From 6cae30439d4fe268dfcb45e8f6d7cf16ba749a42 Mon Sep 17 00:00:00 2001 From: austin Date: Wed, 15 Jul 2020 11:41:56 -0400 Subject: [PATCH 1/8] Kubebuilder layout ansible tests, by Fabian --- hack/tests/e2e-ansible-molecule.sh | 6 +- test/ansible/.gitignore | 24 ++++++ test/ansible/Dockerfile | 18 ++++ test/ansible/Makefile | 85 +++++++++++++++++++ test/ansible/PROJECT | 7 ++ .../config/certmanager/certificate.yaml | 26 ++++++ .../config/certmanager/kustomization.yaml | 5 ++ .../config/certmanager/kustomizeconfig.yaml | 16 ++++ test/ansible/config/crd/kustomization.yaml | 10 +++ .../test.example.com_collectiontests_crd.yaml | 22 +++++ .../test.example.com_inventorytests_crd.yaml | 22 +++++ .../test.example.com_selectortests_crd.yaml | 22 +++++ ...est.example.com_subresourcestests_crd.yaml | 22 +++++ .../ansible/config/default/kustomization.yaml | 70 +++++++++++++++ .../default/manager_auth_proxy_patch.yaml | 25 ++++++ .../config/default/manager_webhook_patch.yaml | 23 +++++ .../default/webhookcainjection_patch.yaml | 15 ++++ .../ansible/config/manager/kustomization.yaml | 8 ++ test/ansible/config/manager/manager.yaml | 51 +++++++++++ .../config/prometheus/kustomization.yaml | 2 + test/ansible/config/prometheus/monitor.yaml | 16 ++++ .../rbac/auth_proxy_client_clusterrole.yaml | 7 ++ test/ansible/config/rbac/auth_proxy_role.yaml | 13 +++ .../config/rbac/auth_proxy_role_binding.yaml | 12 +++ .../config/rbac/auth_proxy_service.yaml | 14 +++ test/ansible/config/rbac/kustomization.yaml | 40 +++++++++ .../config/rbac/leader_election_role.yaml | 33 +++++++ .../rbac/leader_election_role_binding.yaml | 12 +++ .../patches/collectiontests_editor_role.yaml | 26 ++++++ .../patches/inventorytests_editor_role.yaml | 26 ++++++ .../patches/selectortests_editor_role.yaml | 26 ++++++ .../subresourcestests_editor_role.yaml | 26 ++++++ test/ansible/config/rbac/role.yaml | 21 +++++ test/ansible/config/rbac/role_binding.yaml | 12 +++ .../test.example.com_v1_inventorytest_cr.yaml | 9 ++ ...example.com_v1alpha1_inventorytest_cr.yaml | 9 ++ .../config/testing/debug_logs_patch.yaml | 5 ++ .../ansible/config/testing/kustomization.yaml | 30 +++++++ .../ansible/config/testing/manager_image.yaml | 12 +++ .../config/testing/pull_policy/Always.yaml | 12 +++ .../testing/pull_policy/IfNotPresent.yaml | 12 +++ .../config/testing/pull_policy/Never.yaml | 12 +++ test/ansible/molecule/default/converge.yml | 18 ++++ test/ansible/molecule/default/create.yml | 6 ++ test/ansible/molecule/default/destroy.yml | 24 ++++++ test/ansible/molecule/default/kustomize.yml | 14 +++ test/ansible/molecule/default/molecule.yml | 34 ++++++++ test/ansible/molecule/default/prepare.yml | 45 +++++----- .../default/tasks/collections_test.yml | 22 +++++ .../molecule/default/tasks/inventory_test.yml | 20 +++++ .../molecule/default/tasks/liveness_test.yml | 15 ++++ .../molecule/default/tasks/secrets_test.yml | 56 ++++++++++++ .../molecule/default/tasks/selector_test.yml | 52 ++++++++++++ .../default/tasks/servicemonitor_test.yml | 5 ++ .../default/tasks/subresources_test.yml | 29 +++++++ test/ansible/molecule/default/verify.yml | 53 ++++++++++++ test/ansible/molecule/kind/converge.yml | 23 +++++ test/ansible/molecule/kind/create.yml | 8 ++ test/ansible/molecule/kind/destroy.yml | 11 +++ test/ansible/molecule/kind/molecule.yml | 40 +++++++++ 60 files changed, 1314 insertions(+), 25 deletions(-) create mode 100644 test/ansible/.gitignore create mode 100644 test/ansible/Dockerfile create mode 100644 test/ansible/Makefile create mode 100644 test/ansible/PROJECT create mode 100644 test/ansible/config/certmanager/certificate.yaml create mode 100644 test/ansible/config/certmanager/kustomization.yaml create mode 100644 test/ansible/config/certmanager/kustomizeconfig.yaml create mode 100644 test/ansible/config/crd/kustomization.yaml create mode 100644 test/ansible/config/crd/test.example.com_collectiontests_crd.yaml create mode 100644 test/ansible/config/crd/test.example.com_inventorytests_crd.yaml create mode 100644 test/ansible/config/crd/test.example.com_selectortests_crd.yaml create mode 100644 test/ansible/config/crd/test.example.com_subresourcestests_crd.yaml create mode 100644 test/ansible/config/default/kustomization.yaml create mode 100644 test/ansible/config/default/manager_auth_proxy_patch.yaml create mode 100644 test/ansible/config/default/manager_webhook_patch.yaml create mode 100644 test/ansible/config/default/webhookcainjection_patch.yaml create mode 100644 test/ansible/config/manager/kustomization.yaml create mode 100644 test/ansible/config/manager/manager.yaml create mode 100644 test/ansible/config/prometheus/kustomization.yaml create mode 100644 test/ansible/config/prometheus/monitor.yaml create mode 100644 test/ansible/config/rbac/auth_proxy_client_clusterrole.yaml create mode 100644 test/ansible/config/rbac/auth_proxy_role.yaml create mode 100644 test/ansible/config/rbac/auth_proxy_role_binding.yaml create mode 100644 test/ansible/config/rbac/auth_proxy_service.yaml create mode 100644 test/ansible/config/rbac/kustomization.yaml create mode 100644 test/ansible/config/rbac/leader_election_role.yaml create mode 100644 test/ansible/config/rbac/leader_election_role_binding.yaml create mode 100644 test/ansible/config/rbac/patches/collectiontests_editor_role.yaml create mode 100644 test/ansible/config/rbac/patches/inventorytests_editor_role.yaml create mode 100644 test/ansible/config/rbac/patches/selectortests_editor_role.yaml create mode 100644 test/ansible/config/rbac/patches/subresourcestests_editor_role.yaml create mode 100644 test/ansible/config/rbac/role.yaml create mode 100644 test/ansible/config/rbac/role_binding.yaml create mode 100644 test/ansible/config/samples/test.example.com_v1_inventorytest_cr.yaml create mode 100644 test/ansible/config/samples/test.example.com_v1alpha1_inventorytest_cr.yaml create mode 100644 test/ansible/config/testing/debug_logs_patch.yaml create mode 100644 test/ansible/config/testing/kustomization.yaml create mode 100644 test/ansible/config/testing/manager_image.yaml create mode 100644 test/ansible/config/testing/pull_policy/Always.yaml create mode 100644 test/ansible/config/testing/pull_policy/IfNotPresent.yaml create mode 100644 test/ansible/config/testing/pull_policy/Never.yaml create mode 100644 test/ansible/molecule/default/converge.yml create mode 100644 test/ansible/molecule/default/create.yml create mode 100644 test/ansible/molecule/default/destroy.yml create mode 100644 test/ansible/molecule/default/kustomize.yml create mode 100644 test/ansible/molecule/default/molecule.yml create mode 100644 test/ansible/molecule/default/tasks/collections_test.yml create mode 100644 test/ansible/molecule/default/tasks/inventory_test.yml create mode 100644 test/ansible/molecule/default/tasks/liveness_test.yml create mode 100644 test/ansible/molecule/default/tasks/secrets_test.yml create mode 100644 test/ansible/molecule/default/tasks/selector_test.yml create mode 100644 test/ansible/molecule/default/tasks/servicemonitor_test.yml create mode 100644 test/ansible/molecule/default/tasks/subresources_test.yml create mode 100644 test/ansible/molecule/default/verify.yml create mode 100644 test/ansible/molecule/kind/converge.yml create mode 100644 test/ansible/molecule/kind/create.yml create mode 100644 test/ansible/molecule/kind/destroy.yml create mode 100644 test/ansible/molecule/kind/molecule.yml diff --git a/hack/tests/e2e-ansible-molecule.sh b/hack/tests/e2e-ansible-molecule.sh index 72434ddd3e..7cf7d7f64e 100755 --- a/hack/tests/e2e-ansible-molecule.sh +++ b/hack/tests/e2e-ansible-molecule.sh @@ -62,9 +62,9 @@ KUSTOMIZE_PATH=${KUSTOMIZE} header_text "Test Ansible Molecule scenarios" pushd "${ROOTDIR}/test/ansible" DEST_IMAGE="quay.io/example/ansible-test-operator:v0.0.1" -sed -i".bak" -E -e 's/(FROM quay.io\/operator-framework\/ansible-operator)(:.*)?/\1:dev/g' build/Dockerfile; rm -f build/Dockerfile.bak -docker build -f build/Dockerfile -t "$DEST_IMAGE" --no-cache . +sed -i".bak" -E -e 's/(FROM quay.io\/operator-framework\/ansible-operator)(:.*)?/\1:dev/g' Dockerfile; rm -f Dockerfile.bak +docker build -t "$DEST_IMAGE" --image-build-args="--no-cache" . load_image_if_kind "$DEST_IMAGE" -OPERATOR_PULL_POLICY=Never OPERATOR_IMAGE=${DEST_IMAGE} TEST_CLUSTER_PORT=24443 TEST_OPERATOR_NAMESPACE=osdk-test molecule test --all +OPERATOR_PULL_POLICY=Never OPERATOR_IMAGE=${DEST_IMAGE} TEST_OPERATOR_NAMESPACE=osdk-test molecule test popd diff --git a/test/ansible/.gitignore b/test/ansible/.gitignore new file mode 100644 index 0000000000..d97ffc5159 --- /dev/null +++ b/test/ansible/.gitignore @@ -0,0 +1,24 @@ + +# Binaries for programs and plugins +*.exe +*.exe~ +*.dll +*.so +*.dylib +bin + +# Test binary, build with `go test -c` +*.test + +# Output of the go coverage tool, specifically when used with LiteIDE +*.out + +# Kubernetes Generated files - skip generated files, except for vendored files + +!vendor/**/zz_generated.* + +# editor and IDE paraphernalia +.idea +*.swp +*.swo +*~ diff --git a/test/ansible/Dockerfile b/test/ansible/Dockerfile new file mode 100644 index 0000000000..9f9f4e9ce3 --- /dev/null +++ b/test/ansible/Dockerfile @@ -0,0 +1,18 @@ +FROM quay.io/operator-framework/ansible-operator:dev + +COPY requirements.yml ${HOME}/requirements.yml +RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \ + && chmod -R ug+rwx ${HOME}/.ansible +COPY ansible.cfg /etc/ansible/ansible.cfg +COPY watches.yaml ${HOME}/watches.yaml + +COPY roles/ ${HOME}/roles/ +COPY playbooks/ ${HOME}/playbooks/ +COPY inventory/ ${HOME}/inventory/ +COPY plugins/ ${HOME}/plugins/ +COPY fixture_collection/ /tmp/fixture_collection/ +USER root +RUN chmod -R ug+rwx /tmp/fixture_collection +USER 1001 +RUN ansible-galaxy collection build /tmp/fixture_collection/ --output-path /tmp/fixture_collection/ \ + && ansible-galaxy collection install /tmp/fixture_collection/operator_sdk-test_fixtures-0.0.0.tar.gz diff --git a/test/ansible/Makefile b/test/ansible/Makefile new file mode 100644 index 0000000000..3ea4bba014 --- /dev/null +++ b/test/ansible/Makefile @@ -0,0 +1,85 @@ + +# Image URL to use all building/pushing image targets +IMG ?= controller:latest +# Produce CRDs that work back to Kubernetes 1.11 (no version conversion) +CRD_OPTIONS ?= "crd:trivialVersions=true" + +# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) +ifeq (,$(shell go env GOBIN)) +GOBIN=$(shell go env GOPATH)/bin +else +GOBIN=$(shell go env GOBIN) +endif + +all: manager + +# Run tests +test: generate fmt vet manifests + go test ./... -coverprofile cover.out + +# Build manager binary +manager: generate fmt vet + go build -o bin/manager main.go + +# Run against the configured Kubernetes cluster in ~/.kube/config +run: generate fmt vet manifests + go run ./main.go + +# TODO(asmacdo) this is broken, because make deploy will create the same cr except with kb- prepended +# Install CRDs into a cluster +# install: manifests +install: + kustomize build config/crd | kubectl apply -f - + +# Uninstall CRDs from a cluster +uninstall: manifests + kustomize build config/crd | kubectl delete -f - + +# Deploy controller in the configured Kubernetes cluster in ~/.kube/config +deploy: manifests + cd config/manager && kustomize edit set image controller=${IMG} + kustomize build config/default | kubectl apply -f - + +undeploy: + kustomize build config/default | kubectl delete -f - + +# Generate manifests e.g. CRD, RBAC etc. +manifests: controller-gen + $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases + +# Run go fmt against code +fmt: + go fmt ./... + +# Run go vet against code +vet: + go vet ./... + +# Generate code +generate: controller-gen + $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." + +# Build the docker image +docker-build: + docker build . -t ${IMG} + +# Push the docker image +docker-push: + docker push ${IMG} + +# find or download controller-gen +# download controller-gen if necessary +controller-gen: +ifeq (, $(shell which controller-gen)) + @{ \ + set -e ;\ + CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\ + cd $$CONTROLLER_GEN_TMP_DIR ;\ + go mod init tmp ;\ + go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.2.5 ;\ + rm -rf $$CONTROLLER_GEN_TMP_DIR ;\ + } +CONTROLLER_GEN=$(GOBIN)/controller-gen +else +CONTROLLER_GEN=$(shell which controller-gen) +endif diff --git a/test/ansible/PROJECT b/test/ansible/PROJECT new file mode 100644 index 0000000000..270963f474 --- /dev/null +++ b/test/ansible/PROJECT @@ -0,0 +1,7 @@ +domain: com +repo: wut +resources: +- group: cache.example.com + kind: Memcached + version: v1alpha1 +version: "2" diff --git a/test/ansible/config/certmanager/certificate.yaml b/test/ansible/config/certmanager/certificate.yaml new file mode 100644 index 0000000000..3d46cff884 --- /dev/null +++ b/test/ansible/config/certmanager/certificate.yaml @@ -0,0 +1,26 @@ +# The following manifests contain a self-signed issuer CR and a certificate CR. +# More document can be found at https://docs.cert-manager.io +# WARNING: Targets CertManager 0.11 check https://docs.cert-manager.io/en/latest/tasks/upgrading/index.html for +# breaking changes +apiVersion: cert-manager.io/v1alpha2 +kind: Issuer +metadata: + name: selfsigned-issuer + namespace: system +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml + namespace: system +spec: + # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize + dnsNames: + - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc + - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local + issuerRef: + kind: Issuer + name: selfsigned-issuer + secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize diff --git a/test/ansible/config/certmanager/kustomization.yaml b/test/ansible/config/certmanager/kustomization.yaml new file mode 100644 index 0000000000..bebea5a595 --- /dev/null +++ b/test/ansible/config/certmanager/kustomization.yaml @@ -0,0 +1,5 @@ +resources: +- certificate.yaml + +configurations: +- kustomizeconfig.yaml diff --git a/test/ansible/config/certmanager/kustomizeconfig.yaml b/test/ansible/config/certmanager/kustomizeconfig.yaml new file mode 100644 index 0000000000..e631f77736 --- /dev/null +++ b/test/ansible/config/certmanager/kustomizeconfig.yaml @@ -0,0 +1,16 @@ +# This configuration is for teaching kustomize how to update name ref and var substitution +nameReference: +- kind: Issuer + group: cert-manager.io + fieldSpecs: + - kind: Certificate + group: cert-manager.io + path: spec/issuerRef/name + +varReference: +- kind: Certificate + group: cert-manager.io + path: spec/commonName +- kind: Certificate + group: cert-manager.io + path: spec/dnsNames diff --git a/test/ansible/config/crd/kustomization.yaml b/test/ansible/config/crd/kustomization.yaml new file mode 100644 index 0000000000..dfd2a8524f --- /dev/null +++ b/test/ansible/config/crd/kustomization.yaml @@ -0,0 +1,10 @@ +# This kustomization.yaml is not intended to be run by itself, +# since it depends on service name and namespace that are out of this kustomize package. +# It should be run by config/default +resources: +- test.example.com_collectiontests_crd.yaml +- test.example.com_inventorytests_crd.yaml +- test.example.com_selectortests_crd.yaml +- test.example.com_subresourcestests_crd.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization diff --git a/test/ansible/config/crd/test.example.com_collectiontests_crd.yaml b/test/ansible/config/crd/test.example.com_collectiontests_crd.yaml new file mode 100644 index 0000000000..0ff8896153 --- /dev/null +++ b/test/ansible/config/crd/test.example.com_collectiontests_crd.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: collectiontests.test.example.com +spec: + group: test.example.com + names: + kind: CollectionTest + listKind: CollectionTestList + plural: collectiontests + singular: collectiontest + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/test/ansible/config/crd/test.example.com_inventorytests_crd.yaml b/test/ansible/config/crd/test.example.com_inventorytests_crd.yaml new file mode 100644 index 0000000000..d08bb9055b --- /dev/null +++ b/test/ansible/config/crd/test.example.com_inventorytests_crd.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: inventorytests.test.example.com +spec: + group: test.example.com + names: + kind: InventoryTest + listKind: InventoryTestList + plural: inventorytests + singular: inventorytest + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/test/ansible/config/crd/test.example.com_selectortests_crd.yaml b/test/ansible/config/crd/test.example.com_selectortests_crd.yaml new file mode 100644 index 0000000000..fff1fe11d7 --- /dev/null +++ b/test/ansible/config/crd/test.example.com_selectortests_crd.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: selectortests.test.example.com +spec: + group: test.example.com + names: + kind: SelectorTest + listKind: SelectorTestList + plural: selectortests + singular: selectortest + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} diff --git a/test/ansible/config/crd/test.example.com_subresourcestests_crd.yaml b/test/ansible/config/crd/test.example.com_subresourcestests_crd.yaml new file mode 100644 index 0000000000..fb6687baa4 --- /dev/null +++ b/test/ansible/config/crd/test.example.com_subresourcestests_crd.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: subresourcestests.test.example.com +spec: + group: test.example.com + names: + kind: SubresourcesTest + listKind: SubresourcesTestList + plural: subresourcestests + singular: subresourcestest + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/test/ansible/config/default/kustomization.yaml b/test/ansible/config/default/kustomization.yaml new file mode 100644 index 0000000000..4fade6699f --- /dev/null +++ b/test/ansible/config/default/kustomization.yaml @@ -0,0 +1,70 @@ +# Adds namespace to all resources. +namespace: kb-system + +# Value of this field is prepended to the +# names of all resources, e.g. a deployment named +# "wordpress" becomes "alices-wordpress". +# Note that it should also match with the prefix (text before '-') of the namespace +# field above. +namePrefix: kb- + +# Labels to add to all resources and selectors. +#commonLabels: +# someName: someValue + +bases: +- ../crd +- ../rbac +- ../manager +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in +# crd/kustomization.yaml +#- ../webhook +# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. +#- ../certmanager +# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. +#- ../prometheus + +patchesStrategicMerge: + # Protect the /metrics endpoint by putting it behind auth. + # If you want your controller-manager to expose the /metrics + # endpoint w/o any authn/z, please comment the following line. +# - manager_auth_proxy_patch.yaml + +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in +# crd/kustomization.yaml +#- manager_webhook_patch.yaml + +# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. +# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. +# 'CERTMANAGER' needs to be enabled to use ca injection +#- webhookcainjection_patch.yaml + +# the following config is for teaching kustomize how to do var substitution +vars: +# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. +#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR +# objref: +# kind: Certificate +# group: cert-manager.io +# version: v1alpha2 +# name: serving-cert # this name should match the one in certificate.yaml +# fieldref: +# fieldpath: metadata.namespace +#- name: CERTIFICATE_NAME +# objref: +# kind: Certificate +# group: cert-manager.io +# version: v1alpha2 +# name: serving-cert # this name should match the one in certificate.yaml +#- name: SERVICE_NAMESPACE # namespace of the service +# objref: +# kind: Service +# version: v1 +# name: webhook-service +# fieldref: +# fieldpath: metadata.namespace +#- name: SERVICE_NAME +# objref: +# kind: Service +# version: v1 +# name: webhook-service diff --git a/test/ansible/config/default/manager_auth_proxy_patch.yaml b/test/ansible/config/default/manager_auth_proxy_patch.yaml new file mode 100644 index 0000000000..8a09f680c7 --- /dev/null +++ b/test/ansible/config/default/manager_auth_proxy_patch.yaml @@ -0,0 +1,25 @@ +# This patch inject a sidecar container which is a HTTP proxy for the +# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + # - name: kube-rbac-proxy + # image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 + # args: + # - "--secure-listen-address=0.0.0.0:8443" + # - "--upstream=http://127.0.0.1:8080/" + # - "--logtostderr=true" + # - "--v=10" + # ports: + # - containerPort: 8443 + # name: https + - name: manager + args: + # - "--metrics-addr=127.0.0.1:8080" + # - "--enable-leader-election" diff --git a/test/ansible/config/default/manager_webhook_patch.yaml b/test/ansible/config/default/manager_webhook_patch.yaml new file mode 100644 index 0000000000..738de350b7 --- /dev/null +++ b/test/ansible/config/default/manager_webhook_patch.yaml @@ -0,0 +1,23 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert diff --git a/test/ansible/config/default/webhookcainjection_patch.yaml b/test/ansible/config/default/webhookcainjection_patch.yaml new file mode 100644 index 0000000000..7e79bf9955 --- /dev/null +++ b/test/ansible/config/default/webhookcainjection_patch.yaml @@ -0,0 +1,15 @@ +# This patch add annotation to admission webhook config and +# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + name: mutating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) +--- +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + name: validating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/test/ansible/config/manager/kustomization.yaml b/test/ansible/config/manager/kustomization.yaml new file mode 100644 index 0000000000..63744d1eb3 --- /dev/null +++ b/test/ansible/config/manager/kustomization.yaml @@ -0,0 +1,8 @@ +resources: +- manager.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: controller + newName: quay.io/asmacdo/controller + newTag: v0.0.1 diff --git a/test/ansible/config/manager/manager.yaml b/test/ansible/config/manager/manager.yaml new file mode 100644 index 0000000000..5871e1ddd2 --- /dev/null +++ b/test/ansible/config/manager/manager.yaml @@ -0,0 +1,51 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + name: system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system + labels: + control-plane: controller-manager +spec: + selector: + matchLabels: + control-plane: controller-manager + replicas: 1 + template: + metadata: + labels: + control-plane: controller-manager + spec: + containers: + - name: manager + image: controller:latest + imagePullPolicy: "Always" + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + # TODO(asmacdo) template + value: "ansible" + - name: ANSIBLE_GATHERING + value: explicit + - name: ANSIBLE_INVENTORY + value: /opt/ansible/inventory + livenessProbe: + httpGet: + path: /healthz + port: 6789 + initialDelaySeconds: 5 + periodSeconds: 3 + terminationGracePeriodSeconds: 10 diff --git a/test/ansible/config/prometheus/kustomization.yaml b/test/ansible/config/prometheus/kustomization.yaml new file mode 100644 index 0000000000..ed137168a1 --- /dev/null +++ b/test/ansible/config/prometheus/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- monitor.yaml diff --git a/test/ansible/config/prometheus/monitor.yaml b/test/ansible/config/prometheus/monitor.yaml new file mode 100644 index 0000000000..9b8047b760 --- /dev/null +++ b/test/ansible/config/prometheus/monitor.yaml @@ -0,0 +1,16 @@ + +# Prometheus Monitor Service (Metrics) +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + control-plane: controller-manager + name: controller-manager-metrics-monitor + namespace: system +spec: + endpoints: + - path: /metrics + port: https + selector: + matchLabels: + control-plane: controller-manager diff --git a/test/ansible/config/rbac/auth_proxy_client_clusterrole.yaml b/test/ansible/config/rbac/auth_proxy_client_clusterrole.yaml new file mode 100644 index 0000000000..7d62534c5f --- /dev/null +++ b/test/ansible/config/rbac/auth_proxy_client_clusterrole.yaml @@ -0,0 +1,7 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: metrics-reader +rules: +- nonResourceURLs: ["/metrics"] + verbs: ["get"] diff --git a/test/ansible/config/rbac/auth_proxy_role.yaml b/test/ansible/config/rbac/auth_proxy_role.yaml new file mode 100644 index 0000000000..618f5e4177 --- /dev/null +++ b/test/ansible/config/rbac/auth_proxy_role.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: proxy-role +rules: +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: ["create"] +- apiGroups: ["authorization.k8s.io"] + resources: + - subjectaccessreviews + verbs: ["create"] diff --git a/test/ansible/config/rbac/auth_proxy_role_binding.yaml b/test/ansible/config/rbac/auth_proxy_role_binding.yaml new file mode 100644 index 0000000000..48ed1e4b85 --- /dev/null +++ b/test/ansible/config/rbac/auth_proxy_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: proxy-role +subjects: +- kind: ServiceAccount + name: default + namespace: system diff --git a/test/ansible/config/rbac/auth_proxy_service.yaml b/test/ansible/config/rbac/auth_proxy_service.yaml new file mode 100644 index 0000000000..6cf656be14 --- /dev/null +++ b/test/ansible/config/rbac/auth_proxy_service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: controller-manager-metrics-service + namespace: system +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + control-plane: controller-manager diff --git a/test/ansible/config/rbac/kustomization.yaml b/test/ansible/config/rbac/kustomization.yaml new file mode 100644 index 0000000000..8673b8d460 --- /dev/null +++ b/test/ansible/config/rbac/kustomization.yaml @@ -0,0 +1,40 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patchesJson6902: + - target: + group: rbac.authorization.k8s.io + version: v1 + kind: ClusterRole + name: manager-role + path: patches/collectiontests_editor_role.yaml + - target: + group: rbac.authorization.k8s.io + version: v1 + kind: ClusterRole + name: manager-role + path: patches/inventorytests_editor_role.yaml + - target: + group: rbac.authorization.k8s.io + version: v1 + kind: ClusterRole + name: manager-role + path: patches/selectortests_editor_role.yaml + - target: + group: rbac.authorization.k8s.io + version: v1 + kind: ClusterRole + name: manager-role + path: patches/subresourcestests_editor_role.yaml + +resources: +- role.yaml +- role_binding.yaml +- leader_election_role.yaml +- leader_election_role_binding.yaml +# Comment the following 4 lines if you want to disable +# the auth proxy (https://github.com/brancz/kube-rbac-proxy) +# which protects your /metrics endpoint. +- auth_proxy_service.yaml +- auth_proxy_role.yaml +- auth_proxy_role_binding.yaml +- auth_proxy_client_clusterrole.yaml diff --git a/test/ansible/config/rbac/leader_election_role.yaml b/test/ansible/config/rbac/leader_election_role.yaml new file mode 100644 index 0000000000..7301703d0b --- /dev/null +++ b/test/ansible/config/rbac/leader_election_role.yaml @@ -0,0 +1,33 @@ +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: leader-election-role +rules: +- apiGroups: + - "" + resources: + - configmaps + - pods + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create diff --git a/test/ansible/config/rbac/leader_election_role_binding.yaml b/test/ansible/config/rbac/leader_election_role_binding.yaml new file mode 100644 index 0000000000..eed16906f4 --- /dev/null +++ b/test/ansible/config/rbac/leader_election_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: default + namespace: system diff --git a/test/ansible/config/rbac/patches/collectiontests_editor_role.yaml b/test/ansible/config/rbac/patches/collectiontests_editor_role.yaml new file mode 100644 index 0000000000..088c838a12 --- /dev/null +++ b/test/ansible/config/rbac/patches/collectiontests_editor_role.yaml @@ -0,0 +1,26 @@ +- op: add + path: /rules/- + value: + apiGroups: + - test.example.com + resources: + - collectiontests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- op: add + path: /rules/- + value: + apiGroups: + - test.example.com + resources: + - collectiontests/status + verbs: + - get + - update + - patch diff --git a/test/ansible/config/rbac/patches/inventorytests_editor_role.yaml b/test/ansible/config/rbac/patches/inventorytests_editor_role.yaml new file mode 100644 index 0000000000..63a486e793 --- /dev/null +++ b/test/ansible/config/rbac/patches/inventorytests_editor_role.yaml @@ -0,0 +1,26 @@ +- op: add + path: /rules/- + value: + apiGroups: + - test.example.com + resources: + - inventorytests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- op: add + path: /rules/- + value: + apiGroups: + - test.example.com + resources: + - inventorytests/status + verbs: + - get + - update + - patch diff --git a/test/ansible/config/rbac/patches/selectortests_editor_role.yaml b/test/ansible/config/rbac/patches/selectortests_editor_role.yaml new file mode 100644 index 0000000000..ce044250ee --- /dev/null +++ b/test/ansible/config/rbac/patches/selectortests_editor_role.yaml @@ -0,0 +1,26 @@ +- op: add + path: /rules/- + value: + apiGroups: + - test.example.com + resources: + - selectortests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- op: add + path: /rules/- + value: + apiGroups: + - test.example.com + resources: + - selectortests/status + verbs: + - get + - update + - patch diff --git a/test/ansible/config/rbac/patches/subresourcestests_editor_role.yaml b/test/ansible/config/rbac/patches/subresourcestests_editor_role.yaml new file mode 100644 index 0000000000..b9f11cf4e3 --- /dev/null +++ b/test/ansible/config/rbac/patches/subresourcestests_editor_role.yaml @@ -0,0 +1,26 @@ +- op: add + path: /rules/- + value: + apiGroups: + - test.example.com + resources: + - subresourcestests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- op: add + path: /rules/- + value: + apiGroups: + - test.example.com + resources: + - subresourcestests/status + verbs: + - get + - update + - patch diff --git a/test/ansible/config/rbac/role.yaml b/test/ansible/config/rbac/role.yaml new file mode 100644 index 0000000000..244b5ad949 --- /dev/null +++ b/test/ansible/config/rbac/role.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: manager-role +rules: + - apiGroups: + - "" + resources: + - secrets + - pods + - pods/exec + - pods/log + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/test/ansible/config/rbac/role_binding.yaml b/test/ansible/config/rbac/role_binding.yaml new file mode 100644 index 0000000000..8f2658702c --- /dev/null +++ b/test/ansible/config/rbac/role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: manager-role +subjects: +- kind: ServiceAccount + name: default + namespace: system diff --git a/test/ansible/config/samples/test.example.com_v1_inventorytest_cr.yaml b/test/ansible/config/samples/test.example.com_v1_inventorytest_cr.yaml new file mode 100644 index 0000000000..b44d946add --- /dev/null +++ b/test/ansible/config/samples/test.example.com_v1_inventorytest_cr.yaml @@ -0,0 +1,9 @@ +apiVersion: test.example.com/v1 +kind: InventoryTest +metadata: + name: example-inventorytest + annotations: + "ansible.operator-sdk/verbosity": "3" +spec: + # Add fields here + size: 3 diff --git a/test/ansible/config/samples/test.example.com_v1alpha1_inventorytest_cr.yaml b/test/ansible/config/samples/test.example.com_v1alpha1_inventorytest_cr.yaml new file mode 100644 index 0000000000..fef5138521 --- /dev/null +++ b/test/ansible/config/samples/test.example.com_v1alpha1_inventorytest_cr.yaml @@ -0,0 +1,9 @@ +apiVersion: test.example.com/v1alpha1 +kind: InventoryTest +metadata: + name: example-inventory + annotations: + "ansible.operator-sdk/verbosity": "0" +spec: + # Add fields here + size: 3 diff --git a/test/ansible/config/testing/debug_logs_patch.yaml b/test/ansible/config/testing/debug_logs_patch.yaml new file mode 100644 index 0000000000..3a514772b4 --- /dev/null +++ b/test/ansible/config/testing/debug_logs_patch.yaml @@ -0,0 +1,5 @@ +- op: add + path: /spec/template/spec/containers/0/env/- + value: + name: ANSIBLE_DEBUG_LOGS + value: "TRUE" diff --git a/test/ansible/config/testing/kustomization.yaml b/test/ansible/config/testing/kustomization.yaml new file mode 100644 index 0000000000..125213966e --- /dev/null +++ b/test/ansible/config/testing/kustomization.yaml @@ -0,0 +1,30 @@ +# Adds namespace to all resources. +namespace: osdk-test + +namePrefix: osdk- + +# Labels to add to all resources and selectors. +#commonLabels: +# someName: someValue + +patchesJson6902: +- path: debug_logs_patch.yaml + target: + group: apps + kind: Deployment + name: controller-manager + namespace: system + version: v1 +patchesStrategicMerge: +- manager_image.yaml +- pull_policy/Never.yaml + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../crd +- ../rbac +- ../manager +images: +- name: testing + newName: testing-operator diff --git a/test/ansible/config/testing/manager_image.yaml b/test/ansible/config/testing/manager_image.yaml new file mode 100644 index 0000000000..e44f542d9b --- /dev/null +++ b/test/ansible/config/testing/manager_image.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + image: testing diff --git a/test/ansible/config/testing/pull_policy/Always.yaml b/test/ansible/config/testing/pull_policy/Always.yaml new file mode 100644 index 0000000000..6b0a8e2a8a --- /dev/null +++ b/test/ansible/config/testing/pull_policy/Always.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + imagePullPolicy: Always diff --git a/test/ansible/config/testing/pull_policy/IfNotPresent.yaml b/test/ansible/config/testing/pull_policy/IfNotPresent.yaml new file mode 100644 index 0000000000..2f52f496cd --- /dev/null +++ b/test/ansible/config/testing/pull_policy/IfNotPresent.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + imagePullPolicy: IfNotPresent diff --git a/test/ansible/config/testing/pull_policy/Never.yaml b/test/ansible/config/testing/pull_policy/Never.yaml new file mode 100644 index 0000000000..86f13d8164 --- /dev/null +++ b/test/ansible/config/testing/pull_policy/Never.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + imagePullPolicy: Never diff --git a/test/ansible/molecule/default/converge.yml b/test/ansible/molecule/default/converge.yml new file mode 100644 index 0000000000..0633db9849 --- /dev/null +++ b/test/ansible/molecule/default/converge.yml @@ -0,0 +1,18 @@ +--- +- name: Converge + hosts: localhost + connection: local + gather_facts: no + collections: + - community.kubernetes + + tasks: + - name: Create Namespace + k8s: + api_version: v1 + kind: Namespace + name: '{{ namespace }}' + + - import_tasks: kustomize.yml + vars: + state: present diff --git a/test/ansible/molecule/default/create.yml b/test/ansible/molecule/default/create.yml new file mode 100644 index 0000000000..1eeaf9226e --- /dev/null +++ b/test/ansible/molecule/default/create.yml @@ -0,0 +1,6 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + tasks: [] diff --git a/test/ansible/molecule/default/destroy.yml b/test/ansible/molecule/default/destroy.yml new file mode 100644 index 0000000000..ce87c2322d --- /dev/null +++ b/test/ansible/molecule/default/destroy.yml @@ -0,0 +1,24 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + collections: + - community.kubernetes + + tasks: + - import_tasks: kustomize.yml + vars: + state: absent + + - name: Destroy Namespace + k8s: + api_version: v1 + kind: Namespace + name: '{{ namespace }}' + state: absent + + - name: Unset pull policy + command: kustomize edit remove patch pull_policy/{{ pull_policy }}.yaml + args: + chdir: '{{ config_dir }}/testing' diff --git a/test/ansible/molecule/default/kustomize.yml b/test/ansible/molecule/default/kustomize.yml new file mode 100644 index 0000000000..db0b528edd --- /dev/null +++ b/test/ansible/molecule/default/kustomize.yml @@ -0,0 +1,14 @@ +--- +- name: Build kustomize testing overlay + command: kustomize build . + args: + chdir: '{{ config_dir }}/testing' + register: resources + changed_when: false + +- name: Set resources to {{ state }} + k8s: + definition: '{{ item }}' + state: '{{ state }}' + wait: yes + loop: '{{ resources.stdout | from_yaml_all | list }}' diff --git a/test/ansible/molecule/default/molecule.yml b/test/ansible/molecule/default/molecule.yml new file mode 100644 index 0000000000..34fcd3f55a --- /dev/null +++ b/test/ansible/molecule/default/molecule.yml @@ -0,0 +1,34 @@ +--- +dependency: + name: galaxy +driver: + name: delegated +lint: | + set -e + yamllint -d "{extends: relaxed, rules: {line-length: {max: 120}}}" . +platforms: +- name: cluster + groups: + - k8s +provisioner: + name: ansible + lint: | + set -e + ansible-lint + inventory: + group_vars: + all: + namespace: ${TEST_OPERATOR_NAMESPACE:-osdk-test} + host_vars: + localhost: + ansible_python_interpreter: '{{ ansible_playbook_python }}' + config_dir: ${MOLECULE_PROJECT_DIRECTORY}/config + operator_image: ${OPERATOR_IMAGE:-""} + operator_pull_policy: ${OPERATOR_PULL_POLICY:-"Always"} + env: + K8S_AUTH_KUBECONFIG: ${KUBECONFIG:-"~/.kube/config"} +verifier: + name: ansible + lint: | + set -e + ansible-lint diff --git a/test/ansible/molecule/default/prepare.yml b/test/ansible/molecule/default/prepare.yml index 0ef09072db..afc0e368ea 100644 --- a/test/ansible/molecule/default/prepare.yml +++ b/test/ansible/molecule/default/prepare.yml @@ -1,27 +1,28 @@ --- - name: Prepare - hosts: k8s - gather_facts: no + hosts: localhost + connection: local + gather_facts: false + tasks: - - name: Fetch the kubeconfig - fetch: - dest: '{{ kubeconfig_file }}' - flat: yes - src: /root/.kube/config + - name: Ensure operator image is set + fail: + msg: | + You must specify the OPERATOR_IMAGE environment variable in order to run the + 'default' scenario + when: not operator_image + + - name: Set testing image + command: kustomize edit set image testing={{ operator_image }} + args: + chdir: '{{ config_dir }}/testing' - - name: Change the kubeconfig port to the proper value - replace: - regexp: '8443' - replace: "{{ lookup('env', 'KIND_PORT') }}" - path: '{{ kubeconfig_file }}' - delegate_to: localhost + - name: Set pull policy + command: kustomize edit add patch pull_policy/{{ pull_policy }}.yaml + args: + chdir: '{{ config_dir }}/testing' - - name: Wait for the Kubernetes API to become available (this could take a minute) - uri: - url: "http://localhost:10080/kubernetes-ready" - status_code: 200 - validate_certs: no - register: result - until: (result.status|default(-1)) == 200 - retries: 60 - delay: 5 + - name: Set testing namespace + command: kustomize edit set namespace {{ namespace }} + args: + chdir: '{{ config_dir }}/testing' diff --git a/test/ansible/molecule/default/tasks/collections_test.yml b/test/ansible/molecule/default/tasks/collections_test.yml new file mode 100644 index 0000000000..61ba0c40b9 --- /dev/null +++ b/test/ansible/molecule/default/tasks/collections_test.yml @@ -0,0 +1,22 @@ +--- +- name: Create the test.example.com/v1alpha1.CollectionTest + k8s: + state: present + namespace: '{{ namespace }}' + definition: + apiVersion: test.example.com/v1alpha1 + kind: CollectionTest + metadata: + name: collection-test + wait: yes + wait_timeout: 300 + wait_condition: + type: Running + reason: Successful + status: "True" + +- name: Assert ConfigMap has been created by collection Role + assert: + that: cm.data.did_it_work == 'indeed' + vars: + cm: "{{ q('k8s', api_version='v1', kind='ConfigMap', namespace=namespace, resource_name='test-this-collection').0 }}" diff --git a/test/ansible/molecule/default/tasks/inventory_test.yml b/test/ansible/molecule/default/tasks/inventory_test.yml new file mode 100644 index 0000000000..8e0d9810ff --- /dev/null +++ b/test/ansible/molecule/default/tasks/inventory_test.yml @@ -0,0 +1,20 @@ +--- +- name: Create the test.example.com/v1alpha1.InventoryTest + k8s: + state: present + namespace: '{{ namespace }}' + definition: '{{ custom_resource }}' + wait: yes + wait_timeout: 300 + wait_condition: + type: Running + reason: Successful + status: "True" + vars: + custom_resource: "{{ lookup('template', '/'.join([config_dir, 'samples/test.example.com_v1alpha1_inventorytest_cr.yaml'])) | from_yaml }}" + +- name: Assert sentinel ConfigMap has been created for Molecule Test + assert: + that: cm.data.sentinel == 'test' + vars: + cm: "{{ q('k8s', api_version='v1', kind='ConfigMap', namespace=namespace, resource_name='inventory-cm').0 }}" diff --git a/test/ansible/molecule/default/tasks/liveness_test.yml b/test/ansible/molecule/default/tasks/liveness_test.yml new file mode 100644 index 0000000000..a86527d90f --- /dev/null +++ b/test/ansible/molecule/default/tasks/liveness_test.yml @@ -0,0 +1,15 @@ +--- +- name: Check for liveness probe failure events + # We can't directly hit the endpoint, which is not publicly exposed. If k8s sees a failing endpoint, it will create a "Killing" event. + k8s_info: + kind: Event + field_selectors: + - "involvedObject.name={{ op_pod.metadata.name }}" + - "reason=Killing" + vars: + op_pod: "{{ lookup('k8s', kind='Pod', label_selector='control-plane=controller-manager') }}" + register: liveness_failures + +- name: Assert that the Pod has not been liveness probe Killed + assert: + that: liveness_failures.resources|length == 0 diff --git a/test/ansible/molecule/default/tasks/secrets_test.yml b/test/ansible/molecule/default/tasks/secrets_test.yml new file mode 100644 index 0000000000..ce8f454bb2 --- /dev/null +++ b/test/ansible/molecule/default/tasks/secrets_test.yml @@ -0,0 +1,56 @@ +--- +- name: Create the v1.Secret + k8s: + state: present + definition: + apiVersion: v1 + kind: Secret + metadata: + name: test-secret + namespace: '{{ namespace }}' + labels: + reconcile: "yes" + data: + test: '{{ "test" | b64encode }}' + +- name: Wait for the corresponding configmap to be created + k8s_info: + api_version: v1 + kind: ConfigMap + name: test-secret + namespace: '{{ namespace }}' + register: result + until: result.resources + retries: 10 + +- name: Assert that the configmap has the proper content + assert: + that: result.resources.0.data.test == "test" + +- name: Update the v1.Secret + k8s: + state: present + definition: + apiVersion: v1 + kind: Secret + metadata: + name: test-secret + namespace: '{{ namespace }}' + labels: + reconcile: "yes" + data: + new: '{{ "content" | b64encode }}' + +- name: Wait for the corresponding key to be created + k8s_info: + api_version: v1 + kind: ConfigMap + name: test-secret + namespace: '{{ namespace }}' + register: result + until: result.resources.0.data.new is defined + retries: 10 + +- name: Assert that the configmap has the proper content + assert: + that: result.resources.0.data.new == 'content' diff --git a/test/ansible/molecule/default/tasks/selector_test.yml b/test/ansible/molecule/default/tasks/selector_test.yml new file mode 100644 index 0000000000..9254657cfe --- /dev/null +++ b/test/ansible/molecule/default/tasks/selector_test.yml @@ -0,0 +1,52 @@ +--- +- name: Create the test.example.com/v1alpha1.SelectorTest + k8s: + state: present + definition: + apiVersion: test.example.com/v1alpha1 + kind: SelectorTest + metadata: + name: selector-test + namespace: '{{ namespace }}' + labels: + testLabel: testValue + spec: + field: value + wait: yes + wait_timeout: 300 + wait_condition: + type: Running + reason: Successful + status: "True" + register: selector_test + +- name: Assert sentinel ConfigMap has been created for Molecule Test + assert: + that: cm.data.hello == 'world' + vars: + cm: "{{ q('k8s', api_version='v1', kind='ConfigMap', namespace=namespace, + resource_name='selector-test').0 }}" + +- name: Create the test.example.com/v1alpha1.SelectorTest + k8s: + state: present + definition: + apiVersion: test.example.com/v1alpha1 + kind: SelectorTest + metadata: + name: selector-test-fail + namespace: '{{ namespace }}' + spec: + field: value + register: selector_test + +- name: Wait for 30 seconds + wait_for: + timeout: 30 + +- name: Assert sentinel ConfigMap has not been created for Molecule Test + assert: + that: not cm + vars: + cm: "{{ q('k8s', api_version='v1', kind='ConfigMap', namespace=namespace, + resource_name='selector-test-fail')}}" diff --git a/test/ansible/molecule/default/tasks/servicemonitor_test.yml b/test/ansible/molecule/default/tasks/servicemonitor_test.yml new file mode 100644 index 0000000000..344909a4d6 --- /dev/null +++ b/test/ansible/molecule/default/tasks/servicemonitor_test.yml @@ -0,0 +1,5 @@ +--- +- name: Assert ServiceMonitor resource is created + assert: + that: lookup('k8s', kind='ServiceMonitor', api_version='monitoring.coreos.com/v1', namespace=namespace, resource_name='ansible-metrics') + when: "'monitoring.coreos.com/v1' in lookup('k8s', cluster_info='api_groups')" diff --git a/test/ansible/molecule/default/tasks/subresources_test.yml b/test/ansible/molecule/default/tasks/subresources_test.yml new file mode 100644 index 0000000000..65381a760d --- /dev/null +++ b/test/ansible/molecule/default/tasks/subresources_test.yml @@ -0,0 +1,29 @@ +--- +- name: Create the test.example.com/v1alpha1.SubresourcesTest + k8s: + state: present + definition: + apiVersion: test.example.com/v1alpha1 + kind: SubresourcesTest + metadata: + name: subresources-test + namespace: '{{ namespace }}' + spec: + execCommand: "echo 'hello world'" + logMessage: "Running..." + wait: yes + wait_timeout: 300 + wait_condition: + type: Running + reason: Successful + status: "True" + register: subresources_test + +- debug: var=subresources_test + +- name: Assert stdout and stderr are properly set in status + assert: + that: + - subresources_test.result.status.execCommandStderr == "" + - subresources_test.result.status.execCommandStdout == "hello world" + - "'Running' in subresources_test.result.status.logs" diff --git a/test/ansible/molecule/default/verify.yml b/test/ansible/molecule/default/verify.yml new file mode 100644 index 0000000000..8930c85337 --- /dev/null +++ b/test/ansible/molecule/default/verify.yml @@ -0,0 +1,53 @@ +--- +- name: Verify + hosts: localhost + connection: local + gather_facts: no + collections: + - community.kubernetes + + tasks: + - block: + - name: Import all test files from tasks/ + include_tasks: '{{ item }}' + with_fileglob: + - tasks/*_test.yml + rescue: + - name: Retrieve relevant resources + k8s_info: + api_version: '{{ item.api_version }}' + kind: '{{ item.kind }}' + namespace: '{{ namespace }}' + loop: + - api_version: v1 + kind: Pod + - api_version: apps/v1 + kind: Deployment + - api_version: v1 + kind: Secret + - api_version: v1 + kind: ConfigMap + register: debug_resources + + - name: Retrieve Pod logs + k8s_log: + name: '{{ item.metadata.name }}' + namespace: '{{ namespace }}' + loop: '{{ q("k8s", api_version="v1", kind="Pod", namespace=namespace) }}' + register: debug_logs + + - name: Ouput gathered resources + debug: + var: debug_resources + + - name: Output gathered logs + debug: + var: item.log_lines + loop: '{{ debug_logs.results }}' + + - name: Re-emit failure + vars: + failed_task: + result: '{{ ansible_failed_result }}' + fail: + msg: '{{ failed_task }}' diff --git a/test/ansible/molecule/kind/converge.yml b/test/ansible/molecule/kind/converge.yml new file mode 100644 index 0000000000..a5605b30fa --- /dev/null +++ b/test/ansible/molecule/kind/converge.yml @@ -0,0 +1,23 @@ +--- +- name: Converge + hosts: localhost + connection: local + gather_facts: no + + tasks: + - name: Build operator image + docker_image: + build: + path: '{{ project_dir }}' + pull: no + name: '{{ operator_image }}' + tag: latest + push: no + source: build + + - name: Load image into kind cluster + command: kind load docker-image --name osdk-test '{{ operator_image }}' + register: result + changed_when: '"not yet present" in result.stdout' + +- import_playbook: ../default/converge.yml diff --git a/test/ansible/molecule/kind/create.yml b/test/ansible/molecule/kind/create.yml new file mode 100644 index 0000000000..66a84a14f7 --- /dev/null +++ b/test/ansible/molecule/kind/create.yml @@ -0,0 +1,8 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + tasks: + - name: Create test kind cluster + command: kind create cluster --name osdk-test --kubeconfig {{ kubeconfig }} diff --git a/test/ansible/molecule/kind/destroy.yml b/test/ansible/molecule/kind/destroy.yml new file mode 100644 index 0000000000..9393e4fafc --- /dev/null +++ b/test/ansible/molecule/kind/destroy.yml @@ -0,0 +1,11 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + collections: + - community.kubernetes + + tasks: + - name: Destroy test kind cluster + command: kind delete cluster --name osdk-test --kubeconfig {{ kubeconfig }} diff --git a/test/ansible/molecule/kind/molecule.yml b/test/ansible/molecule/kind/molecule.yml new file mode 100644 index 0000000000..92f2ab425b --- /dev/null +++ b/test/ansible/molecule/kind/molecule.yml @@ -0,0 +1,40 @@ +--- +dependency: + name: galaxy +driver: + name: delegated +lint: | + set -e + yamllint -d "{extends: relaxed, rules: {line-length: {max: 120}}}" . +platforms: +- name: cluster + groups: + - k8s +provisioner: + name: ansible + playbooks: + prepare: ../default/prepare.yml + verify: ../default/verify.yml + lint: | + set -e + ansible-lint + inventory: + group_vars: + all: + namespace: ${TEST_OPERATOR_NAMESPACE:-osdk-test} + host_vars: + localhost: + ansible_python_interpreter: '{{ ansible_playbook_python }}' + config_dir: ${MOLECULE_PROJECT_DIRECTORY}/config + project_dir: ${MOLECULE_PROJECT_DIRECTORY} + operator_image: testing-operator + pull_policy: "Never" + kubeconfig: '{{ lookup("env", "KUBECONFIG") }}' + env: + K8S_AUTH_KUBECONFIG: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig + KUBECONFIG: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig +verifier: + name: ansible + lint: | + set -e + ansible-lint From 172bcfa96e40f8d25f44e255982bad3a3fc6acaf Mon Sep 17 00:00:00 2001 From: Fabian von Feilitzsch Date: Wed, 15 Jul 2020 13:40:07 -0400 Subject: [PATCH 2/8] Update hack/tests/e2e-ansible-molecule.sh Co-authored-by: Eric Stroczynski --- hack/tests/e2e-ansible-molecule.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/tests/e2e-ansible-molecule.sh b/hack/tests/e2e-ansible-molecule.sh index 7cf7d7f64e..43ad6dd155 100755 --- a/hack/tests/e2e-ansible-molecule.sh +++ b/hack/tests/e2e-ansible-molecule.sh @@ -63,7 +63,7 @@ header_text "Test Ansible Molecule scenarios" pushd "${ROOTDIR}/test/ansible" DEST_IMAGE="quay.io/example/ansible-test-operator:v0.0.1" sed -i".bak" -E -e 's/(FROM quay.io\/operator-framework\/ansible-operator)(:.*)?/\1:dev/g' Dockerfile; rm -f Dockerfile.bak -docker build -t "$DEST_IMAGE" --image-build-args="--no-cache" . +docker build -t "$DEST_IMAGE" --no-cache . load_image_if_kind "$DEST_IMAGE" OPERATOR_PULL_POLICY=Never OPERATOR_IMAGE=${DEST_IMAGE} TEST_OPERATOR_NAMESPACE=osdk-test molecule test From 7bf666d90f9d9b7b16163c01591747093224801c Mon Sep 17 00:00:00 2001 From: Fabian von Feilitzsch Date: Tue, 28 Jul 2020 14:20:21 -0400 Subject: [PATCH 3/8] Update for newest scaffolding --- go.mod | 1 + go.sum | 2 + test/ansible/.gitignore | 24 ---- test/ansible/Makefile | 122 +++++++++--------- test/ansible/OWNERS | 6 - test/ansible/PROJECT | 11 +- .../config/certmanager/certificate.yaml | 26 ---- .../config/certmanager/kustomization.yaml | 5 - .../config/certmanager/kustomizeconfig.yaml | 16 --- .../bases}/test.example.com_casetest_crd.yaml | 0 .../test.example.com_collectiontests_crd.yaml | 0 .../test.example.com_inventorytests_crd.yaml | 0 .../test.example.com_selectortests_crd.yaml | 0 ...est.example.com_subresourcestests_crd.yaml | 0 test/ansible/config/crd/kustomization.yaml | 12 +- .../ansible/config/default/kustomization.yaml | 50 +------ .../default/manager_auth_proxy_patch.yaml | 25 ++-- .../config/default/manager_webhook_patch.yaml | 23 ---- .../default/webhookcainjection_patch.yaml | 15 --- .../ansible/config/manager/kustomization.yaml | 6 - test/ansible/config/manager/manager.yaml | 30 +---- test/ansible/config/prometheus/monitor.yaml | 2 +- test/ansible/config/rbac/kustomization.yaml | 28 ++-- .../config/rbac/leader_election_role.yaml | 10 +- test/ansible/config/rbac/role.yaml | 45 ++++--- test/ansible/config/rbac/role_binding.yaml | 1 + .../ansible/config/samples/kustomization.yaml | 3 + .../test.example.com_v1_inventorytest_cr.yaml | 9 -- .../config/scorecard/bases/config.yaml | 7 + .../config/scorecard/kustomization.yaml | 16 +++ .../scorecard/patches/basic.config.yaml | 10 ++ .../config/scorecard/patches/olm.config.yaml | 50 +++++++ .../config/testing/debug_logs_patch.yaml | 19 ++- .../ansible/config/testing/kustomization.yaml | 10 +- .../test.example.com_collectiontests_crd.yaml | 22 ---- .../test.example.com_inventorytests_crd.yaml | 22 ---- .../test.example.com_selectortest_crd.yaml | 22 ---- ...est.example.com_subresourcestests_crd.yaml | 22 ---- .../test.example.com_v1_inventorytest_cr.yaml | 9 -- ...example.com_v1alpha1_inventorytest_cr.yaml | 9 -- test/ansible/deploy/operator.yaml | 49 ------- test/ansible/deploy/role.yaml | 83 ------------ test/ansible/deploy/role_binding.yaml | 11 -- test/ansible/deploy/service_account.yaml | 4 - test/ansible/molecule/cluster/converge.yml | 24 ---- test/ansible/molecule/cluster/create.yml | 6 - test/ansible/molecule/cluster/destroy.yml | 33 ----- test/ansible/molecule/cluster/molecule.yml | 35 ----- test/ansible/molecule/cluster/prepare.yml | 34 ----- .../cluster/tasks/collections_test.yml | 22 ---- .../molecule/cluster/tasks/inventory_test.yml | 20 --- .../molecule/cluster/tasks/liveness_test.yml | 16 --- .../molecule/cluster/tasks/secrets_test.yml | 56 -------- .../molecule/cluster/tasks/selector_test.yml | 54 -------- .../cluster/tasks/subresources_test.yml | 29 ----- test/ansible/molecule/cluster/verify.yml | 53 -------- test/ansible/molecule/default/destroy.yml | 2 +- test/ansible/molecule/default/kustomize.yml | 3 +- test/ansible/molecule/default/molecule.yml | 8 +- test/ansible/molecule/default/prepare.yml | 6 +- .../{cluster => default}/tasks/case_test.yml | 0 test/ansible/molecule/default/verify.yml | 15 ++- test/ansible/molecule/kind/converge.yml | 8 ++ test/ansible/molecule/kind/molecule.yml | 10 +- test/ansible/molecule/test-local/converge.yml | 55 -------- test/ansible/molecule/test-local/molecule.yml | 49 ------- test/ansible/molecule/test-local/prepare.yml | 34 ----- test/ansible/molecule/test-local/verify.yml | 2 - test/ansible/requirements.yml | 4 +- 69 files changed, 282 insertions(+), 1133 deletions(-) delete mode 100644 test/ansible/.gitignore delete mode 100644 test/ansible/OWNERS delete mode 100644 test/ansible/config/certmanager/certificate.yaml delete mode 100644 test/ansible/config/certmanager/kustomization.yaml delete mode 100644 test/ansible/config/certmanager/kustomizeconfig.yaml rename test/ansible/{deploy/crds => config/crd/bases}/test.example.com_casetest_crd.yaml (100%) rename test/ansible/config/crd/{ => bases}/test.example.com_collectiontests_crd.yaml (100%) rename test/ansible/config/crd/{ => bases}/test.example.com_inventorytests_crd.yaml (100%) rename test/ansible/config/crd/{ => bases}/test.example.com_selectortests_crd.yaml (100%) rename test/ansible/config/crd/{ => bases}/test.example.com_subresourcestests_crd.yaml (100%) delete mode 100644 test/ansible/config/default/manager_webhook_patch.yaml delete mode 100644 test/ansible/config/default/webhookcainjection_patch.yaml create mode 100644 test/ansible/config/samples/kustomization.yaml delete mode 100644 test/ansible/config/samples/test.example.com_v1_inventorytest_cr.yaml create mode 100644 test/ansible/config/scorecard/bases/config.yaml create mode 100644 test/ansible/config/scorecard/kustomization.yaml create mode 100644 test/ansible/config/scorecard/patches/basic.config.yaml create mode 100644 test/ansible/config/scorecard/patches/olm.config.yaml delete mode 100644 test/ansible/deploy/crds/test.example.com_collectiontests_crd.yaml delete mode 100644 test/ansible/deploy/crds/test.example.com_inventorytests_crd.yaml delete mode 100644 test/ansible/deploy/crds/test.example.com_selectortest_crd.yaml delete mode 100644 test/ansible/deploy/crds/test.example.com_subresourcestests_crd.yaml delete mode 100644 test/ansible/deploy/crds/test.example.com_v1_inventorytest_cr.yaml delete mode 100644 test/ansible/deploy/crds/test.example.com_v1alpha1_inventorytest_cr.yaml delete mode 100644 test/ansible/deploy/operator.yaml delete mode 100644 test/ansible/deploy/role.yaml delete mode 100644 test/ansible/deploy/role_binding.yaml delete mode 100644 test/ansible/deploy/service_account.yaml delete mode 100644 test/ansible/molecule/cluster/converge.yml delete mode 100644 test/ansible/molecule/cluster/create.yml delete mode 100644 test/ansible/molecule/cluster/destroy.yml delete mode 100644 test/ansible/molecule/cluster/molecule.yml delete mode 100644 test/ansible/molecule/cluster/prepare.yml delete mode 100644 test/ansible/molecule/cluster/tasks/collections_test.yml delete mode 100644 test/ansible/molecule/cluster/tasks/inventory_test.yml delete mode 100644 test/ansible/molecule/cluster/tasks/liveness_test.yml delete mode 100644 test/ansible/molecule/cluster/tasks/secrets_test.yml delete mode 100644 test/ansible/molecule/cluster/tasks/selector_test.yml delete mode 100644 test/ansible/molecule/cluster/tasks/subresources_test.yml delete mode 100644 test/ansible/molecule/cluster/verify.yml rename test/ansible/molecule/{cluster => default}/tasks/case_test.yml (100%) delete mode 100644 test/ansible/molecule/test-local/converge.yml delete mode 100644 test/ansible/molecule/test-local/molecule.yml delete mode 100644 test/ansible/molecule/test-local/prepare.yml delete mode 100644 test/ansible/molecule/test-local/verify.yml diff --git a/go.mod b/go.mod index 2bcd3c65f1..e0e912a1c2 100644 --- a/go.mod +++ b/go.mod @@ -8,6 +8,7 @@ require ( github.com/go-logr/logr v0.1.0 github.com/iancoleman/strcase v0.0.0-20191112232945-16388991a334 github.com/kr/text v0.1.0 + github.com/kubernetes-sigs/kustomize v2.0.3+incompatible // indirect github.com/markbates/inflect v1.0.4 github.com/mattn/go-isatty v0.0.12 github.com/onsi/ginkgo v1.12.1 diff --git a/go.sum b/go.sum index d5d67694ca..84a0934605 100644 --- a/go.sum +++ b/go.sum @@ -464,6 +464,8 @@ github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kshvakov/clickhouse v1.3.5/go.mod h1:DMzX7FxRymoNkVgizH0DWAL8Cur7wHLgx3MUnGwJqpE= +github.com/kubernetes-sigs/kustomize v2.0.3+incompatible h1:3hC4tnibtc3SVKd6VLMM6GYrRfFMj77Tc5UmdjMa4B0= +github.com/kubernetes-sigs/kustomize v2.0.3+incompatible/go.mod h1:LEfoFBposdQuHJ4ZX2gdT7eoybOslchqvocZtlLyTsk= github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq6+3iTQz8KNCLtVX6idSoTLdUw= github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o= github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk= diff --git a/test/ansible/.gitignore b/test/ansible/.gitignore deleted file mode 100644 index d97ffc5159..0000000000 --- a/test/ansible/.gitignore +++ /dev/null @@ -1,24 +0,0 @@ - -# Binaries for programs and plugins -*.exe -*.exe~ -*.dll -*.so -*.dylib -bin - -# Test binary, build with `go test -c` -*.test - -# Output of the go coverage tool, specifically when used with LiteIDE -*.out - -# Kubernetes Generated files - skip generated files, except for vendored files - -!vendor/**/zz_generated.* - -# editor and IDE paraphernalia -.idea -*.swp -*.swo -*~ diff --git a/test/ansible/Makefile b/test/ansible/Makefile index 3ea4bba014..f6dc82a3bf 100644 --- a/test/ansible/Makefile +++ b/test/ansible/Makefile @@ -1,63 +1,43 @@ - -# Image URL to use all building/pushing image targets -IMG ?= controller:latest -# Produce CRDs that work back to Kubernetes 1.11 (no version conversion) -CRD_OPTIONS ?= "crd:trivialVersions=true" - -# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) -ifeq (,$(shell go env GOBIN)) -GOBIN=$(shell go env GOPATH)/bin -else -GOBIN=$(shell go env GOBIN) +# Current Operator version +VERSION ?= 0.0.1 +# Default bundle image tag +BUNDLE_IMG ?= controller-bundle:$(VERSION) +# Options for 'bundle-build' +ifneq ($(origin CHANNELS), undefined) +BUNDLE_CHANNELS := --channels=$(CHANNELS) +endif +ifneq ($(origin DEFAULT_CHANNEL), undefined) +BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL) endif +BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL) -all: manager +.PHONY: bundle -# Run tests -test: generate fmt vet manifests - go test ./... -coverprofile cover.out +# Image URL to use all building/pushing image targets +IMG ?= controller:latest -# Build manager binary -manager: generate fmt vet - go build -o bin/manager main.go +all: docker-build # Run against the configured Kubernetes cluster in ~/.kube/config -run: generate fmt vet manifests - go run ./main.go +run: ansible-operator + $(ANSIBLE_OPERATOR) -# TODO(asmacdo) this is broken, because make deploy will create the same cr except with kb- prepended # Install CRDs into a cluster -# install: manifests -install: - kustomize build config/crd | kubectl apply -f - +install: kustomize + $(KUSTOMIZE) build config/crd | kubectl apply -f - # Uninstall CRDs from a cluster -uninstall: manifests - kustomize build config/crd | kubectl delete -f - +uninstall: kustomize + $(KUSTOMIZE) build config/crd | kubectl delete -f - # Deploy controller in the configured Kubernetes cluster in ~/.kube/config -deploy: manifests - cd config/manager && kustomize edit set image controller=${IMG} - kustomize build config/default | kubectl apply -f - - -undeploy: - kustomize build config/default | kubectl delete -f - - -# Generate manifests e.g. CRD, RBAC etc. -manifests: controller-gen - $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases - -# Run go fmt against code -fmt: - go fmt ./... +deploy: kustomize + cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + $(KUSTOMIZE) build config/default | kubectl apply -f - -# Run go vet against code -vet: - go vet ./... - -# Generate code -generate: controller-gen - $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." +# Undeploy controller in the configured Kubernetes cluster in ~/.kube/config +undeploy: kustomize + $(KUSTOMIZE) build config/default | kubectl delete -f - # Build the docker image docker-build: @@ -67,19 +47,45 @@ docker-build: docker-push: docker push ${IMG} -# find or download controller-gen -# download controller-gen if necessary -controller-gen: -ifeq (, $(shell which controller-gen)) +PATH := $(PATH):$(PWD)/bin +SHELL := env PATH=$(PATH) /bin/sh +OS = $(shell uname -s | tr '[:upper:]' '[:lower:]') +ARCH = $(shell uname -m | sed 's/x86_64/amd64/') +OSOPER = $(shell uname -s | tr '[:upper:]' '[:lower:]' | sed 's/darwin/apple-darwin/' | sed 's/linux/linux-gnu/') +ARCHOPER = $(shell uname -m ) + +kustomize: +ifeq (, $(shell which kustomize 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p bin ;\ + curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v3.5.4/kustomize_v3.5.4_$(OS)_$(ARCH).tar.gz | tar xzf - -C bin/ ;\ + } +KUSTOMIZE=./bin/kustomize +else +KUSTOMIZE=$(shell which kustomize) +endif + +ansible-operator: +ifeq (, $(shell which ansible-operator 2>/dev/null)) @{ \ set -e ;\ - CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\ - cd $$CONTROLLER_GEN_TMP_DIR ;\ - go mod init tmp ;\ - go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.2.5 ;\ - rm -rf $$CONTROLLER_GEN_TMP_DIR ;\ + mkdir -p bin ;\ + curl -LO https://github.com/operator-framework/operator-sdk/releases/download/v0.19.0/ansible-operator-v0.19.0-$(ARCHOPER)-$(OSOPER) ;\ + mv ansible-operator-v0.19.0-$(ARCHOPER)-$(OSOPER) ./bin/ansible-operator ;\ + chmod +x ./bin/ansible-operator ;\ } -CONTROLLER_GEN=$(GOBIN)/controller-gen +ANSIBLE_OPERATOR=$(realpath ./bin/ansible-operator) else -CONTROLLER_GEN=$(shell which controller-gen) +ANSIBLE_OPERATOR=$(shell which ansible-operator) endif + +# Generate bundle manifests and metadata, then validate generated files. +bundle: kustomize + operator-sdk generate kustomize manifests -q + $(KUSTOMIZE) build config/manifests | operator-sdk generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS) + operator-sdk bundle validate ./bundle + +# Build the bundle image. +bundle-build: + docker build -f bundle.Dockerfile -t $(BUNDLE_IMG) . diff --git a/test/ansible/OWNERS b/test/ansible/OWNERS deleted file mode 100644 index 9702fa3403..0000000000 --- a/test/ansible/OWNERS +++ /dev/null @@ -1,6 +0,0 @@ -approvers: - - fabianvf - - jmrodri -reviewers: - - fabianvf - - jmrodri diff --git a/test/ansible/PROJECT b/test/ansible/PROJECT index 270963f474..a458696650 100644 --- a/test/ansible/PROJECT +++ b/test/ansible/PROJECT @@ -1,7 +1,4 @@ -domain: com -repo: wut -resources: -- group: cache.example.com - kind: Memcached - version: v1alpha1 -version: "2" +domain: example.com +layout: ansible.sdk.operatorframework.io/v1 +projectName: ansible +version: 3-alpha diff --git a/test/ansible/config/certmanager/certificate.yaml b/test/ansible/config/certmanager/certificate.yaml deleted file mode 100644 index 3d46cff884..0000000000 --- a/test/ansible/config/certmanager/certificate.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# The following manifests contain a self-signed issuer CR and a certificate CR. -# More document can be found at https://docs.cert-manager.io -# WARNING: Targets CertManager 0.11 check https://docs.cert-manager.io/en/latest/tasks/upgrading/index.html for -# breaking changes -apiVersion: cert-manager.io/v1alpha2 -kind: Issuer -metadata: - name: selfsigned-issuer - namespace: system -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1alpha2 -kind: Certificate -metadata: - name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml - namespace: system -spec: - # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize - dnsNames: - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local - issuerRef: - kind: Issuer - name: selfsigned-issuer - secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize diff --git a/test/ansible/config/certmanager/kustomization.yaml b/test/ansible/config/certmanager/kustomization.yaml deleted file mode 100644 index bebea5a595..0000000000 --- a/test/ansible/config/certmanager/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -resources: -- certificate.yaml - -configurations: -- kustomizeconfig.yaml diff --git a/test/ansible/config/certmanager/kustomizeconfig.yaml b/test/ansible/config/certmanager/kustomizeconfig.yaml deleted file mode 100644 index e631f77736..0000000000 --- a/test/ansible/config/certmanager/kustomizeconfig.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# This configuration is for teaching kustomize how to update name ref and var substitution -nameReference: -- kind: Issuer - group: cert-manager.io - fieldSpecs: - - kind: Certificate - group: cert-manager.io - path: spec/issuerRef/name - -varReference: -- kind: Certificate - group: cert-manager.io - path: spec/commonName -- kind: Certificate - group: cert-manager.io - path: spec/dnsNames diff --git a/test/ansible/deploy/crds/test.example.com_casetest_crd.yaml b/test/ansible/config/crd/bases/test.example.com_casetest_crd.yaml similarity index 100% rename from test/ansible/deploy/crds/test.example.com_casetest_crd.yaml rename to test/ansible/config/crd/bases/test.example.com_casetest_crd.yaml diff --git a/test/ansible/config/crd/test.example.com_collectiontests_crd.yaml b/test/ansible/config/crd/bases/test.example.com_collectiontests_crd.yaml similarity index 100% rename from test/ansible/config/crd/test.example.com_collectiontests_crd.yaml rename to test/ansible/config/crd/bases/test.example.com_collectiontests_crd.yaml diff --git a/test/ansible/config/crd/test.example.com_inventorytests_crd.yaml b/test/ansible/config/crd/bases/test.example.com_inventorytests_crd.yaml similarity index 100% rename from test/ansible/config/crd/test.example.com_inventorytests_crd.yaml rename to test/ansible/config/crd/bases/test.example.com_inventorytests_crd.yaml diff --git a/test/ansible/config/crd/test.example.com_selectortests_crd.yaml b/test/ansible/config/crd/bases/test.example.com_selectortests_crd.yaml similarity index 100% rename from test/ansible/config/crd/test.example.com_selectortests_crd.yaml rename to test/ansible/config/crd/bases/test.example.com_selectortests_crd.yaml diff --git a/test/ansible/config/crd/test.example.com_subresourcestests_crd.yaml b/test/ansible/config/crd/bases/test.example.com_subresourcestests_crd.yaml similarity index 100% rename from test/ansible/config/crd/test.example.com_subresourcestests_crd.yaml rename to test/ansible/config/crd/bases/test.example.com_subresourcestests_crd.yaml diff --git a/test/ansible/config/crd/kustomization.yaml b/test/ansible/config/crd/kustomization.yaml index dfd2a8524f..9d092cb85a 100644 --- a/test/ansible/config/crd/kustomization.yaml +++ b/test/ansible/config/crd/kustomization.yaml @@ -2,9 +2,9 @@ # since it depends on service name and namespace that are out of this kustomize package. # It should be run by config/default resources: -- test.example.com_collectiontests_crd.yaml -- test.example.com_inventorytests_crd.yaml -- test.example.com_selectortests_crd.yaml -- test.example.com_subresourcestests_crd.yaml -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization + - bases/test.example.com_casetest_crd.yaml + - bases/test.example.com_collectiontests_crd.yaml + - bases/test.example.com_inventorytests_crd.yaml + - bases/test.example.com_selectortests_crd.yaml + - bases/test.example.com_subresourcestests_crd.yaml +# +kubebuilder:scaffold:crdkustomizeresource diff --git a/test/ansible/config/default/kustomization.yaml b/test/ansible/config/default/kustomization.yaml index 4fade6699f..0d6315b00f 100644 --- a/test/ansible/config/default/kustomization.yaml +++ b/test/ansible/config/default/kustomization.yaml @@ -1,12 +1,12 @@ # Adds namespace to all resources. -namespace: kb-system +namespace: ansible-system # Value of this field is prepended to the # names of all resources, e.g. a deployment named # "wordpress" becomes "alices-wordpress". # Note that it should also match with the prefix (text before '-') of the namespace # field above. -namePrefix: kb- +namePrefix: ansible- # Labels to add to all resources and selectors. #commonLabels: @@ -16,11 +16,6 @@ bases: - ../crd - ../rbac - ../manager -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- ../webhook -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. -#- ../certmanager # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. #- ../prometheus @@ -28,43 +23,4 @@ patchesStrategicMerge: # Protect the /metrics endpoint by putting it behind auth. # If you want your controller-manager to expose the /metrics # endpoint w/o any authn/z, please comment the following line. -# - manager_auth_proxy_patch.yaml - -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- manager_webhook_patch.yaml - -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. -# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. -# 'CERTMANAGER' needs to be enabled to use ca injection -#- webhookcainjection_patch.yaml - -# the following config is for teaching kustomize how to do var substitution -vars: -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. -#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1alpha2 -# name: serving-cert # this name should match the one in certificate.yaml -# fieldref: -# fieldpath: metadata.namespace -#- name: CERTIFICATE_NAME -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1alpha2 -# name: serving-cert # this name should match the one in certificate.yaml -#- name: SERVICE_NAMESPACE # namespace of the service -# objref: -# kind: Service -# version: v1 -# name: webhook-service -# fieldref: -# fieldpath: metadata.namespace -#- name: SERVICE_NAME -# objref: -# kind: Service -# version: v1 -# name: webhook-service +- manager_auth_proxy_patch.yaml diff --git a/test/ansible/config/default/manager_auth_proxy_patch.yaml b/test/ansible/config/default/manager_auth_proxy_patch.yaml index 8a09f680c7..08d941467d 100644 --- a/test/ansible/config/default/manager_auth_proxy_patch.yaml +++ b/test/ansible/config/default/manager_auth_proxy_patch.yaml @@ -9,17 +9,18 @@ spec: template: spec: containers: - # - name: kube-rbac-proxy - # image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 - # args: - # - "--secure-listen-address=0.0.0.0:8443" - # - "--upstream=http://127.0.0.1:8080/" - # - "--logtostderr=true" - # - "--v=10" - # ports: - # - containerPort: 8443 - # name: https + - name: kube-rbac-proxy + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 + args: + - "--secure-listen-address=0.0.0.0:8443" + - "--upstream=http://127.0.0.1:8080/" + - "--logtostderr=true" + - "--v=10" + ports: + - containerPort: 8443 + name: https - name: manager args: - # - "--metrics-addr=127.0.0.1:8080" - # - "--enable-leader-election" + - "--metrics-addr=127.0.0.1:8080" + - "--enable-leader-election" + - "--leader-election-id=ansible" diff --git a/test/ansible/config/default/manager_webhook_patch.yaml b/test/ansible/config/default/manager_webhook_patch.yaml deleted file mode 100644 index 738de350b7..0000000000 --- a/test/ansible/config/default/manager_webhook_patch.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: webhook-server-cert diff --git a/test/ansible/config/default/webhookcainjection_patch.yaml b/test/ansible/config/default/webhookcainjection_patch.yaml deleted file mode 100644 index 7e79bf9955..0000000000 --- a/test/ansible/config/default/webhookcainjection_patch.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# This patch add annotation to admission webhook config and -# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: mutating-webhook-configuration - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: validating-webhook-configuration - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/test/ansible/config/manager/kustomization.yaml b/test/ansible/config/manager/kustomization.yaml index 63744d1eb3..5c5f0b84cb 100644 --- a/test/ansible/config/manager/kustomization.yaml +++ b/test/ansible/config/manager/kustomization.yaml @@ -1,8 +1,2 @@ resources: - manager.yaml -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -images: -- name: controller - newName: quay.io/asmacdo/controller - newTag: v0.0.1 diff --git a/test/ansible/config/manager/manager.yaml b/test/ansible/config/manager/manager.yaml index 5871e1ddd2..14ab36cea8 100644 --- a/test/ansible/config/manager/manager.yaml +++ b/test/ansible/config/manager/manager.yaml @@ -23,29 +23,9 @@ spec: control-plane: controller-manager spec: containers: - - name: manager - image: controller:latest - imagePullPolicy: "Always" - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPERATOR_NAME - # TODO(asmacdo) template - value: "ansible" - - name: ANSIBLE_GATHERING - value: explicit - - name: ANSIBLE_INVENTORY - value: /opt/ansible/inventory - livenessProbe: - httpGet: - path: /healthz - port: 6789 - initialDelaySeconds: 5 - periodSeconds: 3 + - name: manager + args: + - "--enable-leader-election" + - "--leader-election-id=ansible" + image: controller:latest terminationGracePeriodSeconds: 10 diff --git a/test/ansible/config/prometheus/monitor.yaml b/test/ansible/config/prometheus/monitor.yaml index 9b8047b760..1b44d4f617 100644 --- a/test/ansible/config/prometheus/monitor.yaml +++ b/test/ansible/config/prometheus/monitor.yaml @@ -1,4 +1,4 @@ - +--- # Prometheus Monitor Service (Metrics) apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor diff --git a/test/ansible/config/rbac/kustomization.yaml b/test/ansible/config/rbac/kustomization.yaml index 8673b8d460..66edd3782e 100644 --- a/test/ansible/config/rbac/kustomization.yaml +++ b/test/ansible/config/rbac/kustomization.yaml @@ -1,5 +1,15 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization +resources: + - role.yaml + - role_binding.yaml + - leader_election_role.yaml + - leader_election_role_binding.yaml + # Comment the following 4 lines if you want to disable + # the auth proxy (https://github.com/brancz/kube-rbac-proxy) + # which protects your /metrics endpoint. + - auth_proxy_service.yaml + - auth_proxy_role.yaml + - auth_proxy_role_binding.yaml + - auth_proxy_client_clusterrole.yaml patchesJson6902: - target: group: rbac.authorization.k8s.io @@ -25,16 +35,4 @@ patchesJson6902: kind: ClusterRole name: manager-role path: patches/subresourcestests_editor_role.yaml - -resources: -- role.yaml -- role_binding.yaml -- leader_election_role.yaml -- leader_election_role_binding.yaml -# Comment the following 4 lines if you want to disable -# the auth proxy (https://github.com/brancz/kube-rbac-proxy) -# which protects your /metrics endpoint. -- auth_proxy_service.yaml -- auth_proxy_role.yaml -- auth_proxy_role_binding.yaml -- auth_proxy_client_clusterrole.yaml +# +kubebuilder:scaffold:patch6902 diff --git a/test/ansible/config/rbac/leader_election_role.yaml b/test/ansible/config/rbac/leader_election_role.yaml index 7301703d0b..53e974910b 100644 --- a/test/ansible/config/rbac/leader_election_role.yaml +++ b/test/ansible/config/rbac/leader_election_role.yaml @@ -8,7 +8,6 @@ rules: - "" resources: - configmaps - - pods verbs: - get - list @@ -17,17 +16,10 @@ rules: - update - patch - delete -- apiGroups: - - "" - resources: - - configmaps/status - verbs: - - get - - update - - patch - apiGroups: - "" resources: - events verbs: - create + - patch diff --git a/test/ansible/config/rbac/role.yaml b/test/ansible/config/rbac/role.yaml index 244b5ad949..2d25699876 100644 --- a/test/ansible/config/rbac/role.yaml +++ b/test/ansible/config/rbac/role.yaml @@ -4,18 +4,33 @@ kind: ClusterRole metadata: name: manager-role rules: - - apiGroups: - - "" - resources: - - secrets - - pods - - pods/exec - - pods/log - verbs: - - create - - delete - - get - - list - - patch - - update - - watch +- apiGroups: + - "" + resources: + - secrets + - pods + - pods/exec + - pods/log + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/test/ansible/config/rbac/role_binding.yaml b/test/ansible/config/rbac/role_binding.yaml index 8f2658702c..98f87829e9 100644 --- a/test/ansible/config/rbac/role_binding.yaml +++ b/test/ansible/config/rbac/role_binding.yaml @@ -1,3 +1,4 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/test/ansible/config/samples/kustomization.yaml b/test/ansible/config/samples/kustomization.yaml new file mode 100644 index 0000000000..fd18a34c5c --- /dev/null +++ b/test/ansible/config/samples/kustomization.yaml @@ -0,0 +1,3 @@ +## This file is auto-generated, do not modify ## +resources: +- test.example.com_v1alpha1_inventorytest_cr.yaml diff --git a/test/ansible/config/samples/test.example.com_v1_inventorytest_cr.yaml b/test/ansible/config/samples/test.example.com_v1_inventorytest_cr.yaml deleted file mode 100644 index b44d946add..0000000000 --- a/test/ansible/config/samples/test.example.com_v1_inventorytest_cr.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: test.example.com/v1 -kind: InventoryTest -metadata: - name: example-inventorytest - annotations: - "ansible.operator-sdk/verbosity": "3" -spec: - # Add fields here - size: 3 diff --git a/test/ansible/config/scorecard/bases/config.yaml b/test/ansible/config/scorecard/bases/config.yaml new file mode 100644 index 0000000000..c77047841e --- /dev/null +++ b/test/ansible/config/scorecard/bases/config.yaml @@ -0,0 +1,7 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: [] diff --git a/test/ansible/config/scorecard/kustomization.yaml b/test/ansible/config/scorecard/kustomization.yaml new file mode 100644 index 0000000000..d73509ee73 --- /dev/null +++ b/test/ansible/config/scorecard/kustomization.yaml @@ -0,0 +1,16 @@ +resources: +- bases/config.yaml +patchesJson6902: +- path: patches/basic.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config +- path: patches/olm.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config +# +kubebuilder:scaffold:patchesJson6902 diff --git a/test/ansible/config/scorecard/patches/basic.config.yaml b/test/ansible/config/scorecard/patches/basic.config.yaml new file mode 100644 index 0000000000..e7fa305018 --- /dev/null +++ b/test/ansible/config/scorecard/patches/basic.config.yaml @@ -0,0 +1,10 @@ +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: basic + test: basic-check-spec-test diff --git a/test/ansible/config/scorecard/patches/olm.config.yaml b/test/ansible/config/scorecard/patches/olm.config.yaml new file mode 100644 index 0000000000..e564c42f95 --- /dev/null +++ b/test/ansible/config/scorecard/patches/olm.config.yaml @@ -0,0 +1,50 @@ +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-bundle-validation-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-crds-have-validation-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-crds-have-resources-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-spec-descriptors-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-status-descriptors-test diff --git a/test/ansible/config/testing/debug_logs_patch.yaml b/test/ansible/config/testing/debug_logs_patch.yaml index 3a514772b4..3e31e2fba1 100644 --- a/test/ansible/config/testing/debug_logs_patch.yaml +++ b/test/ansible/config/testing/debug_logs_patch.yaml @@ -1,5 +1,14 @@ -- op: add - path: /spec/template/spec/containers/0/env/- - value: - name: ANSIBLE_DEBUG_LOGS - value: "TRUE" +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + env: + - name: ANSIBLE_DEBUG_LOGS + value: "TRUE" diff --git a/test/ansible/config/testing/kustomization.yaml b/test/ansible/config/testing/kustomization.yaml index 125213966e..9757d27f74 100644 --- a/test/ansible/config/testing/kustomization.yaml +++ b/test/ansible/config/testing/kustomization.yaml @@ -7,17 +7,11 @@ namePrefix: osdk- #commonLabels: # someName: someValue -patchesJson6902: -- path: debug_logs_patch.yaml - target: - group: apps - kind: Deployment - name: controller-manager - namespace: system - version: v1 patchesStrategicMerge: - manager_image.yaml - pull_policy/Never.yaml +- debug_logs_patch.yaml +- ../default/manager_auth_proxy_patch.yaml apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization diff --git a/test/ansible/deploy/crds/test.example.com_collectiontests_crd.yaml b/test/ansible/deploy/crds/test.example.com_collectiontests_crd.yaml deleted file mode 100644 index 0ff8896153..0000000000 --- a/test/ansible/deploy/crds/test.example.com_collectiontests_crd.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: collectiontests.test.example.com -spec: - group: test.example.com - names: - kind: CollectionTest - listKind: CollectionTestList - plural: collectiontests - singular: collectiontest - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true - versions: - - name: v1alpha1 - served: true - storage: true diff --git a/test/ansible/deploy/crds/test.example.com_inventorytests_crd.yaml b/test/ansible/deploy/crds/test.example.com_inventorytests_crd.yaml deleted file mode 100644 index d08bb9055b..0000000000 --- a/test/ansible/deploy/crds/test.example.com_inventorytests_crd.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: inventorytests.test.example.com -spec: - group: test.example.com - names: - kind: InventoryTest - listKind: InventoryTestList - plural: inventorytests - singular: inventorytest - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true - versions: - - name: v1alpha1 - served: true - storage: true diff --git a/test/ansible/deploy/crds/test.example.com_selectortest_crd.yaml b/test/ansible/deploy/crds/test.example.com_selectortest_crd.yaml deleted file mode 100644 index fff1fe11d7..0000000000 --- a/test/ansible/deploy/crds/test.example.com_selectortest_crd.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: selectortests.test.example.com -spec: - group: test.example.com - names: - kind: SelectorTest - listKind: SelectorTestList - plural: selectortests - singular: selectortest - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true - served: true - storage: true - subresources: - status: {} diff --git a/test/ansible/deploy/crds/test.example.com_subresourcestests_crd.yaml b/test/ansible/deploy/crds/test.example.com_subresourcestests_crd.yaml deleted file mode 100644 index fb6687baa4..0000000000 --- a/test/ansible/deploy/crds/test.example.com_subresourcestests_crd.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: subresourcestests.test.example.com -spec: - group: test.example.com - names: - kind: SubresourcesTest - listKind: SubresourcesTestList - plural: subresourcestests - singular: subresourcestest - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true - versions: - - name: v1alpha1 - served: true - storage: true diff --git a/test/ansible/deploy/crds/test.example.com_v1_inventorytest_cr.yaml b/test/ansible/deploy/crds/test.example.com_v1_inventorytest_cr.yaml deleted file mode 100644 index 71f42e09b0..0000000000 --- a/test/ansible/deploy/crds/test.example.com_v1_inventorytest_cr.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: test.example.com/v1 -kind: InventoryTest -metadata: - name: example-inventorytest - annotations: - "ansible.sdk.operatorframework.io/verbosity": "3" -spec: - # Add fields here - size: 3 diff --git a/test/ansible/deploy/crds/test.example.com_v1alpha1_inventorytest_cr.yaml b/test/ansible/deploy/crds/test.example.com_v1alpha1_inventorytest_cr.yaml deleted file mode 100644 index d6f990b42b..0000000000 --- a/test/ansible/deploy/crds/test.example.com_v1alpha1_inventorytest_cr.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: test.example.com/v1alpha1 -kind: InventoryTest -metadata: - name: example-inventory - annotations: - "ansible.sdk.operatorframework.io/verbosity": "0" -spec: - # Add fields here - size: 3 diff --git a/test/ansible/deploy/operator.yaml b/test/ansible/deploy/operator.yaml deleted file mode 100644 index df0545a827..0000000000 --- a/test/ansible/deploy/operator.yaml +++ /dev/null @@ -1,49 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: ansible -spec: - replicas: 1 - selector: - matchLabels: - name: ansible - template: - metadata: - labels: - name: ansible - spec: - serviceAccountName: ansible - containers: - - name: ansible - # Replace this with the built image name - image: "REPLACE_IMAGE" - imagePullPolicy: "Always" - volumeMounts: - - mountPath: /tmp/ansible-operator/runner - name: runner - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPERATOR_NAME - value: "ansible" - - name: ANSIBLE_GATHERING - value: explicit - - name: ANSIBLE_INVENTORY - value: /opt/ansible/inventory - livenessProbe: - httpGet: - path: /healthz - port: 6789 - initialDelaySeconds: 5 - periodSeconds: 3 - - volumes: - - name: runner - emptyDir: {} diff --git a/test/ansible/deploy/role.yaml b/test/ansible/deploy/role.yaml deleted file mode 100644 index d30b87b291..0000000000 --- a/test/ansible/deploy/role.yaml +++ /dev/null @@ -1,83 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - name: ansible -rules: -- apiGroups: - - "" - resources: - - pods - - pods/exec - - pods/log - - services - - services/finalizers - - endpoints - - persistentvolumeclaims - - events - - configmaps - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create -- apiGroups: - - apps - resourceNames: - - ansible - resources: - - deployments/finalizers - verbs: - - update -- apiGroups: - - "" - resources: - - pods - verbs: - - get -- apiGroups: - - apps - resources: - - replicasets - - deployments - verbs: - - get -- apiGroups: - - test.example.com - resources: - - '*' - - inventories - verbs: - - create - - delete - - get - - list - - patch - - update - - watch diff --git a/test/ansible/deploy/role_binding.yaml b/test/ansible/deploy/role_binding.yaml deleted file mode 100644 index 34a09cc757..0000000000 --- a/test/ansible/deploy/role_binding.yaml +++ /dev/null @@ -1,11 +0,0 @@ -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: ansible -subjects: -- kind: ServiceAccount - name: ansible -roleRef: - kind: Role - name: ansible - apiGroup: rbac.authorization.k8s.io diff --git a/test/ansible/deploy/service_account.yaml b/test/ansible/deploy/service_account.yaml deleted file mode 100644 index 94be3a0755..0000000000 --- a/test/ansible/deploy/service_account.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ansible diff --git a/test/ansible/molecule/cluster/converge.yml b/test/ansible/molecule/cluster/converge.yml deleted file mode 100644 index 8877f82588..0000000000 --- a/test/ansible/molecule/cluster/converge.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -- name: Converge - hosts: localhost - connection: local - gather_facts: no - collections: - - community.kubernetes - - tasks: - - name: Ensure operator image is set - fail: - msg: | - You must specify the OPERATOR_IMAGE environment variable in order to run the - 'cluster' scenario - when: not operator_image - - - name: Create the Operator Deployment - k8s: - namespace: '{{ namespace }}' - definition: "{{ lookup('template', '/'.join([template_dir, 'operator.yaml.j2'])) }}" - wait: yes - vars: - image: '{{ operator_image }}' - pull_policy: '{{ operator_pull_policy }}' diff --git a/test/ansible/molecule/cluster/create.yml b/test/ansible/molecule/cluster/create.yml deleted file mode 100644 index 1eeaf9226e..0000000000 --- a/test/ansible/molecule/cluster/create.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Create - hosts: localhost - connection: local - gather_facts: false - tasks: [] diff --git a/test/ansible/molecule/cluster/destroy.yml b/test/ansible/molecule/cluster/destroy.yml deleted file mode 100644 index b55bb6f8d3..0000000000 --- a/test/ansible/molecule/cluster/destroy.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -- name: Destroy - hosts: localhost - connection: local - gather_facts: false - - tasks: - - name: Delete namespace - k8s: - api_version: v1 - kind: Namespace - name: '{{ namespace }}' - state: absent - wait: yes - - - name: Delete RBAC resources - k8s: - definition: "{{ lookup('template', '/'.join([deploy_dir, item])) }}" - namespace: '{{ namespace }}' - state: absent - wait: yes - with_items: - - role.yaml - - role_binding.yaml - - service_account.yaml - - - name: Delete Custom Resource Definitions - k8s: - definition: "{{ lookup('file', item) }}" - state: absent - wait: yes - with_fileglob: - - "{{ '/'.join([deploy_dir, 'crds']) }}/*_crd.yaml" diff --git a/test/ansible/molecule/cluster/molecule.yml b/test/ansible/molecule/cluster/molecule.yml deleted file mode 100644 index 06b307f7d1..0000000000 --- a/test/ansible/molecule/cluster/molecule.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: delegated -lint: | - set -e - yamllint -d "{extends: relaxed, rules: {line-length: {max: 120}}}" . -platforms: -- name: cluster - groups: - - k8s -provisioner: - name: ansible - lint: | - set -e - ansible-lint - inventory: - group_vars: - all: - namespace: ${TEST_OPERATOR_NAMESPACE:-osdk-test} - host_vars: - localhost: - ansible_python_interpreter: '{{ ansible_playbook_python }}' - deploy_dir: ${MOLECULE_PROJECT_DIRECTORY}/deploy - template_dir: ${MOLECULE_PROJECT_DIRECTORY}/molecule/templates - operator_image: ${OPERATOR_IMAGE:-""} - operator_pull_policy: ${OPERATOR_PULL_POLICY:-"Always"} - env: - K8S_AUTH_KUBECONFIG: ${KUBECONFIG:-"~/.kube/config"} -verifier: - name: ansible - lint: | - set -e - ansible-lint diff --git a/test/ansible/molecule/cluster/prepare.yml b/test/ansible/molecule/cluster/prepare.yml deleted file mode 100644 index 942b1aa73f..0000000000 --- a/test/ansible/molecule/cluster/prepare.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -- name: Prepare - hosts: localhost - connection: local - gather_facts: false - no_log: "{{ molecule_no_log }}" - vars: - deploy_dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/deploy" - - tasks: - - name: Create Custom Resource Definitions - k8s: - definition: "{{ lookup('file', item) }}" - with_fileglob: - - "{{ '/'.join([deploy_dir, 'crds']) }}/*_crd.yaml" - - - name: Create namespace - k8s: - api_version: v1 - kind: Namespace - name: '{{ namespace }}' - - - name: Create RBAC resources - k8s: - definition: "{{ lookup('template', '/'.join([deploy_dir, item])) }}" - namespace: '{{ namespace }}' - with_items: - - role.yaml - - role_binding.yaml - - service_account.yaml - - - name: Create ServiceMonitor Custom Resource Definiiton - k8s: - definition: "{{ lookup('url', 'https://raw.githubusercontent.com/coreos/prometheus-operator/release-0.35/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml', split_lines=False) | from_yaml_all | list }}" diff --git a/test/ansible/molecule/cluster/tasks/collections_test.yml b/test/ansible/molecule/cluster/tasks/collections_test.yml deleted file mode 100644 index 61ba0c40b9..0000000000 --- a/test/ansible/molecule/cluster/tasks/collections_test.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -- name: Create the test.example.com/v1alpha1.CollectionTest - k8s: - state: present - namespace: '{{ namespace }}' - definition: - apiVersion: test.example.com/v1alpha1 - kind: CollectionTest - metadata: - name: collection-test - wait: yes - wait_timeout: 300 - wait_condition: - type: Running - reason: Successful - status: "True" - -- name: Assert ConfigMap has been created by collection Role - assert: - that: cm.data.did_it_work == 'indeed' - vars: - cm: "{{ q('k8s', api_version='v1', kind='ConfigMap', namespace=namespace, resource_name='test-this-collection').0 }}" diff --git a/test/ansible/molecule/cluster/tasks/inventory_test.yml b/test/ansible/molecule/cluster/tasks/inventory_test.yml deleted file mode 100644 index 909f8960c5..0000000000 --- a/test/ansible/molecule/cluster/tasks/inventory_test.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- name: Create the test.example.com/v1alpha1.InventoryTest - k8s: - state: present - namespace: '{{ namespace }}' - definition: '{{ custom_resource }}' - wait: yes - wait_timeout: 300 - wait_condition: - type: Running - reason: Successful - status: "True" - vars: - custom_resource: "{{ lookup('template', '/'.join([deploy_dir, 'crds/test.example.com_v1alpha1_inventorytest_cr.yaml'])) | from_yaml }}" - -- name: Assert sentinel ConfigMap has been created for Molecule Test - assert: - that: cm.data.sentinel == 'test' - vars: - cm: "{{ q('k8s', api_version='v1', kind='ConfigMap', namespace=namespace, resource_name='inventory-cm').0 }}" diff --git a/test/ansible/molecule/cluster/tasks/liveness_test.yml b/test/ansible/molecule/cluster/tasks/liveness_test.yml deleted file mode 100644 index 9f05a74981..0000000000 --- a/test/ansible/molecule/cluster/tasks/liveness_test.yml +++ /dev/null @@ -1,16 +0,0 @@ -- name: get the operator pod - set_fact: - op_pod: "{{ lookup('k8s', kind='Pod', label_selector='name=ansible') }}" - -- name: Check for liveness probe failure events - # We can't directly hit the endpoint, which is not publicly exposed. If k8s sees a failing endpoint, it will create a "Killing" event. - k8s_info: - kind: Event - field_selectors: - - "involvedObject.name={{ op_pod.metadata.name }}" - - "reason=Killing" - register: liveness_failures - -- name: Assert that the Pod has not been liveness probe Killed - assert: - that: liveness_failures.resources|length == 0 diff --git a/test/ansible/molecule/cluster/tasks/secrets_test.yml b/test/ansible/molecule/cluster/tasks/secrets_test.yml deleted file mode 100644 index 1b6888c001..0000000000 --- a/test/ansible/molecule/cluster/tasks/secrets_test.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -- name: Create the v1.Secret - k8s: - state: present - definition: - apiVersion: v1 - kind: Secret - metadata: - name: test-secret - namespace: '{{ namespace }}' - labels: - reconcile: "yes" - data: - test: '{{ "test" | b64encode }}' - -- name: Wait for the corresponding configmap to be created - k8s_info: - api_version: v1 - kind: ConfigMap - name: test-secret - namespace: '{{ namespace }}' - register: result - until: result.resources - retries: 10 - -- name: Assert that the configmap has the proper content - assert: - that: result.resources.0.data.test == "test" - -- name: Update the v1.Secret - k8s: - state: present - definition: - apiVersion: v1 - kind: Secret - metadata: - name: test-secret - namespace: '{{ namespace }}' - labels: - reconcile: "yes" - data: - new: '{{ "content" | b64encode }}' - -- name: Wait for the corresponding key to be created - k8s_facts: - api_version: v1 - kind: ConfigMap - name: test-secret - namespace: '{{ namespace }}' - register: result - until: result.resources.0.data.new is defined - retries: 10 - -- name: Assert that the configmap has the proper content - assert: - that: result.resources.0.data.new == 'content' diff --git a/test/ansible/molecule/cluster/tasks/selector_test.yml b/test/ansible/molecule/cluster/tasks/selector_test.yml deleted file mode 100644 index 5084a1d601..0000000000 --- a/test/ansible/molecule/cluster/tasks/selector_test.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -- name: Create the test.example.com/v1alpha1.SelectorTest - k8s: - state: present - definition: - apiVersion: test.example.com/v1alpha1 - kind: SelectorTest - metadata: - name: selector-test - namespace: '{{ namespace }}' - labels: - testLabel: testValue - spec: - field: value - wait: yes - wait_timeout: 300 - wait_condition: - type: Running - reason: Successful - status: "True" - register: selector_test - -- name: Assert sentinel ConfigMap has been created for Molecule Test - assert: - that: cm.data.hello == 'world' - vars: - cm: "{{ q('k8s', api_version='v1', kind='ConfigMap', namespace=namespace, - resource_name='selector-test').0 }}" - -- name: Create the test.example.com/v1alpha1.SelectorTest - k8s: - state: present - definition: - apiVersion: test.example.com/v1alpha1 - kind: SelectorTest - metadata: - name: selector-test-fail - namespace: '{{ namespace }}' - spec: - field: value - register: selector_test - -- name: Wait for 30 seconds - wait_for: - timeout: 30 - -- name: Assert sentinel ConfigMap has not been created for Molecule Test - assert: - that: not cm - vars: - cm: "{{ q('k8s', api_version='v1', kind='ConfigMap', namespace=namespace, - resource_name='selector-test-fail')}}" - - diff --git a/test/ansible/molecule/cluster/tasks/subresources_test.yml b/test/ansible/molecule/cluster/tasks/subresources_test.yml deleted file mode 100644 index 65381a760d..0000000000 --- a/test/ansible/molecule/cluster/tasks/subresources_test.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -- name: Create the test.example.com/v1alpha1.SubresourcesTest - k8s: - state: present - definition: - apiVersion: test.example.com/v1alpha1 - kind: SubresourcesTest - metadata: - name: subresources-test - namespace: '{{ namespace }}' - spec: - execCommand: "echo 'hello world'" - logMessage: "Running..." - wait: yes - wait_timeout: 300 - wait_condition: - type: Running - reason: Successful - status: "True" - register: subresources_test - -- debug: var=subresources_test - -- name: Assert stdout and stderr are properly set in status - assert: - that: - - subresources_test.result.status.execCommandStderr == "" - - subresources_test.result.status.execCommandStdout == "hello world" - - "'Running' in subresources_test.result.status.logs" diff --git a/test/ansible/molecule/cluster/verify.yml b/test/ansible/molecule/cluster/verify.yml deleted file mode 100644 index 386bfbb721..0000000000 --- a/test/ansible/molecule/cluster/verify.yml +++ /dev/null @@ -1,53 +0,0 @@ ---- -- name: Verify - hosts: localhost - connection: local - gather_facts: no - collections: - - community.kubernetes - tasks: - - block: - - name: Import all test files from tasks/ - include_tasks: '{{ item }}' - with_fileglob: - - tasks/*_test.yml - rescue: - - name: Retrieve relevant resources - k8s_info: - api_version: '{{ item.api_version }}' - kind: '{{ item.kind }}' - namespace: '{{ namespace }}' - loop: - - api_version: v1 - kind: Pod - - api_version: apps/v1 - kind: Deployment - - api_version: v1 - kind: Secret - - api_version: v1 - kind: ConfigMap - register: debug_resources - - - name: Retrieve Pod logs - k8s_log: - name: '{{ item.metadata.name }}' - namespace: '{{ namespace }}' - loop: '{{ q("k8s", api_version="v1", kind="Pod", namespace=namespace) }}' - register: debug_logs - - - name: Ouput gathered resources - debug: - var: debug_resources - - - name: Output gathered logs - debug: - var: item.log_lines - loop: '{{ debug_logs.results }}' - - - name: Re-emit failure - vars: - failed_task: - name: '{{ ansible_failed_task.name }}' - result: '{{ ansible_failed_result }}' - fail: - msg: '{{ failed_task }}' diff --git a/test/ansible/molecule/default/destroy.yml b/test/ansible/molecule/default/destroy.yml index ce87c2322d..f935cff129 100644 --- a/test/ansible/molecule/default/destroy.yml +++ b/test/ansible/molecule/default/destroy.yml @@ -19,6 +19,6 @@ state: absent - name: Unset pull policy - command: kustomize edit remove patch pull_policy/{{ pull_policy }}.yaml + command: '{{ kustomize }} edit remove patch pull_policy/{{ pull_policy }}.yaml' args: chdir: '{{ config_dir }}/testing' diff --git a/test/ansible/molecule/default/kustomize.yml b/test/ansible/molecule/default/kustomize.yml index db0b528edd..f3d888c2f3 100644 --- a/test/ansible/molecule/default/kustomize.yml +++ b/test/ansible/molecule/default/kustomize.yml @@ -1,6 +1,7 @@ --- - name: Build kustomize testing overlay - command: kustomize build . + # load_restrictor must be set to none so we can load patch files from the default overlay + command: '{{ kustomize }} build --load_restrictor none .' args: chdir: '{{ config_dir }}/testing' register: resources diff --git a/test/ansible/molecule/default/molecule.yml b/test/ansible/molecule/default/molecule.yml index 34fcd3f55a..ea58004dce 100644 --- a/test/ansible/molecule/default/molecule.yml +++ b/test/ansible/molecule/default/molecule.yml @@ -7,9 +7,9 @@ lint: | set -e yamllint -d "{extends: relaxed, rules: {line-length: {max: 120}}}" . platforms: -- name: cluster - groups: - - k8s + - name: cluster + groups: + - k8s provisioner: name: ansible lint: | @@ -23,8 +23,10 @@ provisioner: localhost: ansible_python_interpreter: '{{ ansible_playbook_python }}' config_dir: ${MOLECULE_PROJECT_DIRECTORY}/config + samples_dir: ${MOLECULE_PROJECT_DIRECTORY}/config/samples operator_image: ${OPERATOR_IMAGE:-""} operator_pull_policy: ${OPERATOR_PULL_POLICY:-"Always"} + kustomize: ${KUSTOMIZE_PATH:-kustomize} env: K8S_AUTH_KUBECONFIG: ${KUBECONFIG:-"~/.kube/config"} verifier: diff --git a/test/ansible/molecule/default/prepare.yml b/test/ansible/molecule/default/prepare.yml index afc0e368ea..f269f3bf7c 100644 --- a/test/ansible/molecule/default/prepare.yml +++ b/test/ansible/molecule/default/prepare.yml @@ -13,16 +13,16 @@ when: not operator_image - name: Set testing image - command: kustomize edit set image testing={{ operator_image }} + command: '{{ kustomize }} edit set image testing={{ operator_image }}' args: chdir: '{{ config_dir }}/testing' - name: Set pull policy - command: kustomize edit add patch pull_policy/{{ pull_policy }}.yaml + command: '{{ kustomize }} edit add patch pull_policy/{{ pull_policy }}.yaml' args: chdir: '{{ config_dir }}/testing' - name: Set testing namespace - command: kustomize edit set namespace {{ namespace }} + command: '{{ kustomize }} edit set namespace {{ namespace }}' args: chdir: '{{ config_dir }}/testing' diff --git a/test/ansible/molecule/cluster/tasks/case_test.yml b/test/ansible/molecule/default/tasks/case_test.yml similarity index 100% rename from test/ansible/molecule/cluster/tasks/case_test.yml rename to test/ansible/molecule/default/tasks/case_test.yml diff --git a/test/ansible/molecule/default/verify.yml b/test/ansible/molecule/default/verify.yml index 8930c85337..a184683913 100644 --- a/test/ansible/molecule/default/verify.yml +++ b/test/ansible/molecule/default/verify.yml @@ -8,10 +8,10 @@ tasks: - block: - - name: Import all test files from tasks/ - include_tasks: '{{ item }}' - with_fileglob: - - tasks/*_test.yml + - name: Import all test files from tasks/ + include_tasks: '{{ item }}' + with_fileglob: + - tasks/*_test.yml rescue: - name: Retrieve relevant resources k8s_info: @@ -29,14 +29,15 @@ kind: ConfigMap register: debug_resources - - name: Retrieve Pod logs + - name: Retrieve Operator logs k8s_log: name: '{{ item.metadata.name }}' namespace: '{{ namespace }}' - loop: '{{ q("k8s", api_version="v1", kind="Pod", namespace=namespace) }}' + container: manager + loop: "{{ q('k8s', api_version='v1', kind='Pod', namespace=namespace) }}" register: debug_logs - - name: Ouput gathered resources + - name: Output gathered resources debug: var: debug_resources diff --git a/test/ansible/molecule/kind/converge.yml b/test/ansible/molecule/kind/converge.yml index a5605b30fa..dbd27374a5 100644 --- a/test/ansible/molecule/kind/converge.yml +++ b/test/ansible/molecule/kind/converge.yml @@ -5,6 +5,13 @@ gather_facts: no tasks: + - name: Build Ansible dev base image + make: + chdir: '{{ project_dir }}/../../' + target: image-build-ansible + # Not important, but maybe should fix someday + changed_when: false + - name: Build operator image docker_image: build: @@ -14,6 +21,7 @@ tag: latest push: no source: build + force_source: yes - name: Load image into kind cluster command: kind load docker-image --name osdk-test '{{ operator_image }}' diff --git a/test/ansible/molecule/kind/molecule.yml b/test/ansible/molecule/kind/molecule.yml index 92f2ab425b..38d6990fa6 100644 --- a/test/ansible/molecule/kind/molecule.yml +++ b/test/ansible/molecule/kind/molecule.yml @@ -7,9 +7,9 @@ lint: | set -e yamllint -d "{extends: relaxed, rules: {line-length: {max: 120}}}" . platforms: -- name: cluster - groups: - - k8s + - name: cluster + groups: + - k8s provisioner: name: ansible playbooks: @@ -26,10 +26,12 @@ provisioner: localhost: ansible_python_interpreter: '{{ ansible_playbook_python }}' config_dir: ${MOLECULE_PROJECT_DIRECTORY}/config + samples_dir: ${MOLECULE_PROJECT_DIRECTORY}/config/samples project_dir: ${MOLECULE_PROJECT_DIRECTORY} operator_image: testing-operator pull_policy: "Never" - kubeconfig: '{{ lookup("env", "KUBECONFIG") }}' + kubeconfig: "{{ lookup('env', 'KUBECONFIG') }}" + kustomize: ${KUSTOMIZE_PATH:-kustomize} env: K8S_AUTH_KUBECONFIG: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig KUBECONFIG: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig diff --git a/test/ansible/molecule/test-local/converge.yml b/test/ansible/molecule/test-local/converge.yml deleted file mode 100644 index bf3bd13d50..0000000000 --- a/test/ansible/molecule/test-local/converge.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- -- name: Build Operator in Kubernetes docker container - hosts: k8s - gather_facts: no - collections: - - community.kubernetes - - vars: - image: test.example.com/ansible:testing - - tasks: - # using command so we don't need to install any dependencies - - name: Get existing image hash - command: docker images -q {{ image }} - register: prev_hash_raw - changed_when: false - - - - name: Build Operator Image - command: docker build -f /build/build/Dockerfile -t {{ image }} /build - register: build_cmd - changed_when: not hash or (hash and hash not in cmd_out) - vars: - hash: '{{ prev_hash_raw.stdout }}' - cmd_out: '{{ "".join(build_cmd.stdout_lines[-2:]) }}' - - - name: Get new image hash - command: docker images -q {{ image }} - register: hash_raw - changed_when: false - - - name: Set localhost hash fact - set_fact: - hash: '{{ hash_raw.stdout }}' - delegate_to: localhost - delegate_facts: true - -- name: Converge - hosts: localhost - connection: local - collections: - - community.kubernetes - - vars: - image: test.example.com/ansible:testing - operator_template: "{{ '/'.join([template_dir, 'operator.yaml.j2']) }}" - - tasks: - - name: Create the Operator Deployment - k8s: - namespace: '{{ namespace }}' - definition: "{{ lookup('template', operator_template) }}" - wait: yes - vars: - pull_policy: Never diff --git a/test/ansible/molecule/test-local/molecule.yml b/test/ansible/molecule/test-local/molecule.yml deleted file mode 100644 index 6fc64c04a9..0000000000 --- a/test/ansible/molecule/test-local/molecule.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: | - set -e - yamllint -d "{extends: relaxed, rules: {line-length: {max: 120}}}" . -platforms: - - name: kind-test-local - groups: - - k8s - image: bsycorp/kind:latest-${KUBE_VERSION:-1.17} - privileged: true - override_command: false - exposed_ports: - - 8443/tcp - - 10080/tcp - published_ports: - - 0.0.0.0:${TEST_CLUSTER_PORT:-10443}:8443/tcp - pre_build_image: true - volumes: - - ${MOLECULE_PROJECT_DIRECTORY}:/build:Z -provisioner: - name: ansible - log: true - lint: | - set -e - ansible-lint - inventory: - group_vars: - all: - namespace: ${TEST_OPERATOR_NAMESPACE:-osdk-test} - kubeconfig_file: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig - host_vars: - localhost: - ansible_python_interpreter: '{{ ansible_playbook_python }}' - template_dir: ${MOLECULE_PROJECT_DIRECTORY}/molecule/templates - deploy_dir: ${MOLECULE_PROJECT_DIRECTORY}/deploy - env: - K8S_AUTH_KUBECONFIG: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig - KUBECONFIG: ${MOLECULE_EPHEMERAL_DIRECTORY}/kubeconfig - ANSIBLE_ROLES_PATH: ${MOLECULE_PROJECT_DIRECTORY}/roles - KIND_PORT: '${TEST_CLUSTER_PORT:-10443}' -verifier: - name: ansible - lint: | - set -e - ansible-lint diff --git a/test/ansible/molecule/test-local/prepare.yml b/test/ansible/molecule/test-local/prepare.yml deleted file mode 100644 index c070cca02b..0000000000 --- a/test/ansible/molecule/test-local/prepare.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -- import_playbook: ../default/prepare.yml -- import_playbook: ../cluster/prepare.yml - -- name: Dump the dev image - hosts: localhost - connection: local - gather_facts: no - - tasks: - - name: Dump the dev image - command: docker save -o /tmp/dev-operator.tar quay.io/operator-framework/ansible-operator:dev - - - name: Copy the image to the kind container - command: docker cp /tmp/dev-operator.tar kind-test-local:/dev-operator.tar - -- name: Make dev operator image available for Molecule Test - hosts: k8s - gather_facts: no - - tasks: - - name: Make dev operator available - command: docker load -i /dev-operator.tar - -- name: Clean up for Molecule Test - hosts: localhost - connection: local - gather_facts: no - - tasks: - - name: remove dev-operator.tar - file: - path: /tmp/dev-operator.tar - state: absent diff --git a/test/ansible/molecule/test-local/verify.yml b/test/ansible/molecule/test-local/verify.yml deleted file mode 100644 index 4c00308846..0000000000 --- a/test/ansible/molecule/test-local/verify.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -- import_playbook: ../cluster/verify.yml diff --git a/test/ansible/requirements.yml b/test/ansible/requirements.yml index d2af8e2c4e..8a661f8b95 100644 --- a/test/ansible/requirements.yml +++ b/test/ansible/requirements.yml @@ -1,3 +1,5 @@ +--- collections: - - community.kubernetes + - name: community.kubernetes + version: "<1.0.0" - operator_sdk.util From 35757d89238ea0aa92081f66b3762c976a4b2d8d Mon Sep 17 00:00:00 2001 From: Fabian von Feilitzsch Date: Wed, 29 Jul 2020 12:44:28 -0400 Subject: [PATCH 4/8] Get all tests passing --- test/ansible/config/manager/manager.yaml | 3 +++ test/ansible/config/rbac/kustomization.yaml | 6 +++++ .../rbac/patches/casetests_editor_role.yaml | 26 +++++++++++++++++++ test/ansible/config/rbac/role.yaml | 1 + .../default/tasks/collections_test.yml | 7 ++++- .../molecule/default/tasks/inventory_test.yml | 5 +++- .../molecule/default/tasks/liveness_test.yml | 3 ++- .../default/tasks/servicemonitor_test.yml | 6 ++++- test/ansible/watches.yaml | 2 +- 9 files changed, 54 insertions(+), 5 deletions(-) create mode 100644 test/ansible/config/rbac/patches/casetests_editor_role.yaml diff --git a/test/ansible/config/manager/manager.yaml b/test/ansible/config/manager/manager.yaml index 14ab36cea8..a9bda435ca 100644 --- a/test/ansible/config/manager/manager.yaml +++ b/test/ansible/config/manager/manager.yaml @@ -28,4 +28,7 @@ spec: - "--enable-leader-election" - "--leader-election-id=ansible" image: controller:latest + env: + - name: ANSIBLE_INVENTORY + value: /opt/ansible/inventory terminationGracePeriodSeconds: 10 diff --git a/test/ansible/config/rbac/kustomization.yaml b/test/ansible/config/rbac/kustomization.yaml index 66edd3782e..69babd8314 100644 --- a/test/ansible/config/rbac/kustomization.yaml +++ b/test/ansible/config/rbac/kustomization.yaml @@ -35,4 +35,10 @@ patchesJson6902: kind: ClusterRole name: manager-role path: patches/subresourcestests_editor_role.yaml + - target: + group: rbac.authorization.k8s.io + version: v1 + kind: ClusterRole + name: manager-role + path: patches/casetests_editor_role.yaml # +kubebuilder:scaffold:patch6902 diff --git a/test/ansible/config/rbac/patches/casetests_editor_role.yaml b/test/ansible/config/rbac/patches/casetests_editor_role.yaml new file mode 100644 index 0000000000..e31eb4429e --- /dev/null +++ b/test/ansible/config/rbac/patches/casetests_editor_role.yaml @@ -0,0 +1,26 @@ +- op: add + path: /rules/- + value: + apiGroups: + - test.example.com + resources: + - casetests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- op: add + path: /rules/- + value: + apiGroups: + - test.example.com + resources: + - casetests/status + verbs: + - get + - update + - patch diff --git a/test/ansible/config/rbac/role.yaml b/test/ansible/config/rbac/role.yaml index 2d25699876..5dea0b1621 100644 --- a/test/ansible/config/rbac/role.yaml +++ b/test/ansible/config/rbac/role.yaml @@ -11,6 +11,7 @@ rules: - pods - pods/exec - pods/log + - configmaps verbs: - create - delete diff --git a/test/ansible/molecule/default/tasks/collections_test.yml b/test/ansible/molecule/default/tasks/collections_test.yml index 61ba0c40b9..f7053f24bd 100644 --- a/test/ansible/molecule/default/tasks/collections_test.yml +++ b/test/ansible/molecule/default/tasks/collections_test.yml @@ -19,4 +19,9 @@ assert: that: cm.data.did_it_work == 'indeed' vars: - cm: "{{ q('k8s', api_version='v1', kind='ConfigMap', namespace=namespace, resource_name='test-this-collection').0 }}" + cm: "{{ q('k8s', + api_version='v1', + kind='ConfigMap', + namespace=namespace, + resource_name='test-this-collection' + ).0 }}" diff --git a/test/ansible/molecule/default/tasks/inventory_test.yml b/test/ansible/molecule/default/tasks/inventory_test.yml index 8e0d9810ff..6bc53edf93 100644 --- a/test/ansible/molecule/default/tasks/inventory_test.yml +++ b/test/ansible/molecule/default/tasks/inventory_test.yml @@ -11,7 +11,10 @@ reason: Successful status: "True" vars: - custom_resource: "{{ lookup('template', '/'.join([config_dir, 'samples/test.example.com_v1alpha1_inventorytest_cr.yaml'])) | from_yaml }}" + custom_resource: "{{ lookup('template', '/'.join([ + config_dir, + 'samples/test.example.com_v1alpha1_inventorytest_cr.yaml' + ])) | from_yaml }}" - name: Assert sentinel ConfigMap has been created for Molecule Test assert: diff --git a/test/ansible/molecule/default/tasks/liveness_test.yml b/test/ansible/molecule/default/tasks/liveness_test.yml index a86527d90f..49607d502e 100644 --- a/test/ansible/molecule/default/tasks/liveness_test.yml +++ b/test/ansible/molecule/default/tasks/liveness_test.yml @@ -1,6 +1,7 @@ --- - name: Check for liveness probe failure events - # We can't directly hit the endpoint, which is not publicly exposed. If k8s sees a failing endpoint, it will create a "Killing" event. + # We can't directly hit the endpoint, which is not publicly exposed. + # If k8s sees a failing endpoint, it will create a "Killing" event. k8s_info: kind: Event field_selectors: diff --git a/test/ansible/molecule/default/tasks/servicemonitor_test.yml b/test/ansible/molecule/default/tasks/servicemonitor_test.yml index 344909a4d6..e671a6c0f2 100644 --- a/test/ansible/molecule/default/tasks/servicemonitor_test.yml +++ b/test/ansible/molecule/default/tasks/servicemonitor_test.yml @@ -1,5 +1,9 @@ --- - name: Assert ServiceMonitor resource is created assert: - that: lookup('k8s', kind='ServiceMonitor', api_version='monitoring.coreos.com/v1', namespace=namespace, resource_name='ansible-metrics') + that: lookup('k8s', + kind='ServiceMonitor', + api_version='monitoring.coreos.com/v1', + namespace=namespace, + resource_name='ansible-metrics') when: "'monitoring.coreos.com/v1' in lookup('k8s', cluster_info='api_groups')" diff --git a/test/ansible/watches.yaml b/test/ansible/watches.yaml index a658f5447d..52d5b23e55 100644 --- a/test/ansible/watches.yaml +++ b/test/ansible/watches.yaml @@ -34,7 +34,7 @@ playbook: playbooks/selector.yml selector: matchExpressions: - - {key: testLabel, operator: Exists, values: []} + - {key: testLabel, operator: Exists, values: []} vars: meta: '{{ ansible_operator_meta }}' From e3b3419b74eda0561babed184fc90ac8bba79647 Mon Sep 17 00:00:00 2001 From: Fabian von Feilitzsch Date: Wed, 29 Jul 2020 14:49:53 -0400 Subject: [PATCH 5/8] Fix missing kustomize --- go.mod | 1 - go.sum | 2 -- hack/tests/e2e-ansible-molecule.sh | 10 +++++++++- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index e0e912a1c2..2bcd3c65f1 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,6 @@ require ( github.com/go-logr/logr v0.1.0 github.com/iancoleman/strcase v0.0.0-20191112232945-16388991a334 github.com/kr/text v0.1.0 - github.com/kubernetes-sigs/kustomize v2.0.3+incompatible // indirect github.com/markbates/inflect v1.0.4 github.com/mattn/go-isatty v0.0.12 github.com/onsi/ginkgo v1.12.1 diff --git a/go.sum b/go.sum index 84a0934605..d5d67694ca 100644 --- a/go.sum +++ b/go.sum @@ -464,8 +464,6 @@ github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kshvakov/clickhouse v1.3.5/go.mod h1:DMzX7FxRymoNkVgizH0DWAL8Cur7wHLgx3MUnGwJqpE= -github.com/kubernetes-sigs/kustomize v2.0.3+incompatible h1:3hC4tnibtc3SVKd6VLMM6GYrRfFMj77Tc5UmdjMa4B0= -github.com/kubernetes-sigs/kustomize v2.0.3+incompatible/go.mod h1:LEfoFBposdQuHJ4ZX2gdT7eoybOslchqvocZtlLyTsk= github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq6+3iTQz8KNCLtVX6idSoTLdUw= github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o= github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk= diff --git a/hack/tests/e2e-ansible-molecule.sh b/hack/tests/e2e-ansible-molecule.sh index 43ad6dd155..0c7e05b51b 100755 --- a/hack/tests/e2e-ansible-molecule.sh +++ b/hack/tests/e2e-ansible-molecule.sh @@ -65,6 +65,14 @@ DEST_IMAGE="quay.io/example/ansible-test-operator:v0.0.1" sed -i".bak" -E -e 's/(FROM quay.io\/operator-framework\/ansible-operator)(:.*)?/\1:dev/g' Dockerfile; rm -f Dockerfile.bak docker build -t "$DEST_IMAGE" --no-cache . load_image_if_kind "$DEST_IMAGE" -OPERATOR_PULL_POLICY=Never OPERATOR_IMAGE=${DEST_IMAGE} TEST_OPERATOR_NAMESPACE=osdk-test molecule test + +make kustomize +if [ -f ./bin/kustomize ] ; then + KUSTOMIZE="$(realpath ./bin/kustomize)" +else + KUSTOMIZE="$(which kustomize)" +fi + +KUSTOMIZE_PATH=$KUSTOMIZE OPERATOR_PULL_POLICY=Never OPERATOR_IMAGE=${DEST_IMAGE} TEST_OPERATOR_NAMESPACE=osdk-test molecule test popd From 18a8b07c390b180d3cf5133e92a37df5676da3f4 Mon Sep 17 00:00:00 2001 From: Fabian von Feilitzsch Date: Wed, 29 Jul 2020 16:01:47 -0400 Subject: [PATCH 6/8] operator_pull_policy -> pull_policy --- .../scaffolds/internal/templates/molecule/mdefault/molecule.go | 2 +- test/ansible/molecule/default/molecule.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/molecule/mdefault/molecule.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/molecule/mdefault/molecule.go index 3108d2bc9a..92faa43e8f 100644 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/molecule/mdefault/molecule.go +++ b/internal/plugins/ansible/v1/scaffolds/internal/templates/molecule/mdefault/molecule.go @@ -63,7 +63,7 @@ provisioner: config_dir: ${MOLECULE_PROJECT_DIRECTORY}/config samples_dir: ${MOLECULE_PROJECT_DIRECTORY}/config/samples operator_image: ${OPERATOR_IMAGE:-""} - operator_pull_policy: ${OPERATOR_PULL_POLICY:-"Always"} + pull_policy: ${OPERATOR_PULL_POLICY:-"Always"} kustomize: ${KUSTOMIZE_PATH:-kustomize} env: K8S_AUTH_KUBECONFIG: ${KUBECONFIG:-"~/.kube/config"} diff --git a/test/ansible/molecule/default/molecule.yml b/test/ansible/molecule/default/molecule.yml index ea58004dce..62aae39604 100644 --- a/test/ansible/molecule/default/molecule.yml +++ b/test/ansible/molecule/default/molecule.yml @@ -25,7 +25,7 @@ provisioner: config_dir: ${MOLECULE_PROJECT_DIRECTORY}/config samples_dir: ${MOLECULE_PROJECT_DIRECTORY}/config/samples operator_image: ${OPERATOR_IMAGE:-""} - operator_pull_policy: ${OPERATOR_PULL_POLICY:-"Always"} + pull_policy: ${OPERATOR_PULL_POLICY:-"Always"} kustomize: ${KUSTOMIZE_PATH:-kustomize} env: K8S_AUTH_KUBECONFIG: ${KUBECONFIG:-"~/.kube/config"} From ba92493f42dbcfb74c4e925e22db0575b3349acf Mon Sep 17 00:00:00 2001 From: Fabian von Feilitzsch Date: Fri, 31 Jul 2020 12:26:48 -0400 Subject: [PATCH 7/8] Pull in new argstest --- .../bases}/test.example.com_argstest_crd.yaml | 0 test/ansible/config/crd/kustomization.yaml | 1 + test/ansible/config/rbac/kustomization.yaml | 6 +++++ .../rbac/patches/argstests_editor_role.yaml | 27 +++++++++++++++++++ .../{cluster => default}/tasks/args_test.yml | 0 5 files changed, 34 insertions(+) rename test/ansible/{deploy/crds => config/crd/bases}/test.example.com_argstest_crd.yaml (100%) create mode 100644 test/ansible/config/rbac/patches/argstests_editor_role.yaml rename test/ansible/molecule/{cluster => default}/tasks/args_test.yml (100%) diff --git a/test/ansible/deploy/crds/test.example.com_argstest_crd.yaml b/test/ansible/config/crd/bases/test.example.com_argstest_crd.yaml similarity index 100% rename from test/ansible/deploy/crds/test.example.com_argstest_crd.yaml rename to test/ansible/config/crd/bases/test.example.com_argstest_crd.yaml diff --git a/test/ansible/config/crd/kustomization.yaml b/test/ansible/config/crd/kustomization.yaml index 9d092cb85a..b05e30194e 100644 --- a/test/ansible/config/crd/kustomization.yaml +++ b/test/ansible/config/crd/kustomization.yaml @@ -2,6 +2,7 @@ # since it depends on service name and namespace that are out of this kustomize package. # It should be run by config/default resources: + - bases/test.example.com_argstest_crd.yaml - bases/test.example.com_casetest_crd.yaml - bases/test.example.com_collectiontests_crd.yaml - bases/test.example.com_inventorytests_crd.yaml diff --git a/test/ansible/config/rbac/kustomization.yaml b/test/ansible/config/rbac/kustomization.yaml index 69babd8314..43e18ccff1 100644 --- a/test/ansible/config/rbac/kustomization.yaml +++ b/test/ansible/config/rbac/kustomization.yaml @@ -41,4 +41,10 @@ patchesJson6902: kind: ClusterRole name: manager-role path: patches/casetests_editor_role.yaml + - target: + group: rbac.authorization.k8s.io + version: v1 + kind: ClusterRole + name: manager-role + path: patches/argstests_editor_role.yaml # +kubebuilder:scaffold:patch6902 diff --git a/test/ansible/config/rbac/patches/argstests_editor_role.yaml b/test/ansible/config/rbac/patches/argstests_editor_role.yaml new file mode 100644 index 0000000000..cb9c77ddb1 --- /dev/null +++ b/test/ansible/config/rbac/patches/argstests_editor_role.yaml @@ -0,0 +1,27 @@ +- op: add + path: /rules/- + value: + apiGroups: + - test.example.com + resources: + - argstests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- op: add + path: /rules/- + value: + apiGroups: + - test.example.com + resources: + - argstests/status + verbs: + - get + - update + - patch + diff --git a/test/ansible/molecule/cluster/tasks/args_test.yml b/test/ansible/molecule/default/tasks/args_test.yml similarity index 100% rename from test/ansible/molecule/cluster/tasks/args_test.yml rename to test/ansible/molecule/default/tasks/args_test.yml From 0a7b4b60335a9f926674b9c2eec39a1c866a5d02 Mon Sep 17 00:00:00 2001 From: Fabian von Feilitzsch Date: Fri, 31 Jul 2020 14:51:28 -0400 Subject: [PATCH 8/8] Fix rebase errors --- test/ansible/Dockerfile | 4 +- .../default/manager_auth_proxy_patch.yaml | 5 -- test/ansible/config/manager/manager.yaml | 2 + .../molecule/templates/operator.yaml.j2 | 54 ------------------- 4 files changed, 5 insertions(+), 60 deletions(-) delete mode 100644 test/ansible/molecule/templates/operator.yaml.j2 diff --git a/test/ansible/Dockerfile b/test/ansible/Dockerfile index 9f9f4e9ce3..8975c568c3 100644 --- a/test/ansible/Dockerfile +++ b/test/ansible/Dockerfile @@ -15,4 +15,6 @@ USER root RUN chmod -R ug+rwx /tmp/fixture_collection USER 1001 RUN ansible-galaxy collection build /tmp/fixture_collection/ --output-path /tmp/fixture_collection/ \ - && ansible-galaxy collection install /tmp/fixture_collection/operator_sdk-test_fixtures-0.0.0.tar.gz + && ansible-galaxy collection install /tmp/fixture_collection/operator_sdk-test_fixtures-0.0.0.tar.gz \ + && echo abc123 > /opt/ansible/pwd.yml \ + && ansible-vault encrypt_string --vault-password-file /opt/ansible/pwd.yml 'thisisatest' --name 'the_secret' > /opt/ansible/vars.yml diff --git a/test/ansible/config/default/manager_auth_proxy_patch.yaml b/test/ansible/config/default/manager_auth_proxy_patch.yaml index 08d941467d..37c578ab7a 100644 --- a/test/ansible/config/default/manager_auth_proxy_patch.yaml +++ b/test/ansible/config/default/manager_auth_proxy_patch.yaml @@ -19,8 +19,3 @@ spec: ports: - containerPort: 8443 name: https - - name: manager - args: - - "--metrics-addr=127.0.0.1:8080" - - "--enable-leader-election" - - "--leader-election-id=ansible" diff --git a/test/ansible/config/manager/manager.yaml b/test/ansible/config/manager/manager.yaml index a9bda435ca..20695a9214 100644 --- a/test/ansible/config/manager/manager.yaml +++ b/test/ansible/config/manager/manager.yaml @@ -25,8 +25,10 @@ spec: containers: - name: manager args: + - "--metrics-addr=127.0.0.1:8080" - "--enable-leader-election" - "--leader-election-id=ansible" + - "--ansible-args='--vault-password-file /opt/ansible/pwd.yml'" image: controller:latest env: - name: ANSIBLE_INVENTORY diff --git a/test/ansible/molecule/templates/operator.yaml.j2 b/test/ansible/molecule/templates/operator.yaml.j2 deleted file mode 100644 index ac940a6030..0000000000 --- a/test/ansible/molecule/templates/operator.yaml.j2 +++ /dev/null @@ -1,54 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: ansible -spec: - replicas: 1 - selector: - matchLabels: - name: ansible - template: - metadata: - labels: - name: ansible -{% if hash is defined %} - image_hash: "{{ hash }}" -{% endif %} - spec: - serviceAccountName: ansible - containers: - - name: operator - # Replace this with the built image name - image: "{{ image }}" - imagePullPolicy: "{{ pull_policy }}" - volumeMounts: - - mountPath: /tmp/ansible-operator/runner - name: runner - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPERATOR_NAME - value: "ansible" - - name: ANSIBLE_GATHERING - value: explicit - - name: ANSIBLE_INVENTORY - value: /opt/ansible/inventory - - name: ANSIBLE_DEBUG_LOGS - value: "TRUE" - livenessProbe: - httpGet: - path: /healthz - port: 6789 - initialDelaySeconds: 5 - periodSeconds: 3 - args: ["--ansible-args='--vault-password-file /opt/ansible/pwd.yml'"] - volumes: - - name: runner - emptyDir: {}