def verify_injected_secretRef(context, secret_ref, cr_name, crd_name,
json_path):
openshift = Openshift()
polling2.poll(lambda: openshift.get_resource_info_by_jsonpath(
crd_name, cr_name, context.namespace.name, json_path) == secret_ref,
step=5,
timeout=400)
def check_secret_key(context, key):
openshift = Openshift()
secret = polling2.poll(lambda: get_sbr_secret_name(context), step=100, timeout=1000, ignore_exceptions=(ValueError,), check_success=lambda v: v is not None)
json_path = f'{{.data.{key}}}'
polling2.poll(lambda: openshift.get_resource_info_by_jsonpath("secrets", secret, context.namespace.name,
json_path) == "",
step=5, timeout=120, ignore_exceptions=(binascii.Error,))
def then_sbo_jsonpath_is(context, json_path, sbr_name, json_value_regex):
openshift = Openshift()
assert openshift.search_resource_in_namespace(
"servicebindings", sbr_name, context.namespace.name) is not None, f"Service Binding '{sbr_name}' does not exist in namespace '{context.namespace.name}'"
result = openshift.get_resource_info_by_jsonpath("sbr", sbr_name, context.namespace.name, json_path, wait=True, timeout=600)
assert result is not None, f"Invalid result for SBO jsonpath: {result}."
assert re.fullmatch(json_value_regex, result) is not None, f"SBO jsonpath result \"{result}\" does not match \"{json_value_regex}\""
def get_sbr_secret_name(context, sbr_name=None):
openshift = Openshift()
output = openshift.get_resource_info_by_jsonpath(
"servicebindings", context.sbr_name if sbr_name is None else sbr_name,
context.namespace.name, "{.status.secret}")
assert output is not None, "Failed to fetch secret name from ServiceBinding"
return output
def check_service_account_bound(context, cluster_role_name,
cluster_rolebinding_name):
openshift = Openshift()
sbr = Servicebindingoperator()
operator_namespace = openshift.lookup_namespace_for_resource(
"deployments", sbr.name)
sa_name = openshift.get_resource_info_by_jsonpath(
"deployments", sbr.name, operator_namespace,
"{.spec.template.spec.serviceAccount}")
rolebinding_json = openshift.get_json_resource("clusterrolebinding",
cluster_rolebinding_name,
operator_namespace)
assert rolebinding_json["roleRef"][
"name"] == cluster_role_name, f"Could not find rolebinding for the role '{cluster_role_name}'"
subjects_list = rolebinding_json["subjects"]
subject_found = False
for subject in subjects_list:
if subject["kind"] == "ServiceAccount" and subject["name"] == sa_name:
subject_found = True
else:
continue
assert subject_found, f"Could not find rolebinding for the role '{cluster_role_name}'"
def resource_jsonpath_value(context, json_path, res_name, json_value=""):
openshift = Openshift()
json_path = substitute_scenario_id(context, json_path)
res_name = substitute_scenario_id(context, res_name)
json_value = substitute_scenario_id(context, json_value)
(crdName, name) = res_name.split("/")
polling2.poll(lambda: openshift.get_resource_info_by_jsonpath(crdName, name, context.namespace.name, json_path) == json_value,
step=5, timeout=800, ignore_exceptions=(json.JSONDecodeError,))
def check_secret_key_value(context, secret_name, secret_key, secret_value):
openshift = Openshift()
json_path = f'{{.data.{secret_key}}}'
output = openshift.get_resource_info_by_jsonpath("secrets", secret_name, context.namespace.name, json_path)
timeout = 180
interval = 5
attempts = timeout/interval
while True:
actual_secret_value = base64.b64decode(output).decode('ascii')
if (secret_value == actual_secret_value) or attempts <= 0:
break
else:
attempts -= 1
time.sleep(interval)
output = openshift.get_resource_info_by_jsonpath("secrets", secret_name, context.namespace.name, json_path)
result = base64.decodebytes(bytes(output, 'utf-8'))
result | should.be_equal_to(bytes(secret_value, 'utf-8'))
def validate_persistent_sb(context, sb_name):
openshift = Openshift()
json_path = "{.metadata.resourceVersion}"
output = openshift.get_resource_info_by_jsonpath("servicebindings", sb_name, context.namespace.name, json_path)
if output == context.resource_version:
assert True
else:
assert False, "Service Binding got updated"
def check_secret_key(context, secret_name, key):
openshift = Openshift()
json_path = f'{{.data.{key}}}'
polling2.poll(lambda: openshift.get_resource_info_by_jsonpath(
"secrets", secret_name, context.namespace.name, json_path) == "",
step=5,
timeout=120,
ignore_exceptions=(binascii.Error, ))
def check_secret_key_with_ip_value(context, secret_name, secret_key):
openshift = Openshift()
json_path = f'{{.data.{secret_key}}}'
polling2.poll(lambda: ipaddress.ip_address(
openshift.get_resource_info_by_jsonpath("secrets", secret_name, context
.namespace.name, json_path)),
step=5,
timeout=120,
ignore_exceptions=(ValueError, ))
def exist_bindable_kind(kind, group, version):
openshift = Openshift()
res = openshift.get_resource_info_by_jsonpath(
resource_type="bindablekinds",
name="bindable-kinds",
json_path="{.status}")
for gvk in json.loads(res):
if gvk["group"] == group and gvk["version"] == version and gvk[
"kind"] == kind:
return True
return False
def check_resource_readable(context, user, resource, namespace=None):
openshift = Openshift()
data = resource.split("/")
res_type = data[0]
res_name = Template(data[1]).substitute(scenario_id=scenario_id(context))
ns = namespace if namespace is not None else context.namespace.name
res = openshift.get_resource_info_by_jsonpath(resource_type=res_type,
name=res_name,
namespace=ns,
user=user)
assert res is not None, f"User {user} should be able to read {resource} in {ns} namespace"
def verify_injected_secretRef(context, cr_name, crd_name, json_path):
openshift = Openshift()
secret = polling2.poll(lambda: get_sbr_secret_name(context),
step=100,
timeout=1000,
ignore_exceptions=(ValueError, ),
check_success=lambda v: v is not None)
polling2.poll(lambda: openshift.get_resource_info_by_jsonpath(
crd_name, cr_name, context.namespace.name, json_path) == secret,
step=5,
timeout=400)
def then_sbo_jsonpath_is(context, json_path, sbr_name, json_value_regex):
openshift = Openshift()
openshift.search_resource_in_namespace(
"servicebindingrequests", sbr_name, context.namespace.name
) | should_not.be_none.desc("SBR {sbr_name} exists")
result = openshift.get_resource_info_by_jsonpath("sbr",
sbr_name,
context.namespace.name,
json_path,
wait=True)
result | should_not.be_none.desc("jsonpath result")
re.fullmatch(json_value_regex, result) | should_not.be_none.desc(
"SBO jsonpath result \"{result}\" should match \"{json_value_regex}\"")
def check_secret_key_value(context, secret_key, secret_value):
sb = list(context.bindings.values())[0]
openshift = Openshift()
secret = polling2.poll(lambda: sb.get_secret_name(),
step=100,
timeout=1000,
ignore_exceptions=(ValueError, ),
check_success=lambda v: v is not None)
json_path = f'{{.data.{secret_key}}}'
polling2.poll(lambda: openshift.get_resource_info_by_jsonpath(
"secrets", secret, context.namespace.name, json_path) == secret_value,
step=5,
timeout=120,
ignore_exceptions=(binascii.Error, ))
def get_servicebinding_info_by_jsonpath(self, servicebinding_name,
namespace, json_path):
openshift = Openshift()
return openshift.get_resource_info_by_jsonpath("servicebinding",
servicebinding_name,
namespace, json_path)
def verify_injected_secretRef(context, secret_ref, cr_name, crd_name, json_path):
time.sleep(60)
openshift = Openshift()
result = openshift.get_resource_info_by_jsonpath(crd_name, cr_name, context.namespace.name, json_path, wait=True, timeout=180)
result | should.be_equal_to(secret_ref).desc(f'Failed to inject secretRef "{secret_ref}" in "{cr_name}" at path "{json_path}"')