diff options
-rw-r--r-- | roles/lib_openshift/library/oc_route.py | 112 | ||||
-rw-r--r-- | roles/lib_openshift/src/ansible/oc_route.py | 39 | ||||
-rw-r--r-- | roles/lib_openshift/src/class/oc_route.py | 43 | ||||
-rw-r--r-- | roles/lib_openshift/src/doc/route | 6 | ||||
-rw-r--r-- | roles/lib_openshift/src/lib/route.py | 24 | ||||
-rwxr-xr-x | roles/lib_openshift/src/test/integration/oc_route.yml | 38 | ||||
-rwxr-xr-x | roles/lib_openshift/src/test/unit/oc_route.py | 261 |
7 files changed, 435 insertions, 88 deletions
diff --git a/roles/lib_openshift/library/oc_route.py b/roles/lib_openshift/library/oc_route.py index 6ee34bafb..ab42820b9 100644 --- a/roles/lib_openshift/library/oc_route.py +++ b/roles/lib_openshift/library/oc_route.py @@ -145,6 +145,12 @@ options: required: false default: None aliases: [] + port: + description: + - The Name of the service port or number of the container port the route will route traffic to + required: false + default: None + aliases: [] author: - "Kenny Woodson <kwoodson@redhat.com>" extends_documentation_fragment: [] @@ -1313,7 +1319,8 @@ class RouteConfig(object): tls_termination=None, service_name=None, wildcard_policy=None, - weight=None): + weight=None, + port=None): ''' constructor for handling route options ''' self.kubeconfig = kubeconfig self.name = sname @@ -1325,6 +1332,7 @@ class RouteConfig(object): self.cert = cert self.key = key self.service_name = service_name + self.port = port self.data = {} self.wildcard_policy = wildcard_policy if wildcard_policy is None: @@ -1349,12 +1357,15 @@ class RouteConfig(object): if self.tls_termination: self.data['spec']['tls'] = {} + self.data['spec']['tls']['termination'] = self.tls_termination + + if self.tls_termination != 'passthrough': + self.data['spec']['tls']['key'] = self.key + self.data['spec']['tls']['caCertificate'] = self.cacert + self.data['spec']['tls']['certificate'] = self.cert + if self.tls_termination == 'reencrypt': self.data['spec']['tls']['destinationCACertificate'] = self.destcacert - self.data['spec']['tls']['key'] = self.key - self.data['spec']['tls']['caCertificate'] = self.cacert - self.data['spec']['tls']['certificate'] = self.cert - self.data['spec']['tls']['termination'] = self.tls_termination self.data['spec']['to'] = {'kind': 'Service', 'name': self.service_name, @@ -1362,11 +1373,16 @@ class RouteConfig(object): self.data['spec']['wildcardPolicy'] = self.wildcard_policy + if self.port: + self.data['spec']['port'] = {} + self.data['spec']['port']['targetPort'] = self.port + # pylint: disable=too-many-instance-attributes,too-many-public-methods class Route(Yedit): ''' Class to wrap the oc command line tools ''' wildcard_policy = "spec.wildcardPolicy" host_path = "spec.host" + port_path = "spec.port.targetPort" service_path = "spec.to.name" weight_path = "spec.to.weight" cert_path = "spec.tls.certificate" @@ -1412,6 +1428,10 @@ class Route(Yedit): ''' return host ''' return self.get(Route.host_path) + def get_port(self): + ''' return port ''' + return self.get(Route.port_path) + def get_wildcard_policy(self): ''' return wildcardPolicy ''' return self.get(Route.wildcard_policy) @@ -1483,9 +1503,23 @@ class OCRoute(OpenShiftCLI): skip = [] return not Utils.check_def_equal(self.config.data, self.route.yaml_dict, skip_keys=skip, debug=True) + @staticmethod + def get_cert_data(path, content): + '''get the data for a particular value''' + if not path and not content: + return None + + rval = None + if path and os.path.exists(path) and os.access(path, os.R_OK): + rval = open(path).read() + elif content: + rval = content + + return rval + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(params, files, check_mode=False): + def run_ansible(params, check_mode=False): ''' run the idempotent asnible code params comes from the ansible portion for this module @@ -1497,6 +1531,30 @@ class OCRoute(OpenShiftCLI): } check_mode: does the module support check mode. (module.check_mode) ''' + files = {'destcacert': {'path': params['dest_cacert_path'], + 'content': params['dest_cacert_content'], + 'value': None, }, + 'cacert': {'path': params['cacert_path'], + 'content': params['cacert_content'], + 'value': None, }, + 'cert': {'path': params['cert_path'], + 'content': params['cert_content'], + 'value': None, }, + 'key': {'path': params['key_path'], + 'content': params['key_content'], + 'value': None, }, } + + if params['tls_termination'] and params['tls_termination'].lower() != 'passthrough': # E501 + + for key, option in files.items(): + if key == 'destcacert' and params['tls_termination'] != 'reencrypt': + continue + + option['value'] = OCRoute.get_cert_data(option['path'], option['content']) # E501 + + if not option['value']: + return {'failed': True, + 'msg': 'Verify that you pass a value for %s' % key} rconfig = RouteConfig(params['name'], params['namespace'], @@ -1509,7 +1567,8 @@ class OCRoute(OpenShiftCLI): params['tls_termination'], params['service_name'], params['wildcard_policy'], - params['weight']) + params['weight'], + params['port']) oc_route = OCRoute(rconfig, verbose=params['debug']) @@ -1593,20 +1652,6 @@ class OCRoute(OpenShiftCLI): # -*- -*- -*- Begin included fragment: ansible/oc_route.py -*- -*- -*- -def get_cert_data(path, content): - '''get the data for a particular value''' - if not path and not content: - return None - - rval = None - if path and os.path.exists(path) and os.access(path, os.R_OK): - rval = open(path).read() - elif content: - rval = content - - return rval - - # pylint: disable=too-many-branches def main(): ''' @@ -1633,6 +1678,7 @@ def main(): host=dict(default=None, type='str'), wildcard_policy=dict(default=None, type='str'), weight=dict(default=None, type='int'), + port=dict(default=None, type='int'), ), mutually_exclusive=[('dest_cacert_path', 'dest_cacert_content'), ('cacert_path', 'cacert_content'), @@ -1640,30 +1686,8 @@ def main(): ('key_path', 'key_content'), ], supports_check_mode=True, ) - files = {'destcacert': {'path': module.params['dest_cacert_path'], - 'content': module.params['dest_cacert_content'], - 'value': None, }, - 'cacert': {'path': module.params['cacert_path'], - 'content': module.params['cacert_content'], - 'value': None, }, - 'cert': {'path': module.params['cert_path'], - 'content': module.params['cert_content'], - 'value': None, }, - 'key': {'path': module.params['key_path'], - 'content': module.params['key_content'], - 'value': None, }, } - - if module.params['tls_termination']: - for key, option in files.items(): - if key == 'destcacert' and module.params['tls_termination'] != 'reencrypt': - continue - - option['value'] = get_cert_data(option['path'], option['content']) - - if not option['value']: - module.fail_json(msg='Verify that you pass a value for %s' % key) - results = OCRoute.run_ansible(module.params, files, module.check_mode) + results = OCRoute.run_ansible(module.params, module.check_mode) if 'failed' in results: module.fail_json(**results) diff --git a/roles/lib_openshift/src/ansible/oc_route.py b/roles/lib_openshift/src/ansible/oc_route.py index c87e6738f..f2f5c5095 100644 --- a/roles/lib_openshift/src/ansible/oc_route.py +++ b/roles/lib_openshift/src/ansible/oc_route.py @@ -2,20 +2,6 @@ # flake8: noqa -def get_cert_data(path, content): - '''get the data for a particular value''' - if not path and not content: - return None - - rval = None - if path and os.path.exists(path) and os.access(path, os.R_OK): - rval = open(path).read() - elif content: - rval = content - - return rval - - # pylint: disable=too-many-branches def main(): ''' @@ -42,6 +28,7 @@ def main(): host=dict(default=None, type='str'), wildcard_policy=dict(default=None, type='str'), weight=dict(default=None, type='int'), + port=dict(default=None, type='int'), ), mutually_exclusive=[('dest_cacert_path', 'dest_cacert_content'), ('cacert_path', 'cacert_content'), @@ -49,30 +36,8 @@ def main(): ('key_path', 'key_content'), ], supports_check_mode=True, ) - files = {'destcacert': {'path': module.params['dest_cacert_path'], - 'content': module.params['dest_cacert_content'], - 'value': None, }, - 'cacert': {'path': module.params['cacert_path'], - 'content': module.params['cacert_content'], - 'value': None, }, - 'cert': {'path': module.params['cert_path'], - 'content': module.params['cert_content'], - 'value': None, }, - 'key': {'path': module.params['key_path'], - 'content': module.params['key_content'], - 'value': None, }, } - - if module.params['tls_termination']: - for key, option in files.items(): - if key == 'destcacert' and module.params['tls_termination'] != 'reencrypt': - continue - - option['value'] = get_cert_data(option['path'], option['content']) - - if not option['value']: - module.fail_json(msg='Verify that you pass a value for %s' % key) - results = OCRoute.run_ansible(module.params, files, module.check_mode) + results = OCRoute.run_ansible(module.params, module.check_mode) if 'failed' in results: module.fail_json(**results) diff --git a/roles/lib_openshift/src/class/oc_route.py b/roles/lib_openshift/src/class/oc_route.py index 42af2c01c..42388ad0b 100644 --- a/roles/lib_openshift/src/class/oc_route.py +++ b/roles/lib_openshift/src/class/oc_route.py @@ -64,9 +64,23 @@ class OCRoute(OpenShiftCLI): skip = [] return not Utils.check_def_equal(self.config.data, self.route.yaml_dict, skip_keys=skip, debug=True) + @staticmethod + def get_cert_data(path, content): + '''get the data for a particular value''' + if not path and not content: + return None + + rval = None + if path and os.path.exists(path) and os.access(path, os.R_OK): + rval = open(path).read() + elif content: + rval = content + + return rval + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(params, files, check_mode=False): + def run_ansible(params, check_mode=False): ''' run the idempotent asnible code params comes from the ansible portion for this module @@ -78,6 +92,30 @@ class OCRoute(OpenShiftCLI): } check_mode: does the module support check mode. (module.check_mode) ''' + files = {'destcacert': {'path': params['dest_cacert_path'], + 'content': params['dest_cacert_content'], + 'value': None, }, + 'cacert': {'path': params['cacert_path'], + 'content': params['cacert_content'], + 'value': None, }, + 'cert': {'path': params['cert_path'], + 'content': params['cert_content'], + 'value': None, }, + 'key': {'path': params['key_path'], + 'content': params['key_content'], + 'value': None, }, } + + if params['tls_termination'] and params['tls_termination'].lower() != 'passthrough': # E501 + + for key, option in files.items(): + if key == 'destcacert' and params['tls_termination'] != 'reencrypt': + continue + + option['value'] = OCRoute.get_cert_data(option['path'], option['content']) # E501 + + if not option['value']: + return {'failed': True, + 'msg': 'Verify that you pass a value for %s' % key} rconfig = RouteConfig(params['name'], params['namespace'], @@ -90,7 +128,8 @@ class OCRoute(OpenShiftCLI): params['tls_termination'], params['service_name'], params['wildcard_policy'], - params['weight']) + params['weight'], + params['port']) oc_route = OCRoute(rconfig, verbose=params['debug']) diff --git a/roles/lib_openshift/src/doc/route b/roles/lib_openshift/src/doc/route index 1797d4d33..a12999c9e 100644 --- a/roles/lib_openshift/src/doc/route +++ b/roles/lib_openshift/src/doc/route @@ -99,6 +99,12 @@ options: required: false default: None aliases: [] + port: + description: + - The Name of the service port or number of the container port the route will route traffic to + required: false + default: None + aliases: [] author: - "Kenny Woodson <kwoodson@redhat.com>" extends_documentation_fragment: [] diff --git a/roles/lib_openshift/src/lib/route.py b/roles/lib_openshift/src/lib/route.py index 3130e7358..3b54a24fb 100644 --- a/roles/lib_openshift/src/lib/route.py +++ b/roles/lib_openshift/src/lib/route.py @@ -19,7 +19,8 @@ class RouteConfig(object): tls_termination=None, service_name=None, wildcard_policy=None, - weight=None): + weight=None, + port=None): ''' constructor for handling route options ''' self.kubeconfig = kubeconfig self.name = sname @@ -31,6 +32,7 @@ class RouteConfig(object): self.cert = cert self.key = key self.service_name = service_name + self.port = port self.data = {} self.wildcard_policy = wildcard_policy if wildcard_policy is None: @@ -55,12 +57,15 @@ class RouteConfig(object): if self.tls_termination: self.data['spec']['tls'] = {} + self.data['spec']['tls']['termination'] = self.tls_termination + + if self.tls_termination != 'passthrough': + self.data['spec']['tls']['key'] = self.key + self.data['spec']['tls']['caCertificate'] = self.cacert + self.data['spec']['tls']['certificate'] = self.cert + if self.tls_termination == 'reencrypt': self.data['spec']['tls']['destinationCACertificate'] = self.destcacert - self.data['spec']['tls']['key'] = self.key - self.data['spec']['tls']['caCertificate'] = self.cacert - self.data['spec']['tls']['certificate'] = self.cert - self.data['spec']['tls']['termination'] = self.tls_termination self.data['spec']['to'] = {'kind': 'Service', 'name': self.service_name, @@ -68,11 +73,16 @@ class RouteConfig(object): self.data['spec']['wildcardPolicy'] = self.wildcard_policy + if self.port: + self.data['spec']['port'] = {} + self.data['spec']['port']['targetPort'] = self.port + # pylint: disable=too-many-instance-attributes,too-many-public-methods class Route(Yedit): ''' Class to wrap the oc command line tools ''' wildcard_policy = "spec.wildcardPolicy" host_path = "spec.host" + port_path = "spec.port.targetPort" service_path = "spec.to.name" weight_path = "spec.to.weight" cert_path = "spec.tls.certificate" @@ -118,6 +128,10 @@ class Route(Yedit): ''' return host ''' return self.get(Route.host_path) + def get_port(self): + ''' return port ''' + return self.get(Route.port_path) + def get_wildcard_policy(self): ''' return wildcardPolicy ''' return self.get(Route.wildcard_policy) diff --git a/roles/lib_openshift/src/test/integration/oc_route.yml b/roles/lib_openshift/src/test/integration/oc_route.yml index 620d5d5e7..489e982ce 100755 --- a/roles/lib_openshift/src/test/integration/oc_route.yml +++ b/roles/lib_openshift/src/test/integration/oc_route.yml @@ -75,3 +75,41 @@ - assert: that: "routeout.changed == False" msg: Route create not idempotent + + - name: delete route + oc_route: + name: test + namespace: default + state: absent + register: routeout + + - name: create route + oc_route: + name: test + namespace: default + tls_termination: passthrough + service_name: test + host: test.example + port: 8443 + register: routeout + + - assert: + that: "routeout.changed == True" + that: "routeout.results['results'][0]['spec']['port']['targetPort'] == 8443" + msg: Route create not idempotent + + - name: create route + oc_route: + name: test + namespace: default + tls_termination: passthrough + service_name: test + host: test.example + port: 8444 + register: routeout + - debug: var=routeout + + - assert: + that: "routeout.changed == True" + that: "routeout.results.results[0]['spec']['port']['targetPort'] == 8444" + msg: Route update not idempotent diff --git a/roles/lib_openshift/src/test/unit/oc_route.py b/roles/lib_openshift/src/test/unit/oc_route.py new file mode 100755 index 000000000..ea3c27b94 --- /dev/null +++ b/roles/lib_openshift/src/test/unit/oc_route.py @@ -0,0 +1,261 @@ +#!/usr/bin/env python2 +''' + Unit tests for oc route +''' +# To run: +# ./oc_serviceaccount.py +# +# . +# Ran 1 test in 0.002s +# +# OK + +import os +import sys +import unittest +import mock + +# Removing invalid variable names for tests so that I can +# keep them brief +# pylint: disable=invalid-name,no-name-in-module +# Disable import-error b/c our libraries aren't loaded in jenkins +# pylint: disable=import-error,wrong-import-position +# place class in our python path +module_path = os.path.join('/'.join(os.path.realpath(__file__).split('/')[:-4]), 'library') # noqa: E501 +sys.path.insert(0, module_path) +from oc_route import OCRoute # noqa: E402 + + +class OCRouteTest(unittest.TestCase): + ''' + Test class for OCServiceAccount + ''' + + def setUp(self): + ''' setup method will create a file and set to known configuration ''' + pass + +# @mock.patch('oc_route.OCRoute._run') +# def test_list_route(self, mock_cmd): +# ''' Testing getting a route ''' +# +# # Arrange +# +# # run_ansible input parameters +# params = { +# 'kubeconfig': '/etc/origin/master/admin.kubeconfig', +# 'state': 'list', +# 'debug': False, +# 'name': 'test', +# 'namespace': 'default', +# 'tls_termination': 'passthrough', +# 'dest_cacert_path': None, +# 'cacert_path': None, +# 'cert_path': None, +# 'key_path': None, +# 'dest_cacert_content': None, +# 'cacert_content': None, +# 'cert_content': None, +# 'key_content': None, +# 'service_name': 'testservice', +# 'host': 'test.openshift.com', +# 'wildcard_policy': None, +# 'weight': None, +# 'port': None +# } +# +# route_result ='''{ +# "kind": "Route", +# "apiVersion": "v1", +# "metadata": { +# "name": "test", +# "namespace": "default", +# "selfLink": "/oapi/v1/namespaces/default/routes/test", +# "uid": "1b127c67-ecd9-11e6-96eb-0e0d9bdacd26", +# "resourceVersion": "439182", +# "creationTimestamp": "2017-02-07T01:59:48Z" +# }, +# "spec": { +# "host": "test.example", +# "to": { +# "kind": "Service", +# "name": "test", +# "weight": 100 +# }, +# "port": { +# "targetPort": 8443 +# }, +# "tls": { +# "termination": "passthrough" +# }, +# "wildcardPolicy": "None" +# }, +# "status": { +# "ingress": [ +# { +# "host": "test.example", +# "routerName": "router", +# "conditions": [ +# { +# "type": "Admitted", +# "status": "True", +# "lastTransitionTime": "2017-02-07T01:59:48Z" +# } +# ], +# "wildcardPolicy": "None" +# } +# ] +# } +# }''' +# +# +# # Return values of our mocked function call. These get returned once per call. +# mock_cmd.side_effect = [ +# # First call to mock +# (0, route_result, ''), +# ] +# +# # Act +# results = OCRoute.run_ansible(params, False) +# +# # Assert +# self.assertFalse(results['changed']) +# self.assertEqual(results['state'], 'list') +# self.assertEqual(results['results'][0]['metadata']['name'], 'test') +# +# # Making sure our mock was called as we expected +# mock_cmd.assert_has_calls([ +# mock.call(['oc', '-n', 'default', 'get', 'route', 'test', '-o', 'json'], None), +# ]) + + @mock.patch('oc_route.Yedit._write') + @mock.patch('oc_route.OCRoute._run') + def test_create_route(self, mock_cmd, mock_write): + ''' Testing getting a route ''' + + # Arrange + + # run_ansible input parameters + params = { + 'kubeconfig': '/etc/origin/master/admin.kubeconfig', + 'state': 'present', + 'debug': True, + #'debug': False, + 'name': 'test', + 'namespace': 'default', + 'tls_termination': 'edge', + 'dest_cacert_path': None, + 'cacert_path': None, + 'cert_path': None, + 'key_path': None, + 'dest_cacert_content': None, + 'cacert_content': 'testing', + 'cert_content': 'testing', + 'key_content': 'testing', + 'service_name': 'testservice', + 'host': 'test.openshift.com', + 'wildcard_policy': None, + 'weight': None, + 'port': None + } + + route_result ='''{ + "apiVersion": "v1", + "kind": "Route", + "metadata": { + "creationTimestamp": "2017-02-07T20:55:10Z", + "name": "test", + "namespace": "default", + "resourceVersion": "517745", + "selfLink": "/oapi/v1/namespaces/default/routes/test", + "uid": "b6f25898-ed77-11e6-9755-0e737db1e63a" + }, + "spec": { + "host": "test.openshift.com", + "tls": { + "caCertificate": "testing", + "certificate": "testing", + "key": "testing", + "termination": "edge" + }, + "to": { + "kind": "Service", + "name": "testservice", + "weight": 100 + }, + "wildcardPolicy": "None" + }, + "status": { + "ingress": [ + { + "conditions": [ + { + "lastTransitionTime": "2017-02-07T20:55:10Z", + "status": "True", + "type": "Admitted" + } + ], + "host": "test.openshift.com", + "routerName": "router", + "wildcardPolicy": "None" + } + ] + } + }''' + + test_route = '''\ +kind: Route +spec: + tls: + caCertificate: testing + termination: edge + certificate: testing + key: testing + to: + kind: Service + name: testservice + weight: 100 + host: test.openshift.com + wildcardPolicy: None +apiVersion: v1 +metadata: + namespace: default + name: test +''' + + + # Return values of our mocked function call. These get returned once per call. + mock_cmd.side_effect = [ + # First call to mock + (1, '', 'Error from server: routes "test" not found'), + (1, '', 'Error from server: routes "test" not found'), + (0, 'route "test" created', ''), + (0, route_result, ''), + ] + + mock_write.assert_has_calls = [ + # First call to mock + mock.call('/tmp/test', test_route) + ] + + # Act + results = OCRoute.run_ansible(params, False) + + # Assert + self.assertTrue(results['changed']) + self.assertEqual(results['state'], 'present') + self.assertEqual(results['results']['results'][0]['metadata']['name'], 'test') + + # Making sure our mock was called as we expected + mock_cmd.assert_has_calls([ + mock.call(['oc', '-n', 'default', 'get', 'route', 'test', '-o', 'json'], None), + mock.call(['oc', '-n', 'default', 'create', '-f', '/tmp/test'], None), + ]) + + def tearDown(self): + '''TearDown method''' + pass + + +if __name__ == "__main__": + unittest.main() |