diff options
author | Jack Lucas <jflucas@research.att.com> | 2019-06-25 18:52:55 -0400 |
---|---|---|
committer | Jack Lucas <jflucas@research.att.com> | 2019-07-01 11:07:30 -0400 |
commit | 9c094d0581c46d3d107facdc55cb2cc7a1d9f765 (patch) | |
tree | 7bb29d659b23295d3a3f67f7e1be054a8eb51544 /k8s/tests | |
parent | a9e0e1c94d9b1fee783ce2db3df962b6fec5149b (diff) |
Add TLS support for client-only apps
Also enhance unit tests to do more robust checking of results.
Issue-ID: DCAEGEN2-1550
Change-Id: Icf6e5357d828e19db73bb58b98fd60e9f111d0dc
Signed-off-by: Jack Lucas <jflucas@research.att.com>
Diffstat (limited to 'k8s/tests')
-rw-r--r-- | k8s/tests/common.py | 135 | ||||
-rw-r--r-- | k8s/tests/conftest.py | 53 | ||||
-rw-r--r-- | k8s/tests/test_k8sclient.py | 100 | ||||
-rw-r--r-- | k8s/tests/test_k8sclient_deploy.py | 48 |
4 files changed, 229 insertions, 107 deletions
diff --git a/k8s/tests/common.py b/k8s/tests/common.py new file mode 100644 index 0000000..67f70a6 --- /dev/null +++ b/k8s/tests/common.py @@ -0,0 +1,135 @@ +# ============LICENSE_START======================================================= +# org.onap.dcae +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +# Common functions for unit testing +def _set_k8s_configuration(): + ''' Set up the basic k8s configuration ''' + return { + "image_pull_secrets" : ["secret0", "secret1"], + "filebeat" : { + "log_path": "/var/log/onap", + "data_path": "/usr/share/filebeat/data", + "config_path": "/usr/share/filebeat/filebeat.yml", + "config_subpath": "filebeat.yml", + "image" : "filebeat-repo/filebeat:latest", + "config_map" : "dcae-filebeat-configmap" + }, + "tls" : { + "cert_path": "/opt/certs", + "image": "tlsrepo/tls-init-container:1.2.3", + "component_ca_cert_path": "/opt/dcae/cacert/cacert.pem", + "ca_cert_configmap": "dcae-cacert-configmap" + }, + "cbs": { + "base_url": "https://config-binding-service:10443/service_component_all/test-component" + } + } + +def _set_resources(): + ''' Set resources ''' + return { + "limits": { + "cpu" : 0.5, + "memory" : "2Gi" + }, + "requests": { + "cpu" : 0.5, + "memory" : "2Gi" + } + } + +def _set_common_kwargs(): + ''' Set kwargs common to all test cases ''' + return { + "volumes": [ + {"host":{"path": "/path/on/host"}, "container":{"bind":"/path/on/container","mode":"rw"}} + ], + "ports": ["80:0", "443:0"], + "env": {"NAME0": "value0", "NAME1": "value1"}, + "log_info": {"log_directory": "/path/to/container/log/directory"}, + "readiness": {"type": "http", "endpoint" : "/ready"} + } + +def _get_item_by_name(list, name): + ''' Search a list of k8s API objects with the specified name ''' + for item in list: + if item.name == name: + return item + return None + +def check_env_var(env_list, name, value): + e = _get_item_by_name(env_list, name) + assert e and e.value == value + +def verify_common(dep, deployment_description): + ''' Check results common to all test cases ''' + assert deployment_description["deployment"] == "dep-testcomponent" + assert deployment_description["namespace"] == "k8stest" + assert deployment_description["services"][0] == "testcomponent" + + # For unit test purposes, we want to make sure that the deployment object + # we're passing to the k8s API is correct + app_container = dep.spec.template.spec.containers[0] + assert app_container.image == "example.com/testcomponent:1.4.3" + assert app_container.image_pull_policy == "IfNotPresent" + assert len(app_container.ports) == 2 + assert app_container.ports[0].container_port == 80 + assert app_container.ports[1].container_port == 443 + assert app_container.readiness_probe.http_get.path == "/ready" + assert app_container.readiness_probe.http_get.scheme == "HTTP" + assert len(app_container.volume_mounts) == 3 + assert app_container.volume_mounts[0].mount_path == "/path/on/container" + assert app_container.volume_mounts[1].mount_path == "/path/to/container/log/directory" + + # Check environment variables + env = app_container.env + check_env_var(env, "NAME0", "value0") + check_env_var(env, "NAME1", "value1") + + # Should have a log container with volume mounts + log_container = dep.spec.template.spec.containers[1] + assert log_container.image == "filebeat-repo/filebeat:latest" + assert log_container.volume_mounts[0].mount_path == "/var/log/onap/testcomponent" + assert log_container.volume_mounts[0].name == "component-log" + assert log_container.volume_mounts[1].mount_path == "/usr/share/filebeat/data" + assert log_container.volume_mounts[1].name == "filebeat-data" + assert log_container.volume_mounts[2].mount_path == "/usr/share/filebeat/filebeat.yml" + assert log_container.volume_mounts[2].name == "filebeat-conf" + + # Needs to be correctly labeled so that the Service can find it + assert dep.spec.template.metadata.labels["app"] == "testcomponent" + + +def do_deploy(tls_info=None): + ''' Common deployment operations ''' + import k8sclient.k8sclient + + k8s_test_config = _set_k8s_configuration() + + resources = _set_resources() + + kwargs = _set_common_kwargs() + if tls_info: + kwargs["tls_info"] = tls_info + + dep, deployment_description = k8sclient.k8sclient.deploy("k8stest","testcomponent","example.com/testcomponent:1.4.3",1,False, k8s_test_config, resources, **kwargs) + + # Make sure all of the basic k8s parameters are correct + verify_common(dep, deployment_description) + + return dep, deployment_description
\ No newline at end of file diff --git a/k8s/tests/conftest.py b/k8s/tests/conftest.py index 572a510..4716b5a 100644 --- a/k8s/tests/conftest.py +++ b/k8s/tests/conftest.py @@ -1,7 +1,7 @@ # ============LICENSE_START======================================================= # org.onap.dcae # ================================================================================ -# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,13 +22,48 @@ import pytest @pytest.fixture() def mockconfig(monkeypatch): + from configure import configure """ Override the regular configure() routine that reads a file and calls Consul""" def altconfig(): - return { - "consul_host": "consul", - "namespace":"dcae", - "consul_dns_name" : "consul", - "image_pull_secrets" : [] - } - from configure import configure - monkeypatch.setattr(configure, 'configure', altconfig)
\ No newline at end of file + config = configure._set_defaults() + config["consul_host"] = config["consul_dns_name"] + return config + monkeypatch.setattr(configure, 'configure', altconfig) + +@pytest.fixture() +def mockk8sapi(monkeypatch): + import k8sclient.k8sclient + from kubernetes import client + + # We need to patch the kubernetes 'client' module + # Awkward because of the way it requires a function call + # to get an API object + core = client.CoreV1Api() + ext = client.ExtensionsV1beta1Api() + + def pseudo_deploy(namespace, dep): + return dep + + def pseudo_service(namespace, svc): + return svc + + # patched_core returns a CoreV1Api object with the + # create_namespaced_service method stubbed out so that there + # is no attempt to call the k8s API server + def patched_core(): + monkeypatch.setattr(core, "create_namespaced_service", pseudo_service) + return core + + # patched_ext returns an ExtensionsV1beta1Api object with the + # create_namespaced_deployment method stubbed out so that there + # is no attempt to call the k8s API server + def patched_ext(): + monkeypatch.setattr(ext,"create_namespaced_deployment", pseudo_deploy) + return ext + + def pseudo_configure(loc): + pass + + monkeypatch.setattr(k8sclient.k8sclient,"_configure_api", pseudo_configure) + monkeypatch.setattr(client, "CoreV1Api", patched_core) + monkeypatch.setattr(client,"ExtensionsV1beta1Api", patched_ext) diff --git a/k8s/tests/test_k8sclient.py b/k8s/tests/test_k8sclient.py index 70ebf05..079748c 100644 --- a/k8s/tests/test_k8sclient.py +++ b/k8s/tests/test_k8sclient.py @@ -16,6 +16,8 @@ # limitations under the License. # ============LICENSE_END========================================================= +# Basic sanity tests for k8sclient functions + import pytest def test_parse_interval(): @@ -174,101 +176,3 @@ def test_create_probe(): for hc in script_checks: probe = _create_probe(hc, 13131) assert probe._exec.command[0] == hc["script"] - -def test_deploy(monkeypatch): - import k8sclient.k8sclient - from kubernetes import client - - # We need to patch the kubernetes 'client' module - # Awkward because of the way it requires a function call - # to get an API object - core = client.CoreV1Api() - ext = client.ExtensionsV1beta1Api() - - def pseudo_deploy(namespace, dep): - return dep - - def pseudo_service(namespace, svc): - return svc - - # patched_core returns a CoreV1Api object with the - # create_namespaced_service method stubbed out so that there - # is no attempt to call the k8s API server - def patched_core(): - monkeypatch.setattr(core, "create_namespaced_service", pseudo_service) - return core - - # patched_ext returns an ExtensionsV1beta1Api object with the - # create_namespaced_deployment method stubbed out so that there - # is no attempt to call the k8s API server - def patched_ext(): - monkeypatch.setattr(ext,"create_namespaced_deployment", pseudo_deploy) - return ext - - def pseudo_configure(loc): - pass - - monkeypatch.setattr(k8sclient.k8sclient,"_configure_api", pseudo_configure) - monkeypatch.setattr(client, "CoreV1Api", patched_core) - monkeypatch.setattr(client,"ExtensionsV1beta1Api", patched_ext) - - k8s_test_config = { - "image_pull_secrets" : ["secret0", "secret1"], - "filebeat" : { - "log_path": "/var/log/onap", - "data_path": "/usr/share/filebeat/data", - "config_path": "/usr/share/filebeat/filebeat.yml", - "config_subpath": "filebeat.yml", - "image" : "filebeat-repo/filebeat:latest", - "config_map" : "dcae-filebeat-configmap" - }, - "tls" : { - "cert_path": "/opt/certs", - "image": "tlsrepo/tls-init-container:1.2.3" - } - } - - resources = { - "limits": { - "cpu" : 0.5, - "memory" : "2Gi" - }, - "requests": { - "cpu" : 0.5, - "memory" : "2Gi" - } - } - - kwargs = { - "volumes": [ - {"host":{"path": "/path/on/host"}, "container":{"bind":"/path/on/container","mode":"rw"}} - ], - "ports": ["80:0", "443:0"], - "env": {"name0": "value0", "name1": "value1"}, - "log_info": {"log_directory": "/path/to/container/log/directory"}, - "tls_info": {"use_tls": True, "cert_directory": "/path/to/container/cert/directory" }, - "readiness": {"type": "http", "endpoint" : "/ready"} - } - dep, deployment_description = k8sclient.k8sclient.deploy("k8stest","testcomponent","example.com/testcomponent:1.4.3",1,False, k8s_test_config, resources, **kwargs) - - assert deployment_description["deployment"] == "dep-testcomponent" - assert deployment_description["namespace"] == "k8stest" - assert deployment_description["services"][0] == "testcomponent" - - # For unit test purposes, we want to make sure that the deployment object - # we're passing to the k8s API is correct - app_container = dep.spec.template.spec.containers[0] - assert app_container.image == "example.com/testcomponent:1.4.3" - assert app_container.image_pull_policy == "IfNotPresent" - assert len(app_container.ports) == 2 - assert app_container.ports[0].container_port == 80 - assert app_container.ports[1].container_port == 443 - assert app_container.readiness_probe.http_get.path == "/ready" - assert app_container.readiness_probe.http_get.scheme == "HTTP" - assert len(app_container.volume_mounts) == 3 - assert app_container.volume_mounts[0].mount_path == "/path/on/container" - assert app_container.volume_mounts[1].mount_path == "/path/to/container/log/directory" - assert app_container.volume_mounts[2].mount_path == "/path/to/container/cert/directory" - - # Needs to be correctly labeled so that the Service can find it - assert dep.spec.template.metadata.labels["app"] == "testcomponent" diff --git a/k8s/tests/test_k8sclient_deploy.py b/k8s/tests/test_k8sclient_deploy.py new file mode 100644 index 0000000..4e8a11d --- /dev/null +++ b/k8s/tests/test_k8sclient_deploy.py @@ -0,0 +1,48 @@ +# ============LICENSE_START======================================================= +# org.onap.dcae +# ================================================================================ +# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +# Test k8sclient deployment functions +# Verify that for a given configuration and set of inputs, k8sclient generates the proper +# Kubernetes entities + +import pytest +from common import do_deploy + +def test_deploy_full_tls(mockk8sapi): + ''' Deploy component with a full TLS configuration, to act as a server ''' + + dep, deployment_description = do_deploy({"use_tls": True, "cert_directory": "/path/to/container/cert/directory" }) + + app_container = dep.spec.template.spec.containers[0] + assert app_container.volume_mounts[2].mount_path == "/path/to/container/cert/directory" + +def test_deploy_tls_off(mockk8sapi): + ''' TLS client only, but with cert directory configured ''' + + dep, deployment_description = do_deploy({"use_tls": False, "cert_directory": "/path/to/container/cert/directory" }) + + app_container = dep.spec.template.spec.containers[0] + assert app_container.volume_mounts[2].mount_path == "/path/to/container/cert/directory" + +def test_deploy_no_tls_info(mockk8sapi): + ''' TLS client only, but with cert directory configured ''' + + dep, deployment_description = do_deploy() + + app_container = dep.spec.template.spec.containers[0] + assert app_container.volume_mounts[2].mount_path == "/opt/dcae/cacert" |