diff options
Diffstat (limited to 'collections-debian-merged/ansible_collections/community/okd/molecule/default')
19 files changed, 1141 insertions, 0 deletions
diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/README.md b/collections-debian-merged/ansible_collections/community/okd/molecule/default/README.md new file mode 100644 index 00000000..153dfa51 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/README.md @@ -0,0 +1,19 @@ +Wait tests +---------- + +wait tests require at least one node, and don't work on the normal k8s +openshift-origin container as provided by ansible-test --docker -v k8s + +minikube, Kubernetes from Docker or any other Kubernetes service will +suffice. + +If kubectl is already using the right config file and context, you can +just do + +``` +cd tests/integration/targets/okd +./runme.sh -vv +``` + +otherwise set one or both of `K8S_AUTH_KUBECONFIG` and `K8S_AUTH_CONTEXT` +and use the same command diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/converge.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/converge.yml new file mode 100644 index 00000000..7fe9e820 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/converge.yml @@ -0,0 +1,99 @@ +--- +- name: Converge + hosts: localhost + connection: local + gather_facts: no + vars: + ansible_python_interpreter: '{{ virtualenv_interpreter }}' + vars_files: + - vars/main.yml + tasks: + # OpenShift Resources + - name: Create a project + community.okd.k8s: + name: testing + kind: Project + api_version: project.openshift.io/v1 + apply: no + register: output + + - name: show output + debug: + var: output + + - name: Create deployment config + community.okd.k8s: + state: present + name: hello-world + namespace: testing + definition: '{{ okd_dc_template }}' + wait: yes + wait_condition: + type: Available + status: True + vars: + k8s_pod_name: hello-world + k8s_pod_image: python + k8s_pod_command: + - python + - '-m' + - http.server + k8s_pod_env: + - name: TEST + value: test + okd_dc_triggers: + - type: ConfigChange + register: output + + - name: Show output + debug: + var: output + + - vars: + image: docker.io/python + image_name: python + image_tag: latest + k8s_pod_image: python + k8s_pod_command: + - python + - '-m' + - http.server + namespace: idempotence-testing + block: + - name: Create a namespace + community.okd.k8s: + name: '{{ namespace }}' + kind: Namespace + api_version: v1 + + - name: Create imagestream + community.okd.k8s: + namespace: '{{ namespace }}' + definition: '{{ okd_imagestream_template }}' + + - name: Create DeploymentConfig to reference ImageStream + community.okd.k8s: + name: '{{ k8s_pod_name }}' + namespace: '{{ namespace }}' + definition: '{{ okd_dc_template }}' + vars: + k8s_pod_name: is-idempotent-dc + + - name: Create Deployment to reference ImageStream + community.okd.k8s: + name: '{{ k8s_pod_name }}' + namespace: '{{ namespace }}' + definition: '{{ k8s_deployment_template | combine(metadata) }}' + vars: + k8s_pod_annotations: + "alpha.image.policy.openshift.io/resolve-names": "*" + k8s_pod_name: is-idempotent-deployment + annotation: + - from: + kind: ImageStreamTag + name: "{{ image_name }}:{{ image_tag}}}" + fieldPath: 'spec.template.spec.containers[?(@.name=="{{ k8s_pod_name }}")].image}' + metadata: + metadata: + annotations: + image.openshift.io/triggers: '{{ annotation | to_json }}' diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/destroy.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/destroy.yml new file mode 100644 index 00000000..0bd583e1 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/destroy.yml @@ -0,0 +1,6 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: no + tasks: [] diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/crd-resource.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/crd-resource.yml new file mode 100644 index 00000000..23d0663c --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/crd-resource.yml @@ -0,0 +1,21 @@ +--- +apiVersion: certmanager.k8s.io/v1alpha1 +kind: Certificate +metadata: + name: acme-crt +spec: + secretName: acme-crt-secret + dnsNames: + - foo.example.com + - bar.example.com + acme: + config: + - ingressClass: nginx + domains: + - foo.example.com + - bar.example.com + issuerRef: + name: letsencrypt-prod + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: Issuer diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/example.env b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/example.env new file mode 100644 index 00000000..f98f7d9e --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/example.env @@ -0,0 +1,9 @@ +# +NAME=example +# Multiline values shouldn't break things +export CONTENT=This is a long message\ + that may take one or more lines to parse\ + but should still work without issue + +# This shouldn't throw an error +UNUSED= diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/kuard-extra-property.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/kuard-extra-property.yml new file mode 100644 index 00000000..1da160b3 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/kuard-extra-property.yml @@ -0,0 +1,22 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: kuard + name: kuard + namespace: default +spec: + replicas: 3 + selector: + matchLabels: + app: kuard + unwanted: value + template: + metadata: + labels: + app: kuard + spec: + containers: + - image: gcr.io/kuar-demo/kuard-amd64:1 + name: kuard diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/kuard-invalid-type.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/kuard-invalid-type.yml new file mode 100644 index 00000000..6ff8018e --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/kuard-invalid-type.yml @@ -0,0 +1,21 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: kuard + name: kuard + namespace: default +spec: + replicas: hello + selector: + matchLabels: + app: kuard + template: + metadata: + labels: + app: kuard + spec: + containers: + - image: gcr.io/kuar-demo/kuard-amd64:1 + name: kuard diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/nginx.env b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/nginx.env new file mode 100644 index 00000000..939ad0d7 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/nginx.env @@ -0,0 +1,12 @@ +# Want to make sure comments don't break it +export NAME=test123 +NAMESPACE=openshift + + + + +# Blank lines should be fine too + +# Equals in comments shouldn't break things=True +MEMORY_LIMIT=1Gi + diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/setup-crd.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/setup-crd.yml new file mode 100644 index 00000000..9c01bc1a --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/setup-crd.yml @@ -0,0 +1,15 @@ +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: certificates.certmanager.k8s.io +spec: + group: certmanager.k8s.io + version: v1alpha1 + scope: Namespaced + names: + kind: Certificate + plural: certificates + shortNames: + - cert + - certs diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/simple-template.yaml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/simple-template.yaml new file mode 100644 index 00000000..29c85b9c --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/files/simple-template.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: template.openshift.io/v1 +kind: Template +labels: + template: simple-example-test +message: |- + The following configmaps have been created in your project: ${NAME}. +metadata: + annotations: + description: A super basic template for testing + openshift.io/display-name: Super basic template + openshift.io/provider-display-name: Red Hat, Inc. + tags: quickstart,examples + name: simple-example +objects: +- apiVersion: v1 + kind: ConfigMap + metadata: + annotations: + description: Big example + name: ${NAME} + data: + content: "${CONTENT}" +parameters: +- description: The name assigned to the ConfigMap + displayName: Name + name: NAME + required: true + value: example +- description: The value for the content key of the configmap + displayName: Content + name: CONTENT + required: true + value: '' diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/molecule.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/molecule.yml new file mode 100644 index 00000000..76b53b1d --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/molecule.yml @@ -0,0 +1,46 @@ +--- +dependency: + name: galaxy +driver: + name: delegated +platforms: + - name: cluster + groups: + - k8s +provisioner: + name: ansible + log: true + options: + vvv: True + config_options: + inventory: + enable_plugins: community.okd.openshift + lint: | + set -e + ansible-lint + inventory: + hosts: + plugin: community.okd.openshift + host_vars: + localhost: + virtualenv: ${MOLECULE_EPHEMERAL_DIRECTORY}/virtualenv + virtualenv_command: '{{ ansible_playbook_python }} -m virtualenv' + virtualenv_interpreter: '{{ virtualenv }}/bin/python' + playbook_namespace: molecule-tests + env: + ANSIBLE_FORCE_COLOR: 'true' + ANSIBLE_COLLECTIONS_PATHS: ${OVERRIDE_COLLECTION_PATH:-$MOLECULE_PROJECT_DIRECTORY} +verifier: + name: ansible + lint: | + set -e + ansible-lint +scenario: + name: default + test_sequence: + - lint + - syntax + - prepare + - converge + - idempotence + - verify diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/prepare.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/prepare.yml new file mode 100644 index 00000000..10f3e99e --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/prepare.yml @@ -0,0 +1,60 @@ +--- +- name: Prepare + hosts: localhost + connection: local + gather_facts: no + + tasks: + - pip: + name: virtualenv + + - pip: + name: + - openshift>=0.9.2 + - coverage + virtualenv: "{{ virtualenv }}" + virtualenv_command: "{{ virtualenv_command }}" + virtualenv_site_packages: no + + - name: 'Configure htpasswd secret (username: test, password: testing123)' + community.okd.k8s: + definition: + apiVersion: v1 + kind: Secret + metadata: + name: htpass-secret + namespace: openshift-config + stringData: + htpasswd: "test:$2y$05$zgjczyp96jCIp//CGmnWiefhd7G3l54IdsZoV4IwA1UWtd04L0lE2" + + - name: Configure htpasswd identity provider + community.okd.k8s: + definition: + apiVersion: config.openshift.io/v1 + kind: OAuth + metadata: + name: cluster + spec: + identityProviders: + - name: htpasswd_provider + mappingMethod: claim + type: HTPasswd + htpasswd: + fileData: + name: htpass-secret + + - name: Create ClusterRoleBinding for test user + community.okd.k8s: + definition: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: test-cluster-reader + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-reader + subjects: + - apiGroup: rbac.authorization.k8s.io + kind: User + name: test diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/openshift_auth.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/openshift_auth.yml new file mode 100644 index 00000000..32ecd422 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/openshift_auth.yml @@ -0,0 +1,51 @@ +--- +- vars: + # TODO(fabianvf) Get this parameter working locally as well + openshift_host: 'https://kubernetes.default.svc' + block: + - name: Log in (obtain access token) + community.okd.openshift_auth: + username: test + password: testing123 + host: '{{ openshift_host }}' + verify_ssl: false + register: openshift_auth_results + + - name: Get the test User + community.kubernetes.k8s_info: + api_key: "{{ openshift_auth_results.openshift_auth.api_key }}" + host: '{{ openshift_host }}' + verify_ssl: false + kind: User + api_version: user.openshift.io/v1 + name: test + register: user_result + + - name: assert that the user was found + assert: + that: (user_result.resources | length) == 1 + + always: + - name: If login succeeded, try to log out (revoke access token) + when: openshift_auth_results.openshift_auth.api_key is defined + community.okd.openshift_auth: + state: absent + api_key: "{{ openshift_auth_results.openshift_auth.api_key }}" + host: '{{ openshift_host }}' + verify_ssl: false + + - name: Get the test user + community.kubernetes.k8s_info: + api_key: "{{ openshift_auth_results.openshift_auth.api_key }}" + host: '{{ openshift_host }}' + verify_ssl: false + kind: User + name: test + api_version: user.openshift.io/v1 + register: failed_user_result + ignore_errors: yes + + # TODO(fabianvf) determine why token is not being rejected, maybe add more info to return + # - name: assert that the user was not found + # assert: + # that: (failed_user_result.resources | length) == 0 diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/openshift_process.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/openshift_process.yml new file mode 100644 index 00000000..373f0bc6 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/openshift_process.yml @@ -0,0 +1,164 @@ +--- + +- name: Process a template in the cluster + community.okd.openshift_process: + name: nginx-example + namespace: openshift # only needed if using a template already on the server + parameters: + NAMESPACE: openshift + NAME: test123 + register: result + +- name: Create the rendered resources + community.okd.k8s: + namespace: process-test + definition: '{{ item }}' + wait: yes + apply: yes + loop: '{{ result.resources }}' + +- name: Delete the rendered resources + community.okd.k8s: + namespace: process-test + definition: '{{ item }}' + wait: yes + state: absent + loop: '{{ result.resources }}' + +- name: Process a template and create the resources in the cluster + community.okd.openshift_process: + name: nginx-example + namespace: openshift # only needed if using a template already on the server + parameters: + NAMESPACE: openshift + NAME: test123 + state: present + namespace_target: process-test + register: result + +- name: Process a template and update the resources in the cluster + community.okd.openshift_process: + name: nginx-example + namespace: openshift # only needed if using a template already on the server + parameters: + NAMESPACE: openshift + NAME: test123 + MEMORY_LIMIT: 1Gi + state: present + namespace_target: process-test + register: result + +- name: Process a template and delete the resources in the cluster + community.okd.openshift_process: + name: nginx-example + namespace: openshift # only needed if using a template already on the server + parameters: + NAMESPACE: openshift + NAME: test123 + state: absent + namespace_target: process-test + register: result + +- name: Process a template with parameters from an env file and create the resources + community.okd.openshift_process: + name: nginx-example + namespace: openshift + namespace_target: process-test + parameter_file: '{{ files_dir }}/nginx.env' + state: present + wait: yes + +- name: Process a template with parameters from an env file and delete the resources + community.okd.openshift_process: + name: nginx-example + namespace: openshift + namespace_target: process-test + parameter_file: '{{ files_dir }}/nginx.env' + state: absent + wait: yes + + +- name: Process a template with duplicate values + community.okd.openshift_process: + name: nginx-example + namespace: openshift # only needed if using a template already on the server + parameters: + NAME: test123 + parameter_file: '{{ files_dir }}/nginx.env' + ignore_errors: yes + register: result + +- name: Assert the expected failure occurred + assert: + that: + - result.msg is defined + - result.msg == "Duplicate value for 'NAME' detected in parameter file" + +- name: Process a local template + community.okd.openshift_process: + src: '{{ files_dir }}/simple-template.yaml' + parameter_file: '{{ files_dir }}/example.env' + register: rendered + +- name: Process a local template and create the resources + community.okd.openshift_process: + src: '{{ files_dir }}/simple-template.yaml' + parameter_file: '{{ files_dir }}/example.env' + namespace_target: process-test + state: present + register: result + +- assert: + that: result is changed + +- name: Create the processed resources + community.okd.k8s: + namespace: process-test + definition: '{{ item }}' + loop: '{{ rendered.resources }}' + register: result + +- assert: + that: result is not changed + +- name: Process a local template and create the resources + community.okd.openshift_process: + definition: "{{ lookup('template', files_dir + '/simple-template.yaml') | from_yaml }}" + parameter_file: '{{ files_dir }}/example.env' + namespace_target: process-test + state: present + register: result + +- assert: + that: result is not changed + +- name: Get the created configmap + community.kubernetes.k8s_info: + api_version: v1 + kind: ConfigMap + name: example + namespace: process-test + register: templated_cm + +- assert: + that: + - (templated_cm.resources | length) == 1 + - templated_cm.resources.0.data.content is defined + - templated_cm.resources.0.data.content == "This is a long message that may take one or more lines to parse but should still work without issue" + +- name: Create the Template resource + community.okd.k8s: + src: '{{ files_dir }}/simple-template.yaml' + namespace: process-test + +- name: Process the template and create the resources + community.okd.openshift_process: + name: simple-example + namespace: process-test # only needed if using a template already on the server + namespace_target: process-test + parameter_file: '{{ files_dir }}/example.env' + state: present + register: result + +- assert: + that: result is not changed diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/openshift_route.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/openshift_route.yml new file mode 100644 index 00000000..9f52cb9e --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/openshift_route.yml @@ -0,0 +1,240 @@ +--- +- name: Create Deployment + community.okd.k8s: + wait: yes + definition: + apiVersion: apps/v1 + kind: Deployment + metadata: + name: hello-kubernetes + namespace: default + spec: + replicas: 3 + selector: + matchLabels: + app: hello-kubernetes + template: + metadata: + labels: + app: hello-kubernetes + spec: + containers: + - name: hello-kubernetes + image: docker.io/openshift/hello-openshift + ports: + - containerPort: 8080 + +- name: Create Service + community.okd.k8s: + wait: yes + definition: + apiVersion: v1 + kind: Service + metadata: + name: hello-kubernetes + namespace: default + spec: + ports: + - port: 80 + targetPort: 8080 + selector: + app: hello-kubernetes + +- name: Create Route with fewest possible arguments + community.okd.openshift_route: + service: hello-kubernetes + namespace: default + register: route + +- name: Attempt to hit http URL + uri: + url: 'http://{{ route.result.spec.host }}' + return_content: yes + until: result is successful + retries: 10 + register: result + +- name: Assert the page content is as expected + assert: + that: + - not result.redirected + - result.status == 200 + - result.content == 'Hello OpenShift!\n' + +- name: Delete route + community.okd.openshift_route: + name: '{{ route.result.metadata.name }}' + namespace: default + state: absent + wait: yes + +- name: Create Route with custom name and wait + community.okd.openshift_route: + service: hello-kubernetes + namespace: default + name: test1 + wait: yes + register: route + +- name: Assert that the condition is properly set + assert: + that: + - route.duration is defined + - route.result.status.ingress.0.conditions.0.type == 'Admitted' + - route.result.status.ingress.0.conditions.0.status == 'True' + +- name: Attempt to hit http URL + uri: + url: 'http://{{ route.result.spec.host }}' + return_content: yes + register: result + +- name: Assert the page content is as expected + assert: + that: + - not result.redirected + - result.status == 200 + - result.content == 'Hello OpenShift!\n' + +- name: Delete route + community.okd.openshift_route: + name: '{{ route.result.metadata.name }}' + namespace: default + state: absent + wait: yes + +- name: Create edge-terminated route that allows insecure traffic + community.okd.openshift_route: + service: hello-kubernetes + namespace: default + name: hello-kubernetes-https + tls: + insecure_policy: allow + termination: edge + register: route + +- name: Attempt to hit http URL + uri: + url: 'http://{{ route.result.spec.host }}' + return_content: yes + until: result is successful + retries: 10 + register: result + +- name: Assert the page content is as expected + assert: + that: + - not result.redirected + - result.status == 200 + - result.content == 'Hello OpenShift!\n' + +- name: Attempt to hit https URL + uri: + url: 'https://{{ route.result.spec.host }}' + validate_certs: no + return_content: yes + until: result is successful + retries: 10 + register: result + +- name: Assert the page content is as expected + assert: + that: + - not result.redirected + - result.status == 200 + - result.content == 'Hello OpenShift!\n' + +- name: Alter edge-terminated route to redirect insecure traffic + community.okd.openshift_route: + service: hello-kubernetes + namespace: default + name: hello-kubernetes-https + tls: + insecure_policy: redirect + termination: edge + register: route + +- name: Attempt to hit http URL + uri: + url: 'http://{{ route.result.spec.host }}' + return_content: yes + validate_certs: no + until: + - result is successful + - result.redirected + retries: 10 + register: result + +- name: Assert the page content is as expected + assert: + that: + - result.redirected + - result.status == 200 + - result.content == 'Hello OpenShift!\n' + +- name: Attempt to hit https URL + uri: + url: 'https://{{ route.result.spec.host }}' + validate_certs: no + return_content: yes + until: result is successful + retries: 10 + register: result + +- name: Assert the page content is as expected + assert: + that: + - not result.redirected + - result.status == 200 + - result.content == 'Hello OpenShift!\n' + +- name: Alter edge-terminated route with insecure traffic disabled + community.okd.openshift_route: + service: hello-kubernetes + namespace: default + name: hello-kubernetes-https + tls: + insecure_policy: disallow + termination: edge + register: route + +- debug: var=route + +- name: Attempt to hit https URL + uri: + url: 'https://{{ route.result.spec.host }}' + validate_certs: no + return_content: yes + until: result is successful + retries: 10 + register: result + +- name: Assert the page content is as expected + assert: + that: + - not result.redirected + - result.status == 200 + - result.content == 'Hello OpenShift!\n' + +- name: Attempt to hit http URL + uri: + url: 'http://{{ route.result.spec.host }}' + status_code: 503 + until: result is successful + retries: 10 + register: result + +- debug: var=result + +- name: Assert the page content is as expected + assert: + that: + - not result.redirected + - result.status == 503 + +- name: Delete route + community.okd.openshift_route: + name: '{{ route.result.metadata.name }}' + namespace: default + state: absent + wait: yes diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/validate_installed.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/validate_installed.yml new file mode 100644 index 00000000..daf82e66 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/validate_installed.yml @@ -0,0 +1,123 @@ +--- +- block: + - name: Create a project + community.okd.k8s: + name: "{{ playbook_namespace }}" + kind: Project + api_version: project.openshift.io/v1 + + - name: incredibly simple ConfigMap + community.okd.k8s: + definition: + apiVersion: v1 + kind: ConfigMap + metadata: + name: hello + namespace: "{{ playbook_namespace }}" + validate: + fail_on_error: yes + register: k8s_with_validate + + - name: assert that k8s_with_validate succeeds + assert: + that: + - k8s_with_validate is successful + + - name: extra property does not fail without strict + community.okd.k8s: + src: "files/kuard-extra-property.yml" + namespace: "{{ playbook_namespace }}" + validate: + fail_on_error: yes + strict: no + + - name: extra property fails with strict + community.okd.k8s: + src: "files/kuard-extra-property.yml" + namespace: "{{ playbook_namespace }}" + validate: + fail_on_error: yes + strict: yes + ignore_errors: yes + register: extra_property + + - name: check that extra property fails with strict + assert: + that: + - extra_property is failed + + - name: invalid type fails at validation stage + community.okd.k8s: + src: "files/kuard-invalid-type.yml" + namespace: "{{ playbook_namespace }}" + validate: + fail_on_error: yes + strict: no + ignore_errors: yes + register: invalid_type + + - name: check that invalid type fails + assert: + that: + - invalid_type is failed + + - name: invalid type fails with warnings when fail_on_error is False + community.okd.k8s: + src: "files/kuard-invalid-type.yml" + namespace: "{{ playbook_namespace }}" + validate: + fail_on_error: no + strict: no + ignore_errors: yes + register: invalid_type_no_fail + + - name: check that invalid type fails + assert: + that: + - invalid_type_no_fail is failed + + - name: setup custom resource definition + community.okd.k8s: + src: "files/setup-crd.yml" + + - name: wait a few seconds + pause: + seconds: 5 + + - name: add custom resource definition + community.okd.k8s: + src: "files/crd-resource.yml" + namespace: "{{ playbook_namespace }}" + validate: + fail_on_error: yes + strict: yes + register: unknown_kind + + - name: check that unknown kind warns + assert: + that: + - unknown_kind is successful + - "'warnings' in unknown_kind" + + always: + - name: remove custom resource + community.okd.k8s: + definition: "{{ lookup('file', 'files/crd-resource.yml') }}" + namespace: "{{ playbook_namespace }}" + state: absent + ignore_errors: yes + + - name: remove custom resource definitions + community.okd.k8s: + definition: "{{ lookup('file', 'files/setup-crd.yml') }}" + state: absent + + - name: Delete namespace + community.okd.k8s: + state: absent + definition: + - kind: Project + apiVersion: project.openshift.io/v1 + metadata: + name: "{{ playbook_namespace }}" + ignore_errors: yes diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/validate_not_installed.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/validate_not_installed.yml new file mode 100644 index 00000000..44bee7bb --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/tasks/validate_not_installed.yml @@ -0,0 +1,25 @@ +--- +# TODO: Not available in ansible-base +# - python_requirements_info: +# dependencies: +# - openshift +# - kubernetes +# - kubernetes-validate + +- community.okd.k8s: + definition: + apiVersion: v1 + kind: ConfigMap + metadata: + name: hello + namespace: default + validate: + fail_on_error: yes + ignore_errors: yes + register: k8s_no_validate + +- name: assert that k8s_no_validate fails gracefully + assert: + that: + - k8s_no_validate is failed + - "k8s_no_validate.msg == 'kubernetes-validate python library is required to validate resources'" diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/vars/main.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/vars/main.yml new file mode 100644 index 00000000..66fb0d33 --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/vars/main.yml @@ -0,0 +1,94 @@ +--- +k8s_pod_annotations: {} + +k8s_pod_metadata: + labels: + app: '{{ k8s_pod_name }}' + annotations: '{{ k8s_pod_annotations }}' + +k8s_pod_spec: + serviceAccount: "{{ k8s_pod_service_account }}" + containers: + - image: "{{ k8s_pod_image }}" + imagePullPolicy: Always + name: "{{ k8s_pod_name }}" + command: "{{ k8s_pod_command }}" + readinessProbe: + initialDelaySeconds: 15 + exec: + command: + - /bin/true + resources: "{{ k8s_pod_resources }}" + ports: "{{ k8s_pod_ports }}" + env: "{{ k8s_pod_env }}" + +k8s_pod_service_account: default + +k8s_pod_resources: + limits: + cpu: "100m" + memory: "100Mi" + +k8s_pod_command: [] + +k8s_pod_ports: [] + +k8s_pod_env: [] + +k8s_pod_template: + metadata: "{{ k8s_pod_metadata }}" + spec: "{{ k8s_pod_spec }}" + +k8s_deployment_spec: + template: '{{ k8s_pod_template }}' + selector: + matchLabels: + app: '{{ k8s_pod_name }}' + replicas: 1 + +k8s_deployment_template: + apiVersion: apps/v1 + kind: Deployment + spec: '{{ k8s_deployment_spec }}' + +okd_dc_triggers: + - type: ConfigChange + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - '{{ k8s_pod_name }}' + from: + kind: ImageStreamTag + name: '{{ image_name }}:{{ image_tag }}' + +okd_dc_spec: + template: '{{ k8s_pod_template }}' + triggers: '{{ okd_dc_triggers }}' + replicas: 1 + strategy: + type: Recreate + +okd_dc_template: + apiVersion: v1 + kind: DeploymentConfig + spec: '{{ okd_dc_spec }}' + +okd_imagestream_template: + apiVersion: image.openshift.io/v1 + kind: ImageStream + metadata: + name: '{{ image_name }}' + spec: + lookupPolicy: + local: true + tags: + - annotations: null + from: + kind: DockerImage + name: '{{ image }}' + name: '{{ image_tag }}' + referencePolicy: + type: Source + +image_tag: latest diff --git a/collections-debian-merged/ansible_collections/community/okd/molecule/default/verify.yml b/collections-debian-merged/ansible_collections/community/okd/molecule/default/verify.yml new file mode 100644 index 00000000..9b022d6d --- /dev/null +++ b/collections-debian-merged/ansible_collections/community/okd/molecule/default/verify.yml @@ -0,0 +1,80 @@ +--- +- name: Verify inventory and connection plugins + # This group is created by the openshift_inventory plugin + # It is automatically configured to use the `oc` connection plugin + hosts: namespace_testing_pods + gather_facts: no + vars: + file_content: | + Hello world + tasks: + - name: End play if host not running (TODO should we not add these to the inventory?) + meta: end_host + when: pod_phase != "Running" + + - setup: + + - debug: var=ansible_facts + + - name: Assert the TEST environment variable was retrieved + assert: + that: ansible_facts.env.TEST == 'test' + + - name: Copy a file into the host + copy: + content: '{{ file_content }}' + dest: /tmp/test_file + + - name: Retrieve the file from the host + slurp: + src: /tmp/test_file + register: slurped_file + + - name: Assert the file content matches expectations + assert: + that: (slurped_file.content|b64decode) == file_content + + +- name: Verify + hosts: localhost + connection: local + gather_facts: no + vars: + ansible_python_interpreter: '{{ virtualenv_interpreter }}' + + tasks: + - pip: + name: kubernetes-validate==1.12.0 + virtualenv: "{{ virtualenv }}" + virtualenv_command: "{{ virtualenv_command }}" + virtualenv_site_packages: no + + - import_tasks: tasks/validate_installed.yml + + - pip: + name: kubernetes-validate + state: absent + virtualenv: "{{ virtualenv }}" + virtualenv_command: "{{ virtualenv_command }}" + virtualenv_site_packages: no + + - import_tasks: tasks/validate_not_installed.yml + + - import_tasks: tasks/openshift_auth.yml + - import_tasks: tasks/openshift_route.yml + - block: + - name: Create namespace + community.okd.k8s: + api_version: v1 + kind: Namespace + name: process-test + - import_tasks: tasks/openshift_process.yml + vars: + files_dir: '{{ playbook_dir }}/files' + always: + - name: Delete namespace + community.okd.k8s: + api_version: v1 + kind: Namespace + name: process-test + state: absent |