Skip to content

Commit

Permalink
chore: add test case for dspa cabundle without odh trust bundle
Browse files Browse the repository at this point in the history 
Signed-off-by: Humair Khan <HumairAK@users.noreply.github.com>
  • Loading branch information
@HumairAK
HumairAK committed Mar 5, 2024
1 parent 1dd2a20 commit dc54b3b
Show file tree
Hide file tree
Showing 6 changed files with 371 additions and 0 deletions.
12 changes: 12 additions & 0 deletions controllers/testdata/declarative/case_7/config.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# When a minimal DSPA is deployed
Images:
ApiServer: api-server:test7
Artifact: artifact-manager:test7
PersistentAgent: persistenceagent:test7
ScheduledWorkflow: scheduledworkflow:test7
Cache: ubi-minimal:test7
MoveResultsImage: busybox:test7
MlPipelineUI: frontend:test7
MariaDB: mariadb:test7
Minio: minio:test7
OAuthProxy: oauth-proxy:test7
38 changes: 38 additions & 0 deletions controllers/testdata/declarative/case_7/deploy/00_configmap.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
kind: ConfigMap
apiVersion: v1
metadata:
name: testcabundleconfigmap7
data:
testcabundleconfigmapkey7.crt: |
-----BEGIN CERTIFICATE-----
MIIFlTCCA32gAwIBAgIUQTPwwkR17jDrdIe4VqhzNQ6OY0swDQYJKoZIhvcNAQEL
BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0
MDMwNTAxMTExN1oXDTM0MDMwMzAxMTExN1owJjELMAkGA1UEBhMCWFgxFzAVBgNV
BAMMDioudGNwLm5ncm9rLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
AgEApZbmrvisGgN2XmPbWSD8A89g2CwUgqUIfd1yU6TyZMmvnP+c+xG6SzqDZkxI
oiQ0fierPuMyrp0Yv+mRBvYtZ+Rv4zZ8OASD5UGDblKa6U8EJvXEKa5K9rZsqYpW
MOaZv8M5/KAr8AkH4zmXvgGtsfNT6xvBxIhUexJmSRB5lRLtZZr7ea/XQiuzJYPr
2CqHitm6MUWLG74vKetRi9ZDaDxgcW78nhBwM2Ujh0qrSeb4QhEcHP3Lhom0WObd
te+ipK5fqqMSQl1mj5W6tKORIm256TbG+uHY8e3lsT2fnCVL/zgFGROr0NqNbies
90dH7i6Wr1yn74umJ1HNF5nXem1jaqYVhQWWBlTurSqkHtRpIE2OWygpM4IoSTu8
gbIaKJdexx9GN9ch/zQBeevsYT1Wb/wQVZUp4TgJJIq1fCAkz3yQNsojUwZqsAPT
worehTHFT20onAutnkGv0lgGQH9ur1Gm4VipWbBQTRCEhEKIFVDDkQtbPZwQBjl/
voj7O659pIuPsGW5HYWawTbdU4ymEP4672KLpIaDxJHnA9sJsz2ns2KgsUesjGdQ
SnlMoanph1kW+qFM4tMnHFTad3yz6TLL0Mp1ej8gUd1FnYHrVewVeFl83gRFKhqP
XZX/hl7SAYn1Bnc6OsFegtQukcJc+AqZBja+8k+xc8yWC38CAwEAAaOBujCBtzAf
BgNVHSMEGDAWgBQ4+5eH7tKVwoWbF1OQoLJq+U2KuzAJBgNVHRMEAjAAMGoGA1Ud
EQRjMGGCDHRjcC5uZ3Jvay5pb4IOKi50Y3Aubmdyb2suaW+CE21hcmlhZGIubWFy
aWFkYi5zdmOCIW1hcmlhZGIubWFyaWFkYi5zdmMuY2x1c3Rlci5sb2NhbIIJbG9j
YWxob3N0MB0GA1UdDgQWBBTJmuX3UrWQn6AKXAvkUw/h7g6PsjANBgkqhkiG9w0B
AQsFAAOCAgEAKk/pfGTH3xgQg5a+obLx9xkfYz0jwfr5+TiD+FTrNlIPZpvCiYYk
RWNjMyYqKpuEfHry6P9spgk28+wQx7CRSi+cGiiNSvPswI3Ww8KHJQoJzl2vPQYe
1OESU6es8ZACIXdPcILj8zXHNFvfUD0rt7r34zqGw5PNWKQJ8gurqP9ZcBHNq9xz
nPG1QTdA5gOzAXQeOa8rGpK0lODo/WkRlV7KXU5ss737HcljGz8KSVUhfgy8io5z
xaKnCy8trt8CdGNb/ysK+a7oKZSqAYcKASwYxCrS1zgS06uLC78WjnYbxta/gnlC
a0XIfQt2dM/7L+ZvIwg0PbbPzBJU5zwiXSL9AMzp1/1hjlG4v06UKjv4V1t0McFC
xEaLG3AyDx9HHxbAIn/lkQ12Tg38rn5R0OKVKZSAzT6THCULbHC0Q+EQW4c8/No2
gtZgaZfA9bUTtQRyxSxQJlWbm4c6KfQa5g+oGQ9BjPCFjPmEvN9SCWcvR/aZE/Uy
IRtueAdEz+FiXmVeaJd7BImvF6P6OVDP4zhfXh9NIq9vovVNlGReDGOsqPF0iW/7
bLJ7EOwHNhqMkYbBvXnZmfmXpJ24S93M6OmjdkJIUN8iWtjX0yg8FqEGoCfFv4ub
a6IRpmyHdJoUJ4icStKB2m3sdRy7Aj5meAYQCVefvZYIQq4rRz/0chs=
-----END CERTIFICATE-----
29 changes: 29 additions & 0 deletions controllers/testdata/declarative/case_7/deploy/01_cr.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# Test:
# DSPA CA bundle, ensure user provided CA Bundle results in dsp-trusted-ca config map creation and utilization in artifact config.
apiVersion: datasciencepipelinesapplications.opendatahub.io/v1alpha1
kind: DataSciencePipelinesApplication
metadata:
name: testdsp7
spec:
apiServer:
deploy: true
enableSamplePipeline: false
cABundle:
configMapName: testcabundleconfigmap7
configMapKey: testcabundleconfigmapkey7.crt
persistenceAgent:
deploy: false
scheduledWorkflow:
deploy: false
mlpipelineUI:
deploy: false
image: frontend:test0
database:
mariaDB:
deploy: false
objectStorage:
minio:
deploy: false
image: minio:test0
mlmd:
deploy: false
212 changes: 212 additions & 0 deletions controllers/testdata/declarative/case_7/expected/created/apiserver_deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,212 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ds-pipeline-testdsp7
namespace: default
labels:
app: ds-pipeline-testdsp7
component: data-science-pipelines
dspa: testdsp7
spec:
selector:
matchLabels:
app: ds-pipeline-testdsp7
component: data-science-pipelines
dspa: testdsp7
template:
metadata:
labels:
app: ds-pipeline-testdsp7
component: data-science-pipelines
dspa: testdsp7
spec:
containers:
- env:
- name: POD_NAMESPACE
value: "default"
- name: DBCONFIG_USER
value: "mlpipeline"
- name: DBCONFIG_PASSWORD
valueFrom:
secretKeyRef:
key: "password"
name: "ds-pipeline-db-testdsp7"
- name: DBCONFIG_DBNAME
value: "mlpipeline"
- name: DBCONFIG_HOST
value: "mariadb-testdsp7.default.svc.cluster.local"
- name: DBCONFIG_PORT
value: "3306"
- name: ARTIFACT_BUCKET
value: "mlpipeline"
- name: ARTIFACT_ENDPOINT
value: "http://minio-testdsp7.default.svc.cluster.local:9000"
- name: ARTIFACT_SCRIPT
valueFrom:
configMapKeyRef:
key: "artifact_script"
name: "ds-pipeline-artifact-script-testdsp7"
- name: ARTIFACT_IMAGE
value: "artifact-manager:test7"
- name: ARCHIVE_LOGS
value: "false"
- name: ARTIFACT_COPY_STEP_CABUNDLE_CONFIGMAP_NAME
value: dsp-trusted-ca-testdsp7
- name: ARTIFACT_COPY_STEP_CABUNDLE_CONFIGMAP_KEY
value: dsp-ca.crt
- name: ARTIFACT_COPY_STEP_CABUNDLE_MOUNTPATH
value: /dsp-custom-certs
- name: TRACK_ARTIFACTS
value: "true"
- name: STRIP_EOF
value: "true"
- name: PIPELINE_RUNTIME
value: "tekton"
- name: DEFAULTPIPELINERUNNERSERVICEACCOUNT
value: "pipeline-runner-testdsp7"
- name: INJECT_DEFAULT_SCRIPT
value: "true"
- name: APPLY_TEKTON_CUSTOM_RESOURCE
value: "true"
- name: TERMINATE_STATUS
value: "Cancelled"
- name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION
value: "true"
- name: DBCONFIG_CONMAXLIFETIMESEC
value: "120"
- name: ML_PIPELINE_VISUALIZATIONSERVER_SERVICE_HOST
value: "ds-pipeline-visualizationserver"
- name: ML_PIPELINE_VISUALIZATIONSERVER_SERVICE_PORT
value: "8888"
- name: OBJECTSTORECONFIG_BUCKETNAME
value: "mlpipeline"
- name: OBJECTSTORECONFIG_ACCESSKEY
valueFrom:
secretKeyRef:
key: "accesskey"
name: "mlpipeline-minio-artifact"
- name: OBJECTSTORECONFIG_SECRETACCESSKEY
valueFrom:
secretKeyRef:
key: "secretkey"
name: "mlpipeline-minio-artifact"
- name: OBJECTSTORECONFIG_SECURE
value: "false"
- name: MINIO_SERVICE_SERVICE_HOST
value: "minio-testdsp7.default.svc.cluster.local"
- name: MINIO_SERVICE_SERVICE_PORT
value: "9000"
- name: CACHE_IMAGE
value: "ubi-minimal:test7"
- name: MOVERESULTS_IMAGE
value: "busybox:test7"
- name: SSL_CERT_DIR
value: "/dsp-custom-certs:/etc/ssl/certs:/etc/pki/tls/certs"
image: api-server:test7
imagePullPolicy: Always
name: ds-pipeline-api-server
ports:
- containerPort: 8888
name: http
protocol: TCP
- containerPort: 8887
name: grpc
protocol: TCP
livenessProbe:
exec:
command:
- wget
- -q
- -S
- -O
- '-'
- http://localhost:8888/apis/v1beta1/healthz
initialDelaySeconds: 3
periodSeconds: 5
timeoutSeconds: 2
readinessProbe:
exec:
command:
- wget
- -q
- -S
- -O
- '-'
- http://localhost:8888/apis/v1beta1/healthz
initialDelaySeconds: 3
periodSeconds: 5
timeoutSeconds: 2
resources:
requests:
cpu: 250m
memory: 500Mi
limits:
cpu: 500m
memory: 1Gi
volumeMounts:
- name: server-config
mountPath: /config/config.json
subPath: config.json
- name: ca-bundle
mountPath: /dsp-custom-certs
- name: oauth-proxy
args:
- --https-address=:8443
- --provider=openshift
- --openshift-service-account=ds-pipeline-testdsp7
- --upstream=http://localhost:8888
- --tls-cert=/etc/tls/private/tls.crt
- --tls-key=/etc/tls/private/tls.key
- --cookie-secret=SECRET
- '--openshift-delegate-urls={"/": {"group":"route.openshift.io","resource":"routes","verb":"get","name":"ds-pipeline-testdsp7","namespace":"default"}}'
- '--openshift-sar={"namespace":"default","resource":"routes","resourceName":"ds-pipeline-testdsp7","verb":"get","resourceAPIGroup":"route.openshift.io"}'
- --skip-auth-regex='(^/metrics|^/apis/v1beta1/healthz)'
image: oauth-proxy:test7
ports:
- containerPort: 8443
name: oauth
protocol: TCP
livenessProbe:
httpGet:
path: /oauth/healthz
port: oauth
scheme: HTTPS
initialDelaySeconds: 30
timeoutSeconds: 1
periodSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /oauth/healthz
port: oauth
scheme: HTTPS
initialDelaySeconds: 5
timeoutSeconds: 1
periodSeconds: 5
successThreshold: 1
failureThreshold: 3
resources:
limits:
cpu: 100m
memory: 256Mi
requests:
cpu: 100m
memory: 256Mi
volumeMounts:
- mountPath: /etc/tls/private
name: proxy-tls
volumes:
- name: proxy-tls
secret:
secretName: ds-pipelines-proxy-tls-testdsp7
defaultMode: 420
- name: server-config
configMap:
name: pipeline-server-config-testdsp7
defaultMode: 420
- name: ca-bundle
configMap:
name: dsp-trusted-ca-testdsp7
defaultMode: 420
serviceAccountName: ds-pipeline-testdsp7
42 changes: 42 additions & 0 deletions controllers/testdata/declarative/case_7/expected/created/configmap_artifact_script.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
apiVersion: v1
data:
artifact_script: |-
#!/usr/bin/env sh
push_artifact() {
workspace_dir=$(echo $(context.taskRun.name) | sed -e "s/$(context.pipeline.name)-//g")
workspace_dest=/workspace/${workspace_dir}/artifacts/$(context.pipelineRun.name)/$(context.taskRun.name)
artifact_name=$(basename $2)
aws_cp() {
aws s3 --endpoint http://minio-testdsp7.default.svc.cluster.local:9000 --ca-bundle /dsp-custom-certs/dsp-ca.crt cp $1.tgz s3://mlpipeline/artifacts/$PIPELINERUN/$PIPELINETASK/$1.tgz
}
if [ -f "$workspace_dest/$artifact_name" ]; then
echo sending to: ${workspace_dest}/${artifact_name}
tar -cvzf $1.tgz -C ${workspace_dest} ${artifact_name}
aws_cp $1
elif [ -f "$2" ]; then
tar -cvzf $1.tgz -C $(dirname $2) ${artifact_name}
aws_cp $1
else
echo "$2 file does not exist. Skip artifact tracking for $1"
fi
}
push_log() {
cat /var/log/containers/$PODNAME*$NAMESPACE*step-main*.log > step-main.log
push_artifact main-log step-main.log
}
strip_eof() {
if [ -f "$2" ]; then
awk 'NF' $2 | head -c -1 > $1_temp_save && cp $1_temp_save $2
fi
}
kind: ConfigMap
metadata:
name: ds-pipeline-artifact-script-testdsp7
namespace: default
labels:
app: ds-pipeline-testdsp5
component: data-science-pipelines
38 changes: 38 additions & 0 deletions controllers/testdata/declarative/case_7/expected/created/configmap_dspa_trusted_ca.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
kind: ConfigMap
apiVersion: v1
metadata:
name: dsp-trusted-ca-testdsp7
data:
dsp-ca.crt: |
-----BEGIN CERTIFICATE-----
MIIFlTCCA32gAwIBAgIUQTPwwkR17jDrdIe4VqhzNQ6OY0swDQYJKoZIhvcNAQEL
BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0
MDMwNTAxMTExN1oXDTM0MDMwMzAxMTExN1owJjELMAkGA1UEBhMCWFgxFzAVBgNV
BAMMDioudGNwLm5ncm9rLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
AgEApZbmrvisGgN2XmPbWSD8A89g2CwUgqUIfd1yU6TyZMmvnP+c+xG6SzqDZkxI
oiQ0fierPuMyrp0Yv+mRBvYtZ+Rv4zZ8OASD5UGDblKa6U8EJvXEKa5K9rZsqYpW
MOaZv8M5/KAr8AkH4zmXvgGtsfNT6xvBxIhUexJmSRB5lRLtZZr7ea/XQiuzJYPr
2CqHitm6MUWLG74vKetRi9ZDaDxgcW78nhBwM2Ujh0qrSeb4QhEcHP3Lhom0WObd
te+ipK5fqqMSQl1mj5W6tKORIm256TbG+uHY8e3lsT2fnCVL/zgFGROr0NqNbies
90dH7i6Wr1yn74umJ1HNF5nXem1jaqYVhQWWBlTurSqkHtRpIE2OWygpM4IoSTu8
gbIaKJdexx9GN9ch/zQBeevsYT1Wb/wQVZUp4TgJJIq1fCAkz3yQNsojUwZqsAPT
worehTHFT20onAutnkGv0lgGQH9ur1Gm4VipWbBQTRCEhEKIFVDDkQtbPZwQBjl/
voj7O659pIuPsGW5HYWawTbdU4ymEP4672KLpIaDxJHnA9sJsz2ns2KgsUesjGdQ
SnlMoanph1kW+qFM4tMnHFTad3yz6TLL0Mp1ej8gUd1FnYHrVewVeFl83gRFKhqP
XZX/hl7SAYn1Bnc6OsFegtQukcJc+AqZBja+8k+xc8yWC38CAwEAAaOBujCBtzAf
BgNVHSMEGDAWgBQ4+5eH7tKVwoWbF1OQoLJq+U2KuzAJBgNVHRMEAjAAMGoGA1Ud
EQRjMGGCDHRjcC5uZ3Jvay5pb4IOKi50Y3Aubmdyb2suaW+CE21hcmlhZGIubWFy
aWFkYi5zdmOCIW1hcmlhZGIubWFyaWFkYi5zdmMuY2x1c3Rlci5sb2NhbIIJbG9j
YWxob3N0MB0GA1UdDgQWBBTJmuX3UrWQn6AKXAvkUw/h7g6PsjANBgkqhkiG9w0B
AQsFAAOCAgEAKk/pfGTH3xgQg5a+obLx9xkfYz0jwfr5+TiD+FTrNlIPZpvCiYYk
RWNjMyYqKpuEfHry6P9spgk28+wQx7CRSi+cGiiNSvPswI3Ww8KHJQoJzl2vPQYe
1OESU6es8ZACIXdPcILj8zXHNFvfUD0rt7r34zqGw5PNWKQJ8gurqP9ZcBHNq9xz
nPG1QTdA5gOzAXQeOa8rGpK0lODo/WkRlV7KXU5ss737HcljGz8KSVUhfgy8io5z
xaKnCy8trt8CdGNb/ysK+a7oKZSqAYcKASwYxCrS1zgS06uLC78WjnYbxta/gnlC
a0XIfQt2dM/7L+ZvIwg0PbbPzBJU5zwiXSL9AMzp1/1hjlG4v06UKjv4V1t0McFC
xEaLG3AyDx9HHxbAIn/lkQ12Tg38rn5R0OKVKZSAzT6THCULbHC0Q+EQW4c8/No2
gtZgaZfA9bUTtQRyxSxQJlWbm4c6KfQa5g+oGQ9BjPCFjPmEvN9SCWcvR/aZE/Uy
IRtueAdEz+FiXmVeaJd7BImvF6P6OVDP4zhfXh9NIq9vovVNlGReDGOsqPF0iW/7
bLJ7EOwHNhqMkYbBvXnZmfmXpJ24S93M6OmjdkJIUN8iWtjX0yg8FqEGoCfFv4ub
a6IRpmyHdJoUJ4icStKB2m3sdRy7Aj5meAYQCVefvZYIQq4rRz/0chs=
-----END CERTIFICATE-----

0 comments on commit dc54b3b

Please sign in to comment.