From 0d55b9064c9ab94aea101655918653797167701f Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Fri, 1 Feb 2019 09:57:06 -0600 Subject: [PATCH] RGW: Fix helm-test pod template This PS updates the helm test driven pod template: * places rgw keystone conditional to correct location * removes unrequired roles and bindings * adds dependency on the rgw being running * corrects spelling error * corrects s3cmd to work with version 1.6.1 Change-Id: I665dba9fdca1d840f4d864e32f07b6185af51d25 Signed-off-by: Pete Birley --- ceph-rgw/templates/bin/_helm-tests.sh.tpl | 15 +++++------ ceph-rgw/templates/pod-helm-tests.yaml | 31 +---------------------- ceph-rgw/values.yaml | 5 +++- 3 files changed, 12 insertions(+), 39 deletions(-) diff --git a/ceph-rgw/templates/bin/_helm-tests.sh.tpl b/ceph-rgw/templates/bin/_helm-tests.sh.tpl index 9211e4acb..5b8aeddbf 100644 --- a/ceph-rgw/templates/bin/_helm-tests.sh.tpl +++ b/ceph-rgw/templates/bin/_helm-tests.sh.tpl @@ -54,13 +54,13 @@ function rgw_s3_bucket_validation () echo "function: rgw_s3_bucket_validation" bucket=s3://rgw-test-bucket - create_bucket_output=$(s3cmd mb $bucket --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate) + create_bucket_output=$(s3cmd mb $bucket --host=$RGW_HOST --host-bucket=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-ssl) if [ $? -eq 0 ]; then echo "Bucket $bucket created" echo "Hello world!" > /tmp/hello.txt - s3cmd put /tmp/hello.txt $bucket --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate + s3cmd put /tmp/hello.txt $bucket --host=$RGW_HOST --host-bucket=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-ssl if [ $? -ne 0 ]; then echo "Error during s3cmd execution" exit 1 @@ -68,7 +68,7 @@ function rgw_s3_bucket_validation () echo "File uploaded to bucket" fi - s3cmd get s3://rgw-test-bucket/hello.txt -> /tmp/output.txt --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate + s3cmd get s3://rgw-test-bucket/hello.txt -> /tmp/output.txt --host=$RGW_HOST --host-bucket=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-ssl if [ $? -ne 0 ]; then echo "Error during s3cmd execution" exit 1 @@ -82,13 +82,13 @@ function rgw_s3_bucket_validation () echo "Content matches from downloaded file using s3cmd" fi - s3cmd ls $bucket --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate + s3cmd ls $bucket --host=$RGW_HOST --host-bucket=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-ssl if [ $? -ne 0 ]; then echo "Error during s3cmd execution" exit 1 fi - s3cmd del s3://rgw-test-bucket/hello.txt --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate + s3cmd del s3://rgw-test-bucket/hello.txt --host=$RGW_HOST --host-bucket=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-ssl if [ $? -ne 0 ]; then echo "Error during s3cmd execution" exit 1 @@ -96,7 +96,7 @@ function rgw_s3_bucket_validation () echo "File from bucket is deleted" fi - s3cmd del --recursive --force $bucket --host=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-encrypt --no-check-certificate + s3cmd del --recursive --force $bucket --host=$RGW_HOST --host-bucket=$RGW_HOST --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRET_KEY --no-ssl if [ $? -ne 0 ]; then echo "Error during s3cmd execution" exit 1 @@ -118,7 +118,6 @@ fi if [ {{ .Values.conf.rgw_s3.enabled }} == true ]; then - echo "--> S3 is enabled. Calling function to test S2 based auth " + echo "--> S3 is enabled. Calling function to test S3 based auth " rgw_s3_bucket_validation fi - diff --git a/ceph-rgw/templates/pod-helm-tests.yaml b/ceph-rgw/templates/pod-helm-tests.yaml index 35bb597f8..6a082c219 100644 --- a/ceph-rgw/templates/pod-helm-tests.yaml +++ b/ceph-rgw/templates/pod-helm-tests.yaml @@ -20,35 +20,6 @@ limitations under the License. {{- $serviceAccountName := printf "%s-%s" $envAll.Release.Name "test" }} {{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: Role -metadata: - name: {{ $serviceAccountName }} -rules: - - apiGroups: - - "" - resources: - - pods - - pods/exec - verbs: - - "*" - - get - - list - - create ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: {{ $serviceAccountName }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ $serviceAccountName }} -subjects: - - kind: ServiceAccount - name: {{ $serviceAccountName }} - namespace: {{ $envAll.Release.Namespace }} ---- apiVersion: v1 kind: Pod metadata: @@ -62,7 +33,6 @@ spec: serviceAccountName: {{ $serviceAccountName }} initContainers: {{ tuple $envAll "tests" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }} -{{ if .Values.conf.rgw_ks.enabled }} - name: ceph-keyring-placement {{ tuple $envAll "ceph_config_helper" | include "helm-toolkit.snippets.image" | indent 6 }} securityContext: @@ -81,6 +51,7 @@ spec: subPath: key readOnly: true containers: +{{ if .Values.conf.rgw_ks.enabled }} - name: ceph-rgw-ks-validation {{ tuple $envAll "ceph_config_helper" | include "helm-toolkit.snippets.image" | indent 6 }} {{ tuple $envAll $envAll.Values.pod.resources.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }} diff --git a/ceph-rgw/values.yaml b/ceph-rgw/values.yaml index 55430fb16..17cb3891c 100644 --- a/ceph-rgw/values.yaml +++ b/ceph-rgw/values.yaml @@ -359,6 +359,10 @@ dependencies: services: - endpoint: internal service: ceph_object_store + tests: + services: + - endpoint: internal + service: ceph_object_store bootstrap: enabled: false @@ -481,7 +485,6 @@ endpoints: mon: default: 6789 - manifests: configmap_ceph_templates: true configmap_bin: true