Adds a base admission acceptance test.

Test checks that creating external resources outside of juju are tagged correctly with the app name.
hatched · Apr 27, 2020 · c8cab77 · c8cab77
1 parent b6ee699
commit c8cab77
Show file tree

Hide file tree

Showing 5 changed files with 95 additions and 2 deletions.
diff --git a/.gitignore b/.gitignore
@@ -5,6 +5,7 @@ cmd/charmd/charmd
 cmd/charmload/charmload
 provider/ec2/internal/ec2instancetypes/index.json
 provider/ec2/internal/ec2instancetypes/data.yaml
+tests/test-*
 tags
 !tags/
 TAGS

diff --git a/tests/includes/juju.sh b/tests/includes/juju.sh
@@ -42,7 +42,6 @@ ensure() {
 # ```
 bootstrap() {
     local provider name output model bootstrapped_name
-
     case "${BOOTSTRAP_PROVIDER:-}" in
         "aws")
             provider="aws"
@@ -59,6 +58,9 @@ bootstrap() {
 
             provider="${manual_name}"
             ;;
+        "microk8s")
+          provider="microk8s"
+          ;;
         *)
             echo "Unexpected bootstrap provider (${BOOTSTRAP_PROVIDER})."
             exit 1
@@ -305,4 +307,4 @@ remove_controller_offers() {
             done
         done
     fi
-}
+}
diff --git a/tests/main.sh b/tests/main.sh
@@ -31,6 +31,7 @@ import_subdir_files includes
 TEST_NAMES="static_analysis \
             appdata \
             branches \
+            caasadmission \
             cli \
             controller \
             deploy \

diff --git a/tests/suites/caasadmission/admission.sh b/tests/suites/caasadmission/admission.sh
@@ -0,0 +1,76 @@
+
+run_deploy_microk8s() {
+  echo
+
+  name=${1}
+  export BOOTSTRAP_PROVIDER=microk8s
+  bootstrap microk8s "${name}"
+
+  microk8s.config > "${TEST_DIR}"/kube.conf
+}
+
+test_deploy_admission() {
+  name=test-$(petname)
+
+  run_deploy_microk8s "${name}"
+
+  namespace=controller-"${BOOTSTRAPPED_JUJU_CTRL_NAME}"
+
+  kubectl --kubeconfig "${TEST_DIR}"/kube.conf apply -f - <<EOF
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: test
+  namespace: $namespace
+  labels:
+    juju-app: test-app
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: $namespace
+  name: test
+rules:
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["create", "get", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: role-grantor-binding
+  namespace: $namespace
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: test
+subjects:
+  - kind: ServiceAccount
+    name: test
+    namespace: $namespace
+EOF
+
+  sa_secret=$(kubectl --kubeconfig "${TEST_DIR}"/kube.conf get sa -o json test -n "$namespace" | jq -r '.secrets[0].name')
+  bearer_token=$(kubectl --kubeconfig "${TEST_DIR}"/kube.conf get secret -o json "$sa_secret" -n "$namespace" | jq -r '.data.token' | base64 -d)
+
+  kubectl --kubeconfig "${TEST_DIR}"/kube.conf config view --raw -o json | jq "del(.users[0]) | .contexts[0].context.user = \"test\" | .users[0] = {\"name\": \"test\", \"user\": {\"token\": \"$bearer_token\"}}" > "${TEST_DIR}"/kube-sa.json
+
+
+  # Short sleep to let juju controller watchers catch up.
+  sleep 3
+
+ kubectl --kubeconfig "${TEST_DIR}"/kube-sa.json apply -f - <<EOF
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: test
+  namespace: $namespace
+data:
+  test: test
+EOF
+
+juju_app=$(kubectl --kubeconfig "${TEST_DIR}"/kube-sa.json get cm -n "${namespace}" test -o=jsonpath='{.metadata.labels.juju-app}')
+  check_contains "${juju_app}" "test-app"
+
+  echo "$juju_app" | check test-app
+}
diff --git a/tests/suites/caasadmission/task.sh b/tests/suites/caasadmission/task.sh
@@ -0,0 +1,13 @@
+test_caasadmission() {
+    if [ "$(skip 'test_caasadmission')" ]; then
+        echo "==> TEST SKIPPED: caas admission tests"
+        return
+    fi
+
+    set_verbosity
+
+    echo "==> Checking for dependencies"
+    check_dependencies juju jq petname microk8s
+
+    test_deploy_admission
+}