Skip to content

Commit 5bcce12

Browse files
author
Martin Jackson
committed
Change fails to asserts
1 parent 52c930a commit 5bcce12

2 files changed

Lines changed: 22 additions & 20 deletions

File tree

playbooks/process_secrets.yml

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -42,13 +42,14 @@
4242
secrets_phase: "{{ secrets_phase }}"
4343
register: secrets_results
4444

45-
- name: Fail when bootstrap secret loading requires values-secret v2
46-
ansible.builtin.fail:
47-
msg: >-
45+
- name: Assert values-secret v2 when loading bootstrap (early) secrets
46+
ansible.builtin.assert:
47+
that:
48+
- (secrets_yaml.version | default('1.0')) is version('2.0', '>=')
49+
fail_msg: >-
4850
Bootstrap secret loading (secrets_phase=early) requires values-secret format version 2.0 or newer.
49-
when:
50-
- secrets_phase | default('late') == 'early'
51-
- (secrets_yaml.version | default('1.0')) is version('2.0', '<')
51+
success_msg: values-secret version is 2.0 or newer; bootstrap (early) loading is allowed.
52+
when: secrets_phase | default('late') == 'early'
5253

5354
- name: Select Kubernetes secrets loader for bootstrap (early) phase
5455
ansible.builtin.set_fact:

roles/load_secrets/tasks/main.yml

Lines changed: 15 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -17,14 +17,14 @@
1717
- cluster_pre_check
1818
- find_vp_secrets
1919

20-
- name: Fail if values_secrets_data is missing
21-
ansible.builtin.shell: |
22-
printf "ERROR\n"
23-
printf " values_secrets_data was not found.\n"
24-
printf " The find_vp_secrets role should set it.\n"
25-
printf " Ensure your values/secret files are present and readable.\n"
26-
exit 1
27-
when: values_secrets_data is not defined
20+
- name: Assert values_secrets_data is present after find_vp_secrets
21+
ansible.builtin.assert:
22+
that:
23+
- values_secrets_data is defined
24+
fail_msg: >-
25+
values_secrets_data was not found. The find_vp_secrets role should set it.
26+
Ensure your values/secret files are present and readable.
27+
success_msg: values_secrets_data is defined; continuing with secret loading.
2828

2929
- name: Determine how to load secrets
3030
ansible.builtin.set_fact:
@@ -46,13 +46,14 @@
4646
secrets_phase: "{{ secrets_phase }}"
4747
register: secrets_results
4848

49-
- name: Fail when bootstrap secret loading requires values-secret v2
50-
ansible.builtin.fail:
51-
msg: >-
49+
- name: Assert values-secret v2 when loading bootstrap (early) secrets
50+
ansible.builtin.assert:
51+
that:
52+
- (secrets_yaml.version | default('1.0')) is version('2.0', '>=')
53+
fail_msg: >-
5254
Bootstrap secret loading (secrets_phase=early) requires values-secret format version 2.0 or newer.
53-
when:
54-
- secrets_phase | default('late') == 'early'
55-
- (secrets_yaml.version | default('1.0')) is version('2.0', '<')
55+
success_msg: values-secret version is 2.0 or newer; bootstrap (early) loading is allowed.
56+
when: secrets_phase | default('late') == 'early'
5657

5758
- name: Select Kubernetes secrets loader for bootstrap (early) phase
5859
ansible.builtin.set_fact:

0 commit comments

Comments
 (0)