Update tests for newer version of openshift (#254)

* Update tests for newer version of openshift More recent versions of ocp no longer automatically create tokens for service accounts. This updates the tests to manually create the tokens. * Update nginx template version The old image was EOL and the deployment was failing to deploy. * Fix nginx version for all tasks * Add missing var
2026-05-14 05:22:11 +00:00 · 2025-05-02 04:30:38 -04:00
parent d1788bed2d
commit a3c3a69bbf
7 changed files with 39 additions and 39 deletions
--- a/molecule/default/tasks/openshift_adm_prune_auth_roles.yml
+++ b/molecule/default/tasks/openshift_adm_prune_auth_roles.yml
@@ -4,6 +4,7 @@
        test_ns: "prune-roles"
        sa_name: "roles-sa"
        pod_name: "pod-prune"
+        tn_name: "roles-sa-token"
        role_definition:
          - name: pod-list
            labels:
@@ -50,34 +51,27 @@
            name: '{{ sa_name }}'
            namespace: '{{ test_ns }}'

-    - name: Read Service Account
-      kubernetes.core.k8s_info:
-        kind: ServiceAccount
-        namespace: '{{ test_ns }}'
-        name: '{{ sa_name }}'
-      register: sa_out
-
-    - set_fact:
-        secret_token: "{{ sa_out.resources[0]['secrets'][0]['name'] }}"
+    - name: Create SA secret
+      kubernetes.core.k8s:
+        definition:
+          apiVersion: v1
+          kind: Secret
+          metadata:
+            name: "{{ tn_name }}"
+            namespace: "{{ test_ns }}"
+            annotations:
+              kubernetes.io/service-account.name: "{{ sa_name }}"
+          type: kubernetes.io/service-account-token

    - name: Get secret details
      kubernetes.core.k8s_info:
        kind: Secret
        namespace: '{{ test_ns }}'
-        name: '{{ secret_token }}'
+        name: '{{ tn_name }}'
      register: r_secret
-      retries: 10
-      delay: 10
-      until:
-        - ("'openshift.io/token-secret.value' in r_secret.resources[0]['metadata']['annotations']") or ("'token' in r_secret.resources[0]['data']")
-
-    - set_fact:
-        api_token: "{{ r_secret.resources[0]['metadata']['annotations']['openshift.io/token-secret.value'] }}"
-      when: "'openshift.io/token-secret.value' in r_secret.resources[0]['metadata']['annotations']"

    - set_fact:
        api_token: "{{ r_secret.resources[0]['data']['token'] | b64decode }}"
-      when: "'token' in r_secret.resources[0]['data']"

    - name: list resources using service account
      kubernetes.core.k8s_info: