RGW: Fix helm-test pod template

This PS updates the helm test driven pod template: * places rgw keystone conditional to correct location * removes unrequired roles and bindings * adds dependency on the rgw being running * corrects spelling error * corrects s3cmd to work with version 1.6.1 Change-Id: I665dba9fdca1d840f4d864e32f07b6185af51d25 Signed-off-by: Pete Birley <pete@port.direct>
2019-02-01 09:57:06 -06:00 · 2019-02-01 09:57:06 -06:00 · 0d55b9064c
commit 0d55b9064c
parent 44b5c008f1
3 changed files with 12 additions and 39 deletions
--- a/ceph-rgw/templates/bin/_helm-tests.sh.tpl
+++ b/ceph-rgw/templates/bin/_helm-tests.sh.tpl
@ -54,13 +54,13 @@ function rgw_s3_bucket_validation ()
  echo "function: rgw_s3_bucket_validation"

  bucket=s3://rgw-test-bucket
-  create_bucket_output=$(s3cmd mb $bucket --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate)
+  create_bucket_output=$(s3cmd mb $bucket --host=$RGW_HOST --host-bucket=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-ssl)

  if [ $? -eq 0 ]; then
    echo "Bucket $bucket created"
    echo "Hello world!" > /tmp/hello.txt

-    s3cmd put /tmp/hello.txt $bucket --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate
+    s3cmd put /tmp/hello.txt $bucket --host=$RGW_HOST --host-bucket=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-ssl
    if [ $? -ne 0 ]; then
      echo "Error during s3cmd execution"
      exit 1
@ -68,7 +68,7 @@ function rgw_s3_bucket_validation ()
      echo "File uploaded to bucket"
    fi

-    s3cmd get s3://rgw-test-bucket/hello.txt -> /tmp/output.txt --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate
+    s3cmd get s3://rgw-test-bucket/hello.txt -> /tmp/output.txt --host=$RGW_HOST --host-bucket=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-ssl
    if [ $? -ne 0 ]; then
      echo "Error during s3cmd execution"
      exit 1
@ -82,13 +82,13 @@ function rgw_s3_bucket_validation ()
      echo "Content matches from downloaded file using s3cmd"
    fi

-    s3cmd ls $bucket --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate
+    s3cmd ls $bucket --host=$RGW_HOST --host-bucket=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-ssl
    if [ $? -ne 0 ]; then
      echo "Error during s3cmd execution"
      exit 1
    fi

-    s3cmd del s3://rgw-test-bucket/hello.txt --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate
+    s3cmd del s3://rgw-test-bucket/hello.txt --host=$RGW_HOST --host-bucket=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-ssl
    if [ $? -ne 0 ]; then
      echo "Error during s3cmd execution"
      exit 1
@ -96,7 +96,7 @@ function rgw_s3_bucket_validation ()
      echo "File from bucket is deleted"
    fi

-    s3cmd del --recursive --force $bucket --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate
+    s3cmd del --recursive --force $bucket --host=$RGW_HOST --host-bucket=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-ssl
    if [ $? -ne 0 ]; then
      echo "Error during s3cmd execution"
      exit 1
@ -118,7 +118,6 @@ fi

 if [ {{ .Values.conf.rgw_s3.enabled }} == true ];
 then
-  echo "--> S3 is enabled. Calling function to test S2 based auth "
+  echo "--> S3 is enabled. Calling function to test S3 based auth "
  rgw_s3_bucket_validation
 fi
-
--- a/ceph-rgw/templates/pod-helm-tests.yaml
+++ b/ceph-rgw/templates/pod-helm-tests.yaml
@ -20,35 +20,6 @@ limitations under the License.
 {{- $serviceAccountName := printf "%s-%s" $envAll.Release.Name "test" }}
 {{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: Role
-metadata:
-  name: {{ $serviceAccountName }}
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - pods
-      - pods/exec
-    verbs:
-      - "*"
-      - get
-      - list
-      - create
---
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
-metadata:
-  name: {{ $serviceAccountName }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ $serviceAccountName }}
-subjects:
-  - kind: ServiceAccount
-    name: {{ $serviceAccountName }}
-    namespace: {{ $envAll.Release.Namespace }}
---
 apiVersion: v1
 kind: Pod
 metadata:
@ -62,7 +33,6 @@ spec:
  serviceAccountName: {{ $serviceAccountName }}
  initContainers:
 {{ tuple $envAll "tests" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
-{{ if .Values.conf.rgw_ks.enabled }}
    - name: ceph-keyring-placement
 {{ tuple $envAll "ceph_config_helper" | include "helm-toolkit.snippets.image" | indent 6 }}
      securityContext:
@ -81,6 +51,7 @@ spec:
          subPath: key
          readOnly: true
  containers:
+{{ if .Values.conf.rgw_ks.enabled }}
    - name: ceph-rgw-ks-validation
 {{ tuple $envAll "ceph_config_helper" | include "helm-toolkit.snippets.image" | indent 6 }}
 {{ tuple $envAll $envAll.Values.pod.resources.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
--- a/ceph-rgw/values.yaml
+++ b/ceph-rgw/values.yaml
@ -359,6 +359,10 @@ dependencies:
      services:
        - endpoint: internal
          service: ceph_object_store
+    tests:
+      services:
+        - endpoint: internal
+          service: ceph_object_store

 bootstrap:
  enabled: false
@ -481,7 +485,6 @@ endpoints:
      mon:
        default: 6789

-
 manifests:
  configmap_ceph_templates: true
  configmap_bin: true