diff --git a/hack/tests/e2e-ansible-molecule.sh b/hack/tests/e2e-ansible-molecule.sh index 72434ddd3e..0c7e05b51b 100755 --- a/hack/tests/e2e-ansible-molecule.sh +++ b/hack/tests/e2e-ansible-molecule.sh @@ -62,9 +62,17 @@ KUSTOMIZE_PATH=${KUSTOMIZE} header_text "Test Ansible Molecule scenarios" pushd "${ROOTDIR}/test/ansible" DEST_IMAGE="quay.io/example/ansible-test-operator:v0.0.1" -sed -i".bak" -E -e 's/(FROM quay.io\/operator-framework\/ansible-operator)(:.*)?/\1:dev/g' build/Dockerfile; rm -f build/Dockerfile.bak -docker build -f build/Dockerfile -t "$DEST_IMAGE" --no-cache . +sed -i".bak" -E -e 's/(FROM quay.io\/operator-framework\/ansible-operator)(:.*)?/\1:dev/g' Dockerfile; rm -f Dockerfile.bak +docker build -t "$DEST_IMAGE" --no-cache . load_image_if_kind "$DEST_IMAGE" -OPERATOR_PULL_POLICY=Never OPERATOR_IMAGE=${DEST_IMAGE} TEST_CLUSTER_PORT=24443 TEST_OPERATOR_NAMESPACE=osdk-test molecule test --all + +make kustomize +if [ -f ./bin/kustomize ] ; then + KUSTOMIZE="$(realpath ./bin/kustomize)" +else + KUSTOMIZE="$(which kustomize)" +fi + +KUSTOMIZE_PATH=$KUSTOMIZE OPERATOR_PULL_POLICY=Never OPERATOR_IMAGE=${DEST_IMAGE} TEST_OPERATOR_NAMESPACE=osdk-test molecule test popd diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/molecule/mdefault/molecule.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/molecule/mdefault/molecule.go index 3108d2bc9a..92faa43e8f 100644 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/molecule/mdefault/molecule.go +++ b/internal/plugins/ansible/v1/scaffolds/internal/templates/molecule/mdefault/molecule.go @@ -63,7 +63,7 @@ provisioner: config_dir: ${MOLECULE_PROJECT_DIRECTORY}/config samples_dir: ${MOLECULE_PROJECT_DIRECTORY}/config/samples operator_image: ${OPERATOR_IMAGE:-""} - operator_pull_policy: ${OPERATOR_PULL_POLICY:-"Always"} + pull_policy: ${OPERATOR_PULL_POLICY:-"Always"} kustomize: ${KUSTOMIZE_PATH:-kustomize} env: K8S_AUTH_KUBECONFIG: ${KUBECONFIG:-"~/.kube/config"} diff --git a/test/ansible/Dockerfile b/test/ansible/Dockerfile new file mode 100644 index 0000000000..8975c568c3 --- /dev/null +++ b/test/ansible/Dockerfile @@ -0,0 +1,20 @@ +FROM quay.io/operator-framework/ansible-operator:dev + +COPY requirements.yml ${HOME}/requirements.yml +RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \ + && chmod -R ug+rwx ${HOME}/.ansible +COPY ansible.cfg /etc/ansible/ansible.cfg +COPY watches.yaml ${HOME}/watches.yaml + +COPY roles/ ${HOME}/roles/ +COPY playbooks/ ${HOME}/playbooks/ +COPY inventory/ ${HOME}/inventory/ +COPY plugins/ ${HOME}/plugins/ +COPY fixture_collection/ /tmp/fixture_collection/ +USER root +RUN chmod -R ug+rwx /tmp/fixture_collection +USER 1001 +RUN ansible-galaxy collection build /tmp/fixture_collection/ --output-path /tmp/fixture_collection/ \ + && ansible-galaxy collection install /tmp/fixture_collection/operator_sdk-test_fixtures-0.0.0.tar.gz \ + && echo abc123 > /opt/ansible/pwd.yml \ + && ansible-vault encrypt_string --vault-password-file /opt/ansible/pwd.yml 'thisisatest' --name 'the_secret' > /opt/ansible/vars.yml diff --git a/test/ansible/Makefile b/test/ansible/Makefile new file mode 100644 index 0000000000..f6dc82a3bf --- /dev/null +++ b/test/ansible/Makefile @@ -0,0 +1,91 @@ +# Current Operator version +VERSION ?= 0.0.1 +# Default bundle image tag +BUNDLE_IMG ?= controller-bundle:$(VERSION) +# Options for 'bundle-build' +ifneq ($(origin CHANNELS), undefined) +BUNDLE_CHANNELS := --channels=$(CHANNELS) +endif +ifneq ($(origin DEFAULT_CHANNEL), undefined) +BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL) +endif +BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL) + +.PHONY: bundle + +# Image URL to use all building/pushing image targets +IMG ?= controller:latest + +all: docker-build + +# Run against the configured Kubernetes cluster in ~/.kube/config +run: ansible-operator + $(ANSIBLE_OPERATOR) + +# Install CRDs into a cluster +install: kustomize + $(KUSTOMIZE) build config/crd | kubectl apply -f - + +# Uninstall CRDs from a cluster +uninstall: kustomize + $(KUSTOMIZE) build config/crd | kubectl delete -f - + +# Deploy controller in the configured Kubernetes cluster in ~/.kube/config +deploy: kustomize + cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + $(KUSTOMIZE) build config/default | kubectl apply -f - + +# Undeploy controller in the configured Kubernetes cluster in ~/.kube/config +undeploy: kustomize + $(KUSTOMIZE) build config/default | kubectl delete -f - + +# Build the docker image +docker-build: + docker build . -t ${IMG} + +# Push the docker image +docker-push: + docker push ${IMG} + +PATH := $(PATH):$(PWD)/bin +SHELL := env PATH=$(PATH) /bin/sh +OS = $(shell uname -s | tr '[:upper:]' '[:lower:]') +ARCH = $(shell uname -m | sed 's/x86_64/amd64/') +OSOPER = $(shell uname -s | tr '[:upper:]' '[:lower:]' | sed 's/darwin/apple-darwin/' | sed 's/linux/linux-gnu/') +ARCHOPER = $(shell uname -m ) + +kustomize: +ifeq (, $(shell which kustomize 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p bin ;\ + curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v3.5.4/kustomize_v3.5.4_$(OS)_$(ARCH).tar.gz | tar xzf - -C bin/ ;\ + } +KUSTOMIZE=./bin/kustomize +else +KUSTOMIZE=$(shell which kustomize) +endif + +ansible-operator: +ifeq (, $(shell which ansible-operator 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p bin ;\ + curl -LO https://github.com/operator-framework/operator-sdk/releases/download/v0.19.0/ansible-operator-v0.19.0-$(ARCHOPER)-$(OSOPER) ;\ + mv ansible-operator-v0.19.0-$(ARCHOPER)-$(OSOPER) ./bin/ansible-operator ;\ + chmod +x ./bin/ansible-operator ;\ + } +ANSIBLE_OPERATOR=$(realpath ./bin/ansible-operator) +else +ANSIBLE_OPERATOR=$(shell which ansible-operator) +endif + +# Generate bundle manifests and metadata, then validate generated files. +bundle: kustomize + operator-sdk generate kustomize manifests -q + $(KUSTOMIZE) build config/manifests | operator-sdk generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS) + operator-sdk bundle validate ./bundle + +# Build the bundle image. +bundle-build: + docker build -f bundle.Dockerfile -t $(BUNDLE_IMG) . diff --git a/test/ansible/OWNERS b/test/ansible/OWNERS deleted file mode 100644 index 9702fa3403..0000000000 --- a/test/ansible/OWNERS +++ /dev/null @@ -1,6 +0,0 @@ -approvers: - - fabianvf - - jmrodri -reviewers: - - fabianvf - - jmrodri diff --git a/test/ansible/PROJECT b/test/ansible/PROJECT new file mode 100644 index 0000000000..a458696650 --- /dev/null +++ b/test/ansible/PROJECT @@ -0,0 +1,4 @@ +domain: example.com +layout: ansible.sdk.operatorframework.io/v1 +projectName: ansible +version: 3-alpha diff --git a/test/ansible/deploy/crds/test.example.com_argstest_crd.yaml b/test/ansible/config/crd/bases/test.example.com_argstest_crd.yaml similarity index 100% rename from test/ansible/deploy/crds/test.example.com_argstest_crd.yaml rename to test/ansible/config/crd/bases/test.example.com_argstest_crd.yaml diff --git a/test/ansible/deploy/crds/test.example.com_casetest_crd.yaml b/test/ansible/config/crd/bases/test.example.com_casetest_crd.yaml similarity index 100% rename from test/ansible/deploy/crds/test.example.com_casetest_crd.yaml rename to test/ansible/config/crd/bases/test.example.com_casetest_crd.yaml diff --git a/test/ansible/deploy/crds/test.example.com_collectiontests_crd.yaml b/test/ansible/config/crd/bases/test.example.com_collectiontests_crd.yaml similarity index 100% rename from test/ansible/deploy/crds/test.example.com_collectiontests_crd.yaml rename to test/ansible/config/crd/bases/test.example.com_collectiontests_crd.yaml diff --git a/test/ansible/deploy/crds/test.example.com_inventorytests_crd.yaml b/test/ansible/config/crd/bases/test.example.com_inventorytests_crd.yaml similarity index 100% rename from test/ansible/deploy/crds/test.example.com_inventorytests_crd.yaml rename to test/ansible/config/crd/bases/test.example.com_inventorytests_crd.yaml diff --git a/test/ansible/deploy/crds/test.example.com_selectortest_crd.yaml b/test/ansible/config/crd/bases/test.example.com_selectortests_crd.yaml similarity index 100% rename from test/ansible/deploy/crds/test.example.com_selectortest_crd.yaml rename to test/ansible/config/crd/bases/test.example.com_selectortests_crd.yaml diff --git a/test/ansible/deploy/crds/test.example.com_subresourcestests_crd.yaml b/test/ansible/config/crd/bases/test.example.com_subresourcestests_crd.yaml similarity index 100% rename from test/ansible/deploy/crds/test.example.com_subresourcestests_crd.yaml rename to test/ansible/config/crd/bases/test.example.com_subresourcestests_crd.yaml diff --git a/test/ansible/config/crd/kustomization.yaml b/test/ansible/config/crd/kustomization.yaml new file mode 100644 index 0000000000..b05e30194e --- /dev/null +++ b/test/ansible/config/crd/kustomization.yaml @@ -0,0 +1,11 @@ +# This kustomization.yaml is not intended to be run by itself, +# since it depends on service name and namespace that are out of this kustomize package. +# It should be run by config/default +resources: + - bases/test.example.com_argstest_crd.yaml + - bases/test.example.com_casetest_crd.yaml + - bases/test.example.com_collectiontests_crd.yaml + - bases/test.example.com_inventorytests_crd.yaml + - bases/test.example.com_selectortests_crd.yaml + - bases/test.example.com_subresourcestests_crd.yaml +# +kubebuilder:scaffold:crdkustomizeresource diff --git a/test/ansible/config/default/kustomization.yaml b/test/ansible/config/default/kustomization.yaml new file mode 100644 index 0000000000..0d6315b00f --- /dev/null +++ b/test/ansible/config/default/kustomization.yaml @@ -0,0 +1,26 @@ +# Adds namespace to all resources. +namespace: ansible-system + +# Value of this field is prepended to the +# names of all resources, e.g. a deployment named +# "wordpress" becomes "alices-wordpress". +# Note that it should also match with the prefix (text before '-') of the namespace +# field above. +namePrefix: ansible- + +# Labels to add to all resources and selectors. +#commonLabels: +# someName: someValue + +bases: +- ../crd +- ../rbac +- ../manager +# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. +#- ../prometheus + +patchesStrategicMerge: + # Protect the /metrics endpoint by putting it behind auth. + # If you want your controller-manager to expose the /metrics + # endpoint w/o any authn/z, please comment the following line. +- manager_auth_proxy_patch.yaml diff --git a/test/ansible/config/default/manager_auth_proxy_patch.yaml b/test/ansible/config/default/manager_auth_proxy_patch.yaml new file mode 100644 index 0000000000..37c578ab7a --- /dev/null +++ b/test/ansible/config/default/manager_auth_proxy_patch.yaml @@ -0,0 +1,21 @@ +# This patch inject a sidecar container which is a HTTP proxy for the +# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: kube-rbac-proxy + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 + args: + - "--secure-listen-address=0.0.0.0:8443" + - "--upstream=http://127.0.0.1:8080/" + - "--logtostderr=true" + - "--v=10" + ports: + - containerPort: 8443 + name: https diff --git a/test/ansible/config/manager/kustomization.yaml b/test/ansible/config/manager/kustomization.yaml new file mode 100644 index 0000000000..5c5f0b84cb --- /dev/null +++ b/test/ansible/config/manager/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- manager.yaml diff --git a/test/ansible/config/manager/manager.yaml b/test/ansible/config/manager/manager.yaml new file mode 100644 index 0000000000..20695a9214 --- /dev/null +++ b/test/ansible/config/manager/manager.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + name: system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system + labels: + control-plane: controller-manager +spec: + selector: + matchLabels: + control-plane: controller-manager + replicas: 1 + template: + metadata: + labels: + control-plane: controller-manager + spec: + containers: + - name: manager + args: + - "--metrics-addr=127.0.0.1:8080" + - "--enable-leader-election" + - "--leader-election-id=ansible" + - "--ansible-args='--vault-password-file /opt/ansible/pwd.yml'" + image: controller:latest + env: + - name: ANSIBLE_INVENTORY + value: /opt/ansible/inventory + terminationGracePeriodSeconds: 10 diff --git a/test/ansible/config/prometheus/kustomization.yaml b/test/ansible/config/prometheus/kustomization.yaml new file mode 100644 index 0000000000..ed137168a1 --- /dev/null +++ b/test/ansible/config/prometheus/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- monitor.yaml diff --git a/test/ansible/config/prometheus/monitor.yaml b/test/ansible/config/prometheus/monitor.yaml new file mode 100644 index 0000000000..1b44d4f617 --- /dev/null +++ b/test/ansible/config/prometheus/monitor.yaml @@ -0,0 +1,16 @@ +--- +# Prometheus Monitor Service (Metrics) +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + control-plane: controller-manager + name: controller-manager-metrics-monitor + namespace: system +spec: + endpoints: + - path: /metrics + port: https + selector: + matchLabels: + control-plane: controller-manager diff --git a/test/ansible/config/rbac/auth_proxy_client_clusterrole.yaml b/test/ansible/config/rbac/auth_proxy_client_clusterrole.yaml new file mode 100644 index 0000000000..7d62534c5f --- /dev/null +++ b/test/ansible/config/rbac/auth_proxy_client_clusterrole.yaml @@ -0,0 +1,7 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: metrics-reader +rules: +- nonResourceURLs: ["/metrics"] + verbs: ["get"] diff --git a/test/ansible/config/rbac/auth_proxy_role.yaml b/test/ansible/config/rbac/auth_proxy_role.yaml new file mode 100644 index 0000000000..618f5e4177 --- /dev/null +++ b/test/ansible/config/rbac/auth_proxy_role.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: proxy-role +rules: +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: ["create"] +- apiGroups: ["authorization.k8s.io"] + resources: + - subjectaccessreviews + verbs: ["create"] diff --git a/test/ansible/config/rbac/auth_proxy_role_binding.yaml b/test/ansible/config/rbac/auth_proxy_role_binding.yaml new file mode 100644 index 0000000000..48ed1e4b85 --- /dev/null +++ b/test/ansible/config/rbac/auth_proxy_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: proxy-role +subjects: +- kind: ServiceAccount + name: default + namespace: system diff --git a/test/ansible/config/rbac/auth_proxy_service.yaml b/test/ansible/config/rbac/auth_proxy_service.yaml new file mode 100644 index 0000000000..6cf656be14 --- /dev/null +++ b/test/ansible/config/rbac/auth_proxy_service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: controller-manager-metrics-service + namespace: system +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + control-plane: controller-manager diff --git a/test/ansible/config/rbac/kustomization.yaml b/test/ansible/config/rbac/kustomization.yaml new file mode 100644 index 0000000000..43e18ccff1 --- /dev/null +++ b/test/ansible/config/rbac/kustomization.yaml @@ -0,0 +1,50 @@ +resources: + - role.yaml + - role_binding.yaml + - leader_election_role.yaml + - leader_election_role_binding.yaml + # Comment the following 4 lines if you want to disable + # the auth proxy (https://github.com/brancz/kube-rbac-proxy) + # which protects your /metrics endpoint. + - auth_proxy_service.yaml + - auth_proxy_role.yaml + - auth_proxy_role_binding.yaml + - auth_proxy_client_clusterrole.yaml +patchesJson6902: + - target: + group: rbac.authorization.k8s.io + version: v1 + kind: ClusterRole + name: manager-role + path: patches/collectiontests_editor_role.yaml + - target: + group: rbac.authorization.k8s.io + version: v1 + kind: ClusterRole + name: manager-role + path: patches/inventorytests_editor_role.yaml + - target: + group: rbac.authorization.k8s.io + version: v1 + kind: ClusterRole + name: manager-role + path: patches/selectortests_editor_role.yaml + - target: + group: rbac.authorization.k8s.io + version: v1 + kind: ClusterRole + name: manager-role + path: patches/subresourcestests_editor_role.yaml + - target: + group: rbac.authorization.k8s.io + version: v1 + kind: ClusterRole + name: manager-role + path: patches/casetests_editor_role.yaml + - target: + group: rbac.authorization.k8s.io + version: v1 + kind: ClusterRole + name: manager-role + path: patches/argstests_editor_role.yaml +# +kubebuilder:scaffold:patch6902 diff --git a/test/ansible/config/rbac/leader_election_role.yaml b/test/ansible/config/rbac/leader_election_role.yaml new file mode 100644 index 0000000000..53e974910b --- /dev/null +++ b/test/ansible/config/rbac/leader_election_role.yaml @@ -0,0 +1,25 @@ +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: leader-election-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/test/ansible/deploy/role_binding.yaml b/test/ansible/config/rbac/leader_election_role_binding.yaml similarity index 61% rename from test/ansible/deploy/role_binding.yaml rename to test/ansible/config/rbac/leader_election_role_binding.yaml index 34a09cc757..eed16906f4 100644 --- a/test/ansible/deploy/role_binding.yaml +++ b/test/ansible/config/rbac/leader_election_role_binding.yaml @@ -1,11 +1,12 @@ -kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding metadata: - name: ansible -subjects: -- kind: ServiceAccount - name: ansible + name: leader-election-rolebinding roleRef: - kind: Role - name: ansible apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: default + namespace: system diff --git a/test/ansible/config/rbac/patches/argstests_editor_role.yaml b/test/ansible/config/rbac/patches/argstests_editor_role.yaml new file mode 100644 index 0000000000..cb9c77ddb1 --- /dev/null +++ b/test/ansible/config/rbac/patches/argstests_editor_role.yaml @@ -0,0 +1,27 @@ +- op: add + path: /rules/- + value: + apiGroups: + - test.example.com + resources: + - argstests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- op: add + path: /rules/- + value: + apiGroups: + - test.example.com + resources: + - argstests/status + verbs: + - get + - update + - patch + diff --git a/test/ansible/config/rbac/patches/casetests_editor_role.yaml b/test/ansible/config/rbac/patches/casetests_editor_role.yaml new file mode 100644 index 0000000000..e31eb4429e --- /dev/null +++ b/test/ansible/config/rbac/patches/casetests_editor_role.yaml @@ -0,0 +1,26 @@ +- op: add + path: /rules/- + value: + apiGroups: + - test.example.com + resources: + - casetests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- op: add + path: /rules/- + value: + apiGroups: + - test.example.com + resources: + - casetests/status + verbs: + - get + - update + - patch diff --git a/test/ansible/config/rbac/patches/collectiontests_editor_role.yaml b/test/ansible/config/rbac/patches/collectiontests_editor_role.yaml new file mode 100644 index 0000000000..088c838a12 --- /dev/null +++ b/test/ansible/config/rbac/patches/collectiontests_editor_role.yaml @@ -0,0 +1,26 @@ +- op: add + path: /rules/- + value: + apiGroups: + - test.example.com + resources: + - collectiontests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- op: add + path: /rules/- + value: + apiGroups: + - test.example.com + resources: + - collectiontests/status + verbs: + - get + - update + - patch diff --git a/test/ansible/config/rbac/patches/inventorytests_editor_role.yaml b/test/ansible/config/rbac/patches/inventorytests_editor_role.yaml new file mode 100644 index 0000000000..63a486e793 --- /dev/null +++ b/test/ansible/config/rbac/patches/inventorytests_editor_role.yaml @@ -0,0 +1,26 @@ +- op: add + path: /rules/- + value: + apiGroups: + - test.example.com + resources: + - inventorytests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- op: add + path: /rules/- + value: + apiGroups: + - test.example.com + resources: + - inventorytests/status + verbs: + - get + - update + - patch diff --git a/test/ansible/config/rbac/patches/selectortests_editor_role.yaml b/test/ansible/config/rbac/patches/selectortests_editor_role.yaml new file mode 100644 index 0000000000..ce044250ee --- /dev/null +++ b/test/ansible/config/rbac/patches/selectortests_editor_role.yaml @@ -0,0 +1,26 @@ +- op: add + path: /rules/- + value: + apiGroups: + - test.example.com + resources: + - selectortests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- op: add + path: /rules/- + value: + apiGroups: + - test.example.com + resources: + - selectortests/status + verbs: + - get + - update + - patch diff --git a/test/ansible/config/rbac/patches/subresourcestests_editor_role.yaml b/test/ansible/config/rbac/patches/subresourcestests_editor_role.yaml new file mode 100644 index 0000000000..b9f11cf4e3 --- /dev/null +++ b/test/ansible/config/rbac/patches/subresourcestests_editor_role.yaml @@ -0,0 +1,26 @@ +- op: add + path: /rules/- + value: + apiGroups: + - test.example.com + resources: + - subresourcestests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- op: add + path: /rules/- + value: + apiGroups: + - test.example.com + resources: + - subresourcestests/status + verbs: + - get + - update + - patch diff --git a/test/ansible/config/rbac/role.yaml b/test/ansible/config/rbac/role.yaml new file mode 100644 index 0000000000..5dea0b1621 --- /dev/null +++ b/test/ansible/config/rbac/role.yaml @@ -0,0 +1,37 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: manager-role +rules: +- apiGroups: + - "" + resources: + - secrets + - pods + - pods/exec + - pods/log + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/test/ansible/config/rbac/role_binding.yaml b/test/ansible/config/rbac/role_binding.yaml new file mode 100644 index 0000000000..98f87829e9 --- /dev/null +++ b/test/ansible/config/rbac/role_binding.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: manager-role +subjects: +- kind: ServiceAccount + name: default + namespace: system diff --git a/test/ansible/config/samples/kustomization.yaml b/test/ansible/config/samples/kustomization.yaml new file mode 100644 index 0000000000..fd18a34c5c --- /dev/null +++ b/test/ansible/config/samples/kustomization.yaml @@ -0,0 +1,3 @@ +## This file is auto-generated, do not modify ## +resources: +- test.example.com_v1alpha1_inventorytest_cr.yaml diff --git a/test/ansible/deploy/crds/test.example.com_v1alpha1_inventorytest_cr.yaml b/test/ansible/config/samples/test.example.com_v1alpha1_inventorytest_cr.yaml similarity index 72% rename from test/ansible/deploy/crds/test.example.com_v1alpha1_inventorytest_cr.yaml rename to test/ansible/config/samples/test.example.com_v1alpha1_inventorytest_cr.yaml index d6f990b42b..fef5138521 100644 --- a/test/ansible/deploy/crds/test.example.com_v1alpha1_inventorytest_cr.yaml +++ b/test/ansible/config/samples/test.example.com_v1alpha1_inventorytest_cr.yaml @@ -3,7 +3,7 @@ kind: InventoryTest metadata: name: example-inventory annotations: - "ansible.sdk.operatorframework.io/verbosity": "0" + "ansible.operator-sdk/verbosity": "0" spec: # Add fields here size: 3 diff --git a/test/ansible/config/scorecard/bases/config.yaml b/test/ansible/config/scorecard/bases/config.yaml new file mode 100644 index 0000000000..c77047841e --- /dev/null +++ b/test/ansible/config/scorecard/bases/config.yaml @@ -0,0 +1,7 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: [] diff --git a/test/ansible/config/scorecard/kustomization.yaml b/test/ansible/config/scorecard/kustomization.yaml new file mode 100644 index 0000000000..d73509ee73 --- /dev/null +++ b/test/ansible/config/scorecard/kustomization.yaml @@ -0,0 +1,16 @@ +resources: +- bases/config.yaml +patchesJson6902: +- path: patches/basic.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config +- path: patches/olm.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config +# +kubebuilder:scaffold:patchesJson6902 diff --git a/test/ansible/config/scorecard/patches/basic.config.yaml b/test/ansible/config/scorecard/patches/basic.config.yaml new file mode 100644 index 0000000000..e7fa305018 --- /dev/null +++ b/test/ansible/config/scorecard/patches/basic.config.yaml @@ -0,0 +1,10 @@ +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: basic + test: basic-check-spec-test diff --git a/test/ansible/config/scorecard/patches/olm.config.yaml b/test/ansible/config/scorecard/patches/olm.config.yaml new file mode 100644 index 0000000000..e564c42f95 --- /dev/null +++ b/test/ansible/config/scorecard/patches/olm.config.yaml @@ -0,0 +1,50 @@ +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-bundle-validation-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-crds-have-validation-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-crds-have-resources-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-spec-descriptors-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-status-descriptors-test diff --git a/test/ansible/config/testing/debug_logs_patch.yaml b/test/ansible/config/testing/debug_logs_patch.yaml new file mode 100644 index 0000000000..3e31e2fba1 --- /dev/null +++ b/test/ansible/config/testing/debug_logs_patch.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + env: + - name: ANSIBLE_DEBUG_LOGS + value: "TRUE" diff --git a/test/ansible/config/testing/kustomization.yaml b/test/ansible/config/testing/kustomization.yaml new file mode 100644 index 0000000000..9757d27f74 --- /dev/null +++ b/test/ansible/config/testing/kustomization.yaml @@ -0,0 +1,24 @@ +# Adds namespace to all resources. +namespace: osdk-test + +namePrefix: osdk- + +# Labels to add to all resources and selectors. +#commonLabels: +# someName: someValue + +patchesStrategicMerge: +- manager_image.yaml +- pull_policy/Never.yaml +- debug_logs_patch.yaml +- ../default/manager_auth_proxy_patch.yaml + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../crd +- ../rbac +- ../manager +images: +- name: testing + newName: testing-operator diff --git a/test/ansible/config/testing/manager_image.yaml b/test/ansible/config/testing/manager_image.yaml new file mode 100644 index 0000000000..e44f542d9b --- /dev/null +++ b/test/ansible/config/testing/manager_image.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + image: testing diff --git a/test/ansible/config/testing/pull_policy/Always.yaml b/test/ansible/config/testing/pull_policy/Always.yaml new file mode 100644 index 0000000000..6b0a8e2a8a --- /dev/null +++ b/test/ansible/config/testing/pull_policy/Always.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + imagePullPolicy: Always diff --git a/test/ansible/config/testing/pull_policy/IfNotPresent.yaml b/test/ansible/config/testing/pull_policy/IfNotPresent.yaml new file mode 100644 index 0000000000..2f52f496cd --- /dev/null +++ b/test/ansible/config/testing/pull_policy/IfNotPresent.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + imagePullPolicy: IfNotPresent diff --git a/test/ansible/config/testing/pull_policy/Never.yaml b/test/ansible/config/testing/pull_policy/Never.yaml new file mode 100644 index 0000000000..86f13d8164 --- /dev/null +++ b/test/ansible/config/testing/pull_policy/Never.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + imagePullPolicy: Never diff --git a/test/ansible/deploy/crds/test.example.com_v1_inventorytest_cr.yaml b/test/ansible/deploy/crds/test.example.com_v1_inventorytest_cr.yaml deleted file mode 100644 index 71f42e09b0..0000000000 --- a/test/ansible/deploy/crds/test.example.com_v1_inventorytest_cr.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: test.example.com/v1 -kind: InventoryTest -metadata: - name: example-inventorytest - annotations: - "ansible.sdk.operatorframework.io/verbosity": "3" -spec: - # Add fields here - size: 3 diff --git a/test/ansible/deploy/operator.yaml b/test/ansible/deploy/operator.yaml deleted file mode 100644 index df0545a827..0000000000 --- a/test/ansible/deploy/operator.yaml +++ /dev/null @@ -1,49 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: ansible -spec: - replicas: 1 - selector: - matchLabels: - name: ansible - template: - metadata: - labels: - name: ansible - spec: - serviceAccountName: ansible - containers: - - name: ansible - # Replace this with the built image name - image: "REPLACE_IMAGE" - imagePullPolicy: "Always" - volumeMounts: - - mountPath: /tmp/ansible-operator/runner - name: runner - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPERATOR_NAME - value: "ansible" - - name: ANSIBLE_GATHERING - value: explicit - - name: ANSIBLE_INVENTORY - value: /opt/ansible/inventory - livenessProbe: - httpGet: - path: /healthz - port: 6789 - initialDelaySeconds: 5 - periodSeconds: 3 - - volumes: - - name: runner - emptyDir: {} diff --git a/test/ansible/deploy/role.yaml b/test/ansible/deploy/role.yaml deleted file mode 100644 index d30b87b291..0000000000 --- a/test/ansible/deploy/role.yaml +++ /dev/null @@ -1,83 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - name: ansible -rules: -- apiGroups: - - "" - resources: - - pods - - pods/exec - - pods/log - - services - - services/finalizers - - endpoints - - persistentvolumeclaims - - events - - configmaps - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create -- apiGroups: - - apps - resourceNames: - - ansible - resources: - - deployments/finalizers - verbs: - - update -- apiGroups: - - "" - resources: - - pods - verbs: - - get -- apiGroups: - - apps - resources: - - replicasets - - deployments - verbs: - - get -- apiGroups: - - test.example.com - resources: - - '*' - - inventories - verbs: - - create - - delete - - get - - list - - patch - - update - - watch diff --git a/test/ansible/deploy/service_account.yaml b/test/ansible/deploy/service_account.yaml deleted file mode 100644 index 94be3a0755..0000000000 --- a/test/ansible/deploy/service_account.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ansible diff --git a/test/ansible/molecule/cluster/converge.yml b/test/ansible/molecule/cluster/converge.yml deleted file mode 100644 index 8877f82588..0000000000 --- a/test/ansible/molecule/cluster/converge.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -- name: Converge - hosts: localhost - connection: local - gather_facts: no - collections: - - community.kubernetes - - tasks: - - name: Ensure operator image is set - fail: - msg: | - You must specify the OPERATOR_IMAGE environment variable in order to run the - 'cluster' scenario - when: not operator_image - - - name: Create the Operator Deployment - k8s: - namespace: '{{ namespace }}' - definition: "{{ lookup('template', '/'.join([template_dir, 'operator.yaml.j2'])) }}" - wait: yes - vars: - image: '{{ operator_image }}' - pull_policy: '{{ operator_pull_policy }}' diff --git a/test/ansible/molecule/cluster/destroy.yml b/test/ansible/molecule/cluster/destroy.yml deleted file mode 100644 index b55bb6f8d3..0000000000 --- a/test/ansible/molecule/cluster/destroy.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -- name: Destroy - hosts: localhost - connection: local - gather_facts: false - - tasks: - - name: Delete namespace - k8s: - api_version: v1 - kind: Namespace - name: '{{ namespace }}' - state: absent - wait: yes - - - name: Delete RBAC resources - k8s: - definition: "{{ lookup('template', '/'.join([deploy_dir, item])) }}" - namespace: '{{ namespace }}' - state: absent - wait: yes - with_items: - - role.yaml - - role_binding.yaml - - service_account.yaml - - - name: Delete Custom Resource Definitions - k8s: - definition: "{{ lookup('file', item) }}" - state: absent - wait: yes - with_fileglob: - - "{{ '/'.join([deploy_dir, 'crds']) }}/*_crd.yaml" diff --git a/test/ansible/molecule/cluster/prepare.yml b/test/ansible/molecule/cluster/prepare.yml deleted file mode 100644 index 942b1aa73f..0000000000 --- a/test/ansible/molecule/cluster/prepare.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -- name: Prepare - hosts: localhost - connection: local - gather_facts: false - no_log: "{{ molecule_no_log }}" - vars: - deploy_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/deploy" - - tasks: - - name: Create Custom Resource Definitions - k8s: - definition: "{{ lookup('file', item) }}" - with_fileglob: - - "{{ '/'.join([deploy_dir, 'crds']) }}/*_crd.yaml" - - - name: Create namespace - k8s: - api_version: v1 - kind: Namespace - name: '{{ namespace }}' - - - name: Create RBAC resources - k8s: - definition: "{{ lookup('template', '/'.join([deploy_dir, item])) }}" - namespace: '{{ namespace }}' - with_items: - - role.yaml - - role_binding.yaml - - service_account.yaml - - - name: Create ServiceMonitor Custom Resource Definiiton - k8s: - definition: "{{ lookup('url', 'https://raw.githubusercontent.com/coreos/prometheus-operator/release-0.35/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml', split_lines=False) | from_yaml_all | list }}" diff --git a/test/ansible/molecule/default/converge.yml b/test/ansible/molecule/default/converge.yml new file mode 100644 index 0000000000..0633db9849 --- /dev/null +++ b/test/ansible/molecule/default/converge.yml @@ -0,0 +1,18 @@ +--- +- name: Converge + hosts: localhost + connection: local + gather_facts: no + collections: + - community.kubernetes + + tasks: + - name: Create Namespace + k8s: + api_version: v1 + kind: Namespace + name: '{{ namespace }}' + + - import_tasks: kustomize.yml + vars: + state: present diff --git a/test/ansible/molecule/cluster/create.yml b/test/ansible/molecule/default/create.yml similarity index 100% rename from test/ansible/molecule/cluster/create.yml rename to test/ansible/molecule/default/create.yml diff --git a/test/ansible/molecule/default/destroy.yml b/test/ansible/molecule/default/destroy.yml new file mode 100644 index 0000000000..f935cff129 --- /dev/null +++ b/test/ansible/molecule/default/destroy.yml @@ -0,0 +1,24 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + collections: + - community.kubernetes + + tasks: + - import_tasks: kustomize.yml + vars: + state: absent + + - name: Destroy Namespace + k8s: + api_version: v1 + kind: Namespace + name: '{{ namespace }}' + state: absent + + - name: Unset pull policy + command: '{{ kustomize }} edit remove patch pull_policy/{{ pull_policy }}.yaml' + args: + chdir: '{{ config_dir }}/testing' diff --git a/test/ansible/molecule/default/kustomize.yml b/test/ansible/molecule/default/kustomize.yml new file mode 100644 index 0000000000..f3d888c2f3 --- /dev/null +++ b/test/ansible/molecule/default/kustomize.yml @@ -0,0 +1,15 @@ +--- +- name: Build kustomize testing overlay + # load_restrictor must be set to none so we can load patch files from the default overlay + command: '{{ kustomize }} build --load_restrictor none .' + args: + chdir: '{{ config_dir }}/testing' + register: resources + changed_when: false + +- name: Set resources to {{ state }} + k8s: + definition: '{{ item }}' + state: '{{ state }}' + wait: yes + loop: '{{ resources.stdout | from_yaml_all | list }}' diff --git a/test/ansible/molecule/cluster/molecule.yml b/test/ansible/molecule/default/molecule.yml similarity index 68% rename from test/ansible/molecule/cluster/molecule.yml rename to test/ansible/molecule/default/molecule.yml index 06b307f7d1..62aae39604 100644 --- a/test/ansible/molecule/cluster/molecule.yml +++ b/test/ansible/molecule/default/molecule.yml @@ -7,9 +7,9 @@ lint: | set -e yamllint -d "{extends: relaxed, rules: {line-length: {max: 120}}}" . platforms: -- name: cluster - groups: - - k8s + - name: cluster + groups: + - k8s provisioner: name: ansible lint: | @@ -22,10 +22,11 @@ provisioner: host_vars: localhost: ansible_python_interpreter: '{{ ansible_playbook_python }}' - deploy_dir: ${MOLECULE_PROJECT_DIRECTORY}/deploy - template_dir: ${MOLECULE_PROJECT_DIRECTORY}/molecule/templates + config_dir: ${MOLECULE_PROJECT_DIRECTORY}/config + samples_dir: ${MOLECULE_PROJECT_DIRECTORY}/config/samples operator_image: ${OPERATOR_IMAGE:-""} - operator_pull_policy: ${OPERATOR_PULL_POLICY:-"Always"} + pull_policy: ${OPERATOR_PULL_POLICY:-"Always"} + kustomize: ${KUSTOMIZE_PATH:-kustomize} env: K8S_AUTH_KUBECONFIG: ${KUBECONFIG:-"~/.kube/config"} verifier: diff --git a/test/ansible/molecule/default/prepare.yml b/test/ansible/molecule/default/prepare.yml index 0ef09072db..f269f3bf7c 100644 --- a/test/ansible/molecule/default/prepare.yml +++ b/test/ansible/molecule/default/prepare.yml @@ -1,27 +1,28 @@ --- - name: Prepare - hosts: k8s - gather_facts: no + hosts: localhost + connection: local + gather_facts: false + tasks: - - name: Fetch the kubeconfig - fetch: - dest: '{{ kubeconfig_file }}' - flat: yes - src: /root/.kube/config + - name: Ensure operator image is set + fail: + msg: | + You must specify the OPERATOR_IMAGE environment variable in order to run the + 'default' scenario + when: not operator_image + + - name: Set testing image + command: '{{ kustomize }} edit set image testing={{ operator_image }}' + args: + chdir: '{{ config_dir }}/testing' - - name: Change the kubeconfig port to the proper value - replace: - regexp: '8443' - replace: "{{ lookup('env', 'KIND_PORT') }}" - path: '{{ kubeconfig_file }}' - delegate_to: localhost + - name: Set pull policy + command: '{{ kustomize }} edit add patch pull_policy/{{ pull_policy }}.yaml' + args: + chdir: '{{ config_dir }}/testing' - - name: Wait for the Kubernetes API to become available (this could take a minute) - uri: - url: "http://localhost:10080/kubernetes-ready" - status_code: 200 - validate_certs: no - register: result - until: (result.status|default(-1)) == 200 - retries: 60 - delay: 5 + - name: Set testing namespace + command: '{{ kustomize }} edit set namespace {{ namespace }}' + args: + chdir: '{{ config_dir }}/testing' diff --git a/test/ansible/molecule/cluster/tasks/args_test.yml b/test/ansible/molecule/default/tasks/args_test.yml similarity index 100% rename from test/ansible/molecule/cluster/tasks/args_test.yml rename to test/ansible/molecule/default/tasks/args_test.yml diff --git a/test/ansible/molecule/cluster/tasks/case_test.yml b/test/ansible/molecule/default/tasks/case_test.yml similarity index 100% rename from test/ansible/molecule/cluster/tasks/case_test.yml rename to test/ansible/molecule/default/tasks/case_test.yml diff --git a/test/ansible/molecule/cluster/tasks/collections_test.yml b/test/ansible/molecule/default/tasks/collections_test.yml similarity index 76% rename from test/ansible/molecule/cluster/tasks/collections_test.yml rename to test/ansible/molecule/default/tasks/collections_test.yml index 61ba0c40b9..f7053f24bd 100644 --- a/test/ansible/molecule/cluster/tasks/collections_test.yml +++ b/test/ansible/molecule/default/tasks/collections_test.yml @@ -19,4 +19,9 @@ assert: that: cm.data.did_it_work == 'indeed' vars: - cm: "{{ q('k8s', api_version='v1', kind='ConfigMap', namespace=namespace, resource_name='test-this-collection').0 }}" + cm: "{{ q('k8s', + api_version='v1', + kind='ConfigMap', + namespace=namespace, + resource_name='test-this-collection' + ).0 }}" diff --git a/test/ansible/molecule/cluster/tasks/inventory_test.yml b/test/ansible/molecule/default/tasks/inventory_test.yml similarity index 76% rename from test/ansible/molecule/cluster/tasks/inventory_test.yml rename to test/ansible/molecule/default/tasks/inventory_test.yml index 909f8960c5..6bc53edf93 100644 --- a/test/ansible/molecule/cluster/tasks/inventory_test.yml +++ b/test/ansible/molecule/default/tasks/inventory_test.yml @@ -11,7 +11,10 @@ reason: Successful status: "True" vars: - custom_resource: "{{ lookup('template', '/'.join([deploy_dir, 'crds/test.example.com_v1alpha1_inventorytest_cr.yaml'])) | from_yaml }}" + custom_resource: "{{ lookup('template', '/'.join([ + config_dir, + 'samples/test.example.com_v1alpha1_inventorytest_cr.yaml' + ])) | from_yaml }}" - name: Assert sentinel ConfigMap has been created for Molecule Test assert: diff --git a/test/ansible/molecule/cluster/tasks/liveness_test.yml b/test/ansible/molecule/default/tasks/liveness_test.yml similarity index 67% rename from test/ansible/molecule/cluster/tasks/liveness_test.yml rename to test/ansible/molecule/default/tasks/liveness_test.yml index 9f05a74981..49607d502e 100644 --- a/test/ansible/molecule/cluster/tasks/liveness_test.yml +++ b/test/ansible/molecule/default/tasks/liveness_test.yml @@ -1,14 +1,14 @@ -- name: get the operator pod - set_fact: - op_pod: "{{ lookup('k8s', kind='Pod', label_selector='name=ansible') }}" - +--- - name: Check for liveness probe failure events - # We can't directly hit the endpoint, which is not publicly exposed. If k8s sees a failing endpoint, it will create a "Killing" event. + # We can't directly hit the endpoint, which is not publicly exposed. + # If k8s sees a failing endpoint, it will create a "Killing" event. k8s_info: kind: Event field_selectors: - "involvedObject.name={{ op_pod.metadata.name }}" - "reason=Killing" + vars: + op_pod: "{{ lookup('k8s', kind='Pod', label_selector='control-plane=controller-manager') }}" register: liveness_failures - name: Assert that the Pod has not been liveness probe Killed diff --git a/test/ansible/molecule/cluster/tasks/secrets_test.yml b/test/ansible/molecule/default/tasks/secrets_test.yml similarity index 98% rename from test/ansible/molecule/cluster/tasks/secrets_test.yml rename to test/ansible/molecule/default/tasks/secrets_test.yml index 1b6888c001..ce8f454bb2 100644 --- a/test/ansible/molecule/cluster/tasks/secrets_test.yml +++ b/test/ansible/molecule/default/tasks/secrets_test.yml @@ -42,7 +42,7 @@ new: '{{ "content" | b64encode }}' - name: Wait for the corresponding key to be created - k8s_facts: + k8s_info: api_version: v1 kind: ConfigMap name: test-secret diff --git a/test/ansible/molecule/cluster/tasks/selector_test.yml b/test/ansible/molecule/default/tasks/selector_test.yml similarity index 99% rename from test/ansible/molecule/cluster/tasks/selector_test.yml rename to test/ansible/molecule/default/tasks/selector_test.yml index 5084a1d601..9254657cfe 100644 --- a/test/ansible/molecule/cluster/tasks/selector_test.yml +++ b/test/ansible/molecule/default/tasks/selector_test.yml @@ -50,5 +50,3 @@ vars: cm: "{{ q('k8s', api_version='v1', kind='ConfigMap', namespace=namespace, resource_name='selector-test-fail')}}" - - diff --git a/test/ansible/molecule/default/tasks/servicemonitor_test.yml b/test/ansible/molecule/default/tasks/servicemonitor_test.yml new file mode 100644 index 0000000000..e671a6c0f2 --- /dev/null +++ b/test/ansible/molecule/default/tasks/servicemonitor_test.yml @@ -0,0 +1,9 @@ +--- +- name: Assert ServiceMonitor resource is created + assert: + that: lookup('k8s', + kind='ServiceMonitor', + api_version='monitoring.coreos.com/v1', + namespace=namespace, + resource_name='ansible-metrics') + when: "'monitoring.coreos.com/v1' in lookup('k8s', cluster_info='api_groups')" diff --git a/test/ansible/molecule/cluster/tasks/subresources_test.yml b/test/ansible/molecule/default/tasks/subresources_test.yml similarity index 100% rename from test/ansible/molecule/cluster/tasks/subresources_test.yml rename to test/ansible/molecule/default/tasks/subresources_test.yml diff --git a/test/ansible/molecule/cluster/verify.yml b/test/ansible/molecule/default/verify.yml similarity index 76% rename from test/ansible/molecule/cluster/verify.yml rename to test/ansible/molecule/default/verify.yml index 386bfbb721..a184683913 100644 --- a/test/ansible/molecule/cluster/verify.yml +++ b/test/ansible/molecule/default/verify.yml @@ -5,12 +5,13 @@ gather_facts: no collections: - community.kubernetes + tasks: - block: - - name: Import all test files from tasks/ - include_tasks: '{{ item }}' - with_fileglob: - - tasks/*_test.yml + - name: Import all test files from tasks/ + include_tasks: '{{ item }}' + with_fileglob: + - tasks/*_test.yml rescue: - name: Retrieve relevant resources k8s_info: @@ -28,14 +29,15 @@ kind: ConfigMap register: debug_resources - - name: Retrieve Pod logs + - name: Retrieve Operator logs k8s_log: name: '{{ item.metadata.name }}' namespace: '{{ namespace }}' - loop: '{{ q("k8s", api_version="v1", kind="Pod", namespace=namespace) }}' + container: manager + loop: "{{ q('k8s', api_version='v1', kind='Pod', namespace=namespace) }}" register: debug_logs - - name: Ouput gathered resources + - name: Output gathered resources debug: var: debug_resources @@ -47,7 +49,6 @@ - name: Re-emit failure vars: failed_task: - name: '{{ ansible_failed_task.name }}' result: '{{ ansible_failed_result }}' fail: msg: '{{ failed_task }}' diff --git a/test/ansible/molecule/kind/converge.yml b/test/ansible/molecule/kind/converge.yml new file mode 100644 index 0000000000..dbd27374a5 --- /dev/null +++ b/test/ansible/molecule/kind/converge.yml @@ -0,0 +1,31 @@ +--- +- name: Converge + hosts: localhost + connection: local + gather_facts: no + + tasks: + - name: Build Ansible dev base image + make: + chdir: '{{ project_dir }}/../../' + target: image-build-ansible + # Not important, but maybe should fix someday + changed_when: false + + - name: Build operator image + docker_image: + build: + path: '{{ project_dir }}' + pull: no + name: '{{ operator_image }}' + tag: latest + push: no + source: build + force_source: yes + + - name: Load image into kind cluster + command: kind load docker-image --name osdk-test '{{ operator_image }}' + register: result + changed_when: '"not yet present" in result.stdout' + +- import_playbook: ../default/converge.yml diff --git a/test/ansible/molecule/kind/create.yml b/test/ansible/molecule/kind/create.yml new file mode 100644 index 0000000000..66a84a14f7 --- /dev/null +++ b/test/ansible/molecule/kind/create.yml @@ -0,0 +1,8 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + tasks: + - name: Create test kind cluster + command: kind create cluster --name osdk-test --kubeconfig {{ kubeconfig }} diff --git a/test/ansible/molecule/kind/destroy.yml b/test/ansible/molecule/kind/destroy.yml new file mode 100644 index 0000000000..9393e4fafc --- /dev/null +++ b/test/ansible/molecule/kind/destroy.yml @@ -0,0 +1,11 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + collections: + - community.kubernetes + + tasks: + - name: Destroy test kind cluster + command: kind delete cluster --name osdk-test --kubeconfig {{ kubeconfig }} diff --git a/test/ansible/molecule/kind/molecule.yml b/test/ansible/molecule/kind/molecule.yml new file mode 100644 index 0000000000..38d6990fa6 --- /dev/null +++ b/test/ansible/molecule/kind/molecule.yml @@ -0,0 +1,42 @@ +--- +dependency: + name: galaxy +driver: + name: delegated +lint: | + set -e + yamllint -d "{extends: relaxed, rules: {line-length: {max: 120}}}" . +platforms: + - name: cluster + groups: + - k8s +provisioner: + name: ansible + playbooks: + prepare: ../default/prepare.yml + verify: ../default/verify.yml + lint: | + set -e + ansible-lint + inventory: + group_vars: + all: + namespace: ${TEST_OPERATOR_NAMESPACE:-osdk-test} + host_vars: + localhost: + ansible_python_interpreter: '{{ ansible_playbook_python }}' + config_dir: ${MOLECULE_PROJECT_DIRECTORY}/config + samples_dir: ${MOLECULE_PROJECT_DIRECTORY}/config/samples + project_dir: ${MOLECULE_PROJECT_DIRECTORY} + operator_image: testing-operator + pull_policy: "Never" + kubeconfig: "{{ lookup('env', 'KUBECONFIG') }}" + kustomize: ${KUSTOMIZE_PATH:-kustomize} + env: + K8S_AUTH_KUBECONFIG: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig + KUBECONFIG: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig +verifier: + name: ansible + lint: | + set -e + ansible-lint diff --git a/test/ansible/molecule/templates/operator.yaml.j2 b/test/ansible/molecule/templates/operator.yaml.j2 deleted file mode 100644 index ac940a6030..0000000000 --- a/test/ansible/molecule/templates/operator.yaml.j2 +++ /dev/null @@ -1,54 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: ansible -spec: - replicas: 1 - selector: - matchLabels: - name: ansible - template: - metadata: - labels: - name: ansible -{% if hash is defined %} - image_hash: "{{ hash }}" -{% endif %} - spec: - serviceAccountName: ansible - containers: - - name: operator - # Replace this with the built image name - image: "{{ image }}" - imagePullPolicy: "{{ pull_policy }}" - volumeMounts: - - mountPath: /tmp/ansible-operator/runner - name: runner - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPERATOR_NAME - value: "ansible" - - name: ANSIBLE_GATHERING - value: explicit - - name: ANSIBLE_INVENTORY - value: /opt/ansible/inventory - - name: ANSIBLE_DEBUG_LOGS - value: "TRUE" - livenessProbe: - httpGet: - path: /healthz - port: 6789 - initialDelaySeconds: 5 - periodSeconds: 3 - args: ["--ansible-args='--vault-password-file /opt/ansible/pwd.yml'"] - volumes: - - name: runner - emptyDir: {} diff --git a/test/ansible/molecule/test-local/converge.yml b/test/ansible/molecule/test-local/converge.yml deleted file mode 100644 index bf3bd13d50..0000000000 --- a/test/ansible/molecule/test-local/converge.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- -- name: Build Operator in Kubernetes docker container - hosts: k8s - gather_facts: no - collections: - - community.kubernetes - - vars: - image: test.example.com/ansible:testing - - tasks: - # using command so we don't need to install any dependencies - - name: Get existing image hash - command: docker images -q {{ image }} - register: prev_hash_raw - changed_when: false - - - - name: Build Operator Image - command: docker build -f /build/build/Dockerfile -t {{ image }} /build - register: build_cmd - changed_when: not hash or (hash and hash not in cmd_out) - vars: - hash: '{{ prev_hash_raw.stdout }}' - cmd_out: '{{ "".join(build_cmd.stdout_lines[-2:]) }}' - - - name: Get new image hash - command: docker images -q {{ image }} - register: hash_raw - changed_when: false - - - name: Set localhost hash fact - set_fact: - hash: '{{ hash_raw.stdout }}' - delegate_to: localhost - delegate_facts: true - -- name: Converge - hosts: localhost - connection: local - collections: - - community.kubernetes - - vars: - image: test.example.com/ansible:testing - operator_template: "{{ '/'.join([template_dir, 'operator.yaml.j2']) }}" - - tasks: - - name: Create the Operator Deployment - k8s: - namespace: '{{ namespace }}' - definition: "{{ lookup('template', operator_template) }}" - wait: yes - vars: - pull_policy: Never diff --git a/test/ansible/molecule/test-local/molecule.yml b/test/ansible/molecule/test-local/molecule.yml deleted file mode 100644 index 6fc64c04a9..0000000000 --- a/test/ansible/molecule/test-local/molecule.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: | - set -e - yamllint -d "{extends: relaxed, rules: {line-length: {max: 120}}}" . -platforms: - - name: kind-test-local - groups: - - k8s - image: bsycorp/kind:latest-${KUBE_VERSION:-1.17} - privileged: true - override_command: false - exposed_ports: - - 8443/tcp - - 10080/tcp - published_ports: - - 0.0.0.0:${TEST_CLUSTER_PORT:-10443}:8443/tcp - pre_build_image: true - volumes: - - ${MOLECULE_PROJECT_DIRECTORY}:/build:Z -provisioner: - name: ansible - log: true - lint: | - set -e - ansible-lint - inventory: - group_vars: - all: - namespace: ${TEST_OPERATOR_NAMESPACE:-osdk-test} - kubeconfig_file: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig - host_vars: - localhost: - ansible_python_interpreter: '{{ ansible_playbook_python }}' - template_dir: ${MOLECULE_PROJECT_DIRECTORY}/molecule/templates - deploy_dir: ${MOLECULE_PROJECT_DIRECTORY}/deploy - env: - K8S_AUTH_KUBECONFIG: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig - KUBECONFIG: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig - ANSIBLE_ROLES_PATH: ${MOLECULE_PROJECT_DIRECTORY}/roles - KIND_PORT: '${TEST_CLUSTER_PORT:-10443}' -verifier: - name: ansible - lint: | - set -e - ansible-lint diff --git a/test/ansible/molecule/test-local/prepare.yml b/test/ansible/molecule/test-local/prepare.yml deleted file mode 100644 index c070cca02b..0000000000 --- a/test/ansible/molecule/test-local/prepare.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -- import_playbook: ../default/prepare.yml -- import_playbook: ../cluster/prepare.yml - -- name: Dump the dev image - hosts: localhost - connection: local - gather_facts: no - - tasks: - - name: Dump the dev image - command: docker save -o /tmp/dev-operator.tar quay.io/operator-framework/ansible-operator:dev - - - name: Copy the image to the kind container - command: docker cp /tmp/dev-operator.tar kind-test-local:/dev-operator.tar - -- name: Make dev operator image available for Molecule Test - hosts: k8s - gather_facts: no - - tasks: - - name: Make dev operator available - command: docker load -i /dev-operator.tar - -- name: Clean up for Molecule Test - hosts: localhost - connection: local - gather_facts: no - - tasks: - - name: remove dev-operator.tar - file: - path: /tmp/dev-operator.tar - state: absent diff --git a/test/ansible/molecule/test-local/verify.yml b/test/ansible/molecule/test-local/verify.yml deleted file mode 100644 index 4c00308846..0000000000 --- a/test/ansible/molecule/test-local/verify.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -- import_playbook: ../cluster/verify.yml diff --git a/test/ansible/requirements.yml b/test/ansible/requirements.yml index d2af8e2c4e..8a661f8b95 100644 --- a/test/ansible/requirements.yml +++ b/test/ansible/requirements.yml @@ -1,3 +1,5 @@ +--- collections: - - community.kubernetes + - name: community.kubernetes + version: "<1.0.0" - operator_sdk.util diff --git a/test/ansible/watches.yaml b/test/ansible/watches.yaml index a658f5447d..52d5b23e55 100644 --- a/test/ansible/watches.yaml +++ b/test/ansible/watches.yaml @@ -34,7 +34,7 @@ playbook: playbooks/selector.yml selector: matchExpressions: - - {key: testLabel, operator: Exists, values: []} + - {key: testLabel, operator: Exists, values: []} vars: meta: '{{ ansible_operator_meta }}'