mirror of
https://github.com/kubevirt/containerized-data-importer.git
synced 2025-06-03 06:30:22 +00:00
b80ff58f9f
* remove CSI clone bye bye Signed-off-by: Michael Henriksen <mhenriks@redhat.com> * no more smart clone Signed-off-by: Michael Henriksen <mhenriks@redhat.com> * PVC clone same namespace Signed-off-by: Michael Henriksen <mhenriks@redhat.com> * cross namespace pvc clone Signed-off-by: Michael Henriksen <mhenriks@redhat.com> * various fixes to get some functional tests to work Signed-off-by: Michael Henriksen <mhenriks@redhat.com> * delete smart clone controller again somehow reappeared after rebase Signed-off-by: Michael Henriksen <mhenriks@redhat.com> * mostly pvc clone functional test fixes make sure size detect pod only runs on kubevirt content type clone populator was skipping last round op applying pvc' annotations various func test fixes review comments Signed-off-by: Michael Henriksen <mhenriks@redhat.com> * more various test fixes host clone phase should (implicitly) wait for clone source pod to exit Signed-off-by: Michael Henriksen <mhenriks@redhat.com> * remove "smart" clone from snapshot Signed-off-by: Michael Henriksen <mhenriks@redhat.com> * DataVolume clone from snapshot uses populator Signed-off-by: Michael Henriksen <mhenriks@redhat.com> * improve clone populator/datavolume coordination on "running" condition For host clone, not much changes, values still comming from annotations on host clone PVC For smart/csi clone the DataVolume will be "running" if not in pending or error phase Will have the same values for terminal "completed" state regardless of clone type Signed-off-by: Michael Henriksen <mhenriks@redhat.com> * unit tests for pvc/snapshot clone controllers Signed-off-by: Michael Henriksen <mhenriks@redhat.com> * remove skipped test added in https://github.com/kubevirt/containerized-data-importer/pull/2759 Signed-off-by: Michael Henriksen <mhenriks@redhat.com> * attempt address AfterSuite and generate-verify failures Signed-off-by: Michael Henriksen <mhenriks@redhat.com> * handle snapshot clone with no target size specified also add more validation to some snapshot clone tests Signed-off-by: Michael Henriksen <mhenriks@redhat.com> * remove Patch calls Using the controller runtime Patch API with controller runtime cached client seems to be a pretty bad fit At least given the way the CR API is designed where an old object is compared to new. I like patch in theory though and will revisit Signed-off-by: Michael Henriksen <mhenriks@redhat.com> * Clone populator should plan and execute even if PVC is bound It was possible to miss "preallocation applied" annotation otherwise Signed-off-by: Michael Henriksen <mhenriks@redhat.com> * add long term token to datavolume Signed-off-by: Michael Henriksen <mhenriks@redhat.com> * Rename ProgressReporter to StatusReporter Should have been done back when annotations were addded to "progress" Also, if pvc is bound do not call phase Reconcile functions only Status Signed-off-by: Michael Henriksen <mhenriks@redhat.com> --------- Signed-off-by: Michael Henriksen <mhenriks@redhat.com> Co-authored-by: Michael Henriksen <mhenriks@redhat.com>
147 lines
5.5 KiB
Go
147 lines
5.5 KiB
Go
package tests_test
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
|
|
. "github.com/onsi/ginkgo"
|
|
"github.com/onsi/ginkgo/extensions/table"
|
|
. "github.com/onsi/gomega"
|
|
|
|
extv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
|
|
k8serrors "k8s.io/apimachinery/pkg/api/errors"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
|
|
featuregates "kubevirt.io/containerized-data-importer/pkg/feature-gates"
|
|
"kubevirt.io/containerized-data-importer/tests/framework"
|
|
)
|
|
|
|
var _ = Describe("[rfe_id:1347][crit:high][vendor:cnv-qe@redhat.com][level:component]Basic Sanity", func() {
|
|
f := framework.NewFramework("sanity", framework.Config{
|
|
FeatureGates: []string{featuregates.HonorWaitForFirstConsumer},
|
|
})
|
|
|
|
Context("[test_id:1348]CDI service account should exist", func() {
|
|
It("Should succeed", func() {
|
|
result, err := f.RunKubectlCommand("get", "sa", "cdi-sa", "-n", f.CdiInstallNs)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Expect(result).To(ContainSubstring("cdi-sa"))
|
|
})
|
|
})
|
|
|
|
Context("[test_id:1349]CDI Cluster role should exist", func() {
|
|
It("Should succeed", func() {
|
|
result, err := f.RunKubectlCommand("get", "clusterrole", "cdi")
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Expect(result).To(ContainSubstring("cdi"))
|
|
})
|
|
})
|
|
|
|
Context("[test_id:1350]CDI Cluster role binding should exist", func() {
|
|
It("Should succeed", func() {
|
|
result, err := f.RunKubectlCommand("get", "clusterrolebinding", "cdi-sa")
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Expect(result).To(ContainSubstring("cdi-sa"))
|
|
})
|
|
})
|
|
|
|
Context("CDI deployment should exist", func() {
|
|
It("[test_id:1351]Should succeed", func() {
|
|
result, err := f.RunKubectlCommand("get", "deployment", "cdi-deployment", "-n", f.CdiInstallNs)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Expect(result).To(ContainSubstring("cdi-deployment"))
|
|
})
|
|
It("[test_id:1352]There should be 1 replica", func() {
|
|
result, err := f.RunKubectlCommand("get", "deployment", "cdi-deployment", "-o", "jsonpath={.spec.replicas}", "-n", f.CdiInstallNs)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Expect(result).To(ContainSubstring("1"))
|
|
})
|
|
})
|
|
|
|
Context("cdi-sa RBAC rules are correct", func() {
|
|
It("[test_id:1353]rules should match expectation", func() {
|
|
sa := fmt.Sprintf("system:serviceaccount:" + f.CdiInstallNs + ":cdi-sa")
|
|
|
|
eventExpectedResult := make(map[string]string)
|
|
eventExpectedResult["get"] = "no"
|
|
eventExpectedResult["list"] = "no"
|
|
eventExpectedResult["watch"] = "no"
|
|
eventExpectedResult["delete"] = "no"
|
|
eventExpectedResult["create"] = "yes"
|
|
eventExpectedResult["update"] = "no"
|
|
eventExpectedResult["patch"] = "yes"
|
|
eventExpectedResult["deletecollection"] = "no"
|
|
ValidateRBACForResource(f, eventExpectedResult, "events", sa)
|
|
|
|
pvcExpectedResult := make(map[string]string)
|
|
pvcExpectedResult["get"] = "yes"
|
|
pvcExpectedResult["list"] = "yes"
|
|
pvcExpectedResult["watch"] = "yes"
|
|
pvcExpectedResult["delete"] = "yes"
|
|
pvcExpectedResult["create"] = "yes"
|
|
pvcExpectedResult["update"] = "yes"
|
|
pvcExpectedResult["patch"] = "yes"
|
|
pvcExpectedResult["deletecollection"] = "yes"
|
|
ValidateRBACForResource(f, pvcExpectedResult, "persistentvolumeclaims", sa)
|
|
ValidateRBACForResource(f, pvcExpectedResult, "persistentvolumeclaims/finalizers", sa)
|
|
|
|
podExpectedResult := make(map[string]string)
|
|
podExpectedResult["get"] = "yes"
|
|
podExpectedResult["list"] = "yes"
|
|
podExpectedResult["watch"] = "yes"
|
|
podExpectedResult["delete"] = "yes"
|
|
podExpectedResult["create"] = "yes"
|
|
podExpectedResult["update"] = "no"
|
|
podExpectedResult["patch"] = "no"
|
|
podExpectedResult["deletecollection"] = "no"
|
|
ValidateRBACForResource(f, podExpectedResult, "pods", sa)
|
|
ValidateRBACForResource(f, podExpectedResult, "pods/finalizers", sa)
|
|
|
|
secretsExpectedResult := make(map[string]string)
|
|
secretsExpectedResult["get"] = "no"
|
|
secretsExpectedResult["list"] = "no"
|
|
secretsExpectedResult["watch"] = "no"
|
|
secretsExpectedResult["delete"] = "no"
|
|
secretsExpectedResult["create"] = "yes"
|
|
secretsExpectedResult["update"] = "no"
|
|
secretsExpectedResult["patch"] = "no"
|
|
secretsExpectedResult["deletecollection"] = "no"
|
|
ValidateRBACForResource(f, secretsExpectedResult, "secrets", sa)
|
|
})
|
|
})
|
|
|
|
Context("CRDs must be a structural schema", func() {
|
|
table.DescribeTable("crd name", func(crdName string) {
|
|
crd, err := f.ExtClient.ApiextensionsV1().CustomResourceDefinitions().Get(context.TODO(), crdName, metav1.GetOptions{})
|
|
if k8serrors.IsNotFound(err) {
|
|
Skip("Doesn't work on openshift 3.11")
|
|
}
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Expect(crd.ObjectMeta.Name).To(Equal(crdName))
|
|
for _, cond := range crd.Status.Conditions {
|
|
if cond.Type == extv1.CustomResourceDefinitionConditionType("NonStructuralSchema") {
|
|
if cond.Status == extv1.ConditionTrue {
|
|
Fail(fmt.Sprintf("CRD %s is not a structural schema", crdName))
|
|
}
|
|
}
|
|
}
|
|
},
|
|
table.Entry("[test_id:5056]CDIConfigs", "cdiconfigs.cdi.kubevirt.io"),
|
|
table.Entry("[test_id:5057]CDIs", "cdis.cdi.kubevirt.io"),
|
|
table.Entry("[test_id:5056]Datavolumes", "datavolumes.cdi.kubevirt.io"),
|
|
)
|
|
})
|
|
})
|
|
|
|
func ValidateRBACForResource(f *framework.Framework, expectedResults map[string]string, resource string, sa string) {
|
|
for verb, expectedRes := range expectedResults {
|
|
By(fmt.Sprintf("verifying cdi-sa "+resource+" rules, for verb %s", verb))
|
|
|
|
result, err := f.RunKubectlCommand("auth", "can-i", "--as", sa, verb, resource, "--namespace", f.Namespace.Name)
|
|
if expectedRes != "no" {
|
|
Expect(err).ToNot(HaveOccurred())
|
|
}
|
|
Expect(result).To(ContainSubstring(expectedRes))
|
|
}
|
|
}
|