Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[SECURESIGN-1659] Add AAP testing scenario for collection #119

Open
wants to merge 142 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
142 commits
Select commit Hold shift + click to select a range
6afa9ad
add aap ci test
fghanmi Dec 23, 2024
fe91385
update
fghanmi Dec 23, 2024
09f5d4e
update
fghanmi Dec 23, 2024
79db03e
update
fghanmi Dec 23, 2024
56c31e7
update
fghanmi Dec 23, 2024
13da6ed
update
fghanmi Dec 23, 2024
5b7e354
update
fghanmi Dec 23, 2024
a15c920
update
fghanmi Dec 23, 2024
a3b20f5
update
fghanmi Dec 23, 2024
4ae3b8e
update
fghanmi Dec 23, 2024
732e4ca
update
fghanmi Dec 23, 2024
cc8005f
update
fghanmi Dec 23, 2024
434a56d
update
fghanmi Dec 23, 2024
090e8d8
update
fghanmi Dec 23, 2024
e58e38a
update
fghanmi Dec 23, 2024
6dcd7ed
update
fghanmi Dec 23, 2024
28c6f67
update
fghanmi Dec 23, 2024
d21ac2c
update
fghanmi Dec 23, 2024
03a1fbf
update
fghanmi Dec 24, 2024
222ed9d
update
fghanmi Dec 24, 2024
56ac537
update
fghanmi Dec 24, 2024
e48655f
update
fghanmi Dec 24, 2024
5f0608c
update
fghanmi Dec 24, 2024
6e53b53
update
fghanmi Dec 24, 2024
a740ec0
update
fghanmi Dec 24, 2024
d898b68
update
fghanmi Dec 24, 2024
23e97c6
update
fghanmi Dec 24, 2024
080e917
update
fghanmi Dec 24, 2024
877e2c2
update
fghanmi Dec 24, 2024
18d68a4
update
fghanmi Dec 24, 2024
d467859
update
fghanmi Dec 24, 2024
13f12fd
update
fghanmi Dec 24, 2024
17402e0
update
fghanmi Dec 24, 2024
0a53d2e
update
fghanmi Dec 24, 2024
28addd4
update
fghanmi Dec 24, 2024
125c855
update
fghanmi Dec 24, 2024
ec7505a
update
fghanmi Dec 24, 2024
b03a02a
update
fghanmi Dec 24, 2024
521a691
update
fghanmi Dec 24, 2024
86fc9b2
update
fghanmi Dec 24, 2024
4cff5d4
update
fghanmi Dec 24, 2024
7675a2d
update
fghanmi Dec 24, 2024
bd58cc2
update
fghanmi Dec 24, 2024
a2925b4
update
fghanmi Dec 24, 2024
1317323
update
fghanmi Dec 24, 2024
5c43167
update
fghanmi Dec 24, 2024
42ddf7f
update
fghanmi Dec 24, 2024
84a7a74
update
fghanmi Dec 24, 2024
0d7a3e4
update
fghanmi Dec 24, 2024
86e5380
update
fghanmi Dec 24, 2024
06611c1
update
fghanmi Dec 24, 2024
1dac6e9
update
fghanmi Dec 24, 2024
74ba143
update
fghanmi Dec 24, 2024
3bd247d
update
fghanmi Dec 24, 2024
86d49c6
update
fghanmi Dec 24, 2024
2b6d6e9
update
fghanmi Dec 24, 2024
fd976ee
update
fghanmi Dec 24, 2024
9719c44
update
fghanmi Dec 24, 2024
9f0b9cf
update
fghanmi Dec 24, 2024
6fd9251
update
fghanmi Dec 24, 2024
52b9768
update
fghanmi Dec 24, 2024
8525140
update
fghanmi Dec 24, 2024
343199b
update
fghanmi Dec 25, 2024
8d17da4
update
fghanmi Dec 25, 2024
0e1a14d
update
fghanmi Dec 25, 2024
20bc006
update
fghanmi Dec 25, 2024
d799984
update
fghanmi Dec 26, 2024
0101ea6
update
fghanmi Dec 26, 2024
753d4d8
update
fghanmi Dec 26, 2024
1b0c8ea
update
fghanmi Dec 26, 2024
7140709
updates: approve collection in AAP
fghanmi Dec 29, 2024
4ef90ab
updates: approve collection in AAP
fghanmi Dec 29, 2024
ca969c7
verify collection installation
fghanmi Dec 30, 2024
bbfa3da
verify collection installation
fghanmi Dec 30, 2024
fae8411
verify collection installation
fghanmi Dec 30, 2024
9662cd1
verify collection installation
fghanmi Dec 30, 2024
7c51b55
full test scenario
fghanmi Dec 30, 2024
6d24ab2
full test scenario
fghanmi Dec 30, 2024
ead97c7
full test scenario
fghanmi Dec 31, 2024
8c1fb94
review updates
fghanmi Jan 13, 2025
69f600e
use token secret
fghanmi Jan 15, 2025
da5e4ba
use token secret
fghanmi Jan 15, 2025
88156a4
use token secret
fghanmi Jan 15, 2025
49aa9d7
update
fghanmi Jan 15, 2025
2ead342
upload collection: add delay
fghanmi Jan 15, 2025
af0084f
update
fghanmi Jan 15, 2025
840bd01
update
fghanmi Jan 15, 2025
f8a8232
update
fghanmi Jan 15, 2025
4103808
update
fghanmi Jan 15, 2025
cc4baa1
update
fghanmi Jan 15, 2025
ed347a7
update-
fghanmi Jan 15, 2025
41b7303
update-
fghanmi Jan 15, 2025
9d61b88
update-
fghanmi Jan 15, 2025
bc5e465
update-
fghanmi Jan 15, 2025
42b0f43
updates-
fghanmi Jan 17, 2025
50c1b38
updates-
fghanmi Jan 17, 2025
719e0c7
add shared_vars
fghanmi Jan 17, 2025
a486e23
updates
fghanmi Jan 17, 2025
1304f3a
testing: review updates
fghanmi Jan 22, 2025
fbae286
testing: review updates
fghanmi Jan 22, 2025
61e1748
testing: review updates
fghanmi Jan 22, 2025
4873e3b
testing: review updates
fghanmi Jan 22, 2025
7f14f17
testing: review updates
fghanmi Jan 22, 2025
bd99de9
testing: review updates
fghanmi Jan 22, 2025
cf73b0b
testing: review updates
fghanmi Jan 22, 2025
cff218d
testing: review updates
fghanmi Jan 22, 2025
b3c87dc
testing: review updates
fghanmi Jan 22, 2025
c4e78c2
testing: review updates
fghanmi Jan 22, 2025
c6f5a51
testing: review updates
fghanmi Jan 22, 2025
5cfa42a
testing: review updates
fghanmi Jan 22, 2025
04d998f
job template: update
fghanmi Jan 25, 2025
cd2ee6f
update
fghanmi Jan 25, 2025
c29f3f1
update
fghanmi Jan 25, 2025
dcbc2f9
update
fghanmi Jan 25, 2025
c62ab5d
update
fghanmi Jan 25, 2025
75bf51a
update
fghanmi Jan 25, 2025
8a3ff11
update
fghanmi Jan 25, 2025
fe13a29
update
fghanmi Jan 25, 2025
ca49022
update
fghanmi Jan 25, 2025
ddc2c37
update
fghanmi Jan 25, 2025
cd63244
update
fghanmi Jan 25, 2025
6f68455
update
fghanmi Jan 25, 2025
958f939
update
fghanmi Jan 25, 2025
6e44af1
update
fghanmi Jan 25, 2025
f3b558d
update
fghanmi Jan 25, 2025
323ffa7
update
fghanmi Jan 25, 2025
34071c5
update
fghanmi Jan 25, 2025
890a833
update
fghanmi Jan 25, 2025
f9b3391
update
fghanmi Jan 25, 2025
99d9d8c
update
fghanmi Jan 25, 2025
4f18fb7
update
fghanmi Jan 25, 2025
1ec8b61
update
fghanmi Jan 25, 2025
1d3836f
update
fghanmi Jan 25, 2025
a0a84d6
update
fghanmi Jan 25, 2025
c6c8168
update
fghanmi Jan 25, 2025
e4dcb1e
update
fghanmi Jan 25, 2025
a200a50
update
fghanmi Jan 25, 2025
e0248f7
update
fghanmi Jan 25, 2025
e7a72f1
update
fghanmi Jan 25, 2025
7149e77
update
fghanmi Jan 25, 2025
9d47aa7
update
fghanmi Jan 26, 2025
57c7af9
update
fghanmi Jan 26, 2025
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 56 additions & 0 deletions .github/workflows/aap.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
name: Using Ansible Molecule, test RHTAS collection from a private AAP

# on:
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To be uncommented once the PR is reviewed and build log is verified.

# schedule:
# - cron: "0 0 * * *"

on:
pull_request:

jobs:
test-aap-collection:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install dependencies
run: |
ansible --version
python -m venv venv
source venv/bin/activate
python -m pip install --upgrade pip
pip install -r testing-requirements.txt
ansible-galaxy install -r requirements.yml
ansible-galaxy install -r molecule/requirements.yml
- name: Set up SSH key
run: |
mkdir -p ~/.ssh
echo "${{ secrets.AWS_SSH_KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
- name: Run molecule
env:
TAS_SINGLE_NODE_REGISTRY_USERNAME: ${{ secrets.TAS_SINGLE_NODE_REGISTRY_USERNAME }}
TAS_SINGLE_NODE_REGISTRY_PASSWORD: ${{ secrets.TAS_SINGLE_NODE_REGISTRY_PASSWORD }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
GITHUB_RUN_ID: ${{ github.run_id }}
REDHAT_API_TOKEN: ${{ secrets.REDHAT_API_TOKEN }}
AUTOMATION_HUB_TOKEN: ${{ secrets.AUTOMATION_HUB_TOKEN }}
run: |
ls molecule/aap-setup
source venv/bin/activate
molecule reset
molecule -v create --scenario-name aap-setup
molecule -v converge --scenario-name aap-setup
# molecule -v test --scenario-name aap-collection-test
- name: Destroy molecule infrastructure
env:
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
if: always()
run: |
source venv/bin/activate
molecule -v destroy --scenario-name aap-setup
# molecule -v destroy --scenario-name aap-collection-test
4 changes: 2 additions & 2 deletions .github/workflows/molecule.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ jobs:
run: |
source venv/bin/activate
molecule reset
molecule -v test --scenario-name ${{ matrix.scenario }}
# molecule -v test --scenario-name ${{ matrix.scenario }}
- name: Destroy molecule infrastructure
env:
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }}
Expand All @@ -50,4 +50,4 @@ jobs:
if: always()
run: |
source venv/bin/activate
molecule destroy
# molecule destroy
39 changes: 39 additions & 0 deletions molecule/aap-collection-test/converge.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
---
- name: Converge
hosts: molecule
gather_facts: true
vars_files:
- vars/vars.yml
- vars/podman.yml
- ../aap-setup/aap_vars.yml
tasks:
- name: Error out if registry username is not set
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can have an include_tasks here and use the check_creds.yml tasks

ansible.builtin.fail:
msg: "Username for registry.redhat.io is not set, please provide it via TAS_SINGLE_NODE_REGISTRY_USERNAME env variable"
when: tas_single_node_registry_username == ""

- name: Error out if registry password is not set
ansible.builtin.fail:
msg: "Password for registry.redhat.io is not set, please provide it via TAS_SINGLE_NODE_REGISTRY_PASSWORD env variable"
when: tas_single_node_registry_password == ""

- name: Install redhat.artifact_signer collection from the private AAP
delegate_to: localhost
ansible.builtin.shell:
cmd: |
ansible-galaxy collection install redhat.artifact_signer -s https://{{ aap_instance_ip }}/pulp_ansible/galaxy/staging/api/ \
--ignore-certs --token {{ token }} --force
changed_when: false

- name: Verify redhat.artifact_signer collection is installed
delegate_to: localhost
ansible.builtin.shell:
cmd: |
bash -c 'set -o pipefail && ansible-galaxy collection list | grep redhat.artifact_signer'
register: collection_check
changed_when: false
failed_when: collection_check.rc != 0

- name: Apply redhat.artifact_signer.tas_single_node role from the private AAP
ansible.builtin.include_role:
name: redhat.artifact_signer.tas_single_node
1 change: 1 addition & 0 deletions molecule/aap-collection-test/create.yml
1 change: 1 addition & 0 deletions molecule/aap-collection-test/destroy.yml
1 change: 1 addition & 0 deletions molecule/aap-collection-test/molecule.yml
1 change: 1 addition & 0 deletions molecule/aap-collection-test/prepare.yml
1 change: 1 addition & 0 deletions molecule/aap-collection-test/vars/podman.yml
10 changes: 10 additions & 0 deletions molecule/aap-collection-test/vars/vars.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
tas_single_node_oidc_issuers:
- issuer: "http://dex-idp:5556/dex"
url: "http://dex-idp:5556/dex"
client_id: example-app
type: email
tas_single_node_base_hostname: myrhtas
tas_single_node_cockpit:
enabled: false
tas_single_node_registry_username: "{{ lookup('env', 'TAS_SINGLE_NODE_REGISTRY_USERNAME') }}"
tas_single_node_registry_password: "{{ lookup('env', 'TAS_SINGLE_NODE_REGISTRY_PASSWORD') }}"
1 change: 1 addition & 0 deletions molecule/aap-collection-test/verify.yml
207 changes: 207 additions & 0 deletions molecule/aap-setup/converge.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,207 @@
---
- name: Converge
hosts: aap_group
gather_facts: true
tags: aap_installation
vars_files:
- vars/vars.yml
- vars/aap_nodes.yml
tasks:
- name: Error out if registry username is not set
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could use check_creds.yml here too for these two tasks

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@SequeI , I don't think we can use it, the when condition is based on different variable here: aap_setup_prep_inv_secrets.all.registry_username

ansible.builtin.fail:
msg: "Username for registry.redhat.io is not set, please provide it via TAS_SINGLE_NODE_REGISTRY_USERNAME env variable"
when: aap_setup_prep_inv_secrets.all.registry_username == ""

- name: Error out if registry password is not set
ansible.builtin.fail:
msg: "Password for registry.redhat.io is not set, please provide it via TAS_SINGLE_NODE_REGISTRY_PASSWORD env variable"
when: aap_setup_prep_inv_secrets.all.registry_password == ""

# - name: Include and execute AAP utility roles for setup
# ansible.builtin.include_role:
# name: "{{ item }}"
# loop:
# - infra.aap_utilities.aap_setup_download
# - infra.aap_utilities.aap_setup_prepare

# - name: Find the latest AAP setup folder
# ansible.builtin.find:
# paths: /var/tmp
# patterns: ansible-automation-platform-containerized-setup-*
# file_type: directory
# recurse: false
# register: aap_folders

# - name: Set the latest AAP setup path
# ansible.builtin.set_fact:
# aap_setup_path: >-
# {{
# (aap_folders.files | sort(attribute='mtime', reverse=true) | first | default('')).path
# if aap_folders.files | length > 0 else ''
# }}

# - name: Install AAP
# ansible.builtin.shell:
# cmd: |
# cd {{ aap_setup_path }}
# ansible-playbook -i inventory ansible.containerized_installer.install
# async: 1800
# poll: 0
# register: aap_install_task
# changed_when: false

# - name: Wait for AAP installation to complete
# ansible.builtin.async_status:
# jid: "{{ aap_install_task.ansible_job_id }}"
# register: job_result
# until: job_result.finished
# retries: 100
# delay: 30

# - name: Create a new token using username/password
# infra.ah_configuration.ah_token:
# state: present
# ah_host: https://{{ aap_instance_ip }}/
# ah_username: "admin"
# ah_password: "password"
# validate_certs: false

# - name: Create "redhat" namespace
# delegate_to: localhost
# infra.ah_configuration.ah_namespace:
# name: redhat
# description: "Redhat Namespace"
# company: "Redhat"
# email: "[email protected]"
# links:
# - name: "homepage"
# url: "https://www.redhat.com"
# state: present
# ah_host: https://{{ aap_instance_ip }}/
# ah_token: "{{ ah_token.token }}"
# validate_certs: false

# - name: Build redhat.artifact_signer collection
# delegate_to: localhost
# infra.ah_configuration.ah_build:
# path: ../../.
# force: true
# output_path: /var/tmp

# - name: Find the collection build path
# delegate_to: localhost
# ansible.builtin.shell:
# cmd: |
# bash -c 'set -o pipefail; find /var/tmp -maxdepth 1 -type f \
# -name "redhat-artifact_signer-*.tar.gz" -printf "%T@ %p\n" | sort -n -r | head -n 1 | cut -d" " -f2'
# register: collection_build_path
# changed_when: false
# failed_when: collection_build_path.rc != 0

# - name: Set the latest collection build path
# ansible.builtin.set_fact:
# collection_build_path: "{{ collection_build_path.stdout }}"

# - name: Upload redhat.artifact_signer to the private AAP
# delegate_to: localhost
# retries: 10
# delay: 30
# infra.ah_configuration.ah_collection_upload:
# path: "{{ collection_build_path }}"
# ah_host: https://{{ aap_instance_ip }}/
# ah_token: "{{ ah_token.token }}"
# validate_certs: false

# - name: Verify redhat.artifact_signer collection is installed
# delegate_to: localhost
# ansible.builtin.shell:
# cmd: |
# bash -c 'set -o pipefail && ansible-galaxy collection list | grep redhat.artifact_signer'
# register: collection_check
# changed_when: false
# failed_when: collection_check.rc != 0

- name: Check Ansible version
delegate_to: localhost
ansible.builtin.command:
cmd: ansible --version
register: ansible_version_output

- name: Display Ansible version
ansible.builtin.debug:
msg: "{{ ansible_version_output.stdout }}"

- name: Update ansible.cfg with Automation Hub configuration
delegate_to: localhost
ansible.builtin.copy:
dest: /home/runner/.cache/molecule/artifact-signer-ansible/aap-setup/ansible.cfg
content: |
[galaxy]
server_list = automation_hub, ansible_galaxy

[galaxy_server.ansible_galaxy]
url = https://galaxy.ansible.com

[galaxy_server.automation_hub]
url = https://console.redhat.com/api/automation-hub/
auth_url = https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
token = "{{ lookup('ansible.builtin.env', 'AUTOMATION_HUB_TOKEN') }}"
become: true

- name: Install infra.aap_configuration collection
delegate_to: localhost
ansible.builtin.command:
cmd: "ansible-galaxy collection install infra.aap_configuration"
changed_when: false

- name: Install ansible.platform collection
delegate_to: localhost
ansible.builtin.command:
cmd: "ansible-galaxy collection install ansible.platform"
changed_when: false

- name: Install ansible.controller collection
delegate_to: localhost
ansible.builtin.command:
cmd: "ansible-galaxy collection install ansible.controller"
changed_when: false

- name: Check Ansible collections
delegate_to: localhost
ansible.builtin.command:
cmd: ansible-galaxy collection list
register: ansible_collections_output

- name: Display Ansible collections
ansible.builtin.debug:
msg: "{{ ansible_collections_output.stdout }}"

- name: Create Job Template for TAS Single Node Playbook
delegate_to: localhost
block:
- name: Include Role to Configure Controller Job Templates
ansible.builtin.include_role:
name: infra.aap_configuration.controller_job_templates
collections:
- ansible.controller
vars:
controller_dependency_check: true
aap_hostname: "{{ aap_instance_ip }}"
aap_username: "admin"
aap_password: "password"
aap_validate_certs: false
controller_templates:
- name: "rhtas"
job_type: "run"
inventory: "Demo Inventory"
project: "Demo Project"
playbook: "hello_world.yml"

# - name: Export AAP details
# delegate_to: localhost
# ansible.builtin.copy:
# dest: "{{ playbook_dir }}/aap_vars.yml"
# mode: "0666"
# content: |
# aap_instance_ip: "{{ aap_instance_ip }}"
# token: "{{ ah_token.token }}"
Loading
Loading