Update old stable-5 branch to sync with current changes from main (#264)

* Update tests for newer version of openshift (#254) * Update tests for newer version of openshift More recent versions of ocp no longer automatically create tokens for service accounts. This updates the tests to manually create the tokens. * Update nginx template version The old image was EOL and the deployment was failing to deploy. * Fix nginx version for all tasks * Add missing var * Remove openshift inventory plugin (#252) * Remove openshift inventory plugin This removes the openshift inventory plugin which has been deprecated since version 3.0.0. The tests have been updated to retain coverage of the connection plugin, which is still supported. * Update version in Makefile * CI fixes * Update version info in build scripts * Set ansible remote directory The security policy on the pod is preventing ansible from writing to /. Set it to /tmp which should be writable. * Bump the ansible-lint version to 25.1.2 (#255) * Bump the ansible-lint version to 25.1.2 * Update changelogs/fragments/ansible-lint-update.yml Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com> --------- Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com> * Add ansible-lint to tox linters (#258) * Add ansible-lint to tox linters * Bump black * Black formatting * fix linting * prepare release 4.0.2 (#262) (#263) (cherry picked from commit 55ccaf3394) * Update k8s dependency upper bounds (#257) --------- Co-authored-by: Mike Graves <mgraves@redhat.com> Co-authored-by: GomathiselviS <gomathiselvi@gmail.com> Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com> Co-authored-by: Bianca Henderson <beeankha@gmail.com>
2026-05-08 06:02:36 +00:00 · 2025-06-05 12:09:02 -07:00
parent d1788bed2d
commit 620de63a26
23 changed files with 101 additions and 319 deletions
--- a/molecule/default/files/nginx.env
+++ b/molecule/default/files/nginx.env
@@ -1,6 +1,7 @@
 # Want to make sure comments don't break it
 export NAME=test123
 NAMESPACE=openshift
+NGINX_VERSION=1.22-ubi8



--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -14,12 +14,7 @@ provisioner:
  log: true
  options:
    vvv: True
-  config_options:
-    inventory:
-      enable_plugins: community.okd.openshift
  inventory:
-    hosts:
-      plugin: community.okd.openshift
    host_vars:
      localhost:
        virtualenv: ${MOLECULE_EPHEMERAL_DIRECTORY}/virtualenv
--- a/molecule/default/tasks/openshift_adm_prune_auth_clusterroles.yml
+++ b/molecule/default/tasks/openshift_adm_prune_auth_clusterroles.yml
@@ -3,6 +3,7 @@
    - set_fact:
        test_sa: "clusterrole-sa"
        test_ns: "clusterrole-ns"
+        test_tn: "clusterrole-tn"

    - name: Ensure namespace
      kubernetes.core.k8s:
@@ -26,34 +27,27 @@
            name: "{{ test_sa }}"
            namespace: "{{ test_ns }}"

-    - name: Read Service Account
-      kubernetes.core.k8s_info:
-        kind: ServiceAccount
-        namespace: "{{ test_ns }}"
-        name: "{{ test_sa }}"
-      register: result
-
-    - set_fact:
-        secret_token: "{{ result.resources[0]['secrets'][0]['name'] }}"
+    - name: Create SA token
+      kubernetes.core.k8s:
+        definition:
+          apiVersion: v1
+          kind: Secret
+          metadata:
+            name: "{{ test_tn }}"
+            namespace: "{{ test_ns }}"
+            annotations:
+              kubernetes.io/service-account.name: "{{ test_sa }}"
+          type: kubernetes.io/service-account-token

    - name: Get secret details
      kubernetes.core.k8s_info:
        kind: Secret
-        namespace: '{{ test_ns }}'
-        name: '{{ secret_token }}'
+        namespace: "{{ test_ns }}"
+        name: "{{ test_tn }}"
      register: _secret
-      retries: 10
-      delay: 10
-      until:
-        - ("'openshift.io/token-secret.value' in _secret.resources[0]['metadata']['annotations']") or ("'token' in _secret.resources[0]['data']")
-
-    - set_fact:
-        api_token: "{{ _secret.resources[0]['metadata']['annotations']['openshift.io/token-secret.value'] }}"
-      when: "'openshift.io/token-secret.value' in _secret.resources[0]['metadata']['annotations']"

    - set_fact:
        api_token: "{{ _secret.resources[0]['data']['token'] | b64decode }}"
-      when: "'token' in _secret.resources[0]['data']"

    - name: list Node should failed (forbidden user)
      kubernetes.core.k8s_info:
--- a/molecule/default/tasks/openshift_adm_prune_auth_roles.yml
+++ b/molecule/default/tasks/openshift_adm_prune_auth_roles.yml
@@ -4,6 +4,7 @@
        test_ns: "prune-roles"
        sa_name: "roles-sa"
        pod_name: "pod-prune"
+        tn_name: "roles-sa-token"
        role_definition:
          - name: pod-list
            labels:
@@ -50,34 +51,27 @@
            name: '{{ sa_name }}'
            namespace: '{{ test_ns }}'

-    - name: Read Service Account
-      kubernetes.core.k8s_info:
-        kind: ServiceAccount
-        namespace: '{{ test_ns }}'
-        name: '{{ sa_name }}'
-      register: sa_out
-
-    - set_fact:
-        secret_token: "{{ sa_out.resources[0]['secrets'][0]['name'] }}"
+    - name: Create SA secret
+      kubernetes.core.k8s:
+        definition:
+          apiVersion: v1
+          kind: Secret
+          metadata:
+            name: "{{ tn_name }}"
+            namespace: "{{ test_ns }}"
+            annotations:
+              kubernetes.io/service-account.name: "{{ sa_name }}"
+          type: kubernetes.io/service-account-token

    - name: Get secret details
      kubernetes.core.k8s_info:
        kind: Secret
        namespace: '{{ test_ns }}'
-        name: '{{ secret_token }}'
+        name: '{{ tn_name }}'
      register: r_secret
-      retries: 10
-      delay: 10
-      until:
-        - ("'openshift.io/token-secret.value' in r_secret.resources[0]['metadata']['annotations']") or ("'token' in r_secret.resources[0]['data']")
-
-    - set_fact:
-        api_token: "{{ r_secret.resources[0]['metadata']['annotations']['openshift.io/token-secret.value'] }}"
-      when: "'openshift.io/token-secret.value' in r_secret.resources[0]['metadata']['annotations']"

    - set_fact:
        api_token: "{{ r_secret.resources[0]['data']['token'] | b64decode }}"
-      when: "'token' in r_secret.resources[0]['data']"

    - name: list resources using service account
      kubernetes.core.k8s_info:
--- a/molecule/default/tasks/openshift_process.yml
+++ b/molecule/default/tasks/openshift_process.yml
@@ -7,6 +7,7 @@
    parameters:
      NAMESPACE: openshift
      NAME: test123
+      NGINX_VERSION: "{{ nginx_version }}"
  register: result

 - name: Create the rendered resources
@@ -32,6 +33,7 @@
    parameters:
      NAMESPACE: openshift
      NAME: test123
+      NGINX_VERSION: "{{ nginx_version }}"
    state: present
    namespace_target: process-test
  register: result
@@ -44,6 +46,7 @@
      NAMESPACE: openshift
      NAME: test123
      MEMORY_LIMIT: 1Gi
+      NGINX_VERSION: "{{ nginx_version }}"
    state: present
    namespace_target: process-test
  register: result
@@ -55,6 +58,7 @@
    parameters:
      NAMESPACE: openshift
      NAME: test123
+      NGINX_VERSION: "{{ nginx_version }}"
    state: absent
    namespace_target: process-test
  register: result
--- a/molecule/default/verify.yml
+++ b/molecule/default/verify.yml
@@ -1,9 +1,31 @@
 ---
- name: Verify inventory and connection plugins
-  # This group is created by the openshift_inventory plugin
-  # It is automatically configured to use the `oc` connection plugin
+- name: Create inventory of pods
+  # We need to manually create the inventory of pods now that the inventory plugin has been removed
+  gather_facts: false
+  hosts: localhost
+  connection: local
+  tasks:
+    - name: Get pods
+      kubernetes.core.k8s_info:
+        kind: Pod
+        namespace: testing
+      register: pods
+
+    - name: Add pods to inventory
+      ansible.builtin.add_host:
+        name: "{{ item.metadata.name }}"
+        groups:
+          - namespace_testing_pods
+        ansible_oc_pod: "{{ item.metadata.name }}"
+        ansible_oc_namespace: "{{ item.metadata.namespace }}"
+        pod_phase: "{{ item.status.phase }}"
+        ansible_remote_tmp: /tmp/.ansible
+      loop: "{{ pods.resources }}"
+
+- name: Verify connection plugin
  hosts: namespace_testing_pods
  gather_facts: no
+  connection: community.okd.oc
  vars:
    file_content: |
      Hello world
@@ -77,6 +99,7 @@
        - import_tasks: tasks/openshift_process.yml
          vars:
            files_dir: '{{ playbook_dir }}/files'
+            nginx_version: 1.22-ubi8
      always:
        - name: Delete namespace
          community.okd.k8s: