From 2fc0f674cea3de90ce240705ebb41ceceffa2c31 Mon Sep 17 00:00:00 2001
From: Gael Chamoulaud <gchamoul@redhat.com>
Date: Sat, 3 Aug 2019 13:55:43 +0200
Subject: [PATCH] Adding molecule tests for no-op-firewall-nova-driver
 validation

This patch also transforms the Nova configuration file path into an
Ansible variable.

Change-Id: I0bbbe16fbb21acef79a5f66fbea963ce3fd0f57d
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
---
 playbooks/no-op-firewall-nova-driver.yaml     |  1 +
 .../defaults/main.yml                         |  2 +
 .../molecule/default/Dockerfile.j2            | 37 ++++++++++
 .../molecule/default/molecule.yml             | 47 +++++++++++++
 .../molecule/default/playbook.yml             | 70 +++++++++++++++++++
 .../no-op-firewall-nova-driver/tasks/main.yml |  2 +-
 zuul.d/molecule.yaml                          |  9 +++
 7 files changed, 167 insertions(+), 1 deletion(-)
 create mode 100644 roles/no-op-firewall-nova-driver/defaults/main.yml
 create mode 100644 roles/no-op-firewall-nova-driver/molecule/default/Dockerfile.j2
 create mode 100644 roles/no-op-firewall-nova-driver/molecule/default/molecule.yml
 create mode 100644 roles/no-op-firewall-nova-driver/molecule/default/playbook.yml

diff --git a/playbooks/no-op-firewall-nova-driver.yaml b/playbooks/no-op-firewall-nova-driver.yaml
index 21beb8b49..537128c8c 100644
--- a/playbooks/no-op-firewall-nova-driver.yaml
+++ b/playbooks/no-op-firewall-nova-driver.yaml
@@ -8,5 +8,6 @@
         `NoopFirewallDriver`.
       groups:
       - post-deployment
+    nova_conf_path: "/var/lib/config-data/puppet-generated/nova_libvirt/etc/nova/nova.conf"
   roles:
     - no-op-firewall-nova-driver
diff --git a/roles/no-op-firewall-nova-driver/defaults/main.yml b/roles/no-op-firewall-nova-driver/defaults/main.yml
new file mode 100644
index 000000000..6a570fa14
--- /dev/null
+++ b/roles/no-op-firewall-nova-driver/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+nova_conf_path: /var/lib/config-data/puppet-generated/nova_libvirt/etc/nova/nova.conf
diff --git a/roles/no-op-firewall-nova-driver/molecule/default/Dockerfile.j2 b/roles/no-op-firewall-nova-driver/molecule/default/Dockerfile.j2
new file mode 100644
index 000000000..1b91a0e0b
--- /dev/null
+++ b/roles/no-op-firewall-nova-driver/molecule/default/Dockerfile.j2
@@ -0,0 +1,37 @@
+# Molecule managed
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
+    elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
+    elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
+    elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
+    elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
+    elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi
+
+{% for pkg in item.easy_install | default([]) %}
+# install pip for centos where there is no python-pip rpm in default repos
+RUN easy_install {{ pkg }}
+{% endfor %}
+
+
+CMD ["sh", "-c", "while true; do sleep 10000; done"]
diff --git a/roles/no-op-firewall-nova-driver/molecule/default/molecule.yml b/roles/no-op-firewall-nova-driver/molecule/default/molecule.yml
new file mode 100644
index 000000000..b2fa9bd59
--- /dev/null
+++ b/roles/no-op-firewall-nova-driver/molecule/default/molecule.yml
@@ -0,0 +1,47 @@
+---
+driver:
+  name: docker
+
+log: true
+
+platforms:
+  - name: centos7
+    hostname: centos7
+    image: centos:7
+    pkg_extras: python-setuptools python-enum34
+    easy_install:
+      - pip
+    environment: &env
+      http_proxy: "{{ lookup('env', 'http_proxy') }}"
+      https_proxy: "{{ lookup('env', 'https_proxy') }}"
+
+  - name: fedora28
+    hostname: fedora28
+    image: fedora:28
+    pkg_extras: python*-setuptools python*-enum
+    environment:
+      <<: *env
+
+provisioner:
+  name: ansible
+  log: true
+  env:
+    ANSIBLE_STDOUT_CALLBACK: yaml
+    ANSIBLE_LIBRARY: "../../../../library"
+
+scenario:
+  test_sequence:
+    - destroy
+    - create
+    - prepare
+    - converge
+    - verify
+    - destroy
+
+lint:
+  enabled: false
+
+verifier:
+  name: testinfra
+  lint:
+    name: flake8
diff --git a/roles/no-op-firewall-nova-driver/molecule/default/playbook.yml b/roles/no-op-firewall-nova-driver/molecule/default/playbook.yml
new file mode 100644
index 000000000..8f3b81706
--- /dev/null
+++ b/roles/no-op-firewall-nova-driver/molecule/default/playbook.yml
@@ -0,0 +1,70 @@
+---
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Converge
+  hosts: all
+  gather_facts: no
+
+  vars:
+    nova_conf_path: "/nova.conf"
+
+  tasks:
+    - name: Successful Validation
+      block:
+        - name: Create a correct Nova config file
+          copy:
+            dest: "/nova.conf"
+            content: |
+              [DEFAULT]
+              firewall_driver = nova.virt.firewall.NoopFirewallDriver
+
+        - include_role:
+            name: no-op-firewall-nova-driver
+          vars:
+            nova_conf_path: "/nova.conf"
+
+        - debug:
+            msg: "The validation works as expected!"
+
+    - name: Failing Validation
+      block:
+        - name: Modifying Nova config file
+          ini_file:
+            dest: "/nova.conf"
+            section: DEFAULT
+            option: firewall_driver
+            value: CHANGEME
+            backup: yes
+
+        - include_role:
+            name: no-op-firewall-nova-driver
+          vars:
+            nova_conf_path: "/nova.conf"
+      rescue:
+        - name: Clear host errors
+          meta: clear_host_errors
+
+        - debug:
+            msg: "The validation fails as expected! End the playbook run"
+
+        - name: End play
+          meta: end_play
+
+    - name: Fail the test
+      fail:
+        msg: |
+          No-op-firewall-nova-driver validation failed finding bad configuration!
diff --git a/roles/no-op-firewall-nova-driver/tasks/main.yml b/roles/no-op-firewall-nova-driver/tasks/main.yml
index ab627f07f..40cf1e522 100644
--- a/roles/no-op-firewall-nova-driver/tasks/main.yml
+++ b/roles/no-op-firewall-nova-driver/tasks/main.yml
@@ -2,7 +2,7 @@
 - name: Read the `firewall_driver` value
   become: true
   ini:
-    path: /var/lib/config-data/puppet-generated/nova_libvirt/etc/nova/nova.conf
+    path: "{{ nova_conf_path }}"
     section: DEFAULT
     key: firewall_driver
   register: nova_firewall_driver
diff --git a/zuul.d/molecule.yaml b/zuul.d/molecule.yaml
index d4bb20d35..602a86f38 100644
--- a/zuul.d/molecule.yaml
+++ b/zuul.d/molecule.yaml
@@ -14,6 +14,7 @@
       - tripleo-validations-centos-7-molecule-undercloud-debug
       - tripleo-validations-centos-7-molecule-undercloud-disk-space
       - tripleo-validations-centos-7-molecule-xfs-check-ftype
+      - tripleo-validations-centos-7-molecule-no-op-firewall-nova-driver
     gate:
       queue: integrated
       jobs:
@@ -28,6 +29,7 @@
       - tripleo-validations-centos-7-molecule-undercloud-debug
       - tripleo-validations-centos-7-molecule-undercloud-disk-space
       - tripleo-validations-centos-7-molecule-xfs-check-ftype
+      - tripleo-validations-centos-7-molecule-no-op-firewall-nova-driver
     name: tripleo-validations-molecule-jobs
 - job:
     files:
@@ -107,3 +109,10 @@
     voting: false
     vars:
       tripleo_validations_role_name: xfs-check-ftype
+- job:
+    files:
+    - ^roles/no-op-firewall-nova-driver/.*
+    name: tripleo-validations-centos-7-molecule-no-op-firewall-nova-driver
+    parent: tripleo-validations-centos-7-base
+    vars:
+      tripleo_validations_role_name: no-op-firewall-nova-driver