blob: adb6bedd2429f4cbd683eb93bfb1adeb0e4808bc [file] [log] [blame]
James E. Blair59fdbac2015-12-07 17:08:06 -08001#!/usr/bin/env python
2
3# Copyright 2012 Hewlett-Packard Development Company, L.P.
4#
5# Licensed under the Apache License, Version 2.0 (the "License"); you may
6# not use this file except in compliance with the License. You may obtain
7# a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14# License for the specific language governing permissions and limitations
15# under the License.
16
James E. Blaira92cbc82017-01-23 14:56:49 -080017import os
James E. Blair14abdf42015-12-09 16:11:53 -080018import textwrap
James E. Blair59fdbac2015-12-07 17:08:06 -080019
James E. Blairb9c0d772017-03-03 14:34:49 -080020import testtools
21
22import zuul.configloader
James E. Blairbf1a4f22017-03-17 10:59:37 -070023from zuul.lib import encryption
Ricardo Carrillo Cruz22994f92016-12-02 11:41:58 +000024from tests.base import AnsibleZuulTestCase, ZuulTestCase, FIXTURE_DIR
James E. Blair59fdbac2015-12-07 17:08:06 -080025
James E. Blair59fdbac2015-12-07 17:08:06 -080026
James E. Blair3f876d52016-07-22 13:07:14 -070027class TestMultipleTenants(AnsibleZuulTestCase):
James E. Blair59fdbac2015-12-07 17:08:06 -080028 # A temporary class to hold new tests while others are disabled
29
James E. Blair2a629ec2015-12-22 15:32:02 -080030 tenant_config_file = 'config/multi-tenant/main.yaml'
James E. Blair59fdbac2015-12-07 17:08:06 -080031
James E. Blair83005782015-12-11 14:46:03 -080032 def test_multiple_tenants(self):
James E. Blair96f26942015-12-09 10:15:59 -080033 A = self.fake_gerrit.addFakeChange('org/project1', 'master', 'A')
Tobias Henkelbf24fd12017-07-27 06:13:07 +020034 A.addApproval('Code-Review', 2)
35 self.fake_gerrit.addEvent(A.addApproval('Approved', 1))
James E. Blair59fdbac2015-12-07 17:08:06 -080036 self.waitUntilSettled()
James E. Blair96f26942015-12-09 10:15:59 -080037 self.assertEqual(self.getJobFromHistory('project1-test1').result,
James E. Blair59fdbac2015-12-07 17:08:06 -080038 'SUCCESS')
James E. Blair96c6bf82016-01-15 16:20:40 -080039 self.assertEqual(self.getJobFromHistory('python27').result,
40 'SUCCESS')
James E. Blair59fdbac2015-12-07 17:08:06 -080041 self.assertEqual(A.data['status'], 'MERGED')
James E. Blair96f26942015-12-09 10:15:59 -080042 self.assertEqual(A.reported, 2,
43 "A should report start and success")
44 self.assertIn('tenant-one-gate', A.messages[1],
45 "A should transit tenant-one gate")
46 self.assertNotIn('tenant-two-gate', A.messages[1],
47 "A should *not* transit tenant-two gate")
James E. Blair59fdbac2015-12-07 17:08:06 -080048
James E. Blair96f26942015-12-09 10:15:59 -080049 B = self.fake_gerrit.addFakeChange('org/project2', 'master', 'B')
Tobias Henkelbf24fd12017-07-27 06:13:07 +020050 B.addApproval('Code-Review', 2)
51 self.fake_gerrit.addEvent(B.addApproval('Approved', 1))
James E. Blair96f26942015-12-09 10:15:59 -080052 self.waitUntilSettled()
James E. Blair96c6bf82016-01-15 16:20:40 -080053 self.assertEqual(self.getJobFromHistory('python27',
54 'org/project2').result,
55 'SUCCESS')
James E. Blair96f26942015-12-09 10:15:59 -080056 self.assertEqual(self.getJobFromHistory('project2-test1').result,
57 'SUCCESS')
58 self.assertEqual(B.data['status'], 'MERGED')
59 self.assertEqual(B.reported, 2,
60 "B should report start and success")
61 self.assertIn('tenant-two-gate', B.messages[1],
62 "B should transit tenant-two gate")
63 self.assertNotIn('tenant-one-gate', B.messages[1],
64 "B should *not* transit tenant-one gate")
James E. Blair59fdbac2015-12-07 17:08:06 -080065
James E. Blair96f26942015-12-09 10:15:59 -080066 self.assertEqual(A.reported, 2, "Activity in tenant two should"
67 "not affect tenant one")
James E. Blair14abdf42015-12-09 16:11:53 -080068
James E. Blair83005782015-12-11 14:46:03 -080069
Tobias Henkel83167622017-06-30 19:45:03 +020070class TestFinal(ZuulTestCase):
71
72 tenant_config_file = 'config/final/main.yaml'
73
74 def test_final_variant_ok(self):
75 # test clean usage of final parent job
76 in_repo_conf = textwrap.dedent(
77 """
78 - project:
79 name: org/project
80 check:
81 jobs:
82 - job-final
83 """)
84
85 file_dict = {'.zuul.yaml': in_repo_conf}
86 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A',
87 files=file_dict)
88 self.fake_gerrit.addEvent(A.getPatchsetCreatedEvent(1))
89 self.waitUntilSettled()
90
91 self.assertEqual(A.reported, 1)
92 self.assertEqual(A.patchsets[-1]['approvals'][0]['value'], '1')
93
94 def test_final_variant_error(self):
95 # test misuse of final parent job
96 in_repo_conf = textwrap.dedent(
97 """
98 - project:
99 name: org/project
100 check:
101 jobs:
102 - job-final:
103 vars:
104 dont_override_this: bar
105 """)
106 file_dict = {'.zuul.yaml': in_repo_conf}
107 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A',
108 files=file_dict)
109 self.fake_gerrit.addEvent(A.getPatchsetCreatedEvent(1))
110 self.waitUntilSettled()
111
112 # The second patch tried to override some variables.
113 # Thus it should fail.
114 self.assertEqual(A.reported, 1)
115 self.assertEqual(A.patchsets[-1]['approvals'][0]['value'], '-1')
116 self.assertIn('Unable to modify final job', A.messages[0])
117
118 def test_final_inheritance(self):
119 # test misuse of final parent job
120 in_repo_conf = textwrap.dedent(
121 """
122 - job:
123 name: project-test
124 parent: job-final
125
126 - project:
127 name: org/project
128 check:
129 jobs:
130 - project-test
131 """)
132
133 in_repo_playbook = textwrap.dedent(
134 """
135 - hosts: all
136 tasks: []
137 """)
138
139 file_dict = {'.zuul.yaml': in_repo_conf,
140 'playbooks/project-test.yaml': in_repo_playbook}
141 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A',
142 files=file_dict)
143 self.fake_gerrit.addEvent(A.getPatchsetCreatedEvent(1))
144 self.waitUntilSettled()
145
146 # The second patch tried to override some variables.
147 # Thus it should fail.
148 self.assertEqual(A.reported, 1)
149 self.assertEqual(A.patchsets[-1]['approvals'][0]['value'], '-1')
150 self.assertIn('Unable to inherit from final job', A.messages[0])
151
152
James E. Blairff555742017-02-19 11:34:27 -0800153class TestInRepoConfig(ZuulTestCase):
James E. Blair83005782015-12-11 14:46:03 -0800154 # A temporary class to hold new tests while others are disabled
155
Tobias Henkelabf973e2017-07-28 10:07:34 +0200156 config_file = 'zuul-connections-gerrit-and-github.conf'
James E. Blair2a629ec2015-12-22 15:32:02 -0800157 tenant_config_file = 'config/in-repo/main.yaml'
James E. Blair83005782015-12-11 14:46:03 -0800158
James E. Blair83005782015-12-11 14:46:03 -0800159 def test_in_repo_config(self):
James E. Blair14abdf42015-12-09 16:11:53 -0800160 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A')
Tobias Henkelbf24fd12017-07-27 06:13:07 +0200161 A.addApproval('Code-Review', 2)
162 self.fake_gerrit.addEvent(A.addApproval('Approved', 1))
James E. Blair14abdf42015-12-09 16:11:53 -0800163 self.waitUntilSettled()
164 self.assertEqual(self.getJobFromHistory('project-test1').result,
165 'SUCCESS')
166 self.assertEqual(A.data['status'], 'MERGED')
167 self.assertEqual(A.reported, 2,
168 "A should report start and success")
169 self.assertIn('tenant-one-gate', A.messages[1],
170 "A should transit tenant-one gate")
James E. Blairb97ed802015-12-21 15:55:35 -0800171
James E. Blair8b1dc3f2016-07-05 16:49:00 -0700172 def test_dynamic_config(self):
173 in_repo_conf = textwrap.dedent(
174 """
175 - job:
Tobias Henkelf02cf512017-07-21 22:55:34 +0200176 name: project-test1
177
178 - job:
James E. Blair8b1dc3f2016-07-05 16:49:00 -0700179 name: project-test2
180
181 - project:
182 name: org/project
183 tenant-one-gate:
184 jobs:
185 - project-test2
186 """)
187
James E. Blairc73c73a2017-01-20 15:15:15 -0800188 in_repo_playbook = textwrap.dedent(
189 """
190 - hosts: all
191 tasks: []
192 """)
193
194 file_dict = {'.zuul.yaml': in_repo_conf,
195 'playbooks/project-test2.yaml': in_repo_playbook}
James E. Blair8b1dc3f2016-07-05 16:49:00 -0700196 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A',
James E. Blairc73c73a2017-01-20 15:15:15 -0800197 files=file_dict)
Tobias Henkelbf24fd12017-07-27 06:13:07 +0200198 A.addApproval('Code-Review', 2)
199 self.fake_gerrit.addEvent(A.addApproval('Approved', 1))
James E. Blair8b1dc3f2016-07-05 16:49:00 -0700200 self.waitUntilSettled()
James E. Blair8b1dc3f2016-07-05 16:49:00 -0700201 self.assertEqual(A.data['status'], 'MERGED')
202 self.assertEqual(A.reported, 2,
203 "A should report start and success")
204 self.assertIn('tenant-one-gate', A.messages[1],
205 "A should transit tenant-one gate")
James E. Blair646322f2017-01-27 15:50:34 -0800206 self.assertHistory([
207 dict(name='project-test2', result='SUCCESS', changes='1,1')])
208
James E. Blairc2a5ed72017-02-20 14:12:01 -0500209 self.fake_gerrit.addEvent(A.getChangeMergedEvent())
James E. Blair7bbd7a32017-03-06 11:36:13 -0800210 self.waitUntilSettled()
James E. Blairc2a5ed72017-02-20 14:12:01 -0500211
James E. Blair646322f2017-01-27 15:50:34 -0800212 # Now that the config change is landed, it should be live for
213 # subsequent changes.
214 B = self.fake_gerrit.addFakeChange('org/project', 'master', 'B')
Tobias Henkelbf24fd12017-07-27 06:13:07 +0200215 B.addApproval('Code-Review', 2)
216 self.fake_gerrit.addEvent(B.addApproval('Approved', 1))
James E. Blair646322f2017-01-27 15:50:34 -0800217 self.waitUntilSettled()
218 self.assertEqual(self.getJobFromHistory('project-test2').result,
219 'SUCCESS')
220 self.assertHistory([
221 dict(name='project-test2', result='SUCCESS', changes='1,1'),
222 dict(name='project-test2', result='SUCCESS', changes='2,1')])
James E. Blairc73c73a2017-01-20 15:15:15 -0800223
Tobias Henkelf02cf512017-07-21 22:55:34 +0200224 def test_dynamic_config_non_existing_job(self):
225 """Test that requesting a non existent job fails"""
226 in_repo_conf = textwrap.dedent(
227 """
228 - job:
229 name: project-test1
230
231 - project:
232 name: org/project
233 check:
234 jobs:
235 - non-existent-job
236 """)
237
238 in_repo_playbook = textwrap.dedent(
239 """
240 - hosts: all
241 tasks: []
242 """)
243
244 file_dict = {'.zuul.yaml': in_repo_conf,
245 'playbooks/project-test2.yaml': in_repo_playbook}
246 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A',
247 files=file_dict)
248 self.fake_gerrit.addEvent(A.getPatchsetCreatedEvent(1))
249 self.waitUntilSettled()
250 self.assertEqual(A.reported, 1,
251 "A should report failure")
252 self.assertEqual(A.patchsets[0]['approvals'][0]['value'], "-1")
253 self.assertIn('Job non-existent-job not defined', A.messages[0],
254 "A should have failed the check pipeline")
255 self.assertHistory([])
256
257 def test_dynamic_config_non_existing_job_in_template(self):
258 """Test that requesting a non existent job fails"""
259 in_repo_conf = textwrap.dedent(
260 """
261 - job:
262 name: project-test1
263
264 - project-template:
265 name: test-template
266 check:
267 jobs:
268 - non-existent-job
269
270 - project:
271 name: org/project
272 templates:
273 - test-template
274 """)
275
276 in_repo_playbook = textwrap.dedent(
277 """
278 - hosts: all
279 tasks: []
280 """)
281
282 file_dict = {'.zuul.yaml': in_repo_conf,
283 'playbooks/project-test2.yaml': in_repo_playbook}
284 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A',
285 files=file_dict)
286 self.fake_gerrit.addEvent(A.getPatchsetCreatedEvent(1))
287 self.waitUntilSettled()
288 self.assertEqual(A.reported, 1,
289 "A should report failure")
290 self.assertEqual(A.patchsets[0]['approvals'][0]['value'], "-1")
291 self.assertIn('Job non-existent-job not defined', A.messages[0],
292 "A should have failed the check pipeline")
293 self.assertHistory([])
294
Tobias Henkel0f714002017-06-30 23:30:52 +0200295 def test_dynamic_config_new_patchset(self):
296 self.executor_server.hold_jobs_in_build = True
297
298 tenant = self.sched.abide.tenants.get('tenant-one')
299 check_pipeline = tenant.layout.pipelines['check']
300
301 in_repo_conf = textwrap.dedent(
302 """
303 - job:
Tobias Henkelf02cf512017-07-21 22:55:34 +0200304 name: project-test1
305
306 - job:
Tobias Henkel0f714002017-06-30 23:30:52 +0200307 name: project-test2
308
309 - project:
310 name: org/project
311 check:
312 jobs:
313 - project-test2
314 """)
315
316 in_repo_playbook = textwrap.dedent(
317 """
318 - hosts: all
319 tasks: []
320 """)
321
322 file_dict = {'.zuul.yaml': in_repo_conf,
323 'playbooks/project-test2.yaml': in_repo_playbook}
324 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A',
325 files=file_dict)
326 self.fake_gerrit.addEvent(A.getPatchsetCreatedEvent(1))
327 self.waitUntilSettled()
328
329 items = check_pipeline.getAllItems()
330 self.assertEqual(items[0].change.number, '1')
331 self.assertEqual(items[0].change.patchset, '1')
332 self.assertTrue(items[0].live)
333
334 in_repo_conf = textwrap.dedent(
335 """
336 - job:
Tobias Henkel0ce7ec62017-07-21 22:50:17 +0200337 name: project-test1
338
339 - job:
Tobias Henkel0f714002017-06-30 23:30:52 +0200340 name: project-test2
341
342 - project:
343 name: org/project
344 check:
345 jobs:
346 - project-test1
347 - project-test2
348 """)
349 file_dict = {'.zuul.yaml': in_repo_conf,
350 'playbooks/project-test2.yaml': in_repo_playbook}
351
352 A.addPatchset(files=file_dict)
353 self.fake_gerrit.addEvent(A.getPatchsetCreatedEvent(2))
354
355 self.waitUntilSettled()
356
357 items = check_pipeline.getAllItems()
358 self.assertEqual(items[0].change.number, '1')
359 self.assertEqual(items[0].change.patchset, '2')
360 self.assertTrue(items[0].live)
361
362 self.executor_server.hold_jobs_in_build = False
Tobias Henkel0ce7ec62017-07-21 22:50:17 +0200363 self.executor_server.release('project-test1')
364 self.waitUntilSettled()
Tobias Henkel0f714002017-06-30 23:30:52 +0200365 self.executor_server.release()
366 self.waitUntilSettled()
367
Tobias Henkel0ce7ec62017-07-21 22:50:17 +0200368 self.assertHistory([
369 dict(name='project-test2', result='ABORTED', changes='1,1'),
370 dict(name='project-test1', result='SUCCESS', changes='1,2'),
371 dict(name='project-test2', result='SUCCESS', changes='1,2')])
372
Jesse Keating78f544a2017-07-13 14:27:40 -0700373 def test_dynamic_dependent_pipeline(self):
374 # Test dynamically adding a project to a
375 # dependent pipeline for the first time
376 self.executor_server.hold_jobs_in_build = True
377
378 tenant = self.sched.abide.tenants.get('tenant-one')
379 gate_pipeline = tenant.layout.pipelines['gate']
380
381 in_repo_conf = textwrap.dedent(
382 """
383 - job:
Tobias Henkelf02cf512017-07-21 22:55:34 +0200384 name: project-test1
385
386 - job:
Jesse Keating78f544a2017-07-13 14:27:40 -0700387 name: project-test2
388
389 - project:
390 name: org/project
391 gate:
392 jobs:
393 - project-test2
394 """)
395
396 in_repo_playbook = textwrap.dedent(
397 """
398 - hosts: all
399 tasks: []
400 """)
401
402 file_dict = {'.zuul.yaml': in_repo_conf,
403 'playbooks/project-test2.yaml': in_repo_playbook}
404 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A',
405 files=file_dict)
Tobias Henkelbf24fd12017-07-27 06:13:07 +0200406 A.addApproval('Approved', 1)
407 self.fake_gerrit.addEvent(A.addApproval('Code-Review', 2))
Jesse Keating78f544a2017-07-13 14:27:40 -0700408 self.waitUntilSettled()
409
410 items = gate_pipeline.getAllItems()
411 self.assertEqual(items[0].change.number, '1')
412 self.assertEqual(items[0].change.patchset, '1')
413 self.assertTrue(items[0].live)
414
415 self.executor_server.hold_jobs_in_build = False
416 self.executor_server.release()
417 self.waitUntilSettled()
418
419 # Make sure the dynamic queue got cleaned up
420 self.assertEqual(gate_pipeline.queues, [])
421
James E. Blairff555742017-02-19 11:34:27 -0800422 def test_in_repo_branch(self):
423 in_repo_conf = textwrap.dedent(
424 """
425 - job:
Tobias Henkelf02cf512017-07-21 22:55:34 +0200426 name: project-test1
427
428 - job:
James E. Blairff555742017-02-19 11:34:27 -0800429 name: project-test2
430
431 - project:
432 name: org/project
433 tenant-one-gate:
434 jobs:
435 - project-test2
436 """)
437
438 in_repo_playbook = textwrap.dedent(
439 """
440 - hosts: all
441 tasks: []
442 """)
443
444 file_dict = {'.zuul.yaml': in_repo_conf,
445 'playbooks/project-test2.yaml': in_repo_playbook}
446 self.create_branch('org/project', 'stable')
447 A = self.fake_gerrit.addFakeChange('org/project', 'stable', 'A',
448 files=file_dict)
Tobias Henkelbf24fd12017-07-27 06:13:07 +0200449 A.addApproval('Code-Review', 2)
450 self.fake_gerrit.addEvent(A.addApproval('Approved', 1))
James E. Blairff555742017-02-19 11:34:27 -0800451 self.waitUntilSettled()
452 self.assertEqual(A.data['status'], 'MERGED')
453 self.assertEqual(A.reported, 2,
454 "A should report start and success")
455 self.assertIn('tenant-one-gate', A.messages[1],
456 "A should transit tenant-one gate")
457 self.assertHistory([
458 dict(name='project-test2', result='SUCCESS', changes='1,1')])
459 self.fake_gerrit.addEvent(A.getChangeMergedEvent())
James E. Blair7bbd7a32017-03-06 11:36:13 -0800460 self.waitUntilSettled()
James E. Blairff555742017-02-19 11:34:27 -0800461
462 # The config change should not affect master.
463 B = self.fake_gerrit.addFakeChange('org/project', 'master', 'B')
Tobias Henkelbf24fd12017-07-27 06:13:07 +0200464 B.addApproval('Code-Review', 2)
465 self.fake_gerrit.addEvent(B.addApproval('Approved', 1))
James E. Blairff555742017-02-19 11:34:27 -0800466 self.waitUntilSettled()
467 self.assertHistory([
468 dict(name='project-test2', result='SUCCESS', changes='1,1'),
469 dict(name='project-test1', result='SUCCESS', changes='2,1')])
470
471 # The config change should be live for further changes on
472 # stable.
473 C = self.fake_gerrit.addFakeChange('org/project', 'stable', 'C')
Tobias Henkelbf24fd12017-07-27 06:13:07 +0200474 C.addApproval('Code-Review', 2)
475 self.fake_gerrit.addEvent(C.addApproval('Approved', 1))
James E. Blairff555742017-02-19 11:34:27 -0800476 self.waitUntilSettled()
477 self.assertHistory([
478 dict(name='project-test2', result='SUCCESS', changes='1,1'),
479 dict(name='project-test1', result='SUCCESS', changes='2,1'),
480 dict(name='project-test2', result='SUCCESS', changes='3,1')])
481
James E. Blaira5a12492017-05-03 11:40:48 -0700482 def test_crd_dynamic_config_branch(self):
483 # Test that we can create a job in one repo and be able to use
484 # it from a different branch on a different repo.
485
486 self.create_branch('org/project1', 'stable')
487
488 in_repo_conf = textwrap.dedent(
489 """
490 - job:
Tobias Henkelf02cf512017-07-21 22:55:34 +0200491 name: project-test1
492
493 - job:
James E. Blaira5a12492017-05-03 11:40:48 -0700494 name: project-test2
495
496 - project:
497 name: org/project
498 check:
499 jobs:
500 - project-test2
501 """)
502
503 in_repo_playbook = textwrap.dedent(
504 """
505 - hosts: all
506 tasks: []
507 """)
508
509 file_dict = {'.zuul.yaml': in_repo_conf,
510 'playbooks/project-test2.yaml': in_repo_playbook}
511 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A',
512 files=file_dict)
513
514 second_repo_conf = textwrap.dedent(
515 """
516 - project:
517 name: org/project1
518 check:
519 jobs:
520 - project-test2
521 """)
522
523 second_file_dict = {'.zuul.yaml': second_repo_conf}
524 B = self.fake_gerrit.addFakeChange('org/project1', 'stable', 'B',
525 files=second_file_dict)
526 B.data['commitMessage'] = '%s\n\nDepends-On: %s\n' % (
527 B.subject, A.data['id'])
528
529 self.fake_gerrit.addEvent(A.getPatchsetCreatedEvent(1))
530 self.waitUntilSettled()
531 self.fake_gerrit.addEvent(B.getPatchsetCreatedEvent(1))
532 self.waitUntilSettled()
533
534 self.assertEqual(A.reported, 1, "A should report")
535 self.assertHistory([
536 dict(name='project-test2', result='SUCCESS', changes='1,1'),
537 dict(name='project-test2', result='SUCCESS', changes='1,1 2,1'),
538 ])
539
James E. Blair149b69c2017-03-02 10:48:16 -0800540 def test_untrusted_syntax_error(self):
James E. Blaire53250c2017-03-01 14:34:36 -0800541 in_repo_conf = textwrap.dedent(
542 """
543 - job:
544 name: project-test2
545 foo: error
546 """)
547
548 file_dict = {'.zuul.yaml': in_repo_conf}
549 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A',
550 files=file_dict)
Tobias Henkelbf24fd12017-07-27 06:13:07 +0200551 A.addApproval('Code-Review', 2)
552 self.fake_gerrit.addEvent(A.addApproval('Approved', 1))
James E. Blaire53250c2017-03-01 14:34:36 -0800553 self.waitUntilSettled()
554
555 self.assertEqual(A.data['status'], 'NEW')
Tobias Henkel9842bd72017-05-16 13:40:03 +0200556 self.assertEqual(A.reported, 1,
557 "A should report failure")
558 self.assertIn('syntax error', A.messages[0],
James E. Blaire53250c2017-03-01 14:34:36 -0800559 "A should have a syntax error reported")
560
James E. Blair149b69c2017-03-02 10:48:16 -0800561 def test_trusted_syntax_error(self):
562 in_repo_conf = textwrap.dedent(
563 """
564 - job:
565 name: project-test2
566 foo: error
567 """)
568
569 file_dict = {'zuul.yaml': in_repo_conf}
570 A = self.fake_gerrit.addFakeChange('common-config', 'master', 'A',
571 files=file_dict)
Tobias Henkelbf24fd12017-07-27 06:13:07 +0200572 A.addApproval('Code-Review', 2)
573 self.fake_gerrit.addEvent(A.addApproval('Approved', 1))
James E. Blair149b69c2017-03-02 10:48:16 -0800574 self.waitUntilSettled()
575
576 self.assertEqual(A.data['status'], 'NEW')
Tobias Henkel9842bd72017-05-16 13:40:03 +0200577 self.assertEqual(A.reported, 1,
578 "A should report failure")
579 self.assertIn('syntax error', A.messages[0],
James E. Blair149b69c2017-03-02 10:48:16 -0800580 "A should have a syntax error reported")
581
James E. Blair6f140c72017-03-03 10:32:07 -0800582 def test_untrusted_yaml_error(self):
583 in_repo_conf = textwrap.dedent(
584 """
585 - job:
586 foo: error
587 """)
588
589 file_dict = {'.zuul.yaml': in_repo_conf}
590 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A',
591 files=file_dict)
Tobias Henkelbf24fd12017-07-27 06:13:07 +0200592 A.addApproval('Code-Review', 2)
593 self.fake_gerrit.addEvent(A.addApproval('Approved', 1))
James E. Blair6f140c72017-03-03 10:32:07 -0800594 self.waitUntilSettled()
595
596 self.assertEqual(A.data['status'], 'NEW')
Tobias Henkel9842bd72017-05-16 13:40:03 +0200597 self.assertEqual(A.reported, 1,
598 "A should report failure")
599 self.assertIn('syntax error', A.messages[0],
James E. Blair6f140c72017-03-03 10:32:07 -0800600 "A should have a syntax error reported")
601
James E. Blairdb04e6a2017-05-03 14:49:36 -0700602 def test_untrusted_shadow_error(self):
603 in_repo_conf = textwrap.dedent(
604 """
605 - job:
606 name: common-config-test
607 """)
608
609 file_dict = {'.zuul.yaml': in_repo_conf}
610 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A',
611 files=file_dict)
Tobias Henkelbf24fd12017-07-27 06:13:07 +0200612 A.addApproval('Code-Review', 2)
613 self.fake_gerrit.addEvent(A.addApproval('Approved', 1))
James E. Blairdb04e6a2017-05-03 14:49:36 -0700614 self.waitUntilSettled()
615
616 self.assertEqual(A.data['status'], 'NEW')
Tobias Henkel9842bd72017-05-16 13:40:03 +0200617 self.assertEqual(A.reported, 1,
618 "A should report failure")
619 self.assertIn('not permitted to shadow', A.messages[0],
James E. Blairdb04e6a2017-05-03 14:49:36 -0700620 "A should have a syntax error reported")
621
James E. Blaird5656ad2017-06-02 14:29:41 -0700622 def test_untrusted_pipeline_error(self):
623 in_repo_conf = textwrap.dedent(
624 """
625 - pipeline:
626 name: test
627 """)
628
629 file_dict = {'.zuul.yaml': in_repo_conf}
630 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A',
631 files=file_dict)
Tobias Henkelbf24fd12017-07-27 06:13:07 +0200632 A.addApproval('Code-Review', 2)
633 self.fake_gerrit.addEvent(A.addApproval('Approved', 1))
James E. Blaird5656ad2017-06-02 14:29:41 -0700634 self.waitUntilSettled()
635
636 self.assertEqual(A.data['status'], 'NEW')
637 self.assertEqual(A.reported, 1,
638 "A should report failure")
639 self.assertIn('Pipelines may not be defined', A.messages[0],
640 "A should have a syntax error reported")
641
642 def test_untrusted_project_error(self):
643 in_repo_conf = textwrap.dedent(
644 """
645 - project:
646 name: org/project1
647 """)
648
649 file_dict = {'.zuul.yaml': in_repo_conf}
650 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A',
651 files=file_dict)
Tobias Henkelbf24fd12017-07-27 06:13:07 +0200652 A.addApproval('Code-Review', 2)
653 self.fake_gerrit.addEvent(A.addApproval('Approved', 1))
James E. Blaird5656ad2017-06-02 14:29:41 -0700654 self.waitUntilSettled()
655
656 self.assertEqual(A.data['status'], 'NEW')
657 self.assertEqual(A.reported, 1,
658 "A should report failure")
659 self.assertIn('the only project definition permitted', A.messages[0],
660 "A should have a syntax error reported")
661
James E. Blaire64b0e42017-06-08 11:23:34 -0700662 def test_duplicate_node_error(self):
663 in_repo_conf = textwrap.dedent(
664 """
665 - nodeset:
666 name: duplicate
667 nodes:
668 - name: compute
James E. Blair16d96a02017-06-08 11:32:56 -0700669 label: foo
James E. Blaire64b0e42017-06-08 11:23:34 -0700670 - name: compute
James E. Blair16d96a02017-06-08 11:32:56 -0700671 label: foo
James E. Blaire64b0e42017-06-08 11:23:34 -0700672 """)
673
674 file_dict = {'.zuul.yaml': in_repo_conf}
675 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A',
676 files=file_dict)
Tobias Henkelbf24fd12017-07-27 06:13:07 +0200677 A.addApproval('Code-Review', 2)
678 self.fake_gerrit.addEvent(A.addApproval('Approved', 1))
James E. Blaire64b0e42017-06-08 11:23:34 -0700679 self.waitUntilSettled()
680
681 self.assertEqual(A.data['status'], 'NEW')
682 self.assertEqual(A.reported, 1,
683 "A should report failure")
684 self.assertIn('appears multiple times', A.messages[0],
685 "A should have a syntax error reported")
686
687 def test_duplicate_group_error(self):
688 in_repo_conf = textwrap.dedent(
689 """
690 - nodeset:
691 name: duplicate
692 nodes:
693 - name: compute
James E. Blair16d96a02017-06-08 11:32:56 -0700694 label: foo
James E. Blaire64b0e42017-06-08 11:23:34 -0700695 groups:
696 - name: group
697 nodes: compute
698 - name: group
699 nodes: compute
700 """)
701
702 file_dict = {'.zuul.yaml': in_repo_conf}
703 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A',
704 files=file_dict)
Tobias Henkelbf24fd12017-07-27 06:13:07 +0200705 A.addApproval('Code-Review', 2)
706 self.fake_gerrit.addEvent(A.addApproval('Approved', 1))
James E. Blaire64b0e42017-06-08 11:23:34 -0700707 self.waitUntilSettled()
708
709 self.assertEqual(A.data['status'], 'NEW')
710 self.assertEqual(A.reported, 1,
711 "A should report failure")
712 self.assertIn('appears multiple times', A.messages[0],
713 "A should have a syntax error reported")
714
James E. Blair09f9ffe2017-07-11 15:30:25 -0700715 def test_multi_repo(self):
716 downstream_repo_conf = textwrap.dedent(
717 """
718 - project:
719 name: org/project1
720 tenant-one-gate:
721 jobs:
722 - project-test1
723
724 - job:
725 name: project1-test1
726 parent: project-test1
727 """)
728
729 file_dict = {'.zuul.yaml': downstream_repo_conf}
730 A = self.fake_gerrit.addFakeChange('org/project1', 'master', 'A',
731 files=file_dict)
Tobias Henkelbf24fd12017-07-27 06:13:07 +0200732 A.addApproval('Code-Review', 2)
733 self.fake_gerrit.addEvent(A.addApproval('Approved', 1))
James E. Blair09f9ffe2017-07-11 15:30:25 -0700734 self.waitUntilSettled()
735
736 self.assertEqual(A.data['status'], 'MERGED')
737 self.fake_gerrit.addEvent(A.getChangeMergedEvent())
738 self.waitUntilSettled()
739
740 upstream_repo_conf = textwrap.dedent(
741 """
742 - job:
743 name: project-test1
744
745 - job:
746 name: project-test2
747
748 - project:
749 name: org/project
750 tenant-one-gate:
751 jobs:
752 - project-test1
753 """)
754
755 file_dict = {'.zuul.yaml': upstream_repo_conf}
756 B = self.fake_gerrit.addFakeChange('org/project', 'master', 'B',
757 files=file_dict)
Tobias Henkelbf24fd12017-07-27 06:13:07 +0200758 B.addApproval('Code-Review', 2)
759 self.fake_gerrit.addEvent(B.addApproval('Approved', 1))
James E. Blair09f9ffe2017-07-11 15:30:25 -0700760 self.waitUntilSettled()
761
762 self.assertEqual(B.data['status'], 'MERGED')
763 self.fake_gerrit.addEvent(B.getChangeMergedEvent())
764 self.waitUntilSettled()
765
766 tenant = self.sched.abide.tenants.get('tenant-one')
767 # Ensure the latest change is reflected in the config; if it
768 # isn't this will raise an exception.
769 tenant.layout.getJob('project-test2')
770
James E. Blairc73c73a2017-01-20 15:15:15 -0800771
772class TestAnsible(AnsibleZuulTestCase):
773 # A temporary class to hold new tests while others are disabled
774
775 tenant_config_file = 'config/ansible/main.yaml'
776
777 def test_playbook(self):
Jamie Lennox7655b552017-03-17 12:33:38 +1100778 # Keep the jobdir around so we can inspect contents if an
779 # assert fails.
780 self.executor_server.keep_jobdir = True
781 # Output extra ansible info so we might see errors.
782 self.executor_server.verbose = True
783 # Add a site variables file, used by check-vars
784 path = os.path.join(FIXTURE_DIR, 'config', 'ansible',
785 'variables.yaml')
786 self.config.set('executor', 'variables', path)
James E. Blairc73c73a2017-01-20 15:15:15 -0800787 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A')
788 self.fake_gerrit.addEvent(A.getPatchsetCreatedEvent(1))
789 self.waitUntilSettled()
Tobias Henkel077f2f32017-05-30 20:16:46 +0200790 build_timeout = self.getJobFromHistory('timeout')
Jamie Lennox7655b552017-03-17 12:33:38 +1100791 with self.jobLog(build_timeout):
792 self.assertEqual(build_timeout.result, 'TIMED_OUT')
Tobias Henkel077f2f32017-05-30 20:16:46 +0200793 build_faillocal = self.getJobFromHistory('faillocal')
Jamie Lennox7655b552017-03-17 12:33:38 +1100794 with self.jobLog(build_faillocal):
795 self.assertEqual(build_faillocal.result, 'FAILURE')
Tobias Henkel077f2f32017-05-30 20:16:46 +0200796 build_failpost = self.getJobFromHistory('failpost')
Jamie Lennox7655b552017-03-17 12:33:38 +1100797 with self.jobLog(build_failpost):
798 self.assertEqual(build_failpost.result, 'POST_FAILURE')
Tobias Henkel077f2f32017-05-30 20:16:46 +0200799 build_check_vars = self.getJobFromHistory('check-vars')
Jamie Lennox7655b552017-03-17 12:33:38 +1100800 with self.jobLog(build_check_vars):
801 self.assertEqual(build_check_vars.result, 'SUCCESS')
Monty Tayloraff8b402017-08-16 18:40:41 -0500802 build_check_secret_names = self.getJobFromHistory('check-secret-names')
803 with self.jobLog(build_check_secret_names):
804 self.assertEqual(build_check_secret_names.result, 'SUCCESS')
Tobias Henkel077f2f32017-05-30 20:16:46 +0200805 build_hello = self.getJobFromHistory('hello-world')
Jamie Lennox7655b552017-03-17 12:33:38 +1100806 with self.jobLog(build_hello):
807 self.assertEqual(build_hello.result, 'SUCCESS')
Tobias Henkel077f2f32017-05-30 20:16:46 +0200808 build_python27 = self.getJobFromHistory('python27')
Jamie Lennox7655b552017-03-17 12:33:38 +1100809 with self.jobLog(build_python27):
810 self.assertEqual(build_python27.result, 'SUCCESS')
811 flag_path = os.path.join(self.test_root,
812 build_python27.uuid + '.flag')
813 self.assertTrue(os.path.exists(flag_path))
814 copied_path = os.path.join(self.test_root, build_python27.uuid +
815 '.copied')
816 self.assertTrue(os.path.exists(copied_path))
817 failed_path = os.path.join(self.test_root, build_python27.uuid +
818 '.failed')
819 self.assertFalse(os.path.exists(failed_path))
820 pre_flag_path = os.path.join(self.test_root, build_python27.uuid +
821 '.pre.flag')
822 self.assertTrue(os.path.exists(pre_flag_path))
823 post_flag_path = os.path.join(self.test_root, build_python27.uuid +
824 '.post.flag')
825 self.assertTrue(os.path.exists(post_flag_path))
826 bare_role_flag_path = os.path.join(self.test_root,
827 build_python27.uuid +
828 '.bare-role.flag')
829 self.assertTrue(os.path.exists(bare_role_flag_path))
830 secrets_path = os.path.join(self.test_root,
831 build_python27.uuid + '.secrets')
832 with open(secrets_path) as f:
833 self.assertEqual(f.read(), "test-username test-password")
James E. Blairb9c0d772017-03-03 14:34:49 -0800834
Jamie Lennox7655b552017-03-17 12:33:38 +1100835 msg = A.messages[0]
836 success = "{} https://success.example.com/zuul-logs/{}"
837 fail = "{} https://failure.example.com/zuul-logs/{}"
838 self.assertIn(success.format("python27", build_python27.uuid), msg)
839 self.assertIn(fail.format("faillocal", build_faillocal.uuid), msg)
840 self.assertIn(success.format("check-vars",
841 build_check_vars.uuid), msg)
842 self.assertIn(success.format("hello-world", build_hello.uuid), msg)
843 self.assertIn(fail.format("timeout", build_timeout.uuid), msg)
844 self.assertIn(fail.format("failpost", build_failpost.uuid), msg)
Tobias Henkel077f2f32017-05-30 20:16:46 +0200845
James E. Blairabbaa6f2017-04-06 16:11:44 -0700846 def _add_job(self, job_name):
847 conf = textwrap.dedent(
848 """
849 - job:
850 name: %s
851
852 - project:
853 name: org/plugin-project
854 check:
855 jobs:
856 - %s
857 """ % (job_name, job_name))
858
859 file_dict = {'.zuul.yaml': conf}
860 A = self.fake_gerrit.addFakeChange('org/plugin-project', 'master', 'A',
861 files=file_dict)
862 self.fake_gerrit.addEvent(A.getPatchsetCreatedEvent(1))
863 self.waitUntilSettled()
864
865 def test_plugins(self):
866 # Keep the jobdir around so we can inspect contents if an
867 # assert fails.
868 self.executor_server.keep_jobdir = True
869 # Output extra ansible info so we might see errors.
870 self.executor_server.verbose = True
871
872 count = 0
873 plugin_tests = [
874 ('passwd', 'FAILURE'),
875 ('cartesian', 'SUCCESS'),
876 ('consul_kv', 'FAILURE'),
877 ('credstash', 'FAILURE'),
878 ('csvfile_good', 'SUCCESS'),
879 ('csvfile_bad', 'FAILURE'),
Monty Taylor93ad2212017-08-02 14:59:50 -0500880 ('uri_bad_path', 'FAILURE'),
881 ('uri_bad_scheme', 'FAILURE'),
James E. Blairabbaa6f2017-04-06 16:11:44 -0700882 ]
883 for job_name, result in plugin_tests:
884 count += 1
885 self._add_job(job_name)
886
887 job = self.getJobFromHistory(job_name)
888 with self.jobLog(job):
889 self.assertEqual(count, len(self.history))
890 build = self.history[-1]
891 self.assertEqual(build.result, result)
892
893 # TODOv3(jeblair): parse the ansible output and verify we're
894 # getting the exception we expect.
895
James E. Blairb9c0d772017-03-03 14:34:49 -0800896
James E. Blaira4d4eef2017-06-30 14:49:17 -0700897class TestPrePlaybooks(AnsibleZuulTestCase):
898 # A temporary class to hold new tests while others are disabled
899
900 tenant_config_file = 'config/pre-playbook/main.yaml'
901
902 def test_pre_playbook_fail(self):
903 # Test that we run the post playbooks (but not the actual
904 # playbook) when a pre-playbook fails.
905 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A')
906 self.fake_gerrit.addEvent(A.getPatchsetCreatedEvent(1))
907 self.waitUntilSettled()
908 build = self.getJobFromHistory('python27')
909 self.assertIsNone(build.result)
910 self.assertIn('RETRY_LIMIT', A.messages[0])
911 flag_path = os.path.join(self.test_root, build.uuid +
912 '.main.flag')
913 self.assertFalse(os.path.exists(flag_path))
914 pre_flag_path = os.path.join(self.test_root, build.uuid +
915 '.pre.flag')
916 self.assertFalse(os.path.exists(pre_flag_path))
917 post_flag_path = os.path.join(self.test_root, build.uuid +
918 '.post.flag')
James E. Blair21037782017-07-19 11:56:55 -0700919 self.assertTrue(os.path.exists(post_flag_path),
920 "The file %s should exist" % post_flag_path)
James E. Blaira4d4eef2017-06-30 14:49:17 -0700921
922
James E. Blairb9c0d772017-03-03 14:34:49 -0800923class TestBrokenConfig(ZuulTestCase):
924 # Test that we get an appropriate syntax error if we start with a
925 # broken config.
926
927 tenant_config_file = 'config/broken/main.yaml'
928
929 def setUp(self):
930 with testtools.ExpectedException(
931 zuul.configloader.ConfigurationSyntaxError,
932 "\nZuul encountered a syntax error"):
933 super(TestBrokenConfig, self).setUp()
934
935 def test_broken_config_on_startup(self):
936 pass
Ricardo Carrillo Cruz22994f92016-12-02 11:41:58 +0000937
938
939class TestProjectKeys(ZuulTestCase):
940 # Test that we can generate project keys
941
942 # Normally the test infrastructure copies a static key in place
943 # for each project before starting tests. This saves time because
944 # Zuul's automatic key-generation on startup can be slow. To make
945 # sure we exercise that code, in this test we allow Zuul to create
946 # keys for the project on startup.
947 create_project_keys = True
Tobias Henkelabf973e2017-07-28 10:07:34 +0200948 config_file = 'zuul-connections-gerrit-and-github.conf'
Ricardo Carrillo Cruz22994f92016-12-02 11:41:58 +0000949 tenant_config_file = 'config/in-repo/main.yaml'
950
951 def test_key_generation(self):
952 key_root = os.path.join(self.state_root, 'keys')
953 private_key_file = os.path.join(key_root, 'gerrit/org/project.pem')
954 # Make sure that a proper key was created on startup
955 with open(private_key_file, "rb") as f:
James E. Blairbf1a4f22017-03-17 10:59:37 -0700956 private_key, public_key = \
957 encryption.deserialize_rsa_keypair(f.read())
Ricardo Carrillo Cruz22994f92016-12-02 11:41:58 +0000958
959 with open(os.path.join(FIXTURE_DIR, 'private.pem')) as i:
960 fixture_private_key = i.read()
961
962 # Make sure that we didn't just end up with the static fixture
963 # key
964 self.assertNotEqual(fixture_private_key, private_key)
965
966 # Make sure it's the right length
967 self.assertEqual(4096, private_key.key_size)
James E. Blairbce76932017-05-04 10:03:15 -0700968
969
James E. Blairbb94dfa2017-07-11 07:45:19 -0700970class RoleTestCase(ZuulTestCase):
James E. Blair1b27f6a2017-07-14 14:09:07 -0700971 def _assertRolePath(self, build, playbook, content):
972 path = os.path.join(self.test_root, build.uuid,
973 'ansible', playbook, 'ansible.cfg')
974 roles_paths = []
975 with open(path) as f:
976 for line in f:
977 if line.startswith('roles_path'):
978 roles_paths.append(line)
979 print(roles_paths)
980 if content:
981 self.assertEqual(len(roles_paths), 1,
982 "Should have one roles_path line in %s" %
983 (playbook,))
984 self.assertIn(content, roles_paths[0])
985 else:
986 self.assertEqual(len(roles_paths), 0,
987 "Should have no roles_path line in %s" %
988 (playbook,))
989
James E. Blairbb94dfa2017-07-11 07:45:19 -0700990
991class TestRoles(RoleTestCase):
992 tenant_config_file = 'config/roles/main.yaml'
993
James E. Blairbce76932017-05-04 10:03:15 -0700994 def test_role(self):
995 # This exercises a proposed change to a role being checked out
996 # and used.
997 A = self.fake_gerrit.addFakeChange('bare-role', 'master', 'A')
998 B = self.fake_gerrit.addFakeChange('org/project', 'master', 'A')
999 B.data['commitMessage'] = '%s\n\nDepends-On: %s\n' % (
1000 B.subject, A.data['id'])
1001 self.fake_gerrit.addEvent(A.getPatchsetCreatedEvent(1))
1002 self.fake_gerrit.addEvent(B.getPatchsetCreatedEvent(1))
1003 self.waitUntilSettled()
1004 self.assertHistory([
1005 dict(name='project-test', result='SUCCESS', changes='1,1 2,1'),
1006 ])
James E. Blair6459db12017-06-29 14:57:20 -07001007
James E. Blair1b27f6a2017-07-14 14:09:07 -07001008 def test_role_inheritance(self):
1009 self.executor_server.hold_jobs_in_build = True
1010 conf = textwrap.dedent(
1011 """
1012 - job:
1013 name: parent
1014 roles:
1015 - zuul: bare-role
1016 pre-run: playbooks/parent-pre
1017 post-run: playbooks/parent-post
1018
1019 - job:
1020 name: project-test
1021 parent: parent
1022 roles:
1023 - zuul: org/project
1024
1025 - project:
1026 name: org/project
1027 check:
1028 jobs:
1029 - project-test
1030 """)
1031
1032 file_dict = {'.zuul.yaml': conf}
1033 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A',
1034 files=file_dict)
1035 self.fake_gerrit.addEvent(A.getPatchsetCreatedEvent(1))
1036 self.waitUntilSettled()
1037
1038 self.assertEqual(len(self.builds), 1)
1039 build = self.getBuildByName('project-test')
1040 self._assertRolePath(build, 'pre_playbook_0', 'role_0')
1041 self._assertRolePath(build, 'playbook_0', 'role_0')
1042 self._assertRolePath(build, 'playbook_0', 'role_1')
1043 self._assertRolePath(build, 'post_playbook_0', 'role_0')
1044
1045 self.executor_server.hold_jobs_in_build = False
1046 self.executor_server.release()
1047 self.waitUntilSettled()
1048
1049 self.assertHistory([
1050 dict(name='project-test', result='SUCCESS', changes='1,1'),
1051 ])
1052
James E. Blair6f699732017-07-18 14:19:11 -07001053 def test_role_error(self):
1054 conf = textwrap.dedent(
1055 """
1056 - job:
1057 name: project-test
1058 roles:
1059 - zuul: common-config
1060
1061 - project:
1062 name: org/project
1063 check:
1064 jobs:
1065 - project-test
1066 """)
1067
1068 file_dict = {'.zuul.yaml': conf}
1069 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A',
1070 files=file_dict)
1071 self.fake_gerrit.addEvent(A.getPatchsetCreatedEvent(1))
1072 self.waitUntilSettled()
1073 self.assertIn(
1074 '- project-test project-test : ERROR Unable to find role',
1075 A.messages[-1])
1076
James E. Blair6459db12017-06-29 14:57:20 -07001077
James E. Blairbb94dfa2017-07-11 07:45:19 -07001078class TestImplicitRoles(RoleTestCase):
1079 tenant_config_file = 'config/implicit-roles/main.yaml'
1080
1081 def test_missing_roles(self):
1082 # Test implicit and explicit roles for a project which does
1083 # not have roles. The implicit role should be silently
1084 # ignored since the project doesn't supply roles, but if a
1085 # user declares an explicit role, it should error.
1086 self.executor_server.hold_jobs_in_build = True
1087 A = self.fake_gerrit.addFakeChange('org/norole-project', 'master', 'A')
1088 self.fake_gerrit.addEvent(A.getPatchsetCreatedEvent(1))
1089 self.waitUntilSettled()
1090
1091 self.assertEqual(len(self.builds), 2)
1092 build = self.getBuildByName('implicit-role-fail')
1093 self._assertRolePath(build, 'playbook_0', None)
1094
1095 self.executor_server.hold_jobs_in_build = False
1096 self.executor_server.release()
1097 self.waitUntilSettled()
1098 # The retry_limit doesn't get recorded
1099 self.assertHistory([
1100 dict(name='implicit-role-fail', result='SUCCESS', changes='1,1'),
1101 ])
1102
1103 def test_roles(self):
1104 # Test implicit and explicit roles for a project which does
1105 # have roles. In both cases, we should end up with the role
1106 # in the path. In the explicit case, ensure we end up with
1107 # the name we specified.
1108 self.executor_server.hold_jobs_in_build = True
1109 A = self.fake_gerrit.addFakeChange('org/role-project', 'master', 'A')
1110 self.fake_gerrit.addEvent(A.getPatchsetCreatedEvent(1))
1111 self.waitUntilSettled()
1112
1113 self.assertEqual(len(self.builds), 2)
1114 build = self.getBuildByName('implicit-role-ok')
1115 self._assertRolePath(build, 'playbook_0', 'role_0')
1116
1117 build = self.getBuildByName('explicit-role-ok')
1118 self._assertRolePath(build, 'playbook_0', 'role_0')
1119
1120 self.executor_server.hold_jobs_in_build = False
1121 self.executor_server.release()
1122 self.waitUntilSettled()
1123 self.assertHistory([
1124 dict(name='implicit-role-ok', result='SUCCESS', changes='1,1'),
1125 dict(name='explicit-role-ok', result='SUCCESS', changes='1,1'),
1126 ], ordered=False)
1127
1128
James E. Blair6459db12017-06-29 14:57:20 -07001129class TestShadow(ZuulTestCase):
1130 tenant_config_file = 'config/shadow/main.yaml'
1131
1132 def test_shadow(self):
1133 # Test that a repo is allowed to shadow another's job definitions.
1134 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A')
1135 self.fake_gerrit.addEvent(A.getPatchsetCreatedEvent(1))
1136 self.waitUntilSettled()
1137 self.assertHistory([
1138 dict(name='test1', result='SUCCESS', changes='1,1'),
1139 dict(name='test2', result='SUCCESS', changes='1,1'),
James E. Blairadafa6c2017-07-12 08:50:56 -07001140 ], ordered=False)
James E. Blair196f61a2017-06-30 15:42:29 -07001141
1142
1143class TestDataReturn(AnsibleZuulTestCase):
1144 tenant_config_file = 'config/data-return/main.yaml'
1145
1146 def test_data_return(self):
1147 # This exercises a proposed change to a role being checked out
1148 # and used.
1149 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A')
1150 self.fake_gerrit.addEvent(A.getPatchsetCreatedEvent(1))
1151 self.waitUntilSettled()
1152 self.assertHistory([
1153 dict(name='data-return', result='SUCCESS', changes='1,1'),
James E. Blair88e79c02017-07-07 13:36:54 -07001154 dict(name='data-return-relative', result='SUCCESS', changes='1,1'),
1155 ], ordered=False)
1156 self.assertIn('- data-return http://example.com/test/log/url/',
1157 A.messages[-1])
1158 self.assertIn('- data-return-relative '
1159 'http://example.com/test/log/url/docs/index.html',
James E. Blair196f61a2017-06-30 15:42:29 -07001160 A.messages[-1])
Clint Byrumdc8a0902017-07-20 16:36:27 -07001161
1162
1163class TestDiskAccounting(AnsibleZuulTestCase):
1164 config_file = 'zuul-disk-accounting.conf'
1165 tenant_config_file = 'config/disk-accountant/main.yaml'
1166
1167 def test_disk_accountant_kills_job(self):
1168 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A')
1169 self.fake_gerrit.addEvent(A.getPatchsetCreatedEvent(1))
1170 self.waitUntilSettled()
1171 self.assertHistory([
1172 dict(name='dd-big-empty-file', result='ABORTED', changes='1,1')])
Tristan Cacqueray82f864b2017-08-01 05:54:42 +00001173
1174
1175class TestMaxNodesPerJob(AnsibleZuulTestCase):
1176 tenant_config_file = 'config/multi-tenant/main.yaml'
1177
1178 def test_max_nodes_reached(self):
1179 in_repo_conf = textwrap.dedent(
1180 """
1181 - job:
1182 name: test-job
1183 nodes:
1184 - name: node01
1185 label: fake
1186 - name: node02
1187 label: fake
1188 - name: node03
1189 label: fake
1190 - name: node04
1191 label: fake
1192 - name: node05
1193 label: fake
1194 - name: node06
1195 label: fake
1196 """)
1197 file_dict = {'.zuul.yaml': in_repo_conf}
1198 A = self.fake_gerrit.addFakeChange('org/project1', 'master', 'A',
1199 files=file_dict)
1200 self.fake_gerrit.addEvent(A.getPatchsetCreatedEvent(1))
1201 self.waitUntilSettled()
1202 self.assertIn('The job "test-job" exceeds tenant max-nodes-per-job 5.',
1203 A.messages[0], "A should fail because of nodes limit")
1204
1205 B = self.fake_gerrit.addFakeChange('org/project2', 'master', 'A',
1206 files=file_dict)
1207 self.fake_gerrit.addEvent(B.getPatchsetCreatedEvent(1))
1208 self.waitUntilSettled()
1209 self.assertNotIn("exceeds tenant max-nodes", B.messages[0],
1210 "B should not fail because of nodes limit")
James E. Blair2bab6e72017-08-07 09:52:45 -07001211
1212
1213class TestBaseJobs(ZuulTestCase):
1214 tenant_config_file = 'config/base-jobs/main.yaml'
1215
1216 def test_multiple_base_jobs(self):
1217 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A')
1218 self.fake_gerrit.addEvent(A.getPatchsetCreatedEvent(1))
1219 self.waitUntilSettled()
1220 self.assertHistory([
1221 dict(name='my-job', result='SUCCESS', changes='1,1'),
1222 dict(name='other-job', result='SUCCESS', changes='1,1'),
1223 ], ordered=False)
1224 self.assertEqual(self.getJobFromHistory('my-job').
1225 parameters['zuul']['jobtags'],
1226 ['mybase'])
1227 self.assertEqual(self.getJobFromHistory('other-job').
1228 parameters['zuul']['jobtags'],
1229 ['otherbase'])
1230
1231 def test_untrusted_base_job(self):
1232 """Test that a base job may not be defined in an untrusted repo"""
1233 in_repo_conf = textwrap.dedent(
1234 """
1235 - job:
1236 name: fail-base
1237 parent: null
1238 """)
1239
1240 file_dict = {'.zuul.yaml': in_repo_conf}
1241 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A',
1242 files=file_dict)
1243 self.fake_gerrit.addEvent(A.getPatchsetCreatedEvent(1))
1244 self.waitUntilSettled()
1245 self.assertEqual(A.reported, 1,
1246 "A should report failure")
1247 self.assertEqual(A.patchsets[0]['approvals'][0]['value'], "-1")
1248 self.assertIn('Base jobs must be defined in config projects',
1249 A.messages[0])
1250 self.assertHistory([])
James E. Blairdb089032017-08-15 13:42:12 -07001251
1252
1253class TestSecretLeaks(AnsibleZuulTestCase):
1254 tenant_config_file = 'config/secret-leaks/main.yaml'
1255
1256 def searchForContent(self, path, content):
1257 matches = []
1258 for (dirpath, dirnames, filenames) in os.walk(path):
1259 for filename in filenames:
1260 filepath = os.path.join(dirpath, filename)
1261 with open(filepath, 'rb') as f:
1262 if content in f.read():
1263 matches.append(filepath[len(path):])
1264 return matches
1265
1266 def _test_secret_file(self):
1267 # Or rather -- test that they *don't* leak.
1268 # Keep the jobdir around so we can inspect contents.
1269 self.executor_server.keep_jobdir = True
1270 conf = textwrap.dedent(
1271 """
1272 - project:
1273 name: org/project
1274 check:
1275 jobs:
1276 - secret-file
1277 """)
1278
1279 file_dict = {'.zuul.yaml': conf}
1280 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A',
1281 files=file_dict)
1282 self.fake_gerrit.addEvent(A.getPatchsetCreatedEvent(1))
1283 self.waitUntilSettled()
1284 self.assertHistory([
1285 dict(name='secret-file', result='SUCCESS', changes='1,1'),
1286 ], ordered=False)
1287 matches = self.searchForContent(self.history[0].jobdir.root,
1288 b'test-password')
1289 self.assertEqual(set(['/ansible/playbook_0/secrets.yaml',
1290 '/work/secret-file.txt']),
1291 set(matches))
1292
1293 def test_secret_file(self):
1294 self._test_secret_file()
1295
1296 def test_secret_file_verbose(self):
1297 # Output extra ansible info to exercise alternate logging code
1298 # paths.
1299 self.executor_server.verbose = True
1300 self._test_secret_file()
1301
1302 def _test_secret_file_fail(self):
1303 # Or rather -- test that they *don't* leak.
1304 # Keep the jobdir around so we can inspect contents.
1305 self.executor_server.keep_jobdir = True
1306 conf = textwrap.dedent(
1307 """
1308 - project:
1309 name: org/project
1310 check:
1311 jobs:
1312 - secret-file-fail
1313 """)
1314
1315 file_dict = {'.zuul.yaml': conf}
1316 A = self.fake_gerrit.addFakeChange('org/project', 'master', 'A',
1317 files=file_dict)
1318 self.fake_gerrit.addEvent(A.getPatchsetCreatedEvent(1))
1319 self.waitUntilSettled()
1320 self.assertHistory([
1321 dict(name='secret-file-fail', result='FAILURE', changes='1,1'),
1322 ], ordered=False)
1323 matches = self.searchForContent(self.history[0].jobdir.root,
1324 b'test-password')
1325 self.assertEqual(set(['/ansible/playbook_0/secrets.yaml',
1326 '/work/failure-file.txt']),
1327 set(matches))
1328
1329 def test_secret_file_fail(self):
1330 self._test_secret_file_fail()
1331
1332 def test_secret_file_fail_verbose(self):
1333 # Output extra ansible info to exercise alternate logging code
1334 # paths.
1335 self.executor_server.verbose = True
1336 self._test_secret_file_fail()