Add Ansible DevMode

Chart.yaml

@@ -3,7 +3,7 @@ description: A Helm chart to create per-clustergroup ArgoCD applications and any
 keywords:
 - pattern
 name: clustergroup
-version: 0.9.50
+version: 0.9.51
 home: https://github.com/validatedpatterns/clustergroup-chart
 maintainers:
   - name: Validated Patterns Team

README.md

@@ -1,13 +1,14 @@
 # clustergroup
 
-![Version: 0.9.50](https://img.shields.io/badge/Version-0.9.50-informational?style=flat-square)
+![Version: 0.9.51](https://img.shields.io/badge/Version-0.9.51-informational?style=flat-square)
 
 A Helm chart to create per-clustergroup ArgoCD applications and any required namespaces or subscriptions.
 
 This chart is used to set up the basic building blocks in [Validated Patterns](https://validatedpatterns.io)
 
 ### Notable changes
 
+* v0.9.51: Add ansibleDevMode (requirements.yml injection and optional ansibleCfgFile/ansibleCfgContent) to simplify rhvp.cluster_utils development. Add extraPlaybookArgs to imperative as well.
 * v0.9.50: Add support to custom `rbac` in `ArgoDC.spec`
 * v0.9.49: Boolean Templates in override values now also render correctly
 * v0.9.48: Templates in override values now render
@@ -85,9 +86,15 @@ clusterGroup:
 | clusterGroup.imperative.adminClusterRoleName | string | `"imperative-admin-cluster-role"` |  |
 | clusterGroup.imperative.adminServiceAccountCreate | bool | `true` |  |
 | clusterGroup.imperative.adminServiceAccountName | string | `"imperative-admin-sa"` |  |
+| clusterGroup.imperative.ansibleDevMode.ansibleCfgContent | string | `""` | Inline ansible.cfg; when non-empty, written to ansibleCfgFile before ansible-galaxy (so galaxy and playbooks honor collections_path, etc.). |
+| clusterGroup.imperative.ansibleDevMode.ansibleCfgFile | string | `"ansible.cfg"` | Path under the cloned pattern repo for optional injected ansible.cfg (written from ansibleCfgContent when set). |
+| clusterGroup.imperative.ansibleDevMode.enabled | bool | `false` | When true, run an init container before imperative playbooks that can install collections and optionally write ansible.cfg into the cloned repo (/git/repo). |
+| clusterGroup.imperative.ansibleDevMode.requirementsContent | string | `""` | Inline requirements.yml; when non-empty, written to requirementsFile before galaxy install. |
+| clusterGroup.imperative.ansibleDevMode.requirementsFile | string | `"requirements.yml"` | Path under the cloned pattern repo for ansible-galaxy -r (written from requirementsContent when set). |
 | clusterGroup.imperative.clusterRoleName | string | `"imperative-cluster-role"` |  |
 | clusterGroup.imperative.clusterRoleYaml | string | `""` |  |
 | clusterGroup.imperative.cronJobName | string | `"imperative-cronjob"` |  |
+| clusterGroup.imperative.extraPlaybookArgs | list | `[]` | Optional extra arguments for every ansible-playbook invocation (imperative jobs, vault unseal, auto-approve installplans). Each list entry is one argv token. Empty by default. |
 | clusterGroup.imperative.image | string | `"quay.io/validatedpatterns/imperative-container:v1"` |  |
 | clusterGroup.imperative.imagePullPolicy | string | `"Always"` |  |
 | clusterGroup.imperative.insecureUnsealVaultInsideClusterSchedule | string | `"*/5 * * * *"` |  |

README.md.gotmpl

@@ -9,6 +9,7 @@ This chart is used to set up the basic building blocks in [Validated Patterns](h
 
 ### Notable changes
 
+* v0.9.51: Add ansibleDevMode (requirements.yml injection and optional ansibleCfgFile/ansibleCfgContent) to simplify rhvp.cluster_utils development. Add extraPlaybookArgs to imperative as well.
 * v0.9.50: Add support to custom `rbac` in `ArgoDC.spec`
 * v0.9.49: Boolean Templates in override values now also render correctly
 * v0.9.48: Templates in override values now render

templates/imperative/_helpers.tpl

@@ -73,6 +73,38 @@
     git clone --recurse-submodules --single-branch ${BRANCH} --depth 1 -- "${URL}" /git/repo;
     chmod 0770 /git/{repo,home};
 {{- end }}
+
+{{/* Optional ansible dev mode init container */}}
+{{- define "imperative.initcontainers.ansible-dev-mode" }}
+{{- if $.Values.clusterGroup.imperative.ansibleDevMode.enabled }}
+- name: ansible-dev-mode
+  image: {{ $.Values.clusterGroup.imperative.image }}
+  imagePullPolicy: {{ $.Values.clusterGroup.imperative.imagePullPolicy }}
+  env:
+    - name: HOME
+      value: /git/home
+  workingDir: /git/repo
+  command:
+  - 'sh'
+  - '-c'
+  - |-
+    {{- with $.Values.clusterGroup.imperative.ansibleDevMode.requirementsContent }}
+    cat <<'EOF' > {{ $.Values.clusterGroup.imperative.ansibleDevMode.requirementsFile | quote }}
+{{ . | nindent 4 }}
+    EOF
+    {{- end }}
+    {{- with $.Values.clusterGroup.imperative.ansibleDevMode.ansibleCfgContent }}
+    cat <<'EOF' > {{ $.Values.clusterGroup.imperative.ansibleDevMode.ansibleCfgFile | quote }}
+{{ . | nindent 4 }}
+    EOF
+    {{- end }}
+    ansible-galaxy collection install -r {{ $.Values.clusterGroup.imperative.ansibleDevMode.requirementsFile | quote }}
+    ansible-galaxy collection list
+  volumeMounts:
+    {{- include "imperative.volumemounts_ca" $ | indent 4 }}
+{{- end }}
+{{- end }}
+
 {{/* Final done container */}}
 {{- define "imperative.containers.done" }}
 - name: "done"

templates/imperative/auto-approve-installplans.yaml

@@ -22,6 +22,7 @@ spec:
             # reason for that is ansible refuses to create temporary folders in there
             {{- include  "imperative.initcontainers.fetch-ca" . | indent 12 }}
             {{- include  "imperative.initcontainers.gitinit-ca" . | indent 12 }}
+            {{- include  "imperative.initcontainers.ansible-dev-mode" . | indent 12 }}
             - name: auto-approve-installplans
               image: {{ $.Values.clusterGroup.imperative.image }}
               imagePullPolicy: {{ $.Values.clusterGroup.imperative.imagePullPolicy }}
@@ -38,6 +39,9 @@ spec:
               {{- end }}
               - -e
               - "@/values/values.yaml"
+              {{- range ($.Values.clusterGroup.imperative.extraPlaybookArgs | default list) }}
+              - {{ . | quote }}
+              {{- end }}
               - rhvp.cluster_utils.auto_approve_installplans
               volumeMounts:
                 {{- include "imperative.volumemounts_ca" . | indent 16 }}

templates/imperative/job.yaml

@@ -23,6 +23,7 @@ spec:
             # reason for that is ansible refuses to create temporary folders in there
             {{- include  "imperative.initcontainers.fetch-ca" . | indent 12 }}
             {{- include  "imperative.initcontainers.gitinit-ca" . | indent 12 }}
+            {{- include  "imperative.initcontainers.ansible-dev-mode" . | indent 12 }}
     {{- range $.Values.clusterGroup.imperative.jobs }}
       {{- if ne (.disabled | default "false" | toString | lower ) "true" }}
             - name: {{ .name }}
@@ -51,6 +52,9 @@ spec:
                 - -e
                 - {{ . | quote }}
                 {{- end }}
+                {{- range ($.Values.clusterGroup.imperative.extraPlaybookArgs | default list) }}
+                - {{ . | quote }}
+                {{- end }}
                 - {{ .playbook }}
               volumeMounts:
                 {{- include "imperative.volumemounts_ca" . | indent 16 }}

templates/imperative/unsealjob.yaml

@@ -36,6 +36,7 @@ spec:
             # reason for that is ansible refuses to create temporary folders in there
             {{- include  "imperative.initcontainers.fetch-ca" . | indent 12 }}
             {{- include  "imperative.initcontainers.gitinit-ca" . | indent 12 }}
+            {{- include  "imperative.initcontainers.ansible-dev-mode" . | indent 12 }}
             - name: unseal-playbook
               image: {{ $.Values.clusterGroup.imperative.image }}
               imagePullPolicy: {{ $.Values.clusterGroup.imperative.imagePullPolicy }}
@@ -54,6 +55,9 @@ spec:
                 {{- end }}
                 - -e
                 - "@/values/values.yaml"
+                {{- range ($.Values.clusterGroup.imperative.extraPlaybookArgs | default list) }}
+                - {{ . | quote }}
+                {{- end }}
                 - -t
                 - 'vault_init,vault_unseal,vault_secrets_init,vault_spokes_init'
                 - "rhvp.cluster_utils.vault"

tests/application_vault_unseal_test.yaml

@@ -158,3 +158,76 @@ tests:
     asserts:
       - hasDocuments:
           count: 0
+
+  - it: should include ansible dev mode init container when enabled
+    set:
+      global:
+        repoURL: https://github.com/validatedpatterns/multicloud-gitops
+        multiSourceRepoUrl: https://charts.validatedpatterns.io
+      clusterGroup:
+        isHubCluster: true
+        imperative:
+          ansibleDevMode:
+            enabled: true
+            requirementsFile: dev/requirements.yml
+        applications:
+          acm:
+            name: acm
+            namespace: open-cluster-management
+            project: hub
+            chart: acm
+            chartVersion: 0.1.*
+    asserts:
+      - isKind:
+          of: CronJob
+      - hasDocuments:
+          count: 1
+      - equal:
+          path: spec.jobTemplate.spec.template.spec.initContainers[2].name
+          value: ansible-dev-mode
+      - matchRegex:
+          path: spec.jobTemplate.spec.template.spec.initContainers[2].command[2]
+          pattern: 'ansible-galaxy collection install -r "dev/requirements.yml"'
+      - matchRegex:
+          path: spec.jobTemplate.spec.template.spec.initContainers[2].command[2]
+          pattern: 'ansible-galaxy collection list'
+
+  - it: should inject ansible.cfg in unseal ansible dev mode init when ansibleCfgContent is set
+    set:
+      global:
+        repoURL: https://github.com/validatedpatterns/multicloud-gitops
+        multiSourceRepoUrl: https://charts.validatedpatterns.io
+      clusterGroup:
+        isHubCluster: true
+        imperative:
+          ansibleDevMode:
+            enabled: true
+            requirementsFile: dev/requirements.yml
+            ansibleCfgFile: dev/imperative-ansible.cfg
+            ansibleCfgContent: |
+              [defaults]
+              collections_path=~/.ansible/collections:/usr/share/ansible/collections
+        applications:
+          acm:
+            name: acm
+            namespace: open-cluster-management
+            project: hub
+            chart: acm
+            chartVersion: 0.1.*
+    asserts:
+      - isKind:
+          of: CronJob
+      - hasDocuments:
+          count: 1
+      - equal:
+          path: spec.jobTemplate.spec.template.spec.initContainers[2].name
+          value: ansible-dev-mode
+      - matchRegex:
+          path: spec.jobTemplate.spec.template.spec.initContainers[2].command[2]
+          pattern: 'cat <<''EOF'' > "dev/imperative-ansible.cfg"'
+      - matchRegex:
+          path: spec.jobTemplate.spec.template.spec.initContainers[2].command[2]
+          pattern: 'ansible-galaxy collection install -r "dev/requirements.yml"'
+      - matchRegex:
+          path: spec.jobTemplate.spec.template.spec.initContainers[2].command[2]
+          pattern: 'ansible-galaxy collection list'

tests/imperative_auto_approve_installplans_test.yaml

@@ -0,0 +1,90 @@
+suite: Test auto-approve installplans job
+templates:
+  - templates/imperative/auto-approve-installplans.yaml
+release:
+  name: release-test
+tests:
+  - it: should create auto-approve cronjob when option is enabled
+    set:
+      global:
+        options:
+          autoApproveManualInstallPlans: true
+      clusterGroup:
+        imperative:
+          adminServiceAccountName: imperative-admin-sa
+    asserts:
+      - hasDocuments:
+          count: 1
+      - isKind:
+          of: CronJob
+
+  - it: should append extraPlaybookArgs to auto-approve ansible-playbook command
+    set:
+      global:
+        options:
+          autoApproveManualInstallPlans: true
+      clusterGroup:
+        imperative:
+          adminServiceAccountName: imperative-admin-sa
+          extraPlaybookArgs:
+            - "--diff"
+    asserts:
+      - hasDocuments:
+          count: 1
+      - contains:
+          path: spec.jobTemplate.spec.template.spec.initContainers[2].command
+          content: "--diff"
+
+  - it: should include ansible dev mode init container when enabled
+    set:
+      global:
+        options:
+          autoApproveManualInstallPlans: true
+      clusterGroup:
+        imperative:
+          ansibleDevMode:
+            enabled: true
+            requirementsFile: ansible/requirements.yml
+    asserts:
+      - hasDocuments:
+          count: 1
+      - equal:
+          path: spec.jobTemplate.spec.template.spec.initContainers[2].name
+          value: ansible-dev-mode
+      - matchRegex:
+          path: spec.jobTemplate.spec.template.spec.initContainers[2].command[2]
+          pattern: 'ansible-galaxy collection install -r "ansible/requirements.yml"'
+      - matchRegex:
+          path: spec.jobTemplate.spec.template.spec.initContainers[2].command[2]
+          pattern: 'ansible-galaxy collection list'
+
+  - it: should inject ansible.cfg in auto-approve ansible dev mode when ansibleCfgContent is set
+    set:
+      global:
+        options:
+          autoApproveManualInstallPlans: true
+      clusterGroup:
+        imperative:
+          adminServiceAccountName: imperative-admin-sa
+          ansibleDevMode:
+            enabled: true
+            requirementsFile: ansible/requirements.yml
+            ansibleCfgFile: ansible/ansible.cfg
+            ansibleCfgContent: |
+              [defaults]
+              collections_path=~/.ansible/collections:/usr/share/ansible/collections
+    asserts:
+      - hasDocuments:
+          count: 1
+      - equal:
+          path: spec.jobTemplate.spec.template.spec.initContainers[2].name
+          value: ansible-dev-mode
+      - matchRegex:
+          path: spec.jobTemplate.spec.template.spec.initContainers[2].command[2]
+          pattern: 'cat <<''EOF'' > "ansible/ansible.cfg"'
+      - matchRegex:
+          path: spec.jobTemplate.spec.template.spec.initContainers[2].command[2]
+          pattern: 'ansible-galaxy collection install -r "ansible/requirements.yml"'
+      - matchRegex:
+          path: spec.jobTemplate.spec.template.spec.initContainers[2].command[2]
+          pattern: 'ansible-galaxy collection list'