Merge pull request #188 from fahedouch/release-0.4

cherry-pick to release 0.4.1

.github/workflows/backport.yml

@@ -27,7 +27,7 @@ jobs:
           fetch-depth: 0
 
       - name: Open Backport PR
-        uses: zeebe-io/backport-action@v0.0.9
+        uses: zeebe-io/backport-action@v1.1.0
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           github_workspace: ${{ github.workspace }}

.github/workflows/commands.yml

@@ -85,7 +85,7 @@ jobs:
         fetch-depth: 0
 
     - name: Open Backport PR
-      uses: zeebe-io/backport-action@v0.0.9
+      uses: zeebe-io/backport-action@v1.1.0
       with:
         github_token: ${{ secrets.GITHUB_TOKEN }}
         github_workspace: ${{ github.workspace }}

Makefile

@@ -3,7 +3,7 @@
 PROJECT_NAME := provider-ansible
 PROJECT_REPO := github.com/crossplane-contrib/$(PROJECT_NAME)
 
-PLATFORMS ?= linux_amd64
+PLATFORMS ?= linux_amd64 linux_arm64
 -include build/makelib/common.mk
 
 # ====================================================================================
@@ -21,14 +21,14 @@ GO_STATIC_PACKAGES = $(GO_PROJECT)/cmd/provider
 GO_LDFLAGS += -X $(GO_PROJECT)/internal/version.Version=$(VERSION)
 GO_SUBDIRS += cmd internal apis
 GO111MODULE = on
-GOLANGCILINT_VERSION = 1.49.0
+GOLANGCILINT_VERSION = 1.50.0
 RUNNING_IN_CI = true
 -include build/makelib/golang.mk
 
 # ====================================================================================
 # Setup Kubernetes tools
 
-UP_VERSION = v0.13.0
+UP_VERSION = v0.14.0
 UP_CHANNEL = stable
 -include build/makelib/k8s_tools.mk
 

cluster/images/provider-ansible/Dockerfile

@@ -1,6 +1,13 @@
-FROM alpinelinux/ansible
-RUN apk --no-cache add ca-certificates bash
-RUN pip3 install ansible-runner
+FROM python:3.10-alpine3.17 AS build-base
+RUN apk --no-cache add gcc musl-dev libffi-dev
+RUN mkdir -p /wheels
+RUN python -m pip wheel ansible ansible-runner --wheel-dir=/wheels
+
+FROM python:3.10-alpine3.17
+RUN apk --no-cache add ca-certificates bash openssh-client git
+COPY --from=build-base /wheels/* /wheels/
+RUN python -m pip install --no-index --find-links=/wheels ansible ansible-runner && \
+    rm -r /wheels
 
 ARG TARGETOS
 ARG TARGETARCH

cmd/provider/main.go

@@ -39,6 +39,7 @@ func main() {
 		ansibleRolesPath       = app.Flag("ansible-roles-path", "Path where role(s) exists.").String()
 		syncPeriod             = app.Flag("sync", "Controller manager sync period such as 300ms, 1.5h, or 2h45m").Short('s').Default("1h").Duration()
 		pollInterval           = app.Flag("poll", "Poll interval controls how often an individual resource should be checked for drift.").Default("1m").Duration()
+		timeout                = app.Flag("timeout", "Controls how long Ansible processes may run before they are killed.").Default("20m").Duration()
 		leaderElection         = app.Flag("leader-election", "Use leader election for the controller manager.").Short('l').Default("false").OverrideDefaultFromEnvar("LEADER_ELECTION").Bool()
 		maxReconcileRate       = app.Flag("max-reconcile-rate", "The maximum number of concurrent reconciliation operations.").Default("1").Int()
 	)
@@ -75,6 +76,6 @@ func main() {
 		Features:                &feature.Flags{},
 	}
 
-	kingpin.FatalIfError(ansible.Setup(mgr, o, *ansibleCollectionsPath, *ansibleRolesPath), "Cannot setup Ansible controllers")
+	kingpin.FatalIfError(ansible.Setup(mgr, o, *ansibleCollectionsPath, *ansibleRolesPath, *timeout), "Cannot setup Ansible controllers")
 	kingpin.FatalIfError(mgr.Start(ctrl.SetupSignalHandler()), "Cannot start controller manager")
 }

docs/design.md

@@ -97,21 +97,7 @@ spec:
 
 This is more useful for a real project where Ansible contents are hosted in a remote place. The Ansible contents can be retrieved from [Ansible Galaxy](https://galaxy.ansible.com/) as community contents, or Automation Hub as Red Hat certified and supported contents, or a private Automation Hub that hosts private contents created and curated by an organization, or even a GitHub repository.
 
-Here is an example to run an Ansible role that is included in a collection, using `spec.forProvider.role`:
-
-```yaml
-apiVersion: ansible.crossplane.io/v1alpha1
-kind: AnsibleRun
-metadata:
-  name: remote-example
-spec:
-  forProvider:
-    role: sample_namespace.sample_role
-  providerConfigRef:
-    name: provider-config-example
-```
-
-If multiple roles are listed using `spec.forProvider.roles`, they will be run sequencially one after another. At the time of writing this document, only single role execution is supported.
+Here is an example to run multiple Ansible roles listed using `spec.forProvider.roles`, they will be run sequencially one after another:
 
 ```yaml
 apiVersion: ansible.crossplane.io/v1alpha1
@@ -315,7 +301,8 @@ metadata:
   name: remote-example
 spec:
   forProvider:
-    role: sample_namespace.sample_role
+    roles:
+    - sample_namespace.sample_role
     vars:
       foo: value1
       bar:
@@ -364,7 +351,8 @@ metadata:
   name: remote-example
 spec:
   forProvider:
-    role: sample_namespace.sample_role
+    roles:
+    - sample_namespace.sample_role
     varFiles:
     - source: ConfigMapKey
       configMapKeyRef:
@@ -380,9 +368,11 @@ spec:
     name: provider-config-example
 ```
 
+Please note that the feature `varFiles` has not been implemented yet. It will be supported in the coming releases.
+
 ### Passing Variables via ProviderConfig
 
-To support loading Ansible roles or playbooks at runtime, the provider also allows users to manage their Ansible contents by specifiying some native Ansible environment variables to customize Ansible default behavior. Since such configuration have the global impact across all Ansible runs, this is done by passing variables in ProviderConfig.
+To support loading Ansible roles or playbooks at runtime, the provider also allows users to manage their Ansible contents by specifiying some native Ansible environment variables to customize Ansible default behavior. Since such configuration may have a global impact across all Ansible runs, this is done by passing variables in ProviderConfig.
 
 Here is an example:
 
@@ -394,9 +384,11 @@ metadata:
 spec:
   vars:
     # Specify the path where the Ansible roles are located
-    ANSIBLE_ROLE_PATH: /path/to/roles
+    - key: ANSIBLE_ROLE_PATH 
+      value: /path/to/roles
     # Specify the path where the Ansible collections are located
-    ANSIBLE_COLLECTION_PATH: /path/to/collections
+    - key: ANSIBLE_COLLECTION_PATH 
+      value: /path/to/collections
 ```
 
 ## AnsibleRun Lifecycle
@@ -456,7 +448,8 @@ metadata:
     ansible.crossplane.io/runPolicy: ObserveAndDelete
 spec:
   forProvider:
-    role: sample_namespace.openshift_cluster
+    roles:
+    - sample_namespace.openshift_cluster
     vars:
       ocpVersion: "4.8.27"
       platform: "x"
@@ -495,7 +488,7 @@ In future release, we should allow users to use arbitrary name for the variable
 
 This policy can be used when the Ansible modules that you use in your Ansible roles or playbooks support check mode. According to Ansible documents, check mode is a way for Ansible to do a "Dry Run". In check mode, Ansible runs without making any changes on remote systems. Modules that support check mode report the changes they would have made.
 
-When this policy is applied, the provider will run the Ansible contents in `Observe()` but using check mode. This will not apply any real change on target system, but is only used to detect changes between the actual state on target system and the desired state defined in `AnsibleRun` resource. If any change is detected, the provider will then trigger `Create()` or `Update()` to kick off the actual run of the same set of Ansible contents. It makes no difference from the provider side which lifecycle method to choose in this case, `Create()` or `Update()`, because the provider will defer to the Ansible contents to determine whether it is a create or update operation. For the call of `Delete()`, as previously discussed, it is triggered when the `AnsibleRun` resource is deleted.
+When this policy is applied, the provider will run the Ansible contents in `Observe()` but using check mode. This will not apply any real change on target system, but is only used to detect changes between the actual state on target system and the desired state defined in `AnsibleRun` resource. If any change is detected, the provider will then trigger `Update()` to kick off the actual run of the same set of Ansible contents. Then, the `ansible-runner` will determine whether it is a create or update operation. For the call of `Delete()`, as previously discussed, it is triggered when the `AnsibleRun` resource is deleted.
 
 ![](images/ansible-run-policy-2.png)
 
@@ -510,7 +503,8 @@ metadata:
     ansible.crossplane.io/runPolicy: CheckWhenObserve
 spec:
   forProvider:
-    role: sample_namespace.sample_role
+    roles:
+    - sample_namespace.sample_role
   providerConfigRef:
     name: provider-config-example
 ```
@@ -581,5 +575,5 @@ The following list includes the major features that are discussed in this docume
 - ✅ Credentials
 - ✅ Requirements
 - ✅ Variables
-- ❎ Ansible Run Policy: ObserveAndDelete
-- ❎ Ansible Run Policy: CheckWhenObserve
+- ✅ Ansible Run Policy: ObserveAndDelete
+- ✅ Ansible Run Policy: CheckWhenObserve

go.mod

@@ -4,85 +4,83 @@ go 1.19
 
 require (
 	github.com/apenella/go-ansible v1.1.7
-	github.com/crossplane/crossplane-runtime v0.18.0
+	github.com/crossplane/crossplane-runtime v0.19.0
 	github.com/crossplane/crossplane-tools v0.0.0-20220310165030-1f43fc12793e
 	github.com/google/go-cmp v0.5.9
 	github.com/spf13/afero v1.9.3
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6
 	gopkg.in/yaml.v2 v2.4.0
 	gotest.tools/v3 v3.4.0
-	k8s.io/api v0.25.4
-	k8s.io/apimachinery v0.25.4
-	sigs.k8s.io/controller-runtime v0.12.3
-	sigs.k8s.io/controller-tools v0.10.0
+	k8s.io/api v0.26.1
+	k8s.io/apimachinery v0.26.1
+	sigs.k8s.io/controller-runtime v0.14.1
+	sigs.k8s.io/controller-tools v0.11.1
 )
 
 require (
-	github.com/PuerkitoBio/purell v1.1.1 // indirect
-	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
 	github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
 	github.com/alecthomas/units v0.0.0-20210912230133-d1bdfacee922 // indirect
 	github.com/apenella/go-common-utils/error v0.0.0-20210528133155-34ba915e28c8 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/dave/jennifer v1.4.1 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/emicklei/go-restful/v3 v3.8.0 // indirect
-	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
+	github.com/emicklei/go-restful/v3 v3.9.0 // indirect
+	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/fatih/color v1.13.0 // indirect
-	github.com/fsnotify/fsnotify v1.5.4 // indirect
+	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/go-logr/logr v1.2.3 // indirect
 	github.com/go-logr/zapr v1.2.3 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
-	github.com/go-openapi/jsonreference v0.19.5 // indirect
+	github.com/go-openapi/jsonreference v0.20.0 // indirect
 	github.com/go-openapi/swag v0.19.15 // indirect
-	github.com/gobuffalo/flect v0.2.5 // indirect
+	github.com/gobuffalo/flect v0.3.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/gnostic v0.5.7-v3refs // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
-	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/inconshreveable/mousetrap v1.0.1 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.9 // indirect
 	github.com/mattn/go-isatty v0.0.14 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.2 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/prometheus/client_golang v1.12.2 // indirect
-	github.com/prometheus/client_model v0.2.0 // indirect
-	github.com/prometheus/common v0.32.1 // indirect
-	github.com/prometheus/procfs v0.7.3 // indirect
-	github.com/spf13/cobra v1.4.0 // indirect
+	github.com/prometheus/client_golang v1.14.0 // indirect
+	github.com/prometheus/client_model v0.3.0 // indirect
+	github.com/prometheus/common v0.37.0 // indirect
+	github.com/prometheus/procfs v0.8.0 // indirect
+	github.com/spf13/cobra v1.6.1 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	go.uber.org/atomic v1.9.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect
-	go.uber.org/zap v1.21.0 // indirect
-	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
-	golang.org/x/net v0.0.0-20220722155237-a158d28d115b // indirect
-	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
-	golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect
-	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
-	golang.org/x/text v0.3.7 // indirect
-	golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect
-	golang.org/x/tools v0.1.12 // indirect
+	go.uber.org/zap v1.24.0 // indirect
+	golang.org/x/mod v0.7.0 // indirect
+	golang.org/x/net v0.4.0 // indirect
+	golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect
+	golang.org/x/sys v0.3.0 // indirect
+	golang.org/x/term v0.3.0 // indirect
+	golang.org/x/text v0.5.0 // indirect
+	golang.org/x/time v0.3.0 // indirect
+	golang.org/x/tools v0.4.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.28.0 // indirect
+	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiextensions-apiserver v0.25.0 // indirect
-	k8s.io/client-go v0.25.4 // indirect
-	k8s.io/component-base v0.25.0 // indirect
-	k8s.io/klog/v2 v2.70.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect
-	k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect
+	k8s.io/apiextensions-apiserver v0.26.1 // indirect
+	k8s.io/client-go v0.26.1 // indirect
+	k8s.io/component-base v0.26.1 // indirect
+	k8s.io/klog/v2 v2.80.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect
+	k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 // indirect
 	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect