-
Notifications
You must be signed in to change notification settings - Fork 106
Expand file tree
/
Copy path02-assert.yaml
More file actions
336 lines (324 loc) · 9.99 KB
/
02-assert.yaml
File metadata and controls
336 lines (324 loc) · 9.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
apiVersion: v1
kind: Secret
metadata:
name: cert-generic-service1-default-edpm-compute-0
annotations:
cert-manager.io/certificate-name: generic-service1-default-edpm-compute-0
cert-manager.io/issuer-group: cert-manager.io
cert-manager.io/issuer-kind: Issuer
cert-manager.io/issuer-name: rootca-internal
labels:
hostname: edpm-compute-0
osdp-service: generic-service1
osdp-service-cert-key: default
osdpns: openstack-edpm-tls
type: kubernetes.io/tls
---
apiVersion: v1
kind: Secret
metadata:
name: cert-generic-service1-default-edpm-compute-1
annotations:
cert-manager.io/certificate-name: generic-service1-default-edpm-compute-1
cert-manager.io/issuer-group: cert-manager.io
cert-manager.io/issuer-kind: Issuer
cert-manager.io/issuer-name: rootca-internal
labels:
hostname: edpm-compute-1
osdp-service: generic-service1
osdp-service-cert-key: default
osdpns: openstack-edpm-tls
type: kubernetes.io/tls
---
apiVersion: v1
kind: Secret
metadata:
name: cert-generic-service1-default-edpm-compute-2
annotations:
cert-manager.io/certificate-name: generic-service1-default-edpm-compute-2
cert-manager.io/issuer-group: cert-manager.io
cert-manager.io/issuer-kind: Issuer
cert-manager.io/issuer-name: rootca-internal
labels:
hostname: edpm-compute-2
osdp-service: generic-service1
osdp-service-cert-key: default
osdpns: openstack-edpm-tls
type: kubernetes.io/tls
---
# validate the alt-names - which is a list with elements that can be in any order
apiVersion: kuttl.dev/v1beta1
kind: TestAssert
commands:
- script: |
template='{{index .metadata.annotations "cert-manager.io/alt-names" }}'
names=$(oc get secret cert-generic-service1-default-edpm-compute-0 -n openstack-kuttl-tests -o go-template="$template")
echo $names > test123.data
regex="(?=.*(edpm-compute-0\.internalapi\.example\.com))(?=.*(edpm-compute-0\.storage\.example\.com))(?=.*(edpm-compute-0\.tenant\.example\.com))(?=.*(edpm-compute-0\.ctlplane\.example\.com))"
matches=$(grep -P "$regex" test123.data)
rm test123.data
if [ -z "$matches" ]; then
echo "bad match: $names"
exit 1
else
exit 0
fi
---
apiVersion: v1
kind: Secret
metadata:
name: openstack-edpm-tls-generic-service1-default-certs-0
labels:
numberOfSecrets: "3"
secretNumber: "0"
ownerReferences:
- apiVersion: dataplane.openstack.org/v1beta1
kind: OpenStackDataPlaneNodeSet
name: openstack-edpm-tls
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
name: openstack-edpm-tls-generic-service1-default-certs-1
labels:
numberOfSecrets: "3"
secretNumber: "1"
ownerReferences:
- apiVersion: dataplane.openstack.org/v1beta1
kind: OpenStackDataPlaneNodeSet
name: openstack-edpm-tls
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
name: openstack-edpm-tls-generic-service1-default-certs-2
labels:
numberOfSecrets: "3"
secretNumber: "2"
ownerReferences:
- apiVersion: dataplane.openstack.org/v1beta1
kind: OpenStackDataPlaneNodeSet
name: openstack-edpm-tls
type: Opaque
---
apiVersion: batch/v1
kind: Job
metadata:
generation: 1
labels:
app: openstackansibleee
openstackdataplanedeployment: openstack-edpm-tls
openstackdataplanenodeset: openstack-edpm-tls
openstackdataplaneservice: install-certs-ovr
name: install-certs-ovr-openstack-edpm-tls-openstack-edpm-tls
namespace: openstack-kuttl-tests
ownerReferences:
- apiVersion: dataplane.openstack.org/v1beta1
blockOwnerDeletion: true
controller: true
kind: OpenStackDataPlaneDeployment
name: openstack-edpm-tls
spec:
backoffLimit: 6
completionMode: NonIndexed
completions: 1
manualSelector: false
parallelism: 1
podReplacementPolicy: TerminatingOrFailed
suspend: false
template:
metadata:
labels:
app: openstackansibleee
openstackdataplanedeployment: openstack-edpm-tls
openstackdataplanenodeset: openstack-edpm-tls
openstackdataplaneservice: install-certs-ovr
spec:
containers:
- args:
- ansible-runner
- run
- /runner
- -p
- playbook.yaml
- -i
- install-certs-ovr-openstack-edpm-tls-openstack-edpm-tls
env:
- name: ANSIBLE_FORCE_COLOR
value: "True"
- name: RUNNER_PLAYBOOK
value: |2+
- hosts: localhost
gather_facts: no
name: kuttl play
tasks:
- name: Sleep
command: sleep 1
delegate_to: localhost
- name: RUNNER_EXTRA_VARS
value: |2+
edpm_override_hosts: openstack-edpm-tls
edpm_service_type: install-certs-ovr
imagePullPolicy: Always
name: install-certs-ovr-openstack-edpm-tls-openstack-edpm-tls
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/lib/openstack/cacerts/install-certs-ovr
name: install-certs-ovr-combined-ca-bundle
- mountPath: /var/lib/openstack/certs/generic-service1/default
name: openstack-edpm-tls-generic-service1-default-certs-0
- mountPath: /var/lib/openstack/cacerts/generic-service1
name: generic-service1-combined-ca-bundle
- mountPath: /runner/env/ssh_key/ssh_key_openstack-edpm-tls
name: ssh-key-openstack-edpm-tls
subPath: ssh_key_openstack-edpm-tls
- mountPath: /runner/inventory/hosts
name: inventory
subPath: inventory
restartPolicy: Never
schedulerName: default-scheduler
securityContext: {}
serviceAccount: openstack-edpm-tls
serviceAccountName: openstack-edpm-tls
terminationGracePeriodSeconds: 30
volumes:
- name: install-certs-ovr-combined-ca-bundle
secret:
defaultMode: 420
secretName: combined-ca-bundle
- name: openstack-edpm-tls-generic-service1-default-certs-0
projected:
defaultMode: 420
sources:
- secret:
name: openstack-edpm-tls-generic-service1-default-certs-0
- secret:
name: openstack-edpm-tls-generic-service1-default-certs-1
- secret:
name: openstack-edpm-tls-generic-service1-default-certs-2
- name: generic-service1-combined-ca-bundle
secret:
defaultMode: 420
secretName: combined-ca-bundle
- name: ssh-key-openstack-edpm-tls
secret:
defaultMode: 384
items:
- key: ssh-privatekey
path: ssh_key_openstack-edpm-tls
secretName: dataplane-ansible-ssh-private-key-secret
- name: inventory
secret:
defaultMode: 420
items:
- key: inventory
path: inventory
secretName: dataplanenodeset-openstack-edpm-tls
status:
succeeded: 1
uncountedTerminatedPods: {}
---
apiVersion: batch/v1
kind: Job
metadata:
generation: 1
labels:
app: openstackansibleee
openstackdataplanedeployment: openstack-edpm-tls
openstackdataplanenodeset: openstack-edpm-tls
openstackdataplaneservice: generic-service1
name: generic-service1-openstack-edpm-tls-openstack-edpm-tls
namespace: openstack-kuttl-tests
ownerReferences:
- apiVersion: dataplane.openstack.org/v1beta1
blockOwnerDeletion: true
controller: true
kind: OpenStackDataPlaneDeployment
name: openstack-edpm-tls
spec:
backoffLimit: 6
completionMode: NonIndexed
completions: 1
manualSelector: false
parallelism: 1
podReplacementPolicy: TerminatingOrFailed
suspend: false
template:
metadata:
labels:
app: openstackansibleee
openstackdataplanedeployment: openstack-edpm-tls
openstackdataplanenodeset: openstack-edpm-tls
openstackdataplaneservice: generic-service1
spec:
containers:
- args:
- ansible-runner
- run
- /runner
- -p
- playbook.yaml
- -i
- generic-service1-openstack-edpm-tls-openstack-edpm-tls
env:
- name: ANSIBLE_FORCE_COLOR
value: "True"
- name: RUNNER_PLAYBOOK
value: |2+
- hosts: localhost
gather_facts: no
name: kuttl play
tasks:
- name: Sleep
command: sleep 1
delegate_to: localhost
- name: RUNNER_EXTRA_VARS
value: |2+
edpm_override_hosts: openstack-edpm-tls
edpm_service_type: generic-service1
imagePullPolicy: Always
name: generic-service1-openstack-edpm-tls-openstack-edpm-tls
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/lib/openstack/cacerts/generic-service1
name: generic-service1-combined-ca-bundle
- mountPath: /runner/env/ssh_key/ssh_key_openstack-edpm-tls
name: ssh-key-openstack-edpm-tls
subPath: ssh_key_openstack-edpm-tls
- mountPath: /runner/inventory/hosts
name: inventory
subPath: inventory
restartPolicy: Never
schedulerName: default-scheduler
securityContext: {}
serviceAccount: openstack-edpm-tls
serviceAccountName: openstack-edpm-tls
terminationGracePeriodSeconds: 30
volumes:
- name: generic-service1-combined-ca-bundle
secret:
defaultMode: 420
secretName: combined-ca-bundle
- name: ssh-key-openstack-edpm-tls
secret:
defaultMode: 384
items:
- key: ssh-privatekey
path: ssh_key_openstack-edpm-tls
secretName: dataplane-ansible-ssh-private-key-secret
- name: inventory
secret:
defaultMode: 420
items:
- key: inventory
path: inventory
secretName: dataplanenodeset-openstack-edpm-tls
status:
succeeded: 1
uncountedTerminatedPods: {}