Skip to content
This repository was archived by the owner on Dec 6, 2024. It is now read-only.

feat: add COSI test suite using Chainsaw #94

Merged
merged 10 commits into from
Sep 30, 2024
Merged

feat: add COSI test suite using Chainsaw #94

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
7aa96a5
chore(e2e): ctlptl config for KinD cluster
shanduur Aug 23, 2024
4537562
test(e2e): add test suite for S3 Key authentication
shanduur Aug 23, 2024
caef566
test(e2e): add test suite for S3 IAM authentication
shanduur Aug 23, 2024
2b58a08
test(e2e): add test suite for Azure IAM authentication
shanduur Aug 23, 2024
74cecc5
test(e2e): add test suite for Azure Key authentication
shanduur Aug 23, 2024
e0d58f4
feat: prepare for generator
shanduur Sep 3, 2024
acc05c2
feat: add test generator
shanduur Sep 3, 2024
bad8432
chore: prepare for values file
shanduur Sep 5, 2024
77e688e
refactor: values bindings and functions instead of templating
shanduur Sep 5, 2024
5118025
fix: add readme to tests
shanduur-akamai Sep 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions ctlptl.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
---
apiVersion: ctlptl.dev/v1alpha1
kind: Registry
name: ctlptl-registry
port: 5005
---
apiVersion: ctlptl.dev/v1alpha1
kind: Cluster
product: kind
registry: ctlptl-registry
56 changes: 56 additions & 0 deletions test/e2e/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
# End-to-end tests

## Kyverno Chainsaw

Chainsaw provides a declarative approach to test Kubernetes operators and controllers.

While Chainsaw is designed for testing operators and controllers, it can declaratively test any Kubernetes objects.

Chainsaw is an open-source tool that was initially developed for defining and running Kyverno end-to-end tests.

## Configuration

To configure Chainsaw for testing, you need to define parameters for the specific Kubernetes resources and controllers being tested. Below are example configurations.

**Sample Configuration**

```yaml
driverName: sample-driver.objectstorage.k8s.io
deletionPolicy: "Delete" # Options: "Delete" or "Retain"
bucketClassParams:
foo: bar
baz: cux
bucketAccessClassParams:
foo: bar
baz: cux
authenticationType: "Key" # Options: "Key" or "IAM"
bucketClaimProtocols: ["S3", "Azure"] # Supported protocols for bucket claims
bucketAccessProtocol: "S3" # Protocol for bucket access
```

**Example for Linode COSI Driver**

```yaml
driverName: objectstorage.cosi.linode.com
deletionPolicy: "Delete" # Options: "Delete" or "Retain"
bucketClassParams:
cosi.linode.com/v1/region: us-east # Specify the region for Linode object storage
cosi.linode.com/v1/acl: private # Define the access control list (ACL) settings
cosi.linode.com/v1/cors: disabled # Enable or disable Cross-Origin Resource Sharing (CORS)
bucketAccessClassParams:
cosi.linode.com/v1/permissions: read_write # Define access permissions
authenticationType: "Key" # Options: "Key" or "IAM"
bucketClaimProtocols: ["S3"] # Supported protocol for bucket claims
bucketAccessProtocol: "S3" # Protocol for bucket access
```

### Running tests

To run the Chainsaw end-to-end tests, you can use the following command:

```sh
chainsaw test --values /path/to/values.yaml
```

This command will run the tests using the values defined in the provided YAML configuration file.
Ensure the file is properly configured to suit the Kubernetes objects and controllers you are testing.
265 changes: 265 additions & 0 deletions test/e2e/chainsaw-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,265 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/kyverno/chainsaw/main/.schemas/json/test-chainsaw-v1alpha1.json
apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Test
metadata:
name: generic-test
spec:
template: true
bindings:
- name: driverName
value: ($values.driverName)
- name: deletionPolicy
value: ($values.deletionPolicy)
- name: bucketClassParams
value: ($values.bucketClassParams)
- name: bucketAccessClassParams
value: ($values.bucketAccessClassParams)
- name: authenticationType
value: ($values.authenticationType)
- name: bucketClaimProtocols
value: ($values.bucketClaimProtocols)
- name: bucketAccessProtocol
value: ($values.bucketAccessProtocol)
steps:
- name: Check if COSI Controller exist
try:
- assert:
resource:
apiVersion: apps/v1
kind: Deployment
metadata:
name: objectstorage-controller
namespace: default
status:
availableReplicas: 1
- name: Create test BucketClass and BucketAccessClass
try:
- apply:
resource:
apiVersion: objectstorage.k8s.io/v1alpha1
kind: BucketClass
metadata:
name: ($namespace)
driverName: ($driverName)
deletionPolicy: ($deletionPolicy)
parameters: ($bucketClassParams)
- apply:
resource:
apiVersion: objectstorage.k8s.io/v1alpha1
kind: BucketAccessClass
metadata:
name: ($namespace)
driverName: ($driverName)
authenticationType: ($authenticationType)
parameters: ($bucketAccessClassParams)
- name: Create BucketClaim
try:
- apply:
resource:
apiVersion: objectstorage.k8s.io/v1alpha1
kind: BucketClaim
metadata:
name: ($namespace)
spec:
bucketClassName: ($namespace)
protocols: ($bucketClaimProtocols)
- name: Check if BucketClaim is ready
try:
- assert:
resource:
apiVersion: objectstorage.k8s.io/v1alpha1
kind: BucketClaim
metadata:
name: ($namespace)
status:
bucketReady: true
- name: Create BucketAccess
try:
- apply:
resource:
apiVersion: objectstorage.k8s.io/v1alpha1
kind: BucketAccess
metadata:
name: ($namespace)
spec:
bucketClaimName: ($namespace)
protocol: ($bucketAccessProtocol)
bucketAccessClassName: ($namespace)
credentialsSecretName: ($namespace)
serviceAccountName: ($namespace)
- name: Check if BucketAccess is granted
try:
- assert:
resource:
apiVersion: objectstorage.k8s.io/v1alpha1
kind: BucketAccess
metadata:
name: ($namespace)
status:
accessGranted: true
- name: Check if Secret exists
try:
- assert:
resource:
apiVersion: v1
kind: Secret
metadata:
name: ($namespace)
- name: Run ObjectStorage validation tool
# TODO: This should be either a standalone test tool developed by us, to run test suite:
# - validate Secret format;
# - validate connectivity to the Object Storage server;
# Right now it is using busybox to check if the secret has correct format.
try:
- apply:
resource:
apiVersion: v1
kind: ConfigMap
metadata:
name: validation
data:
schema.json: |
{
"$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"properties": {
"spec": {
"type": "object",
"properties": {
"bucketName": {
"type": "string"
},
"authenticationType": {
"type": "string",
"enum": [
"IAM",
"Key"
]
},
"protocols": {
"type": "array",
"items": {
"type": "string",
"enum": [
"S3",
"Azure",
"GCP"
]
},
"minItems": 1
},
"secretS3": {
"oneOf": [
{
"type": "null"
},
{
"type": "object"
}
],
"properties": {
"endpoint": {
"type": "string"
},
"region": {
"type": "string"
},
"accessKeyID": {
"type": "string"
},
"accessSecretKey": {
"type": "string"
}
},
"required": [
"endpoint",
"region",
"accessKeyID",
"accessSecretKey"
]
},
"secretAzure": {
"oneOf": [
{
"type": "null"
},
{
"type": "object"
}
],
"properties": {
"accessToken": {
"type": "string"
},
"expiryTimeStamp": {
"type": "string"
}
},
"required": [
"accessToken",
"expiryTimeStamp"
]
}
},
"required": [
"bucketName",
"authenticationType",
"protocols",
"secretAzure",
"secretS3"
]
}
},
"required": [
"spec"
]
}
validator.sh: |
#!/usr/bin/env sh
set -e
pip install check-jsonschema
check-jsonschema --schemafile /validation/schema.json /conf/BucketInfo.json
- create:
resource:
apiVersion: batch/v1
kind: Job
metadata:
name: ($namespace)
spec:
ttlSecondsAfterFinished: 100
template:
spec:
restartPolicy: Never
containers:
- name: secret-test
image: docker.io/library/python:3.12
command: [ "sh", "/validation/validator.sh" ]
env:
- name: PIP_ROOT_USER_ACTION
value: ignore
volumeMounts:
- mountPath: /validation
name: validation
- mountPath: /conf
name: secret-vol
volumes:
- name: validation
configMap:
name: validation
- name: secret-vol
secret:
secretName: ($namespace)
items:
- key: BucketInfo
path: BucketInfo.json
- name: Check if ObjectStorage validation tool completed succesfully
try:
- assert:
resource:
apiVersion: batch/v1
kind: Job
metadata:
name: ($namespace)
status:
succeeded: 1
11 changes: 11 additions & 0 deletions test/e2e/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
driverName: sample-driver.objectstorage.k8s.io
deletionPolicy: "Delete" # "Retain"
bucketClassParams:
foo: bar
baz: cux
bucketAccessClassParams:
foo: bar
baz: cux
authenticationType: "Key" # "IAM"
bucketClaimProtocols: ["S3", "Azure"]
bucketAccessProtocol: "S3"