From 8048497d2d39e5d0f9e7eff3e262f40951e5d263 Mon Sep 17 00:00:00 2001 From: Ondra Machacek Date: Wed, 28 Feb 2024 11:49:31 +0100 Subject: [PATCH] Add tests Signed-off-by: Ondra Machacek --- .ansible-lint | 9 +++ .github/workflows/test.yml | 30 +++++++ Makefile | 2 + execution-environment/README.md | 21 +++++ roles/system_settings/tasks/main.yml | 9 +-- tests/expectations/mock.json | 64 +++++++++++++++ tests/integration/inventory | 2 + tests/integration/targets/init.sh | 5 ++ .../targets/prepare_rest/tasks/main.yml | 25 ++++++ .../targets/security_test/mock.json | 64 +++++++++++++++ .../integration/targets/security_test/run.yml | 15 ++++ .../targets/security_test/runme.sh | 3 + .../targets/security_test/tasks/main.yml | 4 + .../targets/security_test/vars.yml | 13 +++ .../targets/system_settings_test/mock.json | 79 +++++++++++++++++++ .../targets/system_settings_test/run.yml | 15 ++++ .../targets/system_settings_test/runme.sh | 3 + .../system_settings_test/tasks/main.yml | 4 + .../targets/system_settings_test/vars.yml | 11 +++ 19 files changed, 373 insertions(+), 5 deletions(-) create mode 100644 .ansible-lint create mode 100644 .github/workflows/test.yml create mode 100644 Makefile create mode 100644 execution-environment/README.md create mode 100644 tests/expectations/mock.json create mode 100644 tests/integration/inventory create mode 100644 tests/integration/targets/init.sh create mode 100644 tests/integration/targets/prepare_rest/tasks/main.yml create mode 100644 tests/integration/targets/security_test/mock.json create mode 100644 tests/integration/targets/security_test/run.yml create mode 100755 tests/integration/targets/security_test/runme.sh create mode 100644 tests/integration/targets/security_test/tasks/main.yml create mode 100644 tests/integration/targets/security_test/vars.yml create mode 100644 tests/integration/targets/system_settings_test/mock.json create mode 100644 tests/integration/targets/system_settings_test/run.yml create mode 100755 tests/integration/targets/system_settings_test/runme.sh create mode 100644 tests/integration/targets/system_settings_test/tasks/main.yml create mode 100644 tests/integration/targets/system_settings_test/vars.yml diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 00000000..faa4bec5 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,9 @@ +--- +profile: production +strict: true + +skip_list: + - no-changed-when # Commands should not change things if nothing needs doing. + +exclude_paths: + - tests/integration diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 00000000..17b05f81 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,30 @@ +--- +name: Ansible Integration Test +on: # yamllint disable-line rule:truthy + pull_request: + merge_group: + branches: + - main + push: + branches: + - main +permissions: + contents: read +jobs: + ansible_integration_test: + runs-on: ubuntu-latest + steps: + - name: Update pip, git + run: | + set -euxo pipefail + sudo apt-get update + + - name: Checkout repo + uses: actions/checkout@v4 + with: + path: ansible_collections/redhat_cop/vmware_ops + + - name: Run + run: | + make integration + working-directory: ansible_collections/redhat_cop/vmware_ops diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..9c7ed7f4 --- /dev/null +++ b/Makefile @@ -0,0 +1,2 @@ +integration: + ansible-test integration --no-temp-workdir security_test diff --git a/execution-environment/README.md b/execution-environment/README.md new file mode 100644 index 00000000..51a166e4 --- /dev/null +++ b/execution-environment/README.md @@ -0,0 +1,21 @@ +## How to use execution environment + +### Building +To build the execution environment image: + +```bash +$ export USER=yourdockerusername +$ ansible-builder build -t quay.io/$USER/vmware:mytest +``` + +This will create container image `quay.io/$USER/vmware:mytest`. You can upload it to quay and use from AAP. + +### Local test +To test the image locally using `ansible-runner` execute the image as follows: + +```bash +$ export USER=yourdockerusername +$ ansible-runner run --container-image quay.io/$USER/vmware:mytest runner --inventory localhost, -p redhat_cop.vmware_ops.security +``` + +This will execute the `security.yml` playbook from playbooks directory. You can test with any playbook from this directory. diff --git a/roles/system_settings/tasks/main.yml b/roles/system_settings/tasks/main.yml index 3aaa9704..7cd7ebd2 100644 --- a/roles/system_settings/tasks/main.yml +++ b/roles/system_settings/tasks/main.yml @@ -1,7 +1,7 @@ - name: Set NTP servers when: system_settings_ntp_servers is defined block: - - name: Set NTP servers + - name: Test NTP servers vmware.vmware_rest.appliance_ntp: vcenter_hostname: "{{ system_settings_hostname | d(omit) }}" vcenter_password: "{{ system_settings_password | d(omit) }}" @@ -12,12 +12,11 @@ register: __ntp_state - name: Print the state of NTP servers - ansible.builtin.fail: - msg: "Server {{ item.server }} status: {{ item.message }}" + ansible.builtin.debug: + msg: "Warning: server {{ item.server }} status: {{ item.message }}" loop: "{{ __ntp_state.value }}" when: item.status == 'SERVER_UNREACHABLE' - ignore_errors: true - + - name: Set NTP servers vmware.vmware_rest.appliance_ntp: vcenter_hostname: "{{ system_settings_hostname | d(omit) }}" diff --git a/tests/expectations/mock.json b/tests/expectations/mock.json new file mode 100644 index 00000000..2ef2cbfa --- /dev/null +++ b/tests/expectations/mock.json @@ -0,0 +1,64 @@ +[ +{ + "httpRequest": { + "method": "POST", + "path": "/rest/com/vmware/cis/session" + }, + "httpResponse": { + "statusCode": 200, + "body": {"value": "72300ca9ff16c5743fa0a6328c8570ce"} + } +}, +{ + "httpRequest": { + "method": "PUT", + "path": "/api/appliance/access/(consolecli|dcui|shell|ssh)" + }, + "httpResponse": { + "statusCode": 200, + "headers": { + "Content-Type": "application/json" + }, + "body": "{}" + } +}, +{ + "httpRequest": { + "method": "GET", + "path": "/api/appliance/access/(consolecli|dcui|shell|ssh)" + }, + "httpResponse": { + "statusCode": 200, + "headers": { + "Content-Type": "application/json" + }, + "body": "true" + } +}, +{ + "httpRequest": { + "method" : "GET", + "path" : "/api/appliance/networking/firewall/inbound" + }, + "httpResponse": { + "statusCode": 200, + "headers": { + "Content-Type": "application/json" + }, + "body": [{}] + } +}, +{ + "httpRequest": { + "method" : "PUT", + "path" : "/api/appliance/networking/firewall/inbound" + }, + "httpResponse": { + "statusCode": 200, + "headers": { + "Content-Type": "application/json" + }, + "body": "{}" + } +} +] diff --git a/tests/integration/inventory b/tests/integration/inventory new file mode 100644 index 00000000..7c937f87 --- /dev/null +++ b/tests/integration/inventory @@ -0,0 +1,2 @@ +[testgroup] +testhost ansible_connection="local" ansible_pipelining="yes" ansible_python_interpreter="/usr/bin/python3" diff --git a/tests/integration/targets/init.sh b/tests/integration/targets/init.sh new file mode 100644 index 00000000..cd18c79e --- /dev/null +++ b/tests/integration/targets/init.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash +# shellcheck disable=SC2155,SC2086 + +BASE_DIR=$(dirname "${BASH_SOURCE[0]}") +export ANSIBLE_ROLES_PATH=${BASE_DIR} diff --git a/tests/integration/targets/prepare_rest/tasks/main.yml b/tests/integration/targets/prepare_rest/tasks/main.yml new file mode 100644 index 00000000..946ab37b --- /dev/null +++ b/tests/integration/targets/prepare_rest/tasks/main.yml @@ -0,0 +1,25 @@ +--- +- name: Install dependencies + ansible.builtin.pip: + name: + - requests + - aiohttp + +- name: Run rest + community.docker.docker_container: + name: vmwarest + image: mockserver/mockserver + state: started + recreate: yes + exposed_ports: + - 1080 + ports: + - 1080:1080 + +- name: Pause + ansible.builtin.pause: + seconds: 10 + +- name: Put data to mockserver + ansible.builtin.command: + cmd: "curl -v -X PUT --data @../{{ mock_file }}/mock.json http://localhost:1080/mockserver/expectation" diff --git a/tests/integration/targets/security_test/mock.json b/tests/integration/targets/security_test/mock.json new file mode 100644 index 00000000..2ef2cbfa --- /dev/null +++ b/tests/integration/targets/security_test/mock.json @@ -0,0 +1,64 @@ +[ +{ + "httpRequest": { + "method": "POST", + "path": "/rest/com/vmware/cis/session" + }, + "httpResponse": { + "statusCode": 200, + "body": {"value": "72300ca9ff16c5743fa0a6328c8570ce"} + } +}, +{ + "httpRequest": { + "method": "PUT", + "path": "/api/appliance/access/(consolecli|dcui|shell|ssh)" + }, + "httpResponse": { + "statusCode": 200, + "headers": { + "Content-Type": "application/json" + }, + "body": "{}" + } +}, +{ + "httpRequest": { + "method": "GET", + "path": "/api/appliance/access/(consolecli|dcui|shell|ssh)" + }, + "httpResponse": { + "statusCode": 200, + "headers": { + "Content-Type": "application/json" + }, + "body": "true" + } +}, +{ + "httpRequest": { + "method" : "GET", + "path" : "/api/appliance/networking/firewall/inbound" + }, + "httpResponse": { + "statusCode": 200, + "headers": { + "Content-Type": "application/json" + }, + "body": [{}] + } +}, +{ + "httpRequest": { + "method" : "PUT", + "path" : "/api/appliance/networking/firewall/inbound" + }, + "httpResponse": { + "statusCode": 200, + "headers": { + "Content-Type": "application/json" + }, + "body": "{}" + } +} +] diff --git a/tests/integration/targets/security_test/run.yml b/tests/integration/targets/security_test/run.yml new file mode 100644 index 00000000..b5b4a4ac --- /dev/null +++ b/tests/integration/targets/security_test/run.yml @@ -0,0 +1,15 @@ +- hosts: localhost + gather_facts: no + collections: + - community.general + vars_files: + - vars.yml + + tasks: + - name: Vcsim + ansible.builtin.import_role: + name: prepare_rest + + - name: Import security role + ansible.builtin.import_role: + name: security_test diff --git a/tests/integration/targets/security_test/runme.sh b/tests/integration/targets/security_test/runme.sh new file mode 100755 index 00000000..a4c36631 --- /dev/null +++ b/tests/integration/targets/security_test/runme.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash +source ../init.sh +exec ansible-playbook run.yml diff --git a/tests/integration/targets/security_test/tasks/main.yml b/tests/integration/targets/security_test/tasks/main.yml new file mode 100644 index 00000000..6b11f7b6 --- /dev/null +++ b/tests/integration/targets/security_test/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- name: Security role + ansible.builtin.import_role: + name: redhat_cop.vmware_ops.security diff --git a/tests/integration/targets/security_test/vars.yml b/tests/integration/targets/security_test/vars.yml new file mode 100644 index 00000000..cae777d6 --- /dev/null +++ b/tests/integration/targets/security_test/vars.yml @@ -0,0 +1,13 @@ +mock_file: "security_test" + +security_hostname: "127.0.0.1:1080" +security_username: "user" +security_password: "pass" +security_validate_certs: false + +security_consolecli_enabled: true +security_dcui_enabled: true +security_shell_enabled: true +security_shell_timeout: 100 +security_ssh_enabled: true +security_firewall_rules: [] diff --git a/tests/integration/targets/system_settings_test/mock.json b/tests/integration/targets/system_settings_test/mock.json new file mode 100644 index 00000000..e0cfde64 --- /dev/null +++ b/tests/integration/targets/system_settings_test/mock.json @@ -0,0 +1,79 @@ +[ +{ + "httpRequest": { + "method": "POST", + "path": "/rest/com/vmware/cis/session" + }, + "httpResponse": { + "statusCode": 200, + "body": {"value": "72300ca9ff16c5743fa0a6328c8570ce"} + } +}, +{ + "httpRequest": { + "method": "POST", + "path": "/api/appliance/system/storage", + "queryStringParameters": {"action": "resize"} + }, + "httpResponse": { + "statusCode": 200, + "headers": { + "Content-Type": "application/json" + }, + "body": "{}" + } +}, +{ + "httpRequest": { + "method": "POST", + "path": "/api/appliance/ntp", + "queryStringParameters": {"action": "test"} + }, + "httpResponse": { + "statusCode": 200, + "headers": { + "Content-Type": "application/json" + }, + "body": [{"server": "1.2.3.4", "status": "SERVER_UNREACHABLE", "message": "Unreachable"}] + } +}, +{ + "httpRequest": { + "method": "(PUT|GET)", + "path": "/api/appliance/system/(time/timezone|global-fips|storage)" + }, + "httpResponse": { + "statusCode": 200, + "headers": { + "Content-Type": "application/json" + }, + "body": "{}" + } +}, +{ + "httpRequest": { + "method": "PUT", + "path": "/api/appliance/(timesync|ntp)" + }, + "httpResponse": { + "statusCode": 200, + "headers": { + "Content-Type": "application/json" + }, + "body": "{}" + } +}, +{ + "httpRequest": { + "method": "GET", + "path": "/api/appliance/(ntp|timesync)" + }, + "httpResponse": { + "statusCode": 200, + "headers": { + "Content-Type": "application/json" + }, + "body": "true" + } +} +] diff --git a/tests/integration/targets/system_settings_test/run.yml b/tests/integration/targets/system_settings_test/run.yml new file mode 100644 index 00000000..8e84402a --- /dev/null +++ b/tests/integration/targets/system_settings_test/run.yml @@ -0,0 +1,15 @@ +- hosts: localhost + gather_facts: no + collections: + - community.general + vars_files: + - vars.yml + + tasks: + - name: Vcsim + ansible.builtin.import_role: + name: prepare_rest + + - name: Import system_settings role + ansible.builtin.import_role: + name: system_settings_test diff --git a/tests/integration/targets/system_settings_test/runme.sh b/tests/integration/targets/system_settings_test/runme.sh new file mode 100755 index 00000000..a4c36631 --- /dev/null +++ b/tests/integration/targets/system_settings_test/runme.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash +source ../init.sh +exec ansible-playbook run.yml diff --git a/tests/integration/targets/system_settings_test/tasks/main.yml b/tests/integration/targets/system_settings_test/tasks/main.yml new file mode 100644 index 00000000..56752a5e --- /dev/null +++ b/tests/integration/targets/system_settings_test/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- name: System settings role + ansible.builtin.import_role: + name: redhat_cop.vmware_ops.system_settings diff --git a/tests/integration/targets/system_settings_test/vars.yml b/tests/integration/targets/system_settings_test/vars.yml new file mode 100644 index 00000000..bea018df --- /dev/null +++ b/tests/integration/targets/system_settings_test/vars.yml @@ -0,0 +1,11 @@ +system_settings_hostname: "127.0.0.1:1080" +system_settings_username: "user" +system_settings_password: "pass" +system_settings_validate_certs: false + +mock_file: "system_settings_test" + +system_settings_ntp_servers: [] +system_settings_timezone: UTC +system_settings_global_fips: true +system_settings_resize_storage: true