Assured dependency installed collections are isolated (#2875)

molecule/dependency/base.py

@@ -20,6 +20,7 @@
 """Base Dependency Module."""
 
 import abc
+import os
 import time
 
 import sh
@@ -95,13 +96,19 @@ def default_options(self):  # pragma: no cover
         :return: dict
         """
 
-    @abc.abstractproperty
+    @property
     def default_env(self):  # pragma: no cover
         """
         Get default env variables provided to ``cmd`` as a dict.
 
         :return: dict
         """
+        env = util.merge_dicts(os.environ, self._config.env)
+        # inject ephemeral_directory on top of path
+        env[self._config.ansible_collections_path] = os.path.join(
+            self._config.scenario.ephemeral_directory, "collections"
+        )
+        return env
 
     @property
     def name(self):

molecule/dependency/shell.py

@@ -19,12 +19,11 @@
 #  DEALINGS IN THE SOFTWARE.
 """Shell Dependency Module."""
 
-import os
 import shlex
 
 import sh
 
-from molecule import logger, util
+from molecule import logger
 from molecule.dependency import base
 
 LOG = logger.get_logger(__name__)
@@ -87,10 +86,6 @@ def command(self):
     def default_options(self):
         return {}
 
-    @property
-    def default_env(self):
-        return util.merge_dicts(os.environ, self._config.env)
-
     def bake(self):
         """
         Bake a ``shell`` command so it's ready to execute and returns None.

molecule/provisioner/ansible.py

@@ -411,6 +411,9 @@ def default_options(self):
     def default_env(self):
         # Finds if the current project is part of an ansible_collections hierarchy
         collection_indicator = "ansible_collections"
+        # isolating test environment by injects ephemeral scenario directory on
+        # top of the collection_path_list. This prevents dependency commands
+        # from installing dependencies to user list of collections.
         collections_path_list = [
             util.abs_path(
                 os.path.join(self._config.scenario.ephemeral_directory, "collections")

molecule/test/functional/test_command.py

@@ -18,13 +18,9 @@
 #  FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 #  DEALINGS IN THE SOFTWARE.
 
-import os
-
 import pytest
 import sh
 
-from molecule.scenario import ephemeral_directory
-
 
 @pytest.fixture
 def scenario_to_test(request):
@@ -103,45 +99,21 @@ def test_command_create(scenario_to_test, with_scenario, scenario_name):
 @pytest.mark.parametrize(
     "scenario_to_test, driver_name, scenario_name",
     [
-        ("dependency", "delegated", "ansible-galaxy"),
+        pytest.param("dependency", "delegated", "shell", id="shell"),
+        pytest.param("dependency", "delegated", "ansible-galaxy", id="galaxy"),
     ],
     indirect=["scenario_to_test", "driver_name", "scenario_name"],
 )
-def test_command_dependency_ansible_galaxy(
-    request, scenario_to_test, with_scenario, scenario_name
-):
-    options = {"scenario_name": scenario_name}
-    cmd = sh.molecule.bake("dependency", **options)
-    pytest.helpers.run_command(cmd)
-
-    # Not testing the outcome because we dot effectively install any role,
-    # currently we cannot do this in offline mode.
-    # dependency_role = os.path.join(
-    #     ephemeral_directory("molecule"),
-    #     "dependency",
-    #     "ansible-galaxy",
-    #     "roles",
-    #     "timezone",
-    # )
-    # assert os.path.isdir(dependency_role)
-
-
-@pytest.mark.parametrize(
-    "scenario_to_test, driver_name, scenario_name",
-    [("dependency", "delegated", "shell")],
-    indirect=["scenario_to_test", "driver_name", "scenario_name"],
-)
-def test_command_dependency_shell(
-    request, scenario_to_test, with_scenario, scenario_name
-):
+def test_command_dependency(request, scenario_to_test, with_scenario, scenario_name):
     options = {"scenario_name": scenario_name}
     cmd = sh.molecule.bake("dependency", **options)
-    pytest.helpers.run_command(cmd)
+    result = pytest.helpers.run_command(cmd, log=False)
+    assert result.exit_code == 0
 
-    dependency_role = os.path.join(
-        ephemeral_directory("molecule"), "dependency", "shell", "roles", "timezone"
-    )
-    assert os.path.isdir(dependency_role)
+    # Validate that depdendency worked by running converge, which make use
+    cmd = sh.molecule.bake("converge", **options)
+    result = pytest.helpers.run_command(cmd, log=False)
+    assert result.exit_code == 0
 
 
 @pytest.mark.extensive

molecule/test/scenarios/dependency/molecule/ansible-galaxy/converge.yml

@@ -2,5 +2,8 @@
 - name: Converge
   hosts: all
   gather_facts: false
-  roles:
-    - molecule
+  tasks:
+
+    - name: Validate that collection was installed
+      debug:
+        msg: "{{ 'foo' | community.molecule.header }}"

molecule/test/scenarios/dependency/molecule/ansible-galaxy/requirements.yml

@@ -1,2 +1,4 @@
 # See https://docs.ansible.com/ansible/latest/galaxy/user_guide.html#installing-roles-and-collections-from-the-same-requirements-yml-file
-[]
+collections:
+  - community.molecule
+roles: []

molecule/test/scenarios/dependency/molecule/shell/converge.yml

@@ -2,5 +2,8 @@
 - name: Converge
   hosts: all
   gather_facts: false
-  roles:
-    - molecule
+  tasks:
+
+    - name: Validate that collection was installed
+      debug:
+        msg: "{{ 'foo' | community.molecule.header }}"

molecule/test/scenarios/dependency/molecule/shell/molecule.yml

@@ -1,7 +1,8 @@
 ---
 dependency:
   name: shell
-  command: $MOLECULE_SCENARIO_DIRECTORY/run.bash
+  command: >
+    ansible-galaxy collection install -p "${MOLECULE_EPHEMERAL_DIRECTORY}/collections" community.molecule
 driver:
   name: delegated
 platforms: