test: add sanity check on collection and fix sanity issues

Author: Sylfwood

.github/workflows/test.yml

@@ -10,23 +10,39 @@ jobs:
   integration-test:
     environment: test
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ansible/ansible_collections/devolutions/dvls
 
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+        with:
+          path: ansible/ansible_collections/devolutions/dvls
 
       - name: Set up Python
         uses: actions/setup-python@v4
         with:
-          python-version: 3.x
+          python-version: 3.13
 
-      - name: Install Python dependencies
+      - name: Create virtual environment and install dependencies
         run: |
+          echo "Creating python virtual environment"
           python3 -m pip install --upgrade pip
-          python3 -m pip install -r requirements.txt
-          python3 -m pip list
+          python3 -m venv test
+          echo "Activating python virtual environment"
+          source test/bin/activate
+          if [ -f requirements.txt ]; then
+              echo "Installing python requirements"
+              python3 -m pip install --upgrade pip
+              python3 -m pip install -r requirements.txt
+              python3 -m pip list
+          fi
+
+      - name: Test collection sanity
+        run: ansible-test sanity
 
-      - name: Build
+      - name: Build collection
         id: build
         run: |
           OUTPUT=$(ansible-galaxy collection build)
@@ -37,11 +53,30 @@ jobs:
 
       - name: Install collection
         run: ansible-galaxy collection install ${{ steps.build.outputs.collection_path }} --force
-        working-directory: tests/integration
+        working-directory: ansible/ansible_collections/devolutions/dvls/tests/integration
+
+      - name: Test collection documentation
+        run: |
+          # Generate the list of modules dynamically
+          ansible_modules=($(ansible-doc -l devolutions.dvls | awk '{print $1}'))
+
+          # Check if any modules were found
+          if [ ${#ansible_modules[@]} -eq 0 ]; then
+            echo "Error: No modules found for devolutions.dvls."
+            exit 1
+          fi
+          echo "Modules: ${ansible_modules[@]}"
+
+          # Loop through each module and run ansible-doc
+          for ansible_module in "${ansible_modules[@]}"; do
+            echo "Running ansible-doc for module: $ansible_module"
+            ansible-doc -t module "$ansible_module"
+            echo "----------------------------------------------------"
+          done
 
       - name: Run get-vaults
         run: ansible-playbook test_manage_server.yml
-        working-directory: tests/integration
+        working-directory: ansible/ansible_collections/devolutions/dvls/tests/integration
         env:
           DVLS_APP_KEY: ${{ secrets.DVLS_APP_KEY }}
           DVLS_APP_SECRET: ${{ secrets.DVLS_APP_SECRET }}
@@ -50,7 +85,7 @@ jobs:
 
       - name: Run get-secrets
         run: ansible-playbook test_manage_secrets.yml
-        working-directory: tests/integration
+        working-directory: ansible/ansible_collections/devolutions/dvls/tests/integration
         env:
           DVLS_APP_KEY: ${{ secrets.DVLS_APP_KEY }}
           DVLS_APP_SECRET: ${{ secrets.DVLS_APP_SECRET }}

.gitignore

@@ -3,6 +3,9 @@
 .lock
 .ansible
 
+# asnible-test
+output
+
 # vscode..
 .vscode
 

README.md

@@ -129,16 +129,16 @@ Example response
 
 ## Secrets definition
 
-To access a particular field within a secret, you can use the format ```{{ secrets['name-or-id'].value }}```. Here’s a breakdown of the available categories and their fields:
-
-| **Category**              | **Fields**                                                                 |
-|---------------------------|---------------------------------------------------------------------------|
-| Username and password     | `domain`, `password`, `username`                                          |
-| Connection string         | `connectionString`                                                       |
-| Secret                    | `password`                                                               |
-| API key                   | `apiId`, `apiKey`, `tenantId`                                            |
+To access a particular field within a secret, you can use the format ```{{ secrets['name-or-id'].value }}```. Here's a breakdown of the available categories and their fields:
+
+| **Category**              | **Fields**                                                                                                                |
+|---------------------------|---------------------------------------------------------------------------------------------------------------------------|
+| Username and password     | `domain`, `password`, `username`                                                                                          |
+| Connection string         | `connectionString`                                                                                                        |
+| Secret                    | `password`                                                                                                                |
+| API key                   | `apiId`, `apiKey`, `tenantId`                                                                                             |
 | SSH key                   | `domain`, `password`, `privateKeyData`, `privateKeyOverridePassword`, `privateKeyPassPhrase`, `publicKeyData`, `username` |
-| Azure service principal   | `clientId`, `clientSecret`, `tenantId`                                   |
+| Azure service principal   | `clientId`, `clientSecret`, `tenantId`                                                                                    |
 
 
 ### Example using secret value

meta/runtime.yml

@@ -1,2 +1,2 @@
 ---
-requires_ansible: '>=2.9.10'
+requires_ansible: '~=2.18'

plugins/module_utils/auth.py

@@ -1,5 +1,14 @@
-import requests
 import json
+import traceback
+
+try:
+    import requests
+except ImportError:
+    HAS_REQUESTS_LIBRARY = False
+    REQUESTS_LIBRARY_IMPORT_ERROR = traceback.format_exc()
+else:
+    HAS_REQUESTS_LIBRARY_LIBRARY = True
+    REQUESTS_LIBRARY_IMPORT_ERROR = None
 
 
 def login(server_base_url, app_key, app_secret):

plugins/module_utils/server.py

@@ -1,4 +1,13 @@
-import requests
+import traceback
+
+try:
+    import requests
+except ImportError:
+    HAS_REQUESTS_LIBRARY = False
+    REQUESTS_LIBRARY_IMPORT_ERROR = traceback.format_exc()
+else:
+    HAS_REQUESTS_LIBRARY_LIBRARY = True
+    REQUESTS_LIBRARY_IMPORT_ERROR = None
 
 
 def public_instance_information(server_base_url, token):

plugins/module_utils/vaults.py

@@ -1,4 +1,13 @@
-import requests
+import traceback
+
+try:
+    import requests
+except ImportError:
+    HAS_REQUESTS_LIBRARY = False
+    REQUESTS_LIBRARY_IMPORT_ERROR = traceback.format_exc()
+else:
+    HAS_REQUESTS_LIBRARY_LIBRARY = True
+    REQUESTS_LIBRARY_IMPORT_ERROR = None
 
 
 def get_vaults(server_base_url, token):

plugins/modules/create_secret.py

@@ -7,8 +7,8 @@
 short_description: create or update a credential to DVLS
 
 description:
-    - This module logs into the DVLS (Devolutions Server) service, checks if a entry inside a given path already exists and updates or creates a Credential by name.
-    - The module requires DVLS application credentials, a server base URL and the data needed to create a secret.
+    - Logs into the DVLS (Devolutions Server) service, checks if an entry exists at a given path, and updates or creates a Credential by name.
+    - Requires DVLS application credentials, a server base URL and the data needed to create a secret.
 
 options:
     server_base_url:
@@ -30,8 +30,7 @@
     secret:
         description: the credential object, containing username and password.
         required: true
-        type: list
-        elements: dict
+        type: dict
         suboptions:
             secret_name:
                 description: the entry name/username.
@@ -49,7 +48,7 @@
                 description: the type of secret that will get created.
                 required: false
                 type: str
-                default: Credentials
+                default: Credential
             secret_subtype:
                 description: the secret subtype.
                 required: false
@@ -65,7 +64,7 @@
 """
 
 EXAMPLES = r"""
-- name: Upload Credentials to DVLS
+- name: Upload Credential to DVLS
   devolutions.dvls.create_secret:
     server_base_url: "https://example.yourcompany.com"
     app_key: "{{ lookup('env', 'DVLS_APP_KEY') }}"
@@ -82,40 +81,62 @@
     description: returns the ID of the created/updated entry.
     type: dict
     returned: changed
+
 """
 
-from ansible.module_utils.basic import AnsibleModule
+import traceback
+
+from ansible.module_utils.basic import AnsibleModule, missing_required_lib
 from ansible_collections.devolutions.dvls.plugins.module_utils.auth import login, logout
 from ansible_collections.devolutions.dvls.plugins.module_utils.vaults import (
     get_vault_entries,
     find_entry_by_name,
 )
-import requests
+
+try:
+    import requests
+except ImportError:
+    HAS_REQUESTS_LIBRARY = False
+    REQUESTS_LIBRARY_IMPORT_ERROR = traceback.format_exc()
+else:
+    HAS_REQUESTS_LIBRARY = True
+    REQUESTS_LIBRARY_IMPORT_ERROR = None
 
 
 def run_module():
-    module_args = dict(
+    argument_spec = dict(
         server_base_url=dict(type="str", required=True),
-        app_key=dict(type="str", required=True),
-        app_secret=dict(type="str", required=True),
+        app_key=dict(type="str", required=True, no_log=True),
+        app_secret=dict(type="str", required=True, no_log=True),
         vault_id=dict(type="str", required=True),
         secret=dict(
             type="dict",
             options=dict(
-                secret_name=dict(type="str", required=True),
-                value=dict(type="str", required=True),
-                secret_path=dict(type="str", required=False),
-                secret_type=dict(type="str", required=False, default="Credential"),
-                secret_subtype=dict(type="str", required=False, default="Default"),
-                secret_description=dict(type="str", required=False),
+                secret_name=dict(type="str", required=True, no_log=False),
+                value=dict(type="str", required=True, no_log=True),
+                secret_path=dict(type="str", required=False, no_log=False),
+                secret_type=dict(
+                    type="str", required=False, default="Credential", no_log=False
+                ),
+                secret_subtype=dict(
+                    type="str", required=False, default="Default", no_log=False
+                ),
+                secret_description=dict(type="str", required=False, no_log=False),
             ),
             required=True,
+            no_log=False,
         ),
     )
 
     result = dict()
 
-    module = AnsibleModule(argument_spec=module_args, supports_check_mode=True)
+    module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+    if not HAS_REQUESTS_LIBRARY:
+        module.fail_json(
+            msg=missing_required_lib("requests"),
+            exception=REQUESTS_LIBRARY_IMPORT_ERROR,
+        )
 
     if module.check_mode:
         module.exit_json(**result)

plugins/modules/fetch_secrets.py

@@ -7,8 +7,8 @@
 short_description: Fetch secrets from DVLS
 
 description:
-    - This module logs into the DVLS (Devolutions Server) service, retrieves specified secrets from a specified vault by name or ID.
-    - The module requires DVLS application credentials, a server base URL, and either a secret name or ID.
+    - Logs into the DVLS (Devolutions Server) service, retrieves specified secrets from a specified vault by name or ID.
+    - Requires DVLS application credentials, a server base URL, and either a secret name or ID.
 
 options:
     server_base_url:
@@ -29,7 +29,6 @@
         type: str
     secrets:
         description: A list of secrets to fetch. Each secret can be specified by name or ID.
-        required: true
         type: list
         elements: dict
         suboptions:
@@ -41,6 +40,18 @@
                 description: The ID of the secret to fetch.
                 required: false
                 type: str
+            secret_path:
+                description: The path of the secret to fetch.
+                required: false
+                type: str
+            secret_type:
+                description: The type of the secret to fetch.
+                required: false
+                type: str
+            secret_tag:
+                description: The tag of the secret to fetch.
+                required: false
+                type: str
 
 author:
     - Danny Bédard (@DannyBedard)
@@ -85,20 +96,21 @@
 def run_module():
     module_args = dict(
         server_base_url=dict(type="str", required=True),
-        app_key=dict(type="str", required=True),
-        app_secret=dict(type="str", required=True),
+        app_key=dict(type="str", required=True, no_log=True),
+        app_secret=dict(type="str", required=True, no_log=True),
         vault_id=dict(type="str", required=True),
         secrets=dict(
             type="list",
             elements="dict",
             options=dict(
-                secret_name=dict(type="str", required=False),
-                secret_id=dict(type="str", required=False),
-                secret_path=dict(type="str", required=False),
-                secret_type=dict(type="str", required=False),
-                secret_tag=dict(type="str", required=False),
+                secret_name=dict(type="str", required=False, no_log=False),
+                secret_id=dict(type="str", required=False, no_log=False),
+                secret_path=dict(type="str", required=False, no_log=False),
+                secret_type=dict(type="str", required=False, no_log=False),
+                secret_tag=dict(type="str", required=False, no_log=False),
             ),
             required=False,
+            no_log=False,
         ),
     )
 

plugins/modules/fetch_server.py

@@ -7,8 +7,8 @@
 short_description: Fetch server from DVLS
 
 description:
-    - This module logs into the DVLS (Devolutions Server) service, retrieves server information and vaults list.
-    - The module requires DVLS application credentials and a server base URL.
+    - Logs into the DVLS (Devolutions Server) service, retrieves server information and vaults list.
+    - Requires DVLS application credentials and a server base URL.
 
 options:
     server_base_url:
@@ -30,11 +30,11 @@
 
 EXAMPLES = r"""
 - name: Fetch dvls server information
-    server:
+  devolutions.dvls.fetch_server:
     server_base_url: "https://example.yourcompany.com"
     app_key: "{{ lookup('env', 'DVLS_APP_KEY') }}"
     app_secret: "{{ lookup('env', 'DVLS_APP_SECRET') }}"
-    register: server
+  register: server
 """
 
 RETURN = r"""
@@ -56,8 +56,8 @@
 def run_module():
     module_args = dict(
         server_base_url=dict(type="str", required=True),
-        app_key=dict(type="str", required=True),
-        app_secret=dict(type="str", required=True),
+        app_key=dict(type="str", required=True, no_log=True),
+        app_secret=dict(type="str", required=True, no_log=True),
     )
 
     result = dict()