mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
40fbee6369
* fix keyvault tests * missing keyvault requirement * fix keyvault auth bug * apply fix in secret * fix lint * enable keyvault key and secret tests * add azure service principal object_id lookup plugin * fix lint * add dependency in integration test * fix bug * put azure sp lookup plugin into test * fix lint * move lookup plugin * repath lookup plugin * repath lookup plugin * repath files * put az sp lookup plugin to lookup_plugins folder
79 lines
No EOL
2 KiB
YAML
79 lines
No EOL
2 KiB
YAML
- name: Prepare random number
|
|
set_fact:
|
|
rpfx: "{{ resource_group | hash('md5') | truncate(7, True, '') }}{{ 1000 | random }}"
|
|
tenant_id: "{{ lookup('env','AZURE_TENANT') }}"
|
|
run_once: yes
|
|
|
|
- name: set service principal info
|
|
set_fact:
|
|
azure_client_id: "{{ lookup('env','AZURE_CLIENT_ID') }}"
|
|
azure_secret: "{{ lookup('env','AZURE_SECRET') }}"
|
|
no_log: yes
|
|
|
|
- name: lookup service principal object id
|
|
set_fact:
|
|
object_id: "{{ lookup('azure_service_principal_attribute',
|
|
azure_client_id=azure_client_id,
|
|
azure_secret=azure_secret,
|
|
azure_tenant=tenant_id) }}"
|
|
register: object_id
|
|
|
|
- name: Create instance of Key Vault
|
|
azure_rm_keyvault:
|
|
resource_group: "{{ resource_group }}"
|
|
vault_name: "vault{{ rpfx }}"
|
|
enabled_for_deployment: yes
|
|
vault_tenant: "{{ tenant_id }}"
|
|
sku:
|
|
name: standard
|
|
family: A
|
|
access_policies:
|
|
- tenant_id: "{{ tenant_id }}"
|
|
object_id: "{{ object_id }}"
|
|
keys:
|
|
- get
|
|
- list
|
|
- update
|
|
- create
|
|
- import
|
|
- delete
|
|
- recover
|
|
- backup
|
|
- restore
|
|
secrets:
|
|
- get
|
|
- list
|
|
- set
|
|
- delete
|
|
- recover
|
|
- backup
|
|
- restore
|
|
register: output
|
|
|
|
- name: create a kevyault secret
|
|
block:
|
|
- azure_rm_keyvaultsecret:
|
|
keyvault_uri: https://vault{{ rpfx }}.vault.azure.net
|
|
secret_name: testsecret
|
|
secret_value: 'mysecret'
|
|
tags:
|
|
testing: test
|
|
delete: on-exit
|
|
register: output
|
|
- assert:
|
|
that: output.changed
|
|
rescue:
|
|
- azure_rm_keyvaultsecret:
|
|
keyvault_uri: https://vault{{ rpfx }}.vault.azure.net
|
|
state: absent
|
|
secret_name: testsecret
|
|
|
|
- name: delete a kevyault secret
|
|
azure_rm_keyvaultsecret:
|
|
keyvault_uri: https://vault{{ rpfx }}.vault.azure.net
|
|
state: absent
|
|
secret_name: testsecret
|
|
register: output
|
|
|
|
- assert:
|
|
that: output.changed |