ariadne/tests/test_metis_token_sync.py

from __future__ import annotations

from types import SimpleNamespace

import pytest

from ariadne.services import metis_token_sync as module


def _settings() -> SimpleNamespace:
    return SimpleNamespace(
        metis_token_sync_namespace="maintenance",
        metis_token_sync_service_account="metis-token-sync",
        metis_token_sync_node_name="titan-0a",
        metis_token_sync_image="hashicorp/vault:1.17.6",
        metis_token_sync_job_ttl_sec=1800,
        metis_token_sync_wait_timeout_sec=10.0,
        metis_token_sync_vault_addr="http://vault.vault.svc.cluster.local:8200",
        metis_token_sync_vault_k8s_role="maintenance-metis-token-sync",
    )


def test_payload_matches_expected_contract(monkeypatch) -> None:
    monkeypatch.setattr(module, "settings", _settings())
    payload = module.MetisTokenSyncService()._job_payload("sync-job")

    assert payload["metadata"]["namespace"] == "maintenance"
    assert payload["metadata"]["labels"]["atlas.bstein.dev/trigger"] == "ariadne"
    spec = payload["spec"]["template"]["spec"]
    assert spec["serviceAccountName"] == "metis-token-sync"
    assert spec["nodeName"] == "titan-0a"
    assert spec["containers"][0]["image"] == "hashicorp/vault:1.17.6"
    assert spec["containers"][0]["volumeMounts"][0]["mountPath"] == "/host/var/lib/rancher/k3s/server"


def test_run_wait_success(monkeypatch) -> None:
    monkeypatch.setattr(module, "settings", _settings())
    monkeypatch.setattr(module.time, "time", lambda: 1710000000)

    posted: dict[str, object] = {}

    def fake_post(path: str, payload: dict[str, object]) -> dict[str, object]:
        posted["path"] = path
        posted["payload"] = payload
        return {"metadata": {"name": "sync-job-1"}}

    calls = iter(
        [
            {"status": {"active": 1}},
            {"status": {"succeeded": 1}},
        ]
    )

    monkeypatch.setattr(module, "post_json", fake_post)
    monkeypatch.setattr(module, "get_json", lambda _path: next(calls))
    monkeypatch.setattr(module.time, "sleep", lambda _seconds: None)

    result = module.MetisTokenSyncService().run(wait=True)

    assert posted["path"] == "/apis/batch/v1/namespaces/maintenance/jobs"
    assert result == {"job": "sync-job-1", "status": "ok"}


def test_run_wait_failure_raises(monkeypatch) -> None:
    monkeypatch.setattr(module, "settings", _settings())
    monkeypatch.setattr(module.time, "time", lambda: 1710000000)
    monkeypatch.setattr(module, "post_json", lambda _path, _payload: {"metadata": {"name": "sync-job-2"}})
    monkeypatch.setattr(module, "get_json", lambda _path: {"status": {"failed": 1}})
    monkeypatch.setattr(module.time, "sleep", lambda _seconds: None)

    with pytest.raises(RuntimeError, match="metis token sync job sync-job-2 error"):
        module.MetisTokenSyncService().run(wait=True)


def test_run_without_wait_queues(monkeypatch) -> None:
    monkeypatch.setattr(module, "settings", _settings())
    monkeypatch.setattr(module.time, "time", lambda: 1710000000)
    monkeypatch.setattr(module, "post_json", lambda _path, _payload: {"metadata": {"name": "sync-job-3"}})

    result = module.MetisTokenSyncService().run(wait=False)

    assert result == {"job": "sync-job-3", "status": "queued"}
ariadne: add schedule-owned metis token sync and platform probe 2026-04-10 22:35:33 -03:00			`from __future__ import annotations`

			`from types import SimpleNamespace`

			`import pytest`

			`from ariadne.services import metis_token_sync as module`


			`def _settings() -> SimpleNamespace:`
			`return SimpleNamespace(`
			`metis_token_sync_namespace="maintenance",`
			`metis_token_sync_service_account="metis-token-sync",`
			`metis_token_sync_node_name="titan-0a",`
			`metis_token_sync_image="hashicorp/vault:1.17.6",`
			`metis_token_sync_job_ttl_sec=1800,`
			`metis_token_sync_wait_timeout_sec=10.0,`
			`metis_token_sync_vault_addr="http://vault.vault.svc.cluster.local:8200",`
			`metis_token_sync_vault_k8s_role="maintenance-metis-token-sync",`
			`)`


			`def test_payload_matches_expected_contract(monkeypatch) -> None:`
			`monkeypatch.setattr(module, "settings", _settings())`
			`payload = module.MetisTokenSyncService()._job_payload("sync-job")`

			`assert payload["metadata"]["namespace"] == "maintenance"`
			`assert payload["metadata"]["labels"]["atlas.bstein.dev/trigger"] == "ariadne"`
			`spec = payload["spec"]["template"]["spec"]`
			`assert spec["serviceAccountName"] == "metis-token-sync"`
			`assert spec["nodeName"] == "titan-0a"`
			`assert spec["containers"][0]["image"] == "hashicorp/vault:1.17.6"`
			`assert spec["containers"][0]["volumeMounts"][0]["mountPath"] == "/host/var/lib/rancher/k3s/server"`


			`def test_run_wait_success(monkeypatch) -> None:`
			`monkeypatch.setattr(module, "settings", _settings())`
			`monkeypatch.setattr(module.time, "time", lambda: 1710000000)`

			`posted: dict[str, object] = {}`

			`def fake_post(path: str, payload: dict[str, object]) -> dict[str, object]:`
			`posted["path"] = path`
			`posted["payload"] = payload`
			`return {"metadata": {"name": "sync-job-1"}}`

			`calls = iter(`
			`[`
			`{"status": {"active": 1}},`
			`{"status": {"succeeded": 1}},`
			`]`
			`)`

			`monkeypatch.setattr(module, "post_json", fake_post)`
			`monkeypatch.setattr(module, "get_json", lambda _path: next(calls))`
			`monkeypatch.setattr(module.time, "sleep", lambda _seconds: None)`

			`result = module.MetisTokenSyncService().run(wait=True)`

			`assert posted["path"] == "/apis/batch/v1/namespaces/maintenance/jobs"`
			`assert result == {"job": "sync-job-1", "status": "ok"}`


			`def test_run_wait_failure_raises(monkeypatch) -> None:`
			`monkeypatch.setattr(module, "settings", _settings())`
			`monkeypatch.setattr(module.time, "time", lambda: 1710000000)`
			`monkeypatch.setattr(module, "post_json", lambda _path, _payload: {"metadata": {"name": "sync-job-2"}})`
			`monkeypatch.setattr(module, "get_json", lambda _path: {"status": {"failed": 1}})`
			`monkeypatch.setattr(module.time, "sleep", lambda _seconds: None)`

			`with pytest.raises(RuntimeError, match="metis token sync job sync-job-2 error"):`
			`module.MetisTokenSyncService().run(wait=True)`


			`def test_run_without_wait_queues(monkeypatch) -> None:`
			`monkeypatch.setattr(module, "settings", _settings())`
			`monkeypatch.setattr(module.time, "time", lambda: 1710000000)`
			`monkeypatch.setattr(module, "post_json", lambda _path, _payload: {"metadata": {"name": "sync-job-3"}})`

			`result = module.MetisTokenSyncService().run(wait=False)`

			`assert result == {"job": "sync-job-3", "status": "queued"}`