Merge pull request #169 from ansible-middleware/mol_sudo

Adapt molecule tests to work with none root user on target (sudo)
2025-04-06 10:50:31 -07:00 · 2024-02-26 18:39:42 +01:00 · 2024-02-26 18:39:42 +01:00 · beee25dec2
commit beee25dec2
parent b1848046dc 5bd39a0d0e
4 changed files with 80 additions and 55 deletions
--- a/molecule/default/prepare.yml
+++ b/molecule/default/prepare.yml
@ -1,16 +1,9 @@
 ---
 - name: Prepare
  hosts: all
-  tasks:
+  gather_facts: yes
-    - name: Install sudo
+  vars:
-      ansible.builtin.yum:
+    sudo_pkg_name: sudo
        name:
          - sudo
          - java-1.8.0-openjdk
        state: present
 - name: Prepare
  hosts: all
  tasks:
    - name: "Run preparation common to all scenario"
      ansible.builtin.include_tasks: ../prepare.yml
@ -18,3 +11,12 @@
        assets:
          - "{{ assets_server }}/sso/7.6.0/rh-sso-7.6.0-server-dist.zip"
          - "{{ assets_server }}/sso/7.6.1/rh-sso-7.6.1-patch.zip"
    - name: Install JDK8
      become: yes
      ansible.builtin.yum:
        name:
          - java-1.8.0-openjdk
        state: present
--- a/molecule/default/verify.yml
+++ b/molecule/default/verify.yml
@ -56,31 +56,34 @@
      ansible.builtin.assert:
        that:
          - (keycloak_query_clients.json | selectattr('clientId','equalto','TestClient') | first)["attributes"]["post.logout.redirect.uris"] == '/public/logout'
-    - name: Check log folder
+    - name: "Privilege escalation as some files/folders may requires it"
-      ansible.builtin.stat:
+      become: yes
-        path: "/tmp/keycloak"
+      block:
-      register: keycloak_log_folder
+        - name: Check log folder
-    - name: Check that keycloak log folder exists and is a link
+          ansible.builtin.stat:
-      ansible.builtin.assert:
+            path: "/tmp/keycloak"
-        that:
+          register: keycloak_log_folder
-          - keycloak_log_folder.stat.exists
+        - name: Check that keycloak log folder exists and is a link
-          - not keycloak_log_folder.stat.isdir
+          ansible.builtin.assert:
-          - keycloak_log_folder.stat.islnk
+            that:
-    - name: Check log file
+              - keycloak_log_folder.stat.exists
-      ansible.builtin.stat:
+              - not keycloak_log_folder.stat.isdir
-        path: "/tmp/keycloak/server.log"
+              - keycloak_log_folder.stat.islnk
-      register: keycloak_log_file
+        - name: Check log file
-    - name: Check if keycloak file exists
+          ansible.builtin.stat:
-      ansible.builtin.assert:
+            path: "/tmp/keycloak/server.log"
-        that:
+          register: keycloak_log_file
-          - keycloak_log_file.stat.exists
+        - name: Check if keycloak file exists
-          - not keycloak_log_file.stat.isdir
+          ansible.builtin.assert:
-    - name: Check default log folder
+            that:
-      ansible.builtin.stat:
+              - keycloak_log_file.stat.exists
-        path: "/var/log/keycloak"
+              - not keycloak_log_file.stat.isdir
-      register: keycloak_default_log_folder
+        - name: Check default log folder
-      failed_when: false
+          ansible.builtin.stat:
-    - name: Check that default keycloak log folder doesn't exist
+            path: "/var/log/keycloak"
-      ansible.builtin.assert:
+          register: keycloak_default_log_folder
-        that:
+          failed_when: false
-          - not keycloak_default_log_folder.stat.exists
+        - name: Check that default keycloak log folder doesn't exist
          ansible.builtin.assert:
            that:
              - not keycloak_default_log_folder.stat.exists
--- a/molecule/overridexml/prepare.yml
+++ b/molecule/overridexml/prepare.yml
@ -1,6 +1,9 @@
 ---
 - name: Prepare
  hosts: all
  gather_facts: yes
  vars:
    sudo_pkg_name: sudo
  tasks:
    - name: "Run preparation common to all scenario"
      ansible.builtin.include_tasks: ../prepare.yml
--- a/molecule/prepare.yml
+++ b/molecule/prepare.yml
@ -3,9 +3,27 @@
  ansible.builtin.debug:
    msg: "Ansible version is  {{ ansible_version.full }}"
- name: Install sudo
+
 - name: "Ensure {{ sudo_pkg_name }} is installed (if user is root)."
  ansible.builtin.yum:
-    name: 
+    name: "{{ sudo_pkg_name }}"
  when:
    - ansible_user_id == 'root'
 - name: Gather the package facts
  ansible.builtin.package_facts:
    manager: auto
 - name: "Check if {{ sudo_pkg_name }} is installed."
  ansible.builtin.assert:
    that:
      - sudo_pkg_name in ansible_facts.packages
 - name: Install sudo
  become: yes
  ansible.builtin.yum:
    name:
      - sudo
      - iproute
    state: present
@ -14,22 +32,21 @@
  ansible.builtin.set_fact:
    assets_server: "{{ lookup('env','MIDDLEWARE_DOWNLOAD_RELEASE_SERVER_URL') }}"
- name: "Set offline when assets server from env is defined"
+- name: "Download artefacts only if assets_server is set"
  ansible.builtin.set_fact:
    sso_offline_install: True
  when:
    - assets_server is defined
    - assets_server | length > 0
  block:
    - name: "Set offline when assets server from env is defined"
      ansible.builtin.set_fact:
        sso_offline_install: True
- name: "Download and deploy zips from {{ assets_server }}"
+    - name: "Download and deploy zips from {{ assets_server }}"
-  ansible.builtin.get_url:
+      ansible.builtin.get_url:
-    url: "{{ asset }}"
+        url: "{{ asset }}"
-    dest: "{{ lookup('env', 'PWD') }}"
+        dest: "{{ lookup('env', 'PWD') }}"
-    validate_certs: no
+        validate_certs: no
-  delegate_to: localhost
+      delegate_to: localhost
-  loop: "{{ assets }}"
+      loop: "{{ assets }}"
-  loop_control:
+      loop_control:
-    loop_var: asset
+        loop_var: asset
  when:
    - assets_server is defined
    - assets_server | length > 0