Skip to content

Commit

Permalink
molecule test
Browse files Browse the repository at this point in the history
  • Loading branch information
jmazzitelli committed Oct 30, 2024
1 parent a6f6591 commit f0db2d4
Show file tree
Hide file tree
Showing 8 changed files with 392 additions and 13 deletions.
37 changes: 24 additions & 13 deletions molecule/common/tasks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,18 @@
- debug:
msg: "Present Kiali CR: {{ kiali_cr }}"

- name: Get Kiali Configmap
vars:
instance_name: "{{ kiali.instance_name | default('kiali') }}"
set_fact:
kiali_configmap_resource: "{{ lookup('kubernetes.core.k8s', api_version='v1', kind='ConfigMap', namespace=kiali.install_namespace, resource_name=instance_name) }}"

- name: Format Configmap
set_fact:
kiali_configmap: "{{ kiali_configmap_resource.data['config.yaml'] | from_yaml }}"
- debug:
msg: "Present Kiali ConfigMap: {{ kiali_configmap }}"

- name: Get Kiali Operator Pod
k8s_info:
api_version: v1
Expand All @@ -33,18 +45,8 @@
label_selectors:
- "app.kubernetes.io/instance={{ instance_name }}"
register: kiali_pod

- name: Get Kiali Configmap
vars:
instance_name: "{{ kiali.instance_name | default('kiali') }}"
set_fact:
kiali_configmap_resource: "{{ lookup('kubernetes.core.k8s', api_version='v1', kind='ConfigMap', namespace=kiali.install_namespace, resource_name=instance_name) }}"

- name: Format Configmap
set_fact:
kiali_configmap: "{{ kiali_configmap_resource.data['config.yaml'] | from_yaml }}"
- debug:
msg: "Present Kiali ConfigMap: {{ kiali_configmap }}"
when:
- kiali_configmap.deployment.remote_cluster_resources_only == False

- name: Get Kiali Deployment
vars:
Expand All @@ -56,6 +58,8 @@
label_selectors:
- "app.kubernetes.io/instance={{ instance_name }}"
register: kiali_deployment
when:
- kiali_configmap.deployment.remote_cluster_resources_only == False

- name: Get Kiali Service
vars:
Expand All @@ -67,6 +71,8 @@
label_selectors:
- "app.kubernetes.io/instance={{ instance_name }}"
register: kiali_service
when:
- kiali_configmap.deployment.remote_cluster_resources_only == False

- name: Get Kiali Route
vars:
Expand All @@ -80,6 +86,7 @@
register: kiali_route
when:
- is_openshift == True
- kiali_configmap.deployment.remote_cluster_resources_only == False

- name: Get Kiali Ingress
ignore_errors: yes
Expand All @@ -93,7 +100,8 @@
- "app.kubernetes.io/instance={{ instance_name }}"
register: kiali_ingress
when:
- is_openshift != True
- is_openshift == False
- kiali_configmap.deployment.remote_cluster_resources_only == False

- name: Determine the Kiali Route URL on OpenShift
vars:
Expand All @@ -102,6 +110,7 @@
kiali_base_url: "https://{{ kiali_route.resources[0].spec.host }}{{ web_root }}"
when:
- is_openshift == True
- kiali_configmap.deployment.remote_cluster_resources_only == False

# To avoid problems with Ingress/Minikube conflicts, if installing multiple kiali instances set web_root to the instance name
- name: Determine the Kiali Ingress URL on minikube
Expand All @@ -112,9 +121,11 @@
kiali_base_url: "https://{{ lookup('env', 'MOLECULE_MINIKUBE_IP') }}{{ web_root }}"
when:
- is_minikube == True
- kiali_configmap.deployment.remote_cluster_resources_only == False

- name: Determine the Kiali Ingress URL on kind
set_fact:
kiali_base_url: "http://{{ kiali_service.resources[0].status.loadBalancer.ingress[0].ip }}:20001/kiali"
when:
- is_kind == True
- kiali_configmap.deployment.remote_cluster_resources_only == False
5 changes: 5 additions & 0 deletions molecule/default/prepare.yml
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,9 @@
namespace: "{{ cr_namespace }}"
definition: "{{ kiali_cr_definition }}"

# We normally always want to wait for kiali to be deployed, but for those tests
# where this is not wanted (e.g. when remote_cluster_resources_only==true), then
# import this playbook with the var "wait_for_kiali_pod_after_prepare" set to false.
- name: Asserting that Kiali is Deployed
vars:
instance_name: "{{ kiali.instance_name | default('kiali') }}"
Expand All @@ -127,3 +130,5 @@
- kiali_deployment.resources[0].status.availableReplicas == 1
retries: "{{ wait_retries }}"
delay: 5
when:
- wait_for_kiali_pod_after_prepare | default(true) == True
244 changes: 244 additions & 0 deletions molecule/remote-cluster-resources-test/converge.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,244 @@
- name: Tests
hosts: localhost
connection: local
collections:
- kubernetes.core
vars:
custom_resource: "{{ lookup('template', cr_file_path) | from_yaml }}"
tasks:

# just set some common constants so our assert code in the below tests is easier to read
- set_fact:
querySelector: "app.kubernetes.io/instance=kiali"
queryNamespace: "{{ kiali.install_namespace }}"
apiCMap: "v1"
apiCoLn: "console.openshift.io/v1"
apiDepl: "apps/v1"
apiPod: "v1"
apiServ: "v1"
apiSvcA: "v1"
apiIngr: "networking.k8s.io/{{ 'v1' if (lookup('k8s', kind='Ingress', api_version='networking.k8s.io/v1', errors='ignore') is iterable) else 'v1beta1' }}"
apiRout: "route.openshift.io/v1"
apiOAut: "oauth.openshift.io/v1"

- include_tasks: ../common/wait_for_kiali_cr_changes.yml
- include_tasks: ../common/tasks.yml

# ASSERT CWA=TRUE
- include_tasks: ../asserts/accessible_namespaces_contains.yml
vars:
namespace_list: []

- debug: msg="test to make sure cluster-wide-access is True"
- assert:
that:
- kiali_configmap.deployment.cluster_wide_access == True

- debug: msg="assert that we have clusterroles since we have been given cluster wide access"
- include_tasks: ../asserts/roles-test/rw_clusterrole_asserts.yml
- include_tasks: ../asserts/roles-test/none_role_asserts.yml
vars:
role_namespaces_to_test:
- "{{ istio.control_plane_namespace }}"
- remote-cluster-resources-test-1
- remote-cluster-resources-test-2
- remote-cluster-resources-test-x

# there should be no deployment, pod, service, ingress/route, or OpenShift-specific resources
- name: Make sure we only have the resources that are expected
assert:
that:
- query('k8s', kind='ConfigMap', namespace=queryNamespace, api_version=apiCMap, label_selector=querySelector) | length == 1
- query('k8s', kind='Deployment', namespace=queryNamespace, api_version=apiDepl, label_selector=querySelector) | length == 0
- query('k8s', kind='Pod', namespace=queryNamespace, api_version=apiPod, label_selector=querySelector) | length == 0
- query('k8s', kind='Service', namespace=queryNamespace, api_version=apiServ, label_selector=querySelector) | length == 0
- query('k8s', kind='ServiceAccount', namespace=queryNamespace, api_version=apiSvcA, label_selector=querySelector) | length == 1
- query('k8s', kind='Ingress', namespace=queryNamespace, api_version=apiIngr, label_selector=querySelector) | length == 0
- query('k8s', kind='Route', namespace=queryNamespace, api_version=apiRout, label_selector=querySelector) | length == 0
- query('k8s', kind='ConsoleLink', api_version=apiCoLn, label_selector=querySelector) | length == 0
- query('k8s', kind='OAuthClient', api_version=apiOAut, label_selector=querySelector) | length == 0

# SET discovery selectors=[istio-system, remote-cluster-resources-test-1, remote-cluster-resources-test-x]
- debug: msg="change accessible namespaces to a fixed list of namespaces but keep cluster-wide-access (set to True)"
- include_tasks: ../common/set_discovery_selectors_to_list.yml
vars:
new_cluster_wide_access: true
discovery_selectors:
- matchLabels:
kubernetes.io/metadata.name: "{{ istio.control_plane_namespace}}"
- matchLabels:
kubernetes.io/metadata.name: "remote-cluster-resources-test-1"
- matchLabels:
kubernetes.io/metadata.name: "remote-cluster-resources-test-x"
- include_tasks: ../common/wait_for_kiali_cr_changes.yml
- include_tasks: ../common/tasks.yml
- name: CWA is true so there should be no labels on any namespaces
include_tasks: ../asserts/accessible_namespaces_contains.yml
vars:
namespace_list: []

- debug: msg="test the normal accessible namespaces"
- name: "Even though discovery selectors are set, cluster wide access should still be True because we explicitly asked for it"
assert:
that:
- kiali_configmap.deployment.cluster_wide_access == True

- debug: msg="assert that we have clusterroles since we have been given cluster wide access"
- include_tasks: ../asserts/roles-test/rw_clusterrole_asserts.yml
- include_tasks: ../asserts/roles-test/none_role_asserts.yml
vars:
role_namespaces_to_test:
- "{{ istio.control_plane_namespace }}"
- remote-cluster-resources-test-1
- remote-cluster-resources-test-2
- remote-cluster-resources-test-x

# there should be no deployment, pod, service, ingress/route, or OpenShift-specific resources
- name: Make sure we only have the resources that are expected
assert:
that:
- query('k8s', kind='ConfigMap', namespace=queryNamespace, api_version=apiCMap, label_selector=querySelector) | length == 1
- query('k8s', kind='Deployment', namespace=queryNamespace, api_version=apiDepl, label_selector=querySelector) | length == 0
- query('k8s', kind='Pod', namespace=queryNamespace, api_version=apiPod, label_selector=querySelector) | length == 0
- query('k8s', kind='Service', namespace=queryNamespace, api_version=apiServ, label_selector=querySelector) | length == 0
- query('k8s', kind='ServiceAccount', namespace=queryNamespace, api_version=apiSvcA, label_selector=querySelector) | length == 1
- query('k8s', kind='Ingress', namespace=queryNamespace, api_version=apiIngr, label_selector=querySelector) | length == 0
- query('k8s', kind='Route', namespace=queryNamespace, api_version=apiRout, label_selector=querySelector) | length == 0
- query('k8s', kind='ConsoleLink', api_version=apiCoLn, label_selector=querySelector) | length == 0
- query('k8s', kind='OAuthClient', api_version=apiOAut, label_selector=querySelector) | length == 0

- debug: msg="Turn off cluster wide access and set our discovery selectors to [istio-system, remote-cluster-resources-test-1]"
- include_tasks: ../common/set_discovery_selectors_to_list.yml
vars:
new_cluster_wide_access: false
discovery_selectors:
- matchLabels:
kubernetes.io/metadata.name: "{{ istio.control_plane_namespace}}"
- matchLabels:
kubernetes.io/metadata.name: "remote-cluster-resources-test-1"
- include_tasks: ../common/wait_for_kiali_cr_changes.yml
- include_tasks: ../common/tasks.yml
- include_tasks: ../asserts/accessible_namespaces_contains.yml
vars:
namespace_list:
- "{{ istio.control_plane_namespace }}"
- 'remote-cluster-resources-test-1'
- assert:
that:
- kiali_configmap.deployment.cluster_wide_access == False

- debug: msg="assert that we have roles since we have NOT been given cluster wide access"
- include_tasks: ../asserts/roles-test/rw_role_asserts.yml
vars:
role_namespaces_to_test:
- "{{ istio.control_plane_namespace }}"
- remote-cluster-resources-test-1
- include_tasks: ../asserts/roles-test/none_clusterrole_asserts.yml

# there should be no deployment, pod, service, ingress/route, or OpenShift-specific resources
- name: Make sure we only have the resources that are expected
assert:
that:
- query('k8s', kind='ConfigMap', namespace=queryNamespace, api_version=apiCMap, label_selector=querySelector) | length == 1
- query('k8s', kind='Deployment', namespace=queryNamespace, api_version=apiDepl, label_selector=querySelector) | length == 0
- query('k8s', kind='Pod', namespace=queryNamespace, api_version=apiPod, label_selector=querySelector) | length == 0
- query('k8s', kind='Service', namespace=queryNamespace, api_version=apiServ, label_selector=querySelector) | length == 0
- query('k8s', kind='ServiceAccount', namespace=queryNamespace, api_version=apiSvcA, label_selector=querySelector) | length == 1
- query('k8s', kind='Ingress', namespace=queryNamespace, api_version=apiIngr, label_selector=querySelector) | length == 0
- query('k8s', kind='Route', namespace=queryNamespace, api_version=apiRout, label_selector=querySelector) | length == 0
- query('k8s', kind='ConsoleLink', api_version=apiCoLn, label_selector=querySelector) | length == 0
- query('k8s', kind='OAuthClient', api_version=apiOAut, label_selector=querySelector) | length == 0

- debug: msg="We have discovery selectors and CWA=false. Now let's set CWA=true and see the roles get removed and cluster roles added"
- include_tasks: ../common/set_kiali_cr.yml
vars:
new_kiali_cr: "{{ kiali_cr_list.resources[0] | combine({'spec': {'deployment': {'cluster_wide_access': True }}}, recursive=True) }}"
- include_tasks: ../common/wait_for_kiali_cr_changes.yml
- include_tasks: ../common/tasks.yml

- include_tasks: ../asserts/roles-test/rw_clusterrole_asserts.yml
- include_tasks: ../asserts/roles-test/none_role_asserts.yml
vars:
role_namespaces_to_test:
- "{{ istio.control_plane_namespace }}"
- remote-cluster-resources-test-1
- remote-cluster-resources-test-2
- remote-cluster-resources-test-x

# there should be no deployment, pod, service, ingress/route, or OpenShift-specific resources
- name: Make sure we only have the resources that are expected
assert:
that:
- query('k8s', kind='ConfigMap', namespace=queryNamespace, api_version=apiCMap, label_selector=querySelector) | length == 1
- query('k8s', kind='Deployment', namespace=queryNamespace, api_version=apiDepl, label_selector=querySelector) | length == 0
- query('k8s', kind='Pod', namespace=queryNamespace, api_version=apiPod, label_selector=querySelector) | length == 0
- query('k8s', kind='Service', namespace=queryNamespace, api_version=apiServ, label_selector=querySelector) | length == 0
- query('k8s', kind='ServiceAccount', namespace=queryNamespace, api_version=apiSvcA, label_selector=querySelector) | length == 1
- query('k8s', kind='Ingress', namespace=queryNamespace, api_version=apiIngr, label_selector=querySelector) | length == 0
- query('k8s', kind='Route', namespace=queryNamespace, api_version=apiRout, label_selector=querySelector) | length == 0
- query('k8s', kind='ConsoleLink', api_version=apiCoLn, label_selector=querySelector) | length == 0
- query('k8s', kind='OAuthClient', api_version=apiOAut, label_selector=querySelector) | length == 0

- debug: msg="We have discovery selectors and CWA=true. Now let's set CWA back to false and see the roles get added and cluster roles removed"
- include_tasks: ../common/set_kiali_cr.yml
vars:
new_kiali_cr: "{{ kiali_cr_list.resources[0] | combine({'spec': {'deployment': {'cluster_wide_access': False }}}, recursive=True) }}"
- include_tasks: ../common/wait_for_kiali_cr_changes.yml
- include_tasks: ../common/tasks.yml

- include_tasks: ../asserts/roles-test/rw_role_asserts.yml
vars:
role_namespaces_to_test:
- "{{ istio.control_plane_namespace }}"
- remote-cluster-resources-test-1
- include_tasks: ../asserts/roles-test/none_clusterrole_asserts.yml

# there should be no deployment, pod, service, ingress/route, or OpenShift-specific resources
- name: Make sure we only have the resources that are expected
assert:
that:
- query('k8s', kind='ConfigMap', namespace=queryNamespace, api_version=apiCMap, label_selector=querySelector) | length == 1
- query('k8s', kind='Deployment', namespace=queryNamespace, api_version=apiDepl, label_selector=querySelector) | length == 0
- query('k8s', kind='Pod', namespace=queryNamespace, api_version=apiPod, label_selector=querySelector) | length == 0
- query('k8s', kind='Service', namespace=queryNamespace, api_version=apiServ, label_selector=querySelector) | length == 0
- query('k8s', kind='ServiceAccount', namespace=queryNamespace, api_version=apiSvcA, label_selector=querySelector) | length == 1
- query('k8s', kind='Ingress', namespace=queryNamespace, api_version=apiIngr, label_selector=querySelector) | length == 0
- query('k8s', kind='Route', namespace=queryNamespace, api_version=apiRout, label_selector=querySelector) | length == 0
- query('k8s', kind='ConsoleLink', api_version=apiCoLn, label_selector=querySelector) | length == 0
- query('k8s', kind='OAuthClient', api_version=apiOAut, label_selector=querySelector) | length == 0

- debug: msg="remove discovery selectors but keep CWA=true and see that the roles have been removed and we are back to using cluster-wide-access and clusterroles"
- include_tasks: ../common/set_discovery_selectors_to_all.yml
- include_tasks: ../common/wait_for_kiali_cr_changes.yml
- include_tasks: ../common/tasks.yml
- include_tasks: ../asserts/accessible_namespaces_contains.yml
vars:
namespace_list: []

- debug: msg="test to make sure we are back to cluster-wide-access is True"
- assert:
that:
- kiali_configmap.deployment.cluster_wide_access == True

- include_tasks: ../asserts/roles-test/rw_clusterrole_asserts.yml
- include_tasks: ../asserts/roles-test/none_role_asserts.yml
vars:
role_namespaces_to_test:
- "{{ istio.control_plane_namespace }}"
- remote-cluster-resources-test-1
- remote-cluster-resources-test-2
- remote-cluster-resources-test-x

# there should be no deployment, pod, service, ingress/route, or OpenShift-specific resources
- name: Make sure we only have the resources that are expected
assert:
that:
- query('k8s', kind='ConfigMap', namespace=queryNamespace, api_version=apiCMap, label_selector=querySelector) | length == 1
- query('k8s', kind='Deployment', namespace=queryNamespace, api_version=apiDepl, label_selector=querySelector) | length == 0
- query('k8s', kind='Pod', namespace=queryNamespace, api_version=apiPod, label_selector=querySelector) | length == 0
- query('k8s', kind='Service', namespace=queryNamespace, api_version=apiServ, label_selector=querySelector) | length == 0
- query('k8s', kind='ServiceAccount', namespace=queryNamespace, api_version=apiSvcA, label_selector=querySelector) | length == 1
- query('k8s', kind='Ingress', namespace=queryNamespace, api_version=apiIngr, label_selector=querySelector) | length == 0
- query('k8s', kind='Route', namespace=queryNamespace, api_version=apiRout, label_selector=querySelector) | length == 0
- query('k8s', kind='ConsoleLink', api_version=apiCoLn, label_selector=querySelector) | length == 0
- query('k8s', kind='OAuthClient', api_version=apiOAut, label_selector=querySelector) | length == 0
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
- name: Destroy
hosts: localhost
connection: local
collections:
- kubernetes.core

- name: Include the base destroy play to destroy the Kiali CR and operator
import_playbook: ../default/destroy.yml

- name: Delete the test namespaces
import_playbook: ./process-namespaces.yml
vars:
state: absent
12 changes: 12 additions & 0 deletions molecule/remote-cluster-resources-test/kiali-cr.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: kiali.io/v1alpha1
kind: Kiali
metadata:
name: kiali
spec:
version: {{ kiali.spec_version }}
auth:
strategy: {{ kiali.auth_strategy }}
deployment:
namespace: {{ kiali.install_namespace }}
cluster_wide_access: {{ kiali.cluster_wide_access|bool }}
remote_cluster_resources_only: true
Loading

0 comments on commit f0db2d4

Please sign in to comment.