Fix idempotency for any podman secret driver (#929)

* Fix idempotency for any podman secret driver All secret drivers are provided with the same interface in podman, so there is no need to hardcode the state as changed for all drivers other than 'file'. Signed-off-by: lersveen <7195448+lersveen@users.noreply.github.com> * ci: add tests for shell secret driver Signed-off-by: lersveen <7195448+lersveen@users.noreply.github.com> --------- Signed-off-by: lersveen <7195448+lersveen@users.noreply.github.com>
2026-03-22 02:29:08 +00:00 · 2025-05-13 14:06:45 +02:00 · 2025-05-13 14:06:45 +02:00 · ac5da409fe
commit ac5da409fe
parent 8a57012970
2 changed files with 73 additions and 9 deletions
--- a/tests/integration/targets/podman_secret/tasks/main.yml
+++ b/tests/integration/targets/podman_secret/tasks/main.yml
@ -281,6 +281,73 @@
              - secretlabels is changed
              - secretlabels2 is not changed
              - secretlabels3 is changed
+        
+        - name: Set dummy shell secret driver opts
+          set_fact:
+            shell_driver_opts:
+              list: "cat ~/shellsecret_*"
+              lookup: "cat ~/shellsecret_${SECRET_ID}"
+              store: "cat > ~/shellsecret_${SECRET_ID}"
+              delete: "rm ~/shellsecret_${SECRET_ID}"
+
+        - name: Create secret with shell driver
+          containers.podman.podman_secret:
+            executable: "{{ test_executable | default('podman') }}"
+            name: shellsecret
+            data: secret content
+            driver: shell
+            driver_opts: "{{ shell_driver_opts }}"
+          register: shellsecret_changed
+
+        - name: Create secret with shell driver and same content
+          containers.podman.podman_secret:
+            executable: "{{ test_executable | default('podman') }}"
+            name: shellsecret
+            data: secret content
+            driver: shell
+            driver_opts: "{{ shell_driver_opts }}"
+          register: shellsecret_changed2
+        
+        - name: Create secret with shell driver and different content
+          containers.podman.podman_secret:
+            executable: "{{ test_executable | default('podman') }}"
+            name: shellsecret
+            data: some other secret content
+            driver: shell
+            driver_opts: "{{ shell_driver_opts }}"
+          register: shellsecret_changed3
+        
+        - name: Show shell secret
+          containers.podman.podman_secret_info:
+            executable: "{{ test_executable | default('podman') }}"
+            name: shellsecret
+            showsecret: true
+          register: shellsecret_info
+
+        - name: Remove shell secret
+          containers.podman.podman_secret:
+            executable: "{{ test_executable | default('podman') }}"
+            state: absent
+            name: shellsecret
+          register: shellsecret_removed
+        
+        - name: Remove shell secret again
+          containers.podman.podman_secret:
+            executable: "{{ test_executable | default('podman') }}"
+            state: absent
+            name: shellsecret
+          register: shellsecret_removed2
+
+        - name: Check shell secret outputs
+          assert:
+            that:
+              - shellsecret_changed is changed
+              - shellsecret_changed2 is not changed
+              - shellsecret_changed3 is changed
+              - shellsecret_info is success
+              - shellsecret_info.secrets.0.SecretData == "some other secret content"
+              - shellsecret_removed is changed
+              - shellsecret_removed2 is not changed

    - name: Remove secret
      containers.podman.podman_secret: