Skip to content

Commit

Permalink
add openshift test
Browse files Browse the repository at this point in the history
  • Loading branch information
@atye
atye committed May 31, 2024
1 parent 38dad36 commit ec83220
Show file tree
Hide file tree
Showing 2 changed files with 129 additions and 1 deletion.
12 changes: 11 additions & 1 deletion pkg/modules/authorization_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -803,7 +803,6 @@ func TestAuthorizationIngress(t *testing.T) {

return true, true, tmpCR, sourceClient
},

"success - creating with certs": func(*testing.T) (bool, bool, csmv1.ContainerStorageModule, ctrlClient.Client) {
customResource, err := getCustomResource("./testdata/cr_auth_proxy_certs.yaml")
if err != nil {
Expand Down Expand Up @@ -843,6 +842,17 @@ func TestAuthorizationIngress(t *testing.T) {

return true, true, tmpCR, sourceClient
},
"success - creating with openshift and other annotations": func(*testing.T) (bool, bool, csmv1.ContainerStorageModule, ctrlClient.Client) {
customResource, err := getCustomResource("./testdata/cr_auth_proxy_openshift.yaml")
if err != nil {
panic(err)
}

tmpCR := customResource
sourceClient := ctrlClientFake.NewClientBuilder().WithObjects().Build()

return true, true, tmpCR, sourceClient
},
"success - creating v1.10.0": func(*testing.T) (bool, bool, csmv1.ContainerStorageModule, ctrlClient.Client) {
customResource, err := getCustomResource("./testdata/cr_auth_proxy_v1100.yaml")
if err != nil {
Expand Down
118 changes: 118 additions & 0 deletions pkg/modules/testdata/cr_auth_proxy_openshift.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,118 @@
apiVersion: storage.dell.com/v1
kind: ContainerStorageModule
metadata:
name: authorization
namespace: authorization
spec:
modules:
# Authorization: enable csm-authorization proxy server for RBAC
- name: authorization-proxy-server
# enable: Enable/Disable csm-authorization
enabled: true
configVersion: v2.0.0-alpha
forceRemoveModule: true

# For OpenShift Container Platform only
# enabled: Enable/Disable OpenShift Ingress Controller
# Allowed values:
# true: enable use of OpenShift Ingress Controller
# false: disable use of OpenShift Ingress Controller only if you have your own ingress controller. Set the appropriate annotations for the ingresses in the proxy-server section
# Default value: false
openshift: true

components:
# For Kubernetes Container Platform only
# enabled: Enable/Disable NGINX Ingress Controller
# Allowed values:
# true: enable deployment of NGINX Ingress Controller
# false: disable deployment of NGINX Ingress Controller only if you have your own ingress controller. Set the appropriate annotations for the ingresses in the proxy-server section
# Default value: true
- name: nginx
enabled: true

# enabled: Enable/Disable cert-manager
# Allowed values:
# true: enable deployment of cert-manager
# false: disable deployment of cert-manager only if it's already deployed
# Default value: true
- name: cert-manager
enabled: true

- name: proxy-server
# enable: Enable/Disable csm-authorization proxy server
enabled: true
proxyService: dellemc/csm-authorization-proxy:v2.0.0-alpha
tenantService: dellemc/csm-authorization-tenant:v2.0.0-alpha
roleService: dellemc/csm-authorization-role:v2.0.0-alpha
storageService: dellemc/csm-authorization-storage:v2.0.0-alpha
opa: openpolicyagent/opa
opaKubeMgmt: openpolicyagent/kube-mgmt:0.11

# certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates
# for self-signed certs, leave empty string
# Allowed values: string
certificate: ""

# privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates
# for self-signed certs, leave empty string
# Allowed values: string
privateKey: ""

# proxy-server ingress will use this hostname
# NOTE: an additional hostname can be configured in proxyServerIngress.hosts
# NOTE: proxy-server ingress is configured to accept IP address connections so hostnames are not required
hostname: "csm-authorization.com"

# proxy-server ingress configuration
proxyServerIngress:
- ingressClassName: nginx

# additional host rules for the proxy-server ingress
hosts:
- authorization-ingress-nginx-controller.authorization.svc.cluster.local

# additional annotations for the proxy-server ingress
annotations:
"label": "value"

- name: redis
redis: redis:6.0.8-alpine
commander: rediscommander/redis-commander:latest
redisName: redis-csm
redisCommander: redicommander
sentinel: sentinel
redisReplicas: 5
# by default, csm-authorization will deploy a local (https://kubernetes.io/docs/concepts/storage/storage-classes/#local) volume for redis
# to use a different storage class for redis, specify the name of the storage class
# NOTE: the storage class must NOT be a storage class provisioned by a CSI driver using this installation of CSM Authorization
# Default value: None
storageclass: "local-storage"

- name: vault
vaultAddress: https://10.0.0.1:8400
vaultRole: csm-authorization
skipCertificateValidation: true
kvEnginePath: secret
# certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates
# for self-signed certs, leave empty string
# Allowed values: string
certificate: ""
# privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates
# for self-signed certs, leave empty string
# Allowed values: string
privateKey: ""
# certificateAuthority: base64-encoded certificate authority for validating vault server certificate -- add certificate authority here to use custom certificates
# for self-signed certs, leave empty string
# Allowed values: string
certificateAuthority: ""

---
apiVersion: v1
kind: ConfigMap
metadata:
name: csm-config-params
namespace: authorization
data:
csm-config-params.yaml: |
CONCURRENT_POWERFLEX_REQUESTS: 10
LOG_LEVEL: debug

0 comments on commit ec83220

Please sign in to comment.