Add Molecule tests (#7)

* Initial port to molecule

* Get molecule tests to run

* Draw the rest of the owl

* use local dir for storing collection during CI run

* Add dockerfile, install community.kubernetes collection before sanity check

* Add clean step to Makefile

* Get sanity tests working

* Update sanity test to use makefile

* Add ignores for 2.11 so devel passes

* Update description

* Code review

* Add OWNERS file for prow

molecule/default/README.md

@@ -0,0 +1,19 @@
+Wait tests
+----------
+
+wait tests require at least one node, and don't work on the normal k8s
+openshift-origin container as provided by ansible-test --docker -v k8s
+
+minikube, Kubernetes from Docker or any other Kubernetes service will
+suffice.
+
+If kubectl is already using the right config file and context, you can
+just do
+
+```
+cd tests/integration/targets/okd
+./runme.sh -vv
+```
+
+otherwise set one or both of `K8S_AUTH_KUBECONFIG` and `K8S_AUTH_CONTEXT`
+and use the same command

molecule/default/converge.yml

@@ -0,0 +1,59 @@
+---
+- name: Converge
+  hosts: localhost
+  connection: local
+  gather_facts: no
+  vars:
+    ansible_python_interpreter: '{{ virtualenv_interpreter }}'
+  tasks:
+    # OpenShift Resources
+    - name: Create a project
+      community.okd.k8s:
+        name: testing
+        kind: Project
+        api_version: project.openshift.io/v1
+        apply: no
+      register: output
+
+    - name: show output
+      debug:
+        var: output
+
+    - name: Create deployment config
+      community.okd.k8s:
+        state: present
+        inline: &dc
+          apiVersion: v1
+          kind: DeploymentConfig
+          metadata:
+            name: elastic
+            labels:
+              app: galaxy
+              service: elastic
+            namespace: testing
+          spec:
+            template:
+              metadata:
+                labels:
+                  app: galaxy
+                  service: elastic
+              spec:
+                containers:
+                  - name: elastic
+                    volumeMounts:
+                      - mountPath: /usr/share/elasticsearch/data
+                        name: elastic-volume
+                    command: ['elasticsearch']
+                    image: 'ansible/galaxy-elasticsearch:2.4.6'
+                volumes:
+                  - name: elastic-volume
+                    persistentVolumeClaim:
+                      claimName: elastic-volume
+            replicas: 1
+            strategy:
+              type: Rolling
+      register: output
+
+    - name: Show output
+      debug:
+        var: output

molecule/default/destroy.yml

@@ -0,0 +1,6 @@
+---
+- name: Destroy
+  hosts: localhost
+  connection: local
+  gather_facts: no
+  tasks: []

molecule/default/files/crd-resource.yml

@@ -0,0 +1,21 @@
+---
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: Certificate
+metadata:
+  name: acme-crt
+spec:
+  secretName: acme-crt-secret
+  dnsNames:
+    - foo.example.com
+    - bar.example.com
+  acme:
+    config:
+      - ingressClass: nginx
+        domains:
+          - foo.example.com
+          - bar.example.com
+  issuerRef:
+    name: letsencrypt-prod
+    # We can reference ClusterIssuers by changing the kind here.
+    # The default value is Issuer (i.e. a locally namespaced Issuer)
+    kind: Issuer

molecule/default/files/kuard-extra-property.yml

@@ -0,0 +1,22 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: kuard
+  name: kuard
+  namespace: default
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: kuard
+    unwanted: value
+  template:
+    metadata:
+      labels:
+        app: kuard
+    spec:
+      containers:
+        - image: gcr.io/kuar-demo/kuard-amd64:1
+          name: kuard

molecule/default/files/kuard-invalid-type.yml

@@ -0,0 +1,21 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: kuard
+  name: kuard
+  namespace: default
+spec:
+  replicas: hello
+  selector:
+    matchLabels:
+      app: kuard
+  template:
+    metadata:
+      labels:
+        app: kuard
+    spec:
+      containers:
+        - image: gcr.io/kuar-demo/kuard-amd64:1
+          name: kuard

molecule/default/files/setup-crd.yml

@@ -0,0 +1,15 @@
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: certificates.certmanager.k8s.io
+spec:
+  group: certmanager.k8s.io
+  version: v1alpha1
+  scope: Namespaced
+  names:
+    kind: Certificate
+    plural: certificates
+    shortNames:
+      - cert
+      - certs

molecule/default/molecule.yml

@@ -0,0 +1,38 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: delegated
+platforms:
+  - name: cluster
+    groups:
+      - k8s
+provisioner:
+  name: ansible
+  lint: |
+    set -e
+    ansible-lint
+  inventory:
+    host_vars:
+      localhost:
+        virtualenv: ${MOLECULE_EPHEMERAL_DIRECTORY}/virtualenv
+        virtualenv_command: '{{ ansible_playbook_python }} -m virtualenv'
+        virtualenv_interpreter: '{{ virtualenv }}/bin/python'
+        playbook_namespace: molecule-tests
+  env:
+    ANSIBLE_FORCE_COLOR: 'true'
+    ANSIBLE_COLLECTIONS_PATHS: ${MOLECULE_PROJECT_DIRECTORY}
+verifier:
+  name: ansible
+  lint: |
+    set -e
+    ansible-lint
+scenario:
+  name: default
+  test_sequence:
+    - lint
+    - syntax
+    - prepare
+    - converge
+    - idempotence
+    - verify

molecule/default/prepare.yml

@@ -0,0 +1,17 @@
+---
+- name: Prepare
+  hosts: localhost
+  connection: local
+  gather_facts: no
+
+  tasks:
+    - pip:
+        name: virtualenv
+
+    - pip:
+        name:
+          - openshift>=0.9.2
+          - coverage
+        virtualenv: "{{ virtualenv }}"
+        virtualenv_command: "{{ virtualenv_command }}"
+        virtualenv_site_packages: no

molecule/default/tasks/validate_installed.yml

@@ -0,0 +1,123 @@
+---
+- block:
+    - name: Create a project
+      community.okd.k8s:
+        name: "{{ playbook_namespace }}"
+        kind: Project
+        api_version: project.openshift.io/v1
+
+    - name: incredibly simple ConfigMap
+      community.okd.k8s:
+        definition:
+          apiVersion: v1
+          kind: ConfigMap
+          metadata:
+            name: hello
+            namespace: "{{ playbook_namespace }}"
+        validate:
+          fail_on_error: yes
+      register: k8s_with_validate
+
+    - name: assert that k8s_with_validate succeeds
+      assert:
+        that:
+          - k8s_with_validate is successful
+
+    - name: extra property does not fail without strict
+      community.okd.k8s:
+        src: "files/kuard-extra-property.yml"
+        namespace: "{{ playbook_namespace }}"
+        validate:
+          fail_on_error: yes
+          strict: no
+
+    - name: extra property fails with strict
+      community.okd.k8s:
+        src: "files/kuard-extra-property.yml"
+        namespace: "{{ playbook_namespace }}"
+        validate:
+          fail_on_error: yes
+          strict: yes
+      ignore_errors: yes
+      register: extra_property
+
+    - name: check that extra property fails with strict
+      assert:
+        that:
+          - extra_property is failed
+
+    - name: invalid type fails at validation stage
+      community.okd.k8s:
+        src: "files/kuard-invalid-type.yml"
+        namespace: "{{ playbook_namespace }}"
+        validate:
+          fail_on_error: yes
+          strict: no
+      ignore_errors: yes
+      register: invalid_type
+
+    - name: check that invalid type fails
+      assert:
+        that:
+          - invalid_type is failed
+
+    - name: invalid type fails with warnings when fail_on_error is False
+      community.okd.k8s:
+        src: "files/kuard-invalid-type.yml"
+        namespace: "{{ playbook_namespace }}"
+        validate:
+          fail_on_error: no
+          strict: no
+      ignore_errors: yes
+      register: invalid_type_no_fail
+
+    - name: check that invalid type fails
+      assert:
+        that:
+          - invalid_type_no_fail is failed
+
+    - name: setup custom resource definition
+      community.okd.k8s:
+        src: "files/setup-crd.yml"
+
+    - name: wait a few seconds
+      pause:
+        seconds: 5
+
+    - name: add custom resource definition
+      community.okd.k8s:
+        src: "files/crd-resource.yml"
+        namespace: "{{ playbook_namespace }}"
+        validate:
+          fail_on_error: yes
+          strict: yes
+      register: unknown_kind
+
+    - name: check that unknown kind warns
+      assert:
+        that:
+          - unknown_kind is successful
+          - "'warnings' in unknown_kind"
+
+  always:
+    - name: remove custom resource
+      community.okd.k8s:
+        definition: "{{ lookup('file', 'files/crd-resource.yml') }}"
+        namespace: "{{ playbook_namespace }}"
+        state: absent
+      ignore_errors: yes
+
+    - name: remove custom resource definitions
+      community.okd.k8s:
+        definition: "{{ lookup('file', 'files/setup-crd.yml') }}"
+        state: absent
+
+    - name: Delete namespace
+      community.okd.k8s:
+        state: absent
+        definition:
+          - kind: Project
+            apiVersion: project.openshift.io/v1
+            metadata:
+              name: "{{ playbook_namespace }}"
+      ignore_errors: yes

molecule/default/tasks/validate_not_installed.yml

@@ -0,0 +1,25 @@
+---
+# TODO: Not available in ansible-base
+# - python_requirements_info:
+#     dependencies:
+#       - openshift
+#       - kubernetes
+#       - kubernetes-validate
+
+- community.okd.k8s:
+    definition:
+      apiVersion: v1
+      kind: ConfigMap
+      metadata:
+        name: hello
+        namespace: default
+    validate:
+      fail_on_error: yes
+  ignore_errors: yes
+  register: k8s_no_validate
+
+- name: assert that k8s_no_validate fails gracefully
+  assert:
+    that:
+      - k8s_no_validate is failed
+      - "k8s_no_validate.msg == 'kubernetes-validate python library is required to validate resources'"

molecule/default/verify.yml

@@ -0,0 +1,26 @@
+---
+- name: Verify
+  hosts: localhost
+  connection: local
+  gather_facts: no
+  vars:
+    ansible_python_interpreter: '{{ virtualenv_interpreter }}'
+
+  tasks:
+
+    - pip:
+        name: kubernetes-validate==1.12.0
+        virtualenv: "{{ virtualenv }}"
+        virtualenv_command: "{{ virtualenv_command }}"
+        virtualenv_site_packages: no
+
+    - import_tasks: tasks/validate_installed.yml
+
+    - pip:
+        name: kubernetes-validate
+        state: absent
+        virtualenv: "{{ virtualenv }}"
+        virtualenv_command: "{{ virtualenv_command }}"
+        virtualenv_site_packages: no
+
+    - import_tasks: tasks/validate_not_installed.yml