Test collection with Ansible versions 6, 7 and 8

cyberark · Sep 18, 2023 · c835429 · c835429
1 parent b1937e1
commit c835429
Show file tree

Hide file tree

Showing 11 changed files with 81 additions and 66 deletions.
diff --git a/.github/workflows/ansible-test.yml b/.github/workflows/ansible-test.yml
@@ -1,18 +1,16 @@
 # This file implements a Github action to run Ansible collection sanity tests
-# on the Conjur Ansible Collection. The Ansible collection sanity tests are
-# run across the following matrices:
+# and unit tests on the Conjur Ansible Collection. The Ansible collection tests
+# are run across the following matrices:
 #
-# Ansible versions:
-# - stable-2.13
-# - stable-2.14
-# - stable-2.15
-# - devel
+# Ansible versions (Python versions):
+# - stable-2.13 (3.8, 3.9, 3.10)
+# - stable-2.14 (3.9, 3.10, 3.11)
+# - stable-2.15 (3.9, 3.10, 3.11)
+# - devel       (3.10)
 #
-# Python versions:
-# - 3.8 (2.13)
-# - 3.9 (2.13, 2.14, 2.15)
-# - 3.10
-# - 3.11 (2.14, 2.15)
+# As Ansible's devel version is unstable, it should be considered a smoke signal
+# for the next released version. Failures against the devel version should not
+# be considered blocking.
 
 name: CI
 on:
@@ -23,12 +21,12 @@ on:
 jobs:
 
 ###
-# Sanity tests (REQUIRED)
+# Sanity tests
 #
 # https://docs.ansible.com/ansible/latest/dev_guide/testing_sanity.html
 
   sanity:
-    name: Sanity (${{ matrix.ansible }}+py${{ matrix.python }})
+    name: Sanity (Ⓐ${{ matrix.ansible }}+py${{ matrix.python }})
     strategy:
       # fail-fast means one failing matrix case will cancel all other
       # still-incomplete cases. As tests against Ansible's devel branch are
@@ -68,7 +66,7 @@ jobs:
         with:
           python-version: ${{ matrix.python }}
 
-      # Install the head of the given branch (devel, stable-2.10)
+      # Install the head of the given branch
       - name: Install ansible-base (${{ matrix.ansible }})
         run: pip install https://github.com/ansible/ansible/archive/${{ matrix.ansible }}.tar.gz --disable-pip-version-check
 
@@ -80,7 +78,7 @@ jobs:
         working-directory: ./ansible_collections/cyberark/conjur
 
 ###
-# Unit tests (OPTIONAL)
+# Unit tests
 #
 # https://docs.ansible.com/ansible/latest/dev_guide/testing_units.html
 

diff --git a/Jenkinsfile b/Jenkinsfile
@@ -36,7 +36,7 @@ pipeline {
 
     stage('Run integration tests with Conjur Open Source') {
       stages {
-        stage('Ansible v6 - latest') {
+        stage('Ansible v8 - latest') {
           parallel {
             stage('Testing conjur_variable lookup plugin') {
               steps {
@@ -54,7 +54,31 @@ pipeline {
           }
         }
 
-        stage('Ansible v5') {
+        stage('Ansible v7') {
+          when {
+            anyOf {
+              branch 'main'
+              buildingTag()
+            }
+          }
+          parallel {
+            stage('Testing conjur_variable lookup plugin') {
+              steps {
+                sh './ci/test.sh -v 7 -d conjur_variable'
+                junit 'tests/conjur_variable/junit/*'
+              }
+            }
+
+            stage('Testing conjur_host_identity role') {
+              steps {
+                sh './ci/test.sh -v 7 -d conjur_host_identity'
+                junit 'roles/conjur_host_identity/tests/junit/*'
+              }
+            }
+          }
+        }
+
+        stage('Ansible v6 - latest') {
           when {
             anyOf {
               branch 'main'
@@ -64,14 +88,14 @@ pipeline {
           parallel {
             stage('Testing conjur_variable lookup plugin') {
               steps {
-                sh './ci/test.sh -v 5 -d conjur_variable'
+                sh './ci/test.sh -v 6 -d conjur_variable'
                 junit 'tests/conjur_variable/junit/*'
               }
             }
 
             stage('Testing conjur_host_identity role') {
               steps {
-                sh './ci/test.sh -v 5 -d conjur_host_identity'
+                sh './ci/test.sh -v 6 -d conjur_host_identity'
                 junit 'roles/conjur_host_identity/tests/junit/*'
               }
             }

diff --git a/ci/test.sh b/ci/test.sh
@@ -14,14 +14,16 @@ target=""
 # Flags to be applied to testing scripts
 flags=""
 
-declare -x ANSIBLE_VERSION="${ANSIBLE_VERSION:-6}"
+declare -x ANSIBLE_VERSION="${ANSIBLE_VERSION:-8}"
+declare -x PYTHON_VERSION="${PYTHON_VERSION:-3.11}"
 
 # Print usage instructions
 function help {
     echo "Test runner for Ansible Conjur Collection"
 
     echo "-a        Run all test files in default test directories"
     echo "-v <ver>  Run tests against the given Ansible major version"
+    echo "-p <ver>  Run tests against an Ansible node using the given Python version"
     echo "-d <arg>  Run test file in given directory. Valid options are: ${test_directories[*]} all"
     echo "-e        Run tests against Conjur Enterprise. Default: Conjur Open Source"
     echo "          This option is currently only available when testing against the conjur_variable plugin"
@@ -84,7 +86,7 @@ if [[ $# -eq 0 ]] ; then
     help
 fi
 
-while getopts ad:ehv: option; do
+while getopts ad:ehv:p: option; do
     case "$option" in
         a) handle_input
             ;;
@@ -97,6 +99,8 @@ while getopts ad:ehv: option; do
             ;;
         v) ANSIBLE_VERSION="${OPTARG}"
             ;;
+        p) PYTHON_VERSION="${OPTARG}"
+            ;;
         * )
           echo "$1 is not a valid option"
           help

diff --git a/roles/conjur_host_identity/tests/Dockerfile b/roles/conjur_host_identity/tests/Dockerfile
@@ -1,39 +1,26 @@
-FROM ubuntu:20.04
+ARG PYTHON_VERSION
+FROM python:${PYTHON_VERSION}-slim
 
 ENV DEBIAN_FRONTEND=noninteractive
 
 WORKDIR /cyberark
 
-# install python 3
-RUN apt-get update && \
-    apt-get install -y python3-pip && \
-    pip3 install --upgrade pip
-
-ARG ANSIBLE_VERSION
 # install ansible and its test tool
+ARG ANSIBLE_VERSION
 RUN pip3 install ansible==${ANSIBLE_VERSION}.* pytest-testinfra
 
 # install docker installation requirements
 RUN apt-get update && \
-    apt-get install -y apt-transport-https \
-                       ca-certificates \
+    apt-get install -y ca-certificates \
                        curl \
-                       software-properties-common
+                       gnupg
 
 # install docker
-RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
-RUN add-apt-repository \
-       "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
-       $(lsb_release -cs) \
-       stable"
-
+RUN install -m 0755 -d /etc/apt/keyrings && \
+    curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \
+    chmod a+r /etc/apt/keyrings/docker.gpg
+RUN echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
+    "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" \
+    | tee /etc/apt/sources.list.d/docker.list > /dev/null
 RUN apt-get update && \
     apt-get -y install docker-ce
-
-# NOTE: Everything above is copied from REPO_ROOT/tests/conjur_variable/Dockerfile. It defines a
-# standard container image for running ansible tests
-
-# install ruby
-RUN apt-get update && apt-get install -y gcc build-essential
-RUN apt-add-repository -y ppa:brightbox/ruby-ng && apt-get update && apt-get install -y ruby2.7 ruby2.7-dev
-RUN gem install conjur-cli
diff --git a/roles/conjur_host_identity/tests/docker-compose.yml b/roles/conjur_host_identity/tests/docker-compose.yml
@@ -6,6 +6,7 @@ services:
       dockerfile: Dockerfile
       args:
         ANSIBLE_VERSION: ${ANSIBLE_VERSION}
+        PYTHON_VERSION: ${PYTHON_VERSION}
     command: /bin/sleep 1d
     environment:
       CONJUR_APPLIANCE_URL: ${CONJUR_APPLIANCE_URL}

diff --git a/roles/conjur_host_identity/tests/test.sh b/roles/conjur_host_identity/tests/test.sh
@@ -10,7 +10,8 @@ declare -x ANSIBLE_PROJECT=''
 declare -x ANSIBLE_CONJUR_AUTHN_API_KEY=''
 declare -x CLI_CONJUR_AUTHN_API_KEY=''
 declare -x DOCKER_NETWORK="default"
-declare -x ANSIBLE_VERSION="${ANSIBLE_VERSION:-6}"
+declare -x ANSIBLE_VERSION="${ANSIBLE_VERSION:-8}"
+declare -x PYTHON_VERSION="${PYTHON_VERSION:-8}"
 
 declare cli_cid=''
 declare ansible_cid=''

diff --git a/roles/conjur_host_identity/tests/test_cases/misconfig-conjur-identity/playbook.yml b/roles/conjur_host_identity/tests/test_cases/misconfig-conjur-identity/playbook.yml
@@ -19,4 +19,4 @@
             that: ansible_failed_result.failed == true
         - name: Confirm error message
           assert:
-            that: ansible_failed_result.msg == "'conjur_appliance_url' is undefined"
+            that: ansible_failed_result.msg == "'conjur_appliance_url' is undefined. 'conjur_appliance_url' is undefined"
diff --git a/tests/conjur_variable/Dockerfile b/tests/conjur_variable/Dockerfile
@@ -1,31 +1,26 @@
-FROM ubuntu:20.04
+ARG PYTHON_VERSION
+FROM python:${PYTHON_VERSION}-slim
 
 ENV DEBIAN_FRONTEND=noninteractive
 
 WORKDIR /cyberark
 
-# install python 3
-RUN apt-get update && \
-    apt-get install -y python3-pip && \
-    pip3 install --upgrade pip
-
-ARG ANSIBLE_VERSION
 # install ansible and its test tool
+ARG ANSIBLE_VERSION
 RUN pip3 install ansible==${ANSIBLE_VERSION}.* pytest-testinfra
 
 # install docker installation requirements
 RUN apt-get update && \
-    apt-get install -y apt-transport-https \
-                       ca-certificates \
+    apt-get install -y ca-certificates \
                        curl \
-                       software-properties-common
+                       gnupg
 
 # install docker
-RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
-RUN add-apt-repository \
-       "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
-       $(lsb_release -cs) \
-       stable"
-
+RUN install -m 0755 -d /etc/apt/keyrings && \
+    curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \
+    chmod a+r /etc/apt/keyrings/docker.gpg
+RUN echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
+    "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" \
+    | tee /etc/apt/sources.list.d/docker.list > /dev/null
 RUN apt-get update && \
     apt-get -y install docker-ce
diff --git a/tests/conjur_variable/docker-compose.yml b/tests/conjur_variable/docker-compose.yml
@@ -8,6 +8,7 @@ services:
       dockerfile: Dockerfile
       args:
        ANSIBLE_VERSION: ${ANSIBLE_VERSION}
+       PYTHON_VERSION: ${PYTHON_VERSION}
     entrypoint: sleep
     command: infinity
     environment:

diff --git a/tests/conjur_variable/test.sh b/tests/conjur_variable/test.sh
@@ -10,7 +10,8 @@ declare -x ANSIBLE_PROJECT=''
 declare -x ANSIBLE_MASTER_AUTHN_API_KEY=''
 declare -x CONJUR_ADMIN_AUTHN_API_KEY=''
 declare -x DOCKER_NETWORK="default"
-declare -x ANSIBLE_VERSION="${ANSIBLE_VERSION:-6}"
+declare -x ANSIBLE_VERSION="${ANSIBLE_VERSION:-8}"
+declare -x PYTHON_VERSION="${PYTHON_VERSION:-3.11}"
 
 ANSIBLE_PROJECT=$(echo "${BUILD_TAG:-ansible-plugin-testing}-conjur-variable" | sed -e 's/[^[:alnum:]]//g' | tr '[:upper:]' '[:lower:]')
 

diff --git a/tests/unit/Dockerfile b/tests/unit/Dockerfile
@@ -1,5 +1,8 @@
 ARG PYTHON_VERSION
-FROM python:${PYTHON_VERSION}
+FROM python:${PYTHON_VERSION}-slim
+
+RUN apt-get update && \
+    apt-get install -y git
 
 ARG ANSIBLE_VERSION
 RUN pip install https://github.com/ansible/ansible/archive/${ANSIBLE_VERSION}.tar.gz --disable-pip-version-check