summaryrefslogtreecommitdiffstats
path: root/collections-debian-merged/ansible_collections/community/okd/molecule
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-14 20:03:01 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-14 20:03:01 +0000
commita453ac31f3428614cceb99027f8efbdb9258a40b (patch)
treef61f87408f32a8511cbd91799f9cececb53e0374 /collections-debian-merged/ansible_collections/community/okd/molecule
parentInitial commit. (diff)
downloadansible-a453ac31f3428614cceb99027f8efbdb9258a40b.tar.xz
ansible-a453ac31f3428614cceb99027f8efbdb9258a40b.zip
Adding upstream version 2.10.7+merged+base+2.10.8+dfsg.upstream/2.10.7+merged+base+2.10.8+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'collections-debian-merged/ansible_collections/community/okd/molecule')
-rw-r--r--collections-debian-merged/ansible_collections/community/okd/molecule/default/README.md19
-rw-r--r--collections-debian-merged/ansible_collections/community/okd/molecule/default/converge.yml99
-rw-r--r--collections-debian-merged/ansible_collections/community/okd/molecule/default/destroy.yml6
-rw-r--r--collections-debian-merged/ansible_collections/community/okd/molecule/default/files/crd-resource.yml21
-rw-r--r--collections-debian-merged/ansible_collections/community/okd/molecule/default/files/example.env9
-rw-r--r--collections-debian-merged/ansible_collections/community/okd/molecule/default/files/kuard-extra-property.yml22
-rw-r--r--collections-debian-merged/ansible_collections/community/okd/molecule/default/files/kuard-invalid-type.yml21
-rw-r--r--collections-debian-merged/ansible_collections/community/okd/molecule/default/files/nginx.env12
-rw-r--r--collections-debian-merged/ansible_collections/community/okd/molecule/default/files/setup-crd.yml15
-rw-r--r--collections-debian-merged/ansible_collections/community/okd/molecule/default/files/simple-template.yaml34
-rw-r--r--collections-debian-merged/ansible_collections/community/okd/molecule/default/molecule.yml46
-rw-r--r--collections-debian-merged/ansible_collections/community/okd/molecule/default/prepare.yml60
-rw-r--r--collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/openshift_auth.yml51
-rw-r--r--collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/openshift_process.yml164
-rw-r--r--collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/openshift_route.yml240
-rw-r--r--collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/validate_installed.yml123
-rw-r--r--collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/validate_not_installed.yml25
-rw-r--r--collections-debian-merged/ansible_collections/community/okd/molecule/default/vars/main.yml94
-rw-r--r--collections-debian-merged/ansible_collections/community/okd/molecule/default/verify.yml80
19 files changed, 1141 insertions, 0 deletions
diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/README.md b/collections-debian-merged/ansible_collections/community/okd/molecule/default/README.md
new file mode 100644
index 00000000..153dfa51
--- /dev/null
+++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/README.md
@@ -0,0 +1,19 @@
+Wait tests
+----------
+
+wait tests require at least one node, and don't work on the normal k8s
+openshift-origin container as provided by ansible-test --docker -v k8s
+
+minikube, Kubernetes from Docker or any other Kubernetes service will
+suffice.
+
+If kubectl is already using the right config file and context, you can
+just do
+
+```
+cd tests/integration/targets/okd
+./runme.sh -vv
+```
+
+otherwise set one or both of `K8S_AUTH_KUBECONFIG` and `K8S_AUTH_CONTEXT`
+and use the same command
diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/converge.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/converge.yml
new file mode 100644
index 00000000..7fe9e820
--- /dev/null
+++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/converge.yml
@@ -0,0 +1,99 @@
+---
+- name: Converge
+ hosts: localhost
+ connection: local
+ gather_facts: no
+ vars:
+ ansible_python_interpreter: '{{ virtualenv_interpreter }}'
+ vars_files:
+ - vars/main.yml
+ tasks:
+ # OpenShift Resources
+ - name: Create a project
+ community.okd.k8s:
+ name: testing
+ kind: Project
+ api_version: project.openshift.io/v1
+ apply: no
+ register: output
+
+ - name: show output
+ debug:
+ var: output
+
+ - name: Create deployment config
+ community.okd.k8s:
+ state: present
+ name: hello-world
+ namespace: testing
+ definition: '{{ okd_dc_template }}'
+ wait: yes
+ wait_condition:
+ type: Available
+ status: True
+ vars:
+ k8s_pod_name: hello-world
+ k8s_pod_image: python
+ k8s_pod_command:
+ - python
+ - '-m'
+ - http.server
+ k8s_pod_env:
+ - name: TEST
+ value: test
+ okd_dc_triggers:
+ - type: ConfigChange
+ register: output
+
+ - name: Show output
+ debug:
+ var: output
+
+ - vars:
+ image: docker.io/python
+ image_name: python
+ image_tag: latest
+ k8s_pod_image: python
+ k8s_pod_command:
+ - python
+ - '-m'
+ - http.server
+ namespace: idempotence-testing
+ block:
+ - name: Create a namespace
+ community.okd.k8s:
+ name: '{{ namespace }}'
+ kind: Namespace
+ api_version: v1
+
+ - name: Create imagestream
+ community.okd.k8s:
+ namespace: '{{ namespace }}'
+ definition: '{{ okd_imagestream_template }}'
+
+ - name: Create DeploymentConfig to reference ImageStream
+ community.okd.k8s:
+ name: '{{ k8s_pod_name }}'
+ namespace: '{{ namespace }}'
+ definition: '{{ okd_dc_template }}'
+ vars:
+ k8s_pod_name: is-idempotent-dc
+
+ - name: Create Deployment to reference ImageStream
+ community.okd.k8s:
+ name: '{{ k8s_pod_name }}'
+ namespace: '{{ namespace }}'
+ definition: '{{ k8s_deployment_template | combine(metadata) }}'
+ vars:
+ k8s_pod_annotations:
+ "alpha.image.policy.openshift.io/resolve-names": "*"
+ k8s_pod_name: is-idempotent-deployment
+ annotation:
+ - from:
+ kind: ImageStreamTag
+ name: "{{ image_name }}:{{ image_tag}}}"
+ fieldPath: 'spec.template.spec.containers[?(@.name=="{{ k8s_pod_name }}")].image}'
+ metadata:
+ metadata:
+ annotations:
+ image.openshift.io/triggers: '{{ annotation | to_json }}'
diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/destroy.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/destroy.yml
new file mode 100644
index 00000000..0bd583e1
--- /dev/null
+++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/destroy.yml
@@ -0,0 +1,6 @@
+---
+- name: Destroy
+ hosts: localhost
+ connection: local
+ gather_facts: no
+ tasks: []
diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/crd-resource.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/crd-resource.yml
new file mode 100644
index 00000000..23d0663c
--- /dev/null
+++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/crd-resource.yml
@@ -0,0 +1,21 @@
+---
+apiVersion: certmanager.k8s.io/v1alpha1
+kind: Certificate
+metadata:
+ name: acme-crt
+spec:
+ secretName: acme-crt-secret
+ dnsNames:
+ - foo.example.com
+ - bar.example.com
+ acme:
+ config:
+ - ingressClass: nginx
+ domains:
+ - foo.example.com
+ - bar.example.com
+ issuerRef:
+ name: letsencrypt-prod
+ # We can reference ClusterIssuers by changing the kind here.
+ # The default value is Issuer (i.e. a locally namespaced Issuer)
+ kind: Issuer
diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/example.env b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/example.env
new file mode 100644
index 00000000..f98f7d9e
--- /dev/null
+++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/example.env
@@ -0,0 +1,9 @@
+#
+NAME=example
+# Multiline values shouldn't break things
+export CONTENT=This is a long message\
+ that may take one or more lines to parse\
+ but should still work without issue
+
+# This shouldn't throw an error
+UNUSED=
diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/kuard-extra-property.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/kuard-extra-property.yml
new file mode 100644
index 00000000..1da160b3
--- /dev/null
+++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/kuard-extra-property.yml
@@ -0,0 +1,22 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app: kuard
+ name: kuard
+ namespace: default
+spec:
+ replicas: 3
+ selector:
+ matchLabels:
+ app: kuard
+ unwanted: value
+ template:
+ metadata:
+ labels:
+ app: kuard
+ spec:
+ containers:
+ - image: gcr.io/kuar-demo/kuard-amd64:1
+ name: kuard
diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/kuard-invalid-type.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/kuard-invalid-type.yml
new file mode 100644
index 00000000..6ff8018e
--- /dev/null
+++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/kuard-invalid-type.yml
@@ -0,0 +1,21 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app: kuard
+ name: kuard
+ namespace: default
+spec:
+ replicas: hello
+ selector:
+ matchLabels:
+ app: kuard
+ template:
+ metadata:
+ labels:
+ app: kuard
+ spec:
+ containers:
+ - image: gcr.io/kuar-demo/kuard-amd64:1
+ name: kuard
diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/nginx.env b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/nginx.env
new file mode 100644
index 00000000..939ad0d7
--- /dev/null
+++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/nginx.env
@@ -0,0 +1,12 @@
+# Want to make sure comments don't break it
+export NAME=test123
+NAMESPACE=openshift
+
+
+
+
+# Blank lines should be fine too
+
+# Equals in comments shouldn't break things=True
+MEMORY_LIMIT=1Gi
+
diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/setup-crd.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/setup-crd.yml
new file mode 100644
index 00000000..9c01bc1a
--- /dev/null
+++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/setup-crd.yml
@@ -0,0 +1,15 @@
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ name: certificates.certmanager.k8s.io
+spec:
+ group: certmanager.k8s.io
+ version: v1alpha1
+ scope: Namespaced
+ names:
+ kind: Certificate
+ plural: certificates
+ shortNames:
+ - cert
+ - certs
diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/simple-template.yaml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/simple-template.yaml
new file mode 100644
index 00000000..29c85b9c
--- /dev/null
+++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/simple-template.yaml
@@ -0,0 +1,34 @@
+---
+apiVersion: template.openshift.io/v1
+kind: Template
+labels:
+ template: simple-example-test
+message: |-
+ The following configmaps have been created in your project: ${NAME}.
+metadata:
+ annotations:
+ description: A super basic template for testing
+ openshift.io/display-name: Super basic template
+ openshift.io/provider-display-name: Red Hat, Inc.
+ tags: quickstart,examples
+ name: simple-example
+objects:
+- apiVersion: v1
+ kind: ConfigMap
+ metadata:
+ annotations:
+ description: Big example
+ name: ${NAME}
+ data:
+ content: "${CONTENT}"
+parameters:
+- description: The name assigned to the ConfigMap
+ displayName: Name
+ name: NAME
+ required: true
+ value: example
+- description: The value for the content key of the configmap
+ displayName: Content
+ name: CONTENT
+ required: true
+ value: ''
diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/molecule.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/molecule.yml
new file mode 100644
index 00000000..76b53b1d
--- /dev/null
+++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/molecule.yml
@@ -0,0 +1,46 @@
+---
+dependency:
+ name: galaxy
+driver:
+ name: delegated
+platforms:
+ - name: cluster
+ groups:
+ - k8s
+provisioner:
+ name: ansible
+ log: true
+ options:
+ vvv: True
+ config_options:
+ inventory:
+ enable_plugins: community.okd.openshift
+ lint: |
+ set -e
+ ansible-lint
+ inventory:
+ hosts:
+ plugin: community.okd.openshift
+ host_vars:
+ localhost:
+ virtualenv: ${MOLECULE_EPHEMERAL_DIRECTORY}/virtualenv
+ virtualenv_command: '{{ ansible_playbook_python }} -m virtualenv'
+ virtualenv_interpreter: '{{ virtualenv }}/bin/python'
+ playbook_namespace: molecule-tests
+ env:
+ ANSIBLE_FORCE_COLOR: 'true'
+ ANSIBLE_COLLECTIONS_PATHS: ${OVERRIDE_COLLECTION_PATH:-$MOLECULE_PROJECT_DIRECTORY}
+verifier:
+ name: ansible
+ lint: |
+ set -e
+ ansible-lint
+scenario:
+ name: default
+ test_sequence:
+ - lint
+ - syntax
+ - prepare
+ - converge
+ - idempotence
+ - verify
diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/prepare.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/prepare.yml
new file mode 100644
index 00000000..10f3e99e
--- /dev/null
+++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/prepare.yml
@@ -0,0 +1,60 @@
+---
+- name: Prepare
+ hosts: localhost
+ connection: local
+ gather_facts: no
+
+ tasks:
+ - pip:
+ name: virtualenv
+
+ - pip:
+ name:
+ - openshift>=0.9.2
+ - coverage
+ virtualenv: "{{ virtualenv }}"
+ virtualenv_command: "{{ virtualenv_command }}"
+ virtualenv_site_packages: no
+
+ - name: 'Configure htpasswd secret (username: test, password: testing123)'
+ community.okd.k8s:
+ definition:
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ name: htpass-secret
+ namespace: openshift-config
+ stringData:
+ htpasswd: "test:$2y$05$zgjczyp96jCIp//CGmnWiefhd7G3l54IdsZoV4IwA1UWtd04L0lE2"
+
+ - name: Configure htpasswd identity provider
+ community.okd.k8s:
+ definition:
+ apiVersion: config.openshift.io/v1
+ kind: OAuth
+ metadata:
+ name: cluster
+ spec:
+ identityProviders:
+ - name: htpasswd_provider
+ mappingMethod: claim
+ type: HTPasswd
+ htpasswd:
+ fileData:
+ name: htpass-secret
+
+ - name: Create ClusterRoleBinding for test user
+ community.okd.k8s:
+ definition:
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+ name: test-cluster-reader
+ roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-reader
+ subjects:
+ - apiGroup: rbac.authorization.k8s.io
+ kind: User
+ name: test
diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/openshift_auth.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/openshift_auth.yml
new file mode 100644
index 00000000..32ecd422
--- /dev/null
+++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/openshift_auth.yml
@@ -0,0 +1,51 @@
+---
+- vars:
+ # TODO(fabianvf) Get this parameter working locally as well
+ openshift_host: 'https://kubernetes.default.svc'
+ block:
+ - name: Log in (obtain access token)
+ community.okd.openshift_auth:
+ username: test
+ password: testing123
+ host: '{{ openshift_host }}'
+ verify_ssl: false
+ register: openshift_auth_results
+
+ - name: Get the test User
+ community.kubernetes.k8s_info:
+ api_key: "{{ openshift_auth_results.openshift_auth.api_key }}"
+ host: '{{ openshift_host }}'
+ verify_ssl: false
+ kind: User
+ api_version: user.openshift.io/v1
+ name: test
+ register: user_result
+
+ - name: assert that the user was found
+ assert:
+ that: (user_result.resources | length) == 1
+
+ always:
+ - name: If login succeeded, try to log out (revoke access token)
+ when: openshift_auth_results.openshift_auth.api_key is defined
+ community.okd.openshift_auth:
+ state: absent
+ api_key: "{{ openshift_auth_results.openshift_auth.api_key }}"
+ host: '{{ openshift_host }}'
+ verify_ssl: false
+
+ - name: Get the test user
+ community.kubernetes.k8s_info:
+ api_key: "{{ openshift_auth_results.openshift_auth.api_key }}"
+ host: '{{ openshift_host }}'
+ verify_ssl: false
+ kind: User
+ name: test
+ api_version: user.openshift.io/v1
+ register: failed_user_result
+ ignore_errors: yes
+
+ # TODO(fabianvf) determine why token is not being rejected, maybe add more info to return
+ # - name: assert that the user was not found
+ # assert:
+ # that: (failed_user_result.resources | length) == 0
diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/openshift_process.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/openshift_process.yml
new file mode 100644
index 00000000..373f0bc6
--- /dev/null
+++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/openshift_process.yml
@@ -0,0 +1,164 @@
+---
+
+- name: Process a template in the cluster
+ community.okd.openshift_process:
+ name: nginx-example
+ namespace: openshift # only needed if using a template already on the server
+ parameters:
+ NAMESPACE: openshift
+ NAME: test123
+ register: result
+
+- name: Create the rendered resources
+ community.okd.k8s:
+ namespace: process-test
+ definition: '{{ item }}'
+ wait: yes
+ apply: yes
+ loop: '{{ result.resources }}'
+
+- name: Delete the rendered resources
+ community.okd.k8s:
+ namespace: process-test
+ definition: '{{ item }}'
+ wait: yes
+ state: absent
+ loop: '{{ result.resources }}'
+
+- name: Process a template and create the resources in the cluster
+ community.okd.openshift_process:
+ name: nginx-example
+ namespace: openshift # only needed if using a template already on the server
+ parameters:
+ NAMESPACE: openshift
+ NAME: test123
+ state: present
+ namespace_target: process-test
+ register: result
+
+- name: Process a template and update the resources in the cluster
+ community.okd.openshift_process:
+ name: nginx-example
+ namespace: openshift # only needed if using a template already on the server
+ parameters:
+ NAMESPACE: openshift
+ NAME: test123
+ MEMORY_LIMIT: 1Gi
+ state: present
+ namespace_target: process-test
+ register: result
+
+- name: Process a template and delete the resources in the cluster
+ community.okd.openshift_process:
+ name: nginx-example
+ namespace: openshift # only needed if using a template already on the server
+ parameters:
+ NAMESPACE: openshift
+ NAME: test123
+ state: absent
+ namespace_target: process-test
+ register: result
+
+- name: Process a template with parameters from an env file and create the resources
+ community.okd.openshift_process:
+ name: nginx-example
+ namespace: openshift
+ namespace_target: process-test
+ parameter_file: '{{ files_dir }}/nginx.env'
+ state: present
+ wait: yes
+
+- name: Process a template with parameters from an env file and delete the resources
+ community.okd.openshift_process:
+ name: nginx-example
+ namespace: openshift
+ namespace_target: process-test
+ parameter_file: '{{ files_dir }}/nginx.env'
+ state: absent
+ wait: yes
+
+
+- name: Process a template with duplicate values
+ community.okd.openshift_process:
+ name: nginx-example
+ namespace: openshift # only needed if using a template already on the server
+ parameters:
+ NAME: test123
+ parameter_file: '{{ files_dir }}/nginx.env'
+ ignore_errors: yes
+ register: result
+
+- name: Assert the expected failure occurred
+ assert:
+ that:
+ - result.msg is defined
+ - result.msg == "Duplicate value for 'NAME' detected in parameter file"
+
+- name: Process a local template
+ community.okd.openshift_process:
+ src: '{{ files_dir }}/simple-template.yaml'
+ parameter_file: '{{ files_dir }}/example.env'
+ register: rendered
+
+- name: Process a local template and create the resources
+ community.okd.openshift_process:
+ src: '{{ files_dir }}/simple-template.yaml'
+ parameter_file: '{{ files_dir }}/example.env'
+ namespace_target: process-test
+ state: present
+ register: result
+
+- assert:
+ that: result is changed
+
+- name: Create the processed resources
+ community.okd.k8s:
+ namespace: process-test
+ definition: '{{ item }}'
+ loop: '{{ rendered.resources }}'
+ register: result
+
+- assert:
+ that: result is not changed
+
+- name: Process a local template and create the resources
+ community.okd.openshift_process:
+ definition: "{{ lookup('template', files_dir + '/simple-template.yaml') | from_yaml }}"
+ parameter_file: '{{ files_dir }}/example.env'
+ namespace_target: process-test
+ state: present
+ register: result
+
+- assert:
+ that: result is not changed
+
+- name: Get the created configmap
+ community.kubernetes.k8s_info:
+ api_version: v1
+ kind: ConfigMap
+ name: example
+ namespace: process-test
+ register: templated_cm
+
+- assert:
+ that:
+ - (templated_cm.resources | length) == 1
+ - templated_cm.resources.0.data.content is defined
+ - templated_cm.resources.0.data.content == "This is a long message that may take one or more lines to parse but should still work without issue"
+
+- name: Create the Template resource
+ community.okd.k8s:
+ src: '{{ files_dir }}/simple-template.yaml'
+ namespace: process-test
+
+- name: Process the template and create the resources
+ community.okd.openshift_process:
+ name: simple-example
+ namespace: process-test # only needed if using a template already on the server
+ namespace_target: process-test
+ parameter_file: '{{ files_dir }}/example.env'
+ state: present
+ register: result
+
+- assert:
+ that: result is not changed
diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/openshift_route.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/openshift_route.yml
new file mode 100644
index 00000000..9f52cb9e
--- /dev/null
+++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/openshift_route.yml
@@ -0,0 +1,240 @@
+---
+- name: Create Deployment
+ community.okd.k8s:
+ wait: yes
+ definition:
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+ name: hello-kubernetes
+ namespace: default
+ spec:
+ replicas: 3
+ selector:
+ matchLabels:
+ app: hello-kubernetes
+ template:
+ metadata:
+ labels:
+ app: hello-kubernetes
+ spec:
+ containers:
+ - name: hello-kubernetes
+ image: docker.io/openshift/hello-openshift
+ ports:
+ - containerPort: 8080
+
+- name: Create Service
+ community.okd.k8s:
+ wait: yes
+ definition:
+ apiVersion: v1
+ kind: Service
+ metadata:
+ name: hello-kubernetes
+ namespace: default
+ spec:
+ ports:
+ - port: 80
+ targetPort: 8080
+ selector:
+ app: hello-kubernetes
+
+- name: Create Route with fewest possible arguments
+ community.okd.openshift_route:
+ service: hello-kubernetes
+ namespace: default
+ register: route
+
+- name: Attempt to hit http URL
+ uri:
+ url: 'http://{{ route.result.spec.host }}'
+ return_content: yes
+ until: result is successful
+ retries: 10
+ register: result
+
+- name: Assert the page content is as expected
+ assert:
+ that:
+ - not result.redirected
+ - result.status == 200
+ - result.content == 'Hello OpenShift!\n'
+
+- name: Delete route
+ community.okd.openshift_route:
+ name: '{{ route.result.metadata.name }}'
+ namespace: default
+ state: absent
+ wait: yes
+
+- name: Create Route with custom name and wait
+ community.okd.openshift_route:
+ service: hello-kubernetes
+ namespace: default
+ name: test1
+ wait: yes
+ register: route
+
+- name: Assert that the condition is properly set
+ assert:
+ that:
+ - route.duration is defined
+ - route.result.status.ingress.0.conditions.0.type == 'Admitted'
+ - route.result.status.ingress.0.conditions.0.status == 'True'
+
+- name: Attempt to hit http URL
+ uri:
+ url: 'http://{{ route.result.spec.host }}'
+ return_content: yes
+ register: result
+
+- name: Assert the page content is as expected
+ assert:
+ that:
+ - not result.redirected
+ - result.status == 200
+ - result.content == 'Hello OpenShift!\n'
+
+- name: Delete route
+ community.okd.openshift_route:
+ name: '{{ route.result.metadata.name }}'
+ namespace: default
+ state: absent
+ wait: yes
+
+- name: Create edge-terminated route that allows insecure traffic
+ community.okd.openshift_route:
+ service: hello-kubernetes
+ namespace: default
+ name: hello-kubernetes-https
+ tls:
+ insecure_policy: allow
+ termination: edge
+ register: route
+
+- name: Attempt to hit http URL
+ uri:
+ url: 'http://{{ route.result.spec.host }}'
+ return_content: yes
+ until: result is successful
+ retries: 10
+ register: result
+
+- name: Assert the page content is as expected
+ assert:
+ that:
+ - not result.redirected
+ - result.status == 200
+ - result.content == 'Hello OpenShift!\n'
+
+- name: Attempt to hit https URL
+ uri:
+ url: 'https://{{ route.result.spec.host }}'
+ validate_certs: no
+ return_content: yes
+ until: result is successful
+ retries: 10
+ register: result
+
+- name: Assert the page content is as expected
+ assert:
+ that:
+ - not result.redirected
+ - result.status == 200
+ - result.content == 'Hello OpenShift!\n'
+
+- name: Alter edge-terminated route to redirect insecure traffic
+ community.okd.openshift_route:
+ service: hello-kubernetes
+ namespace: default
+ name: hello-kubernetes-https
+ tls:
+ insecure_policy: redirect
+ termination: edge
+ register: route
+
+- name: Attempt to hit http URL
+ uri:
+ url: 'http://{{ route.result.spec.host }}'
+ return_content: yes
+ validate_certs: no
+ until:
+ - result is successful
+ - result.redirected
+ retries: 10
+ register: result
+
+- name: Assert the page content is as expected
+ assert:
+ that:
+ - result.redirected
+ - result.status == 200
+ - result.content == 'Hello OpenShift!\n'
+
+- name: Attempt to hit https URL
+ uri:
+ url: 'https://{{ route.result.spec.host }}'
+ validate_certs: no
+ return_content: yes
+ until: result is successful
+ retries: 10
+ register: result
+
+- name: Assert the page content is as expected
+ assert:
+ that:
+ - not result.redirected
+ - result.status == 200
+ - result.content == 'Hello OpenShift!\n'
+
+- name: Alter edge-terminated route with insecure traffic disabled
+ community.okd.openshift_route:
+ service: hello-kubernetes
+ namespace: default
+ name: hello-kubernetes-https
+ tls:
+ insecure_policy: disallow
+ termination: edge
+ register: route
+
+- debug: var=route
+
+- name: Attempt to hit https URL
+ uri:
+ url: 'https://{{ route.result.spec.host }}'
+ validate_certs: no
+ return_content: yes
+ until: result is successful
+ retries: 10
+ register: result
+
+- name: Assert the page content is as expected
+ assert:
+ that:
+ - not result.redirected
+ - result.status == 200
+ - result.content == 'Hello OpenShift!\n'
+
+- name: Attempt to hit http URL
+ uri:
+ url: 'http://{{ route.result.spec.host }}'
+ status_code: 503
+ until: result is successful
+ retries: 10
+ register: result
+
+- debug: var=result
+
+- name: Assert the page content is as expected
+ assert:
+ that:
+ - not result.redirected
+ - result.status == 503
+
+- name: Delete route
+ community.okd.openshift_route:
+ name: '{{ route.result.metadata.name }}'
+ namespace: default
+ state: absent
+ wait: yes
diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/validate_installed.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/validate_installed.yml
new file mode 100644
index 00000000..daf82e66
--- /dev/null
+++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/validate_installed.yml
@@ -0,0 +1,123 @@
+---
+- block:
+ - name: Create a project
+ community.okd.k8s:
+ name: "{{ playbook_namespace }}"
+ kind: Project
+ api_version: project.openshift.io/v1
+
+ - name: incredibly simple ConfigMap
+ community.okd.k8s:
+ definition:
+ apiVersion: v1
+ kind: ConfigMap
+ metadata:
+ name: hello
+ namespace: "{{ playbook_namespace }}"
+ validate:
+ fail_on_error: yes
+ register: k8s_with_validate
+
+ - name: assert that k8s_with_validate succeeds
+ assert:
+ that:
+ - k8s_with_validate is successful
+
+ - name: extra property does not fail without strict
+ community.okd.k8s:
+ src: "files/kuard-extra-property.yml"
+ namespace: "{{ playbook_namespace }}"
+ validate:
+ fail_on_error: yes
+ strict: no
+
+ - name: extra property fails with strict
+ community.okd.k8s:
+ src: "files/kuard-extra-property.yml"
+ namespace: "{{ playbook_namespace }}"
+ validate:
+ fail_on_error: yes
+ strict: yes
+ ignore_errors: yes
+ register: extra_property
+
+ - name: check that extra property fails with strict
+ assert:
+ that:
+ - extra_property is failed
+
+ - name: invalid type fails at validation stage
+ community.okd.k8s:
+ src: "files/kuard-invalid-type.yml"
+ namespace: "{{ playbook_namespace }}"
+ validate:
+ fail_on_error: yes
+ strict: no
+ ignore_errors: yes
+ register: invalid_type
+
+ - name: check that invalid type fails
+ assert:
+ that:
+ - invalid_type is failed
+
+ - name: invalid type fails with warnings when fail_on_error is False
+ community.okd.k8s:
+ src: "files/kuard-invalid-type.yml"
+ namespace: "{{ playbook_namespace }}"
+ validate:
+ fail_on_error: no
+ strict: no
+ ignore_errors: yes
+ register: invalid_type_no_fail
+
+ - name: check that invalid type fails
+ assert:
+ that:
+ - invalid_type_no_fail is failed
+
+ - name: setup custom resource definition
+ community.okd.k8s:
+ src: "files/setup-crd.yml"
+
+ - name: wait a few seconds
+ pause:
+ seconds: 5
+
+ - name: add custom resource definition
+ community.okd.k8s:
+ src: "files/crd-resource.yml"
+ namespace: "{{ playbook_namespace }}"
+ validate:
+ fail_on_error: yes
+ strict: yes
+ register: unknown_kind
+
+ - name: check that unknown kind warns
+ assert:
+ that:
+ - unknown_kind is successful
+ - "'warnings' in unknown_kind"
+
+ always:
+ - name: remove custom resource
+ community.okd.k8s:
+ definition: "{{ lookup('file', 'files/crd-resource.yml') }}"
+ namespace: "{{ playbook_namespace }}"
+ state: absent
+ ignore_errors: yes
+
+ - name: remove custom resource definitions
+ community.okd.k8s:
+ definition: "{{ lookup('file', 'files/setup-crd.yml') }}"
+ state: absent
+
+ - name: Delete namespace
+ community.okd.k8s:
+ state: absent
+ definition:
+ - kind: Project
+ apiVersion: project.openshift.io/v1
+ metadata:
+ name: "{{ playbook_namespace }}"
+ ignore_errors: yes
diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/validate_not_installed.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/validate_not_installed.yml
new file mode 100644
index 00000000..44bee7bb
--- /dev/null
+++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/validate_not_installed.yml
@@ -0,0 +1,25 @@
+---
+# TODO: Not available in ansible-base
+# - python_requirements_info:
+# dependencies:
+# - openshift
+# - kubernetes
+# - kubernetes-validate
+
+- community.okd.k8s:
+ definition:
+ apiVersion: v1
+ kind: ConfigMap
+ metadata:
+ name: hello
+ namespace: default
+ validate:
+ fail_on_error: yes
+ ignore_errors: yes
+ register: k8s_no_validate
+
+- name: assert that k8s_no_validate fails gracefully
+ assert:
+ that:
+ - k8s_no_validate is failed
+ - "k8s_no_validate.msg == 'kubernetes-validate python library is required to validate resources'"
diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/vars/main.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/vars/main.yml
new file mode 100644
index 00000000..66fb0d33
--- /dev/null
+++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/vars/main.yml
@@ -0,0 +1,94 @@
+---
+k8s_pod_annotations: {}
+
+k8s_pod_metadata:
+ labels:
+ app: '{{ k8s_pod_name }}'
+ annotations: '{{ k8s_pod_annotations }}'
+
+k8s_pod_spec:
+ serviceAccount: "{{ k8s_pod_service_account }}"
+ containers:
+ - image: "{{ k8s_pod_image }}"
+ imagePullPolicy: Always
+ name: "{{ k8s_pod_name }}"
+ command: "{{ k8s_pod_command }}"
+ readinessProbe:
+ initialDelaySeconds: 15
+ exec:
+ command:
+ - /bin/true
+ resources: "{{ k8s_pod_resources }}"
+ ports: "{{ k8s_pod_ports }}"
+ env: "{{ k8s_pod_env }}"
+
+k8s_pod_service_account: default
+
+k8s_pod_resources:
+ limits:
+ cpu: "100m"
+ memory: "100Mi"
+
+k8s_pod_command: []
+
+k8s_pod_ports: []
+
+k8s_pod_env: []
+
+k8s_pod_template:
+ metadata: "{{ k8s_pod_metadata }}"
+ spec: "{{ k8s_pod_spec }}"
+
+k8s_deployment_spec:
+ template: '{{ k8s_pod_template }}'
+ selector:
+ matchLabels:
+ app: '{{ k8s_pod_name }}'
+ replicas: 1
+
+k8s_deployment_template:
+ apiVersion: apps/v1
+ kind: Deployment
+ spec: '{{ k8s_deployment_spec }}'
+
+okd_dc_triggers:
+ - type: ConfigChange
+ - type: ImageChange
+ imageChangeParams:
+ automatic: true
+ containerNames:
+ - '{{ k8s_pod_name }}'
+ from:
+ kind: ImageStreamTag
+ name: '{{ image_name }}:{{ image_tag }}'
+
+okd_dc_spec:
+ template: '{{ k8s_pod_template }}'
+ triggers: '{{ okd_dc_triggers }}'
+ replicas: 1
+ strategy:
+ type: Recreate
+
+okd_dc_template:
+ apiVersion: v1
+ kind: DeploymentConfig
+ spec: '{{ okd_dc_spec }}'
+
+okd_imagestream_template:
+ apiVersion: image.openshift.io/v1
+ kind: ImageStream
+ metadata:
+ name: '{{ image_name }}'
+ spec:
+ lookupPolicy:
+ local: true
+ tags:
+ - annotations: null
+ from:
+ kind: DockerImage
+ name: '{{ image }}'
+ name: '{{ image_tag }}'
+ referencePolicy:
+ type: Source
+
+image_tag: latest
diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/verify.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/verify.yml
new file mode 100644
index 00000000..9b022d6d
--- /dev/null
+++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/verify.yml
@@ -0,0 +1,80 @@
+---
+- name: Verify inventory and connection plugins
+ # This group is created by the openshift_inventory plugin
+ # It is automatically configured to use the `oc` connection plugin
+ hosts: namespace_testing_pods
+ gather_facts: no
+ vars:
+ file_content: |
+ Hello world
+ tasks:
+ - name: End play if host not running (TODO should we not add these to the inventory?)
+ meta: end_host
+ when: pod_phase != "Running"
+
+ - setup:
+
+ - debug: var=ansible_facts
+
+ - name: Assert the TEST environment variable was retrieved
+ assert:
+ that: ansible_facts.env.TEST == 'test'
+
+ - name: Copy a file into the host
+ copy:
+ content: '{{ file_content }}'
+ dest: /tmp/test_file
+
+ - name: Retrieve the file from the host
+ slurp:
+ src: /tmp/test_file
+ register: slurped_file
+
+ - name: Assert the file content matches expectations
+ assert:
+ that: (slurped_file.content|b64decode) == file_content
+
+
+- name: Verify
+ hosts: localhost
+ connection: local
+ gather_facts: no
+ vars:
+ ansible_python_interpreter: '{{ virtualenv_interpreter }}'
+
+ tasks:
+ - pip:
+ name: kubernetes-validate==1.12.0
+ virtualenv: "{{ virtualenv }}"
+ virtualenv_command: "{{ virtualenv_command }}"
+ virtualenv_site_packages: no
+
+ - import_tasks: tasks/validate_installed.yml
+
+ - pip:
+ name: kubernetes-validate
+ state: absent
+ virtualenv: "{{ virtualenv }}"
+ virtualenv_command: "{{ virtualenv_command }}"
+ virtualenv_site_packages: no
+
+ - import_tasks: tasks/validate_not_installed.yml
+
+ - import_tasks: tasks/openshift_auth.yml
+ - import_tasks: tasks/openshift_route.yml
+ - block:
+ - name: Create namespace
+ community.okd.k8s:
+ api_version: v1
+ kind: Namespace
+ name: process-test
+ - import_tasks: tasks/openshift_process.yml
+ vars:
+ files_dir: '{{ playbook_dir }}/files'
+ always:
+ - name: Delete namespace
+ community.okd.k8s:
+ api_version: v1
+ kind: Namespace
+ name: process-test
+ state: absent