From a79ee9da09bcb5f4e01e341335b79a877fd1dd17 Mon Sep 17 00:00:00 2001 From: Yuriy Novostavskiy Date: Wed, 20 Nov 2024 00:27:42 +0000 Subject: [PATCH] Initial integration tests --- .../helm_registry_auth/defaults/main.yaml | 9 + .../files/registry.password | 1 + .../targets/helm_registry_auth/meta/main.yml | 3 + .../targets/helm_registry_auth/playbook.yaml | 7 + .../targets/helm_registry_auth/runme.sh | 5 + .../helm_registry_auth/tasks/main.yaml | 185 ++++++++++++++++++ tests/sanity/ignore-2.14.txt | 1 + tests/sanity/ignore-2.15.txt | 1 + tests/sanity/ignore-2.16.txt | 1 + tests/sanity/ignore-2.17.txt | 1 + tests/sanity/ignore-2.18.txt | 1 + tests/sanity/ignore-2.19.txt | 1 + 12 files changed, 216 insertions(+) create mode 100644 tests/integration/targets/helm_registry_auth/defaults/main.yaml create mode 100644 tests/integration/targets/helm_registry_auth/files/registry.password create mode 100644 tests/integration/targets/helm_registry_auth/meta/main.yml create mode 100644 tests/integration/targets/helm_registry_auth/playbook.yaml create mode 100755 tests/integration/targets/helm_registry_auth/runme.sh create mode 100644 tests/integration/targets/helm_registry_auth/tasks/main.yaml diff --git a/tests/integration/targets/helm_registry_auth/defaults/main.yaml b/tests/integration/targets/helm_registry_auth/defaults/main.yaml new file mode 100644 index 00000000..da3f3368 --- /dev/null +++ b/tests/integration/targets/helm_registry_auth/defaults/main.yaml @@ -0,0 +1,9 @@ +--- +# Username and password for the registry +# ../files/registry.password contains username and hashed password +username: testuser +password: testpassword +wrong_password: 'WrongPassword' +registry_name: oci_registry +registry_port: 5000 +test_chart: https://github.com/grafana/helm-charts/releases/download/k8s-monitoring-1.6.8/k8s-monitoring-1.6.8.tgz diff --git a/tests/integration/targets/helm_registry_auth/files/registry.password b/tests/integration/targets/helm_registry_auth/files/registry.password new file mode 100644 index 00000000..0b76d4d0 --- /dev/null +++ b/tests/integration/targets/helm_registry_auth/files/registry.password @@ -0,0 +1 @@ +testuser:$2y$05$PmdUjSCJYdRUZlsYy8QGWuJDiwuHtWXa28YrELlN5haeHkZ1seZZG diff --git a/tests/integration/targets/helm_registry_auth/meta/main.yml b/tests/integration/targets/helm_registry_auth/meta/main.yml new file mode 100644 index 00000000..cf4590de --- /dev/null +++ b/tests/integration/targets/helm_registry_auth/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - install_helm diff --git a/tests/integration/targets/helm_registry_auth/playbook.yaml b/tests/integration/targets/helm_registry_auth/playbook.yaml new file mode 100644 index 00000000..6444271a --- /dev/null +++ b/tests/integration/targets/helm_registry_auth/playbook.yaml @@ -0,0 +1,7 @@ +--- +- name: Test helm_registry_auth module + hosts: localhost + connection: local + gather_facts: true + roles: + - helm_registry_auth diff --git a/tests/integration/targets/helm_registry_auth/runme.sh b/tests/integration/targets/helm_registry_auth/runme.sh new file mode 100755 index 00000000..29fda1c9 --- /dev/null +++ b/tests/integration/targets/helm_registry_auth/runme.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash +set -eux +export ANSIBLE_CALLBACKS_ENABLED=profile_tasks +export ANSIBLE_ROLES_PATH=../ +ansible-playbook playbook.yaml "$@" diff --git a/tests/integration/targets/helm_registry_auth/tasks/main.yaml b/tests/integration/targets/helm_registry_auth/tasks/main.yaml new file mode 100644 index 00000000..14bbdbeb --- /dev/null +++ b/tests/integration/targets/helm_registry_auth/tasks/main.yaml @@ -0,0 +1,185 @@ +--- +- name: Run module test + # using a shell and command module to run the test as test can be non-idempotent + # and it allow to not install any additional dependencies + block: + - name: Ensure that helm is installed + ansible.builtin.shell: helm version --client --short | grep v3 + register: _helm_version + failed_when: _helm_version.rc != 0 + + - name: Ensure that Docker demon is running + ansible.builtin.command: "docker info" + register: _docker_info + failed_when: _docker_info.rc != 0 + + - name: Create a tmpfile htpasswd directory + ansible.builtin.tempfile: + state: directory + suffix: .httppasswd + register: _tmpfile + + - name: Copy htpasswd to the tmpfile directory + ansible.builtin.copy: + src: registry.password + dest: "{{ _tmpfile.path }}/registry.password" + + - name: Setup the registry + ansible.builtin.command: >- + docker run -d --rm + -p {{ registry_port }}:5000 + --name "{{ registry_name }}" + -v "{{ _tmpfile.path }}:/auth" + -e "REGISTRY_AUTH=htpasswd" + -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" + -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/registry.password + registry:2 + register: _setup_registry + failed_when: _setup_registry.rc != 0 + + - name: Ensure that the registry is running and rechable + ansible.builtin.wait_for: + host: localhost + port: "{{ registry_port }}" + + - name: Test the registry with correct credentials to ensure that the registry is running + ansible.builtin.shell: >- + echo {{ password | quote }} | helm registry login localhost:{{ registry_port }} + -u {{ username }} --password-stdin + register: _login_correct + failed_when: _login_correct.rc != 0 + + # - name: Clean up credentials to run test on clean environment + # ansible.builtin.shell: >- + # helm registry logout localhost:{{ registry_port }} + # register: _logout + # failed_when: _logout.rc != 0 + + - name: Create directory for helm chart + ansible.builtin.tempfile: + state: directory + suffix: ".helm" + register: _destination + + - name: Pull test helm chart + ansible.builtin.uri: + url: "{{ test_chart }}" + dest: "{{ _destination.path }}/k8s-monitoring-1.6.8.tgz" + return_content: no + status_code: 200 + + # - name: Test module helm_registry_auth with correct credentials + # helm_registry_auth: + # username: "{{ username }}" + # password: "{{ password }}" + # registry: localhost:{{ registry_port }} + # state: present + # register: _helm_registry_auth_correct + # failed_when: _helm_registry_auth_correct.failed + - name: Test the registry with correct credentials (to be removed) + ansible.builtin.shell: >- + echo {{ password | quote }} | helm registry login localhost:{{ registry_port }} + -u {{ username }} --password-stdin + register: _helm_registry_auth_correct + + - name: Assert that the registry is logged in + # Helm binary prints the message to stderr, refence: https://github.com/helm/helm/issues/13464 + assert: + that: + - "'Login Succeeded' in _helm_registry_auth_correct.stderr" + # - "'{{ password }}' not in _helm_registry_auth_correct.command" + # - "'{{ password }}' not in _helm_registry_auth_correct.stdout" + # - "'{{ password }}' not in _helm_registry_auth_correct.stderr" + + - name: Ensure that push to the registry is working + ansible.builtin.shell: >- + helm push "{{ _destination.path }}/k8s-monitoring-1.6.8.tgz" oci://localhost:{{ registry_port }}/test/ + register: _save_chart + failed_when: _save_chart.rc != 0 + + - name: Assert that the chart is saved + # Helm binary prints the message to stderr, refence: https://github.com/helm/helm/issues/13464 + assert: + that: "'Pushed: localhost:{{ registry_port }}/test/k8s-monitoring' in _save_chart.stderr" + + + # - name: Test logout + # helm_registry_auth: + # registry: localhost:{{ registry_port }} + # state: absent + # register: _helm_registry_auth_logout + # failed_when: _helm_registry_auth_logout.failed + - name: Test logout (to be removed) + ansible.builtin.shell: helm registry logout localhost:{{ registry_port }} + register: _helm_registry_auth_logout + + - name: Assert logout + # Helm binary prints the message to stderr + assert: + that: "'Removing login credentials' in _helm_registry_auth_logout.stderr" + + - name: Ensure that not able to push to the registry + ansible.builtin.shell: >- + helm push "{{ _destination.path }}/k8s-monitoring-1.6.8.tgz" oci://localhost:{{ registry_port }}/test/ + register: _save_chart + failed_when: _save_chart.rc == 0 + + - name: Read content of ~/.config/helm/registry/config.json + ansible.builtin.slurp: + src: ~/.config/helm/registry/config.json + register: _config_json + + - name: Assert that auth data is remove and the chart is not saved + # Helm binary prints the message to stderr + ansible.builtin.assert: + that: + - "'push access denied' in _save_chart.stderr" + - "'authorization failed' in _save_chart.stderr" + - "_save_chart.rc != 0" + - "'localhost' not in _config_json.content | b64decode" + + # - name: Test module helm_registry_auth with wrong credentials + # helm_registry_auth: + # username: "{{ username }}" + # password: "{{ wrong_password }}" + # registry: localhost:{{ registry_port }} + # state: present + # register: _helm_registry_auth_wrong + # failed_when: _helm_registry_auth_wrong.rc == 0 + - name: Test module helm_registry_auth with wrong credentials (to be removed) + ansible.builtin.shell: >- + echo {{ wrong_password | quote }} | helm registry login localhost:{{ registry_port }} + -u {{ username }} --password-stdin + register: _helm_registry_auth_wrong + failed_when: _helm_registry_auth_wrong.rc == 0 + + - name: Read content of ~/.config/helm/registry/config.json + ansible.builtin.slurp: + src: ~/.config/helm/registry/config.json + register: _config_json + + - name: Assert that the registry is not logged in and auth data is not saved + ansible.builtin.assert: + that: + - "'401 Unauthorized' in _helm_registry_auth_wrong.stderr" + - "_helm_registry_auth_wrong.rc != 0" + # - "'{{ wrong_password }}' not in _helm_registry_auth_correct.command" + # - "'{{ wrong_password }}' not in _helm_registry_auth_correct.stdout" + # - "'{{ wrong_password }}' not in _helm_registry_auth_correct.stderr" + - "'localhost' not in _config_json.content | b64decode" + + # Clean up + always: + - name: Stop and remove the registry + ansible.builtin.command: docker stop {{ registry_name }} + ignore_errors: true + + - name: Remove the tmpfile + ansible.builtin.file: + state: absent + path: "{{ item }}" + force: true + loop: + - "{{ _tmpfile.path }}" + - "{{ _destination.path }}" + ignore_errors: true diff --git a/tests/sanity/ignore-2.14.txt b/tests/sanity/ignore-2.14.txt index 5f1713d7..16046a2f 100644 --- a/tests/sanity/ignore-2.14.txt +++ b/tests/sanity/ignore-2.14.txt @@ -25,3 +25,4 @@ plugins/modules/k8s_service.py validate-modules:return-syntax-error plugins/modules/k8s_taint.py validate-modules:return-syntax-error tests/integration/targets/k8s_delete/files/deployments.yaml yamllint!skip tests/integration/targets/helm_diff/files/test-chart-reuse-values/templates/configmap.yaml yamllint!skip +tests/integration/targets/helm_registry_auth/tasks/main.yaml yamllint!skip diff --git a/tests/sanity/ignore-2.15.txt b/tests/sanity/ignore-2.15.txt index 7eee4a23..05432cfd 100644 --- a/tests/sanity/ignore-2.15.txt +++ b/tests/sanity/ignore-2.15.txt @@ -26,3 +26,4 @@ plugins/modules/k8s_scale.py validate-modules:return-syntax-error plugins/modules/k8s_service.py validate-modules:return-syntax-error plugins/modules/k8s_taint.py validate-modules:return-syntax-error tests/integration/targets/helm_diff/files/test-chart-reuse-values/templates/configmap.yaml yamllint!skip +tests/integration/targets/helm_registry_auth/tasks/main.yaml yamllint!skip diff --git a/tests/sanity/ignore-2.16.txt b/tests/sanity/ignore-2.16.txt index c154baaf..6553d11a 100644 --- a/tests/sanity/ignore-2.16.txt +++ b/tests/sanity/ignore-2.16.txt @@ -29,3 +29,4 @@ plugins/modules/k8s_scale.py validate-modules:return-syntax-error plugins/modules/k8s_service.py validate-modules:return-syntax-error plugins/modules/k8s_taint.py validate-modules:return-syntax-error tests/integration/targets/helm_diff/files/test-chart-reuse-values/templates/configmap.yaml yamllint!skip +tests/integration/targets/helm_registry_auth/tasks/main.yaml yamllint!skip diff --git a/tests/sanity/ignore-2.17.txt b/tests/sanity/ignore-2.17.txt index c154baaf..6553d11a 100644 --- a/tests/sanity/ignore-2.17.txt +++ b/tests/sanity/ignore-2.17.txt @@ -29,3 +29,4 @@ plugins/modules/k8s_scale.py validate-modules:return-syntax-error plugins/modules/k8s_service.py validate-modules:return-syntax-error plugins/modules/k8s_taint.py validate-modules:return-syntax-error tests/integration/targets/helm_diff/files/test-chart-reuse-values/templates/configmap.yaml yamllint!skip +tests/integration/targets/helm_registry_auth/tasks/main.yaml yamllint!skip diff --git a/tests/sanity/ignore-2.18.txt b/tests/sanity/ignore-2.18.txt index 39dca9ac..76b0a9c7 100644 --- a/tests/sanity/ignore-2.18.txt +++ b/tests/sanity/ignore-2.18.txt @@ -26,3 +26,4 @@ plugins/modules/k8s_scale.py validate-modules:return-syntax-error plugins/modules/k8s_service.py validate-modules:return-syntax-error plugins/modules/k8s_taint.py validate-modules:return-syntax-error tests/integration/targets/helm_diff/files/test-chart-reuse-values/templates/configmap.yaml yamllint!skip +tests/integration/targets/helm_registry_auth/tasks/main.yaml yamllint!skip diff --git a/tests/sanity/ignore-2.19.txt b/tests/sanity/ignore-2.19.txt index 39dca9ac..76b0a9c7 100644 --- a/tests/sanity/ignore-2.19.txt +++ b/tests/sanity/ignore-2.19.txt @@ -26,3 +26,4 @@ plugins/modules/k8s_scale.py validate-modules:return-syntax-error plugins/modules/k8s_service.py validate-modules:return-syntax-error plugins/modules/k8s_taint.py validate-modules:return-syntax-error tests/integration/targets/helm_diff/files/test-chart-reuse-values/templates/configmap.yaml yamllint!skip +tests/integration/targets/helm_registry_auth/tasks/main.yaml yamllint!skip