From d508ec24877a743c6d79dac0574c859e14d40218 Mon Sep 17 00:00:00 2001 From: Thomas Wiest Date: Sun, 29 Jan 2017 14:47:07 -0500 Subject: Added oc_serviceaccount_secret to lib_openshift. --- .../test/integration/oc_serviceaccount_secret.yml | 79 +++++++ .../src/test/unit/oc_serviceaccount.py | 6 +- .../src/test/unit/oc_serviceaccount_secret.py | 257 +++++++++++++++++++++ 3 files changed, 339 insertions(+), 3 deletions(-) create mode 100755 roles/lib_openshift/src/test/integration/oc_serviceaccount_secret.yml create mode 100755 roles/lib_openshift/src/test/unit/oc_serviceaccount_secret.py (limited to 'roles/lib_openshift/src/test') diff --git a/roles/lib_openshift/src/test/integration/oc_serviceaccount_secret.yml b/roles/lib_openshift/src/test/integration/oc_serviceaccount_secret.yml new file mode 100755 index 000000000..d3bd9f3aa --- /dev/null +++ b/roles/lib_openshift/src/test/integration/oc_serviceaccount_secret.yml @@ -0,0 +1,79 @@ +#!/usr/bin/ansible-playbook --module-path=../../../library/ +--- +- hosts: "{{ cli_master_test }}" + gather_facts: no + user: root + + vars: + namespace: default + service_account_name: someserviceaccountname + secret_name: somesecretname + + vars_prompt: + - name: cli_master_test + prompt: "Master to run against" + private: false + default: localhost + + post_tasks: + - name: create service account to test with - Arrange + oc_serviceaccount: + namespace: "{{ namespace }}" + name: "{{ service_account_name }}" + + - name: create secret to test with - Arrange + oc_secret: + namespace: "{{ namespace }}" + name: "{{ secret_name }}" + contents: + - path: blah + data: blahdeblah + + - name: Ensure the service account and secret are not linked - Arrange + oc_serviceaccount_secret: + state: absent + service_account: "{{ service_account_name }}" + secret: "{{ secret_name }}" + namespace: "{{ namespace }}" + + - name: get secrets of a service account - Act + oc_serviceaccount_secret: + state: list + service_account: builder + namespace: "{{ namespace }}" + register: sasecretout + + - name: get secrets of a service account - Assert + assert: + that: + - "sasecretout.changed == False" + - "sasecretout.state == 'list'" + - "sasecretout.results | length > 0" + + - name: Test linking a service account and secret - Act + oc_serviceaccount_secret: + service_account: "{{ service_account_name }}" + secret: "{{ secret_name }}" + namespace: "{{ namespace }}" + register: sasecretout + + - name: Test linking a service account and secret - Assert + assert: + that: + - "sasecretout.changed == True" + - "sasecretout.state == 'present'" + - "sasecretout.results.returncode == 0" + - "sasecretout.results.results | length > 0" + + - name: Test linking a service account and secret - idempotency - Act + oc_serviceaccount_secret: + service_account: "{{ service_account_name }}" + secret: "{{ secret_name }}" + namespace: "{{ namespace }}" + register: sasecretout + + - name: Test linking a service account and secret - idempotency - Assert + assert: + that: + - "sasecretout.changed == False" + - "sasecretout.state == 'present'" diff --git a/roles/lib_openshift/src/test/unit/oc_serviceaccount.py b/roles/lib_openshift/src/test/unit/oc_serviceaccount.py index faf0bfeb5..dab751bb9 100755 --- a/roles/lib_openshift/src/test/unit/oc_serviceaccount.py +++ b/roles/lib_openshift/src/test/unit/oc_serviceaccount.py @@ -100,9 +100,9 @@ class OCServiceAccountTest(unittest.TestCase): # Making sure our mock was called as we expected mock_cmd.assert_has_calls([ - mock.call(['/usr/bin/oc', '-n', 'default', 'get', 'sa', 'testserviceaccountname', '-o', 'json'], None), - mock.call(['/usr/bin/oc', '-n', 'default', 'create', '-f', '/tmp/testserviceaccountname'], None), - mock.call(['/usr/bin/oc', '-n', 'default', 'get', 'sa', 'testserviceaccountname', '-o', 'json'], None), + mock.call(['oc', '-n', 'default', 'get', 'sa', 'testserviceaccountname', '-o', 'json'], None), + mock.call(['oc', '-n', 'default', 'create', '-f', mock.ANY], None), + mock.call(['oc', '-n', 'default', 'get', 'sa', 'testserviceaccountname', '-o', 'json'], None), ]) def tearDown(self): diff --git a/roles/lib_openshift/src/test/unit/oc_serviceaccount_secret.py b/roles/lib_openshift/src/test/unit/oc_serviceaccount_secret.py new file mode 100755 index 000000000..342da961b --- /dev/null +++ b/roles/lib_openshift/src/test/unit/oc_serviceaccount_secret.py @@ -0,0 +1,257 @@ +#!/usr/bin/env python2 +''' + Unit tests for oc secret add +''' +# To run: +# ./oc_serviceaccount_secret.py +# +# . +# Ran 1 test in 0.002s +# +# OK + +import os +import sys +import unittest +import mock + +# Removing invalid variable names for tests so that I can +# keep them brief +# pylint: disable=invalid-name,no-name-in-module +# Disable import-error b/c our libraries aren't loaded in jenkins +# pylint: disable=import-error,wrong-import-position +# place class in our python path +module_path = os.path.join('/'.join(os.path.realpath(__file__).split('/')[:-4]), 'library') # noqa: E501 +sys.path.insert(0, module_path) +from oc_serviceaccount_secret import OCServiceAccountSecret # noqa: E402 + + +class OCServiceAccountSecretTest(unittest.TestCase): + ''' + Test class for OCServiceAccountSecret + ''' + + def setUp(self): + ''' setup method will create a file and set to known configuration ''' + pass + + @mock.patch('oc_serviceaccount_secret.Yedit._write') + @mock.patch('oc_serviceaccount_secret.OCServiceAccountSecret._run') + def test_adding_a_secret_to_a_serviceaccount(self, mock_cmd, mock_write): + ''' Testing adding a secret to a service account ''' + + # Arrange + + # run_ansible input parameters + params = { + 'state': 'present', + 'namespace': 'default', + 'secret': 'newsecret', + 'service_account': 'builder', + 'kubeconfig': '/etc/origin/master/admin.kubeconfig', + 'debug': False, + } + + oc_get_sa_before = '''{ + "kind": "ServiceAccount", + "apiVersion": "v1", + "metadata": { + "name": "builder", + "namespace": "default", + "selfLink": "/api/v1/namespaces/default/serviceaccounts/builder", + "uid": "cf47bca7-ebc4-11e6-b041-0ed9df7abc38", + "resourceVersion": "302879", + "creationTimestamp": "2017-02-05T17:02:00Z" + }, + "secrets": [ + { + "name": "builder-dockercfg-rsrua" + }, + { + "name": "builder-token-akqxi" + } + + ], + "imagePullSecrets": [ + { + "name": "builder-dockercfg-rsrua" + } + ] + } + ''' + + oc_get_sa_after = '''{ + "kind": "ServiceAccount", + "apiVersion": "v1", + "metadata": { + "name": "builder", + "namespace": "default", + "selfLink": "/api/v1/namespaces/default/serviceaccounts/builder", + "uid": "cf47bca7-ebc4-11e6-b041-0ed9df7abc38", + "resourceVersion": "302879", + "creationTimestamp": "2017-02-05T17:02:00Z" + }, + "secrets": [ + { + "name": "builder-dockercfg-rsrua" + }, + { + "name": "builder-token-akqxi" + }, + { + "name": "newsecret" + } + + ], + "imagePullSecrets": [ + { + "name": "builder-dockercfg-rsrua" + } + ] + } + ''' + + builder_yaml_file = '''\ +secrets: +- name: builder-dockercfg-rsrua +- name: builder-token-akqxi +- name: newsecret +kind: ServiceAccount +imagePullSecrets: +- name: builder-dockercfg-rsrua +apiVersion: v1 +metadata: + name: builder + namespace: default + resourceVersion: '302879' + creationTimestamp: '2017-02-05T17:02:00Z' + selfLink: /api/v1/namespaces/default/serviceaccounts/builder + uid: cf47bca7-ebc4-11e6-b041-0ed9df7abc38 +''' + + # Return values of our mocked function call. These get returned once per call. + mock_cmd.side_effect = [ + (0, oc_get_sa_before, ''), # First call to the mock + (0, oc_get_sa_before, ''), # Second call to the mock + (0, 'serviceaccount "builder" replaced', ''), # Third call to the mock + (0, oc_get_sa_after, ''), # Fourth call to the mock + ] + + # Act + results = OCServiceAccountSecret.run_ansible(params, False) + + # Assert + self.assertTrue(results['changed']) + self.assertEqual(results['results']['returncode'], 0) + self.assertEqual(results['state'], 'present') + + # Making sure our mocks were called as we expected + mock_cmd.assert_has_calls([ + mock.call(['oc', '-n', 'default', 'get', 'sa', 'builder', '-o', 'json'], None), + mock.call(['oc', '-n', 'default', 'get', 'sa', 'builder', '-o', 'json'], None), + mock.call(['oc', '-n', 'default', 'replace', '-f', '/tmp/builder'], None), + mock.call(['oc', '-n', 'default', 'get', 'sa', 'builder', '-o', 'json'], None) + ]) + + mock_write.assert_has_calls([ + mock.call('/tmp/builder', builder_yaml_file) + ]) + + @mock.patch('oc_serviceaccount_secret.Yedit._write') + @mock.patch('oc_serviceaccount_secret.OCServiceAccountSecret._run') + def test_removing_a_secret_to_a_serviceaccount(self, mock_cmd, mock_write): + ''' Testing adding a secret to a service account ''' + + # Arrange + + # run_ansible input parameters + params = { + 'state': 'absent', + 'namespace': 'default', + 'secret': 'newsecret', + 'service_account': 'builder', + 'kubeconfig': '/etc/origin/master/admin.kubeconfig', + 'debug': False, + } + + oc_get_sa_before = '''{ + "kind": "ServiceAccount", + "apiVersion": "v1", + "metadata": { + "name": "builder", + "namespace": "default", + "selfLink": "/api/v1/namespaces/default/serviceaccounts/builder", + "uid": "cf47bca7-ebc4-11e6-b041-0ed9df7abc38", + "resourceVersion": "302879", + "creationTimestamp": "2017-02-05T17:02:00Z" + }, + "secrets": [ + { + "name": "builder-dockercfg-rsrua" + }, + { + "name": "builder-token-akqxi" + }, + { + "name": "newsecret" + } + + ], + "imagePullSecrets": [ + { + "name": "builder-dockercfg-rsrua" + } + ] + } + ''' + + builder_yaml_file = '''\ +secrets: +- name: builder-dockercfg-rsrua +- name: builder-token-akqxi +kind: ServiceAccount +imagePullSecrets: +- name: builder-dockercfg-rsrua +apiVersion: v1 +metadata: + name: builder + namespace: default + resourceVersion: '302879' + creationTimestamp: '2017-02-05T17:02:00Z' + selfLink: /api/v1/namespaces/default/serviceaccounts/builder + uid: cf47bca7-ebc4-11e6-b041-0ed9df7abc38 +''' + + # Return values of our mocked function call. These get returned once per call. + mock_cmd.side_effect = [ + (0, oc_get_sa_before, ''), # First call to the mock + (0, oc_get_sa_before, ''), # Second call to the mock + (0, 'serviceaccount "builder" replaced', ''), # Third call to the mock + ] + + # Act + results = OCServiceAccountSecret.run_ansible(params, False) + + # Assert + self.assertTrue(results['changed']) + self.assertEqual(results['results']['returncode'], 0) + self.assertEqual(results['state'], 'absent') + + # Making sure our mocks were called as we expected + mock_cmd.assert_has_calls([ + mock.call(['oc', '-n', 'default', 'get', 'sa', 'builder', '-o', 'json'], None), + mock.call(['oc', '-n', 'default', 'get', 'sa', 'builder', '-o', 'json'], None), + mock.call(['oc', '-n', 'default', 'replace', '-f', '/tmp/builder'], None), + ]) + + mock_write.assert_has_calls([ + mock.call('/tmp/builder', builder_yaml_file) + ]) + + def tearDown(self): + '''TearDown method''' + pass + + +if __name__ == "__main__": + unittest.main() -- cgit v1.2.3