Skip to content
This repository was archived by the owner on Dec 6, 2024. It is now read-only.

Commit 6c59921

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #94 from shanduur/cosi-test-chainsaw
feat: add COSI test suite using Chainsaw
2 parents bec5d8e + 5118025 commit 6c59921

File tree

4 files changed

+342
-0
lines changed

4 files changed

+342
-0
lines changed

Diff for: ctlptl.yaml

+10
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
---
2+
apiVersion: ctlptl.dev/v1alpha1
3+
kind: Registry
4+
name: ctlptl-registry
5+
port: 5005
6+
---
7+
apiVersion: ctlptl.dev/v1alpha1
8+
kind: Cluster
9+
product: kind
10+
registry: ctlptl-registry

Diff for: test/e2e/README.md

+56
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
# End-to-end tests
2+
3+
## Kyverno Chainsaw
4+
5+
Chainsaw provides a declarative approach to test Kubernetes operators and controllers.
6+
7+
While Chainsaw is designed for testing operators and controllers, it can declaratively test any Kubernetes objects.
8+
9+
Chainsaw is an open-source tool that was initially developed for defining and running Kyverno end-to-end tests.
10+
11+
## Configuration
12+
13+
To configure Chainsaw for testing, you need to define parameters for the specific Kubernetes resources and controllers being tested. Below are example configurations.
14+
15+
**Sample Configuration**
16+
17+
```yaml
18+
driverName: sample-driver.objectstorage.k8s.io
19+
deletionPolicy: "Delete" # Options: "Delete" or "Retain"
20+
bucketClassParams:
21+
foo: bar
22+
baz: cux
23+
bucketAccessClassParams:
24+
foo: bar
25+
baz: cux
26+
authenticationType: "Key" # Options: "Key" or "IAM"
27+
bucketClaimProtocols: ["S3", "Azure"] # Supported protocols for bucket claims
28+
bucketAccessProtocol: "S3" # Protocol for bucket access
29+
```
30+
31+
**Example for Linode COSI Driver**
32+
33+
```yaml
34+
driverName: objectstorage.cosi.linode.com
35+
deletionPolicy: "Delete" # Options: "Delete" or "Retain"
36+
bucketClassParams:
37+
cosi.linode.com/v1/region: us-east # Specify the region for Linode object storage
38+
cosi.linode.com/v1/acl: private # Define the access control list (ACL) settings
39+
cosi.linode.com/v1/cors: disabled # Enable or disable Cross-Origin Resource Sharing (CORS)
40+
bucketAccessClassParams:
41+
cosi.linode.com/v1/permissions: read_write # Define access permissions
42+
authenticationType: "Key" # Options: "Key" or "IAM"
43+
bucketClaimProtocols: ["S3"] # Supported protocol for bucket claims
44+
bucketAccessProtocol: "S3" # Protocol for bucket access
45+
```
46+
47+
### Running tests
48+
49+
To run the Chainsaw end-to-end tests, you can use the following command:
50+
51+
```sh
52+
chainsaw test --values /path/to/values.yaml
53+
```
54+
55+
This command will run the tests using the values defined in the provided YAML configuration file.
56+
Ensure the file is properly configured to suit the Kubernetes objects and controllers you are testing.

Diff for: test/e2e/chainsaw-test.yaml

+265
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,265 @@
1+
---
2+
# yaml-language-server: $schema=https://raw.githubusercontent.com/kyverno/chainsaw/main/.schemas/json/test-chainsaw-v1alpha1.json
3+
apiVersion: chainsaw.kyverno.io/v1alpha1
4+
kind: Test
5+
metadata:
6+
name: generic-test
7+
spec:
8+
template: true
9+
bindings:
10+
- name: driverName
11+
value: ($values.driverName)
12+
- name: deletionPolicy
13+
value: ($values.deletionPolicy)
14+
- name: bucketClassParams
15+
value: ($values.bucketClassParams)
16+
- name: bucketAccessClassParams
17+
value: ($values.bucketAccessClassParams)
18+
- name: authenticationType
19+
value: ($values.authenticationType)
20+
- name: bucketClaimProtocols
21+
value: ($values.bucketClaimProtocols)
22+
- name: bucketAccessProtocol
23+
value: ($values.bucketAccessProtocol)
24+
steps:
25+
- name: Check if COSI Controller exist
26+
try:
27+
- assert:
28+
resource:
29+
apiVersion: apps/v1
30+
kind: Deployment
31+
metadata:
32+
name: objectstorage-controller
33+
namespace: default
34+
status:
35+
availableReplicas: 1
36+
- name: Create test BucketClass and BucketAccessClass
37+
try:
38+
- apply:
39+
resource:
40+
apiVersion: objectstorage.k8s.io/v1alpha1
41+
kind: BucketClass
42+
metadata:
43+
name: ($namespace)
44+
driverName: ($driverName)
45+
deletionPolicy: ($deletionPolicy)
46+
parameters: ($bucketClassParams)
47+
- apply:
48+
resource:
49+
apiVersion: objectstorage.k8s.io/v1alpha1
50+
kind: BucketAccessClass
51+
metadata:
52+
name: ($namespace)
53+
driverName: ($driverName)
54+
authenticationType: ($authenticationType)
55+
parameters: ($bucketAccessClassParams)
56+
- name: Create BucketClaim
57+
try:
58+
- apply:
59+
resource:
60+
apiVersion: objectstorage.k8s.io/v1alpha1
61+
kind: BucketClaim
62+
metadata:
63+
name: ($namespace)
64+
spec:
65+
bucketClassName: ($namespace)
66+
protocols: ($bucketClaimProtocols)
67+
- name: Check if BucketClaim is ready
68+
try:
69+
- assert:
70+
resource:
71+
apiVersion: objectstorage.k8s.io/v1alpha1
72+
kind: BucketClaim
73+
metadata:
74+
name: ($namespace)
75+
status:
76+
bucketReady: true
77+
- name: Create BucketAccess
78+
try:
79+
- apply:
80+
resource:
81+
apiVersion: objectstorage.k8s.io/v1alpha1
82+
kind: BucketAccess
83+
metadata:
84+
name: ($namespace)
85+
spec:
86+
bucketClaimName: ($namespace)
87+
protocol: ($bucketAccessProtocol)
88+
bucketAccessClassName: ($namespace)
89+
credentialsSecretName: ($namespace)
90+
serviceAccountName: ($namespace)
91+
- name: Check if BucketAccess is granted
92+
try:
93+
- assert:
94+
resource:
95+
apiVersion: objectstorage.k8s.io/v1alpha1
96+
kind: BucketAccess
97+
metadata:
98+
name: ($namespace)
99+
status:
100+
accessGranted: true
101+
- name: Check if Secret exists
102+
try:
103+
- assert:
104+
resource:
105+
apiVersion: v1
106+
kind: Secret
107+
metadata:
108+
name: ($namespace)
109+
- name: Run ObjectStorage validation tool
110+
# TODO: This should be either a standalone test tool developed by us, to run test suite:
111+
# - validate Secret format;
112+
# - validate connectivity to the Object Storage server;
113+
# Right now it is using busybox to check if the secret has correct format.
114+
try:
115+
- apply:
116+
resource:
117+
apiVersion: v1
118+
kind: ConfigMap
119+
metadata:
120+
name: validation
121+
data:
122+
schema.json: |
123+
{
124+
"$schema": "http://json-schema.org/draft-07/schema#",
125+
"type": "object",
126+
"properties": {
127+
"spec": {
128+
"type": "object",
129+
"properties": {
130+
"bucketName": {
131+
"type": "string"
132+
},
133+
"authenticationType": {
134+
"type": "string",
135+
"enum": [
136+
"IAM",
137+
"Key"
138+
]
139+
},
140+
"protocols": {
141+
"type": "array",
142+
"items": {
143+
"type": "string",
144+
"enum": [
145+
"S3",
146+
"Azure",
147+
"GCP"
148+
]
149+
},
150+
"minItems": 1
151+
},
152+
"secretS3": {
153+
"oneOf": [
154+
{
155+
"type": "null"
156+
},
157+
{
158+
"type": "object"
159+
}
160+
],
161+
"properties": {
162+
"endpoint": {
163+
"type": "string"
164+
},
165+
"region": {
166+
"type": "string"
167+
},
168+
"accessKeyID": {
169+
"type": "string"
170+
},
171+
"accessSecretKey": {
172+
"type": "string"
173+
}
174+
},
175+
"required": [
176+
"endpoint",
177+
"region",
178+
"accessKeyID",
179+
"accessSecretKey"
180+
]
181+
},
182+
"secretAzure": {
183+
"oneOf": [
184+
{
185+
"type": "null"
186+
},
187+
{
188+
"type": "object"
189+
}
190+
],
191+
"properties": {
192+
"accessToken": {
193+
"type": "string"
194+
},
195+
"expiryTimeStamp": {
196+
"type": "string"
197+
}
198+
},
199+
"required": [
200+
"accessToken",
201+
"expiryTimeStamp"
202+
]
203+
}
204+
},
205+
"required": [
206+
"bucketName",
207+
"authenticationType",
208+
"protocols",
209+
"secretAzure",
210+
"secretS3"
211+
]
212+
}
213+
},
214+
"required": [
215+
"spec"
216+
]
217+
}
218+
validator.sh: |
219+
#!/usr/bin/env sh
220+
set -e
221+
pip install check-jsonschema
222+
check-jsonschema --schemafile /validation/schema.json /conf/BucketInfo.json
223+
- create:
224+
resource:
225+
apiVersion: batch/v1
226+
kind: Job
227+
metadata:
228+
name: ($namespace)
229+
spec:
230+
ttlSecondsAfterFinished: 100
231+
template:
232+
spec:
233+
restartPolicy: Never
234+
containers:
235+
- name: secret-test
236+
image: docker.io/library/python:3.12
237+
command: [ "sh", "/validation/validator.sh" ]
238+
env:
239+
- name: PIP_ROOT_USER_ACTION
240+
value: ignore
241+
volumeMounts:
242+
- mountPath: /validation
243+
name: validation
244+
- mountPath: /conf
245+
name: secret-vol
246+
volumes:
247+
- name: validation
248+
configMap:
249+
name: validation
250+
- name: secret-vol
251+
secret:
252+
secretName: ($namespace)
253+
items:
254+
- key: BucketInfo
255+
path: BucketInfo.json
256+
- name: Check if ObjectStorage validation tool completed succesfully
257+
try:
258+
- assert:
259+
resource:
260+
apiVersion: batch/v1
261+
kind: Job
262+
metadata:
263+
name: ($namespace)
264+
status:
265+
succeeded: 1

Diff for: test/e2e/values.yaml

+11
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
driverName: sample-driver.objectstorage.k8s.io
2+
deletionPolicy: "Delete" # "Retain"
3+
bucketClassParams:
4+
foo: bar
5+
baz: cux
6+
bucketAccessClassParams:
7+
foo: bar
8+
baz: cux
9+
authenticationType: "Key" # "IAM"
10+
bucketClaimProtocols: ["S3", "Azure"]
11+
bucketAccessProtocol: "S3"

0 commit comments

Comments
 (0)