187 lines
5.8 KiB
YAML
187 lines
5.8 KiB
YAML
---
|
|
# Copyright 2019 Red Hat, Inc.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
####
|
|
# Testing that the role fails with information when we are not passing
|
|
# credentials for the login
|
|
#
|
|
- name: Ensure role checks for missing information
|
|
hosts: all
|
|
tasks:
|
|
- set_fact:
|
|
role_failed: false
|
|
|
|
- name: ensure role fails when credentials missing
|
|
block:
|
|
- include_role:
|
|
name: ansible-role-container-registry
|
|
tasks_from: registry-login
|
|
vars:
|
|
ansible_python_interpreter: "{{ ansible_user_dir }}/test-python/bin/python"
|
|
rescue:
|
|
- set_fact:
|
|
role_failed: true
|
|
|
|
- name: assert on missing credentials
|
|
assert:
|
|
that: role_failed != false
|
|
fail_msg: Role did not fail and it should have while passing no credential
|
|
success_msg: Role failed correctly while passing no credentials
|
|
|
|
#####
|
|
# We don't want to pollute the host by installing packages that
|
|
# should be installed elsewhere and maybe from different repository
|
|
# Here we test that we are removing any client package after installing it
|
|
# As sometimes the package is installed before we run this role, we are also
|
|
# testing that we are removing packages if and only if we were the ones
|
|
# installing it.
|
|
#
|
|
- name: Check role behaviour with docker installation
|
|
hosts: instance-login
|
|
vars:
|
|
docker_login_cache: /root/.docker/config.json
|
|
docker_socket: /var/run/docker.sock
|
|
container_registry_logins:
|
|
localhost:5000:
|
|
testuser: testpassword
|
|
tasks:
|
|
- name: preinstall docker
|
|
become: true
|
|
package:
|
|
name: docker
|
|
state: present
|
|
|
|
- name: Include role with docker preinstalled
|
|
include_role:
|
|
name: ansible-role-container-registry
|
|
tasks_from: install-engine
|
|
vars:
|
|
ansible_python_interpreter: "{{ ansible_user_dir }}/test-python/bin/python"
|
|
|
|
- name: remove clients with docker preinstalled
|
|
include_role:
|
|
name: ansible-role-container-registry
|
|
tasks_from: cleanup-engine
|
|
vars:
|
|
ansible_python_interpreter: "{{ ansible_user_dir }}/test-python/bin/python"
|
|
container_registry_cleanup_client: true
|
|
|
|
- name: Check if tasks removed docker and it shouldn't
|
|
assert:
|
|
that:
|
|
- remove_docker is not defined or remove_docker is skipped
|
|
fail_msg: Role removed docker when it shouldn't have
|
|
success_msg: Role correctly left docker as it was installed before
|
|
|
|
- name: remove docker
|
|
become: true
|
|
package:
|
|
name: docker
|
|
state: absent
|
|
|
|
- name: Install client without docker preinstalled
|
|
include_role:
|
|
name: ansible-role-container-registry
|
|
tasks_from: install-engine
|
|
vars:
|
|
ansible_python_interpreter: "{{ ansible_user_dir }}/test-python/bin/python"
|
|
|
|
- name: Cleanup client without docker preinstalled
|
|
include_role:
|
|
name: ansible-role-container-registry
|
|
tasks_from: cleanup-engine
|
|
vars:
|
|
ansible_python_interpreter: "{{ ansible_user_dir }}/test-python/bin/python"
|
|
container_registry_cleanup_client: true
|
|
|
|
- name: Check if tasks removed docker
|
|
assert:
|
|
that:
|
|
- remove_docker is defined
|
|
fail_msg: Role did not remove docker when it should have
|
|
success_msg: Role correctly removed docker as it was not present before call
|
|
|
|
####
|
|
# This play tests that docker is chosen in centos7 and the login successfully
|
|
# created a auth cache file
|
|
# it also ensure that docker deamon is still running after we remove the client
|
|
#
|
|
- name: Test login behaviour in centos7
|
|
hosts: instance-login
|
|
vars:
|
|
docker_login_cache: /root/.docker/config.json
|
|
docker_socket: /var/run/docker.sock
|
|
container_registry_logins:
|
|
localhost:5000:
|
|
testuser: testpassword
|
|
tasks:
|
|
- include_role:
|
|
name: ansible-role-container-registry
|
|
tasks_from: registry-login
|
|
|
|
- name: check credentials file
|
|
become: true
|
|
stat:
|
|
path: "{{ docker_login_cache }}"
|
|
register: cache_file
|
|
|
|
- block:
|
|
- name: assert on file existence
|
|
assert:
|
|
that:
|
|
- cache_file.stat.exists
|
|
fail_msg: Credential file was not created
|
|
success_msg: Credential file correctly present
|
|
failed_when: false
|
|
rescue:
|
|
- debug:
|
|
msg: noop
|
|
|
|
- name: Verify credentials can be used
|
|
block:
|
|
- name: create build dir
|
|
file:
|
|
path: /tmp/tempimage
|
|
state: directory
|
|
|
|
- name: create Dockerfile
|
|
copy:
|
|
content: |
|
|
FROM scratch
|
|
ADD nothing /
|
|
dest: /tmp/tempimage/Dockerfile
|
|
|
|
- name: Build test image
|
|
become: true
|
|
shell: |
|
|
cd /tmp/tempimage
|
|
touch nothing
|
|
docker build -t localhost:5000/test/testimage:v1 .
|
|
register: build
|
|
|
|
- name: Verify authenticated push works
|
|
become: true
|
|
shell: |
|
|
docker push localhost:5000/test/testimage:v1
|
|
|
|
- name: Cleanup
|
|
include_role:
|
|
name: ansible-role-container-registry
|
|
tasks_from: cleanup-engine
|
|
vars:
|
|
ansible_python_interpreter: "{{ ansible_user_dir }}/test-python/bin/python"
|
|
container_registry_cleanup_client: true
|