From c54806bb5562cdf1a252104b1ab25ede767fc609 Mon Sep 17 00:00:00 2001 From: John Mazzitelli Date: Wed, 30 Oct 2024 14:28:29 -0400 Subject: [PATCH] molecule test --- molecule/common/tasks.yml | 37 ++- molecule/default/prepare.yml | 5 + .../converge.yml | 251 ++++++++++++++++++ .../destroy-remote-cluster-resources-test.yml | 13 + .../kiali-cr.yaml | 12 + .../molecule.yml | 43 +++ .../prepare-remote-cluster-resources-test.yml | 15 ++ .../process-namespaces.yml | 36 +++ 8 files changed, 399 insertions(+), 13 deletions(-) create mode 100644 molecule/remote-cluster-resources-test/converge.yml create mode 100644 molecule/remote-cluster-resources-test/destroy-remote-cluster-resources-test.yml create mode 100644 molecule/remote-cluster-resources-test/kiali-cr.yaml create mode 100644 molecule/remote-cluster-resources-test/molecule.yml create mode 100644 molecule/remote-cluster-resources-test/prepare-remote-cluster-resources-test.yml create mode 100644 molecule/remote-cluster-resources-test/process-namespaces.yml diff --git a/molecule/common/tasks.yml b/molecule/common/tasks.yml index bc9ece24..a9773a8e 100644 --- a/molecule/common/tasks.yml +++ b/molecule/common/tasks.yml @@ -14,6 +14,18 @@ - debug: msg: "Present Kiali CR: {{ kiali_cr }}" +- name: Get Kiali Configmap + vars: + instance_name: "{{ kiali.instance_name | default('kiali') }}" + set_fact: + kiali_configmap_resource: "{{ lookup('kubernetes.core.k8s', api_version='v1', kind='ConfigMap', namespace=kiali.install_namespace, resource_name=instance_name) }}" + +- name: Format Configmap + set_fact: + kiali_configmap: "{{ kiali_configmap_resource.data['config.yaml'] | from_yaml }}" +- debug: + msg: "Present Kiali ConfigMap: {{ kiali_configmap }}" + - name: Get Kiali Operator Pod k8s_info: api_version: v1 @@ -33,18 +45,8 @@ label_selectors: - "app.kubernetes.io/instance={{ instance_name }}" register: kiali_pod - -- name: Get Kiali Configmap - vars: - instance_name: "{{ kiali.instance_name | default('kiali') }}" - set_fact: - kiali_configmap_resource: "{{ lookup('kubernetes.core.k8s', api_version='v1', kind='ConfigMap', namespace=kiali.install_namespace, resource_name=instance_name) }}" - -- name: Format Configmap - set_fact: - kiali_configmap: "{{ kiali_configmap_resource.data['config.yaml'] | from_yaml }}" -- debug: - msg: "Present Kiali ConfigMap: {{ kiali_configmap }}" + when: + - kiali_configmap.deployment.remote_cluster_resources_only == False - name: Get Kiali Deployment vars: @@ -56,6 +58,8 @@ label_selectors: - "app.kubernetes.io/instance={{ instance_name }}" register: kiali_deployment + when: + - kiali_configmap.deployment.remote_cluster_resources_only == False - name: Get Kiali Service vars: @@ -67,6 +71,8 @@ label_selectors: - "app.kubernetes.io/instance={{ instance_name }}" register: kiali_service + when: + - kiali_configmap.deployment.remote_cluster_resources_only == False - name: Get Kiali Route vars: @@ -80,6 +86,7 @@ register: kiali_route when: - is_openshift == True + - kiali_configmap.deployment.remote_cluster_resources_only == False - name: Get Kiali Ingress ignore_errors: yes @@ -93,7 +100,8 @@ - "app.kubernetes.io/instance={{ instance_name }}" register: kiali_ingress when: - - is_openshift != True + - is_openshift == False + - kiali_configmap.deployment.remote_cluster_resources_only == False - name: Determine the Kiali Route URL on OpenShift vars: @@ -102,6 +110,7 @@ kiali_base_url: "https://{{ kiali_route.resources[0].spec.host }}{{ web_root }}" when: - is_openshift == True + - kiali_configmap.deployment.remote_cluster_resources_only == False # To avoid problems with Ingress/Minikube conflicts, if installing multiple kiali instances set web_root to the instance name - name: Determine the Kiali Ingress URL on minikube @@ -112,9 +121,11 @@ kiali_base_url: "https://{{ lookup('env', 'MOLECULE_MINIKUBE_IP') }}{{ web_root }}" when: - is_minikube == True + - kiali_configmap.deployment.remote_cluster_resources_only == False - name: Determine the Kiali Ingress URL on kind set_fact: kiali_base_url: "http://{{ kiali_service.resources[0].status.loadBalancer.ingress[0].ip }}:20001/kiali" when: - is_kind == True + - kiali_configmap.deployment.remote_cluster_resources_only == False diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index 05aba2dc..d2cb1e9d 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -110,6 +110,9 @@ namespace: "{{ cr_namespace }}" definition: "{{ kiali_cr_definition }}" + # We normally always want to wait for kiali to be deployed, but for those tests + # where this is not wanted (e.g. when remote_cluster_resources_only==true), then + # import this playbook with the var "wait_for_kiali_pod_after_prepare" set to false. - name: Asserting that Kiali is Deployed vars: instance_name: "{{ kiali.instance_name | default('kiali') }}" @@ -127,3 +130,5 @@ - kiali_deployment.resources[0].status.availableReplicas == 1 retries: "{{ wait_retries }}" delay: 5 + when: + - wait_for_kiali_pod_after_prepare | default(true) == True diff --git a/molecule/remote-cluster-resources-test/converge.yml b/molecule/remote-cluster-resources-test/converge.yml new file mode 100644 index 00000000..d4f5cf73 --- /dev/null +++ b/molecule/remote-cluster-resources-test/converge.yml @@ -0,0 +1,251 @@ +- name: Tests + hosts: localhost + connection: local + collections: + - kubernetes.core + vars: + custom_resource: "{{ lookup('template', cr_file_path) | from_yaml }}" + tasks: + + # just set some common constants so our assert code in the below tests is easier to read + - set_fact: + querySelector: "app.kubernetes.io/instance=kiali" + queryNamespace: "{{ kiali.install_namespace }}" + apiCMap: "v1" + apiCoLn: "console.openshift.io/v1" + apiDepl: "apps/v1" + apiPod: "v1" + apiSecr: "v1" + apiServ: "v1" + apiSvcA: "v1" + apiIngr: "networking.k8s.io/{{ 'v1' if (lookup('k8s', kind='Ingress', api_version='networking.k8s.io/v1', errors='ignore') is iterable) else 'v1beta1' }}" + apiRout: "route.openshift.io/v1" + apiOAut: "oauth.openshift.io/v1" + + - include_tasks: ../common/wait_for_kiali_cr_changes.yml + - include_tasks: ../common/tasks.yml + + # ASSERT CWA=TRUE + - include_tasks: ../asserts/accessible_namespaces_contains.yml + vars: + namespace_list: [] + + - debug: msg="test to make sure cluster-wide-access is True" + - assert: + that: + - kiali_configmap.deployment.cluster_wide_access == True + + - debug: msg="assert that we have clusterroles since we have been given cluster wide access" + - include_tasks: ../asserts/roles-test/rw_clusterrole_asserts.yml + - include_tasks: ../asserts/roles-test/none_role_asserts.yml + vars: + role_namespaces_to_test: + - "{{ istio.control_plane_namespace }}" + - remote-cluster-resources-test-1 + - remote-cluster-resources-test-2 + - remote-cluster-resources-test-x + + # there should be no deployment, pod, service, ingress/route, or OpenShift-specific resources + - name: Make sure we only have the resources that are expected + assert: + that: + - query('k8s', kind='ConfigMap', namespace=queryNamespace, api_version=apiCMap, label_selector=querySelector) | length == 1 + - query('k8s', kind='Deployment', namespace=queryNamespace, api_version=apiDepl, label_selector=querySelector) | length == 0 + - query('k8s', kind='Pod', namespace=queryNamespace, api_version=apiPod, label_selector=querySelector) | length == 0 + - query('k8s', kind='Secret', namespace=queryNamespace, api_version=apiSecr, label_selector=querySelector) | length == 0 + - query('k8s', kind='Service', namespace=queryNamespace, api_version=apiServ, label_selector=querySelector) | length == 0 + - query('k8s', kind='ServiceAccount', namespace=queryNamespace, api_version=apiSvcA, label_selector=querySelector) | length == 1 + - query('k8s', kind='Ingress', namespace=queryNamespace, api_version=apiIngr, label_selector=querySelector) | length == 0 + - query('k8s', kind='Route', namespace=queryNamespace, api_version=apiRout, label_selector=querySelector) | length == 0 + - query('k8s', kind='ConsoleLink', api_version=apiCoLn, label_selector=querySelector) | length == 0 + - query('k8s', kind='OAuthClient', api_version=apiOAut, label_selector=querySelector) | length == 0 + + # SET discovery selectors=[istio-system, remote-cluster-resources-test-1, remote-cluster-resources-test-x] + - debug: msg="change accessible namespaces to a fixed list of namespaces but keep cluster-wide-access (set to True)" + - include_tasks: ../common/set_discovery_selectors_to_list.yml + vars: + new_cluster_wide_access: true + discovery_selectors: + - matchLabels: + kubernetes.io/metadata.name: "{{ istio.control_plane_namespace}}" + - matchLabels: + kubernetes.io/metadata.name: "remote-cluster-resources-test-1" + - matchLabels: + kubernetes.io/metadata.name: "remote-cluster-resources-test-x" + - include_tasks: ../common/wait_for_kiali_cr_changes.yml + - include_tasks: ../common/tasks.yml + - name: CWA is true so there should be no labels on any namespaces + include_tasks: ../asserts/accessible_namespaces_contains.yml + vars: + namespace_list: [] + + - debug: msg="test the normal accessible namespaces" + - name: "Even though discovery selectors are set, cluster wide access should still be True because we explicitly asked for it" + assert: + that: + - kiali_configmap.deployment.cluster_wide_access == True + + - debug: msg="assert that we have clusterroles since we have been given cluster wide access" + - include_tasks: ../asserts/roles-test/rw_clusterrole_asserts.yml + - include_tasks: ../asserts/roles-test/none_role_asserts.yml + vars: + role_namespaces_to_test: + - "{{ istio.control_plane_namespace }}" + - remote-cluster-resources-test-1 + - remote-cluster-resources-test-2 + - remote-cluster-resources-test-x + + # there should be no deployment, pod, service, ingress/route, or OpenShift-specific resources + - name: Make sure we only have the resources that are expected + assert: + that: + - query('k8s', kind='ConfigMap', namespace=queryNamespace, api_version=apiCMap, label_selector=querySelector) | length == 1 + - query('k8s', kind='Deployment', namespace=queryNamespace, api_version=apiDepl, label_selector=querySelector) | length == 0 + - query('k8s', kind='Pod', namespace=queryNamespace, api_version=apiPod, label_selector=querySelector) | length == 0 + - query('k8s', kind='Secret', namespace=queryNamespace, api_version=apiSecr, label_selector=querySelector) | length == 0 + - query('k8s', kind='Service', namespace=queryNamespace, api_version=apiServ, label_selector=querySelector) | length == 0 + - query('k8s', kind='ServiceAccount', namespace=queryNamespace, api_version=apiSvcA, label_selector=querySelector) | length == 1 + - query('k8s', kind='Ingress', namespace=queryNamespace, api_version=apiIngr, label_selector=querySelector) | length == 0 + - query('k8s', kind='Route', namespace=queryNamespace, api_version=apiRout, label_selector=querySelector) | length == 0 + - query('k8s', kind='ConsoleLink', api_version=apiCoLn, label_selector=querySelector) | length == 0 + - query('k8s', kind='OAuthClient', api_version=apiOAut, label_selector=querySelector) | length == 0 + + - debug: msg="Turn off cluster wide access and set our discovery selectors to [istio-system, remote-cluster-resources-test-1]" + - include_tasks: ../common/set_discovery_selectors_to_list.yml + vars: + new_cluster_wide_access: false + discovery_selectors: + - matchLabels: + kubernetes.io/metadata.name: "{{ istio.control_plane_namespace}}" + - matchLabels: + kubernetes.io/metadata.name: "remote-cluster-resources-test-1" + - include_tasks: ../common/wait_for_kiali_cr_changes.yml + - include_tasks: ../common/tasks.yml + - include_tasks: ../asserts/accessible_namespaces_contains.yml + vars: + namespace_list: + - "{{ istio.control_plane_namespace }}" + - 'remote-cluster-resources-test-1' + - assert: + that: + - kiali_configmap.deployment.cluster_wide_access == False + + - debug: msg="assert that we have roles since we have NOT been given cluster wide access" + - include_tasks: ../asserts/roles-test/rw_role_asserts.yml + vars: + role_namespaces_to_test: + - "{{ istio.control_plane_namespace }}" + - remote-cluster-resources-test-1 + - include_tasks: ../asserts/roles-test/none_clusterrole_asserts.yml + + # there should be no deployment, pod, service, ingress/route, or OpenShift-specific resources + - name: Make sure we only have the resources that are expected + assert: + that: + - query('k8s', kind='ConfigMap', namespace=queryNamespace, api_version=apiCMap, label_selector=querySelector) | length == 1 + - query('k8s', kind='Deployment', namespace=queryNamespace, api_version=apiDepl, label_selector=querySelector) | length == 0 + - query('k8s', kind='Pod', namespace=queryNamespace, api_version=apiPod, label_selector=querySelector) | length == 0 + - query('k8s', kind='Secret', namespace=queryNamespace, api_version=apiSecr, label_selector=querySelector) | length == 0 + - query('k8s', kind='Service', namespace=queryNamespace, api_version=apiServ, label_selector=querySelector) | length == 0 + - query('k8s', kind='ServiceAccount', namespace=queryNamespace, api_version=apiSvcA, label_selector=querySelector) | length == 1 + - query('k8s', kind='Ingress', namespace=queryNamespace, api_version=apiIngr, label_selector=querySelector) | length == 0 + - query('k8s', kind='Route', namespace=queryNamespace, api_version=apiRout, label_selector=querySelector) | length == 0 + - query('k8s', kind='ConsoleLink', api_version=apiCoLn, label_selector=querySelector) | length == 0 + - query('k8s', kind='OAuthClient', api_version=apiOAut, label_selector=querySelector) | length == 0 + + - debug: msg="We have discovery selectors and CWA=false. Now let's set CWA=true and see the roles get removed and cluster roles added" + - include_tasks: ../common/set_kiali_cr.yml + vars: + new_kiali_cr: "{{ kiali_cr_list.resources[0] | combine({'spec': {'deployment': {'cluster_wide_access': True }}}, recursive=True) }}" + - include_tasks: ../common/wait_for_kiali_cr_changes.yml + - include_tasks: ../common/tasks.yml + + - include_tasks: ../asserts/roles-test/rw_clusterrole_asserts.yml + - include_tasks: ../asserts/roles-test/none_role_asserts.yml + vars: + role_namespaces_to_test: + - "{{ istio.control_plane_namespace }}" + - remote-cluster-resources-test-1 + - remote-cluster-resources-test-2 + - remote-cluster-resources-test-x + + # there should be no deployment, pod, service, ingress/route, or OpenShift-specific resources + - name: Make sure we only have the resources that are expected + assert: + that: + - query('k8s', kind='ConfigMap', namespace=queryNamespace, api_version=apiCMap, label_selector=querySelector) | length == 1 + - query('k8s', kind='Deployment', namespace=queryNamespace, api_version=apiDepl, label_selector=querySelector) | length == 0 + - query('k8s', kind='Pod', namespace=queryNamespace, api_version=apiPod, label_selector=querySelector) | length == 0 + - query('k8s', kind='Secret', namespace=queryNamespace, api_version=apiSecr, label_selector=querySelector) | length == 0 + - query('k8s', kind='Service', namespace=queryNamespace, api_version=apiServ, label_selector=querySelector) | length == 0 + - query('k8s', kind='ServiceAccount', namespace=queryNamespace, api_version=apiSvcA, label_selector=querySelector) | length == 1 + - query('k8s', kind='Ingress', namespace=queryNamespace, api_version=apiIngr, label_selector=querySelector) | length == 0 + - query('k8s', kind='Route', namespace=queryNamespace, api_version=apiRout, label_selector=querySelector) | length == 0 + - query('k8s', kind='ConsoleLink', api_version=apiCoLn, label_selector=querySelector) | length == 0 + - query('k8s', kind='OAuthClient', api_version=apiOAut, label_selector=querySelector) | length == 0 + + - debug: msg="We have discovery selectors and CWA=true. Now let's set CWA back to false and see the roles get added and cluster roles removed" + - include_tasks: ../common/set_kiali_cr.yml + vars: + new_kiali_cr: "{{ kiali_cr_list.resources[0] | combine({'spec': {'deployment': {'cluster_wide_access': False }}}, recursive=True) }}" + - include_tasks: ../common/wait_for_kiali_cr_changes.yml + - include_tasks: ../common/tasks.yml + + - include_tasks: ../asserts/roles-test/rw_role_asserts.yml + vars: + role_namespaces_to_test: + - "{{ istio.control_plane_namespace }}" + - remote-cluster-resources-test-1 + - include_tasks: ../asserts/roles-test/none_clusterrole_asserts.yml + + # there should be no deployment, pod, service, ingress/route, or OpenShift-specific resources + - name: Make sure we only have the resources that are expected + assert: + that: + - query('k8s', kind='ConfigMap', namespace=queryNamespace, api_version=apiCMap, label_selector=querySelector) | length == 1 + - query('k8s', kind='Deployment', namespace=queryNamespace, api_version=apiDepl, label_selector=querySelector) | length == 0 + - query('k8s', kind='Pod', namespace=queryNamespace, api_version=apiPod, label_selector=querySelector) | length == 0 + - query('k8s', kind='Secret', namespace=queryNamespace, api_version=apiSecr, label_selector=querySelector) | length == 0 + - query('k8s', kind='Service', namespace=queryNamespace, api_version=apiServ, label_selector=querySelector) | length == 0 + - query('k8s', kind='ServiceAccount', namespace=queryNamespace, api_version=apiSvcA, label_selector=querySelector) | length == 1 + - query('k8s', kind='Ingress', namespace=queryNamespace, api_version=apiIngr, label_selector=querySelector) | length == 0 + - query('k8s', kind='Route', namespace=queryNamespace, api_version=apiRout, label_selector=querySelector) | length == 0 + - query('k8s', kind='ConsoleLink', api_version=apiCoLn, label_selector=querySelector) | length == 0 + - query('k8s', kind='OAuthClient', api_version=apiOAut, label_selector=querySelector) | length == 0 + + - debug: msg="remove discovery selectors but keep CWA=true and see that the roles have been removed and we are back to using cluster-wide-access and clusterroles" + - include_tasks: ../common/set_discovery_selectors_to_all.yml + - include_tasks: ../common/wait_for_kiali_cr_changes.yml + - include_tasks: ../common/tasks.yml + - include_tasks: ../asserts/accessible_namespaces_contains.yml + vars: + namespace_list: [] + + - debug: msg="test to make sure we are back to cluster-wide-access is True" + - assert: + that: + - kiali_configmap.deployment.cluster_wide_access == True + + - include_tasks: ../asserts/roles-test/rw_clusterrole_asserts.yml + - include_tasks: ../asserts/roles-test/none_role_asserts.yml + vars: + role_namespaces_to_test: + - "{{ istio.control_plane_namespace }}" + - remote-cluster-resources-test-1 + - remote-cluster-resources-test-2 + - remote-cluster-resources-test-x + + # there should be no deployment, pod, service, ingress/route, or OpenShift-specific resources + - name: Make sure we only have the resources that are expected + assert: + that: + - query('k8s', kind='ConfigMap', namespace=queryNamespace, api_version=apiCMap, label_selector=querySelector) | length == 1 + - query('k8s', kind='Deployment', namespace=queryNamespace, api_version=apiDepl, label_selector=querySelector) | length == 0 + - query('k8s', kind='Pod', namespace=queryNamespace, api_version=apiPod, label_selector=querySelector) | length == 0 + - query('k8s', kind='Secret', namespace=queryNamespace, api_version=apiSecr, label_selector=querySelector) | length == 0 + - query('k8s', kind='Service', namespace=queryNamespace, api_version=apiServ, label_selector=querySelector) | length == 0 + - query('k8s', kind='ServiceAccount', namespace=queryNamespace, api_version=apiSvcA, label_selector=querySelector) | length == 1 + - query('k8s', kind='Ingress', namespace=queryNamespace, api_version=apiIngr, label_selector=querySelector) | length == 0 + - query('k8s', kind='Route', namespace=queryNamespace, api_version=apiRout, label_selector=querySelector) | length == 0 + - query('k8s', kind='ConsoleLink', api_version=apiCoLn, label_selector=querySelector) | length == 0 + - query('k8s', kind='OAuthClient', api_version=apiOAut, label_selector=querySelector) | length == 0 \ No newline at end of file diff --git a/molecule/remote-cluster-resources-test/destroy-remote-cluster-resources-test.yml b/molecule/remote-cluster-resources-test/destroy-remote-cluster-resources-test.yml new file mode 100644 index 00000000..00675101 --- /dev/null +++ b/molecule/remote-cluster-resources-test/destroy-remote-cluster-resources-test.yml @@ -0,0 +1,13 @@ +- name: Destroy + hosts: localhost + connection: local + collections: + - kubernetes.core + +- name: Include the base destroy play to destroy the Kiali CR and operator + import_playbook: ../default/destroy.yml + +- name: Delete the test namespaces + import_playbook: ./process-namespaces.yml + vars: + state: absent \ No newline at end of file diff --git a/molecule/remote-cluster-resources-test/kiali-cr.yaml b/molecule/remote-cluster-resources-test/kiali-cr.yaml new file mode 100644 index 00000000..c7269ab8 --- /dev/null +++ b/molecule/remote-cluster-resources-test/kiali-cr.yaml @@ -0,0 +1,12 @@ +apiVersion: kiali.io/v1alpha1 +kind: Kiali +metadata: + name: kiali +spec: + version: {{ kiali.spec_version }} + auth: + strategy: {{ kiali.auth_strategy }} + deployment: + namespace: {{ kiali.install_namespace }} + cluster_wide_access: {{ kiali.cluster_wide_access|bool }} + remote_cluster_resources_only: true \ No newline at end of file diff --git a/molecule/remote-cluster-resources-test/molecule.yml b/molecule/remote-cluster-resources-test/molecule.yml new file mode 100644 index 00000000..7123d5e3 --- /dev/null +++ b/molecule/remote-cluster-resources-test/molecule.yml @@ -0,0 +1,43 @@ +--- +dependency: + name: galaxy +driver: + name: $DORP +platforms: +- name: default + groups: + - k8s +provisioner: + name: ansible + config_options: + defaults: + callbacks_enabled: junit + playbooks: + destroy: ./destroy-remote-cluster-resources-test.yml + prepare: ./prepare-remote-cluster-resources-test.yml + cleanup: ../default/cleanup.yml + inventory: + group_vars: + all: + cr_file_path: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/molecule/remote-cluster-resources-test/kiali-cr.yaml" + cr_namespace: "{{ 'kiali-operator' if (lookup('env', 'MOLECULE_OPERATOR_INSTALLER') | default('helm', True) == 'helm') else 'istio-system' }}" # if external operator, assume CR must go in control plane namespace + wait_retries: "{{ lookup('env', 'MOLECULE_WAIT_RETRIES') | default('360', True) }}" + istio: + control_plane_namespace: istio-system + kiali: + spec_version: "{{ lookup('env', 'MOLECULE_KIALI_CR_SPEC_VERSION') | default('default', True) }}" + install_namespace: istio-system + cluster_wide_access: true + auth_strategy: anonymous + operator_namespace: "{{ 'kiali-operator' if (lookup('env', 'MOLECULE_OPERATOR_INSTALLER') | default('helm', True) == 'helm') else ('openshift-operators' if (query('kubernetes.core.k8s', kind='Namespace', resource_name='openshift-operators') | length > 0) else 'operators') }}" # if external operator, assume operator is in OLM location + operator_image_name: "{{ 'image-registry.openshift-image-registry.svc:5000/kiali/kiali-operator' if lookup('env', 'MOLECULE_KIALI_OPERATOR_IMAGE_NAME') == 'dev' else (lookup('env', 'MOLECULE_KIALI_OPERATOR_IMAGE_NAME')|default('quay.io/kiali/kiali-operator', True)) }}" + operator_version: "{{ lookup('env', 'MOLECULE_KIALI_OPERATOR_IMAGE_VERSION')|default('latest', True) }}" + operator_watch_namespace: kiali-operator + operator_cluster_role_creator: "true" + operator_image_pull_policy: "{{ lookup('env', 'MOLECULE_KIALI_OPERATOR_IMAGE_PULL_POLICY')|default('Always', True) }}" +scenario: + name: remote-cluster-resources-test + test_sequence: + - prepare + - converge + - destroy diff --git a/molecule/remote-cluster-resources-test/prepare-remote-cluster-resources-test.yml b/molecule/remote-cluster-resources-test/prepare-remote-cluster-resources-test.yml new file mode 100644 index 00000000..ac3b0376 --- /dev/null +++ b/molecule/remote-cluster-resources-test/prepare-remote-cluster-resources-test.yml @@ -0,0 +1,15 @@ +- name: Prepare + hosts: localhost + connection: local + collections: + - kubernetes.core + +- name: Create the test namespaces + import_playbook: ./process-namespaces.yml + vars: + state: present + +- name: Include the base prepare play to create the first kiali CR + import_playbook: ../default/prepare.yml + vars: + wait_for_kiali_pod_after_prepare: false \ No newline at end of file diff --git a/molecule/remote-cluster-resources-test/process-namespaces.yml b/molecule/remote-cluster-resources-test/process-namespaces.yml new file mode 100644 index 00000000..4c1c3eeb --- /dev/null +++ b/molecule/remote-cluster-resources-test/process-namespaces.yml @@ -0,0 +1,36 @@ +- name: "Process Test Namespaces [state={{ state }}]" + hosts: localhost + connection: local + collections: + - kubernetes.core + + tasks: + - k8s: + state: "{{ state }}" + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: remote-cluster-resources-test-1 + labels: + discoverySelectorLabel1: test + test: kiali + - k8s: + state: "{{ state }}" + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: remote-cluster-resources-test-2 + labels: + discoverySelectorLabel2: matchme + test: kiali + - k8s: + state: "{{ state }}" + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: remote-cluster-resources-test-x + labels: + test: kiali