ZipShip Hackathon Updates (#14)

* update creator-ee to latest to use Molecule v6

* reorganizing to be a collection instead of just a role; ensuring tests run end-to-end

* update devfile.yaml to include ANSIBLE_COLLECTIONS_PATH env var

* update ANSIBLE_COLLECTIONS_PATH to include local user and system paths

* move role to correct path

* add dependency step and requirements.yml

* pin container tag to sha256

* update Dockerfile image tag; update README.md

* chore: update devfile's command; update base image

---------

Co-authored-by: Brady Spiva <[email protected]>
Co-authored-by: Brady Spiva <null>
Co-authored-by: Brandon Sawyers <[email protected]>
Co-authored-by: Valeriy Svydenko <[email protected]>

Dockerfile

@@ -1,5 +1,5 @@
-# quay.io/ansible/creator-ee:v0.20.0
-FROM quay.io/ansible/creator-ee@sha256:72acf1476d32a7e56ec9045d8147eee010d8eecfc52590a3b8a7a620985696d4
+# quay.io/ansible/creator-ee:v0.21.0
+FROM quay.io/ansible/creator-ee@sha256:bf95ae745601a9d199eeb12807be24413fc2d6488016069816ee74342c2c255b
 
 ENV HOME=/home/runner
 

README.md

@@ -44,7 +44,7 @@ git config --global user.email [email protected]
 
 ## Sample Molecule Testing Role
 
-A sample role has been provided in the collections/example/collection/roles/backup_file directory to experiment with Test Driven Development using Molecule and OpenShift DevSpaces. A molecule verifier has been configured to test that the role functions as expected.
+A sample role has been provided in the collections/ansible_collections/sample_namespace/sample_collection/roles/backup_file directory to experiment with Test Driven Development using Molecule and OpenShift DevSpaces. A molecule verifier has been configured to test that the role functions as expected.
 
 ### Automation requirements
 1. Make a backup of a file identified using the backup_file_source variable
@@ -55,18 +55,18 @@ A sample role has been provided in the collections/example/collection/roles/back
 ### To begin development against the backup_file role
 1. Click the three horizontal bar icon in the top left of the window and select 'Terminal' -> 'New Terminal'
 2. Click into the terminal window
-3. Change directory into backup file role `cd collections/example/collection/roles/backup_file`
+3. Change directory into backup file role `cd collections/ansible_collections/sample_namespace/sample_collection/extensions/`
 4. Run `molecule create`. This will start a test pod for the automation to run against (defined in roles/backup_file/molecule/default/molecule.yml).
-5. Run `oc get pods` to view the test instance that was created
+5. Run `molecule list` and `oc get pods` to view the test instance that was created
 6. Run `molecule verify` to run the verification against the test pod and see the failures to help guide the tasks necessary in the role.
-7. Run `molecule converge` to run the base tasks/main.yml against the pod. This will create a backup of a file in the backup destination folder with a suffix appended.
+7. Run `molecule converge` to apply the role to the pod. This will create a backup of a file in the backup destination folder with a suffix appended.
 8. Run `molecule converge` to execute the role against the test instance, and `molecule verify` to see if any tests are still failing. Repeat this until all tests pass.
 
 To reset your test pod back to a fresh instance you can run `molecule destroy` and then `molecule create` to recreate it. To run the full molecule test without stepping through each stage, run `molecule test`.
 
 ## Contributing
 
-Contributions to this repository are welcome! If you find any issues or have suggestions for improvements, feel free to open an issue with Red Hat.
+Contributions to this repository are welcome! If you find any issues or have suggestions for improvements, feel free to open an issue with [Red Hat](https://issues.redhat.com/projects/CRW/issues).
 
 ## Code of Conduct
 We ask all of our community members and contributors to adhere to the [Ansible code of conduct](http://docs.ansible.com/ansible/latest/community/code_of_conduct.html). If you have questions or need assistance, please reach out to our community team at [[email protected]](mailto:[email protected])   

collections/ansible_collections/sample_namespace/sample_collection/extensions/molecule/default/converge.yml

@@ -0,0 +1,9 @@
+---
+- name: Converge
+  hosts: all
+  gather_facts: true
+  connection: community.okd.oc
+  tasks:
+    - name: "Include backup_file"
+      ansible.builtin.include_role:
+        name: "sample_namespace.sample_collection.backup_file"

collections/ansible_collections/sample_namespace/sample_collection/extensions/molecule/default/molecule.yml

@@ -0,0 +1,44 @@
+---
+dependency:
+  name: galaxy
+  options:
+    requirements-file: requirements.yml
+driver:
+  name: default
+  options:
+    managed: true
+    ansible_connection_options:
+      connection: local
+platforms:
+  - name: molecule-ubi8-init-1
+    image: registry.access.redhat.com/ubi8/ubi-init@sha256:75cb1eb60b9636f8daa584c231db552c1de94006778e7224643804a696f04fad
+    workingDir: '/tmp'
+provisioner:
+  name: ansible
+  # Failing to write the ansible into /.ansible/tmp
+  config_options:
+    defaults:
+      remote_tmp: '/tmp'
+      # This just says go back a directory and thats your roles path
+      # You can also provide this via pipeline with something like this
+      # ANSIBLE_ROLES_PATH: $COLLECTION_ROLES
+
+      # COLLECTIONS_PATH: ${PROJECT_SOURCE}
+      # ANSIBLE_ROLES_PATH: ${PROJECT_SOURCE}/${backup_file_molecule_namespace}
+  inventory:
+    group_vars:
+      all:
+        backup_file_molecule_namespace: ${DEVWORKSPACE_NAMESPACE}
+        backup_file_molecule_pip_dependencies:
+          - kubernetes
+verifier:
+  name: ansible
+scenario:
+  name: default
+  test_sequence:
+    - dependency
+    - syntax
+    - create
+    - converge
+    - idempotence
+    - verify

collections/ansible_collections/sample_namespace/sample_collection/extensions/molecule/default/requirements.yml

@@ -0,0 +1,3 @@
+---
+collections:
+  - 'community.okd'

collections/ansible_collections/sample_namespace/sample_collection/extensions/molecule/default/verify.yml

@@ -0,0 +1,126 @@
+---
+# This is an example playbook to execute Ansible tests.
+
+- name: Verify
+  hosts: all
+  gather_facts: false
+  connection: community.okd.oc
+  # vars:
+  #   __backup_file_base: "{{ backup_file_source | basename }}"
+  #   __backup_file_base_suffix: "{{ backup_file_base }}{{ backup_file_dest_suffix }}"
+  #   __backup_file_destination_path: "{{ backup_file_dest_folder }}/{{ backup_file_dest_suffix }}"
+  tasks:
+    # TODO: change this to not be hard coded?
+    - name: Verifier | include default role vars
+      ansible.builtin.include_vars:
+        dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/../roles/backup_file/defaults/"
+        extensions:
+          - 'yml'
+
+    - name: Verifier | Check if the backup destination directory exists
+      vars:
+        fail_msg: "FAIL - backup destination directory doesn't exist"
+      block:
+
+        - name: Verifier Backup Created | Check if backup destination directory exists
+          ansible.builtin.stat:
+            path: "{{ backup_file_dest_folder }}"
+          register: __backup_file_dest_dir_stat
+
+        - name: Verifier Backup Created | Assert backup file directory exists
+          ansible.builtin.assert:
+            that:
+              - __backup_file_dest_dir_stat is defined
+              - __backup_file_dest_dir_stat.stat.exists
+              - __backup_file_dest_dir_stat.stat.isdir
+      rescue:
+
+        - name: Verifier Backup Created | Store failure message
+          ansible.builtin.set_fact:
+            backup_file_verifier_fail: "{{ backup_file_verifier_fail | default([]) + [fail_msg] }}"
+
+    - name: Verifier | Check if the backup destination directory is writable
+      vars:
+        fail_msg: "FAIL - backup destination directory isn't writable at"
+      block:
+
+        - name: Verifier Backup Created | Assert backup file directory is writable
+          ansible.builtin.assert:
+            that:
+              - __backup_file_dest_dir_stat is defined
+              - __backup_file_dest_dir_stat.stat.exists
+              - __backup_file_dest_dir_stat.stat.isdir
+              - __backup_file_dest_dir_stat.stat.writeable
+      rescue:
+
+        - name: Verifier Backup Created | Store failure message
+          ansible.builtin.set_fact:
+            backup_file_verifier_fail: "{{ backup_file_verifier_fail | default([]) + [fail_msg] }}"
+
+    - name: Verifier | Check if the backup created
+      vars:
+        fail_msg: "FAIL - backup file doesn't exist or is a link"
+      block:
+
+        - name: Verifier Backup Created | Check if backup file was created
+          ansible.builtin.stat:
+            path: "{{ backup_file_dest_folder }}/{{ backup_file_source | basename }}{{ backup_file_dest_suffix }}"
+          register: __backup_file_dest_stat
+
+        - name: Verifier Backup Created | Assert backup file exists and isn't a link
+          ansible.builtin.assert:
+            that:
+              - __backup_file_dest_stat is defined
+              - __backup_file_dest_stat.stat.exists
+              - not __backup_file_dest_stat.stat.islnk
+      rescue:
+
+        - name: Verifier Backup Created | Store failure message
+          ansible.builtin.set_fact:
+            backup_file_verifier_fail: "{{ backup_file_verifier_fail | default([]) + [fail_msg] }}"
+
+    - name: Verifier | Check that backup matches source
+      vars:
+        fail_msg: "FAIL - backup file doesn't match source"
+      block:
+
+        - name: Verifier Backup Created | Fail immediately if backup file doesn't exist
+          ansible.builtin.fail:
+          when:
+            - __backup_file_dest_stat is not defined
+            - not __backup_file_dest_stat.stat.exists
+
+        - name: Verifier Backup Created | Store information about source
+          ansible.builtin.stat:
+            path: "{{ backup_file_source }}"
+          register: __backup_file_source_stat
+
+        - name: Verifier Backup Created | Assert source and backup file have matching checksums
+          ansible.builtin.assert:
+            that:
+              - __backup_file_dest_stat is defined
+              - __backup_file_dest_stat.stat.checksum is defined
+              - __backup_file_source_stat is defined
+              - __backup_file_source_stat.stat.checksum is defined
+              - __backup_file_source_stat.stat.checksum == __backup_file_source_stat.stat.checksum
+
+      rescue:
+
+        - name: Verifier Backup Created | Store failure message
+          ansible.builtin.set_fact:
+            backup_file_verifier_fail: "{{ backup_file_verifier_fail | default([]) + [fail_msg] }}"
+
+    - name: Verifier | Fail if any tests failed
+      when:
+        - backup_file_verifier_fail is defined
+      block:
+
+        - name: Verifier | Show failures
+          ansible.builtin.debug:
+            msg:
+              - "Role failed with the following messages"
+              - "{{ backup_file_verifier_fail }}"
+
+        - name: Verifier | Fail test
+          ansible.builtin.fail:
+            msg: "{{ backup_file_verifier_fail }}"

collections/ansible_collections/sample_namespace/sample_collection/roles/backup_file/molecule/default/INSTALL.rst

@@ -0,0 +1,15 @@
+***********************************
+Delegated driver installation guide
+***********************************
+
+Requirements
+============
+
+This driver is delegated to the developer.  Up to the developer to implement
+requirements.
+
+Install
+=======
+
+This driver is delegated to the developer.  Up to the developer to implement
+requirements.

collections/ansible_collections/sample_namespace/sample_collection/roles/backup_file/molecule/default/create.yml

@@ -0,0 +1,45 @@
+---
+- name: Create
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  no_log: "{{ molecule_no_log }}"
+  tasks:
+
+    - name: Create molecule instance as containers
+      community.okd.k8s:
+        kubeconfig: "{{ lookup('ansible.builtin.env', 'HOME') }}/.kube/config"
+        state: present
+        definition: "{{ lookup('template', 'templates/deployment.yml') | from_yaml }}"
+        wait: true
+      register: server
+      with_items: "{{ molecule_yml.platforms }}"
+
+    - name: Debug molecule creations
+      ansible.builtin.debug:
+        var: server
+
+    - name: Store container information # noqa: no-handler
+      when: server.changed | default(false) | bool
+      block:
+
+        - name: Populate instance config dict
+          ansible.builtin.set_fact:
+            instance_conf_dict: {
+              'instance': "{{ item.result.status.containerStatuses[0].name }}",
+              }
+          with_items: "{{ server.results }}"
+          register: instance_config_dict
+
+        - name: Convert instance config dict to a list
+          ansible.builtin.set_fact:
+            instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}"
+
+        - name: Dump instance config
+          ansible.builtin.copy:
+            content: |
+              # Molecule managed
+
+              {{ instance_conf | to_json | from_json | to_yaml }}
+            dest: "{{ molecule_instance_config }}"
+            mode: 0600

collections/ansible_collections/sample_namespace/sample_collection/roles/backup_file/molecule/default/destroy.yml

@@ -0,0 +1,33 @@
+---
+- name: Destroy
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  no_log: "{{ molecule_no_log }}"
+  tasks:
+    # Developer must implement.
+
+    - name: Destroy molecule containers
+      community.okd.k8s:
+        kubeconfig: "{{ lookup('ansible.builtin.env', 'HOME') }}/.kube/config"
+        state: absent
+        definition: "{{ lookup('template', 'templates/deployment.yml') | from_yaml }}"
+        wait: true
+      register: server
+      with_items: "{{ molecule_yml.platforms }}"
+
+    # Mandatory configuration for Molecule to function.
+
+    - name: Populate instance config
+      ansible.builtin.set_fact:
+        instance_conf: {}
+
+    - name: Dump instance config
+      ansible.builtin.copy:
+        content: |
+          # Molecule managed
+
+          {{ instance_conf | to_json | from_json | to_yaml }}
+        dest: "{{ molecule_instance_config }}"
+        mode: 0600
+      when: server.changed | default(false) | bool

collections/ansible_collections/sample_namespace/sample_collection/roles/backup_file/molecule/default/prepare.yml

@@ -0,0 +1,36 @@
+---
+- name: Create
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  no_log: "{{ molecule_no_log }}"
+  tasks:
+
+    - name: Store user ENVs
+      ansible.builtin.set_fact:
+        molecule_user_home_dir: "{{ lookup('ansible.builtin.env', 'HOME') }}"
+        molecule_user_path: "{{ lookup('ansible.builtin.env', 'PATH') }}"
+
+    - name: Create local bin directory
+      ansible.builtin.file:
+        path: "{{ molecule_user_home_dir }}/bin"
+        state: directory
+        mode: 0770
+
+    - name: Download oc binary from OCP downloads svc endpoint
+      ansible.builtin.get_url:
+        url: http://downloads.openshift-console.svc.cluster.local/amd64/linux/oc
+        dest: "{{ molecule_user_home_dir }}/bin/oc"
+        mode: '0770'
+
+    - name: Add another bin dir to system-wide $PATH.
+      ansible.builtin.lineinfile:
+        path: "{{ molecule_user_home_dir }}/.bashrc"
+        line: 'PATH=$PATH:{{ molecule_user_home_dir }}/bin'
+        state: present
+
+    - name: Ensure python dependencies are installed
+      ansible.builtin.pip:
+        name: "{{ backup_file_molecule_pip_dependencies }}"
+        state: present
+      when: backup_file_molecule_pip_dependencies is defined

collections/ansible_collections/sample_namespace/sample_collection/roles/backup_file/molecule/default/templates/deployment.yml

@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ item.name }}"
+  namespace: "{{ backup_file_molecule_namespace }}"
+  labels:
+    app: "molecule-test-container"
+spec:
+  containers:
+    - name: molecule
+      image: "{{ item.image }}"
+      workingDir: "{{ item.workingDir }}"
+      tmpfs:
+        - /run
+        - /tmp
+      volumes:
+        - /sys/fs/cgroup:/sys/fs/cgroup:ro
+      capabilities:
+        - SYS_ADMIN
+      command:
+        - "/usr/sbin/init"
+      pre_build_image: true