Skip to content
This repository was archived by the owner on Aug 12, 2024. It is now read-only.

Commit 5255369

Browse files
author
Sean Sundberg
authored
Adds test for role bindings in cluster (#100)
Signed-off-by: Sean Sundberg <[email protected]>
1 parent 774c560 commit 5255369

File tree

6 files changed

+82
-10
lines changed

6 files changed

+82
-10
lines changed

main.tf

Lines changed: 17 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -94,10 +94,8 @@ data ibm_container_cluster_versions cluster_versions {
9494
resource_group_id = data.ibm_resource_group.resource_group.id
9595
}
9696

97-
module setup_clis {
98-
source = "cloud-native-toolkit/clis/util"
99-
100-
clis = ["jq"]
97+
data clis_check clis {
98+
clis = ["jq","oc"]
10199
}
102100

103101
data ibm_is_vpc vpc {
@@ -229,6 +227,7 @@ data external credentials {
229227
username = "apikey"
230228
ibmcloud_api_key = var.ibmcloud_api_key
231229
token = ""
230+
bin_dir = data.clis_check.clis.bin_dir
232231
}
233232
}
234233

@@ -262,6 +261,20 @@ data ibm_container_cluster_config cluster {
262261
config_dir = data.external.dirs.result.cluster_config_dir
263262
}
264263

264+
resource null_resource wait_for_iam_sync {
265+
count = local.login ? 1 : 0
266+
depends_on = [data.ibm_container_cluster_config.cluster]
267+
268+
provisioner "local-exec" {
269+
command = "${path.module}/scripts/wait-for-iam-sync.sh"
270+
271+
environment = {
272+
BIN_DIR = data.clis_check.clis.bin_dir
273+
KUBECONFIG = local.cluster_config
274+
}
275+
}
276+
}
277+
265278
data "ibm_container_vpc_cluster_worker" "workers" {
266279
depends_on = [
267280
data.ibm_container_vpc_cluster.config

module.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,8 @@ versions:
1414
providers:
1515
- name: ibm
1616
source: "ibm-cloud/ibm"
17+
- name: clis
18+
source: "cloud-native-toolkit/clis"
1719
dependencies:
1820
- id: resource-group
1921
refs:

outputs.tf

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -11,19 +11,19 @@ output "name" {
1111
output "resource_group_name" {
1212
value = var.resource_group_name
1313
description = "Name of the resource group containing the cluster."
14-
depends_on = [data.ibm_container_cluster_config.cluster]
14+
depends_on = [null_resource.wait_for_iam_sync]
1515
}
1616

1717
output "region" {
1818
value = var.region
1919
description = "Region containing the cluster."
20-
depends_on = [data.ibm_container_cluster_config.cluster]
20+
depends_on = [null_resource.wait_for_iam_sync]
2121
}
2222

2323
output "config_file_path" {
2424
value = local.cluster_config
2525
description = "Path to the config file for the cluster."
26-
depends_on = [data.ibm_container_cluster_config.cluster]
26+
depends_on = [null_resource.wait_for_iam_sync]
2727
}
2828

2929
output "platform" {
@@ -39,13 +39,13 @@ output "platform" {
3939
}
4040
sensitive = true
4141
description = "Configuration values for the cluster platform"
42-
depends_on = [data.ibm_container_cluster_config.cluster]
42+
depends_on = [null_resource.wait_for_iam_sync]
4343
}
4444

4545
output "sync" {
4646
value = local.cluster_name
4747
description = "Value used to sync downstream modules"
48-
depends_on = [data.ibm_container_cluster_config.cluster]
48+
depends_on = [null_resource.wait_for_iam_sync]
4949
}
5050

5151
output "total_worker_count" {

scripts/wait-for-iam-sync.sh

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
#!/usr/bin/env bash
2+
3+
if [[ -n "${BIN_DIR}" ]]; then
4+
export PATH="${BIN_DIR}:${PATH}"
5+
fi
6+
7+
if [[ -z "${KUBECONFIG}" ]]; then
8+
exit 0
9+
fi
10+
11+
USERNAME=$(oc whoami)
12+
13+
echo "Checking for user: $USERNAME"
14+
15+
count=0
16+
until [[ -n $(oc get user -o json | jq -r --arg NAME "${USERNAME}" '.items[].metadata.name | select(. == $NAME)') ]] || [[ $count -eq 20 ]]; do
17+
count=$((count + 1))
18+
echo " Waiting for 30 seconds"
19+
sleep 30
20+
done
21+
22+
if [[ $count -eq 20 ]]; then
23+
echo "Timed out waiting for user: $USERNAME" >&2
24+
exit 1
25+
else
26+
echo " Found user: $USERNAME"
27+
fi
28+
29+
echo "Waiting for role bindings for user: $USERNAME"
30+
31+
function role_binding_count {
32+
local name="$1"
33+
34+
local length=$(oc get clusterrolebinding -o json | jq --arg NAME "${name}" '[.items[] | select(.metadata.name | test("ibm-admin|ibm-edit|ibm-view")) | .subjects[] | select(.name | test($NAME))] | length')
35+
36+
echo "${length}"
37+
}
38+
39+
count=0
40+
until [[ $(role_binding_count "${USERNAME}") -gt 0 ]] || [[ $count -eq 20 ]]; do
41+
count=$((count + 1))
42+
echo " Waiting for 30 seconds"
43+
sleep 30
44+
done
45+
46+
if [[ $count -eq 20 ]]; then
47+
echo "Timed out waiting for role bindings: $USERNAME" >&2
48+
exit 1
49+
else
50+
echo " Found role bindings for user: $USERNAME"
51+
fi

test/stages/stage0.tf

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,9 @@ terraform {
55
ibm = {
66
source = "ibm-cloud/ibm"
77
}
8+
clis = {
9+
source = "cloud-native-toolkit/clis"
10+
}
811
}
912
}
1013

version.tf

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,11 @@ terraform {
33

44
required_providers {
55
ibm = {
6-
source = "ibm-cloud/ibm"
6+
source = "ibm-cloud/ibm"
77
version = ">= 1.18"
88
}
9+
clis = {
10+
source = "cloud-native-toolkit/clis"
11+
}
912
}
1013
}

0 commit comments

Comments
 (0)