From 6697c1fbf74eb559c90d422338395fd5f8ebe3a7 Mon Sep 17 00:00:00 2001
From: Fabien Boucher <fboucher@redhat.com>
Date: Mon, 20 Nov 2023 11:04:44 +0000
Subject: [PATCH] test - create a dedicated role for nodepool-providers-secrets
 validation

Change-Id: I7729d4defe4862f6a3dc1e0319a4b42b4bf3cbe0
---
 .../test-monitoring/tasks/main.yaml           | 20 ---------
 .../defaults/main.yaml                        |  6 +++
 .../files/clouds.yaml                         | 31 ++++++++++++++
 .../tasks/main.yaml                           | 41 +++++++++++++++++++
 roles/run-tests/tasks/main.yaml               |  1 +
 5 files changed, 79 insertions(+), 20 deletions(-)
 create mode 100644 roles/health-check/test-nodepool-providers-secrets/defaults/main.yaml
 create mode 100644 roles/health-check/test-nodepool-providers-secrets/files/clouds.yaml
 create mode 100644 roles/health-check/test-nodepool-providers-secrets/tasks/main.yaml

diff --git a/roles/health-check/test-monitoring/tasks/main.yaml b/roles/health-check/test-monitoring/tasks/main.yaml
index 232af531..a3c3086f 100644
--- a/roles/health-check/test-monitoring/tasks/main.yaml
+++ b/roles/health-check/test-monitoring/tasks/main.yaml
@@ -57,26 +57,6 @@
     msg: Unexpected value for nodepool_launch_ready
   when: metric_dict.nlr | float < 1
 
-- name: set a fake clouds.yaml configuration
-  ansible.builtin.copy:
-    src: clouds.yaml
-    dest: /tmp/test-clouds.yaml
-
-- name: configure clouds.yaml in sfconfig.yaml
-  ansible.builtin.lineinfile:
-    path: "{{ zuul.project.src_dir }}/sfconfig.yaml"
-    regexp: "^  clouds_file:"
-    line: "  clouds_file: /tmp/test-clouds.yaml"
-
-- name: Upload clouds secrets to nodepool
-  command: "tools/sfconfig nodepool-providers-secrets --update"
-  args:
-    chdir: "{{ zuul.project.src_dir }}"
-
-- name: Wait for secrets to be updated
-  ansible.builtin.include_role:
-    name: "health-check/check-sf-resource-ready"
-
 - name: Ensure statsd mapping config has custom mappings from clouds.yaml
   ansible.builtin.command: kubectl get configmap np-statsd-config-map -o jsonpath='{.data}'
   register: statsd_mappings
diff --git a/roles/health-check/test-nodepool-providers-secrets/defaults/main.yaml b/roles/health-check/test-nodepool-providers-secrets/defaults/main.yaml
new file mode 100644
index 00000000..65ebf6ff
--- /dev/null
+++ b/roles/health-check/test-nodepool-providers-secrets/defaults/main.yaml
@@ -0,0 +1,6 @@
+---
+kubeconfig: "~/.kube/config"
+sf_config_yaml:
+  nodepool:
+    clouds_file: /tmp/clouds.yaml
+    kube_file: /tmp/kubeconfig.yaml
diff --git a/roles/health-check/test-nodepool-providers-secrets/files/clouds.yaml b/roles/health-check/test-nodepool-providers-secrets/files/clouds.yaml
new file mode 100644
index 00000000..0681b0ec
--- /dev/null
+++ b/roles/health-check/test-nodepool-providers-secrets/files/clouds.yaml
@@ -0,0 +1,31 @@
+cache:
+  expiration:
+    server: 5
+    port: 5
+    floating-ip: 5
+metrics:
+  statsd:
+    prefix: nodepool.openstack
+clouds:
+  nimbus:
+    api_timeout: 60
+    auth:
+      username: user1
+      password: password1
+      auth_url: https://keystone.nimbus/v2.0
+      project_name: my-project
+    image_format: 'raw'
+    metrics:
+      statsd:
+        prefix: nodepool.openstack.nimbus
+  cumulus:
+    api_timeout: 60
+    auth:
+      username: user2
+      password: password2
+      auth_url: https://keystone.cumulus/v2.0
+      project_name: my-other-project
+    image_format: 'raw'
+    metrics:
+      statsd:
+        prefix: nodepool.openstack.cumulus
\ No newline at end of file
diff --git a/roles/health-check/test-nodepool-providers-secrets/tasks/main.yaml b/roles/health-check/test-nodepool-providers-secrets/tasks/main.yaml
new file mode 100644
index 00000000..5f9645fc
--- /dev/null
+++ b/roles/health-check/test-nodepool-providers-secrets/tasks/main.yaml
@@ -0,0 +1,41 @@
+---
+- name: Prepare a minimal sfconfig.yaml file
+  ansible.builtin.copy:
+    content: "{{ sf_config_yaml | to_yaml }}"
+    dest: /tmp/sfconfig.yaml
+
+- name: Dump current secrets from nodepool
+  command: >
+    tools/sfconfig --config /tmp/sfconfig.yaml nodepool-providers-secrets --dump
+  args:
+    chdir: "{{ zuul.project.src_dir }}"
+
+- name: set a fake clouds.yaml configuration
+  ansible.builtin.copy:
+    src: clouds.yaml
+    dest: /tmp/clouds.yaml
+
+- name: Upload clouds secrets to nodepool
+  command: >
+    tools/sfconfig --config /tmp/sfconfig.yaml nodepool-providers-secrets --update
+  args:
+    chdir: "{{ zuul.project.src_dir }}"
+
+- name: Wait for secrets to be updated
+  ansible.builtin.include_role:
+    name: "health-check/check-sf-resource-ready"
+
+- name: "Check that clouds.yaml available in nodepool-builder"
+  ansible.builtin.shell: |
+    kubectl exec nodepool-builder-0 -- bash -c "ls /var/lib/nodepool/.config/openstack/clouds.yaml"
+
+- name: Fetch nodepool-launcher Pod info
+  kubernetes.core.k8s_info:
+    kind: Pod
+    label_selectors:
+      - "run = nodepool-launcher"
+  register: nodepool_launcher_info
+
+- name: "Check that clouds.yaml available in nodepool-launcher containers"
+  ansible.builtin.shell: |
+    kubectl exec {{ nodepool_launcher_info.resources[0].metadata.name }} -- bash -c "ls /var/lib/nodepool/.config/openstack/clouds.yaml"
diff --git a/roles/run-tests/tasks/main.yaml b/roles/run-tests/tasks/main.yaml
index ef3e5163..e7292897 100644
--- a/roles/run-tests/tasks/main.yaml
+++ b/roles/run-tests/tasks/main.yaml
@@ -25,6 +25,7 @@
     - name: config-update-zuul
     - name: config-update-nodepool-launcher
     - name: config-update-nodepool-builder
+    - name: test-nodepool-providers-secrets
     - name: pod-spawning
     - name: test-volumestats-sidecar
     - name: expand-volume