k8s/tests/test_k8sclient_deploy.py

   1 # ============LICENSE_START=======================================================
   2 # org.onap.dcae
   3 # ================================================================================
   4 # Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
   5 # Copyright (c) 2020-2021 Nokia. All rights reserved.
   6 # ================================================================================
   7 # Licensed under the Apache License, Version 2.0 (the "License");
   8 # you may not use this file except in compliance with the License.
   9 # You may obtain a copy of the License at
  10 #
  11 #      http://www.apache.org/licenses/LICENSE-2.0
  12 #
  13 # Unless required by applicable law or agreed to in writing, software
  14 # distributed under the License is distributed on an "AS IS" BASIS,
  15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16 # See the License for the specific language governing permissions and
  17 # limitations under the License.
  18 # ============LICENSE_END=========================================================
  19
  20 # Test k8sclient deployment functions
  21 # Verify that for a given configuration and set of inputs, k8sclient generates the proper
  22 # Kubernetes entities
  23 import pytest
  24 from common import do_deploy, verify_ports, verify_image, verify_rediness_probe, verify_volumes, \
  25     verify_logs, verify_env_variables, verify_deployment_desc, verify_label
  26 from common import verify_external_cert
  27 from common import verify_cert_post_processor
  28
  29 K8S_CONFIGURATION = {
  30     "image_pull_secrets": ["secret0", "secret1"],
  31     "filebeat": {
  32         "log_path": "/var/log/onap",
  33         "data_path": "/usr/share/filebeat/data",
  34         "config_path": "/usr/share/filebeat/filebeat.yml",
  35         "config_subpath": "filebeat.yml",
  36         "image": "filebeat-repo/filebeat:latest",
  37         "config_map": "dcae-filebeat-configmap"
  38     },
  39     "tls": {
  40         "cert_path": "/opt/certs",
  41         "image": "tlsrepo/tls-init-container:1.2.3",
  42         "component_cert_dir": "/opt/dcae/cacert"
  43     },
  44     "external_cert": {
  45         "image_tag": "repo/oom-certservice-client:2.1.0",
  46         "request_url": "https://request:1010/url",
  47         "timeout": "30000",
  48         "country": "US",
  49         "organization": "Linux-Foundation",
  50         "state": "California",
  51         "organizational_unit": "ONAP",
  52         "location": "San-Francisco",
  53         "keystore_password": "secret1",
  54         "truststore_password": "secret2"
  55     },
  56     "cert_post_processor": {
  57         "image_tag": "repo/oom-cert-post-processor:2.1.0"
  58     },
  59     "cbs": {
  60         "base_url": "https://config-binding-service:10443/service_component_all/test-component"
  61     },
  62     "cmpv2_issuer": {
  63         "enabled": "false",
  64         "name":    "cmpv2-issuer-onap"
  65     }
  66 }
  67
  68 BASIC_KWARGS = {
  69     "volumes": [
  70         {
  71             "host": {
  72                 "path": "/path/on/host"
  73             },
  74             "container": {
  75                 "bind": "/path/on/container",
  76                 "mode": "rw"
  77             }
  78         }
  79     ],
  80     "ports": [
  81         "80:0",
  82         "443:0"
  83     ],
  84     "env": {
  85         "NAME0": "value0",
  86         "NAME1": "value1"
  87     },
  88     "log_info": {
  89         "log_directory": "/path/to/container/log/directory"
  90     },
  91     "readiness": {
  92         "type": "http",
  93         "endpoint": "/ready"
  94     },
  95     "resources": {
  96         "limits": {
  97             "cpu": 0.5,
  98             "memory": "2Gi"
  99         },
 100         "requests": {
 101             "cpu": 0.5,
 102             "memory": "2Gi"
 103         }
 104     }
 105 }
 106
 107 KWARGS_WITH_FULL_TLS = {"tls_info": {"use_tls": True, "cert_directory": "/path/to/container/cert/directory"}}
 108 KWARGS_TLS_OFF = {"tls_info": {"use_tls": False, "cert_directory": "/path/to/container/cert/directory"}}
 109 KWARGS_WITH_EXTERNAL_CERT = {"external_cert": {"external_cert_directory": "/path/to/container/cert/directory/",
 110                                                "use_external_tls": True,
 111                                                "cert_type": "P12",
 112                                                "ca_name": "myname",
 113                                                "external_certificate_parameters": {
 114                                                    "common_name": "mycommonname",
 115                                                    "sans": "mysans"}
 116                                                }}
 117
 118 KWARGS_WITH_CONFIG_MAP = {"config_volume": {"name": "myConfigMap"},
 119                           "container": {"bind": "/path/to/configMap", "mode": "ro"}}
 120
 121
 122 test_data = [(KWARGS_WITH_EXTERNAL_CERT, "/opt/dcae/cacert"),
 123              (BASIC_KWARGS, "/opt/dcae/cacert"),
 124              (KWARGS_TLS_OFF, "/path/to/container/cert/directory"),
 125              (KWARGS_WITH_FULL_TLS, "/path/to/container/cert/directory")]
 126
 127
 128 @pytest.mark.parametrize("blueprint_dict, path", test_data)
 129 def test_deploy(mockk8sapi, blueprint_dict, path):
 130     # given
 131     kwargs = dict(BASIC_KWARGS)
 132     kwargs.update(blueprint_dict)
 133
 134     # when
 135     dep, deployment_description = do_deploy(K8S_CONFIGURATION, kwargs)
 136     app_container = dep.spec.template.spec.containers[0]
 137     log_container = dep.spec.template.spec.containers[1]
 138
 139     # then
 140     verify_label(dep)
 141     assert app_container.volume_mounts[2].mount_path == path
 142     verify_ports(app_container)
 143     verify_image(app_container)
 144     verify_rediness_probe(app_container)
 145     verify_volumes(app_container)
 146     verify_logs(log_container)
 147     verify_env_variables(app_container)
 148     verify_deployment_desc(deployment_description)
 149
 150
 151 def test_deploy_external_cert(mockk8sapi):
 152     """ Deploy component with external TLS configuration """
 153     # given
 154     kwargs = dict(BASIC_KWARGS)
 155     kwargs.update(KWARGS_WITH_EXTERNAL_CERT)
 156
 157     # when
 158     dep, deployment_description = do_deploy(K8S_CONFIGURATION, kwargs)
 159
 160     # then
 161     verify_external_cert(dep)
 162     verify_cert_post_processor(dep)
 163
 164
 165 def test_deploy_config_map(mockk8sapi):
 166     """ Deploy component with configMap in volumes """
 167     # given
 168     kwargs = dict(BASIC_KWARGS)
 169     kwargs['volumes'].append(KWARGS_WITH_CONFIG_MAP)
 170
 171     # when
 172     dep, deployment_description = do_deploy(K8S_CONFIGURATION, kwargs)
 173     app_container = dep.spec.template.spec.containers[0]
 174
 175     # then
 176     assert app_container.volume_mounts[1].mount_path == "/path/to/configMap"