chore: add e2e tests

Signed-off-by: Arjun Raja Yogidas <[email protected]>

Author: coderbirju

.github/workflows/ci.yaml

@@ -109,3 +109,11 @@ jobs:
         run: sudo bin/finch-daemon  --debug --socket-owner $UID &
       - name: Run e2e test
         run: sudo make test-e2e
+      - name: Clean up Daemon socket
+        run: sudo rm /var/run/finch.sock && sudo rm /run/finch.pid 
+      - name: Verify Rego file presence
+        run: ls -l ${{ github.workspace }}/sample.rego
+      - name: Start finch-daemon with opa Authz
+        run: sudo bin/finch-daemon  --debug --enable-opa --rego-file ${{ github.workspace }}/sample.rego --socket-owner $UID &
+      - name: Run opa e2e tests
+        run: sudo make test-e2e-opa

Makefile

@@ -114,6 +114,14 @@ test-e2e: linux
 	TEST_E2E=1 \
 	$(GINKGO) $(GFLAGS) ./e2e/...
 
+.PHONY: test-e2e-opa
+test-e2e-opa: linux
+	DOCKER_HOST="unix:///run/finch.sock" \
+	DOCKER_API_VERSION="v1.43" \
+	OPA_E2E=1 \
+	TEST_E2E=1 \
+	$(GINKGO) $(GFLAGS) ./e2e/...
+
 .PHONY: licenses
 licenses:
 	PATH=$(BIN):$(PATH) go-licenses report --template="scripts/third-party-license.tpl" --ignore github.com/runfinch ./... > THIRD_PARTY_LICENSES

e2e/e2e_test.go

@@ -4,6 +4,7 @@
 package e2e
 
 import (
+	"fmt"
 	"os"
 	"testing"
 
@@ -15,11 +16,104 @@ import (
 	"github.com/runfinch/finch-daemon/e2e/tests"
 )
 
+// func TestRun(t *testing.T) {
+// 	if os.Getenv("TEST_E2E") != "1" {
+// 		t.Skip("E2E tests skipped. Set TEST_E2E=1 to run these tests")
+// 	}
+// 	// TODO : Make this configurable
+// 	runtimeExe := "nerdctl"
+// 	opt, _ := option.New([]string{runtimeExe, "-n", "finch"})
+
+// 	ginkgo.SynchronizedBeforeSuite(func() []byte {
+// 		tests.SetupLocalRegistry(opt)
+// 		return nil
+// 	}, func(bytes []byte) {})
+
+// 	ginkgo.SynchronizedAfterSuite(func() {
+// 		tests.CleanupLocalRegistry(opt)
+// 		// clean up everything after the local registry is cleaned up
+// 		command.RemoveAll(opt)
+// 	}, func() {})
+
+// 	const description = "Finch Daemon Functional test"
+// 	ginkgo.Describe(description, func() {
+// 		// functional test for container APIs
+// 		tests.ContainerCreate(opt)
+// 		tests.ContainerStart(opt)
+// 		tests.ContainerStop(opt)
+// 		tests.ContainerRestart(opt)
+// 		tests.ContainerRemove(opt)
+// 		tests.ContainerList(opt)
+// 		tests.ContainerRename(opt)
+// 		tests.ContainerStats(opt)
+// 		tests.ContainerAttach(opt)
+// 		tests.ContainerLogs(opt)
+// 		tests.ContainerKill(opt)
+
+// 		// functional test for volume APIs
+// 		tests.VolumeList(opt)
+// 		tests.VolumeInspect(opt)
+// 		tests.VolumeRemove(opt)
+
+// 		// functional test for network APIs
+// 		tests.NetworkCreate(opt)
+// 		tests.NetworkRemove(opt)
+// 		tests.NetworkList(opt)
+// 		tests.NetworkInspect(opt)
+
+// 		// functional test for image APIs
+// 		tests.ImageRemove(opt)
+// 		tests.ImagePush(opt)
+// 		tests.ImagePull(opt)
+
+// 		// functional test for system api
+// 		tests.SystemVersion(opt)
+// 		tests.SystemEvents(opt)
+
+// 		// functional test for distribution api
+// 		tests.DistributionInspect(opt)
+// 	})
+
+// 	gomega.RegisterFailHandler(ginkgo.Fail)
+// 	ginkgo.RunSpecs(t, description)
+// }
+
 func TestRun(t *testing.T) {
-	if os.Getenv("TEST_E2E") != "1" {
-		t.Skip("E2E tests skipped. Set TEST_E2E=1 to run these tests")
+	if os.Getenv("OPA_E2E") == "1" {
+		runOPATests(t)
+	} else if os.Getenv("TEST_E2E") == "1" {
+		runE2ETests(t)
+	} else {
+		t.Skip("E2E tests skipped. Set TEST_E2E=1 to run regular E2E tests or OPA_E2E=1 to run OPA tests")
 	}
-	// TODO : Make this configurable
+}
+
+func runOPATests(t *testing.T) {
+	runtimeExe := "nerdctl"
+	opt, _ := option.New([]string{runtimeExe, "-n", "finch"})
+
+	ginkgo.SynchronizedBeforeSuite(func() []byte {
+		tests.SetupLocalRegistry(opt)
+		return nil
+	}, func(bytes []byte) {})
+
+	ginkgo.SynchronizedAfterSuite(func() {
+		tests.CleanupLocalRegistry(opt)
+		// clean up everything after the local registry is cleaned up
+		command.RemoveAll(opt)
+	}, func() {})
+
+	const description = "Finch Daemon OPA E2E Tests"
+	ginkgo.Describe(description, func() {
+		tests.OpaMiddlewareTest(opt)
+		fmt.Print(opt)
+	})
+
+	gomega.RegisterFailHandler(ginkgo.Fail)
+	ginkgo.RunSpecs(t, description)
+}
+
+func runE2ETests(t *testing.T) {
 	runtimeExe := "nerdctl"
 	opt, _ := option.New([]string{runtimeExe, "-n", "finch"})
 

e2e/tests/opa_middleware.go

@@ -0,0 +1,91 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package tests
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"net/http"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	"github.com/runfinch/common-tests/command"
+	"github.com/runfinch/common-tests/option"
+
+	"github.com/runfinch/finch-daemon/api/types"
+	"github.com/runfinch/finch-daemon/e2e/client"
+)
+
+// OpaMiddlewareTest tests the OPA functionality.
+func OpaMiddlewareTest(opt *option.Option) {
+	Describe("test opa middleware functionality", func() {
+		var (
+			uClient           *http.Client
+			version           string
+			wantContainerName string
+			options           types.ContainerCreateRequest
+			createUrl         string
+		)
+		BeforeEach(func() {
+			// create a custom client to use http over unix sockets
+			uClient = client.NewClient(GetDockerHostUrl())
+			// get the docker api version that will be tested
+			version = GetDockerApiVersion()
+			wantContainerName = fmt.Sprintf("/%s", testContainerName)
+			// set default container options
+			options = types.ContainerCreateRequest{}
+			options.Image = defaultImage
+			createUrl = client.ConvertToFinchUrl(version, "/containers/create")
+		})
+		AfterEach(func() {
+			command.RemoveAll(opt)
+		})
+		It("should allow GET version API request", func() {
+			res, err := uClient.Get(client.ConvertToFinchUrl("", "/version"))
+			Expect(err).ShouldNot(HaveOccurred())
+			jd := json.NewDecoder(res.Body)
+			var v types.VersionInfo
+			err = jd.Decode(&v)
+			Expect(err).ShouldNot(HaveOccurred())
+			Expect(v.Version).ShouldNot(BeNil())
+			Expect(v.ApiVersion).Should(Equal("1.43"))
+			fmt.Println(version)
+		})
+
+		It("shold allow GET containers API request", func() {
+			id := command.StdoutStr(opt, "run", "-d", "--name", testContainerName, defaultImage, "sleep", "infinity")
+			want := []types.ContainerListItem{
+				{
+					Id:    id[:12],
+					Names: []string{wantContainerName},
+				},
+			}
+
+			res, err := uClient.Get(client.ConvertToFinchUrl(version, "/containers/json"))
+			Expect(err).Should(BeNil())
+			Expect(res.StatusCode).Should(Equal(http.StatusOK))
+			var got []types.ContainerListItem
+			err = json.NewDecoder(res.Body).Decode(&got)
+			Expect(err).Should(BeNil())
+			Expect(len(got)).Should(Equal(2))
+			got = filterContainerList(got)
+			Expect(got).Should(ContainElements(want))
+		})
+
+		It("shold disallow POST containers/create API request", func() {
+
+			options.Cmd = []string{"echo", "hello world"}
+
+			reqBody, err := json.Marshal(options)
+			Expect(err).Should(BeNil())
+
+			fmt.Println("createUrl = ", createUrl)
+			res, _ := uClient.Post(createUrl, "application/json", bytes.NewReader(reqBody))
+
+			Expect(res.StatusCode).Should(Equal(http.StatusForbidden))
+		})
+
+	})
+}