Skip to content

Commit 1abf3da

Browse files
author
Rahul Sharma
committed
add fw test, add script and run 2 tests in parallel
1 parent 2bb0985 commit 1abf3da

File tree

18 files changed

+225
-243
lines changed

18 files changed

+225
-243
lines changed

Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -193,7 +193,7 @@ e2e-test:
193193
KUBECONFIG=$(KUBECONFIG_PATH) \
194194
REGION=$(LINODE_REGION) \
195195
LINODE_TOKEN=$(LINODE_TOKEN) \
196-
chainsaw test e2e/test
196+
chainsaw test e2e/test --parallel 2
197197

198198
#####################################################################
199199
# OS / ARCH

e2e/test/fw-use-specified-nb/chainsaw-test.yaml

Lines changed: 123 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,123 @@
1+
# yaml-language-server: $schema=https://raw.githubusercontent.com/kyverno/chainsaw/main/.schemas/json/test-chainsaw-v1alpha1.json
2+
apiVersion: chainsaw.kyverno.io/v1alpha1
3+
kind: Test
4+
metadata:
5+
name: fw-use-specified-nb
6+
spec:
7+
bindings:
8+
- name: fwname
9+
value: (join('-', ['ccm-fwtest', env('CLUSTER_NAME')]))
10+
namespace: "fw-use-specified-nb"
11+
steps:
12+
- name: Check if CCM is deployed
13+
try:
14+
- assert:
15+
file: ../assert-ccm-resources.yaml
16+
- name: Create firewall, Create pods and services
17+
try:
18+
- script:
19+
env:
20+
- name: FWLABEL
21+
value: ($fwname)
22+
content: |
23+
set -e
24+
25+
create_fw=$(curl -s --write-out "%{http_code}\n" --output /dev/null --request POST \
26+
-H "Authorization: Bearer $LINODE_TOKEN" \
27+
-H "Content-Type: application/json" \
28+
-H "accept: application/json" \
29+
"https://api.linode.com/v4/networking/firewalls" \
30+
--data "
31+
{
32+
\"label\": \"$FWLABEL\",
33+
\"rules\": {
34+
\"inbound\": [{
35+
\"action\": \"ACCEPT\",
36+
\"label\": \"inbound-rule123\",
37+
\"description\": \"inbound rule123\",
38+
\"ports\": \"4321\",
39+
\"protocol\": \"TCP\",
40+
\"addresses\": {
41+
\"ipv4\": [\"0.0.0.0/0\"]
42+
}
43+
}],
44+
\"inbound_policy\": \"ACCEPT\",
45+
\"outbound_policy\": \"ACCEPT\"
46+
}
47+
}
48+
"
49+
)
50+
51+
if [[ $create_fw == "200" ]]; then
52+
echo "fw created"
53+
fi
54+
check:
55+
($error == null): true
56+
(contains($stdout, 'fw created')): true
57+
- apply:
58+
file: create-pods-services.yaml
59+
catch:
60+
- describe:
61+
apiVersion: v1
62+
kind: Pod
63+
- describe:
64+
apiVersion: v1
65+
kind: Service
66+
- name: Check that loadbalancer ip is assigned
67+
try:
68+
- assert:
69+
resource:
70+
apiVersion: v1
71+
kind: Service
72+
metadata:
73+
name: svc-test
74+
status:
75+
(loadBalancer.ingress[0].ip != null): true
76+
- name: Annotate service with nodebalancer id
77+
try:
78+
- script:
79+
env:
80+
- name: FWLABEL
81+
value: ($fwname)
82+
content: |
83+
set -e
84+
re='^[0-9]+$'
85+
86+
fwid=$(curl -s \
87+
-H "Authorization: Bearer $LINODE_TOKEN" \
88+
-H "Content-Type: application/json" \
89+
-H "X-Filter: {\"label\": \"$FWLABEL\"}" \
90+
"https://api.linode.com/v4/networking/firewalls" | jq .data[].id)
91+
92+
if ! [[ $fwid =~ $re ]]; then
93+
echo "Firewall id [$fwid] is incorrect, failed to fetch firewall"
94+
exit 1
95+
fi
96+
97+
kubectl annotate svc svc-test -n $NAMESPACE service.beta.kubernetes.io/linode-loadbalancer-firewall-id=$fwid
98+
sleep 5
99+
100+
for i in {1..10}; do
101+
nbid=$(KUBECONFIG=$KUBECONFIG NAMESPACE=$NAMESPACE LINODE_TOKEN=$LINODE_TOKEN ../scripts/get-nb-id.sh)
102+
103+
fwconfig=$(curl -s \
104+
-H "Authorization: Bearer $LINODE_TOKEN" \
105+
-H "Content-Type: application/json" \
106+
"https://api.linode.com/v4/networking/firewalls/$fwid")
107+
108+
fw_attached_to_nb=$(echo $fwconfig | jq ".entities[] | select(.id == $nbid) | .id == $nbid")
109+
110+
if [[ $fw_attached_to_nb == "true" ]]; then
111+
echo "Conditions met"
112+
break
113+
fi
114+
115+
sleep 10
116+
done
117+
118+
curl -s -X DELETE \
119+
-H "Authorization: Bearer $LINODE_TOKEN" \
120+
-H "Content-Type: application/json" \
121+
"https://api.linode.com/v4/networking/firewalls/$fwid"
122+
check:
123+
(contains($stdout, 'Conditions met')): true

e2e/test/fw-use-specified-nb/create-pods-services.yaml

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
---
2+
apiVersion: apps/v1
3+
kind: Deployment
4+
metadata:
5+
labels:
6+
app: fw-use-specified-nb
7+
name: test
8+
spec:
9+
replicas: 1
10+
selector:
11+
matchLabels:
12+
app: fw-use-specified-nb
13+
template:
14+
metadata:
15+
labels:
16+
app: fw-use-specified-nb
17+
spec:
18+
containers:
19+
- image: appscode/test-server:2.3
20+
name: test
21+
ports:
22+
- name: http-1
23+
containerPort: 8080
24+
protocol: TCP
25+
env:
26+
- name: POD_NAME
27+
valueFrom:
28+
fieldRef:
29+
apiVersion: v1
30+
fieldPath: metadata.name
31+
---
32+
apiVersion: v1
33+
kind: Service
34+
metadata:
35+
annotations:
36+
name: svc-test
37+
labels:
38+
app: fw-use-specified-nb
39+
spec:
40+
type: LoadBalancer
41+
selector:
42+
app: fw-use-specified-nb
43+
ports:
44+
- name: http-1
45+
protocol: TCP
46+
port: 80
47+
targetPort: 8080
48+
sessionAffinity: None

e2e/test/lb-created-with-new-nb-id/chainsaw-test.yaml

Lines changed: 2 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -62,21 +62,8 @@ spec:
6262
content: |
6363
set -e
6464
65-
re='^[0-9]+$'
66-
6765
expectedId=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .metadata.annotations[])
68-
hostname=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .status.loadBalancer.ingress[0].hostname)
69-
ip=$(echo $hostname | awk -F'.' '{gsub("-", ".", $1); print $1}')
70-
nbid=$(curl -s \
71-
-H "Authorization: Bearer $LINODE_TOKEN" \
72-
-H "Content-Type: application/json" \
73-
-H "X-Filter: {\"ipv4\": \"$ip\"}" \
74-
"https://api.linode.com/v4/nodebalancers" | jq .data[].id)
75-
76-
if ! [[ $nbid =~ $re ]]; then
77-
echo "Nodebalancer id [$nbid] is incorrect"
78-
exit 1
79-
fi
66+
nbid=$(KUBECONFIG=$KUBECONFIG NAMESPACE=$NAMESPACE LINODE_TOKEN=$LINODE_TOKEN ../scripts/get-nb-id.sh)
8067
8168
if [[ $nbid == $expectedId ]]; then
8269
echo "Condition met"
@@ -110,18 +97,7 @@ spec:
11097
kubectl annotate --overwrite svc svc-test -n $NAMESPACE service.beta.kubernetes.io/linode-loadbalancer-nodebalancer-id=$nbid
11198
11299
for i in {1..10}; do
113-
hostname=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .status.loadBalancer.ingress[0].hostname)
114-
ip=$(echo $hostname | awk -F'.' '{gsub("-", ".", $1); print $1}')
115-
nbid2=$(curl -s \
116-
-H "Authorization: Bearer $LINODE_TOKEN" \
117-
-H "Content-Type: application/json" \
118-
-H "X-Filter: {\"ipv4\": \"$ip\"}" \
119-
"https://api.linode.com/v4/nodebalancers" | jq .data[].id)
120-
121-
if ! [[ $nbid2 =~ $re ]]; then
122-
echo "Nodebalancer id [$nbid2] is incorrect, failed to fetch nodebalancer"
123-
exit 1
124-
fi
100+
nbid2=$(KUBECONFIG=$KUBECONFIG NAMESPACE=$NAMESPACE LINODE_TOKEN=$LINODE_TOKEN ../scripts/get-nb-id.sh)
125101
126102
if [[ $nbid == $nbid2 ]]; then
127103
echo "Condition met"

e2e/test/lb-created-with-specified-nb-id/chainsaw-test.yaml

Lines changed: 1 addition & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -62,21 +62,8 @@ spec:
6262
content: |
6363
set -e
6464
65-
re='^[0-9]+$'
66-
6765
expectedId=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .metadata.annotations[])
68-
hostname=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .status.loadBalancer.ingress[0].hostname)
69-
ip=$(echo $hostname | awk -F'.' '{gsub("-", ".", $1); print $1}')
70-
nbid=$(curl -s \
71-
-H "Authorization: Bearer $LINODE_TOKEN" \
72-
-H "Content-Type: application/json" \
73-
-H "X-Filter: {\"ipv4\": \"$ip\"}" \
74-
"https://api.linode.com/v4/nodebalancers" | jq .data[].id)
75-
76-
if ! [[ $nbid =~ $re ]]; then
77-
echo "Nodebalancer id [$nbid] is incorrect"
78-
exit 1
79-
fi
66+
nbid=$(KUBECONFIG=$KUBECONFIG NAMESPACE=$NAMESPACE LINODE_TOKEN=$LINODE_TOKEN ../scripts/get-nb-id.sh)
8067
8168
if [[ $nbid == $expectedId ]]; then
8269
echo "Condition met"

e2e/test/lb-delete-svc-no-nb/chainsaw-test.yaml

Lines changed: 2 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -62,21 +62,8 @@ spec:
6262
content: |
6363
set -e
6464
65-
re='^[0-9]+$'
66-
6765
expectedId=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .metadata.annotations[])
68-
hostname=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .status.loadBalancer.ingress[0].hostname)
69-
ip=$(echo $hostname | awk -F'.' '{gsub("-", ".", $1); print $1}')
70-
nbid=$(curl -s \
71-
-H "Authorization: Bearer $LINODE_TOKEN" \
72-
-H "Content-Type: application/json" \
73-
-H "X-Filter: {\"ipv4\": \"$ip\"}" \
74-
"https://api.linode.com/v4/nodebalancers" | jq .data[].id)
75-
76-
if ! [[ $nbid =~ $re ]]; then
77-
echo "Nodebalancer id [$nbid] is incorrect"
78-
exit 1
79-
fi
66+
nbid=$(KUBECONFIG=$KUBECONFIG NAMESPACE=$NAMESPACE LINODE_TOKEN=$LINODE_TOKEN ../scripts/get-nb-id.sh)
8067
8168
if [[ $nbid == $expectedId ]]; then
8269
echo "Condition met"
@@ -119,7 +106,7 @@ spec:
119106
fi
120107
121108
# Delete service and make sure its deleted
122-
kubectl delete svc svc-test -n $NAMESPACE --timeout=60s
109+
kubectl --timeout=60s delete svc svc-test -n $NAMESPACE
123110
124111
for i in {1..10}; do
125112
if kubectl get svc svc-test -n $NAMESPACE > /dev/null 2>&1; then

e2e/test/lb-delete-svc-use-new-nbid/chainsaw-test.yaml

Lines changed: 2 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -62,21 +62,8 @@ spec:
6262
content: |
6363
set -e
6464
65-
re='^[0-9]+$'
66-
6765
expectedId=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .metadata.annotations[])
68-
hostname=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .status.loadBalancer.ingress[0].hostname)
69-
ip=$(echo $hostname | awk -F'.' '{gsub("-", ".", $1); print $1}')
70-
nbid=$(curl -s \
71-
-H "Authorization: Bearer $LINODE_TOKEN" \
72-
-H "Content-Type: application/json" \
73-
-H "X-Filter: {\"ipv4\": \"$ip\"}" \
74-
"https://api.linode.com/v4/nodebalancers" | jq .data[].id)
75-
76-
if ! [[ $nbid =~ $re ]]; then
77-
echo "Nodebalancer id [$nbid] is incorrect"
78-
exit 1
79-
fi
66+
nbid=$(KUBECONFIG=$KUBECONFIG NAMESPACE=$NAMESPACE LINODE_TOKEN=$LINODE_TOKEN ../scripts/get-nb-id.sh)
8067
8168
if [[ $nbid == $expectedId ]]; then
8269
echo "Condition met"
@@ -110,18 +97,7 @@ spec:
11097
kubectl annotate --overwrite svc svc-test -n $NAMESPACE service.beta.kubernetes.io/linode-loadbalancer-nodebalancer-id=$nbid
11198
11299
for i in {1..10}; do
113-
hostname=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .status.loadBalancer.ingress[0].hostname)
114-
ip=$(echo $hostname | awk -F'.' '{gsub("-", ".", $1); print $1}')
115-
nbid2=$(curl -s \
116-
-H "Authorization: Bearer $LINODE_TOKEN" \
117-
-H "Content-Type: application/json" \
118-
-H "X-Filter: {\"ipv4\": \"$ip\"}" \
119-
"https://api.linode.com/v4/nodebalancers" | jq .data[].id)
120-
121-
if ! [[ $nbid2 =~ $re ]]; then
122-
echo "Nodebalancer id [$nbid2] is incorrect, failed to fetch nodebalancer"
123-
exit 1
124-
fi
100+
nbid2=$(KUBECONFIG=$KUBECONFIG NAMESPACE=$NAMESPACE LINODE_TOKEN=$LINODE_TOKEN ../scripts/get-nb-id.sh)
125101
126102
if [[ $nbid == $nbid2 ]]; then
127103
echo "Condition met"

e2e/test/lb-delete-svc-use-specified-nb/chainsaw-test.yaml

Lines changed: 1 addition & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -62,21 +62,8 @@ spec:
6262
content: |
6363
set -e
6464
65-
re='^[0-9]+$'
66-
6765
expectedId=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .metadata.annotations[])
68-
hostname=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .status.loadBalancer.ingress[0].hostname)
69-
ip=$(echo $hostname | awk -F'.' '{gsub("-", ".", $1); print $1}')
70-
nbid=$(curl -s \
71-
-H "Authorization: Bearer $LINODE_TOKEN" \
72-
-H "Content-Type: application/json" \
73-
-H "X-Filter: {\"ipv4\": \"$ip\"}" \
74-
"https://api.linode.com/v4/nodebalancers" | jq .data[].id)
75-
76-
if ! [[ $nbid =~ $re ]]; then
77-
echo "Nodebalancer id [$nbid] is incorrect"
78-
exit 1
79-
fi
66+
nbid=$(KUBECONFIG=$KUBECONFIG NAMESPACE=$NAMESPACE LINODE_TOKEN=$LINODE_TOKEN ../scripts/get-nb-id.sh)
8067
8168
if [[ $nbid == $expectedId ]]; then
8269
echo "Condition met"

e2e/test/lb-http-body-health-check/chainsaw-test.yaml

Lines changed: 1 addition & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -37,20 +37,7 @@ spec:
3737
content: |
3838
set -e
3939
40-
re='^[0-9]+$'
41-
42-
hostname=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .status.loadBalancer.ingress[0].hostname)
43-
ip=$(echo $hostname | awk -F'.' '{gsub("-", ".", $1); print $1}')
44-
nbid=$(curl -s \
45-
-H "Authorization: Bearer $LINODE_TOKEN" \
46-
-H "Content-Type: application/json" \
47-
-H "X-Filter: {\"ipv4\": \"$ip\"}" \
48-
"https://api.linode.com/v4/nodebalancers" | jq .data[].id)
49-
50-
if ! [[ $nbid =~ $re ]]; then
51-
echo "Nodebalancer id [$nbid] is incorrect, doesn't meet regex requirements"
52-
exit 1
53-
fi
40+
nbid=$(KUBECONFIG=$KUBECONFIG NAMESPACE=$NAMESPACE LINODE_TOKEN=$LINODE_TOKEN ../scripts/get-nb-id.sh)
5441
5542
for i in {1..10}; do
5643
nbconfig=$(curl -s \

e2e/test/lb-http-status-health-check/chainsaw-test.yaml

Lines changed: 1 addition & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -37,20 +37,7 @@ spec:
3737
content: |
3838
set -e
3939
40-
re='^[0-9]+$'
41-
42-
hostname=$(kubectl get svc svc-test -n $NAMESPACE -o json | jq -r .status.loadBalancer.ingress[0].hostname)
43-
ip=$(echo $hostname | awk -F'.' '{gsub("-", ".", $1); print $1}')
44-
nbid=$(curl -s \
45-
-H "Authorization: Bearer $LINODE_TOKEN" \
46-
-H "Content-Type: application/json" \
47-
-H "X-Filter: {\"ipv4\": \"$ip\"}" \
48-
"https://api.linode.com/v4/nodebalancers" | jq .data[].id)
49-
50-
if ! [[ $nbid =~ $re ]]; then
51-
echo "Nodebalancer id [$nbid] is incorrect, doesn't meet regex requirements"
52-
exit 1
53-
fi
40+
nbid=$(KUBECONFIG=$KUBECONFIG NAMESPACE=$NAMESPACE LINODE_TOKEN=$LINODE_TOKEN ../scripts/get-nb-id.sh)
5441
5542
for i in {1..10}; do
5643
nbconfig=$(curl -s \

0 commit comments

Comments
 (0)