Add a CI job to validate the test-cara instance.

2021-07-14 15:48:34 +02:00 · 2021-07-14 15:48:34 +02:00 · 91ea826060
commit 91ea826060
parent 43fd580ac2
3 changed files with 115 additions and 5 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -10,14 +10,39 @@ variables:
  PY_VERSION: "3.6"  # This is what we have running in OpenShift currently.


-# A full installation of CARA, tested with pytest.
-test_install:
-  extends: .acc_py_full_test
+## A full installation of CARA, tested with pytest.
+#test_install:
+#  extends: .acc_py_full_test
+#
+#
+## A development installation of CARA tested with pytest.
+#test_dev:
+#  extends: .acc_py_dev_test


 # A development installation of CARA tested with pytest.
-test_dev:
-  extends: .acc_py_dev_test
+test_openshift_config:
+  rules:
+    - if: '$OPENSHIFT_CONFIG_CHECKER_TOKEN_TEST_CARA'
+  image: registry.cern.ch/docker.io/mambaorg/micromamba
+  before_script:
+    - micromamba create --yes -p $HOME/env python=3.9 wget -c conda-forge
+    - export PATH=$HOME/env/bin/:$PATH
+    - wget https://github.com/openshift/origin/releases/download/v3.11.0/openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz
+    - tar xzf ./openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz
+    - mv openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit/oc $HOME/env/bin/
+
+  script:
+    - cd ./app-config/openshift
+    - oc login openshift-dev.cern.ch --token="${OPENSHIFT_CONFIG_CHECKER_TOKEN_TEST_CARA}"
+    - python ./fetch-config.py test-cara --output-directory ./test-cara/actual
+#    - python ./build_config.py test-cara
+
+#    - pytest ./test_config.py --arg test-cara
+  artifacts:
+    paths:
+      - ./app-config/openshift/test-cara/actual
+#      - ./app-config/openshift/test-cara/expected


 # A development installation of CARA tested with pytest.
@ -86,3 +111,4 @@ oci_calculator:
  script:
        - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
        - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE/calculator:latest
+
--- a/README.md
+++ b/README.md
@ -211,6 +211,17 @@ $ oc create secret generic \
  gitlab-cara-webhook-secret
 ```

+For CI usage, we also suggest creating a service account:
+
+```console
+oc create sa gitlab-config-checker
+```
+
+Under ``Resources`` -> ``Membership`` enable the ``View`` role for this new service account.
+
+To get this new user's authentication token go to ``Resources`` -> ``Secrets`` and locate the token in the newly
+created secret associated with the user (in this case ``gitlab-config-checker-token-XXXX``).
+
 ### CERN SSO integration

 The SSO integration uses OpenID credentials configured in [CERN Applications portal](https://application-portal.web.cern.ch/).
--- a/app-config/openshift/fetch-config.py
+++ b/app-config/openshift/fetch-config.py
@ -0,0 +1,73 @@
+import argparse
+import pathlib
+import subprocess
+import sys
+import typing
+
+
+def configure_parser(parser: argparse.ArgumentParser) -> None:
+    parser.description = "Fetch the openshift config for CARA"
+    parser.set_defaults(handler=handler)
+    parser.add_argument(
+        "instance", choices=['cara', 'test-cara'],
+        help="Pick the instance for which you want to generated the config",
+    )
+    parser.add_argument(
+        "--output-directory", default='config',
+        help="Location to put the config files",
+    )
+
+
+def get_oc_server() -> typing.Optional[str]:
+    # Return the openshift server that is currently logged in, or None if not logged in
+    # (or other issues getting the information from the oc client).
+    try:
+        subprocess.check_output(['oc', 'whoami'], stderr=subprocess.PIPE)
+    except subprocess.CalledProcessError:
+        # User not logged on, or oc command missing.
+        return None
+
+    return subprocess.run([
+        'oc', 'whoami', '--show-server'
+    ], check=True, stdout=subprocess.PIPE).stdout.decode().strip()
+
+
+def fetch_config(output_directory: pathlib.Path):
+    output_directory.mkdir(exist_ok=True, parents=True)
+
+    for component in ['routes', 'configmap', 'services', 'imagestreams', 'buildconfig', 'deploymentconfig']:
+        with (output_directory / f'{component}.json').open('wt') as fh:
+            cmd = ['oc', 'get', '--export', '-o', 'json', component]
+            print(f'Running: {" ".join(cmd)}')
+            subprocess.run(['oc', 'get', '--export', '-o', 'json', component], stdout=fh, check=True)
+    print(f'Config in: {output_directory.absolute()}')
+
+
+def handler(args: argparse.ArgumentParser) -> None:
+    if args.instance == 'cara':
+        login_server = 'https://openshift.cern.ch:443'
+        project_name = 'cara'
+    elif args.instance == 'test-cara':
+        login_server = 'https://openshift-dev.cern.ch:443'
+        project_name = 'test-cara'
+
+    actual_login_server = get_oc_server()
+    if actual_login_server != login_server:
+        print(actual_login_server)
+        print(f'\nPlease login to the correct openshift server with: \n\n oc login {login_server}\n', file=sys.stderr)
+        sys.exit(1)
+
+    subprocess.run(['oc', 'project', project_name], stdout=subprocess.DEVNULL, check=True)
+
+    fetch_config(pathlib.Path(args.output_directory))
+
+
+def main():
+    parser = argparse.ArgumentParser()
+    configure_parser(parser)
+    args = parser.parse_args()
+    args.handler(args)
+
+
+if __name__ == '__main__':
+    main()