ashb commented on a change in pull request #4777: Airflow 3918 add git sync ssh
auth
URL: https://github.com/apache/airflow/pull/4777#discussion_r261554622
##########
File path: tests/contrib/executors/test_kubernetes_executor.py
##########
@@ -236,6 +273,103 @@ def
test_worker_environment_dags_folder_using_git_sync(self):
self.assertEqual(dags_folder, env['AIRFLOW__CORE__DAGS_FOLDER'])
+ def test_init_environment_using_git_sync_ssh_without_known_hosts(self):
+ # Tests the init environment created with git-sync SSH authentication
option is correct
+ # without known hosts file
+ self.kube_config.airflow_configmap = 'airflow-configmap'
+ self.kube_config.git_ssh_secret_name = 'airflow-secrets'
+ self.kube_config.git_ssh_known_hosts_configmap_name = None
+ self.kube_config.dags_volume_claim = None
+ self.kube_config.dags_volume_host = None
+ self.kube_config.dags_in_image = None
+
+ worker_config = WorkerConfiguration(self.kube_config)
+ init_containers = worker_config._get_init_containers()
+
+ self.assertTrue(init_containers) # check not empty
+ env = init_containers[0]['env']
+
+ self.assertTrue({'name': 'GIT_SSH_KEY_FILE', 'value':
'/etc/git-secret/ssh'} in env)
+ self.assertTrue({'name': 'GIT_KNOWN_HOSTS', 'value': 'false'} in env)
+ self.assertTrue({'name': 'GIT_SYNC_SSH', 'value': 'true'} in env)
+
+ def test_init_environment_using_git_sync_ssh_with_known_hosts(self):
+ # Tests the init environment created with git-sync SSH authentication
option is correct
+ # with known hosts file
+ self.kube_config.airflow_configmap = 'airflow-configmap'
+ self.kube_config.git_ssh_key_secret_name = 'airflow-secrets'
+ self.kube_config.dags_volume_claim = None
+ self.kube_config.dags_volume_host = None
+ self.kube_config.dags_in_image = None
+
+ worker_config = WorkerConfiguration(self.kube_config)
+ init_containers = worker_config._get_init_containers()
+
+ self.assertTrue(init_containers) # check not empty
+ env = init_containers[0]['env']
+
+ self.assertTrue({'name': 'GIT_SSH_KEY_FILE', 'value':
'/etc/git-secret/ssh'} in env)
+ self.assertTrue({'name': 'GIT_KNOWN_HOSTS', 'value': 'true'} in env)
+ self.assertTrue({'name': 'GIT_SSH_KNOWN_HOSTS_FILE',
+ 'value': '/etc/git-secret/known_hosts'} in env)
+ self.assertTrue({'name': 'GIT_SYNC_SSH', 'value': 'true'} in env)
+
+ def test_make_pod_git_sync_ssh_without_known_hosts(self):
+ # Tests the pod created with git-sync SSH authentication option is
correct without known hosts
+ self.kube_config.airflow_configmap = 'airflow-configmap'
+ self.kube_config.git_ssh_key_secret_name = 'airflow-secrets'
+ self.kube_config.dags_volume_claim = None
+ self.kube_config.dags_volume_host = None
+ self.kube_config.dags_in_image = None
+
+ worker_config = WorkerConfiguration(self.kube_config)
+ kube_executor_config = KubernetesExecutorConfig(annotations=[],
+ volumes=[],
+ volume_mounts=[])
+
+ pod = worker_config.make_pod("default", str(uuid.uuid4()),
"test_pod_id", "test_dag_id",
+ "test_task_id", str(datetime.utcnow()),
1, "bash -c 'ls /'",
+ kube_executor_config)
+
+ init_containers = worker_config._get_init_containers()
+ git_ssh_key_file = next((x['value'] for x in init_containers[0]['env']
+ if x['name'] == 'GIT_SSH_KEY_FILE'), None)
+ volume_mount_ssh_key = next((x['mountPath'] for x in
init_containers[0]['volumeMounts']
+ if x['name'] ==
worker_config.git_sync_ssh_secret_volume_name),
+ None)
+ self.assertTrue(git_ssh_key_file)
+ self.assertTrue(volume_mount_ssh_key)
+ self.assertEqual({'fsGroup': 65533}, pod.security_context)
+ self.assertEqual(git_ssh_key_file,
+ volume_mount_ssh_key,
+ ('The location where the git ssh secret is mounted'
+ ' needs to be the same as the GIT_SSH_KEY_FILE
path'))
+
+ def test_make_pod_git_sync_ssh_with_known_hosts(self):
+ # Tests the pod created with git-sync SSH authentication option is
correct with known hosts
+ self.kube_config.airflow_configmap = 'airflow-configmap'
+ self.kube_config.git_ssh_secret_name = 'airflow-secrets'
+ self.kube_config.dags_volume_claim = None
+ self.kube_config.dags_volume_host = None
+ self.kube_config.dags_in_image = None
+
+ worker_config = WorkerConfiguration(self.kube_config)
+
+ init_containers = worker_config._get_init_containers()
+ git_ssh_known_hosts_file = next((x['value'] for x in
init_containers[0]['env']
+ if x['name'] ==
'GIT_SSH_KNOWN_HOSTS_FILE'), None)
+ print(init_containers[0]['volumeMounts'])
+ volume_mount_ssh_known_hosts_file = next(
+ (x['mountPath'] for x in init_containers[0]['volumeMounts']
+ if x['name'] ==
worker_config.git_sync_ssh_known_hosts_volume_name),
+ None)
+ self.assertTrue(git_ssh_known_hosts_file)
+ self.assertTrue(volume_mount_ssh_known_hosts_file)
+ self.assertEqual(git_ssh_known_hosts_file,
+ volume_mount_ssh_known_hosts_file,
+ ('The location where the git known hosts file is
mounted'
Review comment:
Style: remove extra brackets, I don't think they are needed by PEP8
```suggestion
'The location where the git known hosts file is
mounted'
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
