forked from opendatahub-io/opendatahub-tests
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathconftest.py
More file actions
163 lines (140 loc) · 4.94 KB
/
conftest.py
File metadata and controls
163 lines (140 loc) · 4.94 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
import shlex
from collections.abc import Generator
from typing import Any
import pytest
from kubernetes.dynamic import DynamicClient
from ocp_resources.deployment import Deployment
from ocp_resources.namespace import Namespace
from ocp_resources.role_binding import RoleBinding
from ocp_resources.route import Route
from ocp_resources.service_account import ServiceAccount
from pyhelper_utils.shell import run_command
from simple_logger.logger import get_logger
from tests.model_explainability.evalhub.constants import EVALHUB_PROVIDERS_ACCESS_CLUSTER_ROLE
from tests.model_explainability.evalhub.utils import list_evalhub_providers
from utilities.certificates_utils import create_ca_bundle_file
from utilities.constants import Timeout
from utilities.resources.evalhub import EvalHub
LOGGER = get_logger(name=__name__)
@pytest.fixture(scope="class")
def evalhub_cr(
admin_client: DynamicClient,
model_namespace: Namespace,
) -> Generator[EvalHub, Any, Any]:
"""Create an EvalHub custom resource and wait for it to be ready."""
with EvalHub(
client=admin_client,
name="evalhub",
namespace=model_namespace.name,
wait_for_resource=True,
) as evalhub:
yield evalhub
@pytest.fixture(scope="class")
def evalhub_deployment(
admin_client: DynamicClient,
model_namespace: Namespace,
evalhub_cr: EvalHub,
) -> Deployment:
"""Wait for the EvalHub deployment to become available."""
deployment = Deployment(
client=admin_client,
name=evalhub_cr.name,
namespace=model_namespace.name,
)
deployment.wait_for_replicas(timeout=Timeout.TIMEOUT_5MIN)
return deployment
@pytest.fixture(scope="class")
def evalhub_route(
admin_client: DynamicClient,
model_namespace: Namespace,
evalhub_deployment: Deployment,
) -> Route:
"""Get the Route created by the operator for the EvalHub service."""
return Route(
client=admin_client,
name=evalhub_deployment.name,
namespace=model_namespace.name,
ensure_exists=True,
)
@pytest.fixture(scope="class")
def evalhub_ca_bundle_file(
admin_client: DynamicClient,
) -> str:
"""Create a CA bundle file for verifying the EvalHub route TLS certificate."""
return create_ca_bundle_file(client=admin_client)
@pytest.fixture(scope="class")
def evalhub_scoped_sa(
admin_client: DynamicClient,
model_namespace: Namespace,
evalhub_deployment: Deployment,
) -> Generator[ServiceAccount, Any, Any]:
"""ServiceAccount with providers access in the test namespace."""
with ServiceAccount(
client=admin_client,
name="evalhub-test-user",
namespace=model_namespace.name,
) as sa:
yield sa
@pytest.fixture(scope="class")
def evalhub_providers_role_binding(
admin_client: DynamicClient,
model_namespace: Namespace,
evalhub_scoped_sa: ServiceAccount,
) -> Generator[RoleBinding, Any, Any]:
"""RoleBinding granting the scoped SA providers access via the ClusterRole."""
with RoleBinding(
client=admin_client,
name="evalhub-test-providers-access",
namespace=model_namespace.name,
role_ref_kind="ClusterRole",
role_ref_name=EVALHUB_PROVIDERS_ACCESS_CLUSTER_ROLE,
subjects_kind="ServiceAccount",
subjects_name=evalhub_scoped_sa.name,
) as rb:
yield rb
@pytest.fixture(scope="class")
def evalhub_scoped_token(
evalhub_scoped_sa: ServiceAccount,
model_namespace: Namespace,
) -> str:
"""Short-lived token for the scoped ServiceAccount."""
return run_command(
command=shlex.split(f"oc create token -n {model_namespace.name} {evalhub_scoped_sa.name} --duration=30m")
)[1].strip()
@pytest.fixture(scope="class")
def evalhub_providers_response(
model_namespace: Namespace,
evalhub_scoped_token: str,
evalhub_providers_role_binding: RoleBinding,
evalhub_ca_bundle_file: str,
evalhub_route: Route,
) -> dict:
"""Fetch the providers list once per test class."""
return list_evalhub_providers(
host=evalhub_route.host,
token=evalhub_scoped_token,
ca_bundle_file=evalhub_ca_bundle_file,
tenant=model_namespace.name,
)
@pytest.fixture(scope="class")
def evalhub_unauthorised_sa(
admin_client: DynamicClient,
model_namespace: Namespace,
evalhub_deployment: Deployment,
) -> Generator[ServiceAccount, Any, Any]:
"""ServiceAccount without any EvalHub RBAC in the test namespace."""
with ServiceAccount(
client=admin_client,
name="evalhub-no-access-user",
namespace=model_namespace.name,
) as sa:
yield sa
@pytest.fixture(scope="class")
def evalhub_unauthorised_token(
evalhub_unauthorised_sa: ServiceAccount,
model_namespace: Namespace,
) -> str:
"""Short-lived token for the unauthorised ServiceAccount."""
return run_command(
command=shlex.split(f"oc create token -n {model_namespace.name} {evalhub_unauthorised_sa.name} --duration=30m")
)[1].strip()