From dc54b3b87632c4ec9d798bc1159a078310fe0648 Mon Sep 17 00:00:00 2001
From: Humair Khan <HumairAK@users.noreply.github.com>
Date: Mon, 4 Mar 2024 23:52:43 -0500
Subject: [PATCH] chore: add test case for dspa cabundle without odh trust
bundle
Signed-off-by: Humair Khan <HumairAK@users.noreply.github.com>
---
.../testdata/declarative/case_7/config.yaml | 12 +
.../case_7/deploy/00_configmap.yaml | 38 ++++
.../declarative/case_7/deploy/01_cr.yaml | 29 +++
.../created/apiserver_deployment.yaml | 212 ++++++++++++++++++
.../created/configmap_artifact_script.yaml | 42 ++++
.../created/configmap_dspa_trusted_ca.yaml | 38 ++++
6 files changed, 371 insertions(+)
create mode 100644 controllers/testdata/declarative/case_7/config.yaml
create mode 100644 controllers/testdata/declarative/case_7/deploy/00_configmap.yaml
create mode 100644 controllers/testdata/declarative/case_7/deploy/01_cr.yaml
create mode 100644 controllers/testdata/declarative/case_7/expected/created/apiserver_deployment.yaml
create mode 100644 controllers/testdata/declarative/case_7/expected/created/configmap_artifact_script.yaml
create mode 100644 controllers/testdata/declarative/case_7/expected/created/configmap_dspa_trusted_ca.yaml
diff --git a/controllers/testdata/declarative/case_7/config.yaml b/controllers/testdata/declarative/case_7/config.yaml
new file mode 100644
index 000000000..828f72e62
--- /dev/null
+++ b/controllers/testdata/declarative/case_7/config.yaml
@@ -0,0 +1,12 @@
+# When a minimal DSPA is deployed
+Images:
+ ApiServer: api-server:test7
+ Artifact: artifact-manager:test7
+ PersistentAgent: persistenceagent:test7
+ ScheduledWorkflow: scheduledworkflow:test7
+ Cache: ubi-minimal:test7
+ MoveResultsImage: busybox:test7
+ MlPipelineUI: frontend:test7
+ MariaDB: mariadb:test7
+ Minio: minio:test7
+ OAuthProxy: oauth-proxy:test7
diff --git a/controllers/testdata/declarative/case_7/deploy/00_configmap.yaml b/controllers/testdata/declarative/case_7/deploy/00_configmap.yaml
new file mode 100644
index 000000000..c37f91f3d
--- /dev/null
+++ b/controllers/testdata/declarative/case_7/deploy/00_configmap.yaml
@@ -0,0 +1,38 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: testcabundleconfigmap7
+data:
+ testcabundleconfigmapkey7.crt: |
+ -----BEGIN CERTIFICATE-----
+ MIIFlTCCA32gAwIBAgIUQTPwwkR17jDrdIe4VqhzNQ6OY0swDQYJKoZIhvcNAQEL
+ BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0
+ MDMwNTAxMTExN1oXDTM0MDMwMzAxMTExN1owJjELMAkGA1UEBhMCWFgxFzAVBgNV
+ BAMMDioudGNwLm5ncm9rLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
+ AgEApZbmrvisGgN2XmPbWSD8A89g2CwUgqUIfd1yU6TyZMmvnP+c+xG6SzqDZkxI
+ oiQ0fierPuMyrp0Yv+mRBvYtZ+Rv4zZ8OASD5UGDblKa6U8EJvXEKa5K9rZsqYpW
+ MOaZv8M5/KAr8AkH4zmXvgGtsfNT6xvBxIhUexJmSRB5lRLtZZr7ea/XQiuzJYPr
+ 2CqHitm6MUWLG74vKetRi9ZDaDxgcW78nhBwM2Ujh0qrSeb4QhEcHP3Lhom0WObd
+ te+ipK5fqqMSQl1mj5W6tKORIm256TbG+uHY8e3lsT2fnCVL/zgFGROr0NqNbies
+ 90dH7i6Wr1yn74umJ1HNF5nXem1jaqYVhQWWBlTurSqkHtRpIE2OWygpM4IoSTu8
+ gbIaKJdexx9GN9ch/zQBeevsYT1Wb/wQVZUp4TgJJIq1fCAkz3yQNsojUwZqsAPT
+ worehTHFT20onAutnkGv0lgGQH9ur1Gm4VipWbBQTRCEhEKIFVDDkQtbPZwQBjl/
+ voj7O659pIuPsGW5HYWawTbdU4ymEP4672KLpIaDxJHnA9sJsz2ns2KgsUesjGdQ
+ SnlMoanph1kW+qFM4tMnHFTad3yz6TLL0Mp1ej8gUd1FnYHrVewVeFl83gRFKhqP
+ XZX/hl7SAYn1Bnc6OsFegtQukcJc+AqZBja+8k+xc8yWC38CAwEAAaOBujCBtzAf
+ BgNVHSMEGDAWgBQ4+5eH7tKVwoWbF1OQoLJq+U2KuzAJBgNVHRMEAjAAMGoGA1Ud
+ EQRjMGGCDHRjcC5uZ3Jvay5pb4IOKi50Y3Aubmdyb2suaW+CE21hcmlhZGIubWFy
+ aWFkYi5zdmOCIW1hcmlhZGIubWFyaWFkYi5zdmMuY2x1c3Rlci5sb2NhbIIJbG9j
+ YWxob3N0MB0GA1UdDgQWBBTJmuX3UrWQn6AKXAvkUw/h7g6PsjANBgkqhkiG9w0B
+ AQsFAAOCAgEAKk/pfGTH3xgQg5a+obLx9xkfYz0jwfr5+TiD+FTrNlIPZpvCiYYk
+ RWNjMyYqKpuEfHry6P9spgk28+wQx7CRSi+cGiiNSvPswI3Ww8KHJQoJzl2vPQYe
+ 1OESU6es8ZACIXdPcILj8zXHNFvfUD0rt7r34zqGw5PNWKQJ8gurqP9ZcBHNq9xz
+ nPG1QTdA5gOzAXQeOa8rGpK0lODo/WkRlV7KXU5ss737HcljGz8KSVUhfgy8io5z
+ xaKnCy8trt8CdGNb/ysK+a7oKZSqAYcKASwYxCrS1zgS06uLC78WjnYbxta/gnlC
+ a0XIfQt2dM/7L+ZvIwg0PbbPzBJU5zwiXSL9AMzp1/1hjlG4v06UKjv4V1t0McFC
+ xEaLG3AyDx9HHxbAIn/lkQ12Tg38rn5R0OKVKZSAzT6THCULbHC0Q+EQW4c8/No2
+ gtZgaZfA9bUTtQRyxSxQJlWbm4c6KfQa5g+oGQ9BjPCFjPmEvN9SCWcvR/aZE/Uy
+ IRtueAdEz+FiXmVeaJd7BImvF6P6OVDP4zhfXh9NIq9vovVNlGReDGOsqPF0iW/7
+ bLJ7EOwHNhqMkYbBvXnZmfmXpJ24S93M6OmjdkJIUN8iWtjX0yg8FqEGoCfFv4ub
+ a6IRpmyHdJoUJ4icStKB2m3sdRy7Aj5meAYQCVefvZYIQq4rRz/0chs=
+ -----END CERTIFICATE-----
diff --git a/controllers/testdata/declarative/case_7/deploy/01_cr.yaml b/controllers/testdata/declarative/case_7/deploy/01_cr.yaml
new file mode 100644
index 000000000..4f97b47e9
--- /dev/null
+++ b/controllers/testdata/declarative/case_7/deploy/01_cr.yaml
@@ -0,0 +1,29 @@
+# Test:
+# DSPA CA bundle, ensure user provided CA Bundle results in dsp-trusted-ca config map creation and utilization in artifact config.
+apiVersion: datasciencepipelinesapplications.opendatahub.io/v1alpha1
+kind: DataSciencePipelinesApplication
+metadata:
+ name: testdsp7
+spec:
+ apiServer:
+ deploy: true
+ enableSamplePipeline: false
+ cABundle:
+ configMapName: testcabundleconfigmap7
+ configMapKey: testcabundleconfigmapkey7.crt
+ persistenceAgent:
+ deploy: false
+ scheduledWorkflow:
+ deploy: false
+ mlpipelineUI:
+ deploy: false
+ image: frontend:test0
+ database:
+ mariaDB:
+ deploy: false
+ objectStorage:
+ minio:
+ deploy: false
+ image: minio:test0
+ mlmd:
+ deploy: false
diff --git a/controllers/testdata/declarative/case_7/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_7/expected/created/apiserver_deployment.yaml
new file mode 100644
index 000000000..a04dfd27b
--- /dev/null
+++ b/controllers/testdata/declarative/case_7/expected/created/apiserver_deployment.yaml
@@ -0,0 +1,212 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: ds-pipeline-testdsp7
+ namespace: default
+ labels:
+ app: ds-pipeline-testdsp7
+ component: data-science-pipelines
+ dspa: testdsp7
+spec:
+ selector:
+ matchLabels:
+ app: ds-pipeline-testdsp7
+ component: data-science-pipelines
+ dspa: testdsp7
+ template:
+ metadata:
+ labels:
+ app: ds-pipeline-testdsp7
+ component: data-science-pipelines
+ dspa: testdsp7
+ spec:
+ containers:
+ - env:
+ - name: POD_NAMESPACE
+ value: "default"
+ - name: DBCONFIG_USER
+ value: "mlpipeline"
+ - name: DBCONFIG_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: "password"
+ name: "ds-pipeline-db-testdsp7"
+ - name: DBCONFIG_DBNAME
+ value: "mlpipeline"
+ - name: DBCONFIG_HOST
+ value: "mariadb-testdsp7.default.svc.cluster.local"
+ - name: DBCONFIG_PORT
+ value: "3306"
+ - name: ARTIFACT_BUCKET
+ value: "mlpipeline"
+ - name: ARTIFACT_ENDPOINT
+ value: "http://minio-testdsp7.default.svc.cluster.local:9000"
+ - name: ARTIFACT_SCRIPT
+ valueFrom:
+ configMapKeyRef:
+ key: "artifact_script"
+ name: "ds-pipeline-artifact-script-testdsp7"
+ - name: ARTIFACT_IMAGE
+ value: "artifact-manager:test7"
+ - name: ARCHIVE_LOGS
+ value: "false"
+ - name: ARTIFACT_COPY_STEP_CABUNDLE_CONFIGMAP_NAME
+ value: dsp-trusted-ca-testdsp7
+ - name: ARTIFACT_COPY_STEP_CABUNDLE_CONFIGMAP_KEY
+ value: dsp-ca.crt
+ - name: ARTIFACT_COPY_STEP_CABUNDLE_MOUNTPATH
+ value: /dsp-custom-certs
+ - name: TRACK_ARTIFACTS
+ value: "true"
+ - name: STRIP_EOF
+ value: "true"
+ - name: PIPELINE_RUNTIME
+ value: "tekton"
+ - name: DEFAULTPIPELINERUNNERSERVICEACCOUNT
+ value: "pipeline-runner-testdsp7"
+ - name: INJECT_DEFAULT_SCRIPT
+ value: "true"
+ - name: APPLY_TEKTON_CUSTOM_RESOURCE
+ value: "true"
+ - name: TERMINATE_STATUS
+ value: "Cancelled"
+ - name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION
+ value: "true"
+ - name: DBCONFIG_CONMAXLIFETIMESEC
+ value: "120"
+ - name: ML_PIPELINE_VISUALIZATIONSERVER_SERVICE_HOST
+ value: "ds-pipeline-visualizationserver"
+ - name: ML_PIPELINE_VISUALIZATIONSERVER_SERVICE_PORT
+ value: "8888"
+ - name: OBJECTSTORECONFIG_BUCKETNAME
+ value: "mlpipeline"
+ - name: OBJECTSTORECONFIG_ACCESSKEY
+ valueFrom:
+ secretKeyRef:
+ key: "accesskey"
+ name: "mlpipeline-minio-artifact"
+ - name: OBJECTSTORECONFIG_SECRETACCESSKEY
+ valueFrom:
+ secretKeyRef:
+ key: "secretkey"
+ name: "mlpipeline-minio-artifact"
+ - name: OBJECTSTORECONFIG_SECURE
+ value: "false"
+ - name: MINIO_SERVICE_SERVICE_HOST
+ value: "minio-testdsp7.default.svc.cluster.local"
+ - name: MINIO_SERVICE_SERVICE_PORT
+ value: "9000"
+ - name: CACHE_IMAGE
+ value: "ubi-minimal:test7"
+ - name: MOVERESULTS_IMAGE
+ value: "busybox:test7"
+ - name: SSL_CERT_DIR
+ value: "/dsp-custom-certs:/etc/ssl/certs:/etc/pki/tls/certs"
+ image: api-server:test7
+ imagePullPolicy: Always
+ name: ds-pipeline-api-server
+ ports:
+ - containerPort: 8888
+ name: http
+ protocol: TCP
+ - containerPort: 8887
+ name: grpc
+ protocol: TCP
+ livenessProbe:
+ exec:
+ command:
+ - wget
+ - -q
+ - -S
+ - -O
+ - '-'
+ - http://localhost:8888/apis/v1beta1/healthz
+ initialDelaySeconds: 3
+ periodSeconds: 5
+ timeoutSeconds: 2
+ readinessProbe:
+ exec:
+ command:
+ - wget
+ - -q
+ - -S
+ - -O
+ - '-'
+ - http://localhost:8888/apis/v1beta1/healthz
+ initialDelaySeconds: 3
+ periodSeconds: 5
+ timeoutSeconds: 2
+ resources:
+ requests:
+ cpu: 250m
+ memory: 500Mi
+ limits:
+ cpu: 500m
+ memory: 1Gi
+ volumeMounts:
+ - name: server-config
+ mountPath: /config/config.json
+ subPath: config.json
+ - name: ca-bundle
+ mountPath: /dsp-custom-certs
+ - name: oauth-proxy
+ args:
+ - --https-address=:8443
+ - --provider=openshift
+ - --openshift-service-account=ds-pipeline-testdsp7
+ - --upstream=http://localhost:8888
+ - --tls-cert=/etc/tls/private/tls.crt
+ - --tls-key=/etc/tls/private/tls.key
+ - --cookie-secret=SECRET
+ - '--openshift-delegate-urls={"/": {"group":"route.openshift.io","resource":"routes","verb":"get","name":"ds-pipeline-testdsp7","namespace":"default"}}'
+ - '--openshift-sar={"namespace":"default","resource":"routes","resourceName":"ds-pipeline-testdsp7","verb":"get","resourceAPIGroup":"route.openshift.io"}'
+ - --skip-auth-regex='(^/metrics|^/apis/v1beta1/healthz)'
+ image: oauth-proxy:test7
+ ports:
+ - containerPort: 8443
+ name: oauth
+ protocol: TCP
+ livenessProbe:
+ httpGet:
+ path: /oauth/healthz
+ port: oauth
+ scheme: HTTPS
+ initialDelaySeconds: 30
+ timeoutSeconds: 1
+ periodSeconds: 5
+ successThreshold: 1
+ failureThreshold: 3
+ readinessProbe:
+ httpGet:
+ path: /oauth/healthz
+ port: oauth
+ scheme: HTTPS
+ initialDelaySeconds: 5
+ timeoutSeconds: 1
+ periodSeconds: 5
+ successThreshold: 1
+ failureThreshold: 3
+ resources:
+ limits:
+ cpu: 100m
+ memory: 256Mi
+ requests:
+ cpu: 100m
+ memory: 256Mi
+ volumeMounts:
+ - mountPath: /etc/tls/private
+ name: proxy-tls
+ volumes:
+ - name: proxy-tls
+ secret:
+ secretName: ds-pipelines-proxy-tls-testdsp7
+ defaultMode: 420
+ - name: server-config
+ configMap:
+ name: pipeline-server-config-testdsp7
+ defaultMode: 420
+ - name: ca-bundle
+ configMap:
+ name: dsp-trusted-ca-testdsp7
+ defaultMode: 420
+ serviceAccountName: ds-pipeline-testdsp7
diff --git a/controllers/testdata/declarative/case_7/expected/created/configmap_artifact_script.yaml b/controllers/testdata/declarative/case_7/expected/created/configmap_artifact_script.yaml
new file mode 100644
index 000000000..634b46fc0
--- /dev/null
+++ b/controllers/testdata/declarative/case_7/expected/created/configmap_artifact_script.yaml
@@ -0,0 +1,42 @@
+apiVersion: v1
+data:
+ artifact_script: |-
+ #!/usr/bin/env sh
+ push_artifact() {
+ workspace_dir=$(echo $(context.taskRun.name) | sed -e "s/$(context.pipeline.name)-//g")
+ workspace_dest=/workspace/${workspace_dir}/artifacts/$(context.pipelineRun.name)/$(context.taskRun.name)
+ artifact_name=$(basename $2)
+
+ aws_cp() {
+
+ aws s3 --endpoint http://minio-testdsp7.default.svc.cluster.local:9000 --ca-bundle /dsp-custom-certs/dsp-ca.crt cp $1.tgz s3://mlpipeline/artifacts/$PIPELINERUN/$PIPELINETASK/$1.tgz
+
+ }
+
+ if [ -f "$workspace_dest/$artifact_name" ]; then
+ echo sending to: ${workspace_dest}/${artifact_name}
+ tar -cvzf $1.tgz -C ${workspace_dest} ${artifact_name}
+ aws_cp $1
+ elif [ -f "$2" ]; then
+ tar -cvzf $1.tgz -C $(dirname $2) ${artifact_name}
+ aws_cp $1
+ else
+ echo "$2 file does not exist. Skip artifact tracking for $1"
+ fi
+ }
+ push_log() {
+ cat /var/log/containers/$PODNAME*$NAMESPACE*step-main*.log > step-main.log
+ push_artifact main-log step-main.log
+ }
+ strip_eof() {
+ if [ -f "$2" ]; then
+ awk 'NF' $2 | head -c -1 > $1_temp_save && cp $1_temp_save $2
+ fi
+ }
+kind: ConfigMap
+metadata:
+ name: ds-pipeline-artifact-script-testdsp7
+ namespace: default
+ labels:
+ app: ds-pipeline-testdsp5
+ component: data-science-pipelines
diff --git a/controllers/testdata/declarative/case_7/expected/created/configmap_dspa_trusted_ca.yaml b/controllers/testdata/declarative/case_7/expected/created/configmap_dspa_trusted_ca.yaml
new file mode 100644
index 000000000..ab1980ef4
--- /dev/null
+++ b/controllers/testdata/declarative/case_7/expected/created/configmap_dspa_trusted_ca.yaml
@@ -0,0 +1,38 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: dsp-trusted-ca-testdsp7
+data:
+ dsp-ca.crt: |
+ -----BEGIN CERTIFICATE-----
+ MIIFlTCCA32gAwIBAgIUQTPwwkR17jDrdIe4VqhzNQ6OY0swDQYJKoZIhvcNAQEL
+ BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0
+ MDMwNTAxMTExN1oXDTM0MDMwMzAxMTExN1owJjELMAkGA1UEBhMCWFgxFzAVBgNV
+ BAMMDioudGNwLm5ncm9rLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
+ AgEApZbmrvisGgN2XmPbWSD8A89g2CwUgqUIfd1yU6TyZMmvnP+c+xG6SzqDZkxI
+ oiQ0fierPuMyrp0Yv+mRBvYtZ+Rv4zZ8OASD5UGDblKa6U8EJvXEKa5K9rZsqYpW
+ MOaZv8M5/KAr8AkH4zmXvgGtsfNT6xvBxIhUexJmSRB5lRLtZZr7ea/XQiuzJYPr
+ 2CqHitm6MUWLG74vKetRi9ZDaDxgcW78nhBwM2Ujh0qrSeb4QhEcHP3Lhom0WObd
+ te+ipK5fqqMSQl1mj5W6tKORIm256TbG+uHY8e3lsT2fnCVL/zgFGROr0NqNbies
+ 90dH7i6Wr1yn74umJ1HNF5nXem1jaqYVhQWWBlTurSqkHtRpIE2OWygpM4IoSTu8
+ gbIaKJdexx9GN9ch/zQBeevsYT1Wb/wQVZUp4TgJJIq1fCAkz3yQNsojUwZqsAPT
+ worehTHFT20onAutnkGv0lgGQH9ur1Gm4VipWbBQTRCEhEKIFVDDkQtbPZwQBjl/
+ voj7O659pIuPsGW5HYWawTbdU4ymEP4672KLpIaDxJHnA9sJsz2ns2KgsUesjGdQ
+ SnlMoanph1kW+qFM4tMnHFTad3yz6TLL0Mp1ej8gUd1FnYHrVewVeFl83gRFKhqP
+ XZX/hl7SAYn1Bnc6OsFegtQukcJc+AqZBja+8k+xc8yWC38CAwEAAaOBujCBtzAf
+ BgNVHSMEGDAWgBQ4+5eH7tKVwoWbF1OQoLJq+U2KuzAJBgNVHRMEAjAAMGoGA1Ud
+ EQRjMGGCDHRjcC5uZ3Jvay5pb4IOKi50Y3Aubmdyb2suaW+CE21hcmlhZGIubWFy
+ aWFkYi5zdmOCIW1hcmlhZGIubWFyaWFkYi5zdmMuY2x1c3Rlci5sb2NhbIIJbG9j
+ YWxob3N0MB0GA1UdDgQWBBTJmuX3UrWQn6AKXAvkUw/h7g6PsjANBgkqhkiG9w0B
+ AQsFAAOCAgEAKk/pfGTH3xgQg5a+obLx9xkfYz0jwfr5+TiD+FTrNlIPZpvCiYYk
+ RWNjMyYqKpuEfHry6P9spgk28+wQx7CRSi+cGiiNSvPswI3Ww8KHJQoJzl2vPQYe
+ 1OESU6es8ZACIXdPcILj8zXHNFvfUD0rt7r34zqGw5PNWKQJ8gurqP9ZcBHNq9xz
+ nPG1QTdA5gOzAXQeOa8rGpK0lODo/WkRlV7KXU5ss737HcljGz8KSVUhfgy8io5z
+ xaKnCy8trt8CdGNb/ysK+a7oKZSqAYcKASwYxCrS1zgS06uLC78WjnYbxta/gnlC
+ a0XIfQt2dM/7L+ZvIwg0PbbPzBJU5zwiXSL9AMzp1/1hjlG4v06UKjv4V1t0McFC
+ xEaLG3AyDx9HHxbAIn/lkQ12Tg38rn5R0OKVKZSAzT6THCULbHC0Q+EQW4c8/No2
+ gtZgaZfA9bUTtQRyxSxQJlWbm4c6KfQa5g+oGQ9BjPCFjPmEvN9SCWcvR/aZE/Uy
+ IRtueAdEz+FiXmVeaJd7BImvF6P6OVDP4zhfXh9NIq9vovVNlGReDGOsqPF0iW/7
+ bLJ7EOwHNhqMkYbBvXnZmfmXpJ24S93M6OmjdkJIUN8iWtjX0yg8FqEGoCfFv4ub
+ a6IRpmyHdJoUJ4icStKB2m3sdRy7Aj5meAYQCVefvZYIQq4rRz/0chs=
+ -----END CERTIFICATE-----