ansible-role-container-registry/molecule/login/playbook.yml

---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

####
# Testing that the role fails with information when we are not passing
# credentials for the login
#
- name: Ensure role checks for missing information
  hosts: all
  tasks:
    - set_fact:
        role_failed: false

    - name: ensure role fails when credentials missing
      block:
        - include_role:
            name: ansible-role-container-registry
            tasks_from: registry-login
          vars:
            ansible_python_interpreter: "{{ ansible_user_dir }}/test-python/bin/python"
      rescue:
        - set_fact:
            role_failed: true

    - name: assert on missing credentials
      assert:
        that: role_failed != false
        fail_msg: Role did not fail and it should have while passing no credential
        success_msg: Role failed correctly while passing no credentials

#####
# We don't want to pollute the host by installing packages that
# should be installed elsewhere and maybe from different repository
# Here we test that we are removing any client package after installing it
# As sometimes the package is installed before we run this role, we are also
# testing that we are removing packages if and only if we were the ones
# installing it.
#
- name: Check role behaviour with docker installation
  hosts: instance-login
  vars:
    docker_login_cache: /root/.docker/config.json
    docker_socket: /var/run/docker.sock
    container_registry_logins:
      localhost:5000:
        testuser: testpassword
  tasks:
    - name: preinstall docker
      become: true
      package:
        name: docker
        state: present

    - name: Include role with docker preinstalled
      include_role:
        name: ansible-role-container-registry
        tasks_from: install-engine
      vars:
        ansible_python_interpreter: "{{ ansible_user_dir }}/test-python/bin/python"

    - name: remove clients with docker preinstalled
      include_role:
        name: ansible-role-container-registry
        tasks_from: cleanup-engine
      vars:
        ansible_python_interpreter: "{{ ansible_user_dir }}/test-python/bin/python"
        container_registry_cleanup_client: true

    - name: Check if tasks removed docker and it shouldn't
      assert:
        that:
          - remove_docker is not defined or remove_docker is skipped
        fail_msg: Role removed docker when it shouldn't have
        success_msg: Role correctly left docker as it was installed before

    - name: remove docker
      become: true
      package:
        name: docker
        state: absent

    - name: Install client without docker preinstalled
      include_role:
        name: ansible-role-container-registry
        tasks_from: install-engine
      vars:
        ansible_python_interpreter: "{{ ansible_user_dir }}/test-python/bin/python"

    - name: Cleanup client without docker preinstalled
      include_role:
        name: ansible-role-container-registry
        tasks_from: cleanup-engine
      vars:
        ansible_python_interpreter: "{{ ansible_user_dir }}/test-python/bin/python"
        container_registry_cleanup_client: true

    - name: Check if tasks removed docker
      assert:
        that:
          - remove_docker is defined
        fail_msg: Role did not remove docker when it should have
        success_msg: Role correctly removed docker as it was not present before call

####
# This play tests that docker is chosen in centos7 and the login successfully
# created a auth cache file
# it also ensure that docker deamon is still running after we remove the client
#
- name: Test login behaviour in centos7
  hosts: instance-login
  vars:
    docker_login_cache: /root/.docker/config.json
    docker_socket: /var/run/docker.sock
    container_registry_logins:
        localhost:5000:
            testuser: testpassword
  tasks:
    - include_role:
        name: ansible-role-container-registry
        tasks_from: registry-login

    - name: check credentials file
      become: true
      stat:
        path: "{{ docker_login_cache }}"
      register: cache_file

    - block:
        - name: assert on file existence
          assert:
            that:
              - cache_file.stat.exists
            fail_msg: Credential file was not created
            success_msg: Credential file correctly present
          failed_when: false
      rescue:
        - debug:
            msg: noop

    - name: Verify credentials can be used
      block:
        - name: create build dir
          file:
            path: /tmp/tempimage
            state: directory

        - name: create Dockerfile
          copy:
            content: |
              FROM scratch
              ADD nothing /              
            dest: /tmp/tempimage/Dockerfile

        - name: Build test image
          become: true
          shell: |
            cd /tmp/tempimage
            touch nothing
            docker build -t localhost:5000/test/testimage:v1 .            
          register: build

    - name: Verify authenticated push works
      become: true
      shell: |
        docker push localhost:5000/test/testimage:v1        

    - name: Cleanup
      include_role:
        name: ansible-role-container-registry
        tasks_from: cleanup-engine
      vars:
        ansible_python_interpreter: "{{ ansible_user_dir }}/test-python/bin/python"
        container_registry_cleanup_client: true