Quality gate service¶
A service that is used to check the quality gate status of workflows. Exposes one user-facing endpoint that can be queried to get quality gate info on workflows.
A quality gate is a set of rules a workflow execution must satisfy.
Configuration¶
This module has a configuration file (qualitygate.yaml
by default)
that describes the host, port, ssl_context, trusted_authorities, and
logfile to use. It can also enable insecure logins.
If no configuration file is found it will default to the following values:
apiVersion: opentestfactory.org/v1beta2
kind: ServiceConfig
current-context: default
contexts:
- context:
port: 443
host: 127.0.0.1
ssl_context: adhoc
services:
observer:
endpoint: https://127.0.0.1
token: reuse
name: default
ssl_context
is either adhoc
, a list of two items (certificate file
path and private key file path), or disabled
(not recommended, will
switch to plain HTTP).
A context can also contain a trusted_authorities
, which is a list of
public key files, used for token validation.
A context can also allow for insecure (token-less) logins, if
enable_insecure_login
is set to true
(by default, insecure logins are
disabled).
Insecure logins, if enabled, are only allowed from a given address (127.0.0.1
by default). This can be overridden by specifying insecure_bind_address
.
Usage¶
python3 -m opentf.qualitygate.qualitygate [--context context] [--config configfile]
Endpoint¶
This module exposes one endpoint:
/workflows/{workflow_id}/qualitygate[?mode=strict|passing]
(GET)
If mode
is not specified, strict
is assumed.
Whenever calling this endpoint, a signed token must be specified
via the Authorization
header.
This header will be of form:
Authorization: Bearer xxxxxxxx
It must be signed with one of the trusted authorities specified in the current context.
/workflows/{workflow_id}/qualitygate
¶
This endpoint returns a status manifest (a JSON document) with one of the following standard
HTTP response codes: OK
, Invalid
, Unauthorized
, or NotFound
.
OK
means the service knows the specified workflow. The details.status
contains the quality gate status for the workflow. It can be one of the following:
SUCCESS
: the workflow has succeeded and passes the quality gate.NOTEST
: the workflow has succeeded, but it produced no test result.FAILURE
: the workflow has failed, or failed the quality gate.RUNNING
: the workflow execution is still ongoing.
Invalid
means the specified mode
is not one of the expected values.
NotFound
means the workflow is not known. It may be because the workflow is not yet known to the quality gate service, or that the workflow is no longer known to the quality gate service. Quality gate results for a given workflow are kept for a limited period after workflow completion (typically 60 minutes, but this can be configured).
Unauthorized
means the provided token is invalid or not recognized by the quality gate service.
Modes¶
The quality gate service allows for multiple ‘modes’. Two modes are always available: strict
and passing
. If no mode is specified, strict
is used.
-
strict
means a workflow will pass the quality gate if and only if it has completed successfully and all test cases were OK. (It implies that a workflow with no test case will pass the quality gate if it has completed successfully). -
passing
means a workflow will pass the quality gate if it has completed successfully, event if some test cases were not OK.
Workflow status examples¶
This is a status manifest for a workflow with at least one failed test, using the passing
mode. As long as the workflow has completed successfully,
it will pass the quality gate:
curl \
http://127.0.0.1/workflows/5dcc66dd-5d0d-4dcf-9b18-f39eafc0f279/qualitygate?mode=passing
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Success",
"message": "",
"details": {
"status": "SUCCESS"
},
"code": 200,
}
This is a status manifest for same workflow, using the default (strict
) mode. As it has at least one failed test, it fails
that quality gate:
curl \
http://127.0.0.1/workflows/5dcc66dd-5d0d-4dcf-9b18-f39eafc0f279/qualitygate
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Success",
"message": "",
"details": {
"status": "FAILURE"
},
"code": 200,
}
This last example is when requesting the status of an unknown workflow:
curl \
http://127.0.0.1/workflows/00000000-0000-0000-0000-000000000000/qualitygate
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Failure",
"reason": "NotFound",
"message": "Workflow 00000000-0000-0000-0000-000000000000 not found.",
"code": 404
}