From 3b4b2e5021aae3387c3e537e5f7f919f71465e7c Mon Sep 17 00:00:00 2001 From: Jakob Ackermann Date: Tue, 21 May 2019 08:54:06 +0200 Subject: [PATCH] [docker] support the lookup of images by digest (#56649) * [docker] images: add support for lookup by sha256 digest Signed-off-by: Jakob Ackermann * [tests] docker image by digest: work on a minimal test case Signed-off-by: Jakob Ackermann * [docker] group branch conditions per lookup Co-Authored-By: Felix Fontein * [misc] add a news fragment for the added digest lookup for docker images Signed-off-by: Jakob Ackermann --- .../56649-docker-image-lookup-by-digest.yml | 4 ++ lib/ansible/module_utils/docker/common.py | 4 +- .../tasks/tests/image-ids.yml | 42 +++++++++++++++++++ 3 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 changelogs/fragments/56649-docker-image-lookup-by-digest.yml diff --git a/changelogs/fragments/56649-docker-image-lookup-by-digest.yml b/changelogs/fragments/56649-docker-image-lookup-by-digest.yml new file mode 100644 index 0000000000..48c1dd3dd1 --- /dev/null +++ b/changelogs/fragments/56649-docker-image-lookup-by-digest.yml @@ -0,0 +1,4 @@ +bugfixes: + - docker_container - Add support for image lookups by digest. Fixes the detection of digest changes. + - docker_image - Add support for image lookups by digest. Fixes the detection of digest changes. + - docker_image_info - Add support for image lookups by digest. Fixes the detection of digest changes. diff --git a/lib/ansible/module_utils/docker/common.py b/lib/ansible/module_utils/docker/common.py index 51f70fb8d6..cda1488970 100644 --- a/lib/ansible/module_utils/docker/common.py +++ b/lib/ansible/module_utils/docker/common.py @@ -639,10 +639,12 @@ class AnsibleDockerClient(Client): images = response if tag: lookup = "%s:%s" % (name, tag) + lookup_digest = "%s@%s" % (name, tag) images = [] for image in response: tags = image.get('RepoTags') - if tags and lookup in tags: + digests = image.get('RepoDigests') + if (tags and lookup in tags) or (digests and lookup_digest in digests): images = [image] break return images diff --git a/test/integration/targets/docker_container/tasks/tests/image-ids.yml b/test/integration/targets/docker_container/tasks/tests/image-ids.yml index 9aee882945..55d23eb987 100644 --- a/test/integration/targets/docker_container/tasks/tests/image-ids.yml +++ b/test/integration/targets/docker_container/tasks/tests/image-ids.yml @@ -76,3 +76,45 @@ - create_2 is not changed - create_3 is changed - create_4 is not changed + +- name: set Digests + set_fact: + digest_hello_world_2016: 0256e8a36e2070f7bf2d0b0763dbabdd67798512411de4cdcf9431a1feb60fd9 + digest_hello_world_2019: 2557e3c07ed1e38f26e389462d03ed943586f744621577a99efb77324b0fe535 + +- name: Create container with hello-world image via old digest + docker_container: + image: "hello-world@sha256:{{ digest_hello_world_2016 }}" + name: "{{ cname }}" + state: present + force_kill: yes + register: digest_1 + +- name: Create container with hello-world image via old digest (idempotent) + docker_container: + image: "hello-world@sha256:{{ digest_hello_world_2016 }}" + name: "{{ cname }}" + state: present + force_kill: yes + register: digest_2 + +- name: Update container with hello-world image via new digest + docker_container: + image: "hello-world@sha256:{{ digest_hello_world_2019 }}" + name: "{{ cname }}" + state: present + force_kill: yes + register: digest_3 + +- name: Cleanup + docker_container: + name: "{{ cname }}" + state: absent + force_kill: yes + diff: no + +- assert: + that: + - digest_1 is changed + - digest_2 is not changed + - digest_3 is changed