non-existing organization) + +- name: ERROR EXPECTED Non-existing members + herve4m.quay.quay_team: + name: testteam4 + organization: ansibletestorg + role: admin + members: + - nonexistinguser1 + - nonexistinguser2 + append: false + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + ignore_errors: true + register: result + +- name: Ensure that the task failed + ansible.builtin.assert: + that: result['failed'] + fail_msg: The preceding task should have failed (non-existing members) + - name: Ensure the teams are removed herve4m.quay.quay_team: name: "{{ item }}" @@ -106,4 +172,5 @@ - testteam1 - testteam2 - testteam3 + - testteam4 ... diff --git a/tests/integration/targets/quay_vulnerability_info/tasks/main.yml b/tests/integration/targets/quay_vulnerability_info/tasks/main.yml index 9da9288..72d7af5 100644 --- a/tests/integration/targets/quay_vulnerability_info/tasks/main.yml +++ b/tests/integration/targets/quay_vulnerability_info/tasks/main.yml @@ -44,4 +44,17 @@ ansible.builtin.assert: that: vulns['vulnerabilities']|length == 0 fail_msg: The preceding task should not have returned vulnerabilities + +- name: Non-existing organization + herve4m.quay.quay_vulnerability_info: + image: nonexisting/dnsmasq:v1.0.0 + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + register: result + +- name: Ensure that the task did not change anything + ansible.builtin.assert: + that: not result['changed'] + fail_msg: The preceding task should not have changed anything ... diff --git a/tests/integration/targets/setup_token/tasks/main.yml b/tests/integration/targets/setup_token/tasks/main.yml index 7e773c1..84a8c78 100644 --- a/tests/integration/targets/setup_token/tasks/main.yml +++ b/tests/integration/targets/setup_token/tasks/main.yml @@ -8,8 +8,8 @@ # file is used instead. # 3) If the default_token parameter is still not set (not in defaults/main.yml # and not in /tmp/quay_collection_TOKEN.yml), then the module -# herve4m.quay.quay_first_user is used to create the first user account and -# get its token. If that fails, then an error is reported. +# herve4m.quay.quay_first_user is used to create the first user +# account and get its token. If that fails, then an error is reported. # 4) The retrieved token is stored in /tmp/quay_collection_TOKEN.yml so that it # can be reused by other playbooks. - name: Set the quay_token fact from defaults/main.yml