Skip to content

Commit

Permalink
test: add chainsaw tests
Browse files Browse the repository at this point in the history
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
  • Loading branch information
eddycharly committed Dec 11, 2023
1 parent 7a5d788 commit 1d490ad
Show file tree
Hide file tree
Showing 13 changed files with 264 additions and 0 deletions.
28 changes: 28 additions & 0 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,21 @@ references:
tags:
ignore: /v.*/

chainsaw_configuration: &chainsaw_configuration
pre_script: e2e/chainsaw-pre.sh
script: e2e/chainsaw-test.sh
command_runner_image: quay.io/reactiveops/ci-images:v13-buster
enable_docker_layer_caching: true
attach-workspace: true
requires:
- test
- snapshot
filters:
branches:
only: /.*/
tags:
ignore: /v.*/

jobs:
test:
docker:
Expand Down Expand Up @@ -108,6 +123,19 @@ workflows:
name: "End-To-End Kubernetes 1.25"
kind_node_image: "kindest/node:v1.25.3@sha256:f52781bc0d7a19fb6c405c2af83abfeb311f130707a0e219175677e366cc45d1"
<<: *e2e_configuration
- rok8s/kubernetes_e2e_tests:
name: "Chainsaw End-To-End Kubernetes 1.23"
kind_node_image: "kindest/node:v1.23.13@sha256:ef453bb7c79f0e3caba88d2067d4196f427794086a7d0df8df4f019d5e336b61"
<<: *chainsaw_configuration
- rok8s/kubernetes_e2e_tests:
name: "Chainsaw End-To-End Kubernetes 1.24"
kind_node_image: "kindest/node:v1.24.7@sha256:577c630ce8e509131eab1aea12c022190978dd2f745aac5eb1fe65c0807eb315"
<<: *chainsaw_configuration
- rok8s/kubernetes_e2e_tests:
name: "Chainsaw End-To-End Kubernetes 1.25"
kind_node_image: "kindest/node:v1.25.3@sha256:f52781bc0d7a19fb6c405c2af83abfeb311f130707a0e219175677e366cc45d1"
<<: *chainsaw_configuration

release:
jobs:
- build_and_release:
Expand Down
35 changes: 35 additions & 0 deletions e2e/chainsaw-pre.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
#!/bin/bash

set -e

wget -O /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/v4.35.1/yq_linux_amd64"
chmod +x /usr/local/bin/yq

if [ -z "$CI_SHA1" ]; then
echo "CI_SHA1 not set. Something is wrong"
exit 1
else
echo "CI_SHA1: $CI_SHA1"
fi

printf "\n\n"
echo "********************************************************************"
echo "** LOADING IMAGES TO DOCKER AND KIND **"
echo "********************************************************************"
printf "\n\n"
docker load --input /tmp/workspace/docker_save/rbac-manager_${CI_SHA1}-amd64.tar
export PATH=$(pwd)/bin-kind:$PATH
kind load docker-image --name e2e quay.io/reactiveops/rbac-manager:${CI_SHA1}-amd64
printf "\n\n"
echo "********************************************************************"
echo "** END LOADING IMAGE **"
echo "********************************************************************"
printf "\n\n"

export newImage=quay.io/reactiveops/rbac-manager:${CI_SHA1}-amd64
yq -i '.spec.template.spec.containers[0].image = env(newImage)' deploy/3_deployment.yaml
yq -i '.spec.template.spec.containers[0].imagePullPolicy = "IfNotPresent"' deploy/3_deployment.yaml
cat deploy/3_deployment.yaml

docker cp deploy e2e-command-runner:/
docker cp e2e/chainsaw e2e-command-runner:/
40 changes: 40 additions & 0 deletions e2e/chainsaw-test.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
#!/bin/bash

BASE_DIR=$(dirname $BASH_SOURCE)

printf "\n\n"
echo "**************************"
echo "** Begin E2E Test Setup **"
echo "**************************"
printf "\n\n"

set -e


printf "\n\n"
echo "********************************************************************"
echo "** Install rbac-manager at $CI_SHA1 **"
echo "********************************************************************"
printf "\n\n"

kubectl apply -f deploy/
kubectl -n rbac-manager wait deployment/rbac-manager --timeout=120s --for condition=available

printf "\n\n"
echo "********************************************************************"
echo "** Install and run Chainsaw **"
echo "********************************************************************"
printf "\n\n"

cd "$BASE_DIR/chainsaw"

curl -sL https://github.com/kyverno/chainsaw/releases/download/v0.0.9/chainsaw_linux_amd64.tar.gz -o linux_amd64.tar.gz
tar -xvf linux_amd64.tar.gz chainsaw
rm linux_amd64.tar.gz
chmod +x chainsaw

./chainsaw test

if [ $? -ne 0 ]; then
exit 1
fi
10 changes: 10 additions & 0 deletions e2e/chainsaw/.chainsaw.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/kyverno/chainsaw/main/.schemas/json/configuration-chainsaw-v1alpha1.json
apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Configuration
metadata:
name: congiguration
spec:
parallel: 1
fullName: true
failFast: false
delayBeforeCleanup: 3s
12 changes: 12 additions & 0 deletions e2e/chainsaw/cluster-role-bindings/chainsaw-test.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/kyverno/chainsaw/main/.schemas/json/test-chainsaw-v1alpha1.json
apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Test
metadata:
name: clusterrolebindings
spec:
steps:
- try:
- apply:
file: resources.yaml
- assert:
file: expected.yaml
17 changes: 17 additions & 0 deletions e2e/chainsaw/cluster-role-bindings/expected.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
rbac-manager: reactiveops
ownerReferences:
- apiVersion: rbacmanager.reactiveops.io/v1beta1
kind: RBACDefinition
name: rbac-manager-definition
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: test-rbac-manager
subjects:
- kind: ServiceAccount
name: test-rbac-manager
namespace: rbac-manager
12 changes: 12 additions & 0 deletions e2e/chainsaw/cluster-role-bindings/resources.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: rbacmanager.reactiveops.io/v1beta1
kind: RBACDefinition
metadata:
name: rbac-manager-definition
rbacBindings:
- name: admins
subjects:
- kind: ServiceAccount
name: test-rbac-manager
namespace: rbac-manager
clusterRoleBindings:
- clusterRole: test-rbac-manager
22 changes: 22 additions & 0 deletions e2e/chainsaw/deleted/chainsaw-test.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/kyverno/chainsaw/main/.schemas/json/test-chainsaw-v1alpha1.json
apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Test
metadata:
name: clusterrolebindings
spec:
steps:
- description: setup rbac definition, make sure expected resources are created
try:
- apply:
file: resources.yaml
- assert:
file: expected.yaml
- description: delete rbac definition, make sure previously created resources are deleted
try:
- delete:
ref:
apiVersion: rbacmanager.reactiveops.io/v1beta1
kind: RBACDefinition
name: rbac-manager-definition
- error:
file: expected.yaml
17 changes: 17 additions & 0 deletions e2e/chainsaw/deleted/expected.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
rbac-manager: reactiveops
ownerReferences:
- apiVersion: rbacmanager.reactiveops.io/v1beta1
kind: RBACDefinition
name: rbac-manager-definition
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: test-rbac-manager
subjects:
- kind: ServiceAccount
name: test-rbac-manager
namespace: rbac-manager
12 changes: 12 additions & 0 deletions e2e/chainsaw/deleted/resources.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: rbacmanager.reactiveops.io/v1beta1
kind: RBACDefinition
metadata:
name: rbac-manager-definition
rbacBindings:
- name: admins
subjects:
- kind: ServiceAccount
name: test-rbac-manager
namespace: rbac-manager
clusterRoleBindings:
- clusterRole: test-rbac-manager
12 changes: 12 additions & 0 deletions e2e/chainsaw/service-accounts/chainsaw-test.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/kyverno/chainsaw/main/.schemas/json/test-chainsaw-v1alpha1.json
apiVersion: chainsaw.kyverno.io/v1alpha1
kind: Test
metadata:
name: clusterrolebindings
spec:
steps:
- try:
- apply:
file: resources.yaml
- assert:
file: expected.yaml
33 changes: 33 additions & 0 deletions e2e/chainsaw/service-accounts/expected.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
rbac-manager: reactiveops
ownerReferences:
- apiVersion: rbacmanager.reactiveops.io/v1beta1
kind: RBACDefinition
name: rbac-manager-definition-1
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: test-rbac-manager
subjects:
- kind: ServiceAccount
name: test-rbac-manager
namespace: rbac-manager
---
apiVersion: v1
kind: ServiceAccount
imagePullSecrets:
- name: robot-secret
metadata:
annotations:
rbacmanager.reactiveops.io/managed-pull-secrets: robot-secret
labels:
rbac-manager: reactiveops
name: test-rbac-manager
namespace: rbac-manager
ownerReferences:
- apiVersion: rbacmanager.reactiveops.io/v1beta1
kind: RBACDefinition
name: rbac-manager-definition-1
14 changes: 14 additions & 0 deletions e2e/chainsaw/service-accounts/resources.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
apiVersion: rbacmanager.reactiveops.io/v1beta1
kind: RBACDefinition
metadata:
name: rbac-manager-definition-1
rbacBindings:
- name: admins
subjects:
- kind: ServiceAccount
name: test-rbac-manager
namespace: rbac-manager
imagePullSecrets:
- robot-secret
clusterRoleBindings:
- clusterRole: test-rbac-manager

0 comments on commit 1d490ad

Please sign in to comment.