diff options
Diffstat (limited to 'roles/lib_openshift/src')
17 files changed, 1008 insertions, 66 deletions
diff --git a/roles/lib_openshift/src/ansible/oadm_manage_node.py b/roles/lib_openshift/src/ansible/oc_adm_manage_node.py index b870c1211..b870c1211 100644 --- a/roles/lib_openshift/src/ansible/oadm_manage_node.py +++ b/roles/lib_openshift/src/ansible/oc_adm_manage_node.py diff --git a/roles/lib_openshift/src/ansible/oc_group.py b/roles/lib_openshift/src/ansible/oc_group.py new file mode 100644 index 000000000..9294286d6 --- /dev/null +++ b/roles/lib_openshift/src/ansible/oc_group.py @@ -0,0 +1,32 @@ +# pylint: skip-file +# flake8: noqa + +#pylint: disable=too-many-branches +def main(): + ''' + ansible oc module for group + ''' + + module = AnsibleModule( + argument_spec=dict( + kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), + state=dict(default='present', type='str', + choices=['present', 'absent', 'list']), + debug=dict(default=False, type='bool'), + name=dict(default=None, type='str'), + namespace=dict(default='default', type='str'), + # addind users to a group is handled through the oc_users module + #users=dict(default=None, type='list'), + ), + supports_check_mode=True, + ) + + rval = OCGroup.run_ansible(module.params, module.check_mode) + + if 'failed' in rval: + return module.fail_json(**rval) + + return module.exit_json(**rval) + +if __name__ == '__main__': + main() diff --git a/roles/lib_openshift/src/class/oadm_manage_node.py b/roles/lib_openshift/src/class/oc_adm_manage_node.py index c07320477..c07320477 100644 --- a/roles/lib_openshift/src/class/oadm_manage_node.py +++ b/roles/lib_openshift/src/class/oc_adm_manage_node.py diff --git a/roles/lib_openshift/src/class/oc_adm_registry.py b/roles/lib_openshift/src/class/oc_adm_registry.py index c083cd179..25519c9c9 100644 --- a/roles/lib_openshift/src/class/oc_adm_registry.py +++ b/roles/lib_openshift/src/class/oc_adm_registry.py @@ -87,8 +87,8 @@ class Registry(OpenShiftCLI): ''' prepared_registry property ''' if not self.__prepared_registry: results = self.prepare_registry() - if not results: - raise RegistryException('Could not perform registry preparation.') + if not results or ('returncode' in results and results['returncode'] != 0): + raise RegistryException('Could not perform registry preparation. {}'.format(results)) self.__prepared_registry = results return self.__prepared_registry @@ -153,8 +153,8 @@ class Registry(OpenShiftCLI): # probably need to parse this # pylint thinks results is a string # pylint: disable=no-member - if results['returncode'] != 0 and 'items' in results['results']: - return results + if results['returncode'] != 0 and 'items' not in results['results']: + raise RegistryException('Could not perform registry preparation. {}'.format(results)) service = None deploymentconfig = None diff --git a/roles/lib_openshift/src/class/oc_group.py b/roles/lib_openshift/src/class/oc_group.py new file mode 100644 index 000000000..89fb09ea4 --- /dev/null +++ b/roles/lib_openshift/src/class/oc_group.py @@ -0,0 +1,148 @@ +# pylint: skip-file +# flake8: noqa + + +class OCGroup(OpenShiftCLI): + ''' Class to wrap the oc command line tools ''' + kind = 'group' + + def __init__(self, + config, + verbose=False): + ''' Constructor for OCGroup ''' + super(OCGroup, self).__init__(config.namespace, config.kubeconfig) + self.config = config + self.namespace = config.namespace + self._group = None + + @property + def group(self): + ''' property function service''' + if not self._group: + self.get() + return self._group + + @group.setter + def group(self, data): + ''' setter function for yedit var ''' + self._group = data + + def exists(self): + ''' return whether a group exists ''' + if self.group: + return True + + return False + + def get(self): + '''return group information ''' + result = self._get(self.kind, self.config.name) + if result['returncode'] == 0: + self.group = Group(content=result['results'][0]) + elif 'groups \"{}\" not found'.format(self.config.name) in result['stderr']: + result['returncode'] = 0 + result['results'] = [{}] + + return result + + def delete(self): + '''delete the object''' + return self._delete(self.kind, self.config.name) + + def create(self): + '''create the object''' + return self._create_from_content(self.config.name, self.config.data) + + def update(self): + '''update the object''' + return self._replace_content(self.kind, self.config.name, self.config.data) + + def needs_update(self): + ''' verify an update is needed ''' + return not Utils.check_def_equal(self.config.data, self.group.yaml_dict, skip_keys=[], debug=True) + + # pylint: disable=too-many-return-statements,too-many-branches + @staticmethod + def run_ansible(params, check_mode=False): + '''run the idempotent ansible code''' + + gconfig = GroupConfig(params['name'], + params['namespace'], + params['kubeconfig'], + ) + oc_group = OCGroup(gconfig, verbose=params['debug']) + + state = params['state'] + + api_rval = oc_group.get() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + ##### + # Get + ##### + if state == 'list': + return {'changed': False, 'results': api_rval['results'], 'state': state} + + ######## + # Delete + ######## + if state == 'absent': + if oc_group.exists(): + + if check_mode: + return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a delete.'} + + api_rval = oc_group.delete() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + return {'changed': True, 'results': api_rval, 'state': state} + + return {'changed': False, 'state': state} + + if state == 'present': + ######## + # Create + ######## + if not oc_group.exists(): + + if check_mode: + return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a create.'} + + # Create it here + api_rval = oc_group.create() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + # return the created object + api_rval = oc_group.get() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + return {'changed': True, 'results': api_rval, 'state': state} + + ######## + # Update + ######## + if oc_group.needs_update(): + api_rval = oc_group.update() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + # return the created object + api_rval = oc_group.get() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + return {'changed': True, 'results': api_rval, 'state': state} + + return {'changed': False, 'results': api_rval, 'state': state} + + return {'failed': True, 'msg': 'Unknown state passed. {}'.format(state)} diff --git a/roles/lib_openshift/src/class/oc_project.py b/roles/lib_openshift/src/class/oc_project.py index 7e3984297..9ad8111a8 100644 --- a/roles/lib_openshift/src/class/oc_project.py +++ b/roles/lib_openshift/src/class/oc_project.py @@ -61,30 +61,34 @@ class OCProject(OpenShiftCLI): def update(self): '''update a project ''' - self.project.update_annotation('display-name', self.config.config_options['display_name']['value']) - self.project.update_annotation('description', self.config.config_options['description']['value']) + if self.config.config_options['display_name']['value'] is not None: + self.project.update_annotation('display-name', self.config.config_options['display_name']['value']) + + if self.config.config_options['description']['value'] is not None: + self.project.update_annotation('description', self.config.config_options['description']['value']) # work around for immutable project field - if self.config.config_options['node_selector']['value']: + if self.config.config_options['node_selector']['value'] is not None: self.project.update_annotation('node-selector', self.config.config_options['node_selector']['value']) - else: - self.project.update_annotation('node-selector', self.project.find_annotation('node-selector')) return self._replace_content(self.kind, self.config.name, self.project.yaml_dict) def needs_update(self): ''' verify an update is needed ''' - result = self.project.find_annotation("display-name") - if result != self.config.config_options['display_name']['value']: - return True + if self.config.config_options['display_name']['value'] is not None: + result = self.project.find_annotation("display-name") + if result != self.config.config_options['display_name']['value']: + return True - result = self.project.find_annotation("description") - if result != self.config.config_options['description']['value']: - return True + if self.config.config_options['description']['value'] is not None: + result = self.project.find_annotation("description") + if result != self.config.config_options['description']['value']: + return True - result = self.project.find_annotation("node-selector") - if result != self.config.config_options['node_selector']['value']: - return True + if self.config.config_options['node_selector']['value'] is not None: + result = self.project.find_annotation("node-selector") + if result != self.config.config_options['node_selector']['value']: + return True return False @@ -93,19 +97,22 @@ class OCProject(OpenShiftCLI): def run_ansible(params, check_mode): '''run the idempotent ansible code''' - _ns = None + node_selector = None if params['node_selector'] is not None: - _ns = ','.join(params['node_selector']) - - pconfig = ProjectConfig(params['name'], - 'None', - params['kubeconfig'], - {'admin': {'value': params['admin'], 'include': True}, - 'admin_role': {'value': params['admin_role'], 'include': True}, - 'description': {'value': params['description'], 'include': True}, - 'display_name': {'value': params['display_name'], 'include': True}, - 'node_selector': {'value': _ns, 'include': True}, - }) + node_selector = ','.join(params['node_selector']) + + pconfig = ProjectConfig( + params['name'], + 'None', + params['kubeconfig'], + { + 'admin': {'value': params['admin'], 'include': True}, + 'admin_role': {'value': params['admin_role'], 'include': True}, + 'description': {'value': params['description'], 'include': True}, + 'display_name': {'value': params['display_name'], 'include': True}, + 'node_selector': {'value': node_selector, 'include': True}, + }, + ) oadm_project = OCProject(pconfig, verbose=params['debug']) diff --git a/roles/lib_openshift/src/doc/group b/roles/lib_openshift/src/doc/group new file mode 100644 index 000000000..c5ba6ebd9 --- /dev/null +++ b/roles/lib_openshift/src/doc/group @@ -0,0 +1,56 @@ +# flake8: noqa +# pylint: skip-file + +DOCUMENTATION = ''' +--- +module: oc_group +short_description: Modify, and idempotently manage openshift groups. +description: + - Modify openshift groups programmatically. +options: + state: + description: + - Supported states, present, absent, list + - present - will ensure object is created or updated to the value specified + - list - will return a group + - absent - will remove the group + required: False + default: present + choices: ["present", 'absent', 'list'] + aliases: [] + kubeconfig: + description: + - The path for the kubeconfig file to use for authentication + required: false + default: /etc/origin/master/admin.kubeconfig + aliases: [] + debug: + description: + - Turn on debug output. + required: false + default: False + aliases: [] + name: + description: + - Name of the object that is being queried. + required: false + default: None + aliases: [] + namespace: + description: + - The namespace where the object lives. + required: false + default: str + aliases: [] +author: +- "Joel Diaz <jdiaz@redhat.com>" +extends_documentation_fragment: [] +''' + +EXAMPLES = ''' +- name: create group + oc_group: + state: present + name: acme_org + register: group_out +''' diff --git a/roles/lib_openshift/src/doc/manage_node b/roles/lib_openshift/src/doc/manage_node index 382377f3e..b651ea4e7 100644 --- a/roles/lib_openshift/src/doc/manage_node +++ b/roles/lib_openshift/src/doc/manage_node @@ -3,7 +3,7 @@ DOCUMENTATION = ''' --- -module: oadm_manage_node +module: oc_adm_manage_node short_description: Module to manage openshift nodes description: - Manage openshift nodes programmatically. @@ -75,13 +75,13 @@ extends_documentation_fragment: [] EXAMPLES = ''' - name: oadm manage-node --schedulable=true --selector=ops_node=new - oadm_manage_node: + oc_adm_manage_node: selector: ops_node=new schedulable: True register: schedout - name: oadm manage-node my-k8s-node-5 --evacuate - oadm_manage_node: + oc_adm_manage_node: node: my-k8s-node-5 evacuate: True force: True diff --git a/roles/lib_openshift/src/lib/base.py b/roles/lib_openshift/src/lib/base.py index 334542b97..132c586c9 100644 --- a/roles/lib_openshift/src/lib/base.py +++ b/roles/lib_openshift/src/lib/base.py @@ -283,9 +283,9 @@ class OpenShiftCLI(object): if output_type == 'json': try: rval['results'] = json.loads(stdout) - except ValueError as err: - if "No JSON object could be decoded" in err.args: - err = err.args + except ValueError as verr: + if "No JSON object could be decoded" in verr.args: + err = verr.args elif output_type == 'raw': rval['results'] = stdout diff --git a/roles/lib_openshift/src/lib/group.py b/roles/lib_openshift/src/lib/group.py new file mode 100644 index 000000000..fac5fcbc2 --- /dev/null +++ b/roles/lib_openshift/src/lib/group.py @@ -0,0 +1,36 @@ +# pylint: skip-file +# flake8: noqa + + +class GroupConfig(object): + ''' Handle route options ''' + # pylint: disable=too-many-arguments + def __init__(self, + sname, + namespace, + kubeconfig): + ''' constructor for handling group options ''' + self.kubeconfig = kubeconfig + self.name = sname + self.namespace = namespace + self.data = {} + + self.create_dict() + + def create_dict(self): + ''' return a service as a dict ''' + self.data['apiVersion'] = 'v1' + self.data['kind'] = 'Group' + self.data['metadata'] = {} + self.data['metadata']['name'] = self.name + self.data['users'] = None + + +# pylint: disable=too-many-instance-attributes +class Group(Yedit): + ''' Class to wrap the oc command line tools ''' + kind = 'group' + + def __init__(self, content): + '''Group constructor''' + super(Group, self).__init__(content=content) diff --git a/roles/lib_openshift/src/sources.yml b/roles/lib_openshift/src/sources.yml index f16b3c8de..91ee86750 100644 --- a/roles/lib_openshift/src/sources.yml +++ b/roles/lib_openshift/src/sources.yml @@ -9,15 +9,15 @@ oc_adm_ca_server_cert.py: - class/oc_adm_ca_server_cert.py - ansible/oc_adm_ca_server_cert.py -oadm_manage_node.py: +oc_adm_manage_node.py: - doc/generated - doc/license - lib/import.py - doc/manage_node - ../../lib_utils/src/class/yedit.py - lib/base.py -- class/oadm_manage_node.py -- ansible/oadm_manage_node.py +- class/oc_adm_manage_node.py +- ansible/oc_adm_manage_node.py oc_adm_policy_user.py: - doc/generated @@ -100,6 +100,17 @@ oc_env.py: - class/oc_env.py - ansible/oc_env.py +oc_group.py: +- doc/generated +- doc/license +- lib/import.py +- doc/group +- ../../lib_utils/src/class/yedit.py +- lib/base.py +- lib/group.py +- class/oc_group.py +- ansible/oc_group.py + oc_label.py: - doc/generated - doc/license diff --git a/roles/lib_openshift/src/test/integration/group.yml b/roles/lib_openshift/src/test/integration/group.yml new file mode 100755 index 000000000..25aa5727b --- /dev/null +++ b/roles/lib_openshift/src/test/integration/group.yml @@ -0,0 +1,229 @@ +#!/usr/bin/ansible-playbook +--- +- hosts: "{{ cli_master_test }}" + gather_facts: no + user: root + + vars: + + post_tasks: + - name: delete test group (so future tests work) + oc_group: + state: absent + name: jgroup + + - name: delete 2nd test group (so future tests work) + oc_group: + state: absent + name: jgroup2 + + - name: delete test user (so future tests work) + oc_user: + state: absent + username: jdiaz@redhat.com + + - name: get group list + oc_group: + state: list + name: jgroup + register: group_out + #- debug: var=group_out + - name: assert group 'jgroup' (test group) does not exist + assert: + that: group_out['results'][0] == {} + + - name: get group list + oc_group: + state: list + name: jgroup2 + register: group_out + #- debug: var=group_out + - name: assert group 'jgroup2' (test group) does not exist + assert: + that: group_out['results'][0] == {} + + - name: get user list + oc_user: + state: list + username: 'jdiaz@redhat.com' + register: group_out + #- debug: var=group_out + - name: assert user 'jdiaz@redhat.com' (test user) does not exist + assert: + that: group_out['results'][0] == {} + + - name: create group + oc_group: + state: present + name: jgroup + register: group_out + #- debug: var=group_out + - name: assert creating group marked changed + assert: + that: group_out['changed'] == True + + - name: list group + oc_group: + state: list + name: jgroup + register: group_out + #- debug: var=group_out + - name: assert group actually created + assert: + that: group_out['results'][0]['metadata']['name'] == 'jgroup' + + - name: re-add group + oc_group: + state: present + name: jgroup + register: group_out + #- debug: var=group_out + - name: assert re-adding group marked not changed + assert: + that: group_out['changed'] == False + + + - name: add user with group membership + oc_user: + state: present + username: jdiaz@redhat.com + full_name: Joel Diaz + groups: + - jgroup + register: group_out + #- debug: var=group_out + + - name: get group + oc_group: + state: list + name: jgroup + register: group_out + - name: assert user in group + assert: + that: group_out['results'][0]['users'][0] == 'jdiaz@redhat.com' + + - name: add 2nd group + oc_group: + state: present + name: jgroup2 + + - name: change group membership + oc_user: + state: present + username: jdiaz@redhat.com + full_name: Joel Diaz + groups: + - jgroup2 + register: group_out + - name: assert result changed + assert: + that: group_out['changed'] == True + + - name: check jgroup user membership + oc_group: + state: list + name: jgroup + register: group_out + #- debug: var=group_out + - name: assert user not present in previous group + assert: + that: group_out['results'][0]['users'] == [] + + - name: check jgroup2 user membership + oc_group: + state: list + name: jgroup2 + register: group_out + #- debug: var=group_out + - name: assert user present in new group + assert: + that: group_out['results'][0]['users'][0] == 'jdiaz@redhat.com' + + - name: multi-group membership + oc_user: + state: present + username: jdiaz@redhat.com + full_name: Joel Diaz + groups: + - jgroup + - jgroup2 + register: group_out + - name: assert result changed + assert: + that: group_out['changed'] == True + + - name: check jgroup user membership + oc_group: + state: list + name: jgroup + register: group_out + #- debug: var=group_out + - name: assert user present in group + assert: + that: group_out['results'][0]['users'][0] == 'jdiaz@redhat.com' + + - name: check jgroup2 user membership + oc_group: + state: list + name: jgroup2 + register: group_out + #- debug: var=group_out + - name: assert user still present in group + assert: + that: group_out['results'][0]['users'][0] == 'jdiaz@redhat.com' + + - name: user delete (group cleanup) + oc_user: + state: absent + username: jdiaz@redhat.com + register: group_out + + - name: get user list for jgroup + oc_group: + state: list + name: jgroup + register: group_out + #- debug: var=group_out + - name: assert that group jgroup has no members + assert: + that: group_out['results'][0]['users'] == [] + + - name: get user list for jgroup2 + oc_group: + state: list + name: jgroup2 + register: group_out + #- debug: var=group_out + - name: assert that group jgroup2 has no members + assert: + that: group_out['results'][0]['users'] == [] + + - name: user without groups defined + oc_user: + state: present + username: jdiaz@redhat.com + full_name: Joel Diaz + register: group_out + - name: assert result changed + assert: + that: group_out['changed'] == True + + - name: check jgroup user membership + oc_group: + state: list + name: jgroup + register: group_out + #- debug: var=group_out + - name: assert user not present in group + assert: + that: group_out['results'][0]['users'] == [] + + - name: check jgroup2 user membership + oc_group: + state: list + name: jgroup2 + register: group_out + #- debug: var=group_out + - name: assert user not present in group + assert: + that: group_out['results'][0]['users'] == [] diff --git a/roles/lib_openshift/src/test/integration/oadm_manage_node.yml b/roles/lib_openshift/src/test/integration/oc_adm_manage_node.yml index 3ee13a409..1ed2ef11b 100755 --- a/roles/lib_openshift/src/test/integration/oadm_manage_node.yml +++ b/roles/lib_openshift/src/test/integration/oc_adm_manage_node.yml @@ -1,6 +1,6 @@ #!/usr/bin/ansible-playbook --module-path=../../../library/ # -# ./oadm_manage_node.yml -e "cli_master_test=$OPENSHIFT_MASTER +# ./oc_adm_manage_node.yml -e "cli_master_test=$OPENSHIFT_MASTER --- - hosts: "{{ cli_master_test }}" gather_facts: no @@ -17,7 +17,7 @@ node_to_test: "{{ obj_out['results']['results'][0]['items'][0]['metadata']['name'] }}" - name: list pods from a node - oadm_manage_node: + oc_adm_manage_node: list_pods: True node: - "{{ node_to_test }}" @@ -29,7 +29,7 @@ msg: Pod data was not returned - name: set node to unschedulable - oadm_manage_node: + oc_adm_manage_node: schedulable: False node: - "{{ node_to_test }}" @@ -56,7 +56,7 @@ that: nodeout.results.results[0]['spec']['unschedulable'] - name: set node to schedulable - oadm_manage_node: + oc_adm_manage_node: schedulable: True node: - "{{ node_to_test }}" diff --git a/roles/lib_openshift/src/test/unit/test_oadm_manage_node.py b/roles/lib_openshift/src/test/unit/test_oc_adm_manage_node.py index 27d98b869..312b1ecbb 100755 --- a/roles/lib_openshift/src/test/unit/test_oadm_manage_node.py +++ b/roles/lib_openshift/src/test/unit/test_oc_adm_manage_node.py @@ -1,5 +1,5 @@ ''' - Unit tests for oadm_manage_node + Unit tests for oc_adm_manage_node ''' import os @@ -16,16 +16,16 @@ import mock # place class in our python path module_path = os.path.join('/'.join(os.path.realpath(__file__).split('/')[:-4]), 'library') # noqa: E501 sys.path.insert(0, module_path) -from oadm_manage_node import ManageNode, locate_oc_binary # noqa: E402 +from oc_adm_manage_node import ManageNode, locate_oc_binary # noqa: E402 class ManageNodeTest(unittest.TestCase): ''' - Test class for oadm_manage_node + Test class for oc_adm_manage_node ''' - @mock.patch('oadm_manage_node.Utils.create_tmpfile_copy') - @mock.patch('oadm_manage_node.ManageNode.openshift_cmd') + @mock.patch('oc_adm_manage_node.Utils.create_tmpfile_copy') + @mock.patch('oc_adm_manage_node.ManageNode.openshift_cmd') def test_list_pods(self, mock_openshift_cmd, mock_tmpfile_copy): ''' Testing a get ''' params = {'node': ['ip-172-31-49-140.ec2.internal'], @@ -107,8 +107,8 @@ class ManageNodeTest(unittest.TestCase): # returned 2 pods self.assertTrue(len(results['results']['nodes']['ip-172-31-49-140.ec2.internal']) == 2) - @mock.patch('oadm_manage_node.Utils.create_tmpfile_copy') - @mock.patch('oadm_manage_node.ManageNode.openshift_cmd') + @mock.patch('oc_adm_manage_node.Utils.create_tmpfile_copy') + @mock.patch('oc_adm_manage_node.ManageNode.openshift_cmd') def test_schedulable_false(self, mock_openshift_cmd, mock_tmpfile_copy): ''' Testing a get ''' params = {'node': ['ip-172-31-49-140.ec2.internal'], diff --git a/roles/lib_openshift/src/test/unit/test_oc_group.py b/roles/lib_openshift/src/test/unit/test_oc_group.py new file mode 100755 index 000000000..8eef37810 --- /dev/null +++ b/roles/lib_openshift/src/test/unit/test_oc_group.py @@ -0,0 +1,253 @@ +''' + Unit tests for oc group +''' + +import copy +import os +import six +import sys +import unittest +import mock + +# Removing invalid variable names for tests so that I can +# keep them brief +# pylint: disable=invalid-name,no-name-in-module +# Disable import-error b/c our libraries aren't loaded in jenkins +# pylint: disable=import-error,wrong-import-position +# place class in our python path +module_path = os.path.join('/'.join(os.path.realpath(__file__).split('/')[:-4]), 'library') # noqa: E501 +sys.path.insert(0, module_path) +from oc_group import OCGroup, locate_oc_binary # noqa: E402 + + +class OCGroupTest(unittest.TestCase): + ''' + Test class for OCGroup + ''' + params = {'kubeconfig': '/etc/origin/master/admin.kubeconfig', + 'state': 'present', + 'debug': False, + 'name': 'acme', + 'namespace': 'test'} + + @mock.patch('oc_group.Utils.create_tmpfile_copy') + @mock.patch('oc_group.OCGroup._run') + def test_create_group(self, mock_run, mock_tmpfile_copy): + ''' Testing a group create ''' + params = copy.deepcopy(OCGroupTest.params) + + group = '''{ + "kind": "Group", + "apiVersion": "v1", + "metadata": { + "name": "acme" + }, + "users": [] + }''' + + mock_run.side_effect = [ + (1, '', 'Error from server: groups "acme" not found'), + (1, '', 'Error from server: groups "acme" not found'), + (0, '', ''), + (0, group, ''), + ] + + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + + results = OCGroup.run_ansible(params, False) + + self.assertTrue(results['changed']) + self.assertEqual(results['results']['results'][0]['metadata']['name'], 'acme') + + @mock.patch('oc_group.Utils.create_tmpfile_copy') + @mock.patch('oc_group.OCGroup._run') + def test_failed_get_group(self, mock_run, mock_tmpfile_copy): + ''' Testing a group create ''' + params = copy.deepcopy(OCGroupTest.params) + params['state'] = 'list' + params['name'] = 'noexist' + + mock_run.side_effect = [ + (1, '', 'Error from server: groups "acme" not found'), + ] + + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + + results = OCGroup.run_ansible(params, False) + + self.assertTrue(results['failed']) + + @mock.patch('oc_group.Utils.create_tmpfile_copy') + @mock.patch('oc_group.OCGroup._run') + def test_delete_group(self, mock_run, mock_tmpfile_copy): + ''' Testing a group create ''' + params = copy.deepcopy(OCGroupTest.params) + params['state'] = 'absent' + + group = '''{ + "kind": "Group", + "apiVersion": "v1", + "metadata": { + "name": "acme" + }, + "users": [ + "user1" + ] + }''' + + mock_run.side_effect = [ + (0, group, ''), + (0, '', ''), + ] + + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + + results = OCGroup.run_ansible(params, False) + + self.assertTrue(results['changed']) + + @mock.patch('oc_group.Utils.create_tmpfile_copy') + @mock.patch('oc_group.OCGroup._run') + def test_get_group(self, mock_run, mock_tmpfile_copy): + ''' Testing a group create ''' + params = copy.deepcopy(OCGroupTest.params) + params['state'] = 'list' + + group = '''{ + "kind": "Group", + "apiVersion": "v1", + "metadata": { + "name": "acme" + }, + "users": [ + "user1" + ] + }''' + + mock_run.side_effect = [ + (0, group, ''), + ] + + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + + results = OCGroup.run_ansible(params, False) + + self.assertFalse(results['changed']) + self.assertEqual(results['results'][0]['metadata']['name'], 'acme') + self.assertEqual(results['results'][0]['users'][0], 'user1') + + @unittest.skipIf(six.PY3, 'py2 test only') + @mock.patch('os.path.exists') + @mock.patch('os.environ.get') + def test_binary_lookup_fallback(self, mock_env_get, mock_path_exists): + ''' Testing binary lookup fallback ''' + + mock_env_get.side_effect = lambda _v, _d: '' + + mock_path_exists.side_effect = lambda _: False + + self.assertEqual(locate_oc_binary(), 'oc') + + @unittest.skipIf(six.PY3, 'py2 test only') + @mock.patch('os.path.exists') + @mock.patch('os.environ.get') + def test_binary_lookup_in_path(self, mock_env_get, mock_path_exists): + ''' Testing binary lookup in path ''' + + oc_bin = '/usr/bin/oc' + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_path_exists.side_effect = lambda f: f == oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) + + @unittest.skipIf(six.PY3, 'py2 test only') + @mock.patch('os.path.exists') + @mock.patch('os.environ.get') + def test_binary_lookup_in_usr_local(self, mock_env_get, mock_path_exists): + ''' Testing binary lookup in /usr/local/bin ''' + + oc_bin = '/usr/local/bin/oc' + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_path_exists.side_effect = lambda f: f == oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) + + @unittest.skipIf(six.PY3, 'py2 test only') + @mock.patch('os.path.exists') + @mock.patch('os.environ.get') + def test_binary_lookup_in_home(self, mock_env_get, mock_path_exists): + ''' Testing binary lookup in ~/bin ''' + + oc_bin = os.path.expanduser('~/bin/oc') + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_path_exists.side_effect = lambda f: f == oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) + + @unittest.skipIf(six.PY2, 'py3 test only') + @mock.patch('shutil.which') + @mock.patch('os.environ.get') + def test_binary_lookup_fallback_py3(self, mock_env_get, mock_shutil_which): + ''' Testing binary lookup fallback ''' + + mock_env_get.side_effect = lambda _v, _d: '' + + mock_shutil_which.side_effect = lambda _f, path=None: None + + self.assertEqual(locate_oc_binary(), 'oc') + + @unittest.skipIf(six.PY2, 'py3 test only') + @mock.patch('shutil.which') + @mock.patch('os.environ.get') + def test_binary_lookup_in_path_py3(self, mock_env_get, mock_shutil_which): + ''' Testing binary lookup in path ''' + + oc_bin = '/usr/bin/oc' + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_shutil_which.side_effect = lambda _f, path=None: oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) + + @unittest.skipIf(six.PY2, 'py3 test only') + @mock.patch('shutil.which') + @mock.patch('os.environ.get') + def test_binary_lookup_in_usr_local_py3(self, mock_env_get, mock_shutil_which): + ''' Testing binary lookup in /usr/local/bin ''' + + oc_bin = '/usr/local/bin/oc' + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_shutil_which.side_effect = lambda _f, path=None: oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) + + @unittest.skipIf(six.PY2, 'py3 test only') + @mock.patch('shutil.which') + @mock.patch('os.environ.get') + def test_binary_lookup_in_home_py3(self, mock_env_get, mock_shutil_which): + ''' Testing binary lookup in ~/bin ''' + + oc_bin = os.path.expanduser('~/bin/oc') + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_shutil_which.side_effect = lambda _f, path=None: oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) diff --git a/roles/lib_openshift/src/test/unit/test_oc_project.py b/roles/lib_openshift/src/test/unit/test_oc_project.py index 5155101cb..fa454d035 100755 --- a/roles/lib_openshift/src/test/unit/test_oc_project.py +++ b/roles/lib_openshift/src/test/unit/test_oc_project.py @@ -2,6 +2,7 @@ Unit tests for oc project ''' +import copy import os import sys import unittest @@ -20,9 +21,22 @@ from oc_project import OCProject # noqa: E402 class OCProjectTest(unittest.TestCase): ''' - Test class for OCSecret + Test class for OCProject ''' + # run_ansible input parameters + params = { + 'state': 'present', + 'display_name': 'operations project', + 'name': 'operations', + 'node_selector': ['ops_only=True'], + 'kubeconfig': '/etc/origin/master/admin.kubeconfig', + 'debug': False, + 'admin': None, + 'admin_role': 'admin', + 'description': 'All things operations project', + } + @mock.patch('oc_project.locate_oc_binary') @mock.patch('oc_project.Utils.create_tmpfile_copy') @mock.patch('oc_project.Utils._write') @@ -30,21 +44,9 @@ class OCProjectTest(unittest.TestCase): def test_adding_a_project(self, mock_cmd, mock_write, mock_tmpfile_copy, mock_loc_oc_bin): ''' Testing adding a project ''' - # Arrange + params = copy.deepcopy(OCProjectTest.params) # run_ansible input parameters - params = { - 'state': 'present', - 'display_name': 'operations project', - 'name': 'operations', - 'node_selector': ['ops_only=True'], - 'kubeconfig': '/etc/origin/master/admin.kubeconfig', - 'debug': False, - 'admin': None, - 'admin_role': 'admin', - 'description': 'All things operations project', - } - project_results = '''{ "kind": "Project", "apiVersion": "v1", @@ -90,7 +92,6 @@ class OCProjectTest(unittest.TestCase): ] # Act - results = OCProject.run_ansible(params, False) # Assert @@ -108,3 +109,172 @@ class OCProjectTest(unittest.TestCase): mock.call(['oc', 'get', 'namespace', 'operations', '-o', 'json'], None), ]) + + @mock.patch('oc_project.locate_oc_binary') + @mock.patch('oc_project.Utils.create_tmpfile_copy') + @mock.patch('oc_project.Utils._write') + @mock.patch('oc_project.OCProject._run') + def test_modifying_a_project_no_attributes(self, mock_cmd, mock_write, mock_tmpfile_copy, mock_loc_oc_bin): + ''' Testing adding a project ''' + params = copy.deepcopy(self.params) + params['display_name'] = None + params['node_selector'] = None + params['description'] = None + + # run_ansible input parameters + project_results = '''{ + "kind": "Project", + "apiVersion": "v1", + "metadata": { + "name": "operations", + "selfLink": "/oapi/v1/projects/operations", + "uid": "5e52afb8-ee33-11e6-89f4-0edc441d9666", + "resourceVersion": "1584", + "labels": {}, + "annotations": { + "openshift.io/node-selector": "", + "openshift.io/description: "This is a description", + "openshift.io/sa.initialized-roles": "true", + "openshift.io/sa.scc.mcs": "s0:c3,c2", + "openshift.io/sa.scc.supplemental-groups": "1000010000/10000", + "openshift.io/sa.scc.uid-range": "1000010000/10000" + } + }, + "spec": { + "finalizers": [ + "kubernetes", + "openshift.io/origin" + ] + }, + "status": { + "phase": "Active" + } + }''' + + # Return values of our mocked function call. These get returned once per call. + mock_cmd.side_effect = [ + (0, project_results, ''), + ] + + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + + mock_loc_oc_bin.side_effect = [ + 'oc', + ] + + # Act + results = OCProject.run_ansible(params, False) + + # Assert + self.assertFalse(results['changed']) + + # Making sure our mock was called as we expected + mock_cmd.assert_has_calls([ + mock.call(['oc', 'get', 'namespace', 'operations', '-o', 'json'], None), + ]) + + @mock.patch('oc_project.locate_oc_binary') + @mock.patch('oc_project.Utils.create_tmpfile_copy') + @mock.patch('oc_project.Utils._write') + @mock.patch('oc_project.OCProject._run') + def test_modifying_project_attributes(self, mock_cmd, mock_write, mock_tmpfile_copy, mock_loc_oc_bin): + ''' Testing adding a project ''' + params = copy.deepcopy(self.params) + params['display_name'] = 'updated display name' + params['node_selector'] = 'type=infra' + params['description'] = 'updated description' + + # run_ansible input parameters + project_results = '''{ + "kind": "Project", + "apiVersion": "v1", + "metadata": { + "name": "operations", + "selfLink": "/oapi/v1/projects/operations", + "uid": "5e52afb8-ee33-11e6-89f4-0edc441d9666", + "resourceVersion": "1584", + "labels": {}, + "annotations": { + "openshift.io/node-selector": "", + "openshift.io/description": "This is a description", + "openshift.io/sa.initialized-roles": "true", + "openshift.io/sa.scc.mcs": "s0:c3,c2", + "openshift.io/sa.scc.supplemental-groups": "1000010000/10000", + "openshift.io/sa.scc.uid-range": "1000010000/10000" + } + }, + "spec": { + "finalizers": [ + "kubernetes", + "openshift.io/origin" + ] + }, + "status": { + "phase": "Active" + } + }''' + + mod_project_results = '''{ + "kind": "Project", + "apiVersion": "v1", + "metadata": { + "name": "operations", + "selfLink": "/oapi/v1/projects/operations", + "uid": "5e52afb8-ee33-11e6-89f4-0edc441d9666", + "resourceVersion": "1584", + "labels": {}, + "annotations": { + "openshift.io/node-selector": "type=infra", + "openshift.io/description": "updated description", + "openshift.io/display-name": "updated display name", + "openshift.io/sa.initialized-roles": "true", + "openshift.io/sa.scc.mcs": "s0:c3,c2", + "openshift.io/sa.scc.supplemental-groups": "1000010000/10000", + "openshift.io/sa.scc.uid-range": "1000010000/10000" + } + }, + "spec": { + "finalizers": [ + "kubernetes", + "openshift.io/origin" + ] + }, + "status": { + "phase": "Active" + } + }''' + + # Return values of our mocked function call. These get returned once per call. + mock_cmd.side_effect = [ + (0, project_results, ''), + (0, project_results, ''), + (0, '', ''), + (0, mod_project_results, ''), + ] + + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + + mock_loc_oc_bin.side_effect = [ + 'oc', + ] + + # Act + results = OCProject.run_ansible(params, False) + + # Assert + self.assertTrue(results['changed']) + self.assertEqual(results['results']['returncode'], 0) + self.assertEqual(results['results']['results']['metadata']['annotations']['openshift.io/description'], 'updated description') + self.assertEqual(results['state'], 'present') + + # Making sure our mock was called as we expected + mock_cmd.assert_has_calls([ + mock.call(['oc', 'get', 'namespace', 'operations', '-o', 'json'], None), + mock.call(['oc', 'get', 'namespace', 'operations', '-o', 'json'], None), + mock.call(['oc', 'replace', '-f', mock.ANY], None), + mock.call(['oc', 'get', 'namespace', 'operations', '-o', 'json'], None), + ]) diff --git a/roles/lib_openshift/src/test/unit/test_oc_route.py b/roles/lib_openshift/src/test/unit/test_oc_route.py index 09c52a461..afdb5e4dc 100755 --- a/roles/lib_openshift/src/test/unit/test_oc_route.py +++ b/roles/lib_openshift/src/test/unit/test_oc_route.py @@ -21,7 +21,7 @@ from oc_route import OCRoute, locate_oc_binary # noqa: E402 class OCRouteTest(unittest.TestCase): ''' - Test class for OCServiceAccount + Test class for OCRoute ''' @mock.patch('oc_route.locate_oc_binary') |