ansible-collections/google.cloud
1
0
Fork 0
mirror of https://github.com/ansible-collections/google.cloud.git synced 2025-07-31 17:11:31 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

feat(secretmanager): added support for regional secret manager

Browse source
This commit is contained in:
durgesh-ninave-crest 2025-05-13 18:36:36 +05:30
commit 9101671c0e
10 changed files with 595 additions and 62 deletions
Download patch file Download diff file Expand all files Collapse all files

1
tests/integration/targets/gcp_secret_manager/aliases Normal file
View file

@ -0,0 +1 @@
cloud/gcp

3
tests/integration/targets/gcp_secret_manager/defaults/main.yml Normal file
View file

@ -0,0 +1,3 @@
---
resource_name: "{{ resource_prefix }}"
lookup_resource_name: "{{ resource_prefix }}_lookup"

0
tests/integration/targets/gcp_secret_manager/meta/main.yml Normal file
View file

9
tests/integration/targets/gcp_secret_manager/tasks/main.yml Normal file
View file

@ -0,0 +1,9 @@
---
- name: Secrets tests
ansible.builtin.include_tasks: secrets.yml
- name: Secrets lookup tests
ansible.builtin.include_tasks: secretslookup.yml
- name: Regional Secrets tests
ansible.builtin.include_tasks: regionalsecrets.yml
- name: Regional Secrets lookup tests
ansible.builtin.include_tasks: regionalsecretslookup.yml

146
tests/integration/targets/gcp_secret_manager/tasks/regionalsecrets.yml Normal file
View file

@ -0,0 +1,146 @@
# Copyright 2024 Google Inc.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
# Pre-test setup
- name: Delete the regional test secret if it exists
google.cloud.gcp_secret_manager:
name: "{{ resource_name }}"
version: "all"
location: "us-central1"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: absent
# ----------------------------------------------------------
- name: Create a regional secret
google.cloud.gcp_secret_manager:
name: "{{ resource_name }}"
location: "us-central1"
value: "ansible-test-regional-secret-value"
labels:
key1: "val1"
key2: "val2"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: present
register: result
- name: Assert changed is true
ansible.builtin.assert:
that:
- result.changed == true
# ----------------------------------------------------------
- name: Create a regional secret that already exists
google.cloud.gcp_secret_manager:
name: "{{ resource_name }}"
location: "us-central1"
value: "ansible-test-regional-secret-value"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: present
register: result
- name: Assert changed is false
ansible.builtin.assert:
that:
- result.changed == false
# ----------------------------------------------------------
- name: Add a new version to a regional secret
google.cloud.gcp_secret_manager:
name: "{{ resource_name }}"
location: "us-central1"
value: "ansible-test-regional-secret-value-updated"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: present
register: result
- name: Assert changed is true
ansible.builtin.assert:
that:
- result.changed == true
# ----------------------------------------------------------
- name: Add a version that exists to a regional secret
google.cloud.gcp_secret_manager:
name: "{{ resource_name }}"
location: "us-central1"
value: "ansible-test-regional-secret-value-updated"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: present
register: result
- name: Assert changed is false
ansible.builtin.assert:
that:
- result.changed == false
# ----------------------------------------------------------
- name: Ensure the regional secret exists
google.cloud.gcp_secret_manager:
name: "{{ resource_name }}"
location: "us-central1"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: present
register: result
- name: Assert changed is false
ansible.builtin.assert:
that:
- result.changed == false
# ----------------------------------------------------------
- name: Delete the regional secret version
google.cloud.gcp_secret_manager:
name: "{{ resource_name }}"
location: "us-central1"
version: "1"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: absent
register: result
- name: Assert changed is true
ansible.builtin.assert:
that:
- result.changed == true
# ----------------------------------------------------------
- name: Delete the regional secret
google.cloud.gcp_secret_manager:
name: "{{ resource_name }}"
location: "us-central1"
version: "all"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: absent
register: result
- name: Assert changed is true
ansible.builtin.assert:
that:
- result.changed == true
# ----------------------------------------------------------
- name: Delete the regional secret that does not exist
google.cloud.gcp_secret_manager:
name: "{{ resource_name }}"
location: "us-central1"
version: "all"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: absent
register: result
- name: Assert changed is false
ansible.builtin.assert:
that:
- result.changed == false

76
tests/integration/targets/gcp_secret_manager/tasks/regionalsecretslookup.yml Normal file
View file

@ -0,0 +1,76 @@
# Copyright 2024 Google Inc.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
# Pre-test setup
- name: Delete the regional test secret if it exists
google.cloud.gcp_secret_manager:
name: "{{ lookup_resource_name }}"
version: "all"
location: "us-central1"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: absent
- name: Create a regional secret
google.cloud.gcp_secret_manager:
name: "{{ lookup_resource_name }}"
location: "us-central1"
value: "ansible lookup test regional secret value"
labels:
key1: "val1"
key2: "val2"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: present
- name: Add a new version to a regional secret
google.cloud.gcp_secret_manager:
name: "{{ lookup_resource_name }}"
location: "us-central1"
value: "ansible lookup test regional secret value updated"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: present
# ----------------------------------------------------------
- name: Retrieve the latest secret version of a regional secret
ansible.builtin.debug:
msg: "{{ lookup('google.cloud.gcp_secret_manager', key=lookup_resource_name, location='us-central1', project=gcp_project, auth_kind=gcp_cred_kind, service_account_file=gcp_cred_file | default(omit)) }}"
register: result
- name: Assert secret value
ansible.builtin.assert:
that:
- result.msg == "ansible lookup test regional secret value updated"
# ----------------------------------------------------------
- name: Retrieve the specified secret version of a regional secret
ansible.builtin.debug:
msg: "{{ lookup('google.cloud.gcp_secret_manager', key=lookup_resource_name, location='us-central1', version='1', project=gcp_project, auth_kind=gcp_cred_kind, service_account_file=gcp_cred_file | default(omit)) }}"
register: result
- name: Assert secret value
ansible.builtin.assert:
that:
- result.msg == "ansible lookup test regional secret value"
# ---------------------------------------------------------
# Post-test teardown
# If errors happen, don't crash the playbook!
- name: Delete the regional test secret
google.cloud.gcp_secret_manager:
name: "{{ lookup_resource_name }}"
location: "us-central1"
version: "all"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: absent
ignore_errors: true

137
tests/integration/targets/gcp_secret_manager/tasks/secrets.yml Normal file
View file

@ -0,0 +1,137 @@
# Copyright 2024 Google Inc.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
# Pre-test setup
- name: Delete the test secret if it exists
google.cloud.gcp_secret_manager:
name: "{{ resource_name }}"
version: "all"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: absent
# ----------------------------------------------------------
- name: Create a secret
google.cloud.gcp_secret_manager:
name: "{{ resource_name }}"
value: "ansible-test-secret-value"
labels:
key1: "val1"
key2: "val2"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: present
register: result
- name: Assert changed is true
ansible.builtin.assert:
that:
- result.changed == true
# ----------------------------------------------------------
- name: Create a secret that already exists
google.cloud.gcp_secret_manager:
name: "{{ resource_name }}"
value: "ansible-test-secret-value"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: present
register: result
- name: Assert changed is false
ansible.builtin.assert:
that:
- result.changed == false
# ----------------------------------------------------------
- name: Add a new version to a secret
google.cloud.gcp_secret_manager:
name: "{{ resource_name }}"
value: "ansible-test-secret-value-updated"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: present
register: result
- name: Assert changed is true
ansible.builtin.assert:
that:
- result.changed == true
# ----------------------------------------------------------
- name: Add a version that exists to a secret
google.cloud.gcp_secret_manager:
name: "{{ resource_name }}"
value: "ansible-test-secret-value-updated"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: present
register: result
- name: Assert changed is false
ansible.builtin.assert:
that:
- result.changed == false
# ----------------------------------------------------------
- name: Ensure the secret exists
google.cloud.gcp_secret_manager:
name: "{{ resource_name }}"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: present
register: result
- name: Assert changed is false
ansible.builtin.assert:
that:
- result.changed == false
# ----------------------------------------------------------
- name: Delete the secret version
google.cloud.gcp_secret_manager:
name: "{{ resource_name }}"
version: "1"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: absent
register: result
- name: Assert changed is true
ansible.builtin.assert:
that:
- result.changed == true
# ----------------------------------------------------------
- name: Delete the secret
google.cloud.gcp_secret_manager:
name: "{{ resource_name }}"
version: "all"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: absent
register: result
- name: Assert changed is true
ansible.builtin.assert:
that:
- result.changed == true
# ----------------------------------------------------------
- name: Delete the secret that does not exist
google.cloud.gcp_secret_manager:
name: "{{ resource_name }}"
version: "all"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: absent
register: result
- name: Assert changed is false
ansible.builtin.assert:
that:
- result.changed == false

72
tests/integration/targets/gcp_secret_manager/tasks/secretslookup.yml Normal file
View file

@ -0,0 +1,72 @@
# Copyright 2024 Google Inc.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
# Pre-test setup
- name: Delete the test secret if it exists
google.cloud.gcp_secret_manager:
name: "{{ lookup_resource_name }}"
version: "all"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: absent
- name: Create a secret
google.cloud.gcp_secret_manager:
name: "{{ lookup_resource_name }}"
value: "ansible lookup test secret value"
labels:
key1: "val1"
key2: "val2"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: present
- name: Add a new version to a secret
google.cloud.gcp_secret_manager:
name: "{{ lookup_resource_name }}"
value: "ansible lookup test secret value updated"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: present
# ----------------------------------------------------------
- name: Retrieve the latest secret version of a secret
ansible.builtin.debug:
msg: "{{ lookup('google.cloud.gcp_secret_manager', key=lookup_resource_name, project=gcp_project, auth_kind=gcp_cred_kind, service_account_file=gcp_cred_file | default(omit)) }}"
register: result
- name: Assert secret value
ansible.builtin.assert:
that:
- result.msg == "ansible lookup test secret value updated"
# ----------------------------------------------------------
- name: Retrieve the specified secret version of a secret
ansible.builtin.debug:
msg: "{{ lookup('google.cloud.gcp_secret_manager', key=lookup_resource_name, version='1', project=gcp_project, auth_kind=gcp_cred_kind, service_account_file=gcp_cred_file | default(omit)) }}"
register: result
- name: Assert secret value
ansible.builtin.assert:
that:
- result.msg == "ansible lookup test secret value"
# ---------------------------------------------------------
# Post-test teardown
# If errors happen, don't crash the playbook!
- name: Delete the test secret
google.cloud.gcp_secret_manager:
name: "{{ lookup_resource_name }}"
version: "all"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: absent
ignore_errors: true