Add basic test case for service account keys

This commit is contained in:
Benjamin Gandon 2024-01-22 17:43:31 +01:00
parent 56833b4be4
commit f404ab3a00
3 changed files with 105 additions and 1 deletions

View file

@ -1,3 +1,2 @@
---
# defaults file
resource_name: "{{ resource_prefix }}"

View file

@ -0,0 +1,3 @@
---
- name: Service Account Keys tests
ansible.builtin.include_tasks: service-account-keys.yml

View file

@ -0,0 +1,102 @@
---
# Pre-test setup
- name: Delete a service account
google.cloud.gcp_iam_service_account:
name: service-{{ resource_name.split("-")[-1] }}@{{ gcp_project }}.iam.gserviceaccount.com
display_name: Service Account used for Ansible integration tests
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: absent
- name: Delete a service account key file
connection: local
ansible.builtin.file:
path: "{{ gcp_cred_file }}-temporary-service-account-key"
state: absent
- name: Verify that service_account_key was deleted
connection: local
ansible.builtin.stat:
path: "{{ gcp_cred_file }}-temporary-service-account-key"
register: key_file
- name: Verify that command succeeded
ansible.builtin.assert:
that:
- key_file.stat.exists == false
- name: Create a service account
google.cloud.gcp_iam_service_account:
name: service-{{ resource_name.split("-")[-1] }}@{{ gcp_project }}.iam.gserviceaccount.com
display_name: Service Account used for Ansible integration tests
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: present
#----------------------------------------------------------
- name: Create a service account key
google.cloud.gcp_iam_service_account_key:
service_account:
name: service-{{ resource_name.split("-")[-1] }}@{{ gcp_project }}.iam.gserviceaccount.com
private_key_type: TYPE_GOOGLE_CREDENTIALS_FILE
path: "{{ gcp_cred_file }}-temporary-service-account-key"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: present
register: result
- name: Assert changed is true
ansible.builtin.assert:
that:
- result.changed == true
- name: Verify that service_account_key was created
connection: local
ansible.builtin.stat:
path: "{{ gcp_cred_file }}-temporary-service-account-key"
register: key_file
- name: Verify that command succeeded
ansible.builtin.assert:
that:
- key_file.stat.exists == true
- key_file.stat.isdir == false
- key_file.stat.size > 0
# ----------------------------------------------------------------------------
- name: Delete a service account key
google.cloud.gcp_iam_service_account_key:
service_account:
name: service-{{ resource_name.split("-")[-1] }}@{{ gcp_project }}.iam.gserviceaccount.com
private_key_type: TYPE_GOOGLE_CREDENTIALS_FILE
path: "{{ gcp_cred_file }}-temporary-service-account-key"
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: absent
register: result
- name: Assert changed is true
ansible.builtin.assert:
that:
- result.changed == true
# ----------------------------------------------------------------------------
# Pre-test tear down
- name: Delete a service account
google.cloud.gcp_iam_service_account:
name: service-{{ resource_name.split("-")[-1] }}@{{ gcp_project }}.iam.gserviceaccount.com
display_name: Service Account used for Ansible integration tests
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file | default(omit) }}"
state: absent