diff options
Diffstat (limited to 'roles/lib_openshift/src')
| -rw-r--r-- | roles/lib_openshift/src/ansible/oc_configmap.py | 32 | ||||
| -rw-r--r-- | roles/lib_openshift/src/ansible/oc_pvc.py | 35 | ||||
| -rw-r--r-- | roles/lib_openshift/src/ansible/oc_user.py | 34 | ||||
| -rw-r--r-- | roles/lib_openshift/src/class/oc_configmap.py | 187 | ||||
| -rw-r--r-- | roles/lib_openshift/src/class/oc_pvc.py | 167 | ||||
| -rw-r--r-- | roles/lib_openshift/src/class/oc_user.py | 227 | ||||
| -rw-r--r-- | roles/lib_openshift/src/doc/configmap | 72 | ||||
| -rw-r--r-- | roles/lib_openshift/src/doc/pvc | 76 | ||||
| -rw-r--r-- | roles/lib_openshift/src/doc/user | 128 | ||||
| -rw-r--r-- | roles/lib_openshift/src/lib/pvc.py | 167 | ||||
| -rw-r--r-- | roles/lib_openshift/src/lib/user.py | 37 | ||||
| -rw-r--r-- | roles/lib_openshift/src/sources.yml | 32 | ||||
| -rwxr-xr-x | roles/lib_openshift/src/test/integration/oc_configmap.yml | 95 | ||||
| -rwxr-xr-x | roles/lib_openshift/src/test/integration/oc_user.yml | 240 | ||||
| -rwxr-xr-x | roles/lib_openshift/src/test/unit/test_oc_configmap.py | 239 | ||||
| -rwxr-xr-x | roles/lib_openshift/src/test/unit/test_oc_pvc.py | 366 | ||||
| -rwxr-xr-x | roles/lib_openshift/src/test/unit/test_oc_user.py | 127 |
17 files changed, 2261 insertions, 0 deletions
diff --git a/roles/lib_openshift/src/ansible/oc_configmap.py b/roles/lib_openshift/src/ansible/oc_configmap.py new file mode 100644 index 000000000..974f72499 --- /dev/null +++ b/roles/lib_openshift/src/ansible/oc_configmap.py @@ -0,0 +1,32 @@ +# pylint: skip-file +# flake8: noqa + + +def main(): + ''' + ansible oc module for managing OpenShift configmap objects + ''' + + module = AnsibleModule( + argument_spec=dict( + kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), + state=dict(default='present', type='str', + choices=['present', 'absent', 'list']), + debug=dict(default=False, type='bool'), + namespace=dict(default='default', type='str'), + name=dict(default=None, required=True, type='str'), + from_file=dict(default=None, type='dict'), + from_literal=dict(default=None, type='dict'), + ), + supports_check_mode=True, + ) + + + rval = OCConfigMap.run_ansible(module.params, module.check_mode) + if 'failed' in rval: + module.fail_json(**rval) + + module.exit_json(**rval) + +if __name__ == '__main__': + main() diff --git a/roles/lib_openshift/src/ansible/oc_pvc.py b/roles/lib_openshift/src/ansible/oc_pvc.py new file mode 100644 index 000000000..a5181e281 --- /dev/null +++ b/roles/lib_openshift/src/ansible/oc_pvc.py @@ -0,0 +1,35 @@ +# pylint: skip-file +# flake8: noqa + +#pylint: disable=too-many-branches +def main(): + ''' + ansible oc module for pvc + ''' + + module = AnsibleModule( + argument_spec=dict( + kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), + state=dict(default='present', type='str', + choices=['present', 'absent', 'list']), + debug=dict(default=False, type='bool'), + name=dict(default=None, required=True, type='str'), + namespace=dict(default=None, required=True, type='str'), + volume_capacity=dict(default='1G', type='str'), + access_modes=dict(default='ReadWriteOnce', + choices=['ReadWriteOnce', 'ReadOnlyMany', 'ReadWriteMany'], + type='str'), + ), + supports_check_mode=True, + ) + + rval = OCPVC.run_ansible(module.params, module.check_mode) + + if 'failed' in rval: + module.fail_json(**rval) + + return module.exit_json(**rval) + + +if __name__ == '__main__': + main() diff --git a/roles/lib_openshift/src/ansible/oc_user.py b/roles/lib_openshift/src/ansible/oc_user.py new file mode 100644 index 000000000..6b1440796 --- /dev/null +++ b/roles/lib_openshift/src/ansible/oc_user.py @@ -0,0 +1,34 @@ +# pylint: skip-file +# flake8: noqa + +def main(): + ''' + ansible oc module for user + ''' + + module = AnsibleModule( + argument_spec=dict( + kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), + state=dict(default='present', type='str', + choices=['present', 'absent', 'list']), + debug=dict(default=False, type='bool'), + username=dict(default=None, type='str'), + full_name=dict(default=None, type='str'), + # setting groups for user data will not populate the + # 'groups' field in the user data. + # it will call out to the group data and make the user + # entry there + groups=dict(default=[], type='list'), + ), + supports_check_mode=True, + ) + + results = OCUser.run_ansible(module.params, module.check_mode) + + if 'failed' in results: + module.fail_json(**results) + + module.exit_json(**results) + +if __name__ == '__main__': + main() diff --git a/roles/lib_openshift/src/class/oc_configmap.py b/roles/lib_openshift/src/class/oc_configmap.py new file mode 100644 index 000000000..87de3e1df --- /dev/null +++ b/roles/lib_openshift/src/class/oc_configmap.py @@ -0,0 +1,187 @@ +# pylint: skip-file +# flake8: noqa + + +# pylint: disable=too-many-arguments +class OCConfigMap(OpenShiftCLI): + ''' Openshift ConfigMap Class + + ConfigMaps are a way to store data inside of objects + ''' + def __init__(self, + name, + from_file, + from_literal, + state, + namespace, + kubeconfig='/etc/origin/master/admin.kubeconfig', + verbose=False): + ''' Constructor for OpenshiftOC ''' + super(OCConfigMap, self).__init__(namespace, kubeconfig=kubeconfig, verbose=verbose) + self.name = name + self.state = state + self._configmap = None + self._inc_configmap = None + self.from_file = from_file if from_file is not None else {} + self.from_literal = from_literal if from_literal is not None else {} + + @property + def configmap(self): + if self._configmap is None: + self._configmap = self.get() + + return self._configmap + + @configmap.setter + def configmap(self, inc_map): + self._configmap = inc_map + + @property + def inc_configmap(self): + if self._inc_configmap is None: + results = self.create(dryrun=True, output=True) + self._inc_configmap = results['results'] + + return self._inc_configmap + + @inc_configmap.setter + def inc_configmap(self, inc_map): + self._inc_configmap = inc_map + + def from_file_to_params(self): + '''return from_files in a string ready for cli''' + return ["--from-file={}={}".format(key, value) for key, value in self.from_file.items()] + + def from_literal_to_params(self): + '''return from_literal in a string ready for cli''' + return ["--from-literal={}={}".format(key, value) for key, value in self.from_literal.items()] + + def get(self): + '''return a configmap by name ''' + results = self._get('configmap', self.name) + if results['returncode'] == 0 and results['results'][0]: + self.configmap = results['results'][0] + + if results['returncode'] != 0 and '"{}" not found'.format(self.name) in results['stderr']: + results['returncode'] = 0 + + return results + + def delete(self): + '''delete a configmap by name''' + return self._delete('configmap', self.name) + + def create(self, dryrun=False, output=False): + '''Create a configmap + + :dryrun: Product what you would have done. default: False + :output: Whether to parse output. default: False + ''' + + cmd = ['create', 'configmap', self.name] + if self.from_literal is not None: + cmd.extend(self.from_literal_to_params()) + + if self.from_file is not None: + cmd.extend(self.from_file_to_params()) + + if dryrun: + cmd.extend(['--dry-run', '-ojson']) + + results = self.openshift_cmd(cmd, output=output) + + return results + + def update(self): + '''run update configmap ''' + return self._replace_content('configmap', self.name, self.inc_configmap) + + def needs_update(self): + '''compare the current configmap with the proposed and return if they are equal''' + return not Utils.check_def_equal(self.inc_configmap, self.configmap, debug=self.verbose) + + @staticmethod + # pylint: disable=too-many-return-statements,too-many-branches + # TODO: This function should be refactored into its individual parts. + def run_ansible(params, check_mode): + '''run the ansible idempotent code''' + + oc_cm = OCConfigMap(params['name'], + params['from_file'], + params['from_literal'], + params['state'], + params['namespace'], + kubeconfig=params['kubeconfig'], + verbose=params['debug']) + + state = params['state'] + + api_rval = oc_cm.get() + + if 'failed' in api_rval: + return {'failed': True, 'msg': api_rval} + + ##### + # Get + ##### + if state == 'list': + return {'changed': False, 'results': api_rval, 'state': state} + + ######## + # Delete + ######## + if state == 'absent': + if not Utils.exists(api_rval['results'], params['name']): + return {'changed': False, 'state': 'absent'} + + if check_mode: + return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a delete.'} + + api_rval = oc_cm.delete() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + return {'changed': True, 'results': api_rval, 'state': state} + + ######## + # Create + ######## + if state == 'present': + if not Utils.exists(api_rval['results'], params['name']): + + if check_mode: + return {'changed': True, 'msg': 'Would have performed a create.'} + + api_rval = oc_cm.create() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + api_rval = oc_cm.get() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + return {'changed': True, 'results': api_rval, 'state': state} + + ######## + # Update + ######## + if oc_cm.needs_update(): + + api_rval = oc_cm.update() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + api_rval = oc_cm.get() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + return {'changed': True, 'results': api_rval, 'state': state} + + return {'changed': False, 'results': api_rval, 'state': state} + + return {'failed': True, 'msg': 'Unknown state passed. {}'.format(state)} diff --git a/roles/lib_openshift/src/class/oc_pvc.py b/roles/lib_openshift/src/class/oc_pvc.py new file mode 100644 index 000000000..c73abc47c --- /dev/null +++ b/roles/lib_openshift/src/class/oc_pvc.py @@ -0,0 +1,167 @@ +# pylint: skip-file +# flake8: noqa + + +# pylint: disable=too-many-instance-attributes +class OCPVC(OpenShiftCLI): + ''' Class to wrap the oc command line tools ''' + kind = 'pvc' + + # pylint allows 5 + # pylint: disable=too-many-arguments + def __init__(self, + config, + verbose=False): + ''' Constructor for OCVolume ''' + super(OCPVC, self).__init__(config.namespace, config.kubeconfig) + self.config = config + self.namespace = config.namespace + self._pvc = None + + @property + def pvc(self): + ''' property function pvc''' + if not self._pvc: + self.get() + return self._pvc + + @pvc.setter + def pvc(self, data): + ''' setter function for yedit var ''' + self._pvc = data + + def bound(self): + '''return whether the pvc is bound''' + if self.pvc.get_volume_name(): + return True + + return False + + def exists(self): + ''' return whether a pvc exists ''' + if self.pvc: + return True + + return False + + def get(self): + '''return pvc information ''' + result = self._get(self.kind, self.config.name) + if result['returncode'] == 0: + self.pvc = PersistentVolumeClaim(content=result['results'][0]) + elif '\"%s\" not found' % self.config.name in result['stderr']: + result['returncode'] = 0 + result['results'] = [{}] + + return result + + def delete(self): + '''delete the object''' + return self._delete(self.kind, self.config.name) + + def create(self): + '''create the object''' + return self._create_from_content(self.config.name, self.config.data) + + def update(self): + '''update the object''' + # need to update the tls information and the service name + return self._replace_content(self.kind, self.config.name, self.config.data) + + def needs_update(self): + ''' verify an update is needed ''' + if self.pvc.get_volume_name() or self.pvc.is_bound(): + return False + + skip = [] + return not Utils.check_def_equal(self.config.data, self.pvc.yaml_dict, skip_keys=skip, debug=True) + + # pylint: disable=too-many-branches,too-many-return-statements + @staticmethod + def run_ansible(params, check_mode): + '''run the idempotent ansible code''' + pconfig = PersistentVolumeClaimConfig(params['name'], + params['namespace'], + params['kubeconfig'], + params['access_modes'], + params['volume_capacity'], + ) + oc_pvc = OCPVC(pconfig, verbose=params['debug']) + + state = params['state'] + + api_rval = oc_pvc.get() + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + ##### + # Get + ##### + if state == 'list': + return {'changed': False, 'results': api_rval['results'], 'state': state} + + ######## + # Delete + ######## + if state == 'absent': + if oc_pvc.exists(): + + if check_mode: + return {'changed': False, 'msg': 'CHECK_MODE: Would have performed a delete.'} + + api_rval = oc_pvc.delete() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + return {'changed': True, 'results': api_rval, 'state': state} + + return {'changed': False, 'state': state} + + if state == 'present': + ######## + # Create + ######## + if not oc_pvc.exists(): + + if check_mode: + return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a create.'} + + # Create it here + api_rval = oc_pvc.create() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + # return the created object + api_rval = oc_pvc.get() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + return {'changed': True, 'results': api_rval, 'state': state} + + ######## + # Update + ######## + if oc_pvc.pvc.is_bound() or oc_pvc.pvc.get_volume_name(): + api_rval['msg'] = '##### - This volume is currently bound. Will not update - ####' + return {'changed': False, 'results': api_rval, 'state': state} + + if oc_pvc.needs_update(): + api_rval = oc_pvc.update() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + # return the created object + api_rval = oc_pvc.get() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + return {'changed': True, 'results': api_rval, 'state': state} + + return {'changed': False, 'results': api_rval, 'state': state} + + return {'failed': True, 'msg': 'Unknown state passed. {}'.format(state)} diff --git a/roles/lib_openshift/src/class/oc_user.py b/roles/lib_openshift/src/class/oc_user.py new file mode 100644 index 000000000..d9e4eac13 --- /dev/null +++ b/roles/lib_openshift/src/class/oc_user.py @@ -0,0 +1,227 @@ +# pylint: skip-file +# flake8: noqa + +# pylint: disable=too-many-instance-attributes +class OCUser(OpenShiftCLI): + ''' Class to wrap the oc command line tools ''' + kind = 'users' + + def __init__(self, + config, + groups=None, + verbose=False): + ''' Constructor for OCUser ''' + # namespace has no meaning for user operations, hardcode to 'default' + super(OCUser, self).__init__('default', config.kubeconfig) + self.config = config + self.groups = groups + self._user = None + + @property + def user(self): + ''' property function user''' + if not self._user: + self.get() + return self._user + + @user.setter + def user(self, data): + ''' setter function for user ''' + self._user = data + + def exists(self): + ''' return whether a user exists ''' + if self.user: + return True + + return False + + def get(self): + ''' return user information ''' + result = self._get(self.kind, self.config.username) + if result['returncode'] == 0: + self.user = User(content=result['results'][0]) + elif 'users \"%s\" not found' % self.config.username in result['stderr']: + result['returncode'] = 0 + result['results'] = [{}] + + return result + + def delete(self): + ''' delete the object ''' + return self._delete(self.kind, self.config.username) + + def create_group_entries(self): + ''' make entries for user to the provided group list ''' + if self.groups != None: + for group in self.groups: + cmd = ['groups', 'add-users', group, self.config.username] + rval = self.openshift_cmd(cmd, oadm=True) + if rval['returncode'] != 0: + return rval + + return rval + + return {'returncode': 0} + + def create(self): + ''' create the object ''' + rval = self.create_group_entries() + if rval['returncode'] != 0: + return rval + + return self._create_from_content(self.config.username, self.config.data) + + def group_update(self): + ''' update group membership ''' + rval = {'returncode': 0} + cmd = ['get', 'groups', '-o', 'json'] + all_groups = self.openshift_cmd(cmd, output=True) + + # pylint misindentifying all_groups['results']['items'] type + # pylint: disable=invalid-sequence-index + for group in all_groups['results']['items']: + # If we're supposed to be in this group + if group['metadata']['name'] in self.groups \ + and (group['users'] is None or self.config.username not in group['users']): + cmd = ['groups', 'add-users', group['metadata']['name'], + self.config.username] + rval = self.openshift_cmd(cmd, oadm=True) + if rval['returncode'] != 0: + return rval + # else if we're in the group, but aren't supposed to be + elif group['users'] != None and self.config.username in group['users'] \ + and group['metadata']['name'] not in self.groups: + cmd = ['groups', 'remove-users', group['metadata']['name'], + self.config.username] + rval = self.openshift_cmd(cmd, oadm=True) + if rval['returncode'] != 0: + return rval + + return rval + + def update(self): + ''' update the object ''' + rval = self.group_update() + if rval['returncode'] != 0: + return rval + + # need to update the user's info + return self._replace_content(self.kind, self.config.username, self.config.data, force=True) + + def needs_group_update(self): + ''' check if there are group membership changes ''' + cmd = ['get', 'groups', '-o', 'json'] + all_groups = self.openshift_cmd(cmd, output=True) + + # pylint misindentifying all_groups['results']['items'] type + # pylint: disable=invalid-sequence-index + for group in all_groups['results']['items']: + # If we're supposed to be in this group + if group['metadata']['name'] in self.groups \ + and (group['users'] is None or self.config.username not in group['users']): + return True + # else if we're in the group, but aren't supposed to be + elif group['users'] != None and self.config.username in group['users'] \ + and group['metadata']['name'] not in self.groups: + return True + + return False + + def needs_update(self): + ''' verify an update is needed ''' + skip = [] + if self.needs_group_update(): + return True + + return not Utils.check_def_equal(self.config.data, self.user.yaml_dict, skip_keys=skip, debug=True) + + # pylint: disable=too-many-return-statements + @staticmethod + def run_ansible(params, check_mode=False): + ''' run the idempotent ansible code + + params comes from the ansible portion of this module + check_mode: does the module support check mode. (module.check_mode) + ''' + + uconfig = UserConfig(params['kubeconfig'], + params['username'], + params['full_name'], + ) + + oc_user = OCUser(uconfig, params['groups'], + verbose=params['debug']) + state = params['state'] + + api_rval = oc_user.get() + + ##### + # Get + ##### + if state == 'list': + return {'changed': False, 'results': api_rval['results'], 'state': "list"} + + ######## + # Delete + ######## + if state == 'absent': + if oc_user.exists(): + + if check_mode: + return {'changed': False, 'msg': 'Would have performed a delete.'} + + api_rval = oc_user.delete() + + return {'changed': True, 'results': api_rval, 'state': "absent"} + return {'changed': False, 'state': "absent"} + + if state == 'present': + ######## + # Create + ######## + if not oc_user.exists(): + + if check_mode: + return {'changed': False, 'msg': 'Would have performed a create.'} + + # Create it here + api_rval = oc_user.create() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + # return the created object + api_rval = oc_user.get() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + return {'changed': True, 'results': api_rval, 'state': "present"} + + ######## + # Update + ######## + if oc_user.needs_update(): + api_rval = oc_user.update() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + orig_cmd = api_rval['cmd'] + # return the created object + api_rval = oc_user.get() + # overwrite the get/list cmd + api_rval['cmd'] = orig_cmd + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + return {'changed': True, 'results': api_rval, 'state': "present"} + + return {'changed': False, 'results': api_rval, 'state': "present"} + + return {'failed': True, + 'changed': False, + 'results': 'Unknown state passed. %s' % state, + 'state': "unknown"} diff --git a/roles/lib_openshift/src/doc/configmap b/roles/lib_openshift/src/doc/configmap new file mode 100644 index 000000000..5ca8292c4 --- /dev/null +++ b/roles/lib_openshift/src/doc/configmap @@ -0,0 +1,72 @@ +# flake8: noqa +# pylint: skip-file + +DOCUMENTATION = ''' +--- +module: oc_configmap +short_description: Modify, and idempotently manage openshift configmaps +description: + - Modify openshift configmaps programmatically. +options: + state: + description: + - Supported states, present, absent, list + - present - will ensure object is created or updated to the value specified + - list - will return a configmap + - absent - will remove the configmap + required: False + default: present + choices: ["present", 'absent', 'list'] + aliases: [] + kubeconfig: + description: + - The path for the kubeconfig file to use for authentication + required: false + default: /etc/origin/master/admin.kubeconfig + aliases: [] + debug: + description: + - Turn on debug output. + required: false + default: False + aliases: [] + name: + description: + - Name of the object that is being queried. + required: True + default: None + aliases: [] + namespace: + description: + - The namespace where the object lives. + required: false + default: default + aliases: [] + from_file: + description: + - A dict of key, value pairs representing the configmap key and the value represents the file path. + required: false + default: None + aliases: [] + from_literal: + description: + - A dict of key, value pairs representing the configmap key and the value represents the string content + required: false + default: None + aliases: [] +author: +- "kenny woodson <kwoodson@redhat.com>" +extends_documentation_fragment: [] +''' + +EXAMPLES = ''' +- name: create group + oc_configmap: + state: present + name: testmap + from_file: + secret: /path/to/secret + from_literal: + title: systemadmin + register: configout +''' diff --git a/roles/lib_openshift/src/doc/pvc b/roles/lib_openshift/src/doc/pvc new file mode 100644 index 000000000..9240f2a0f --- /dev/null +++ b/roles/lib_openshift/src/doc/pvc @@ -0,0 +1,76 @@ +# flake8: noqa +# pylint: skip-file + +DOCUMENTATION = ''' +--- +module: oc_pvc +short_description: Modify, and idempotently manage openshift persistent volume claims +description: + - Modify openshift persistent volume claims programmatically. +options: + state: + description: + - Supported states, present, absent, list + - present - will ensure object is created or updated to the value specified + - list - will return a pvc + - absent - will remove a pvc + required: False + default: present + choices: ["present", 'absent', 'list'] + aliases: [] + kubeconfig: + description: + - The path for the kubeconfig file to use for authentication + required: false + default: /etc/origin/master/admin.kubeconfig + aliases: [] + debug: + description: + - Turn on debug output. + required: false + default: False + aliases: [] + name: + description: + - Name of the object that is being queried. + required: false + default: None + aliases: [] + namespace: + description: + - The namespace where the object lives. + required: false + default: str + aliases: [] + volume_capacity: + description: + - The requested volume capacity + required: False + default: 1G + aliases: [] + access_modes: + description: + - The access modes allowed for the pvc + - Expects a list + required: False + default: ReadWriteOnce + choices: + - ReadWriteOnce + - ReadOnlyMany + - ReadWriteMany + aliases: [] +author: +- "Kenny Woodson <kwoodson@redhat.com>" +extends_documentation_fragment: [] +''' + +EXAMPLES = ''' +- name: create a pvc + oc_pvc: + namespace: awesomeapp + name: dbstorage + access_modes: + - ReadWriteOnce + volume_capacity: 5G + register: pvcout +''' diff --git a/roles/lib_openshift/src/doc/user b/roles/lib_openshift/src/doc/user new file mode 100644 index 000000000..65ee01eb7 --- /dev/null +++ b/roles/lib_openshift/src/doc/user @@ -0,0 +1,128 @@ +# flake8: noqa +# pylint: skip-file + +DOCUMENTATION = ''' +--- +module: oc_user +short_description: Create, modify, and idempotently manage openshift users. +description: + - Modify openshift users programmatically. +options: + state: + description: + - State controls the action that will be taken with resource + - 'present' will create or update a user to the desired state + - 'absent' will ensure user is removed + - 'list' will read and return a list of users + default: present + choices: ["present", "absent", "list"] + aliases: [] + kubeconfig: + description: + - The path for the kubeconfig file to use for authentication + required: false + default: /etc/origin/master/admin.kubeconfig + aliases: [] + debug: + description: + - Turn on debug output. + required: false + default: False + aliases: [] + username: + description: + - Short username to query/modify. + required: false + default: None + aliases: [] + full_name: + description: + - String with the full name/description of the user. + required: false + default: None + aliases: [] + groups: + description: + - List of groups the user should be a member of. This does not add/update the legacy 'groups' field in the OpenShift user object, but makes user entries into the appropriate OpenShift group object for the given user. + required: false + default: [] + aliases: [] +author: +- "Joel Diaz <jdiaz@redhat.com>" +extends_documentation_fragment: [] +''' + +EXAMPLES = ''' +- name: Ensure user exists + oc_user: + state: present + username: johndoe + full_name "John Doe" + groups: + - dedicated-admins + register: user_johndoe + +user_johndoe variable will have contents like: +ok: [ded-int-aws-master-61034] => { + "user_johndoe": { + "changed": true, + "results": { + "cmd": "oc -n default get users johndoe -o json", + "results": [ + { + "apiVersion": "v1", + "fullName": "John DOe", + "groups": null, + "identities": null, + "kind": "User", + "metadata": { + "creationTimestamp": "2017-02-28T15:09:21Z", + "name": "johndoe", + "resourceVersion": "848781", + "selfLink": "/oapi/v1/users/johndoe", + "uid": "e23d3300-fdc7-11e6-9e3e-12822d6b7656" + } + } + ], + "returncode": 0 + }, + "state": "present" + } +} +'groups' is empty because this field is the OpenShift user object's 'group' field. + +- name: Ensure user does not exist + oc_user: + state: absent + username: johndoe + +- name: List user's info + oc_user: + state: list + username: johndoe + register: user_johndoe + +user_johndoe will have contents similar to: +ok: [ded-int-aws-master-61034] => { + "user_johndoe": { + "changed": false, + "results": [ + { + "apiVersion": "v1", + "fullName": "John Doe", + "groups": null, + "identities": null, + "kind": "User", + "metadata": { + "creationTimestamp": "2017-02-28T15:04:44Z", + "name": "johndoe", + "resourceVersion": "848280", + "selfLink": "/oapi/v1/users/johndoe", + "uid": "3d479ad2-fdc7-11e6-9e3e-12822d6b7656" + } + } + ], + "state": "list" + } +} +''' diff --git a/roles/lib_openshift/src/lib/pvc.py b/roles/lib_openshift/src/lib/pvc.py new file mode 100644 index 000000000..929b50990 --- /dev/null +++ b/roles/lib_openshift/src/lib/pvc.py @@ -0,0 +1,167 @@ +# pylint: skip-file +# flake8: noqa + + +# pylint: disable=too-many-instance-attributes +class PersistentVolumeClaimConfig(object): + ''' Handle pvc options ''' + # pylint: disable=too-many-arguments + def __init__(self, + sname, + namespace, + kubeconfig, + access_modes=None, + vol_capacity='1G'): + ''' constructor for handling pvc options ''' + self.kubeconfig = kubeconfig + self.name = sname + self.namespace = namespace + self.access_modes = access_modes + self.vol_capacity = vol_capacity + self.data = {} + + self.create_dict() + + def create_dict(self): + ''' return a service as a dict ''' + # version + self.data['apiVersion'] = 'v1' + # kind + self.data['kind'] = 'PersistentVolumeClaim' + # metadata + self.data['metadata'] = {} + self.data['metadata']['name'] = self.name + # spec + self.data['spec'] = {} + self.data['spec']['accessModes'] = ['ReadWriteOnce'] + if self.access_modes: + self.data['spec']['accessModes'] = self.access_modes + + # storage capacity + self.data['spec']['resources'] = {} + self.data['spec']['resources']['requests'] = {} + self.data['spec']['resources']['requests']['storage'] = self.vol_capacity + + +# pylint: disable=too-many-instance-attributes,too-many-public-methods +class PersistentVolumeClaim(Yedit): + ''' Class to wrap the oc command line tools ''' + access_modes_path = "spec.accessModes" + volume_capacity_path = "spec.requests.storage" + volume_name_path = "spec.volumeName" + bound_path = "status.phase" + kind = 'PersistentVolumeClaim' + + def __init__(self, content): + '''RoleBinding constructor''' + super(PersistentVolumeClaim, self).__init__(content=content) + self._access_modes = None + self._volume_capacity = None + self._volume_name = None + + @property + def volume_name(self): + ''' volume_name property ''' + if self._volume_name is None: + self._volume_name = self.get_volume_name() + return self._volume_name + + @volume_name.setter + def volume_name(self, data): + ''' volume_name property setter''' + self._volume_name = data + + @property + def access_modes(self): + ''' access_modes property ''' + if self._access_modes is None: + self._access_modes = self.get_access_modes() + if not isinstance(self._access_modes, list): + self._access_modes = list(self._access_modes) + + return self._access_modes + + @access_modes.setter + def access_modes(self, data): + ''' access_modes property setter''' + if not isinstance(data, list): + data = list(data) + + self._access_modes = data + + @property + def volume_capacity(self): + ''' volume_capacity property ''' + if self._volume_capacity is None: + self._volume_capacity = self.get_volume_capacity() + return self._volume_capacity + + @volume_capacity.setter + def volume_capacity(self, data): + ''' volume_capacity property setter''' + self._volume_capacity = data + + def get_access_modes(self): + '''get access_modes''' + return self.get(PersistentVolumeClaim.access_modes_path) or [] + + def get_volume_capacity(self): + '''get volume_capacity''' + return self.get(PersistentVolumeClaim.volume_capacity_path) or [] + + def get_volume_name(self): + '''get volume_name''' + return self.get(PersistentVolumeClaim.volume_name_path) or [] + + def is_bound(self): + '''return whether volume is bound''' + return self.get(PersistentVolumeClaim.bound_path) or [] + + #### ADD ##### + def add_access_mode(self, inc_mode): + ''' add an access_mode''' + if self.access_modes: + self.access_modes.append(inc_mode) + else: + self.put(PersistentVolumeClaim.access_modes_path, [inc_mode]) + + return True + + #### /ADD ##### + + #### Remove ##### + def remove_access_mode(self, inc_mode): + ''' remove an access_mode''' + try: + self.access_modes.remove(inc_mode) + except ValueError as _: + return False + + return True + + #### /REMOVE ##### + + #### UPDATE ##### + def update_access_mode(self, inc_mode): + ''' update an access_mode''' + try: + index = self.access_modes.index(inc_mode) + except ValueError as _: + return self.add_access_mode(inc_mode) + + self.access_modes[index] = inc_mode + + return True + + #### /UPDATE ##### + + #### FIND #### + def find_access_mode(self, inc_mode): + ''' find a user ''' + index = None + try: + index = self.access_modes.index(inc_mode) + except ValueError as _: + return index + + return index diff --git a/roles/lib_openshift/src/lib/user.py b/roles/lib_openshift/src/lib/user.py new file mode 100644 index 000000000..a14d5fc91 --- /dev/null +++ b/roles/lib_openshift/src/lib/user.py @@ -0,0 +1,37 @@ +# pylint: skip-file +# flake8: noqa + + +class UserConfig(object): + ''' Handle user options ''' + def __init__(self, + kubeconfig, + username, + full_name): + ''' constructor for handling user options ''' + self.kubeconfig = kubeconfig + self.username = username + self.full_name = full_name + + self.data = {} + self.create_dict() + + def create_dict(self): + ''' return a user as a dict ''' + self.data['apiVersion'] = 'v1' + self.data['fullName'] = self.full_name + self.data['groups'] = None + self.data['identities'] = None + self.data['kind'] = 'User' + self.data['metadata'] = {} + self.data['metadata']['name'] = self.username + + +# pylint: disable=too-many-instance-attributes +class User(Yedit): + ''' Class to wrap the oc command line tools ''' + kind = 'user' + + def __init__(self, content): + '''User constructor''' + super(User, self).__init__(content=content) diff --git a/roles/lib_openshift/src/sources.yml b/roles/lib_openshift/src/sources.yml index 47951b48a..135e2b752 100644 --- a/roles/lib_openshift/src/sources.yml +++ b/roles/lib_openshift/src/sources.yml @@ -79,6 +79,16 @@ oc_atomic_container.py: - doc/atomic_container - ansible/oc_atomic_container.py +oc_configmap.py: +- doc/generated +- doc/license +- lib/import.py +- doc/configmap +- ../../lib_utils/src/class/yedit.py +- lib/base.py +- class/oc_configmap.py +- ansible/oc_configmap.py + oc_edit.py: - doc/generated - doc/license @@ -163,6 +173,17 @@ oc_project.py: - class/oc_project.py - ansible/oc_project.py +oc_pvc.py: +- doc/generated +- doc/license +- lib/import.py +- doc/pvc +- ../../lib_utils/src/class/yedit.py +- lib/base.py +- lib/pvc.py +- class/oc_pvc.py +- ansible/oc_pvc.py + oc_route.py: - doc/generated - doc/license @@ -230,6 +251,17 @@ oc_service.py: - class/oc_service.py - ansible/oc_service.py +oc_user.py: +- doc/generated +- doc/license +- lib/import.py +- doc/user +- ../../lib_utils/src/class/yedit.py +- lib/base.py +- lib/user.py +- class/oc_user.py +- ansible/oc_user.py + oc_version.py: - doc/generated - doc/license diff --git a/roles/lib_openshift/src/test/integration/oc_configmap.yml b/roles/lib_openshift/src/test/integration/oc_configmap.yml new file mode 100755 index 000000000..c0d200e73 --- /dev/null +++ b/roles/lib_openshift/src/test/integration/oc_configmap.yml @@ -0,0 +1,95 @@ +#!/usr/bin/ansible-playbook --module-path=../../../library/ +## ./oc_configmap.yml -M ../../../library -e "cli_master_test=$OPENSHIFT_MASTER +--- +- hosts: "{{ cli_master_test }}" + gather_facts: no + user: root + vars: + filename: /tmp/test_configmap_from_file + + post_tasks: + - name: Setup a file with known contents + copy: + content: This is a file + dest: "{{ filename }}" + + - name: create a test project + oc_project: + name: test + description: for tests only + + ###### create test ########### + - name: create a configmap + oc_configmap: + state: present + name: configmaptest + namespace: test + from_file: + config: "{{ filename }}" + from_literal: + foo: bar + + - name: fetch the created configmap + oc_configmap: + name: configmaptest + state: list + namespace: test + register: cmout + + - debug: var=cmout + + - name: assert configmaptest exists + assert: + that: + - cmout.results.results[0].metadata.name == 'configmaptest' + - cmout.results.results[0].data.foo == 'bar' + ###### end create test ########### + + ###### update test ########### + - name: create a configmap + oc_configmap: + state: present + name: configmaptest + namespace: test + from_file: + config: "{{ filename }}" + from_literal: + foo: notbar + deployment_type: online + + - name: fetch the updated configmap + oc_configmap: + name: configmaptest + state: list + namespace: test + register: cmout + + - debug: var=cmout + + - name: assert configmaptest exists + assert: + that: + - cmout.results.results[0].metadata.name == 'configmaptest' + - cmout.results.results[0].data.deployment_type == 'online' + - cmout.results.results[0].data.foo == 'notbar' + ###### end update test ########### + + ###### delete test ########### + - name: delete a configmap + oc_configmap: + state: absent + name: configmaptest + namespace: test + + - name: fetch the updated configmap + oc_configmap: + name: configmaptest + state: list + namespace: test + register: cmout + + - debug: var=cmout + + - name: assert configmaptest exists + assert: + that: "'\"configmaptest\" not found' in cmout.results.stderr" diff --git a/roles/lib_openshift/src/test/integration/oc_user.yml b/roles/lib_openshift/src/test/integration/oc_user.yml new file mode 100755 index 000000000..ad1f9d188 --- /dev/null +++ b/roles/lib_openshift/src/test/integration/oc_user.yml @@ -0,0 +1,240 @@ +#!/usr/bin/ansible-playbook --module-path=../../../library/ +# +# ./oc_user.yml -e "cli_master_test=$OPENSHIFT_MASTER +# +--- +- hosts: "{{ cli_master_test }}" + gather_facts: no + user: root + + vars: + test_user: testuser@email.com + test_user_fullname: "Test User" + pre_tasks: + - name: ensure needed vars are defined + fail: + msg: "{{ item }} no defined" + when: "{{ item}} is not defined" + with_items: + - cli_master_test # ansible inventory instance to run playbook against + + tasks: + - name: delete test user (so future tests work) + oc_user: + state: absent + username: "{{ test_user }}" + + - name: get user list + oc_user: + state: list + username: "{{ test_user }}" + register: user_out + - name: "assert test user does not exist" + assert: + that: user_out['results'][0] == {} + msg: "{{ user_out }}" + + - name: get all list + oc_user: + state: list + register: user_out + #- debug: var=user_out + + - name: add test user + oc_user: + state: present + username: "{{ test_user }}" + full_name: "{{ test_user_fullname }}" + register: user_out + - name: assert result set to changed + assert: + that: user_out['changed'] == True + msg: "{{ user_out }}" + + - name: check test user actually added + oc_user: + state: list + username: "{{ test_user }}" + register: user_out + - name: assert user actually added + assert: + that: user_out['results'][0]['metadata']['name'] == "{{ test_user }}" and + user_out['results'][0]['fullName'] == "{{ test_user_fullname }}" + msg: "{{ user_out }}" + + - name: re-add test user + oc_user: + state: present + username: "{{ test_user }}" + full_name: "{{ test_user_fullname }}" + register: user_out + - name: assert re-add result set to not changed + assert: + that: user_out['changed'] == False + msg: "{{ user_out }}" + + - name: modify existing user + oc_user: + state: present + username: "{{ test_user }}" + full_name: 'Something Different' + register: user_out + - name: assert modify existing user result set to changed + assert: + that: user_out['changed'] == True + msg: "{{ user_out }}" + + - name: check modify test user + oc_user: + state: list + username: "{{ test_user }}" + register: user_out + - name: assert modification successful + assert: + that: user_out['results'][0]['metadata']['name'] == "{{ test_user }}" and + user_out['results'][0]['fullName'] == 'Something Different' + msg: "{{ user_out }}" + + - name: delete test user + oc_user: + state: absent + username: "{{ test_user }}" + register: user_out + - name: assert delete marked changed + assert: + that: user_out['changed'] == True + msg: "{{ user_out }}" + + - name: check delete user + oc_user: + state: list + username: "{{ test_user }}" + register: user_out + - name: assert deletion successful + assert: + that: user_out['results'][0] == {} + msg: "{{ user_out }}" + + - name: re-delete test user + oc_user: + state: absent + username: "{{ test_user }}" + register: user_out + - name: check re-delete marked not changed + assert: + that: user_out['changed'] == False + msg: "{{ user_out }}" + + - name: delete test group + oc_obj: + kind: group + state: absent + name: integration-test-group + + - name: create test group + command: oadm groups new integration-test-group + + - name: check group creation + oc_obj: + kind: group + state: list + name: integration-test-group + register: user_out + - name: assert test group created + assert: + that: user_out['results']['results'][0]['metadata']['name'] == "integration-test-group" + msg: "{{ user_out }}" + + - name: create user with group membership + oc_user: + state: present + username: "{{ test_user }}" + groups: + - "integration-test-group" + register: user_out + - debug: var=user_out + - name: get group user members + oc_obj: + kind: group + state: list + name: integration-test-group + register: user_out + - name: assert user group membership + assert: + that: "'{{ test_user }}' in user_out['results']['results'][0]['users'][0]" + msg: "{{ user_out }}" + + - name: delete second test group + oc_obj: + kind: group + state: absent + name: integration-test-group2 + + - name: create empty second group + command: oadm groups new integration-test-group2 + + - name: update user with second group membership + oc_user: + state: present + username: "{{ test_user }}" + groups: + - "integration-test-group" + - "integration-test-group2" + register: user_out + - name: assert adding more group changed + assert: + that: user_out['changed'] == True + + - name: get group memberships + oc_obj: + kind: group + state: list + name: "{{ item }}" + with_items: + - integration-test-group + - integration-test-group2 + register: user_out + - name: assert user member of above groups + assert: + that: "'{{ test_user }}' in user_out['results'][0]['results']['results'][0]['users'] and \ + '{{ test_user }}' in user_out['results'][1]['results']['results'][0]['users']" + msg: "{{ user_out }}" + + - name: update user with only one group + oc_user: + state: present + username: "{{ test_user }}" + groups: + - "integration-test-group2" + register: user_out + - assert: + that: user_out['changed'] == True + + - name: get group memberships + oc_obj: + kind: group + state: list + name: "{{ item }}" + with_items: + - "integration-test-group" + - "integration-test-group2" + register: user_out + - debug: var=user_out + - name: assert proper user membership + assert: + that: "'{{ test_user }}' not in user_out['results'][0]['results']['results'][0]['users'] and \ + '{{ test_user }}' in user_out['results'][1]['results']['results'][0]['users']" + + - name: clean up test groups + oc_obj: + kind: group + state: absent + name: "{{ item }}" + with_items: + - "integration-test-group" + - "integration-test-group2" + + - name: clean up test user + oc_user: + state: absent + username: "{{ test_user }}" diff --git a/roles/lib_openshift/src/test/unit/test_oc_configmap.py b/roles/lib_openshift/src/test/unit/test_oc_configmap.py new file mode 100755 index 000000000..318fd6167 --- /dev/null +++ b/roles/lib_openshift/src/test/unit/test_oc_configmap.py @@ -0,0 +1,239 @@ +''' + Unit tests for oc configmap +''' + +import copy +import os +import six +import sys +import unittest +import mock + +# Removing invalid variable names for tests so that I can +# keep them brief +# pylint: disable=invalid-name,no-name-in-module +# Disable import-error b/c our libraries aren't loaded in jenkins +# pylint: disable=import-error,wrong-import-position +# place class in our python path +module_path = os.path.join('/'.join(os.path.realpath(__file__).split('/')[:-4]), 'library') # noqa: E501 +sys.path.insert(0, module_path) +from oc_configmap import OCConfigMap, locate_oc_binary # noqa: E402 + + +class OCConfigMapTest(unittest.TestCase): + ''' + Test class for OCConfigMap + ''' + params = {'kubeconfig': '/etc/origin/master/admin.kubeconfig', + 'state': 'present', + 'debug': False, + 'name': 'configmap', + 'from_file': {}, + 'from_literal': {}, + 'namespace': 'test'} + + @mock.patch('oc_configmap.Utils._write') + @mock.patch('oc_configmap.Utils.create_tmpfile_copy') + @mock.patch('oc_configmap.OCConfigMap._run') + def test_create_configmap(self, mock_run, mock_tmpfile_copy, mock_write): + ''' Testing a configmap create ''' + # TODO + return + params = copy.deepcopy(OCConfigMapTest.params) + params['from_file'] = {'test': '/root/file'} + params['from_literal'] = {'foo': 'bar'} + + configmap = '''{ + "apiVersion": "v1", + "data": { + "foo": "bar", + "test": "this is a file\\n" + }, + "kind": "ConfigMap", + "metadata": { + "creationTimestamp": "2017-03-20T20:24:35Z", + "name": "configmap", + "namespace": "test" + } + }''' + + mock_run.side_effect = [ + (1, '', 'Error from server (NotFound): configmaps "configmap" not found'), + (0, '', ''), + (0, configmap, ''), + ] + + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + + results = OCConfigMap.run_ansible(params, False) + + self.assertTrue(results['changed']) + self.assertEqual(results['results']['results'][0]['metadata']['name'], 'configmap') + + @mock.patch('oc_configmap.Utils._write') + @mock.patch('oc_configmap.Utils.create_tmpfile_copy') + @mock.patch('oc_configmap.OCConfigMap._run') + def test_update_configmap(self, mock_run, mock_tmpfile_copy, mock_write): + ''' Testing a configmap create ''' + params = copy.deepcopy(OCConfigMapTest.params) + params['from_file'] = {'test': '/root/file'} + params['from_literal'] = {'foo': 'bar', 'deployment_type': 'online'} + + configmap = '''{ + "apiVersion": "v1", + "data": { + "foo": "bar", + "test": "this is a file\\n" + }, + "kind": "ConfigMap", + "metadata": { + "creationTimestamp": "2017-03-20T20:24:35Z", + "name": "configmap", + "namespace": "test" + + } + }''' + + mod_configmap = '''{ + "apiVersion": "v1", + "data": { + "foo": "bar", + "deployment_type": "online", + "test": "this is a file\\n" + }, + "kind": "ConfigMap", + "metadata": { + "creationTimestamp": "2017-03-20T20:24:35Z", + "name": "configmap", + "namespace": "test" + + } + }''' + + mock_run.side_effect = [ + (0, configmap, ''), + (0, mod_configmap, ''), + (0, configmap, ''), + (0, '', ''), + (0, mod_configmap, ''), + ] + + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + + results = OCConfigMap.run_ansible(params, False) + + self.assertTrue(results['changed']) + self.assertEqual(results['results']['results'][0]['metadata']['name'], 'configmap') + self.assertEqual(results['results']['results'][0]['data']['deployment_type'], 'online') + + @unittest.skipIf(six.PY3, 'py2 test only') + @mock.patch('os.path.exists') + @mock.patch('os.environ.get') + def test_binary_lookup_fallback(self, mock_env_get, mock_path_exists): + ''' Testing binary lookup fallback ''' + + mock_env_get.side_effect = lambda _v, _d: '' + + mock_path_exists.side_effect = lambda _: False + + self.assertEqual(locate_oc_binary(), 'oc') + + @unittest.skipIf(six.PY3, 'py2 test only') + @mock.patch('os.path.exists') + @mock.patch('os.environ.get') + def test_binary_lookup_in_path(self, mock_env_get, mock_path_exists): + ''' Testing binary lookup in path ''' + + oc_bin = '/usr/bin/oc' + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_path_exists.side_effect = lambda f: f == oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) + + @unittest.skipIf(six.PY3, 'py2 test only') + @mock.patch('os.path.exists') + @mock.patch('os.environ.get') + def test_binary_lookup_in_usr_local(self, mock_env_get, mock_path_exists): + ''' Testing binary lookup in /usr/local/bin ''' + + oc_bin = '/usr/local/bin/oc' + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_path_exists.side_effect = lambda f: f == oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) + + @unittest.skipIf(six.PY3, 'py2 test only') + @mock.patch('os.path.exists') + @mock.patch('os.environ.get') + def test_binary_lookup_in_home(self, mock_env_get, mock_path_exists): + ''' Testing binary lookup in ~/bin ''' + + oc_bin = os.path.expanduser('~/bin/oc') + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_path_exists.side_effect = lambda f: f == oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) + + @unittest.skipIf(six.PY2, 'py3 test only') + @mock.patch('shutil.which') + @mock.patch('os.environ.get') + def test_binary_lookup_fallback_py3(self, mock_env_get, mock_shutil_which): + ''' Testing binary lookup fallback ''' + + mock_env_get.side_effect = lambda _v, _d: '' + + mock_shutil_which.side_effect = lambda _f, path=None: None + + self.assertEqual(locate_oc_binary(), 'oc') + + @unittest.skipIf(six.PY2, 'py3 test only') + @mock.patch('shutil.which') + @mock.patch('os.environ.get') + def test_binary_lookup_in_path_py3(self, mock_env_get, mock_shutil_which): + ''' Testing binary lookup in path ''' + + oc_bin = '/usr/bin/oc' + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_shutil_which.side_effect = lambda _f, path=None: oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) + + @unittest.skipIf(six.PY2, 'py3 test only') + @mock.patch('shutil.which') + @mock.patch('os.environ.get') + def test_binary_lookup_in_usr_local_py3(self, mock_env_get, mock_shutil_which): + ''' Testing binary lookup in /usr/local/bin ''' + + oc_bin = '/usr/local/bin/oc' + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_shutil_which.side_effect = lambda _f, path=None: oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) + + @unittest.skipIf(six.PY2, 'py3 test only') + @mock.patch('shutil.which') + @mock.patch('os.environ.get') + def test_binary_lookup_in_home_py3(self, mock_env_get, mock_shutil_which): + ''' Testing binary lookup in ~/bin ''' + + oc_bin = os.path.expanduser('~/bin/oc') + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_shutil_which.side_effect = lambda _f, path=None: oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) diff --git a/roles/lib_openshift/src/test/unit/test_oc_pvc.py b/roles/lib_openshift/src/test/unit/test_oc_pvc.py new file mode 100755 index 000000000..82187917d --- /dev/null +++ b/roles/lib_openshift/src/test/unit/test_oc_pvc.py @@ -0,0 +1,366 @@ +''' + Unit tests for oc pvc +''' + +import copy +import os +import six +import sys +import unittest +import mock + +# Removing invalid variable names for tests so that I can +# keep them brief +# pylint: disable=invalid-name,no-name-in-module +# Disable import-error b/c our libraries aren't loaded in jenkins +# pylint: disable=import-error,wrong-import-position +# place class in our python path +module_path = os.path.join('/'.join(os.path.realpath(__file__).split('/')[:-4]), 'library') # noqa: E501 +sys.path.insert(0, module_path) +from oc_pvc import OCPVC, locate_oc_binary # noqa: E402 + + +class OCPVCTest(unittest.TestCase): + ''' + Test class for OCPVC + ''' + params = {'kubeconfig': '/etc/origin/master/admin.kubeconfig', + 'state': 'present', + 'debug': False, + 'name': 'mypvc', + 'namespace': 'test', + 'volume_capacity': '1G', + 'access_modes': 'ReadWriteMany'} + + @mock.patch('oc_pvc.Utils.create_tmpfile_copy') + @mock.patch('oc_pvc.OCPVC._run') + def test_create_pvc(self, mock_run, mock_tmpfile_copy): + ''' Testing a pvc create ''' + params = copy.deepcopy(OCPVCTest.params) + + pvc = '''{"kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "mypvc", + "namespace": "test", + "selfLink": "/api/v1/namespaces/test/persistentvolumeclaims/mypvc", + "uid": "77597898-d8d8-11e6-aea5-0e3c0c633889", + "resourceVersion": "126510787", + "creationTimestamp": "2017-01-12T15:04:50Z", + "labels": { + "mypvc": "database" + }, + "annotations": { + "pv.kubernetes.io/bind-completed": "yes", + "pv.kubernetes.io/bound-by-controller": "yes", + "v1.2-volume.experimental.kubernetes.io/provisioning-required": "volume.experimental.kubernetes.io/provisioning-completed" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "1Gi" + } + }, + "volumeName": "pv-aws-ow5vl" + }, + "status": { + "phase": "Bound", + "accessModes": [ + "ReadWriteOnce" + ], + "capacity": { + "storage": "1Gi" + } + } + }''' + + mock_run.side_effect = [ + (1, '', 'Error from server: persistentvolumeclaims "mypvc" not found'), + (1, '', 'Error from server: persistentvolumeclaims "mypvc" not found'), + (0, '', ''), + (0, pvc, ''), + ] + + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + + results = OCPVC.run_ansible(params, False) + + self.assertTrue(results['changed']) + self.assertEqual(results['results']['results'][0]['metadata']['name'], 'mypvc') + + @mock.patch('oc_pvc.Utils.create_tmpfile_copy') + @mock.patch('oc_pvc.OCPVC._run') + def test_update_pvc(self, mock_run, mock_tmpfile_copy): + ''' Testing a pvc create ''' + params = copy.deepcopy(OCPVCTest.params) + params['access_modes'] = 'ReadWriteMany' + + pvc = '''{"kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "mypvc", + "namespace": "test", + "selfLink": "/api/v1/namespaces/test/persistentvolumeclaims/mypvc", + "uid": "77597898-d8d8-11e6-aea5-0e3c0c633889", + "resourceVersion": "126510787", + "creationTimestamp": "2017-01-12T15:04:50Z", + "labels": { + "mypvc": "database" + }, + "annotations": { + "pv.kubernetes.io/bind-completed": "yes", + "pv.kubernetes.io/bound-by-controller": "yes", + "v1.2-volume.experimental.kubernetes.io/provisioning-required": "volume.experimental.kubernetes.io/provisioning-completed" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "1Gi" + } + }, + "volumeName": "pv-aws-ow5vl" + }, + "status": { + "phase": "Bound", + "accessModes": [ + "ReadWriteOnce" + ], + "capacity": { + "storage": "1Gi" + } + } + }''' + + mod_pvc = '''{"kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "mypvc", + "namespace": "test", + "selfLink": "/api/v1/namespaces/test/persistentvolumeclaims/mypvc", + "uid": "77597898-d8d8-11e6-aea5-0e3c0c633889", + "resourceVersion": "126510787", + "creationTimestamp": "2017-01-12T15:04:50Z", + "labels": { + "mypvc": "database" + }, + "annotations": { + "pv.kubernetes.io/bind-completed": "yes", + "pv.kubernetes.io/bound-by-controller": "yes", + "v1.2-volume.experimental.kubernetes.io/provisioning-required": "volume.experimental.kubernetes.io/provisioning-completed" + } + }, + "spec": { + "accessModes": [ + "ReadWriteMany" + ], + "resources": { + "requests": { + "storage": "1Gi" + } + }, + "volumeName": "pv-aws-ow5vl" + }, + "status": { + "phase": "Bound", + "accessModes": [ + "ReadWriteOnce" + ], + "capacity": { + "storage": "1Gi" + } + } + }''' + + mock_run.side_effect = [ + (0, pvc, ''), + (0, pvc, ''), + (0, '', ''), + (0, mod_pvc, ''), + ] + + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + + results = OCPVC.run_ansible(params, False) + + self.assertFalse(results['changed']) + self.assertEqual(results['results']['msg'], '##### - This volume is currently bound. Will not update - ####') + + @mock.patch('oc_pvc.Utils.create_tmpfile_copy') + @mock.patch('oc_pvc.OCPVC._run') + def test_delete_pvc(self, mock_run, mock_tmpfile_copy): + ''' Testing a pvc create ''' + params = copy.deepcopy(OCPVCTest.params) + params['state'] = 'absent' + + pvc = '''{"kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "mypvc", + "namespace": "test", + "selfLink": "/api/v1/namespaces/test/persistentvolumeclaims/mypvc", + "uid": "77597898-d8d8-11e6-aea5-0e3c0c633889", + "resourceVersion": "126510787", + "creationTimestamp": "2017-01-12T15:04:50Z", + "labels": { + "mypvc": "database" + }, + "annotations": { + "pv.kubernetes.io/bind-completed": "yes", + "pv.kubernetes.io/bound-by-controller": "yes", + "v1.2-volume.experimental.kubernetes.io/provisioning-required": "volume.experimental.kubernetes.io/provisioning-completed" + } + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "1Gi" + } + }, + "volumeName": "pv-aws-ow5vl" + }, + "status": { + "phase": "Bound", + "accessModes": [ + "ReadWriteOnce" + ], + "capacity": { + "storage": "1Gi" + } + } + }''' + + mock_run.side_effect = [ + (0, pvc, ''), + (0, '', ''), + ] + + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + + results = OCPVC.run_ansible(params, False) + + self.assertTrue(results['changed']) + + @unittest.skipIf(six.PY3, 'py2 test only') + @mock.patch('os.path.exists') + @mock.patch('os.environ.get') + def test_binary_lookup_fallback(self, mock_env_get, mock_path_exists): + ''' Testing binary lookup fallback ''' + + mock_env_get.side_effect = lambda _v, _d: '' + + mock_path_exists.side_effect = lambda _: False + + self.assertEqual(locate_oc_binary(), 'oc') + + @unittest.skipIf(six.PY3, 'py2 test only') + @mock.patch('os.path.exists') + @mock.patch('os.environ.get') + def test_binary_lookup_in_path(self, mock_env_get, mock_path_exists): + ''' Testing binary lookup in path ''' + + oc_bin = '/usr/bin/oc' + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_path_exists.side_effect = lambda f: f == oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) + + @unittest.skipIf(six.PY3, 'py2 test only') + @mock.patch('os.path.exists') + @mock.patch('os.environ.get') + def test_binary_lookup_in_usr_local(self, mock_env_get, mock_path_exists): + ''' Testing binary lookup in /usr/local/bin ''' + + oc_bin = '/usr/local/bin/oc' + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_path_exists.side_effect = lambda f: f == oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) + + @unittest.skipIf(six.PY3, 'py2 test only') + @mock.patch('os.path.exists') + @mock.patch('os.environ.get') + def test_binary_lookup_in_home(self, mock_env_get, mock_path_exists): + ''' Testing binary lookup in ~/bin ''' + + oc_bin = os.path.expanduser('~/bin/oc') + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_path_exists.side_effect = lambda f: f == oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) + + @unittest.skipIf(six.PY2, 'py3 test only') + @mock.patch('shutil.which') + @mock.patch('os.environ.get') + def test_binary_lookup_fallback_py3(self, mock_env_get, mock_shutil_which): + ''' Testing binary lookup fallback ''' + + mock_env_get.side_effect = lambda _v, _d: '' + + mock_shutil_which.side_effect = lambda _f, path=None: None + + self.assertEqual(locate_oc_binary(), 'oc') + + @unittest.skipIf(six.PY2, 'py3 test only') + @mock.patch('shutil.which') + @mock.patch('os.environ.get') + def test_binary_lookup_in_path_py3(self, mock_env_get, mock_shutil_which): + ''' Testing binary lookup in path ''' + + oc_bin = '/usr/bin/oc' + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_shutil_which.side_effect = lambda _f, path=None: oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) + + @unittest.skipIf(six.PY2, 'py3 test only') + @mock.patch('shutil.which') + @mock.patch('os.environ.get') + def test_binary_lookup_in_usr_local_py3(self, mock_env_get, mock_shutil_which): + ''' Testing binary lookup in /usr/local/bin ''' + + oc_bin = '/usr/local/bin/oc' + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_shutil_which.side_effect = lambda _f, path=None: oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) + + @unittest.skipIf(six.PY2, 'py3 test only') + @mock.patch('shutil.which') + @mock.patch('os.environ.get') + def test_binary_lookup_in_home_py3(self, mock_env_get, mock_shutil_which): + ''' Testing binary lookup in ~/bin ''' + + oc_bin = os.path.expanduser('~/bin/oc') + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_shutil_which.side_effect = lambda _f, path=None: oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) diff --git a/roles/lib_openshift/src/test/unit/test_oc_user.py b/roles/lib_openshift/src/test/unit/test_oc_user.py new file mode 100755 index 000000000..f7a17cc2c --- /dev/null +++ b/roles/lib_openshift/src/test/unit/test_oc_user.py @@ -0,0 +1,127 @@ +#!/usr/bin/env python2 +''' + Unit tests for oc user +''' +# To run +# ./oc_user.py +# +# .. +# ---------------------------------------------------------------------- +# Ran 2 tests in 0.003s +# +# OK + +import os +import sys +import unittest +import mock + +# Removing invalid variable names for tests so that I can +# keep them brief +# pylint: disable=invalid-name,no-name-in-module +# Disable import-error b/c our libraries aren't loaded in jenkins +# pylint: disable=import-error +# place class in our python path +module_path = os.path.join('/'.join(os.path.realpath(__file__).split('/')[:-4]), 'library') # noqa: E501 +sys.path.insert(0, module_path) +from oc_user import OCUser # noqa: E402 + + +class OCUserTest(unittest.TestCase): + ''' + Test class for OCUser + ''' + + def setUp(self): + ''' setup method will create a file and set to known configuration ''' + pass + + @mock.patch('oc_user.Utils.create_tmpfile_copy') + @mock.patch('oc_user.OCUser._run') + def test_state_list(self, mock_cmd, mock_tmpfile_copy): + ''' Testing a user list ''' + params = {'username': 'testuser@email.com', + 'state': 'list', + 'kubeconfig': '/etc/origin/master/admin.kubeconfig', + 'full_name': None, + 'groups': [], + 'debug': False} + + user = '''{ + "kind": "User", + "apiVersion": "v1", + "metadata": { + "name": "testuser@email.com", + "selfLink": "/oapi/v1/users/testuser@email.com", + "uid": "02fee6c9-f20d-11e6-b83b-12e1a7285e80", + "resourceVersion": "38566887", + "creationTimestamp": "2017-02-13T16:53:58Z" + }, + "fullName": "Test User", + "identities": null, + "groups": null + }''' + + mock_cmd.side_effect = [ + (0, user, ''), + ] + + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + + results = OCUser.run_ansible(params, False) + + self.assertFalse(results['changed']) + self.assertTrue(results['results'][0]['metadata']['name'] == "testuser@email.com") + + @mock.patch('oc_user.Utils.create_tmpfile_copy') + @mock.patch('oc_user.OCUser._run') + def test_state_present(self, mock_cmd, mock_tmpfile_copy): + ''' Testing a user list ''' + params = {'username': 'testuser@email.com', + 'state': 'present', + 'kubeconfig': '/etc/origin/master/admin.kubeconfig', + 'full_name': 'Test User', + 'groups': [], + 'debug': False} + + created_user = '''{ + "kind": "User", + "apiVersion": "v1", + "metadata": { + "name": "testuser@email.com", + "selfLink": "/oapi/v1/users/testuser@email.com", + "uid": "8d508039-f224-11e6-b83b-12e1a7285e80", + "resourceVersion": "38646241", + "creationTimestamp": "2017-02-13T19:42:28Z" + }, + "fullName": "Test User", + "identities": null, + "groups": null + }''' + + mock_cmd.side_effect = [ + (1, '', 'Error from server: users "testuser@email.com" not found'), # get + (1, '', 'Error from server: users "testuser@email.com" not found'), # get + (0, 'user "testuser@email.com" created', ''), # create + (0, created_user, ''), # get + ] + + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + + results = OCUser.run_ansible(params, False) + + self.assertTrue(results['changed']) + self.assertTrue(results['results']['results'][0]['metadata']['name'] == + "testuser@email.com") + + def tearDown(self): + '''TearDown method''' + pass + + +if __name__ == "__main__": + unittest.main() |