1
0
Fork 0
mirror of https://github.com/arangodb/kube-arangodb.git synced 2024-12-15 17:51:03 +00:00
kube-arangodb/tests/service_account_test.go
2018-08-06 15:46:19 +02:00

292 lines
10 KiB
Go

//
// DISCLAIMER
//
// Copyright 2018 ArangoDB GmbH, Cologne, Germany
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Copyright holder is ArangoDB GmbH, Cologne, Germany
//
// Author Ewout Prangsma
//
package tests
import (
"context"
"strings"
"testing"
"github.com/dchest/uniuri"
"github.com/stretchr/testify/assert"
"k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
driver "github.com/arangodb/go-driver"
api "github.com/arangodb/kube-arangodb/pkg/apis/deployment/v1alpha"
"github.com/arangodb/kube-arangodb/pkg/client"
"github.com/arangodb/kube-arangodb/pkg/util"
)
// TestServiceAccountSingle tests the creating of a single server deployment
// with default settings using a custom service account.
func TestServiceAccountSingle(t *testing.T) {
longOrSkip(t)
c := client.MustNewInCluster()
kubecli := mustNewKubeClient(t)
ns := getNamespace(t)
// Prepare service account
namePrefix := "test-sa-sng-"
saName := mustCreateServiceAccount(kubecli, namePrefix, ns, t)
defer deleteServiceAccount(kubecli, saName, ns)
// Prepare deployment config
depl := newDeployment(namePrefix + uniuri.NewLen(4))
depl.Spec.Mode = api.NewMode(api.DeploymentModeSingle)
depl.Spec.Single.ServiceAccountName = util.NewString(saName)
// Create deployment
_, err := c.DatabaseV1alpha().ArangoDeployments(ns).Create(depl)
if err != nil {
t.Fatalf("Create deployment failed: %v", err)
}
// Prepare cleanup
defer removeDeployment(c, depl.GetName(), ns)
// Wait for deployment to be ready
apiObject, err := waitUntilDeployment(c, depl.GetName(), ns, deploymentIsReady())
if err != nil {
t.Fatalf("Deployment not running in time: %v", err)
}
// Create a database client
ctx := context.Background()
client := mustNewArangodDatabaseClient(ctx, kubecli, apiObject, t, nil)
// Wait for single server available
if err := waitUntilVersionUp(client, nil); err != nil {
t.Fatalf("Single server not running returning version in time: %v", err)
}
// Check service account name
checkMembersUsingServiceAccount(kubecli, ns, apiObject.Status.Members.Single, saName, t)
// Check server role
assert.NoError(t, testServerRole(ctx, client, driver.ServerRoleSingle))
}
// TestServiceAccountActiveFailover tests the creating of a ActiveFailover server deployment
// with default settings using a custom service account.
func TestServiceAccountActiveFailover(t *testing.T) {
longOrSkip(t)
c := client.MustNewInCluster()
kubecli := mustNewKubeClient(t)
ns := getNamespace(t)
// Prepare service account
namePrefix := "test-sa-rs-"
saName := mustCreateServiceAccount(kubecli, namePrefix, ns, t)
defer deleteServiceAccount(kubecli, saName, ns)
// Prepare deployment config
depl := newDeployment(namePrefix + uniuri.NewLen(4))
depl.Spec.Mode = api.NewMode(api.DeploymentModeActiveFailover)
depl.Spec.Single.ServiceAccountName = util.NewString(saName)
depl.Spec.Agents.ServiceAccountName = util.NewString(saName)
// Create deployment
_, err := c.DatabaseV1alpha().ArangoDeployments(ns).Create(depl)
if err != nil {
t.Fatalf("Create deployment failed: %v", err)
}
// Prepare cleanup
defer removeDeployment(c, depl.GetName(), ns)
// Wait for deployment to be ready
apiObject, err := waitUntilDeployment(c, depl.GetName(), ns, deploymentIsReady())
if err != nil {
t.Fatalf("Deployment not running in time: %v", err)
}
// Create a database client
ctx := context.Background()
client := mustNewArangodDatabaseClient(ctx, kubecli, apiObject, t, nil)
// Wait for single server available
if err := waitUntilVersionUp(client, nil); err != nil {
t.Fatalf("ActiveFailover servers not running returning version in time: %v", err)
}
// Check service account name
checkMembersUsingServiceAccount(kubecli, ns, apiObject.Status.Members.Single, saName, t)
checkMembersUsingServiceAccount(kubecli, ns, apiObject.Status.Members.Agents, saName, t)
// Check server role
assert.NoError(t, testServerRole(ctx, client, driver.ServerRoleSingleActive))
}
// TestServiceAccountCluster tests the creating of a cluster deployment
// with default settings using a custom service account.
func TestServiceAccountCluster(t *testing.T) {
longOrSkip(t)
c := client.MustNewInCluster()
kubecli := mustNewKubeClient(t)
ns := getNamespace(t)
// Prepare service account
namePrefix := "test-sa-cls-"
saName := mustCreateServiceAccount(kubecli, namePrefix, ns, t)
defer deleteServiceAccount(kubecli, saName, ns)
// Prepare deployment config
depl := newDeployment(namePrefix + uniuri.NewLen(4))
depl.Spec.Mode = api.NewMode(api.DeploymentModeCluster)
depl.Spec.Agents.ServiceAccountName = util.NewString(saName)
depl.Spec.DBServers.ServiceAccountName = util.NewString(saName)
depl.Spec.Coordinators.ServiceAccountName = util.NewString(saName)
// Create deployment
_, err := c.DatabaseV1alpha().ArangoDeployments(ns).Create(depl)
if err != nil {
t.Fatalf("Create deployment failed: %v", err)
}
// Prepare cleanup
defer removeDeployment(c, depl.GetName(), ns)
// Wait for deployment to be ready
apiObject, err := waitUntilDeployment(c, depl.GetName(), ns, deploymentIsReady())
if err != nil {
t.Fatalf("Deployment not running in time: %v", err)
}
// Create a database client
ctx := context.Background()
client := mustNewArangodDatabaseClient(ctx, kubecli, apiObject, t, nil)
// Wait for cluster to be available
if err := waitUntilVersionUp(client, nil); err != nil {
t.Fatalf("Cluster not running returning version in time: %v", err)
}
// Check service account name
checkMembersUsingServiceAccount(kubecli, ns, apiObject.Status.Members.Agents, saName, t)
checkMembersUsingServiceAccount(kubecli, ns, apiObject.Status.Members.Coordinators, saName, t)
checkMembersUsingServiceAccount(kubecli, ns, apiObject.Status.Members.DBServers, saName, t)
// Check server role
assert.NoError(t, testServerRole(ctx, client, driver.ServerRoleCoordinator))
}
// TestServiceAccountClusterWithSync tests the creating of a cluster deployment
// with default settings and sync enabled using a custom service account.
func TestServiceAccountClusterWithSync(t *testing.T) {
longOrSkip(t)
img := getEnterpriseImageOrSkip(t)
c := client.MustNewInCluster()
kubecli := mustNewKubeClient(t)
ns := getNamespace(t)
// Prepare service account
namePrefix := "test-sa-cls-sync-"
saName := mustCreateServiceAccount(kubecli, namePrefix, ns, t)
defer deleteServiceAccount(kubecli, saName, ns)
// Prepare deployment config
depl := newDeployment(namePrefix + uniuri.NewLen(4))
depl.Spec.Mode = api.NewMode(api.DeploymentModeCluster)
depl.Spec.Image = util.NewString(img)
depl.Spec.Sync.Enabled = util.NewBool(true)
depl.Spec.Agents.ServiceAccountName = util.NewString(saName)
depl.Spec.DBServers.ServiceAccountName = util.NewString(saName)
depl.Spec.Coordinators.ServiceAccountName = util.NewString(saName)
depl.Spec.SyncMasters.ServiceAccountName = util.NewString(saName)
depl.Spec.SyncWorkers.ServiceAccountName = util.NewString(saName)
// Create deployment
_, err := c.DatabaseV1alpha().ArangoDeployments(ns).Create(depl)
if err != nil {
t.Fatalf("Create deployment failed: %v", err)
}
// Prepare cleanup
defer removeDeployment(c, depl.GetName(), ns)
// Wait for deployment to be ready
apiObject, err := waitUntilDeployment(c, depl.GetName(), ns, deploymentIsReady())
if err != nil {
t.Fatalf("Deployment not running in time: %v", err)
}
// Create a database client
ctx := context.Background()
client := mustNewArangodDatabaseClient(ctx, kubecli, apiObject, t, nil)
// Wait for cluster to be available
if err := waitUntilVersionUp(client, nil); err != nil {
t.Fatalf("Cluster not running returning version in time: %v", err)
}
// Create a syncmaster client
syncClient := mustNewArangoSyncClient(ctx, kubecli, apiObject, t)
// Wait for syncmasters to be available
if err := waitUntilSyncVersionUp(syncClient, nil); err != nil {
t.Fatalf("SyncMasters not running returning version in time: %v", err)
}
// Check service account name
checkMembersUsingServiceAccount(kubecli, ns, apiObject.Status.Members.Agents, saName, t)
checkMembersUsingServiceAccount(kubecli, ns, apiObject.Status.Members.Coordinators, saName, t)
checkMembersUsingServiceAccount(kubecli, ns, apiObject.Status.Members.DBServers, saName, t)
checkMembersUsingServiceAccount(kubecli, ns, apiObject.Status.Members.SyncMasters, saName, t)
checkMembersUsingServiceAccount(kubecli, ns, apiObject.Status.Members.SyncWorkers, saName, t)
// Check server role
assert.NoError(t, testServerRole(ctx, client, driver.ServerRoleCoordinator))
}
// mustCreateServiceAccount creates an empty service account with random name and returns
// its name. On error, the test is failed.
func mustCreateServiceAccount(kubecli kubernetes.Interface, namePrefix, ns string, t *testing.T) string {
s := v1.ServiceAccount{
ObjectMeta: metav1.ObjectMeta{
Name: strings.ToLower(namePrefix + uniuri.NewLen(4)),
},
}
if _, err := kubecli.CoreV1().ServiceAccounts(ns).Create(&s); err != nil {
t.Fatalf("Failed to create service account: %v", err)
}
return s.GetName()
}
// deleteServiceAccount deletes a service account with given name in given namespace.
func deleteServiceAccount(kubecli kubernetes.Interface, name, ns string) error {
if err := kubecli.CoreV1().ServiceAccounts(ns).Delete(name, &metav1.DeleteOptions{}); err != nil {
return maskAny(err)
}
return nil
}
// checkMembersUsingServiceAccount checks the serviceAccountName of the pods of all members
// to ensure that is equal to the given serviceAccountName.
func checkMembersUsingServiceAccount(kubecli kubernetes.Interface, ns string, members []api.MemberStatus, serviceAccountName string, t *testing.T) {
pods := kubecli.CoreV1().Pods(ns)
for _, m := range members {
if p, err := pods.Get(m.PodName, metav1.GetOptions{}); err != nil {
t.Errorf("Failed to get pod for member '%s': %v", m.ID, err)
} else if p.Spec.ServiceAccountName != serviceAccountName {
t.Errorf("Expected pod '%s' to have serviceAccountName '%s', got '%s'", p.GetName(), serviceAccountName, p.Spec.ServiceAccountName)
}
}
}