Update CI - Continue work from #195 (#202)

* Upgrade Ansible and OKD versions for CI

* Use ubi9 and fix sanity

* Use correct pip install

* Try using quotes

* Ensure python3.9

* Upgrade ansible and molecule versions

* Remove DeploymentConfig

DeploymentConfigs are deprecated and seem to now be causing idempotence
problems. Replacing them with Deployments fixes it.

* Attempt to fix ldap integration tests

Signed-off-by: Alina Buzachis <abuzachis@redhat.com>

* Move sanity and unit tests to GH actions

Signed-off-by: Alina Buzachis <abuzachis@redhat.com>

* Firt round of sanity fixes

Signed-off-by: Alina Buzachis <abuzachis@redhat.com>

* Add kubernetes.core collection as sanity requirement

Signed-off-by: Alina Buzachis <abuzachis@redhat.com>

* Add ignore-2.16.txt

Signed-off-by: Alina Buzachis <abuzachis@redhat.com>

* Attempt to fix units

Signed-off-by: Alina Buzachis <abuzachis@redhat.com>

* Add ignore-2.17

Signed-off-by: Alina Buzachis <abuzachis@redhat.com>

* Attempt to fix unit tests

Signed-off-by: Alina Buzachis <abuzachis@redhat.com>

* Add pytest-ansible to test-requirements.txt

Signed-off-by: Alina Buzachis <abuzachis@redhat.com>

* Add changelog fragment

Signed-off-by: Alina Buzachis <abuzachis@redhat.com>

* Add workflow for ansible-lint

Signed-off-by: Alina Buzachis <abuzachis@redhat.com>

* Apply black

Signed-off-by: Alina Buzachis <abuzachis@redhat.com>

* Fix linters

Signed-off-by: Alina Buzachis <abuzachis@redhat.com>

* Add # fmt: skip

Signed-off-by: Alina Buzachis <abuzachis@redhat.com>

* Yet another round of linting

Signed-off-by: Alina Buzachis <abuzachis@redhat.com>

* Yet another round of linting

Signed-off-by: Alina Buzachis <abuzachis@redhat.com>

* Remove setup.cfg

Signed-off-by: Alina Buzachis <abuzachis@redhat.com>

* Revert #fmt

Signed-off-by: Alina Buzachis <abuzachis@redhat.com>

* Use ansible-core 2.14

Signed-off-by: Alina Buzachis <abuzachis@redhat.com>

* Cleanup ansible-lint ignores

Signed-off-by: Alina Buzachis <abuzachis@redhat.com>

* Try using service instead of pod IP

* Fix typo

* Actually use the correct port

* See if NetworkPolicy is preventing connection

* using Pod internal IP

* fix adm prune auth roles syntax

* adding some retry steps

* fix: openshift_builds target

* add flag --force-with-deps when building downstream collection

* Remove yamllint from tox linters, bump minimum python supported version to 3.9, Remove support for ansible-core < 2.14

---------

Signed-off-by: Alina Buzachis <abuzachis@redhat.com>
Co-authored-by: Mike Graves <mgraves@redhat.com>
Co-authored-by: Alina Buzachis <abuzachis@redhat.com>

tests/config.yml

@@ -1,2 +1,3 @@
+---
 modules:
-  python_requires: ">=3.6"
+  python_requires: ">=3.9"

tests/sanity/ignore-2.16.txt

@@ -0,0 +1,3 @@
+plugins/modules/k8s.py validate-modules:parameter-type-not-in-doc
+plugins/modules/k8s.py validate-modules:return-syntax-error
+plugins/modules/openshift_process.py validate-modules:parameter-type-not-in-doc

tests/sanity/ignore-2.17.txt

@@ -0,0 +1,3 @@
+plugins/modules/k8s.py validate-modules:parameter-type-not-in-doc
+plugins/modules/k8s.py validate-modules:return-syntax-error
+plugins/modules/openshift_process.py validate-modules:parameter-type-not-in-doc

tests/sanity/requirements.yml

@@ -0,0 +1,5 @@
+---
+collections:
+  - name: https://github.com/ansible-collections/kubernetes.core.git
+    type: git
+    version: main

tests/unit/plugins/module_utils/test_ldap_dn.py

@@ -5,28 +5,44 @@ __metaclass__ = type
 
 from ansible_collections.community.okd.plugins.module_utils.openshift_ldap import (
     openshift_equal_dn,
-    openshift_ancestorof_dn
+    openshift_ancestorof_dn,
 )
 import pytest
 
 try:
-    import ldap
+    import ldap  # pylint: disable=unused-import
 except ImportError:
     pytestmark = pytest.mark.skip("This test requires the python-ldap library")
 
 
 def test_equal_dn():
-
-    assert openshift_equal_dn("cn=unit,ou=users,dc=ansible,dc=com", "cn=unit,ou=users,dc=ansible,dc=com")
-    assert not openshift_equal_dn("cn=unit,ou=users,dc=ansible,dc=com", "cn=units,ou=users,dc=ansible,dc=com")
-    assert not openshift_equal_dn("cn=unit,ou=users,dc=ansible,dc=com", "cn=unit,ou=user,dc=ansible,dc=com")
-    assert not openshift_equal_dn("cn=unit,ou=users,dc=ansible,dc=com", "cn=unit,ou=users,dc=ansible,dc=org")
+    assert openshift_equal_dn(
+        "cn=unit,ou=users,dc=ansible,dc=com", "cn=unit,ou=users,dc=ansible,dc=com"
+    )
+    assert not openshift_equal_dn(
+        "cn=unit,ou=users,dc=ansible,dc=com", "cn=units,ou=users,dc=ansible,dc=com"
+    )
+    assert not openshift_equal_dn(
+        "cn=unit,ou=users,dc=ansible,dc=com", "cn=unit,ou=user,dc=ansible,dc=com"
+    )
+    assert not openshift_equal_dn(
+        "cn=unit,ou=users,dc=ansible,dc=com", "cn=unit,ou=users,dc=ansible,dc=org"
+    )
 
 
 def test_ancestor_of_dn():
-
-    assert not openshift_ancestorof_dn("cn=unit,ou=users,dc=ansible,dc=com", "cn=unit,ou=users,dc=ansible,dc=com")
-    assert not openshift_ancestorof_dn("cn=unit,ou=users,dc=ansible,dc=com", "cn=units,ou=users,dc=ansible,dc=com")
-    assert openshift_ancestorof_dn("ou=users,dc=ansible,dc=com", "cn=john,ou=users,dc=ansible,dc=com")
-    assert openshift_ancestorof_dn("ou=users,dc=ansible,dc=com", "cn=mathew,ou=users,dc=ansible,dc=com")
-    assert not openshift_ancestorof_dn("ou=users,dc=ansible,dc=com", "cn=mathew,ou=users,dc=ansible,dc=org")
+    assert not openshift_ancestorof_dn(
+        "cn=unit,ou=users,dc=ansible,dc=com", "cn=unit,ou=users,dc=ansible,dc=com"
+    )
+    assert not openshift_ancestorof_dn(
+        "cn=unit,ou=users,dc=ansible,dc=com", "cn=units,ou=users,dc=ansible,dc=com"
+    )
+    assert openshift_ancestorof_dn(
+        "ou=users,dc=ansible,dc=com", "cn=john,ou=users,dc=ansible,dc=com"
+    )
+    assert openshift_ancestorof_dn(
+        "ou=users,dc=ansible,dc=com", "cn=mathew,ou=users,dc=ansible,dc=com"
+    )
+    assert not openshift_ancestorof_dn(
+        "ou=users,dc=ansible,dc=com", "cn=mathew,ou=users,dc=ansible,dc=org"
+    )

tests/unit/plugins/module_utils/test_ldap_sync_config.py

@@ -9,28 +9,26 @@ from ansible_collections.community.okd.plugins.module_utils.openshift_ldap impor
 
 
 def test_missing_url():
-    config = dict(
-        kind="LDAPSyncConfig",
-        apiVersion="v1",
-        insecure=True
-    )
+    config = dict(kind="LDAPSyncConfig", apiVersion="v1", insecure=True)
     err = validate_ldap_sync_config(config)
     assert err == "url should be non empty attribute."
 
 
 def test_binddn_and_bindpwd_linked():
     """
-        one of bind_dn and bind_pwd cannot be set alone
+    one of bind_dn and bind_pwd cannot be set alone
     """
     config = dict(
         kind="LDAPSyncConfig",
         apiVersion="v1",
         url="ldap://LDAP_SERVICE_IP:389",
         insecure=True,
-        bindDN="cn=admin,dc=example,dc=org"
+        bindDN="cn=admin,dc=example,dc=org",
     )
 
-    credentials_error = "bindDN and bindPassword must both be specified, or both be empty."
+    credentials_error = (
+        "bindDN and bindPassword must both be specified, or both be empty."
+    )
 
     assert validate_ldap_sync_config(config) == credentials_error
 
@@ -39,7 +37,7 @@ def test_binddn_and_bindpwd_linked():
         apiVersion="v1",
         url="ldap://LDAP_SERVICE_IP:389",
         insecure=True,
-        bindPassword="testing1223"
+        bindPassword="testing1223",
     )
 
     assert validate_ldap_sync_config(config) == credentials_error
@@ -53,11 +51,13 @@ def test_insecure_connection():
         insecure=True,
     )
 
-    assert validate_ldap_sync_config(config) == "Cannot use ldaps scheme with insecure=true."
+    assert (
+        validate_ldap_sync_config(config)
+        == "Cannot use ldaps scheme with insecure=true."
+    )
 
-    config.update(dict(
-        url="ldap://LDAP_SERVICE_IP:389",
-        ca="path/to/ca/file"
-    ))
+    config.update(dict(url="ldap://LDAP_SERVICE_IP:389", ca="path/to/ca/file"))
 
-    assert validate_ldap_sync_config(config) == "Cannot specify a ca with insecure=true."
+    assert (
+        validate_ldap_sync_config(config) == "Cannot specify a ca with insecure=true."
+    )

tests/unit/plugins/module_utils/test_openshift_docker_image.py

@@ -11,7 +11,6 @@ import pytest
 
 
 def test_convert_storage_to_bytes():
-
     data = [
         ("1000", 1000),
         ("1000Ki", 1000 * 1024),
@@ -54,46 +53,48 @@ def validate_docker_response(resp, **kwargs):
 
 
 def test_parse_docker_image_ref_valid_image_with_digest():
-
     image = "registry.access.redhat.com/ubi8/dotnet-21@sha256:f7718f5efd3436e781ee4322c92ab0c4ae63e61f5b36f1473a57874cc3522669"
     response, err = parse_docker_image_ref(image)
     assert err is None
 
-    validate_docker_response(response,
-                             hostname="registry.access.redhat.com",
-                             namespace="ubi8",
-                             name="dotnet-21",
-                             digest="sha256:f7718f5efd3436e781ee4322c92ab0c4ae63e61f5b36f1473a57874cc3522669")
+    validate_docker_response(
+        response,
+        hostname="registry.access.redhat.com",
+        namespace="ubi8",
+        name="dotnet-21",
+        digest="sha256:f7718f5efd3436e781ee4322c92ab0c4ae63e61f5b36f1473a57874cc3522669",
+    )
 
 
 def test_parse_docker_image_ref_valid_image_with_tag_latest():
-
     image = "registry.access.redhat.com/ubi8/dotnet-21:latest"
     response, err = parse_docker_image_ref(image)
     assert err is None
 
-    validate_docker_response(response,
-                             hostname="registry.access.redhat.com",
-                             namespace="ubi8",
-                             name="dotnet-21",
-                             tag="latest")
+    validate_docker_response(
+        response,
+        hostname="registry.access.redhat.com",
+        namespace="ubi8",
+        name="dotnet-21",
+        tag="latest",
+    )
 
 
 def test_parse_docker_image_ref_valid_image_with_tag_int():
-
     image = "registry.access.redhat.com/ubi8/dotnet-21:0.0.1"
     response, err = parse_docker_image_ref(image)
     assert err is None
 
-    validate_docker_response(response,
-                             hostname="registry.access.redhat.com",
-                             namespace="ubi8",
-                             name="dotnet-21",
-                             tag="0.0.1")
+    validate_docker_response(
+        response,
+        hostname="registry.access.redhat.com",
+        namespace="ubi8",
+        name="dotnet-21",
+        tag="0.0.1",
+    )
 
 
 def test_parse_docker_image_ref_invalid_image():
-
     # The hex value of the sha256 is not valid
     image = "registry.access.redhat.com/dotnet-21@sha256:f7718f5efd3436e781ee4322c92ab0c4ae63e61f5b36f1473a57874cc3522"
     response, err = parse_docker_image_ref(image)
@@ -101,7 +102,6 @@ def test_parse_docker_image_ref_invalid_image():
 
 
 def test_parse_docker_image_ref_valid_image_without_hostname():
-
     image = "ansible:2.10.0"
     response, err = parse_docker_image_ref(image)
     assert err is None
@@ -110,16 +110,18 @@ def test_parse_docker_image_ref_valid_image_without_hostname():
 
 
 def test_parse_docker_image_ref_valid_image_without_hostname_and_with_digest():
-
     image = "ansible@sha256:f7718f5efd3436e781ee4322c92ab0c4ae63e61f5b36f1473a57874cc3522669"
     response, err = parse_docker_image_ref(image)
     assert err is None
 
-    validate_docker_response(response, name="ansible", digest="sha256:f7718f5efd3436e781ee4322c92ab0c4ae63e61f5b36f1473a57874cc3522669")
+    validate_docker_response(
+        response,
+        name="ansible",
+        digest="sha256:f7718f5efd3436e781ee4322c92ab0c4ae63e61f5b36f1473a57874cc3522669",
+    )
 
 
 def test_parse_docker_image_ref_valid_image_with_name_only():
-
     image = "ansible"
     response, err = parse_docker_image_ref(image)
     assert err is None
@@ -128,25 +130,27 @@ def test_parse_docker_image_ref_valid_image_with_name_only():
 
 
 def test_parse_docker_image_ref_valid_image_without_hostname_with_namespace_and_name():
-
     image = "ibmcom/pause@sha256:fcaff905397ba63fd376d0c3019f1f1cb6e7506131389edbcb3d22719f1ae54d"
     response, err = parse_docker_image_ref(image)
     assert err is None
 
-    validate_docker_response(response,
-                             name="pause",
-                             namespace="ibmcom",
-                             digest="sha256:fcaff905397ba63fd376d0c3019f1f1cb6e7506131389edbcb3d22719f1ae54d")
+    validate_docker_response(
+        response,
+        name="pause",
+        namespace="ibmcom",
+        digest="sha256:fcaff905397ba63fd376d0c3019f1f1cb6e7506131389edbcb3d22719f1ae54d",
+    )
 
 
 def test_parse_docker_image_ref_valid_image_with_complex_namespace_name():
-
     image = "registry.redhat.io/jboss-webserver-5/webserver54-openjdk11-tomcat9-openshift-rhel7:1.0"
     response, err = parse_docker_image_ref(image)
     assert err is None
 
-    validate_docker_response(response,
-                             hostname="registry.redhat.io",
-                             name="webserver54-openjdk11-tomcat9-openshift-rhel7",
-                             namespace="jboss-webserver-5",
-                             tag="1.0")
+    validate_docker_response(
+        response,
+        hostname="registry.redhat.io",
+        name="webserver54-openjdk11-tomcat9-openshift-rhel7",
+        namespace="jboss-webserver-5",
+        tag="1.0",
+    )