Merge pull request #303 from dciabrin/chainsaw

Migration of Kuttl tests to Chainsaw

Author: openshift-merge-bot[bot]

tests/chainsaw/common/galera-assert.yaml

@@ -0,0 +1,119 @@
+apiVersion: mariadb.openstack.org/v1beta1
+kind: Galera
+metadata:
+  name: openstack
+spec:
+  replicas: ($replicas)
+  secret: osp-secret
+  storageRequest: 500M
+status:
+  bootstrapped: true
+  conditions:
+  - message: Setup complete
+    reason: Ready
+    status: "True"
+    type: Ready
+  - message: Create service completed
+    reason: Ready
+    status: "True"
+    type: CreateServiceReady
+  - message: Deployment completed
+    reason: Ready
+    status: "True"
+    type: DeploymentReady
+  - message: Input data complete
+    reason: Ready
+    status: "True"
+    type: InputReady
+  - message: RoleBinding created
+    reason: Ready
+    status: "True"
+    type: RoleBindingReady
+  - message: Role created
+    reason: Ready
+    status: "True"
+    type: RoleReady
+  - message: ServiceAccount created
+    reason: Ready
+    status: "True"
+    type: ServiceAccountReady
+  - message: Service config create completed
+    reason: Ready
+    status: "True"
+    type: ServiceConfigReady
+  - message: Input data complete
+    reason: Ready
+    status: "True"
+    type: TLSInputReady
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: openstack-galera
+spec:
+  replicas: ($replicas)
+  selector:
+    matchLabels:
+      app: galera
+      cr: galera-openstack
+      galera/name: openstack
+  serviceName: openstack-galera
+  template:
+    metadata:
+      labels:
+        app: galera
+        cr: galera-openstack
+        galera/name: openstack
+    spec:
+      containers:
+      - command:
+        - /usr/bin/dumb-init
+        - --
+        - /usr/local/bin/kolla_start
+        name: galera
+        ports:
+        - containerPort: 3306
+          name: mysql
+          protocol: TCP
+        - containerPort: 4567
+          name: galera
+          protocol: TCP
+      serviceAccount: galera-openstack
+      serviceAccountName: galera-openstack
+status:
+  availableReplicas: ($replicas)
+  readyReplicas: ($replicas)
+  replicas: ($replicas)
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: openstack-galera
+spec:
+  ports:
+  - name: mysql
+    port: 3306
+    protocol: TCP
+    targetPort: 3306
+  selector:
+    app: galera
+    cr: galera-openstack
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: openstack
+spec:
+  selector:
+    statefulset.kubernetes.io/pod-name:
+      (starts_with(@, 'openstack-galera-')): true
+---
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: openstack-galera
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: openstack-config-data

tests/chainsaw/common/galera-tls.yaml

@@ -0,0 +1,12 @@
+apiVersion: mariadb.openstack.org/v1beta1
+kind: Galera
+metadata:
+  name: openstack
+spec:
+  replicas: ($replicas)
+  secret: osp-secret
+  storageClass: local-storage
+  storageRequest: 500M
+  tls:
+    caBundleSecretName: galera-cert
+    secretName: galera-cert

tests/chainsaw/common/galera.yaml

@@ -0,0 +1,9 @@
+apiVersion: mariadb.openstack.org/v1beta1
+kind: Galera
+metadata:
+  name: openstack
+spec:
+  replicas: ($replicas)
+  secret: osp-secret
+  storageClass: local-storage
+  storageRequest: 500M

tests/chainsaw/common/tls-certificate.yaml

@@ -0,0 +1,45 @@
+# hardcode the secret generated by the certificate CR below,
+# to avoid chainsaw from depending on cert-manager at runtime
+# the ca.crt key has been renamed to tls-ca-bundle.pem
+# ---
+# apiVersion: cert-manager.io/v1
+# kind: Certificate
+# metadata:
+#   name: galera-cert
+# spec:
+#   secretName: galera-cert
+#   duration: 12720h
+#   renewBefore: 1h
+#   subject:
+#     organizations:
+#       - cluster.local
+#   commonName: openstack-galera
+#   isCA: false
+#   privateKey:
+#     algorithm: RSA
+#     encoding: PKCS8
+#     size: 2048
+#   usages:
+#     - server auth
+#     - client auth
+#   dnsNames:
+#     - "openstack.openstack.svc"
+#     - "openstack.openstack.svc.cluster.local"
+#     - "*.openstack-galera"
+#     - "*.openstack-galera.openstack"
+#     - "*.openstack-galera.openstack.svc"
+#     - "*.openstack-galera.openstack.svc.cluster"
+#     - "*.openstack-galera.openstack.svc.cluster.local"
+#   issuerRef:
+#     name: ca-issuer
+#     group: cert-manager.io
+#     kind: Issuer
+# ---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: galera-cert
+data:
+  tls-ca-bundle.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJmRENDQVNLZ0F3SUJBZ0lRSlUrQTRBYUpDRFowRDYzbDF5UXNFVEFLQmdncWhrak9QUVFEQWpBZU1Sd3cKR2dZRFZRUURFeE5yZFhSMGJDMXpaV3htYzJsbmJtVmtMV05oTUI0WERUSTBNREV4T0RFek1UazBNbG9YRFRJMQpNRGN3TVRFek1UazBNbG93SGpFY01Cb0dBMVVFQXhNVGEzVjBkR3d0YzJWc1puTnBaMjVsWkMxallUQlpNQk1HCkJ5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCSTJKUWdYME1oZUNHSjQ2OHFSNE9wMGJYWGFuTWZSMWRpd3EKR1VtcXlrM20vdHVNZ2hxZlJNNmdWYXFpekNLMjQyNjJUL2dIamdsaDNJTEQ4UnByQXFlalFqQkFNQTRHQTFVZApEd0VCL3dRRUF3SUNwREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVdCQlFMbThjamY3dmc5ZjRxCjdsMzVmN1YxUXNsRDlqQUtCZ2dxaGtqT1BRUURBZ05JQURCRkFpQUZkdEhUbkdiMWtQVlJlZmcvbmNHaThoR2UKVlh5UVZycFJjRStNSXZMeUpRSWhBS2VLZHNleE9LUElQSDVOT0VBUHNxOTQ5cWlFVHU4ZlJEVUdkanozSkZSKwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURhekNDQXhHZ0F3SUJBZ0lSQUoranowQ1p5aGV5Nk5tVWxTZnBoVUF3Q2dZSUtvWkl6ajBFQXdJd0hqRWMKTUJvR0ExVUVBeE1UYTNWMGRHd3RjMlZzWm5OcFoyNWxaQzFqWVRBZUZ3MHlOREF4TVRneE16STFNekJhRncweQpOVEEzTURFeE16STFNekJhTURNeEZqQVVCZ05WQkFvVERXTnNkWE4wWlhJdWJHOWpZV3d4R1RBWEJnTlZCQU1UCkVHOXdaVzV6ZEdGamF5MW5ZV3hsY21Fd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUIKQVFEUTBmeFVYZVFvRTVhOGNmb1hTYXBpbmM2dDhHaTI2UFNrQW5kSDVXWG5jQVVmWFU1dEVqdkpWTVlPSmc2Rwp0amtyaHBTbjljL0JNTFlGUldKN2YxYVE1WXlpUTFKMkNYYjN1VlJPNTV3a3VZbmtJQ2Z0QjdERDVWTWVNQ3VDCkhZV0JqZm1vci94L3FLcGcrZ1BBV3NsY25VS245bFBudGRSQXFrU0hFM2lWRzNoR3R2ZDR4YWZ6eGt5bnJheGMKaU9pLysyVVUyeXlnTG0wM1AxRno0RU5BaUhNaVk4RTgxcGUrSit1OC9WMXNxaVNBdkg2b2RlR1Q2S2hrS2kwbworVnlwcGx2dnM4RnFTdUswRk9HbmhnbFhTWDRwZWM4V2ZCdVJXY2djMU9MbGtLMWJPb25ERzlIeVFabi85VWJwCi9wSTdZem5nU3R4TWhEMW56TmRnUTJJVEFnTUJBQUdqZ2dGT01JSUJTakFkQmdOVkhTVUVGakFVQmdnckJnRUYKQlFjREFRWUlLd1lCQlFVSEF3SXdEQVlEVlIwVEFRSC9CQUl3QURBZkJnTlZIU01FR0RBV2dCUUxtOGNqZjd2Zwo5ZjRxN2wzNWY3VjFRc2xEOWpDQitRWURWUjBSQklIeE1JSHVnaGR2Y0dWdWMzUmhZMnN1YjNCbGJuTjBZV05yCkxuTjJZNElsYjNCbGJuTjBZV05yTG05d1pXNXpkR0ZqYXk1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJU0tpNXYKY0dWdWMzUmhZMnN0WjJGc1pYSmhnaHdxTG05d1pXNXpkR0ZqYXkxbllXeGxjbUV1YjNCbGJuTjBZV05yZ2lBcQpMbTl3Wlc1emRHRmpheTFuWVd4bGNtRXViM0JsYm5OMFlXTnJMbk4yWTRJb0tpNXZjR1Z1YzNSaFkyc3RaMkZzClpYSmhMbTl3Wlc1emRHRmpheTV6ZG1NdVkyeDFjM1JsY29JdUtpNXZjR1Z1YzNSaFkyc3RaMkZzWlhKaExtOXcKWlc1emRHRmpheTV6ZG1NdVkyeDFjM1JsY2k1c2IyTmhiREFLQmdncWhrak9QUVFEQWdOSUFEQkZBaUJ6Q1RGbgoyc1BVRHNvTFdYNy9nMlZDbjBsVEtjWVRLdkg3OGtDbUhXK3R6d0loQUxMa1hENWUvZ1hwNVF2UlYvNlhIbk15CjJ2YU5UQStLQXZicnFaR3JLRCtzCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRFEwZnhVWGVRb0U1YTgKY2ZvWFNhcGluYzZ0OEdpMjZQU2tBbmRINVdYbmNBVWZYVTV0RWp2SlZNWU9KZzZHdGprcmhwU245Yy9CTUxZRgpSV0o3ZjFhUTVZeWlRMUoyQ1hiM3VWUk81NXdrdVlua0lDZnRCN0RENVZNZU1DdUNIWVdCamZtb3IveC9xS3BnCitnUEFXc2xjblVLbjlsUG50ZFJBcWtTSEUzaVZHM2hHdHZkNHhhZnp4a3lucmF4Y2lPaS8rMlVVMnl5Z0xtMDMKUDFGejRFTkFpSE1pWThFODFwZStKK3U4L1Yxc3FpU0F2SDZvZGVHVDZLaGtLaTBvK1Z5cHBsdnZzOEZxU3VLMApGT0duaGdsWFNYNHBlYzhXZkJ1UldjZ2MxT0xsa0sxYk9vbkRHOUh5UVpuLzlVYnAvcEk3WXpuZ1N0eE1oRDFuCnpOZGdRMklUQWdNQkFBRUNnZ0VBSVNxSTRqbDdhR1ljRmRnZ2VaeG9wSHNkL1lCbWtVNlV0SXZ6dUFhV1ZkanoKNTFSaGhXOVU4WmcyVUw3NHBhckJqOGt6U1M0QWpsV1hRMlVPekVDZ1Zpa3ZXZ0pKVVpnVlBpbEFXN3ZyaitXcwpJZ0I5ZHVjMnl4WmNTam9xWHVNamRqMC9mdXhjdFVYcnNiVmo3U1ErUVNoMUVzcEw3MHh3NXNoa1UvUGl2Z095Ck4rbHh5UFhCK0RxVGdYSDRpVmQxbHNsaXpCbjB6d0VDb2d5V0RoVEg2d1pVYTBLWDNSVk1CcEhZTEZpdXBGZmgKWU9nbExIa2JDTmtzRXg3Zlg3Rks5eUVmQUxEeGZXSkVpQXRheGpEeng2NmVucFoyVWQzNU91MkNwYVdZbHNjNQpoOUNZRkRjeTVnYmZrL0xKdHFmZ2E0OVg4OUtBeXJrcDlUMS9McTNkU1FLQmdRRFU3dGRMUzVMeDJvUUx2Qi9vCk43ZFlWVGxXZW1BUWpqMFk0RHhVZmNOVE1oUmV6N01FM1dTcFlHYS9CWjNwQjROVGdhcG1qeEdqL2MveGZ3MHUKSG5pd2dFQU5vby9jNHNGVHJlWFBqNnYwbUdvbTZFcHd5UC9GL1NWNnFMVWNGS3piUFVtRTRnd3FtRWRiUjVZZwpsVCtzdHdOZ2czS3gwQW5sR1VucEcvODVIUUtCZ1FEN0RqSzFyejBFbW5aNU1OOXhrdUNYdzcxMzJxMTB1NWpsCjR1WEVqUG92cjZsamM4c3lMOEROUGNMSGxLWkpOUTZyL011T1ovekpDVGRvNWw1dDB0UnNnSFhyZktIN2NXN20KbUpocFk0amZQT0g5VlYveHFaVllGd2JXcVFVaXFtM290OHlTdmhzcE0rbFZmNnhiNHRYOUVVZWl5TWJXTEE1bwp4bGpwNG5SUTd3S0JnUUMrRUJyNFNKTDNjbmNmQ21Mb29xTHpJODgwVTdOZjA3YlJkNFlpWE1kMmdXTVJaZytECkxpTGwxUGloVldBb1d0NXNNWGRxYUJYMDdWOHBUcUR6STV2UzRBZE1wR2dKWUJYMG5XcGVKUDMySy8zRWtOK3gKWUpoOW40Sk94RHcwdm5lMGtqWUhlTVluVnhtS2JwR2dyOWZRVU9PZ3lIUWVKM1pObW84UWxqN3dPUUtCZ1FEQgpXbHYveGFqdTVLK2VBdC8wTHJTKzdjZjhpUFRTVkxFYlREYTl1LzNyd0JSclBnRWU4OXcvdGZOUGx0TEN5eFF6CnJZeHdidkluT3V2cjVKQ1JjTENkcUFvcGhXR1RyL2REcmY2a0hENkwvKzNsR0YyK1YyZG40c1FuaXlFalk3TW0KYW5ncUJEUVM5YUlkY1NrajAzNFBXOEdhUTV1djAxcDlvMVZUUEU5dERRS0JnSGlsbDhpMXIydFdrQUsxTERRbwpYWlRJUnNrb0dUaGFLbVNkNnNLMkxQK0xOMFZ0R3NZem5salhSYldWOE9ubHdUMThTWWhCbFRaNnVrN29GMTFKCmdJYzIwZEs1UUkzcVJoa3JoT21FaGlqTHI3ZkJIei9XRTVvbFppR1locHZJcDZ4QWlpN3BHNlIxYzJZUmtZUnkKY0lvanpYNm5zVmpDeUYrNTNabjJNdExKCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K # notsecret

tests/chainsaw/config.yaml

@@ -0,0 +1,15 @@
+apiVersion: chainsaw.kyverno.io/v1alpha2
+kind: Configuration
+metadata:
+  name: config
+spec:
+  timeouts:
+    assert: 180s
+    delete: 180s
+    cleanup: 180s
+    exec: 60s
+  execution:
+    failFast: true
+    parallel: 1
+  deletion:
+    propagation: Foreground

tests/chainsaw/scripts/connect.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+PID=
+connect() {
+    exec 6>&- 7<&-
+    stdbuf -oL mysql --verbose -uroot -p$DB_ROOT_PASSWORD -h openstack -sN --raw --batch </tmp/cmd >/tmp/out &
+    exec 6> /tmp/cmd 7< /tmp/out
+    PID=$!
+}
+last=""
+mkfifo /tmp/cmd /tmp/out
+while true; do
+    kill -0 $PID 2>/dev/null || connect
+    echo "show variables like 'wsrep_node_name';" >&6
+    # read 4 status line before the mysql answer
+    for i in `seq 5`; do
+        read -r out <&7;
+    done
+    out=$(echo "$out" | sed -ne 's/^wsrep_.*\t//p')
+    if [ -n "$out" -a "$out" != "$last" ]; then
+        last=$out
+        echo $last
+    fi
+    sleep 0.5
+done

tests/chainsaw/scripts/mysql-cli.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+set -u
+ARGS=$1
+SQL=$2
+CMD="mysql -uroot -p\$DB_ROOT_PASSWORD $ARGS \"$SQL\""
+oc exec -n ${NAMESPACE} -c galera openstack-galera-0 -- /bin/sh -c "$CMD"

tests/chainsaw/tests/account/account-assert.yaml

@@ -0,0 +1,25 @@
+---
+apiVersion: mariadb.openstack.org/v1beta1
+kind: MariaDBAccount
+metadata:
+  labels:
+    mariaDBDatabaseName: testdb-accounttest
+  name: testdb-some-db-account
+status:
+  conditions:
+  - message: Setup complete
+    reason: Ready
+    status: "True"
+    type: Ready
+  - message: MariaDBAccount creation complete
+    reason: Ready
+    status: "True"
+    type: MariaDBAccountReady
+  - message: MariaDBDatabase ready
+    reason: Ready
+    status: "True"
+    type: MariaDBDatabaseReady
+  - message: MariaDB / Galera server ready
+    reason: Ready
+    status: "True"
+    type: MariaDBServerReady

tests/chainsaw/tests/account/account-missing-secret-assert.yaml

@@ -0,0 +1,27 @@
+---
+apiVersion: mariadb.openstack.org/v1beta1
+kind: MariaDBAccount
+metadata:
+  labels:
+    mariaDBDatabaseName: testdb-accounttest
+  name: testdb-some-db-account
+status:
+  conditions:
+    # message: 'MariaDBAccount secret is missing or incomplete: Secret $NAMESPACE/some-db-secret not found'
+  - reason: SecretMissing
+    severity: Info
+    status: "False"
+    type: Ready
+    # message: 'MariaDBAccount secret is missing or incomplete: Secret $NAMESPACE/some-db-secret not found'
+  - reason: SecretMissing
+    severity: Info
+    status: "False"
+    type: MariaDBAccountReady
+  - message: MariaDBDatabase ready
+    reason: Ready
+    status: "True"
+    type: MariaDBDatabaseReady
+  - message: MariaDB / Galera server ready
+    reason: Ready
+    status: "True"
+    type: MariaDBServerReady

tests/chainsaw/tests/account/account-secret.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+data:
+  DatabasePassword: ZGJzZWNyZXQx
+kind: Secret
+metadata:
+  name: some-db-secret
+type: Opaque