CI: remove shell usage for test playbooks

General cleanup + has the advantages of not requiring bash on the hosts.
2026-02-28 09:39:12 +03:00 · 2024-10-25 14:53:24 +02:00
parent 2ba28a3389
commit 5cb07e0aac
2 changed files with 31 additions and 62 deletions
--- a/tests/testcases/030_check-network.yml
+++ b/tests/testcases/030_check-network.yml
@@ -20,29 +20,29 @@
    when:
    - kubelet_rotate_server_certificates | default(false)
    - kubelet_csr_approver_enabled | default(kubelet_rotate_server_certificates | default(false))
+    vars:
+      csrs: "{{ csr_json.stdout | from_json }}"
    block:

    - name: Get certificate signing requests
-      command: "{{ bin_dir }}/kubectl get csr"
-      register: get_csr
+      command: "{{ bin_dir }}/kubectl get csr -o jsonpath-as-json={.items[*]}"
+      register: csr_json
      changed_when: false

    - debug:  # noqa name[missing]
-        msg: "{{ get_csr.stdout.split('\n') }}"
+        var: csrs

    - name: Check there are csrs
      assert:
-        that: get_csr.stdout_lines | length > 0
+        that: csrs | length > 0
        fail_msg: kubelet_rotate_server_certificates is {{ kubelet_rotate_server_certificates }} but no csr's found

-    - name: Get Denied/Pending certificate signing requests
-      shell: "set -o pipefail && {{ bin_dir }}/kubectl get csr | grep -e Denied -e Pending || true"
-      register: get_csr_denied_pending
-      changed_when: false
-
    - name: Check there are Denied/Pending csrs
      assert:
-        that: get_csr_denied_pending.stdout_lines | length == 0
+        that:
+        - csrs | rejectattr('status') | length == 0 # Pending == no status
+        - csrs | map(attribute='status.conditions') | flatten | selectattr('type', 'equalto', 'Denied') | length == 0 # Denied
+
        fail_msg: kubelet_csr_approver is enabled but CSRs are not approved

  - name: Approve kubelet serving certificates
@@ -76,10 +76,9 @@
    changed_when: false

  - name: Run 2 agnhost pods in test ns
-    shell:
-      cmd: |
-        set -o pipefail
-        cat <<EOF | {{ bin_dir }}/kubectl apply -f -
+    command:
+      cmd: "{{ bin_dir }}/kubectl apply -f -"
+      stdin: |
        apiVersion: v1
        kind: Pod
        metadata:
@@ -98,8 +97,6 @@
              runAsNonRoot: true
              seccompProfile:
                type: RuntimeDefault
-        EOF
-      executable: /bin/bash
    changed_when: false
    loop:
    - agnhost1