Add ci_test tags to verify input vars

tasks/asserts.yml

@@ -9,6 +9,8 @@
       - cluster.name is defined
       - cluster.name | length > 0
     msg: "Cluster 'name' is not defined, but required"
+  tags:
+    - ci_test
 
 - name: "({{ cluster.name }}) ensure cluster ssh key is defined"
   assert:
@@ -17,20 +19,26 @@
         (cluster.ssh_pub_key is defined and cluster.ssh_pub_key | length > 0) or
         (kops_default_ssh_pub_key is defined and kops_default_ssh_pub_key | length > 0)
     msg: "Cluster 'ssh_pub_key' or kops_default_ssh_pub_key is not defined, but one of them is required"
+  tags:
+    - ci_test
 
 - name: "({{ cluster.name }}) ensure cluster s3 bucket name is defined"
   assert:
     that:
       - cluster.s3_bucket_name is defined
       - cluster.s3_bucket_name | length > 0
     msg: "Cluster 's3_bucket_name' is not defined, but required"
+  tags:
+    - ci_test
 
 - name: "({{ cluster.name }}) ensure workers array is defined"
   assert:
     that:
       - cluster.workers is defined
       - cluster.workers | length > 0
     msg: "No worker nodes are defined. Your cluster will be useless"
+  tags:
+    - ci_test
 
 - name: "({{ cluster.name }}) ensure workers array is defined correctly"
   assert:
@@ -40,6 +48,8 @@
     msg: "No worker 'name' is defined"
   with_items:
     - "{{ cluster.workers }}"
+  tags:
+    - ci_test
 
 ###
 ### Validate availability zones
@@ -58,6 +68,8 @@
       {%- else -%}
       {{ kops_default_master_az }}
       {%- endif -%}
+  tags:
+    - ci_test
 
 - name: "({{ cluster.name }}) ensure bastion availability zones are within defined availability zones"
   assert:
@@ -73,6 +85,8 @@
       {%- else -%}
       {{ kops_default_bastion_az }}
       {%- endif -%}
+  tags:
+    - ci_test
 
 - name: "({{ cluster.name }}) ensure worker availability zones are within defined availability zones"
   assert:
@@ -86,6 +100,8 @@
       is not within '[{{ cluster.az | default(kops_default_az) | join(',') }}]'
   with_items:
     - "{{ cluster.workers }}"
+  tags:
+    - ci_test
 
 ###
 ### Validate encryptionConfig setting
@@ -103,6 +119,8 @@
       {%- else -%}
       {{ kops_default_encryptionConfig }}
       {%- endif -%}
+  tags:
+    - ci_test
 
 - name: "({{ cluster.name }}) ensure encryptionConfig image is defined"
   assert:
@@ -118,6 +136,8 @@
       {%- else -%}
       {{ kops_default_encryptionConfig }}
       {%- endif -%}
+  tags:
+    - ci_test
 
 - name: "({{ cluster.name }}) ensure encryptionConfig kms_id is defined"
   assert:
@@ -133,3 +153,5 @@
       {%- else -%}
       {{ kops_default_encryptionConfig }}
       {%- endif -%}
+  tags:
+    - ci_test

tasks/create_cluster.yml

@@ -4,6 +4,8 @@
 ### Assert defaults and cluster overwrites
 ###
 - include_tasks: asserts.yml
+  tags:
+    - ci_test
 
 
 ###

tasks/main.yml

@@ -4,6 +4,8 @@
 ### Main entrypoint
 ###
 - include_tasks: create_cluster.yml
+  tags:
+    - ci_test
   loop_control:
     loop_var: cluster
   with_items:

tests/support/run-tests.sh

@@ -14,3 +14,7 @@ ansible-playbook test_defaults.yml > /tmp/second_run.log
     echo 'Playbook is **NOT** idempotent'
     exit 1
 }
+
+set -e
+ansible-playbook test_defaults.yml --extra-vars "@test_sample_value.yml" \
+--tags ci_test

tests/test_sample_value.yml

@@ -0,0 +1,93 @@
+---
+kops_cluster:
+  - name: playground-cluster-shop.k8s.local
+    master_public_name: api-playground-cluster-shop.example.net
+    aws_iam_authenticator_enabled: true
+    kube_api_server:
+      oidcIssuerURL: https://oidc.example.net
+      oidcClientID: clientID
+      oidcUsernameClaim: email
+      oidcUsernamePrefix: "oidc:"
+      oidcGroupsClaim: groups
+      oidcGroupsPrefix: "oidc:"
+    # https://github.com/kubernetes/kops/blob/master/docs/cluster_spec.md#fileassets
+    file_assets:
+      - name: audit-policy-config
+        path: /srv/kubernetes/audit/policy-config.yaml
+        roles:
+          - Master
+        content: |
+          apiVersion: audit.k8s.io/v1
+          kind: Policy
+          rules:
+            - level: Metadata
+    additionalPolicies:
+      node: |
+        [
+          {
+            "Effect": "Allow",
+            "Action": ["route53:*"],
+            "Resource": ["*"]
+          }
+        ]
+      master: |
+        [
+          {
+            "Effect": "Allow",
+            "Action": ["route53:*"],
+            "Resource": ["*"]
+          }
+        ]
+    version: v1.10.4
+    type: private
+    region: eu-central-1
+    image: kope.io/k8s-1.8-debian-jessie-amd64-hvm-ebs-2018-02-08
+    s3_bucket_name: playground-cluster-shop-state-store
+    ssh_pub_key: ssh-ed25519 AAAANSLxbLKF6DL8GDFE70AAAAIP8kH/aB4LKI2+S6a921rCwl2OZdL09iBhGHJ23jk
+    api_access:
+      - 185.28.180.95/32
+    api_additional_sgs:
+      - "security_group_name"
+    ssh_access:
+      - 185.28.180.95/32
+    az: [a, b, c]
+    bastion:
+      az: [a]
+      instance_type: t2.micro
+    masters:
+      count: 3
+      instance_type: t2.medium
+      az: [a, b, c]
+    workers:
+      - name: c4xlargea
+        instance_type: c4.xlarge
+        min_size: 1
+        max_size: 3
+        volume_size: 200
+        availability_zones: [a]
+      - name: c4xlargeb
+        instance_type: c4.xlarge
+        min_size: 1
+        max_size: 3
+        volume_size: 200
+        availability_zones: [b]
+      - name: c4xlargec
+        instance_type: c4.xlarge
+        min_size: 1
+        max_size: 3
+        volume_size: 200
+        availability_zones: [c]
+        cloud_labels:
+          - key: team
+            val: me
+          - key: project
+            value: ion
+        node_labels:
+          - key: name
+            val: some-fancy-name
+          - key: purpose
+            value: something-important
+    encryptionConfig:
+      enabled: true
+      image: "<PROVIDER>/aws-encryption-provider"
+      kms_id: "12345678-9abc-defg-hijk-000000000001"