test(default): set ansible roles path in default molecule scenario

Signed-off-by: Bruce Becker <bruce.becker@egi.eu>

.cspell.json

@@ -8,9 +8,21 @@
     "package-lock.json",
     "megalinter-reports",
     ".mega-linter.yml",
-    ".github/workflows"
+    ".github/workflows/**",
+    ".github/*.md",
+    ".zenodo.json",
+    "AUTHORS.md",
+    "molecule/**",
+    "requirements*"
   ],
   "language": "en",
   "version": "0.2",
-  "words": ["commitlint", "griduser", "gridusers", "localusers", "xrootd"]
+  "words": [
+    "zenodo",
+    "commitlint",
+    "griduser",
+    "gridusers",
+    "localusers",
+    "xrootd"
+  ]
 }

.mega-linter.yml

@@ -8,20 +8,17 @@
 # Apply fixes found by the linter. See https://megalinter.io/v8/config-apply-fixes/
 APPLY_FIXES: all
 FLAVOR_SUGGESTIONS: true
-ENABLE:
-  - ANSIBLE
-  - PYTHON
-  - MARKDOWN
-  - YAML
 ENABLE_LINTERS:
   - ANSIBLE_ANSIBLE_LINT
   - MARKDOWN_MARKDOWN_LINK_CHECK
   - MARKDOWN_MARKDOWNLINT
   - PYTHON_BLACK
   - PYTHON_FLAKE8
-  - REPOSITORY_CHECKOV
-  - REPOSITORY_KICS
+  # - REPOSITORY_CHECKOV
+  # - REPOSITORY_KICS
   - SPELL_CSPELL
   - DOCKERFILE_HADOLINT
   - JSON_PRETTIER
+DISABLE_LINTERS:
+  - YAML_V8R
 DOCKERFILE_HADOLINT_FILTER_REGEX_EXCLUDE: .*j2

molecule/default/Dockerfile.j2

@@ -5,7 +5,7 @@ FROM {{ item.registry.url }}/{{ item.image }}
 {% else %}
 FROM {{ item.image }}
 {% endif %}
-
+USER root
 RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python  bash ca-certificates && apt-get clean; \
     elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python  python-devel bash && dnf clean all; \
     elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python  yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \

molecule/default/converge.yml

@@ -0,0 +1,8 @@
+---
+- name: Converge
+  hosts: all
+  connection: docker
+  roles:
+    - name: ansible-role-ui
+      tags:
+        - ui

molecule/default/molecule.yml

@@ -10,15 +10,19 @@ platforms:
     image: quay.io/egi/voms-client:almalinux9
 provisioner:
   name: ansible
+  env:
+    ANSIBLE_ROLES_PATH: ../../../
   config_options:
     defaults:
       stdout_callback: yaml
+
   lint:
     name: ansible-lint
 scenario:
   name: default
 verifier:
   name: testinfra
+  enabled: true
   # Parallel testing only possible with xdist
   options:
     n: 2

molecule/default/tests/QC_SEC_05.py

@@ -1,6 +1,6 @@
 import os
 
-import testinfra.utils.ansible_runner
+import testinfra
 
 # See http://egi-qc.github.io/#SECURITY
 # World-writable files and directories are dangerous since they allows anyone
@@ -24,9 +24,8 @@
 # repoquery --requires
 # HT
 def test_world_writable_files(host):
-    assert (
-        check_output(
-            "find /tmp -type d \( -perm -g+w -or -perm -o+w \) -exec ls -adl {} \; |grep -v tmp"
-        )
-        == ""
+    cmd = (
+        "find /tmp -type d ( -perm -g+w -or -perm -o+w ) "
+        + "-exec ls -adl {} ; |grep -v tmp"
     )
+    assert testinfra.check_output(cmd) == ""

molecule/default/tests/test.py

@@ -1,10 +1,9 @@
-import os
 import subprocess
 
-listfile = open("list.txt","rw")
-files = subprocess.call(["repoquery","--requires","ui"],stdout=listfile)
+listfile = open("list.txt", "rw")
+files = subprocess.call(["repoquery", "--requires", "ui"], stdout=listfile)
 packages = listfile.read().splitlines()
-print packages
+print(packages)
 
 for p in packages:
-  print p.rsplit('.')[0]
+    print(p.rsplit(".")[0])

requirements.txt

@@ -2,4 +2,5 @@ ansible-dev-tools==25.1.0
 jmespath==1.0.1
 molecule-plugins[docker]==23.7.0
 pre_commit==4.1.0
+pytest-testinfra==10.1.1
 pytest-xdist==3.6.1