Merge branch 'AEROGEAR-2392_matzew'

aerogearcatalog · Apr 5, 2018 · 4615db0 · 4615db0
2 parents 59befbe + 2e8ca23
commit 4615db0
Show file tree

Hide file tree

Showing 12 changed files with 242 additions and 33 deletions.
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -0,0 +1,82 @@
+#!groovy
+
+// https://github.com/feedhenry/fh-pipeline-library
+@Library('fh-pipeline-library') _
+
+def repositoryName = "unifiedpush-apb"
+def projectName = "test-${repositoryName}-${currentBuild.number}-${currentBuild.startTimeInMillis}"
+
+stage('Trust') {
+    enforceTrustedApproval('aerogear')
+}
+
+node ("ocp-slave") { 
+    stage('Cleanup') {
+        deleteDir()
+    }
+    stage('Cloning the repo') {
+        checkout scm
+    }
+
+    try {
+
+        stage('Create OpenShift project') {
+            sh script: "oc new-project ${projectName}"
+        }
+        stage('Build APB') {
+            try {
+                timeout(5) {
+                    sh script: """
+                    oc new-build --name ${repositoryName} --binary
+                    oc start-build ${repositoryName} --from-dir=.
+                    sleep 10
+                    oc logs -f bc/${repositoryName}
+                    """
+                }
+            } catch (Exception e) {
+                error "Build timed out"
+            }
+
+        }
+
+        stage('Add admin policy to serviceaccount "default"') {
+            sh script: "oc policy add-role-to-user admin --serviceaccount=default"
+        }
+
+        stage('Test APB') {
+            try {
+                timeout(15) {
+                    sh script: """
+                    oc run testing-pod \
+                        --image=docker-registry.default.svc:5000/${projectName}/${repositoryName} \
+                        --restart=Never \
+                        --env POD_NAME=testing-pod \
+                        --env POD_NAMESPACE=${projectName} \
+                        --command -- \
+                        entrypoint.sh test --extra-vars '{\"namespace\": \"${projectName}\"}'
+                    sleep 10
+                    oc logs --pod-running-timeout=20s -f pod/testing-pod
+                    # Check if the status of testing-pod is error
+                    if [ \$(oc get pods | grep testing-pod | awk '{print \$3}') == "Error" ] ; then exit 1 ; fi
+                    """
+                }
+            } catch (Exception e) {
+                error "Pod didn't finish in time."
+            }
+        }
+        stage('Delete OpenShift project') {
+            sh script: "oc delete project ${projectName}"
+        }
+    } catch (Exception e) {
+        try {
+            timeout(15) {
+                input message: 'The test failed. Click on "Approve" to delete the project. Otherwise it will be deleted after 15 minutes'
+            }
+        } catch (Exception e2) {
+            println("Waiting for a user input exceeded its time limit. Deleting the project now.")
+        }
+
+        sh script: "oc delete project ${projectName}"
+        error "Error when running the test: ${e}"
+    }
+}
diff --git a/playbooks/test.yml b/playbooks/test.yml
@@ -0,0 +1,30 @@
+---
+- name: Test unifiedpush-apb
+  hosts: localhost
+  gather_facts: false
+  connection: local
+  vars_files:
+  - /opt/ansible/vars/main.yml
+
+  roles:
+  - role: ansible.kubernetes-modules
+    install_python_requirements: no
+  - role: ansibleplaybookbundle.asb-modules
+  post_tasks:
+  - name: Load default variables for testing
+    include_vars: test_defaults.yml
+  - name: create project for namespace
+    openshift_v1_project:
+      name: '{{ namespace }}'
+  - name: Run the provision role.
+    include_role:
+      name: provision-unifiedpush-apb
+  - name: Run the test role.
+    include_role:
+      name: test-provision-unifiedpush-apb
+  - name: Run the deprovision role.
+    include_role:
+      name: deprovision-unifiedpush-apb
+  - name: Run the deprovision test role.
+    include_role:
+      name: test-deprovision-unifiedpush-apb
diff --git a/playbooks/vars/test_defaults.yml b/playbooks/vars/test_defaults.yml
diff --git a/roles/deprovision-unifiedpush-apb/tasks/main.yml b/roles/deprovision-unifiedpush-apb/tasks/main.yml
@@ -1,30 +1,42 @@
+# PostgreSQL
+- openshift_v1_deployment_config:
+    name: '{{ postgres_deploymentconfig_name }}'
+    namespace: '{{ namespace }}'
+    state: absent
+
 - k8s_v1_persistent_volume_claim:
-    name: mysql
+    name: '{{ postgres_pvc_name }}'
     namespace: '{{ namespace }}'
     state: absent
 
-- openshift_v1_deployment_config:
-    name: mysql
+- k8s_v1_secret:
+    name: '{{ postgres_secret_name }}'
     namespace: '{{ namespace }}'
     state: absent
 
 - k8s_v1_service:
-    name: mysql
+    name: '{{ postgres_service_name }}'
     namespace: '{{ namespace }}'
-    state: absent    
+    state: absent
 
+# UPS
 - openshift_v1_deployment_config:
-    name: ups
+    name: '{{ ups_deploymentconfig_name }}'
+    namespace: '{{ namespace }}'
+    state: absent
+
+- k8s_v1_service:
+    name: '{{ ups_service_name }}'
     namespace: '{{ namespace }}'
     state: absent
 
 - k8s_v1_service:
-    name: unifiedpush
+    name: '{{ ups_proxy_service_name }}'
     namespace: '{{ namespace }}'
-    state: absent    
+    state: absent  
 
 - openshift_v1_route:
-    name: unifiedpush
+    name: '{{ ups_route_name }}'
     namespace: '{{ namespace }}'
     state: absent
 

diff --git a/roles/provision-unifiedpush-apb/defaults/main.yml b/roles/provision-unifiedpush-apb/defaults/main.yml
@@ -1,21 +1,17 @@
 # UPS Values
-ups_secret_name: "unified-push-server"
 ups_image: " docker.io/matzew/unifiedpush-psql"
 ups_image_tag: "latest"
 ups_port: 8080
 ups_proxy_port: 4180
-proxy_serviceaccount_name: "oauth-proxy"
 
 # Non global constants
 postgres_image: centos/postgresql-95-centos7
 postgres_image_tag: '9.5'
 postgres_database_name: unifiedpush
-postgres_service_name: postgres
-postgres_secret_name: ups-postgres
 
 # Sidecar Image values
 ups_sidecar_image: "docker.io/aerogear/ups-config-operator"
-ups_sidecar_image_tag: "0.0.1"
+ups_sidecar_image_tag: "master"
 
 # OAuth Proxy values
 proxy_image: "docker.io/openshift/oauth-proxy"

diff --git a/roles/provision-unifiedpush-apb/tasks/main.yml b/roles/provision-unifiedpush-apb/tasks/main.yml
@@ -4,7 +4,7 @@
   register: service_instance_name
 
 - name: Label the service instance with the service name
-  shell: oc label serviceinstance '{{ service_instance_name.stdout }}' serviceName=unifiedpush --namespace={{ namespace }}
+  shell: oc label serviceinstance '{{ service_instance_name.stdout }}' serviceName={{ ups_service_name }} --namespace={{ namespace }}
   when: _apb_service_instance_id is defined
 
 - name: "Create OAuth Proxy Serviceaccount yaml"

diff --git a/roles/provision-unifiedpush-apb/tasks/provision-database.yml b/roles/provision-unifiedpush-apb/tasks/provision-database.yml
@@ -31,22 +31,22 @@
     session_affinity: None
 
 - k8s_v1_persistent_volume_claim:
-    name: '{{ postgres_service_name }}'
+    name: '{{ postgres_pvc_name }}'
     namespace: '{{ namespace }}'
     access_modes:
     - ReadWriteOnce
     resources_requests:
       storage: "1Gi"
 
 - openshift_v1_deployment_config:
-    name: '{{ postgres_service_name }}'
+    name: '{{ postgres_deploymentconfig_name }}'
     namespace: '{{ namespace }}'
     replicas: 1
     labels:
-      app: ups 
+      app: '{{ ups_deploymentconfig_name }}' 
       service: '{{ postgres_service_name }}'
     spec_template_metadata_labels:
-      app: ups 
+      app: '{{ ups_deploymentconfig_name }}' 
       name: '{{ postgres_service_name }}'
     containers:
     - name: postgresql
@@ -89,18 +89,18 @@
         limits:
           memory: '512Mi'
       volume_mounts:
-      - name: '{{ postgres_service_name }}-data'
+      - name: '{{ postgres_pvc_name }}-data'
         mount_path: "/var/lib/pgsql/data"
       termination_message_path: "/dev/termination-log"
     volumes:
-    - name: '{{ postgres_service_name }}-data'
+    - name: '{{ postgres_pvc_name }}-data'
       persistent_volume_claim:
-        claim_name: '{{ postgres_service_name }}'
+        claim_name: '{{ postgres_pvc_name }}'
 
 
 # Check the containers in the Postgres pod and make sure they are all ready
 - name: "Wait for all Postgres containers to become ready"
-  shell: oc get pods --namespace={{ namespace }} --selector="deploymentconfig=postgres" -o jsonpath='{.items[*].status.containerStatuses[?(@.ready==true)].ready}'| wc -w
+  shell: oc get pods --namespace={{ namespace }} --selector="deploymentconfig={{ postgres_deploymentconfig_name }}" -o jsonpath='{.items[*].status.containerStatuses[?(@.ready==true)].ready}'| wc -w
   register: postgresql_result
   until: postgresql_result.stdout.find("1") != -1
   retries: 30

diff --git a/roles/provision-unifiedpush-apb/tasks/provision-ups.yml b/roles/provision-unifiedpush-apb/tasks/provision-ups.yml
@@ -1,6 +1,6 @@
 - name: UPS deployment
   openshift_v1_deployment_config:
-    name: ups
+    name: '{{ ups_deploymentconfig_name }}'
     namespace: "{{ namespace }}"
     labels:
       app: ups
@@ -63,7 +63,7 @@
 
 - name: create UPS service
   k8s_v1_service:
-    name: ups-service
+    name: '{{ ups_service_name }}'
     namespace: '{{ namespace }}'
     annotations:
       org.aerogear.metrics/plain_endpoint: "/rest/prometheus/metrics"
@@ -82,7 +82,7 @@
 
 - name: create UPS Proxy
   k8s_v1_service:
-    name: ups-proxy
+    name: '{{ ups_proxy_service_name }}'
     namespace: '{{ namespace }}'
     labels:
       app: ups
@@ -97,22 +97,19 @@
 
 - name: create ups route
   openshift_v1_route:
-    name: ups
+    name: '{{ ups_route_name }}'
     namespace: '{{ namespace }}'
     labels:
       app: ups
       service: ups-proxy
     to_name: ups-proxy
     spec_port_target_port: web
     spec_tls_termination: edge
-
-- name: "Retrieve route to ups-server"
-  shell: "oc get routes ups -n {{ namespace }} | grep -v NAME | awk '{print $2}'"
   register: ups_route
 
 # We need to wait for the deployment to be ready before we can exit the ansible job
 - name: "Wait for all UPS containers to become ready"
-  shell: oc get pods --namespace={{ namespace }} --selector="deploymentconfig=ups" -o jsonpath='{.items[*].status.containerStatuses[?(@.ready==true)].ready}'| wc -w
+  shell: oc get pods --namespace={{ namespace }} --selector="deploymentconfig={{ ups_deploymentconfig_name }}" -o jsonpath='{.items[*].status.containerStatuses[?(@.ready==true)].ready}'| wc -w
   register: ups_result
   until: ups_result.stdout.find("3") != -1
   retries: 30

diff --git a/roles/provision-unifiedpush-apb/templates/secret.yml.j2 b/roles/provision-unifiedpush-apb/templates/secret.yml.j2
@@ -10,5 +10,5 @@ metadata:
 stringData:
   type: {{ ups_secret_name }}
   name: {{ ups_secret_name }}
-  uri: http://{{ ups_route.stdout }}
+  uri: http://{{ ups_route.route.spec.host }}
   applicationId: "{{ namespace_push_app.json.pushApplicationID }}"
diff --git a/roles/test-deprovision-unifiedpush-apb/tasks/main.yml b/roles/test-deprovision-unifiedpush-apb/tasks/main.yml
@@ -0,0 +1,61 @@
+---
+
+# Instead of testing that the deployment config is removed, we test that the pods
+# are cleaned up afterwards
+- name: Check that all pods have been removed
+  shell: oc get pods --namespace={{ namespace }} --selector="deploymentconfig in ({{ postgres_deploymentconfig_name }}, {{ ups_deploymentconfig_name }})" 2>&1
+  register: result
+  retries: 50
+  delay: 10
+  failed_when:
+    - '"No resources found." not in result.stdout'
+  until: '"No resources found." in result.stdout'
+
+- name: Check that the ups route has been removed
+  shell: oc get route --namespace={{ namespace }} {{ ups_route_name }} 2>&1
+  register: result
+  retries: 50
+  delay: 10
+  failed_when:
+    - '"not found" not in result.stdout'
+  until: '"not found" in result.stdout'
+
+- name: Check that all services have been removed
+  shell: oc get service --namespace={{ namespace }} {{ item }} 2>&1
+  register: result
+  retries: 50
+  delay: 10
+  failed_when:
+    - '"not found" not in result.stdout'
+  until: '"not found" in result.stdout'
+  with_items:
+    - '{{ postgres_service_name}}'
+    - '{{ ups_service_name}}'
+    - '{{ ups_proxy_service_name}}'
+
+- name: Check that all secrets have been removed
+  shell: oc get secret --namespace={{ namespace }} {{ ups_secret_name }} 2>&1
+  register: result
+  retries: 50
+  delay: 10
+  failed_when:
+    - '"not found" not in result.stdout'
+  until: '"not found" in result.stdout'
+
+- name: Check that all persistent volume claims have been removed
+  shell: oc get pvc --namespace={{ namespace }} {{ postgres_pvc_name }} 2>&1
+  register: result
+  retries: 50
+  delay: 10
+  failed_when:
+    - '"not found" not in result.stdout'
+  until: '"not found" in result.stdout'
+
+- name: Check that the service account has been removed
+  shell: oc get serviceaccount --namespace={{ namespace }} {{ proxy_serviceaccount_name }} 2>&1
+  register: result
+  retries: 50
+  delay: 10
+  failed_when:
+    - '"not found" not in result.stdout'
+  until: '"not found" in result.stdout'
diff --git a/roles/test-provision-unifiedpush-apb/tasks/main.yml b/roles/test-provision-unifiedpush-apb/tasks/main.yml
@@ -0,0 +1,21 @@
+- name: Check that the unifiedpush login webpage is accessible
+  uri:
+    url: "https://{{ ups_route.route.spec.host }}"
+    return_content: yes
+    validate_certs: no
+  register: webpage
+  retries: 10
+  delay: 20
+  failed_when:
+    - webpage.status == 403
+    - '"Log in with OpenShift" not in webpage.content'
+  until: '"Log in with OpenShift" in webpage.content'
+
+- name: "Check that new application was created for the namespace {{ namespace }}"
+  uri:
+    method: GET
+    url: "http://{{ unifiedpush_service.service.spec.cluster_ip }}/rest/applications"
+    return_content: yes
+    validate_certs: no
+  register: applications
+  failed_when: applications.json[0].name != "{{ namespace }}"