[edpm_image_build] Copy certificates based on regexes

[pablintino]

To avoid assuming the source certificate to copy into the diskimage-builder has a specific name just use the system CAs chain and allow the user to provide some regexes to select which CAs should be copied.

[softwarefactory-project-zuul]

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/91e7a27003d84220a087735093d190dc

✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 39m 27s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 12m 36s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 19m 52s
✔️ noop SUCCESS in 0s
❌ cifmw-pod-ansible-test FAILURE in 5m 48s
✔️ cifmw-pod-pre-commit SUCCESS in 7m 24s
✔️ cifmw-content-provider-build-images SUCCESS in 23m 26s
✔️ cifmw-edpm-build-images SUCCESS in 22m 20s
✔️ ci-framework-openstack-meta-content-provider SUCCESS in 13m 05s
✔️ build-push-container-cifmw-client SUCCESS in 23m 20s
✔️ cifmw-molecule-edpm_build_images SUCCESS in 5m 15s

[softwarefactory-project-zuul]

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/0f9726fc52c2422280e4878d9dd28879

✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 43m 01s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 13m 34s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 29m 22s
✔️ noop SUCCESS in 0s
❌ cifmw-pod-ansible-test FAILURE in 5m 28s
❌ cifmw-pod-pre-commit FAILURE in 7m 19s
✔️ cifmw-content-provider-build-images SUCCESS in 14m 50s
✔️ cifmw-edpm-build-images SUCCESS in 22m 02s
❌ ci-framework-openstack-meta-content-provider FAILURE in 12m 15s
✔️ build-push-container-cifmw-client SUCCESS in 21m 58s
✔️ cifmw-molecule-edpm_build_images SUCCESS in 5m 24s

[lewisdenny]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: lewisdenny

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [lewisdenny]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[evallesp]

Minor commit suggestion. LGTM!

[frenzyfriday]

/lgtm

I did not know about the ldap filters (so I googled that). Will we need to add more filters like dc_filter later on (I am not sure if that is even a filter - just saw it somewhere)?

[bshewale]

Do we have coverage to test this change because i have seen the jobs ran in the tide here https://logserver.rdoproject.org/73/2673/04d74241fbc5700accd07880c8cc424aa0bd97d4/github-check/cifmw-edpm-build-images/404ed41/job-output.txt but it's not testing the change as may be the when condition has been false.

[pablintino]

Do we have coverage to test this change because i have seen the jobs ran in the tide here https://logserver.rdoproject.org/73/2673/04d74241fbc5700accd07880c8cc424aa0bd97d4/github-check/cifmw-edpm-build-images/404ed41/job-output.txt but it's not testing the change as may be the when condition has been false.

Yeah, in upstream the entire yaml file is not executed. We do need it in DS, but the jobs are already blocked, thus this change.
About coverage, there's a test to test the module itself that should catch almost all the python module related faults.

[pablintino]

/lgtm

I did not know about the ldap filters (so I googled that). Will we need to add more filters like dc_filter later on (I am not sure if that is even a filter - just saw it somewhere)?

Oh, what a casualty in naming, this has nothing to do with LDAP DNs but with x509 certificates.