k8s/tests/common.py

   1 # ============LICENSE_START=======================================================
   2 # org.onap.dcae
   3 # ================================================================================
   4 # Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
   5 # Copyright (c) 2020 Pantheon.tech. All rights reserved.
   6 # Copyright (c) 2020-2021 Nokia. All rights reserved.
   7 # ================================================================================
   8 # Licensed under the Apache License, Version 2.0 (the "License");
   9 # you may not use this file except in compliance with the License.
  10 # You may obtain a copy of the License at
  11 #
  12 #      http://www.apache.org/licenses/LICENSE-2.0
  13 #
  14 # Unless required by applicable law or agreed to in writing, software
  15 # distributed under the License is distributed on an "AS IS" BASIS,
  16 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  17 # See the License for the specific language governing permissions and
  18 # limitations under the License.
  19 # ============LICENSE_END=========================================================
  20
  21 # Common functions for unit testing
  22 def _set_k8s_configuration():
  23     ''' Set up the basic k8s configuration '''
  24     return {
  25         "image_pull_secrets": ["secret0", "secret1"],
  26         "filebeat": {
  27             "log_path": "/var/log/onap",
  28             "data_path": "/usr/share/filebeat/data",
  29             "config_path": "/usr/share/filebeat/filebeat.yml",
  30             "config_subpath": "filebeat.yml",
  31             "image": "filebeat-repo/filebeat:latest",
  32             "config_map": "dcae-filebeat-configmap"
  33         },
  34         "tls": {
  35             "cert_path": "/opt/certs",
  36             "image": "tlsrepo/tls-init-container:1.2.3",
  37             "component_cert_dir": "/opt/dcae/cacert"
  38         },
  39         "external_cert": {
  40             "image_tag": "repo/oom-certservice-client:2.1.0",
  41             "request_url": "https://request:1010/url",
  42             "timeout": "30000",
  43             "country": "US",
  44             "organization": "Linux-Foundation",
  45             "state": "California",
  46             "organizational_unit": "ONAP",
  47             "location": "San-Francisco",
  48             "keystore_password": "secret1",
  49             "truststore_password": "secret2"
  50         },
  51         "cert_post_processor": {
  52             "image_tag": "repo/oom-cert-post-processor:2.1.0"
  53         },
  54         "cbs": {
  55             "base_url": "https://config-binding-service:10443/service_component_all/test-component"
  56         }
  57     }
  58
  59
  60 def _set_resources():
  61     ''' Set resources '''
  62     return {
  63         "limits": {
  64             "cpu": 0.5,
  65             "memory": "2Gi"
  66         },
  67         "requests": {
  68             "cpu": 0.5,
  69             "memory": "2Gi"
  70         }
  71     }
  72
  73
  74 def _set_common_kwargs(config_map=None):
  75     ''' Set kwargs common to all test cases '''
  76     common_kwargs = {
  77         "volumes": [
  78             {"host": {"path": "/path/on/host"}, "container": {"bind": "/path/on/container", "mode": "rw"}}
  79
  80         ],
  81         "ports": ["80:0", "443:0"],
  82         "env": {"NAME0": "value0", "NAME1": "value1"},
  83         "log_info": {"log_directory": "/path/to/container/log/directory"},
  84         "readiness": {"type": "http", "endpoint": "/ready"}
  85     }
  86     if config_map is not None:
  87         common_kwargs["volumes"].append(config_map)
  88     return common_kwargs
  89
  90
  91 def _get_item_by_name(list, name):
  92     """ Search a list of k8s API objects with the specified name """
  93     for item in list:
  94         if item.name == name:
  95             return item
  96     return None
  97
  98
  99 def check_env_var(env_list, name, value):
 100     e = _get_item_by_name(env_list, name)
 101     assert e and e.value == value
 102
 103
 104 def verify_common(dep, deployment_description):
 105     """ Check results common to all test cases """
 106     assert deployment_description["deployment"] == "dep-testcomponent"
 107     assert deployment_description["namespace"] == "k8stest"
 108     assert deployment_description["services"][0] == "testcomponent"
 109
 110     # For unit test purposes, we want to make sure that the deployment object
 111     # we're passing to the k8s API is correct
 112     app_container = dep.spec.template.spec.containers[0]
 113     assert app_container.image == "example.com/testcomponent:1.4.3"
 114     assert app_container.image_pull_policy == "IfNotPresent"
 115     assert len(app_container.ports) == 2
 116     assert app_container.ports[0].container_port == 80
 117     assert app_container.ports[1].container_port == 443
 118     assert app_container.readiness_probe.http_get.path == "/ready"
 119     assert app_container.readiness_probe.http_get.scheme == "HTTP"
 120     assert len(app_container.volume_mounts) >= 2
 121     assert app_container.volume_mounts[0].mount_path == "/path/on/container"
 122     assert app_container.volume_mounts[-2].mount_path == "/path/to/container/log/directory"
 123
 124     # Check environment variables
 125     env = app_container.env
 126     check_env_var(env, "NAME0", "value0")
 127     check_env_var(env, "NAME1", "value1")
 128
 129     # Should have a log container with volume mounts
 130     log_container = dep.spec.template.spec.containers[1]
 131     assert log_container.image == "filebeat-repo/filebeat:latest"
 132     assert log_container.volume_mounts[0].mount_path == "/var/log/onap/testcomponent"
 133     assert log_container.volume_mounts[0].name == "component-log"
 134     assert log_container.volume_mounts[1].mount_path == "/usr/share/filebeat/data"
 135     assert log_container.volume_mounts[1].name == "filebeat-data"
 136     assert log_container.volume_mounts[2].mount_path == "/usr/share/filebeat/filebeat.yml"
 137     assert log_container.volume_mounts[2].name == "filebeat-conf"
 138
 139     # Needs to be correctly labeled so that the Service can find it
 140     assert dep.spec.template.metadata.labels["app"] == "testcomponent"
 141
 142
 143 def verify_external_cert(dep):
 144     cert_container = dep.spec.template.spec.init_containers[1]
 145     print(cert_container)
 146     assert cert_container.image == "repo/oom-certservice-client:2.1.0"
 147     assert cert_container.name == "cert-service-client"
 148     assert len(cert_container.volume_mounts) == 2
 149     assert cert_container.volume_mounts[0].name == "tls-info"
 150     assert cert_container.volume_mounts[0].mount_path == "/path/to/container/cert/directory/"
 151     assert cert_container.volume_mounts[1].name == "tls-volume"
 152     assert cert_container.volume_mounts[1].mount_path == "/etc/onap/oom/certservice/certs/"
 153
 154     expected_envs = {
 155         "REQUEST_URL": "https://request:1010/url",
 156         "REQUEST_TIMEOUT": "30000",
 157         "OUTPUT_PATH": "/path/to/container/cert/directory/external",
 158         "OUTPUT_TYPE": "P12",
 159         "CA_NAME": "myname",
 160         "COMMON_NAME": "mycommonname",
 161         "ORGANIZATION": "Linux-Foundation",
 162         "ORGANIZATION_UNIT": "ONAP",
 163         "LOCATION": "San-Francisco",
 164         "STATE": "California",
 165         "COUNTRY": "US",
 166         "SANS": "mysans",
 167         "KEYSTORE_PATH": "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks",
 168         "KEYSTORE_PASSWORD": "secret1",
 169         "TRUSTSTORE_PATH": "/etc/onap/oom/certservice/certs/truststore.jks",
 170         "TRUSTSTORE_PASSWORD": "secret2"}
 171
 172     envs = {k.name: k.value for k in cert_container.env}
 173     for k in expected_envs:
 174         assert (k in envs and expected_envs[k] == envs[k])
 175
 176
 177 def verify_cert_post_processor(dep):
 178     cert_container = dep.spec.template.spec.init_containers[2]
 179     print(cert_container)
 180     assert cert_container.image == "repo/oom-cert-post-processor:2.1.0"
 181     assert cert_container.name == "cert-post-processor"
 182     assert len(cert_container.volume_mounts) == 1
 183     assert cert_container.volume_mounts[0].name == "tls-info"
 184     assert cert_container.volume_mounts[0].mount_path == "/opt/dcae/cacert/"
 185
 186     expected_envs = {
 187         "TRUSTSTORES_PATHS": "/opt/dcae/cacert/trust.jks:/opt/dcae/cacert/external/truststore.p12",
 188         "TRUSTSTORES_PASSWORDS_PATHS": "/opt/dcae/cacert/trust.pass:/opt/dcae/cacert/external/truststore.pass",
 189         "KEYSTORE_SOURCE_PATHS": "/opt/dcae/cacert/external/keystore.p12:/opt/dcae/cacert/external/keystore.pass",
 190         "KEYSTORE_DESTINATION_PATHS": "/opt/dcae/cacert/cert.p12:/opt/dcae/cacert/p12.pass"
 191     }
 192
 193     envs = {k.name: k.value for k in cert_container.env}
 194     for k in expected_envs:
 195         assert (k in envs and expected_envs[k] == envs[k])
 196
 197
 198 def do_deploy(config_map=None, tls_info=None, ext_tls_info=None):
 199     """ Common deployment operations """
 200     import k8sclient.k8sclient
 201
 202     k8s_test_config = _set_k8s_configuration()
 203
 204     kwargs = _set_common_kwargs(config_map)
 205     kwargs['resources'] = _set_resources()
 206
 207     if tls_info:
 208         kwargs["tls_info"] = tls_info
 209     if ext_tls_info:
 210         kwargs["external_cert"] = ext_tls_info
 211
 212     dep, deployment_description = k8sclient.k8sclient.deploy(k8s_ctx(), "k8stest", "testcomponent",
 213                                                              "example.com/testcomponent:1.4.3", 1, False,
 214                                                              k8s_test_config, **kwargs)
 215
 216     # Make sure all of the basic k8s parameters are correct
 217     verify_common(dep, deployment_description)
 218
 219     return dep, deployment_description
 220
 221
 222 class k8s_logger:
 223     def info(self, text):
 224         print(text)
 225
 226
 227 class k8s_ctx:
 228     logger = k8s_logger()