Support customization in test-e2e-ansible

Signed-off-by: arkadeepsen <[email protected]>

Author: arkadeepsen

Makefile

@@ -160,8 +160,12 @@ test-e2e-teardown: $(KIND)
 $(e2e_targets):: test-e2e-setup
 test-e2e:: $(e2e_tests) ## Run e2e tests
 
-test-e2e-ansible:: image/ansible-operator ## Run Ansible e2e tests
+test-e2e-ansible:: image/ansible-operator test-e2e-ansible-run ## Run Ansible e2e tests
+
+.PHONY: test-e2e-ansible-run
+test-e2e-ansible-run:
 	go test ./test/e2e/ansible -v -ginkgo.v
+
 test-e2e-ansible-molecule:: install dev-install image/ansible-operator ## Run molecule-based Ansible e2e tests
 	go run ./hack/generate/samples/molecule/generate.go
 	./hack/tests/e2e-ansible-molecule.sh

hack/generate/samples/ansible/generate.go

@@ -42,6 +42,12 @@ var memcachedGVK = schema.GroupVersionKind{
 	Kind:    "Memcached",
 }
 
+var skipSecretGeneration = ""
+
+func init() {
+	skipSecretGeneration = os.Getenv("SKIP_SECRET_GENERATION")
+}
+
 func getCli() *cli.CLI {
 	ansibleBundle, _ := plugin.NewBundleWithOptions(
 		plugin.WithName(golang.DefaultNameQualifier),
@@ -128,21 +134,25 @@ func GenerateMoleculeSample(samplesPath string) []sample.Sample {
 	)
 	pkg.CheckError("attempting to create sample cli", err)
 
-	addIgnore, err := samplecli.NewCliSample(
-		samplecli.WithCLI(getCli()),
-		samplecli.WithCommandContext(ansibleMoleculeMemcached.CommandContext()),
-		samplecli.WithGvk(
-			schema.GroupVersionKind{
-				Group:   "ignore",
-				Version: "v1",
-				Kind:    "Secret",
-			},
-		),
-		samplecli.WithPlugins("ansible"),
-		samplecli.WithExtraApiOptions("--generate-role"),
-		samplecli.WithName(ansibleMoleculeMemcached.Name()),
-	)
-	pkg.CheckError("creating ignore samples", err)
+	var addIgnore sample.Sample
+
+	if skipSecretGeneration == "" {
+		addIgnore, err = samplecli.NewCliSample(
+			samplecli.WithCLI(getCli()),
+			samplecli.WithCommandContext(ansibleMoleculeMemcached.CommandContext()),
+			samplecli.WithGvk(
+				schema.GroupVersionKind{
+					Group:   "ignore",
+					Version: "v1",
+					Kind:    "Secret",
+				},
+			),
+			samplecli.WithPlugins("ansible"),
+			samplecli.WithExtraApiOptions("--generate-role"),
+			samplecli.WithName(ansibleMoleculeMemcached.Name()),
+		)
+		pkg.CheckError("creating ignore samples", err)
+	}
 
 	// remove sample directory if it already exists
 	err = os.RemoveAll(ansibleMoleculeMemcached.Dir())
@@ -159,9 +169,11 @@ func GenerateMoleculeSample(samplesPath string) []sample.Sample {
 	err = e2e.AllowProjectBeMultiGroup(ansibleMoleculeMemcached)
 	pkg.CheckError("updating PROJECT file", err)
 
-	ignoreGen := sample.NewGenerator(sample.WithNoInit(), sample.WithNoWebhook())
-	err = ignoreGen.GenerateSamples(addIgnore)
-	pkg.CheckError("generating ansible molecule sample - ignore", err)
+	if skipSecretGeneration == "" {
+		ignoreGen := sample.NewGenerator(sample.WithNoInit(), sample.WithNoWebhook())
+		err = ignoreGen.GenerateSamples(addIgnore)
+		pkg.CheckError("generating ansible molecule sample - ignore", err)
+	}
 
 	ImplementMemcached(ansibleMoleculeMemcached, bundleImage)
 

hack/generate/samples/ansible/memcached_molecule.go

@@ -40,12 +40,14 @@ func ImplementMemcachedMolecule(sample sample.Sample, image string) {
 			err := kbutil.InsertCode(moleculeTaskPath, targetMoleculeCheckDeployment, molecuTaskToCheckConfigMap)
 			pkg.CheckError("replacing memcached task to add config map check", err)
 
-			log.Info("insert molecule task to ensure to check secret")
-			err = kbutil.InsertCode(moleculeTaskPath, memcachedCustomStatusMoleculeTarget, testSecretMoleculeCheck)
-			pkg.CheckError("replacing memcached task to add secret check", err)
+			if skipSecretGeneration == "" {
+				log.Info("insert molecule task to ensure to check secret")
+				err = kbutil.InsertCode(moleculeTaskPath, memcachedCustomStatusMoleculeTarget, testSecretMoleculeCheck)
+				pkg.CheckError("replacing memcached task to add secret check", err)
+			}
 
 			log.Info("insert molecule task to ensure to foo ")
-			err = kbutil.InsertCode(moleculeTaskPath, testSecretMoleculeCheck, testFooMoleculeCheck)
+			err = kbutil.InsertCode(moleculeTaskPath, memcachedCustomStatusMoleculeTarget, testFooMoleculeCheck)
 			pkg.CheckError("replacing memcached task to add foo check", err)
 
 			log.Info("insert molecule task to check custom metrics")
@@ -98,35 +100,37 @@ func ImplementMemcachedMolecule(sample sample.Sample, image string) {
 		"playbook: playbooks/memcached.yml", memcachedWatchCustomizations)
 	pkg.CheckError("replacing in watches", err)
 
-	log.Info("removing ignore group for the secret from watches as an workaround to work with core types")
-	err = kbutil.ReplaceInFile(filepath.Join(sample.Dir(), "watches.yaml"),
-		"ignore.example.com", "\"\"")
-	pkg.CheckError("replacing the watches file", err)
-
-	log.Info("removing molecule test for the Secret since it is a core type")
-	cmd := exec.Command("rm", "-rf", filepath.Join(sample.Dir(), "molecule", "default", "tasks", "secret_test.yml"))
-	_, err = sample.CommandContext().Run(cmd)
-	pkg.CheckError("removing secret test file", err)
-
-	log.Info("adding Secret task to the role")
-	err = kbutil.ReplaceInFile(filepath.Join(sample.Dir(), "roles", "secret", "tasks", "main.yml"),
-		originalTaskSecret, taskForSecret)
-	pkg.CheckError("replacing in secret/tasks/main.yml file", err)
-
-	log.Info("adding ManageStatus == false for role secret")
-	err = kbutil.ReplaceInFile(filepath.Join(sample.Dir(), "watches.yaml"),
-		"role: secret", manageStatusFalseForRoleSecret)
-	pkg.CheckError("replacing in watches.yaml", err)
-
-	// prevent high load of controller caused by watching all the secrets in the cluster
-	watchNamespacePatchFileName := "watch_namespace_patch.yaml"
-	log.Info("adding WATCH_NAMESPACE env patch to watch own namespace")
-	err = os.WriteFile(filepath.Join(sample.Dir(), "config", "testing", watchNamespacePatchFileName), []byte(watchNamespacePatch), 0644)
-	pkg.CheckError("adding watch_namespace_patch.yaml", err)
-
-	log.Info("adding WATCH_NAMESPACE env patch to patch list to be applied")
-	err = kbutil.InsertCode(filepath.Join(sample.Dir(), "config", "testing", "kustomization.yaml"), "patches:",
-		fmt.Sprintf("\n- path: %s", watchNamespacePatchFileName))
-	pkg.CheckError("inserting in kustomization.yaml", err)
+	if skipSecretGeneration == "" {
+		log.Info("removing ignore group for the secret from watches as an workaround to work with core types")
+		err = kbutil.ReplaceInFile(filepath.Join(sample.Dir(), "watches.yaml"),
+			"ignore.example.com", "\"\"")
+		pkg.CheckError("replacing the watches file", err)
+
+		log.Info("removing molecule test for the Secret since it is a core type")
+		cmd := exec.Command("rm", "-rf", filepath.Join(sample.Dir(), "molecule", "default", "tasks", "secret_test.yml"))
+		_, err = sample.CommandContext().Run(cmd)
+		pkg.CheckError("removing secret test file", err)
+
+		log.Info("adding Secret task to the role")
+		err = kbutil.ReplaceInFile(filepath.Join(sample.Dir(), "roles", "secret", "tasks", "main.yml"),
+			originalTaskSecret, taskForSecret)
+		pkg.CheckError("replacing in secret/tasks/main.yml file", err)
+
+		log.Info("adding ManageStatus == false for role secret")
+		err = kbutil.ReplaceInFile(filepath.Join(sample.Dir(), "watches.yaml"),
+			"role: secret", manageStatusFalseForRoleSecret)
+		pkg.CheckError("replacing in watches.yaml", err)
+
+		// prevent high load of controller caused by watching all the secrets in the cluster
+		watchNamespacePatchFileName := "watch_namespace_patch.yaml"
+		log.Info("adding WATCH_NAMESPACE env patch to watch own namespace")
+		err = os.WriteFile(filepath.Join(sample.Dir(), "config", "testing", watchNamespacePatchFileName), []byte(watchNamespacePatch), 0644)
+		pkg.CheckError("adding watch_namespace_patch.yaml", err)
+
+		log.Info("adding WATCH_NAMESPACE env patch to patch list to be applied")
+		err = kbutil.InsertCode(filepath.Join(sample.Dir(), "config", "testing", "kustomization.yaml"), "patches:",
+			fmt.Sprintf("\n- path: %s", watchNamespacePatchFileName))
+		pkg.CheckError("inserting in kustomization.yaml", err)
+	}
 
 }

pkg/testutils/e2e/metrics/helpers.go

@@ -14,8 +14,25 @@ import (
 // GetMetrics creates a pod with the permissions to `curl` metrics. It will then return the output of the `curl` pod
 func GetMetrics(sample sample.Sample, kubectl kubernetes.Kubectl, metricsClusterRoleBindingName string) string {
 	ginkgo.By("creating a curl pod")
+	securityContext := `
+{
+	"apiVersion": "v1",
+	"spec": {
+		"securityContext": {
+			"runAsNonRoot": true,
+			"runAsUser": 1000,
+			"runAsGroup": 1000,
+			"fsGroup": 1000,
+			"seccompProfile": {
+				"type": "RuntimeDefault"
+			}
+		}
+	}
+}
+`
+	overrides := fmt.Sprintf("--overrides=%s", securityContext)
 	cmdOpts := []string{
-		"run", "curl", "--image=curlimages/curl:7.68.0", "--restart=OnFailure", "--",
+		"run", "curl", "--image=curlimages/curl:7.68.0", "--restart=OnFailure", overrides, "--",
 		"curl", "-v",
 		fmt.Sprintf("http://%s-controller-manager-metrics-service.%s.svc:8443/metrics", sample.Name(), kubectl.Namespace()),
 	}

test/e2e/ansible/local_test.go

@@ -15,6 +15,7 @@
 package e2e_ansible_test
 
 import (
+	"os"
 	"os/exec"
 
 	. "github.com/onsi/ginkgo/v2"
@@ -24,19 +25,30 @@ import (
 
 var _ = Describe("Running Ansible projects", func() {
 	Context("built with operator-sdk", func() {
+		var (
+			skip_local_test string
+		)
 		BeforeEach(func() {
-			By("Installing CRD's")
-			err := operator.InstallCRDs(ansibleSample)
-			Expect(err).NotTo(HaveOccurred())
+			skip_local_test = os.Getenv(SKIP_LOCAL_TEST)
+			if skip_local_test == "" {
+				By("Installing CRD's")
+				err := operator.InstallCRDs(ansibleSample)
+				Expect(err).NotTo(HaveOccurred())
+			}
 		})
 
 		AfterEach(func() {
-			By("Uninstalling CRD's")
-			err := operator.UninstallCRDs(ansibleSample)
-			Expect(err).NotTo(HaveOccurred())
+			if skip_local_test == "" {
+				By("Uninstalling CRD's")
+				err := operator.UninstallCRDs(ansibleSample)
+				Expect(err).NotTo(HaveOccurred())
+			}
 		})
 
 		It("Should run correctly when run locally", func() {
+			if skip_local_test != "" {
+				Skip("Skipping local test")
+			}
 			By("Running the project")
 			cmd := exec.Command("make", "run")
 			cmd.Dir = ansibleSample.Dir()

test/e2e/ansible/suite_test.go

@@ -56,6 +56,11 @@ var (
 	image                      = "e2e-test-ansible:temp"
 )
 
+const (
+	MEMCACHED_MOLECULE_OPERATOR_IMAGE = "MEMCACHED_MOLECULE_OPERATOR_IMAGE"
+	SKIP_LOCAL_TEST                   = "SKIP_LOCAL_TEST"
+)
+
 // BeforeSuite run before any specs are run to perform the required actions for all e2e ansible tests.
 var _ = BeforeSuite(func() {
 	wd, err := os.Getwd()
@@ -105,9 +110,13 @@ var _ = BeforeSuite(func() {
 		}, 3*time.Minute, time.Second).Should(Succeed())
 	}
 
-	By("building the project image")
-	err = operator.BuildOperatorImage(ansibleSample, image)
-	Expect(err).NotTo(HaveOccurred())
+	if image_env_var, exists := os.LookupEnv(MEMCACHED_MOLECULE_OPERATOR_IMAGE); exists {
+		image = image_env_var
+	} else {
+		By("building the project image")
+		err = operator.BuildOperatorImage(ansibleSample, image)
+		Expect(err).NotTo(HaveOccurred())
+	}
 
 	onKind, err := kind.IsRunningOnKind(kctl)
 	Expect(err).NotTo(HaveOccurred())
@@ -128,9 +137,11 @@ var _ = AfterSuite(func() {
 	}
 
 	By("destroying container image and work dir")
-	cmd := exec.Command("docker", "rmi", "-f", image)
-	if _, err := ansibleSample.CommandContext().Run(cmd); err != nil {
-		Expect(err).To(BeNil())
+	if _, exists := os.LookupEnv(MEMCACHED_MOLECULE_OPERATOR_IMAGE); !exists {
+		cmd := exec.Command("docker", "rmi", "-f", image)
+		if _, err := ansibleSample.CommandContext().Run(cmd); err != nil {
+			Expect(err).To(BeNil())
+		}
 	}
 	if err := os.RemoveAll(testdir); err != nil {
 		Expect(err).To(BeNil())

testdata/memcached-molecule-operator/molecule/default/tasks/memcached_test.yml

@@ -56,12 +56,6 @@
       resource_name=custom_resource.metadata.name
     )}}'
 
-# This will verify that the secret role was executed
-- name: Verify that test-service was created
-  assert:
-    that: lookup('k8s', kind='Service', api_version='v1', namespace=namespace, resource_name='test-service')
-
-
 - name: Verify that project testing-foo was created
   assert:
     that: lookup('k8s', kind='Namespace', api_version='v1', resource_name='testing-foo')
@@ -116,6 +110,12 @@
 
 
 
+# This will verify that the secret role was executed
+- name: Verify that test-service was created
+  assert:
+    that: lookup('k8s', kind='Service', api_version='v1', namespace=namespace, resource_name='test-service')
+
+
 - when: molecule_yml.scenario.name == "test-local"
   block:
   - name: Restart the operator by killing the pod