[backport/stable-4] Add ansible-lint to tox linters (#258) and Update tests for newer version of openshift (#254) (#259)

* Add ansible-lint to tox linters (#258) * Add ansible-lint to tox linters * Bump black * Black formatting * fix linting (cherry picked from commit f54297c2ac) * Update tests for newer version of openshift (#254) * Update tests for newer version of openshift More recent versions of ocp no longer automatically create tokens for service accounts. This updates the tests to manually create the tokens. * Update nginx template version The old image was EOL and the deployment was failing to deploy. * Fix nginx version for all tasks * Add missing var (cherry picked from commit a3c3a69bbf) --------- Co-authored-by: Mike Graves <mgraves@redhat.com>
2026-05-07 21:52:37 +00:00 · 2025-05-21 05:45:53 -07:00
parent a890d14253
commit db863c9089
12 changed files with 50 additions and 48 deletions
--- a/molecule/default/tasks/openshift_adm_prune_auth_clusterroles.yml
+++ b/molecule/default/tasks/openshift_adm_prune_auth_clusterroles.yml
@@ -3,6 +3,7 @@
    - set_fact:
        test_sa: "clusterrole-sa"
        test_ns: "clusterrole-ns"
+        test_tn: "clusterrole-tn"

    - name: Ensure namespace
      kubernetes.core.k8s:
@@ -26,34 +27,27 @@
            name: "{{ test_sa }}"
            namespace: "{{ test_ns }}"

-    - name: Read Service Account
-      kubernetes.core.k8s_info:
-        kind: ServiceAccount
-        namespace: "{{ test_ns }}"
-        name: "{{ test_sa }}"
-      register: result
-
-    - set_fact:
-        secret_token: "{{ result.resources[0]['secrets'][0]['name'] }}"
+    - name: Create SA token
+      kubernetes.core.k8s:
+        definition:
+          apiVersion: v1
+          kind: Secret
+          metadata:
+            name: "{{ test_tn }}"
+            namespace: "{{ test_ns }}"
+            annotations:
+              kubernetes.io/service-account.name: "{{ test_sa }}"
+          type: kubernetes.io/service-account-token

    - name: Get secret details
      kubernetes.core.k8s_info:
        kind: Secret
-        namespace: '{{ test_ns }}'
-        name: '{{ secret_token }}'
+        namespace: "{{ test_ns }}"
+        name: "{{ test_tn }}"
      register: _secret
-      retries: 10
-      delay: 10
-      until:
-        - ("'openshift.io/token-secret.value' in _secret.resources[0]['metadata']['annotations']") or ("'token' in _secret.resources[0]['data']")
-
-    - set_fact:
-        api_token: "{{ _secret.resources[0]['metadata']['annotations']['openshift.io/token-secret.value'] }}"
-      when: "'openshift.io/token-secret.value' in _secret.resources[0]['metadata']['annotations']"

    - set_fact:
        api_token: "{{ _secret.resources[0]['data']['token'] | b64decode }}"
-      when: "'token' in _secret.resources[0]['data']"

    - name: list Node should failed (forbidden user)
      kubernetes.core.k8s_info:
--- a/molecule/default/tasks/openshift_adm_prune_auth_roles.yml
+++ b/molecule/default/tasks/openshift_adm_prune_auth_roles.yml
@@ -4,6 +4,7 @@
        test_ns: "prune-roles"
        sa_name: "roles-sa"
        pod_name: "pod-prune"
+        tn_name: "roles-sa-token"
        role_definition:
          - name: pod-list
            labels:
@@ -50,34 +51,27 @@
            name: '{{ sa_name }}'
            namespace: '{{ test_ns }}'

-    - name: Read Service Account
-      kubernetes.core.k8s_info:
-        kind: ServiceAccount
-        namespace: '{{ test_ns }}'
-        name: '{{ sa_name }}'
-      register: sa_out
-
-    - set_fact:
-        secret_token: "{{ sa_out.resources[0]['secrets'][0]['name'] }}"
+    - name: Create SA secret
+      kubernetes.core.k8s:
+        definition:
+          apiVersion: v1
+          kind: Secret
+          metadata:
+            name: "{{ tn_name }}"
+            namespace: "{{ test_ns }}"
+            annotations:
+              kubernetes.io/service-account.name: "{{ sa_name }}"
+          type: kubernetes.io/service-account-token

    - name: Get secret details
      kubernetes.core.k8s_info:
        kind: Secret
        namespace: '{{ test_ns }}'
-        name: '{{ secret_token }}'
+        name: '{{ tn_name }}'
      register: r_secret
-      retries: 10
-      delay: 10
-      until:
-        - ("'openshift.io/token-secret.value' in r_secret.resources[0]['metadata']['annotations']") or ("'token' in r_secret.resources[0]['data']")
-
-    - set_fact:
-        api_token: "{{ r_secret.resources[0]['metadata']['annotations']['openshift.io/token-secret.value'] }}"
-      when: "'openshift.io/token-secret.value' in r_secret.resources[0]['metadata']['annotations']"

    - set_fact:
        api_token: "{{ r_secret.resources[0]['data']['token'] | b64decode }}"
-      when: "'token' in r_secret.resources[0]['data']"

    - name: list resources using service account
      kubernetes.core.k8s_info:
--- a/molecule/default/tasks/openshift_process.yml
+++ b/molecule/default/tasks/openshift_process.yml
@@ -7,6 +7,7 @@
    parameters:
      NAMESPACE: openshift
      NAME: test123
+      NGINX_VERSION: "{{ nginx_version }}"
  register: result

 - name: Create the rendered resources
@@ -32,6 +33,7 @@
    parameters:
      NAMESPACE: openshift
      NAME: test123
+      NGINX_VERSION: "{{ nginx_version }}"
    state: present
    namespace_target: process-test
  register: result
@@ -44,6 +46,7 @@
      NAMESPACE: openshift
      NAME: test123
      MEMORY_LIMIT: 1Gi
+      NGINX_VERSION: "{{ nginx_version }}"
    state: present
    namespace_target: process-test
  register: result
@@ -55,6 +58,7 @@
    parameters:
      NAMESPACE: openshift
      NAME: test123
+      NGINX_VERSION: "{{ nginx_version }}"
    state: absent
    namespace_target: process-test
  register: result