Optionally read cluster resources with dryrun CLI #388
Conversation
jan-law
force-pushed
the
dryrun-read
branch
14 times, most recently
from
41e7dea to
1d9a176
Compare
jan-law
changed the title
jan-law
changed the title
test/e2e/case46_dryrun_cli_test.go
Outdated
| } | ||
| }) | ||
|
|
||
| testScenarios := []struct { |
There was a problem hiding this comment.
I wanted to document which test folders I reused from test/dryrun/. Let me know if you have suggestions for a cleaner pattern to follow, especially when the test folders are nested e.g. no_name and no_name/with_object_selector
There was a problem hiding this comment.
I think this pattern looks good. The alternative would be to leverage //go:embed like the unit tests do, but I'm not sure there's an advantage either way.
My only thought is a musing whether the https://github.com/open-cluster-management-io/config-policy-controller/blob/main/test/dryrun/utils.go file could be leveraged to have shared code, but I'm not sure that's necessary since you have something working here.
test/e2e/case46_dryrun_cli_test.go
Outdated
| "kubernetes.io/metadata.name:", | ||
| } | ||
|
|
||
| var _ = Describe("Testing dryrun CLI", Ordered, func() { |
There was a problem hiding this comment.
Is the Ordered decorator necessary--are there collisions when run in parallel?
There was a problem hiding this comment.
Added a question below about handling namespace deletions. Will continue on the other conversation thread #388 (comment)
test/e2e/case46_dryrun_cli_test.go
Outdated
| } | ||
| }) | ||
|
|
||
| testScenarios := []struct { |
There was a problem hiding this comment.
I think this pattern looks good. The alternative would be to leverage //go:embed like the unit tests do, but I'm not sure there's an advantage either way.
My only thought is a musing whether the https://github.com/open-cluster-management-io/config-policy-controller/blob/main/test/dryrun/utils.go file could be leveraged to have shared code, but I'm not sure that's necessary since you have something working here.
ref: https://issues.redhat.com/browse/ACM-22932 No logic changed here. Refactor before adding a new dry run cli flag Signed-off-by: Janelle Law <[email protected]>
ref: https://issues.redhat.com/browse/ACM-22932 Instead of providing input yaml files to the dryrun command args, set the --from-cluster flag to read cluster resources via default kubeconfig. As before, the policies are patched with remediationAction: Inform, preventing modifications to the cluster. Signed-off-by: Janelle Law <[email protected]>
ref: https://issues.redhat.com/browse/ACM-22932 Tests the dryrun CLI can read resources from a cluster with --from-cluster flag. Reuses the dryrun unit test cases, applies the resources to the test kind cluster, then runs the e2e tests. Sometimes the policy diff from the cluster returns extra context lines surrounding the relevant +/- changes. When this diff does not match the expected output.txt from the unit tests, the e2e test will compare the output with the output_from_cluster.txt file. Assisted by Cursor. Signed-off-by: Janelle Law <[email protected]>
JustinKuli
left a comment
JustinKuli
left a comment
There was a problem hiding this comment.
I think this is looking good overall! I didn't take a super close look at the test setup (seems like Dale's been through it more carefully) but it looks right to me. Just letting Dale have final approval 😄
|
|
||
| runtimeClient, err := client.New(kubeConfig, client.Options{ | ||
| Scheme: scheme.Scheme, | ||
| DryRun: &readOnlyMode, |
There was a problem hiding this comment.
I didn't know about this option, awesome!
test/e2e/case46_dryrun_cli_test.go
Outdated
| } | ||
|
|
||
| By("Creating namespace from " + nsFilePath) | ||
| cmd := exec.Command("kubectl", "apply", "-f", nsFilePath, "--kubeconfig="+kubeconfig) |
There was a problem hiding this comment.
I think utils.Kubectl handles the kubeconfig and some of the output already, but I could be missing some other thing that needs to be specially handled in these tests?
(This isn't necessary to change if everything else in the PR is ready to go - it's just useful to know about)
There was a problem hiding this comment.
Some dryrun tests reuse the same namespace names. When I deleted and recreated namespaces in each DescribeTable entry, the previous namespace is still terminating when the next test starts, causing failures due to leftover pods. e.g. kind test failure missing_name
I originally used Ordered with AfterAll to delay all namespaces deletion until the end, but switched to Serial (the Ginkgo docs say AfterAll only works with Ordered). I wrapped namespace creation in Eventually with the g.Expect(err).ToNot(HaveOccurred() from this kubectl apply cmd, hoping it would retry until the previous delete completed, but namespaces never fully terminate before the next test starts.
Any ideas for handling namespaces in a Serial + DescribeTable setup without AfterAll or suite-level hooks?
There was a problem hiding this comment.
the previous namespace is still terminating when the next test starts
My only thought for this is to add --wait=true to the delete command, but it sounds like you had already tried that?
There was a problem hiding this comment.
These tests aren't modifying the objects, so I think having the namespace/objects created in the BeforeSuite() and cleaned up after wouldn't be bad.
That said, I wouldn't want to hold up the PR too long on this topic (sorry if I already did! 😬), so I think moving back to using Ordered for now is also fine for the sake of moving it forward.
There was a problem hiding this comment.
Oh, I tried adding --wait only on the namespace deletion and not the resource deletion! Adding the --wait to the resource deletion too
There was a problem hiding this comment.
Local test runs are passing. Same with the last two CI runs
Tests dryrun scenarios in any order. Refactored namespace creation/deletion before and after each test Entry in DescribeTable. Eventually() will retry the dryrun command to wait for any duplicate resources pending deletion from previous test cases. ref: https://issues.redhat.com/browse/ACM-22932 Assisted by Cursor. Signed-off-by: Janelle Law <[email protected]>
JustinKuli
left a comment
JustinKuli
left a comment
There was a problem hiding this comment.
/hold
LGTM! Holding in case Dale had any requested changes I missed, but @jan-law, you should be able to un-hold it if you're happy with the way it looks!
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jan-law, JustinKuli The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/unhold |
openshift-merge-bot
bot
merged commit d2c11fc
into
open-cluster-management-io:main
3 participants
Instead of providing input yaml files to the dryrun command args, set the
--from-clusterflag orDRYRUN_FROM_CLUSTERto read cluster resources via default kubeconfig.Input file args or API mapping file representing cluster resources will be ignored.
As before, the policies are patched with
remediationAction: Inform, preventing modifications to the cluster.ref: https://issues.redhat.com/browse/ACM-22932