docker_secret, docker_config: allow to base64-decode data (#49688)

* Adjust docker_config and docker_secret to be more similar.

* Add data_is_b64 parameter to docker_secret and docker_config.

* Add changelog.

lib/ansible/modules/cloud/docker/docker_config.py

@@ -32,6 +32,14 @@ options:
       - The value of the config. Required when state is C(present).
     required: false
     type: str
+  data_is_b64:
+    description:
+      - If set to C(true), the data is assumed to be Base64 encoded and will be
+        decoded before being used.
+      - To use binary C(data), it is better to keep it Base64 encoded and let it
+        be decoded by this option.
+    default: false
+    type: bool
   labels:
     description:
       - "A map of key:value meta data, where both the I(key) and I(value) are expected to be a string."
@@ -80,7 +88,11 @@ EXAMPLES = '''
 - name: Create config foo (from a file on the control machine)
   docker_config:
     name: foo
-    data: "{{ lookup('file', '/path/to/config/file') }}"
+    # If the file is JSON or binary, Ansible might modify it (because
+    # it is first decoded and later re-encoded). Base64-encoding the
+    # file directly after reading it prevents this to happen.
+    data: "{{ lookup('file', '/path/to/config/file') | base64 }}"
+    data_is_b64: true
     state: present
 
 - name: Change the config data
@@ -144,12 +156,13 @@ config_id:
   sample: 'hzehrmyjigmcp2gb6nlhmjqcv'
 '''
 
+import base64
 import hashlib
 
 try:
     from docker.errors import APIError
 except ImportError:
-    # missing docker-py handled in ansible.module_utils.docker
+    # missing docker-py handled in ansible.module_utils.docker_common
     pass
 
 from ansible.module_utils.docker_common import AnsibleDockerClient, DockerBaseClass, compare_generic
@@ -170,13 +183,18 @@ class ConfigManager(DockerBaseClass):
         self.name = parameters.get('name')
         self.state = parameters.get('state')
         self.data = parameters.get('data')
+        if self.data is not None:
+            if parameters.get('data_is_b64'):
+                self.data = base64.b64decode(self.data)
+            else:
+                self.data = to_bytes(self.data)
         self.labels = parameters.get('labels')
         self.force = parameters.get('force')
         self.data_key = None
 
     def __call__(self):
         if self.state == 'present':
-            self.data_key = hashlib.sha224(to_bytes(self.data)).hexdigest()
+            self.data_key = hashlib.sha224(self.data).hexdigest()
             self.present()
         elif self.state == 'absent':
             self.absent()
@@ -252,6 +270,7 @@ def main():
         name=dict(type='str', required=True),
         state=dict(type='str', choices=['absent', 'present'], default='present'),
         data=dict(type='str'),
+        data_is_b64=dict(type='bool', default=False),
         labels=dict(type='dict'),
         force=dict(type='bool', default=False)
     )