From d76e426454855369f74fbb77b2432bbc22dbd35f Mon Sep 17 00:00:00 2001
From: Joel Seguillon <joel.seguillon@gmail.com>
Date: Fri, 29 Apr 2022 20:12:48 +0200
Subject: [PATCH] Go stable (#39)

All fields from VM spec are now supported.

Default domain, network and volume can be supercharged in easy to understand way.

Code clean + test cover supercharge mechanism

And also doc
---
 .github/workflows/tox.yml                     |  52 +++-
 .pre-commit-config.yaml                       |   1 +
 README.rst                                    | 143 +++++----
 molecule/tests/converge.yml                   |   4 +
 molecule/tests/molecule.yml                   | 123 ++++++++
 molecule/tests/verify.yml                     |  10 +
 molecule_kubevirt/driver.py                   |  41 +--
 molecule_kubevirt/playbooks/create.yml        | 284 ++++++++++--------
 .../test/refs/instance-almost-default.yml     |  39 +++
 molecule_kubevirt/test/refs/instance-full.yml |  77 +++++
 .../user_data-instance-almost-default.yml     |   7 +
 .../test/refs/user_data-instance-full.yml     |  26 ++
 .../test/{test_func.py => test_init.py}       |  10 -
 molecule_kubevirt/test/test_scenario_tests.py |  72 +++++
 14 files changed, 666 insertions(+), 223 deletions(-)
 create mode 100644 molecule/tests/converge.yml
 create mode 100644 molecule/tests/molecule.yml
 create mode 100644 molecule/tests/verify.yml
 create mode 100644 molecule_kubevirt/test/refs/instance-almost-default.yml
 create mode 100644 molecule_kubevirt/test/refs/instance-full.yml
 create mode 100644 molecule_kubevirt/test/refs/user_data-instance-almost-default.yml
 create mode 100644 molecule_kubevirt/test/refs/user_data-instance-full.yml
 rename molecule_kubevirt/test/{test_func.py => test_init.py} (82%)
 create mode 100644 molecule_kubevirt/test/test_scenario_tests.py

diff --git a/.github/workflows/tox.yml b/.github/workflows/tox.yml
index aa1cf72..702bf4d 100644
--- a/.github/workflows/tox.yml
+++ b/.github/workflows/tox.yml
@@ -26,27 +26,21 @@ jobs:
           - tox_env: lint
           # - tox_env: docs
           - tox_env: py36-ansible_2
-            PREFIX: PYTEST_REQPASS=2
             PYTHON_BASE_IMAGE: python:3.6
             KUBERNETES_VERSION: v1.22.2
           - tox_env: py36-ansible_2-devel
-            PREFIX: PYTEST_REQPASS=2
             PYTHON_BASE_IMAGE: python:3.6
             KUBERNETES_VERSION: v1.22.2
           - tox_env: py37-ansible_3
-            PREFIX: PYTEST_REQPASS=2
             PYTHON_BASE_IMAGE: python:3.7
             KUBERNETES_VERSION: v1.22.2
           - tox_env: py38-ansible_4
-            PREFIX: PYTEST_REQPASS=2
             PYTHON_BASE_IMAGE: python:3.8
             KUBERNETES_VERSION: v1.22.2
           - tox_env: py39-ansible_2
-            PREFIX: PYTEST_REQPASS=2
             PYTHON_BASE_IMAGE: python:3.9
             KUBERNETES_VERSION: v1.22.2
           - tox_env: py39-ansible_2-devel
-            PREFIX: PYTEST_REQPASS=2
             PYTHON_BASE_IMAGE: python:3.9
             KUBERNETES_VERSION: v1.22.2
           - tox_env: packaging
@@ -149,7 +143,7 @@ jobs:
 
         if: ${{ contains(matrix.tox_env, 'py') }}
 
-      - name: Install virtcl
+      - name: Install KubeVirt virtcl
         uses: nick-invision/retry@v2
         with:
           timeout_minutes: 5
@@ -161,6 +155,48 @@ jobs:
             sudo install virtctl /usr/local/bin
         if: ${{ contains(matrix.tox_env, 'py') }}
 
+      - name: Install KubeVirt's CDI
+        run: |
+          export VERSION=$(curl -s https://github.com/kubevirt/containerized-data-importer/releases/latest | grep -o "v[0-9]\.[0-9]*\.[0-9]*")
+          kubectl create -f https://github.com/kubevirt/containerized-data-importer/releases/download/$VERSION/cdi-operator.yaml
+          kubectl create -f https://github.com/kubevirt/containerized-data-importer/releases/download/$VERSION/cdi-cr.yaml
+
+      - name: Install calico
+        run: |
+          kubectl apply -f https://projectcalico.docs.tigera.io/manifests/calico.yaml
+          echo "*******************************"
+          # FIXME activate wait for less flakyness
+          sleep 30 && kubectl -n kube-system set env daemonset/calico-node FELIX_IGNORELOOSERPF=true
+
+      - name: Install Multus and configure one net-attach
+        run: |
+          curl -Ls https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/master/deployments/multus-daemonset.yml | kubectl apply -f -
+
+          cat <<EOF | kubectl create -f -
+          ---
+          apiVersion: "k8s.cni.cncf.io/v1"
+          kind: NetworkAttachmentDefinition
+          metadata:
+            name: macvlan-conf
+          spec:
+            config: '{
+                "cniVersion": "0.3.0",
+                "type": "macvlan",
+                "master": "eth0",
+                "mode": "bridge",
+                "ipam": {
+                  "type": "host-local",
+                  "subnet": "192.168.1.0/24",
+                  "rangeStart": "192.168.1.200",
+                  "rangeEnd": "192.168.1.216",
+                  "routes": [
+                    { "dst": "0.0.0.0/0" }
+                  ],
+                  "gateway": "192.168.1.1"
+                }
+              }'
+          EOF
+
       - name: Build molecule test container for ${{ matrix.tox_env }}
         run: |
           eval $(minikube docker-env)
@@ -245,7 +281,7 @@ jobs:
                     args: ["(tox -e ${{ matrix.tox_env }} -c /opt/molecule_kubevirt/tox.ini ; kubectl create configmap molecule-result --from-literal exitCode=\$?); kubectl delete configmap molecule-job-running"]
                     env:
                       - name: PYTEST_REQPASS
-                        value: "2"
+                        value: "6"
                   restartPolicy: Never
               backoffLimit: 0
             EOF
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 304efac..a6422e8 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -41,6 +41,7 @@ repos:
       - id: yamllint
         files: \.(yaml|yml)$
         types: [file, yaml]
+        exclude: 'molecule_kubevirt/test/refs/.*'
         entry: yamllint --strict
   - repo: https://github.com/pre-commit/mirrors-mypy
     rev: v0.790
diff --git a/README.rst b/README.rst
index 5c954e7..e0ffb4a 100644
--- a/README.rst
+++ b/README.rst
@@ -19,8 +19,6 @@ Molecule KubeVirt Plugin
 
 Molecule KubeVirt Plugin is designed to allow use of KubeVirt_ containers for provisioning test resources.
 
-**Very alpha version - All configuration fields and behaviours may be subject to breaking changes**
-
 .. _`KubeVirt`: https://kubevirt.io
 
 Scope
@@ -130,66 +128,105 @@ Molecule then needs to be able to ssh on the ClusterIP ip:
 Virtual machines customisation
 ==============================
 
-Virtual machines can be customised using `domain`, `volumes`, `networks` and `user_data`.
+A few defaults are created if not provided in platfom definition:
 
-Since the driver already sets some values for molecule to start VMs with no customisation, values set in those fields will be merged with default configuration.
+* if no interface with :code:`name: default` is defined in :code:`domain.devices.interfaces`, then a default one is created with :code:`brige: {}` and :code:`bus: virtio`,
+* if no disk with :code:`name: boot` is defined in :code:`domain.devices.disks`, then a default one is created with :code:`bus: virtio`,
+* if no network with :code:`name: default` is defined in :code:`networks`, then a default one is created with :code:`pod: {}` and :code:`model: virtio`,
+* if no volume with :code:`name: boot` is defined in :code:`volumes`, then a default one is created as:
 
+  * a :code:`containerDisk`
+  * with :code:`image`, :code:`path` and :code:`imagePullPolicy` respectively set to plaform :code:`image`, :code:`image_path` and :code:`image_pull_policy`
 
-Full example
-------------
+* if cloud-config is defined in :code:`user_data` it is merged default one wich sets ssh public key for 'molecule' user.
 
-VirtualMachines setup can be fine tuned:
+Customisation example
+---------------------
 
-* `annotations` is empty by default
-* `domain` is combined recursive with default, defaults lists are prepend
-* `user_data` cloud-config is combined recursive with default, defaults lists are prepend
-* `volumes` are appended to defaults
-* `networks` is empty by default
+This example configuration demonstrates how to:
 
-This example configures a specific network, adds a disk backed by an empty volume, then disk is formated and mounted via cloud config:
+* use Kubevirt's CDI in place of an :code:`image` using :code:`dataVolumeTemplates` and overriding default :code:`boot` volume.
+* set customs ressources and annotation
+* and a second interface/network
+* adds a second disk/volume
+* make use of cloud-config to format and mount additional disk
 
 .. code-block:: yaml
 
-    # ask for static IP with Calico
-    annotations:
-      - cni.projectcalico.org/ipAddrs: "[\"10.244.25.25\"]"
-    # combine domain to default
-    domain:
-      devices:
-        disks:
-          # add a new disk
-          - name: emptydisk
-            disk:
-              bus: virtio
-        interfaces:
-          # prefer masquerade instead of default bridge
-          - masquerade: {}
-            name: default
-    networks:
-      - name: default
-        # prefer multus instead of pod network as first network
-        multus:
-          default: true
-          networkName: macvlan-test
-    volumes:
-      - name: emptydisk
-        # create a disk inside the VM Pod
-        # can also be backed by PVC, hotspath, etc...
-        emptyDisk:
-          capacity: 2Gi
-    # custom cloud config - additional disks starts at index 3
-    # because both boot and cloud-config disks are created by driver
-    # therefore example additional disk is named 'vd**c**'
-    user_data:
-      fs_setup:
-        - label: data_disk
-          filesystem: 'ext4'
-          device: /dev/vdc
-          overwrite: true
-      mounts:
-       - [ /dev/vdc, /var/lib/software, "auto", "defaults,nofail", "0", "0" ]
-
-Please take a look at KubeVirt examples to get more information about more uses cases including PersistenVolumes, Multus, Multi node bridge, and more.
+  ---
+  dependency:
+    name: galaxy
+  driver:
+    name: kubevirt
+  platforms:
+    - name: instance
+      # annotate for calico static ip
+      annotations:
+        cni.projectcalico.org/ipAddrs: "[\"10.244.25.25\"]"
+      # use data volume facility in place of using 'image:'
+      dataVolumeTemplates:
+        - metadata:
+            name: disk-dv
+          spec:
+            pvc:
+              accessModes:
+              - ReadWriteOnce
+              resources:
+                requests:
+                  storage: 10Gi
+            preallocation: true
+            source:
+              http:
+                url: https://download.fedoraproject.org/pub/fedora/linux/releases/35/Cloud/x86_64/images/Fedora-Cloud-Base-35-1.2.x86_64.raw.xz
+      domain:
+        resources:
+          limits:
+            cpu: "1"
+            memory: 3Gi
+          requests:
+            cpu: 200m
+            memory: 1Gi
+        devices:
+          interfaces:
+            # add a second device interface
+            - bridge: {}
+              name: multus
+              model: virtio
+              ports:
+                - port: 22
+          disks:
+            # add a second device disk
+            - name: emptydisk
+              disk:
+                bus: virtio
+      volumes:
+          # override default 'boot' volume with cdi data volume template source
+        - name: boot
+          dataVolume:
+            name: disk-dv
+        # add a second volume, must be same name as defined in device
+        - name: emptydisk
+          emptyDisk:
+            capacity: 2Gi
+      networks:
+        # add a second network for added device interface
+        - name: multus
+          multus:
+            # use a NetworkAttachement
+            networkName: macvlan-conf
+      # cloud-config format and mount additional disk
+      user_data:
+        # format additional disk
+        fs_setup:
+          - label: data_disk
+            filesystem: 'ext4'
+            device: /dev/vdb
+            overwrite: true
+        # mount additional disk
+        mounts:
+          - [ /dev/vdb, /var/lib/software, "auto", "defaults,nofail", "0", "0" ]
+
+See `molecule/tests/molecule.yml` from source code for full example.
 
 Run from inside Kubernetes cluster
 ==================================
diff --git a/molecule/tests/converge.yml b/molecule/tests/converge.yml
new file mode 100644
index 0000000..21ccba7
--- /dev/null
+++ b/molecule/tests/converge.yml
@@ -0,0 +1,4 @@
+---
+- name: Converge
+  hosts: all
+  gather_facts: false
diff --git a/molecule/tests/molecule.yml b/molecule/tests/molecule.yml
new file mode 100644
index 0000000..6b01a6e
--- /dev/null
+++ b/molecule/tests/molecule.yml
@@ -0,0 +1,123 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: kubevirt
+platforms:
+  - name: instance-full
+    namespace: kube-public
+    # image: localhost:5001/kubevirt/fedora-cloud-container-disk-demo
+    autoattachGraphicsDevice: false
+    hostname: "myhost"
+    livenessProbe: ""
+    nodeSelector: ""
+    readinessProbe: ""
+    subdomain: "my-domain"
+    terminationGracePeriodSeconds: 30
+    tolerations: []
+    dataVolumeTemplates:
+      - metadata:
+          name: disk-dv-instance-full
+        spec:
+          pvc:
+            accessModes:
+              - ReadWriteOnce
+            resources:
+              requests:
+                storage: 10Gi
+          preallocation: true
+          source:
+            http:
+              url: https://download.fedoraproject.org/pub/fedora/linux/releases/35/Cloud/x86_64/images/Fedora-Cloud-Base-35-1.2.x86_64.raw.xz
+    annotations:
+      cni.projectcalico.org/ipAddrs: "[\"10.244.25.25\"]"
+    domain:
+      resources:
+        limits:
+          cpu: "1"
+          memory: 3Gi
+        requests:
+          cpu: 200m
+          memory: 1Gi
+      devices:
+        interfaces:
+          # override default interface
+          - name: default
+            bridge: {}
+            model: e1000
+            ports:
+              - port: 22
+          # add another interface
+          - name: multus
+            bridge: {}
+            model: virtio
+            ports:
+              - port: 22
+        disks:
+          # override default boot device disk
+          - name: boot
+            disk:
+              bus: virtio
+          # add a second disk
+          - name: emptydisk
+            disk:
+              bus: virtio
+    volumes:
+      # override default boot volume
+      - name: boot
+        dataVolume:
+          name: disk-dv-instance-full
+      # add a second volume
+      - name: emptydisk
+        emptyDisk:
+          capacity: 2Gi
+    networks:
+      # override default network
+      - name: default
+        pod: {}
+      # add a second network
+      - name: multus
+        multus:
+          networkName: macvlan-conf
+    # custom cloud-config - see cloud-config doc
+    user_data:
+      # add a second user
+      users:
+        - name: user2
+          sudo: false
+          ssh_authorized_keys:
+            - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDJRj9o4jhKW0Q6KnWa2jkThu/I070SJ+NBMDkP4ZXNu/t9Oq55Siz2dw6miwAjRVDfbB5HScM6XNJFWfPg10tY9ZUEizTirM5HeT8D+R5IvugfyqFeYs5d5V7X5O/TVJkNFUmqpA9TZYvoBUKsjnH4lH2/sPhtT13qUCLZNheUeQ==
+      # format additional disk
+      fs_setup:
+        - label: data_disk
+          filesystem: 'ext4'
+          device: /dev/vdb
+          overwrite: true
+      # mount additional disk
+      mounts:
+        - [ /dev/vdb, /var/lib/software, "auto", "defaults,nofail", "0", "0" ]
+    ssh_service:
+      type: NodePort
+    # custom cloud-config of molecule user - see cloud-config doc
+    user_molecule:
+      name: notmolecule
+      gecos: "dummy user"
+      plain_text_passwd: notmolecule
+      lock_passwd: false
+      # more authorized keys can be provided but the one created by driver is always inserted in the list
+      ssh_authorized_keys:
+        - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDJRj9o4jhKW0Q6KnWa2jkThu/I070SJ+NBMDkP4ZXNu/t9Oq55Siz2dw6miwAjRVDfbB5HScM6XNJFWfPg10tY9ZUEizTirM5HeT8D+R5IvugfyqFeYs5d5V7X5O/TVJkNFUmqpA9TZYvoBUKsjnH4lH2/sPhtT13qUCLZNheUeQ==XXX
+      sudo:
+        - ALL=(ALL) NOPASSWD:/bin/mysql
+    # Use for creation test only: non running VMs specs can be tested without waiting ssh to be ready.
+    # Requires ssh_service to be activated since VM won't get IP from non created Pod
+    running: false
+
+  - name: instance-almost-default
+    ssh_service:
+      type: NodePort
+    running: false
+provisioner:
+  name: ansible
+verifier:
+  name: ansible
diff --git a/molecule/tests/verify.yml b/molecule/tests/verify.yml
new file mode 100644
index 0000000..79044cd
--- /dev/null
+++ b/molecule/tests/verify.yml
@@ -0,0 +1,10 @@
+---
+# This is an example playbook to execute Ansible tests.
+
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+  - name: Example assertion
+    assert:
+      that: true
diff --git a/molecule_kubevirt/driver.py b/molecule_kubevirt/driver.py
index d61730a..aa9c87f 100644
--- a/molecule_kubevirt/driver.py
+++ b/molecule_kubevirt/driver.py
@@ -49,42 +49,45 @@ class KubeVirt(Driver):
           - name: instance
             namespace: default
             wait_timeout: 300
+            terminationGracePeriodSeconds: 0
             memory: 2Gi
+            image: quay.io/kubevirt/fedora-cloud-container-disk-demo:latest
+
+            annotations: (omit)
+
             cpu_cores: (omit)
             machine_type: q35
             cpu_model: (omit)
-            autoattachGraphicsDevice: false
+
+            autoattachGraphicsDevice: (omit)
+
             memory_request: memory
             cpu_request: (omit)
             memory_limit: memory
             cpu_limit: (omit)
-            image: quay.io/kubevirt/fedora-cloud-container-disk-demo:latest
-            annotations: {}
+
             ssh_service:
                 type: ClusterIP
                 clusterIP: {}
                 nodePort: {}
                 nodePort_host: localhost
+
             volumes: []
             networks: []
-            domain: {} # domain is merged with default
-            user_data: {} # user data cloud-config is merged with default
-    Image MUST be accessible on Kubernetes workers running Kubevirt. This driver
-    provides no service for building images. Solutions using CDI may be found in
-    later version .
 
-    Minimal authorizations are required for the molecule runner if running from Kubernetes, via ServiceAccount :
-    .. code-block::yaml
-        roleRef:
-          apiGroup: rbac.authorization.k8s.io
-          kind: ClusterRole
-          name: kubevirt.io:edit
+            domain: {}
+            user_data: {}
+
+            hostname: (omit)
+            livenessProbe: (omit)
+            nodeSelector: (omit)
+            readinessProbe: (omit)
+            subdomain: (omit)
+            tolerations: (omit)
+
 
-    .. note:: This driver does not require specific container privileges.
 
-    .. note:: Default ssh access is curently set via a ClusterIp Service and points to
-    {{ platform.name }}.{{ platform.namespace }}.svc
-    . This may change in futur releases.
+    .. note:: Default ssh access point to VM Pod IP
 
     .. code-block:: bash
 
@@ -97,8 +100,6 @@ class KubeVirt(Driver):
 
         driver:
           name: kubevirt
-          safe_files:
-            - foo
 
     .. _`Kubevirt`: https://kubevirt.io/
     """  # noqa
diff --git a/molecule_kubevirt/playbooks/create.yml b/molecule_kubevirt/playbooks/create.yml
index c63b5ea..998d12c 100644
--- a/molecule_kubevirt/playbooks/create.yml
+++ b/molecule_kubevirt/playbooks/create.yml
@@ -5,40 +5,60 @@
   gather_facts: false
   no_log: "{{ molecule_no_log }}"
   vars:
-    molecule_labels:
-      owner: molecule
     default_namespace: "default"
-    default_user_name: "molecule"
-    default_vm_timeout: 60
+    default_user_molecule:
+      name: "molecule"
+      sudo:
+        - ALL=(ALL) NOPASSWD:ALL
     default_vm_memory: "2Gi"
     default_vm_machine_type: "q35"
     default_vm_disk_image: "quay.io/kubevirt/fedora-cloud-container-disk-demo"
     default_ssh_timeout: 300
+    default_ssh_delay: 1
+    default_pod_ip_retries: 60
+    default_pod_ip_delay: 1
     default_ssh_service_type: ClusterIP
+    default_termination_grace_perdiod: 0
+    default_boot_disk:
+      disk:
+        bus: virtio
+      name: boot
+    default_cloud_init_disk:
+      disk:
+        bus: virtio
+      name: cloudinit
+    default_interface:
+      bridge: {}
+      name: default
+      model: virtio
+    default_network:
+      pod: {}
+      name: default
+      model: virtio
     ssh_key_path: "{{ molecule_ephemeral_directory }}/identity_{{ item.name }}"
-
   tasks:
     - name: Create ssh key pair
       openssh_keypair:
         path: "{{ ssh_key_path }}"
         size: 1024
         type: rsa
-      loop: "{{ molecule_yml.platforms  }}"
+      loop: "{{ molecule_yml.platforms }}"
       loop_control:
         label: "{{ item.name }}"
 
     - name: Create cloud init with ssh identity for molecule user
       vars:
-        user_data: |-
-          {{ item.user_data | default({}) | from_yaml | combine(default_user_data | from_yaml, recursive=True, list_merge='prepend') }}
         default_user_data: |-
           users:
-            - name: {{ item.user_name | default(default_user_name) }}
-              sudo: ALL=(ALL) NOPASSWD:ALL
-              plain_text_passwd: molecule
-              lock_passwd: false
-              ssh_authorized_keys:
-                - {{ lookup('file', ssh_key_path + '.pub' ) }}
+            - {{ combined_molecule_user }}
+        user_molecule_authorized_keys:
+          ssh_authorized_keys:
+            - "{{ lookup('file', ssh_key_path + '.pub' ) }}"
+        # molecule user in user data is a merge of default, platform and forced ssh authorized key
+        combined_molecule_user: "{{ default_user_molecule | combine(item.user_molecule|default(None)) | combine (user_molecule_authorized_keys, list_merge='append') }}"
+        # user data is a merge of platform and molecule user
+        user_data: |-
+          {{ item.user_data | default({}) | from_yaml | combine(default_user_data | from_yaml, recursive=True, list_merge='prepend') }}
       k8s:
         state: present
         definition:
@@ -58,37 +78,77 @@
 
     - name: Create virtual machines
       vars:
-        container_disk_name: "{{ item.name }}"
-        domain:
+        default_container_disk_volume:
+          containerDisk:
+            image: "{{ item.image | default(default_vm_disk_image) }}"
+            path: "{{ item.image_path | default(omit) }}"
+            imagePullPolicy: "{{ item.image_pull_policy | default('IfNotPresent') }}"
+          name: "boot"
+        default_cloud_init_volume:
+          cloudInitNoCloud:
+            secretRef:
+              name: "{{ item.name }}"
+          name: cloudinit
+
+        # Merge device diskes: if one is named 'boot': use it against default driver defined
+        # If other disks are defined, append them
+        platform_boot_disk: "{{ (item.domain.devices.disks | default([]) | selectattr('name','==','boot')) | default(None) }}"
+        platform_other_disks: "{{ (item.domain.devices.disks | default([]) | rejectattr('name','==','boot')) | default(None) }}"
+        target_disks: |-
+          {{ platform_boot_disk | ternary(platform_boot_disk,[default_boot_disk]) +
+             platform_other_disks + [default_cloud_init_disk] }}
+
+        # Merge disk volumes: if one is named 'boot': use it against default driver defined
+        # If other volumes are defined, append them
+        platform_container_disk_volume: "{{ (item.volumes | default([]) | selectattr('name','==','boot')) | default(None) }}"
+        platform_other_default_cloud_init_volume: "{{ (item.volumes | default([]) | rejectattr('name','==','boot')) | default(None) }}"
+        target_volumes: |-
+          {{ platform_container_disk_volume | ternary(platform_container_disk_volume,[default_container_disk_volume]) +
+            platform_other_default_cloud_init_volume + [default_cloud_init_volume]}}
+
+        # Merge interfaces: if one is named 'default': use it against default driver defined
+        # If other interfaces are defined, append them
+        platform_interface: "{{ (item.domain.devices.interfaces | default([]) | selectattr('name','==','default')) | default(None) }}"
+        platform_other_interface: "{{ (item.domain.devices.interfaces | default([]) | rejectattr('name','==','default')) | default(None) }}"
+        target_interfaces: |-
+          {{ platform_interface | ternary(platform_interface,[default_interface]) + platform_other_interface }}
+
+        # Merge networks: if one is named 'default': use it against default driver defined
+        # If other networks are defined, append them
+        platform_network: "{{ (item.networks | default([]) | selectattr('name','==','default')) | default(None) }}"
+        platform_other_network: "{{ (item.networks | default([]) | rejectattr('name','==','default')) | default(None) }}"
+        target_networks: |-
+          {{ platform_network | ternary(platform_network,[default_network]) + platform_other_network }}
+
+        # Define target VM domain
+        prepared_domain:
           devices:
-            autoattachGraphicsDevice: "{{ item.autoattachGraphicsDevice | default(false) }}"
-            disks:
-              - disk:
-                  bus: virtio
-                name: "{{ container_disk_name }}"
-              - disk:
-                  bus: virtio
-                name: ansiblecloudinitdisk
-          machine:
-            type: "{{ item.machine_type | default(default_vm_machine_type) }}"
+            autoattachGraphicsDevice: "{{ item.affinity | default(omit) }}"
+            disks: "{{ target_disks }}"
+            interfaces: "{{ target_interfaces }}"
           resources:
             requests:
-              memory: "{{ item.memory_request | default(item.memoy) | default(default_vm_memory) }}"
-              cpu: "{{ item.cpu_request | default(item.cpu) | default(omit) }}"
+              memory: "{{ item.memory_request | default(item.domain.resources.requests.memory) | default(default_vm_memory) }}"
+              cpu: "{{ item.cpu_request | default(item.domain.resources.requests.cpu) | default(omit) }}"
             limits:
-              memory: "{{ item.memory_limit | default(item.memoy) | default(default_vm_memory) }}"
-              cpu: "{{ item.cpu_limit | default(item.cpu) | default(omit) }}"
-        networks: "{{ item.networks | default([]) }}"
-        volumes:
-          - containerDisk:
-              image: "{{ item.image | default(default_vm_disk_image) }}"
-              path: "{{ item.image_path | default(omit) }}"
-              imagePullPolicy: "{{ item.image_pull_policy | default('IfNotPresent') }}"
-            name: "{{ container_disk_name }}"
-          - cloudInitNoCloud:
-              secretRef:
-                name: "{{ item.name }}"
-            name: ansiblecloudinitdisk
+              memory: "{{ item.memory_limit | default(item.domain.resources.limits.memory) | default(omit) }}"
+              cpu: "{{ item.cpu_limit | default(item.domain.resources.limits.cpu) | default(omit) }}"
+        # Define target VM specs
+        template_spec: |-
+            domain: {{ item.domain | default({}) | combine(prepared_domain, recursive=True, list_merge='replace') }}
+            volumes: {{ target_volumes }}
+            networks: {{ target_networks }}
+            affinity: {{ item.affinity | default(omit) }}
+            dnsConfig: {{ item.dnsConfig | default(omit) }}
+            dnsPolicy: {{ item.dnsPolicy | default(omit) }}
+            hostname: {{ item.hostname | default(omit) }}
+            livenessProbe: {{ item.livenessProbe | default(omit) }}
+            nodeSelector: {{ item.nodeSelector | default(omit) }}
+            readinessProbe: {{ item.readinessProbe | default(omit) }}
+            subdomain: {{ item.subdomain | default(omit) }}
+            terminationGracePeriodSeconds: {{ item.terminationGracePeriodSeconds | default(default_termination_grace_perdiod) | int }}
+            tolerations: {{ item.tolerations | default(omit) }}
+      # Create VM
       k8s:
         state: present
         definition:
@@ -96,22 +156,20 @@
           kind: VirtualMachine
           metadata:
             name: "{{ item.name }}"
-            namespace: default
+            namespace: "{{ item.namespace | default(default_namespace) }}"
           spec:
-            running: true
+            running: "{{ item.running | default(true) }}"
+            dataVolumeTemplates: "{{ item.dataVolumeTemplates | default(omit) }}"
             template:
               metadata:
                 annotations: "{{ item.annotations | default({}) }}"
                 labels:
                   vm.cnv.io/name: "{{ item.name }}"
-              spec:
-                domain: "{{ item.domain | default({}) | combine(domain, recursive=True, list_merge='prepend') }}"
-                networks: "{{ networks }}"
-                volumes: "{{ volumes + (item.volumes | default([])) }}"
+              # workaround https://stackoverflow.com/questions/63961938/ansible-variable-conversion-to-int-is-ignored
+              spec: "{{ template_spec | from_yaml }}"
       loop: "{{ molecule_yml.platforms }}"
       loop_control:
         label: "{{ item.name }}"
-      register: poll_reg
 
     - name: Deal with ssh services
       when: "item.ssh_service | default(None)"
@@ -126,12 +184,12 @@
               metadata:
                 name: "{{ item.name }}"
                 namespace: "{{ item.namespace | default(default_namespace) }}"
+              # workaround https://stackoverflow.com/questions/63961938/ansible-variable-conversion-to-int-is-ignored
               spec: "{{ spec | from_yaml }}"
           register: node_port_services
           loop: "{{ molecule_yml.platforms  }}"
           loop_control:
             label: "{{ item.name }}"
-          # workaround https://stackoverflow.com/questions/63961938/ansible-variable-conversion-to-int-is-ignored
           vars:
             spec: |-
               ports:
@@ -169,102 +227,64 @@
           loop_control:
             label: "{{ item.name }}"
 
-    - name: Get ip for VirtualMachineInstance
+    - name: Get ip for VirtualMachineInstance for ssh access
       k8s_info:
         kind: VirtualMachineInstance
         namespace: "{{ item.namespace | default(default_namespace) }}"
         name: "{{ item.name }}"
       loop: "{{ molecule_yml.platforms }}"
+      loop_control:
+        label: "{{ item.name }}"
       register: virtual_machine_info
-      retries: 3
+      retries: "{{ item.pod_ip_retries | default(default_pod_ip_retries) }}"
+      delay: "{{ item.pod_ip_delay | default(default_pod_ip_delay) }}"
       until: "virtual_machine_info.resources[0].status.interfaces[0].ipAddress | default(None)"
-      when: "item.ssh_service is not defined"
+      when:
+        - item.ssh_service is not defined
+        - item.running | default(true)
 
-    - name: Get Virtual Machine ip, indexed by name
+    - name: Populate instance config dict
       set_fact:
-        virtual_machine_instance: >-
-          {{ virtual_machine_instance | default({}) | combine ({name: instance}) }}
+        instance_conf_dict:
+          # if not running, ssh access will not be tested
+          running: "{{ item.running | default(true) }}"
+          instance: "{{ item.name }}"
+          address: "{{ ssh_service_address }}"
+          user: "{{ item.user_molecule.name | default(default_user_molecule.name) }}"
+          port: "22"
+          identity_file: "{{ molecule_ephemeral_directory }}/identity_{{ item.name }}"
       vars:
-        name: "{{ item.item.name }}"
-        instance: "{{ item.resources[0] | default({}) }}"
-      loop: "{{ virtual_machine_info.results }}"
+        vmi: "{{ virtual_machine_info.results | selectattr('item.name','==',item.name) | first }}"
+        # Also: should get a 'local node port' for nodePort kind usage for example
+        ssh_service_address: >-
+          {%- set svc_type = item.ssh_service.type | default(None) -%}
+          {%- if not svc_type -%}
+            {{ ((vmi['resources'] |first)['status']['interfaces'] | first)['ipAddress'] }}
+          {%- elif svc_type == 'NodePort' -%}
+            {{ item.ssh_service.nodePort_host | default('localhost') }}:
+            {{- ((node_port_services.results | selectattr('item.name','==',item.name) | first)['result']['spec']['ports'] | first)['nodePort'] }}
+          {%- elif svc_type == 'ClusterIP' -%}
+            {{ (cluster_ip_services.results | selectattr('item.name','==',item.name) | first)['result']['spec']['clusterIP'] }}
+          {%- endif -%}
+      register: instance_config_dict
+      loop: "{{ molecule_yml.platforms }}"
       loop_control:
-        label: "{{ item.item.name }}"
-      when: "item.ssh_service is not defined"
-
-    - name: SSH check block
-      block:
-        - name: Populate instance config dict
-          set_fact:
-            instance_conf_dict:
-              instance: "{{ item.name }}"
-              address: "{{ ssh_service_address }}"
-              user: "{{ item.user_name | default('molecule') }}"
-              port: "22"
-              identity_file: "{{ molecule_ephemeral_directory }}/identity_{{ item.name }}"
-          vars:
-            vmi: "{{ virtual_machine_info.results | selectattr('item.name','==',item.name) | first }}"
-            ssh_service_address: >-
-              {%- set svc_type = item.ssh_service.type | default(None) -%}
-              {%- if not svc_type -%}
-                {{ ((vmi['resources'] |first)['status']['interfaces'] | first)['ipAddress'] }}
-              {%- elif svc_type == 'NodePort' -%}
-                {{ item.ssh_service.nodePort_host | default('localhost') }}:
-                {{- ((node_port_services.results | selectattr('item.name','==',item.name) | first)['result']['spec']['ports'] | first)['nodePort'] }}
-              {%- elif svc_type == 'ClusterIP' -%}
-                {{ (cluster_ip_services.results | selectattr('item.name','==',item.name) | first)['result']['spec']['clusterIP'] }}
-              {%- endif -%}
-          register: instance_config_dict
-          loop: "{{ molecule_yml.platforms }}"
-          loop_control:
-            label: "{{ item.name  }}"
-
-        - name: Convert instance config dict to a list
-          set_fact:
-            instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}"
-
-        - name: Async start ssh access test
-          wait_for:
-            timeout: "{{ item.ssh_timeout | default(default_ssh_timeout) }}"
-            port: "{{ item.port | default('22') }}"
-            host: "{{ item.address }}"
-            delay: 1
-          loop: "{{ instance_conf }}"
-          loop_control:
-            label: "{{ {item.instance: item.address} }}"
-          async: "{{ item.ssh_timeout | default(default_ssh_timeout) }}"
-          poll: 0
-          register: ssh_reg
+        label: "{{ item.name }}"
 
-        - name: SSH test
-          async_status:
-            jid: "{{ async_result_item.ansible_job_id }}"
-          loop: "{{ ssh_reg.results }}"
-          loop_control:
-            loop_var: "async_result_item"
-          register: async_poll_results
-          until: async_poll_results.finished
-          delay: 1
-          retries: "{{ item['ansible_facts']['instance_conf_dict']['ssh_timeout'] | default(default_ssh_timeout) }}"
-      rescue:
-        - name: Failed to get ssh
-          k8s_info:
-            kind: "{{ item }}"
-            api_version: kubevirt.io/v1alpha3
-            namespace: "{{ item.namespace | default(default_namespace) }}"
-          with_items:
-            - Service
-            - VirtualMachine
-            - VirtualMachineInstance
-          register: vm_info
+    - name: Convert instance config dict to a list
+      set_fact:
+        instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}"
 
-        - name: Failed to get running VM - Dump Service, VM and VMI
-          debug:
-            var: dump_var
-          vars:
-            dump_var: "{{ item }}"
-          loop: "{{ vm_info.results }}"
-          failed_when: true
+    - name: Ssh access test - timeout={{ item.ssh_timeout | default(default_ssh_timeout) }}
+      wait_for:
+        timeout: "{{ item.ssh_timeout | default(default_ssh_timeout) }}"
+        port: "{{ item.port | default('22') }}"
+        host: "{{ item.address }}"
+        delay: "{{ item.ssh_delay | default(default_ssh_delay) }}"
+      loop: "{{ instance_conf | default([]) }}"
+      loop_control:
+        label: "{{ item.instance }} -> {{ item.address }} timeout={{ item.ssh_timeout | default(default_ssh_timeout) }}"
+      when: "item.running | default(true)"
 
     - name: Dump instance config
       copy:
diff --git a/molecule_kubevirt/test/refs/instance-almost-default.yml b/molecule_kubevirt/test/refs/instance-almost-default.yml
new file mode 100644
index 0000000..24c8e77
--- /dev/null
+++ b/molecule_kubevirt/test/refs/instance-almost-default.yml
@@ -0,0 +1,39 @@
+spec:
+  running: false
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        vm.cnv.io/name: instance-almost-default
+    spec:
+      domain:
+        devices:
+          disks:
+          - disk:
+              bus: virtio
+            name: boot
+          - disk:
+              bus: virtio
+            name: cloudinit
+          interfaces:
+          - bridge: {}
+            model: virtio
+            name: default
+        machine:
+          type: q35
+        resources:
+          requests:
+            memory: 2Gi
+      networks:
+      - name: default
+        pod: {}
+      terminationGracePeriodSeconds: 0
+      volumes:
+      - containerDisk:
+          image: quay.io/kubevirt/fedora-cloud-container-disk-demo
+          imagePullPolicy: IfNotPresent
+        name: boot
+      - cloudInitNoCloud:
+          secretRef:
+            name: instance-almost-default
+        name: cloudinit
diff --git a/molecule_kubevirt/test/refs/instance-full.yml b/molecule_kubevirt/test/refs/instance-full.yml
new file mode 100644
index 0000000..80da40c
--- /dev/null
+++ b/molecule_kubevirt/test/refs/instance-full.yml
@@ -0,0 +1,77 @@
+spec:
+  dataVolumeTemplates:
+  - metadata:
+      creationTimestamp: null
+      name: disk-dv-instance-full
+    spec:
+      preallocation: true
+      pvc:
+        accessModes:
+        - ReadWriteOnce
+        resources:
+          requests:
+            storage: 10Gi
+      source:
+        http:
+          url: https://download.fedoraproject.org/pub/fedora/linux/releases/35/Cloud/x86_64/images/Fedora-Cloud-Base-35-1.2.x86_64.raw.xz
+  running: false
+  template:
+    metadata:
+      annotations:
+        cni.projectcalico.org/ipAddrs: '["10.244.25.25"]'
+      creationTimestamp: null
+      labels:
+        vm.cnv.io/name: instance-full
+    spec:
+      domain:
+        devices:
+          disks:
+          - disk:
+              bus: virtio
+            name: boot
+          - disk:
+              bus: virtio
+            name: emptydisk
+          - disk:
+              bus: virtio
+            name: cloudinit
+          interfaces:
+          - bridge: {}
+            model: e1000
+            name: default
+            ports:
+            - port: 22
+          - bridge: {}
+            model: virtio
+            name: multus
+            ports:
+            - port: 22
+        machine:
+          type: q35
+        resources:
+          limits:
+            cpu: "1"
+            memory: 3Gi
+          requests:
+            cpu: 200m
+            memory: 1Gi
+      hostname: myhost
+      networks:
+      - name: default
+        pod: {}
+      - multus:
+          networkName: macvlan-conf
+        name: multus
+      subdomain: my-domain
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - dataVolume:
+          name: disk-dv-instance-full
+        name: boot
+      - emptyDisk:
+          capacity: 2Gi
+        name: emptydisk
+      - cloudInitNoCloud:
+          secretRef:
+            name: instance-full
+        name: cloudinit
diff --git a/molecule_kubevirt/test/refs/user_data-instance-almost-default.yml b/molecule_kubevirt/test/refs/user_data-instance-almost-default.yml
new file mode 100644
index 0000000..196817b
--- /dev/null
+++ b/molecule_kubevirt/test/refs/user_data-instance-almost-default.yml
@@ -0,0 +1,7 @@
+#cloud-config
+users:
+-   name: molecule
+    ssh_authorized_keys:
+    - ""
+    sudo:
+    - ALL=(ALL) NOPASSWD:ALL
diff --git a/molecule_kubevirt/test/refs/user_data-instance-full.yml b/molecule_kubevirt/test/refs/user_data-instance-full.yml
new file mode 100644
index 0000000..f23f148
--- /dev/null
+++ b/molecule_kubevirt/test/refs/user_data-instance-full.yml
@@ -0,0 +1,26 @@
+#cloud-config
+fs_setup:
+-   device: /dev/vdb
+    filesystem: ext4
+    label: data_disk
+    overwrite: true
+mounts:
+-   - /dev/vdb
+    - /var/lib/software
+    - auto
+    - defaults,nofail
+    - '0'
+    - '0'
+users:
+-   gecos: dummy user
+    name: notmolecule
+    lock_passwd: false
+    plain_text_passwd: notmolecule
+    ssh_authorized_keys:
+    - ""
+    sudo:
+    - ALL=(ALL) NOPASSWD:/bin/mysql
+-   name: user2
+    ssh_authorized_keys:
+    - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDJRj9o4jhKW0Q6KnWa2jkThu/I070SJ+NBMDkP4ZXNu/t9Oq55Siz2dw6miwAjRVDfbB5HScM6XNJFWfPg10tY9ZUEizTirM5HeT8D+R5IvugfyqFeYs5d5V7X5O/TVJkNFUmqpA9TZYvoBUKsjnH4lH2/sPhtT13qUCLZNheUeQ==
+    sudo: false
diff --git a/molecule_kubevirt/test/test_func.py b/molecule_kubevirt/test/test_init.py
similarity index 82%
rename from molecule_kubevirt/test/test_func.py
rename to molecule_kubevirt/test/test_init.py
index f6b3475..d8ce9e8 100644
--- a/molecule_kubevirt/test/test_func.py
+++ b/molecule_kubevirt/test/test_init.py
@@ -1,7 +1,6 @@
 """Functional tests."""
 import pathlib
 import shutil
-import subprocess
 
 from molecule import logger
 from molecule.test.conftest import change_dir_to
@@ -10,15 +9,6 @@
 LOG = logger.get_logger(__name__)
 
 
-def format_result(result: subprocess.CompletedProcess):
-    """Return friendly representation of completed process run."""
-    return (
-        f"RC: {result.returncode}\n"
-        + f"STDOUT: {result.stdout}\n"
-        + f"STDERR: {result.stderr}"
-    )
-
-
 def test_command_init_and_test_scenario(tmp_path: pathlib.Path, DRIVER: str) -> None:
     """Verify that init scenario works."""
     shutil.rmtree(tmp_path, ignore_errors=True)
diff --git a/molecule_kubevirt/test/test_scenario_tests.py b/molecule_kubevirt/test/test_scenario_tests.py
new file mode 100644
index 0000000..0a356cb
--- /dev/null
+++ b/molecule_kubevirt/test/test_scenario_tests.py
@@ -0,0 +1,72 @@
+"""Functional tests."""
+from base64 import b64decode
+
+import pytest
+import yaml
+from molecule import logger
+from molecule.util import run_command, safe_load_file
+
+LOG = logger.get_logger(__name__)
+
+
+@pytest.mark.parametrize(
+    ("namespace", "name", "user"),
+    [
+        ("kube-public", "instance-full", "notmolecule"),
+        ("default", "instance-almost-default", "molecule"),
+    ],
+)
+class TestClass:
+    """Test non running VMs and compare to references yaml files."""
+
+    @classmethod
+    def setup_class(cls):
+        cmd = ["molecule", "create", "-s", "tests"]
+        result = run_command(cmd)
+        assert result.returncode == 0
+
+    @classmethod
+    def teardown_class(cls):
+        cmd = ["molecule", "destroy", "-s", "tests"]
+        result = run_command(cmd)
+        assert result.returncode == 0
+
+    # Check spec result is same as tracked refs/
+    def test_instance_spec(self, namespace, name, user):
+        cmd = ["kubectl", "get", "-n", namespace, "VirtualMachine", name, "-o", "yaml"]
+        result = run_command(cmd)
+        assert result.returncode == 0
+
+        result_yaml = yaml.safe_load(result.stdout)
+        spec_test_yaml = safe_load_file("molecule_kubevirt/test/refs/%s.yml" % (name))
+
+        assert result_yaml["spec"] == spec_test_yaml["spec"]
+
+    # Check secret's user-data is same as tracked refs/
+    def test_instance_secret(self, namespace, name, user):
+        cmd = [
+            "kubectl",
+            "get",
+            "-n",
+            namespace,
+            "secret",
+            name,
+            "-o",
+            "jsonpath={.data.userdata}",
+        ]
+        result = run_command(cmd)
+        assert result.returncode == 0
+
+        cloud_config = b64decode(result.stdout)
+        cloud_config_yaml = yaml.safe_load(cloud_config)
+
+        # ssh key is emptied before testing against tracked definition
+        for i in cloud_config_yaml["users"]:
+            if i["name"] == user:
+                i["ssh_authorized_keys"] = [""]
+
+        spec_test_yaml = safe_load_file(
+            "molecule_kubevirt/test/refs/user_data-%s.yml" % (name)
+        )
+
+        assert spec_test_yaml == cloud_config_yaml