sa_8001/offline_kubespray
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

collection 교체

Browse Source
This commit is contained in:
정훈 변
2024-02-23 16:37:40 +09:00
parent b494779b5b
commit 3fd554eee9
38862 changed files with 220204 additions and 6600073 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
collection/community/general/tests/integration/targets/consul/aliases
View File

@@ -1,4 +1,8 @@
shippable/posix/group2
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
azp/posix/2
destructive
skip/aix
skip/macos # cannot simply create binaries in system locations on newer macOS versions

5
collection/community/general/tests/integration/targets/consul/meta/main.yml
View File

@@ -1,5 +1,10 @@
---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
dependencies:
- setup_pkg_mgr
- setup_openssl
- setup_remote_tmp_dir
- setup_remote_constraints

74
collection/community/general/tests/integration/targets/consul/tasks/consul_auth_method.yml Normal file
View File

@@ -0,0 +1,74 @@
---
# Copyright (c) 2024, Florian Apolloner (@apollo13)
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
- name: Create an auth method
community.general.consul_auth_method:
name: test
type: jwt
config:
jwt_validation_pubkeys:
- |
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1SU1LfVLPHCozMxH2Mo
4lgOEePzNm0tRgeLezV6ffAt0gunVTLw7onLRnrq0/IzW7yWR7QkrmBL7jTKEn5u
+qKhbwKfBstIs+bMY2Zkp18gnTxKLxoS2tFczGkPLPgizskuemMghRniWaoLcyeh
kd3qqGElvW/VDL5AaWTg0nLVkjRo9z+40RQzuVaE8AkAFmxZzow3x+VJYKdjykkJ
0iT9wCS0DRTXu269V264Vf/3jvredZiKRkgwlL9xNAwxXFg0x/XFw005UWVRIkdg
cKWTjpBP2dPwVZ4WWC+9aGVd+Gyn1o0CLelf4rEjGoXbAAEgAqeGUxrcIlbjXfbc
mwIDAQAB
-----END PUBLIC KEY-----
register: result
- assert:
that:
- result is changed
- result.auth_method.Type == 'jwt'
- result.operation == 'create'
- name: Update auth method
community.general.consul_auth_method:
name: test
max_token_ttl: 30m80s
register: result
- assert:
that:
- result is changed
- result.auth_method.Type == 'jwt'
- result.operation == 'update'
- name: Update auth method (noop)
community.general.consul_auth_method:
name: test
max_token_ttl: 30m80s
register: result
- assert:
that:
- result is not changed
- result.auth_method.Type == 'jwt'
- result.operation is not defined
- name: Delete auth method
community.general.consul_auth_method:
name: test
state: absent
register: result
- assert:
that:
- result is changed
- result.operation == 'remove'
- name: Delete auth method (noop)
community.general.consul_auth_method:
name: test
state: absent
register: result
- assert:
that:
- result is not changed
- result.operation is not defined

73
collection/community/general/tests/integration/targets/consul/tasks/consul_binding_rule.yml Normal file
View File

@@ -0,0 +1,73 @@
---
# Copyright (c) 2024, Florian Apolloner (@apollo13)
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
- name: Create an auth method
community.general.consul_auth_method:
name: test
type: jwt
config:
jwt_validation_pubkeys:
- |
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1SU1LfVLPHCozMxH2Mo
4lgOEePzNm0tRgeLezV6ffAt0gunVTLw7onLRnrq0/IzW7yWR7QkrmBL7jTKEn5u
+qKhbwKfBstIs+bMY2Zkp18gnTxKLxoS2tFczGkPLPgizskuemMghRniWaoLcyeh
kd3qqGElvW/VDL5AaWTg0nLVkjRo9z+40RQzuVaE8AkAFmxZzow3x+VJYKdjykkJ
0iT9wCS0DRTXu269V264Vf/3jvredZiKRkgwlL9xNAwxXFg0x/XFw005UWVRIkdg
cKWTjpBP2dPwVZ4WWC+9aGVd+Gyn1o0CLelf4rEjGoXbAAEgAqeGUxrcIlbjXfbc
mwIDAQAB
-----END PUBLIC KEY-----
- name: Create a binding rule
community.general.consul_binding_rule:
name: test-binding
description: my description
auth_method: test
bind_type: service
bind_name: yolo
register: result
- assert:
that:
- result is changed
- result.binding_rule.AuthMethod == 'test'
- result.binding.Description == 'test-binding: my description'
- result.operation == 'create'
- name: Update a binding rule
community.general.consul_binding_rule:
name: test-binding
auth_method: test
bind_name: yolo2
register: result
- assert:
that:
- result is changed
- result.binding.Description == 'test-binding: my description'
- result.operation == 'update'
- name: Update a binding rule (noop)
community.general.consul_binding_rule:
name: test-binding
auth_method: test
register: result
- assert:
that:
- result is not changed
- result.binding.Description == 'test-binding: my description'
- result.operation is not defined
- name: Delete a binding rule
community.general.consul_binding_rule:
name: test-binding
auth_method: test
state: absent
register: result
- assert:
that:
- result is changed
- result.operation == 'remove'

76
collection/community/general/tests/integration/targets/consul/tasks/consul_general.yml Normal file
View File

@@ -0,0 +1,76 @@
---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
- name: ensure unknown scheme fails
consul_session:
state: info
id: dummy
scheme: non_existent
token: "{{ consul_management_token }}"
register: result
ignore_errors: true
- assert:
that:
- result is failed
- name: ensure SSL certificate is checked
consul_session:
state: info
id: dummy
port: 8501
scheme: https
token: "{{ consul_management_token }}"
register: result
ignore_errors: true
- name: previous task should fail since certificate is not known
assert:
that:
- result is failed
- "'certificate verify failed' in result.msg"
- name: ensure SSL certificate isn't checked when validate_certs is disabled
consul_session:
state: info
id: dummy
port: 8501
scheme: https
token: "{{ consul_management_token }}"
validate_certs: false
register: result
- name: previous task should succeed since certificate isn't checked
assert:
that:
- result is changed
- name: ensure a secure connection is possible
consul_session:
state: info
id: dummy
port: 8501
scheme: https
token: "{{ consul_management_token }}"
ca_path: '{{ remote_dir }}/cert.pem'
register: result
- assert:
that:
- result is changed
- name: ensure connection errors are handled properly
consul_session:
state: info
id: dummy
token: "{{ consul_management_token }}"
port: 1234
register: result
ignore_errors: true
- assert:
that:
- result is failed
- result.msg.startswith('Could not connect to consul agent at localhost:1234, error was')

57
collection/community/general/tests/integration/targets/consul/tasks/consul_kv.yml Normal file
View File

@@ -0,0 +1,57 @@
---
# Copyright (c) 2024, Florian Apolloner (@apollo13)
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
- name: Create a key
consul_kv:
key: somekey
value: somevalue
token: "{{ consul_management_token }}"
register: result
- assert:
that:
- result is changed
- result.data.Value == 'somevalue'
#- name: Test the lookup
# assert:
# that:
# - lookup('community.general.consul_kv', 'somekey', token=consul_management_token) == 'somevalue'
- name: Update a key with the same data
consul_kv:
key: somekey
value: somevalue
token: "{{ consul_management_token }}"
register: result
- assert:
that:
- result is not changed
- result.data.Value == 'somevalue'
- name: Remove a key from the store
consul_kv:
key: somekey
state: absent
token: "{{ consul_management_token }}"
register: result
- assert:
that:
- result is changed
- result.data.Value == 'somevalue'
- name: Remove a non-existant key from the store
consul_kv:
key: somekey
state: absent
token: "{{ consul_management_token }}"
register: result
- assert:
that:
- result is not changed
- not result.data

72
collection/community/general/tests/integration/targets/consul/tasks/consul_policy.yml Normal file
View File

@@ -0,0 +1,72 @@
---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
- name: Create a policy with rules
consul_policy:
name: foo-access
rules: |
key "foo" {
policy = "read"
}
key "private/foo" {
policy = "deny"
}
register: result
- assert:
that:
- result is changed
- result.policy.Name == 'foo-access'
- result.operation == 'create'
- name: Update the rules associated to a policy
consul_policy:
name: foo-access
rules: |
key "foo" {
policy = "read"
}
key "private/foo" {
policy = "deny"
}
event "bbq" {
policy = "write"
}
register: result
- assert:
that:
- result is changed
- result.operation == 'update'
- name: Update reports not changed when updating again without changes
consul_policy:
name: foo-access
rules: |
key "foo" {
policy = "read"
}
key "private/foo" {
policy = "deny"
}
event "bbq" {
policy = "write"
}
register: result
- assert:
that:
- result is not changed
- result.operation is not defined
- name: Remove a policy
consul_policy:
name: foo-access
state: absent
register: result
- assert:
that:
- result is changed
- result.operation == 'remove'

194
collection/community/general/tests/integration/targets/consul/tasks/consul_role.yml Normal file
View File

@@ -0,0 +1,194 @@
---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
- name: Create a policy with rules
consul_policy:
name: foo-access-for-role
rules: |
key "foo" {
policy = "read"
}
key "private/foo" {
policy = "deny"
}
register: policy_result
- name: Create another policy with rules
consul_policy:
name: bar-access-for-role
rules: |
key "bar" {
policy = "read"
}
key "private/bar" {
policy = "deny"
}
register: policy_result
- name: Create a role with policy
consul_role:
name: foo-role-with-policy
policies:
- name: "foo-access-for-role"
register: result
- assert:
that:
- result is changed
- result.role.Name == 'foo-role-with-policy'
- result.operation == 'create'
- name: Update policy description, in check mode
consul_role:
name: foo-role-with-policy
description: "Testing updating description"
check_mode: yes
register: result
- assert:
that:
- result is changed
- result.role.Description == "Testing updating description"
- result.role.Policies.0.Name == 'foo-access-for-role'
- result.operation == 'update'
- name: Update policy to add the description
consul_role:
name: foo-role-with-policy
description: "Role for testing policies"
register: result
- assert:
that:
- result is changed
- result.role.Description == "Role for testing policies"
- result.role.Policies.0.Name == 'foo-access-for-role'
- result.operation == 'update'
- name: Update the role with another policy, also testing leaving description blank
consul_role:
name: foo-role-with-policy
policies:
- name: "foo-access-for-role"
- name: "bar-access-for-role"
register: result
- assert:
that:
- result is changed
- result.role.Policies.0.Name == 'foo-access-for-role'
- result.role.Policies.1.Name == 'bar-access-for-role'
- result.role.Description == "Role for testing policies"
- result.operation == 'update'
- name: Create a role with service identity
consul_role:
name: role-with-service-identity
service_identities:
- name: web
datacenters:
- dc1
register: result
- assert:
that:
- result is changed
- result.role.ServiceIdentities.0.ServiceName == "web"
- result.role.ServiceIdentities.0.Datacenters.0 == "dc1"
- name: Update the role with service identity in check mode
consul_role:
name: role-with-service-identity
service_identities:
- name: web
datacenters:
- dc2
register: result
check_mode: yes
- assert:
that:
- result is changed
- result.role.ServiceIdentities.0.ServiceName == "web"
- result.role.ServiceIdentities.0.Datacenters.0 == "dc2"
- name: Update the role with service identity to add a policy, leaving the service id unchanged
consul_role:
name: role-with-service-identity
policies:
- name: "foo-access-for-role"
register: result
- assert:
that:
- result is changed
- result.role.ServiceIdentities.0.ServiceName == "web"
- result.role.ServiceIdentities.0.Datacenters.0 == "dc1"
- result.role.Policies.0.Name == 'foo-access-for-role'
- name: Update the role with service identity to remove the policies
consul_role:
name: role-with-service-identity
policies: []
register: result
- assert:
that:
- result is changed
- result.role.ServiceIdentities.0.ServiceName == "web"
- result.role.ServiceIdentities.0.Datacenters.0 == "dc1"
- result.role.Policies is not defined
- name: Update the role with service identity to remove the node identities, in check mode
consul_role:
name: role-with-service-identity
node_identities: []
register: result
check_mode: yes
- assert:
that:
- result is changed
- result.role.ServiceIdentities.0.ServiceName == "web"
- result.role.ServiceIdentities.0.Datacenters.0 == "dc1"
- result.role.Policies is not defined
- result.role.NodeIdentities == [] # in check mode the cleared field is returned as an empty array
- name: Update the role with service identity to remove the service identities
consul_role:
name: role-with-service-identity
service_identities: []
register: result
- assert:
that:
- result is changed
- result.role.ServiceIdentities is not defined # in normal mode the dictionary is removed from the result
- result.role.Policies is not defined
- name: Create a role with node identity
consul_role:
name: role-with-node-identity
node_identities:
- name: node-1
datacenter: dc2
register: result
- assert:
that:
- result is changed
- result.role.NodeIdentities.0.NodeName == "node-1"
- result.role.NodeIdentities.0.Datacenter == "dc2"
- name: Remove the last role
consul_role:
name: role-with-node-identity
state: absent
register: result
- assert:
that:
- result is changed
- result.operation == 'remove'

78
collection/community/general/tests/integration/targets/consul/tasks/consul_session.yml
View File

@@ -1,3 +1,8 @@
---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
- name: list sessions
consul_session:
state: list
@@ -40,14 +45,14 @@
- name: search created session
set_fact:
test_session_found: True
test_session_found: true
loop: "{{ result['sessions'] }}"
when: "item.get('ID') == session_id and item.get('Name') == 'testsession'"
- name: ensure session was created
assert:
that:
- test_session_found|default(False)
- test_session_found|default(false)
- name: fetch info about a session
consul_session:
@@ -64,67 +69,12 @@
state: info
name: test
register: result
ignore_errors: True
ignore_errors: true
- assert:
that:
- result is failed
- name: ensure unknown scheme fails
consul_session:
state: info
id: '{{ session_id }}'
scheme: non_existent
register: result
ignore_errors: True
- assert:
that:
- result is failed
- name: ensure SSL certificate is checked
consul_session:
state: info
id: '{{ session_id }}'
port: 8501
scheme: https
register: result
ignore_errors: True
- name: previous task should fail since certificate is not known
assert:
that:
- result is failed
- "'certificate verify failed' in result.msg"
- name: ensure SSL certificate isn't checked when validate_certs is disabled
consul_session:
state: info
id: '{{ session_id }}'
port: 8501
scheme: https
validate_certs: False
register: result
- name: previous task should succeed since certificate isn't checked
assert:
that:
- result is changed
- name: ensure a secure connection is possible
consul_session:
state: info
id: '{{ session_id }}'
port: 8501
scheme: https
environment:
REQUESTS_CA_BUNDLE: '{{ remote_dir }}/cert.pem'
register: result
- assert:
that:
- result is changed
- name: delete a session
consul_session:
state: absent
@@ -158,3 +108,15 @@
that:
- search_deleted is skipped # each iteration is skipped
- search_deleted is not changed # and then unchanged
- name: ensure session can be created with a ttl
consul_session:
state: present
name: session-with-ttl
ttl: 180 # sec
register: result
- assert:
that:
- result is changed
- result['ttl'] == 180

77
collection/community/general/tests/integration/targets/consul/tasks/consul_token.yml Normal file
View File

@@ -0,0 +1,77 @@
---
# Copyright (c) 2024, Florian Apolloner (@apollo13)
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
- name: Create a policy with rules
community.general.consul_policy:
name: "{{ item }}"
rules: |
key "foo" {
policy = "read"
}
loop:
- foo-access
- foo-access2
- name: Create token
community.general.consul_token:
state: present
accessor_id: 07a7de84-c9c7-448a-99cc-beaf682efd21
service_identities:
- service_name: test
datacenters: [test1, test2]
node_identities:
- node_name: test
datacenter: test
policies:
- name: foo-access
- name: foo-access2
expiration_ttl: 1h
register: create_result
- assert:
that:
- create_result is changed
- create_result.token.AccessorID == "07a7de84-c9c7-448a-99cc-beaf682efd21"
- create_result.operation == 'create'
- name: Update token
community.general.consul_token:
state: present
accessor_id: 07a7de84-c9c7-448a-99cc-beaf682efd21
description: Testing
policies:
- id: "{{ create_result.token.Policies[-1].ID }}"
service_identities: []
register: result
- assert:
that:
- result is changed
- result.operation == 'update'
- name: Update token (noop)
community.general.consul_token:
state: present
accessor_id: 07a7de84-c9c7-448a-99cc-beaf682efd21
policies:
- id: "{{ create_result.token.Policies[-1].ID }}"
register: result
- assert:
that:
- result is not changed
- result.operation is not defined
- name: Remove token
community.general.consul_token:
state: absent
accessor_id: 07a7de84-c9c7-448a-99cc-beaf682efd21
register: result
- assert:
that:
- result is changed
- not result.token
- result.operation == 'remove'

35
collection/community/general/tests/integration/targets/consul/tasks/main.yml
View File

@@ -1,23 +1,30 @@
---
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
- name: Install Consul and test
vars:
consul_version: 1.5.0
consul_uri: https://s3.amazonaws.com/ansible-ci-files/test/integration/targets/consul/consul_{{ consul_version }}_{{ ansible_system | lower }}_{{ consul_arch }}.zip
consul_version: 1.13.2
consul_uri: https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_{{ ansible_system | lower }}_{{ consul_arch }}.zip
consul_cmd: '{{ remote_tmp_dir }}/consul'
block:
- name: Install requests<2.20 (CentOS/RHEL 6)
pip:
name: requests<2.20
extra_args: "-c {{ remote_constraints }}"
register: result
until: result is success
when: ansible_distribution_file_variety|default() == 'RedHat' and ansible_distribution_major_version is version('6', '<=')
- name: Install python-consul
pip:
name: python-consul
extra_args: "-c {{ remote_constraints }}"
register: result
until: result is success
- name: Generate privatekey
@@ -69,14 +76,32 @@
dest: '{{ remote_tmp_dir }}/consul_config.hcl'
- name: Start Consul (dev mode enabled)
shell: nohup {{ consul_cmd }} agent -dev -config-file {{ remote_tmp_dir }}/consul_config.hcl </dev/null >/dev/null 2>&1 &
- name: Bootstrap ACL
consul_acl_bootstrap:
register: consul_bootstrap_result
- set_fact:
consul_management_token: '{{ consul_bootstrap_result.result.SecretID }}'
- name: Create some data
command: '{{ consul_cmd }} kv put data/value{{ item }} foo{{ item }}'
command: '{{ consul_cmd }} kv put -token={{consul_management_token}} data/value{{ item }} foo{{ item }}'
loop:
- 1
- 2
- 3
- import_tasks: consul_session.yml
- import_tasks: consul_general.yml
- import_tasks: consul_kv.yml
- block:
- import_tasks: consul_session.yml
- import_tasks: consul_policy.yml
- import_tasks: consul_role.yml
- import_tasks: consul_token.yml
- import_tasks: consul_auth_method.yml
- import_tasks: consul_binding_rule.yml
module_defaults:
group/community.general.consul:
token: "{{ consul_management_token }}"
always:
- name: Kill consul process
shell: kill $(cat {{ remote_tmp_dir }}/consul.pid)
ignore_errors: true
ignore_errors: true

10
collection/community/general/tests/integration/targets/consul/templates/consul_config.hcl.j2
View File

@@ -1,3 +1,8 @@
{#
Copyright (c) Ansible Project
GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
SPDX-License-Identifier: GPL-3.0-or-later
#}
# {{ ansible_managed }}
server = true
pid_file = "{{ remote_dir }}/consul.pid"
@@ -7,3 +12,8 @@ ports {
}
key_file = "{{ remote_dir }}/privatekey.pem"
cert_file = "{{ remote_dir }}/cert.pem"
acl {
enabled = true
default_policy = "deny"
down_policy = "extend-cache"
}