From c2f1d722dcda1f3d9338654615db231f7f05f0f8 Mon Sep 17 00:00:00 2001 From: Mike Graves Date: Mon, 23 Mar 2026 10:01:08 -0400 Subject: [PATCH] Update ldap image in tests (#274) * Update ldap image in tests The bitnami openldap image we had been using is no longer being support by them. It has been moved over to a bitnamilegacy namespace, but it's not clear how long that will remain. We should find a better solution at some point. * Update versions in Dockerfile The dockerfile was built around python3.9 which forced the use of ansible 2.15. This updates the base image to ubi10 which uses python3.12 by default. The version of the oc/kubectl client package was updated to 4.20 as well. * Try and make it work * Remove backslash * debug * try and force 3.12 * use ubi9 * debug * try adding packaging * debug * Lots of changes * Add check for none * Fix python version --- ci/Dockerfile | 16 ++++++++-------- molecule/default/molecule.yml | 4 ++-- molecule/default/prepare.yml | 1 + .../tasks/activeDirectory.yml | 4 ++-- .../tasks/augmentedActiveDirectory.yml | 4 ++-- .../roles/openshift_adm_groups/tasks/main.yml | 3 ++- .../tasks/python-ldap-not-installed.yml | 11 +++++------ .../roles/openshift_adm_groups/tasks/rfc2307.yml | 16 ++++++++-------- .../default/tasks/openshift_prune_images.yml | 3 ++- molecule/default/verify.yml | 5 +---- 10 files changed, 33 insertions(+), 34 deletions(-) diff --git a/ci/Dockerfile b/ci/Dockerfile index d57e7a0..f9612bc 100644 --- a/ci/Dockerfile +++ b/ci/Dockerfile @@ -5,26 +5,26 @@ ENV OPERATOR=/usr/local/bin/ansible-operator \ USER_NAME=ansible-operator\ HOME=/opt/ansible \ ANSIBLE_LOCAL_TMP=/opt/ansible/tmp \ - DOWNSTREAM_BUILD_PYTHON=python3.9 + DOWNSTREAM_BUILD_PYTHON=python3.12 RUN yum install -y \ glibc-langpack-en \ git \ make \ - python3 \ - python3-devel \ - python3-pip \ - python3-setuptools \ + python3.12 \ + python3.12-devel \ + python3.12-pip \ + python3.12-setuptools \ gcc \ openldap-devel \ - && python3.9 -m pip install --no-cache-dir --upgrade setuptools pip \ - && python3.9 -m pip install --no-cache-dir \ + && python3.12 -m pip install --no-cache-dir --upgrade setuptools pip \ + && python3.12 -m pip install --no-cache-dir \ kubernetes \ "ansible-core" \ "molecule" \ && yum clean all \ && rm -rf $HOME/.cache \ - && curl -L https://github.com/openshift/okd/releases/download/4.12.0-0.okd-2023-04-16-041331/openshift-client-linux-4.12.0-0.okd-2023-04-16-041331.tar.gz | tar -xz -C /usr/local/bin + && curl -L https://github.com/okd-project/okd/releases/download/4.20.0-okd-scos.17/openshift-client-linux-amd64-rhel9-4.20.0-okd-scos.17.tar.gz | tar -xz -C /usr/local/bin # TODO: Is there a better way to install this client in ubi8? COPY . /opt/ansible diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 3b56607..1f194d5 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -18,8 +18,8 @@ provisioner: host_vars: localhost: virtualenv: ${MOLECULE_EPHEMERAL_DIRECTORY}/virtualenv - virtualenv_command: '{{ ansible_playbook_python }} -m virtualenv' - virtualenv_interpreter: '{{ virtualenv }}/bin/python' + virtualenv_command: '{{ ansible_playbook_python }} -m venv' + virtualenv_interpreter: '{{ virtualenv }}/bin/python3' playbook_namespace: molecule-tests env: ANSIBLE_FORCE_COLOR: 'true' diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index 0d0361a..a62629c 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -13,6 +13,7 @@ - kubernetes>=12.0.0 - coverage - python-ldap + - packaging virtualenv: "{{ virtualenv }}" virtualenv_command: "{{ virtualenv_command }}" virtualenv_site_packages: no diff --git a/molecule/default/roles/openshift_adm_groups/tasks/activeDirectory.yml b/molecule/default/roles/openshift_adm_groups/tasks/activeDirectory.yml index 04f3335..8fdb365 100644 --- a/molecule/default/roles/openshift_adm_groups/tasks/activeDirectory.yml +++ b/molecule/default/roles/openshift_adm_groups/tasks/activeDirectory.yml @@ -47,8 +47,8 @@ assert: that: - result is changed - - admins_group - - devs_group + - admins_group | length > 0 + - devs_group | length > 0 - '"jane.smith@ansible.org" in admins_group.users' - '"jim.adams@ansible.org" in admins_group.users' - '"jordanbulls@ansible.org" in devs_group.users' diff --git a/molecule/default/roles/openshift_adm_groups/tasks/augmentedActiveDirectory.yml b/molecule/default/roles/openshift_adm_groups/tasks/augmentedActiveDirectory.yml index 7de215f..718353c 100644 --- a/molecule/default/roles/openshift_adm_groups/tasks/augmentedActiveDirectory.yml +++ b/molecule/default/roles/openshift_adm_groups/tasks/augmentedActiveDirectory.yml @@ -47,8 +47,8 @@ assert: that: - result is changed - - banking_group - - insurance_group + - banking_group | length > 0 + - insurance_group | length > 0 - '"james-allan@ansible.org" in banking_group.users' - '"gordon-kane@ansible.org" in banking_group.users' - '"alice-courtney@ansible.org" in insurance_group.users' diff --git a/molecule/default/roles/openshift_adm_groups/tasks/main.yml b/molecule/default/roles/openshift_adm_groups/tasks/main.yml index 5dc79c1..ca0ff7f 100644 --- a/molecule/default/roles/openshift_adm_groups/tasks/main.yml +++ b/molecule/default/roles/openshift_adm_groups/tasks/main.yml @@ -17,7 +17,8 @@ spec: containers: - name: ldap - image: bitnami/openldap + # bitnami is no longer supporting this image. we should probably find a replacement + image: docker.io/bitnamilegacy/openldap:latest env: - name: LDAP_ADMIN_USERNAME value: "{{ ldap_admin_user }}" diff --git a/molecule/default/roles/openshift_adm_groups/tasks/python-ldap-not-installed.yml b/molecule/default/roles/openshift_adm_groups/tasks/python-ldap-not-installed.yml index 857ff49..87db1b9 100644 --- a/molecule/default/roles/openshift_adm_groups/tasks/python-ldap-not-installed.yml +++ b/molecule/default/roles/openshift_adm_groups/tasks/python-ldap-not-installed.yml @@ -13,10 +13,8 @@ - pip: name: - - kubernetes - virtualenv: "{{ venv }}" - virtualenv_command: "{{ virtualenv_command }}" - virtualenv_site_packages: false + - python-ldap + state: absent - name: Load test configurations set_fact: @@ -27,8 +25,6 @@ config: "{{ configs.simple }}" register: result ignore_errors: true - vars: - ansible_python_interpreter: "{{ venv }}/bin/python" - name: Check that module failed gracefully assert: @@ -36,6 +32,9 @@ - '"Failed to import the required Python library (python-ldap)" in result.msg' always: + - pip: + name: + - python-ldap - name: Remove temp directory file: path: "{{ test_dir }}" diff --git a/molecule/default/roles/openshift_adm_groups/tasks/rfc2307.yml b/molecule/default/roles/openshift_adm_groups/tasks/rfc2307.yml index 6f5ecf8..e5988ea 100644 --- a/molecule/default/roles/openshift_adm_groups/tasks/rfc2307.yml +++ b/molecule/default/roles/openshift_adm_groups/tasks/rfc2307.yml @@ -68,8 +68,8 @@ assert: that: - result is changed - - admins_group - - devs_group + - admins_group | length > 0 + - devs_group | length > 0 - '"jane.smith@ansible.org" in admins_group.users' - '"jim.adams@ansible.org" in devs_group.users' - '"jordanbulls@ansible.org" in devs_group.users' @@ -89,8 +89,8 @@ assert: that: - result is changed - - admins_group - - devs_group + - admins_group | length > 0 + - devs_group | length > 0 - '"jane.smith@ansible.org" in admins_group.users' - '"jim.adams@ansible.org" in devs_group.users' - '"jordanbulls@ansible.org" in devs_group.users' @@ -110,8 +110,8 @@ assert: that: - result is changed - - admins_group - - devs_group + - admins_group | length > 0 + - devs_group | length > 0 - '"cn=Jane,ou=people,ou=rfc2307,"+ldap_root in admins_group.users' - '"cn=Jim,ou=people,ou=rfc2307,"+ldap_root in devs_group.users' - '"cn=Jordan,ou=people,ou=rfc2307,"+ldap_root in devs_group.users' @@ -131,8 +131,8 @@ assert: that: - result is changed - - admins_group - - devs_group + - admins_group | length > 0 + - devs_group | length > 0 - '"jane.smith@ansible.org" in admins_group.users' - '"jim.adams@ansible.org" in devs_group.users' - '"jordanbulls@ansible.org" in devs_group.users' diff --git a/molecule/default/tasks/openshift_prune_images.yml b/molecule/default/tasks/openshift_prune_images.yml index 1748522..8d82f66 100644 --- a/molecule/default/tasks/openshift_prune_images.yml +++ b/molecule/default/tasks/openshift_prune_images.yml @@ -213,5 +213,6 @@ ignore_errors: true when: - - registry.public_hostname + - registry.public_hostname is not none + - registry.public_hostname | length > 0 - registry.check.reached diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index 2b9b008..71444c3 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -66,10 +66,7 @@ tasks: - pip: - name: kubernetes-validate==1.12.0 - virtualenv: "{{ virtualenv }}" - virtualenv_command: "{{ virtualenv_command }}" - virtualenv_site_packages: no + name: kubernetes-validate==1.34.1 - import_tasks: tasks/validate_installed.yml