Update ldap image in tests (#274)

* Update ldap image in tests

The bitnami openldap image we had been using is no longer being support
by them. It has been moved over to a bitnamilegacy namespace, but it's
not clear how long that will remain. We should find a better solution at
some point.

* Update versions in Dockerfile

The dockerfile was built around python3.9 which forced the use of
ansible 2.15. This updates the base image to ubi10 which uses python3.12
by default. The version of the oc/kubectl client package was updated to
4.20 as well.

* Try and make it work

* Remove backslash

* debug

* try and force 3.12

* use ubi9

* debug

* try adding packaging

* debug

* Lots of changes

* Add check for none

* Fix python version

ci/Dockerfile

@@ -5,26 +5,26 @@ ENV OPERATOR=/usr/local/bin/ansible-operator \
     USER_NAME=ansible-operator\
     HOME=/opt/ansible \
     ANSIBLE_LOCAL_TMP=/opt/ansible/tmp \
-    DOWNSTREAM_BUILD_PYTHON=python3.9
+    DOWNSTREAM_BUILD_PYTHON=python3.12
 
 RUN yum install -y \
       glibc-langpack-en \
       git \
       make \
-      python3 \
+      python3.12 \
-      python3-devel \
+      python3.12-devel \
-      python3-pip \
+      python3.12-pip \
-      python3-setuptools \
+      python3.12-setuptools \
       gcc \
       openldap-devel \
- && python3.9 -m pip install --no-cache-dir --upgrade setuptools pip \
+ && python3.12 -m pip install --no-cache-dir --upgrade setuptools pip \
- && python3.9 -m pip install --no-cache-dir \
+ && python3.12 -m pip install --no-cache-dir \
       kubernetes \
       "ansible-core" \
       "molecule" \
   && yum clean all \
   && rm -rf $HOME/.cache \
-  && curl -L https://github.com/openshift/okd/releases/download/4.12.0-0.okd-2023-04-16-041331/openshift-client-linux-4.12.0-0.okd-2023-04-16-041331.tar.gz | tar -xz -C /usr/local/bin
+  && curl -L https://github.com/okd-project/okd/releases/download/4.20.0-okd-scos.17/openshift-client-linux-amd64-rhel9-4.20.0-okd-scos.17.tar.gz | tar -xz -C /usr/local/bin
   # TODO: Is there a better way to install this client in ubi8?
 
 COPY . /opt/ansible

molecule/default/molecule.yml

@@ -18,8 +18,8 @@ provisioner:
     host_vars:
       localhost:
         virtualenv: ${MOLECULE_EPHEMERAL_DIRECTORY}/virtualenv
-        virtualenv_command: '{{ ansible_playbook_python }} -m virtualenv'
+        virtualenv_command: '{{ ansible_playbook_python }} -m venv'
-        virtualenv_interpreter: '{{ virtualenv }}/bin/python'
+        virtualenv_interpreter: '{{ virtualenv }}/bin/python3'
         playbook_namespace: molecule-tests
   env:
     ANSIBLE_FORCE_COLOR: 'true'

molecule/default/prepare.yml

@@ -13,6 +13,7 @@
           - kubernetes>=12.0.0
           - coverage
           - python-ldap
+          - packaging
         virtualenv: "{{ virtualenv }}"
         virtualenv_command: "{{ virtualenv_command }}"
         virtualenv_site_packages: no

molecule/default/roles/openshift_adm_groups/tasks/activeDirectory.yml

@@ -47,8 +47,8 @@
       assert:
         that:
           - result is changed
-          - admins_group
+          - admins_group | length > 0
-          - devs_group
+          - devs_group | length > 0
           - '"jane.smith@ansible.org" in admins_group.users'
           - '"jim.adams@ansible.org" in admins_group.users'
           - '"jordanbulls@ansible.org" in devs_group.users'

molecule/default/roles/openshift_adm_groups/tasks/augmentedActiveDirectory.yml

@@ -47,8 +47,8 @@
       assert:
         that:
           - result is changed
-          - banking_group
+          - banking_group | length > 0
-          - insurance_group
+          - insurance_group | length > 0
           - '"james-allan@ansible.org" in banking_group.users'
           - '"gordon-kane@ansible.org" in banking_group.users'
           - '"alice-courtney@ansible.org" in insurance_group.users'

molecule/default/roles/openshift_adm_groups/tasks/main.yml

@@ -17,7 +17,8 @@
       spec:
         containers:
           - name: ldap
-            image: bitnami/openldap
+            # bitnami is no longer supporting this image. we should probably find a replacement
+            image: docker.io/bitnamilegacy/openldap:latest
             env:
               - name: LDAP_ADMIN_USERNAME
                 value: "{{ ldap_admin_user }}"

molecule/default/roles/openshift_adm_groups/tasks/python-ldap-not-installed.yml

@@ -13,10 +13,8 @@
 
     - pip:
         name:
-          - kubernetes
+          - python-ldap
-        virtualenv: "{{ venv }}"
+        state: absent
-        virtualenv_command: "{{ virtualenv_command }}"
-        virtualenv_site_packages: false
 
     - name: Load test configurations
       set_fact:
@@ -27,8 +25,6 @@
         config: "{{ configs.simple }}"
       register: result
       ignore_errors: true
-      vars:
-        ansible_python_interpreter: "{{ venv }}/bin/python"
 
     - name: Check that module failed gracefully
       assert:
@@ -36,6 +32,9 @@
           - '"Failed to import the required Python library (python-ldap)" in result.msg'
 
   always:
+    - pip:
+        name:
+          - python-ldap
     - name: Remove temp directory
       file:
         path: "{{ test_dir }}"

molecule/default/roles/openshift_adm_groups/tasks/rfc2307.yml

@@ -68,8 +68,8 @@
       assert:
         that:
           - result is changed
-          - admins_group
+          - admins_group | length > 0
-          - devs_group
+          - devs_group | length > 0
           - '"jane.smith@ansible.org" in admins_group.users'
           - '"jim.adams@ansible.org" in devs_group.users'
           - '"jordanbulls@ansible.org" in devs_group.users'
@@ -89,8 +89,8 @@
       assert:
         that:
           - result is changed
-          - admins_group
+          - admins_group | length > 0
-          - devs_group
+          - devs_group | length > 0
           - '"jane.smith@ansible.org" in admins_group.users'
           - '"jim.adams@ansible.org" in devs_group.users'
           - '"jordanbulls@ansible.org" in devs_group.users'
@@ -110,8 +110,8 @@
       assert:
         that:
           - result is changed
-          - admins_group
+          - admins_group | length > 0
-          - devs_group
+          - devs_group | length > 0
           - '"cn=Jane,ou=people,ou=rfc2307,"+ldap_root in admins_group.users'
           - '"cn=Jim,ou=people,ou=rfc2307,"+ldap_root in devs_group.users'
           - '"cn=Jordan,ou=people,ou=rfc2307,"+ldap_root in devs_group.users'
@@ -131,8 +131,8 @@
       assert:
         that:
           - result is changed
-          - admins_group
+          - admins_group | length > 0
-          - devs_group
+          - devs_group | length > 0
           - '"jane.smith@ansible.org" in admins_group.users'
           - '"jim.adams@ansible.org" in devs_group.users'
           - '"jordanbulls@ansible.org" in devs_group.users'

molecule/default/tasks/openshift_prune_images.yml

@@ -213,5 +213,6 @@
       ignore_errors: true
 
   when:
-    - registry.public_hostname
+    - registry.public_hostname is not none
+    - registry.public_hostname | length > 0
     - registry.check.reached

molecule/default/verify.yml

@@ -66,10 +66,7 @@
 
   tasks:
     - pip:
-        name: kubernetes-validate==1.12.0
+        name: kubernetes-validate==1.34.1
-        virtualenv: "{{ virtualenv }}"
-        virtualenv_command: "{{ virtualenv_command }}"
-        virtualenv_site_packages: no
 
     - import_tasks: tasks/validate_installed.yml