summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorScott Dodson <sdodson@redhat.com>2017-03-06 13:21:25 -0500
committerGitHub <noreply@github.com>2017-03-06 13:21:25 -0500
commit839f19377361bbf562f59e833baf2c0799921402 (patch)
tree8cdf5136ef8c6ac3fc00a8cf3016bab4c35611a7
parent816df41015439e266f38ad25fb2def223e412b3e (diff)
parent66cc0be1dc9ba371ff8d5b537ea6a6798fe11cae (diff)
downloadopenshift-839f19377361bbf562f59e833baf2c0799921402.tar.gz
openshift-839f19377361bbf562f59e833baf2c0799921402.tar.bz2
openshift-839f19377361bbf562f59e833baf2c0799921402.tar.xz
openshift-839f19377361bbf562f59e833baf2c0799921402.zip
Merge pull request #3535 from enj/enj/f/reserve_ns_module
Add pre-upgrade check for reserved namespaces
-rw-r--r--roles/lib_openshift/library/oc_objectvalidator.py (renamed from roles/lib_openshift/library/oc_sdnvalidator.py)71
-rw-r--r--roles/lib_openshift/src/ansible/oc_objectvalidator.py (renamed from roles/lib_openshift/src/ansible/oc_sdnvalidator.py)4
-rw-r--r--roles/lib_openshift/src/class/oc_objectvalidator.py77
-rw-r--r--roles/lib_openshift/src/class/oc_sdnvalidator.py58
-rw-r--r--roles/lib_openshift/src/doc/objectvalidator (renamed from roles/lib_openshift/src/doc/sdnvalidator)14
-rw-r--r--roles/lib_openshift/src/sources.yml8
-rwxr-xr-xroles/lib_openshift/src/test/unit/oc_sdnvalidator.py481
-rwxr-xr-xroles/lib_openshift/src/test/unit/test_oc_objectvalidator.py916
8 files changed, 1051 insertions, 578 deletions
diff --git a/roles/lib_openshift/library/oc_sdnvalidator.py b/roles/lib_openshift/library/oc_objectvalidator.py
index bc7487b95..f6802a9b3 100644
--- a/roles/lib_openshift/library/oc_sdnvalidator.py
+++ b/roles/lib_openshift/library/oc_objectvalidator.py
@@ -50,14 +50,14 @@ from ansible.module_utils.basic import AnsibleModule
# -*- -*- -*- End included fragment: lib/import.py -*- -*- -*-
-# -*- -*- -*- Begin included fragment: doc/sdnvalidator -*- -*- -*-
+# -*- -*- -*- Begin included fragment: doc/objectvalidator -*- -*- -*-
DOCUMENTATION = '''
---
-module: oc_sdnvalidator
-short_description: Validate SDN objects
+module: oc_objectvalidator
+short_description: Validate OpenShift objects
description:
- - Validate SDN objects
+ - Validate OpenShift objects
options:
kubeconfig:
description:
@@ -71,13 +71,13 @@ extends_documentation_fragment: []
'''
EXAMPLES = '''
-oc_version:
-- name: get oc sdnvalidator
- sdnvalidator:
- register: oc_sdnvalidator
+oc_objectvalidator:
+- name: run oc_objectvalidator
+ oc_objectvalidator:
+ register: oc_objectvalidator
'''
-# -*- -*- -*- End included fragment: doc/sdnvalidator -*- -*- -*-
+# -*- -*- -*- End included fragment: doc/objectvalidator -*- -*- -*-
# -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*-
# pylint: disable=undefined-variable,missing-docstring
@@ -1307,25 +1307,25 @@ class OpenShiftCLIConfig(object):
# -*- -*- -*- End included fragment: lib/base.py -*- -*- -*-
-# -*- -*- -*- Begin included fragment: class/oc_sdnvalidator.py -*- -*- -*-
+# -*- -*- -*- Begin included fragment: class/oc_objectvalidator.py -*- -*- -*-
# pylint: disable=too-many-instance-attributes
-class OCSDNValidator(OpenShiftCLI):
+class OCObjectValidator(OpenShiftCLI):
''' Class to wrap the oc command line tools '''
def __init__(self, kubeconfig):
- ''' Constructor for OCSDNValidator '''
- # namespace has no meaning for SDN validation, hardcode to 'default'
- super(OCSDNValidator, self).__init__('default', kubeconfig)
+ ''' Constructor for OCObjectValidator '''
+ # namespace has no meaning for object validation, hardcode to 'default'
+ super(OCObjectValidator, self).__init__('default', kubeconfig)
- def get(self, kind, invalid_filter):
- ''' return SDN information '''
+ def get_invalid(self, kind, invalid_filter):
+ ''' return invalid object information '''
rval = self._get(kind)
if rval['returncode'] != 0:
return False, rval, []
- return True, rval, filter(invalid_filter, rval['results'][0]['items'])
+ return True, rval, list(filter(invalid_filter, rval['results'][0]['items'])) # wrap filter with list for py3
# pylint: disable=too-many-return-statements
@staticmethod
@@ -1335,10 +1335,24 @@ class OCSDNValidator(OpenShiftCLI):
params comes from the ansible portion of this module
'''
- sdnvalidator = OCSDNValidator(params['kubeconfig'])
+ objectvalidator = OCObjectValidator(params['kubeconfig'])
all_invalid = {}
failed = False
+ def _is_invalid_namespace(namespace):
+ # check if it uses a reserved name
+ name = namespace['metadata']['name']
+ if not any((name == 'kube',
+ name == 'openshift',
+ name.startswith('kube-'),
+ name.startswith('openshift-'),)):
+ return False
+
+ # determine if the namespace was created by a user
+ if 'annotations' not in namespace['metadata']:
+ return False
+ return 'openshift.io/requester' in namespace['metadata']['annotations']
+
checks = (
(
'hostsubnet',
@@ -1350,10 +1364,15 @@ class OCSDNValidator(OpenShiftCLI):
lambda x: x['metadata']['name'] != x['netname'],
u'netnamespaces where metadata.name != netname',
),
+ (
+ 'namespace',
+ _is_invalid_namespace,
+ u'namespaces that use reserved names and were not created by infrastructure components',
+ ),
)
for resource, invalid_filter, invalid_msg in checks:
- success, rval, invalid = sdnvalidator.get(resource, invalid_filter)
+ success, rval, invalid = objectvalidator.get_invalid(resource, invalid_filter)
if not success:
return {'failed': True, 'msg': 'Failed to GET {}.'.format(resource), 'state': 'list', 'results': rval}
if invalid:
@@ -1361,17 +1380,17 @@ class OCSDNValidator(OpenShiftCLI):
all_invalid[invalid_msg] = invalid
if failed:
- return {'failed': True, 'msg': 'All SDN objects are not valid.', 'state': 'list', 'results': all_invalid}
+ return {'failed': True, 'msg': 'All objects are not valid.', 'state': 'list', 'results': all_invalid}
- return {'msg': 'All SDN objects are valid.'}
+ return {'msg': 'All objects are valid.'}
-# -*- -*- -*- End included fragment: class/oc_sdnvalidator.py -*- -*- -*-
+# -*- -*- -*- End included fragment: class/oc_objectvalidator.py -*- -*- -*-
-# -*- -*- -*- Begin included fragment: ansible/oc_sdnvalidator.py -*- -*- -*-
+# -*- -*- -*- Begin included fragment: ansible/oc_objectvalidator.py -*- -*- -*-
def main():
'''
- ansible oc module for validating OpenShift SDN objects
+ ansible oc module for validating OpenShift objects
'''
module = AnsibleModule(
@@ -1382,7 +1401,7 @@ def main():
)
- rval = OCSDNValidator.run_ansible(module.params)
+ rval = OCObjectValidator.run_ansible(module.params)
if 'failed' in rval:
module.fail_json(**rval)
@@ -1391,4 +1410,4 @@ def main():
if __name__ == '__main__':
main()
-# -*- -*- -*- End included fragment: ansible/oc_sdnvalidator.py -*- -*- -*-
+# -*- -*- -*- End included fragment: ansible/oc_objectvalidator.py -*- -*- -*-
diff --git a/roles/lib_openshift/src/ansible/oc_sdnvalidator.py b/roles/lib_openshift/src/ansible/oc_objectvalidator.py
index e91417d63..658bb5ded 100644
--- a/roles/lib_openshift/src/ansible/oc_sdnvalidator.py
+++ b/roles/lib_openshift/src/ansible/oc_objectvalidator.py
@@ -3,7 +3,7 @@
def main():
'''
- ansible oc module for validating OpenShift SDN objects
+ ansible oc module for validating OpenShift objects
'''
module = AnsibleModule(
@@ -14,7 +14,7 @@ def main():
)
- rval = OCSDNValidator.run_ansible(module.params)
+ rval = OCObjectValidator.run_ansible(module.params)
if 'failed' in rval:
module.fail_json(**rval)
diff --git a/roles/lib_openshift/src/class/oc_objectvalidator.py b/roles/lib_openshift/src/class/oc_objectvalidator.py
new file mode 100644
index 000000000..b76fc995e
--- /dev/null
+++ b/roles/lib_openshift/src/class/oc_objectvalidator.py
@@ -0,0 +1,77 @@
+# pylint: skip-file
+# flake8: noqa
+
+# pylint: disable=too-many-instance-attributes
+class OCObjectValidator(OpenShiftCLI):
+ ''' Class to wrap the oc command line tools '''
+
+ def __init__(self, kubeconfig):
+ ''' Constructor for OCObjectValidator '''
+ # namespace has no meaning for object validation, hardcode to 'default'
+ super(OCObjectValidator, self).__init__('default', kubeconfig)
+
+ def get_invalid(self, kind, invalid_filter):
+ ''' return invalid object information '''
+
+ rval = self._get(kind)
+ if rval['returncode'] != 0:
+ return False, rval, []
+
+ return True, rval, list(filter(invalid_filter, rval['results'][0]['items'])) # wrap filter with list for py3
+
+ # pylint: disable=too-many-return-statements
+ @staticmethod
+ def run_ansible(params):
+ ''' run the idempotent ansible code
+
+ params comes from the ansible portion of this module
+ '''
+
+ objectvalidator = OCObjectValidator(params['kubeconfig'])
+ all_invalid = {}
+ failed = False
+
+ def _is_invalid_namespace(namespace):
+ # check if it uses a reserved name
+ name = namespace['metadata']['name']
+ if not any((name == 'kube',
+ name == 'openshift',
+ name.startswith('kube-'),
+ name.startswith('openshift-'),)):
+ return False
+
+ # determine if the namespace was created by a user
+ if 'annotations' not in namespace['metadata']:
+ return False
+ return 'openshift.io/requester' in namespace['metadata']['annotations']
+
+ checks = (
+ (
+ 'hostsubnet',
+ lambda x: x['metadata']['name'] != x['host'],
+ u'hostsubnets where metadata.name != host',
+ ),
+ (
+ 'netnamespace',
+ lambda x: x['metadata']['name'] != x['netname'],
+ u'netnamespaces where metadata.name != netname',
+ ),
+ (
+ 'namespace',
+ _is_invalid_namespace,
+ u'namespaces that use reserved names and were not created by infrastructure components',
+ ),
+ )
+
+ for resource, invalid_filter, invalid_msg in checks:
+ success, rval, invalid = objectvalidator.get_invalid(resource, invalid_filter)
+ if not success:
+ return {'failed': True, 'msg': 'Failed to GET {}.'.format(resource), 'state': 'list', 'results': rval}
+ if invalid:
+ failed = True
+ all_invalid[invalid_msg] = invalid
+
+ if failed:
+ return {'failed': True, 'msg': 'All objects are not valid.', 'state': 'list', 'results': all_invalid}
+
+ return {'msg': 'All objects are valid.'}
diff --git a/roles/lib_openshift/src/class/oc_sdnvalidator.py b/roles/lib_openshift/src/class/oc_sdnvalidator.py
deleted file mode 100644
index da923337b..000000000
--- a/roles/lib_openshift/src/class/oc_sdnvalidator.py
+++ /dev/null
@@ -1,58 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-# pylint: disable=too-many-instance-attributes
-class OCSDNValidator(OpenShiftCLI):
- ''' Class to wrap the oc command line tools '''
-
- def __init__(self, kubeconfig):
- ''' Constructor for OCSDNValidator '''
- # namespace has no meaning for SDN validation, hardcode to 'default'
- super(OCSDNValidator, self).__init__('default', kubeconfig)
-
- def get(self, kind, invalid_filter):
- ''' return SDN information '''
-
- rval = self._get(kind)
- if rval['returncode'] != 0:
- return False, rval, []
-
- return True, rval, filter(invalid_filter, rval['results'][0]['items'])
-
- # pylint: disable=too-many-return-statements
- @staticmethod
- def run_ansible(params):
- ''' run the idempotent ansible code
-
- params comes from the ansible portion of this module
- '''
-
- sdnvalidator = OCSDNValidator(params['kubeconfig'])
- all_invalid = {}
- failed = False
-
- checks = (
- (
- 'hostsubnet',
- lambda x: x['metadata']['name'] != x['host'],
- u'hostsubnets where metadata.name != host',
- ),
- (
- 'netnamespace',
- lambda x: x['metadata']['name'] != x['netname'],
- u'netnamespaces where metadata.name != netname',
- ),
- )
-
- for resource, invalid_filter, invalid_msg in checks:
- success, rval, invalid = sdnvalidator.get(resource, invalid_filter)
- if not success:
- return {'failed': True, 'msg': 'Failed to GET {}.'.format(resource), 'state': 'list', 'results': rval}
- if invalid:
- failed = True
- all_invalid[invalid_msg] = invalid
-
- if failed:
- return {'failed': True, 'msg': 'All SDN objects are not valid.', 'state': 'list', 'results': all_invalid}
-
- return {'msg': 'All SDN objects are valid.'}
diff --git a/roles/lib_openshift/src/doc/sdnvalidator b/roles/lib_openshift/src/doc/objectvalidator
index 0b1862ed1..98861e261 100644
--- a/roles/lib_openshift/src/doc/sdnvalidator
+++ b/roles/lib_openshift/src/doc/objectvalidator
@@ -3,10 +3,10 @@
DOCUMENTATION = '''
---
-module: oc_sdnvalidator
-short_description: Validate SDN objects
+module: oc_objectvalidator
+short_description: Validate OpenShift objects
description:
- - Validate SDN objects
+ - Validate OpenShift objects
options:
kubeconfig:
description:
@@ -20,8 +20,8 @@ extends_documentation_fragment: []
'''
EXAMPLES = '''
-oc_version:
-- name: get oc sdnvalidator
- sdnvalidator:
- register: oc_sdnvalidator
+oc_objectvalidator:
+- name: run oc_objectvalidator
+ oc_objectvalidator:
+ register: oc_objectvalidator
'''
diff --git a/roles/lib_openshift/src/sources.yml b/roles/lib_openshift/src/sources.yml
index c72fd4ea8..f16b3c8de 100644
--- a/roles/lib_openshift/src/sources.yml
+++ b/roles/lib_openshift/src/sources.yml
@@ -218,12 +218,12 @@ oc_version.py:
- class/oc_version.py
- ansible/oc_version.py
-oc_sdnvalidator.py:
+oc_objectvalidator.py:
- doc/generated
- doc/license
- lib/import.py
-- doc/sdnvalidator
+- doc/objectvalidator
- ../../lib_utils/src/class/yedit.py
- lib/base.py
-- class/oc_sdnvalidator.py
-- ansible/oc_sdnvalidator.py
+- class/oc_objectvalidator.py
+- ansible/oc_objectvalidator.py
diff --git a/roles/lib_openshift/src/test/unit/oc_sdnvalidator.py b/roles/lib_openshift/src/test/unit/oc_sdnvalidator.py
deleted file mode 100755
index 49e2aadb2..000000000
--- a/roles/lib_openshift/src/test/unit/oc_sdnvalidator.py
+++ /dev/null
@@ -1,481 +0,0 @@
-#!/usr/bin/env python2
-'''
- Unit tests for oc sdnvalidator
-'''
-# To run
-# ./oc_sdnvalidator.py
-#
-# ....
-# ----------------------------------------------------------------------
-# Ran 4 tests in 0.002s
-#
-# OK
-
-import os
-import sys
-import unittest
-import mock
-
-# Removing invalid variable names for tests so that I can
-# keep them brief
-# pylint: disable=invalid-name,no-name-in-module
-# Disable import-error b/c our libraries aren't loaded in jenkins
-# pylint: disable=import-error
-# place class in our python path
-module_path = os.path.join('/'.join(os.path.realpath(__file__).split('/')[:-4]), 'library') # noqa: E501
-sys.path.insert(0, module_path)
-from oc_sdnvalidator import OCSDNValidator # noqa: E402
-
-
-class OCSDNValidatorTest(unittest.TestCase):
- '''
- Test class for OCSDNValidator
- '''
-
- @mock.patch('oc_sdnvalidator.Utils.create_tmpfile_copy')
- @mock.patch('oc_sdnvalidator.OCSDNValidator._run')
- def test_no_data(self, mock_cmd, mock_tmpfile_copy):
- ''' Testing when both SDN objects are empty '''
-
- # Arrange
-
- # run_ansible input parameters
- params = {
- 'kubeconfig': '/etc/origin/master/admin.kubeconfig',
- }
-
- empty = '''{
- "apiVersion": "v1",
- "items": [],
- "kind": "List",
- "metadata": {},
- "resourceVersion": "",
- "selfLink": ""
-}'''
-
- # Return values of our mocked function call. These get returned once per call.
- mock_cmd.side_effect = [
- # First call to mock
- (0, empty, ''),
-
- # Second call to mock
- (0, empty, ''),
- ]
-
- mock_tmpfile_copy.side_effect = [
- '/tmp/mocked_kubeconfig',
- ]
-
- # Act
- results = OCSDNValidator.run_ansible(params)
-
- # Assert
- self.assertNotIn('failed', results)
- self.assertEqual(results['msg'], 'All SDN objects are valid.')
-
- # Making sure our mock was called as we expected
- mock_cmd.assert_has_calls([
- mock.call(['oc', '-n', 'default', 'get', 'hostsubnet', '-o', 'json'], None),
- mock.call(['oc', '-n', 'default', 'get', 'netnamespace', '-o', 'json'], None),
- ])
-
- @mock.patch('oc_sdnvalidator.Utils.create_tmpfile_copy')
- @mock.patch('oc_sdnvalidator.OCSDNValidator._run')
- def test_error_code(self, mock_cmd, mock_tmpfile_copy):
- ''' Testing when both we fail to get SDN objects '''
-
- # Arrange
-
- # run_ansible input parameters
- params = {
- 'kubeconfig': '/etc/origin/master/admin.kubeconfig',
- }
-
- # Return values of our mocked function call. These get returned once per call.
- mock_cmd.side_effect = [
- # First call to mock
- (1, '', 'Error.'),
- ]
-
- mock_tmpfile_copy.side_effect = [
- '/tmp/mocked_kubeconfig',
- ]
-
- error_results = {
- 'returncode': 1,
- 'stderr': 'Error.',
- 'stdout': '',
- 'cmd': 'oc -n default get hostsubnet -o json',
- 'results': [{}]
- }
-
- # Act
- results = OCSDNValidator.run_ansible(params)
-
- # Assert
- self.assertTrue(results['failed'])
- self.assertEqual(results['msg'], 'Failed to GET hostsubnet.')
- self.assertEqual(results['state'], 'list')
- self.assertEqual(results['results'], error_results)
-
- # Making sure our mock was called as we expected
- mock_cmd.assert_has_calls([
- mock.call(['oc', '-n', 'default', 'get', 'hostsubnet', '-o', 'json'], None),
- ])
-
- @mock.patch('oc_sdnvalidator.Utils.create_tmpfile_copy')
- @mock.patch('oc_sdnvalidator.OCSDNValidator._run')
- def test_valid_both(self, mock_cmd, mock_tmpfile_copy):
- ''' Testing when both SDN objects are valid '''
-
- # Arrange
-
- # run_ansible input parameters
- params = {
- 'kubeconfig': '/etc/origin/master/admin.kubeconfig',
- }
-
- valid_hostsubnet = '''{
- "apiVersion": "v1",
- "items": [
- {
- "apiVersion": "v1",
- "host": "bar0",
- "hostIP": "1.1.1.1",
- "kind": "HostSubnet",
- "metadata": {
- "creationTimestamp": "2017-02-16T18:47:09Z",
- "name": "bar0",
- "namespace": "",
- "resourceVersion": "986",
- "selfLink": "/oapi/v1/hostsubnetsbar0",
- "uid": "528dbb41-f478-11e6-aae0-507b9dac97ff"
- },
- "subnet": "1.1.0.0/24"
- },
- {
- "apiVersion": "v1",
- "host": "bar1",
- "hostIP": "1.1.1.1",
- "kind": "HostSubnet",
- "metadata": {
- "creationTimestamp": "2017-02-16T18:47:18Z",
- "name": "bar1",
- "namespace": "",
- "resourceVersion": "988",
- "selfLink": "/oapi/v1/hostsubnetsbar1",
- "uid": "57710d84-f478-11e6-aae0-507b9dac97ff"
- },
- "subnet": "1.1.0.0/24"
- },
- {
- "apiVersion": "v1",
- "host": "bar2",
- "hostIP": "1.1.1.1",
- "kind": "HostSubnet",
- "metadata": {
- "creationTimestamp": "2017-02-16T18:47:26Z",
- "name": "bar2",
- "namespace": "",
- "resourceVersion": "991",
- "selfLink": "/oapi/v1/hostsubnetsbar2",
- "uid": "5c59a28c-f478-11e6-aae0-507b9dac97ff"
- },
- "subnet": "1.1.0.0/24"
- }
- ],
- "kind": "List",
- "metadata": {},
- "resourceVersion": "",
- "selfLink": ""
- }'''
-
- valid_netnamespace = '''{
- "apiVersion": "v1",
- "items": [
- {
- "apiVersion": "v1",
- "kind": "NetNamespace",
- "metadata": {
- "creationTimestamp": "2017-02-16T18:45:16Z",
- "name": "foo0",
- "namespace": "",
- "resourceVersion": "959",
- "selfLink": "/oapi/v1/netnamespacesfoo0",
- "uid": "0f1c85b2-f478-11e6-aae0-507b9dac97ff"
- },
- "netid": 100,
- "netname": "foo0"
- },
- {
- "apiVersion": "v1",
- "kind": "NetNamespace",
- "metadata": {
- "creationTimestamp": "2017-02-16T18:45:26Z",
- "name": "foo1",
- "namespace": "",
- "resourceVersion": "962",
- "selfLink": "/oapi/v1/netnamespacesfoo1",
- "uid": "14effa0d-f478-11e6-aae0-507b9dac97ff"
- },
- "netid": 100,
- "netname": "foo1"
- },
- {
- "apiVersion": "v1",
- "kind": "NetNamespace",
- "metadata": {
- "creationTimestamp": "2017-02-16T18:45:36Z",
- "name": "foo2",
- "namespace": "",
- "resourceVersion": "965",
- "selfLink": "/oapi/v1/netnamespacesfoo2",
- "uid": "1aabdf84-f478-11e6-aae0-507b9dac97ff"
- },
- "netid": 100,
- "netname": "foo2"
- }
- ],
- "kind": "List",
- "metadata": {},
- "resourceVersion": "",
- "selfLink": ""
- }'''
-
- # Return values of our mocked function call. These get returned once per call.
- mock_cmd.side_effect = [
- # First call to mock
- (0, valid_hostsubnet, ''),
-
- # Second call to mock
- (0, valid_netnamespace, ''),
- ]
-
- mock_tmpfile_copy.side_effect = [
- '/tmp/mocked_kubeconfig',
- ]
-
- # Act
- results = OCSDNValidator.run_ansible(params)
-
- # Assert
- self.assertNotIn('failed', results)
- self.assertEqual(results['msg'], 'All SDN objects are valid.')
-
- # Making sure our mock was called as we expected
- mock_cmd.assert_has_calls([
- mock.call(['oc', '-n', 'default', 'get', 'hostsubnet', '-o', 'json'], None),
- mock.call(['oc', '-n', 'default', 'get', 'netnamespace', '-o', 'json'], None),
- ])
-
- @mock.patch('oc_sdnvalidator.Utils.create_tmpfile_copy')
- @mock.patch('oc_sdnvalidator.OCSDNValidator._run')
- def test_invalid_both(self, mock_cmd, mock_tmpfile_copy):
- ''' Testing when both SDN objects are invalid '''
-
- # Arrange
-
- # run_ansible input parameters
- params = {
- 'kubeconfig': '/etc/origin/master/admin.kubeconfig',
- }
-
- invalid_hostsubnet = '''{
- "apiVersion": "v1",
- "items": [
- {
- "apiVersion": "v1",
- "host": "bar0",
- "hostIP": "1.1.1.1",
- "kind": "HostSubnet",
- "metadata": {
- "creationTimestamp": "2017-02-16T18:47:09Z",
- "name": "bar0",
- "namespace": "",
- "resourceVersion": "986",
- "selfLink": "/oapi/v1/hostsubnetsbar0",
- "uid": "528dbb41-f478-11e6-aae0-507b9dac97ff"
- },
- "subnet": "1.1.0.0/24"
- },
- {
- "apiVersion": "v1",
- "host": "bar1",
- "hostIP": "1.1.1.1",
- "kind": "HostSubnet",
- "metadata": {
- "creationTimestamp": "2017-02-16T18:47:18Z",
- "name": "bar1",
- "namespace": "",
- "resourceVersion": "988",
- "selfLink": "/oapi/v1/hostsubnetsbar1",
- "uid": "57710d84-f478-11e6-aae0-507b9dac97ff"
- },
- "subnet": "1.1.0.0/24"
- },
- {
- "apiVersion": "v1",
- "host": "bar2",
- "hostIP": "1.1.1.1",
- "kind": "HostSubnet",
- "metadata": {
- "creationTimestamp": "2017-02-16T18:47:26Z",
- "name": "bar2",
- "namespace": "",
- "resourceVersion": "991",
- "selfLink": "/oapi/v1/hostsubnetsbar2",
- "uid": "5c59a28c-f478-11e6-aae0-507b9dac97ff"
- },
- "subnet": "1.1.0.0/24"
- },
- {
- "apiVersion": "v1",
- "host": "baz1",
- "hostIP": "1.1.1.1",
- "kind": "HostSubnet",
- "metadata": {
- "creationTimestamp": "2017-02-16T18:47:49Z",
- "name": "baz0",
- "namespace": "",
- "resourceVersion": "996",
- "selfLink": "/oapi/v1/hostsubnetsbaz0",
- "uid": "69f75f87-f478-11e6-aae0-507b9dac97ff"
- },
- "subnet": "1.1.0.0/24"
- }
- ],
- "kind": "List",
- "metadata": {},
- "resourceVersion": "",
- "selfLink": ""
-}'''
-
- invalid_netnamespace = '''{
- "apiVersion": "v1",
- "items": [
- {
- "apiVersion": "v1",
- "kind": "NetNamespace",
- "metadata": {
- "creationTimestamp": "2017-02-16T18:45:52Z",
- "name": "bar0",
- "namespace": "",
- "resourceVersion": "969",
- "selfLink": "/oapi/v1/netnamespacesbar0",
- "uid": "245d416e-f478-11e6-aae0-507b9dac97ff"
- },
- "netid": 100,
- "netname": "bar1"
- },
- {
- "apiVersion": "v1",
- "kind": "NetNamespace",
- "metadata": {
- "creationTimestamp": "2017-02-16T18:45:16Z",
- "name": "foo0",
- "namespace": "",
- "resourceVersion": "959",
- "selfLink": "/oapi/v1/netnamespacesfoo0",
- "uid": "0f1c85b2-f478-11e6-aae0-507b9dac97ff"
- },
- "netid": 100,
- "netname": "foo0"
- },
- {
- "apiVersion": "v1",
- "kind": "NetNamespace",
- "metadata": {
- "creationTimestamp": "2017-02-16T18:45:26Z",
- "name": "foo1",
- "namespace": "",
- "resourceVersion": "962",
- "selfLink": "/oapi/v1/netnamespacesfoo1",
- "uid": "14effa0d-f478-11e6-aae0-507b9dac97ff"
- },
- "netid": 100,
- "netname": "foo1"
- },
- {
- "apiVersion": "v1",
- "kind": "NetNamespace",
- "metadata": {
- "creationTimestamp": "2017-02-16T18:45:36Z",
- "name": "foo2",
- "namespace": "",
- "resourceVersion": "965",
- "selfLink": "/oapi/v1/netnamespacesfoo2",
- "uid": "1aabdf84-f478-11e6-aae0-507b9dac97ff"
- },
- "netid": 100,
- "netname": "foo2"
- }
- ],
- "kind": "List",
- "metadata": {},
- "resourceVersion": "",
- "selfLink": ""
-}'''
-
- invalid_results = {
- 'hostsubnets where metadata.name != host': [{
- 'apiVersion': 'v1',
- 'host': 'baz1',
- 'hostIP': '1.1.1.1',
- 'kind': 'HostSubnet',
- 'metadata': {
- 'creationTimestamp': '2017-02-16T18:47:49Z',
- 'name': 'baz0',
- 'namespace': '',
- 'resourceVersion': '996',
- 'selfLink': '/oapi/v1/hostsubnetsbaz0',
- 'uid': '69f75f87-f478-11e6-aae0-507b9dac97ff'
- },
- 'subnet': '1.1.0.0/24'
- }],
- 'netnamespaces where metadata.name != netname': [{
- 'apiVersion': 'v1',
- 'kind': 'NetNamespace',
- 'metadata': {
- 'creationTimestamp': '2017-02-16T18:45:52Z',
- 'name': 'bar0',
- 'namespace': '',
- 'resourceVersion': '969',
- 'selfLink': '/oapi/v1/netnamespacesbar0',
- 'uid': '245d416e-f478-11e6-aae0-507b9dac97ff'
- },
- 'netid': 100,
- 'netname': 'bar1'
- }],
- }
-
- # Return values of our mocked function call. These get returned once per call.
- mock_cmd.side_effect = [
- # First call to mock
- (0, invalid_hostsubnet, ''),
-
- # Second call to mock
- (0, invalid_netnamespace, ''),
- ]
-
- mock_tmpfile_copy.side_effect = [
- '/tmp/mocked_kubeconfig',
- ]
-
- # Act
- results = OCSDNValidator.run_ansible(params)
-
- # Assert
- self.assertTrue(results['failed'])
- self.assertEqual(results['msg'], 'All SDN objects are not valid.')
- self.assertEqual(results['state'], 'list')
- self.assertEqual(results['results'], invalid_results)
-
- # Making sure our mock was called as we expected
- mock_cmd.assert_has_calls([
- mock.call(['oc', '-n', 'default', 'get', 'hostsubnet', '-o', 'json'], None),
- mock.call(['oc', '-n', 'default', 'get', 'netnamespace', '-o', 'json'], None),
- ])
-
-
-if __name__ == '__main__':
- unittest.main()
diff --git a/roles/lib_openshift/src/test/unit/test_oc_objectvalidator.py b/roles/lib_openshift/src/test/unit/test_oc_objectvalidator.py
new file mode 100755
index 000000000..8235c71b8
--- /dev/null
+++ b/roles/lib_openshift/src/test/unit/test_oc_objectvalidator.py
@@ -0,0 +1,916 @@
+#!/usr/bin/env python2
+'''
+ Unit tests for oc_objectvalidator
+'''
+# To run
+# ./oc_objectvalidator.py.py
+#
+# ....
+# ----------------------------------------------------------------------
+# Ran 4 tests in 0.002s
+#
+# OK
+
+import os
+import sys
+import unittest
+import mock
+
+# Removing invalid variable names for tests so that I can
+# keep them brief
+# pylint: disable=invalid-name,no-name-in-module
+# Disable import-error b/c our libraries aren't loaded in jenkins
+# pylint: disable=import-error
+# place class in our python path
+module_path = os.path.join('/'.join(os.path.realpath(__file__).split('/')[:-4]), 'library') # noqa: E501
+sys.path.insert(0, module_path)
+from oc_objectvalidator import OCObjectValidator # noqa: E402
+
+
+class OCObjectValidatorTest(unittest.TestCase):
+ '''
+ Test class for OCObjectValidator
+ '''
+
+ maxDiff = None
+
+ @mock.patch('oc_objectvalidator.Utils.create_tmpfile_copy')
+ @mock.patch('oc_objectvalidator.OCObjectValidator._run')
+ def test_no_data(self, mock_cmd, mock_tmpfile_copy):
+ ''' Testing when both all objects are empty '''
+
+ # Arrange
+
+ # run_ansible input parameters
+ params = {
+ 'kubeconfig': '/etc/origin/master/admin.kubeconfig',
+ }
+
+ empty = '''{
+ "apiVersion": "v1",
+ "items": [],
+ "kind": "List",
+ "metadata": {},
+ "resourceVersion": "",
+ "selfLink": ""
+}'''
+
+ # Return values of our mocked function call. These get returned once per call.
+ mock_cmd.side_effect = [
+ # First call to mock
+ (0, empty, ''),
+
+ # Second call to mock
+ (0, empty, ''),
+
+ # Third call to mock
+ (0, empty, ''),
+ ]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
+ # Act
+ results = OCObjectValidator.run_ansible(params)
+
+ # Assert
+ self.assertNotIn('failed', results)
+ self.assertEqual(results['msg'], 'All objects are valid.')
+
+ # Making sure our mock was called as we expected
+ mock_cmd.assert_has_calls([
+ mock.call(['oc', 'get', 'hostsubnet', '-o', 'json', '-n', 'default'], None),
+ mock.call(['oc', 'get', 'netnamespace', '-o', 'json', '-n', 'default'], None),
+ mock.call(['oc', 'get', 'namespace', '-o', 'json', '-n', 'default'], None),
+ ])
+
+ @mock.patch('oc_objectvalidator.Utils.create_tmpfile_copy')
+ @mock.patch('oc_objectvalidator.OCObjectValidator._run')
+ def test_error_code(self, mock_cmd, mock_tmpfile_copy):
+ ''' Testing when we fail to get objects '''
+
+ # Arrange
+
+ # run_ansible input parameters
+ params = {
+ 'kubeconfig': '/etc/origin/master/admin.kubeconfig',
+ }
+
+ # Return values of our mocked function call. These get returned once per call.
+ mock_cmd.side_effect = [
+ # First call to mock
+ (1, '', 'Error.'),
+ ]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
+ error_results = {
+ 'returncode': 1,
+ 'stderr': 'Error.',
+ 'stdout': '',
+ 'cmd': 'oc get hostsubnet -o json -n default',
+ 'results': [{}]
+ }
+
+ # Act
+ results = OCObjectValidator.run_ansible(params)
+
+ # Assert
+ self.assertTrue(results['failed'])
+ self.assertEqual(results['msg'], 'Failed to GET hostsubnet.')
+ self.assertEqual(results['state'], 'list')
+ self.assertEqual(results['results'], error_results)
+
+ # Making sure our mock was called as we expected
+ mock_cmd.assert_has_calls([
+ mock.call(['oc', 'get', 'hostsubnet', '-o', 'json', '-n', 'default'], None),
+ ])
+
+ @mock.patch('oc_objectvalidator.Utils.create_tmpfile_copy')
+ @mock.patch('oc_objectvalidator.OCObjectValidator._run')
+ def test_valid_both(self, mock_cmd, mock_tmpfile_copy):
+ ''' Testing when both all objects are valid '''
+
+ # Arrange
+
+ # run_ansible input parameters
+ params = {
+ 'kubeconfig': '/etc/origin/master/admin.kubeconfig',
+ }
+
+ valid_hostsubnet = '''{
+ "apiVersion": "v1",
+ "items": [
+ {
+ "apiVersion": "v1",
+ "host": "bar0",
+ "hostIP": "1.1.1.1",
+ "kind": "HostSubnet",
+ "metadata": {
+ "creationTimestamp": "2017-02-16T18:47:09Z",
+ "name": "bar0",
+ "namespace": "",
+ "resourceVersion": "986",
+ "selfLink": "/oapi/v1/hostsubnetsbar0",
+ "uid": "528dbb41-f478-11e6-aae0-507b9dac97ff"
+ },
+ "subnet": "1.1.0.0/24"
+ },
+ {
+ "apiVersion": "v1",
+ "host": "bar1",
+ "hostIP": "1.1.1.1",
+ "kind": "HostSubnet",
+ "metadata": {
+ "creationTimestamp": "2017-02-16T18:47:18Z",
+ "name": "bar1",
+ "namespace": "",
+ "resourceVersion": "988",
+ "selfLink": "/oapi/v1/hostsubnetsbar1",
+ "uid": "57710d84-f478-11e6-aae0-507b9dac97ff"
+ },
+ "subnet": "1.1.0.0/24"
+ },
+ {
+ "apiVersion": "v1",
+ "host": "bar2",
+ "hostIP": "1.1.1.1",
+ "kind": "HostSubnet",
+ "metadata": {
+ "creationTimestamp": "2017-02-16T18:47:26Z",
+ "name": "bar2",
+ "namespace": "",
+ "resourceVersion": "991",
+ "selfLink": "/oapi/v1/hostsubnetsbar2",
+ "uid": "5c59a28c-f478-11e6-aae0-507b9dac97ff"
+ },
+ "subnet": "1.1.0.0/24"
+ }
+ ],
+ "kind": "List",
+ "metadata": {},
+ "resourceVersion": "",
+ "selfLink": ""
+ }'''
+
+ valid_netnamespace = '''{
+ "apiVersion": "v1",
+ "items": [
+ {
+ "apiVersion": "v1",
+ "kind": "NetNamespace",
+ "metadata": {
+ "creationTimestamp": "2017-02-16T18:45:16Z",
+ "name": "foo0",
+ "namespace": "",
+ "resourceVersion": "959",
+ "selfLink": "/oapi/v1/netnamespacesfoo0",
+ "uid": "0f1c85b2-f478-11e6-aae0-507b9dac97ff"
+ },
+ "netid": 100,
+ "netname": "foo0"
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "NetNamespace",
+ "metadata": {
+ "creationTimestamp": "2017-02-16T18:45:26Z",
+ "name": "foo1",
+ "namespace": "",
+ "resourceVersion": "962",
+ "selfLink": "/oapi/v1/netnamespacesfoo1",
+ "uid": "14effa0d-f478-11e6-aae0-507b9dac97ff"
+ },
+ "netid": 100,
+ "netname": "foo1"
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "NetNamespace",
+ "metadata": {
+ "creationTimestamp": "2017-02-16T18:45:36Z",
+ "name": "foo2",
+ "namespace": "",
+ "resourceVersion": "965",
+ "selfLink": "/oapi/v1/netnamespacesfoo2",
+ "uid": "1aabdf84-f478-11e6-aae0-507b9dac97ff"
+ },
+ "netid": 100,
+ "netname": "foo2"
+ }
+ ],
+ "kind": "List",
+ "metadata": {},
+ "resourceVersion": "",
+ "selfLink": ""
+ }'''
+
+ valid_namespace = '''{
+ "apiVersion": "v1",
+ "items": [
+ {
+ "apiVersion": "v1",
+ "kind": "Namespace",
+ "metadata": {
+ "annotations": {
+ "openshift.io/sa.scc.mcs": "s0:c1,c0",
+ "openshift.io/sa.scc.supplemental-groups": "1000000000/10000",
+ "openshift.io/sa.scc.uid-range": "1000000000/10000"
+ },
+ "creationTimestamp": "2017-03-02T00:49:49Z",
+ "name": "default",
+ "namespace": "",
+ "resourceVersion": "165",
+ "selfLink": "/api/v1/namespacesdefault",
+ "uid": "23c0c6aa-fee2-11e6-b45a-507b9dac97ff"
+ },
+ "spec": {
+ "finalizers": [
+ "kubernetes",
+ "openshift.io/origin"
+ ]
+ },
+ "status": {
+ "phase": "Active"
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Namespace",
+ "metadata": {
+ "annotations": {
+ "openshift.io/sa.scc.mcs": "s0:c3,c2",
+ "openshift.io/sa.scc.supplemental-groups": "1000010000/10000",
+ "openshift.io/sa.scc.uid-range": "1000010000/10000"
+ },
+ "creationTimestamp": "2017-03-02T00:49:49Z",
+ "name": "kube-system",
+ "namespace": "",
+ "resourceVersion": "533",
+ "selfLink": "/api/v1/namespaceskube-system",
+ "uid": "23c21758-fee2-11e6-b45a-507b9dac97ff"
+ },
+ "spec": {
+ "finalizers": [
+ "kubernetes",
+ "openshift.io/origin"
+ ]
+ },
+ "status": {
+ "phase": "Active"
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Namespace",
+ "metadata": {
+ "annotations": {
+ "openshift.io/description": "",
+ "openshift.io/display-name": "",
+ "openshift.io/requester": "developer",
+ "openshift.io/sa.scc.mcs": "s0:c9,c4",
+ "openshift.io/sa.scc.supplemental-groups": "1000080000/10000",
+ "openshift.io/sa.scc.uid-range": "1000080000/10000"
+ },
+ "creationTimestamp": "2017-03-02T02:17:16Z",
+ "name": "myproject",
+ "namespace": "",
+ "resourceVersion": "2898",
+ "selfLink": "/api/v1/namespacesmyproject",
+ "uid": "5ae3764d-feee-11e6-b45a-507b9dac97ff"
+ },
+ "spec": {
+ "finalizers": [
+ "openshift.io/origin",
+ "kubernetes"
+ ]
+ },
+ "status": {
+ "phase": "Active"
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Namespace",
+ "metadata": {
+ "annotations": {
+ "openshift.io/sa.scc.mcs": "s0:c6,c0",
+ "openshift.io/sa.scc.supplemental-groups": "1000030000/10000",
+ "openshift.io/sa.scc.uid-range": "1000030000/10000"
+ },
+ "creationTimestamp": "2017-03-02T00:49:51Z",
+ "name": "openshift",
+ "namespace": "",
+ "resourceVersion": "171",
+ "selfLink": "/api/v1/namespacesopenshift",
+ "uid": "24f7b34d-fee2-11e6-b45a-507b9dac97ff"
+ },
+ "spec": {
+ "finalizers": [
+ "kubernetes",
+ "openshift.io/origin"
+ ]
+ },
+ "status": {
+ "phase": "Active"
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Namespace",
+ "metadata": {
+ "annotations": {
+ "openshift.io/sa.scc.mcs": "s0:c5,c0",
+ "openshift.io/sa.scc.supplemental-groups": "1000020000/10000",
+ "openshift.io/sa.scc.uid-range": "1000020000/10000"
+ },
+ "creationTimestamp": "2017-03-02T00:49:51Z",
+ "name": "openshift-infra",
+ "namespace": "",
+ "resourceVersion": "169",
+ "selfLink": "/api/v1/namespacesopenshift-infra",
+ "uid": "24a2ed75-fee2-11e6-b45a-507b9dac97ff"
+ },
+ "spec": {
+ "finalizers": [
+ "kubernetes",
+ "openshift.io/origin"
+ ]
+ },
+ "status": {
+ "phase": "Active"
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Namespace",
+ "metadata": {
+ "annotations": {
+ "openshift.io/description": "",
+ "openshift.io/display-name": "",
+ "openshift.io/requester": "developer1",
+ "openshift.io/sa.scc.mcs": "s0:c10,c0",
+ "openshift.io/sa.scc.supplemental-groups": "1000090000/10000",
+ "openshift.io/sa.scc.uid-range": "1000090000/10000"
+ },
+ "creationTimestamp": "2017-03-02T02:17:56Z",
+ "name": "yourproject",
+ "namespace": "",
+ "resourceVersion": "2955",
+ "selfLink": "/api/v1/namespacesyourproject",
+ "uid": "72df7fb9-feee-11e6-b45a-507b9dac97ff"
+ },
+ "spec": {
+ "finalizers": [
+ "openshift.io/origin",
+ "kubernetes"
+ ]
+ },
+ "status": {
+ "phase": "Active"
+ }
+ }
+ ],
+ "kind": "List",
+ "metadata": {},
+ "resourceVersion": "",
+ "selfLink": ""
+}'''
+
+ # Return values of our mocked function call. These get returned once per call.
+ mock_cmd.side_effect = [
+ # First call to mock
+ (0, valid_hostsubnet, ''),
+
+ # Second call to mock
+ (0, valid_netnamespace, ''),
+
+ # Third call to mock
+ (0, valid_namespace, ''),
+ ]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
+ # Act
+ results = OCObjectValidator.run_ansible(params)
+
+ # Assert
+ self.assertNotIn('failed', results)
+ self.assertEqual(results['msg'], 'All objects are valid.')
+
+ # Making sure our mock was called as we expected
+ mock_cmd.assert_has_calls([
+ mock.call(['oc', 'get', 'hostsubnet', '-o', 'json', '-n', 'default'], None),
+ mock.call(['oc', 'get', 'netnamespace', '-o', 'json', '-n', 'default'], None),
+ mock.call(['oc', 'get', 'namespace', '-o', 'json', '-n', 'default'], None),
+ ])
+
+ @mock.patch('oc_objectvalidator.Utils.create_tmpfile_copy')
+ @mock.patch('oc_objectvalidator.OCObjectValidator._run')
+ def test_invalid_both(self, mock_cmd, mock_tmpfile_copy):
+ ''' Testing when all objects are invalid '''
+
+ # Arrange
+
+ # run_ansible input parameters
+ params = {
+ 'kubeconfig': '/etc/origin/master/admin.kubeconfig',
+ }
+
+ invalid_hostsubnet = '''{
+ "apiVersion": "v1",
+ "items": [
+ {
+ "apiVersion": "v1",
+ "host": "bar0",
+ "hostIP": "1.1.1.1",
+ "kind": "HostSubnet",
+ "metadata": {
+ "creationTimestamp": "2017-02-16T18:47:09Z",
+ "name": "bar0",
+ "namespace": "",
+ "resourceVersion": "986",
+ "selfLink": "/oapi/v1/hostsubnetsbar0",
+ "uid": "528dbb41-f478-11e6-aae0-507b9dac97ff"
+ },
+ "subnet": "1.1.0.0/24"
+ },
+ {
+ "apiVersion": "v1",
+ "host": "bar1",
+ "hostIP": "1.1.1.1",
+ "kind": "HostSubnet",
+ "metadata": {
+ "creationTimestamp": "2017-02-16T18:47:18Z",
+ "name": "bar1",
+ "namespace": "",
+ "resourceVersion": "988",
+ "selfLink": "/oapi/v1/hostsubnetsbar1",
+ "uid": "57710d84-f478-11e6-aae0-507b9dac97ff"
+ },
+ "subnet": "1.1.0.0/24"
+ },
+ {
+ "apiVersion": "v1",
+ "host": "bar2",
+ "hostIP": "1.1.1.1",
+ "kind": "HostSubnet",
+ "metadata": {
+ "creationTimestamp": "2017-02-16T18:47:26Z",
+ "name": "bar2",
+ "namespace": "",
+ "resourceVersion": "991",
+ "selfLink": "/oapi/v1/hostsubnetsbar2",
+ "uid": "5c59a28c-f478-11e6-aae0-507b9dac97ff"
+ },
+ "subnet": "1.1.0.0/24"
+ },
+ {
+ "apiVersion": "v1",
+ "host": "baz1",
+ "hostIP": "1.1.1.1",
+ "kind": "HostSubnet",
+ "metadata": {
+ "creationTimestamp": "2017-02-16T18:47:49Z",
+ "name": "baz0",
+ "namespace": "",
+ "resourceVersion": "996",
+ "selfLink": "/oapi/v1/hostsubnetsbaz0",
+ "uid": "69f75f87-f478-11e6-aae0-507b9dac97ff"
+ },
+ "subnet": "1.1.0.0/24"
+ }
+ ],
+ "kind": "List",
+ "metadata": {},
+ "resourceVersion": "",
+ "selfLink": ""
+}'''
+
+ invalid_netnamespace = '''{
+ "apiVersion": "v1",
+ "items": [
+ {
+ "apiVersion": "v1",
+ "kind": "NetNamespace",
+ "metadata": {
+ "creationTimestamp": "2017-02-16T18:45:52Z",
+ "name": "bar0",
+ "namespace": "",
+ "resourceVersion": "969",
+ "selfLink": "/oapi/v1/netnamespacesbar0",
+ "uid": "245d416e-f478-11e6-aae0-507b9dac97ff"
+ },
+ "netid": 100,
+ "netname": "bar1"
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "NetNamespace",
+ "metadata": {
+ "creationTimestamp": "2017-02-16T18:45:16Z",
+ "name": "foo0",
+ "namespace": "",
+ "resourceVersion": "959",
+ "selfLink": "/oapi/v1/netnamespacesfoo0",
+ "uid": "0f1c85b2-f478-11e6-aae0-507b9dac97ff"
+ },
+ "netid": 100,
+ "netname": "foo0"
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "NetNamespace",
+ "metadata": {
+ "creationTimestamp": "2017-02-16T18:45:26Z",
+ "name": "foo1",
+ "namespace": "",
+ "resourceVersion": "962",
+ "selfLink": "/oapi/v1/netnamespacesfoo1",
+ "uid": "14effa0d-f478-11e6-aae0-507b9dac97ff"
+ },
+ "netid": 100,
+ "netname": "foo1"
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "NetNamespace",
+ "metadata": {
+ "creationTimestamp": "2017-02-16T18:45:36Z",
+ "name": "foo2",
+ "namespace": "",
+ "resourceVersion": "965",
+ "selfLink": "/oapi/v1/netnamespacesfoo2",
+ "uid": "1aabdf84-f478-11e6-aae0-507b9dac97ff"
+ },
+ "netid": 100,
+ "netname": "foo2"
+ }
+ ],
+ "kind": "List",
+ "metadata": {},
+ "resourceVersion": "",
+ "selfLink": ""
+}'''
+
+ invalid_namespace = '''{
+ "apiVersion": "v1",
+ "items": [
+ {
+ "apiVersion": "v1",
+ "kind": "Namespace",
+ "metadata": {
+ "annotations": {
+ "openshift.io/sa.scc.mcs": "s0:c1,c0",
+ "openshift.io/sa.scc.supplemental-groups": "1000000000/10000",
+ "openshift.io/sa.scc.uid-range": "1000000000/10000"
+ },
+ "creationTimestamp": "2017-03-02T00:49:49Z",
+ "name": "default",
+ "namespace": "",
+ "resourceVersion": "165",
+ "selfLink": "/api/v1/namespacesdefault",
+ "uid": "23c0c6aa-fee2-11e6-b45a-507b9dac97ff"
+ },
+ "spec": {
+ "finalizers": [
+ "kubernetes",
+ "openshift.io/origin"
+ ]
+ },
+ "status": {
+ "phase": "Active"
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Namespace",
+ "metadata": {
+ "annotations": {
+ "openshift.io/requester": "",
+ "openshift.io/sa.scc.mcs": "s0:c3,c2",
+ "openshift.io/sa.scc.supplemental-groups": "1000010000/10000",
+ "openshift.io/sa.scc.uid-range": "1000010000/10000"
+ },
+ "creationTimestamp": "2017-03-02T00:49:49Z",
+ "name": "kube-system",
+ "namespace": "",
+ "resourceVersion": "3052",
+ "selfLink": "/api/v1/namespaceskube-system",
+ "uid": "23c21758-fee2-11e6-b45a-507b9dac97ff"
+ },
+ "spec": {
+ "finalizers": [
+ "kubernetes",
+ "openshift.io/origin"
+ ]
+ },
+ "status": {
+ "phase": "Active"
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Namespace",
+ "metadata": {
+ "annotations": {
+ "openshift.io/description": "",
+ "openshift.io/display-name": "",
+ "openshift.io/requester": "developer",
+ "openshift.io/sa.scc.mcs": "s0:c9,c4",
+ "openshift.io/sa.scc.supplemental-groups": "1000080000/10000",
+ "openshift.io/sa.scc.uid-range": "1000080000/10000"
+ },
+ "creationTimestamp": "2017-03-02T02:17:16Z",
+ "name": "myproject",
+ "namespace": "",
+ "resourceVersion": "2898",
+ "selfLink": "/api/v1/namespacesmyproject",
+ "uid": "5ae3764d-feee-11e6-b45a-507b9dac97ff"
+ },
+ "spec": {
+ "finalizers": [
+ "openshift.io/origin",
+ "kubernetes"
+ ]
+ },
+ "status": {
+ "phase": "Active"
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Namespace",
+ "metadata": {
+ "annotations": {
+ "openshift.io/requester": "",
+ "openshift.io/sa.scc.mcs": "s0:c6,c0",
+ "openshift.io/sa.scc.supplemental-groups": "1000030000/10000",
+ "openshift.io/sa.scc.uid-range": "1000030000/10000"
+ },
+ "creationTimestamp": "2017-03-02T00:49:51Z",
+ "name": "openshift",
+ "namespace": "",
+ "resourceVersion": "3057",
+ "selfLink": "/api/v1/namespacesopenshift",
+ "uid": "24f7b34d-fee2-11e6-b45a-507b9dac97ff"
+ },
+ "spec": {
+ "finalizers": [
+ "kubernetes",
+ "openshift.io/origin"
+ ]
+ },
+ "status": {
+ "phase": "Active"
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Namespace",
+ "metadata": {
+ "annotations": {
+ "openshift.io/description": "",
+ "openshift.io/display-name": "",
+ "openshift.io/requester": "system:admin",
+ "openshift.io/sa.scc.mcs": "s0:c10,c5",
+ "openshift.io/sa.scc.supplemental-groups": "1000100000/10000",
+ "openshift.io/sa.scc.uid-range": "1000100000/10000"
+ },
+ "creationTimestamp": "2017-03-02T02:21:15Z",
+ "name": "openshift-fancy",
+ "namespace": "",
+ "resourceVersion": "3072",
+ "selfLink": "/api/v1/namespacesopenshift-fancy",
+ "uid": "e958063c-feee-11e6-b45a-507b9dac97ff"
+ },
+ "spec": {
+ "finalizers": [
+ "openshift.io/origin",
+ "kubernetes"
+ ]
+ },
+ "status": {
+ "phase": "Active"
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Namespace",
+ "metadata": {
+ "annotations": {
+ "openshift.io/sa.scc.mcs": "s0:c5,c0",
+ "openshift.io/sa.scc.supplemental-groups": "1000020000/10000",
+ "openshift.io/sa.scc.uid-range": "1000020000/10000"
+ },
+ "creationTimestamp": "2017-03-02T00:49:51Z",
+ "name": "openshift-infra",
+ "namespace": "",
+ "resourceVersion": "169",
+ "selfLink": "/api/v1/namespacesopenshift-infra",
+ "uid": "24a2ed75-fee2-11e6-b45a-507b9dac97ff"
+ },
+ "spec": {
+ "finalizers": [
+ "kubernetes",
+ "openshift.io/origin"
+ ]
+ },
+ "status": {
+ "phase": "Active"
+ }
+ },
+ {
+ "apiVersion": "v1",
+ "kind": "Namespace",
+ "metadata": {
+ "annotations": {
+ "openshift.io/description": "",
+ "openshift.io/display-name": "",
+ "openshift.io/requester": "developer1",
+ "openshift.io/sa.scc.mcs": "s0:c10,c0",
+ "openshift.io/sa.scc.supplemental-groups": "1000090000/10000",
+ "openshift.io/sa.scc.uid-range": "1000090000/10000"
+ },
+ "creationTimestamp": "2017-03-02T02:17:56Z",
+ "name": "yourproject",
+ "namespace": "",
+ "resourceVersion": "2955",
+ "selfLink": "/api/v1/namespacesyourproject",
+ "uid": "72df7fb9-feee-11e6-b45a-507b9dac97ff"
+ },
+ "spec": {
+ "finalizers": [
+ "openshift.io/origin",
+ "kubernetes"
+ ]
+ },
+ "status": {
+ "phase": "Active"
+ }
+ }
+ ],
+ "kind": "List",
+ "metadata": {},
+ "resourceVersion": "",
+ "selfLink": ""
+}'''
+
+ invalid_results = {
+ 'hostsubnets where metadata.name != host': [{
+ 'apiVersion': 'v1',
+ 'host': 'baz1',
+ 'hostIP': '1.1.1.1',
+ 'kind': 'HostSubnet',
+ 'metadata': {
+ 'creationTimestamp': '2017-02-16T18:47:49Z',
+ 'name': 'baz0',
+ 'namespace': '',
+ 'resourceVersion': '996',
+ 'selfLink': '/oapi/v1/hostsubnetsbaz0',
+ 'uid': '69f75f87-f478-11e6-aae0-507b9dac97ff'
+ },
+ 'subnet': '1.1.0.0/24'
+ }],
+ 'netnamespaces where metadata.name != netname': [{
+ 'apiVersion': 'v1',
+ 'kind': 'NetNamespace',
+ 'metadata': {
+ 'creationTimestamp': '2017-02-16T18:45:52Z',
+ 'name': 'bar0',
+ 'namespace': '',
+ 'resourceVersion': '969',
+ 'selfLink': '/oapi/v1/netnamespacesbar0',
+ 'uid': '245d416e-f478-11e6-aae0-507b9dac97ff'
+ },
+ 'netid': 100,
+ 'netname': 'bar1'
+ }],
+ 'namespaces that use reserved names and were not created by infrastructure components': [{
+ 'apiVersion': 'v1',
+ 'kind': 'Namespace',
+ 'metadata': {'annotations': {'openshift.io/requester': '',
+ 'openshift.io/sa.scc.mcs': 's0:c3,c2',
+ 'openshift.io/sa.scc.supplemental-groups': '1000010000/10000',
+ 'openshift.io/sa.scc.uid-range': '1000010000/10000'},
+ 'creationTimestamp': '2017-03-02T00:49:49Z',
+ 'name': 'kube-system',
+ 'namespace': '',
+ 'resourceVersion': '3052',
+ 'selfLink': '/api/v1/namespaceskube-system',
+ 'uid': '23c21758-fee2-11e6-b45a-507b9dac97ff'},
+ 'spec': {'finalizers': ['kubernetes', 'openshift.io/origin']},
+ 'status': {'phase': 'Active'}},
+ {'apiVersion': 'v1',
+ 'kind': 'Namespace',
+ 'metadata': {'annotations': {'openshift.io/requester': '',
+ 'openshift.io/sa.scc.mcs': 's0:c6,c0',
+ 'openshift.io/sa.scc.supplemental-groups': '1000030000/10000',
+ 'openshift.io/sa.scc.uid-range': '1000030000/10000'},
+ 'creationTimestamp': '2017-03-02T00:49:51Z',
+ 'name': 'openshift',
+ 'namespace': '',
+ 'resourceVersion': '3057',
+ 'selfLink': '/api/v1/namespacesopenshift',
+ 'uid': '24f7b34d-fee2-11e6-b45a-507b9dac97ff'},
+ 'spec': {'finalizers': ['kubernetes', 'openshift.io/origin']},
+ 'status': {'phase': 'Active'}},
+ {'apiVersion': 'v1',
+ 'kind': 'Namespace',
+ 'metadata': {'annotations': {'openshift.io/description': '',
+ 'openshift.io/display-name': '',
+ 'openshift.io/requester': 'system:admin',
+ 'openshift.io/sa.scc.mcs': 's0:c10,c5',
+ 'openshift.io/sa.scc.supplemental-groups': '1000100000/10000',
+ 'openshift.io/sa.scc.uid-range': '1000100000/10000'},
+ 'creationTimestamp': '2017-03-02T02:21:15Z',
+ 'name': 'openshift-fancy',
+ 'namespace': '',
+ 'resourceVersion': '3072',
+ 'selfLink': '/api/v1/namespacesopenshift-fancy',
+ 'uid': 'e958063c-feee-11e6-b45a-507b9dac97ff'},
+ 'spec': {'finalizers': ['openshift.io/origin', 'kubernetes']},
+ 'status': {'phase': 'Active'}
+ }],
+ }
+
+ # Return values of our mocked function call. These get returned once per call.
+ mock_cmd.side_effect = [
+ # First call to mock
+ (0, invalid_hostsubnet, ''),
+
+ # Second call to mock
+ (0, invalid_netnamespace, ''),
+
+ # Third call to mock
+ (0, invalid_namespace, ''),
+ ]
+
+ mock_tmpfile_copy.side_effect = [
+ '/tmp/mocked_kubeconfig',
+ ]
+
+ # Act
+ results = OCObjectValidator.run_ansible(params)
+
+ # Assert
+ self.assertTrue(results['failed'])
+ self.assertEqual(results['msg'], 'All objects are not valid.')
+ self.assertEqual(results['state'], 'list')
+ self.assertEqual(results['results'], invalid_results)
+
+ # Making sure our mock was called as we expected
+ mock_cmd.assert_has_calls([
+ mock.call(['oc', 'get', 'hostsubnet', '-o', 'json', '-n', 'default'], None),
+ mock.call(['oc', 'get', 'netnamespace', '-o', 'json', '-n', 'default'], None),
+ mock.call(['oc', 'get', 'namespace', '-o', 'json', '-n', 'default'], None),
+ ])
+
+
+if __name__ == '__main__':
+ unittest.main()