фикс ошибок линта и молекулы

addons/vault/role/molecule/default/converge.yml

@@ -0,0 +1,54 @@
+---
+- name: Converge — vault template tests
+  hosts: all
+  become: false
+  gather_facts: false
+
+  vars:
+    vault_namespace: vault
+    vault_mode: "standalone"
+    vault_ha_replicas: 3
+    vault_injector_enabled: true
+    vault_auto_unseal_type: "none"
+    vault_aws_kms_region: ""
+    vault_aws_kms_key_id: ""
+    vault_aws_access_key: ""
+    vault_aws_secret_key: ""
+    vault_gcp_project: ""
+    vault_gcp_region: ""
+    vault_gcp_key_ring: ""
+    vault_gcp_crypto_key: ""
+    vault_azure_tenant_id: ""
+    vault_azure_client_id: ""
+    vault_azure_client_secret: ""
+    vault_azure_keyvault_name: ""
+    vault_azure_key_name: ""
+    vault_transit_seal_token: ""
+    vault_storage_size: "10Gi"
+    vault_storage_class: ""
+    vault_ingress_enabled: true
+    vault_ingress_host: "vault.home.local"
+    vault_ingress_class: "nginx"
+    vault_ingress_tls: false
+    vault_ingress_cert_issuer: "letsencrypt-prod"
+    vault_metrics_enabled: true
+    vault_resources:
+      requests:
+        cpu: "100m"
+        memory: "256Mi"
+      limits:
+        cpu: "500m"
+        memory: "512Mi"
+
+  tasks:
+    - name: Render vault-values.yaml.j2
+      ansible.builtin.template:
+        src: "{{ playbook_dir }}/../../templates/vault-values.yaml.j2"
+        dest: /tmp/vault-values.yaml
+        mode: "0644"
+
+    - name: Render vault-init-job.yaml.j2
+      ansible.builtin.template:
+        src: "{{ playbook_dir }}/../../templates/vault-init-job.yaml.j2"
+        dest: /tmp/vault-init-job.yaml
+        mode: "0644"

addons/vault/role/molecule/default/molecule.yml

@@ -0,0 +1,28 @@
+---
+driver:
+  name: docker
+
+platforms:
+  - name: master01
+    image: geerlingguy/docker-ubuntu2204-ansible:latest
+    pre_build_image: true
+    groups:
+      - k3s_master
+
+provisioner:
+  name: ansible
+  playbooks:
+    converge: converge.yml
+    verify: verify.yml
+  config_options:
+    defaults:
+      interpreter_python: auto_silent
+
+verifier:
+  name: ansible
+
+lint: |
+  set -e
+  yamllint .
+  ansible-lint
+

addons/vault/role/molecule/default/verify.yml

@@ -0,0 +1,45 @@
+---
+- name: Verify — vault templates
+  hosts: all
+  become: false
+  gather_facts: false
+
+  tasks:
+    - name: Read rendered values
+      ansible.builtin.slurp:
+        src: /tmp/vault-values.yaml
+      register: values_raw
+
+    - name: Parse values YAML
+      ansible.builtin.set_fact:
+        v: "{{ values_raw.content | b64decode | from_yaml }}"
+
+    - name: Assert injector is enabled
+      ansible.builtin.assert:
+        that: v.injector.enabled == true
+        fail_msg: "injector.enabled должен быть true"
+
+    - name: Assert data storage is enabled
+      ansible.builtin.assert:
+        that: v.server.dataStorage.enabled == true
+        fail_msg: "server.dataStorage.enabled должен быть true"
+
+    - name: Assert storage size
+      ansible.builtin.assert:
+        that: v.server.dataStorage.size == '10Gi'
+        fail_msg: "server.dataStorage.size должен быть 10Gi"
+
+    - name: Assert standalone mode (ha disabled)
+      ansible.builtin.assert:
+        that: v.server.ha.enabled == false
+        fail_msg: "server.ha.enabled должен быть false в standalone режиме"
+
+    - name: Read vault-init-job
+      ansible.builtin.slurp:
+        src: /tmp/vault-init-job.yaml
+      register: job_raw
+
+    - name: Assert vault init job contains namespace
+      ansible.builtin.assert:
+        that: "'vault' in (job_raw.content | b64decode)"
+        fail_msg: "vault namespace не найден в init job"