diff --git a/.ansible-lint b/.ansible-lint index 38876b1..48dd59e 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,4 +1,5 @@ --- exclude_paths: - tests/sample_manual_test.yml - - changelogs +supported_ansible_also: + - "2.14" diff --git a/.github/actions/fix-crun/action.yml b/.github/actions/fix-crun/action.yml deleted file mode 100644 index b48f9d7..0000000 --- a/.github/actions/fix-crun/action.yml +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright (c) 2024 Markus Falb -# GNU General Public License v3.0+ -# see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt ---- - -# https://github.com/actions/runner-images/issues/9425 -name: Fix crun -description: Fix crun because of incompatible kernel - -inputs: - checksums: - description: The path to the CHECKSUM file - type: string - required: true - -runs: - using: composite - steps: - - name: patch crun - shell: bash - env: - # yamllint disable rule:line-length - URI: https://github.com/containers/crun/releases/download/1.14.4/crun-1.14.4-linux-amd64 - # yamllint enable rule:line-length - CHECKSUMS: ${{ inputs.checksums }} - run: | - cd $(dirname "$CHECKSUMS") - test -f "$(basename $CHECKSUMS)" - curl -Lo crun "$URI" - sha256sum -c "$(basename $CHECKSUMS)" - sudo install crun /usr/bin/crun -... diff --git a/.github/files/galaxy.yml.j2 b/.github/files/galaxy.yml.j2 new file mode 100644 index 0000000..a533570 --- /dev/null +++ b/.github/files/galaxy.yml.j2 @@ -0,0 +1,26 @@ +--- +namespace: {{ collection_namespace }} +name: {{ collection_name }} +version: {{ collection_version }} +readme: README.md +authors: + - Hervé Quatremain + - Tom Page +description: Ansible modules to manage Quay Container Registry installations +license: + - GPL-3.0-or-later +tags: + - application + - quay + - registry +repository: {{ collection_repo }} + +# The URL to any online docs +documentation: {{ collection_repo }} + +# The URL to the home page of the collection/project +homepage: {{ collection_repo }} + +# The URL to the collection issue tracker +issues: {{ collection_repo }}/issues +... diff --git a/.github/workflows/ansible-integration.yml b/.github/workflows/ansible-integration.yml index 88d6cf9..bfbc8be 100644 --- a/.github/workflows/ansible-integration.yml +++ b/.github/workflows/ansible-integration.yml @@ -21,7 +21,7 @@ jobs: working-directory: ./ansible_collections/infra/quay_configuration/tests - name: Deploy Quay - run: docker-compose up -d + run: docker compose up -d working-directory: ./ansible_collections/infra/quay_configuration/tests - uses: actions/setup-python@v5 @@ -50,7 +50,7 @@ jobs: --group-by version working-directory: ./ansible_collections/infra/quay_configuration - # See the repots at https://codecov.io/gh/infra/quay_configuration + # See the reports at https://codecov.io/gh/infra/quay_configuration - uses: codecov/codecov-action@v4 with: fail_ci_if_error: false diff --git a/.github/workflows/ansible-sanity.yml b/.github/workflows/ansible-sanity.yml deleted file mode 100644 index 3fa8b34..0000000 --- a/.github/workflows/ansible-sanity.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -name: Sanity Test -on: - push: - branches: - - main - pull_request: - -jobs: - integration: - runs-on: ubuntu-latest - steps: - # Work around https://github.com/actions/runner-images/issues/9425 - - uses: actions/checkout@v4 - - name: Install crun - uses: ./.github/actions/fix-crun - with: - checksums: CHECKSUMS - - - uses: actions/setup-python@v5 - with: - python-version: '3.12' - - - name: Install required packages - run: pip install -Iv ansible - - - uses: actions/checkout@v4 - with: - path: ansible_collections/infra/quay_configuration - - - name: Run sanity tests - run: > - ANSIBLE_TEST_PREFER_PODMAN=1 ansible-test sanity - --docker default -v --color - working-directory: ./ansible_collections/infra/quay_configuration -... diff --git a/.github/workflows/doc-lint.yml b/.github/workflows/doc-lint.yml new file mode 100644 index 0000000..0420d4e --- /dev/null +++ b/.github/workflows/doc-lint.yml @@ -0,0 +1,25 @@ +--- +name: Linting Collection Documentation + +on: + push: + branches: + - main + pull_request: + +jobs: + documentation-linting: + runs-on: ubuntu-latest + steps: + - uses: actions/setup-python@v5 + with: + python-version: '3.x' + + - name: Install required packages + run: pip install -Iv ansible-core antsibull-docs + + - uses: actions/checkout@v4 + + - name: Lint documentation + run: antsibull-docs lint-collection-docs --plugin-docs . +... diff --git a/.github/workflows/pre-commit-sanity.yml b/.github/workflows/pre-commit-sanity.yml new file mode 100644 index 0000000..79d0c4e --- /dev/null +++ b/.github/workflows/pre-commit-sanity.yml @@ -0,0 +1,22 @@ +--- +# This workflow runs pre-commit, which executes Ansible and YAML linting. +# See .pre-commit-config.yaml for more details. +# The workflow also runs Ansible sanity tests +name: Pre-commit and Sanity Tests + +on: + push: + branches: + - main + pull_request: + +jobs: + pre-commit_and_sanity: + uses: + redhat-cop/ansible_collections_tooling/.github/workflows/pre_commit_and_sanity.yml@main + with: + collection_namespace: infra + collection_name: quay_configuration + collection_version: 2.0.0 + collection_repo: https://github.com/redhat-cop/quay_configuration +... diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml deleted file mode 100644 index 1975770..0000000 --- a/.github/workflows/pre-commit.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# This workflow action runs pre-commit, which executes Ansible and yaml linting -# See .pre-commit-config.yaml for more details -name: Code Linting - -on: - push: - branches: - - main - pull_request: - -jobs: - pre-commit: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - uses: actions/setup-python@v5 - with: - python-version: '3.11' - - - name: Install required packages - run: pip install -Iv ansible-core ansible-lint flake8 yamllint black - - - uses: pre-commit/action@v3.0.1 -... diff --git a/.github/workflows/update-pre-commit.yml b/.github/workflows/update-pre-commit.yml new file mode 100644 index 0000000..cce665e --- /dev/null +++ b/.github/workflows/update-pre-commit.yml @@ -0,0 +1,16 @@ +--- +name: Update pre-commit Configuration + +on: + schedule: + - cron: "4 2 * * 0" + +jobs: + pre-commit: + uses: + redhat-cop/ansible_collections_tooling/.github/workflows/update_precommit.yml@main + with: + github_actor: ${{ github.actor }} + secrets: + token: ${{ secrets.GITHUB_TOKEN }} +... diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 99d8941..9bbbd0a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -20,7 +20,7 @@ repos: types: - yaml - repo: https://github.com/psf/black - rev: 24.4.2 + rev: 24.8.0 hooks: - id: black name: black diff --git a/.yamllint b/.yamllint index 9538d15..7c81bd4 100644 --- a/.yamllint +++ b/.yamllint @@ -21,4 +21,10 @@ rules: - 'on' - 'true' - 'false' + comments: + min-spaces-from-content: 1 + comments-indentation: disable + octal-values: + forbid-implicit-octal: true + forbid-explicit-octal: true ... diff --git a/README.md b/README.md index 4765563..97e1c2c 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,6 @@ # Quay Container Registry Collection for Ansible -[![Code Linting](https://github.com/redhat-cop/quay_configuration/actions/workflows/pre-commit.yml/badge.svg)](https://github.com/redhat-cop/quay_configuration/actions/workflows/pre-commit.yml) -[![Sanity Test](https://github.com/redhat-cop/quay_configuration/actions/workflows/ansible-sanity.yml/badge.svg)](https://github.com/redhat-cop/quay_configuration/actions/workflows/ansible-sanity.yml) +[![Sanity Test](https://github.com/redhat-cop/quay_configuration/actions/workflows/pre-commit-sanity.yml/badge.svg)](https://github.com/redhat-cop/quay_configuration/actions/workflows/pre-commit-sanity.yml) [![Integration Test](https://github.com/redhat-cop/quay_configuration/actions/workflows/ansible-integration.yml/badge.svg)](https://github.com/redhat-cop/quay_configuration/actions/workflows/ansible-integration.yml) @@ -9,45 +8,58 @@ The collection provides modules for managing your Quay Container Registry deploy ## Included Content -The modules have been tested against versions 3.10, 3.11, and 3.12 of Quay Container Registry. +After you install the collection, use the `ansible-doc` command to access the collection documentation. ### Modules + +Run the `ansible-doc -l infra.quay_configuration` command to list the modules that the collection provides. +For accessing the documentation of a module, use the `ansible-doc infra.quay_configuration.` command. + +You can also access the documentation from [Ansible Galaxy](https://galaxy.ansible.com/ui/repo/published/infra/quay_configuration/docs/). + Name | Description ---: | :--- -[quay_api_token](https://github.com/redhat-cop/quay_configuration/blob/main/docs/quay_api_token_module.rst) | Create OAuth access tokens for accessing the Quay Container Registry API -[quay_application](https://github.com/redhat-cop/quay_configuration/blob/main/docs/quay_application_module.rst) | Manage Quay Container Registry applications -[quay_default_perm](https://github.com/redhat-cop/quay_configuration/blob/main/docs/quay_default_perm_module.rst) | Manage Quay Container Registry default repository permissions -[quay_docker_token](https://github.com/redhat-cop/quay_configuration/blob/main/docs/quay_docker_token_module.rst) | Manage tokens for accessing Quay Container Registry repositories -[quay_first_user](https://github.com/redhat-cop/quay_configuration/blob/main/docs/quay_first_user_module.rst) | Create the first user account -[quay_layer_info](https://github.com/redhat-cop/quay_configuration/blob/main/docs/quay_layer_info_module.rst) | Gather information about image layers in Quay Container Registry -[quay_manifest_label](https://github.com/redhat-cop/quay_configuration/blob/main/docs/quay_manifest_label_module.rst) | Manage Quay Container Registry image manifest labels -[quay_manifest_label_info](https://github.com/redhat-cop/quay_configuration/blob/main/docs/quay_manifest_label_info_module.rst) | Gather information about manifest labels in Quay Container Registry -[quay_message](https://github.com/redhat-cop/quay_configuration/blob/main/docs/quay_message_module.rst) | Manage Quay Container Registry global messages -[quay_notification](https://github.com/redhat-cop/quay_configuration/blob/main/docs/quay_notification_module.rst) | Manage Quay Container Registry repository notifications -[quay_organization](https://github.com/redhat-cop/quay_configuration/blob/main/docs/quay_organization_module.rst) | Manage Quay Container Registry organizations -[quay_proxy_cache](https://github.com/redhat-cop/quay_configuration/blob/main/docs/quay_proxy_cache_module.rst) | Manage Quay Container Registry proxy cache configurations -[quay_quota](https://github.com/redhat-cop/quay_configuration/blob/main/docs/quay_quota_module.rst) | Manage Quay Container Registry organizations quota -[quay_repository](https://github.com/redhat-cop/quay_configuration/blob/main/docs/quay_repository_module.rst) | Manage Quay Container Registry repositories -[quay_repository_mirror](https://github.com/redhat-cop/quay_configuration/blob/main/docs/quay_repository_mirror_module.rst) | Manage Quay Container Registry repository mirrors -[quay_robot](https://github.com/redhat-cop/quay_configuration/blob/main/docs/quay_robot_module.rst) | Manage Quay Container Registry robot accounts -[quay_tag](https://github.com/redhat-cop/quay_configuration/blob/main/docs/quay_tag_module.rst) | Manage Quay Container Registry image tags -[quay_tag_info](https://github.com/redhat-cop/quay_configuration/blob/main/docs/quay_tag_info_module.rst) | Gather information about tags in a Quay Container Registry repository -[quay_team](https://github.com/redhat-cop/quay_configuration/blob/main/docs/quay_team_module.rst) | Manage Quay Container Registry teams -[quay_team_ldap](https://github.com/redhat-cop/quay_configuration/blob/main/docs/quay_team_ldap_module.rst) | Synchronize Quay Container Registry teams with LDAP groups -[quay_team_oidc](https://github.com/redhat-cop/quay_configuration/blob/main/docs/quay_team_oidc_module.rst) | Synchronize Quay Container Registry teams with OIDC groups -[quay_user](https://github.com/redhat-cop/quay_configuration/blob/main/docs/quay_user_module.rst) | Manage Quay Container Registry users -[quay_vulnerability_info](https://github.com/redhat-cop/quay_configuration/blob/main/docs/quay_vulnerability_info_module.rst) | Gather information about image vulnerabilities in Quay Container Registry +`quay_api_token` | Create OAuth access tokens for accessing the Quay Container Registry API +`quay_application` | Manage Quay Container Registry applications +`quay_default_perm` | Manage Quay Container Registry default repository permissions +`quay_docker_token` | Manage tokens for accessing Quay Container Registry repositories +`quay_first_user` | Create the first user account +`quay_layer_info` | Gather information about image layers in Quay Container Registry +`quay_manifest_label` | Manage Quay Container Registry image manifest labels +`quay_manifest_label_info` | Gather information about manifest labels in Quay Container Registry +`quay_message` | Manage Quay Container Registry global messages +`quay_notification` | Manage Quay Container Registry repository notifications +`quay_organization` | Manage Quay Container Registry organizations +`quay_proxy_cache` | Manage Quay Container Registry proxy cache configurations +`quay_quota` | Manage Quay Container Registry organizations quota +`quay_repository` | Manage Quay Container Registry repositories +`quay_repository_mirror` | Manage Quay Container Registry repository mirror configurations +`quay_robot` | Manage Quay Container Registry robot accounts +`quay_tag` | Manage Quay Container Registry image tags +`quay_tag_info` | Gather information about tags in a Quay Container Registry repository +`quay_team` | Manage Quay Container Registry teams +`quay_team_ldap` | Synchronize Quay Container Registry teams with LDAP groups +`quay_team_oidc` | Synchronize Quay Container Registry teams with OIDC groups +`quay_user` | Manage Quay Container Registry users + ### Jinja2 Filters + +Run the `ansible-doc -t filter -l infra.quay_configuration` command to list the filters that the collection provides. +For accessing the documentation of a filter, use the `ansible-doc -t filter infra.quay_configuration.` command. + Name | Description ---: | :--- -[quay_docker_config](https://github.com/redhat-cop/quay_configuration/blob/main/docs/quay_docker_config_filter.rst) | Build a Docker configuration in JSON format +`quay_docker_config` | Build a Docker configuration in JSON format ### Roles + +Run the `ansible-doc -t role -l infra.quay_configuration` command to list the roles that the collection provides. +For accessing the documentation of a role, use the `ansible-doc -t role infra.quay_configuration.` command. + Name | Description ---: | :--- -[quay_org](https://github.com/redhat-cop/quay_configuration/blob/main/roles/quay_org/README.md) ([variables](https://github.com/redhat-cop/quay_configuration/blob/main/docs/quay_org_role.rst)) | Create and configure a Quay Container Registry organization | [quay_org](https://github.com/redhat-cop/quay_configuration/blob/main/docs/quay_org_role.rst) - +`quay_org` | Create and configure a Quay Container Registry organization ## Installing the Collection @@ -68,7 +80,7 @@ collections: Use the `ansible-galaxy collection install -r collections/requirements.yml` command to install the collection from this file. If you manage your Ansible project in automation controller, then automation controller detects this `collections/requirements.yml` file, and automatically installs the collection. -You can also download the tar archive from [Ansible Galaxy](https://galaxy.ansible.com/herve4m/quay), and then manually install the collection. +You can also download the tar archive from [Ansible Galaxy](https://galaxy.ansible.com/infra/quay_configuration), and then manually install the collection. See [Ansible -- Using collections](https://docs.ansible.com/ansible/latest/user_guide/collections_using.html) for more details. @@ -168,6 +180,7 @@ When your play calls multiple modules from the collection, you can group common For example, instead of repeating the `quay_host`, `quay_username`, and `quay_password` parameters in each task, you can declare them at the top of your play: ```yaml +--- - name: Creating the development organization and the developers team hosts: localhost diff --git a/docs/environment_variables.rst b/docs/environment_variables.rst deleted file mode 100644 index 3007982..0000000 --- a/docs/environment_variables.rst +++ /dev/null @@ -1,15 +0,0 @@ - -:orphan: - -.. meta:: - :antsibull-docs: 2.12.0 - -.. _list_of_collection_env_vars: - -Index of all Collection Environment Variables -============================================= - -The following index documents all environment variables declared by plugins in collections. -Environment variables used by the ansible-core configuration are documented in :ref:`ansible_configuration_settings`. - -No environment variables have been defined. diff --git a/docs/index.rst b/docs/index.rst deleted file mode 100644 index 5cf8ccd..0000000 --- a/docs/index.rst +++ /dev/null @@ -1,134 +0,0 @@ - - -.. meta:: - :antsibull-docs: 2.12.0 - - -.. _plugins_in_infra.quay_configuration: - -Infra.Quay_Configuration -======================== - -Collection version 2.1.0 - -.. contents:: - :local: - :depth: 1 - -Description ------------ - -Ansible modules to manage Quay Container Registry installations - -**Authors:** - -* Hervé Quatremain -* Tom Page - -**Supported ansible-core versions:** - -* 2.15.0 or newer - -.. ansible-links:: - - - title: "Issue Tracker" - url: "https://github.com/redhat-cop/quay_configuration/issues" - external: true - - title: "Repository (Sources)" - url: "https://github.com/redhat-cop/quay_configuration" - external: true - - - - -.. toctree:: - :maxdepth: 1 - -Plugin Index ------------- - -These are the plugins in the infra.quay_configuration collection: - - -Modules -~~~~~~~ - -* :ansplugin:`quay_api_token module ` -- Create OAuth access tokens for accessing the Quay Container Registry API -* :ansplugin:`quay_application module ` -- Manage Quay Container Registry applications -* :ansplugin:`quay_default_perm module ` -- Manage Quay Container Registry default repository permissions -* :ansplugin:`quay_docker_token module ` -- Manage tokens for accessing Quay Container Registry repositories -* :ansplugin:`quay_first_user module ` -- Create the first user account -* :ansplugin:`quay_layer_info module ` -- Gather information about image layers in Quay Container Registry -* :ansplugin:`quay_manifest_label module ` -- Manage Quay Container Registry image manifest labels -* :ansplugin:`quay_manifest_label_info module ` -- Gather information about manifest labels in Quay Container Registry -* :ansplugin:`quay_message module ` -- Manage Quay Container Registry global messages -* :ansplugin:`quay_notification module ` -- Manage Quay Container Registry repository notifications -* :ansplugin:`quay_organization module ` -- Manage Quay Container Registry organizations -* :ansplugin:`quay_proxy_cache module ` -- Manage Quay Container Registry proxy cache configurations -* :ansplugin:`quay_quota module ` -- Manage Quay Container Registry organizations quota -* :ansplugin:`quay_repository module ` -- Manage Quay Container Registry repositories -* :ansplugin:`quay_repository_mirror module ` -- Manage Quay Container Registry repository mirror configurations -* :ansplugin:`quay_robot module ` -- Manage Quay Container Registry robot accounts -* :ansplugin:`quay_tag module ` -- Manage Quay Container Registry image tags -* :ansplugin:`quay_tag_info module ` -- Gather information about tags in a Quay Container Registry repository -* :ansplugin:`quay_team module ` -- Manage Quay Container Registry teams -* :ansplugin:`quay_team_ldap module ` -- Synchronize Quay Container Registry teams with LDAP groups -* :ansplugin:`quay_team_oidc module ` -- Synchronize Quay Container Registry teams with OIDC groups -* :ansplugin:`quay_user module ` -- Manage Quay Container Registry users -* :ansplugin:`quay_vulnerability_info module ` -- Gather information about image vulnerabilities in Quay Container Registry - -.. toctree:: - :maxdepth: 1 - :hidden: - - quay_api_token_module - quay_application_module - quay_default_perm_module - quay_docker_token_module - quay_first_user_module - quay_layer_info_module - quay_manifest_label_module - quay_manifest_label_info_module - quay_message_module - quay_notification_module - quay_organization_module - quay_proxy_cache_module - quay_quota_module - quay_repository_module - quay_repository_mirror_module - quay_robot_module - quay_tag_module - quay_tag_info_module - quay_team_module - quay_team_ldap_module - quay_team_oidc_module - quay_user_module - quay_vulnerability_info_module - - -Filter Plugins -~~~~~~~~~~~~~~ - -* :ansplugin:`quay_docker_config filter ` -- Build a Docker configuration in JSON format - -.. toctree:: - :maxdepth: 1 - :hidden: - - quay_docker_config_filter - - -Role Index ----------- - -These are the roles in the infra.quay_configuration collection: - -* :ansplugin:`quay_org role ` -- Create and configure a Quay Container Registry organization - - -.. toctree:: - :maxdepth: 1 - :hidden: - - quay_org_role - diff --git a/docs/quay_api_token_module.rst b/docs/quay_api_token_module.rst deleted file mode 100644 index b2a908a..0000000 --- a/docs/quay_api_token_module.rst +++ /dev/null @@ -1,369 +0,0 @@ - -.. Document meta - -:orphan: - -.. |antsibull-internal-nbsp| unicode:: 0xA0 - :trim: - -.. meta:: - :antsibull-docs: 2.12.0 - -.. Anchors - -.. _ansible_collections.infra.quay_configuration.quay_api_token_module: - -.. Anchors: short name for ansible.builtin - -.. Title - -infra.quay_configuration.quay_api_token module -- Create OAuth access tokens for accessing the Quay Container Registry API -++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -.. Collection note - -.. note:: - This module is part of the `infra.quay_configuration collection `_ (version 2.1.0). - - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. - - To install it, use: :code:`ansible-galaxy collection install infra.quay\_configuration`. - - To use it in a playbook, specify: :code:`infra.quay_configuration.quay_api_token`. - -.. version_added - -.. rst-class:: ansible-version-added - -New in infra.quay\_configuration 0.0.12 - -.. contents:: - :local: - :depth: 1 - -.. Deprecated - - -Synopsis --------- - -.. Description - -- Create OAuth access tokens for authenticating with the API. - - -.. Aliases - - -.. Requirements - - - - - - -.. Options - -Parameters ----------- - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Parameter

Comments

-
-

client_id

- -

- string - / required -

-
-

The client ID associated with the OAuth application to use for generating the OAuth access token.

-

See the infra.quay_configuration.quay_application module to create an application object and to retrieve the associated client ID.

-
-
-

quay_host

- -

- string -

-
-

URL for accessing the API. https://quay.example.com:8443 for example.

-

If you do not set the parameter, then the module uses the QUAY_HOST environment variable.

-

If you do no set the environment variable either, then the module uses the http://127.0.0.1 URL.

-

Default: "http://127.0.0.1"

-
-
-

quay_password

- -

- string - / required -

-
-

The password to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_PASSWORD environment variable.

-
-
-

quay_username

- -

- string - / required -

-
-

The username to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_USERNAME environment variable.

-
-
-

rights

- -

- list - / elements=string -

-
-

List of permissions to grant to the user account. all means all the permissions.

-

Choices:

-
    -

  • "org:admin"

    • -

  • "repo:admin"

    • -

  • "repo:create"

    • -

  • "repo:read" ← (default)

    • -

  • "repo:write"

    • -

  • "super:user"

    • -

  • "user:admin"

    • -

  • "user:read"

    • -

  • "all"

    • -
- -

Default: ["repo:read"]

-
-
-
-

validate_certs

- -

aliases: verify_ssl

-

- boolean -

-
-

Whether to allow insecure connections to the API.

-

If no, then the module does not validate SSL certificates.

-

If you do not set the parameter, then the module tries the QUAY_VERIFY_SSL environment variable (yes, 1, and True mean yes, and no, 0, False, and no value mean no).

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
- - - -.. Attributes - - -.. Notes - -Notes ------ - -.. note:: - - Supports \ :literal:`check\_mode`\ . - - The generated OAuth access token acts on behalf of the user account you use with the module (in \ :emphasis:`quay\_username`\ ). - - The user must have admin rights to the application's organization, by being the creator of this organization, or by belonging to a team with admin rights. - - The module is not idempotent. Every time you run it, an additional OAuth access token is produced. The other OAuth access tokens stay valid. - - You cannot delete OAuth access tokens. - -.. Seealso - - -.. Examples - -Examples --------- - -.. code-block:: yaml+jinja - - - - name: Generate an OAuth access token - infra.quay_configuration.quay_api_token: - quay_username: lvasquez - quay_password: vs9mrD55NP - # The OAuth application must exist, and the user must have admin rights - # to the organization that hosts the application. See the following example - # that shows how to create an organization, a team, and an application. - client_id: PZ6F80R1LCVPGYNZGSZQ - rights: - - org:admin - - user:admin - quay_host: https://quay.example.com - register: token_details - - - name: Display the new OAuth access token - debug: - msg: "The OAuth access token is: {{ token_details['access_token'] }}" - - # The following example creates an organization, an OAuth application, a user - # account, and a team, and then generates an OAuth access token for this user - # account. - # The team grants organization admin rights to the user. - # The OAuth access token of an existing super user is required to create the - # organization, the application, the user account, and the team. - - name: Ensure the organization exists - infra.quay_configuration.quay_organization: - name: production - email: prodlist@example.com - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure the extapp application exists - infra.quay_configuration.quay_application: - organization: production - name: extapp - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - register: app_details - - - name: Ensure the user exists - infra.quay_configuration.quay_user: - username: jziglar - password: i45fR38GhY - email: jziglar@example.com - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure the operators team exists in the production organization - infra.quay_configuration.quay_team: - name: operators - organization: production - role: admin - members: - - jziglar - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Generate an OAuth access token for the user - infra.quay_configuration.quay_api_token: - quay_username: jziglar - quay_password: i45fR38GhY - client_id: "{{ app_details['client_id'] }}" - rights: - - all - quay_host: https://quay.example.com - register: token_details - - - name: Display the new OAuth access token - debug: - msg: "The OAuth access token is: {{ token_details['access_token'] }}" - - - - -.. Facts - - -.. Return values - -Return Values -------------- -Common return values are documented :ref:`here `, the following are the fields unique to this module: - -.. raw:: html - - - - - - - - - - - - - - -

Key

Description

-
-

access_token

- -

- string -

-
-

The OAuth access token.

-

Returned: always

-

Sample: "CywbRGkh1ttYkRRy9VL0Aw0yU9q7J62vIeo7WCFw"

-
- - - -.. Status (Presently only deprecated) - - -.. Authors - -Authors -~~~~~~~ - -- Herve Quatremain (@herve4m) - - - -.. Extra links - -Collection links -~~~~~~~~~~~~~~~~ - -.. ansible-links:: - - - title: "Issue Tracker" - url: "https://github.com/redhat-cop/quay_configuration/issues" - external: true - - title: "Repository (Sources)" - url: "https://github.com/redhat-cop/quay_configuration" - external: true - - -.. Parsing errors - diff --git a/docs/quay_application_module.rst b/docs/quay_application_module.rst deleted file mode 100644 index 451633e..0000000 --- a/docs/quay_application_module.rst +++ /dev/null @@ -1,445 +0,0 @@ - -.. Document meta - -:orphan: - -.. |antsibull-internal-nbsp| unicode:: 0xA0 - :trim: - -.. meta:: - :antsibull-docs: 2.12.0 - -.. Anchors - -.. _ansible_collections.infra.quay_configuration.quay_application_module: - -.. Anchors: short name for ansible.builtin - -.. Title - -infra.quay_configuration.quay_application module -- Manage Quay Container Registry applications -+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -.. Collection note - -.. note:: - This module is part of the `infra.quay_configuration collection `_ (version 2.1.0). - - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. - - To install it, use: :code:`ansible-galaxy collection install infra.quay\_configuration`. - - To use it in a playbook, specify: :code:`infra.quay_configuration.quay_application`. - -.. version_added - -.. rst-class:: ansible-version-added - -New in infra.quay\_configuration 0.0.1 - -.. contents:: - :local: - :depth: 1 - -.. Deprecated - - -Synopsis --------- - -.. Description - -- Create, delete, and update applications in Quay organizations. - - -.. Aliases - - -.. Requirements - - - - - - -.. Options - -Parameters ----------- - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Parameter

Comments

-
-

application_uri

- -

- string -

-
-

URL to the application home page.

-
-
-

avatar_email

- -

- string -

-
-

Email address that represents the avatar for the application.

-
-
-

description

- -

- string -

-
-

Description for the application.

-
-
-

name

- -

- string - / required -

-
-

Name of the application to create, update, or delete. Application names must be at least two characters long.

-
-
-

new_name

- -

- string -

-
-

New name for the application.

-

Setting this option changes the name of the application which current name is provided in name.

-
-
-

organization

- -

- string - / required -

-
-

Name of the organization in which to manage the application.

-
-
-

quay_host

- -

- string -

-
-

URL for accessing the API. https://quay.example.com:8443 for example.

-

If you do not set the parameter, then the module uses the QUAY_HOST environment variable.

-

If you do no set the environment variable either, then the module uses the http://127.0.0.1 URL.

-

Default: "http://127.0.0.1"

-
-
-

quay_password

- -

- string -

-
-

The password to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_PASSWORD environment variable.

-

If you set quay_password, then you also need to set quay_username.

-

Mutually exclusive with quay_token.

-
-
-

quay_token

- -

- string -

-
-

OAuth access token for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_TOKEN environment variable.

-

Mutually exclusive with quay_username and quay_password.

-
-
-

quay_username

- -

- string -

-
-

The username to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_USERNAME environment variable.

-

If you set quay_username, then you also need to set quay_password.

-

Mutually exclusive with quay_token.

-
-
-

redirect_uri

- -

- string -

-
-

Prefix of the application's OAuth redirection/callback URLs.

-
-
-

state

- -

- string -

-
-

If absent, then the module deletes the application.

-

The module does not fail if the application does not exist, because the state is already as expected.

-

If present, then the module creates the application if it does not already exist.

-

If the application already exists, then the module updates its state.

-

Choices:

-
    -

  • "absent"

    • -

  • "present" ← (default)

    • -
- -
-
-
-

validate_certs

- -

aliases: verify_ssl

-

- boolean -

-
-

Whether to allow insecure connections to the API.

-

If no, then the module does not validate SSL certificates.

-

If you do not set the parameter, then the module tries the QUAY_VERIFY_SSL environment variable (yes, 1, and True mean yes, and no, 0, False, and no value mean no).

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
- - - -.. Attributes - - -.. Notes - -Notes ------ - -.. note:: - - Supports \ :literal:`check\_mode`\ . - - The token that you provide in \ :emphasis:`quay\_token`\ must have the "Administer Organization" permission. - -.. Seealso - - -.. Examples - -Examples --------- - -.. code-block:: yaml+jinja - - - - name: Ensure the application extapp exists - infra.quay_configuration.quay_application: - organization: production - name: extapp - description: External application - application_uri: http://applicationuri.example.com - redirect_uri: http://redirecturi.example.com - avatar_email: avatarextapp@example.com - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - register: app_details - - - debug: - msg: "Client secret: {{ app_details['client_secret'] }}" - - - name: Ensure the application is renamed - infra.quay_configuration.quay_application: - organization: production - name: extapp - new_name: apiaccess - description: Application dedicated to API access - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure the application is removed - infra.quay_configuration.quay_application: - organization: production - name: apiaccess - state: absent - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - - -.. Facts - - -.. Return values - -Return Values -------------- -Common return values are documented :ref:`here `, the following are the fields unique to this module: - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - -

Key

Description

-
-

client_id

- -

- string -

-
-

ID if the client associated with the application object.

-

Returned: always

-

Sample: "SUJVKUJN5WIP07CAIXAF"

-
-
-

client_secret

- -

- string -

-
-

Secret for the client associated with the application object.

-

Returned: always

-

Sample: "JBVXLG8XS7UCV1NFKDYPSNGJ4BUESU03GI5OXS2X"

-
-
-

name

- -

- string -

-
-

Application name.

-

Returned: always

-

Sample: "apiaccess"

-
- - - -.. Status (Presently only deprecated) - - -.. Authors - -Authors -~~~~~~~ - -- Herve Quatremain (@herve4m) - - - -.. Extra links - -Collection links -~~~~~~~~~~~~~~~~ - -.. ansible-links:: - - - title: "Issue Tracker" - url: "https://github.com/redhat-cop/quay_configuration/issues" - external: true - - title: "Repository (Sources)" - url: "https://github.com/redhat-cop/quay_configuration" - external: true - - -.. Parsing errors - diff --git a/docs/quay_default_perm_module.rst b/docs/quay_default_perm_module.rst deleted file mode 100644 index 42f036c..0000000 --- a/docs/quay_default_perm_module.rst +++ /dev/null @@ -1,387 +0,0 @@ - -.. Document meta - -:orphan: - -.. |antsibull-internal-nbsp| unicode:: 0xA0 - :trim: - -.. meta:: - :antsibull-docs: 2.12.0 - -.. Anchors - -.. _ansible_collections.infra.quay_configuration.quay_default_perm_module: - -.. Anchors: short name for ansible.builtin - -.. Title - -infra.quay_configuration.quay_default_perm module -- Manage Quay Container Registry default repository permissions -++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -.. Collection note - -.. note:: - This module is part of the `infra.quay_configuration collection `_ (version 2.1.0). - - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. - - To install it, use: :code:`ansible-galaxy collection install infra.quay\_configuration`. - - To use it in a playbook, specify: :code:`infra.quay_configuration.quay_default_perm`. - -.. version_added - -.. rst-class:: ansible-version-added - -New in infra.quay\_configuration 0.0.1 - -.. contents:: - :local: - :depth: 1 - -.. Deprecated - - -Synopsis --------- - -.. Description - -- Create, delete, and update default repository permissions. - - -.. Aliases - - -.. Requirements - - - - - - -.. Options - -Parameters ----------- - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Parameter

Comments

-
-

creator

- -

- string -

-
-

Quay applies the default permission only when repositories are created by the user that you define in creator.

-

By default, if you do not provide that creator parameter, then Quay applies the default permission to all new repositories, whoever creates them.

-

You cannot use robot accounts or teams for the creator parameter. You can only use regular user accounts.

-
-
-

name

- -

- string - / required -

-
-

Name of the user or team that gets permission to new created repositories in the organization.

-

For robot accounts use the namespace+shortrobotname format.

-
-
-

organization

- -

- string - / required -

-
-

Name of the organization for the default permission. That organization must exist.

-
-
-

quay_host

- -

- string -

-
-

URL for accessing the API. https://quay.example.com:8443 for example.

-

If you do not set the parameter, then the module uses the QUAY_HOST environment variable.

-

If you do no set the environment variable either, then the module uses the http://127.0.0.1 URL.

-

Default: "http://127.0.0.1"

-
-
-

quay_password

- -

- string -

-
-

The password to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_PASSWORD environment variable.

-

If you set quay_password, then you also need to set quay_username.

-

Mutually exclusive with quay_token.

-
-
-

quay_token

- -

- string -

-
-

OAuth access token for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_TOKEN environment variable.

-

Mutually exclusive with quay_username and quay_password.

-
-
-

quay_username

- -

- string -

-
-

The username to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_USERNAME environment variable.

-

If you set quay_username, then you also need to set quay_password.

-

Mutually exclusive with quay_token.

-
-
-

role

- -

- string -

-
-

Permission that Quay automatically grants to the user or team on new created repositories in the organization.

-

If you do not provide that parameter, then the module uses read by default.

-

Choices:

-
    -

  • "read"

    • -

  • "write"

    • -

  • "admin"

    • -
- -
-
-

state

- -

- string -

-
-

If absent, then the module deletes the default permission.

-

If present, then the module creates the default permission if it does not already exist.

-

If the default permission already exists, then the module updates its role parameter (read, write, or admin).

-

Choices:

-
    -

  • "absent"

    • -

  • "present" ← (default)

    • -
- -
-
-

type

- -

- string -

-
-

Type of the account defined in name. Choose user for both user and robot accounts.

-

Choices:

-
    -

  • "user" ← (default)

    • -

  • "team"

    • -
- -
-
-
-

validate_certs

- -

aliases: verify_ssl

-

- boolean -

-
-

Whether to allow insecure connections to the API.

-

If no, then the module does not validate SSL certificates.

-

If you do not set the parameter, then the module tries the QUAY_VERIFY_SSL environment variable (yes, 1, and True mean yes, and no, 0, False, and no value mean no).

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
- - - -.. Attributes - - -.. Notes - -Notes ------ - -.. note:: - - Supports \ :literal:`check\_mode`\ . - - The token that you provide in \ :emphasis:`quay\_token`\ must have the "Administer Organization" and "Administer User" permissions. - -.. Seealso - - -.. Examples - -Examples --------- - -.. code-block:: yaml+jinja - - - - name: Create default admin permission for user - infra.quay_configuration.quay_default_perm: - organization: production - name: lvasquez - type: user - role: admin - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Create default write permission for robot - infra.quay_configuration.quay_default_perm: - organization: production - name: production+automationrobot - type: user - role: write - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Create default read permission for team - infra.quay_configuration.quay_default_perm: - organization: production - name: managers - type: team - role: read - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Grant read permission for the managers team when dwilde creates repo - infra.quay_configuration.quay_default_perm: - organization: production - name: managers - type: team - role: read - creator: dwilde - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure default permission for robot is removed - infra.quay_configuration.quay_default_perm: - organization: production - name: production+automationrobot - type: user - state: absent - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - - -.. Facts - - -.. Return values - - -.. Status (Presently only deprecated) - - -.. Authors - -Authors -~~~~~~~ - -- Herve Quatremain (@herve4m) - - - -.. Extra links - -Collection links -~~~~~~~~~~~~~~~~ - -.. ansible-links:: - - - title: "Issue Tracker" - url: "https://github.com/redhat-cop/quay_configuration/issues" - external: true - - title: "Repository (Sources)" - url: "https://github.com/redhat-cop/quay_configuration" - external: true - - -.. Parsing errors - diff --git a/docs/quay_docker_config_filter.rst b/docs/quay_docker_config_filter.rst deleted file mode 100644 index 652dc8f..0000000 --- a/docs/quay_docker_config_filter.rst +++ /dev/null @@ -1,279 +0,0 @@ - -.. Document meta - -:orphan: - -.. |antsibull-internal-nbsp| unicode:: 0xA0 - :trim: - -.. meta:: - :antsibull-docs: 2.12.0 - -.. Anchors - -.. _ansible_collections.infra.quay_configuration.quay_docker_config_filter: - -.. Anchors: short name for ansible.builtin - -.. Title - -infra.quay_configuration.quay_docker_config filter -- Build a Docker configuration in JSON format -+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -.. Collection note - -.. note:: - This filter plugin is part of the `infra.quay_configuration collection `_ (version 2.1.0). - - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. - - To install it, use: :code:`ansible-galaxy collection install infra.quay\_configuration`. - - To use it in a playbook, specify: :code:`infra.quay_configuration.quay_docker_config`. - -.. version_added - -.. rst-class:: ansible-version-added - -New in infra.quay\_configuration 1.3.0 - -.. contents:: - :local: - :depth: 1 - -.. Deprecated - - -Synopsis --------- - -.. Description - -- Construct and return a Docker configuration in JSON format. -- This filter returns the resulting JSON data encoded in Base64. - - -.. Aliases - - -.. Requirements - - - - - -.. Input - -Input ------ - -This describes the input of the filter, the value before ``| infra.quay_configuration.quay_docker_config``. - -.. raw:: html - - - - - - - - - - - - - - -

Parameter

Comments

-
-

Input

- -

- string - / required -

- -
-

The username associated with the token.

-
- - - - - -.. Options - -Keyword parameters ------------------- - -This describes keyword parameters of the filter. These are the values ``key1=value1``, ``key2=value2`` and so on in the following -example: ``input | infra.quay_configuration.quay_docker_config(key1=value1, key2=value2, ...)`` - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - -

Parameter

Comments

-
-

email

- -

- string -

- -
-

Email address of the user.

-

Default: ""

-
-
-

encoding

- -

- string -

- -
-

Email address of the user.

-

Default: "utf-8"

-
-
-

token

- -

- string - / required -

- -
-

Token or password.

-
-
-

url

- -

- string -

- -
-

URL of the API.

-

Default: "http://127.0.0.1"

-
- - - -.. Attributes - - -.. Notes - - -.. Seealso - - -.. Examples - -Examples --------- - -.. code-block:: yaml+jinja - - # Build the Docker configuration for lvasquez with password vs9mrD55NP - # for accessing the registry at quay.example.com - {{ 'lvasquez' | infra.quay_configuration.quay_docker_config('vs9mrD55NP', - 'https://quay.example.com') }} - - - - -.. Facts - - -.. Return values - -Return Value ------------- - -.. raw:: html - - - - - - - - - - - - - - -

Key

Description

-
-

Return value

- -

- string -

-
-

The Docker configuration as a JSON serialized string encoded in Base64.

-

Returned: success

-
- - - -.. Status (Presently only deprecated) - - -.. Authors - -Authors -~~~~~~~ - -- Herve Quatremain (@herve4m) - - -.. hint:: - Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up. - -.. Extra links - -Collection links -~~~~~~~~~~~~~~~~ - -.. ansible-links:: - - - title: "Issue Tracker" - url: "https://github.com/redhat-cop/quay_configuration/issues" - external: true - - title: "Repository (Sources)" - url: "https://github.com/redhat-cop/quay_configuration" - external: true - - -.. Parsing errors - diff --git a/docs/quay_docker_token_module.rst b/docs/quay_docker_token_module.rst deleted file mode 100644 index 91c3cb3..0000000 --- a/docs/quay_docker_token_module.rst +++ /dev/null @@ -1,455 +0,0 @@ - -.. Document meta - -:orphan: - -.. |antsibull-internal-nbsp| unicode:: 0xA0 - :trim: - -.. meta:: - :antsibull-docs: 2.12.0 - -.. Anchors - -.. _ansible_collections.infra.quay_configuration.quay_docker_token_module: - -.. Anchors: short name for ansible.builtin - -.. Title - -infra.quay_configuration.quay_docker_token module -- Manage tokens for accessing Quay Container Registry repositories -+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -.. Collection note - -.. note:: - This module is part of the `infra.quay_configuration collection `_ (version 2.1.0). - - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. - - To install it, use: :code:`ansible-galaxy collection install infra.quay\_configuration`. - - To use it in a playbook, specify: :code:`infra.quay_configuration.quay_docker_token`. - -.. version_added - -.. rst-class:: ansible-version-added - -New in infra.quay\_configuration 0.0.11 - -.. contents:: - :local: - :depth: 1 - -.. Deprecated - - -Synopsis --------- - -.. Description - -- Create or delete tokens for client tools to access repositories. -- For example, the \ :literal:`docker`\ , \ :literal:`podman`\ , and \ :literal:`skopeo`\ command-line tools can use such tokens. -- Kubernetes can also use those tokens, declared is Kubernetes secret objects, to pull images and deploy pods. -- Using tokens is an alternative to using your user login and password. -- The tokens you create are for the user account you are logged in. You cannot create tokens for other users, even if you are logged in with a super user account. - - -.. Aliases - - -.. Requirements - - - - - - -.. Options - -Parameters ----------- - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Parameter

Comments

-
-

name

- -

- string - / required -

-
-

Name of the token to create or delete.

-
-
-

quay_host

- -

- string -

-
-

URL for accessing the API. https://quay.example.com:8443 for example.

-

If you do not set the parameter, then the module uses the QUAY_HOST environment variable.

-

If you do no set the environment variable either, then the module uses the http://127.0.0.1 URL.

-

Default: "http://127.0.0.1"

-
-
-

quay_password

- -

- string -

-
-

The password to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_PASSWORD environment variable.

-

If you set quay_password, then you also need to set quay_username.

-

Mutually exclusive with quay_token.

-
-
-

quay_token

- -

- string -

-
-

OAuth access token for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_TOKEN environment variable.

-

Mutually exclusive with quay_username and quay_password.

-
-
-

quay_username

- -

- string -

-
-

The username to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_USERNAME environment variable.

-

If you set quay_username, then you also need to set quay_password.

-

Mutually exclusive with quay_token.

-
-
-

state

- -

- string -

-
-

If absent, then the module deletes the token.

-

The module does not fail if the token does not exist, because the state is already as expected.

-

If present, then the module creates the token if it does not already exist.

-

If the token already exists, then the module returns its details.

-

Choices:

-
    -

  • "absent"

    • -

  • "present" ← (default)

    • -
- -
-
-
-

validate_certs

- -

aliases: verify_ssl

-

- boolean -

-
-

Whether to allow insecure connections to the API.

-

If no, then the module does not validate SSL certificates.

-

If you do not set the parameter, then the module tries the QUAY_VERIFY_SSL environment variable (yes, 1, and True mean yes, and no, 0, False, and no value mean no).

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
- - - -.. Attributes - - -.. Notes - -Notes ------ - -.. note:: - - Supports \ :literal:`check\_mode`\ . - - The tokens you create with this module are unrelated to OAUth access tokens that you use to access the Quay API. - -.. Seealso - - -.. Examples - -Examples --------- - -.. code-block:: yaml+jinja - - - - name: Ensure the token exists for my account - infra.quay_configuration.quay_docker_token: - name: token_for_pull - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - register: token_details - - - name: Ensure the image is pulled - containers.podman.podman_image: - name: quay.example.com/production/smallimage:v1.0.0 - username: "{{ token_details['username'] }}" - password: "{{ token_details['token_code'] }}" - - - name: Ensure the token does not exist - infra.quay_configuration.quay_docker_token: - name: token_for_pull - state: absent - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - - -.. Facts - - -.. Return values - -Return Values -------------- -Common return values are documented :ref:`here `, the following are the fields unique to this module: - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Key

Description

-
-

auth_b64

- -

- string -

-
-

Base64 encoding of the username and the token (I(username:token_code)).

-

Some client configuration files, such as the ~/.docker/config.json Docker configuration file, require that you provide the username and the token in that format.

-

You can decode the string by using the base64 --decode command. See the base64(1) man page.

-

Returned: always

-

Sample: "JGFw...NzBK"

-
-
-

created

- -

- string -

-
-

Token creation date and time.

-

Returned: always

-

Sample: "Wed, 25 May 2022 12:46:41 -0000"

-
-
-

dockerconfigjson_b64

- -

- string -

-
-

Base64 encoding of the ~/.docker/config.json configuration file.

-

The containers-auth.json(5) man page describe the format of the file.

-

Returned: always

-

Sample: "ewog...Cn0="

-
-
-

expiration

- -

- string -

-
-

Expiration date and time of the token.

-

By default, tokens do not expire. In that case expiration is null.

-

Your Quay administrator might have activated expiration by setting the APP_SPECIFIC_TOKEN_EXPIRATION directive in the config.yaml configuration file.

-

Returned: always

-

Sample: "Fri, 29 Apr 2023 13:31:05 -0000"

-
-
-

last_accessed

- -

- string -

-
-

Last date and time the token was used.

-

If the token has not been used yet, then last_accessed is null.

-

Returned: always

-

Sample: "Wed, 25 May 2022 12:49:45 -0000"

-
-
-

name

- -

- string -

-
-

Name of the application token.

-

Returned: always

-

Sample: "my_push_token"

-
-
-

token_code

- -

- string -

-
-

Token to use as the password.

-

Returned: always

-

Sample: "OVKFT8YJBTQYG4Z30YHDOPJBU4M2VPMCQJ5IYW4BAQGZD8T5V70JORLJBJHFYVVFQ89K7"

-
-
-

username

- -

- string -

-
-

Username to use with client commands such as docker or podman.

-

When you use a token with those commands, do not use your login name but use this username instead.

-

For Quay, that username is always $app.

-

Because the $ character is a special shell character, you might have to protect it with a backslash or by using single quotation marks.

-

Returned: always

-

Sample: "$app"

-
-
-

uuid

- -

- string -

-
-

Internal ID of the application token.

-

Returned: always

-

Sample: "31b32343-e974-4f8c-bd9c-db5a0406f211"

-
- - - -.. Status (Presently only deprecated) - - -.. Authors - -Authors -~~~~~~~ - -- Herve Quatremain (@herve4m) - - - -.. Extra links - -Collection links -~~~~~~~~~~~~~~~~ - -.. ansible-links:: - - - title: "Issue Tracker" - url: "https://github.com/redhat-cop/quay_configuration/issues" - external: true - - title: "Repository (Sources)" - url: "https://github.com/redhat-cop/quay_configuration" - external: true - - -.. Parsing errors - diff --git a/docs/quay_first_user_module.rst b/docs/quay_first_user_module.rst deleted file mode 100644 index 2a141dd..0000000 --- a/docs/quay_first_user_module.rst +++ /dev/null @@ -1,343 +0,0 @@ - -.. Document meta - -:orphan: - -.. |antsibull-internal-nbsp| unicode:: 0xA0 - :trim: - -.. meta:: - :antsibull-docs: 2.12.0 - -.. Anchors - -.. _ansible_collections.infra.quay_configuration.quay_first_user_module: - -.. Anchors: short name for ansible.builtin - -.. Title - -infra.quay_configuration.quay_first_user module -- Create the first user account -++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -.. Collection note - -.. note:: - This module is part of the `infra.quay_configuration collection `_ (version 2.1.0). - - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. - - To install it, use: :code:`ansible-galaxy collection install infra.quay\_configuration`. - - To use it in a playbook, specify: :code:`infra.quay_configuration.quay_first_user`. - -.. version_added - -.. rst-class:: ansible-version-added - -New in infra.quay\_configuration 0.0.7 - -.. contents:: - :local: - :depth: 1 - -.. Deprecated - - -Synopsis --------- - -.. Description - -- Create the first user just after installing Quay Container Registry. - - -.. Aliases - - -.. Requirements - - - - - - -.. Options - -Parameters ----------- - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Parameter

Comments

-
-

create_token

- -

- boolean -

-
-

If yes, then an OAuth access token is created and returned. You can use that returned token with the other Quay modules, by setting it in the quay_token parameter. The token is valid for 2 hours 30 minutes.

-

If no, then no access token is created.

-

Choices:

-
    -

  • false ← (default)

    • -

  • true

    • -
- -
-
-

email

- -

- string -

-
-

User's email address.

-

If your Quay administrator has enabled the mailing capability of your Quay installation (FEATURE_MAILING to true in config.yaml), then this email parameter is mandatory.

-
-
-

password

- -

- string - / required -

-
-

User's password as a clear string.

-

The password must be at least eight characters long and must not contain white spaces.

-
-
-

quay_host

- -

- string -

-
-

URL for accessing the API. https://quay.example.com:8443 for example.

-

If you do not set the parameter, then the module uses the QUAY_HOST environment variable.

-

If you do no set the environment variable either, then the module uses the http://127.0.0.1 URL.

-

Default: "http://127.0.0.1"

-
-
-

username

- -

- string - / required -

-
-

Name of the user account to create.

-

You probably want that user account to have superuser permissions so that you can use the returned token to create additional objects. To do so, add the account name to the SUPER_USERS section in the config.yaml file before using the infra.quay_configuration.quay_first_user module.

-
-
-
-

validate_certs

- -

aliases: verify_ssl

-

- boolean -

-
-

Whether to allow insecure connections to the API.

-

If no, then the module does not validate SSL certificates.

-

If you do not set the parameter, then the module tries the QUAY_VERIFY_SSL environment variable (yes, 1, and True mean yes, and no, 0, False, and no value mean no).

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
- - - -.. Attributes - - -.. Notes - -Notes ------ - -.. note:: - - The module requires Quay version 3.6 or later. - - To use the module, you must enable the first user creation feature of your Quay installation (\ :literal:`FEATURE\_USER\_INITIALIZE`\ in \ :literal:`config.yaml`\ ). - - You must also use the internal database of your Quay installation for authentication (\ :literal:`AUTHENTICATION\_TYPE`\ to \ :literal:`Database`\ in \ :literal:`config.yaml`\ ). - - Use the module just after installing Quay, when the database is empty. The module fails if user accounts are already defined in the database. - - Supports \ :literal:`check\_mode`\ . - -.. Seealso - - -.. Examples - -Examples --------- - -.. code-block:: yaml+jinja - - - - name: Ensure the initial user exists - infra.quay_configuration.quay_first_user: - username: admin - email: admin@example.com - password: S6tGwo13 - create_token: true - quay_host: https://quay.example.com - register: result - - - debug: - msg: "Access token: {{ result['access_token'] }}" - - - - -.. Facts - - -.. Return values - -Return Values -------------- -Common return values are documented :ref:`here `, the following are the fields unique to this module: - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - -

Key

Description

-
-

access_token

- -

- string -

-
-

The access token that you can use for subsequent module calls.

-

The token is valid for 2 hours 30 minutes.

-

Returned: only when you set the create_token parameter to yes

-

Sample: "W2YX0V838JZ5FHHUH82Q25FZZMRX8YTB1MTN56P3"

-
-
-

email

- -

- string -

-
-

User's email address.

-

Returned: always

-

Sample: "admin@example.com"

-
-
-

encrypted_password

- -

- string -

-
-

Encrypted user's password.

-

Returned: always

-

Sample: "/pbR5LPYx4Y3w/SSf2dAwNxCCNgwmmZk+x04TKn6xEKL2At5wblOy7wA1tNZEhRc"

-
-
-

username

- -

- string -

-
-

Name of the created user account.

-

Returned: always

-

Sample: "admin"

-
- - - -.. Status (Presently only deprecated) - - -.. Authors - -Authors -~~~~~~~ - -- Herve Quatremain (@herve4m) - - - -.. Extra links - -Collection links -~~~~~~~~~~~~~~~~ - -.. ansible-links:: - - - title: "Issue Tracker" - url: "https://github.com/redhat-cop/quay_configuration/issues" - external: true - - title: "Repository (Sources)" - url: "https://github.com/redhat-cop/quay_configuration" - external: true - - -.. Parsing errors - diff --git a/docs/quay_layer_info_module.rst b/docs/quay_layer_info_module.rst deleted file mode 100644 index 9e9c776..0000000 --- a/docs/quay_layer_info_module.rst +++ /dev/null @@ -1,329 +0,0 @@ - -.. Document meta - -:orphan: - -.. |antsibull-internal-nbsp| unicode:: 0xA0 - :trim: - -.. meta:: - :antsibull-docs: 2.12.0 - -.. Anchors - -.. _ansible_collections.infra.quay_configuration.quay_layer_info_module: - -.. Anchors: short name for ansible.builtin - -.. Title - -infra.quay_configuration.quay_layer_info module -- Gather information about image layers in Quay Container Registry -+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -.. Collection note - -.. note:: - This module is part of the `infra.quay_configuration collection `_ (version 2.1.0). - - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. - - To install it, use: :code:`ansible-galaxy collection install infra.quay\_configuration`. - - To use it in a playbook, specify: :code:`infra.quay_configuration.quay_layer_info`. - -.. version_added - -.. rst-class:: ansible-version-added - -New in infra.quay\_configuration 0.0.1 - -.. contents:: - :local: - :depth: 1 - -.. Deprecated - - -Synopsis --------- - -.. Description - -- Gather information about the layers of an image in a repository. - - -.. Aliases - - -.. Requirements - - - - - - -.. Options - -Parameters ----------- - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Parameter

Comments

-
-

image

- -

- string - / required -

-
-

Name of the image. The format is namespace/repository:tag or namespace/repository@digest. The namespace can be an organization or a personal namespace.

-

If you omit the namespace part, then the module looks for the repository in your personal namespace.

-

If you omit the tag and the digest part, then latest is assumed.

-
-
-

quay_host

- -

- string -

-
-

URL for accessing the API. https://quay.example.com:8443 for example.

-

If you do not set the parameter, then the module uses the QUAY_HOST environment variable.

-

If you do no set the environment variable either, then the module uses the http://127.0.0.1 URL.

-

Default: "http://127.0.0.1"

-
-
-

quay_password

- -

- string -

-
-

The password to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_PASSWORD environment variable.

-

If you set quay_password, then you also need to set quay_username.

-

Mutually exclusive with quay_token.

-
-
-

quay_token

- -

- string -

-
-

OAuth access token for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_TOKEN environment variable.

-

Mutually exclusive with quay_username and quay_password.

-
-
-

quay_username

- -

- string -

-
-

The username to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_USERNAME environment variable.

-

If you set quay_username, then you also need to set quay_password.

-

Mutually exclusive with quay_token.

-
-
-
-

validate_certs

- -

aliases: verify_ssl

-

- boolean -

-
-

Whether to allow insecure connections to the API.

-

If no, then the module does not validate SSL certificates.

-

If you do not set the parameter, then the module tries the QUAY_VERIFY_SSL environment variable (yes, 1, and True mean yes, and no, 0, False, and no value mean no).

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
- - - -.. Attributes - - -.. Notes - - -.. Seealso - - -.. Examples - -Examples --------- - -.. code-block:: yaml+jinja - - - - name: Retrieve the layers of the coreos/dnsmasq:latest image - infra.quay_configuration.quay_layer_info: - image: coreos/dnsmasq:latest - quay_host: quay.io - register: layers - - - - -.. Facts - - -.. Return values - -Return Values -------------- -Common return values are documented :ref:`here `, the following are the fields unique to this module: - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Key

Description

-
-

layers

- -

- list - / elements=dictionary -

-
-

Sorted list of the image layers. The top layer is listed first.

-

Returned: always

-

Sample: [{"author": "Dalton Hubble <...>", "blob_digest": "sha256:a3ed...46d4", "command": ["/bin/sh", "-c", "#(nop) ", "ENTRYPOINT [\"/usr/sbin/dnsmasq\"]"], "comment": null, "compressed_size": null, "created_datetime": "Thu, 16 Nov 2017 22:24:12 -0000", "index": 6, "is_remote": false, "urls": null}, {"author": "Dalton Hubble <...>", "blob_digest": "sha256:a3e...46d4", "command": ["/bin/sh -c #(nop) EXPOSE 53/tcp 67/tcp 69/tcp"], "comment": null, "compressed_size": null, "created_datetime": "Thu, 16 Nov 2017 22:24:12 -0000", "index": 5, "is_remote": false, "urls": null}, {"author": "Dalton Hubble <...>", "blob_digest": "sha256:e40d...0351", "command": ["/bin/sh -c #(nop) COPY dir:5c38...5694 in /var/lib/tftpboot "], "comment": null, "compressed_size": null, "created_datetime": "Thu, 16 Nov 2017 22:24:11 -0000", "index": 4, "is_remote": false, "urls": null}, {"author": "Dalton Hubble <...>", "blob_digest": "sha256:7ef3...3a74", "command": ["/bin/sh -c apk -U add dnsmasq curl"], "comment": null, "compressed_size": null, "created_datetime": "Thu, 16 Nov 2017 22:24:09 -0000", "index": 3, "is_remote": false, "urls": null}, {"author": "Dalton Hubble <...>", "blob_digest": "sha256:a3ed...46d4", "command": ["/bin/sh -c #(nop) MAINTAINER Dalton Hubble <...>"], "comment": null, "compressed_size": null, "created_datetime": "Thu, 16 Nov 2017 22:24:04 -0000", "index": 2, "is_remote": false, "urls": null}, {"author": null, "blob_digest": "sha256:a3ed...46d4", "command": ["/bin/sh -c #(nop) CMD [\"/bin/sh\"]"], "comment": null, "compressed_size": null, "created_datetime": "Wed, 13 Sep 2017 14:32:26 -0000", "index": 1, "is_remote": false, "urls": null}, {"author": null, "blob_digest": "sha256:6d98...d913", "command": ["/bin/sh -c #(nop) ADD file:4583...9e45 in / "], "comment": null, "compressed_size": null, "created_datetime": "Wed, 13 Sep 2017 14:32:25 -0000", "index": 0, "is_remote": false, "urls": null}]

-
-
-

command

- -

- list - / elements=string -

-
-

The command that was used to build the layer.

-

Returned: always

-

Sample: ["/bin/sh", "-c", "#(nop) ", "ENTRYPOINT [\"/usr/sbin/dnsmasq\"]"]

-
-
-

created_datetime

- -

- string -

-
-

Layer creation date and time.

-

Returned: always

-

Sample: "Thu, 30 Sep 2021 07:18:56 -0000"

-
-
-

index

- -

- integer -

-
-

Index of the layer in the image.

-

Returned: always

-

Sample: 4

-
- - - -.. Status (Presently only deprecated) - - -.. Authors - -Authors -~~~~~~~ - -- Herve Quatremain (@herve4m) - - - -.. Extra links - -Collection links -~~~~~~~~~~~~~~~~ - -.. ansible-links:: - - - title: "Issue Tracker" - url: "https://github.com/redhat-cop/quay_configuration/issues" - external: true - - title: "Repository (Sources)" - url: "https://github.com/redhat-cop/quay_configuration" - external: true - - -.. Parsing errors - diff --git a/docs/quay_manifest_label_info_module.rst b/docs/quay_manifest_label_info_module.rst deleted file mode 100644 index cf8228d..0000000 --- a/docs/quay_manifest_label_info_module.rst +++ /dev/null @@ -1,380 +0,0 @@ - -.. Document meta - -:orphan: - -.. |antsibull-internal-nbsp| unicode:: 0xA0 - :trim: - -.. meta:: - :antsibull-docs: 2.12.0 - -.. Anchors - -.. _ansible_collections.infra.quay_configuration.quay_manifest_label_info_module: - -.. Anchors: short name for ansible.builtin - -.. Title - -infra.quay_configuration.quay_manifest_label_info module -- Gather information about manifest labels in Quay Container Registry -+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -.. Collection note - -.. note:: - This module is part of the `infra.quay_configuration collection `_ (version 2.1.0). - - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. - - To install it, use: :code:`ansible-galaxy collection install infra.quay\_configuration`. - - To use it in a playbook, specify: :code:`infra.quay_configuration.quay_manifest_label_info`. - -.. version_added - -.. rst-class:: ansible-version-added - -New in infra.quay\_configuration 0.0.10 - -.. contents:: - :local: - :depth: 1 - -.. Deprecated - - -Synopsis --------- - -.. Description - -- Gather information about the manifest labels in a repository. - - -.. Aliases - - -.. Requirements - - - - - - -.. Options - -Parameters ----------- - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Parameter

Comments

-
-

image

- -

- string - / required -

-
-

Name of the image that contains the manifest to process. The format is namespace/repository:tag or namespace/repository@digest. The namespace can be an organization or a personal namespace.

-

If you omit the namespace part, then the module looks for the repository in your personal namespace.

-

If you omit the tag and the digest part, then latest is assumed.

-
-
-

key

- -

- string -

-
-

Gather information on the labels with that specific key instead of returning data on all the labels in the manifest.

-
-
-

quay_host

- -

- string -

-
-

URL for accessing the API. https://quay.example.com:8443 for example.

-

If you do not set the parameter, then the module uses the QUAY_HOST environment variable.

-

If you do no set the environment variable either, then the module uses the http://127.0.0.1 URL.

-

Default: "http://127.0.0.1"

-
-
-

quay_password

- -

- string -

-
-

The password to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_PASSWORD environment variable.

-

If you set quay_password, then you also need to set quay_username.

-

Mutually exclusive with quay_token.

-
-
-

quay_token

- -

- string -

-
-

OAuth access token for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_TOKEN environment variable.

-

Mutually exclusive with quay_username and quay_password.

-
-
-

quay_username

- -

- string -

-
-

The username to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_USERNAME environment variable.

-

If you set quay_username, then you also need to set quay_password.

-

Mutually exclusive with quay_token.

-
-
-
-

validate_certs

- -

aliases: verify_ssl

-

- boolean -

-
-

Whether to allow insecure connections to the API.

-

If no, then the module does not validate SSL certificates.

-

If you do not set the parameter, then the module tries the QUAY_VERIFY_SSL environment variable (yes, 1, and True mean yes, and no, 0, False, and no value mean no).

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
- - - -.. Attributes - - -.. Notes - - -.. Seealso - - -.. Examples - -Examples --------- - -.. code-block:: yaml+jinja - - - - name: Retrieve all the labels of the centos7/nginx-116-centos7 manifest - infra.quay_configuration.quay_manifest_label_info: - image: centos7/nginx-116-centos7:latest - quay_host: quay.io - register: labels - - - name: Retrieve the labels with a specific key - infra.quay_configuration.quay_manifest_label_info: - image: production/smallimage@sha256:4f6f...e797 - key: architecture - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - register: label_info - - - - -.. Facts - - -.. Return values - -Return Values -------------- -Common return values are documented :ref:`here `, the following are the fields unique to this module: - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Key

Description

-
-

labels

- -

- list - / elements=dictionary -

-
-

List of the labels in the manifest.

-

Returned: always

-

Sample: [{"id": "1f5ccf29-9013-49ca-b1e7-864218b03f17", "key": "maintainer", "media_type": "text/plain", "source_type": "manifest", "value": "SoftwareCollections.org <sclorg@redhat.com>"}, {"id": "d6e6ea21-d132-4ad9-97bf-05997e1f2b9d", "key": "org.opencontainers.image.created", "media_type": "text/plain", "source_type": "manifest", "value": "2020-08-09 00:00:00+01:00"}, {"id": "6a657897-0a40-4de0-a531-b45f751deb0f", "key": "org.label-schema.license", "media_type": "text/plain", "source_type": "manifest", "value": "GPLv2"}, {"id": "79da339b-0324-45c5-a1a9-06ffd607c3bd", "key": "io.k8s.display-name", "media_type": "text/plain", "source_type": "manifest", "value": "Nginx 1.16"}, {"id": "6d2710d8-4a2b-4150-b578-877e1f4ab5a5", "key": "version", "media_type": "text/plain", "source_type": "manifest", "value": "1.16"}, {"id": "ea9a9a03-9b16-49d2-a2b8-0e30e1a1c1c1", "key": "name", "media_type": "text/plain", "source_type": "manifest", "value": "centos7/nginx-116-centos7"}]

-
-
-

id

- -

- string -

-
-

Internal identifier of the label.

-

Returned: always

-

Sample: "155f20b3-7ebf-4796-9d18-eb5c54bf7364"

-
-
-

key

- -

- string -

-
-

Label's key.

-

Returned: always

-

Sample: "architecture"

-
-
-

media_type

- -

- string -

-
-

Format of the label (text/plain or application/json).

-

Returned: always

-

Sample: "text/plain"

-
-
-

source_type

- -

- string -

-
-

Whether the label has been set by the Containerfile/Dockerfile manifest (manifest), or by an API call or from the web UI (api).

-

Labels set in Containerfile/Dockerfile manifests are read-only.

-

Returned: always

-

Sample: "api"

-
-
-

value

- -

- string -

-
-

Label's value.

-

Returned: always

-

Sample: "x86_64"

-
- - - -.. Status (Presently only deprecated) - - -.. Authors - -Authors -~~~~~~~ - -- Herve Quatremain (@herve4m) - - - -.. Extra links - -Collection links -~~~~~~~~~~~~~~~~ - -.. ansible-links:: - - - title: "Issue Tracker" - url: "https://github.com/redhat-cop/quay_configuration/issues" - external: true - - title: "Repository (Sources)" - url: "https://github.com/redhat-cop/quay_configuration" - external: true - - -.. Parsing errors - diff --git a/docs/quay_manifest_label_module.rst b/docs/quay_manifest_label_module.rst deleted file mode 100644 index 1bf9ee9..0000000 --- a/docs/quay_manifest_label_module.rst +++ /dev/null @@ -1,447 +0,0 @@ - -.. Document meta - -:orphan: - -.. |antsibull-internal-nbsp| unicode:: 0xA0 - :trim: - -.. meta:: - :antsibull-docs: 2.12.0 - -.. Anchors - -.. _ansible_collections.infra.quay_configuration.quay_manifest_label_module: - -.. Anchors: short name for ansible.builtin - -.. Title - -infra.quay_configuration.quay_manifest_label module -- Manage Quay Container Registry image manifest labels -+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -.. Collection note - -.. note:: - This module is part of the `infra.quay_configuration collection `_ (version 2.1.0). - - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. - - To install it, use: :code:`ansible-galaxy collection install infra.quay\_configuration`. - - To use it in a playbook, specify: :code:`infra.quay_configuration.quay_manifest_label`. - -.. version_added - -.. rst-class:: ansible-version-added - -New in infra.quay\_configuration 0.0.10 - -.. contents:: - :local: - :depth: 1 - -.. Deprecated - - -Synopsis --------- - -.. Description - -- Add or remove labels to image manifests. - - -.. Aliases - - -.. Requirements - - - - - - -.. Options - -Parameters ----------- - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Parameter

Comments

-
-

image

- -

- string - / required -

-
-

Manifest to update. The format is namespace/repository:tag or namespace/repository@digest. The namespace can be an organization or a personal namespace.

-

If you omit the namespace part, then the module looks for the repository in your personal namespace.

-

If you omit the tag and the digest part, then latest is assumed.

-
-
-

key

- -

- string - / required -

-
-

Label's key.

-
-
-

quay_host

- -

- string -

-
-

URL for accessing the API. https://quay.example.com:8443 for example.

-

If you do not set the parameter, then the module uses the QUAY_HOST environment variable.

-

If you do no set the environment variable either, then the module uses the http://127.0.0.1 URL.

-

Default: "http://127.0.0.1"

-
-
-

quay_password

- -

- string -

-
-

The password to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_PASSWORD environment variable.

-

If you set quay_password, then you also need to set quay_username.

-

Mutually exclusive with quay_token.

-
-
-

quay_token

- -

- string -

-
-

OAuth access token for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_TOKEN environment variable.

-

Mutually exclusive with quay_username and quay_password.

-
-
-

quay_username

- -

- string -

-
-

The username to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_USERNAME environment variable.

-

If you set quay_username, then you also need to set quay_password.

-

Mutually exclusive with quay_token.

-
-
-

replace

- -

- boolean -

-
-

Only used when state=present.

-

If yes, then the module deletes all the labels that use the key you define in the key parameter before adding the new label.

-

If no, then the module adds the new label even if existing labels already use the key you define in the key parameter. Quay supports multiple labels with the same key.

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
-
-

state

- -

- string -

-
-

If absent, then the module deletes the labels that match the key and value parameters. If you do not provide the value parameter, then the module deletes all the labels with the key parameter.

-

If present, then the module adds a label to the manifest.

-

Choices:

-
    -

  • "absent"

    • -

  • "present" ← (default)

    • -
- -
-
-
-

validate_certs

- -

aliases: verify_ssl

-

- boolean -

-
-

Whether to allow insecure connections to the API.

-

If no, then the module does not validate SSL certificates.

-

If you do not set the parameter, then the module tries the QUAY_VERIFY_SSL environment variable (yes, 1, and True mean yes, and no, 0, False, and no value mean no).

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
-
-

value

- -

- string -

-
-

Label's value. Required when state=present.

-
- - - -.. Attributes - - -.. Notes - -Notes ------ - -.. note:: - - Labels defined in the Containerfile/Dockerfile cannot be deleted or updated. They are read-only. - - Supports \ :literal:`check\_mode`\ . - - The user account associated with the token that you provide in \ :emphasis:`quay\_token`\ must have write access to the repository. - -.. Seealso - - -.. Examples - -Examples --------- - -.. code-block:: yaml+jinja - - - - name: Ensure the manifest has the architecture label set - infra.quay_configuration.quay_manifest_label: - image: production/smallimage:v1.0.0 - key: architecture - value: x86_64 - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure the manifest has an additional architecture label set - infra.quay_configuration.quay_manifest_label: - image: production/smallimage:v1.0.0 - key: architecture - value: power - replace: false - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure the manifest has a specific component label removed - infra.quay_configuration.quay_manifest_label: - image: production/smallimage@sha256:4f6f...e797 - key: component - value: front - state: absent - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Remove all the labels that have a key set to scopes - infra.quay_configuration.quay_manifest_label: - image: production/smallimage:v1.0.0 - key: scopes - state: absent - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - - -.. Facts - - -.. Return values - -Return Values -------------- -Common return values are documented :ref:`here `, the following are the fields unique to this module: - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Key

Description

-
-

id

- -

- string -

-
-

Internal identifier of the label.

-

Returned: always

-

Sample: "155f20b3-7ebf-4796-9d18-eb5c54bf7364"

-
-
-

key

- -

- string -

-
-

Label's key.

-

Returned: always

-

Sample: "architecture"

-
-
-

media_type

- -

- string -

-
-

Format of the label (text/plain or application/json).

-

Returned: always

-

Sample: "text/plain"

-
-
-

source_type

- -

- string -

-
-

Whether the label has been set by the Containerfile/Dockerfile manifest (manifest), or by an API call or from the web UI (api).

-

Labels set in Containerfile/Dockerfile manifests are read-only.

-

Returned: always

-

Sample: "api"

-
-
-

value

- -

- string -

-
-

Label's value.

-

Returned: always

-

Sample: "x86_64"

-
- - - -.. Status (Presently only deprecated) - - -.. Authors - -Authors -~~~~~~~ - -- Herve Quatremain (@herve4m) - - - -.. Extra links - -Collection links -~~~~~~~~~~~~~~~~ - -.. ansible-links:: - - - title: "Issue Tracker" - url: "https://github.com/redhat-cop/quay_configuration/issues" - external: true - - title: "Repository (Sources)" - url: "https://github.com/redhat-cop/quay_configuration" - external: true - - -.. Parsing errors - diff --git a/docs/quay_message_module.rst b/docs/quay_message_module.rst deleted file mode 100644 index ed2dd8b..0000000 --- a/docs/quay_message_module.rst +++ /dev/null @@ -1,449 +0,0 @@ - -.. Document meta - -:orphan: - -.. |antsibull-internal-nbsp| unicode:: 0xA0 - :trim: - -.. meta:: - :antsibull-docs: 2.12.0 - -.. Anchors - -.. _ansible_collections.infra.quay_configuration.quay_message_module: - -.. Anchors: short name for ansible.builtin - -.. Title - -infra.quay_configuration.quay_message module -- Manage Quay Container Registry global messages -++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -.. Collection note - -.. note:: - This module is part of the `infra.quay_configuration collection `_ (version 2.1.0). - - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. - - To install it, use: :code:`ansible-galaxy collection install infra.quay\_configuration`. - - To use it in a playbook, specify: :code:`infra.quay_configuration.quay_message`. - -.. version_added - -.. rst-class:: ansible-version-added - -New in infra.quay\_configuration 0.0.1 - -.. contents:: - :local: - :depth: 1 - -.. Deprecated - - -Synopsis --------- - -.. Description - -- Create, delete, and update global messages (message of the day) that display on the web UI pages. - - -.. Aliases - - -.. Requirements - - - - - - -.. Options - -Parameters ----------- - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Parameter

Comments

-
-

content

- -

- string -

-
-

Text of the message to display on each web UI page.

-
-
-
-

format

- -

aliases: media_type

-

- string -

-
-

Format of the text in content.

-

If you do not set this parameter, then the module uses the plain format.

-

Choices:

-
    -

  • "markdown"

    • -

  • "plain"

    • -
- -
-
-

quay_host

- -

- string -

-
-

URL for accessing the API. https://quay.example.com:8443 for example.

-

If you do not set the parameter, then the module uses the QUAY_HOST environment variable.

-

If you do no set the environment variable either, then the module uses the http://127.0.0.1 URL.

-

Default: "http://127.0.0.1"

-
-
-

quay_password

- -

- string -

-
-

The password to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_PASSWORD environment variable.

-

If you set quay_password, then you also need to set quay_username.

-

Mutually exclusive with quay_token.

-
-
-

quay_token

- -

- string -

-
-

OAuth access token for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_TOKEN environment variable.

-

Mutually exclusive with quay_username and quay_password.

-
-
-

quay_username

- -

- string -

-
-

The username to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_USERNAME environment variable.

-

If you set quay_username, then you also need to set quay_password.

-

Mutually exclusive with quay_token.

-
-
-
-

regexp

- -

aliases: regex

-

- string -

-
-

The regular expression to look for in the existing messages. This does not have to match an entire line.

-

For state=present, if several messages match, then the module updates one and deletes the others.

-

For state=absent, the module deletes all the messages that match.

-

Uses Python regular expressions. See https://docs.python.org/3/library/re.html.

-

Mutually exclusive with search_string.

-
-
-

search_severity

- -

- string -

-
-

Search messages by their severity level.

-

If you also set search_string, regexp, or content, messages must match all those criteria.

-

Choices:

-
    -

  • "info"

    • -

  • "warning"

    • -

  • "error"

    • -
- -
-
-

search_string

- -

- string -

-
-

The literal string to look for in the existing messages. This does not have to match an entire line.

-

For state=present, if several messages match, then the module updates one and deletes the others.

-

For state=absent, the module deletes all the messages that match.

-

Mutually exclusive with regexp.

-
-
-

severity

- -

- string -

-
-

Severity of the message.

-

If you do not set this parameter, then the module creates the message with the info severity.

-

Choices:

-
    -

  • "info"

    • -

  • "warning"

    • -

  • "error"

    • -
- -
-
-

state

- -

- string -

-
-

If absent, then the module deletes all the messages which content matches search_string, regexp, content, or search_severity.

-

If present, then the module creates the message if it does not already exist (that is, if no message matches search_string, regexp, or content). Is several messages match, only one is updated and the others are deleted.

-

Choices:

-
    -

  • "absent"

    • -

  • "present" ← (default)

    • -
- -
-
-
-

validate_certs

- -

aliases: verify_ssl

-

- boolean -

-
-

Whether to allow insecure connections to the API.

-

If no, then the module does not validate SSL certificates.

-

If you do not set the parameter, then the module tries the QUAY_VERIFY_SSL environment variable (yes, 1, and True mean yes, and no, 0, False, and no value mean no).

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
- - - -.. Attributes - - -.. Notes - -Notes ------ - -.. note:: - - Supports \ :literal:`check\_mode`\ . - - The token that you provide in \ :emphasis:`quay\_token`\ must have the "Super User Access" permission. - -.. Seealso - - -.. Examples - -Examples --------- - -.. code-block:: yaml+jinja - - - - name: Ensure the message of the day is published - infra.quay_configuration.quay_message: - content: | - # Information message - - Lorem **ipsum** dolor sit amet, `consectetur` adipiscing elit, sed do - eiusmod tempor incididunt ut labore et dolore magna aliqua: - - * Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi - ut aliquip ex ea commodo consequat. - * Duis aute irure dolor in reprehenderit in voluptate velit esse cillum - dolore eu fugiat nulla pariatur - format: markdown - severity: info - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure a message in plain text is published - infra.quay_configuration.quay_message: - content: System maintenance tomorrow at 6 AM - format: plain - severity: info - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure the message severity is upgraded to warning - infra.quay_configuration.quay_message: - content: System maintenance tomorrow at 6 AM - severity: warning - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure the message content is updated - infra.quay_configuration.quay_message: - content: System maintenance tomorrow at 7 AM - # Find the message to update by a matching string - search_string: tomorrow at 6 AM - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure the existing message as an error priority now - infra.quay_configuration.quay_message: - # Find the message to update by a matching string - search_string: incididunt ut labore et dolore - severity: error - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure the warning message is removed - infra.quay_configuration.quay_message: - # Find the message to delete by its exact content - content: System maintenance tomorrow at 7 AM - state: absent - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure the messages of the day are removed - infra.quay_configuration.quay_message: - # Find the messages to delete by a matching regular expression - regexp: 'message\s+of\s+the\s+day' - state: absent - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure the lorem ipsum error messages are removed - infra.quay_configuration.quay_message: - # Find the messages to delete by a matching string and severity - search_string: lorem ipsum - search_severity: error - state: absent - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure all the warning messages are removed - infra.quay_configuration.quay_message: - search_severity: warning - state: absent - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - - -.. Facts - - -.. Return values - - -.. Status (Presently only deprecated) - - -.. Authors - -Authors -~~~~~~~ - -- Herve Quatremain (@herve4m) - - - -.. Extra links - -Collection links -~~~~~~~~~~~~~~~~ - -.. ansible-links:: - - - title: "Issue Tracker" - url: "https://github.com/redhat-cop/quay_configuration/issues" - external: true - - title: "Repository (Sources)" - url: "https://github.com/redhat-cop/quay_configuration" - external: true - - -.. Parsing errors - diff --git a/docs/quay_notification_module.rst b/docs/quay_notification_module.rst deleted file mode 100644 index c551e12..0000000 --- a/docs/quay_notification_module.rst +++ /dev/null @@ -1,669 +0,0 @@ - -.. Document meta - -:orphan: - -.. |antsibull-internal-nbsp| unicode:: 0xA0 - :trim: - -.. meta:: - :antsibull-docs: 2.12.0 - -.. Anchors - -.. _ansible_collections.infra.quay_configuration.quay_notification_module: - -.. Anchors: short name for ansible.builtin - -.. Title - -infra.quay_configuration.quay_notification module -- Manage Quay Container Registry repository notifications -++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -.. Collection note - -.. note:: - This module is part of the `infra.quay_configuration collection `_ (version 2.1.0). - - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. - - To install it, use: :code:`ansible-galaxy collection install infra.quay\_configuration`. - - To use it in a playbook, specify: :code:`infra.quay_configuration.quay_notification`. - -.. version_added - -.. rst-class:: ansible-version-added - -New in infra.quay\_configuration 0.0.1 - -.. contents:: - :local: - :depth: 1 - -.. Deprecated - - -Synopsis --------- - -.. Description - -- Create and delete repository notifications. - - -.. Aliases - - -.. Requirements - - - - - - -.. Options - -Parameters ----------- - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Parameter

Comments

-
-

config

- -

- dictionary -

-
-

Configuration parameters for the notification method.

-
-
-

email

- -

- string -

-
-

Destination email address.

-

Required by the email notification method.

-
-
-

flow_api_token

- -

- string -

-
-

API token required for the Flowdock notification method.

-
-
-

name

- -

- string -

-
-

Name of the account, team, or organization. Robot accounts are not allowed.

-

Required by the Quay Notification method.

-
-
-

notification_token

- -

- string -

-
-

Notification token required for the HipChat notification method.

-
-
-

room_id

- -

- string -

-
-

Chat room ID required for the HipChat notification method.

-
-
-

template

- -

- string -

-
-

JSON data for the body content of the webhook POST method.

-
-
-

type

- -

- string -

-
-

Specifies the type of the account defined in name.

-

Only applies to the Quay Notification method.

-

Choices:

-
    -

  • "user" ← (default)

    • -

  • "team"

    • -

  • "org"

    • -
- -
-
-

url

- -

- string -

-
-

Webhook URL for the Slack method or POST URL for the webhook POST method.

-
-
-

event

- -

- string -

-
-

Event that triggers the notification.

-

Depending of the activated Quay components, not all events might be available on your system.

-

Choices:

-
    -

  • "repo_push"

    • -

  • "build_failure"

    • -

  • "build_queued"

    • -

  • "build_start"

    • -

  • "build_success"

    • -

  • "build_cancelled"

    • -

  • "vulnerability_found"

    • -

  • "repo_mirror_sync_started"

    • -

  • "repo_mirror_sync_success"

    • -

  • "repo_mirror_sync_failed"

    • -

  • "repo_image_expiry"

    • -
- -
-
-

image_expiry_days

- -

- integer -

-
-

Only used when event is repo_image_expiry.

-

The notification is triggered when the image expires in the specified number of days.

-

Default: 7

-
-
-

method

- -

- string -

-
-

Notification method. Each method requires a specific set of options that you define by using the config parameter.

-

The email notification method is only available on Quay installations where the mailing capability has been activated (FEATURE_MAILING to true in config.yaml).

-

Choices:

-
    -

  • "email"

    • -

  • "flowdock"

    • -

  • "hipchat"

    • -

  • "quay_notification"

    • -

  • "slack"

    • -

  • "webhook"

    • -
- -
-
-

quay_host

- -

- string -

-
-

URL for accessing the API. https://quay.example.com:8443 for example.

-

If you do not set the parameter, then the module uses the QUAY_HOST environment variable.

-

If you do no set the environment variable either, then the module uses the http://127.0.0.1 URL.

-

Default: "http://127.0.0.1"

-
-
-

quay_password

- -

- string -

-
-

The password to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_PASSWORD environment variable.

-

If you set quay_password, then you also need to set quay_username.

-

Mutually exclusive with quay_token.

-
-
-

quay_token

- -

- string -

-
-

OAuth access token for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_TOKEN environment variable.

-

Mutually exclusive with quay_username and quay_password.

-
-
-

quay_username

- -

- string -

-
-

The username to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_USERNAME environment variable.

-

If you set quay_username, then you also need to set quay_password.

-

Mutually exclusive with quay_token.

-
-
-
-

regexp

- -

aliases: regex

-

- string -

-
-

The regular expression to search in the title of the existing notifications. This does not have to match the entire title.

-

The module uses that regular expression to select the notifications to process.

-

For state=present, the module resets the failure counter (if reset_failcount is true) or initiates a test (if test is true) of all the matching notifications.

-

For state=absent, the module deletes all the notifications that match.

-

Uses Python regular expressions. See https://docs.python.org/3/library/re.html.

-

Mutually exclusive with search_string.

-
-
-

repository

- -

- string - / required -

-
-

Name of the repository which contains the notifications to manage. The format for the name is namespace/shortname. The namespace can be an organization or a personal namespace.

-

If you omit the namespace part in the name, then the module looks for the repository in your personal namespace.

-
-
-

reset_failcount

- -

- boolean -

-
-

Reset the notification failure counter.

-

Choices:

-
    -

  • false ← (default)

    • -

  • true

    • -
- -
-
-

search_string

- -

- string -

-
-

The literal string to search in the title of the existing notifications. This does not have to match the entire line.

-

For state=present, the module resets the failure counter (if reset_failcount is true) or initiates a test (if test is true) of all the matching notifications.

-

For state=absent, the module deletes all the notifications that match.

-

Mutually exclusive with regexp.

-
-
-

state

- -

- string -

-
-

If absent, then the module deletes the notification.

-

The module uses the title, regex, or search_string parameters to select the notifications to process. You can also omit those parameters and use instead the event and method options to select all the notifications triggered by a specific event or using a specific method.

-

If present, then the module creates the notification if it does not already exist.

-

If the notification already exists and reset_failcount or test are set, then the module resets the failure counter or initiates a test of the notification.

-

Choices:

-
    -

  • "absent"

    • -

  • "present" ← (default)

    • -
- -
-
-

test

- -

- boolean -

-
-

Initiate a test of the notification.

-

Choices:

-
    -

  • false ← (default)

    • -

  • true

    • -
- -
-
-

title

- -

- string -

-
-

Notification title.

-
-
-
-

validate_certs

- -

aliases: verify_ssl

-

- boolean -

-
-

Whether to allow insecure connections to the API.

-

If no, then the module does not validate SSL certificates.

-

If you do not set the parameter, then the module tries the QUAY_VERIFY_SSL environment variable (yes, 1, and True mean yes, and no, 0, False, and no value mean no).

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
-
-

vulnerability_level

- -

- string -

-
-

Only used when event is vulnerability_found.

-

The notification is triggered when the vulnerability has a level equal or higher to the level you define is vulnerability_level.

-

Choices:

-
    -

  • "critical"

    • -

  • "high"

    • -

  • "medium"

    • -

  • "low"

    • -

  • "negligible"

    • -

  • "unknown"

    • -
- -
- - - -.. Attributes - - -.. Notes - -Notes ------ - -.. note:: - - Supports \ :literal:`check\_mode`\ . - - Your Quay administrator must enable the image garbage collection capability of your Quay installation (\ :literal:`FEATURE\_GARBAGE\_COLLECTION`\ in \ :literal:`config.yaml`\ ) to use the \ :literal:`repo\_image\_expiry`\ event. - - Using the \ :literal:`repo\_image\_expiry`\ event and the \ :emphasis:`image\_expiry\_days`\ parameter requires Quay version 3.12 or later. - - The user account associated with the token that you provide in \ :emphasis:`quay\_token`\ must have administrator access to the repository. - -.. Seealso - - -.. Examples - -Examples --------- - -.. code-block:: yaml+jinja - - - - name: Ensure notification of type Quay Notification exists - infra.quay_configuration.quay_notification: - repository: production/smallimage - title: Test Quay Notification on image push - event: repo_push - method: quay_notification - config: - name: operators - type: team - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - # You must enable the security scanner capability of your Quay installation - # to use the vulnerability_found event. - - name: Ensure notification of type webhook exists - infra.quay_configuration.quay_notification: - repository: production/smallimage - title: Webhook notification on critical image vulnerability - event: vulnerability_found - vulnerability_level: critical - method: webhook - config: - url: https://webhook.example.com/webhook/12345 - template: "{{ lookup('file', 'post.json') | string }}" - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - # You must enable the image garbage collection capability of your Quay - # installation (3.12 or later) to use the repo_image_expiry event. - - name: Ensure notification exists for when an image is going to expire - infra.quay_configuration.quay_notification: - repository: production/smallimage - title: Webhook notification 10 days before an image expires - event: repo_image_expiry - image_expiry_days: 10 - method: webhook - config: - url: https://webhook.example.com/webhook/12345 - template: "{{ lookup('file', 'post.json') | string }}" - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure notification of type Slack exists - infra.quay_configuration.quay_notification: - repository: production/smallimage - title: Notify image push to Slack - event: repo_push - method: slack - config: - url: https://hooks.slack.com/services/XXX/YYY/ZZZ - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Test Slack notification - infra.quay_configuration.quay_notification: - repository: production/smallimage - title: Notify image push to Slack - test: true - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Reset the failure counter for the Quay Notification - infra.quay_configuration.quay_notification: - repository: production/smallimage - regex: "Quay\\s+Notification\\s" - reset_failcount: true - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Delete all the notifications triggered by canceled builds - infra.quay_configuration.quay_notification: - repository: production/smallimage - event: build_cancelled - state: absent - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Delete all the notifications where the title includes "Test" - infra.quay_configuration.quay_notification: - repository: production/smallimage - search_string: Test - state: absent - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - - -.. Facts - - -.. Return values - - -.. Status (Presently only deprecated) - - -.. Authors - -Authors -~~~~~~~ - -- Herve Quatremain (@herve4m) - - - -.. Extra links - -Collection links -~~~~~~~~~~~~~~~~ - -.. ansible-links:: - - - title: "Issue Tracker" - url: "https://github.com/redhat-cop/quay_configuration/issues" - external: true - - title: "Repository (Sources)" - url: "https://github.com/redhat-cop/quay_configuration" - external: true - - -.. Parsing errors - diff --git a/docs/quay_org_role.rst b/docs/quay_org_role.rst deleted file mode 100644 index edaed40..0000000 --- a/docs/quay_org_role.rst +++ /dev/null @@ -1,977 +0,0 @@ - -.. Document meta - -:orphan: - -.. |antsibull-internal-nbsp| unicode:: 0xA0 - :trim: - -.. meta:: - :antsibull-docs: 2.12.0 - -.. Anchors - -.. _ansible_collections.infra.quay_configuration.quay_org_role: - -.. Title - -infra.quay_configuration.quay_org role -- Create and configure a Quay Container Registry organization - -++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -.. Collection note - -.. note:: - This role is part of the `infra.quay_configuration collection `_ (version 2.1.0). - - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. - - To install it use: :code:`ansible-galaxy collection install infra.quay\_configuration`. - - To use it in a playbook, specify: :code:`infra.quay_configuration.quay_org`. - -.. contents:: - :local: - :depth: 2 - - -.. Entry point title - -Entry point ``main`` -- Create and configure a Quay Container Registry organization - ------------------------------------------------------------------------------------- - -.. version_added - - -.. Deprecated - - -Synopsis -^^^^^^^^ - -.. Description - -- Create an organization and configure it with robot accounts, teams, default permissions, OAuth applications, and repositories. - -.. Requirements - - -.. Options - -Parameters -^^^^^^^^^^ - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Parameter

Comments

-
-

quay_org_applications

- -

- list - / elements=dictionary -

- -
-

Create applications in the organization.

-
-
-

application_uri

- -

- string -

- -
-

URL to the application home page.

-
-
-

avatar_email

- -

- string -

- -
-

Email address that represents the avatar for the application.

-
-
-

description

- -

- string -

- -
-

Description for the application.

-
-
-

name

- -

- string - / required -

- -
-

Name of the application to create in the organization. Application names must be at least two characters long.

-
-
-

redirect_uri

- -

- string -

- -
-

Prefix of the application's OAuth redirection/callback URLs.

-
-
-

quay_org_auto_prune_method

- -

- string -

- -
-

Method to use for the auto-pruning tags policy.

-

If none, then the module ensures that no policy is in place. The tags are not pruned.

-

If tags, then the policy keeps only the number of tags that you specify in quay_org_auto_prune_value.

-

If date, then the policy deletes the tags older than the time period that you specify in quay_org_auto_prune_value.

-

quay_org_auto_prune_value is required when quay_org_auto_prune_method is tags or date.

-

Choices:

-
    -

  • "none"

    • -

  • "tags"

    • -

  • "date"

    • -
- -
-
-

quay_org_auto_prune_value

- -

- string -

- -
-

Number of tags to keep when quay_org_auto_prune_value is tags. The value must be 1 or more.

-

Period of time when quay_org_auto_prune_value is date. The value must be 1 or more, and must be followed by a suffix; s (for second), m (for minute), h (for hour), d (for day), or w (for week).

-

quay_org_auto_prune_method is required when quay_org_auto_prune_value is set.

-
-
-

quay_org_cache_expiration

- -

- integer -

- -
-

Tag expiration in seconds for cached images.

-

86400 (one day) by default.

-

Default: 86400

-
-
-

quay_org_cache_insecure

- -

- boolean -

- -
-

Whether to allow insecure connections to the remote registry.

-

If yes, then the module does not validate SSL certificates.

-

Choices:

-
    -

  • false ← (default)

    • -

  • true

    • -
- -
-
-

quay_org_cache_password

- -

- string -

- -
-

User's password as a clear string for authenticating with the remote registry.

-

Do not set a password for a public access to the remote registry.

-
-
-

quay_org_cache_registry

- -

- string -

- -
-

Name of the remote registry to use for the proxy cache configuration.

-

Add a namespace to the remote registry to restrict caching images from that namespace.

-
-
-

quay_org_cache_username

- -

- string -

- -
-

Name of the user account to use for authenticating with the remote registry.

-

Do not set a username for a public access to the remote registry.

-
-
-

quay_org_default_perms

- -

- list - / elements=dictionary -

- -
-

Create default repository permissions for the organization.

-

The permissions you define with this parameter apply when a user creates a new repository in the organization.

-
-
-

creator

- -

- string -

- -
-

Quay applies the default permission only when repositories are created by the user that you define in creator.

-

By default, if you do not provide that creator parameter, then Quay applies the default permission to all new repositories, whoever creates them.

-

You cannot use robot accounts or teams for the creator parameter. You can only use regular user accounts.

-
-
-

name

- -

- string - / required -

- -
-

Name of the user or team that gets permission to new created repositories in the organization.

-

For robot accounts use the organization+shortrobotname format.

-
-
-

role

- -

- string -

- -
-

Permission that Quay automatically grants to the user or team on new created repositories in the organization.

-

If you do not provide that parameter, then the role uses read by default.

-

Choices:

-
    -

  • "read"

    • -

  • "write"

    • -

  • "admin"

    • -
- -
-
-

type

- -

- string -

- -
-

Type of the account defined in name. Choose user for both user and robot accounts.

-

Choices:

-
    -

  • "user" ← (default)

    • -

  • "team"

    • -
- -
-
-

quay_org_email

- -

- string -

- -
-

Email address to associate with the new organization.

-

If your Quay administrator has enabled the mailing capability of your Quay installation (FEATURE_MAILING to true in config.yaml), then this quay_org_email parameter is mandatory.

-

You cannot use the same address as your account email.

-
-
-

quay_org_host

- -

- string -

- -
-

URL for accessing the API. https://quay.example.com:8443 for example.

-

If you do not set the parameter, then the role uses the QUAY_HOST environment variable.

-

If you do no set the environment variable either, then the role uses the http://127.0.0.1 URL.

-

Default: "http://127.0.0.1"

-
-
-

quay_org_name

- -

- string - / required -

- -
-

Name of the organization to create.

-

The name must be in lowercase and must not contain white spaces. For compatibility with earlier versions of Docker, the name must be at least four characters long.

-
-
-

quay_org_password

- -

- string -

- -
-

The password to use for authenticating against the API.

-

If you do not set the parameter, then the role tries the QUAY_PASSWORD environment variable.

-

If you set quay_org_password, then you also need to set quay_org_username.

-

Mutually exclusive with quay_org_token.

-
-
-

quay_org_quota

- -

- string -

- -
-

Quota that Quay uses to compute the warning and reject limits for the organization.

-

You specify a quota in bytes, but you can also use the K[i]B, M[i]B, G[i]B, or T[i]B suffixes.

-
-
-

quay_org_reject_pct

- -

- integer -

- -
-

Reject (hard) limit as a percentage of the quota.

-

Quay terminates any image push in the organization when the limit is reached.

-

Set quay_org_reject_pct to 0 to remove the reject limit.

-
-
-

quay_org_repositories

- -

- list - / elements=dictionary -

- -
-

Create repositories in the organization.

-
-
-

auto_prune_method

- -

- string -

- -
-

Method to use for the auto-pruning tags policy.

-

If none, then the module ensures that no policy is in place. The tags are not pruned.

-

If tags, then the policy keeps only the number of tags that you specify in auto_prune_value.

-

If date, then the policy deletes the tags older than the time period that you specify in auto_prune_value.

-

auto_prune_value is required when auto_prune_method is tags or date.

-

Choices:

-
    -

  • "none"

    • -

  • "tags"

    • -

  • "date"

    • -
- -
-
-

auto_prune_value

- -

- string -

- -
-

Number of tags to keep when auto_prune_value is tags. The value must be 1 or more.

-

Period of time when auto_prune_value is date. The value must be 1 or more, and must be followed by a suffix; s (for second), m (for minute), h (for hour), d (for day), or w (for week).

-

auto_prune_method is required when auto_prune_value is set.

-
-
-

description

- -

- string -

- -
-

Text in Markdown format that describes the repository.

-
-
-

name

- -

- string - / required -

- -
-

Name of the repository to create in the organization. The name must be in lowercase and must not contain white spaces.

-
-
-

perms

- -

- list - / elements=dictionary -

- -
-

User, robot, and team permissions to associate with the repository.

-
-
-

name

- -

- string - / required -

- -
-

Name of the account. The format for robot accounts is organization+shortrobotname.

-
-
-

role

- -

- string -

- -
-

Type of permission to grant.

-

Choices:

-
    -

  • "read" ← (default)

    • -

  • "write"

    • -

  • "admin"

    • -
- -
-
-

type

- -

- string -

- -
-

Specifies the type of the account. Choose user for both user and robot accounts.

-

Choices:

-
    -

  • "user" ← (default)

    • -

  • "team"

    • -
- -
-
-

repo_state

- -

- string -

- -
-

If NORMAL, then the repository is in the default state (read/write).

-

If READ_ONLY, then the repository is read-only.

-

If MIRROR, then the repository is a mirror and you can configure it by using the infra.quay_configuration.quay_repository_mirror module.

-

You must enable the mirroring capability of your Quay installation to use this repo_state parameter.

-

Choices:

-
    -

  • "NORMAL"

    • -

  • "READ_ONLY"

    • -

  • "MIRROR"

    • -
- -
-
-

visibility

- -

- string -

- -
-

If public, then anyone can pull images from the repository.

-

If private, then nobody can access the repository and you need to explicitly grant access to users, robots, and teams.

-

If you do not set the parameter when you create a repository, then it defaults to private.

-

Choices:

-
    -

  • "public"

    • -

  • "private"

    • -
- -
-
-

quay_org_robots

- -

- list - / elements=dictionary -

- -
-

List of robot accounts to create for the organization.

-
-
-

description

- -

- string -

- -
-

Description of the robot account. You cannot update the description of existing robot accounts.

-
-
-

name

- -

- string - / required -

- -
-

Name of the robot account to create. Because the role creates the robot account in the organization it manages, you do not need to use the format organization+shortname, although the role accepts that format. You can simply specify the robot account name without the organization+ prefix.

-

The name must be in lowercase, must not contain white spaces, must not start by a digit, and must be at least two characters long.

-
-
-

quay_org_teams

- -

- list - / elements=dictionary -

- -
-

List of teams to create in the organization.

-
-
-

description

- -

- string -

- -
-

Text in Markdown format that describes the team.

-
-
-

members

- -

- list - / elements=string -

- -
-

List of the user or robot accounts in the team. Use the syntax organization+robotshortname for robot accounts.

-

If the team is synchronized with an LDAP or OIDC group (see the infra.quay_configuration.quay_team_ldap and infra.quay_configuration.quay_team_oidc modules), then you can only add or remove robot accounts.

-
-
-

name

- -

- string - / required -

- -
-

Name of the team to create.

-

The name must be in lowercase, must not contain white spaces, must not start by a digit, and must be at least two characters long.

-
-
-

role

- -

- string -

- -
-

Role of the team within the organization. If not set, then the new team has the member role.

-

Choices:

-
    -

  • "member"

    • -

  • "creator"

    • -

  • "admin"

    • -
- -
-
-

quay_org_token

- -

- string -

- -
-

OAuth access token for authenticating against the API.

-

If you do not set the parameter, then the role tries the QUAY_TOKEN environment variable.

-

Mutually exclusive with quay_org_username and quay_org_password.

-
-
-

quay_org_username

- -

- string -

- -
-

The username to use for authenticating against the API.

-

If you do not set the parameter, then the role tries the QUAY_USERNAME environment variable.

-

If you set quay_org_username, then you also need to set quay_org_password.

-

Mutually exclusive with quay_org_token.

-
-
-

quay_org_users

- -

- list - / elements=dictionary -

- -
-

List of user account to create.

-
-
-

email

- -

- string -

- -
-

User's email address.

-

If your Quay administrator has enabled the mailing capability of your Quay installation (FEATURE_MAILING to true in config.yaml), then this email parameter is mandatory.

-
-
-

password

- -

- string -

- -
-

User's password as a clear string.

-

The password must be at least eight characters long and must not contain white spaces.

-
-
-

username

- -

- string - / required -

- -
-

Name of the user account to create.

-
-
-

quay_org_validate_certs

- -

- boolean -

- -
-

Whether to allow insecure connections to the API.

-

If no, then the role does not validate SSL certificates.

-

If you do not set the parameter, then the role tries the QUAY_VERIFY_SSL environment variable (yes, 1, and True mean yes, and no, 0, False, and no value mean no).

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
-
-

quay_org_warning_pct

- -

- integer -

- -
-

Warning (soft) limit as a percentage of the quota.

-

Quay notifies the users when the limit is reached.

-

Set quay_org_warning_pct to 0 to remove the warning limit.

-
- - - -.. Attributes - - -.. Notes - - -.. Seealso - - - -Authors -^^^^^^^ - -- Hervé Quatremain - - - -.. Extra links - -Collection links -~~~~~~~~~~~~~~~~ - -.. ansible-links:: - - - title: "Issue Tracker" - url: "https://github.com/redhat-cop/quay_configuration/issues" - external: true - - title: "Repository (Sources)" - url: "https://github.com/redhat-cop/quay_configuration" - external: true - - -.. Parsing errors - diff --git a/docs/quay_organization_module.rst b/docs/quay_organization_module.rst deleted file mode 100644 index 9879173..0000000 --- a/docs/quay_organization_module.rst +++ /dev/null @@ -1,391 +0,0 @@ - -.. Document meta - -:orphan: - -.. |antsibull-internal-nbsp| unicode:: 0xA0 - :trim: - -.. meta:: - :antsibull-docs: 2.12.0 - -.. Anchors - -.. _ansible_collections.infra.quay_configuration.quay_organization_module: - -.. Anchors: short name for ansible.builtin - -.. Title - -infra.quay_configuration.quay_organization module -- Manage Quay Container Registry organizations -+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -.. Collection note - -.. note:: - This module is part of the `infra.quay_configuration collection `_ (version 2.1.0). - - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. - - To install it, use: :code:`ansible-galaxy collection install infra.quay\_configuration`. - - To use it in a playbook, specify: :code:`infra.quay_configuration.quay_organization`. - -.. version_added - -.. rst-class:: ansible-version-added - -New in infra.quay\_configuration 0.0.1 - -.. contents:: - :local: - :depth: 1 - -.. Deprecated - - -Synopsis --------- - -.. Description - -- Create, delete, and update organizations in Quay Container Registry. - - -.. Aliases - - -.. Requirements - - - - - - -.. Options - -Parameters ----------- - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Parameter

Comments

-
-

auto_prune_method

- -

- string -

-
-

Method to use for the auto-pruning tags policy.

-

If none, then the module ensures that no policy is in place. The tags are not pruned.

-

If tags, then the policy keeps only the number of tags that you specify in auto_prune_value.

-

If date, then the policy deletes the tags older than the time period that you specify in auto_prune_value.

-

auto_prune_value is required when auto_prune_method is tags or date.

-

Choices:

-
    -

  • "none"

    • -

  • "tags"

    • -

  • "date"

    • -
- -
-
-

auto_prune_value

- -

- string -

-
-

Number of tags to keep when auto_prune_value is tags. The value must be 1 or more.

-

Period of time when auto_prune_value is date. The value must be 1 or more, and must be followed by a suffix; s (for second), m (for minute), h (for hour), d (for day), or w (for week).

-

auto_prune_method is required when auto_prune_value is set.

-
-
-

email

- -

- string -

-
-

Email address to associate with the new organization.

-

If your Quay administrator has enabled the mailing capability of your Quay installation (FEATURE_MAILING to true in config.yaml), then this email parameter is mandatory.

-

You cannot use the same address as your account email.

-
-
-

name

- -

- string - / required -

-
-

Name of the organization to create, remove, or modify.

-

The name must be in lowercase and must not contain white spaces. For compatibility with earlier versions of Docker, the name must be at least four characters long.

-
-
-

new_name

- -

- string -

-
-

New name for the organization.

-

Setting this option changes the name of the organization which current name is provided in name.

-

The token you use to connect to the API (in quay_token) must have the "Super User Access" permission.

-
-
-

quay_host

- -

- string -

-
-

URL for accessing the API. https://quay.example.com:8443 for example.

-

If you do not set the parameter, then the module uses the QUAY_HOST environment variable.

-

If you do no set the environment variable either, then the module uses the http://127.0.0.1 URL.

-

Default: "http://127.0.0.1"

-
-
-

quay_password

- -

- string -

-
-

The password to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_PASSWORD environment variable.

-

If you set quay_password, then you also need to set quay_username.

-

Mutually exclusive with quay_token.

-
-
-

quay_token

- -

- string -

-
-

OAuth access token for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_TOKEN environment variable.

-

Mutually exclusive with quay_username and quay_password.

-
-
-

quay_username

- -

- string -

-
-

The username to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_USERNAME environment variable.

-

If you set quay_username, then you also need to set quay_password.

-

Mutually exclusive with quay_token.

-
-
-

state

- -

- string -

-
-

If absent, then the module deletes the organization.

-

The module does not fail if the organization does not exist, because the state is already as expected.

-

If present, then the module creates the organization if it does not already exist.

-

If the organization already exists, then the module updates its state.

-

Choices:

-
    -

  • "absent"

    • -

  • "present" ← (default)

    • -
- -
-
-

time_machine_expiration

- -

- string -

-
-

The amount of time, after a tag is deleted, that the tag is accessible in time machine before being garbage collected.

-

Choices:

-
    -

  • "0s"

    • -

  • "1d"

    • -

  • "7d"

    • -

  • "14d"

    • -

  • "1month"

    • -
- -
-
-
-

validate_certs

- -

aliases: verify_ssl

-

- boolean -

-
-

Whether to allow insecure connections to the API.

-

If no, then the module does not validate SSL certificates.

-

If you do not set the parameter, then the module tries the QUAY_VERIFY_SSL environment variable (yes, 1, and True mean yes, and no, 0, False, and no value mean no).

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
- - - -.. Attributes - - -.. Notes - -Notes ------ - -.. note:: - - Supports \ :literal:`check\_mode`\ . - - Your Quay administrator must enable the auto-prune capability of your Quay installation (\ :literal:`FEATURE\_AUTO\_PRUNE`\ in \ :literal:`config.yaml`\ ) to use the \ :emphasis:`auto\_prune\_method`\ and \ :emphasis:`auto\_prune\_value`\ parameters. - - Using \ :emphasis:`auto\_prune\_method`\ and \ :emphasis:`auto\_prune\_value`\ requires Quay version 3.11 or later. - - The token that you provide in \ :emphasis:`quay\_token`\ must have the "Administer Organization" and "Administer User" permissions. - - To rename organizations, the token must also have the "Super User Access" permission. - - Your Quay administrator must enable the auto-prune capability of your Quay installation (\ :literal:`FEATURE\_AUTO\_PRUNE`\ in \ :literal:`config.yaml`\ ) to use the \ :emphasis:`auto\_prune\_method`\ and \ :emphasis:`auto\_prune\_value`\ parameters. - - Using \ :emphasis:`auto\_prune\_method`\ and \ :emphasis:`auto\_prune\_value`\ requires Quay version 3.11 or later. - -.. Seealso - - -.. Examples - -Examples --------- - -.. code-block:: yaml+jinja - - - - name: Ensure the organization exists - infra.quay_configuration.quay_organization: - name: production - email: prodlist@example.com - time_machine_expiration: "7d" - auto_prune_method: tags - auto_prune_value: 20 - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - # Renaming requires superuser permissions - - name: Ensure the organization has a new name - infra.quay_configuration.quay_organization: - name: production - new_name: development - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure the organization is removed - infra.quay_configuration.quay_organization: - name: development - state: absent - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - - -.. Facts - - -.. Return values - - -.. Status (Presently only deprecated) - - -.. Authors - -Authors -~~~~~~~ - -- Herve Quatremain (@herve4m) - - - -.. Extra links - -Collection links -~~~~~~~~~~~~~~~~ - -.. ansible-links:: - - - title: "Issue Tracker" - url: "https://github.com/redhat-cop/quay_configuration/issues" - external: true - - title: "Repository (Sources)" - url: "https://github.com/redhat-cop/quay_configuration" - external: true - - -.. Parsing errors - diff --git a/docs/quay_proxy_cache_module.rst b/docs/quay_proxy_cache_module.rst deleted file mode 100644 index f811942..0000000 --- a/docs/quay_proxy_cache_module.rst +++ /dev/null @@ -1,367 +0,0 @@ - -.. Document meta - -:orphan: - -.. |antsibull-internal-nbsp| unicode:: 0xA0 - :trim: - -.. meta:: - :antsibull-docs: 2.12.0 - -.. Anchors - -.. _ansible_collections.infra.quay_configuration.quay_proxy_cache_module: - -.. Anchors: short name for ansible.builtin - -.. Title - -infra.quay_configuration.quay_proxy_cache module -- Manage Quay Container Registry proxy cache configurations -+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -.. Collection note - -.. note:: - This module is part of the `infra.quay_configuration collection `_ (version 2.1.0). - - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. - - To install it, use: :code:`ansible-galaxy collection install infra.quay\_configuration`. - - To use it in a playbook, specify: :code:`infra.quay_configuration.quay_proxy_cache`. - -.. version_added - -.. rst-class:: ansible-version-added - -New in infra.quay\_configuration 1.1.0 - -.. contents:: - :local: - :depth: 1 - -.. Deprecated - - -Synopsis --------- - -.. Description - -- Create, delete, and update the proxy cache configuration in organizations. - - -.. Aliases - - -.. Requirements - - - - - - -.. Options - -Parameters ----------- - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Parameter

Comments

-
-

expiration

- -

- integer -

-
-

Tag expiration in seconds for cached images.

-

86400 (one day) by default.

-

Default: 86400

-
-
-

insecure

- -

- boolean -

-
-

Whether to allow insecure connections to the remote registry.

-

If yes, then the module does not validate SSL certificates.

-

Choices:

-
    -

  • false ← (default)

    • -

  • true

    • -
- -
-
-

organization

- -

- string - / required -

-
-

Name of the organization in which to create the proxy cache configuration. That organization must exist.

-
-
-

password

- -

- string -

-
-

User's password as a clear string.

-

Do not set a password for a public access to the remote registry.

-
-
-

quay_host

- -

- string -

-
-

URL for accessing the API. https://quay.example.com:8443 for example.

-

If you do not set the parameter, then the module uses the QUAY_HOST environment variable.

-

If you do no set the environment variable either, then the module uses the http://127.0.0.1 URL.

-

Default: "http://127.0.0.1"

-
-
-

quay_password

- -

- string -

-
-

The password to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_PASSWORD environment variable.

-

If you set quay_password, then you also need to set quay_username.

-

Mutually exclusive with quay_token.

-
-
-

quay_token

- -

- string -

-
-

OAuth access token for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_TOKEN environment variable.

-

Mutually exclusive with quay_username and quay_password.

-
-
-

quay_username

- -

- string -

-
-

The username to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_USERNAME environment variable.

-

If you set quay_username, then you also need to set quay_password.

-

Mutually exclusive with quay_token.

-
-
-

registry

- -

- string -

-
-

Name of the remote registry.

-

Add a namespace to the remote registry to restrict caching images from that namespace.

-

Default: "quay.io"

-
-
-

state

- -

- string -

-
-

If absent, then the module removes the proxy cache configuration.

-

The module does not fail if the proxy cache configuration does not exist, because the state is already as expected.

-

If present, then the module creates the proxy cache configuration.

-

If a proxy cache configuration already exists, then the module deletes it first.

-

Choices:

-
    -

  • "absent"

    • -

  • "present" ← (default)

    • -
- -
-
-

username

- -

- string -

-
-

Name of the user account to use for authenticating with the remote registry.

-

Do not set a username for a public access to the remote registry.

-
-
-
-

validate_certs

- -

aliases: verify_ssl

-

- boolean -

-
-

Whether to allow insecure connections to the API.

-

If no, then the module does not validate SSL certificates.

-

If you do not set the parameter, then the module tries the QUAY_VERIFY_SSL environment variable (yes, 1, and True mean yes, and no, 0, False, and no value mean no).

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
- - - -.. Attributes - - -.. Notes - -Notes ------ - -.. note:: - - The module requires Quay version 3.7 or later. - - To use the module, you must enable the proxy cache feature of your Quay installation (\ :literal:`FEATURE\_PROXY\_CACHE`\ in \ :literal:`config.yaml`\ ). - - When you set \ :emphasis:`state`\ to \ :literal:`present`\ , the module always reports a changed status, because it cannot retrieve the current password for the remote registry to compare it with the \ :emphasis:`password`\ parameter. - - Supports \ :literal:`check\_mode`\ . - - The token that you provide in \ :emphasis:`quay\_token`\ must have the "Administer Organization" permission. - -.. Seealso - - -.. Examples - -Examples --------- - -.. code-block:: yaml+jinja - - - - name: Ensure proxy cache is enabled in the production organization - infra.quay_configuration.quay_proxy_cache: - organization: production - registry: quay.io/prodimgs - username: cwade - password: My53cr3Tpa55 - expiration: 172800 - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure proxy cache is disabled in the production organization - infra.quay_configuration.quay_proxy_cache: - organization: production - state: absent - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - - -.. Facts - - -.. Return values - - -.. Status (Presently only deprecated) - - -.. Authors - -Authors -~~~~~~~ - -- Herve Quatremain (@herve4m) - - - -.. Extra links - -Collection links -~~~~~~~~~~~~~~~~ - -.. ansible-links:: - - - title: "Issue Tracker" - url: "https://github.com/redhat-cop/quay_configuration/issues" - external: true - - title: "Repository (Sources)" - url: "https://github.com/redhat-cop/quay_configuration" - external: true - - -.. Parsing errors - diff --git a/docs/quay_quota_module.rst b/docs/quay_quota_module.rst deleted file mode 100644 index e1ed953..0000000 --- a/docs/quay_quota_module.rst +++ /dev/null @@ -1,338 +0,0 @@ - -.. Document meta - -:orphan: - -.. |antsibull-internal-nbsp| unicode:: 0xA0 - :trim: - -.. meta:: - :antsibull-docs: 2.12.0 - -.. Anchors - -.. _ansible_collections.infra.quay_configuration.quay_quota_module: - -.. Anchors: short name for ansible.builtin - -.. Title - -infra.quay_configuration.quay_quota module -- Manage Quay Container Registry organizations quota -++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -.. Collection note - -.. note:: - This module is part of the `infra.quay_configuration collection `_ (version 2.1.0). - - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. - - To install it, use: :code:`ansible-galaxy collection install infra.quay\_configuration`. - - To use it in a playbook, specify: :code:`infra.quay_configuration.quay_quota`. - -.. version_added - -.. rst-class:: ansible-version-added - -New in infra.quay\_configuration 0.0.14 - -.. contents:: - :local: - :depth: 1 - -.. Deprecated - - -Synopsis --------- - -.. Description - -- Create, delete, and update storage quota for organizations. - - -.. Aliases - - -.. Requirements - - - - - - -.. Options - -Parameters ----------- - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Parameter

Comments

-
-

organization

- -

- string - / required -

-
-

Name of the organization. That organization must exist.

-
-
-

quay_host

- -

- string -

-
-

URL for accessing the API. https://quay.example.com:8443 for example.

-

If you do not set the parameter, then the module uses the QUAY_HOST environment variable.

-

If you do no set the environment variable either, then the module uses the http://127.0.0.1 URL.

-

Default: "http://127.0.0.1"

-
-
-

quay_password

- -

- string -

-
-

The password to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_PASSWORD environment variable.

-

If you set quay_password, then you also need to set quay_username.

-

Mutually exclusive with quay_token.

-
-
-

quay_token

- -

- string -

-
-

OAuth access token for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_TOKEN environment variable.

-

Mutually exclusive with quay_username and quay_password.

-
-
-

quay_username

- -

- string -

-
-

The username to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_USERNAME environment variable.

-

If you set quay_username, then you also need to set quay_password.

-

Mutually exclusive with quay_token.

-
-
-

quota

- -

- string -

-
-

Quota that Quay uses to compute the warning and reject limits for the organization.

-

You specify a quota in bytes, but you can also use the K[i]B, M[i]B, G[i]B, or T[i]B suffixes.

-
-
-

reject_pct

- -

- integer -

-
-

Reject (hard) limit as a percentage of the quota.

-

Quay terminates any image push in the organization when the limit is reached.

-

Set reject_pct to 0 to remove the reject limit.

-
-
-

state

- -

- string -

-
-

If absent, then the module deletes the quota and limits for the given organization.

-

If present, then the module establishes the quota and limits for the given organization.

-

If quota and limits are already set, then the module updates them.

-

Choices:

-
    -

  • "absent"

    • -

  • "present" ← (default)

    • -
- -
-
-
-

validate_certs

- -

aliases: verify_ssl

-

- boolean -

-
-

Whether to allow insecure connections to the API.

-

If no, then the module does not validate SSL certificates.

-

If you do not set the parameter, then the module tries the QUAY_VERIFY_SSL environment variable (yes, 1, and True mean yes, and no, 0, False, and no value mean no).

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
-
-

warning_pct

- -

- integer -

-
-

Warning (soft) limit as a percentage of the quota.

-

Quay notifies the users when the limit is reached.

-

Set warning_pct to 0 to remove the warning limit.

-
- - - -.. Attributes - - -.. Notes - -Notes ------ - -.. note:: - - The module requires Quay version 3.7 or later. - - The module requires that your Quay administrator enables quota management for your installation (by setting \ :literal:`FEATURE\_QUOTA\_MANAGEMENT`\ to \ :literal:`True`\ in \ :literal:`config.yaml`\ ). - - Supports \ :literal:`check\_mode`\ . - - The token that you provide in \ :emphasis:`quay\_token`\ must have the "Administer Organization" and "Administer User" permissions. - -.. Seealso - - -.. Examples - -Examples --------- - -.. code-block:: yaml+jinja - - - - name: Ensure the organization has a 1.5 TiB quota with 80% and 95% limits - infra.quay_configuration.quay_quota: - organization: production - quota: 1.5 TiB - warning_pct: 80 - reject_pct: 95 - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure the production organization has no warning limit - infra.quay_configuration.quay_quota: - organization: production - warning_pct: 0 - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure the production organization has no quota - infra.quay_configuration.quay_quota: - organization: production - state: absent - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - - -.. Facts - - -.. Return values - - -.. Status (Presently only deprecated) - - -.. Authors - -Authors -~~~~~~~ - -- Herve Quatremain (@herve4m) - - - -.. Extra links - -Collection links -~~~~~~~~~~~~~~~~ - -.. ansible-links:: - - - title: "Issue Tracker" - url: "https://github.com/redhat-cop/quay_configuration/issues" - external: true - - title: "Repository (Sources)" - url: "https://github.com/redhat-cop/quay_configuration" - external: true - - -.. Parsing errors - diff --git a/docs/quay_repository_mirror_module.rst b/docs/quay_repository_mirror_module.rst deleted file mode 100644 index cf8d5a9..0000000 --- a/docs/quay_repository_mirror_module.rst +++ /dev/null @@ -1,477 +0,0 @@ - -.. Document meta - -:orphan: - -.. |antsibull-internal-nbsp| unicode:: 0xA0 - :trim: - -.. meta:: - :antsibull-docs: 2.12.0 - -.. Anchors - -.. _ansible_collections.infra.quay_configuration.quay_repository_mirror_module: - -.. Anchors: short name for ansible.builtin - -.. Title - -infra.quay_configuration.quay_repository_mirror module -- Manage Quay Container Registry repository mirror configurations -+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -.. Collection note - -.. note:: - This module is part of the `infra.quay_configuration collection `_ (version 2.1.0). - - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. - - To install it, use: :code:`ansible-galaxy collection install infra.quay\_configuration`. - - To use it in a playbook, specify: :code:`infra.quay_configuration.quay_repository_mirror`. - -.. version_added - -.. rst-class:: ansible-version-added - -New in infra.quay\_configuration 0.0.4 - -.. contents:: - :local: - :depth: 1 - -.. Deprecated - - -Synopsis --------- - -.. Description - -- Configure and synchronize repository mirrors in Quay Container Registry. - - -.. Aliases - - -.. Requirements - - - - - - -.. Options - -Parameters ----------- - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Parameter

Comments

-
-

external_reference

- -

- string -

-
-

Path to the remote container repository to synchronize, such as quay.io/projectquay/quay for example.

-

That parameter is required when creating the mirroring configuration.

-
-
-

external_registry_password

- -

- string -

-
-

Password to use for pulling the image from the remote registry.

-
-
-

external_registry_username

- -

- string -

-
-

Username to use for pulling the image from the remote registry.

-
-
-

force_sync

- -

- boolean -

-
-

Triggers an immediate image synchronization.

-

Choices:

-
    -

  • false ← (default)

    • -

  • true

    • -
- -
-
-

http_proxy

- -

- string -

-
-

HTTP proxy to use for accessing the remote container registry.

-

See the curl documentation for more details.

-

By default, no proxy is used.

-
-
-

https_proxy

- -

- string -

-
-

HTTPS proxy to use for accessing the remote container registry.

-

See the curl documentation for more details.

-

By default, no proxy is used.

-
-
-

image_tags

- -

- list - / elements=string -

-
-

List of image tags to be synchronized from the remote repository.

-
-
-

is_enabled

- -

- boolean -

-
-

Defines whether the mirror configuration is active or inactive.

-

false by default.

-

Choices:

-
    -

  • false

    • -

  • true

    • -
- -
-
-

name

- -

- string - / required -

-
-

Name of the existing repository for which the mirror parameters are configured. The format for the name is namespace/shortname. The namespace can only be an organization namespace.

-
-
-

no_proxy

- -

- string -

-
-

Comma-separated list of hosts for which the proxy should not be used.

-

Only relevant when you also specify a proxy configuration by setting the http_proxy or https_proxy variables.

-

See the curl documentation for more details.

-
-
-

quay_host

- -

- string -

-
-

URL for accessing the API. https://quay.example.com:8443 for example.

-

If you do not set the parameter, then the module uses the QUAY_HOST environment variable.

-

If you do no set the environment variable either, then the module uses the http://127.0.0.1 URL.

-

Default: "http://127.0.0.1"

-
-
-

quay_password

- -

- string -

-
-

The password to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_PASSWORD environment variable.

-

If you set quay_password, then you also need to set quay_username.

-

Mutually exclusive with quay_token.

-
-
-

quay_token

- -

- string -

-
-

OAuth access token for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_TOKEN environment variable.

-

Mutually exclusive with quay_username and quay_password.

-
-
-

quay_username

- -

- string -

-
-

The username to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_USERNAME environment variable.

-

If you set quay_username, then you also need to set quay_password.

-

Mutually exclusive with quay_token.

-
-
-

robot_username

- -

- string -

-
-

Username of the robot account that is used for synchronization.

-

That parameter is required when creating the mirroring configuration.

-
-
-

sync_interval

- -

- integer -

-
-

Synchronization interval for this repository mirror in seconds.

-

86400 (one day) by default.

-
-
-

sync_start_date

- -

- string -

-
-

The date and time at which the first synchronization should be initiated.

-

The format for the sync_start_date parameter is ISO 8601 UTC, such as 2021-12-02T21:06:00Z.

-

If you do not provide the sync_start_date parameter when you configure a new repository mirror, then the synchronization is immediately active, and a synchronization is initiated if the is_enabled parameter is true.

-
-
-
-

validate_certs

- -

aliases: verify_ssl

-

- boolean -

-
-

Whether to allow insecure connections to the API.

-

If no, then the module does not validate SSL certificates.

-

If you do not set the parameter, then the module tries the QUAY_VERIFY_SSL environment variable (yes, 1, and True mean yes, and no, 0, False, and no value mean no).

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
-
-

verify_tls

- -

- boolean -

-
-

Defines whether TLS of the external registry should be verified.

-

true by default.

-

Choices:

-
    -

  • false

    • -

  • true

    • -
- -
- - - -.. Attributes - - -.. Notes - -Notes ------ - -.. note:: - - Your Quay administrator must enable the mirroring capability of your Quay installation (\ :literal:`FEATURE\_REPO\_MIRROR`\ in \ :literal:`config.yaml`\ ) to use that module. - - You cannot modify a repository mirroring configuration if a synchronization is in progress. - - There is no API function to remove the configuration. However, you can deactivate mirroring by setting the \ :emphasis:`is\_enabled`\ parameter to \ :literal:`false`\ or by changing the repository mirror state (see the \ :emphasis:`repo\_state`\ parameter in the \ :ref:`infra.quay\_configuration.quay\_repository `\ module). The configuration is preserved when you disable mirroring. - - Supports \ :literal:`check\_mode`\ . - - The user account associated with the token that you provide in \ :emphasis:`quay\_token`\ must have administrator access to the repository. - -.. Seealso - - -.. Examples - -Examples --------- - -.. code-block:: yaml+jinja - - - - name: Ensure mirroring is set for the existing production/smallimage repo - infra.quay_configuration.quay_repository_mirror: - name: production/smallimage - external_reference: quay.io/projectquay/quay - http_proxy: http://proxy.example.com:3128 - robot_username: production+auditrobot - is_enabled: true - image_tags: - - latest - - v3.5.2 - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure mirroring is disabled for the production/smallimage repository - infra.quay_configuration.quay_repository_mirror: - name: production/smallimage - is_enabled: false - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Immediate trigger a synchronization of the repository - infra.quay_configuration.quay_repository_mirror: - name: production/smallimage - force_sync: true - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - - -.. Facts - - -.. Return values - - -.. Status (Presently only deprecated) - - -.. Authors - -Authors -~~~~~~~ - -- Herve Quatremain (@herve4m) - - - -.. Extra links - -Collection links -~~~~~~~~~~~~~~~~ - -.. ansible-links:: - - - title: "Issue Tracker" - url: "https://github.com/redhat-cop/quay_configuration/issues" - external: true - - title: "Repository (Sources)" - url: "https://github.com/redhat-cop/quay_configuration" - external: true - - -.. Parsing errors - diff --git a/docs/quay_repository_module.rst b/docs/quay_repository_module.rst deleted file mode 100644 index 2ca9d66..0000000 --- a/docs/quay_repository_module.rst +++ /dev/null @@ -1,560 +0,0 @@ - -.. Document meta - -:orphan: - -.. |antsibull-internal-nbsp| unicode:: 0xA0 - :trim: - -.. meta:: - :antsibull-docs: 2.12.0 - -.. Anchors - -.. _ansible_collections.infra.quay_configuration.quay_repository_module: - -.. Anchors: short name for ansible.builtin - -.. Title - -infra.quay_configuration.quay_repository module -- Manage Quay Container Registry repositories -++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -.. Collection note - -.. note:: - This module is part of the `infra.quay_configuration collection `_ (version 2.1.0). - - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. - - To install it, use: :code:`ansible-galaxy collection install infra.quay\_configuration`. - - To use it in a playbook, specify: :code:`infra.quay_configuration.quay_repository`. - -.. version_added - -.. rst-class:: ansible-version-added - -New in infra.quay\_configuration 0.0.1 - -.. contents:: - :local: - :depth: 1 - -.. Deprecated - - -Synopsis --------- - -.. Description - -- Create, delete, and update repositories in Quay Container Registry. - - -.. Aliases - - -.. Requirements - - - - - - -.. Options - -Parameters ----------- - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Parameter

Comments

-
-

append

- -

- boolean -

-
-

If yes, then add the permission defined in perms to the repository.

-

If no, then the module sets the permissions specified in perms, removing all others permissions from the repository.

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
-
-

auto_prune_method

- -

- string -

-
-

Method to use for the auto-pruning tags policy.

-

If none, then the module ensures that no policy is in place. The tags are not pruned.

-

If tags, then the policy keeps only the number of tags that you specify in auto_prune_value.

-

If date, then the policy deletes the tags older than the time period that you specify in auto_prune_value.

-

auto_prune_value is required when auto_prune_method is tags or date.

-

Choices:

-
    -

  • "none"

    • -

  • "tags"

    • -

  • "date"

    • -
- -
-
-

auto_prune_value

- -

- string -

-
-

Number of tags to keep when auto_prune_value is tags. The value must be 1 or more.

-

Period of time when auto_prune_value is date. The value must be 1 or more, and must be followed by a suffix; s (for second), m (for minute), h (for hour), d (for day), or w (for week).

-

auto_prune_method is required when auto_prune_value is set.

-
-
-

description

- -

- string -

-
-

Text in Markdown format that describes the repository.

-
-
-

name

- -

- string - / required -

-
-

Name of the repository to create, remove, or modify. The format for the name is namespace/shortname. The namespace can be an organization or a personal namespace.

-

The name must be in lowercase and must not contain white spaces.

-

If you omit the namespace part in the name, then the module uses your personal namespace.

-
-
-

perms

- -

- list - / elements=dictionary -

-
-

User, robot, and team permissions to associate with the repository.

-
-
-

name

- -

- string - / required -

-
-

Name of the account. The format for robot accounts is namespace+shortrobotname.

-
-
-

role

- -

- string -

-
-

Type of permission to grant.

-

Choices:

-
    -

  • "read" ← (default)

    • -

  • "write"

    • -

  • "admin"

    • -
- -
-
-

type

- -

- string -

-
-

Specifies the type of the account. Choose user for both user and robot accounts.

-

Choices:

-
    -

  • "user" ← (default)

    • -

  • "team"

    • -
- -
-
-

quay_host

- -

- string -

-
-

URL for accessing the API. https://quay.example.com:8443 for example.

-

If you do not set the parameter, then the module uses the QUAY_HOST environment variable.

-

If you do no set the environment variable either, then the module uses the http://127.0.0.1 URL.

-

Default: "http://127.0.0.1"

-
-
-

quay_password

- -

- string -

-
-

The password to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_PASSWORD environment variable.

-

If you set quay_password, then you also need to set quay_username.

-

Mutually exclusive with quay_token.

-
-
-

quay_token

- -

- string -

-
-

OAuth access token for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_TOKEN environment variable.

-

Mutually exclusive with quay_username and quay_password.

-
-
-

quay_username

- -

- string -

-
-

The username to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_USERNAME environment variable.

-

If you set quay_username, then you also need to set quay_password.

-

Mutually exclusive with quay_token.

-
-
-

repo_state

- -

- string -

-
-

If NORMAL, then the repository is in the default state (read/write).

-

If READ_ONLY, then the repository is read-only.

-

If MIRROR, then the repository is a mirror and you can configure it by using the infra.quay_configuration.quay_repository_mirror module.

-

You must enable the mirroring capability of your Quay installation to use this repo_state parameter.

-

Choices:

-
    -

  • "NORMAL"

    • -

  • "READ_ONLY"

    • -

  • "MIRROR"

    • -
- -
-
-

star

- -

- boolean -

-
-

If yes, then add a star to the repository. If no, then remove the star.

-

To star or unstar a repository you must provide the quay_token parameter to authenticate. If you are not authenticated, then the module ignores the star parameter.

-

Choices:

-
    -

  • false

    • -

  • true

    • -
- -
-
-

state

- -

- string -

-
-

If absent, then the module deletes the repository.

-

The module does not fail if the repository does not exist, because the state is already as expected.

-

If present, then the module creates the repository if it does not already exist.

-

If the repository already exists, then the module updates its state.

-

Choices:

-
    -

  • "absent"

    • -

  • "present" ← (default)

    • -
- -
-
-
-

validate_certs

- -

aliases: verify_ssl

-

- boolean -

-
-

Whether to allow insecure connections to the API.

-

If no, then the module does not validate SSL certificates.

-

If you do not set the parameter, then the module tries the QUAY_VERIFY_SSL environment variable (yes, 1, and True mean yes, and no, 0, False, and no value mean no).

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
-
-

visibility

- -

- string -

-
-

If public, then anyone can pull images from the repository.

-

If private, then nobody can access the repository and you need to explicitly grant access to users, robots, and teams.

-

If you do not set the parameter when you create a repository, then it defaults to private.

-

Choices:

-
    -

  • "public"

    • -

  • "private"

    • -
- -
- - - -.. Attributes - - -.. Notes - -Notes ------ - -.. note:: - - Your Quay administrator must enable the mirroring capability of your Quay installation (\ :literal:`FEATURE\_REPO\_MIRROR`\ in \ :literal:`config.yaml`\ ) to use the \ :emphasis:`repo\_state`\ parameter. - - Supports \ :literal:`check\_mode`\ . - - The token that you provide in \ :emphasis:`quay\_token`\ must have the "Administer Repositories" and "Create Repositories" permissions. - - Your Quay administrator must enable the auto-prune capability of your Quay installation (\ :literal:`FEATURE\_AUTO\_PRUNE`\ in \ :literal:`config.yaml`\ ) to use the \ :emphasis:`auto\_prune\_method`\ and \ :emphasis:`auto\_prune\_value`\ parameters. - - Using \ :emphasis:`auto\_prune\_method`\ and \ :emphasis:`auto\_prune\_value`\ requires Quay version 3.11 or later. - -.. Seealso - - -.. Examples - -Examples --------- - -.. code-block:: yaml+jinja - - - - name: Ensure repository smallimage exists in the production organization - infra.quay_configuration.quay_repository: - name: production/smallimage - visibility: private - description: | - # My first repository - - * smallimage is a small GNU/linux container image - * Use podman to start a container using that image - perms: - - name: operators - type: team - role: read - - name: lvasquez - type: user - role: read - - name: production+automationrobot - type: user - role: admin - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure repository bigimage exists in my namespace - infra.quay_configuration.quay_repository: - name: bigimage - visibility: public - perms: - - name: dwilde - type: user - role: write - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure repository development/testimg does not exist - infra.quay_configuration.quay_repository: - name: development/testimg - state: absent - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure the repository has the exact set of permissions - infra.quay_configuration.quay_repository: - name: production/smallimage - perms: - - name: operators - type: team - role: admin - - name: managers - type: team - role: read - - name: developers - type: team - role: read - - name: production+auditrobot - type: user - role: read - append: false - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure the repository has a star and tags older that 4 weeks are pruned - infra.quay_configuration.quay_repository: - name: production/smallimage - star: true - auto_prune_method: date - auto_prune_value: 4w - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - # You must enable the mirroring capability of your Quay installation - # to use the repo_state parameter. - - name: Ensure the repository is prepared for mirroring - infra.quay_configuration.quay_repository: - name: production/smallimage - repo_state: MIRROR - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - - -.. Facts - - -.. Return values - - -.. Status (Presently only deprecated) - - -.. Authors - -Authors -~~~~~~~ - -- Herve Quatremain (@herve4m) - - - -.. Extra links - -Collection links -~~~~~~~~~~~~~~~~ - -.. ansible-links:: - - - title: "Issue Tracker" - url: "https://github.com/redhat-cop/quay_configuration/issues" - external: true - - title: "Repository (Sources)" - url: "https://github.com/redhat-cop/quay_configuration" - external: true - - -.. Parsing errors - diff --git a/docs/quay_robot_module.rst b/docs/quay_robot_module.rst deleted file mode 100644 index 30471aa..0000000 --- a/docs/quay_robot_module.rst +++ /dev/null @@ -1,363 +0,0 @@ - -.. Document meta - -:orphan: - -.. |antsibull-internal-nbsp| unicode:: 0xA0 - :trim: - -.. meta:: - :antsibull-docs: 2.12.0 - -.. Anchors - -.. _ansible_collections.infra.quay_configuration.quay_robot_module: - -.. Anchors: short name for ansible.builtin - -.. Title - -infra.quay_configuration.quay_robot module -- Manage Quay Container Registry robot accounts -+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -.. Collection note - -.. note:: - This module is part of the `infra.quay_configuration collection `_ (version 2.1.0). - - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. - - To install it, use: :code:`ansible-galaxy collection install infra.quay\_configuration`. - - To use it in a playbook, specify: :code:`infra.quay_configuration.quay_robot`. - -.. version_added - -.. rst-class:: ansible-version-added - -New in infra.quay\_configuration 0.0.1 - -.. contents:: - :local: - :depth: 1 - -.. Deprecated - - -Synopsis --------- - -.. Description - -- Create and delete robot accounts. - - -.. Aliases - - -.. Requirements - - - - - - -.. Options - -Parameters ----------- - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Parameter

Comments

-
-

description

- -

- string -

-
-

Description of the robot account. You cannot update the description of existing robot accounts.

-
-
-

name

- -

- string - / required -

-
-

Name of the robot account to create or remove, in the format namespace+shortname. The namespace can be an organization or a personal namespace.

-

The short name (the part after the + sign) must be in lowercase, must not contain white spaces, must not start by a digit, and must be at least two characters long.

-

If you omit the namespace part in the name, then the module uses your personal namespace.

-

You can create and delete robot accounts in your personal namespace, but not in the personal namespace of other users. The token you use in quay_token determines the user account you are using.

-
-
-

quay_host

- -

- string -

-
-

URL for accessing the API. https://quay.example.com:8443 for example.

-

If you do not set the parameter, then the module uses the QUAY_HOST environment variable.

-

If you do no set the environment variable either, then the module uses the http://127.0.0.1 URL.

-

Default: "http://127.0.0.1"

-
-
-

quay_password

- -

- string -

-
-

The password to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_PASSWORD environment variable.

-

If you set quay_password, then you also need to set quay_username.

-

Mutually exclusive with quay_token.

-
-
-

quay_token

- -

- string -

-
-

OAuth access token for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_TOKEN environment variable.

-

Mutually exclusive with quay_username and quay_password.

-
-
-

quay_username

- -

- string -

-
-

The username to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_USERNAME environment variable.

-

If you set quay_username, then you also need to set quay_password.

-

Mutually exclusive with quay_token.

-
-
-

state

- -

- string -

-
-

If absent, then the module deletes the robot account.

-

The module does not fail if the account does not exist, because the state is already as expected.

-

If present, then the module creates the robot account if it does not already exist.

-

Choices:

-
    -

  • "absent"

    • -

  • "present" ← (default)

    • -
- -
-
-
-

validate_certs

- -

aliases: verify_ssl

-

- boolean -

-
-

Whether to allow insecure connections to the API.

-

If no, then the module does not validate SSL certificates.

-

If you do not set the parameter, then the module tries the QUAY_VERIFY_SSL environment variable (yes, 1, and True mean yes, and no, 0, False, and no value mean no).

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
- - - -.. Attributes - - -.. Notes - -Notes ------ - -.. note:: - - Supports \ :literal:`check\_mode`\ . - - The token that you provide in \ :emphasis:`quay\_token`\ must have the "Administer Organization" and "Administer User" permissions. - -.. Seealso - - -.. Examples - -Examples --------- - -.. code-block:: yaml+jinja - - - - name: Ensure the robot account production+robotprod1 exists - infra.quay_configuration.quay_robot: - name: production+robotprod1 - description: Robot account for production - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - register: robot_details - - - debug: - msg: "Robot token: {{ robot_details['token'] }}" - - - debug: - msg: "Docker configuration (Base64): {{ robot_details['name'] - | infra.quay_configuration.quay_docker_config(robot_details['token'], - 'https://quay.example.com') }}" - - - name: Ensure the robot account myrobot exists in my namespace - infra.quay_configuration.quay_robot: - name: myrobot - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure the robot account production+robotdev1 does not exists - infra.quay_configuration.quay_robot: - name: production+robotdev1 - state: absent - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - - -.. Facts - - -.. Return values - -Return Values -------------- -Common return values are documented :ref:`here `, the following are the fields unique to this module: - -.. raw:: html - - - - - - - - - - - - - - - - - - -

Key

Description

-
-

name

- -

- string -

-
-

Token name.

-

From this name and the token, in token, you can construct a Docker configuration file that you can use to manage images in the container image registry. See infra.quay_configuration.quay_docker_config.

-

Returned: changed

-

Sample: "production+robotprod1"

-
-
-

token

- -

- string -

-
-

Robot credential (token).

-

Returned: changed

-

Sample: "IWG3K5EW92KZLPP42PMOKM5CJ2DEAQMSCU33A35NR7MNL21004NKVP3BECOWSQP2"

-
- - - -.. Status (Presently only deprecated) - - -.. Authors - -Authors -~~~~~~~ - -- Herve Quatremain (@herve4m) - - - -.. Extra links - -Collection links -~~~~~~~~~~~~~~~~ - -.. ansible-links:: - - - title: "Issue Tracker" - url: "https://github.com/redhat-cop/quay_configuration/issues" - external: true - - title: "Repository (Sources)" - url: "https://github.com/redhat-cop/quay_configuration" - external: true - - -.. Parsing errors - diff --git a/docs/quay_tag_info_module.rst b/docs/quay_tag_info_module.rst deleted file mode 100644 index b8ded77..0000000 --- a/docs/quay_tag_info_module.rst +++ /dev/null @@ -1,456 +0,0 @@ - -.. Document meta - -:orphan: - -.. |antsibull-internal-nbsp| unicode:: 0xA0 - :trim: - -.. meta:: - :antsibull-docs: 2.12.0 - -.. Anchors - -.. _ansible_collections.infra.quay_configuration.quay_tag_info_module: - -.. Anchors: short name for ansible.builtin - -.. Title - -infra.quay_configuration.quay_tag_info module -- Gather information about tags in a Quay Container Registry repository -++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -.. Collection note - -.. note:: - This module is part of the `infra.quay_configuration collection `_ (version 2.1.0). - - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. - - To install it, use: :code:`ansible-galaxy collection install infra.quay\_configuration`. - - To use it in a playbook, specify: :code:`infra.quay_configuration.quay_tag_info`. - -.. version_added - -.. rst-class:: ansible-version-added - -New in infra.quay\_configuration 0.0.1 - -.. contents:: - :local: - :depth: 1 - -.. Deprecated - - -Synopsis --------- - -.. Description - -- Gather information about the tags in a repository. - - -.. Aliases - - -.. Requirements - - - - - - -.. Options - -Parameters ----------- - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Parameter

Comments

-
-

digest

- -

- string -

-
-

Gather information on the images with that digest instead of returning data on all the tags in the repository.

-

Mutually exclusive with tag.

-
-
-

only_active_tags

- -

- boolean -

-
-

If yes, then the module only collects information on tags that have not expired and have not been deleted. If no, then the module returns information on all the tags.

-

You can identify expired and deleted tags (when only_active_tags is no) in the returned data by inspecting the end_ts or expiration tag attributes. Those attributes provide the expiration or deletion date.

-

Choices:

-
    -

  • false ← (default)

    • -

  • true

    • -
- -
-
-

quay_host

- -

- string -

-
-

URL for accessing the API. https://quay.example.com:8443 for example.

-

If you do not set the parameter, then the module uses the QUAY_HOST environment variable.

-

If you do no set the environment variable either, then the module uses the http://127.0.0.1 URL.

-

Default: "http://127.0.0.1"

-
-
-

quay_password

- -

- string -

-
-

The password to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_PASSWORD environment variable.

-

If you set quay_password, then you also need to set quay_username.

-

Mutually exclusive with quay_token.

-
-
-

quay_token

- -

- string -

-
-

OAuth access token for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_TOKEN environment variable.

-

Mutually exclusive with quay_username and quay_password.

-
-
-

quay_username

- -

- string -

-
-

The username to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_USERNAME environment variable.

-

If you set quay_username, then you also need to set quay_password.

-

Mutually exclusive with quay_token.

-
-
-

repository

- -

- string - / required -

-
-

Name of the repository that contains the tags to list. The format is namespace/shortname. The namespace can be an organization or a personal namespace.

-

If you omit the namespace part, then the module looks for the repository in your personal namespace.

-
-
-

tag

- -

- string -

-
-

Gather information on that specific tag instead of returning data on all the tags in the repository.

-

Mutually exclusive with digest.

-
-
-
-

validate_certs

- -

aliases: verify_ssl

-

- boolean -

-
-

Whether to allow insecure connections to the API.

-

If no, then the module does not validate SSL certificates.

-

If you do not set the parameter, then the module tries the QUAY_VERIFY_SSL environment variable (yes, 1, and True mean yes, and no, 0, False, and no value mean no).

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
- - - -.. Attributes - - -.. Notes - - -.. Seealso - - -.. Examples - -Examples --------- - -.. code-block:: yaml+jinja - - - - name: Retrieve the tags in the production/smallimage repository - infra.quay_configuration.quay_tag_info: - repository: production/smallimage - only_active_tags: true - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - register: tags - - - name: Gather info on tag 0.1.2 of the testing image in my personal namespace - infra.quay_configuration.quay_tag_info: - repository: testimg - tag: "0.1.2" - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - register: tag_info - - - name: Retrieve the tags from the images with the given digest - infra.quay_configuration.quay_tag_info: - repository: production/smallimage - digest: "sha256:53b2...a7c8" - only_active_tags: true - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - register: tags - - - - -.. Facts - - -.. Return values - -Return Values -------------- -Common return values are documented :ref:`here `, the following are the fields unique to this module: - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Key

Description

-
-

tags

- -

- list - / elements=dictionary -

-
-

List of the tags in the repository.

-

Returned: always

-

Sample: [{"is_manifest_list": false, "last_modified": "Thu, 30 Sep 2021 06:10:23 -0000", "manifest_digest": "sha256:9ce9...f3c7", "name": "1.33.1", "reversion": false, "size": 784538, "start_ts": 1632982223}, {"is_manifest_list": false, "last_modified": "Thu, 30 Sep 2021 06:10:22 -0000", "manifest_digest": "sha256:9ce9...f3c7", "name": "latest", "reversion": false, "size": 784538, "start_ts": 1632982222}, {"end_ts": 1640336040, "expiration": "Fri, 24 Dec 2021 08:54:00 -0000", "is_manifest_list": false, "last_modified": "Thu, 30 Sep 2021 06:10:21 -0000", "manifest_digest": "sha256:a8f2...5ea7", "name": "1.34.0", "reversion": false, "size": 802700, "start_ts": 1632982221}]

-
-
-

end_ts

- -

- integer -

-
-

Time in seconds since the epoch of the tag expiration.

-

The module only returns expired tags when the only_active_tags parameter is no.

-

Returned: only when an expiration date has been explicitly assigned.

-

Sample: 1640336040

-
-
-

expiration

- -

- string -

-
-

Expiration date and time in a human readable format.

-

Returned: only when an expiration date has been explicitly assigned.

-

Sample: "Fri, 24 Dec 2021 08:54:00 -0000"

-
-
-

last_modified

- -

- string -

-
-

Date and time of the last tag modification in a human readable format.

-

Returned: always

-

Sample: "Thu, 30 Sep 2021 06:10:22 -0000"

-
-
-

manifest_digest

- -

- string -

-
-

SHA256 digest for the tag.

-

You can use that digest to pull the image instead of using the tag name. For example, podman pull quay.example.com/production/smallimage@sha256:a8f2...5ea7.

-

Returned: always

-

Sample: "sha256:a8f231c07da40107543d74ed1e9a1938a004b498377dbefcf29082c7a9e55ea7"

-
-
-

name

- -

- string -

-
-

Tag identifier.

-

Returned: always

-

Sample: "0.1.2"

-
-
-

size

- -

- integer -

-
-

Size of the associated image in bytes.

-

Returned: always

-

Sample: 802700

-
-
-

start_ts

- -

- integer -

-
-

Time in seconds since the epoch of the last tag modification.

-

Returned: always

-

Sample: 1632982222

-
- - - -.. Status (Presently only deprecated) - - -.. Authors - -Authors -~~~~~~~ - -- Herve Quatremain (@herve4m) - - - -.. Extra links - -Collection links -~~~~~~~~~~~~~~~~ - -.. ansible-links:: - - - title: "Issue Tracker" - url: "https://github.com/redhat-cop/quay_configuration/issues" - external: true - - title: "Repository (Sources)" - url: "https://github.com/redhat-cop/quay_configuration" - external: true - - -.. Parsing errors - diff --git a/docs/quay_tag_module.rst b/docs/quay_tag_module.rst deleted file mode 100644 index d069154..0000000 --- a/docs/quay_tag_module.rst +++ /dev/null @@ -1,352 +0,0 @@ - -.. Document meta - -:orphan: - -.. |antsibull-internal-nbsp| unicode:: 0xA0 - :trim: - -.. meta:: - :antsibull-docs: 2.12.0 - -.. Anchors - -.. _ansible_collections.infra.quay_configuration.quay_tag_module: - -.. Anchors: short name for ansible.builtin - -.. Title - -infra.quay_configuration.quay_tag module -- Manage Quay Container Registry image tags -+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -.. Collection note - -.. note:: - This module is part of the `infra.quay_configuration collection `_ (version 2.1.0). - - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. - - To install it, use: :code:`ansible-galaxy collection install infra.quay\_configuration`. - - To use it in a playbook, specify: :code:`infra.quay_configuration.quay_tag`. - -.. version_added - -.. rst-class:: ansible-version-added - -New in infra.quay\_configuration 0.0.1 - -.. contents:: - :local: - :depth: 1 - -.. Deprecated - - -Synopsis --------- - -.. Description - -- Create, delete, and update image tags. - - -.. Aliases - - -.. Requirements - - - - - - -.. Options - -Parameters ----------- - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Parameter

Comments

-
-

expiration

- -

- string -

-
-

Expiration date and time for the tag. The format is YYYYMMDDHHMM.SS but you can change it by setting the expiration_format parameter.

-

You cannot set an expiration date more that two years in the future. If you do so, then Quay forces the date at that two years boundary.

-

You cannot set an expiration date in the past.

-
-
-

expiration_format

- -

- string -

-
-

Indicate the time format used in the expiration parameter.

-

Based on default Python format (see https://docs.python.org/3/library/time.html#time.strftime).

-

Default: "%Y%m%d%H%M.%S"

-
-
-

image

- -

- string - / required -

-
-

Name of the existing image. The format is namespace/repository:tag or namespace/repository@digest. The namespace can be an organization or a personal namespace.

-

If you omit the namespace part, then the module looks for the repository in your personal namespace.

-

If you omit the tag and the digest part, then latest is assumed.

-
-
-

quay_host

- -

- string -

-
-

URL for accessing the API. https://quay.example.com:8443 for example.

-

If you do not set the parameter, then the module uses the QUAY_HOST environment variable.

-

If you do no set the environment variable either, then the module uses the http://127.0.0.1 URL.

-

Default: "http://127.0.0.1"

-
-
-

quay_password

- -

- string -

-
-

The password to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_PASSWORD environment variable.

-

If you set quay_password, then you also need to set quay_username.

-

Mutually exclusive with quay_token.

-
-
-

quay_token

- -

- string -

-
-

OAuth access token for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_TOKEN environment variable.

-

Mutually exclusive with quay_username and quay_password.

-
-
-

quay_username

- -

- string -

-
-

The username to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_USERNAME environment variable.

-

If you set quay_username, then you also need to set quay_password.

-

Mutually exclusive with quay_token.

-
-
-

state

- -

- string -

-
-

If absent, then the module deletes the image which tag is given in the tag parameter, or if not set, in the image name.

-

If present, then the module adds the tag in the tag parameter to the image.

-

Choices:

-
    -

  • "absent"

    • -

  • "present" ← (default)

    • -
- -
-
-

tag

- -

- string -

-
-

When state=present, the tag parameter provides the new tag to add to the image. If another image already uses that tag, then the module removes the tag from that other image first.

-

When state=absent, the tag parameter indicates the tag to remove. If you do not set that tag parameter, then the module removes the tag that you give in the image name with the image parameter.

-

When you specify the image by its digest, in the image parameter, then that tag parameter is mandatory.

-
-
-
-

validate_certs

- -

aliases: verify_ssl

-

- boolean -

-
-

Whether to allow insecure connections to the API.

-

If no, then the module does not validate SSL certificates.

-

If you do not set the parameter, then the module tries the QUAY_VERIFY_SSL environment variable (yes, 1, and True mean yes, and no, 0, False, and no value mean no).

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
- - - -.. Attributes - - -.. Notes - -Notes ------ - -.. note:: - - Supports \ :literal:`check\_mode`\ . - - The token that you provide in \ :emphasis:`quay\_token`\ must have the "Administer Repositories" permission. - -.. Seealso - - -.. Examples - -Examples --------- - -.. code-block:: yaml+jinja - - - - name: Ensure the latest tag is associated with the image that has tag v1.0.0 - infra.quay_configuration.quay_tag: - image: production/smallimage:v1.0.0 - tag: latest - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure tag v0.0.2 is associated to the image with the specified digest - infra.quay_configuration.quay_tag: - image: production/smallimage@sha256:4f6f...e797 - tag: v0.0.2 - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure tag v0.0.8 expires May 25, 2023 at 16:30 - infra.quay_configuration.quay_tag: - image: production/smallimage:v0.0.8 - expiration: 202305251630.00 - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure tag v0.0.8 does not expire anymore - infra.quay_configuration.quay_tag: - image: production/smallimage:v0.0.8 - expiration: "" - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure tag v0.0.1 does not exist - infra.quay_configuration.quay_tag: - image: production/smallimage:v0.0.1 - state: absent - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - - -.. Facts - - -.. Return values - - -.. Status (Presently only deprecated) - - -.. Authors - -Authors -~~~~~~~ - -- Herve Quatremain (@herve4m) - - - -.. Extra links - -Collection links -~~~~~~~~~~~~~~~~ - -.. ansible-links:: - - - title: "Issue Tracker" - url: "https://github.com/redhat-cop/quay_configuration/issues" - external: true - - title: "Repository (Sources)" - url: "https://github.com/redhat-cop/quay_configuration" - external: true - - -.. Parsing errors - diff --git a/docs/quay_team_ldap_module.rst b/docs/quay_team_ldap_module.rst deleted file mode 100644 index f8aefb3..0000000 --- a/docs/quay_team_ldap_module.rst +++ /dev/null @@ -1,351 +0,0 @@ - -.. Document meta - -:orphan: - -.. |antsibull-internal-nbsp| unicode:: 0xA0 - :trim: - -.. meta:: - :antsibull-docs: 2.12.0 - -.. Anchors - -.. _ansible_collections.infra.quay_configuration.quay_team_ldap_module: - -.. Anchors: short name for ansible.builtin - -.. Title - -infra.quay_configuration.quay_team_ldap module -- Synchronize Quay Container Registry teams with LDAP groups -++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -.. Collection note - -.. note:: - This module is part of the `infra.quay_configuration collection `_ (version 2.1.0). - - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. - - To install it, use: :code:`ansible-galaxy collection install infra.quay\_configuration`. - - To use it in a playbook, specify: :code:`infra.quay_configuration.quay_team_ldap`. - -.. version_added - -.. rst-class:: ansible-version-added - -New in infra.quay\_configuration 0.0.9 - -.. contents:: - :local: - :depth: 1 - -.. Deprecated - - -Synopsis --------- - -.. Description - -- Synchronize and unsynchronize teams in organizations with LDAP groups. - - -.. Aliases - - -.. Requirements - - - - - - -.. Options - -Parameters ----------- - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Parameter

Comments

-
-

group_dn

- -

- string -

-
-

LDAP group distinguished name (DN), relative to the base DN that you defined in the config.yaml Quay configuration file with the LDAP_BASE_DN parameter.

-

For example, if the LDAP group DN is cn=group1,ou=groups,dc=example,dc=org and the base DN is dc=example,dc=org, then you must set group_dn to cn=group1,ou=groups.

-

group_dn is required when sync is yes.

-
-
-

keep_users

- -

- boolean -

-
-

If yes, then the current team members are kept after the synchronization is disabled.

-

If no, then the team members are removed (except robot accounts).

-

keep_users is only used when sync is no.

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
-
-

name

- -

- string - / required -

-
-

Name of the team to synchronize or unsynchronize with an LDAP group. That team must exist (see the infra.quay_configuration.quay_team module to create it).

-
-
-

organization

- -

- string - / required -

-
-

Name of the organization for the team. That organization must exist.

-
-
-

quay_host

- -

- string -

-
-

URL for accessing the API. https://quay.example.com:8443 for example.

-

If you do not set the parameter, then the module uses the QUAY_HOST environment variable.

-

If you do no set the environment variable either, then the module uses the http://127.0.0.1 URL.

-

Default: "http://127.0.0.1"

-
-
-

quay_password

- -

- string -

-
-

The password to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_PASSWORD environment variable.

-

If you set quay_password, then you also need to set quay_username.

-

Mutually exclusive with quay_token.

-
-
-

quay_token

- -

- string -

-
-

OAuth access token for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_TOKEN environment variable.

-

Mutually exclusive with quay_username and quay_password.

-
-
-

quay_username

- -

- string -

-
-

The username to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_USERNAME environment variable.

-

If you set quay_username, then you also need to set quay_password.

-

Mutually exclusive with quay_token.

-
-
-

sync

- -

- boolean -

-
-

If yes, then the team members are retrieved from the LDAP group that you define in group_dn. The pre-existing members are removed from the team before the synchronization process starts. Existing robot account members are not removed.

-

If no, then the synchronization from LDAP is disabled. Existing team members (from LDAP) are kept, except if you set keep_users to no.

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
-
-
-

validate_certs

- -

aliases: verify_ssl

-

- boolean -

-
-

Whether to allow insecure connections to the API.

-

If no, then the module does not validate SSL certificates.

-

If you do not set the parameter, then the module tries the QUAY_VERIFY_SSL environment variable (yes, 1, and True mean yes, and no, 0, False, and no value mean no).

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
- - - -.. Attributes - - -.. Notes - -Notes ------ - -.. note:: - - The module requires that your Quay administrator configures the Quay authentication method to LDAP (\ :literal:`AUTHENTICATION\_TYPE`\ to \ :literal:`LDAP`\ in \ :literal:`config.yaml`\ and the \ :literal:`LDAP\_\*`\ parameters correctly set). - - Supports \ :literal:`check\_mode`\ . - - The token that you provide in \ :emphasis:`quay\_token`\ must have the "Administer Organization" and "Administer User" permissions. - -.. Seealso - - -.. Examples - -Examples --------- - -.. code-block:: yaml+jinja - - - - name: Ensure team operators exists before activating LDAP synchronization - infra.quay_configuration.quay_team: - name: operators - organization: production - role: creator - # Only robot accounts can be added to a team you prepare for LDAP - # synchronization. User accounts that you might add are removed when the - # synchronization is activated - members: - - production+automationrobot - append: false - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure team operators is synchronized with the op1 LDAP group - infra.quay_configuration.quay_team_ldap: - name: operators - organization: production - sync: true - group_dn: cn=op1,ou=groups - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure team operators is not synchronized anymore with an LDAP group - infra.quay_configuration.quay_team_ldap: - name: operators - organization: production - sync: false - # Remove all the users from the team synchronized from the LDAP group - keep_users: false - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - - -.. Facts - - -.. Return values - - -.. Status (Presently only deprecated) - - -.. Authors - -Authors -~~~~~~~ - -- Herve Quatremain (@herve4m) - - - -.. Extra links - -Collection links -~~~~~~~~~~~~~~~~ - -.. ansible-links:: - - - title: "Issue Tracker" - url: "https://github.com/redhat-cop/quay_configuration/issues" - external: true - - title: "Repository (Sources)" - url: "https://github.com/redhat-cop/quay_configuration" - external: true - - -.. Parsing errors - diff --git a/docs/quay_team_module.rst b/docs/quay_team_module.rst deleted file mode 100644 index 1f4af30..0000000 --- a/docs/quay_team_module.rst +++ /dev/null @@ -1,401 +0,0 @@ - -.. Document meta - -:orphan: - -.. |antsibull-internal-nbsp| unicode:: 0xA0 - :trim: - -.. meta:: - :antsibull-docs: 2.12.0 - -.. Anchors - -.. _ansible_collections.infra.quay_configuration.quay_team_module: - -.. Anchors: short name for ansible.builtin - -.. Title - -infra.quay_configuration.quay_team module -- Manage Quay Container Registry teams -+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -.. Collection note - -.. note:: - This module is part of the `infra.quay_configuration collection `_ (version 2.1.0). - - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. - - To install it, use: :code:`ansible-galaxy collection install infra.quay\_configuration`. - - To use it in a playbook, specify: :code:`infra.quay_configuration.quay_team`. - -.. version_added - -.. rst-class:: ansible-version-added - -New in infra.quay\_configuration 0.0.1 - -.. contents:: - :local: - :depth: 1 - -.. Deprecated - - -Synopsis --------- - -.. Description - -- Create, delete, and update teams in organizations. - - -.. Aliases - - -.. Requirements - - - - - - -.. Options - -Parameters ----------- - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Parameter

Comments

-
-

append

- -

- boolean -

-
-

If yes, then add the users specified in members to the team.

-

If no, then the module sets the team members to users specified in members, removing all others users from the team.

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
-
-

description

- -

- string -

-
-

Text in Markdown format that describes the team.

-
-
-

members

- -

- list - / elements=string -

-
-

List of the user or robot accounts in the team. Use the syntax organization+robotshortname for robot accounts.

-

If the team is synchronized with an LDAP group (see the infra.quay_configuration.quay_team_ldap module), then you can only add or remove robot accounts.

-
-
-

name

- -

- string - / required -

-
-

Name of the team to create, remove, or modify.

-

The name must be in lowercase, must not contain white spaces, must not start by a digit, and must be at least two characters long.

-
-
-

organization

- -

- string - / required -

-
-

Name of the organization for the team. That organization must exist.

-
-
-

quay_host

- -

- string -

-
-

URL for accessing the API. https://quay.example.com:8443 for example.

-

If you do not set the parameter, then the module uses the QUAY_HOST environment variable.

-

If you do no set the environment variable either, then the module uses the http://127.0.0.1 URL.

-

Default: "http://127.0.0.1"

-
-
-

quay_password

- -

- string -

-
-

The password to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_PASSWORD environment variable.

-

If you set quay_password, then you also need to set quay_username.

-

Mutually exclusive with quay_token.

-
-
-

quay_token

- -

- string -

-
-

OAuth access token for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_TOKEN environment variable.

-

Mutually exclusive with quay_username and quay_password.

-
-
-

quay_username

- -

- string -

-
-

The username to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_USERNAME environment variable.

-

If you set quay_username, then you also need to set quay_password.

-

Mutually exclusive with quay_token.

-
-
-

role

- -

- string -

-
-

Role of the team within the organization. If not set, then the new team has the member role.

-

Choices:

-
    -

  • "member"

    • -

  • "creator"

    • -

  • "admin"

    • -
- -
-
-

state

- -

- string -

-
-

If absent, then the module deletes the team.

-

The module does not fail if the team does not exist, because the state is already as expected.

-

If present, then the module creates the team if it does not already exist.

-

If the team already exists, then the module updates its state.

-

Choices:

-
    -

  • "absent"

    • -

  • "present" ← (default)

    • -
- -
-
-
-

validate_certs

- -

aliases: verify_ssl

-

- boolean -

-
-

Whether to allow insecure connections to the API.

-

If no, then the module does not validate SSL certificates.

-

If you do not set the parameter, then the module tries the QUAY_VERIFY_SSL environment variable (yes, 1, and True mean yes, and no, 0, False, and no value mean no).

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
- - - -.. Attributes - - -.. Notes - -Notes ------ - -.. note:: - - To synchronize teams with LDAP groups, see the \ :ref:`infra.quay\_configuration.quay\_team\_ldap `\ module. - - Supports \ :literal:`check\_mode`\ . - - The token that you provide in \ :emphasis:`quay\_token`\ must have the "Administer Organization" and "Administer User" permissions. - -.. Seealso - - -.. Examples - -Examples --------- - -.. code-block:: yaml+jinja - - - - name: Ensure team operators exists in the production organization - infra.quay_configuration.quay_team: - name: operators - organization: production - description: | - # Operation Team - - * Operators can create repositories - * Operators can store their images in those repositories - role: creator - members: - - lvasquez - - dwilde - - production+automationrobot - append: false - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure team developers does not exist in the production organization - infra.quay_configuration.quay_team: - name: developers - organization: production - state: absent - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure team administrators has no members - infra.quay_configuration.quay_team: - name: administrators - organization: production - members: [] - append: false - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure team operators has additional members - infra.quay_configuration.quay_team: - name: operators - organization: production - members: - - jziglar - - chorwitz - append: true - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - - -.. Facts - - -.. Return values - - -.. Status (Presently only deprecated) - - -.. Authors - -Authors -~~~~~~~ - -- Herve Quatremain (@herve4m) - - - -.. Extra links - -Collection links -~~~~~~~~~~~~~~~~ - -.. ansible-links:: - - - title: "Issue Tracker" - url: "https://github.com/redhat-cop/quay_configuration/issues" - external: true - - title: "Repository (Sources)" - url: "https://github.com/redhat-cop/quay_configuration" - external: true - - -.. Parsing errors - diff --git a/docs/quay_team_oidc_module.rst b/docs/quay_team_oidc_module.rst deleted file mode 100644 index 0928744..0000000 --- a/docs/quay_team_oidc_module.rst +++ /dev/null @@ -1,328 +0,0 @@ - -.. Document meta - -:orphan: - -.. |antsibull-internal-nbsp| unicode:: 0xA0 - :trim: - -.. meta:: - :antsibull-docs: 2.12.0 - -.. Anchors - -.. _ansible_collections.infra.quay_configuration.quay_team_oidc_module: - -.. Anchors: short name for ansible.builtin - -.. Title - -infra.quay_configuration.quay_team_oidc module -- Synchronize Quay Container Registry teams with OIDC groups -++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -.. Collection note - -.. note:: - This module is part of the `infra.quay_configuration collection `_ (version 2.1.0). - - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. - - To install it, use: :code:`ansible-galaxy collection install infra.quay\_configuration`. - - To use it in a playbook, specify: :code:`infra.quay_configuration.quay_team_oidc`. - -.. version_added - -.. rst-class:: ansible-version-added - -New in infra.quay\_configuration 1.2.0 - -.. contents:: - :local: - :depth: 1 - -.. Deprecated - - -Synopsis --------- - -.. Description - -- Synchronize and unsynchronize teams in organizations with OIDC groups. - - -.. Aliases - - -.. Requirements - - - - - - -.. Options - -Parameters ----------- - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Parameter

Comments

-
-

group_name

- -

- string -

-
-

OIDC group name.

-

group_name is required when sync is yes.

-
-
-

name

- -

- string - / required -

-
-

Name of the team to synchronize or unsynchronize with an OIDC group. That team must exist (see the infra.quay_configuration.quay_team module to create it).

-
-
-

organization

- -

- string - / required -

-
-

Name of the organization for the team. That organization must exist.

-
-
-

quay_host

- -

- string -

-
-

URL for accessing the API. https://quay.example.com:8443 for example.

-

If you do not set the parameter, then the module uses the QUAY_HOST environment variable.

-

If you do no set the environment variable either, then the module uses the http://127.0.0.1 URL.

-

Default: "http://127.0.0.1"

-
-
-

quay_password

- -

- string -

-
-

The password to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_PASSWORD environment variable.

-

If you set quay_password, then you also need to set quay_username.

-

Mutually exclusive with quay_token.

-
-
-

quay_token

- -

- string -

-
-

OAuth access token for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_TOKEN environment variable.

-

Mutually exclusive with quay_username and quay_password.

-
-
-

quay_username

- -

- string -

-
-

The username to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_USERNAME environment variable.

-

If you set quay_username, then you also need to set quay_password.

-

Mutually exclusive with quay_token.

-
-
-

sync

- -

- boolean -

-
-

If yes, then the team members are retrieved from the OIDC group that you define in group_name. The pre-existing members are removed from the team before the synchronization process starts. Existing robot account members are not removed.

-

If no, then the synchronization from OIDC is disabled.

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
-
-
-

validate_certs

- -

aliases: verify_ssl

-

- boolean -

-
-

Whether to allow insecure connections to the API.

-

If no, then the module does not validate SSL certificates.

-

If you do not set the parameter, then the module tries the QUAY_VERIFY_SSL environment variable (yes, 1, and True mean yes, and no, 0, False, and no value mean no).

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
- - - -.. Attributes - - -.. Notes - -Notes ------ - -.. note:: - - The module requires Quay version 3.11 or later. - - The module requires that your Quay administrator configures the Quay authentication method to OIDC (\ :literal:`AUTHENTICATION\_TYPE`\ to \ :literal:`OIDC`\ in \ :literal:`config.yaml`\ ), and enables team synchronization (\ :literal:`FEATURE\_TEAM\_SYNCING`\ to \ :literal:`true`\ in \ :literal:`config.yaml`\ ). - - Supports \ :literal:`check\_mode`\ . - - The token that you provide in \ :emphasis:`quay\_token`\ must have the "Administer Organization" and "Administer User" permissions. - -.. Seealso - - -.. Examples - -Examples --------- - -.. code-block:: yaml+jinja - - - - name: Ensure team operators exists before activating OIDC synchronization - infra.quay_configuration.quay_team: - name: operators - organization: production - role: creator - # Only robot accounts can be added to a team you prepare for OIDC - # synchronization. User accounts that you might add are removed when the - # synchronization is activated - members: - - production+automationrobot - append: false - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure team operators is synchronized with the op1 OIDC group - infra.quay_configuration.quay_team_oidc: - name: operators - organization: production - sync: true - group_name: op1 - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure team operators is not synchronized anymore with an OIDC group - infra.quay_configuration.quay_team_oidc: - name: operators - organization: production - sync: false - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - - -.. Facts - - -.. Return values - - -.. Status (Presently only deprecated) - - -.. Authors - -Authors -~~~~~~~ - -- Herve Quatremain (@herve4m) - - - -.. Extra links - -Collection links -~~~~~~~~~~~~~~~~ - -.. ansible-links:: - - - title: "Issue Tracker" - url: "https://github.com/redhat-cop/quay_configuration/issues" - external: true - - title: "Repository (Sources)" - url: "https://github.com/redhat-cop/quay_configuration" - external: true - - -.. Parsing errors - diff --git a/docs/quay_user_module.rst b/docs/quay_user_module.rst deleted file mode 100644 index 2d39763..0000000 --- a/docs/quay_user_module.rst +++ /dev/null @@ -1,378 +0,0 @@ - -.. Document meta - -:orphan: - -.. |antsibull-internal-nbsp| unicode:: 0xA0 - :trim: - -.. meta:: - :antsibull-docs: 2.12.0 - -.. Anchors - -.. _ansible_collections.infra.quay_configuration.quay_user_module: - -.. Anchors: short name for ansible.builtin - -.. Title - -infra.quay_configuration.quay_user module -- Manage Quay Container Registry users -+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -.. Collection note - -.. note:: - This module is part of the `infra.quay_configuration collection `_ (version 2.1.0). - - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. - - To install it, use: :code:`ansible-galaxy collection install infra.quay\_configuration`. - - To use it in a playbook, specify: :code:`infra.quay_configuration.quay_user`. - -.. version_added - -.. rst-class:: ansible-version-added - -New in infra.quay\_configuration 0.0.1 - -.. contents:: - :local: - :depth: 1 - -.. Deprecated - - -Synopsis --------- - -.. Description - -- Create, delete, and update user accounts in Quay Container Registry. - - -.. Aliases - - -.. Requirements - - - - - - -.. Options - -Parameters ----------- - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Parameter

Comments

-
-

email

- -

- string -

-
-

User's email address.

-

If your Quay administrator has enabled the mailing capability of your Quay installation (FEATURE_MAILING to true in config.yaml), then this email parameter is mandatory.

-
-
-

enabled

- -

- boolean -

-
-

Enable (true) or disable (false) the user account.

-

When their account is disabled, the user cannot log in to the web UI and cannot push or pull container images.

-

Choices:

-
    -

  • false

    • -

  • true

    • -
- -
-
-

password

- -

- string -

-
-

User's password as a clear string.

-

The password must be at least eight characters long and must not contain white spaces.

-
-
-

quay_host

- -

- string -

-
-

URL for accessing the API. https://quay.example.com:8443 for example.

-

If you do not set the parameter, then the module uses the QUAY_HOST environment variable.

-

If you do no set the environment variable either, then the module uses the http://127.0.0.1 URL.

-

Default: "http://127.0.0.1"

-
-
-

quay_password

- -

- string -

-
-

The password to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_PASSWORD environment variable.

-

If you set quay_password, then you also need to set quay_username.

-

Mutually exclusive with quay_token.

-
-
-

quay_token

- -

- string -

-
-

OAuth access token for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_TOKEN environment variable.

-

Mutually exclusive with quay_username and quay_password.

-
-
-

quay_username

- -

- string -

-
-

The username to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_USERNAME environment variable.

-

If you set quay_username, then you also need to set quay_password.

-

Mutually exclusive with quay_token.

-
-
-

state

- -

- string -

-
-

If absent, then the module deletes the user.

-

You cannot delete superuser accounts.

-

The module does not fail if the user does not exist, because the state is already as expected.

-

If present, then the module creates the user if it does not already exist.

-

If the user account already exists, then the module updates its state.

-

You cannot update superuser accounts.

-

Choices:

-
    -

  • "absent"

    • -

  • "present" ← (default)

    • -
- -
-
-
-

superuser

- -

aliases: is_superuser

-

- boolean -

-
-

Grant superuser permissions to the user.

-

Granting superuser privileges to a user is not immediate and usually requires a restart of the Quay Container Registry service.

-

You cannot revoke superuser permissions.

-

Choices:

-
    -

  • false

    • -

  • true

    • -
- -
-
-

username

- -

- string - / required -

-
-

Name of the user account to create, remove, or modify.

-
-
-
-

validate_certs

- -

aliases: verify_ssl

-

- boolean -

-
-

Whether to allow insecure connections to the API.

-

If no, then the module does not validate SSL certificates.

-

If you do not set the parameter, then the module tries the QUAY_VERIFY_SSL environment variable (yes, 1, and True mean yes, and no, 0, False, and no value mean no).

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
- - - -.. Attributes - - -.. Notes - -Notes ------ - -.. note:: - - Supports \ :literal:`check\_mode`\ . - - The token that you provide in \ :emphasis:`quay\_token`\ must have the "Super User Access" permission. - - You cannot delete or modify superuser accounts. - - You cannot revoke superuser privileges with this module. - -.. Seealso - - -.. Examples - -Examples --------- - -.. code-block:: yaml+jinja - - - - name: Ensure the user exists - infra.quay_configuration.quay_user: - username: lvasquez - email: lvasquez@example.com - password: vs9mrD55NP - state: present - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure the user is removed - infra.quay_configuration.quay_user: - username: dwilde - state: absent - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure the user is a superuser - infra.quay_configuration.quay_user: - username: jziglar - email: jziglar@example.com - state: present - # Only effective after a restart of the Quay Container Registry service. - superuser: true - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - name: Ensure the user account is disabled - infra.quay_configuration.quay_user: - username: chorwitz - email: chorwitz@example.com - state: present - enabled: false - quay_host: https://quay.example.com - quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 - - - - -.. Facts - - -.. Return values - - -.. Status (Presently only deprecated) - - -.. Authors - -Authors -~~~~~~~ - -- Herve Quatremain (@herve4m) - - - -.. Extra links - -Collection links -~~~~~~~~~~~~~~~~ - -.. ansible-links:: - - - title: "Issue Tracker" - url: "https://github.com/redhat-cop/quay_configuration/issues" - external: true - - title: "Repository (Sources)" - url: "https://github.com/redhat-cop/quay_configuration" - external: true - - -.. Parsing errors - diff --git a/docs/quay_vulnerability_info_module.rst b/docs/quay_vulnerability_info_module.rst deleted file mode 100644 index 81f7600..0000000 --- a/docs/quay_vulnerability_info_module.rst +++ /dev/null @@ -1,349 +0,0 @@ - -.. Document meta - -:orphan: - -.. |antsibull-internal-nbsp| unicode:: 0xA0 - :trim: - -.. meta:: - :antsibull-docs: 2.12.0 - -.. Anchors - -.. _ansible_collections.infra.quay_configuration.quay_vulnerability_info_module: - -.. Anchors: short name for ansible.builtin - -.. Title - -infra.quay_configuration.quay_vulnerability_info module -- Gather information about image vulnerabilities in Quay Container Registry -++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - -.. Collection note - -.. note:: - This module is part of the `infra.quay_configuration collection `_ (version 2.1.0). - - It is not included in ``ansible-core``. - To check whether it is installed, run :code:`ansible-galaxy collection list`. - - To install it, use: :code:`ansible-galaxy collection install infra.quay\_configuration`. - - To use it in a playbook, specify: :code:`infra.quay_configuration.quay_vulnerability_info`. - -.. version_added - -.. rst-class:: ansible-version-added - -New in infra.quay\_configuration 0.0.1 - -.. contents:: - :local: - :depth: 1 - -.. Deprecated - - -Synopsis --------- - -.. Description - -- Gather information about the vulnerabilities of an image in a repository. - - -.. Aliases - - -.. Requirements - - - - - - -.. Options - -Parameters ----------- - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Parameter

Comments

-
-

image

- -

- string - / required -

-
-

Name of the image. The format is namespace/repository:tag or namespace/repository@digest. The namespace can be an organization or a personal namespace.

-

If you omit the namespace part, then the module looks for the repository in your personal namespace.

-

If you omit the tag and the digest part, then latest is assumed.

-
-
-

quay_host

- -

- string -

-
-

URL for accessing the API. https://quay.example.com:8443 for example.

-

If you do not set the parameter, then the module uses the QUAY_HOST environment variable.

-

If you do no set the environment variable either, then the module uses the http://127.0.0.1 URL.

-

Default: "http://127.0.0.1"

-
-
-

quay_password

- -

- string -

-
-

The password to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_PASSWORD environment variable.

-

If you set quay_password, then you also need to set quay_username.

-

Mutually exclusive with quay_token.

-
-
-

quay_token

- -

- string -

-
-

OAuth access token for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_TOKEN environment variable.

-

Mutually exclusive with quay_username and quay_password.

-
-
-

quay_username

- -

- string -

-
-

The username to use for authenticating against the API.

-

If you do not set the parameter, then the module tries the QUAY_USERNAME environment variable.

-

If you set quay_username, then you also need to set quay_password.

-

Mutually exclusive with quay_token.

-
-
-
-

validate_certs

- -

aliases: verify_ssl

-

- boolean -

-
-

Whether to allow insecure connections to the API.

-

If no, then the module does not validate SSL certificates.

-

If you do not set the parameter, then the module tries the QUAY_VERIFY_SSL environment variable (yes, 1, and True mean yes, and no, 0, False, and no value mean no).

-

Choices:

-
    -

  • false

    • -

  • true ← (default)

    • -
- -
- - - -.. Attributes - - -.. Notes - -Notes ------ - -.. note:: - - If a vulnerability scanner such as Clair is not installed, then the returned vulnerability list is always empty. - -.. Seealso - - -.. Examples - -Examples --------- - -.. code-block:: yaml+jinja - - - - name: Retrieve the vulnerabilities of the coreos/dnsmasq:latest image - infra.quay_configuration.quay_vulnerability_info: - image: coreos/dnsmasq:latest - quay_host: quay.io - register: vuln - - - - -.. Facts - - -.. Return values - -Return Values -------------- -Common return values are documented :ref:`here `, the following are the fields unique to this module: - -.. raw:: html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Key

Description

-
-

vulnerabilities

- -

- list - / elements=dictionary -

-
-

List of vulnerabilities.

-

Returned: always

-

Sample: [{"AddedBy": "b95b...3753.d2943905-38bd-42ed-a468-d350d7aa5c86", "Name": "python38-pip-wheel", "NamespaceName": "centos:8", "Version": "19.3.1-1.module_el8.4.0+647+0ba99ce8", "VersionFormat": "rpm", "Vulnerabilities": [{"Description": "Python is an interpreted, interactive, ...", "FixedBy": "0:19.3.1-1.module+el8.4.0+8888+89bc7e79", "Link": "https://access.redhat.com/errata/RHSA-2021:1879", "Metadata": null, "Name": "RHSA-2021:1879", "NamespaceName": "centos:8", "Severity": "Medium"}, {"Description": "Python is an interpreted, interactive, ...", "FixedBy": "0:19.3.1-1.module+el8.4.0+8888+89bc7e79", "Link": "https://access.redhat.com/errata/RHSA-2021:2583", "Metadata": null, "Name": "RHSA-2021:2583", "NamespaceName": "centos:8", "Severity": "Medium"}]}, {"AddedBy": "b95b...3753.d2943905-38bd-42ed-a468-d350d7aa5c86", "Name": "python38-libs", "NamespaceName": "centos:8", "Version": "3.8.6-3.module_el8.4.0+665+abc3a503", "VersionFormat": "rpm", "Vulnerabilities": [{"Description": "Python is an interpreted, interactive, ...", "FixedBy": "0:3.8.6-3.module+el8.4.0+9579+e9717e18", "Link": "https://access.redhat.com/errata/RHSA-2021:1879", "Metadata": null, "Name": "RHSA-2021:1879", "NamespaceName": "centos:8", "Severity": "Medium"}, {"Description": "Python is an interpreted, interactive, ...", "FixedBy": "0:3.8.6-3.module+el8.4.0+9579+e9717e18", "Link": "https://access.redhat.com/errata/RHSA-2021:2583", "Metadata": null, "Name": "RHSA-2021:2583", "NamespaceName": "centos:8", "Severity": "Medium"}]}]

-
-
-

Name

- -

- string -

-
-

Name of the vulnerable software or package.

-

Returned: always

-

Sample: "dnsmasq"

-
-
-

Version

- -

- string -

-
-

Version of the vulnerable software or package.

-

Returned: always

-

Sample: "2.76-r5"

-
-
-

VersionFormat

- -

- string -

-
-

Packaging format (rpm, dpkg, ...)

-

Returned: always

-

Sample: "dpkg"

-
-
-

Vulnerabilities

- -

- list - / elements=dictionary -

-
-

List of vulnerabilities for the software or package.

-

Returned: always

-

Sample: [{"Description": null, "FixedBy": "2.76-r6", "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15107", "Metadata": {"NVD": {"CVSSv2": {"PublishedDateTime": "2018-01-23T16:29Z", "Score": 5, "Vectors": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "CVSSv3": {"ExploitabilityScore": 3.9, "ImpactScore": 3.6, "Score": 7.5, "Vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}}}, "Name": "CVE-2017-15107", "NamespaceName": "alpine:v3.6", "Severity": "Medium"}]

-
- - - -.. Status (Presently only deprecated) - - -.. Authors - -Authors -~~~~~~~ - -- Herve Quatremain (@herve4m) - - - -.. Extra links - -Collection links -~~~~~~~~~~~~~~~~ - -.. ansible-links:: - - - title: "Issue Tracker" - url: "https://github.com/redhat-cop/quay_configuration/issues" - external: true - - title: "Repository (Sources)" - url: "https://github.com/redhat-cop/quay_configuration" - external: true - - -.. Parsing errors - diff --git a/galaxy.yml b/galaxy.yml index 07d5bfd..8aecb8c 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -4,7 +4,7 @@ name: quay_configuration version: 2.1.0 readme: README.md authors: - - Hervé Quatremain + - Hervé Quatremain - Tom Page description: Ansible modules to manage Quay Container Registry installations license: @@ -23,3 +23,4 @@ homepage: https://github.com/redhat-cop/quay_configuration # The URL to the collection issue tracker issues: https://github.com/redhat-cop/quay_configuration/issues +... diff --git a/meta/runtime.yml b/meta/runtime.yml index c867b19..f3c1b32 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -1,5 +1,5 @@ --- -requires_ansible: ">=2.15.0" +requires_ansible: ">=2.14.0" action_groups: quay: - quay_application diff --git a/plugins/doc_fragments/auth.py b/plugins/doc_fragments/auth.py index 06adc4f..15aac40 100644 --- a/plugins/doc_fragments/auth.py +++ b/plugins/doc_fragments/auth.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- -# Copyright: (c) 2021, 2022, Herve Quatremain +# Copyright: (c) 2021, 2022, Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) from __future__ import absolute_import, division, print_function diff --git a/plugins/doc_fragments/autoprune.py b/plugins/doc_fragments/autoprune.py index bcf34c8..de42323 100644 --- a/plugins/doc_fragments/autoprune.py +++ b/plugins/doc_fragments/autoprune.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- -# Copyright: (c) 2024, Herve Quatremain +# Copyright: (c) 2024, Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) from __future__ import absolute_import, division, print_function diff --git a/plugins/filter/quay.py b/plugins/filter/quay.py index 34ba449..9dfc948 100644 --- a/plugins/filter/quay.py +++ b/plugins/filter/quay.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- -# Copyright: (c) 2024, Herve Quatremain +# Copyright: (c) 2024, Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) from __future__ import annotations diff --git a/plugins/filter/quay_docker_config.yml b/plugins/filter/quay_docker_config.yml index 86df063..47f9fb1 100644 --- a/plugins/filter/quay_docker_config.yml +++ b/plugins/filter/quay_docker_config.yml @@ -1,5 +1,5 @@ --- -# Copyright: (c) 2024, Herve Quatremain +# Copyright: (c) 2024, Herve Quatremain # GNU General Public License v3.0+ (see COPYING or # https://www.gnu.org/licenses/gpl-3.0.txt) DOCUMENTATION: diff --git a/plugins/module_utils/api_module.py b/plugins/module_utils/api_module.py index c8a115b..999d2e8 100644 --- a/plugins/module_utils/api_module.py +++ b/plugins/module_utils/api_module.py @@ -1,4 +1,4 @@ -# Copyright: (c) 2021-2024, Herve Quatremain +# Copyright: (c) 2021-2024, Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) diff --git a/plugins/module_utils/quay_image.py b/plugins/module_utils/quay_image.py index 11566ed..7ca32a2 100644 --- a/plugins/module_utils/quay_image.py +++ b/plugins/module_utils/quay_image.py @@ -1,4 +1,4 @@ -# Copyright: (c) 2022, Herve Quatremain +# Copyright: (c) 2022, Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) diff --git a/plugins/modules/quay_api_token.py b/plugins/modules/quay_api_token.py index 04f0490..8a6176e 100644 --- a/plugins/modules/quay_api_token.py +++ b/plugins/modules/quay_api_token.py @@ -1,7 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# Copyright: (c) 2022-2024, Herve Quatremain +# Copyright: (c) 2022-2024, Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # For accessing the API documentation from a running system, use the swagger-ui diff --git a/plugins/modules/quay_application.py b/plugins/modules/quay_application.py index cd1ce6c..ad3ae7d 100644 --- a/plugins/modules/quay_application.py +++ b/plugins/modules/quay_application.py @@ -1,7 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# Copyright: (c) 2021-2024, Herve Quatremain +# Copyright: (c) 2021-2024, Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # For accessing the API documentation from a running system, use the swagger-ui diff --git a/plugins/modules/quay_default_perm.py b/plugins/modules/quay_default_perm.py index e9084c2..354c2dc 100644 --- a/plugins/modules/quay_default_perm.py +++ b/plugins/modules/quay_default_perm.py @@ -1,7 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# Copyright: (c) 2021, 2022, Herve Quatremain +# Copyright: (c) 2021, 2022, Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # For accessing the API documentation from a running system, use the swagger-ui diff --git a/plugins/modules/quay_docker_token.py b/plugins/modules/quay_docker_token.py index 17b0f3b..7c5fc66 100644 --- a/plugins/modules/quay_docker_token.py +++ b/plugins/modules/quay_docker_token.py @@ -1,7 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# Copyright: (c) 2022-2024, Herve Quatremain +# Copyright: (c) 2022-2024, Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # For accessing the API documentation from a running system, use the swagger-ui diff --git a/plugins/modules/quay_first_user.py b/plugins/modules/quay_first_user.py index 0465791..7d96e14 100644 --- a/plugins/modules/quay_first_user.py +++ b/plugins/modules/quay_first_user.py @@ -1,7 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# Copyright: (c) 2021, 2022, Herve Quatremain +# Copyright: (c) 2021, 2022, Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # For accessing the API documentation from a running system, use the swagger-ui diff --git a/plugins/modules/quay_layer_info.py b/plugins/modules/quay_layer_info.py index 1355cbe..7b43775 100644 --- a/plugins/modules/quay_layer_info.py +++ b/plugins/modules/quay_layer_info.py @@ -1,7 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# Copyright: (c) 2021, 2022, Herve Quatremain +# Copyright: (c) 2021, 2022, Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # For accessing the API documentation from a running system, use the swagger-ui diff --git a/plugins/modules/quay_manifest_label.py b/plugins/modules/quay_manifest_label.py index aec3cae..4ee2ab5 100644 --- a/plugins/modules/quay_manifest_label.py +++ b/plugins/modules/quay_manifest_label.py @@ -1,7 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# Copyright: (c) 2022-2024, Herve Quatremain +# Copyright: (c) 2022-2024, Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # For accessing the API documentation from a running system, use the swagger-ui diff --git a/plugins/modules/quay_manifest_label_info.py b/plugins/modules/quay_manifest_label_info.py index 251ff27..f9c5577 100644 --- a/plugins/modules/quay_manifest_label_info.py +++ b/plugins/modules/quay_manifest_label_info.py @@ -1,7 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# Copyright: (c) 2022-2024, Herve Quatremain +# Copyright: (c) 2022-2024, Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # For accessing the API documentation from a running system, use the swagger-ui diff --git a/plugins/modules/quay_message.py b/plugins/modules/quay_message.py index 716a183..5edb9c2 100644 --- a/plugins/modules/quay_message.py +++ b/plugins/modules/quay_message.py @@ -1,7 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# Copyright: (c) 2021, 2022, Herve Quatremain +# Copyright: (c) 2021, 2022, Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # For accessing the API documentation from a running system, use the swagger-ui diff --git a/plugins/modules/quay_notification.py b/plugins/modules/quay_notification.py index d295e04..41fd864 100644 --- a/plugins/modules/quay_notification.py +++ b/plugins/modules/quay_notification.py @@ -1,7 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# Copyright: (c) 2021, 2022, 2024 Herve Quatremain +# Copyright: (c) 2021, 2022, 2024 Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # For accessing the API documentation from a running system, use the swagger-ui diff --git a/plugins/modules/quay_organization.py b/plugins/modules/quay_organization.py index 8483a28..3950922 100644 --- a/plugins/modules/quay_organization.py +++ b/plugins/modules/quay_organization.py @@ -1,7 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# Copyright: (c) 2021-2024, Herve Quatremain +# Copyright: (c) 2021-2024, Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # For accessing the API documentation from a running system, use the swagger-ui diff --git a/plugins/modules/quay_proxy_cache.py b/plugins/modules/quay_proxy_cache.py index 6709096..668f64a 100644 --- a/plugins/modules/quay_proxy_cache.py +++ b/plugins/modules/quay_proxy_cache.py @@ -1,7 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# Copyright: (c) 2024 Herve Quatremain +# Copyright: (c) 2024 Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # For accessing the API documentation from a running system, use the swagger-ui diff --git a/plugins/modules/quay_quota.py b/plugins/modules/quay_quota.py index 3007c61..a1448eb 100644 --- a/plugins/modules/quay_quota.py +++ b/plugins/modules/quay_quota.py @@ -1,7 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# Copyright: (c) 2022 Herve Quatremain +# Copyright: (c) 2022 Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # For accessing the API documentation from a running system, use the swagger-ui diff --git a/plugins/modules/quay_repository.py b/plugins/modules/quay_repository.py index 38fa842..3c2c898 100644 --- a/plugins/modules/quay_repository.py +++ b/plugins/modules/quay_repository.py @@ -1,7 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# Copyright: (c) 2021-2024, Herve Quatremain +# Copyright: (c) 2021-2024, Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # For accessing the API documentation from a running system, use the swagger-ui diff --git a/plugins/modules/quay_repository_mirror.py b/plugins/modules/quay_repository_mirror.py index 9a874ee..be9f93f 100644 --- a/plugins/modules/quay_repository_mirror.py +++ b/plugins/modules/quay_repository_mirror.py @@ -1,7 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# Copyright: (c) 2021, 2022, Herve Quatremain +# Copyright: (c) 2021, 2022, Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # For accessing the API documentation from a running system, use the swagger-ui diff --git a/plugins/modules/quay_robot.py b/plugins/modules/quay_robot.py index 77807b6..1410f26 100644 --- a/plugins/modules/quay_robot.py +++ b/plugins/modules/quay_robot.py @@ -1,7 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# Copyright: (c) 2021-2024, Herve Quatremain +# Copyright: (c) 2021-2024, Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # For accessing the API documentation from a running system, use the swagger-ui diff --git a/plugins/modules/quay_tag.py b/plugins/modules/quay_tag.py index fd0d232..bfd953a 100644 --- a/plugins/modules/quay_tag.py +++ b/plugins/modules/quay_tag.py @@ -1,7 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# Copyright: (c) 2021, 2022, Herve Quatremain +# Copyright: (c) 2021, 2022, Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # For accessing the API documentation from a running system, use the swagger-ui diff --git a/plugins/modules/quay_tag_info.py b/plugins/modules/quay_tag_info.py index 08e883c..d7bd6b5 100644 --- a/plugins/modules/quay_tag_info.py +++ b/plugins/modules/quay_tag_info.py @@ -1,7 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# Copyright: (c) 2021, 2022, Herve Quatremain +# Copyright: (c) 2021, 2022, Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # For accessing the API documentation from a running system, use the swagger-ui diff --git a/plugins/modules/quay_team.py b/plugins/modules/quay_team.py index 6d6d68b..33c0987 100644 --- a/plugins/modules/quay_team.py +++ b/plugins/modules/quay_team.py @@ -1,7 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# Copyright: (c) 2021-2024 Herve Quatremain +# Copyright: (c) 2021-2024 Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # For accessing the API documentation from a running system, use the swagger-ui diff --git a/plugins/modules/quay_team_ldap.py b/plugins/modules/quay_team_ldap.py index b30dd9a..de7b8f8 100644 --- a/plugins/modules/quay_team_ldap.py +++ b/plugins/modules/quay_team_ldap.py @@ -1,7 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# Copyright: (c) 2022, Herve Quatremain +# Copyright: (c) 2022, Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # For accessing the API documentation from a running system, use the swagger-ui diff --git a/plugins/modules/quay_team_oidc.py b/plugins/modules/quay_team_oidc.py index 90220a9..a37bf04 100644 --- a/plugins/modules/quay_team_oidc.py +++ b/plugins/modules/quay_team_oidc.py @@ -1,7 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# Copyright: (c) 2024, Herve Quatremain +# Copyright: (c) 2024, Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # For accessing the API documentation from a running system, use the swagger-ui diff --git a/plugins/modules/quay_user.py b/plugins/modules/quay_user.py index 2c15b4f..5b4a758 100644 --- a/plugins/modules/quay_user.py +++ b/plugins/modules/quay_user.py @@ -1,7 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# Copyright: (c) 2021-2024, Herve Quatremain +# Copyright: (c) 2021-2024, Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # For accessing the API documentation from a running system, use the swagger-ui diff --git a/plugins/modules/quay_vulnerability_info.py b/plugins/modules/quay_vulnerability_info.py index ff03103..3657456 100644 --- a/plugins/modules/quay_vulnerability_info.py +++ b/plugins/modules/quay_vulnerability_info.py @@ -1,7 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# Copyright: (c) 2021, 2022, Herve Quatremain +# Copyright: (c) 2021, 2022, Herve Quatremain # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # For accessing the API documentation from a running system, use the swagger-ui diff --git a/roles/quay_org/README.md b/roles/quay_org/README.md index dc3c811..7514ebb 100644 --- a/roles/quay_org/README.md +++ b/roles/quay_org/README.md @@ -155,4 +155,4 @@ GPL 3.0 or later. Author Information ------------------ -This role was created in 2022 by Hervé Quatremain +This role was created in 2022 by Hervé Quatremain diff --git a/roles/quay_org/meta/argument_specs.yml b/roles/quay_org/meta/argument_specs.yml index 666ce50..20ad850 100644 --- a/roles/quay_org/meta/argument_specs.yml +++ b/roles/quay_org/meta/argument_specs.yml @@ -2,7 +2,7 @@ argument_specs: main: author: - - Hervé Quatremain + - Hervé Quatremain short_description: > Create and configure a Quay Container Registry organization description: diff --git a/roles/quay_org/meta/main.yml b/roles/quay_org/meta/main.yml index 30cf70a..7a77036 100644 --- a/roles/quay_org/meta/main.yml +++ b/roles/quay_org/meta/main.yml @@ -1,6 +1,6 @@ --- galaxy_info: - author: Hervé Quatremain + author: Hervé Quatremain description: Create and configure a Quay Container Registry organization license: GPL-3.0-or-later min_ansible_version: "2.1" diff --git a/tests/integration/targets/quay_api_token/meta/main.yml b/tests/integration/targets/quay_api_token/meta/main.yml index e978127..6f61d07 100644 --- a/tests/integration/targets/quay_api_token/meta/main.yml +++ b/tests/integration/targets/quay_api_token/meta/main.yml @@ -1,4 +1,4 @@ --- dependencies: - - setup_token + - setup_organization ... diff --git a/tests/integration/targets/quay_api_token/tasks/main.yml b/tests/integration/targets/quay_api_token/tasks/main.yml index ca2754f..4bd7d29 100644 --- a/tests/integration/targets/quay_api_token/tasks/main.yml +++ b/tests/integration/targets/quay_api_token/tasks/main.yml @@ -1,43 +1,33 @@ --- -# Supporting organization -- name: Ensure organization ansibletestorg exists - infra.quay_configuration.quay_organization: - name: ansibletestorg - email: ansibletestorg@example.com - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - # Supporting user account -- name: Ensure ansibletestuser1 user account exists +- name: Ensure testuser1 user account exists infra.quay_configuration.quay_user: - username: ansibletestuser1 + username: testuser1 password: vs9mrD55NP - email: ansibletestuser1@example.com + email: testuser1@example.com state: present quay_host: "{{ quay_url }}" quay_token: "{{ quay_token }}" validate_certs: false # Supporting team -- name: Ensure ansibletestteam1 team exists +- name: Ensure testteam1 team exists infra.quay_configuration.quay_team: - name: ansibletestteam1 + name: testteam1 organization: ansibletestorg role: admin members: - - ansibletestuser1 + - testuser1 state: present quay_host: "{{ quay_url }}" quay_token: "{{ quay_token }}" validate_certs: false # Supporting application -- name: Ensure the ansibletestapp1 application exists +- name: Ensure the testapp11 application exists infra.quay_configuration.quay_application: organization: ansibletestorg - name: ansibletestapp1 + name: testapp11 state: present quay_host: "{{ quay_url }}" quay_token: "{{ quay_token }}" @@ -46,7 +36,7 @@ - name: Generate an OAuth access token for the user infra.quay_configuration.quay_api_token: - quay_username: ansibletestuser1 + quay_username: testuser1 quay_password: vs9mrD55NP client_id: "{{ app_details['client_id'] }}" rights: @@ -60,18 +50,18 @@ that: "'access_token' in result" fail_msg: The result should have the access_token key -- name: Ensure ansibletestteam1 team is removed +- name: Ensure testteam1 team is removed infra.quay_configuration.quay_team: - name: ansibletestteam1 + name: testteam1 organization: ansibletestorg state: absent quay_host: "{{ quay_url }}" quay_token: "{{ quay_token }}" validate_certs: false -- name: Ensure ansibletestuser1 user account is removed +- name: Ensure testuser1 user account is removed infra.quay_configuration.quay_user: - username: ansibletestuser1 + username: testuser1 state: absent quay_host: "{{ quay_url }}" quay_token: "{{ quay_token }}" @@ -80,19 +70,9 @@ - name: Ensure the application is removed infra.quay_configuration.quay_application: organization: ansibletestorg - name: ansibletestapp1 + name: testapp11 state: absent quay_host: "{{ quay_url }}" quay_token: "{{ quay_token }}" validate_certs: false - -- name: Ensure the organization is removed - infra.quay_configuration.quay_organization: - name: ansibletestorg - state: absent - quay_host: "{{ quay_url }}" - # For testing, authenticating with username/password instead of the token - quay_username: "{{ admin_username }}" - quay_password: "{{ admin_password }}" - validate_certs: false ... diff --git a/tests/integration/targets/quay_application/meta/main.yml b/tests/integration/targets/quay_application/meta/main.yml index e978127..6f61d07 100644 --- a/tests/integration/targets/quay_application/meta/main.yml +++ b/tests/integration/targets/quay_application/meta/main.yml @@ -1,4 +1,4 @@ --- dependencies: - - setup_token + - setup_organization ... diff --git a/tests/integration/targets/quay_application/tasks/main.yml b/tests/integration/targets/quay_application/tasks/main.yml index 836df52..04b5218 100644 --- a/tests/integration/targets/quay_application/tasks/main.yml +++ b/tests/integration/targets/quay_application/tasks/main.yml @@ -1,14 +1,4 @@ --- -# Supporting organization -- name: Ensure organization ansibletestorg exists - infra.quay_configuration.quay_organization: - name: ansibletestorg - email: ansibletestorg@example.com - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - - name: Ensure the application ansibletestapp1 exists infra.quay_configuration.quay_application: organization: ansibletestorg @@ -126,14 +116,4 @@ - ansibletestapp1 - ansibletestapp2 - ansibletestapp3 - -- name: Ensure the organization is removed - infra.quay_configuration.quay_organization: - name: ansibletestorg - state: absent - quay_host: "{{ quay_url }}" - # For testing, authenticating with username/password instead of the token - quay_username: "{{ admin_username }}" - quay_password: "{{ admin_password }}" - validate_certs: false ... diff --git a/tests/integration/targets/quay_default_perm/meta/main.yml b/tests/integration/targets/quay_default_perm/meta/main.yml index e978127..6f61d07 100644 --- a/tests/integration/targets/quay_default_perm/meta/main.yml +++ b/tests/integration/targets/quay_default_perm/meta/main.yml @@ -1,4 +1,4 @@ --- dependencies: - - setup_token + - setup_organization ... diff --git a/tests/integration/targets/quay_default_perm/tasks/main.yml b/tests/integration/targets/quay_default_perm/tasks/main.yml index 7bb2d96..c2c5407 100644 --- a/tests/integration/targets/quay_default_perm/tasks/main.yml +++ b/tests/integration/targets/quay_default_perm/tasks/main.yml @@ -1,50 +1,4 @@ --- -# Supporting organization -- name: Ensure organization ansibletestorg exists - infra.quay_configuration.quay_organization: - name: ansibletestorg - email: ansibletestorg@example.com - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - -# Supporting user accounts -- name: Ensure user accounts exist - infra.quay_configuration.quay_user: - username: "{{ item }}" - email: "{{ item }}@example.com" - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - loop: - - ansibletestuser1 - - ansibletestuser2 - -# Supporting robot accounts -- name: Ensure the robot accounts exist - infra.quay_configuration.quay_robot: - name: ansibletestorg+ansibletestrobot1 - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - -# Supporting team -- name: Ensure teams exist - infra.quay_configuration.quay_team: - name: "{{ item }}" - organization: ansibletestorg - role: admin - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - loop: - - ansibletestteam1 - - ansibletestteam2 - - name: Ensure default perm anon-read-ansibletestuser1 exists infra.quay_configuration.quay_default_perm: organization: ansibletestorg @@ -226,45 +180,4 @@ quay_host: "{{ quay_url }}" quay_token: "{{ quay_token }}" validate_certs: false - -- name: Ensure the teams are removed - infra.quay_configuration.quay_team: - name: "{{ item }}" - organization: ansibletestorg - state: absent - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - loop: - - ansibletestteam1 - - ansibletestteam2 - -- name: Ensure user accounts are removed - infra.quay_configuration.quay_user: - username: "{{ item }}" - state: absent - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - loop: - - ansibletestuser1 - - ansibletestuser2 - -- name: Ensure the robot accounts are removed - infra.quay_configuration.quay_robot: - name: ansibletestorg+ansibletestrobot1 - state: absent - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - -- name: Ensure the organization is removed - infra.quay_configuration.quay_organization: - name: ansibletestorg - state: absent - quay_host: "{{ quay_url }}" - # For testing, authenticating with username/password instead of the token - quay_username: "{{ admin_username }}" - quay_password: "{{ admin_password }}" - validate_certs: false ... diff --git a/tests/integration/targets/quay_layer_info/tasks/main.yml b/tests/integration/targets/quay_layer_info/tasks/main.yml index 9d67aaa..6763cf8 100644 --- a/tests/integration/targets/quay_layer_info/tasks/main.yml +++ b/tests/integration/targets/quay_layer_info/tasks/main.yml @@ -44,3 +44,4 @@ ansible.builtin.assert: that: not result['changed'] fail_msg: The preceding task should not have changed anything +... diff --git a/tests/integration/targets/quay_manifest_label/meta/main.yml b/tests/integration/targets/quay_manifest_label/meta/main.yml index e978127..6f61d07 100644 --- a/tests/integration/targets/quay_manifest_label/meta/main.yml +++ b/tests/integration/targets/quay_manifest_label/meta/main.yml @@ -1,4 +1,4 @@ --- dependencies: - - setup_token + - setup_organization ... diff --git a/tests/integration/targets/quay_manifest_label/tasks/main.yml b/tests/integration/targets/quay_manifest_label/tasks/main.yml index ba5ea7d..72026d9 100644 --- a/tests/integration/targets/quay_manifest_label/tasks/main.yml +++ b/tests/integration/targets/quay_manifest_label/tasks/main.yml @@ -1,14 +1,4 @@ --- -# Supporting organization -- name: Ensure organization ansibletestorg exists - infra.quay_configuration.quay_organization: - name: ansibletestorg - email: ansibletestorg@example.com - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - - name: Check whether podman is available ansible.builtin.command: cmd: podman --version @@ -255,14 +245,4 @@ quay_host: "{{ quay_url }}" quay_token: "{{ quay_token }}" validate_certs: false - -- name: Ensure the organization is removed - infra.quay_configuration.quay_organization: - name: ansibletestorg - state: absent - quay_host: "{{ quay_url }}" - # For testing, authenticating with username/password instead of the token - quay_username: "{{ admin_username }}" - quay_password: "{{ admin_password }}" - validate_certs: false ... diff --git a/tests/integration/targets/quay_manifest_label_info/tasks/main.yml b/tests/integration/targets/quay_manifest_label_info/tasks/main.yml index 5502eb5..21eaf30 100644 --- a/tests/integration/targets/quay_manifest_label_info/tasks/main.yml +++ b/tests/integration/targets/quay_manifest_label_info/tasks/main.yml @@ -54,3 +54,4 @@ ansible.builtin.assert: that: labels['labels']|length == 0 fail_msg: The preceding task should not have returned labels +... diff --git a/tests/integration/targets/quay_notification/meta/main.yml b/tests/integration/targets/quay_notification/meta/main.yml index e978127..6f61d07 100644 --- a/tests/integration/targets/quay_notification/meta/main.yml +++ b/tests/integration/targets/quay_notification/meta/main.yml @@ -1,4 +1,4 @@ --- dependencies: - - setup_token + - setup_organization ... diff --git a/tests/integration/targets/quay_notification/tasks/main.yml b/tests/integration/targets/quay_notification/tasks/main.yml index 84d3e26..64891ce 100644 --- a/tests/integration/targets/quay_notification/tasks/main.yml +++ b/tests/integration/targets/quay_notification/tasks/main.yml @@ -1,35 +1,4 @@ --- -# Supporting organization -- name: Ensure organization ansibletestorg exists - infra.quay_configuration.quay_organization: - name: ansibletestorg - email: ansibletestorg@example.com - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - -# Supporting user account -- name: Ensure user accounts exist - infra.quay_configuration.quay_user: - username: ansibletestuser1 - email: "ansibletestuser1@example.com" - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - -# Supporting team -- name: Ensure teams exist - infra.quay_configuration.quay_team: - name: ansibletestteam1 - organization: ansibletestorg - role: admin - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - # Supporting repository - name: Ensure repository ansibletestrepo exists infra.quay_configuration.quay_repository: @@ -261,30 +230,4 @@ quay_host: "{{ quay_url }}" quay_token: "{{ quay_token }}" validate_certs: false - -- name: Ensure the team is removed - infra.quay_configuration.quay_team: - name: ansibletestteam1 - organization: ansibletestorg - state: absent - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - -- name: Ensure user account is removed - infra.quay_configuration.quay_user: - username: ansibletestuser1 - state: absent - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - -- name: Ensure the organization is removed - infra.quay_configuration.quay_organization: - name: ansibletestorg - state: absent - quay_host: "{{ quay_url }}" - # For testing, authenticating with username/password instead of the token - quay_username: "{{ admin_username }}" - quay_password: "{{ admin_password }}" - validate_certs: false +... diff --git a/tests/integration/targets/quay_proxy_cache/meta/main.yml b/tests/integration/targets/quay_proxy_cache/meta/main.yml index e978127..6f61d07 100644 --- a/tests/integration/targets/quay_proxy_cache/meta/main.yml +++ b/tests/integration/targets/quay_proxy_cache/meta/main.yml @@ -1,4 +1,4 @@ --- dependencies: - - setup_token + - setup_organization ... diff --git a/tests/integration/targets/quay_proxy_cache/tasks/main.yml b/tests/integration/targets/quay_proxy_cache/tasks/main.yml index 183aeba..2a10445 100644 --- a/tests/integration/targets/quay_proxy_cache/tasks/main.yml +++ b/tests/integration/targets/quay_proxy_cache/tasks/main.yml @@ -1,14 +1,4 @@ --- -# Supporting organization -- name: Ensure organization ansibletestorg exists - infra.quay_configuration.quay_organization: - name: ansibletestorg - email: ansibletestorg@example.com - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - - name: Ensure non-existing proxy cache configuration is deleted (no change) infra.quay_configuration.quay_proxy_cache: organization: ansibletestorg @@ -90,14 +80,4 @@ ansible.builtin.assert: that: not result['changed'] fail_msg: The preceding task should not have changed anything - -- name: Ensure the organization is removed - infra.quay_configuration.quay_organization: - name: ansibletestorg - state: absent - quay_host: "{{ quay_url }}" - # For testing, authenticating with username/password instead of the token - quay_username: "{{ admin_username }}" - quay_password: "{{ admin_password }}" - validate_certs: false ... diff --git a/tests/integration/targets/quay_quota/meta/main.yml b/tests/integration/targets/quay_quota/meta/main.yml index e978127..6f61d07 100644 --- a/tests/integration/targets/quay_quota/meta/main.yml +++ b/tests/integration/targets/quay_quota/meta/main.yml @@ -1,4 +1,4 @@ --- dependencies: - - setup_token + - setup_organization ... diff --git a/tests/integration/targets/quay_quota/tasks/main.yml b/tests/integration/targets/quay_quota/tasks/main.yml index c271c58..8c35d46 100644 --- a/tests/integration/targets/quay_quota/tasks/main.yml +++ b/tests/integration/targets/quay_quota/tasks/main.yml @@ -1,14 +1,4 @@ --- -# Supporting organization -- name: Ensure organization ansibletestorg exists - infra.quay_configuration.quay_organization: - name: ansibletestorg - email: ansibletestorg@example.com - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - - name: Ensure quota exists but no quota/limits given (no change) infra.quay_configuration.quay_quota: organization: ansibletestorg @@ -191,14 +181,4 @@ ansible.builtin.assert: that: result['changed'] fail_msg: The preceding task should have changed something - -- name: Ensure the organization is removed - infra.quay_configuration.quay_organization: - name: ansibletestorg - state: absent - quay_host: "{{ quay_url }}" - # For testing, authenticating with username/password instead of the token - quay_username: "{{ admin_username }}" - quay_password: "{{ admin_password }}" - validate_certs: false ... diff --git a/tests/integration/targets/quay_repository/meta/main.yml b/tests/integration/targets/quay_repository/meta/main.yml index e978127..6f61d07 100644 --- a/tests/integration/targets/quay_repository/meta/main.yml +++ b/tests/integration/targets/quay_repository/meta/main.yml @@ -1,4 +1,4 @@ --- dependencies: - - setup_token + - setup_organization ... diff --git a/tests/integration/targets/quay_repository/tasks/main.yml b/tests/integration/targets/quay_repository/tasks/main.yml index 762e3e9..4103d1b 100644 --- a/tests/integration/targets/quay_repository/tasks/main.yml +++ b/tests/integration/targets/quay_repository/tasks/main.yml @@ -1,49 +1,4 @@ --- -# Supporting organization -- name: Ensure organization ansibletestorg exists - infra.quay_configuration.quay_organization: - name: ansibletestorg - email: ansibletestorg@example.com - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - -# Supporting user accounts -- name: Ensure user accounts exist - infra.quay_configuration.quay_user: - username: "{{ item }}" - email: "{{ item }}@example.com" - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - loop: - - ansibletestuser1 - - ansibletestuser2 - - ansibletestuser3 - - ansibletestuser5 - -# Supporting robot accounts -- name: Ensure the robot accounts exist - infra.quay_configuration.quay_robot: - name: ansibletestorg+ansibletestrobot1 - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - -# Supporting team -- name: Ensure teams exist - infra.quay_configuration.quay_team: - name: ansibletestteam1 - organization: ansibletestorg - role: admin - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - - name: Ensure repository ansibletestrepo1 exists infra.quay_configuration.quay_repository: name: ansibletestorg/ansibletestrepo1 @@ -132,7 +87,7 @@ visibility: public description: "In user namespace" perms: - - name: ansibletestuser5 + - name: ansibletestuser4 type: user role: admin state: present @@ -284,44 +239,4 @@ - ansibletestrepo2 - ansibletestrepo3 - ansibletestrepo4 - -- name: Ensure the teams are removed - infra.quay_configuration.quay_team: - name: ansibletestteam1 - organization: ansibletestorg - state: absent - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - -- name: Ensure user accounts are removed - infra.quay_configuration.quay_user: - username: "{{ item }}" - state: absent - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - loop: - - ansibletestuser1 - - ansibletestuser2 - - ansibletestuser3 - - ansibletestuser5 - -- name: Ensure the robot accounts are removed - infra.quay_configuration.quay_robot: - name: ansibletestorg+ansibletestrobot1 - state: absent - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - -- name: Ensure the organization is removed - infra.quay_configuration.quay_organization: - name: ansibletestorg - state: absent - quay_host: "{{ quay_url }}" - # For testing, authenticating with username/password instead of the token - quay_username: "{{ admin_username }}" - quay_password: "{{ admin_password }}" - validate_certs: false ... diff --git a/tests/integration/targets/quay_repository_mirror/meta/main.yml b/tests/integration/targets/quay_repository_mirror/meta/main.yml index e978127..6f61d07 100644 --- a/tests/integration/targets/quay_repository_mirror/meta/main.yml +++ b/tests/integration/targets/quay_repository_mirror/meta/main.yml @@ -1,4 +1,4 @@ --- dependencies: - - setup_token + - setup_organization ... diff --git a/tests/integration/targets/quay_repository_mirror/tasks/main.yml b/tests/integration/targets/quay_repository_mirror/tasks/main.yml index 2a2c7fe..0b9ce3c 100644 --- a/tests/integration/targets/quay_repository_mirror/tasks/main.yml +++ b/tests/integration/targets/quay_repository_mirror/tasks/main.yml @@ -1,23 +1,4 @@ --- -# Supporting organization -- name: Ensure organization ansibletestorg exists - infra.quay_configuration.quay_organization: - name: ansibletestorg - email: ansibletestorg@example.com - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - -# Supporting robot account -- name: Ensure the robot accounts exist - infra.quay_configuration.quay_robot: - name: ansibletestorg+ansibletestrobot1 - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - - name: Ensure repository ansibletestrepo1 exists infra.quay_configuration.quay_repository: name: ansibletestorg/ansibletestrepo1 @@ -125,22 +106,4 @@ quay_host: "{{ quay_url }}" quay_token: "{{ quay_token }}" validate_certs: false - -- name: Ensure the robot account is removed - infra.quay_configuration.quay_robot: - name: ansibletestorg+ansibletestrobot1 - state: absent - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - -- name: Ensure the organization is removed - infra.quay_configuration.quay_organization: - name: ansibletestorg - state: absent - quay_host: "{{ quay_url }}" - # For testing, authenticating with username/password instead of the token - quay_username: "{{ admin_username }}" - quay_password: "{{ admin_password }}" - validate_certs: false ... diff --git a/tests/integration/targets/quay_robot/meta/main.yml b/tests/integration/targets/quay_robot/meta/main.yml index e978127..6f61d07 100644 --- a/tests/integration/targets/quay_robot/meta/main.yml +++ b/tests/integration/targets/quay_robot/meta/main.yml @@ -1,4 +1,4 @@ --- dependencies: - - setup_token + - setup_organization ... diff --git a/tests/integration/targets/quay_robot/tasks/main.yml b/tests/integration/targets/quay_robot/tasks/main.yml index e495bb0..21c3611 100644 --- a/tests/integration/targets/quay_robot/tasks/main.yml +++ b/tests/integration/targets/quay_robot/tasks/main.yml @@ -1,26 +1,16 @@ --- -# Supporting organization -- name: Ensure organization ansibletestorg exists - infra.quay_configuration.quay_organization: - name: ansibletestorg - email: ansibletestorg@example.com - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - -- name: Ensure robot account ansibletestrobot1 exists +- name: Ensure robot account testrobot1 exists infra.quay_configuration.quay_robot: - name: ansibletestorg+ansibletestrobot1 + name: ansibletestorg+testrobot1 description: Test robot account in ansibletestorg state: present quay_host: "{{ quay_url }}" quay_token: "{{ quay_token }}" validate_certs: false -- name: Ensure robot account ansibletestrobot1 exists (no change) +- name: Ensure robot account testrobot1 exists (no change) infra.quay_configuration.quay_robot: - name: ansibletestorg+ansibletestrobot1 + name: ansibletestorg+testrobot1 state: present quay_host: "{{ quay_url }}" quay_token: "{{ quay_token }}" @@ -32,17 +22,17 @@ that: not result['changed'] fail_msg: The preceding task should not have changed anything -- name: Ensure robot account ansibletestrobot2 exists +- name: Ensure robot account testrobot2 exists infra.quay_configuration.quay_robot: - name: ansibletestorg+ansibletestrobot2 + name: ansibletestorg+testrobot2 state: present quay_host: "{{ quay_url }}" quay_token: "{{ quay_token }}" validate_certs: false -- name: Ensure robot account ansibletestrobot3 does not exist (no change) +- name: Ensure robot account testrobot3 does not exist (no change) infra.quay_configuration.quay_robot: - name: ansibletestorg+ansibletestrobot3 + name: ansibletestorg+testrobot3 state: absent quay_host: "{{ quay_url }}" quay_token: "{{ quay_token }}" @@ -54,18 +44,18 @@ that: not result['changed'] fail_msg: The preceding task should not have changed anything -- name: Ensure robot account ansibletestrobot4 exists in my namespace +- name: Ensure robot account testrobot4 exists in my namespace infra.quay_configuration.quay_robot: - name: ansibletestrobot4 + name: testrobot4 description: My robot state: present quay_host: "{{ quay_url }}" quay_token: "{{ quay_token }}" validate_certs: false -- name: Ensure robot account ansibletestrobot4 is removed from my namespace +- name: Ensure robot account testrobot4 is removed from my namespace infra.quay_configuration.quay_robot: - name: ansibletestrobot4 + name: testrobot4 description: My robot state: absent quay_host: "{{ quay_url }}" @@ -80,16 +70,6 @@ quay_token: "{{ quay_token }}" validate_certs: false loop: - - ansibletestorg+ansibletestrobot1 - - ansibletestorg+ansibletestrobot2 - -- name: Ensure the organization is removed - infra.quay_configuration.quay_organization: - name: ansibletestorg - state: absent - quay_host: "{{ quay_url }}" - # For testing, authenticating with username/password instead of the token - quay_username: "{{ admin_username }}" - quay_password: "{{ admin_password }}" - validate_certs: false + - ansibletestorg+testrobot1 + - ansibletestorg+testrobot2 ... diff --git a/tests/integration/targets/quay_tag/meta/main.yml b/tests/integration/targets/quay_tag/meta/main.yml index e978127..6f61d07 100644 --- a/tests/integration/targets/quay_tag/meta/main.yml +++ b/tests/integration/targets/quay_tag/meta/main.yml @@ -1,4 +1,4 @@ --- dependencies: - - setup_token + - setup_organization ... diff --git a/tests/integration/targets/quay_tag/tasks/main.yml b/tests/integration/targets/quay_tag/tasks/main.yml index 410f2b4..1610e21 100644 --- a/tests/integration/targets/quay_tag/tasks/main.yml +++ b/tests/integration/targets/quay_tag/tasks/main.yml @@ -1,14 +1,4 @@ --- -# Supporting organization -- name: Ensure organization ansibletestorg exists - infra.quay_configuration.quay_organization: - name: ansibletestorg - email: ansibletestorg@example.com - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - - name: Check whether podman is available ansible.builtin.command: cmd: podman --version @@ -263,13 +253,4 @@ quay_host: "{{ quay_url }}" quay_token: "{{ quay_token }}" validate_certs: false - -- name: Ensure the organization is removed - infra.quay_configuration.quay_organization: - name: ansibletestorg - state: absent - quay_host: "{{ quay_url }}" - # For testing, authenticating with username/password instead of the token - quay_username: "{{ admin_username }}" - quay_password: "{{ admin_password }}" - validate_certs: false +... diff --git a/tests/integration/targets/quay_tag_info/meta/main.yml b/tests/integration/targets/quay_tag_info/meta/main.yml index e978127..6f61d07 100644 --- a/tests/integration/targets/quay_tag_info/meta/main.yml +++ b/tests/integration/targets/quay_tag_info/meta/main.yml @@ -1,4 +1,4 @@ --- dependencies: - - setup_token + - setup_organization ... diff --git a/tests/integration/targets/quay_tag_info/tasks/main.yml b/tests/integration/targets/quay_tag_info/tasks/main.yml index a5f3185..4017f9d 100644 --- a/tests/integration/targets/quay_tag_info/tasks/main.yml +++ b/tests/integration/targets/quay_tag_info/tasks/main.yml @@ -1,14 +1,4 @@ --- -# Supporting organization -- name: Ensure organization ansibletestorg exists - infra.quay_configuration.quay_organization: - name: ansibletestorg - email: ansibletestorg@example.com - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - # Supporting repository - name: Ensure repository ansibletestrepo1 exists infra.quay_configuration.quay_repository: @@ -65,13 +55,4 @@ quay_host: "{{ quay_url }}" quay_token: "{{ quay_token }}" validate_certs: false - -- name: Ensure the organization is removed - infra.quay_configuration.quay_organization: - name: ansibletestorg - state: absent - quay_host: "{{ quay_url }}" - # For testing, authenticating with username/password instead of the token - quay_username: "{{ admin_username }}" - quay_password: "{{ admin_password }}" - validate_certs: false +... diff --git a/tests/integration/targets/quay_team/meta/main.yml b/tests/integration/targets/quay_team/meta/main.yml index e978127..6f61d07 100644 --- a/tests/integration/targets/quay_team/meta/main.yml +++ b/tests/integration/targets/quay_team/meta/main.yml @@ -1,4 +1,4 @@ --- dependencies: - - setup_token + - setup_organization ... diff --git a/tests/integration/targets/quay_team/tasks/main.yml b/tests/integration/targets/quay_team/tasks/main.yml index 1e86b19..dbf8672 100644 --- a/tests/integration/targets/quay_team/tasks/main.yml +++ b/tests/integration/targets/quay_team/tasks/main.yml @@ -1,53 +1,16 @@ --- -# Supporting organization -- name: Ensure organization ansibletestorg exists - infra.quay_configuration.quay_organization: - name: ansibletestorg - email: ansibletestorg@example.com - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - -# Supporting user accounts -- name: Ensure user accounts exist - infra.quay_configuration.quay_user: - username: "{{ item }}" - email: "{{ item }}@example.com" - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - loop: - - ansibletestuser1 - - ansibletestuser2 - - ansibletestuser3 - - ansibletestuser4 - -# Supporting robot accounts -- name: Ensure the robot accounts exist - infra.quay_configuration.quay_robot: - name: "{{ item }}" - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - loop: - - ansibletestorg+ansibletestrobot1 - - ansibletestorg+ansibletestrobot2 - -- name: Ensure team ansibletestteam1 exists +- name: Ensure team testteam1 exists infra.quay_configuration.quay_team: - name: ansibletestteam1 + name: testteam1 organization: ansibletestorg state: present quay_host: "{{ quay_url }}" quay_token: "{{ quay_token }}" validate_certs: false -- name: Ensure team ansibletestteam2 exists +- name: Ensure team testteam2 exists infra.quay_configuration.quay_team: - name: ansibletestteam2 + name: testteam2 organization: ansibletestorg description: | # Team 2 @@ -64,9 +27,9 @@ quay_token: "{{ quay_token }}" validate_certs: false -- name: Ensure team ansibletestteam2 is updated +- name: Ensure team testteam2 is updated infra.quay_configuration.quay_team: - name: ansibletestteam2 + name: testteam2 organization: ansibletestorg role: admin members: @@ -79,9 +42,9 @@ quay_token: "{{ quay_token }}" validate_certs: false -- name: Ensure team ansibletestteam2 has no members +- name: Ensure team testteam2 has no members infra.quay_configuration.quay_team: - name: ansibletestteam2 + name: testteam2 organization: ansibletestorg role: admin members: [] @@ -91,18 +54,18 @@ quay_token: "{{ quay_token }}" validate_certs: false -- name: Ensure team ansibletestteam3 exists +- name: Ensure team testteam3 exists infra.quay_configuration.quay_team: - name: ansibletestteam3 + name: testteam3 organization: ansibletestorg state: present quay_host: "{{ quay_url }}" quay_token: "{{ quay_token }}" validate_certs: false -- name: Ensure team ansibletestteam3 exists (no change) +- name: Ensure team testteam3 exists (no change) infra.quay_configuration.quay_team: - name: ansibletestteam3 + name: testteam3 organization: ansibletestorg role: member state: present @@ -140,41 +103,7 @@ quay_token: "{{ quay_token }}" validate_certs: false loop: - - ansibletestteam1 - - ansibletestteam2 - - ansibletestteam3 - -- name: Ensure user accounts are removed - infra.quay_configuration.quay_user: - username: "{{ item }}" - state: absent - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - loop: - - ansibletestuser1 - - ansibletestuser2 - - ansibletestuser3 - - ansibletestuser4 - -- name: Ensure the robot accounts are removed - infra.quay_configuration.quay_robot: - name: "{{ item }}" - state: absent - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - loop: - - ansibletestorg+ansibletestrobot1 - - ansibletestorg+ansibletestrobot2 - -- name: Ensure the organization is removed - infra.quay_configuration.quay_organization: - name: ansibletestorg - state: absent - quay_host: "{{ quay_url }}" - # For testing, authenticating with username/password instead of the token - quay_username: "{{ admin_username }}" - quay_password: "{{ admin_password }}" - validate_certs: false + - testteam1 + - testteam2 + - testteam3 ... diff --git a/tests/integration/targets/quay_team_ldap/meta/main.yml b/tests/integration/targets/quay_team_ldap/meta/main.yml index e978127..6f61d07 100644 --- a/tests/integration/targets/quay_team_ldap/meta/main.yml +++ b/tests/integration/targets/quay_team_ldap/meta/main.yml @@ -1,4 +1,4 @@ --- dependencies: - - setup_token + - setup_organization ... diff --git a/tests/integration/targets/quay_team_ldap/tasks/main.yml b/tests/integration/targets/quay_team_ldap/tasks/main.yml index eedea83..2dcb6c4 100644 --- a/tests/integration/targets/quay_team_ldap/tasks/main.yml +++ b/tests/integration/targets/quay_team_ldap/tasks/main.yml @@ -2,29 +2,10 @@ # Expecting user1, user2, user3, and user4 from LDAP # Expecting cn=group1,ou=users and cn=group2,ou=users from LDAP -# Supporting organization -- name: Ensure organization ansibletestorg exists - infra.quay_configuration.quay_organization: - name: ansibletestorg - email: ansibletestorg@example.com - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - -# Supporting robot account -- name: Ensure the robot account exists - infra.quay_configuration.quay_robot: - name: ansibletestorg+ansibletestrobot1 - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - # Supporting team -- name: Ensure team ansibletestteam1 exists +- name: Ensure team testteam1 exists infra.quay_configuration.quay_team: - name: ansibletestteam1 + name: testteam1 organization: ansibletestorg state: present role: creator @@ -34,9 +15,9 @@ quay_token: "{{ quay_token }}" validate_certs: false -- name: Ensure team ansibletestteam1 is not synchronized (no change) +- name: Ensure team testteam1 is not synchronized (no change) infra.quay_configuration.quay_team_ldap: - name: ansibletestteam1 + name: testteam1 organization: ansibletestorg sync: false quay_host: "{{ quay_url }}" @@ -49,9 +30,9 @@ that: not result['changed'] fail_msg: The preceding task should not have changed anything -- name: Ensure team ansibletestteam1 is synchronized (group1) +- name: Ensure team testteam1 is synchronized (group1) infra.quay_configuration.quay_team_ldap: - name: ansibletestteam1 + name: testteam1 organization: ansibletestorg sync: true group_dn: cn=group1,ou=users @@ -59,9 +40,9 @@ quay_token: "{{ quay_token }}" validate_certs: false -- name: Ensure team ansibletestteam1 is synchronized (no change) +- name: Ensure team testteam1 is synchronized (no change) infra.quay_configuration.quay_team_ldap: - name: ansibletestteam1 + name: testteam1 organization: ansibletestorg group_dn: cn=group1,ou=users quay_host: "{{ quay_url }}" @@ -74,9 +55,9 @@ that: not result['changed'] fail_msg: The preceding task should not have changed anything -- name: Ensure team ansibletestteam1 synchronization is updated (group2) +- name: Ensure team testteam1 synchronization is updated (group2) infra.quay_configuration.quay_team_ldap: - name: ansibletestteam1 + name: testteam1 organization: ansibletestorg sync: true group_dn: cn=group2,ou=users @@ -84,9 +65,9 @@ quay_token: "{{ quay_token }}" validate_certs: false -- name: Ensure team ansibletestteam1 is not synchronized anymore +- name: Ensure team testteam1 is not synchronized anymore infra.quay_configuration.quay_team_ldap: - name: ansibletestteam1 + name: testteam1 organization: ansibletestorg sync: false group_dn: cn=group1,ou=users @@ -95,9 +76,9 @@ quay_token: "{{ quay_token }}" validate_certs: false -- name: Ensure team ansibletestteam1 is not synchronized anymore (no change) +- name: Ensure team testteam1 is not synchronized anymore (no change) infra.quay_configuration.quay_team_ldap: - name: ansibletestteam1 + name: testteam1 organization: ansibletestorg sync: false quay_host: "{{ quay_url }}" @@ -110,30 +91,12 @@ that: not result['changed'] fail_msg: The preceding task should not have changed anything -- name: Ensure the ansibletestteam1 team is removed +- name: Ensure the testteam1 team is removed infra.quay_configuration.quay_team: - name: ansibletestteam1 + name: testteam1 organization: ansibletestorg state: absent quay_host: "{{ quay_url }}" quay_token: "{{ quay_token }}" validate_certs: false - -- name: Ensure the robot account is removed - infra.quay_configuration.quay_robot: - name: ansibletestorg+ansibletestrobot1 - state: absent - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - -- name: Ensure the organization is removed - infra.quay_configuration.quay_organization: - name: ansibletestorg - state: absent - quay_host: "{{ quay_url }}" - # For testing, authenticating with username/password instead of the token - quay_username: "{{ admin_username }}" - quay_password: "{{ admin_password }}" - validate_certs: false ... diff --git a/tests/integration/targets/quay_team_oidc/meta/main.yml b/tests/integration/targets/quay_team_oidc/meta/main.yml index e978127..6f61d07 100644 --- a/tests/integration/targets/quay_team_oidc/meta/main.yml +++ b/tests/integration/targets/quay_team_oidc/meta/main.yml @@ -1,4 +1,4 @@ --- dependencies: - - setup_token + - setup_organization ... diff --git a/tests/integration/targets/quay_team_oidc/tasks/main.yml b/tests/integration/targets/quay_team_oidc/tasks/main.yml index 6db46b0..5c87019 100644 --- a/tests/integration/targets/quay_team_oidc/tasks/main.yml +++ b/tests/integration/targets/quay_team_oidc/tasks/main.yml @@ -1,29 +1,10 @@ --- # Expecting group1 and group2 from OIDC -# Supporting organization -- name: Ensure organization ansibletestorg exists - infra.quay_configuration.quay_organization: - name: ansibletestorg - email: ansibletestorg@example.com - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - -# Supporting robot account -- name: Ensure the robot account exists - infra.quay_configuration.quay_robot: - name: ansibletestorg+ansibletestrobot1 - state: present - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - # Supporting team -- name: Ensure team ansibletestteam1 exists +- name: Ensure team testteam1 exists infra.quay_configuration.quay_team: - name: ansibletestteam1 + name: testteam1 organization: ansibletestorg state: present role: creator @@ -33,9 +14,9 @@ quay_token: "{{ quay_token }}" validate_certs: false -- name: Ensure team ansibletestteam1 is not synchronized (no change) +- name: Ensure team testteam1 is not synchronized (no change) infra.quay_configuration.quay_team_oidc: - name: ansibletestteam1 + name: testteam1 organization: ansibletestorg sync: false quay_host: "{{ quay_url }}" @@ -48,9 +29,9 @@ that: not result['changed'] fail_msg: The preceding task should not have changed anything -- name: Ensure team ansibletestteam1 is synchronized (group1) +- name: Ensure team testteam1 is synchronized (group1) infra.quay_configuration.quay_team_oidc: - name: ansibletestteam1 + name: testteam1 organization: ansibletestorg sync: true group_name: group1 @@ -58,9 +39,9 @@ quay_token: "{{ quay_token }}" validate_certs: false -- name: Ensure team ansibletestteam1 is synchronized (no change) +- name: Ensure team testteam1 is synchronized (no change) infra.quay_configuration.quay_team_oidc: - name: ansibletestteam1 + name: testteam1 organization: ansibletestorg group_name: group1 quay_host: "{{ quay_url }}" @@ -73,9 +54,9 @@ that: not result['changed'] fail_msg: The preceding task should not have changed anything -- name: Ensure team ansibletestteam1 synchronization is updated (group2) +- name: Ensure team testteam1 synchronization is updated (group2) infra.quay_configuration.quay_team_oidc: - name: ansibletestteam1 + name: testteam1 organization: ansibletestorg sync: true group_name: group2 @@ -83,9 +64,9 @@ quay_token: "{{ quay_token }}" validate_certs: false -- name: Ensure team ansibletestteam1 is not synchronized anymore +- name: Ensure team testteam1 is not synchronized anymore infra.quay_configuration.quay_team_oidc: - name: ansibletestteam1 + name: testteam1 organization: ansibletestorg sync: false group_name: group1 @@ -93,9 +74,9 @@ quay_token: "{{ quay_token }}" validate_certs: false -- name: Ensure team ansibletestteam1 is not synchronized anymore (no change) +- name: Ensure team testteam1 is not synchronized anymore (no change) infra.quay_configuration.quay_team_oidc: - name: ansibletestteam1 + name: testteam1 organization: ansibletestorg sync: false quay_host: "{{ quay_url }}" @@ -108,30 +89,12 @@ that: not result['changed'] fail_msg: The preceding task should not have changed anything -- name: Ensure the ansibletestteam1 team is removed +- name: Ensure the testteam1 team is removed infra.quay_configuration.quay_team: - name: ansibletestteam1 + name: testteam1 organization: ansibletestorg state: absent quay_host: "{{ quay_url }}" quay_token: "{{ quay_token }}" validate_certs: false - -- name: Ensure the robot account is removed - infra.quay_configuration.quay_robot: - name: ansibletestorg+ansibletestrobot1 - state: absent - quay_host: "{{ quay_url }}" - quay_token: "{{ quay_token }}" - validate_certs: false - -- name: Ensure the organization is removed - infra.quay_configuration.quay_organization: - name: ansibletestorg - state: absent - quay_host: "{{ quay_url }}" - # For testing, authenticating with username/password instead of the token - quay_username: "{{ admin_username }}" - quay_password: "{{ admin_password }}" - validate_certs: false ... diff --git a/tests/integration/targets/quay_vulnerability_info/tasks/main.yml b/tests/integration/targets/quay_vulnerability_info/tasks/main.yml index f21c576..8b869d8 100644 --- a/tests/integration/targets/quay_vulnerability_info/tasks/main.yml +++ b/tests/integration/targets/quay_vulnerability_info/tasks/main.yml @@ -44,3 +44,4 @@ ansible.builtin.assert: that: vulns['vulnerabilities']|length == 0 fail_msg: The preceding task should not have returned vulnerabilities +... diff --git a/tests/integration/targets/role_quay_org/tasks/main.yml b/tests/integration/targets/role_quay_org/tasks/main.yml index a9be1bc..0d99aa2 100644 --- a/tests/integration/targets/role_quay_org/tasks/main.yml +++ b/tests/integration/targets/role_quay_org/tasks/main.yml @@ -6,8 +6,8 @@ quay_org_host: "{{ quay_url }}" quay_org_token: "{{ quay_token }}" quay_org_validate_certs: false - quay_org_name: ansibletestorg - quay_org_email: ansibletestorg@example.com + quay_org_name: testorg + quay_org_email: testorg@example.com quay_org_auto_prune_method: tags quay_org_auto_prune_value: 15 quay_org_cache_registry: public.ecr.aws/nginx @@ -17,70 +17,70 @@ quay_org_warning_pct: 90 quay_org_reject_pct: 97 quay_org_users: - - username: ansibletestuser1 - email: ansibletestuser1@example.com + - username: testuser1 + email: testuser1@example.com password: vs9mrD55NP - - username: ansibletestuser2 - email: ansibletestuser2@example.com - - username: ansibletestuser3 - email: ansibletestuser3@example.com + - username: testuser2 + email: testuser2@example.com + - username: testuser3 + email: testuser3@example.com quay_org_robots: - - name: ansibletestrobot1 + - name: testrobot1 description: Test robot 1 quay_org_teams: - - name: ansibletestteam1 + - name: testteam1 description: Test team 1 role: member members: - - ansibletestuser1 - - name: ansibletestteam2 + - testuser1 + - name: testteam2 role: creator members: - - ansibletestuser2 - - ansibletestorg+ansibletestrobot1 + - testuser2 + - testorg+testrobot1 quay_org_default_perms: - - name: ansibletestteam2 + - name: testteam2 type: team role: write - - name: ansibletestuser1 + - name: testuser1 type: user role: read - creator: ansibletestuser3 + creator: testuser3 quay_org_applications: - - name: ansibletestapp1 + - name: testapp1 description: Test application 1 - - name: ansibletestapp2 + - name: testapp2 application_uri: http://test.example.com redirect_uri: http://test.example.com avatar_email: http://test.example.com quay_org_repositories: - - name: ansibletestrepo1 + - name: testrepo1 description: Test repository 1 visibility: public auto_prune_method: date auto_prune_value: 10w perms: - - name: ansibletestteam1 + - name: testteam1 type: team role: read - - name: ansibletestrepo2 + - name: testrepo2 # Cleanup (by using quay_username and quay_password for testing purpose) - name: Ensure repositories are removed infra.quay_configuration.quay_repository: - name: "ansibletestorg/{{ item }}" + name: "testorg/{{ item }}" state: absent quay_host: "{{ quay_url }}" quay_username: "{{ admin_username }}" quay_password: "{{ admin_password }}" validate_certs: false loop: - - ansibletestrepo1 - - ansibletestrepo2 + - testrepo1 + - testrepo2 - name: Ensure the applications are removed infra.quay_configuration.quay_application: - organization: ansibletestorg + organization: testorg name: "{{ item }}" state: absent quay_host: "{{ quay_url }}" @@ -88,25 +88,25 @@ quay_password: "{{ admin_password }}" validate_certs: false loop: - - ansibletestapp1 - - ansibletestapp2 + - testapp1 + - testapp2 - name: Ensure the teams are removed infra.quay_configuration.quay_team: name: "{{ item }}" - organization: ansibletestorg + organization: testorg state: absent quay_host: "{{ quay_url }}" quay_username: "{{ admin_username }}" quay_password: "{{ admin_password }}" validate_certs: false loop: - - ansibletestteam1 - - ansibletestteam2 + - testteam1 + - testteam2 - name: Ensure the robot accounts are removed infra.quay_configuration.quay_robot: - name: ansibletestorg+ansibletestrobot1 + name: testorg+testrobot1 state: absent quay_host: "{{ quay_url }}" quay_username: "{{ admin_username }}" @@ -122,13 +122,13 @@ quay_password: "{{ admin_password }}" validate_certs: false loop: - - ansibletestuser1 - - ansibletestuser2 - - ansibletestuser3 + - testuser1 + - testuser2 + - testuser3 - name: Ensure the proxy cache configuration is removed infra.quay_configuration.quay_proxy_cache: - organization: ansibletestorg + organization: testorg state: absent quay_host: "{{ quay_url }}" quay_username: "{{ admin_username }}" @@ -137,9 +137,10 @@ - name: Ensure the organization is removed infra.quay_configuration.quay_organization: - name: ansibletestorg + name: testorg state: absent quay_host: "{{ quay_url }}" quay_username: "{{ admin_username }}" quay_password: "{{ admin_password }}" validate_certs: false +... diff --git a/tests/integration/targets/setup_organization/handlers/main.yml b/tests/integration/targets/setup_organization/handlers/main.yml new file mode 100644 index 0000000..3474697 --- /dev/null +++ b/tests/integration/targets/setup_organization/handlers/main.yml @@ -0,0 +1,45 @@ +--- +# Supporting user accounts +- name: Ensure user accounts exist + infra.quay_configuration.quay_user: + username: "{{ item }}" + email: "{{ item }}@example.com" + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + loop: + - ansibletestuser1 + - ansibletestuser2 + - ansibletestuser3 + - ansibletestuser4 + listen: Create resources in organization + +# Supporting robot accounts +- name: Ensure the robot accounts exist + infra.quay_configuration.quay_robot: + name: "{{ item }}" + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + loop: + - ansibletestorg+ansibletestrobot1 + - ansibletestorg+ansibletestrobot2 + listen: Create resources in organization + +# Supporting teams +- name: Ensure teams exist + infra.quay_configuration.quay_team: + name: "{{ item }}" + organization: ansibletestorg + role: admin + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + loop: + - ansibletestteam1 + - ansibletestteam2 + listen: Create resources in organization +... diff --git a/tests/integration/targets/setup_organization/meta/main.yml b/tests/integration/targets/setup_organization/meta/main.yml new file mode 100644 index 0000000..e978127 --- /dev/null +++ b/tests/integration/targets/setup_organization/meta/main.yml @@ -0,0 +1,4 @@ +--- +dependencies: + - setup_token +... diff --git a/tests/integration/targets/setup_organization/tasks/main.yml b/tests/integration/targets/setup_organization/tasks/main.yml new file mode 100644 index 0000000..79dc236 --- /dev/null +++ b/tests/integration/targets/setup_organization/tasks/main.yml @@ -0,0 +1,14 @@ +--- +# Supporting organization +- name: Ensure organization ansibletestorg exists + infra.quay_configuration.quay_organization: + name: ansibletestorg + email: ansibletestorg@example.com + state: present + quay_host: "{{ quay_url }}" + quay_token: "{{ quay_token }}" + validate_certs: false + # To speed up the tests, only create the user accounts, robots, and teams + # when the organization does not already exist. + notify: Create resources in organization +... diff --git a/tests/integration/targets/setup_token/tasks/main.yml b/tests/integration/targets/setup_token/tasks/main.yml index 729bcec..a7fe120 100644 --- a/tests/integration/targets/setup_token/tasks/main.yml +++ b/tests/integration/targets/setup_token/tasks/main.yml @@ -65,7 +65,7 @@ ansible.builtin.copy: dest: /tmp/quay_collection_TOKEN.yml content: "---\ndefault_token: {{ result['access_token'] }}\n" - mode: 0600 + mode: "0600" - name: Store the OAuth access token in the quay_token fact ansible.builtin.set_fact: