Add tests

Signed-off-by: Ondra Machacek <omachace@redhat.com>

.ansible-lint

@@ -0,0 +1,9 @@
+---
+profile: production
+strict: true
+
+skip_list:
+  - no-changed-when  # Commands should not change things if nothing needs doing.
+
+exclude_paths:
+  - tests/integration

.github/workflows/test.yml

@@ -0,0 +1,30 @@
+---
+name: Ansible Integration Test
+on:  # yamllint disable-line rule:truthy
+  pull_request:
+  merge_group:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+permissions:
+  contents: read
+jobs:
+  ansible_integration_test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Update pip, git
+        run: |
+          set -euxo pipefail
+          sudo apt-get update
+
+      - name: Checkout repo
+        uses: actions/checkout@v4
+        with:
+          path: ansible_collections/redhat_cop/vmware_ops
+
+      - name: Run
+        run: |
+          make integration
+        working-directory: ansible_collections/redhat_cop/vmware_ops

Makefile

@@ -0,0 +1,2 @@
+integration:
+	ansible-test integration --no-temp-workdir security_test

execution-environment/README.md

@@ -0,0 +1,21 @@
+## How to use execution environment
+
+### Building
+To build the execution environment image:
+
+```bash
+$ export USER=yourdockerusername
+$ ansible-builder build -t quay.io/$USER/vmware:mytest
+```
+
+This will create container image `quay.io/$USER/vmware:mytest`. You can upload it to quay and use from AAP.
+
+### Local test
+To test the image locally using `ansible-runner` execute the image as follows:
+
+```bash
+$ export USER=yourdockerusername
+$ ansible-runner run --container-image quay.io/$USER/vmware:mytest runner --inventory localhost, -p redhat_cop.vmware_ops.security
+```
+
+This will execute the `security.yml` playbook from playbooks directory. You can test with any playbook from this directory.

roles/system_settings/tasks/main.yml

@@ -1,7 +1,7 @@
 - name: Set NTP servers
   when: system_settings_ntp_servers is defined
   block:
-    - name: Set NTP servers
+    - name: Test NTP servers
       vmware.vmware_rest.appliance_ntp:
         vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
         vcenter_password: "{{ system_settings_password | d(omit) }}"
@@ -12,12 +12,11 @@
       register: __ntp_state
 
     - name: Print the state of NTP servers
-      ansible.builtin.fail:
-        msg: "Server {{ item.server }} status: {{ item.message }}"
+      ansible.builtin.debug:
+        msg: "Warning: server {{ item.server }} status: {{ item.message }}"
       loop: "{{ __ntp_state.value }}"
       when: item.status == 'SERVER_UNREACHABLE'
-      ignore_errors: true
-
+
     - name: Set NTP servers
       vmware.vmware_rest.appliance_ntp:
         vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"

tests/expectations/mock.json

@@ -0,0 +1,64 @@
+[
+{
+  "httpRequest": {
+    "method": "POST",
+    "path": "/rest/com/vmware/cis/session"
+  },
+  "httpResponse": {
+    "statusCode": 200,
+    "body": {"value": "72300ca9ff16c5743fa0a6328c8570ce"}
+  }
+},
+{
+  "httpRequest": {
+    "method": "PUT",
+    "path": "/api/appliance/access/(consolecli|dcui|shell|ssh)"
+  },
+  "httpResponse": {
+    "statusCode": 200,
+    "headers": {
+      "Content-Type": "application/json"
+    },
+    "body": "{}"
+  }
+},
+{
+  "httpRequest": {
+    "method": "GET",
+    "path": "/api/appliance/access/(consolecli|dcui|shell|ssh)"
+  },
+  "httpResponse": {
+    "statusCode": 200,
+    "headers": {
+      "Content-Type": "application/json"
+    },
+    "body": "true"
+  }
+},
+{
+  "httpRequest": {
+    "method" : "GET",
+    "path" : "/api/appliance/networking/firewall/inbound"
+  },
+  "httpResponse": {
+    "statusCode": 200,
+    "headers": {
+      "Content-Type": "application/json"
+    },
+    "body": [{}]
+  }
+},
+{
+  "httpRequest": {
+    "method" : "PUT",
+    "path" : "/api/appliance/networking/firewall/inbound"
+  },
+  "httpResponse": {
+    "statusCode": 200,
+    "headers": {
+      "Content-Type": "application/json"
+    },
+    "body": "{}"
+  }
+}
+]

tests/integration/inventory

@@ -0,0 +1,2 @@
+[testgroup]
+testhost ansible_connection="local" ansible_pipelining="yes" ansible_python_interpreter="/usr/bin/python3"

tests/integration/targets/init.sh

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+# shellcheck disable=SC2155,SC2086
+
+BASE_DIR=$(dirname "${BASH_SOURCE[0]}")
+export ANSIBLE_ROLES_PATH=${BASE_DIR}

tests/integration/targets/prepare_rest/tasks/main.yml

@@ -0,0 +1,25 @@
+---
+- name: Install dependencies
+  ansible.builtin.pip:
+    name:
+      - requests
+      - aiohttp
+
+- name: Run rest
+  community.docker.docker_container:
+    name: vmwarest
+    image: mockserver/mockserver
+    state: started
+    recreate: yes
+    exposed_ports:
+      - 1080
+    ports:
+      - 1080:1080
+
+- name: Pause
+  ansible.builtin.pause:
+    seconds: 10
+
+- name: Put data to mockserver
+  ansible.builtin.command:
+    cmd: "curl -v -X PUT --data @../{{ mock_file }}/mock.json http://localhost:1080/mockserver/expectation"

tests/integration/targets/security_test/mock.json

@@ -0,0 +1,64 @@
+[
+{
+  "httpRequest": {
+    "method": "POST",
+    "path": "/rest/com/vmware/cis/session"
+  },
+  "httpResponse": {
+    "statusCode": 200,
+    "body": {"value": "72300ca9ff16c5743fa0a6328c8570ce"}
+  }
+},
+{
+  "httpRequest": {
+    "method": "PUT",
+    "path": "/api/appliance/access/(consolecli|dcui|shell|ssh)"
+  },
+  "httpResponse": {
+    "statusCode": 200,
+    "headers": {
+      "Content-Type": "application/json"
+    },
+    "body": "{}"
+  }
+},
+{
+  "httpRequest": {
+    "method": "GET",
+    "path": "/api/appliance/access/(consolecli|dcui|shell|ssh)"
+  },
+  "httpResponse": {
+    "statusCode": 200,
+    "headers": {
+      "Content-Type": "application/json"
+    },
+    "body": "true"
+  }
+},
+{
+  "httpRequest": {
+    "method" : "GET",
+    "path" : "/api/appliance/networking/firewall/inbound"
+  },
+  "httpResponse": {
+    "statusCode": 200,
+    "headers": {
+      "Content-Type": "application/json"
+    },
+    "body": [{}]
+  }
+},
+{
+  "httpRequest": {
+    "method" : "PUT",
+    "path" : "/api/appliance/networking/firewall/inbound"
+  },
+  "httpResponse": {
+    "statusCode": 200,
+    "headers": {
+      "Content-Type": "application/json"
+    },
+    "body": "{}"
+  }
+}
+]

tests/integration/targets/security_test/run.yml

@@ -0,0 +1,15 @@
+- hosts: localhost
+  gather_facts: no
+  collections:
+    - community.general
+  vars_files:
+    - vars.yml
+
+  tasks:
+    - name: Vcsim
+      ansible.builtin.import_role:
+        name: prepare_rest
+
+    - name: Import security role
+      ansible.builtin.import_role:
+        name: security_test

tests/integration/targets/security_test/runme.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+source ../init.sh
+exec ansible-playbook run.yml

tests/integration/targets/security_test/tasks/main.yml

@@ -0,0 +1,4 @@
+---
+- name: Security role
+  ansible.builtin.import_role:
+    name: redhat_cop.vmware_ops.security

tests/integration/targets/security_test/vars.yml

@@ -0,0 +1,13 @@
+mock_file: "security_test"
+
+security_hostname: "127.0.0.1:1080"
+security_username: "user"
+security_password: "pass"
+security_validate_certs: false
+
+security_consolecli_enabled: true
+security_dcui_enabled: true
+security_shell_enabled: true
+security_shell_timeout: 100
+security_ssh_enabled: true
+security_firewall_rules: []

tests/integration/targets/system_settings_test/mock.json

@@ -0,0 +1,79 @@
+[
+{
+  "httpRequest": {
+    "method": "POST",
+    "path": "/rest/com/vmware/cis/session"
+  },
+  "httpResponse": {
+    "statusCode": 200,
+    "body": {"value": "72300ca9ff16c5743fa0a6328c8570ce"}
+  }
+},
+{
+  "httpRequest": {
+    "method": "POST",
+    "path": "/api/appliance/system/storage",
+    "queryStringParameters": {"action": "resize"}
+  },
+  "httpResponse": {
+    "statusCode": 200,
+    "headers": {
+      "Content-Type": "application/json"
+    },
+    "body": "{}"
+  }
+},
+{
+  "httpRequest": {
+    "method": "POST",
+    "path": "/api/appliance/ntp",
+    "queryStringParameters": {"action": "test"}
+  },
+  "httpResponse": {
+    "statusCode": 200,
+    "headers": {
+      "Content-Type": "application/json"
+    },
+    "body": [{"server": "1.2.3.4", "status": "SERVER_UNREACHABLE", "message": "Unreachable"}]
+  }
+},
+{
+  "httpRequest": {
+    "method": "(PUT|GET)",
+    "path": "/api/appliance/system/(time/timezone|global-fips|storage)"
+  },
+  "httpResponse": {
+    "statusCode": 200,
+    "headers": {
+      "Content-Type": "application/json"
+    },
+    "body": "{}"
+  }
+},
+{
+  "httpRequest": {
+    "method": "PUT",
+    "path": "/api/appliance/(timesync|ntp)"
+  },
+  "httpResponse": {
+    "statusCode": 200,
+    "headers": {
+      "Content-Type": "application/json"
+    },
+    "body": "{}"
+  }
+},
+{
+  "httpRequest": {
+    "method": "GET",
+    "path": "/api/appliance/(ntp|timesync)"
+  },
+  "httpResponse": {
+    "statusCode": 200,
+    "headers": {
+      "Content-Type": "application/json"
+    },
+    "body": "true"
+  }
+}
+]

tests/integration/targets/system_settings_test/run.yml

@@ -0,0 +1,15 @@
+- hosts: localhost
+  gather_facts: no
+  collections:
+    - community.general
+  vars_files:
+    - vars.yml
+
+  tasks:
+    - name: Vcsim
+      ansible.builtin.import_role:
+        name: prepare_rest
+
+    - name: Import system_settings role
+      ansible.builtin.import_role:
+        name: system_settings_test

tests/integration/targets/system_settings_test/runme.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+source ../init.sh
+exec ansible-playbook run.yml

tests/integration/targets/system_settings_test/tasks/main.yml

@@ -0,0 +1,4 @@
+---
+- name: System settings role
+  ansible.builtin.import_role:
+    name: redhat_cop.vmware_ops.system_settings