-
Notifications
You must be signed in to change notification settings - Fork 126
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add support for using application default credentials when runn…
…ing integration tests
- Loading branch information
1 parent
611e6d9
commit bf74697
Showing
90 changed files
with
856 additions
and
793 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -15,32 +15,89 @@ under a directory `ansible_collections`. Clone ensuring that hierarchy: | |
|
|
||
| ```shell | ||
| mkdir -p $TARGET_DIR/ansible_collections/google | ||
| git clone <url> $TARGET_DIR/collections/google/cloud | ||
| git clone <url> $TARGET_DIR/ansible_collections/google/cloud | ||
| ``` | ||
|
|
||
| Then set up your Python virtual environment: | ||
|
|
||
| ```shell | ||
| cd $TARGET_DIR/ansible_collections/google | ||
| python3 -m venv venv | ||
| . ./venv/bin/activate | ||
| pip3 install -r requirements.txt | ||
| pip3 install -r requirements-test.txt | ||
| pip3 install ansible | ||
| ``` | ||
|
|
||
| ## Running tests | ||
|
|
||
| ### prequisites for all tests | ||
| ### Prequisites for all tests | ||
|
|
||
| - Install `gcloud` following [these instructions](https://cloud.google.com/sdk/docs/install). | ||
| - Install the `ansible` package. | ||
| - Some container runtime is necessary (e.g. `podman` or `docker`). The instructions use podman. | ||
|
|
||
| ## Running integration tests | ||
|
|
||
| ### Integration testing prequisites | ||
|
|
||
| #### Installing personal GCP credentials | ||
| #### Authentication with personal GCP credentials | ||
|
|
||
| If you are running the integration tests locally the easiest way to | ||
| authenticate to GCP is using [application default credentials](https://cloud.google.com/sdk/docs/authorizing#adc). | ||
| Once you have installed `gcloud` and performed basic initialization (via `gcloud init`) run: | ||
|
|
||
| ```shell | ||
| gcloud auth application-default login | ||
| ``` | ||
|
|
||
| #### Authentication with service account credentials | ||
|
|
||
| A service account may also be used to run the integration tests. You can create one using `gcloud`: | ||
|
|
||
| ```shell | ||
| gcloud iam service-accounts create ansible-test-account \ | ||
| --description="For running Anisble integration tests" \ | ||
| --display-name="Ansible Test Account" | ||
| ``` | ||
|
|
||
| You'll also need to export a key file. Here and below `$SERVICE_ACCOUNT_NAME` | ||
| is the full email address of the service account, in the form | ||
| `EMAIL@PROJECT_ID.iam.gserviceaccount.com`, e.g., if you used the | ||
| account name `ansible-test-account` as suggested above and your project | ||
| ID is `my-test-project`, use `[email protected]`. | ||
|
|
||
| ```shell | ||
| gcloud iam service-accounts keys create /path/to/cred/file.json \ | ||
| --iam-account=ansible-test-account@my-test-project.iam.gserviceaccount.com | ||
| chmod 0600 /path/to/cred/file.json | ||
| ``` | ||
|
|
||
| Read the [best practices for managing service account keys](https://cloud.google.com/iam/docs/best-practices-for-managing-service-account-keys) | ||
| to learn how to keep your service account key and your GCP resources safe. | ||
|
|
||
| #### Configuring test credentials | ||
|
|
||
| The integration tests for this module require the use of real GCP credentials, and must provide | ||
| ansible-test those values. They can be added by authoring the following in `tests/integration/cloud-config-gcp.ini`: | ||
| ansible-test those values. They can be added by creating the file `tests/integration/cloud-config-gcp.ini`. | ||
|
|
||
| If you are using personal (i.e., application default) credentials, add: | ||
|
|
||
| ``` | ||
| [default] | ||
| gcp_project: $PROJECT_ID | ||
| gcp_cred_kind: application | ||
| gcp_folder_id: $TEST_FOLDER (to create test projects) | ||
| ``` | ||
|
|
||
| If you are using a service account for credentials, add: | ||
|
|
||
| ``` | ||
| [default] | ||
| gcp_project: @PROJECT_ID | ||
| gcp_cred_file: @CRED_FILE | ||
| gcp_cred_kind: @CRED_KIND | ||
| gcp_cred_email: @EMAIL | ||
| gcp_folder_id: @TEST_FOLDER (to create test projects) | ||
| gcp_project: $PROJECT_ID | ||
| gcp_cred_file: /path/to/cred/file.json | ||
| gcp_cred_kind: serviceaccount | ||
| gcp_folder_id: $TEST_FOLDER (to create test projects) | ||
| ``` | ||
|
|
||
| #### Setting up the project for testing | ||
|
|
@@ -51,7 +108,8 @@ and is expected to be configured beforehand. | |
| For convenience, a bootstrap script is provided. | ||
|
|
||
| NOTE: running this script will make irreversible changes in your | ||
| GCP project (e.g. create an AppEngine project): | ||
| GCP project (e.g. create an AppEngine project). You can omit | ||
| `$SERVICE_ACCOUNT_NAME` is you are using application default credentials. | ||
|
|
||
| ```bash | ||
| bash ./scripts/bootstrap-project.sh $PROJECT_ID $SERVICE_ACCOUNT_NAME | ||
|
|
@@ -92,7 +150,7 @@ ansible-lint | |
|
|
||
| ## Specific Tasks | ||
|
|
||
| The following enumerates detailed documentation for specific tasks related tot | ||
| The following enumerates detailed documentation for specific tasks related to | ||
| the codebase. | ||
|
|
||
| ### Updating the supported ansible-core version | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| minor_changes: | ||
| - ansible-test - add support for GCP application default credentials (https://github.com/ansible-collections/google.cloud/issues/359). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
tests/integration/targets/gcp_appengine_firewall_rule/defaults/main.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,2 @@ | ||
| --- | ||
| resource_name: "{{ resource_prefix }}" | ||
| resource_name: "{{ resource_prefix }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.