def verify_injected_secretRef(context, secret_ref, cr_name, crd_name, json_path): openshift = Openshift() polling2.poll(lambda: openshift.get_resource_info_by_jsonpath( crd_name, cr_name, context.namespace.name, json_path) == secret_ref, step=5, timeout=400)
def check_secret_key(context, key): openshift = Openshift() secret = polling2.poll(lambda: get_sbr_secret_name(context), step=100, timeout=1000, ignore_exceptions=(ValueError,), check_success=lambda v: v is not None) json_path = f'{{.data.{key}}}' polling2.poll(lambda: openshift.get_resource_info_by_jsonpath("secrets", secret, context.namespace.name, json_path) == "", step=5, timeout=120, ignore_exceptions=(binascii.Error,))
def then_sbo_jsonpath_is(context, json_path, sbr_name, json_value_regex): openshift = Openshift() assert openshift.search_resource_in_namespace( "servicebindings", sbr_name, context.namespace.name) is not None, f"Service Binding '{sbr_name}' does not exist in namespace '{context.namespace.name}'" result = openshift.get_resource_info_by_jsonpath("sbr", sbr_name, context.namespace.name, json_path, wait=True, timeout=600) assert result is not None, f"Invalid result for SBO jsonpath: {result}." assert re.fullmatch(json_value_regex, result) is not None, f"SBO jsonpath result \"{result}\" does not match \"{json_value_regex}\""
def get_sbr_secret_name(context, sbr_name=None): openshift = Openshift() output = openshift.get_resource_info_by_jsonpath( "servicebindings", context.sbr_name if sbr_name is None else sbr_name, context.namespace.name, "{.status.secret}") assert output is not None, "Failed to fetch secret name from ServiceBinding" return output
def check_service_account_bound(context, cluster_role_name, cluster_rolebinding_name): openshift = Openshift() sbr = Servicebindingoperator() operator_namespace = openshift.lookup_namespace_for_resource( "deployments", sbr.name) sa_name = openshift.get_resource_info_by_jsonpath( "deployments", sbr.name, operator_namespace, "{.spec.template.spec.serviceAccount}") rolebinding_json = openshift.get_json_resource("clusterrolebinding", cluster_rolebinding_name, operator_namespace) assert rolebinding_json["roleRef"][ "name"] == cluster_role_name, f"Could not find rolebinding for the role '{cluster_role_name}'" subjects_list = rolebinding_json["subjects"] subject_found = False for subject in subjects_list: if subject["kind"] == "ServiceAccount" and subject["name"] == sa_name: subject_found = True else: continue assert subject_found, f"Could not find rolebinding for the role '{cluster_role_name}'"
def resource_jsonpath_value(context, json_path, res_name, json_value=""): openshift = Openshift() json_path = substitute_scenario_id(context, json_path) res_name = substitute_scenario_id(context, res_name) json_value = substitute_scenario_id(context, json_value) (crdName, name) = res_name.split("/") polling2.poll(lambda: openshift.get_resource_info_by_jsonpath(crdName, name, context.namespace.name, json_path) == json_value, step=5, timeout=800, ignore_exceptions=(json.JSONDecodeError,))
def check_secret_key_value(context, secret_name, secret_key, secret_value): openshift = Openshift() json_path = f'{{.data.{secret_key}}}' output = openshift.get_resource_info_by_jsonpath("secrets", secret_name, context.namespace.name, json_path) timeout = 180 interval = 5 attempts = timeout/interval while True: actual_secret_value = base64.b64decode(output).decode('ascii') if (secret_value == actual_secret_value) or attempts <= 0: break else: attempts -= 1 time.sleep(interval) output = openshift.get_resource_info_by_jsonpath("secrets", secret_name, context.namespace.name, json_path) result = base64.decodebytes(bytes(output, 'utf-8')) result | should.be_equal_to(bytes(secret_value, 'utf-8'))
def validate_persistent_sb(context, sb_name): openshift = Openshift() json_path = "{.metadata.resourceVersion}" output = openshift.get_resource_info_by_jsonpath("servicebindings", sb_name, context.namespace.name, json_path) if output == context.resource_version: assert True else: assert False, "Service Binding got updated"
def check_secret_key(context, secret_name, key): openshift = Openshift() json_path = f'{{.data.{key}}}' polling2.poll(lambda: openshift.get_resource_info_by_jsonpath( "secrets", secret_name, context.namespace.name, json_path) == "", step=5, timeout=120, ignore_exceptions=(binascii.Error, ))
def check_secret_key_with_ip_value(context, secret_name, secret_key): openshift = Openshift() json_path = f'{{.data.{secret_key}}}' polling2.poll(lambda: ipaddress.ip_address( openshift.get_resource_info_by_jsonpath("secrets", secret_name, context .namespace.name, json_path)), step=5, timeout=120, ignore_exceptions=(ValueError, ))
def exist_bindable_kind(kind, group, version): openshift = Openshift() res = openshift.get_resource_info_by_jsonpath( resource_type="bindablekinds", name="bindable-kinds", json_path="{.status}") for gvk in json.loads(res): if gvk["group"] == group and gvk["version"] == version and gvk[ "kind"] == kind: return True return False
def check_resource_readable(context, user, resource, namespace=None): openshift = Openshift() data = resource.split("/") res_type = data[0] res_name = Template(data[1]).substitute(scenario_id=scenario_id(context)) ns = namespace if namespace is not None else context.namespace.name res = openshift.get_resource_info_by_jsonpath(resource_type=res_type, name=res_name, namespace=ns, user=user) assert res is not None, f"User {user} should be able to read {resource} in {ns} namespace"
def verify_injected_secretRef(context, cr_name, crd_name, json_path): openshift = Openshift() secret = polling2.poll(lambda: get_sbr_secret_name(context), step=100, timeout=1000, ignore_exceptions=(ValueError, ), check_success=lambda v: v is not None) polling2.poll(lambda: openshift.get_resource_info_by_jsonpath( crd_name, cr_name, context.namespace.name, json_path) == secret, step=5, timeout=400)
def then_sbo_jsonpath_is(context, json_path, sbr_name, json_value_regex): openshift = Openshift() openshift.search_resource_in_namespace( "servicebindingrequests", sbr_name, context.namespace.name ) | should_not.be_none.desc("SBR {sbr_name} exists") result = openshift.get_resource_info_by_jsonpath("sbr", sbr_name, context.namespace.name, json_path, wait=True) result | should_not.be_none.desc("jsonpath result") re.fullmatch(json_value_regex, result) | should_not.be_none.desc( "SBO jsonpath result \"{result}\" should match \"{json_value_regex}\"")
def check_secret_key_value(context, secret_key, secret_value): sb = list(context.bindings.values())[0] openshift = Openshift() secret = polling2.poll(lambda: sb.get_secret_name(), step=100, timeout=1000, ignore_exceptions=(ValueError, ), check_success=lambda v: v is not None) json_path = f'{{.data.{secret_key}}}' polling2.poll(lambda: openshift.get_resource_info_by_jsonpath( "secrets", secret, context.namespace.name, json_path) == secret_value, step=5, timeout=120, ignore_exceptions=(binascii.Error, ))
def get_servicebinding_info_by_jsonpath(self, servicebinding_name, namespace, json_path): openshift = Openshift() return openshift.get_resource_info_by_jsonpath("servicebinding", servicebinding_name, namespace, json_path)
def verify_injected_secretRef(context, secret_ref, cr_name, crd_name, json_path): time.sleep(60) openshift = Openshift() result = openshift.get_resource_info_by_jsonpath(crd_name, cr_name, context.namespace.name, json_path, wait=True, timeout=180) result | should.be_equal_to(secret_ref).desc(f'Failed to inject secretRef "{secret_ref}" in "{cr_name}" at path "{json_path}"')