ansible-collections/google.cloud
1
0
Fork 0
mirror of https://github.com/ansible-collections/google.cloud.git synced 2025-09-11 07:28:28 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Integration test for new IAP connection plugin

Browse source 
1. creates instances with a custom ssh keypair
2. change the connection plugin method and perform basic checks
3. cleanup
This commit is contained in:
Jorge Gallegos 2025-09-04 19:28:23 -07:00
commit 5745bdaac2
No known key found for this signature in database
8 changed files with 215 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
tests/integration/targets/connection_plugin/aliases Normal file
View file

@ -0,0 +1 @@
cloud/gcp

66
tests/integration/targets/connection_plugin/playbooks/setup.yml Normal file
View file

@ -0,0 +1,66 @@
---
- name: Setup test suite
hosts: localhost
connection: local
gather_facts: false
vars_files:
- ../vars.yml
environment:
GCP_SERVICE_ACCOUNT_FILE: "{{ gcp_cred_file }}"
GCP_AUTH_KIND: "{{ gcp_cred_kind }}"
GCP_PROJECT: "{{ gcp_project }}"
tasks:
- name: SETUP | Create SSH key pair
community.crypto.openssh_keypair:
path: "{{ ansible_ssh_private_key_file }}"
type: ed25519
register: _keypair
- name: SETUP | Create network
google.cloud.gcp_compute_network:
name: "{{ prefix }}"
auto_create_subnetworks: true
state: present
register: _network
- name: SETUP | Allow SSH through IAP
google.cloud.gcp_compute_firewall:
name: all-iap
state: present
source_ranges:
- 35.235.240.0/20
allowed:
- ip_protocol: tcp
ports:
- 22
network: "{{ _network }}"
- name: SETUP | Create instances
google.cloud.gcp_compute_instance:
name: "{{ prefix }}-{{ item.name }}"
machine_type: "{{ gcp_machine_type }}"
disks:
- auto_delete: true
boot: true
initialize_params:
source_image: "{{ gcp_disk_image }}"
disk_type: pd-standard
network_interfaces:
- network: "{{ _network }}"
metadata:
ssh-keys: "{{ ansible_ssh_user }}:{{ _keypair.public_key }}"
labels: "{{ item.labels | default({}) }}"
hostname: "{{ item.hostname | default(omit) }}"
zone: "{{ gcp_zone }}"
state: present
loop: "{{ sut }}"
- name: SETUP | Render dynamic inventory file
ansible.builtin.copy:
dest: ../test.gcp_compute.yml
content: "{{ lookup('template', '../templates/inventory.yml.j2') }}"
mode: preserve
- name: SETUP | Give time for instances to be up
ansible.builtin.pause:
seconds: 30

34
tests/integration/targets/connection_plugin/playbooks/teardown.yml Normal file
View file

@ -0,0 +1,34 @@
---
- name: Teardown test suite
hosts: localhost
connection: local
gather_facts: false
vars_files:
- ../vars.yml
environment:
GCP_SERVICE_ACCOUNT_FILE: "{{ gcp_cred_file }}"
GCP_AUTH_KIND: "{{ gcp_cred_kind }}"
GCP_PROJECT: "{{ gcp_project }}"
tasks:
- name: TEARDOWN | Destroy instances # noqa: ignore-errors
google.cloud.gcp_compute_instance:
name: "{{ prefix }}-{{ item.name }}"
machine_type: "{{ gcp_machine_type }}"
zone: "{{ gcp_zone }}"
state: absent
loop: "{{ sut }}"
ignore_errors: true
- name: TEARDOWN | Remove IAP firewall rule # noqa: ignore-errors
google.cloud.gcp_compute_firewall:
name: all-iap
state: absent
network:
selfLink: "networks/{{ prefix }}"
ignore_errors: true
- name: TEARDOWN | Destroy network # noqa: ignore-errors
google.cloud.gcp_compute_network:
name: "{{ prefix }}"
state: absent
ignore_errors: true

25
tests/integration/targets/connection_plugin/playbooks/test.yml Normal file
View file

@ -0,0 +1,25 @@
---
- name: Test IAP connection plugin
hosts: gcp_cluster_web:gcp_cluster_db
connection: google.cloud.iap
gather_facts: false
vars_files:
- ../vars.yml
tasks:
- name: TEST | Ping
ansible.builtin.ping:
- name: TEST | Copy
ansible.builtin.copy:
content: "Test file test"
dest: "/tmp/{{ prefix }}.txt"
mode: "0644"
- name: TEST | Slurp
ansible.builtin.slurp:
src: "/tmp/{{ prefix }}.txt"
register: _content
- name: TEST | Debug
ansible.builtin.debug:
msg: "{{ _content['content'] | b64decode }}"

25
tests/integration/targets/connection_plugin/runme.sh Executable file
View file

@ -0,0 +1,25 @@
#!/usr/bin/env bash
set -eux
# test infra
ansible-playbook playbooks/setup.yml "$@"
export ANSIBLE_INVENTORY=test.gcp_compute.yml
ansible-inventory --graph
RC=0
# we want to run teardown regardless of playbook exit status, so catch the
# exit code of ansible-playbook manually
set +e
ansible-playbook -vvvvv playbooks/test.yml "$@"
RC=$?
set -e
unset ANSIBLE_INVENTORY
# delete test infra
ansible-playbook playbooks/teardown.yml "$@"
exit $RC

31
tests/integration/targets/connection_plugin/templates/inventory.yml.j2 Normal file
View file

@ -0,0 +1,31 @@
---
plugin: google.cloud.gcp_compute
zones:
{{ gcp_zones | to_nice_yaml }}
projects:
- {{ gcp_project }}
auth_kind: {{ gcp_cred_kind }}
service_account_file: {{ gcp_cred_file }}
scopes:
- 'https://www.googleapis.com/auth/cloud-platform'
- 'https://www.googleapis.com/auth/compute.readonly'
keyed_groups:
- prefix: gcp
key: labels
filters:
- 'labels.test:{{ prefix }}'
hostnames:
- name
# set variables for the connection plugin
compose:
ansible_gcloud_zone: zone
ansible_gcloud_project: project

1
tests/integration/targets/connection_plugin/test.gcp_compute.yml Normal file
View file

@ -0,0 +1 @@
# placeholder

32
tests/integration/targets/connection_plugin/vars.yml Normal file
View file

@ -0,0 +1,32 @@
---
prefix: "{{ resource_prefix | default('d3adb33f') }}"
gcp_region: us-central1
gcp_zones:
- "{{ gcp_region }}-a"
- "{{ gcp_region }}-b"
- "{{ gcp_region }}-c"
- "{{ gcp_region }}-f"
gcp_zone: "{{ gcp_zones | last }}"
gcp_disk_image: projects/centos-cloud/global/images/family/centos-stream-9
gcp_machine_type: g1-small
sut:
- name: vm1
labels:
test: "{{ prefix }}"
cluster: web
- name: vm2
labels:
test: "{{ prefix }}"
cluster: web
- name: vm3
labels:
test: "{{ prefix }}"
cluster: db
ansible_python_interpreter: /usr/bin/python3
# these are only useful when connection != local
ansible_ssh_user: cloud-user
ansible_ssh_private_key_file: "{{ playbook_dir }}/ssh_key"