Merge pull request #238 from splunk/test_service_account

Smoke test to verify service account attaches to standalone.

Author: smohan-splunk

test/smoke/smoke_test.go

@@ -22,6 +22,10 @@ import (
 	. "github.com/onsi/gomega"
 
 	"github.com/splunk/splunk-operator/test/testenv"
+
+	enterprisev1 "github.com/splunk/splunk-operator/pkg/apis/enterprise/v1beta1"
+	splcommon "github.com/splunk/splunk-operator/pkg/splunk/common"
+	corev1 "k8s.io/api/core/v1"
 )
 
 func dumpGetPods(ns string) {
@@ -167,4 +171,36 @@ var _ = Describe("Smoke test", func() {
 			testenv.VerifyLMConfiguredOnPod(deployment, standalonePodName)
 		})
 	})
+
+	Context("Standalone deployment (S1) with Service Account", func() {
+		It("smoke: can deploy a standalone instance attached to a service account", func() {
+			// Create Service Account
+			serviceAccountName := "smoke-service-account"
+			testenvInstance.CreateServiceAccount(serviceAccountName)
+
+			standaloneSpec := enterprisev1.StandaloneSpec{
+				CommonSplunkSpec: enterprisev1.CommonSplunkSpec{
+					Spec: splcommon.Spec{
+						ImagePullPolicy: "IfNotPresent",
+					},
+					Volumes:        []corev1.Volume{},
+					ServiceAccount: serviceAccountName,
+				},
+			}
+
+			// Create standalone Deployment with License Master
+			standalone, err := deployment.DeployStandalonewithGivenSpec(deployment.GetName(), standaloneSpec)
+			Expect(err).To(Succeed(), "Unable to deploy standalone instance with LM")
+
+			// Wait for Standalone to be in READY status
+			testenv.StandaloneReady(deployment, deployment.GetName(), standalone, testenvInstance)
+
+			// Verify MC Pod is Ready
+			testenv.MCPodReady(testenvInstance.GetName(), deployment)
+
+			// Verify serviceAccount is configured on Pod
+			standalonePodName := fmt.Sprintf(testenv.StandalonePod, deployment.GetName(), 0)
+			testenv.VerifyServiceAccountConfiguredOnPod(deployment, testenvInstance.GetName(), standalonePodName, serviceAccountName)
+		})
+	})
 })

test/testenv/deployment.go

@@ -417,3 +417,13 @@ func (d *Deployment) DeployStandaloneWithLM(name string) (*enterprisev1.Standalo
 	}
 	return deployed.(*enterprisev1.Standalone), err
 }
+
+// DeployStandalonewithGivenSpec deploys a standalone with given spec
+func (d *Deployment) DeployStandalonewithGivenSpec(name string, spec enterprisev1.StandaloneSpec) (*enterprisev1.Standalone, error) {
+	standalone := newStandaloneWithGivenSpec(name, d.testenv.namespace, spec)
+	deployed, err := d.deployCR(name, standalone)
+	if err != nil {
+		return nil, err
+	}
+	return deployed.(*enterprisev1.Standalone), err
+}

test/testenv/testenv.go

@@ -493,6 +493,41 @@ func (testenv *TestEnv) createLicenseConfigMap() error {
 	return nil
 }
 
+// Create a service account config
+func newServiceAccount(ns string, serviceAccountName string) *corev1.ServiceAccount {
+
+	new := corev1.ServiceAccount{
+		TypeMeta: metav1.TypeMeta{
+			Kind: "ServiceAccount",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      serviceAccountName,
+			Namespace: ns,
+		},
+	}
+
+	return &new
+}
+
+// CreateServiceAccount Create a service account with given name
+func (testenv *TestEnv) CreateServiceAccount(name string) error {
+	serviceAccountConfig := newServiceAccount(testenv.namespace, name)
+	if err := testenv.GetKubeClient().Create(context.TODO(), serviceAccountConfig); err != nil {
+		testenv.Log.Error(err, "Unable to create service account")
+		return err
+	}
+
+	testenv.pushCleanupFunc(func() error {
+		err := testenv.GetKubeClient().Delete(context.TODO(), serviceAccountConfig)
+		if err != nil {
+			testenv.Log.Error(err, "Unable to delete service account")
+			return err
+		}
+		return nil
+	})
+	return nil
+}
+
 // NewDeployment creates a new deployment
 func (testenv *TestEnv) NewDeployment(name string) (*Deployment, error) {
 	d := Deployment{

test/testenv/util.go

@@ -86,6 +86,24 @@ func newStandalone(name, ns string) *enterprisev1.Standalone {
 	return &new
 }
 
+// newStandalone creates and initializes CR for Standalone Kind
+func newStandaloneWithGivenSpec(name, ns string, spec enterprisev1.StandaloneSpec) *enterprisev1.Standalone {
+
+	new := enterprisev1.Standalone{
+		TypeMeta: metav1.TypeMeta{
+			Kind: "Standalone",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:       name,
+			Namespace:  ns,
+			Finalizers: []string{"enterprise.splunk.com/delete-pvc"},
+		},
+
+		Spec: spec,
+	}
+	return &new
+}
+
 func newLicenseMaster(name, ns, licenseConfigMapName string) *enterprisev1.LicenseMaster {
 	new := enterprisev1.LicenseMaster{
 		TypeMeta: metav1.TypeMeta{
@@ -225,7 +243,7 @@ func newRole(name, ns string) *rbacv1.Role {
 		Rules: []rbacv1.PolicyRule{
 			{
 				APIGroups: []string{""},
-				Resources: []string{"services", "endpoints", "persistentvolumeclaims", "configmaps", "secrets", "pods"},
+				Resources: []string{"services", "endpoints", "persistentvolumeclaims", "configmaps", "secrets", "pods", "serviceaccounts", "pods/exec"},
 				Verbs:     []string{"create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"},
 			},
 			{

test/testenv/verificationutils.go

@@ -17,13 +17,24 @@ package testenv
 import (
 	"encoding/json"
 	"fmt"
+	"os/exec"
+	"strings"
 
 	gomega "github.com/onsi/gomega"
 
 	enterprisev1 "github.com/splunk/splunk-operator/pkg/apis/enterprise/v1beta1"
 	splcommon "github.com/splunk/splunk-operator/pkg/splunk/common"
+	logf "sigs.k8s.io/controller-runtime/pkg/log"
 )
 
+// PodDetailsStruct captures output of kubectl get pods podname -o json
+type PodDetailsStruct struct {
+	Spec struct {
+		ServiceAccount     string `json:"serviceAccount"`
+		ServiceAccountName string `json:"serviceAccountName"`
+	}
+}
+
 // StandaloneReady verify Standlone is in ReadyStatus and does not flip-flop
 func StandaloneReady(deployment *Deployment, deploymentName string, standalone *enterprisev1.Standalone, testenvInstance *TestEnv) {
 	gomega.Eventually(func() splcommon.Phase {
@@ -223,3 +234,23 @@ func VerifyLMConfiguredOnPod(deployment *Deployment, podName string) {
 		return lmConfigured
 	}, deployment.GetTimeout(), PollInterval).Should(gomega.Equal(true))
 }
+
+// VerifyServiceAccountConfiguredOnPod check if given service account is configured on given pod
+func VerifyServiceAccountConfiguredOnPod(deployment *Deployment, ns string, podName string, serviceAccount string) {
+	gomega.Eventually(func() bool {
+		output, err := exec.Command("kubectl", "get", "pods", "-n", ns, podName, "-o", "json").Output()
+		if err != nil {
+			cmd := fmt.Sprintf("kubectl get pods -n %s %s -o json", ns, podName)
+			logf.Log.Error(err, "Failed to execute command", "command", cmd)
+			return false
+		}
+		restResponse := PodDetailsStruct{}
+		err = json.Unmarshal([]byte(output), &restResponse)
+		if err != nil {
+			logf.Log.Error(err, "Failed to parse cluster searchheads")
+			return false
+		}
+		logf.Log.Info("Service Account on Pod", "FOUND", restResponse.Spec.ServiceAccount, "EXPECTED", serviceAccount)
+		return strings.Contains(serviceAccount, restResponse.Spec.ServiceAccount)
+	}, deployment.GetTimeout(), PollInterval).Should(gomega.Equal(true))
+}