From ad8803318f22b994b31d57179b150e8eedf2c38b Mon Sep 17 00:00:00 2001 From: David Moreau Simard Date: Tue, 28 Jan 2020 20:26:49 -0500 Subject: [PATCH] Add a job to run playbooks and record them on the demo This adds a secret for authenticating with the live demo instance, and a job which runs basic integration tests. The results of these tests are sent to the live demo instance. The job is set to run in the "post" Zuul pipeline so the secret cannot be exposed by speculatively testing a job change. Change-Id: I8a7926ed547b1acb4b7021ca7c63abb9d68c0ac9 --- .zuul.d/jobs.yaml | 16 +++++++++++++ .zuul.d/project.yaml | 1 + .zuul.d/secrets.yaml | 17 ++++++++++++++ tests/basic.yaml | 53 ++++++++++++++++++++++++++++++++++---------- 4 files changed, 75 insertions(+), 12 deletions(-) diff --git a/.zuul.d/jobs.yaml b/.zuul.d/jobs.yaml index 279ae35f..5fbebfaa 100644 --- a/.zuul.d/jobs.yaml +++ b/.zuul.d/jobs.yaml @@ -131,3 +131,19 @@ required-projects: - name: github.com/ansible/ansible override-checkout: stable-2.7 + +- job: + name: ara-demo + parent: ara-ansible-integration-base + description: | + Runs basic integration tests through the equivalent of "tox -e ansible-integration" with Ansible 2.9 and sends + them to the live demo. + vars: + ara_api_client: http + ara_api_server: "https://api.demo.recordsansible.org" + required-projects: + - name: github.com/ansible/ansible + override-checkout: stable-2.9 + secrets: + - name: ara_api_credentials + secret: ara_api_demo_credentials diff --git a/.zuul.d/project.yaml b/.zuul.d/project.yaml index b86e5dfb..f7df58e6 100644 --- a/.zuul.d/project.yaml +++ b/.zuul.d/project.yaml @@ -28,3 +28,4 @@ post: jobs: - ara-upload-git-mirror + - ara-demo diff --git a/.zuul.d/secrets.yaml b/.zuul.d/secrets.yaml index a0cbf16b..4e6fcf8e 100644 --- a/.zuul.d/secrets.yaml +++ b/.zuul.d/secrets.yaml @@ -45,3 +45,20 @@ VATkbphVuVYV5NQmQPjE41t0uM/aH2MOP5DAg2UN1z6N/PQAMtqhCbRmo0D40SVT7qafp lYLaYrX0oyksfUHxA5/puDc7/saTykaId+eAsLS5HfkdkE+iwXFnnBz3lVYGmIPPwTEk8 BgWyjHt84Bfxoy6FRCaRHWlVWGfxEp2JxhmgVLfNwZMNnmvmhBqm8lKY9baaaY= + +- secret: + name: ara_api_demo_credentials + data: + username: opendev + email: opendev@recordsansible.org + password: !encrypted/pkcs1-oaep + - AbU5h7Hn4IxTxT9gWhrY6+eEToyKaCkgUGppv14L4R7xjRbecrRwVTl7ztrLdiNXvkIIA + NWreTfIFPFm5lOLs4pXkwqH02yNyfuqoLoChh5vPvS2aZP2pAkTS9DUYjOpKAa0u80I2F + UdKys2Qv3YfoypwMJkhREhHyw/rYy43qaXt7rB64TPaRphb1ZfY0ugWR7ZQJWIaOX8Pdk + 6QhJH4hWK8iMb5Dl7gE3D7z+1qlDPiQUY0b9Hk0L0INoXHp2QiJZS9SrbocDlojsziiCu + oa9OQmyKvPNw8nA+dKH+KhyDaiFyi6Ni/9ajvCNqdRJDjd/4nUWRzhjO1tua0PNHitvqx + tNid/Kz/dKneAwj3/U3YathdGAaei7ivro6OPWTeSlew15r6YxEOlm7sle9c/PK94JjMj + iGvjDACDcY6+zylimbkV4xavYbDmZiJ88/OvHRoY92KYfDGmRZ+r5tgwCS3CxvYhQlz6p + WOs3ptuP6HNSv6NN/jUwv8gmX1Kpui8r1945I0Bq87zkezFa8A3vCjhh+pqZhBgM8O9aM + 4jeVtOXd+ch0mo2PMui6lwGqP9RRNGASYNQBlszZGI+ts+3oBITxFzGHnh+cOpTQ6VSUg + 5u7qOclQtRW9ti3em7gdBLNggIZa3ZyY+iTl9jCA0oQLQZhM3cSuih/GMvtHPQ= diff --git a/tests/basic.yaml b/tests/basic.yaml index bf2394f3..d5778f8d 100644 --- a/tests/basic.yaml +++ b/tests/basic.yaml @@ -99,21 +99,50 @@ - "zuul.project:{{ zuul.project.canonical_name }}" when: zuul is defined + - name: Template an ansible.cfg file + copy: + content: | + [defaults] + action_plugins = {{ ara_setup_plugins.stdout }}/action + callback_plugins = {{ ara_setup_plugins.stdout }}/callback + lookup_plugins = {{ ara_setup_plugins.stdout }}/lookup + + [ara] + api_client = {{ ara_api_client | default('offline') }} + api_server = {{ ara_api_server | default('http://127.0.0.1') }} + default_labels = "{{ _default_labels | join(',') | default('default-label') }}" + dest: "{{ ara_api_root_dir }}/ansible.cfg" + + # We need to do this because we can't omit a dictionary key if it's not set + # https://github.com/ansible/ansible/issues/14130 + - name: Set environment variables without authentication + set_fact: + _env: + ANSIBLE_CONFIG: "{{ ara_api_root_dir }}/ansible.cfg" + ARA_DEBUG: "{{ ara_api_debug }}" + ARA_LOG_LEVEL: "{{ ara_api_log_level }}" + ARA_BASE_DIR: "{{ ara_api_root_dir }}/server" + ARA_SECRET_KEY: "{{ ara_api_secret_key }}" + PATH: "{{ ara_api_venv_path }}/bin:/bin:/usr/bin:/usr/local/bin" + when: ara_api_credentials is not defined + + - name: Set environment variables with authentication + set_fact: + _env: + ANSIBLE_CONFIG: "{{ ara_api_root_dir }}/ansible.cfg" + ARA_DEBUG: "{{ ara_api_debug }}" + ARA_LOG_LEVEL: "{{ ara_api_log_level }}" + ARA_BASE_DIR: "{{ ara_api_root_dir }}/server" + ARA_SECRET_KEY: "{{ ara_api_secret_key }}" + ARA_API_USERNAME: "{{ ara_api_credentials.username | default(None) }}" + ARA_API_PASSWORD: "{{ ara_api_credentials.password | default(None) }}" + PATH: "{{ ara_api_venv_path }}/bin:/bin:/usr/bin:/usr/local/bin" + when: ara_api_credentials is defined + # These aren't in the same task (i.e, with loop) so we can tell individual test # runs apart easily rather than keeping all the output bundled in a single task. # TODO: Add validation for the tests - - environment: - ANSIBLE_CALLBACK_PLUGINS: "{{ ara_setup_plugins.stdout }}/callback" - ANSIBLE_ACTION_PLUGINS: "{{ ara_setup_plugins.stdout }}/action" - ANSIBLE_LOOKUP_PLUGINS: "{{ ara_setup_plugins.stdout }}/lookup" - ARA_DEBUG: "{{ ara_api_debug }}" - ARA_LOG_LEVEL: "{{ ara_api_log_level }}" - ARA_BASE_DIR: "{{ ara_api_root_dir }}/server" - ARA_SECRET_KEY: "{{ ara_api_secret_key }}" - ARA_API_CLIENT: "{{ ara_api_client | default('offline') }}" - ARA_API_SERVER: "{{ ara_api_server | default('http://127.0.0.1:8000') }}" - ARA_DEFAULT_LABELS: "{{ _default_labels | join(', ') | default('default-label') }}" - PATH: "{{ ara_api_venv_path }}/bin:/bin:/usr/bin:/usr/local/bin" + - environment: "{{ _env }}" vars: _test_root: "{{ ara_api_source }}/tests/integration" block: