├── .gitignore ├── .travis.yml ├── README.md ├── TODO.md ├── defaults └── main.yml ├── examples ├── base-provision │ ├── README.md │ ├── ansible.cfg │ ├── hosts │ ├── provision.yml │ ├── provision │ │ └── base.yml │ └── resources │ │ ├── BuildConfig │ │ └── rhel7-custom.yml │ │ ├── ClusterRole │ │ ├── pod-manager.yml │ │ ├── support-l2.yml │ │ └── support-l3.yml │ │ └── ImageStream │ │ ├── nodejs.yml │ │ └── rhel7.yml ├── cakephp-pipeline │ ├── README.md │ ├── ansible.cfg │ ├── app-build.yml │ ├── app-deploy.yml │ ├── login-creds.yml.example │ ├── mysql.template.yml │ ├── pipeline-setup.yml │ ├── resources │ │ ├── app-buildconfig.yml.j2 │ │ ├── app-deploymentconfig.yml.j2 │ │ ├── app-limitrange-large.yml │ │ ├── app-limitrange-medium.yml │ │ ├── app-limitrange-small.yml │ │ ├── app-limitrange-xlarge.yml │ │ ├── app-quota.yml.j2 │ │ ├── app-route.yml.j2 │ │ └── app-service.yml.j2 │ └── vars │ │ ├── app-build.yml │ │ ├── app-deploy.yml │ │ └── pipeline-setup.yml └── cakephp-template │ ├── README.md │ ├── ansible.cfg │ ├── cakephp-mysql-example.template.yml │ ├── playbook.yml │ └── vars.yml ├── filter_plugins ├── change_record.py ├── is_array.py └── yaml_to_resource_list.py ├── handlers └── main.yml ├── library ├── openshift_login.py └── openshift_provision.py ├── meta └── main.yml ├── tasks ├── cluster-resources.yml ├── cluster-role-binding.yml ├── cluster-role-bindings.yml ├── group.yml ├── helm-chart.yml ├── main.yml ├── openshift-3-version-facts.yml ├── openshift-4-version-facts.yml ├── openshift-cluster-provision.yml ├── openshift-cluster.yml ├── process-template.yml ├── project-imagestreams.yml ├── project-multicast.yml ├── project-pod-network.yml ├── project-resources.yml ├── project-role-binding.yml ├── project-role-bindings.yml ├── project.yml └── service-accounts.yml ├── tests ├── README.md ├── ansible.cfg ├── charts │ ├── test-chart │ │ ├── Chart.yaml │ │ ├── templates │ │ │ ├── configmap-list.yml │ │ │ └── configmap.yml │ │ └── values.yaml │ └── test-cluster-chart │ │ ├── Chart.yaml │ │ ├── templates │ │ ├── storageclass-list.yml │ │ └── storageclass.yml │ │ └── values.yaml ├── inventory ├── login-creds.yml.example ├── manual-test-projects-helm-charts.yml ├── resources │ ├── test-buildconfig.yml.j2 │ ├── test-clusterresourcequota.yml.j2 │ ├── test-clusterrole.yml.j2 │ ├── test-clusterrolebinding.yml.j2 │ ├── test-configmap.yml.j2 │ ├── test-daemonset.yml.j2 │ ├── test-deployment.yml.j2 │ ├── test-deploymentconfig.yml.j2 │ ├── test-horizontalpodautoscaler.yml.j2 │ ├── test-limitrange.yml.j2 │ ├── test-list-statefulset-service.yml.j2 │ ├── test-networkpolicy.yml.j2 │ ├── test-persistentvolume-minimal.yml.j2 │ ├── test-persistentvolume.yml.j2 │ ├── test-persistentvolumeclaim-minimal.yml.j2 │ ├── test-persistentvolumeclaim.yml.j2 │ ├── test-replicaset.yml.j2 │ ├── test-replicationcontroller.yml.j2 │ ├── test-resourcequota.yml.j2 │ ├── test-role.yml.j2 │ ├── test-rolebinding.yml.j2 │ ├── test-route.yml.j2 │ ├── test-secret.yml.j2 │ ├── test-securitycontextconstraints.yml.j2 │ ├── test-service.yml.j2 │ ├── test-serviceaccount.yml.j2 │ ├── test-statefulset.yml.j2 │ ├── test-storageclass-list.yml │ ├── test-storageclass-multidoc-list.yml │ ├── test-storageclass.yml.j2 │ └── test-template.yml.j2 ├── setup-test.yml ├── tasks │ ├── test-projects-join_pod_networks.yml │ └── test-projects-multicast_enabled.yml ├── test-cluster-helm_charts.yml ├── test-cluster_resources-ClusterResourceQuota.yml ├── test-cluster_resources-ClusterRole.yml ├── test-cluster_resources-List.yml ├── test-cluster_resources-PersistentVolume.yml ├── test-cluster_resources-multidoc.yml ├── test-cluster_role_bindings.yml ├── test-groups.yml ├── test-login.yml ├── test-openshift_login.yml ├── test-openshift_provision-BuildConfig.yml ├── test-openshift_provision-ClusterResourceQuota.yml ├── test-openshift_provision-ClusterRole.yml ├── test-openshift_provision-ClusterRoleBinding.yml ├── test-openshift_provision-ConfigMap.yml ├── test-openshift_provision-DaemonSet.yml ├── test-openshift_provision-Deployment.yml ├── test-openshift_provision-DeploymentConfig.yml ├── test-openshift_provision-HorizontalPodAutoscaler.yml ├── test-openshift_provision-ImageStream.yml ├── test-openshift_provision-LimitRange.yml ├── test-openshift_provision-NetworkPolicy.yml ├── test-openshift_provision-PersistentVolume.yml ├── test-openshift_provision-PersistentVolumeClaim.yml ├── test-openshift_provision-ReplicaSet.yml ├── test-openshift_provision-ReplicationController.yml ├── test-openshift_provision-ResourceQuota.yml ├── test-openshift_provision-Role.yml ├── test-openshift_provision-RoleBinding.yml ├── test-openshift_provision-Route.yml ├── test-openshift_provision-Secret.yml ├── test-openshift_provision-SecurityContextConstraints.yml ├── test-openshift_provision-Service.yml ├── test-openshift_provision-ServiceAccount.yml ├── test-openshift_provision-StatefulSet.yml ├── test-openshift_provision-StorageClass.yml ├── test-openshift_provision-Template.yml ├── test-openshift_provision-patch.yml ├── test-projects-basics.yml ├── test-projects-helm_charts.yml ├── test-projects-imagestreams.yml ├── test-projects-join_pod_networks.yml ├── test-projects-multicast_enabled.yml ├── test-projects-process_templates.yml ├── test-projects-resources-BuildConfig.yml ├── test-projects-resources-ConfigMap.yml ├── test-projects-resources-DaemonSet.yml ├── test-projects-resources-Deployment.yml ├── test-projects-resources-DeploymentConfig.yml ├── test-projects-resources-HorizontalPodAutoscaler.yml ├── test-projects-resources-ImageStream.yml ├── test-projects-resources-LimitRange.yml ├── test-projects-resources-List.yml ├── test-projects-resources-PersistentVolumeClaim.yml ├── test-projects-resources-ReplicaSet.yml ├── test-projects-resources-ReplicationController.yml ├── test-projects-resources-ResourceQuota.yml ├── test-projects-resources-Route.yml ├── test-projects-resources-Secret.yml ├── test-projects-resources-Service.yml ├── test-projects-resources-ServiceAccount.yml ├── test-projects-resources-StatefulSet.yml ├── test-projects-resources-Template.yml ├── test-projects-role_bindings.yml ├── test-projects-service_accounts.yml └── test.sh └── vars └── main.yml /.gitignore: -------------------------------------------------------------------------------- 1 | *.swp 2 | *.pyc 3 | *.retry 4 | login-creds.yml 5 | cicd-creds.yml 6 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | language: python 3 | python: "2.7" 4 | 5 | # Use the new container infrastructure 6 | sudo: false 7 | 8 | # Install ansible 9 | addons: 10 | apt: 11 | packages: 12 | - python-pip 13 | 14 | install: 15 | # Install ansible 16 | - pip install ansible 17 | 18 | # Check ansible version 19 | - ansible --version 20 | 21 | # Create ansible.cfg with correct roles_path 22 | - printf '[defaults]\nroles_path=../' >ansible.cfg 23 | 24 | script: 25 | # Basic role syntax check 26 | - ansible-playbook tests/test.yml -i tests/inventory --syntax-check 27 | 28 | notifications: 29 | webhooks: https://galaxy.ansible.com/api/v1/notifications/ -------------------------------------------------------------------------------- /TODO.md: -------------------------------------------------------------------------------- 1 | * Continue work on change filtering and defaults for unspecified values 2 | 3 | * Create module for role and group management 4 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | oc_cmd_base: oc 3 | 4 | openshift_resource_path: 5 | - "{{ playbook_dir }}" 6 | 7 | openshift_provision_change_record: '' 8 | 9 | openshift_provision_cluster_vars: {} 10 | -------------------------------------------------------------------------------- /examples/base-provision/README.md: -------------------------------------------------------------------------------- 1 | # Cluster Base Provisioning Example 2 | 3 | This example shows using openshift-provision to setup basic cluster 4 | infrastructure of the sort that would immediately follow cluster installation 5 | or configuration with the 6 | [openshift-ansible playbooks](https://github.com/openshift/openshift-ansible). 7 | 8 | While other examples need to provide authentication and connection information, 9 | in this case we assume that our playbook can run directly on the cluster 10 | masters as root and so have full privileged access to provision resources in 11 | the cluster. 12 | 13 | For most provisioning tasks we would prefer to run with minimal permissions. 14 | We show here setting up a central CICD service account and a project in which 15 | we may run Jenkins agents to integrate with an external Jenkins server. 16 | 17 | ## The `provision.yml` Playbook 18 | 19 | We run directly on the first (or only) master server. This requires that the 20 | inventory have a group "masters" with at least one master listed. Typically 21 | this would be the same inventory that was used to run the `openshift-ansible` 22 | playbooks to install and configure the cluster. 23 | 24 | The root user is normally logged in as system:admin. If the root user becomes 25 | logged out or logged in as a different user it may be necessary to copy over 26 | `/etc/origin/master/admin.kubeconfig` to `/root/.kube/config` to restore login, 27 | or as we do here, just explicitly point to `/etc/origin/master/admin.kubeconfig` 28 | 29 | ```yaml 30 | # Run directly on a master within the cluster for full access. 31 | - name: Base Provision 32 | hosts: masters[0] 33 | vars: 34 | oc_cmd_base: oc --config=/etc/origin/master/admin.kubeconfig 35 | vars_files: 36 | - provision/base.yml 37 | roles: 38 | - role: openshift-provision 39 | ``` 40 | 41 | See comments in provisino/base.yml for more on this example. 42 | -------------------------------------------------------------------------------- /examples/base-provision/ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | inventory = hosts 3 | 4 | # Don't gather facts 5 | gathering = explicit 6 | 7 | # Assuming the top directory is named openshift-provision 8 | roles_path = ../../../ 9 | 10 | # Disable retry files 11 | retry_files_enabled = False 12 | 13 | [privilege_escalation] 14 | become=True 15 | -------------------------------------------------------------------------------- /examples/base-provision/hosts: -------------------------------------------------------------------------------- 1 | [masters] 2 | openshift-master.libvirt 3 | -------------------------------------------------------------------------------- /examples/base-provision/provision.yml: -------------------------------------------------------------------------------- 1 | # Run directly on a master within the cluster for full access. 2 | - name: Base Provision 3 | hosts: masters[0] 4 | vars: 5 | oc_cmd_base: oc --config=/etc/origin/master/admin.kubeconfig 6 | vars_files: 7 | - provision/base.yml 8 | roles: 9 | - role: openshift-provision 10 | -------------------------------------------------------------------------------- /examples/base-provision/resources/BuildConfig/rhel7-custom.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: BuildConfig 3 | metadata: 4 | name: rhel7-custom 5 | spec: 6 | output: 7 | to: 8 | kind: ImageStreamTag 9 | name: rhel7-custom:latest 10 | postCommit: {} 11 | resources: {} 12 | runPolicy: Serial 13 | source: 14 | git: 15 | uri: https://git.example.com/custom/rhel7.git 16 | type: Git 17 | strategy: 18 | dockerStrategy: 19 | from: 20 | kind: ImageStreamTag 21 | name: rhel7:latest 22 | namespace: openshift 23 | type: Docker 24 | triggers: [] 25 | -------------------------------------------------------------------------------- /examples/base-provision/resources/ClusterRole/pod-manager.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ClusterRole 4 | metadata: 5 | name: pod-manager 6 | rules: 7 | - apiGroups: 8 | - "" 9 | attributeRestrictions: null 10 | resources: 11 | - pods 12 | verbs: 13 | - create 14 | - get 15 | - list 16 | - watch 17 | - apiGroups: 18 | - "" 19 | attributeRestrictions: null 20 | resources: 21 | - pods/log 22 | verbs: 23 | - get 24 | -------------------------------------------------------------------------------- /examples/base-provision/resources/ClusterRole/support-l2.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ClusterRole 4 | metadata: 5 | name: support-l2 6 | rules: [] 7 | # FIXME 8 | -------------------------------------------------------------------------------- /examples/base-provision/resources/ClusterRole/support-l3.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ClusterRole 4 | metadata: 5 | name: support-l3 6 | rules: [] 7 | # FIXME 8 | -------------------------------------------------------------------------------- /examples/base-provision/resources/ImageStream/nodejs.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ImageStream 3 | metadata: 4 | annotations: 5 | openshift.io/display-name: Node.js 6 | # Set action to replace so that removed tags will actually be removed 7 | openshift-provision/action: replace 8 | name: nodejs 9 | spec: 10 | lookupPolicy: 11 | local: false 12 | tags: 13 | - annotations: 14 | description: Build and run Node.js 6 applications on RHEL 7. For more information 15 | about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container. 16 | iconClass: icon-nodejs 17 | openshift.io/display-name: Node.js 6 18 | openshift.io/provider-display-name: Red Hat, Inc. 19 | sampleRepo: https://github.com/openshift/nodejs-ex.git 20 | supports: nodejs:6,nodejs 21 | tags: builder,nodejs 22 | version: "6" 23 | from: 24 | kind: DockerImage 25 | name: registry.access.redhat.com/rhscl/nodejs-6-rhel7:latest 26 | importPolicy: 27 | scheduled: true 28 | name: "6" 29 | referencePolicy: 30 | type: Source 31 | - annotations: 32 | description: Build and run Node.js 8 applications on RHEL 7. For more information 33 | about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container. 34 | iconClass: icon-nodejs 35 | openshift.io/display-name: Node.js 8 36 | openshift.io/provider-display-name: Red Hat, Inc. 37 | sampleRepo: https://github.com/openshift/nodejs-ex.git 38 | supports: nodejs:8,nodejs 39 | tags: builder,nodejs 40 | version: "8" 41 | from: 42 | kind: DockerImage 43 | name: registry.access.redhat.com/rhscl/nodejs-8-rhel7:latest 44 | importPolicy: 45 | scheduled: true 46 | name: "8" 47 | referencePolicy: 48 | type: Source 49 | - annotations: 50 | description: |- 51 | Build and run Node.js applications on RHEL 7. For more information about using this builder image, including OpenShift considerations, see https://github.com/sclorg/s2i-nodejs-container/blob/master/4/README.md. 52 | 53 | WARNING: By selecting this tag, your application will automatically update to use the latest version of Node.js available on OpenShift, including major versions updates. 54 | iconClass: icon-nodejs 55 | openshift.io/display-name: Node.js (Latest) 56 | openshift.io/provider-display-name: Red Hat, Inc. 57 | sampleRepo: https://github.com/openshift/nodejs-ex.git 58 | supports: nodejs 59 | tags: builder,nodejs 60 | from: 61 | kind: ImageStreamTag 62 | name: "8" 63 | importPolicy: {} 64 | name: latest 65 | referencePolicy: 66 | type: Source 67 | -------------------------------------------------------------------------------- /examples/base-provision/resources/ImageStream/rhel7.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ImageStream 3 | metadata: 4 | annotations: 5 | openshift.io/display-name: RHEL7 6 | name: rhel7 7 | spec: 8 | lookupPolicy: 9 | local: false 10 | tags: 11 | - annotations: 12 | description: Red Hat Enterprise Linux 7 13 | iconClass: icon-shadowman 14 | openshift.io/display-name: RHEL 7 15 | openshift.io/provider-display-name: Red Hat, Inc. 16 | from: 17 | kind: DockerImage 18 | name: registry.access.redhat.com/rhel7:latest 19 | importPolicy: 20 | scheduled: true 21 | name: "latest" 22 | referencePolicy: 23 | type: Source 24 | -------------------------------------------------------------------------------- /examples/cakephp-pipeline/ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | inventory = inventory 3 | 4 | # Don't gather facts 5 | gathering = explicit 6 | 7 | # Assuming the top directory is named openshift-provision 8 | roles_path = ../../../ 9 | 10 | # Disable retry files 11 | retry_files_enabled = False 12 | -------------------------------------------------------------------------------- /examples/cakephp-pipeline/app-build.yml: -------------------------------------------------------------------------------- 1 | - hosts: localhost 2 | connection: local 3 | gather_facts: no 4 | vars_files: 5 | - cicd-creds.yml 6 | - vars/app-build.yml 7 | roles: 8 | - role: openshift-provision 9 | openshift_resource_path: 10 | - resources 11 | openshift_clusters: 12 | - projects: 13 | - name: "{{ app_name }}-build" 14 | imagestreams: 15 | - "{{ app_name }}" 16 | resources: 17 | - app-buildconfig.yml.j2 18 | tasks: 19 | - name: Build {{ app_name }} 20 | command: >- 21 | {{ oc_cmd }} start-build -F -n {{ app_name }}-build {{ app_name }} 22 | # Skip in check mode so it will not report changed 23 | when: not ansible_check_mode 24 | -------------------------------------------------------------------------------- /examples/cakephp-pipeline/app-deploy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | connection: local 4 | gather_facts: no 5 | vars_files: 6 | - cicd-creds.yml 7 | - vars/app-deploy.yml 8 | pre_tasks: 9 | - name: Assert required variables are defined 10 | assert: 11 | that: 12 | - source_environment is defined or ansible_check_mode 13 | - target_environment is defined 14 | roles: 15 | - role: openshift-provision 16 | openshift_resource_path: 17 | - resources 18 | openshift_clusters: 19 | - projects: 20 | - name: "{{ app_name }}-{{ target_environment }}" 21 | imagestreams: 22 | - "{{ app_name }}" 23 | resources: 24 | - app-service.yml.j2 25 | - app-route.yml.j2 26 | - app-deploymentconfig.yml.j2 27 | 28 | tasks: 29 | - name: Promote image from source environment 30 | # If promoting across clusters we would need credentials 31 | # for both and use skopeo 32 | command: >- 33 | oc tag 34 | {{ app_name }}-{{ source_environment }}/{{ app_name }}:latest 35 | {{ app_name }}-{{ target_environment }}/{{ app_name }}:latest 36 | # Skip in check mode so it will not report changed 37 | when: not ansible_check_mode 38 | 39 | - name: Rollout latest (in case only config change) 40 | command: >- 41 | oc rollout latest {{ app_name }} 42 | -n {{ app_name }}-{{ target_environment }} 43 | register: rollout 44 | failed_when: >- 45 | rollout.rc != 0 and 46 | 'already in progress' not in rollout.stderr 47 | # Skip in check mode so it will not report changed 48 | when: not ansible_check_mode 49 | -------------------------------------------------------------------------------- /examples/cakephp-pipeline/login-creds.yml.example: -------------------------------------------------------------------------------- 1 | --- 2 | openshift_connection_server: https://openshift-master.libvirt 3 | openshift_connection_insecure_skip_tls_verify: "true" 4 | openshift_connection_token: L6e9y9uDUWouDlPkvEI5KxHYvGliNagYZFXXix8-ydA 5 | -------------------------------------------------------------------------------- /examples/cakephp-pipeline/pipeline-setup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | connection: local 4 | gather_facts: no 5 | vars_files: 6 | - login-creds.yml 7 | - vars/pipeline-setup.yml 8 | roles: 9 | - role: openshift-provision 10 | openshift_resource_path: 11 | - resources 12 | openshift_clusters: 13 | - projects: 14 | - name: "{{ app_name }}-build" 15 | annotations: 16 | example.com/quota-size: small 17 | service_accounts: 18 | - cicd 19 | resources: 20 | - app-limitrange-small.yml 21 | - app-quota.yml.j2 22 | role_bindings: 23 | - role: edit 24 | users: 25 | - system:serviceaccount:{{ app_name }}-build:cicd 26 | 27 | - name: "{{ app_name }}-dev" 28 | annotations: 29 | example.com/quota-size: medium 30 | process_templates: 31 | - file: mysql.template.yml 32 | parameters: 33 | NAME: "{{ app_name }}" 34 | DATABASE_NAME: "{{ database_name }}" 35 | DATABASE_SERVICE_NAME: "{{ database_service_name }}" 36 | resources: 37 | - app-limitrange-medium.yml 38 | - app-quota.yml.j2 39 | role_bindings: 40 | - role: edit 41 | users: 42 | - system:serviceaccount:{{ app_name }}-build:cicd 43 | 44 | - name: "{{ app_name }}-stage" 45 | annotations: 46 | example.com/quota-size: medium 47 | process_templates: 48 | - file: mysql.template.yml 49 | parameters: 50 | NAME: "{{ app_name }}" 51 | DATABASE_NAME: "{{ database_name }}" 52 | DATABASE_SERVICE_NAME: "{{ database_service_name }}" 53 | resources: 54 | - app-limitrange-medium.yml 55 | - app-quota.yml.j2 56 | role_bindings: 57 | - role: edit 58 | users: 59 | - system:serviceaccount:{{ app_name }}-build:cicd 60 | 61 | - name: "{{ app_name }}-prod" 62 | annotations: 63 | example.com/quota-size: large 64 | process_templates: 65 | - file: mysql.template.yml 66 | parameters: 67 | NAME: "{{ app_name }}" 68 | DATABASE_NAME: "{{ database_name }}" 69 | DATABASE_SERVICE_NAME: "{{ database_service_name }}" 70 | resources: 71 | - app-limitrange-large.yml 72 | - app-quota.yml.j2 73 | role_bindings: 74 | - role: edit 75 | users: 76 | - system:serviceaccount:{{ app_name }}-build:cicd 77 | tasks: 78 | - name: Get token for cicd service account 79 | command: oc sa get-token -n {{ app_name }}-build cicd 80 | changed_when: false 81 | check_mode: no 82 | register: get_cicd_token 83 | 84 | - name: Save cicd service account connection configuration 85 | copy: 86 | content: "{{ cicd_creds |to_yaml}}" 87 | dest: "{{ playbook_dir }}/cicd-creds.yml" 88 | # Explicitly indicate localhost in case this playbook is adapted to 89 | # otherwise run remote 90 | delegate_to: localhost 91 | vars: 92 | cicd_creds: 93 | openshift_connection_server: "{{ openshift_connection_server }}" 94 | openshift_connection_insecure_skip_tls_verify: "{{ openshift_connection_insecure_skip_tls_verify |default('false')}}" 95 | openshift_connection_token: "{{ get_cicd_token.stdout }}" 96 | -------------------------------------------------------------------------------- /examples/cakephp-pipeline/resources/app-buildconfig.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: BuildConfig 3 | metadata: 4 | annotations: 5 | description: Defines how to build the application 6 | template.alpha.openshift.io/wait-for-ready: "true" 7 | name: {{ app_name |to_json}} 8 | spec: 9 | output: 10 | to: 11 | kind: ImageStreamTag 12 | name: {{ (app_name ~ ":latest") |to_json}} 13 | postCommit: 14 | script: ./lib/Cake/Console/cake test app AllTests 15 | source: 16 | contextDir: {{ app_source_context_dir |default('')|to_json}} 17 | git: 18 | ref: {{ app_source_repository_ref |default('')|to_json}} 19 | uri: {{ app_source_repository_uri |to_json}} 20 | type: Git 21 | strategy: 22 | sourceStrategy: 23 | env: 24 | - name: COMPOSER_MIRROR 25 | value: {{ app_source_composer_mirror |default('')|to_json}} 26 | from: 27 | kind: ImageStreamTag 28 | name: php:7.0 29 | namespace: {{ app_source_image_namespace |default('openshift')|to_json}} 30 | type: Source 31 | triggers: 32 | - type: ImageChange 33 | - github: 34 | secret: {{app_build_github_webhook_secret |default('')|to_json}} 35 | type: GitHub 36 | -------------------------------------------------------------------------------- /examples/cakephp-pipeline/resources/app-deploymentconfig.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: DeploymentConfig 3 | metadata: 4 | annotations: 5 | description: Defines how to deploy the application server 6 | template.alpha.openshift.io/wait-for-ready: "true" 7 | name: {{ app_name |to_json}} 8 | spec: 9 | replicas: 1 10 | selector: 11 | name: {{ app_name |to_json}} 12 | strategy: 13 | recreateParams: 14 | pre: 15 | execNewPod: 16 | command: 17 | - ./migrate-database.sh 18 | containerName: cakephp-mysql-example 19 | failurePolicy: Retry 20 | type: Recreate 21 | template: 22 | metadata: 23 | labels: 24 | name: {{ app_name |to_json}} 25 | name: {{ app_name |to_json}} 26 | spec: 27 | containers: 28 | - env: 29 | - name: DATABASE_SERVICE_NAME 30 | value: {{ database_service_name |to_json}} 31 | - name: DATABASE_ENGINE 32 | value: {{ database_engine |to_json}} 33 | - name: DATABASE_NAME 34 | value: {{ database_name |to_json}} 35 | - name: DATABASE_USER 36 | valueFrom: 37 | secretKeyRef: 38 | key: database-user 39 | name: {{ app_name |to_json}} 40 | - name: DATABASE_PASSWORD 41 | valueFrom: 42 | secretKeyRef: 43 | key: database-password 44 | name: {{ app_name |to_json}} 45 | - name: CAKEPHP_SECRET_TOKEN 46 | valueFrom: 47 | secretKeyRef: 48 | key: cakephp-secret-token 49 | name: {{ app_name |to_json}} 50 | - name: CAKEPHP_SECURITY_SALT 51 | valueFrom: 52 | secretKeyRef: 53 | key: cakephp-security-salt 54 | name: {{ app_name |to_json}} 55 | - name: CAKEPHP_SECURITY_CIPHER_SEED 56 | valueFrom: 57 | secretKeyRef: 58 | key: cakephp-security-cipher-seed 59 | name: {{ app_name |to_json}} 60 | - name: OPCACHE_REVALIDATE_FREQ 61 | value: {{ app_opcache_revalidate_freq |default("2")|to_json}} 62 | image: ' ' 63 | livenessProbe: 64 | httpGet: 65 | path: /health.php 66 | port: 8080 67 | initialDelaySeconds: 30 68 | timeoutSeconds: 3 69 | name: cakephp-mysql-example 70 | ports: 71 | - containerPort: 8080 72 | readinessProbe: 73 | httpGet: 74 | path: /health.php 75 | port: 8080 76 | initialDelaySeconds: 3 77 | timeoutSeconds: 3 78 | resources: 79 | limits: 80 | memory: {{ app_memory_limit |default("512Mi")|to_json}} 81 | triggers: 82 | - type: ImageChange 83 | imageChangeParams: 84 | automatic: true 85 | containerNames: 86 | - cakephp-mysql-example 87 | from: 88 | kind: ImageStreamTag 89 | name: {{ (app_name ~ ':latest') |to_json}} 90 | -------------------------------------------------------------------------------- /examples/cakephp-pipeline/resources/app-limitrange-large.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: LimitRange 3 | metadata: 4 | name: core-resource-limits 5 | spec: 6 | limits: 7 | - type: Pod 8 | max: 9 | cpu: "8" 10 | memory: 8Gi 11 | min: 12 | cpu: 100m 13 | memory: 1Mi 14 | - type: Container 15 | max: 16 | cpu: "8" 17 | memory: 8Gi 18 | min: 19 | cpu: 100m 20 | memory: 1Mi 21 | default: 22 | cpu: "1" 23 | memory: 500Mi 24 | defaultRequest: 25 | cpu: 500m 26 | memory: 250Mi 27 | maxLimitRequestRatio: 28 | cpu: "10" 29 | -------------------------------------------------------------------------------- /examples/cakephp-pipeline/resources/app-limitrange-medium.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: LimitRange 3 | metadata: 4 | name: core-resource-limits 5 | spec: 6 | limits: 7 | - type: Pod 8 | max: 9 | cpu: "4" 10 | memory: 4Gi 11 | min: 12 | cpu: 100m 13 | memory: 1Mi 14 | - type: Container 15 | max: 16 | cpu: "4" 17 | memory: 4Gi 18 | min: 19 | cpu: 100m 20 | memory: 1Mi 21 | default: 22 | cpu: "1" 23 | memory: 500Mi 24 | defaultRequest: 25 | cpu: 500m 26 | memory: 250Mi 27 | maxLimitRequestRatio: 28 | cpu: "10" 29 | -------------------------------------------------------------------------------- /examples/cakephp-pipeline/resources/app-limitrange-small.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: LimitRange 3 | metadata: 4 | name: core-resource-limits 5 | spec: 6 | limits: 7 | - type: Pod 8 | max: 9 | cpu: "2" 10 | memory: 2Gi 11 | min: 12 | cpu: 100m 13 | memory: 1Mi 14 | - type: Container 15 | max: 16 | cpu: "2" 17 | memory: 2Gi 18 | min: 19 | cpu: 100m 20 | memory: 1Mi 21 | default: 22 | cpu: "1" 23 | memory: 500Mi 24 | defaultRequest: 25 | cpu: 500m 26 | memory: 250Mi 27 | maxLimitRequestRatio: 28 | cpu: "10" 29 | -------------------------------------------------------------------------------- /examples/cakephp-pipeline/resources/app-limitrange-xlarge.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: LimitRange 3 | metadata: 4 | name: core-resource-limits 5 | spec: 6 | limits: 7 | - type: Pod 8 | max: 9 | cpu: "16" 10 | memory: 16Gi 11 | min: 12 | cpu: 100m 13 | memory: 1Mi 14 | - type: Container 15 | max: 16 | cpu: "16" 17 | memory: 16Gi 18 | min: 19 | cpu: 100m 20 | memory: 1Mi 21 | default: 22 | cpu: "1" 23 | memory: 500Mi 24 | defaultRequest: 25 | cpu: 500m 26 | memory: 250Mi 27 | maxLimitRequestRatio: 28 | cpu: "10" 29 | -------------------------------------------------------------------------------- /examples/cakephp-pipeline/resources/app-quota.yml.j2: -------------------------------------------------------------------------------- 1 | {% set quota_size = project.annotations['example.com/quota-size']|default('medium') %} 2 | apiVersion: v1 3 | kind: ResourceQuota 4 | metadata: 5 | name: compute 6 | annotations: 7 | example.com/quota-size: {{ quota_size |to_json}} 8 | spec: 9 | hard: 10 | {% if quota_size == 'xlarge' %} 11 | pods: "40" 12 | requests.cpu: "8" 13 | requests.memory: 8Gi 14 | limits.cpu: "16" 15 | limits.memory: 16Gi 16 | {% elif quota_size == 'large' %} 17 | pods: "20" 18 | requests.cpu: "4" 19 | requests.memory: 4Gi 20 | limits.cpu: "8" 21 | limits.memory: 8Gi 22 | {% elif quota_size == 'medium' %} 23 | pods: "10" 24 | requests.cpu: "2" 25 | requests.memory: 2Gi 26 | limits.cpu: "4" 27 | limits.memory: 4Gi 28 | {% else %} 29 | # Small or invalid specification 30 | pods: "5" 31 | requests.cpu: "1" 32 | requests.memory: 1Gi 33 | limits.cpu: "2" 34 | limits.memory: 2Gi 35 | {% endif %} 36 | -------------------------------------------------------------------------------- /examples/cakephp-pipeline/resources/app-route.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Route 3 | metadata: 4 | name: {{ app_name |to_json}} 5 | spec: 6 | host: {{ app_domain |default('')|to_json}} 7 | to: 8 | kind: Service 9 | name: {{ app_name |to_json}} 10 | -------------------------------------------------------------------------------- /examples/cakephp-pipeline/resources/app-service.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | description: Exposes and load balances the application pods 6 | service.alpha.openshift.io/dependencies: '[{"name": {{database_service_name |to_json}}, "kind": "Service"}]' 7 | name: {{ app_name |to_json}} 8 | spec: 9 | ports: 10 | - name: web 11 | port: 8080 12 | targetPort: 8080 13 | selector: 14 | name: {{ app_name |to_json}} 15 | -------------------------------------------------------------------------------- /examples/cakephp-pipeline/vars/app-build.yml: -------------------------------------------------------------------------------- 1 | app_name: cakephp-mysql-example 2 | #app_source_context_dir: /mycode 3 | #app_source_repsitory_ref: mybranch 4 | app_source_repository_uri: https://github.com/openshift/cakephp-ex.git 5 | #app_source_image_namespace: openshift 6 | #app_source_composer_mirror: ... 7 | 8 | # Auto generation is not really apprpriate here as it would 9 | # update this value on each iteration... can a github trigger 10 | # use the downward api? Is there another suitable approach? 11 | app_build_github_webhook_secret: bUFSM0daRExsZ2VRWEF5am9ucm45d 12 | -------------------------------------------------------------------------------- /examples/cakephp-pipeline/vars/app-deploy.yml: -------------------------------------------------------------------------------- 1 | app_name: cakephp-mysql-example 2 | #app_domain: cakephp.example.com 3 | #app_memory_limit: 512Mi 4 | #app_opcache_revalidate_freq: "2" 5 | 6 | database_service_name: mysql 7 | database_engine: mysql 8 | database_name: default 9 | -------------------------------------------------------------------------------- /examples/cakephp-pipeline/vars/pipeline-setup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | app_name: cakephp-mysql-example 3 | database_service_name: mysql 4 | database_name: default 5 | -------------------------------------------------------------------------------- /examples/cakephp-template/ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | inventory = inventory 3 | 4 | # Don't gather facts 5 | gathering = explicit 6 | 7 | # Assuming the top directory is named openshift-provision 8 | roles_path = ../../../ 9 | 10 | # Disable retry files 11 | retry_files_enabled = False 12 | -------------------------------------------------------------------------------- /examples/cakephp-template/playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | connection: local 4 | vars_files: 5 | - vars.yml 6 | roles: 7 | - role: openshift-provision 8 | openshift_clusters: 9 | - projects: 10 | - name: "{{ app_name }}" 11 | process_templates: 12 | - file: cakephp-mysql-example.template.yml 13 | parameters: 14 | NAME: "{{ app_name }}" 15 | # If we don't specify a value for the webhook secret it will 16 | # be autogenerated every time and so updated each time the 17 | # template is processed 18 | GITHUB_WEBHOOK_SECRET: "{{ app_build_github_webhook_secret }}" 19 | MEMORY_LIMIT: "{{ app_memory_limit }}" 20 | -------------------------------------------------------------------------------- /examples/cakephp-template/vars.yml: -------------------------------------------------------------------------------- 1 | app_name: cakephp-mysql-example 2 | app_memory_limit: 512Mi 3 | app_build_github_webhook_secret: bUFSM0daRExsZ2VRWEF5am9ucm45d 4 | -------------------------------------------------------------------------------- /filter_plugins/change_record.py: -------------------------------------------------------------------------------- 1 | import json 2 | import re 3 | 4 | def is_connection_opt(s): 5 | m = re.match(r'--([a-z-]+)(=|$)', s) 6 | return m and m.group(1) in ( 7 | 'as', 8 | 'as-group', 9 | 'certificate-authority', 10 | 'client-certificate', 11 | 'client-key', 12 | 'cluster', 13 | 'config', 14 | 'context', 15 | 'insecure-skip-tls-verify', 16 | 'kubeconfig', 17 | 'match-server-version', 18 | 'request-timeout', 19 | 'server', 20 | 'token', 21 | 'user' 22 | ) 23 | 24 | def format_change_command(value): 25 | cmd = [ 26 | str(item) for item in value['cmd'] 27 | if not is_connection_opt(item) 28 | ] 29 | if cmd[0] == 'echo': 30 | cmd.pop(0) 31 | return { 32 | 'action': 'command', 33 | 'command': cmd 34 | } 35 | 36 | def format_change_provision(value): 37 | kind = value['resource']['kind'] 38 | change = { 39 | 'action': str(value['action']), 40 | 'kind': str(kind), 41 | 'name': str(value['resource']['metadata']['name']) 42 | } 43 | if 'namespace' in value['resource']['metadata']: 44 | change['namespace'] = str(value['resource']['metadata']['namespace']) 45 | if kind != 'Secret': 46 | if value.get('patch', None): 47 | change['patch'] = value['patch'] 48 | else: 49 | change['resource'] = value['resource'] 50 | return change 51 | 52 | def record_change(change, change_record): 53 | fh = open(change_record, 'a') 54 | fh.write("---\n") 55 | for k in sorted(change): 56 | v = change[k] 57 | if isinstance(v, str): 58 | fh.write("{}: {}\n".format(k, v)) 59 | elif k == 'command': 60 | fh.write("command: {}\n".format( 61 | ' '.join(v) 62 | )) 63 | else: 64 | fh.write("{}: |\n {}\n".format( 65 | k, 66 | json.dumps( 67 | v, 68 | indent=2, 69 | separators=(',',': ') 70 | ).replace("\n", "\n ") 71 | )) 72 | 73 | def record_change_command(value, change_record=''): 74 | if change_record: 75 | record_change( 76 | format_change_command(value), 77 | change_record 78 | ) 79 | return True 80 | 81 | def record_change_provision(value, change_record=''): 82 | if value['changed'] and change_record: 83 | record_change( 84 | format_change_provision(value), 85 | change_record 86 | ) 87 | return value['changed'] 88 | 89 | class FilterModule(object): 90 | ''' 91 | custom jinja2 filters for working with collections 92 | ''' 93 | 94 | def filters(self): 95 | return { 96 | 'record_change_command': record_change_command, 97 | 'record_change_provision': record_change_provision 98 | } 99 | -------------------------------------------------------------------------------- /filter_plugins/is_array.py: -------------------------------------------------------------------------------- 1 | def is_list(value): 2 | return isinstance(value, list) 3 | 4 | class FilterModule(object): 5 | ''' 6 | custom jinja2 filters for working with collections 7 | ''' 8 | 9 | def filters(self): 10 | return { 11 | 'is_list': is_list 12 | } 13 | -------------------------------------------------------------------------------- /filter_plugins/yaml_to_resource_list.py: -------------------------------------------------------------------------------- 1 | import yaml 2 | import re 3 | 4 | def yaml_to_resource_list(value): 5 | resource_list = [] 6 | for yaml_doc in value.split("\n---\n"): 7 | resource = yaml.load(yaml_doc) 8 | if resource: 9 | if resource.get('kind', '') == 'List': 10 | resource_list.extend(resource.get('items',[])) 11 | else: 12 | resource_list.append(resource) 13 | return resource_list 14 | 15 | class FilterModule(object): 16 | ''' 17 | custom jinja2 filters for handling yaml documents with resource definitions 18 | ''' 19 | 20 | def filters(self): 21 | return { 22 | 'yaml_to_resource_list': yaml_to_resource_list 23 | } 24 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for openshift-application 3 | -------------------------------------------------------------------------------- /tasks/cluster-resources.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Provision cluster resources 3 | openshift_provision: 4 | action: "{{ provision_action }}" 5 | patch_type: >- 6 | {{ 7 | resource | json_query('metadata.annotations."openshift-provision/patch-type"') 8 | | default(resource.patch_type, true) 9 | | default('strategic', true) 10 | }} 11 | connection: 12 | oc_cmd: "{{ oc_cmd }}" 13 | resource: "{{ resource }}" 14 | with_items: "{{ resource_list }}" 15 | loop_control: 16 | loop_var: resource 17 | vars: 18 | provision_action: >- 19 | {{ 20 | resource | json_query('metadata.annotations."openshift-provision/action"') 21 | | default(resource.action, true) 22 | | default('apply', true) 23 | }} 24 | when: provision_action != 'ignore' 25 | register: provision 26 | changed_when: >- 27 | provision | record_change_provision(change_record) 28 | -------------------------------------------------------------------------------- /tasks/cluster-role-binding.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Grant user cluster role {{ cluster_role_binding.role }} 3 | command: >- 4 | {% if ansible_check_mode %}echo{% endif %} 5 | {{ oc_cmd }} adm policy add-cluster-role-to-user 6 | {{ cluster_role_binding.role }} {{ user }} 7 | {% if openshift_provision_openshift_version is version_compare('v3.9', '>=') %} 8 | --rolebinding-name={{ cluster_role_binding.role }} 9 | {% endif %} 10 | with_items: "{{ cluster_role_binding.users | default([]) }}" 11 | loop_control: 12 | loop_var: user 13 | when: >- 14 | ( 15 | user is match('system:serviceaccount:') and 16 | { 17 | 'kind': 'ServiceAccount', 18 | 'name': user.split(':')[3], 19 | 'namespace': user.split(':')[2] 20 | } not in current_cluster_role_service_accounts 21 | ) or ( 22 | user is not match('system:serviceaccount:') and 23 | user not in current_cluster_role_users 24 | ) 25 | check_mode: false 26 | register: command 27 | changed_when: >- 28 | command | record_change_command(change_record) 29 | 30 | - name: Grant group cluster role {{ cluster_role_binding.role }} 31 | command: > 32 | {% if ansible_check_mode %}echo{% endif %} 33 | {{ oc_cmd }} adm policy add-cluster-role-to-group {{ cluster_role_binding.role }} {{ group }} 34 | with_items: "{{ cluster_role_binding.groups | default([]) }}" 35 | loop_control: 36 | loop_var: group 37 | when: > 38 | group not in current_cluster_role_groups 39 | check_mode: false 40 | register: command 41 | changed_when: >- 42 | command | record_change_command(change_record) 43 | 44 | - name: Remove unlisted users from cluster role {{ cluster_role_binding.role }} 45 | command: > 46 | {% if ansible_check_mode %}echo{% endif %} 47 | {{ oc_cmd }} adm policy remove-cluster-role-from-user 48 | {{ cluster_role_binding.role }} {{ user }} 49 | with_items: "{{ current_cluster_role_users }}" 50 | loop_control: 51 | loop_var: user 52 | when: > 53 | ( cluster_role_binding.remove_unlisted | default(false) | bool or 54 | cluster_role_binding.remove_unlisted_users | default(false) | bool ) and 55 | user not in cluster_role_binding.users | default([]) 56 | check_mode: false 57 | register: command 58 | changed_when: >- 59 | command | record_change_command(change_record) 60 | 61 | - name: Remove unlisted service accounts from cluster role {{ cluster_role_binding.role }} 62 | command: > 63 | {% if ansible_check_mode %}echo{% endif %} 64 | {{ oc_cmd }} adm policy remove-cluster-role-from-user 65 | {{ cluster_role_binding.role }} {{ service_account_string }} 66 | with_items: "{{ current_cluster_role_service_accounts }}" 67 | loop_control: 68 | loop_var: service_account 69 | vars: 70 | service_account_string: >- 71 | system:serviceaccount:{{ service_account.namespace }}:{{ service_account.name }} 72 | when: > 73 | ( cluster_role_binding.remove_unlisted | default(false) | bool or 74 | cluster_role_binding.remove_unlisted_users | default(false) | bool ) and 75 | service_account_string not in cluster_role_binding.users | default([]) 76 | check_mode: false 77 | register: command 78 | changed_when: >- 79 | command | record_change_command(change_record) 80 | 81 | - name: Remove unlisted groups from cluster role {{ cluster_role_binding.role }} 82 | command: > 83 | {% if ansible_check_mode %}echo{% endif %} 84 | {{ oc_cmd }} adm policy remove-cluster-role-from-group {{ cluster_role_binding.role }} {{ group }} 85 | with_items: "{{ current_cluster_role_groups }}" 86 | loop_control: 87 | loop_var: group 88 | when: > 89 | ( cluster_role_binding.remove_unlisted | default(false) | bool or 90 | cluster_role_binding.remove_unlisted_groups | default(false) | bool ) and 91 | group not in cluster_role_binding.groups | default([]) 92 | check_mode: false 93 | register: command 94 | changed_when: >- 95 | command | record_change_command(change_record) 96 | -------------------------------------------------------------------------------- /tasks/cluster-role-bindings.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Get cluster role bindings 3 | command: "{{ oc_cmd }} get clusterrolebinding -o json" 4 | check_mode: false 5 | changed_when: false 6 | register: get_cluster_role_bindings 7 | 8 | - name: Handle cluster_role_bindings 9 | include_tasks: cluster-role-binding.yml 10 | with_items: "{{ openshift_cluster.cluster_role_bindings | default([]) }}" 11 | loop_control: 12 | loop_var: cluster_role_binding 13 | vars: 14 | current_cluster_role_bindings: >- 15 | {{ get_cluster_role_bindings.stdout | from_json }} 16 | roleref_query: "roleRef.name=='{{ cluster_role_binding.role }}'" 17 | current_cluster_role_users_query: >- 18 | items[?{{ roleref_query }}].subjects[]|[?kind=='User' || kind=='SystemUser'].name 19 | current_cluster_role_users: > 20 | {{ current_cluster_role_bindings 21 | | json_query(current_cluster_role_users_query) 22 | }} 23 | current_cluster_role_groups_query: >- 24 | items[?{{ roleref_query }}].subjects[]|[?kind=='Group' || kind=='SystemGroup'].name 25 | current_cluster_role_groups: > 26 | {{ current_cluster_role_bindings | json_query(current_cluster_role_groups_query) }} 27 | current_cluster_role_service_accounts_query: >- 28 | items[?{{ roleref_query }}].subjects[]|[?kind=='ServiceAccount'] 29 | current_cluster_role_service_accounts: > 30 | {{ current_cluster_role_bindings 31 | | json_query(current_cluster_role_service_accounts_query) 32 | }} 33 | -------------------------------------------------------------------------------- /tasks/group.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Get current members of group {{ group.name }} 3 | command: > 4 | {{ oc_cmd }} get group {{ group.name }} -o 'jsonpath={range .users[*]}{@}{"\n"}{end}' 5 | check_mode: false 6 | changed_when: false 7 | failed_when: false 8 | when: not group.remove_unlisted_members | default(False) | bool 9 | register: get_group_members 10 | 11 | - name: Group {{ group.name }} 12 | openshift_provision: 13 | action: apply 14 | connection: 15 | oc_cmd: "{{ oc_cmd }}" 16 | resource: 17 | apiVersion: v1 18 | kind: Group 19 | metadata: 20 | name: "{{ group.name }}" 21 | users: >- 22 | {{ group.members if group.remove_unlisted_members|default(False)|bool 23 | else group.members|union(get_group_members.stdout_lines)|sort 24 | }} 25 | register: provision 26 | changed_when: >- 27 | provision | record_change_provision(change_record) 28 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Process openshift resources 3 | - name: Handle openshift_clusters 4 | include_tasks: openshift-cluster.yml 5 | with_items: >- 6 | {{ openshift_clusters 7 | | default([openshift_provision] if openshift_provision is defined else []) 8 | }} 9 | loop_control: 10 | loop_var: openshift_cluster 11 | vars: 12 | change_record: >- 13 | {{ openshift_cluster.change_record 14 | | default(openshift_provision_change_record) 15 | }} 16 | oc_cmd_opt: >- 17 | {{ oc_cmd_base }} 18 | {% if openshift_connection_certificate_authority is defined %} 19 | --certificate-authority={{ openshift_connection_certificate_authority | quote }} 20 | {% endif %} 21 | {% if openshift_connection_insecure_skip_tls_verify | default('false') | bool %} 22 | --insecure-skip-tls-verify 23 | {% endif %} 24 | {% if openshift_connection_server is defined %} 25 | --server={{ openshift_connection_server | quote }} 26 | {% endif %} 27 | {% if openshift_connection_token is defined %} 28 | --token={{ openshift_connection_token | quote }} 29 | {% endif %} 30 | {% if openshift_cluster.connection is defined %} 31 | {% for key, value in openshift_cluster.connection.items() %} 32 | --{{ key | regex_replace('_', '-') }}={{ value | quote }} 33 | {% endfor %} 34 | {% endif %} 35 | # openshift_host_env restricts play run to only process cluster on matching 36 | # environments, only run if openshift_host_env is not defined or matches. 37 | when: >- 38 | openshift_cluster.openshift_host_env is not defined or 39 | openshift_cluster.openshift_host_env == openshift_master_cluster_public_hostname or 40 | ( openshift_cluster.openshift_host_env | is_list and 41 | openshift_master_cluster_public_hostname in openshift_cluster.openshift_host_env 42 | ) 43 | -------------------------------------------------------------------------------- /tasks/openshift-3-version-facts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set OpenShift version facts 3 | when: >- 4 | 'Client Version' not in oc_version_output 5 | set_fact: 6 | openshift_provision_oc_version: >- 7 | {{ oc_version_output | regex_replace('(.|\s)*oc (\S+)(.|\s)*', '\2') }} 8 | openshift_provision_openshift_version: >- 9 | {{ oc_version_output | regex_replace('(.|\s)*openshift (\S+)(.|\s)*', '\2') }} 10 | -------------------------------------------------------------------------------- /tasks/openshift-4-version-facts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Get clusterversion version 3 | command: >- 4 | {{ oc_cmd }} get clusterversions version 5 | -o jsonpath={.status.desired.version} 6 | register: get_cluster_version 7 | check_mode: false 8 | changed_when: false 9 | 10 | - name: Set OpenShift version facts 11 | set_fact: 12 | openshift_provision_oc_version: >- 13 | {{ oc_version_output | regex_replace('(.|\s)*Client Version.*GitVersion:"(.*)"(.|\s)*', '\2') }} 14 | openshift_provision_openshift_version: 15 | v{{ get_cluster_version.stdout }} 16 | -------------------------------------------------------------------------------- /tasks/openshift-cluster-provision.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Process cluster_resources before processing other items, including projects. 3 | # This allows items like cluster roles to be defined within cluster_resources. 4 | 5 | - name: Handle cluster_resources 6 | include_tasks: cluster-resources.yml 7 | with_items: "{{ openshift_cluster.cluster_resources | default([]) }}" 8 | vars: 9 | resource_path: "{{ openshift_cluster.resource_path | default(openshift_resource_path) }}" 10 | resource_list: >- 11 | {%- if resource_item is mapping -%} 12 | {{ [resource_item] }} 13 | {%- else -%} 14 | {{ lookup( 15 | 'template' if resource_item.endswith('.j2') else 'file', 16 | lookup('first_found', {'files':resource_item, 'paths': resource_path}) 17 | ) | yaml_to_resource_list 18 | }} 19 | {%- endif -%} 20 | loop_control: 21 | loop_var: resource_item 22 | 23 | - name: Handle cluster process_templates 24 | include_tasks: process-template.yml 25 | with_items: "{{ openshift_cluster.process_templates | default([]) }}" 26 | loop_control: 27 | loop_var: template 28 | 29 | - name: Handle cluster helm_charts 30 | include_tasks: helm-chart.yml 31 | with_items: "{{ openshift_cluster.helm_charts | default([]) }}" 32 | loop_control: 33 | loop_var: helm_chart 34 | 35 | - name: Handle groups 36 | include_tasks: group.yml 37 | with_items: "{{ openshift_cluster.groups | default([]) }}" 38 | loop_control: 39 | loop_var: group 40 | 41 | - name: Handle cluster_role_bindings 42 | include_tasks: cluster-role-bindings.yml 43 | when: openshift_cluster.cluster_role_bindings is defined 44 | 45 | - name: Handle projects 46 | include_tasks: project.yml 47 | with_items: "{{ openshift_cluster.projects | default([]) }}" 48 | loop_control: 49 | loop_var: project 50 | vars: 51 | cluster_resource_path: "{{ openshift_cluster.resource_path | default(openshift_resource_path) }}" 52 | 53 | # Process resources after processing other items such as projects. This 54 | # allows creation of resources in multiple projects in a specific order by 55 | # specifying the namespace in the resource metadata. 56 | - name: Handle cluster level resources 57 | include_tasks: cluster-resources.yml 58 | with_items: "{{ openshift_cluster.cluster_resources | default([]) }}" 59 | vars: 60 | resource_path: "{{ openshift_cluster.resource_path | default(openshift_resource_path) }}" 61 | resource_list: >- 62 | {%- if resource_item is mapping -%} 63 | {{ [resource_item] }} 64 | {%- else -%} 65 | {{ lookup( 66 | 'template' if resource_item.endswith('.j2') else 'file', 67 | lookup('first_found', {'files':resource_item, 'paths': resource_path}) 68 | ) | yaml_to_resource_list 69 | }} 70 | {%- endif -%} 71 | loop_control: 72 | loop_var: resource_item 73 | -------------------------------------------------------------------------------- /tasks/openshift-cluster.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - when: >- 3 | openshift_login_username is defined or 4 | openshift_cluster.login is defined 5 | block: 6 | - name: Login to cluster 7 | command: >- 8 | {{ oc_cmd_opt }} login 9 | {% if openshift_cluster.login is defined %} 10 | --username={{ openshift_cluster.login.username | quote }} 11 | --password={{ openshift_cluster.login.password | quote }} 12 | {% else %} 13 | --username={{ openshift_login_username | quote }} 14 | --password={{ openshift_login_password | quote }} 15 | {% endif %} 16 | check_mode: false 17 | changed_when: false 18 | 19 | - name: Get login session token 20 | command: >- 21 | oc whoami -t 22 | register: oc_get_token 23 | check_mode: false 24 | changed_when: false 25 | 26 | - name: Set fact for oc_cmd 27 | set_fact: 28 | oc_cmd: >- 29 | {{ oc_cmd_opt }} 30 | {% if not oc_get_token.skipped | default(False) %} 31 | --token={{ oc_get_token.stdout }} 32 | {% endif %} 33 | 34 | - name: Get OpenShift version 35 | command: "{{ oc_cmd }} version" 36 | register: get_version 37 | check_mode: false 38 | changed_when: false 39 | 40 | - name: Process facts for OpenShift version 41 | include_tasks: >- 42 | {% if 'Client Version' in oc_version_output -%} 43 | openshift-4-version-facts.yml 44 | {%- else -%} 45 | openshift-3-version-facts.yml 46 | {%- endif %} 47 | vars: 48 | oc_version_output: get_version.stdout 49 | 50 | - name: Get cluster-vars configmap from kube-public 51 | command: >- 52 | {{ oc_cmd }} get configmap -n kube-public cluster-vars -o json 53 | register: get_cluster_vars 54 | check_mode: false 55 | changed_when: false 56 | failed_when: >- 57 | get_cluster_vars.rc != 0 and 58 | '(NotFound)' not in get_cluster_vars.stderr and 59 | '(Forbidden)' not in get_cluster_vars.stderr 60 | 61 | - name: Set fact for cluster 62 | set_fact: 63 | openshift_provision_cluster_vars: "{{ cluster_vars.data }}" 64 | vars: 65 | cluster_vars: >- 66 | {{ ( 67 | get_cluster_vars.stdout if get_cluster_vars.rc == 0 else '{}' 68 | ) | from_json }} 69 | when: get_cluster_vars.rc == 0 70 | 71 | - name: Include provision pre-tasks 72 | include_tasks: "{{ pre_tasks_include }}" 73 | with_items: >- 74 | {{ openshift_cluster_provision_pre_tasks | default([]) 75 | | union(openshift_cluster.provision_pre_tasks | default([])) 76 | }} 77 | loop_control: 78 | loop_var: pre_tasks_include 79 | 80 | - name: Provision resources for cluster 81 | include_tasks: openshift-cluster-provision.yml 82 | 83 | - name: Include provision post-tasks 84 | include_tasks: "{{ post_tasks_include }}" 85 | with_items: >- 86 | {{ openshift_cluster_provision_post_tasks | default([]) 87 | | union(openshift_cluster.provision_post_tasks | default([])) 88 | }} 89 | loop_control: 90 | loop_var: post_tasks_include 91 | -------------------------------------------------------------------------------- /tasks/process-template.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ## DESCRIPTION 3 | # 4 | # Process template and instantiate objects. 5 | # 6 | # Called from tasks/project.yml 7 | # 8 | ## VARIABLES 9 | # 10 | # `project` - project in which to process template with keys: 11 | # `name` - project name 12 | # 13 | # `template` - template information with keys: 14 | # `action` - provision action (optional, default: 'apply') 15 | # `name` - template name (optional) 16 | # `namespace` - template namespace (optional) 17 | # `file` - template source file (optional) 18 | # `parameters` - parameters to pass to template (optional) 19 | # `url` - template source URL (optional) 20 | # 21 | 22 | - name: Create temporary directory for template 23 | tempfile: 24 | state: directory 25 | register: tempfile 26 | when: template.file is defined and template.file != '' 27 | check_mode: false 28 | changed_when: false 29 | 30 | - name: Copy template 31 | copy: 32 | src: "{{ template.file }}" 33 | dest: "{{ tempfile.path }}" 34 | when: >- 35 | template.file is defined and 36 | template.file != '' and 37 | not template.file is match('(https?|ftp)://.*') 38 | check_mode: false 39 | changed_when: false 40 | 41 | - name: Download template 42 | get_url: 43 | url: "{{ template.file }}" 44 | dest: "{{ tempfile.path }}" 45 | when: >- 46 | template.file is defined and 47 | template.file is match('(https?|ftp)://.*') 48 | check_mode: false 49 | changed_when: false 50 | 51 | - name: Process template 52 | command: >- 53 | {{ oc_cmd }} process -o json 54 | {% if template.file is defined %} 55 | -f {{ tempfile.path }} --local 56 | {% else %} 57 | -n {{ template.namespace | default(project.name if project is defined else 'openshift') }} 58 | {{ template.name }} 59 | {% endif %} 60 | {% if template.parameters is defined %} 61 | {% for key, value in template.parameters.items() %} 62 | -p {{ (key ~ '=' ~ value) | quote }} 63 | {% endfor %} 64 | {% endif %} 65 | check_mode: false 66 | changed_when: false 67 | register: process_template 68 | 69 | - name: Template resources 70 | openshift_provision: 71 | action: "{{ provision_action }}" 72 | patch_type: >- 73 | {{ 74 | item | json_query('metadata.annotations."openshift-provision/patch-type"') 75 | | default(item.patch_type, true) 76 | | default(template.patch_type, true) 77 | | default('strategic', true) 78 | }} 79 | connection: 80 | oc_cmd: "{{ oc_cmd }}" 81 | namespace: "{{ project.name if project is defined else '' }}" 82 | resource: "{{ item }}" 83 | with_items: >- 84 | {{ process_template.stdout | from_json | json_query('items') }} 85 | vars: 86 | provision_action: >- 87 | {{ 88 | item | json_query('metadata.annotations."openshift-provision/action"') 89 | | default(item.action, true) 90 | | default(template.action, true) 91 | | default('apply', true) 92 | }} 93 | when: provision_action != 'ignore' 94 | register: provision 95 | changed_when: >- 96 | provision | record_change_provision(change_record) 97 | 98 | - name: Cleanup temporary directory for template 99 | file: 100 | path: "{{ tempfile.path }}" 101 | state: absent 102 | register: tempfile 103 | when: template.file is defined 104 | check_mode: false 105 | changed_when: false 106 | -------------------------------------------------------------------------------- /tasks/project-imagestreams.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Get imagestreams in {{ project.name }} 3 | command: >- 4 | {{ oc_cmd }} get is -n {{ project.name }} -o json 5 | check_mode: false 6 | changed_when: false 7 | failed_when: false 8 | register: get_imagestreams 9 | 10 | - name: Create imagestreams in {{ project.name }} 11 | command: >- 12 | {% if ansible_check_mode %}echo{% endif %} 13 | {{ oc_cmd }} create imagestream {{ imagestream }} -n {{ project.name }} 14 | with_items: "{{ project.imagestreams | default([]) }}" 15 | loop_control: 16 | loop_var: imagestream 17 | vars: 18 | imagestream_query: "items[?metadata.name=='{{ imagestream }}']|[0]" 19 | current_imagestream: >- 20 | {{ get_imagestreams.stdout | from_json | json_query(imagestream_query) }} 21 | when: >- 22 | current_imagestream is undefined or 23 | current_imagestream == '' 24 | check_mode: false 25 | register: command 26 | changed_when: >- 27 | command | record_change_command(change_record) 28 | -------------------------------------------------------------------------------- /tasks/project-multicast.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Get netnamespace {{ project.name }} 3 | command: >- 4 | {{ oc_cmd }} get netnamespace {{ project.name }} -o json 5 | check_mode: false 6 | changed_when: false 7 | failed_when: false 8 | register: get_netnamespace 9 | 10 | - name: Set mulitcast-enabled for {{ project.name }} 11 | command: >- 12 | {% if ansible_check_mode %}echo{% endif %} 13 | oc annotate netnamespace {{ project.name }} --overwrite 14 | netnamespace.network.openshift.io/multicast-enabled={% if project.multicast_enabled | bool %}true{% else %}false{% endif %} 15 | vars: 16 | got_netnamespace: "{{ get_netnamespace.stdout | from_json }}" 17 | when: >- 18 | get_netnamespace.rc == 0 and ( 19 | got_netnamespace.metadata.annotations is undefined or 20 | got_netnamespace.metadata.annotations['netnamespace.network.openshift.io/multicast-enabled'] is undefined or 21 | project.multicast_enabled | bool != got_netnamespace.metadata.annotations['netnamespace.network.openshift.io/multicast-enabled'] | bool 22 | ) 23 | check_mode: false 24 | register: command 25 | changed_when: >- 26 | command | record_change_command(change_record) 27 | -------------------------------------------------------------------------------- /tasks/project-pod-network.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Get pod network for {{ project.name }} 3 | command: > 4 | {{ oc_cmd }} get netnamespace {{ project.name | quote }} 5 | -o 'jsonpath={.netid}' 6 | check_mode: false 7 | changed_when: false 8 | register: get_pod_network 9 | 10 | - name: Get pod network for {{ project.join_pod_network }} 11 | command: > 12 | {{ oc_cmd }} get netnamespace {{ project.join_pod_network | quote }} 13 | -o 'jsonpath={.netid}' 14 | check_mode: false 15 | changed_when: false 16 | register: get_join_pod_network 17 | 18 | - name: Join pod network for {{ project.name }} to {{ project.join_pod_network }} 19 | command: > 20 | {% if ansible_check_mode %}echo{% endif %} 21 | {{ oc_cmd }} adm pod-network join-projects 22 | --to={{ project.join_pod_network }} 23 | {{ project.name }} 24 | when: get_pod_network.stdout != get_join_pod_network.stdout 25 | check_mode: false 26 | register: command 27 | changed_when: >- 28 | command | record_change_command(change_record) 29 | -------------------------------------------------------------------------------- /tasks/project-resources.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Provision resources in {{ project.name }} 3 | openshift_provision: 4 | action: "{{ provision_action }}" 5 | patch_type: >- 6 | {{ 7 | resource | json_query('metadata.annotations."openshift-provision/patch-type"') 8 | | default(resource.patch_type, true) 9 | | default('strategic', true) 10 | }} 11 | connection: 12 | oc_cmd: "{{ oc_cmd }}" 13 | namespace: "{{ project.name }}" 14 | resource: "{{ resource }}" 15 | with_items: "{{ resource_list }}" 16 | loop_control: 17 | loop_var: resource 18 | vars: 19 | provision_action: >- 20 | {{ 21 | resource | json_query('metadata.annotations."openshift-provision/action"') 22 | | default(resource.action, true) 23 | | default('apply', true) 24 | }} 25 | when: provision_action != 'ignore' 26 | register: provision 27 | changed_when: >- 28 | provision | record_change_provision(change_record) 29 | -------------------------------------------------------------------------------- /tasks/project-role-bindings.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Get role bindings for project {{ project.name }} 3 | command: >- 4 | {{ oc_cmd }} get rolebinding -n {{ project.name }} -o json 5 | check_mode: false 6 | changed_when: false 7 | failed_when: false 8 | register: get_role_bindings 9 | 10 | - name: Handle project role_bindings 11 | include_tasks: project-role-binding.yml 12 | with_items: "{{ project.role_bindings | default([]) }}" 13 | loop_control: 14 | loop_var: role_binding 15 | vars: 16 | current_role_bindings: >- 17 | {{ get_role_bindings.stdout | from_json }} 18 | roleref_query: >- 19 | {% if '/' in role_binding.role -%} 20 | roleRef.namespace=='{{ role_binding.role.split('/')[0] }}' && 21 | roleRef.name=='{{ role_binding.role.split('/')[1] }}' 22 | {%- else -%} 23 | roleRef.name=='{{ role_binding.role }}' 24 | {%- endif %} 25 | current_role_users_query: >- 26 | items[?{{ roleref_query }}].subjects[]|[?kind=='User' || kind=='SystemUser'].name 27 | current_role_users: > 28 | {{ current_role_bindings 29 | | json_query(current_role_users_query) 30 | }} 31 | current_role_groups_query: >- 32 | items[?{{ roleref_query }}].subjects[]|[?kind=='Group' || kind=='SystemGroup'].name 33 | current_role_groups: > 34 | {{ current_role_bindings | json_query(current_role_groups_query) }} 35 | current_role_service_accounts_query: >- 36 | items[?{{ roleref_query }}].subjects[]|[?kind=='ServiceAccount'] 37 | current_role_service_accounts: > 38 | {{ current_role_bindings 39 | | json_query(current_role_service_accounts_query) 40 | }} 41 | -------------------------------------------------------------------------------- /tasks/service-accounts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Get service accounts in {{ project.name }} 3 | command: > 4 | {{ oc_cmd }} get sa -n {{ project.name }} -o json 5 | check_mode: false 6 | changed_when: false 7 | failed_when: false 8 | register: get_service_accounts 9 | 10 | - name: Create service accounts in {{ project.name }} 11 | command: >- 12 | {% if ansible_check_mode %}echo{% endif %} 13 | {{ oc_cmd }} create serviceaccount {{ service_account_name }} -n {{ project.name }} 14 | with_items: "{{ project.service_accounts | default([]) }}" 15 | loop_control: 16 | loop_var: service_account 17 | vars: 18 | service_account_name: >- 19 | {% if service_account is mapping %}{{ service_account.name }}{% else %}{{ service_account }}{% endif %} 20 | service_account_query: "items[?metadata.name=='{{ service_account_name }}']|[0]" 21 | current_service_account: >- 22 | {{ get_service_accounts.stdout | from_json | json_query(service_account_query) }} 23 | when: >- 24 | current_service_account is undefined or 25 | current_service_account == '' 26 | check_mode: false 27 | register: command 28 | changed_when: >- 29 | command | record_change_command(change_record) 30 | -------------------------------------------------------------------------------- /tests/README.md: -------------------------------------------------------------------------------- 1 | # Test Suite for openshift-provision Ansible Role 2 | 3 | ## Preparing for testing with minishift 4 | 5 | ```bash 6 | $ oc login -u system:admin 7 | $ oc create sa -n default provisioner 8 | $ oc adm policy add-cluster-role-to-user system:serviceaccount:default:provisioner 9 | $ TOKEN=$(oc sa get-token -n default provisioner) 10 | $ sed "s/openshift_connection_token: .*/openshift_connection_token: $TOKEN/" login-creds.yml.example >login-creds.yml 11 | ``` 12 | 13 | ## Running the test suite 14 | 15 | ```bash 16 | $ ./test.sh 17 | ``` 18 | -------------------------------------------------------------------------------- /tests/ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | inventory = inventory 3 | 4 | # Don't gather facts 5 | gathering = explicit 6 | 7 | # Assuming the top directory is named openshift-provision 8 | roles_path = ../../ 9 | 10 | # Disable retry files 11 | retry_files_enabled = False 12 | -------------------------------------------------------------------------------- /tests/charts/test-chart/Chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | description: Test chart. 4 | engine: gotpl 5 | name: test-chart 6 | version: 0.0.1 7 | -------------------------------------------------------------------------------- /tests/charts/test-chart/templates/configmap-list.yml: -------------------------------------------------------------------------------- 1 | {{- if .Values.configmap }} 2 | apiVersion: v1 3 | kind: List 4 | items: 5 | - apiVersion: v1 6 | kind: ConfigMap 7 | metadata: 8 | name: {{ .Values.configmap.name }}-a 9 | labels: 10 | test-label: {{ .Values.label }} 11 | data: 12 | {{- range $key, $val := .Values.configmap.data }} 13 | {{ $key }}: |- 14 | {{ $val | indent 6}} 15 | {{- end }} 16 | - apiVersion: v1 17 | kind: ConfigMap 18 | metadata: 19 | name: {{ .Values.configmap.name }}-b 20 | labels: 21 | test-label: {{ .Values.label }} 22 | data: 23 | {{- range $key, $val := .Values.configmap.data }} 24 | {{ $key }}: |- 25 | {{ $val | indent 6}} 26 | {{- end }} 27 | {{- end -}} 28 | -------------------------------------------------------------------------------- /tests/charts/test-chart/templates/configmap.yml: -------------------------------------------------------------------------------- 1 | {{- if .Values.configmap }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ .Values.configmap.name }} 6 | labels: 7 | test-label: {{ .Values.label }} 8 | data: 9 | {{- range $key, $val := .Values.configmap.data }} 10 | {{ $key }}: |- 11 | {{ $val | indent 4}} 12 | {{- end }} 13 | {{- end -}} 14 | -------------------------------------------------------------------------------- /tests/charts/test-chart/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | configmap: 3 | name: bar 4 | data: 5 | a: alice 6 | b: bob 7 | 8 | label: foo 9 | -------------------------------------------------------------------------------- /tests/charts/test-cluster-chart/Chart.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | description: Test chart. 4 | engine: gotpl 5 | name: test-chart 6 | version: 0.0.1 7 | -------------------------------------------------------------------------------- /tests/charts/test-cluster-chart/templates/storageclass-list.yml: -------------------------------------------------------------------------------- 1 | {{ $storage_type := .Values.storage_type }} 2 | apiVersion: v1 3 | kind: List 4 | items: 5 | {{- range $zone := .Values.availability_zones }} 6 | - apiVersion: storage.k8s.io/v1 7 | kind: StorageClass 8 | metadata: 9 | name: test-storageclass-{{ $storage_type }}-{{ $zone }} 10 | labels: 11 | test-storageclass: "true" 12 | parameters: 13 | type: {{ $storage_type }} 14 | zone: {{ $zone }} 15 | provisioner: kubernetes.io/gce-pd 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /tests/charts/test-cluster-chart/templates/storageclass.yml: -------------------------------------------------------------------------------- 1 | apiVersion: storage.k8s.io/v1 2 | kind: StorageClass 3 | metadata: 4 | name: test-storageclass-{{ .Values.storage_type }} 5 | labels: 6 | test-storageclass: "true" 7 | parameters: 8 | type: {{ .Values.storage_type }} 9 | provisioner: kubernetes.io/gce-pd 10 | -------------------------------------------------------------------------------- /tests/charts/test-cluster-chart/values.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | storage_type: pd-standard 3 | 4 | availability_zones: 5 | - us-central1-a 6 | - us-central1-b 7 | - us-central1-c 8 | -------------------------------------------------------------------------------- /tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | -------------------------------------------------------------------------------- /tests/login-creds.yml.example: -------------------------------------------------------------------------------- 1 | openshift_connection_server: https://openshift.example.com:8443 2 | openshift_connection_insecure_skip_tls_verify: "true" 3 | openshift_connection_token: ... 4 | openshift_test_login_username: developer 5 | openshift_test_login_password: password 6 | -------------------------------------------------------------------------------- /tests/manual-test-projects-helm-charts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | 16 | - name: Test Provision 17 | hosts: localhost 18 | connection: local 19 | 20 | roles: 21 | - role: openshift-provision 22 | openshift_clusters: 23 | - projects: 24 | - name: provision-test 25 | helm_charts: 26 | - name: test 27 | fetch: 28 | chart: stable/mysql 29 | 30 | # tasks: 31 | # - name: Get configmap bar 32 | # command: >- 33 | # {{ test_oc_cmd }} get configmap bar -n provision-test -o json 34 | # register: get_configmap 35 | # 36 | # - name: Check configmap bar 37 | # fail: 38 | # msg: Configmap bar not defined as expected 39 | # vars: 40 | # got_configmap: "{{ get_configmap.stdout | from_json }}" 41 | # when: >- 42 | # got_configmap.data != {'a': 'alice', 'b': 'bob'} 43 | # 44 | # - name: Get configmap bar-a 45 | # command: >- 46 | # {{ test_oc_cmd }} get configmap bar-a -n provision-test -o json 47 | # register: get_configmap 48 | # 49 | # - name: Check configmap bar-a 50 | # fail: 51 | # msg: Configmap bar-a not defined as expected 52 | # vars: 53 | # got_configmap: "{{ get_configmap.stdout | from_json }}" 54 | # when: >- 55 | # got_configmap.data != {'a': 'alice', 'b': 'bob'} 56 | # 57 | # - name: Get configmap bar-b 58 | # command: >- 59 | # {{ test_oc_cmd }} get configmap bar-b -n provision-test -o json 60 | # register: get_configmap 61 | # 62 | # - name: Check configmap bar-b 63 | # fail: 64 | # msg: Configmap bar-b not defined as expected 65 | # vars: 66 | # got_configmap: "{{ get_configmap.stdout | from_json }}" 67 | # when: >- 68 | # got_configmap.data != {'a': 'alice', 'b': 'bob'} 69 | # 70 | # 71 | # - name: Cleanup 72 | # command: >- 73 | # {{ test_oc_cmd }} delete configmap --all -n provision-test 74 | -------------------------------------------------------------------------------- /tests/resources/test-buildconfig.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: build.openshift.io/v1 2 | kind: BuildConfig 3 | metadata: 4 | name: test-buildconfig 5 | spec: 6 | failedBuildsHistoryLimit: 5 7 | nodeSelector: null 8 | output: 9 | to: 10 | kind: ImageStreamTag 11 | name: testbuild:latest 12 | postCommit: {} 13 | resources: {} 14 | runPolicy: Serial 15 | source: 16 | git: 17 | uri: https://nosuch.example.com/blah.git 18 | type: Git 19 | strategy: 20 | sourceStrategy: 21 | from: 22 | kind: ImageStreamTag 23 | name: "{{ from_source_name }}" 24 | namespace: openshift 25 | type: Source 26 | successfulBuildsHistoryLimit: 5 27 | triggers: [] 28 | -------------------------------------------------------------------------------- /tests/resources/test-clusterresourcequota.yml.j2: -------------------------------------------------------------------------------- 1 | {% if test_openshift_version is version_compare('v4', '>=') %} 2 | apiVersion: quota.openshift.io/v1 3 | {% else %} 4 | apiVersion: v1 5 | {% endif %} 6 | kind: ClusterResourceQuota 7 | metadata: 8 | name: test-clusterresourcequota 9 | spec: 10 | quota: 11 | hard: {{ quota | to_json }} 12 | selector: 13 | annotations: 14 | openshift.io/requester: testuser 15 | labels: null 16 | -------------------------------------------------------------------------------- /tests/resources/test-clusterrole.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: authorization.openshift.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | creationTimestamp: null 5 | name: test-clusterrole 6 | rules: 7 | {% for rule in rules %} 8 | - apiGroups: {{ rule.apiGroups | to_json }} 9 | attributeRestrictions: null 10 | resources: {{ rule.resources | to_json }} 11 | verbs: {{ rule.verbs | to_json }} 12 | {% endfor %} 13 | -------------------------------------------------------------------------------- /tests/resources/test-clusterrolebinding.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: authorization.openshift.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: test-clusterrolebinding 6 | roleRef: 7 | name: cluster-reader 8 | subjects: {{ subjects | to_json }} 9 | -------------------------------------------------------------------------------- /tests/resources/test-configmap.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: test-configmap 5 | data: {{ configmap_data | to_json }} 6 | -------------------------------------------------------------------------------- /tests/resources/test-daemonset.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: DaemonSet 3 | metadata: 4 | labels: 5 | name: test-daemonset 6 | name: test-daemonset 7 | spec: 8 | {% if test_openshift_version is version_compare('v3.7', '>=') %} 9 | revisionHistoryLimit: 10 10 | {% endif %} 11 | selector: 12 | matchLabels: 13 | name: test-daemonset 14 | template: 15 | metadata: 16 | labels: 17 | name: test-daemonset 18 | spec: 19 | containers: 20 | - image: openshift/hello-openshift 21 | imagePullPolicy: {{ image_pull_policy }} 22 | name: registry 23 | ports: 24 | - containerPort: 80 25 | protocol: TCP 26 | resources: {} 27 | terminationMessagePath: /dev/termination-log 28 | terminationMessagePolicy: File 29 | dnsPolicy: ClusterFirst 30 | nodeSelector: 31 | type: infra 32 | restartPolicy: Always 33 | schedulerName: default-scheduler 34 | securityContext: {} 35 | serviceAccount: default 36 | serviceAccountName: default 37 | terminationGracePeriodSeconds: 10 38 | updateStrategy: 39 | type: OnDelete 40 | -------------------------------------------------------------------------------- /tests/resources/test-deployment.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: Deployment 3 | metadata: 4 | labels: 5 | app: {{ deployment_app_label }} 6 | name: test-deployment 7 | spec: 8 | replicas: {{ deployment_replicas }} 9 | selector: 10 | matchLabels: 11 | app: nginx 12 | strategy: 13 | rollingUpdate: 14 | maxSurge: 1 15 | maxUnavailable: 1 16 | type: RollingUpdate 17 | template: 18 | metadata: 19 | labels: 20 | app: nginx 21 | spec: 22 | containers: 23 | - image: nginx:1.7.9 24 | imagePullPolicy: IfNotPresent 25 | name: nginx 26 | ports: 27 | - containerPort: 80 28 | protocol: TCP 29 | resources: {} 30 | terminationMessagePath: /dev/termination-log 31 | terminationMessagePolicy: File 32 | dnsPolicy: ClusterFirst 33 | restartPolicy: Always 34 | schedulerName: default-scheduler 35 | securityContext: {} 36 | terminationGracePeriodSeconds: 30 37 | {% if test_openshift_version is version_compare('v3.10', '>=') %} 38 | {# New defaults introduced is 3.10 #} 39 | progressDeadlineSeconds: 600 40 | revisionHistoryLimit: 10 41 | {% endif %} 42 | -------------------------------------------------------------------------------- /tests/resources/test-deploymentconfig.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: apps.openshift.io/v1 2 | kind: DeploymentConfig 3 | metadata: 4 | labels: 5 | provision-test: openshift-provision 6 | name: test-deploymentconfig 7 | spec: 8 | replicas: 1 9 | revisionHistoryLimit: 10 10 | selector: 11 | deploymentconfig: test-deploymentconfig 12 | strategy: 13 | activeDeadlineSeconds: 21600 14 | resources: {} 15 | rollingParams: 16 | intervalSeconds: 1 17 | maxSurge: 25% 18 | maxUnavailable: 25% 19 | timeoutSeconds: 600 20 | updatePeriodSeconds: 1 21 | type: Rolling 22 | template: 23 | metadata: 24 | labels: 25 | deploymentconfig: test-deploymentconfig 26 | spec: 27 | containers: 28 | - env: {{ deploymentconfig_env |to_json}} 29 | image: registry.access.redhat.com/rhscl/httpd-24-rhel7:latest 30 | imagePullPolicy: IfNotPresent 31 | livenessProbe: 32 | failureThreshold: 3 33 | httpGet: 34 | path: / 35 | port: 8080 36 | scheme: HTTP 37 | initialDelaySeconds: 30 38 | periodSeconds: 10 39 | successThreshold: 1 40 | timeoutSeconds: 3 41 | name: httpd-example 42 | readinessProbe: 43 | failureThreshold: 3 44 | httpGet: 45 | path: / 46 | port: 8080 47 | scheme: HTTP 48 | initialDelaySeconds: 3 49 | periodSeconds: 10 50 | successThreshold: 1 51 | timeoutSeconds: 3 52 | resources: 53 | requests: 54 | cpu: 100m 55 | memory: 256Mi 56 | securityContext: 57 | privileged: false 58 | terminationMessagePath: /dev/termination-log 59 | terminationMessagePolicy: File 60 | dnsPolicy: ClusterFirst 61 | restartPolicy: Always 62 | schedulerName: default-scheduler 63 | securityContext: {} 64 | terminationGracePeriodSeconds: 30 65 | test: false 66 | triggers: 67 | - type: ConfigChange 68 | -------------------------------------------------------------------------------- /tests/resources/test-horizontalpodautoscaler.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: autoscaling/v1 2 | kind: HorizontalPodAutoscaler 3 | metadata: 4 | name: test-horizontalpodautoscaler 5 | spec: 6 | maxReplicas: {{ max_replicas }} 7 | minReplicas: 1 8 | scaleTargetRef: 9 | apiVersion: v1 10 | kind: DeploymentConfig 11 | name: test-deploymentconfig 12 | targetCPUUtilizationPercentage: {{ target_cpu_utilization }} 13 | -------------------------------------------------------------------------------- /tests/resources/test-limitrange.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: LimitRange 4 | metadata: 5 | name: test-limitrange 6 | spec: 7 | limits: 8 | {% if pod_max is defined or pod_min is defined %} 9 | - type: Pod 10 | {% if pod_max is defined %} 11 | max: {{ pod_max | to_json }} 12 | {% endif %} 13 | {% if pod_min is defined %} 14 | min: {{ pod_min | to_json }} 15 | {% endif %} 16 | {% endif %} 17 | - type: Container 18 | {% if container_default is defined %} 19 | default: {{ container_default | to_json }} 20 | {% endif %} 21 | {% if container_default_request is defined %} 22 | defaultRequest: {{ container_default_request | to_json }} 23 | {% endif %} 24 | {% if container_max is defined %} 25 | max: {{ container_max | to_json }} 26 | {% endif %} 27 | {% if container_min is defined %} 28 | min: {{ container_min | to_json }} 29 | {% endif %} 30 | {% if container_max_ratio is defined %} 31 | maxLimitRequestRatio: {{ container_max_ratio | to_json }} 32 | {% endif %} 33 | -------------------------------------------------------------------------------- /tests/resources/test-list-statefulset-service.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: List 3 | items: 4 | - apiVersion: v1 5 | kind: Service 6 | metadata: 7 | name: test-list-statefulset 8 | labels: 9 | app: test-list-statefulset 10 | spec: 11 | ports: 12 | - name: web 13 | port: 80 14 | protocol: TCP 15 | targetPort: 80 16 | clusterIP: None 17 | selector: 18 | app: test-list-statefulset 19 | sessionAffinity: None 20 | type: ClusterIP 21 | - apiVersion: apps/v1beta1 22 | kind: StatefulSet 23 | metadata: 24 | name: test-list-statefulset 25 | labels: 26 | app: test-list-statefulset 27 | spec: 28 | serviceName: test-list-statefulset 29 | replicas: {{ statefulset_replicas }} 30 | selector: 31 | matchLabels: 32 | app: test-list-statefulset 33 | template: 34 | metadata: 35 | labels: 36 | app: test-list-statefulset 37 | spec: 38 | containers: 39 | - name: nginx 40 | image: gcr.io/google_containers/nginx-slim:0.8 41 | imagePullPolicy: IfNotPresent 42 | ports: 43 | - containerPort: 80 44 | name: web 45 | protocol: TCP 46 | resources: {} 47 | terminationMessagePath: /dev/termination-log 48 | terminationMessagePolicy: File 49 | volumeMounts: 50 | - name: www 51 | mountPath: /usr/share/nginx/html 52 | dnsPolicy: ClusterFirst 53 | restartPolicy: Always 54 | schedulerName: default-scheduler 55 | securityContext: {} 56 | terminationGracePeriodSeconds: 30 57 | volumeClaimTemplates: 58 | - metadata: 59 | name: www 60 | spec: 61 | accessModes: 62 | - ReadWriteOnce 63 | resources: 64 | requests: 65 | storage: 1Gi 66 | {% if test_openshift_version is version_compare('v3.7', '>=') %} 67 | podManagementPolicy: OrderedReady 68 | revisionHistoryLimit: 10 69 | updateStrategy: 70 | type: OnDelete 71 | {% endif %} 72 | -------------------------------------------------------------------------------- /tests/resources/test-networkpolicy.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.k8s.io/v1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: test-networkpolicy 6 | spec: 7 | podSelector: {{ pod_selector | to_json }} 8 | policyTypes: 9 | {% if ingress_from is defined %} 10 | - Ingress 11 | {% endif %} 12 | {% if egress_to is defined %} 13 | - Egress 14 | {% endif %} 15 | {% if ingress_from is defined %} 16 | ingress: 17 | - from: {{ ingress_from | to_json }} 18 | {% if ingress_ports is defined %} 19 | ports: {{ ingress_ports | to_json }} 20 | {% endif %} 21 | {% endif %} 22 | {% if egress_to is defined %} 23 | egress: 24 | - to: {{ egress_to | to_json }} 25 | {% if egress_ports is defined %} 26 | ports: {{ egress_ports | to_json }} 27 | {% endif %} 28 | {% endif %} 29 | -------------------------------------------------------------------------------- /tests/resources/test-persistentvolume-minimal.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolume 4 | metadata: 5 | {% if persistent_volume_labels %} 6 | labels: {{ persistent_volume_labels | to_json }} 7 | {% endif %} 8 | name: test-persistentvolume 9 | spec: 10 | accessModes: 11 | - ReadWriteMany 12 | capacity: 13 | storage: 10Gi 14 | nfs: 15 | path: /export/foo 16 | server: nfsserver.example.com 17 | -------------------------------------------------------------------------------- /tests/resources/test-persistentvolume.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolume 3 | metadata: 4 | labels: 5 | foo: "{{ test_label }}" 6 | name: test-persistentvolume 7 | {% if test_openshift_version is version_compare('v3.10', '>=') %} 8 | finalizers: [kubernetes.io/pv-protection] 9 | {% endif %} 10 | spec: 11 | accessModes: 12 | - ReadWriteMany 13 | capacity: 14 | storage: 10Gi 15 | nfs: 16 | path: /export/foo 17 | server: nfsserver.example.com 18 | persistentVolumeReclaimPolicy: Retain 19 | -------------------------------------------------------------------------------- /tests/resources/test-persistentvolumeclaim-minimal.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | labels: {{ persistentvolumeclaim_labels | to_json }} 6 | name: test-persistentvolumeclaim 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 1Gi 13 | -------------------------------------------------------------------------------- /tests/resources/test-persistentvolumeclaim.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | labels: {{ persistentvolumeclaim_labels | to_json }} 6 | annotations: 7 | openshift-provision/action: replace 8 | name: test-persistentvolumeclaim 9 | {% if test_openshift_version is version_compare('v3.10', '>=') %} 10 | finalizers: [kubernetes.io/pvc-protection] 11 | {% endif %} 12 | spec: 13 | accessModes: 14 | - ReadWriteOnce 15 | resources: 16 | requests: 17 | storage: 1Gi 18 | -------------------------------------------------------------------------------- /tests/resources/test-replicaset.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: ReplicaSet 3 | metadata: 4 | labels: 5 | app: {{ replicaset_app_label }} 6 | name: test-replicaset 7 | spec: 8 | replicas: {{ replicaset_replicas }} 9 | selector: 10 | matchLabels: 11 | app: test-replicaset 12 | template: 13 | metadata: 14 | labels: 15 | app: test-replicaset 16 | spec: 17 | containers: 18 | - image: nginx:1.7.9 19 | imagePullPolicy: Always 20 | name: nginx 21 | ports: 22 | - containerPort: 80 23 | protocol: TCP 24 | resources: {} 25 | terminationMessagePath: /dev/termination-log 26 | terminationMessagePolicy: File 27 | dnsPolicy: ClusterFirst 28 | restartPolicy: Always 29 | schedulerName: default-scheduler 30 | securityContext: {} 31 | terminationGracePeriodSeconds: 30 32 | -------------------------------------------------------------------------------- /tests/resources/test-replicationcontroller.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ReplicationController 4 | metadata: 5 | labels: 6 | provision-test: openshift-provision 7 | name: test-replicationcontroller 8 | spec: 9 | replicas: 1 10 | selector: 11 | replicationcontroller: test-replicationcontroller 12 | template: 13 | metadata: 14 | labels: 15 | replicationcontroller: test-replicationcontroller 16 | provision-test: "true" 17 | spec: 18 | containers: 19 | - image: registry.access.redhat.com/rhscl/httpd-24-rhel7:latest 20 | imagePullPolicy: {{ image_pull_policy | default('IfNotPresent') }} 21 | livenessProbe: 22 | failureThreshold: 3 23 | httpGet: 24 | path: / 25 | port: 8080 26 | scheme: HTTP 27 | initialDelaySeconds: 30 28 | periodSeconds: 10 29 | successThreshold: 1 30 | timeoutSeconds: 3 31 | name: httpd-example 32 | readinessProbe: 33 | failureThreshold: 3 34 | httpGet: 35 | path: / 36 | port: 8080 37 | scheme: HTTP 38 | initialDelaySeconds: {{ readiness_probe_delay | default(5) }} 39 | periodSeconds: 15 40 | successThreshold: 2 41 | timeoutSeconds: 5 42 | resources: 43 | requests: 44 | cpu: 100m 45 | memory: 256Mi 46 | securityContext: 47 | privileged: false 48 | {% if test_openshift_version is version_compare('v4', '>=') %} 49 | procMount: Default 50 | {% endif %} 51 | terminationMessagePath: /dev/termination-log 52 | terminationMessagePolicy: File 53 | dnsPolicy: ClusterFirst 54 | restartPolicy: Always 55 | schedulerName: default-scheduler 56 | securityContext: {} 57 | terminationGracePeriodSeconds: 30 58 | -------------------------------------------------------------------------------- /tests/resources/test-resourcequota.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ResourceQuota 3 | metadata: 4 | name: test-resourcequota 5 | spec: 6 | hard: {{ quota | to_json }} 7 | -------------------------------------------------------------------------------- /tests/resources/test-role.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Role 4 | metadata: 5 | creationTimestamp: null 6 | name: test-role 7 | rules: 8 | {% for rule in rules %} 9 | - apiGroups: {{ rule.apiGroups | to_json }} 10 | attributeRestrictions: null 11 | resources: {{ rule.resources | to_json }} 12 | verbs: {{ rule.verbs | to_json }} 13 | {% endfor %} 14 | -------------------------------------------------------------------------------- /tests/resources/test-rolebinding.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: authorization.openshift.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: test-rolebinding 6 | roleRef: 7 | name: view 8 | subjects: {{ subjects | to_json }} 9 | -------------------------------------------------------------------------------- /tests/resources/test-route.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Route 3 | metadata: 4 | annotations: 5 | openshift.io/host.generated: "true" 6 | creationTimestamp: null 7 | name: test-route 8 | spec: 9 | host: test-route.example.com 10 | tls: 11 | termination: passthrough 12 | to: 13 | kind: Service 14 | name: {{ route_service_name }} 15 | weight: 100 16 | wildcardPolicy: None 17 | -------------------------------------------------------------------------------- /tests/resources/test-secret.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: test-secret 5 | data: 6 | username: "{{ secret_username | b64encode }}" 7 | password: "{{ secret_password | b64encode }}" 8 | -------------------------------------------------------------------------------- /tests/resources/test-securitycontextconstraints.yml.j2: -------------------------------------------------------------------------------- 1 | allowHostDirVolumePlugin: true 2 | allowHostIPC: true 3 | allowHostNetwork: true 4 | allowHostPID: true 5 | allowHostPorts: true 6 | {% if test_oc_version is version('v3.11', '>=') %} 7 | allowPrivilegeEscalation: true 8 | {% endif %} 9 | allowPrivilegedContainer: true 10 | allowedCapabilities: 11 | - '*' 12 | apiVersion: security.openshift.io/v1 13 | {% if test_oc_version is version('v3.9', '>=') %} 14 | defaultAddCapabilities: null 15 | {% else %} 16 | defaultAddCapabilities: [] 17 | {% endif %} 18 | fsGroup: 19 | type: RunAsAny 20 | groups: 21 | - system:cluster-admins 22 | - system:nodes 23 | - system:masters 24 | kind: SecurityContextConstraints 25 | metadata: 26 | annotations: 27 | kubernetes.io/description: 'privileged allows access to all privileged and host 28 | features and the ability to run as any user, any group, any fsGroup, and with 29 | any SELinux context. WARNING: this is the most relaxed SCC and should be used 30 | only for cluster administration. Grant with caution.' 31 | creationTimestamp: null 32 | name: test-securitycontextconstraints 33 | priority: null 34 | readOnlyRootFilesystem: false 35 | {% if test_oc_version is version('v3.9', '>=') %} 36 | requiredDropCapabilities: null 37 | {% else %} 38 | requiredDropCapabilities: [] 39 | {% endif %} 40 | runAsUser: 41 | type: RunAsAny 42 | seLinuxContext: 43 | type: RunAsAny 44 | seccompProfiles: 45 | - '*' 46 | supplementalGroups: 47 | type: RunAsAny 48 | users: {{ securitycontextconstraints_users | to_json }} 49 | volumes: 50 | - '*' 51 | -------------------------------------------------------------------------------- /tests/resources/test-service.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | creationTimestamp: null 6 | name: test-service 7 | spec: 8 | ports: 9 | {% for port in service_ports %} 10 | - name: {{ port.name }} 11 | port: {{ port.port }} 12 | protocol: {{ port.protocol | default('TCP') }} 13 | targetPort: {{ port.target_port | default(port.port) }} 14 | {% endfor %} 15 | selector: 16 | test-app: appname 17 | sessionAffinity: ClientIP 18 | type: ClusterIP 19 | -------------------------------------------------------------------------------- /tests/resources/test-serviceaccount.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: test-serviceaccount 6 | {% if serviceaccount_image_pull_secrets is defined %} 7 | imagePullSecrets: 8 | {% for secret in serviceaccount_image_pull_secrets %} 9 | - name: {{ secret | to_json }} 10 | {% endfor %} 11 | {% endif %} 12 | {% if serviceaccount_secrets is defined %} 13 | secrets: 14 | {% for secret in serviceaccount_secrets %} 15 | - name: {{ secret | to_json }} 16 | {% endfor %} 17 | {% endif %} 18 | -------------------------------------------------------------------------------- /tests/resources/test-statefulset.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1beta1 2 | kind: StatefulSet 3 | metadata: 4 | name: test-statefulset 5 | labels: 6 | app: nginx 7 | spec: 8 | serviceName: nginx 9 | replicas: 2 10 | selector: 11 | matchLabels: 12 | app: nginx 13 | template: 14 | metadata: 15 | labels: 16 | app: nginx 17 | spec: 18 | containers: 19 | - name: nginx 20 | image: gcr.io/google_containers/nginx-slim:0.8 21 | imagePullPolicy: IfNotPresent 22 | ports: 23 | - containerPort: {{ statefulset_port }} 24 | name: web 25 | protocol: TCP 26 | resources: {} 27 | terminationMessagePath: /dev/termination-log 28 | terminationMessagePolicy: File 29 | volumeMounts: 30 | - name: www 31 | mountPath: /usr/share/nginx/html 32 | dnsPolicy: ClusterFirst 33 | restartPolicy: Always 34 | schedulerName: default-scheduler 35 | securityContext: {} 36 | terminationGracePeriodSeconds: 30 37 | volumeClaimTemplates: 38 | - metadata: 39 | name: www 40 | spec: 41 | accessModes: 42 | - ReadWriteOnce 43 | resources: 44 | requests: 45 | storage: 1Gi 46 | {% if test_openshift_version is version_compare('v3.7', '>=') %} 47 | podManagementPolicy: OrderedReady 48 | revisionHistoryLimit: 10 49 | updateStrategy: 50 | type: OnDelete 51 | {% endif %} 52 | -------------------------------------------------------------------------------- /tests/resources/test-storageclass-list.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: List 3 | items: 4 | - apiVersion: storage.k8s.io/v1 5 | kind: StorageClass 6 | metadata: 7 | labels: 8 | performance: standard 9 | zone: zone1 10 | name: test-storageclass-sc1 11 | parameters: 12 | type: pd-standard 13 | zone: us-east1-a 14 | provisioner: kubernetes.io/gce-pd 15 | - apiVersion: storage.k8s.io/v1 16 | kind: StorageClass 17 | metadata: 18 | labels: 19 | performance: standard 20 | zone: zone2 21 | name: test-storageclass-sc2 22 | parameters: 23 | type: pd-standard 24 | zone: us-east1-b 25 | provisioner: kubernetes.io/gce-pd 26 | -------------------------------------------------------------------------------- /tests/resources/test-storageclass-multidoc-list.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: storage.k8s.io/v1 3 | kind: StorageClass 4 | metadata: 5 | labels: 6 | performance: standard 7 | zone: zone1 8 | name: test-storageclass-sc1 9 | parameters: 10 | type: pd-standard 11 | zone: us-east1-a 12 | provisioner: kubernetes.io/gce-pd 13 | --- 14 | apiVersion: storage.k8s.io/v1 15 | kind: StorageClass 16 | metadata: 17 | labels: 18 | performance: standard 19 | zone: zone2 20 | name: test-storageclass-sc2 21 | parameters: 22 | type: pd-standard 23 | zone: us-east1-b 24 | provisioner: kubernetes.io/gce-pd 25 | -------------------------------------------------------------------------------- /tests/resources/test-storageclass.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: storage.k8s.io/v1 2 | kind: StorageClass 3 | metadata: 4 | name: test-storageclass 5 | {% if storageclass_default %} 6 | annotations: 7 | storageclass.beta.kubernetes.io/is-default-class: "true" 8 | {% endif %} 9 | parameters: 10 | type: pd-standard 11 | zone: us-central1-a 12 | provisioner: kubernetes.io/gce-pd 13 | -------------------------------------------------------------------------------- /tests/resources/test-template.yml.j2: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Template 3 | metadata: 4 | name: test-template 5 | objects: 6 | - apiVersion: v1 7 | kind: ImageStream 8 | {% if include_appname|default(False)|bool %} 9 | labels: 10 | app: ${APPNAME} 11 | {% endif %} 12 | metadata: 13 | name: ${NAME} 14 | parameters: 15 | - name: NAME 16 | required: true 17 | {% if include_appname|default(False)|bool %} 18 | - name: APPNAME 19 | required: true 20 | {% endif %} 21 | -------------------------------------------------------------------------------- /tests/setup-test.yml: -------------------------------------------------------------------------------- 1 | - name: Set test facts 2 | set_fact: 3 | openshift_connection_server: "{{ openshift_connection_server }}" 4 | openshift_connection_insecure_skip_tls_verify: "{{ openshift_connection_insecure_skip_tls_verify | default('false') }}" 5 | openshift_connection_token: "{{ openshift_connection_token }}" 6 | openshift_connection: 7 | server: "{{ openshift_connection_server }}" 8 | insecure_skip_tls_verify: "{{ openshift_connection_insecure_skip_tls_verify }}" 9 | token: "{{ openshift_connection_token }}" 10 | openshift_provision_change_record: "{{ openshift_provision_change_record | default('') }}" 11 | openshift_resource_path: 12 | - resources 13 | test_oc_cmd: >- 14 | oc 15 | {% if openshift_connection_certificate_authority is defined %} 16 | --certificate-authority={{ openshift_connection_certificate_authority | quote }} 17 | {% endif %} 18 | {% if openshift_connection_insecure_skip_tls_verify | default('false') | bool %} 19 | --insecure-skip-tls-verify 20 | {% endif %} 21 | {% if openshift_connection_server is defined %} 22 | --server={{ openshift_connection_server | quote }} 23 | {% endif %} 24 | {% if openshift_connection_token is defined %} 25 | --token={{ openshift_connection_token | quote }} 26 | {% endif %} 27 | 28 | - name: Get OpenShift version 29 | command: "{{ test_oc_cmd }} version" 30 | register: get_version 31 | check_mode: false 32 | changed_when: false 33 | 34 | - when: >- 35 | 'Client Version' in get_version.stdout 36 | block: 37 | - name: Get OpenShift 4.x version 38 | command: >- 39 | {{ test_oc_cmd }} get clusterversions version 40 | -o jsonpath={.status.desired.version} 41 | register: get_cluster_version 42 | check_mode: false 43 | changed_when: false 44 | 45 | - name: Set OpenShift 4.x version facts 46 | set_fact: 47 | test_oc_version: >- 48 | {{ get_version.stdout | regex_replace('(.|\s)*Client Version.*GitVersion:"(.*)"(.|\s)*', '\2') }} 49 | test_openshift_version: 50 | v{{ get_cluster_version.stdout }} 51 | 52 | - name: Set version facts 53 | when: >- 54 | 'Client Version' not in get_version.stdout 55 | set_fact: 56 | test_oc_version: >- 57 | {{ get_version.stdout | regex_replace('(.|\s)*oc (\S+)(.|\s)*', '\2') }} 58 | test_openshift_version: >- 59 | {{ get_version.stdout | regex_replace('(.|\s)*openshift (\S+)(.|\s)*', '\2') }} 60 | -------------------------------------------------------------------------------- /tests/tasks/test-projects-join_pod_networks.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Include openshift-provision role 3 | include_role: 4 | name: openshift-provision 5 | vars: 6 | openshift_clusters: 7 | - projects: 8 | - name: test-join-target 9 | - name: test-join-project 10 | join_pod_network: test-join-target 11 | 12 | - name: get target netid 13 | command: >- 14 | {{ test_oc_cmd }} get netnamespace test-join-target -o jsonpath='{.netid}' 15 | changed_when: false 16 | register: get_target_netid 17 | 18 | - name: get project netid 19 | command: >- 20 | {{ test_oc_cmd }} get netnamespace test-join-project -o jsonpath='{.netid}' 21 | changed_when: false 22 | register: get_project_netid 23 | 24 | - fail: 25 | msg: Project NETIDs differ 26 | when: get_project_netid.stdout != get_target_netid.stdout 27 | -------------------------------------------------------------------------------- /tests/tasks/test-projects-multicast_enabled.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Include openshift-provision role with multicast_enabled true 3 | include_role: 4 | name: openshift-provision 5 | vars: 6 | openshift_clusters: 7 | - projects: 8 | - name: test-provision 9 | multicast_enabled: true 10 | 11 | - name: Verify multicast-enabled 12 | command: >- 13 | oc get netnamespace test-provision --template 14 | '{{ '{{ index .metadata.annotations "netnamespace.network.openshift.io/multicast-enabled" }}' }}' 15 | register: verify_multicast 16 | changed_when: false 17 | failed_when: verify_multicast.stdout != 'true' 18 | 19 | - name: Include openshift-provision role with multicast_enabled false 20 | include_role: 21 | name: openshift-provision 22 | vars: 23 | openshift_clusters: 24 | - projects: 25 | - name: test-provision 26 | multicast_enabled: false 27 | 28 | - name: Verify multicast-enabled 29 | command: >- 30 | {{ test_oc_cmd }} get netnamespace test-provision --template 31 | '{{ '{{ index .metadata.annotations "netnamespace.network.openshift.io/multicast-enabled" }}' }}' 32 | register: verify_multicast 33 | changed_when: false 34 | failed_when: verify_multicast.stdout != 'false' 35 | 36 | - name: Cleanup 37 | command: >- 38 | {{ test_oc_cmd }} delete project test-provision 39 | changed_when: false 40 | -------------------------------------------------------------------------------- /tests/test-cluster-helm_charts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | 16 | - name: Test Provision 17 | hosts: localhost 18 | connection: local 19 | 20 | roles: 21 | - role: openshift-provision 22 | openshift_clusters: 23 | - projects: 24 | - name: provision-test 25 | helm_charts: 26 | - name: test 27 | chart: "{{ playbook_dir }}/charts/test-cluster-chart" 28 | chart_values: 29 | label: bar 30 | 31 | tasks: 32 | # - name: Get configmap bar 33 | # command: >- 34 | # {{ test_oc_cmd }} get configmap bar -n provision-test -o json 35 | # register: get_configmap 36 | # 37 | # - name: Check configmap bar 38 | # fail: 39 | # msg: Configmap bar not defined as expected 40 | # vars: 41 | # got_configmap: "{{ get_configmap.stdout | from_json }}" 42 | # when: >- 43 | # got_configmap.data != {'a': 'alice', 'b': 'bob'} 44 | # 45 | # - name: Get configmap bar-a 46 | # command: >- 47 | # {{ test_oc_cmd }} get configmap bar-a -n provision-test -o json 48 | # register: get_configmap 49 | # 50 | # - name: Check configmap bar-a 51 | # fail: 52 | # msg: Configmap bar-a not defined as expected 53 | # vars: 54 | # got_configmap: "{{ get_configmap.stdout | from_json }}" 55 | # when: >- 56 | # got_configmap.data != {'a': 'alice', 'b': 'bob'} 57 | # 58 | # - name: Get configmap bar-b 59 | # command: >- 60 | # {{ test_oc_cmd }} get configmap bar-b -n provision-test -o json 61 | # register: get_configmap 62 | # 63 | # - name: Check configmap bar-b 64 | # fail: 65 | # msg: Configmap bar-b not defined as expected 66 | # vars: 67 | # got_configmap: "{{ get_configmap.stdout | from_json }}" 68 | # when: >- 69 | # got_configmap.data != {'a': 'alice', 'b': 'bob'} 70 | 71 | - name: Cleanup 72 | command: >- 73 | {{ test_oc_cmd }} delete storageclass -l test-storageclass 74 | -------------------------------------------------------------------------------- /tests/test-cluster_resources-ClusterResourceQuota.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | selfLink: null 16 | status: null 17 | 18 | - name: Test Provision 19 | hosts: localhost 20 | connection: local 21 | vars: 22 | provision_clusterresourcequota: test-clusterresourcequota.yml.j2 23 | provision_clusterresourcequota_def: >- 24 | {{ lookup('template', 'resources/' ~ provision_clusterresourcequota) 25 | | from_yaml 26 | }} 27 | quota: 28 | requests.cpu: '2' 29 | requests.memory: 2Gi 30 | limits.memory: 4Gi 31 | 32 | roles: 33 | - role: openshift-provision 34 | openshift_provision: 35 | cluster_resources: 36 | - "{{ provision_clusterresourcequota }}" 37 | 38 | tasks: 39 | - name: Get ClusterResourceQuota 40 | command: >- 41 | {{ test_oc_cmd }} get --export clusterresourcequota test-clusterresourcequota -o json 42 | register: get_clusterresourcequota 43 | changed_when: false 44 | 45 | - name: Verify ClusterResourceQuota 46 | fail: 47 | msg: | 48 | ClusterResourceQuota not defined as expected 49 | >>> 50 | {{ cmp_clusterresourcequota | to_yaml }} 51 | === 52 | {{ got_clusterresourcequota | to_yaml }} 53 | <<< 54 | vars: 55 | got_clusterresourcequota: >- 56 | {{ get_clusterresourcequota.stdout | from_json 57 | | combine(ignore_differences, recursive=True) 58 | }} 59 | cmp_clusterresourcequota: >- 60 | {{ provision_clusterresourcequota_def 61 | | combine(ignore_differences, recursive=True) 62 | }} 63 | when: >- 64 | cmp_clusterresourcequota.metadata != got_clusterresourcequota.metadata or 65 | cmp_clusterresourcequota.spec != got_clusterresourcequota.spec 66 | 67 | - name: Test Update 68 | hosts: localhost 69 | connection: local 70 | vars: 71 | provision_clusterresourcequota: test-clusterresourcequota.yml.j2 72 | provision_clusterresourcequota_def: >- 73 | {{ lookup('template', 'resources/' ~ provision_clusterresourcequota) 74 | | from_yaml 75 | }} 76 | quota: 77 | requests.cpu: '4' 78 | requests.memory: 4Gi 79 | limits.memory: 8Gi 80 | 81 | roles: 82 | - role: openshift-provision 83 | openshift_provision: 84 | cluster_resources: 85 | - "{{ provision_clusterresourcequota }}" 86 | 87 | tasks: 88 | - name: Get ClusterResourceQuota 89 | command: >- 90 | {{ test_oc_cmd }} get --export clusterresourcequota test-clusterresourcequota -o json 91 | register: get_clusterresourcequota 92 | changed_when: false 93 | 94 | - name: Verify ClusterResourceQuota Update 95 | fail: 96 | msg: | 97 | ClusterResourceQuota not defined as expected 98 | >>> 99 | {{ cmp_clusterresourcequota | to_yaml }} 100 | === 101 | {{ got_clusterresourcequota | to_yaml }} 102 | <<< 103 | vars: 104 | got_clusterresourcequota: >- 105 | {{ get_clusterresourcequota.stdout | from_json 106 | | combine(ignore_differences, recursive=True) 107 | }} 108 | cmp_clusterresourcequota: >- 109 | {{ provision_clusterresourcequota_def 110 | | combine(ignore_differences, recursive=True) 111 | }} 112 | when: >- 113 | cmp_clusterresourcequota.metadata != got_clusterresourcequota.metadata or 114 | cmp_clusterresourcequota.spec != got_clusterresourcequota.spec 115 | 116 | - name: Cleanup 117 | command: >- 118 | {{ test_oc_cmd }} delete clusterresourcequota test-clusterresourcequota 119 | -------------------------------------------------------------------------------- /tests/test-cluster_resources-ClusterRole.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | resourceVersion: '' 16 | selfLink: '' 17 | uid: '' 18 | 19 | - name: Test Provision 20 | hosts: localhost 21 | connection: local 22 | vars: 23 | provision_clusterrole: test-clusterrole.yml.j2 24 | provision_clusterrole_def: >- 25 | {{ lookup('template', 'resources/' ~ provision_clusterrole) | from_yaml }} 26 | rules: 27 | - apiGroups: [''] 28 | resources: ['netnamespaces'] 29 | verbs: ['create','delete','get','list','update'] 30 | - apiGroups: [''] 31 | resources: ['namespaces','projects'] 32 | verbs: ['get','list'] 33 | - apiGroups: ['network.openshift.io',''] 34 | resources: ['clusternetworks'] 35 | verbs: ['get','list'] 36 | 37 | roles: 38 | - role: openshift-provision 39 | openshift_clusters: 40 | - cluster_resources: 41 | - "{{ provision_clusterrole }}" 42 | 43 | tasks: 44 | - name: Get ClusterRole 45 | command: >- 46 | {{ test_oc_cmd }} get clusterrole.authorization.openshift.io test-clusterrole -o json 47 | register: get_clusterrole 48 | changed_when: false 49 | 50 | - name: Verify ClusterRole 51 | fail: 52 | msg: | 53 | ClusterRole not defined as expected 54 | >>> 55 | {{ cmp_clusterrole | to_yaml }} 56 | === 57 | {{ got_clusterrole | to_yaml }} 58 | <<< 59 | vars: 60 | got_clusterrole: >- 61 | {{ get_clusterrole.stdout | from_json 62 | | combine(ignore_differences, recursive=True) }} 63 | cmp_clusterrole: >- 64 | {{ provision_clusterrole_def 65 | | combine(ignore_differences, recursive=True) }} 66 | when: >- 67 | cmp_clusterrole.metadata != got_clusterrole.metadata or 68 | cmp_clusterrole.rules != got_clusterrole.rules 69 | 70 | - name: Test Update 71 | hosts: localhost 72 | connection: local 73 | vars: 74 | provision_clusterrole: test-clusterrole.yml.j2 75 | provision_clusterrole_def: >- 76 | {{ lookup('template', 'resources/' ~ provision_clusterrole) | from_yaml }} 77 | rules: 78 | - apiGroups: ['network.openshift.io', ''] 79 | resources: ['netnamespaces'] 80 | verbs: ['create','delete','get','list','update'] 81 | - apiGroups: [''] 82 | resources: ['namespaces','projects'] 83 | verbs: ['list'] 84 | - apiGroups: ['network.openshift.io',''] 85 | resources: ['clusternetworks','hostsubnets'] 86 | verbs: ['get','list'] 87 | 88 | roles: 89 | - role: openshift-provision 90 | openshift_clusters: 91 | - cluster_resources: 92 | - "{{ provision_clusterrole }}" 93 | 94 | tasks: 95 | - name: Get ClusterRole 96 | command: >- 97 | {{ test_oc_cmd }} get clusterrole.authorization.openshift.io test-clusterrole -o json 98 | register: get_clusterrole 99 | changed_when: false 100 | 101 | - name: Verify ClusterRole Update 102 | fail: 103 | msg: | 104 | ClusterRole not defined as expected 105 | >>> 106 | {{ cmp_clusterrole | to_yaml }} 107 | === 108 | {{ got_clusterrole | to_yaml }} 109 | <<< 110 | vars: 111 | got_clusterrole: >- 112 | {{ get_clusterrole.stdout | from_json 113 | | combine(ignore_differences, recursive=True) }} 114 | cmp_clusterrole: >- 115 | {{ provision_clusterrole_def 116 | | combine(ignore_differences, recursive=True) }} 117 | when: >- 118 | cmp_clusterrole.metadata != got_clusterrole.metadata or 119 | cmp_clusterrole.rules != got_clusterrole.rules 120 | -------------------------------------------------------------------------------- /tests/test-cluster_resources-List.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | resourceVersion: 0 16 | selfLink: '' 17 | uid: '' 18 | 19 | - name: Test Provision 20 | hosts: localhost 21 | connection: local 22 | vars: 23 | provision_storageclass_list: test-storageclass-list.yml 24 | provision_storageclass_list_def: "{{ lookup('file', 'resources/' ~ provision_storageclass_list) | from_yaml }}" 25 | provision_storageclass_sc1_def: "{{ provision_storageclass_list_def['items'][0] }}" 26 | provision_storageclass_sc2_def: "{{ provision_storageclass_list_def['items'][1] }}" 27 | 28 | roles: 29 | - role: openshift-provision 30 | openshift_clusters: 31 | - cluster_resources: 32 | - "{{ provision_storageclass_list }}" 33 | 34 | tasks: 35 | - name: Get First StorageClass 36 | command: >- 37 | {{ test_oc_cmd }} get sc test-storageclass-sc1 -o json 38 | register: get_sc1 39 | changed_when: false 40 | 41 | - name: Get Second StorageClass 42 | command: >- 43 | {{ test_oc_cmd }} get sc test-storageclass-sc2 -o json 44 | register: get_sc2 45 | changed_when: false 46 | 47 | - name: Verify First StorageClass 48 | fail: 49 | msg: | 50 | StorageClass not defined as expected 51 | >>> 52 | {{ cmp_sc | to_yaml }} 53 | === 54 | {{ got_sc | to_yaml }} 55 | <<< 56 | vars: 57 | got_sc: "{{ get_sc1.stdout | from_json | combine(ignore_differences, recursive=True) }}" 58 | cmp_sc: "{{ provision_storageclass_sc1_def | combine(ignore_differences, recursive=True) }}" 59 | when: >- 60 | cmp_sc.metadata != got_sc.metadata or 61 | cmp_sc.parameters != got_sc.parameters or 62 | cmp_sc.provisioner != got_sc.provisioner 63 | 64 | - name: Verify Second StorageClass 65 | fail: 66 | msg: | 67 | StorageClass not defined as expected 68 | >>> 69 | {{ cmp_sc | to_yaml }} 70 | === 71 | {{ got_sc | to_yaml }} 72 | <<< 73 | vars: 74 | got_sc: "{{ get_sc2.stdout | from_json | combine(ignore_differences, recursive=True) }}" 75 | cmp_sc: "{{ provision_storageclass_sc2_def | combine(ignore_differences, recursive=True) }}" 76 | when: >- 77 | cmp_sc.metadata != got_sc.metadata or 78 | cmp_sc.parameters != got_sc.parameters or 79 | cmp_sc.provisioner != got_sc.provisioner 80 | 81 | - name: Cleanup 82 | command: >- 83 | {{ test_oc_cmd }} delete sc test-storageclass-sc1 test-storageclass-sc2 84 | -------------------------------------------------------------------------------- /tests/test-cluster_resources-PersistentVolume.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | selfLink: null 16 | 17 | - name: Test Provision 18 | hosts: localhost 19 | connection: local 20 | vars: 21 | provision_persistentvolume: test-persistentvolume.yml.j2 22 | provision_persistentvolume_def: "{{ lookup('template', 'resources/' ~ provision_persistentvolume) | from_yaml }}" 23 | test_label: foo 24 | 25 | roles: 26 | - role: openshift-provision 27 | openshift_clusters: 28 | - cluster_resources: 29 | - "{{ provision_persistentvolume }}" 30 | 31 | tasks: 32 | - name: Get PersistentVolume 33 | command: >- 34 | {{ test_oc_cmd }} get --export persistentvolume test-persistentvolume -o json 35 | register: get_persistentvolume 36 | changed_when: false 37 | 38 | - name: Verify PersistentVolume 39 | fail: 40 | msg: | 41 | PersistentVolume not defined as expected 42 | >>> 43 | {{ cmp_persistentvolume | to_yaml }} 44 | === 45 | {{ got_persistentvolume | to_yaml }} 46 | <<< 47 | vars: 48 | got_persistentvolume: "{{ get_persistentvolume.stdout | from_json | combine(ignore_differences, recursive=True) }}" 49 | cmp_persistentvolume: "{{ provision_persistentvolume_def | combine(ignore_differences, recursive=True) }}" 50 | when: >- 51 | cmp_persistentvolume.metadata != got_persistentvolume.metadata or 52 | cmp_persistentvolume.spec != got_persistentvolume.spec 53 | 54 | - name: Test Update 55 | hosts: localhost 56 | connection: local 57 | vars: 58 | provision_persistentvolume: test-persistentvolume.yml.j2 59 | provision_persistentvolume_def: "{{ lookup('template', 'resources/' ~ provision_persistentvolume) | from_yaml }}" 60 | test_label: bar 61 | 62 | roles: 63 | - role: openshift-provision 64 | openshift_clusters: 65 | - cluster_resources: 66 | - "{{ provision_persistentvolume }}" 67 | 68 | tasks: 69 | - name: Get PersistentVolume 70 | command: >- 71 | {{ test_oc_cmd }} get --export persistentvolume test-persistentvolume -o json 72 | register: get_persistentvolume 73 | changed_when: false 74 | 75 | - name: Verify PersistentVolume Update 76 | fail: 77 | msg: | 78 | PersistentVolume not defined as expected 79 | >>> 80 | {{ cmp_persistentvolume | to_yaml }} 81 | === 82 | {{ got_persistentvolume | to_yaml }} 83 | <<< 84 | vars: 85 | got_persistentvolume: "{{ get_persistentvolume.stdout | from_json | combine(ignore_differences, recursive=True) }}" 86 | cmp_persistentvolume: "{{ provision_persistentvolume_def | combine(ignore_differences, recursive=True) }}" 87 | when: >- 88 | cmp_persistentvolume.metadata != got_persistentvolume.metadata or 89 | cmp_persistentvolume.spec != got_persistentvolume.spec 90 | -------------------------------------------------------------------------------- /tests/test-cluster_resources-multidoc.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | resourceVersion: 0 16 | selfLink: '' 17 | uid: '' 18 | 19 | - name: Test Provision 20 | hosts: localhost 21 | connection: local 22 | vars: 23 | provision_storageclass_list: test-storageclass-multidoc-list.yml 24 | provision_storageclass_list_def: "{{ lookup('file', 'resources/' ~ provision_storageclass_list) | yaml_to_resource_list }}" 25 | provision_storageclass_sc1_def: "{{ provision_storageclass_list_def[0] }}" 26 | provision_storageclass_sc2_def: "{{ provision_storageclass_list_def[1] }}" 27 | 28 | roles: 29 | - role: openshift-provision 30 | openshift_clusters: 31 | - cluster_resources: 32 | - "{{ provision_storageclass_list }}" 33 | 34 | tasks: 35 | - name: Get First StorageClass 36 | command: >- 37 | {{ test_oc_cmd }} get sc test-storageclass-sc1 -o json 38 | register: get_sc1 39 | changed_when: false 40 | 41 | - name: Get Second StorageClass 42 | command: >- 43 | {{ test_oc_cmd }} get sc test-storageclass-sc2 -o json 44 | register: get_sc2 45 | changed_when: false 46 | 47 | - name: Verify First StorageClass 48 | fail: 49 | msg: | 50 | StorageClass not defined as expected 51 | >>> 52 | {{ cmp_sc | to_yaml }} 53 | === 54 | {{ got_sc | to_yaml }} 55 | <<< 56 | vars: 57 | got_sc: "{{ get_sc1.stdout | from_json | combine(ignore_differences, recursive=True) }}" 58 | cmp_sc: "{{ provision_storageclass_sc1_def | combine(ignore_differences, recursive=True) }}" 59 | when: >- 60 | cmp_sc.metadata != got_sc.metadata or 61 | cmp_sc.parameters != got_sc.parameters or 62 | cmp_sc.provisioner != got_sc.provisioner 63 | 64 | - name: Verify Second StorageClass 65 | fail: 66 | msg: | 67 | StorageClass not defined as expected 68 | >>> 69 | {{ cmp_sc | to_yaml }} 70 | === 71 | {{ got_sc | to_yaml }} 72 | <<< 73 | vars: 74 | got_sc: "{{ get_sc2.stdout | from_json | combine(ignore_differences, recursive=True) }}" 75 | cmp_sc: "{{ provision_storageclass_sc2_def | combine(ignore_differences, recursive=True) }}" 76 | when: >- 77 | cmp_sc.metadata != got_sc.metadata or 78 | cmp_sc.parameters != got_sc.parameters or 79 | cmp_sc.provisioner != got_sc.provisioner 80 | 81 | - name: Cleanup 82 | command: >- 83 | {{ test_oc_cmd }} delete sc test-storageclass-sc1 test-storageclass-sc2 84 | -------------------------------------------------------------------------------- /tests/test-cluster_role_bindings.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | connection: local 4 | vars_files: 5 | - login-creds.yml 6 | 7 | roles: 8 | - role: openshift-provision 9 | openshift_clusters: 10 | - cluster_resources: 11 | - apiVersion: v1 12 | kind: ClusterRole 13 | metadata: 14 | creationTimestamp: null 15 | name: test-cluster-role 16 | rules: 17 | - apiGroups: 18 | - "" 19 | attributeRestrictions: null 20 | resources: 21 | - pods 22 | verbs: 23 | - get 24 | cluster_role_bindings: 25 | - role: test-cluster-role 26 | users: 27 | - bob 28 | groups: 29 | - subgenius 30 | remove_unlisted: True 31 | 32 | tasks: 33 | - set_fact: 34 | test_oc_cmd: >- 35 | oc 36 | {% if openshift_connection_certificate_authority is defined %} 37 | --certificate-authority={{ openshift_connection_certificate_authority | quote }} 38 | {% endif %} 39 | {% if openshift_connection_insecure_skip_tls_verify is defined %} 40 | --insecure-skip-tls-verify={{ openshift_connection_insecure_skip_tls_verify | quote }} 41 | {% endif %} 42 | {% if openshift_connection_server is defined %} 43 | --server={{ openshift_connection_server | quote }} 44 | {% endif %} 45 | {% if openshift_connection_token is defined %} 46 | --token={{ openshift_connection_token | quote }} 47 | {% endif %} 48 | 49 | # FIXME - Add Verification 50 | -------------------------------------------------------------------------------- /tests/test-groups.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | 16 | - name: Test Provision 17 | hosts: localhost 18 | connection: local 19 | 20 | roles: 21 | - role: openshift-provision 22 | openshift_provision: 23 | groups: 24 | - name: subgenius 25 | members: 26 | - alice 27 | - bob 28 | remove_unlisted_members: True 29 | 30 | tasks: 31 | - name: Get group members 32 | command: >- 33 | {{ test_oc_cmd }} get group subgenius -o jsonpath='{range .users[*]}{@}{"\n"}{end}' 34 | register: get_group_members 35 | changed_when: false 36 | 37 | - name: Verify group members 38 | fail: 39 | msg: Group membership is not defined as expected 40 | when: get_group_members.stdout_lines != ['alice','bob'] 41 | 42 | - name: Test Provision Add Group Members 43 | hosts: localhost 44 | connection: local 45 | 46 | roles: 47 | - role: openshift-provision 48 | openshift_provision: 49 | groups: 50 | - name: subgenius 51 | members: 52 | - candice 53 | 54 | tasks: 55 | - name: Get group members 56 | command: >- 57 | {{ test_oc_cmd }} get group subgenius -o jsonpath='{range .users[*]}{@}{"\n"}{end}' 58 | register: get_group_members 59 | changed_when: false 60 | 61 | - name: Verify group members after add 62 | fail: 63 | msg: Group membership is not defined as expected 64 | when: get_group_members.stdout_lines != ['alice','bob','candice'] 65 | 66 | - name: Test Provision Remove Group Members 67 | hosts: localhost 68 | connection: local 69 | 70 | roles: 71 | - role: openshift-provision 72 | openshift_provision: 73 | groups: 74 | - name: subgenius 75 | members: 76 | - alice 77 | remove_unlisted_members: True 78 | 79 | tasks: 80 | - name: Get group members 81 | command: >- 82 | {{ test_oc_cmd }} get group subgenius -o jsonpath='{range .users[*]}{@}{"\n"}{end}' 83 | register: get_group_members 84 | changed_when: false 85 | 86 | - name: Verify group members after remove 87 | fail: 88 | msg: Group membership is not defined as expected 89 | when: get_group_members.stdout_lines != ['alice'] 90 | 91 | - name: Cleanup 92 | hosts: localhost 93 | connection: local 94 | tasks: 95 | - name: Remove test group 96 | command: >- 97 | {{ test_oc_cmd }} delete group subgenius 98 | -------------------------------------------------------------------------------- /tests/test-login.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | connection: local 4 | vars_files: 5 | - login-creds.yml 6 | roles: 7 | - role: openshift-provision 8 | openshift_clusters: 9 | - {} 10 | -------------------------------------------------------------------------------- /tests/test-openshift_login.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | connection: local 4 | roles: 5 | - role: openshift-provision 6 | vars_files: 7 | - login-creds.yml 8 | vars: 9 | provision_persistentvolumeclaim: >- 10 | {{ lookup('template', 'resources/test-persistentvolumeclaim-minimal.yml.j2') 11 | | from_yaml }} 12 | persistentvolumeclaim_labels: 13 | testlabel: bar 14 | tasks: 15 | - name: Login to OpenShift Cluster 16 | openshift_login: 17 | username: "{{ openshift_test_login_username }}" 18 | password: "{{ openshift_test_login_password }}" 19 | server: "{{ openshift_connection_server }}" 20 | insecure_skip_tls_verify: "true" 21 | register: openshift_login 22 | 23 | - name: Create provision-test namespace 24 | command: >- 25 | oc --insecure-skip-tls-verify 26 | --server={{ openshift_login.session.server | quote }} 27 | --token={{ openshift_login.session.token | quote }} 28 | new-project provision-test 29 | register: create_provision_test 30 | failed_when: >- 31 | create_provision_test.rc != 0 and 32 | "already exists" not in create_provision_test.stderr 33 | 34 | - name: Test Provision 35 | openshift_provision: 36 | connection: "{{ openshift_login.session }}" 37 | namespace: provision-test 38 | resource: "{{ provision_persistentvolumeclaim }}" 39 | 40 | - name: Remove provision-test namespace 41 | command: >- 42 | oc --insecure-skip-tls-verify 43 | --server={{ openshift_login.session.server | quote }} 44 | --token={{ openshift_login.session.token | quote }} 45 | delete project provision-test 46 | -------------------------------------------------------------------------------- /tests/test-openshift_provision-ConfigMap.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | selfLink: null 16 | 17 | - name: Test Provision 18 | hosts: localhost 19 | connection: local 20 | vars: 21 | provision_configmap: >- 22 | {{ lookup('template', 'resources/test-configmap.yml.j2') 23 | | from_yaml }} 24 | configmap_data: 25 | foo: bar 26 | 27 | roles: 28 | - role: openshift-provision 29 | openshift_clusters: 30 | - projects: 31 | - name: provision-test 32 | 33 | tasks: 34 | - name: Provision ConfigMap 35 | openshift_provision: 36 | connection: "{{ openshift_connection }}" 37 | namespace: provision-test 38 | resource: "{{ provision_configmap }}" 39 | 40 | - name: Get ConfigMap 41 | command: >- 42 | {{ test_oc_cmd }} get --export configmap 43 | test-configmap -n provision-test -o json 44 | register: get_configmap 45 | changed_when: false 46 | 47 | - name: Verify ConfigMap 48 | fail: 49 | msg: | 50 | ConfigMap not defined as expected 51 | >>> 52 | {{ cmp_configmap | to_yaml }} 53 | === 54 | {{ got_configmap | to_yaml }} 55 | <<< 56 | vars: 57 | got_configmap: "{{ get_configmap.stdout | from_json | combine(ignore_differences, recursive=True) }}" 58 | cmp_configmap: "{{ provision_configmap | combine(ignore_differences, recursive=True) }}" 59 | when: >- 60 | cmp_configmap.metadata != got_configmap.metadata or 61 | cmp_configmap.data != got_configmap.data 62 | 63 | - name: Check reprovision ConfigMap 64 | openshift_provision: 65 | connection: "{{ openshift_connection }}" 66 | namespace: provision-test 67 | resource: "{{ provision_configmap }}" 68 | register: reprovision_configmap 69 | 70 | - fail: 71 | msg: Reprovision indicated change to ConfigMap 72 | when: reprovision_configmap.changed 73 | 74 | - name: Test Update 75 | hosts: localhost 76 | connection: local 77 | vars: 78 | provision_configmap: 79 | apiVersion: v1 80 | kind: ConfigMap 81 | metadata: 82 | creationTimestamp: null 83 | name: test-configmap 84 | data: 85 | foo: boop 86 | bar: three 87 | 88 | tasks: 89 | - name: Apply update to ConfigMap 90 | openshift_provision: 91 | connection: "{{ openshift_connection }}" 92 | namespace: provision-test 93 | resource: "{{ provision_configmap }}" 94 | 95 | - name: Get ConfigMap 96 | command: >- 97 | {{ test_oc_cmd }} get --export configmap 98 | test-configmap -n provision-test -o json 99 | register: get_configmap 100 | changed_when: false 101 | 102 | - name: Verify Update ConfigMap 103 | fail: 104 | msg: | 105 | ConfigMap not defined as expected 106 | >>> 107 | {{ cmp_configmap | to_yaml }} 108 | === 109 | {{ got_configmap | to_yaml }} 110 | <<< 111 | vars: 112 | got_configmap: "{{ get_configmap.stdout | from_json | combine(ignore_differences, recursive=True) }}" 113 | cmp_configmap: "{{ provision_configmap | combine(ignore_differences, recursive=True) }}" 114 | when: >- 115 | cmp_configmap.metadata != got_configmap.metadata or 116 | cmp_configmap.data != got_configmap.data 117 | 118 | - name: Test Delete 119 | hosts: localhost 120 | connection: local 121 | tasks: 122 | - name: Delete ConfigMap 123 | openshift_provision: 124 | action: delete 125 | namespace: provision-test 126 | connection: "{{ openshift_connection }}" 127 | resource: 128 | kind: ConfigMap 129 | metadata: 130 | name: test-configmap 131 | 132 | - pause: 133 | seconds: 1 134 | 135 | - name: Verify ConfigMap Delete 136 | command: >- 137 | {{ test_oc_cmd }} get --export configmap 138 | test-configmap -n provision-test -o json 139 | register: get_configmap 140 | failed_when: get_configmap.rc == 0 141 | changed_when: false 142 | -------------------------------------------------------------------------------- /tests/test-openshift_provision-DaemonSet.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | generation: 0 16 | namespace: '' 17 | resourceVersion: 0 18 | selfLink: '' 19 | uid: '' 20 | spec: 21 | template: 22 | metadata: 23 | creationTimestamp: null 24 | templateGeneration: 0 25 | 26 | - name: Test Provision 27 | hosts: localhost 28 | connection: local 29 | vars: 30 | provision_daemonset: "{{ lookup('template', 'resources/test-daemonset.yml.j2') | from_yaml }}" 31 | image_pull_policy: IfNotPresent 32 | 33 | roles: 34 | - role: openshift-provision 35 | openshift_clusters: 36 | - projects: 37 | - name: provision-test 38 | 39 | tasks: 40 | - name: Provision DaemonSet 41 | openshift_provision: 42 | connection: "{{ openshift_connection }}" 43 | namespace: provision-test 44 | resource: "{{ provision_daemonset }}" 45 | 46 | - name: Get DaemonSet 47 | command: >- 48 | {{ test_oc_cmd }} get daemonset 49 | test-daemonset -n provision-test -o json 50 | register: get_daemonset 51 | changed_when: false 52 | 53 | - name: Verify DaemonSet 54 | fail: 55 | msg: | 56 | DaemonSet not defined as expected 57 | >>> 58 | {{ cmp_daemonset | to_yaml }} 59 | === 60 | {{ got_daemonset | to_yaml }} 61 | <<< 62 | vars: 63 | got_daemonset: "{{ get_daemonset.stdout | from_json | combine(ignore_differences, recursive=True) }}" 64 | cmp_daemonset: "{{ provision_daemonset | combine(ignore_differences, recursive=True) }}" 65 | when: >- 66 | cmp_daemonset.metadata != got_daemonset.metadata or 67 | cmp_daemonset.spec != got_daemonset.spec 68 | 69 | - name: Check reprovision DaemonSet 70 | openshift_provision: 71 | connection: "{{ openshift_connection }}" 72 | namespace: provision-test 73 | resource: "{{ provision_daemonset }}" 74 | register: reprovision_daemonset 75 | 76 | - fail: 77 | msg: Reprovision indicated change to DaemonSet 78 | when: reprovision_daemonset.changed 79 | 80 | - name: Test Update 81 | hosts: localhost 82 | connection: local 83 | vars: 84 | provision_daemonset: "{{ lookup('template', 'resources/test-daemonset.yml.j2') | from_yaml }}" 85 | image_pull_policy: Always 86 | 87 | tasks: 88 | - name: Apply update to DaemonSet 89 | openshift_provision: 90 | connection: "{{ openshift_connection }}" 91 | namespace: provision-test 92 | resource: "{{ provision_daemonset }}" 93 | 94 | - name: Get DaemonSet 95 | command: >- 96 | {{ test_oc_cmd }} get daemonset 97 | test-daemonset -n provision-test -o json 98 | register: get_daemonset 99 | changed_when: false 100 | 101 | - name: Verify Update DaemonSet 102 | fail: 103 | msg: | 104 | DaemonSet not defined as expected 105 | >>> 106 | {{ cmp_daemonset | to_yaml }} 107 | === 108 | {{ got_daemonset | to_yaml }} 109 | <<< 110 | vars: 111 | got_daemonset: "{{ get_daemonset.stdout | from_json | combine(ignore_differences, recursive=True) }}" 112 | cmp_daemonset: "{{ provision_daemonset | combine(ignore_differences, recursive=True) }}" 113 | when: >- 114 | cmp_daemonset.metadata != got_daemonset.metadata or 115 | cmp_daemonset.spec != got_daemonset.spec 116 | 117 | - name: Test Delete 118 | hosts: localhost 119 | connection: local 120 | tasks: 121 | - name: Delete DaemonSet 122 | openshift_provision: 123 | action: delete 124 | namespace: provision-test 125 | connection: "{{ openshift_connection }}" 126 | resource: 127 | kind: DaemonSet 128 | metadata: 129 | name: test-daemonset 130 | 131 | - pause: 132 | seconds: 1 133 | 134 | - name: Verify DaemonSet Delete 135 | command: >- 136 | {{ test_oc_cmd }} get daemonset 137 | test-daemonset -n provision-test -o json 138 | register: get_daemonset 139 | failed_when: get_daemonset.rc == 0 140 | changed_when: false 141 | -------------------------------------------------------------------------------- /tests/test-openshift_provision-Route.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | selfLink: null 16 | 17 | - name: Test Provision 18 | hosts: localhost 19 | connection: local 20 | vars: 21 | provision_route: "{{ lookup('template', 'resources/test-route.yml.j2') | from_yaml }}" 22 | route_service_name: test-route-service 23 | 24 | roles: 25 | - role: openshift-provision 26 | openshift_clusters: 27 | - projects: 28 | - name: provision-test 29 | 30 | tasks: 31 | - name: Provision Route 32 | openshift_provision: 33 | connection: "{{ openshift_connection }}" 34 | namespace: provision-test 35 | resource: "{{ provision_route }}" 36 | 37 | - name: Get Route 38 | command: >- 39 | {{ test_oc_cmd }} get --export route 40 | test-route -n provision-test -o json 41 | register: get_route 42 | changed_when: false 43 | 44 | - name: Verify Route 45 | fail: 46 | msg: | 47 | Route not defined as expected 48 | >>> 49 | {{ cmp_route | to_yaml }} 50 | === 51 | {{ got_route | to_yaml }} 52 | <<< 53 | vars: 54 | got_route: "{{ get_route.stdout | from_json | combine(ignore_differences, recursive=True) }}" 55 | cmp_route: "{{ provision_route | combine(ignore_differences, recursive=True) }}" 56 | when: >- 57 | cmp_route.metadata != got_route.metadata or 58 | cmp_route.spec != got_route.spec 59 | 60 | - name: Check reprovision Route 61 | openshift_provision: 62 | connection: "{{ openshift_connection }}" 63 | namespace: provision-test 64 | resource: "{{ provision_route }}" 65 | register: reprovision_route 66 | 67 | - fail: 68 | msg: Reprovision indicated change to Route 69 | when: reprovision_route.changed 70 | 71 | - name: Test Update 72 | hosts: localhost 73 | connection: local 74 | vars: 75 | provision_route: "{{ lookup('template', 'resources/test-route.yml.j2') | from_yaml }}" 76 | route_service_name: test-route-service2 77 | 78 | tasks: 79 | - name: Apply update to Route 80 | openshift_provision: 81 | connection: "{{ openshift_connection }}" 82 | namespace: provision-test 83 | resource: "{{ provision_route }}" 84 | 85 | - name: Get Route 86 | command: >- 87 | {{ test_oc_cmd }} get --export route 88 | test-route -n provision-test -o json 89 | register: get_route 90 | changed_when: false 91 | 92 | - name: Verify Update Route 93 | fail: 94 | msg: | 95 | Route not defined as expected 96 | >>> 97 | {{ cmp_route | to_yaml }} 98 | === 99 | {{ got_route | to_yaml }} 100 | <<< 101 | vars: 102 | got_route: "{{ get_route.stdout | from_json | combine(ignore_differences, recursive=True) }}" 103 | cmp_route: "{{ provision_route | combine(ignore_differences, recursive=True) }}" 104 | when: >- 105 | cmp_route.metadata != got_route.metadata or 106 | cmp_route.spec != got_route.spec 107 | 108 | - name: Test Delete 109 | hosts: localhost 110 | connection: local 111 | tasks: 112 | - name: Delete Route 113 | openshift_provision: 114 | action: delete 115 | namespace: provision-test 116 | connection: "{{ openshift_connection }}" 117 | resource: 118 | kind: Route 119 | metadata: 120 | name: test-route 121 | 122 | - pause: 123 | seconds: 1 124 | 125 | - name: Verify Route Delete 126 | command: >- 127 | {{ test_oc_cmd }} get --export route 128 | test-route -n provision-test -o json 129 | register: get_route 130 | failed_when: get_route.rc == 0 131 | changed_when: false 132 | -------------------------------------------------------------------------------- /tests/test-openshift_provision-Secret.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | selfLink: null 16 | 17 | - name: Test Provision 18 | hosts: localhost 19 | connection: local 20 | vars: 21 | provision_secret: 22 | apiVersion: v1 23 | kind: Secret 24 | metadata: 25 | name: test-secret 26 | data: 27 | username: "{{ 'username' | b64encode }}" 28 | password: "{{ 'password' | b64encode }}" 29 | type: Opaque 30 | 31 | roles: 32 | - role: openshift-provision 33 | openshift_clusters: 34 | - projects: 35 | - name: provision-test 36 | 37 | tasks: 38 | - name: Provision secret 39 | openshift_provision: 40 | connection: "{{ openshift_connection }}" 41 | namespace: provision-test 42 | resource: "{{ provision_secret }}" 43 | 44 | - name: Get secret 45 | command: >- 46 | {{ test_oc_cmd }} get --export secret 47 | test-secret -n provision-test -o json 48 | register: get_secret 49 | changed_when: false 50 | 51 | - name: Verify secret 52 | fail: 53 | msg: | 54 | secret not defined as expected 55 | >>> 56 | {{ cmp_secret | to_yaml }} 57 | === 58 | {{ got_secret | to_yaml }} 59 | <<< 60 | vars: 61 | got_secret: "{{ get_secret.stdout | from_json | combine(ignore_differences, recursive=True) }}" 62 | cmp_secret: "{{ provision_secret | combine(ignore_differences, recursive=True) }}" 63 | when: >- 64 | cmp_secret.metadata != got_secret.metadata or 65 | cmp_secret.data != got_secret.data or 66 | cmp_secret.type != got_secret.type 67 | 68 | - name: Check reprovision secret 69 | openshift_provision: 70 | connection: "{{ openshift_connection }}" 71 | namespace: provision-test 72 | resource: "{{ provision_secret }}" 73 | register: reprovision_secret 74 | 75 | - fail: 76 | msg: Reprovision indicated change to secret 77 | when: reprovision_secret.changed 78 | 79 | - name: Test Update 80 | hosts: localhost 81 | connection: local 82 | vars: 83 | provision_secret: 84 | apiVersion: v1 85 | kind: Secret 86 | metadata: 87 | name: test-secret 88 | data: 89 | username: "{{ 'username' | b64encode }}" 90 | password: "{{ 'password2!' | b64encode }}" 91 | type: Opaque 92 | 93 | tasks: 94 | - name: Apply update to secret 95 | openshift_provision: 96 | connection: "{{ openshift_connection }}" 97 | namespace: provision-test 98 | resource: "{{ provision_secret }}" 99 | 100 | - name: Get secret 101 | command: >- 102 | {{ test_oc_cmd }} get --export secret 103 | test-secret -n provision-test -o json 104 | register: get_secret 105 | changed_when: false 106 | 107 | - name: Verify Update secret 108 | fail: 109 | msg: | 110 | secret not defined as expected 111 | >>> 112 | {{ cmp_secret | to_yaml }} 113 | === 114 | {{ got_secret | to_yaml }} 115 | <<< 116 | vars: 117 | got_secret: "{{ get_secret.stdout | from_json | combine(ignore_differences, recursive=True) }}" 118 | cmp_secret: "{{ provision_secret | combine(ignore_differences, recursive=True) }}" 119 | when: >- 120 | cmp_secret.metadata != got_secret.metadata or 121 | cmp_secret.data != got_secret.data or 122 | cmp_secret.type != got_secret.type 123 | 124 | - name: Test Delete 125 | hosts: localhost 126 | connection: local 127 | vars: 128 | provision_secret: 129 | kind: Secret 130 | metadata: 131 | name: test-secret 132 | tasks: 133 | - name: Delete secret 134 | openshift_provision: 135 | action: delete 136 | namespace: provision-test 137 | connection: "{{ openshift_connection }}" 138 | resource: "{{ provision_secret }}" 139 | 140 | - pause: 141 | seconds: 1 142 | 143 | - name: Verify secret Delete 144 | command: >- 145 | {{ test_oc_cmd }} get --export secret 146 | test-secret -n provision-test -o json 147 | register: get_secret 148 | failed_when: get_secret.rc == 0 149 | changed_when: false 150 | -------------------------------------------------------------------------------- /tests/test-openshift_provision-StorageClass.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | resourceVersion: 0 16 | selfLink: '' 17 | uid: '' 18 | 19 | - name: Test Provision 20 | hosts: localhost 21 | connection: local 22 | vars: 23 | provision_storageclass: "{{ lookup('template', 'resources/test-storageclass.yml.j2') | from_yaml }}" 24 | storageclass_default: True 25 | roles: 26 | - role: openshift-provision 27 | 28 | tasks: 29 | - name: Provision StorageClass 30 | openshift_provision: 31 | connection: "{{ openshift_connection }}" 32 | resource: "{{ provision_storageclass }}" 33 | 34 | - name: Get StorageClass 35 | command: >- 36 | {{ test_oc_cmd }} get storageclass 37 | test-storageclass -n provision-test -o json 38 | register: get_storageclass 39 | changed_when: false 40 | 41 | - name: Verify StorageClass 42 | fail: 43 | msg: | 44 | StorageClass not defined as expected 45 | >>> 46 | {{ cmp_storageclass | to_yaml }} 47 | === 48 | {{ got_storageclass | to_yaml }} 49 | <<< 50 | vars: 51 | got_storageclass: "{{ get_storageclass.stdout | from_json | combine(ignore_differences, recursive=True) }}" 52 | cmp_storageclass: "{{ provision_storageclass | combine(ignore_differences, recursive=True) }}" 53 | when: >- 54 | cmp_storageclass.metadata != got_storageclass.metadata or 55 | cmp_storageclass.parameters != got_storageclass.parameters or 56 | cmp_storageclass.provisioner != got_storageclass.provisioner 57 | 58 | - name: Check reprovision StorageClass 59 | openshift_provision: 60 | connection: "{{ openshift_connection }}" 61 | namespace: provision-test 62 | resource: "{{ provision_storageclass }}" 63 | register: reprovision_storageclass 64 | 65 | - fail: 66 | msg: Reprovision indicated change to StorageClass 67 | when: reprovision_storageclass.changed 68 | 69 | - name: Test Update 70 | hosts: localhost 71 | connection: local 72 | vars: 73 | provision_storageclass: "{{ lookup('template', 'resources/test-storageclass.yml.j2') | from_yaml }}" 74 | storageclass_default: False 75 | tasks: 76 | - name: Apply update to StorageClass 77 | openshift_provision: 78 | connection: "{{ openshift_connection }}" 79 | namespace: provision-test 80 | resource: "{{ provision_storageclass }}" 81 | 82 | - name: Get StorageClass 83 | command: >- 84 | {{ test_oc_cmd }} get storageclass 85 | test-storageclass -n provision-test -o json 86 | register: get_storageclass 87 | changed_when: false 88 | 89 | - name: Verify Update StorageClass 90 | fail: 91 | msg: | 92 | StorageClass not defined as expected 93 | >>> 94 | {{ cmp_storageclass | to_yaml }} 95 | === 96 | {{ got_storageclass | to_yaml }} 97 | <<< 98 | vars: 99 | got_storageclass: "{{ get_storageclass.stdout | from_json | combine(ignore_differences, recursive=True) }}" 100 | cmp_storageclass: "{{ provision_storageclass | combine(ignore_differences, recursive=True) }}" 101 | when: >- 102 | cmp_storageclass.metadata != got_storageclass.metadata or 103 | cmp_storageclass.parameters != got_storageclass.parameters or 104 | cmp_storageclass.provisioner != got_storageclass.provisioner 105 | 106 | - name: Test Delete 107 | hosts: localhost 108 | connection: local 109 | tasks: 110 | - name: Delete StorageClass 111 | openshift_provision: 112 | action: delete 113 | namespace: provision-test 114 | connection: "{{ openshift_connection }}" 115 | resource: 116 | kind: StorageClass 117 | metadata: 118 | name: test-storageclass 119 | 120 | - pause: 121 | seconds: 1 122 | 123 | - name: Verify StorageClass Delete 124 | command: >- 125 | {{ test_oc_cmd }} get storageclass 126 | test-storageclass -n provision-test -o json 127 | register: get_storageclass 128 | failed_when: get_storageclass.rc == 0 129 | changed_when: false 130 | -------------------------------------------------------------------------------- /tests/test-openshift_provision-Template.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | selfLink: null 16 | 17 | - name: Test Provision 18 | hosts: localhost 19 | connection: local 20 | vars: 21 | provision_template: >- 22 | {{ lookup('template', 'resources/test-template.yml.j2') 23 | | from_yaml }} 24 | 25 | roles: 26 | - role: openshift-provision 27 | openshift_clusters: 28 | - projects: 29 | - name: provision-test 30 | 31 | tasks: 32 | - name: Provision Template 33 | openshift_provision: 34 | connection: "{{ openshift_connection }}" 35 | namespace: provision-test 36 | resource: "{{ provision_template }}" 37 | 38 | - name: Get Template 39 | command: >- 40 | {{ test_oc_cmd }} get --export template 41 | test-template -n provision-test -o json 42 | register: get_template 43 | changed_when: false 44 | 45 | - name: Verify Template 46 | fail: 47 | msg: | 48 | Template not defined as expected 49 | >>> 50 | {{ cmp_template | to_yaml }} 51 | === 52 | {{ got_template | to_yaml }} 53 | <<< 54 | vars: 55 | got_template: "{{ get_template.stdout | from_json | combine(ignore_differences, recursive=True) }}" 56 | cmp_template: "{{ provision_template | combine(ignore_differences, recursive=True) }}" 57 | when: >- 58 | cmp_template.metadata != got_template.metadata or 59 | cmp_template.labels | default({}) != got_template.labels | default({}) or 60 | cmp_template.objects != got_template.objects or 61 | cmp_template.parameters != got_template.parameters 62 | 63 | - name: Check reprovision Template 64 | openshift_provision: 65 | connection: "{{ openshift_connection }}" 66 | namespace: provision-test 67 | resource: "{{ provision_template }}" 68 | register: reprovision_template 69 | 70 | - fail: 71 | msg: Reprovision indicated change to Template 72 | when: reprovision_template.changed 73 | 74 | - name: Test Update 75 | hosts: localhost 76 | connection: local 77 | vars: 78 | provision_template: >- 79 | {{ lookup('template', 'resources/test-template.yml.j2') 80 | | from_yaml }} 81 | include_appname: true 82 | 83 | tasks: 84 | - name: Apply update to Template 85 | openshift_provision: 86 | connection: "{{ openshift_connection }}" 87 | namespace: provision-test 88 | resource: "{{ provision_template }}" 89 | 90 | - name: Get Template 91 | command: >- 92 | {{ test_oc_cmd }} get --export template 93 | test-template -n provision-test -o json 94 | register: get_template 95 | changed_when: false 96 | 97 | - name: Verify Update Template 98 | fail: 99 | msg: | 100 | Template not defined as expected 101 | >>> 102 | {{ cmp_template | to_yaml }} 103 | === 104 | {{ got_template | to_yaml }} 105 | <<< 106 | vars: 107 | got_template: "{{ get_template.stdout | from_json | combine(ignore_differences, recursive=True) }}" 108 | cmp_template: "{{ provision_template | combine(ignore_differences, recursive=True) }}" 109 | when: >- 110 | cmp_template.metadata != got_template.metadata or 111 | cmp_template.labels | default({}) != got_template.labels | default({}) or 112 | cmp_template.objects != got_template.objects or 113 | cmp_template.parameters != got_template.parameters 114 | 115 | - name: Test Delete 116 | hosts: localhost 117 | connection: local 118 | tasks: 119 | - name: Delete Template 120 | openshift_provision: 121 | action: delete 122 | namespace: provision-test 123 | connection: "{{ openshift_connection }}" 124 | resource: 125 | kind: Template 126 | metadata: 127 | name: test-template 128 | 129 | - pause: 130 | seconds: 1 131 | 132 | - name: Verify Template Delete 133 | command: >- 134 | {{ test_oc_cmd }} get --export template 135 | test-template -n provision-test -o json 136 | register: get_template 137 | failed_when: get_template.rc == 0 138 | changed_when: false 139 | -------------------------------------------------------------------------------- /tests/test-openshift_provision-patch.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | selfLink: null 16 | 17 | - name: Test Provision 18 | hosts: localhost 19 | connection: local 20 | vars: 21 | provision_configmap: >- 22 | {{ lookup('template', 'resources/test-configmap.yml.j2') 23 | | from_yaml }} 24 | configmap_data: 25 | foo: bar 26 | 27 | roles: 28 | - role: openshift-provision 29 | openshift_clusters: 30 | - projects: 31 | - name: provision-test 32 | 33 | tasks: 34 | - name: Provision ConfigMap 35 | openshift_provision: 36 | action: replace 37 | connection: "{{ openshift_connection }}" 38 | namespace: provision-test 39 | resource: "{{ provision_configmap }}" 40 | 41 | - name: Get ConfigMap 42 | command: >- 43 | {{ test_oc_cmd }} get --export configmap 44 | test-configmap -n provision-test -o json 45 | register: get_configmap 46 | changed_when: false 47 | 48 | - name: Verify ConfigMap 49 | fail: 50 | msg: | 51 | ConfigMap not defined as expected 52 | >>> 53 | {{ cmp_configmap | to_yaml }} 54 | === 55 | {{ got_configmap | to_yaml }} 56 | <<< 57 | vars: 58 | got_configmap: "{{ get_configmap.stdout | from_json | combine(ignore_differences, recursive=True) }}" 59 | cmp_configmap: "{{ provision_configmap | combine(ignore_differences, recursive=True) }}" 60 | when: >- 61 | cmp_configmap.metadata != got_configmap.metadata or 62 | cmp_configmap.data != got_configmap.data 63 | 64 | - name: Patch ConfigMap 65 | openshift_provision: 66 | connection: "{{ openshift_connection }}" 67 | action: patch 68 | namespace: provision-test 69 | patch_type: merge 70 | resource: 71 | kind: ConfigMap 72 | metadata: 73 | name: test-configmap 74 | data: 75 | foo: test 76 | register: patch_configmap 77 | 78 | - fail: 79 | msg: Patch did not indicate change to ConfigMap 80 | when: not patch_configmap.changed 81 | 82 | - name: Check reported update patch 83 | fail: 84 | msg: | 85 | Update patch did not match expected 86 | >>> 87 | {{ update_patch | to_yaml }} 88 | === 89 | {{ patch_configmap.patch | to_yaml }} 90 | <<< 91 | vars: 92 | update_patch: 93 | - op: test 94 | path: /data/foo 95 | value: bar 96 | - op: replace 97 | path: /data/foo 98 | value: test 99 | when: patch_configmap.patch != update_patch 100 | 101 | - name: Check re-patch ConfigMap 102 | openshift_provision: 103 | connection: "{{ openshift_connection }}" 104 | action: patch 105 | namespace: provision-test 106 | resource: 107 | kind: ConfigMap 108 | metadata: 109 | name: test-configmap 110 | data: 111 | foo: test 112 | register: repatch_configmap 113 | 114 | - fail: 115 | msg: Patch indicated change to ConfigMap on re-patch 116 | when: repatch_configmap.changed 117 | -------------------------------------------------------------------------------- /tests/test-projects-basics.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | connection: local 4 | vars_files: 5 | - login-creds.yml 6 | 7 | roles: 8 | - role: openshift-provision 9 | openshift_clusters: 10 | - projects: 11 | - name: testproj 12 | annotations: 13 | test-annotation: foo 14 | description: Test Project Description 15 | display_name: Test Project 16 | labels: 17 | test-label: bar 18 | node_selector: region=app 19 | 20 | tasks: 21 | - set_fact: 22 | test_oc_cmd: >- 23 | oc 24 | {% if openshift_connection_certificate_authority is defined %} 25 | --certificate-authority={{ openshift_connection_certificate_authority | quote }} 26 | {% endif %} 27 | {% if openshift_connection_insecure_skip_tls_verify is defined %} 28 | --insecure-skip-tls-verify={{ openshift_connection_insecure_skip_tls_verify | quote }} 29 | {% endif %} 30 | {% if openshift_connection_server is defined %} 31 | --server={{ openshift_connection_server | quote }} 32 | {% endif %} 33 | {% if openshift_connection_token is defined %} 34 | --token={{ openshift_connection_token | quote }} 35 | {% endif %} 36 | 37 | # FIXME - Add Validation 38 | -------------------------------------------------------------------------------- /tests/test-projects-helm_charts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | 16 | - name: Test Provision 17 | hosts: localhost 18 | connection: local 19 | 20 | roles: 21 | - role: openshift-provision 22 | openshift_clusters: 23 | - projects: 24 | - name: provision-test 25 | helm_charts: 26 | - name: test 27 | chart: "{{ playbook_dir }}/charts/test-chart" 28 | chart_values: 29 | label: bar 30 | 31 | tasks: 32 | - name: Get configmap bar 33 | command: >- 34 | {{ test_oc_cmd }} get configmap bar -n provision-test -o json 35 | register: get_configmap 36 | 37 | - name: Check configmap bar 38 | fail: 39 | msg: Configmap bar not defined as expected 40 | vars: 41 | got_configmap: "{{ get_configmap.stdout | from_json }}" 42 | when: >- 43 | got_configmap.data != {'a': 'alice', 'b': 'bob'} 44 | 45 | - name: Get configmap bar-a 46 | command: >- 47 | {{ test_oc_cmd }} get configmap bar-a -n provision-test -o json 48 | register: get_configmap 49 | 50 | - name: Check configmap bar-a 51 | fail: 52 | msg: Configmap bar-a not defined as expected 53 | vars: 54 | got_configmap: "{{ get_configmap.stdout | from_json }}" 55 | when: >- 56 | got_configmap.data != {'a': 'alice', 'b': 'bob'} 57 | 58 | - name: Get configmap bar-b 59 | command: >- 60 | {{ test_oc_cmd }} get configmap bar-b -n provision-test -o json 61 | register: get_configmap 62 | 63 | - name: Check configmap bar-b 64 | fail: 65 | msg: Configmap bar-b not defined as expected 66 | vars: 67 | got_configmap: "{{ get_configmap.stdout | from_json }}" 68 | when: >- 69 | got_configmap.data != {'a': 'alice', 'b': 'bob'} 70 | 71 | 72 | - name: Cleanup 73 | command: >- 74 | {{ test_oc_cmd }} delete configmap --all -n provision-test 75 | -------------------------------------------------------------------------------- /tests/test-projects-imagestreams.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - set_fact: 9 | test_oc_cmd: >- 10 | oc 11 | {% if openshift_connection_certificate_authority is defined %} 12 | --certificate-authority={{ openshift_connection_certificate_authority | quote }} 13 | {% endif %} 14 | {% if openshift_connection_insecure_skip_tls_verify is defined %} 15 | --insecure-skip-tls-verify={{ openshift_connection_insecure_skip_tls_verify | quote }} 16 | {% endif %} 17 | {% if openshift_connection_server is defined %} 18 | --server={{ openshift_connection_server | quote }} 19 | {% endif %} 20 | {% if openshift_connection_token is defined %} 21 | --token={{ openshift_connection_token | quote }} 22 | {% endif %} 23 | 24 | - name: Test Provision 25 | hosts: localhost 26 | connection: local 27 | 28 | roles: 29 | - role: openshift-provision 30 | openshift_clusters: 31 | - projects: 32 | - name: provision-test 33 | 34 | imagestreams: 35 | - test-imagestream1 36 | 37 | tasks: 38 | - name: Get Imagestream 39 | command: >- 40 | {{ test_oc_cmd }} get imagestream -n provision-test test-imagestream1 41 | changed_when: false 42 | -------------------------------------------------------------------------------- /tests/test-projects-join_pod_networks.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | 10 | - name: Get clusternetwork definition 11 | command: >- 12 | {{ test_oc_cmd }} get clusternetwork default -o json 13 | register: get_clusternetwork 14 | changed_when: false 15 | 16 | - include_tasks: tasks/test-projects-join_pod_networks.yml 17 | when: > 18 | get_clusternetwork.stdout | from_json | json_query('pluginName') == 'redhat/openshift-ovs-multitenant' 19 | -------------------------------------------------------------------------------- /tests/test-projects-multicast_enabled.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | 10 | - name: Check if netnamespaces are defined 11 | command: >- 12 | {{ test_oc_cmd }} get netnamespaces -o json 13 | register: get_netnamespaces 14 | changed_when: false 15 | 16 | - include_tasks: tasks/test-projects-multicast_enabled.yml 17 | when: >- 18 | 0 < get_netnamespaces.stdout | from_json | json_query('items') | count 19 | -------------------------------------------------------------------------------- /tests/test-projects-process_templates.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | gather_facts: no 6 | vars_files: 7 | - login-creds.yml 8 | tasks: 9 | - include_tasks: setup-test.yml 10 | - set_fact: 11 | ignore_differences: 12 | metadata: 13 | annotations: 14 | kubectl.kubernetes.io/last-applied-configuration: '' 15 | creationTimestamp: null 16 | 17 | - name: Test Provision 18 | hosts: localhost 19 | connection: local 20 | gather_facts: no 21 | 22 | roles: 23 | - role: openshift-provision 24 | openshift_clusters: 25 | - projects: 26 | - name: provision-test 27 | resources: 28 | - apiVersion: v1 29 | kind: Template 30 | labels: 31 | template: provision-test 32 | metadata: 33 | name: provision-test 34 | objects: 35 | - apiVersion: v1 36 | kind: ImageStream 37 | metadata: 38 | name: ${NAME} 39 | spec: 40 | lookupPolicy: 41 | local: false 42 | parameters: 43 | - name: NAME 44 | required: true 45 | 46 | process_templates: 47 | - name: provision-test 48 | parameters: 49 | NAME: provision-test 50 | 51 | # FIXME - add validation 52 | -------------------------------------------------------------------------------- /tests/test-projects-resources-BuildConfig.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | generation: 0 16 | namespace: '' 17 | resourceVersion: 0 18 | selfLink: '' 19 | uid: '' 20 | 21 | - name: Test Provision 22 | hosts: localhost 23 | connection: local 24 | vars: 25 | provision_buildconfig: test-buildconfig.yml.j2 26 | provision_buildconfig_def: "{{ lookup('template', 'resources/' ~ provision_buildconfig) | from_yaml }}" 27 | from_source_name: httpd:latest 28 | roles: 29 | - role: openshift-provision 30 | openshift_clusters: 31 | - projects: 32 | - name: provision-test 33 | resources: 34 | - "{{ provision_buildconfig }}" 35 | 36 | tasks: 37 | - name: Get BuildConfig 38 | command: >- 39 | {{ test_oc_cmd }} get buildconfig test-buildconfig -n provision-test -o json 40 | register: get_buildconfig 41 | changed_when: false 42 | 43 | - name: Verify BuildConfig 44 | fail: 45 | msg: | 46 | BuildConfig not defined as expected 47 | >>> 48 | {{ cmp_buildconfig | to_yaml }} 49 | === 50 | {{ got_buildconfig | to_yaml }} 51 | <<< 52 | vars: 53 | got_buildconfig: >- 54 | {{ get_buildconfig.stdout | from_json 55 | | combine(ignore_differences, recursive=True) }} 56 | cmp_buildconfig: >- 57 | {{ provision_buildconfig_def 58 | | combine(ignore_differences, recursive=True) }} 59 | when: >- 60 | cmp_buildconfig.metadata != got_buildconfig.metadata or 61 | cmp_buildconfig.spec != got_buildconfig.spec 62 | 63 | - name: Test Update 64 | hosts: localhost 65 | connection: local 66 | vars: 67 | provision_buildconfig: test-buildconfig.yml.j2 68 | provision_buildconfig_def: "{{ lookup('template', 'resources/' ~ provision_buildconfig) | from_yaml }}" 69 | from_source_name: httpd:latest 70 | roles: 71 | - role: openshift-provision 72 | openshift_clusters: 73 | - projects: 74 | - name: provision-test 75 | resources: 76 | - "{{ provision_buildconfig }}" 77 | 78 | tasks: 79 | - name: Get BuildConfig 80 | command: >- 81 | {{ test_oc_cmd }} get buildconfig test-buildconfig -n provision-test -o json 82 | register: get_buildconfig 83 | changed_when: false 84 | 85 | - name: Verify BuildConfig 86 | fail: 87 | msg: | 88 | BuildConfig not defined as expected 89 | >>> 90 | {{ cmp_buildconfig | to_yaml }} 91 | === 92 | {{ got_buildconfig | to_yaml }} 93 | <<< 94 | vars: 95 | got_buildconfig: >- 96 | {{ get_buildconfig.stdout | from_json 97 | | combine(ignore_differences, recursive=True) }} 98 | cmp_buildconfig: >- 99 | {{ provision_buildconfig_def 100 | | combine(ignore_differences, recursive=True) }} 101 | when: >- 102 | cmp_buildconfig.metadata != got_buildconfig.metadata or 103 | cmp_buildconfig.spec != got_buildconfig.spec 104 | 105 | - name: Cleanup 106 | command: >- 107 | {{ test_oc_cmd }} delete buildconfig test-buildconfig -n provision-test 108 | -------------------------------------------------------------------------------- /tests/test-projects-resources-ConfigMap.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | generation: 0 16 | namespace: '' 17 | resourceVersion: 0 18 | selfLink: '' 19 | uid: '' 20 | 21 | - name: Test Provision 22 | hosts: localhost 23 | connection: local 24 | vars: 25 | provision_configmap: test-configmap.yml.j2 26 | provision_configmap_def: "{{ lookup('template', 'resources/' ~ provision_configmap) | from_yaml }}" 27 | configmap_data: 28 | foo: bar 29 | roles: 30 | - role: openshift-provision 31 | openshift_clusters: 32 | - projects: 33 | - name: provision-test 34 | resources: 35 | - "{{ provision_configmap }}" 36 | 37 | tasks: 38 | - name: Get ConfigMap 39 | command: >- 40 | {{ test_oc_cmd }} get configmap test-configmap -n provision-test -o json 41 | register: get_configmap 42 | changed_when: false 43 | 44 | - name: Verify ConfigMap 45 | fail: 46 | msg: | 47 | ConfigMap not defined as expected 48 | >>> 49 | {{ configmap | to_yaml }} 50 | === 51 | {{ got_configmap | to_yaml }} 52 | <<< 53 | vars: 54 | got_configmap: >- 55 | {{ get_configmap.stdout | from_json 56 | | combine(ignore_differences, recursive=True) }} 57 | cmp_configmap: >- 58 | {{ provision_configmap_def 59 | | combine(ignore_differences, recursive=True) }} 60 | when: >- 61 | cmp_configmap.metadata != got_configmap.metadata or 62 | cmp_configmap.data != got_configmap.data 63 | 64 | - name: Test Update 65 | hosts: localhost 66 | connection: local 67 | vars: 68 | provision_configmap: test-configmap.yml.j2 69 | provision_configmap_def: "{{ lookup('template', 'resources/' ~ provision_configmap) | from_yaml }}" 70 | configmap_data: 71 | foo: boop 72 | bar: three 73 | roles: 74 | - role: openshift-provision 75 | openshift_clusters: 76 | - projects: 77 | - name: provision-test 78 | resources: 79 | - "{{ provision_configmap }}" 80 | 81 | tasks: 82 | - name: Get ConfigMap 83 | command: >- 84 | {{ test_oc_cmd }} get configmap test-configmap -n provision-test -o json 85 | register: get_configmap 86 | changed_when: false 87 | 88 | - name: Verify ConfigMap Update 89 | fail: 90 | msg: | 91 | ConfigMap not defined as expected 92 | >>> 93 | {{ configmap | to_yaml }} 94 | === 95 | {{ got_configmap | to_yaml }} 96 | <<< 97 | vars: 98 | got_configmap: >- 99 | {{ get_configmap.stdout | from_json 100 | | combine(ignore_differences, recursive=True) }} 101 | cmp_configmap: >- 102 | {{ provision_configmap_def 103 | | combine(ignore_differences, recursive=True) }} 104 | when: >- 105 | cmp_configmap.metadata != got_configmap.metadata or 106 | cmp_configmap.data != got_configmap.data 107 | 108 | - name: Cleanup 109 | command: >- 110 | {{ test_oc_cmd }} delete configmap test-configmap -n provision-test 111 | -------------------------------------------------------------------------------- /tests/test-projects-resources-DaemonSet.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | generation: 0 16 | namespace: '' 17 | resourceVersion: 0 18 | selfLink: '' 19 | uid: '' 20 | spec: 21 | template: 22 | metadata: 23 | creationTimestamp: null 24 | templateGeneration: 0 25 | 26 | - name: Test Provision 27 | hosts: localhost 28 | connection: local 29 | vars: 30 | provision_daemonset: test-daemonset.yml.j2 31 | provision_daemonset_def: "{{ lookup('template', 'resources/' ~ provision_daemonset) | from_yaml }}" 32 | image_pull_policy: IfNotPresent 33 | roles: 34 | - role: openshift-provision 35 | openshift_clusters: 36 | - projects: 37 | - name: provision-test 38 | resources: 39 | - "{{ provision_daemonset }}" 40 | 41 | tasks: 42 | - name: Get DaemonSet 43 | command: >- 44 | {{ test_oc_cmd }} get daemonset test-daemonset -n provision-test -o json 45 | register: get_daemonset 46 | changed_when: false 47 | 48 | - name: Verify DaemonSet 49 | fail: 50 | msg: | 51 | DaemonSet not defined as expected 52 | >>> 53 | {{ cmp_daemonset | to_yaml }} 54 | === 55 | {{ got_daemonset | to_yaml }} 56 | <<< 57 | vars: 58 | got_daemonset: "{{ get_daemonset.stdout | from_json | combine(ignore_differences, recursive=True) }}" 59 | cmp_daemonset: "{{ provision_daemonset_def | combine(ignore_differences, recursive=True) }}" 60 | when: >- 61 | cmp_daemonset.metadata != got_daemonset.metadata or 62 | cmp_daemonset.spec != got_daemonset.spec 63 | 64 | - name: Test Update 65 | hosts: localhost 66 | connection: local 67 | vars: 68 | provision_daemonset: test-daemonset.yml.j2 69 | provision_daemonset_def: "{{ lookup('template', 'resources/' ~ provision_daemonset) | from_yaml }}" 70 | image_pull_policy: Always 71 | roles: 72 | - role: openshift-provision 73 | openshift_clusters: 74 | - projects: 75 | - name: provision-test 76 | resources: 77 | - "{{ provision_daemonset }}" 78 | 79 | tasks: 80 | - name: Get DaemonSet 81 | command: >- 82 | {{ test_oc_cmd }} get daemonset test-daemonset -n provision-test -o json 83 | register: get_daemonset 84 | changed_when: false 85 | 86 | - name: Verify DaemonSet Update 87 | fail: 88 | msg: | 89 | DaemonSet not defined as expected 90 | >>> 91 | {{ cmp_daemonset | to_yaml }} 92 | === 93 | {{ got_daemonset | to_yaml }} 94 | <<< 95 | vars: 96 | got_daemonset: "{{ get_daemonset.stdout | from_json | combine(ignore_differences, recursive=True) }}" 97 | cmp_daemonset: "{{ provision_daemonset_def | combine(ignore_differences, recursive=True) }}" 98 | when: >- 99 | cmp_daemonset.metadata != got_daemonset.metadata or 100 | cmp_daemonset.spec != got_daemonset.spec 101 | -------------------------------------------------------------------------------- /tests/test-projects-resources-Deployment.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | deployment.kubernetes.io/revision: '0' 14 | kubectl.kubernetes.io/last-applied-configuration: '' 15 | creationTimestamp: null 16 | generation: 0 17 | namespace: '' 18 | resourceVersion: 0 19 | selfLink: '' 20 | uid: '' 21 | spec: 22 | template: 23 | metadata: 24 | creationTimestamp: null 25 | templateGeneration: 0 26 | 27 | - name: Test Provision 28 | hosts: localhost 29 | connection: local 30 | vars: 31 | provision_deployment: test-deployment.yml.j2 32 | provision_deployment_def: "{{ lookup('template', 'resources/' ~ provision_deployment) | from_yaml }}" 33 | deployment_app_label: testdeploy 34 | deployment_replicas: 1 35 | 36 | roles: 37 | - role: openshift-provision 38 | openshift_clusters: 39 | - projects: 40 | - name: provision-test 41 | resources: 42 | - "{{ provision_deployment }}" 43 | 44 | tasks: 45 | - name: Get Deployment 46 | command: >- 47 | {{ test_oc_cmd }} get deployment test-deployment -n provision-test -o json 48 | register: get_deployment 49 | changed_when: false 50 | 51 | - name: Verify Deployment 52 | fail: 53 | msg: | 54 | Deployment not defined as expected 55 | >>> 56 | {{ cmp_deployment | to_yaml }} 57 | === 58 | {{ got_deployment | to_yaml }} 59 | <<< 60 | vars: 61 | got_deployment: "{{ get_deployment.stdout | from_json | combine(ignore_differences, recursive=True) }}" 62 | cmp_deployment: "{{ provision_deployment_def | combine(ignore_differences, recursive=True) }}" 63 | when: >- 64 | cmp_deployment.metadata != got_deployment.metadata or 65 | cmp_deployment.spec != got_deployment.spec 66 | 67 | - name: Test Update 68 | hosts: localhost 69 | connection: local 70 | vars: 71 | provision_deployment: test-deployment.yml.j2 72 | provision_deployment_def: "{{ lookup('template', 'resources/' ~ provision_deployment) | from_yaml }}" 73 | deployment_app_label: test-deploy 74 | deployment_replicas: 2 75 | 76 | roles: 77 | - role: openshift-provision 78 | openshift_clusters: 79 | - projects: 80 | - name: provision-test 81 | resources: 82 | - "{{ provision_deployment }}" 83 | 84 | tasks: 85 | - name: Get Deployment 86 | command: >- 87 | {{ test_oc_cmd }} get deployment test-deployment -n provision-test -o json 88 | register: get_deployment 89 | changed_when: false 90 | 91 | - name: Verify Deployment Update 92 | fail: 93 | msg: | 94 | Deployment not defined as expected 95 | >>> 96 | {{ cmp_deployment | to_yaml }} 97 | === 98 | {{ got_deployment | to_yaml }} 99 | <<< 100 | vars: 101 | got_deployment: "{{ get_deployment.stdout | from_json | combine(ignore_differences, recursive=True) }}" 102 | cmp_deployment: "{{ provision_deployment_def | combine(ignore_differences, recursive=True) }}" 103 | when: >- 104 | cmp_deployment.metadata != got_deployment.metadata or 105 | cmp_deployment.spec != got_deployment.spec 106 | -------------------------------------------------------------------------------- /tests/test-projects-resources-DeploymentConfig.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | generation: 0 16 | namespace: '' 17 | resourceVersion: 0 18 | selfLink: '' 19 | uid: '' 20 | spec: 21 | template: 22 | metadata: 23 | creationTimestamp: null 24 | 25 | - name: Test Provision 26 | hosts: localhost 27 | connection: local 28 | vars: 29 | provision_deploymentconfig: test-deploymentconfig.yml.j2 30 | provision_deploymentconfig_def: "{{ lookup('template', 'resources/' ~ provision_deploymentconfig) | from_yaml }}" 31 | deploymentconfig_env: 32 | - name: FOO 33 | value: bar 34 | roles: 35 | - role: openshift-provision 36 | openshift_clusters: 37 | - projects: 38 | - name: provision-test 39 | resources: 40 | - "{{ provision_deploymentconfig }}" 41 | 42 | tasks: 43 | - name: Get DeploymentConfig 44 | command: >- 45 | {{ test_oc_cmd }} get deploymentconfig test-deploymentconfig -n provision-test -o json 46 | register: get_deploymentconfig 47 | changed_when: false 48 | 49 | - name: Verify DeploymentConfig 50 | fail: 51 | msg: | 52 | DeploymentConfig not defined as expected 53 | >>> 54 | {{ cmp_deploymentconfig | to_yaml }} 55 | === 56 | {{ got_deploymentconfig | to_yaml }} 57 | <<< 58 | vars: 59 | got_deploymentconfig: "{{ get_deploymentconfig.stdout | from_json | combine(ignore_differences, recursive=True) }}" 60 | cmp_deploymentconfig: "{{ provision_deploymentconfig_def | combine(ignore_differences, recursive=True) }}" 61 | when: >- 62 | cmp_deploymentconfig.metadata != got_deploymentconfig.metadata or 63 | cmp_deploymentconfig.spec != got_deploymentconfig.spec 64 | 65 | - name: Test Update 66 | hosts: localhost 67 | connection: local 68 | vars: 69 | provision_deploymentconfig: test-deploymentconfig.yml.j2 70 | provision_deploymentconfig_def: "{{ lookup('template', 'resources/' ~ provision_deploymentconfig) | from_yaml }}" 71 | deploymentconfig_env: 72 | - name: FOO 73 | value: foo 74 | roles: 75 | - role: openshift-provision 76 | openshift_clusters: 77 | - projects: 78 | - name: provision-test 79 | resources: 80 | - "{{ provision_deploymentconfig }}" 81 | 82 | tasks: 83 | - name: Get DeploymentConfig 84 | command: >- 85 | {{ test_oc_cmd }} get deploymentconfig test-deploymentconfig -n provision-test -o json 86 | register: get_deploymentconfig 87 | changed_when: false 88 | 89 | - name: Verify DeploymentConfig 90 | fail: 91 | msg: | 92 | DeploymentConfig not defined as expected 93 | >>> 94 | {{ cmp_deploymentconfig | to_yaml }} 95 | === 96 | {{ got_deploymentconfig | to_yaml }} 97 | <<< 98 | vars: 99 | got_deploymentconfig: "{{ get_deploymentconfig.stdout | from_json | combine(ignore_differences, recursive=True) }}" 100 | cmp_deploymentconfig: "{{ provision_deploymentconfig_def | combine(ignore_differences, recursive=True) }}" 101 | when: >- 102 | cmp_deploymentconfig.metadata != got_deploymentconfig.metadata or 103 | cmp_deploymentconfig.spec != got_deploymentconfig.spec 104 | -------------------------------------------------------------------------------- /tests/test-projects-resources-HorizontalPodAutoscaler.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | autoscaling.alpha.kubernetes.io/conditions: '' 14 | kubectl.kubernetes.io/last-applied-configuration: '' 15 | creationTimestamp: null 16 | namespace: '' 17 | resourceVersion: 0 18 | selfLink: '' 19 | uid: '' 20 | 21 | - name: Test Provision 22 | hosts: localhost 23 | connection: local 24 | vars: 25 | provision_horizontalpodautoscaler: test-horizontalpodautoscaler.yml.j2 26 | provision_horizontalpodautoscaler_def: "{{ lookup('template', 'resources/' ~ provision_horizontalpodautoscaler) | from_yaml }}" 27 | max_replicas: 10 28 | target_cpu_utilization: 70 29 | roles: 30 | - role: openshift-provision 31 | openshift_clusters: 32 | - projects: 33 | - name: provision-test 34 | resources: 35 | - "{{ provision_horizontalpodautoscaler }}" 36 | 37 | tasks: 38 | - name: Get HorizontalPodAutoscaler 39 | command: >- 40 | {{ test_oc_cmd }} get horizontalpodautoscaler test-horizontalpodautoscaler -n provision-test -o json 41 | register: get_horizontalpodautoscaler 42 | changed_when: false 43 | 44 | - name: Verify HorizontalPodAutoscaler 45 | fail: 46 | msg: | 47 | HorizontalPodAutoscaler not defined as expected 48 | >>> 49 | {{ cmp_horizontalpodautoscaler | to_yaml }} 50 | === 51 | {{ got_horizontalpodautoscaler | to_yaml }} 52 | <<< 53 | vars: 54 | got_horizontalpodautoscaler: "{{ get_horizontalpodautoscaler.stdout | from_json | combine(ignore_differences, recursive=True) }}" 55 | cmp_horizontalpodautoscaler: "{{ provision_horizontalpodautoscaler_def | combine(ignore_differences, recursive=True) }}" 56 | when: >- 57 | cmp_horizontalpodautoscaler.metadata != got_horizontalpodautoscaler.metadata or 58 | cmp_horizontalpodautoscaler.spec != got_horizontalpodautoscaler.spec 59 | 60 | - name: Test Update 61 | hosts: localhost 62 | connection: local 63 | vars: 64 | provision_horizontalpodautoscaler: test-horizontalpodautoscaler.yml.j2 65 | provision_horizontalpodautoscaler_def: "{{ lookup('template', 'resources/' ~ provision_horizontalpodautoscaler) | from_yaml }}" 66 | max_replicas: 8 67 | target_cpu_utilization: 80 68 | roles: 69 | - role: openshift-provision 70 | openshift_clusters: 71 | - projects: 72 | - name: provision-test 73 | resources: 74 | - "{{ provision_horizontalpodautoscaler }}" 75 | 76 | tasks: 77 | - name: Get HorizontalPodAutoscaler 78 | command: >- 79 | {{ test_oc_cmd }} get horizontalpodautoscaler test-horizontalpodautoscaler -n provision-test -o json 80 | register: get_horizontalpodautoscaler 81 | changed_when: false 82 | 83 | - name: Verify HorizontalPodAutoscaler Update 84 | fail: 85 | msg: | 86 | HorizontalPodAutoscaler not defined as expected 87 | >>> 88 | {{ cmp_horizontalpodautoscaler | to_yaml }} 89 | === 90 | {{ got_horizontalpodautoscaler | to_yaml }} 91 | <<< 92 | vars: 93 | got_horizontalpodautoscaler: "{{ get_horizontalpodautoscaler.stdout | from_json | combine(ignore_differences, recursive=True) }}" 94 | cmp_horizontalpodautoscaler: "{{ provision_horizontalpodautoscaler_def | combine(ignore_differences, recursive=True) }}" 95 | when: >- 96 | cmp_horizontalpodautoscaler.metadata != got_horizontalpodautoscaler.metadata or 97 | cmp_horizontalpodautoscaler.spec != got_horizontalpodautoscaler.spec 98 | -------------------------------------------------------------------------------- /tests/test-projects-resources-LimitRange.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | generation: 0 16 | namespace: '' 17 | resourceVersion: 0 18 | selfLink: '' 19 | uid: '' 20 | 21 | - name: Test Provision 22 | hosts: localhost 23 | connection: local 24 | vars: 25 | provision_limitrange: test-limitrange.yml.j2 26 | provision_limitrange_def: "{{ lookup('template', 'resources/' ~ provision_limitrange) | from_yaml }}" 27 | pod_max: 28 | cpu: "2" 29 | memory: 1Gi 30 | pod_min: 31 | cpu: 200m 32 | memory: 6Mi 33 | container_max: 34 | cpu: "2" 35 | memory: 1Gi 36 | container_min: 37 | cpu: 100m 38 | memory: 4Mi 39 | container_default: 40 | cpu: 300m 41 | memory: 200Mi 42 | container_default_request: 43 | cpu: 200m 44 | memory: 100Mi 45 | container_max_ratio: 46 | cpu: "10" 47 | 48 | roles: 49 | - role: openshift-provision 50 | openshift_clusters: 51 | - projects: 52 | - name: provision-test 53 | resources: 54 | - "{{ provision_limitrange }}" 55 | 56 | tasks: 57 | - name: Get LimitRange 58 | command: >- 59 | {{ test_oc_cmd }} get limitrange test-limitrange -n provision-test -o json 60 | register: get_limitrange 61 | changed_when: false 62 | 63 | - name: Verify LimitRange 64 | fail: 65 | msg: | 66 | LimitRange not defined as expected 67 | >>> 68 | {{ cmp_limitrange | to_yaml }} 69 | === 70 | {{ got_limitrange | to_yaml }} 71 | <<< 72 | vars: 73 | got_limitrange: >- 74 | {{ get_limitrange.stdout | from_json 75 | | combine(ignore_differences, recursive=True) }} 76 | cmp_limitrange: >- 77 | {{ provision_limitrange_def 78 | | combine(ignore_differences, recursive=True) }} 79 | when: >- 80 | cmp_limitrange.metadata != got_limitrange.metadata or 81 | cmp_limitrange.spec != got_limitrange.spec 82 | 83 | - name: Test Update 84 | hosts: localhost 85 | connection: local 86 | vars: 87 | provision_limitrange: test-limitrange.yml.j2 88 | provision_limitrange_def: "{{ lookup('template', 'resources/' ~ provision_limitrange) | from_yaml }}" 89 | pod_max: 90 | cpu: "3" 91 | memory: 1Gi 92 | pod_min: 93 | cpu: 200m 94 | memory: 6Mi 95 | container_max: 96 | cpu: 2400m 97 | memory: 1Gi 98 | container_min: 99 | cpu: 100m 100 | memory: 4Mi 101 | container_default: 102 | cpu: 300m 103 | memory: 200Mi 104 | container_default_request: 105 | cpu: 200m 106 | memory: 100Mi 107 | container_max_ratio: 108 | cpu: "10" 109 | 110 | roles: 111 | - role: openshift-provision 112 | openshift_clusters: 113 | - projects: 114 | - name: provision-test 115 | resources: 116 | - "{{ provision_limitrange }}" 117 | 118 | tasks: 119 | - name: Get LimitRange 120 | command: >- 121 | {{ test_oc_cmd }} get limitrange test-limitrange -n provision-test -o json 122 | register: get_limitrange 123 | changed_when: false 124 | 125 | - name: Verify LimitRange Update 126 | fail: 127 | msg: | 128 | LimitRange not defined as expected 129 | >>> 130 | {{ cmp_limitrange | to_yaml }} 131 | === 132 | {{ got_limitrange | to_yaml }} 133 | <<< 134 | vars: 135 | got_limitrange: >- 136 | {{ get_limitrange.stdout | from_json 137 | | combine(ignore_differences, recursive=True) }} 138 | cmp_limitrange: >- 139 | {{ provision_limitrange_def 140 | | combine(ignore_differences, recursive=True) }} 141 | when: >- 142 | cmp_limitrange.metadata != got_limitrange.metadata or 143 | cmp_limitrange.spec != got_limitrange.spec 144 | -------------------------------------------------------------------------------- /tests/test-projects-resources-PersistentVolumeClaim.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | pv.kubernetes.io/bind-completed: '' 15 | pv.kubernetes.io/bound-by-controller: '' 16 | volume.beta.kubernetes.io/storage-provisioner: '' 17 | creationTimestamp: null 18 | selfLink: null 19 | spec: 20 | dataSource: '' 21 | storageClassName: '' 22 | volumeName: '' 23 | 24 | - name: Test Provision 25 | hosts: localhost 26 | connection: local 27 | vars: 28 | provision_persistentvolumeclaim: test-persistentvolumeclaim.yml.j2 29 | provision_persistentvolumeclaim_def: >- 30 | {{ lookup('template', 'resources/' ~ provision_persistentvolumeclaim) 31 | | from_yaml }} 32 | persistentvolumeclaim_labels: 33 | testlabel: foo 34 | 35 | roles: 36 | - role: openshift-provision 37 | openshift_clusters: 38 | - projects: 39 | - name: provision-test 40 | resources: 41 | - "{{ provision_persistentvolumeclaim }}" 42 | 43 | tasks: 44 | - name: Get PersistentVolumeClaim 45 | command: >- 46 | {{ test_oc_cmd }} get --export persistentvolumeclaim test-persistentvolumeclaim -n provision-test -o json 47 | register: get_persistentvolumeclaim 48 | changed_when: false 49 | 50 | - name: Verify PersistentVolumeClaim 51 | fail: 52 | msg: | 53 | PersistentVolumeClaim not defined as expected 54 | >>> 55 | {{ cmp_persistentvolumeclaim | to_yaml }} 56 | === 57 | {{ got_persistentvolumeclaim | to_yaml }} 58 | <<< 59 | vars: 60 | got_persistentvolumeclaim: "{{ get_persistentvolumeclaim.stdout | from_json | combine(ignore_differences, recursive=True) }}" 61 | cmp_persistentvolumeclaim: "{{ provision_persistentvolumeclaim_def | combine(ignore_differences, recursive=True) }}" 62 | when: >- 63 | cmp_persistentvolumeclaim.metadata != got_persistentvolumeclaim.metadata or 64 | cmp_persistentvolumeclaim.spec != got_persistentvolumeclaim.spec 65 | 66 | - name: Test Update 67 | hosts: localhost 68 | connection: local 69 | vars: 70 | provision_persistentvolumeclaim: test-persistentvolumeclaim.yml.j2 71 | provision_persistentvolumeclaim_def: >- 72 | {{ lookup('template', 'resources/' ~ provision_persistentvolumeclaim) 73 | | from_yaml }} 74 | persistentvolumeclaim_labels: 75 | testlabel: bar 76 | 77 | roles: 78 | - role: openshift-provision 79 | openshift_clusters: 80 | - projects: 81 | - name: provision-test 82 | resources: 83 | - "{{ provision_persistentvolumeclaim }}" 84 | 85 | tasks: 86 | - name: Get PersistentVolumeClaim 87 | command: >- 88 | {{ test_oc_cmd }} get --export persistentvolumeclaim test-persistentvolumeclaim -n provision-test -o json 89 | register: get_persistentvolumeclaim 90 | changed_when: false 91 | 92 | - name: Verify PersistentVolumeClaim 93 | fail: 94 | msg: | 95 | PersistentVolumeClaim not defined as expected 96 | >>> 97 | {{ cmp_persistentvolumeclaim | to_yaml }} 98 | === 99 | {{ got_persistentvolumeclaim | to_yaml }} 100 | <<< 101 | vars: 102 | got_persistentvolumeclaim: "{{ get_persistentvolumeclaim.stdout | from_json | combine(ignore_differences, recursive=True) }}" 103 | cmp_persistentvolumeclaim: "{{ provision_persistentvolumeclaim_def | combine(ignore_differences, recursive=True) }}" 104 | when: >- 105 | cmp_persistentvolumeclaim.metadata != got_persistentvolumeclaim.metadata or 106 | cmp_persistentvolumeclaim.spec != got_persistentvolumeclaim.spec 107 | 108 | - name: Cleanup 109 | hosts: localhost 110 | connection: local 111 | tasks: 112 | - name: Delete PersistentVolumeClaim 113 | openshift_provision: 114 | action: delete 115 | namespace: provision-test 116 | connection: "{{ openshift_connection }}" 117 | resource: 118 | kind: PersistentVolumeClaim 119 | metadata: 120 | name: test-persistentvolumeclaim 121 | -------------------------------------------------------------------------------- /tests/test-projects-resources-ReplicaSet.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | generation: 0 16 | namespace: '' 17 | resourceVersion: 0 18 | selfLink: '' 19 | uid: '' 20 | spec: 21 | template: 22 | metadata: 23 | creationTimestamp: null 24 | templateGeneration: 0 25 | 26 | - name: Test Provision 27 | hosts: localhost 28 | connection: local 29 | vars: 30 | provision_replicaset: test-replicaset.yml.j2 31 | provision_replicaset_def: "{{ lookup('template', 'resources/' ~ provision_replicaset) | from_yaml }}" 32 | replicaset_app_label: test-replicaset 33 | replicaset_replicas: 3 34 | 35 | roles: 36 | - role: openshift-provision 37 | openshift_clusters: 38 | - projects: 39 | - name: provision-test 40 | resources: 41 | - "{{ provision_replicaset }}" 42 | 43 | tasks: 44 | - name: Get ReplicaSet 45 | command: >- 46 | {{ test_oc_cmd }} get replicaset test-replicaset -n provision-test -o json 47 | register: get_replicaset 48 | changed_when: false 49 | 50 | - name: Verify ReplicaSet 51 | fail: 52 | msg: | 53 | ReplicaSet not defined as expected 54 | >>> 55 | {{ cmp_replicaset | to_yaml }} 56 | === 57 | {{ got_replicaset | to_yaml }} 58 | <<< 59 | vars: 60 | got_replicaset: "{{ get_replicaset.stdout | from_json | combine(ignore_differences, recursive=True) }}" 61 | cmp_replicaset: "{{ provision_replicaset_def | combine(ignore_differences, recursive=True) }}" 62 | when: >- 63 | cmp_replicaset.metadata != got_replicaset.metadata or 64 | cmp_replicaset.spec != got_replicaset.spec 65 | 66 | - name: Test Update 67 | hosts: localhost 68 | connection: local 69 | vars: 70 | provision_replicaset: test-replicaset.yml.j2 71 | provision_replicaset_def: "{{ lookup('template', 'resources/' ~ provision_replicaset) | from_yaml }}" 72 | replicaset_app_label: rs-test 73 | replicaset_replicas: 1 74 | 75 | roles: 76 | - role: openshift-provision 77 | openshift_clusters: 78 | - projects: 79 | - name: provision-test 80 | resources: 81 | - "{{ provision_replicaset }}" 82 | 83 | tasks: 84 | - name: Get ReplicaSet 85 | command: >- 86 | {{ test_oc_cmd }} get replicaset test-replicaset -n provision-test -o json 87 | register: get_replicaset 88 | changed_when: false 89 | 90 | - name: Verify ReplicaSet Update 91 | fail: 92 | msg: | 93 | ReplicaSet not defined as expected 94 | >>> 95 | {{ cmp_replicaset | to_yaml }} 96 | === 97 | {{ got_replicaset | to_yaml }} 98 | <<< 99 | vars: 100 | got_replicaset: "{{ get_replicaset.stdout | from_json | combine(ignore_differences, recursive=True) }}" 101 | cmp_replicaset: "{{ provision_replicaset_def | combine(ignore_differences, recursive=True) }}" 102 | when: >- 103 | cmp_replicaset.metadata != got_replicaset.metadata or 104 | cmp_replicaset.spec != got_replicaset.spec 105 | -------------------------------------------------------------------------------- /tests/test-projects-resources-ReplicationController.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | generation: 0 16 | namespace: '' 17 | resourceVersion: 0 18 | selfLink: '' 19 | uid: '' 20 | spec: 21 | template: 22 | metadata: 23 | creationTimestamp: null 24 | 25 | - name: Test Provision 26 | hosts: localhost 27 | connection: local 28 | vars: 29 | provision_replicationcontroller: test-replicationcontroller.yml.j2 30 | provision_replicationcontroller_def: "{{ lookup('template', 'resources/' ~ provision_replicationcontroller) | from_yaml }}" 31 | image_pull_policy: IfNotPresent 32 | readiness_probe_delay: 5 33 | roles: 34 | - role: openshift-provision 35 | openshift_clusters: 36 | - projects: 37 | - name: provision-test 38 | resources: 39 | - "{{ provision_replicationcontroller }}" 40 | 41 | tasks: 42 | - name: Get ReplicationController 43 | command: >- 44 | {{ test_oc_cmd }} get replicationcontroller test-replicationcontroller -n provision-test -o json 45 | register: get_replicationcontroller 46 | changed_when: false 47 | 48 | - name: Verify ReplicationController 49 | fail: 50 | msg: | 51 | ReplicationController not defined as expected 52 | >>> 53 | {{ cmp_replicationcontroller | to_yaml }} 54 | === 55 | {{ got_replicationcontroller | to_yaml }} 56 | <<< 57 | vars: 58 | got_replicationcontroller: >- 59 | {{ get_replicationcontroller.stdout | from_json 60 | | combine(ignore_differences, recursive=True) }} 61 | cmp_replicationcontroller: >- 62 | {{ provision_replicationcontroller_def 63 | | combine(ignore_differences, recursive=True) }} 64 | when: >- 65 | cmp_replicationcontroller.metadata != got_replicationcontroller.metadata or 66 | cmp_replicationcontroller.spec != got_replicationcontroller.spec 67 | 68 | - name: Test Update 69 | hosts: localhost 70 | connection: local 71 | vars: 72 | provision_replicationcontroller: test-replicationcontroller.yml.j2 73 | provision_replicationcontroller_def: "{{ lookup('template', 'resources/' ~ provision_replicationcontroller) | from_yaml }}" 74 | image_pull_policy: IfNotPresent 75 | readiness_probe_delay: 5 76 | roles: 77 | - role: openshift-provision 78 | openshift_clusters: 79 | - projects: 80 | - name: provision-test 81 | resources: 82 | - "{{ provision_replicationcontroller }}" 83 | 84 | tasks: 85 | - name: Get ReplicationController 86 | command: >- 87 | {{ test_oc_cmd }} get replicationcontroller test-replicationcontroller -n provision-test -o json 88 | register: get_replicationcontroller 89 | changed_when: false 90 | 91 | - name: Verify ReplicationController Update 92 | fail: 93 | msg: | 94 | ReplicationController not defined as expected 95 | >>> 96 | {{ cmp_replicationcontroller | to_yaml }} 97 | === 98 | {{ got_replicationcontroller | to_yaml }} 99 | <<< 100 | vars: 101 | got_replicationcontroller: >- 102 | {{ get_replicationcontroller.stdout | from_json 103 | | combine(ignore_differences, recursive=True) }} 104 | cmp_replicationcontroller: >- 105 | {{ provision_replicationcontroller_def 106 | | combine(ignore_differences, recursive=True) }} 107 | when: >- 108 | cmp_replicationcontroller.metadata != got_replicationcontroller.metadata or 109 | cmp_replicationcontroller.spec != got_replicationcontroller.spec 110 | 111 | - name: Cleanup 112 | command: >- 113 | {{ test_oc_cmd }} delete replicationcontroller test-replicationcontroller -n provision-test 114 | -------------------------------------------------------------------------------- /tests/test-projects-resources-ResourceQuota.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | generation: 0 16 | namespace: '' 17 | resourceVersion: 0 18 | selfLink: '' 19 | uid: '' 20 | 21 | - name: Test Provision 22 | hosts: localhost 23 | connection: local 24 | vars: 25 | provision_resourcequota: test-resourcequota.yml.j2 26 | provision_resourcequota_def: "{{ lookup('template', 'resources/' ~ provision_resourcequota) | from_yaml }}" 27 | quota: 28 | requests.cpu: "2" 29 | requests.memory: 2Gi 30 | limits.memory: 4Gi 31 | 32 | roles: 33 | - role: openshift-provision 34 | openshift_clusters: 35 | - projects: 36 | - name: provision-test 37 | resources: 38 | - "{{ provision_resourcequota }}" 39 | 40 | tasks: 41 | - name: Get ResourceQuota 42 | command: >- 43 | {{ test_oc_cmd }} get resourcequota test-resourcequota -n provision-test -o json 44 | register: get_resourcequota 45 | changed_when: false 46 | 47 | - name: Verify ResourceQuota 48 | fail: 49 | msg: | 50 | ResourceQuota not defined as expected 51 | >>> 52 | {{ cmp_resourcequota | to_yaml }} 53 | === 54 | {{ got_resourcequota | to_yaml }} 55 | <<< 56 | vars: 57 | got_resourcequota: >- 58 | {{ get_resourcequota.stdout | from_json 59 | | combine(ignore_differences, recursive=True) }} 60 | cmp_resourcequota: >- 61 | {{ provision_resourcequota_def 62 | | combine(ignore_differences, recursive=True) }} 63 | when: >- 64 | cmp_resourcequota.metadata != got_resourcequota.metadata or 65 | cmp_resourcequota.spec != got_resourcequota.spec 66 | 67 | - name: Test Update 68 | hosts: localhost 69 | connection: local 70 | vars: 71 | provision_resourcequota: test-resourcequota.yml.j2 72 | provision_resourcequota_def: "{{ lookup('template', 'resources/' ~ provision_resourcequota) | from_yaml }}" 73 | quota: 74 | requests.cpu: "3" 75 | requests.memory: 3Gi 76 | limits.memory: 5Gi 77 | 78 | roles: 79 | - role: openshift-provision 80 | openshift_clusters: 81 | - projects: 82 | - name: provision-test 83 | resources: 84 | - "{{ provision_resourcequota }}" 85 | 86 | tasks: 87 | - name: Get ResourceQuota 88 | command: >- 89 | {{ test_oc_cmd }} get resourcequota test-resourcequota -n provision-test -o json 90 | register: get_resourcequota 91 | changed_when: false 92 | 93 | - name: Verify ResourceQuota 94 | fail: 95 | msg: | 96 | ResourceQuota not defined as expected 97 | >>> 98 | {{ cmp_resourcequota | to_yaml }} 99 | === 100 | {{ got_resourcequota | to_yaml }} 101 | <<< 102 | vars: 103 | got_resourcequota: >- 104 | {{ get_resourcequota.stdout | from_json 105 | | combine(ignore_differences, recursive=True) }} 106 | cmp_resourcequota: >- 107 | {{ provision_resourcequota_def 108 | | combine(ignore_differences, recursive=True) }} 109 | when: >- 110 | cmp_resourcequota.metadata != got_resourcequota.metadata or 111 | cmp_resourcequota.spec != got_resourcequota.spec 112 | 113 | - name: Cleanup 114 | command: >- 115 | {{ test_oc_cmd }} delete resourcequota test-resourcequota -n provision-test 116 | -------------------------------------------------------------------------------- /tests/test-projects-resources-Route.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | generation: 0 16 | namespace: '' 17 | resourceVersion: 0 18 | selfLink: '' 19 | uid: '' 20 | 21 | - name: Test Provision 22 | hosts: localhost 23 | connection: local 24 | vars: 25 | provision_route: test-route.yml.j2 26 | provision_route_def: "{{ lookup('template', 'resources/' ~ provision_route) | from_yaml }}" 27 | route_service_name: test-route-service 28 | roles: 29 | - role: openshift-provision 30 | openshift_clusters: 31 | - projects: 32 | - name: provision-test 33 | resources: 34 | - "{{ provision_route }}" 35 | 36 | tasks: 37 | - name: Get Route 38 | command: >- 39 | {{ test_oc_cmd }} get route test-route -n provision-test -o json 40 | register: get_route 41 | changed_when: false 42 | 43 | - name: Verify Route 44 | fail: 45 | msg: | 46 | Route not defined as expected 47 | >>> 48 | {{ cmp_route | to_yaml }} 49 | === 50 | {{ got_route | to_yaml }} 51 | <<< 52 | vars: 53 | got_route: >- 54 | {{ get_route.stdout | from_json 55 | | combine(ignore_differences, recursive=True) }} 56 | cmp_route: >- 57 | {{ provision_route_def 58 | | combine(ignore_differences, recursive=True) }} 59 | when: >- 60 | cmp_route.metadata != got_route.metadata or 61 | cmp_route.spec != got_route.spec 62 | 63 | - name: Test Update 64 | hosts: localhost 65 | connection: local 66 | vars: 67 | provision_route: test-route.yml.j2 68 | provision_route_def: "{{ lookup('template', 'resources/' ~ provision_route) | from_yaml }}" 69 | route_service_name: test-update-route-service 70 | roles: 71 | - role: openshift-provision 72 | openshift_clusters: 73 | - projects: 74 | - name: provision-test 75 | resources: 76 | - "{{ provision_route }}" 77 | 78 | tasks: 79 | - name: Get Route 80 | command: >- 81 | {{ test_oc_cmd }} get route test-route -n provision-test -o json 82 | register: get_route 83 | changed_when: false 84 | 85 | - name: Verify Route 86 | fail: 87 | msg: | 88 | Route not defined as expected 89 | >>> 90 | {{ cmp_route | to_yaml }} 91 | === 92 | {{ got_route | to_yaml }} 93 | <<< 94 | vars: 95 | got_route: >- 96 | {{ get_route.stdout | from_json 97 | | combine(ignore_differences, recursive=True) }} 98 | cmp_route: >- 99 | {{ provision_route_def 100 | | combine(ignore_differences, recursive=True) }} 101 | when: >- 102 | cmp_route.metadata != got_route.metadata or 103 | cmp_route.spec != got_route.spec 104 | 105 | - name: Cleanup 106 | command: >- 107 | {{ test_oc_cmd }} delete route test-route -n provision-test 108 | -------------------------------------------------------------------------------- /tests/test-projects-resources-Secret.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | selfLink: null 16 | 17 | - name: Test Provision 18 | hosts: localhost 19 | connection: local 20 | vars: 21 | provision_secret: test-secret.yml.j2 22 | provision_secret_def: "{{ lookup('template', 'resources/' ~ provision_secret) | from_yaml }}" 23 | secret_username: alice 24 | secret_password: password 25 | roles: 26 | - role: openshift-provision 27 | openshift_clusters: 28 | - projects: 29 | - name: provision-test 30 | resources: 31 | - "{{ provision_secret }}" 32 | 33 | tasks: 34 | - name: Get Secret 35 | command: >- 36 | {{ test_oc_cmd }} get --export secret test-secret -n provision-test -o json 37 | register: get_secret 38 | changed_when: false 39 | 40 | - name: Verify Secret 41 | fail: 42 | msg: | 43 | Secret not defined as expected 44 | >>> 45 | {{ cmp_secret | to_yaml }} 46 | === 47 | {{ got_secret | to_yaml }} 48 | <<< 49 | vars: 50 | got_secret: "{{ get_secret.stdout | from_json | combine(ignore_differences, recursive=True) }}" 51 | cmp_secret: "{{ provision_secret_def | combine(ignore_differences, recursive=True) }}" 52 | when: >- 53 | cmp_secret.metadata != got_secret.metadata or 54 | cmp_secret.data != got_secret.data 55 | 56 | - name: Test Update 57 | hosts: localhost 58 | connection: local 59 | vars: 60 | provision_secret: test-secret.yml.j2 61 | provision_secret_def: "{{ lookup('template', 'resources/' ~ provision_secret) | from_yaml }}" 62 | secret_username: alice 63 | secret_password: p4ssw0rd 64 | roles: 65 | - role: openshift-provision 66 | openshift_clusters: 67 | - projects: 68 | - name: provision-test 69 | resources: 70 | - "{{ provision_secret }}" 71 | 72 | tasks: 73 | - name: Get Secret 74 | command: >- 75 | {{ test_oc_cmd }} get --export secret test-secret -n provision-test -o json 76 | register: get_secret 77 | changed_when: false 78 | 79 | - name: Verify Secret Update 80 | fail: 81 | msg: | 82 | Secret not defined as expected 83 | >>> 84 | {{ cmp_secret | to_yaml }} 85 | === 86 | {{ got_secret | to_yaml }} 87 | <<< 88 | vars: 89 | got_secret: "{{ get_secret.stdout | from_json | combine(ignore_differences, recursive=True) }}" 90 | cmp_secret: "{{ provision_secret_def | combine(ignore_differences, recursive=True) }}" 91 | when: >- 92 | cmp_secret.metadata != got_secret.metadata or 93 | cmp_secret.data != got_secret.data 94 | 95 | - name: Cleanup 96 | command: >- 97 | {{ test_oc_cmd }} delete secret test-secret -n provision-test 98 | -------------------------------------------------------------------------------- /tests/test-projects-resources-Service.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | generation: 0 16 | namespace: '' 17 | resourceVersion: 0 18 | selfLink: '' 19 | uid: '' 20 | spec: 21 | sessionAffinityConfig: 22 | clientIP: 23 | timeoutSeconds: 10800 24 | clusterIP: null 25 | 26 | - name: Test Provision 27 | hosts: localhost 28 | connection: local 29 | vars: 30 | provision_service: test-service.yml.j2 31 | provision_service_def: "{{ lookup('template', 'resources/' ~ provision_service) | from_yaml }}" 32 | service_ports: 33 | - name: 8080-tcp 34 | port: 8080 35 | roles: 36 | - role: openshift-provision 37 | openshift_clusters: 38 | - projects: 39 | - name: provision-test 40 | resources: 41 | - "{{ provision_service }}" 42 | 43 | tasks: 44 | - name: Get Service 45 | command: >- 46 | {{ test_oc_cmd }} get service test-service -n provision-test -o json 47 | register: get_service 48 | changed_when: false 49 | 50 | - name: Verify Service 51 | fail: 52 | msg: | 53 | Service not defined as expected 54 | >>> 55 | {{ cmp_service | to_yaml }} 56 | === 57 | {{ got_service | to_yaml }} 58 | <<< 59 | vars: 60 | got_service: "{{ get_service.stdout | from_json | combine(ignore_differences, recursive=True) }}" 61 | cmp_service: "{{ provision_service_def | combine(ignore_differences, recursive=True) }}" 62 | when: >- 63 | cmp_service.metadata != got_service.metadata or 64 | cmp_service.spec != got_service.spec 65 | 66 | - name: Test Update 67 | hosts: localhost 68 | connection: local 69 | vars: 70 | provision_service: test-service.yml.j2 71 | provision_service_def: "{{ lookup('template', 'resources/' ~ provision_service) | from_yaml }}" 72 | service_ports: 73 | - name: 8080-tcp 74 | port: 8080 75 | - name: 8081-tcp 76 | port: 8081 77 | 78 | roles: 79 | - role: openshift-provision 80 | openshift_clusters: 81 | - projects: 82 | - name: provision-test 83 | resources: 84 | - "{{ provision_service }}" 85 | 86 | tasks: 87 | - name: Get Service 88 | command: >- 89 | {{ test_oc_cmd }} get service test-service -n provision-test -o json 90 | register: get_service 91 | changed_when: false 92 | 93 | - name: Verify Service Update 94 | fail: 95 | msg: | 96 | Service not defined as expected 97 | >>> 98 | {{ cmp_service | to_yaml }} 99 | === 100 | {{ got_service | to_yaml }} 101 | <<< 102 | vars: 103 | got_service: "{{ get_service.stdout | from_json | combine(ignore_differences, recursive=True) }}" 104 | cmp_service: "{{ provision_service_def | combine(ignore_differences, recursive=True) }}" 105 | when: >- 106 | cmp_service.metadata != got_service.metadata or 107 | cmp_service.spec != got_service.spec 108 | 109 | - name: Cleanup 110 | command: >- 111 | {{ test_oc_cmd }} delete service test-service -n provision-test 112 | -------------------------------------------------------------------------------- /tests/test-projects-resources-StatefulSet.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | generation: 0 16 | namespace: '' 17 | resourceVersion: 0 18 | selfLink: '' 19 | uid: '' 20 | spec: 21 | template: 22 | metadata: 23 | creationTimestamp: null 24 | templateGeneration: 0 25 | volumeClaimTemplates: 26 | - metadata: 27 | name: www 28 | creationTimestamp: null 29 | status: 30 | phase: "" 31 | 32 | - name: Test Provision 33 | hosts: localhost 34 | connection: local 35 | vars: 36 | provision_statefulset: test-statefulset.yml.j2 37 | provision_statefulset_def: "{{ lookup('template', 'resources/' ~ provision_statefulset) | from_yaml }}" 38 | statefulset_port: 8000 39 | 40 | roles: 41 | - role: openshift-provision 42 | openshift_clusters: 43 | - projects: 44 | - name: provision-test 45 | resources: 46 | - "{{ provision_statefulset }}" 47 | 48 | tasks: 49 | - name: Get StatefulSet 50 | command: >- 51 | {{ test_oc_cmd }} get statefulset test-statefulset -n provision-test -o json 52 | register: get_statefulset 53 | changed_when: false 54 | 55 | - name: Verify StatefulSet 56 | fail: 57 | msg: | 58 | StatefulSet not defined as expected 59 | >>> 60 | {{ cmp_statefulset | to_yaml }} 61 | === 62 | {{ got_statefulset | to_yaml }} 63 | <<< 64 | vars: 65 | got_statefulset: "{{ get_statefulset.stdout | from_json | combine(ignore_differences, recursive=True) }}" 66 | cmp_statefulset: "{{ provision_statefulset_def | combine(ignore_differences, recursive=True) }}" 67 | when: >- 68 | cmp_statefulset.metadata != got_statefulset.metadata or 69 | cmp_statefulset.spec != got_statefulset.spec 70 | 71 | - name: Test Update 72 | hosts: localhost 73 | connection: local 74 | vars: 75 | provision_statefulset: test-statefulset.yml.j2 76 | provision_statefulset_def: "{{ lookup('template', 'resources/' ~ provision_statefulset) | from_yaml }}" 77 | statefulset_port: 8080 78 | 79 | roles: 80 | - role: openshift-provision 81 | openshift_clusters: 82 | - projects: 83 | - name: provision-test 84 | resources: 85 | - "{{ provision_statefulset }}" 86 | 87 | tasks: 88 | - name: Get StatefulSet 89 | command: >- 90 | {{ test_oc_cmd }} get statefulset test-statefulset -n provision-test -o json 91 | register: get_statefulset 92 | changed_when: false 93 | 94 | - name: Verify StatefulSet Update 95 | fail: 96 | msg: | 97 | StatefulSet not defined as expected 98 | >>> 99 | {{ cmp_statefulset | to_yaml }} 100 | === 101 | {{ got_statefulset | to_yaml }} 102 | <<< 103 | vars: 104 | got_statefulset: "{{ get_statefulset.stdout | from_json | combine(ignore_differences, recursive=True) }}" 105 | cmp_statefulset: "{{ provision_statefulset_def | combine(ignore_differences, recursive=True) }}" 106 | when: >- 107 | cmp_statefulset.metadata != got_statefulset.metadata or 108 | cmp_statefulset.spec != got_statefulset.spec 109 | -------------------------------------------------------------------------------- /tests/test-projects-resources-Template.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - include_tasks: setup-test.yml 9 | - set_fact: 10 | ignore_differences: 11 | metadata: 12 | annotations: 13 | kubectl.kubernetes.io/last-applied-configuration: '' 14 | creationTimestamp: null 15 | generation: 0 16 | namespace: '' 17 | resourceVersion: 0 18 | selfLink: '' 19 | uid: '' 20 | 21 | - name: Test Provision 22 | hosts: localhost 23 | connection: local 24 | vars: 25 | provision_template: 26 | apiVersion: v1 27 | kind: Template 28 | labels: 29 | template: test-template 30 | metadata: 31 | name: test-template 32 | objects: 33 | - apiVersion: v1 34 | kind: ImageStream 35 | metadata: 36 | name: ${NAME} 37 | parameters: 38 | - name: NAME 39 | required: true 40 | 41 | roles: 42 | - role: openshift-provision 43 | openshift_clusters: 44 | - projects: 45 | - name: testproj 46 | resources: 47 | - "{{ provision_template }}" 48 | 49 | tasks: 50 | - name: Get Template 51 | command: >- 52 | {{ test_oc_cmd }} get --export template test-template -n testproj -o json 53 | register: get_template 54 | changed_when: false 55 | 56 | - name: Verify Template 57 | fail: 58 | msg: | 59 | Template not defined as expected 60 | >>> 61 | {{ cmp_template | to_yaml }} 62 | === 63 | {{ got_template | to_yaml }} 64 | <<< 65 | vars: 66 | got_template: "{{ get_template.stdout | from_json | combine(ignore_differences, recursive=True) }}" 67 | cmp_template: "{{ provision_template | combine(ignore_differences, recursive=True) }}" 68 | when: >- 69 | cmp_template.metadata != got_template.metadata or 70 | cmp_template.labels != got_template.labels or 71 | cmp_template.objects != got_template.objects or 72 | cmp_template.parameters != got_template.parameters 73 | 74 | - name: Test Update 75 | hosts: localhost 76 | connection: local 77 | vars: 78 | provision_template: 79 | apiVersion: v1 80 | kind: Template 81 | labels: 82 | template: test-template 83 | metadata: 84 | name: test-template 85 | objects: 86 | - apiVersion: v1 87 | kind: ImageStream 88 | metadata: 89 | name: ${NAME} 90 | labels: 91 | app: ${APPNAME} 92 | parameters: 93 | - name: NAME 94 | required: true 95 | - name: APPNAME 96 | required: true 97 | 98 | roles: 99 | - role: openshift-provision 100 | openshift_clusters: 101 | - projects: 102 | - name: testproj 103 | resources: 104 | - "{{ provision_template }}" 105 | 106 | tasks: 107 | - name: Get Template 108 | command: >- 109 | {{ test_oc_cmd }} get --export template test-template -n testproj -o json 110 | register: get_template 111 | changed_when: false 112 | 113 | - name: Verify Template Update 114 | fail: 115 | msg: | 116 | Template not defined as expected 117 | >>> 118 | {{ cmp_template | to_yaml }} 119 | === 120 | {{ got_template | to_yaml }} 121 | <<< 122 | vars: 123 | got_template: "{{ get_template.stdout | from_json | combine(ignore_differences, recursive=True) }}" 124 | cmp_template: "{{ provision_template | combine(ignore_differences, recursive=True) }}" 125 | when: >- 126 | cmp_template.metadata != got_template.metadata or 127 | cmp_template.labels != got_template.labels or 128 | cmp_template.objects != got_template.objects or 129 | cmp_template.parameters != got_template.parameters 130 | -------------------------------------------------------------------------------- /tests/test-projects-role_bindings.yml: -------------------------------------------------------------------------------- 1 | - name: Set Facts 2 | hosts: localhost 3 | connection: local 4 | vars_files: 5 | - login-creds.yml 6 | tasks: 7 | - include_tasks: setup-test.yml 8 | - set_fact: 9 | ignore_differences: 10 | metadata: 11 | annotations: 12 | kubectl.kubernetes.io/last-applied-configuration: '' 13 | creationTimestamp: null 14 | selfLink: null 15 | 16 | - name: Test Provision 17 | hosts: localhost 18 | connection: local 19 | vars: 20 | edit_users: 21 | - alice 22 | - bob 23 | edit_groups: 24 | - subgenius 25 | roles: 26 | - role: openshift-provision 27 | openshift_clusters: 28 | - projects: 29 | - name: provision-test 30 | role_bindings: 31 | - role: edit 32 | users: "{{ edit_users }}" 33 | groups: "{{ edit_groups }}" 34 | remove_unlisted: true 35 | 36 | tasks: 37 | - name: Get project RoleBindings 38 | command: >- 39 | {{ test_oc_cmd }} get --export rolebinding -n provision-test -o json 40 | register: get_rolebindings 41 | changed_when: false 42 | 43 | - name: Verify User RoleBindings 44 | fail: 45 | msg: | 46 | User RoleBindings are not as expected 47 | >>> 48 | {{ edit_users | to_yaml }} 49 | === 50 | {{ got_users | to_yaml }} 51 | <<< 52 | vars: 53 | role_users_query: "items[?roleRef.name=='edit'].subjects[]|[?kind=='User'].name" 54 | got_users: >- 55 | {{ get_rolebindings.stdout | from_json | json_query(role_users_query) | sort }} 56 | when: 57 | got_users != edit_users 58 | 59 | - name: Verify Group RoleBindings 60 | fail: 61 | msg: | 62 | Group RoleBindings are not as expected 63 | >>> 64 | {{ edit_groups | to_yaml }} 65 | === 66 | {{ got_groups | to_yaml }} 67 | <<< 68 | vars: 69 | role_groups_query: "items[?roleRef.name=='edit'].subjects[]|[?kind=='Group' || kind=='SystemGroup'].name" 70 | got_groups: >- 71 | {{ get_rolebindings.stdout | from_json | json_query(role_groups_query) | sort }} 72 | when: 73 | got_groups != edit_groups 74 | 75 | - name: Test Update 76 | hosts: localhost 77 | connection: local 78 | vars: 79 | edit_users: 80 | - bob 81 | - eve 82 | edit_groups: 83 | - xkcd 84 | roles: 85 | - role: openshift-provision 86 | openshift_clusters: 87 | - projects: 88 | - name: provision-test 89 | role_bindings: 90 | - role: edit 91 | users: "{{ edit_users }}" 92 | groups: "{{ edit_groups }}" 93 | remove_unlisted: true 94 | 95 | tasks: 96 | - name: Get project RoleBindings 97 | command: >- 98 | {{ test_oc_cmd }} get --export rolebinding -n provision-test -o json 99 | register: get_rolebindings 100 | changed_when: false 101 | 102 | - name: Verify User RoleBindings Update 103 | fail: 104 | msg: | 105 | User RoleBindings are not as expected 106 | >>> 107 | {{ edit_users | to_yaml }} 108 | === 109 | {{ got_users | to_yaml }} 110 | <<< 111 | vars: 112 | role_users_query: "items[?roleRef.name=='edit'].subjects[]|[?kind=='User'].name" 113 | got_users: >- 114 | {{ get_rolebindings.stdout | from_json | json_query(role_users_query) | sort }} 115 | when: 116 | got_users != edit_users 117 | 118 | - name: Verify Group RoleBindings Update 119 | fail: 120 | msg: | 121 | Group RoleBindings are not as expected 122 | >>> 123 | {{ edit_groups | to_yaml }} 124 | === 125 | {{ got_groups | to_yaml }} 126 | <<< 127 | vars: 128 | role_groups_query: "items[?roleRef.name=='edit'].subjects[]|[?kind=='Group' || kind=='SystemGroup'].name" 129 | got_groups: >- 130 | {{ get_rolebindings.stdout | from_json | json_query(role_groups_query) | sort }} 131 | when: 132 | got_groups != edit_groups 133 | -------------------------------------------------------------------------------- /tests/test-projects-service_accounts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Set Facts 3 | hosts: localhost 4 | connection: local 5 | vars_files: 6 | - login-creds.yml 7 | tasks: 8 | - set_fact: 9 | test_oc_cmd: >- 10 | oc 11 | {% if openshift_connection_certificate_authority is defined %} 12 | --certificate-authority={{ openshift_connection_certificate_authority | quote }} 13 | {% endif %} 14 | {% if openshift_connection_insecure_skip_tls_verify is defined %} 15 | --insecure-skip-tls-verify={{ openshift_connection_insecure_skip_tls_verify | quote }} 16 | {% endif %} 17 | {% if openshift_connection_server is defined %} 18 | --server={{ openshift_connection_server | quote }} 19 | {% endif %} 20 | {% if openshift_connection_token is defined %} 21 | --token={{ openshift_connection_token | quote }} 22 | {% endif %} 23 | 24 | - name: Test Provision 25 | hosts: localhost 26 | connection: local 27 | 28 | roles: 29 | - role: openshift-provision 30 | openshift_clusters: 31 | - projects: 32 | - name: provision-test 33 | 34 | service_accounts: 35 | - name: testsa1 36 | 37 | tasks: 38 | - name: Get ServiceAccount 39 | command: >- 40 | {{ test_oc_cmd }} get serviceaccount -n provision-test testsa1 41 | changed_when: false 42 | -------------------------------------------------------------------------------- /tests/test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | START_AT="$1" 4 | 5 | set -e 6 | set -x 7 | 8 | for PLAYBOOK in test-*.yml; do 9 | if [[ -s $PLAYBOOK && ! $PLAYBOOK < "$START_AT" ]]; then 10 | ansible-playbook $PLAYBOOK 11 | fi 12 | done 13 | -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for openshift-provision 3 | --------------------------------------------------------------------------------