Remove legacy test setup (#191)

* skip additional lint rules in integration tests

* remove legacy test stuff, cleanup aliases and meta deps

* CI changes for removing legacy integration

* cleanup comments

* update docs and sample

* add changelog for #191

.github/workflows/ansible-test.yml

@@ -293,7 +293,7 @@ jobs:
 
   local_test_invocation:
     runs-on: ${{ matrix.runner }}
-    name: LI - ${{ matrix.runner }} [${{ matrix.docker && '+' || '-' }}d4r] (Ⓐ${{ matrix.ansible }}+py${{ matrix.python }})
+    name: LI - ${{ matrix.runner }} (Ⓐ${{ matrix.ansible }}+py${{ matrix.python }})
     env:
       # needed to prevent Ansible crashing on MacOS
       OBJC_DISABLE_INITIALIZE_FORK_SAFETY: 'YES'
@@ -303,18 +303,18 @@ jobs:
         ansible:
           - stable-2.12
         python:
-          - 3.8
+          - 3.9
         runner:
           - ubuntu-latest
-          - macos-latest
+          - macos-10.15
+          # macos-11 will not support virtualbox, so we can't run docker
+          # when macos-10.15 support is dropped we will have to stop testing on it
+          # unless a solution for docker/virtualbox is found.
+          # See also:
+          # - https://github.com/actions/virtual-environments/issues/4060
+          # - https://github.com/actions/virtual-environments/pull/4010
         test_container:
           - default
-        docker:
-          - true
-          - false
-        exclude:
-          - runner: ubuntu-latest
-            docker: false
 
     steps:
       - name: Initialize env vars
@@ -352,59 +352,28 @@ jobs:
         with:
           collection: community.docker
 
-      - name: Install community.general
-        uses: ./.github/actions/collection-via-git
-        if: ${{ matrix.runner == 'macos-latest' }}  # we need community.general.homebrew
-        with:
-          collection: community.general
-
-      - name: legacy integration - use sample integration_config
-        working-directory: ${{ env.COLLECTION_INTEGRATION_PATH }}
-        run: |
-          cp "integration_config.yml.sample" "integration_config.yml"
-          echo -e "\n\ngithub_token: ${{ secrets.GITHUB_TOKEN }}" >> "integration_config.yml"
-
-      - name: legacy integration - venv
-        if: ${{ matrix.runner != 'macos-latest' || !matrix.docker }}
-        run: ansible-test integration -v --color --retry-on-error --continue-on-error --python ${{ matrix.python }} --venv --requirements --allow-destructive #--coverage
-        working-directory: ${{ env.COLLECTION_PATH }}
-
       - name: Install Docker on MacOS
-        if: ${{ matrix.runner == 'macos-latest' && matrix.docker }}
+        if: ${{ startsWith(matrix.runner, 'macos') }}
         timeout-minutes: 6
         # sometimes this hangs forever waiting for an IP
         uses: ./.github/actions/macos-docker
 
       - name: Pull Ansible test images
-        if: ${{ matrix.docker }}
         timeout-minutes: 5
         continue-on-error: true
         uses: ./.github/actions/pull-ansible-test-images
         with:
           working-directory: ${{ env.COLLECTION_PATH }}
           ansible-test-invocation: ${{ env.DOCKER_TEST_INVOCATION }}
 
-      - name: legacy integration - docker
-        if: ${{ matrix.docker }}
-        run: |
-          ansible-test ${{ env.DOCKER_TEST_INVOCATION }}
-        working-directory: ${{ env.COLLECTION_PATH }}
-
-      - name: legacy integration - remove integration_config
-        if: ${{ matrix.docker }}
-        working-directory: ${{ env.COLLECTION_INTEGRATION_PATH }}
-        run: rm -f "integration_config.yml"
-
       - name: localenv_docker - setup
-        if: ${{ matrix.docker }}
         run: |
           pwd
           pip install -r files/requirements/requirements.txt -c files/requirements/constraints.txt
           ./setup.sh
         working-directory: ${{ env.COLLECTION_INTEGRATION_TARGETS }}/setup_localenv_docker
 
       - name: localenv_docker - Run integration test (in docker)
-        if: ${{ matrix.docker }}
         run: |
           ansible-test ${{ env.DOCKER_TEST_INVOCATION }} --docker-network hashi_vault_default
         working-directory: ${{ env.COLLECTION_PATH }}

changelogs/fragments/191-remove-legacy-integration.yml

@@ -0,0 +1,3 @@
+---
+removed_features:
+  - the "legacy" integration test setup has been removed; this does not affect end users and is only relevant to contributors (https://github.com/ansible-collections/community.hashi_vault/pull/191).

docs/docsite/rst/contributor_guide.rst

@@ -83,64 +83,17 @@ First, :ref:`review the guidance on testing collections <testing_collections>`,
 Integration Tests
 -----------------
 
-Unlike other collections, we now require an `integration_config.yml <https://docs.ansible.com/ansible/latest/dev_guide/testing_integration.html#integration-config-yml>`_ file for properly running integration tests, as the tests require external dependencies (like a Vault server) and they need to know where to find those dependencies.
+Unlike other collections, we require an `integration_config.yml <https://docs.ansible.com/ansible/latest/dev_guide/testing_integration.html#integration-config-yml>`_ file for properly running integration tests, as the tests require external dependencies (like a Vault server) and they need to know where to find those dependencies.
 
-If you have contributed to this collection or to the ``hashi_vault`` lookup plugin in the past, you might remember that the integration tests used to download, extract, and run a Vault server during the course of the tests, by default. This **legacy mode** is not recommended but is still available (for now) via opt-in.
+If you have contributed to this collection or to the ``hashi_vault`` lookup plugin in the past, you might remember that the integration tests used to download, extract, and run a Vault server during the course of the tests, by default. This *legacy mode* is **no longer available**.
 
-.. note::
-
-  Legacy mode is not recommended because a new Vault server and proxy server will be downloaded, set up, configured, and/or uninstalled, for every *target*. Historically, we only had one target, and so it was a good way to go, but that's no longer true. This will make it slower and slower as more targets are added because you will incur the overhead on every target, in every run.
-
-  Skip to :ref:`ansible_collections.community.hashi_vault.docsite.contributor_guide.localenv_docker` for a method that is nearly as easy as legacy mode, and far more efficient (docker-compose).
-
-Legacy mode
-^^^^^^^^^^^
-
-To get started quickly without having to set anything else, you can use legacy mode by copying the included integration config sample:
-
-.. code-block:: shell-session
-
-    $ cp tests/integration/integration_config.yml.sample tests/integration/integration_config.yml
-
-That file has everything configured to be able to run the integration tests and have them set up the dependencies for you.
-
-.. warning::
-
-  Legacy mode uses the GitHub API to figure out the latest version of HashiCorp Vault. This API has a `strict rate limit <https://docs.github.com/en/rest/overview/resources-in-the-rest-api#rate-limiting>`_ on anonymous requests and it's easy to hit that limit. You may set ``github_token`` within ``integration_config.yml`` to provide a token to use, which will give a much higher limit, however if you find yourself hitting the limit, it's probably easier to instead set ``vault_version`` to a specific version, which avoids the API call altogether.
-
-You will also need the following additional Ansible collections:
-
-* `community.crypto <https://galaxy.ansible.com/community/crypto>`_
-* `community.general <https://galaxy.ansible.com/community/general>`_ (MacOS local/venv only)
-
-Running legacy mode tests in docker (**recommended**):
-
-.. code-block:: shell-session
-
-    $ ansible-test integration --docker default -v
-
-Running legacy mode tests in a controlled python virtual environment (**not recommended**):
-
-.. code-block:: shell-session
-
-    $ ansible-test integration --venv --requirements --allow-destructive -v
-
-.. warning::
-
-  In legacy mode, your system packages may be manipulated by running locally or in a venv (not in docker).
-
-If you must use legacy mode testing, you can make it more efficient by limiting your test run to the specific target needed, to avoid the overhead of creating and destroying the dependencies for each target. For example:
-
-.. code-block:: shell-session
-
-    $ ansible-test integration --docker default -v lookup_hashi_vault
 
 .. _ansible_collections.community.hashi_vault.docsite.contributor_guide.localenv_docker:
 
 Docker Compose localenv
 ^^^^^^^^^^^^^^^^^^^^^^^
 
-The recommended way to run the tests has Vault and tinyproxy running in their own containers, set up via docker-compose, and the integration tests run in their own container separately.
+The recommended way to run the tests has Vault and other dependencies running in their own containers, set up via docker-compose, and the integration tests run in their own container separately.
 
 We have a pre-defined "localenv" setup role for this purpose.
 

docs/docsite/rst/localenv_developer_guide.rst

@@ -40,8 +40,7 @@ Relevant ``integration_config.yml`` variables
   "``vault_test_server_http``", "``http://myvault:8200``", "The full HTTP URL of your Vault test server."
   "``vault_test_server_https``", "``https://myvault:8300``", "The full HTTPS URL of your Vault test server."
   "``vault_dev_root_token_id``", "``3ee9a1f7-f115-4f7c-90a3-d3c73361bcb5``", "The root token used to authenticate to Vault."
-  "``vault_version``", "``1.7.3``", "The desired version of Vault to download (only used by legacy setup). Can use the value ``latest``."
-  "``vault_integration_legacy``", "``false``", "When ``true`` legacy integration will be used (see legacy section)."
+  "``vault_version``", "``1.7.3``", "The version of Vault in use (usually this is written by a localenv, so a value set manually is not used anywhere)."
   "``vault_cert_content``", "``-----BEGIN CERTIFICATE-----<snip>``", "The public cert of the CA that signed the cert used for Vault's TLS listener (or the cert itself if self-signed)."
 
 
@@ -69,4 +68,4 @@ localenv role conventions
 * Consider providing a ``setup.sh`` to avoid having to manually run ``ansible-`` commands. It should ideally operate correctly regardless of the current working directory.
 * Generate a usable ``integration_config.yml`` that allows for using the result of the localenv. Generate it within the role output, not outside the role. Copy it to the right location, but do not overwrite an existing one.
 * If the role has external dependencies, try to codify those in file(s) that can be used by the right tool, like ``requirements.yml`` for ``ansible-galaxy``, etc.
-* localenv roles are meant to run **outside** of the ``ansible-test`` environment, but they can make (re)use of other roles; for example a localenv that seeks to run Vault directly on the local machine could reuse the setup roles for downloading and launching Vault that are used (within the test environment) by the legacy integration.
+* localenv roles are meant to run **outside** of the ``ansible-test`` environment, but they can make (re)use of other roles.

tests/integration/.ansible-lint

@@ -5,3 +5,6 @@ skip_list:
   - truthy
   - var-naming
   - meta-no-info
+  - ignore-errors
+  - risky-file-permissions
+  - command-instead-of-shell

tests/integration/integration_config.yml.sample

@@ -1,10 +1,12 @@
-# copy this file to integration_config.yml to use the legacy style all-in-one setup
-# for best results, consider a different localenv setup.
-# See the additional documentation at https://docs.ansible.com/ansible/devel/collections/community/hashi_vault/
+# Running integration tests requires you set up an integration_config.yml that
+# tells the tests where to find Vault and other dependencies.
+# See the contributor guide at:
+# https://docs.ansible.com/ansible/devel/collections/community/hashi_vault/docsite/contributor_guide.html#integration-tests
 ---
-# With legacy integration mode, vault_version should be a specific version, or the special value "latest".
+# this is just a small sample of what the file looks like,
+# this file is not valid on its own. See the guide for details.
+
 vault_version: latest
-vault_integration_legacy: true
 
 vault_dev_root_token_id: 47542cbc-6bf8-4fba-8eda-02e0a0d29a0a
 

tests/integration/targets/auth_approle/aliases

@@ -1,6 +1,2 @@
 vault/auth/approle
 context/target
-needs/target/setup_vault_legacy
-needs/target/setup_vault_test_plugins
-needs/target/setup_vault_configure
-skip/python2.6  # Python 2.6 is not supported by the collection

tests/integration/targets/auth_approle/meta/main.yml

@@ -1,4 +1,4 @@
 ---
 dependencies:
-  - setup_vault_legacy
+  - setup_vault_test_plugins
   - setup_vault_configure

tests/integration/targets/auth_cert/aliases

@@ -1,6 +1,2 @@
 vault/auth/cert
 context/target
-needs/target/setup_vault_legacy
-needs/target/setup_vault_test_plugins
-needs/target/setup_vault_configure
-skip/python2.6  # Python 2.6 is not supported by the collection

tests/integration/targets/auth_cert/meta/main.yml

@@ -1,5 +1,5 @@
 ---
 dependencies:
+  - setup_vault_test_plugins
   - setup_cert_content
-  - setup_vault_legacy
   - setup_vault_configure

tests/integration/targets/auth_jwt/aliases

@@ -1,6 +1,2 @@
 vault/auth/jwt
 context/target
-needs/target/setup_vault_legacy
-needs/target/setup_vault_test_plugins
-needs/target/setup_vault_configure
-skip/python2.6  # Python 2.6 is not supported by the collection

tests/integration/targets/auth_jwt/meta/main.yml

@@ -1,4 +1,4 @@
 ---
 dependencies:
-  - setup_vault_legacy
+  - setup_vault_test_plugins
   - setup_vault_configure

tests/integration/targets/auth_none/aliases

@@ -1,6 +1,2 @@
 vault/auth/none
 context/target
-needs/target/setup_vault_legacy
-needs/target/setup_vault_test_plugins
-needs/target/setup_vault_configure
-skip/python2.6  # Python 2.6 is not supported by the collection

tests/integration/targets/auth_none/meta/main.yml

@@ -1,4 +1,3 @@
 ---
 dependencies:
-  - setup_vault_legacy
   - setup_vault_test_plugins

tests/integration/targets/auth_token/aliases

@@ -1,6 +1,2 @@
 vault/auth/token
 context/target
-needs/target/setup_vault_legacy
-needs/target/setup_vault_test_plugins
-needs/target/setup_vault_configure
-skip/python2.6  # Python 2.6 is not supported by the collection

tests/integration/targets/auth_token/meta/main.yml

@@ -1,4 +1,4 @@
 ---
 dependencies:
-  - setup_vault_legacy
+  - setup_vault_test_plugins
   - setup_vault_configure

tests/integration/targets/connection_options/meta/main.yml

@@ -2,4 +2,3 @@
 dependencies:
   - setup_vault_test_plugins
   - setup_cert_content
-  - setup_vault_legacy

tests/integration/targets/lookup_hashi_vault/aliases

@@ -1,4 +1 @@
-skip/python2.6  # Python 2.6 is not supported by the collection
-needs/target/setup_vault_legacy
-needs/target/setup_vault_test_plugins
-needs/target/setup_vault_configure
+# empty

tests/integration/targets/lookup_hashi_vault/meta/main.yml

@@ -1,6 +1,4 @@
 ---
 dependencies:
   - setup_vault_test_plugins
-  - setup_cert_content
-  - setup_vault_legacy
   - setup_vault_configure

tests/integration/targets/lookup_vault_read/aliases

@@ -1,4 +1 @@
-skip/python2.6  # Python 2.6 is not supported by the collection
-needs/target/setup_vault_legacy
-needs/target/setup_vault_test_plugins
-needs/target/setup_vault_configure
+# empty

tests/integration/targets/lookup_vault_read/meta/main.yml

@@ -1,6 +1,4 @@
 ---
 dependencies:
   - setup_vault_test_plugins
-  - setup_cert_content
-  - setup_vault_legacy
   - setup_vault_configure

tests/integration/targets/module_vault_read/aliases

@@ -1,5 +1 @@
 context/target
-skip/python2.6  # Python 2.6 is not supported by the collection
-needs/target/setup_vault_legacy
-needs/target/setup_vault_test_plugins
-needs/target/setup_vault_configure

tests/integration/targets/module_vault_read/meta/main.yml

@@ -1,6 +1,4 @@
 ---
 dependencies:
   - setup_vault_test_plugins
-  - setup_cert_content
-  - setup_vault_legacy
   - setup_vault_configure