Move k8s_auth library from community.kubernetes to openshift_auth (#33)

* Add openshift_auth module * add task to print out config * Attempt to configure auth * Update molecule/default/tasks/openshift_auth.yml * fix sanity test and use incluster address for now * Get integration tests passing locally * Give test user cluster-level admin permissions * Use a less verbose resource for testing * Add alias to k8s_auth for backwards compatibility
2026-05-07 13:42:38 +00:00 · 2020-09-21 18:15:53 -04:00
parent f52d63c83f
commit 037f8b1f4f
6 changed files with 461 additions and 1 deletions
--- a/molecule/default/tasks/openshift_auth.yml
+++ b/molecule/default/tasks/openshift_auth.yml
@@ -0,0 +1,51 @@
+---
+- vars:
+    # TODO(fabianvf) Get this parameter working locally as well
+    openshift_host: 'https://kubernetes.default.svc'
+  block:
+    - name: Log in (obtain access token)
+      community.okd.openshift_auth:
+        username: test
+        password: testing123
+        host: '{{ openshift_host }}'
+        verify_ssl: false
+      register: openshift_auth_results
+
+    - name: Get the test User
+      community.kubernetes.k8s_info:
+        api_key: "{{ openshift_auth_results.openshift_auth.api_key }}"
+        host: '{{ openshift_host }}'
+        verify_ssl: false
+        kind: User
+        api_version: user.openshift.io/v1
+        name: test
+      register: user_result
+
+    - name: assert that the user was found
+      assert:
+        that: (user_result.resources | length) == 1
+
+  always:
+    - name: If login succeeded, try to log out (revoke access token)
+      when: openshift_auth_results.openshift_auth.api_key is defined
+      community.okd.openshift_auth:
+        state: absent
+        api_key: "{{ openshift_auth_results.openshift_auth.api_key }}"
+        host: '{{ openshift_host }}'
+        verify_ssl: false
+
+    - name: Get the test user
+      community.kubernetes.k8s_info:
+        api_key: "{{ openshift_auth_results.openshift_auth.api_key }}"
+        host: '{{ openshift_host }}'
+        verify_ssl: false
+        kind: User
+        name: test
+        api_version: user.openshift.io/v1
+      register: failed_user_result
+      ignore_errors: yes
+
+    # TODO(fabianvf) determine why token is not being rejected, maybe add more info to return
+    # - name: assert that the user was not found
+    #   assert:
+    #     that: (failed_user_result.resources | length) == 0