Merge pull request #370 from snyk/chore/e2e-operator

chore/e2e operator

Author: ivanstanev

.circleci/config.yml

@@ -11,6 +11,11 @@ default_container_config: &default_container_config
     - image: circleci/node:10
   working_directory: ~/kubernetes-monitor
 
+python_container_config: &python_container_config
+  docker:
+    - image: circleci/python:3
+  working_directory: ~/kubernetes-monitor
+
 staging_branch_only_filter: &staging_branch_only_filter
   filters:
     branches:
@@ -164,9 +169,17 @@ jobs:
           command: |
             export IMAGE_TAG=$([[ "$CIRCLE_BRANCH" == "staging" ]] && echo "staging-candidate" || echo "discardable")
             export SNYK_MONITOR_IMAGE_TAG="${IMAGE_TAG}-${CIRCLE_SHA1}"
-            export SNYK_OPERATOR_VERSION="0.0.1"
+            export SNYK_OPERATOR_VERSION="0.0.1-${CIRCLE_SHA1}"
             export SNYK_OPERATOR_IMAGE_TAG="${SNYK_MONITOR_IMAGE_TAG}"
             ./scripts/package-operator.sh "${SNYK_OPERATOR_VERSION}" "${SNYK_OPERATOR_IMAGE_TAG}" "${SNYK_MONITOR_IMAGE_TAG}"
+      - run:
+          name: Remove templated Operator before persisting to workspace
+          command: |
+            rm -rf snyk-operator/deploy/olm-catalog/snyk-operator/0.0.0
+      - persist_to_workspace:
+          root: snyk-operator
+          paths:
+            - deploy/olm-catalog/snyk-operator
       - run:
           name: Notify Slack on failure
           command: |
@@ -177,6 +190,24 @@ jobs:
             fi
           when: on_fail
 
+  upload_operator:
+    <<: *python_container_config
+    steps:
+      - attach_workspace:
+          at: snyk-operator
+      - run:
+          name: Install operator-courier
+          command: pip3 install operator-courier
+      - run:
+          name: Upload Operator to Quay
+          command: |
+            export QUAY_TOKEN=$(curl -H "Content-Type: application/json" -XPOST https://quay.io/cnr/api/v1/users/login -d "{\"user\": {\"username\": \"${QUAY_USERNAME}\", \"password\": \"${QUAY_PASSWORD}\"}}" | jq -r .token)
+            export OPERATOR_DIR=./snyk-operator/deploy/olm-catalog/snyk-operator/
+            export QUAY_NAMESPACE=snyk-runtime
+            export PACKAGE_NAME=snyk-operator
+            export PACKAGE_VERSION="0.0.1-${CIRCLE_SHA1}"
+            operator-courier push "${OPERATOR_DIR}" "${QUAY_NAMESPACE}" "${PACKAGE_NAME}" "${PACKAGE_VERSION}" "${QUAY_TOKEN}"
+
   unit_tests:
     <<: *default_machine_config
     steps:
@@ -308,7 +339,7 @@ jobs:
             export IMAGE_TAG=$([[ "$CIRCLE_BRANCH" == "staging" ]] && echo "staging-candidate" || echo "discardable") &&
             export KUBERNETES_MONITOR_IMAGE_NAME_AND_TAG=snyk/kubernetes-monitor:${IMAGE_TAG}-${CIRCLE_SHA1} &&
             docker pull ${KUBERNETES_MONITOR_IMAGE_NAME_AND_TAG} &&
-            .circleci/do-exclusively --branch staging --job ${CIRCLE_JOB} npm run test:integration:openshift4
+            .circleci/do-exclusively --branch chore/e2e-operator --job ${CIRCLE_JOB} npm run test:integration:openshift4
       - run:
           name: Notify Slack on failure
           command: |
@@ -440,6 +471,37 @@ jobs:
 
 workflows:
   version: 2
+  # TODO: REMOVE THIS, ONLY TESTING :)
+  TEST:
+    jobs:
+      - build_image:
+          filters:
+            branches:
+              only:
+                - chore/e2e-operator
+      - build_operator:
+          filters:
+            branches:
+              only:
+                - chore/e2e-operator
+      - upload_operator:
+          filters:
+            branches:
+              only:
+                - chore/e2e-operator
+          requires:
+            - build_image
+            - build_operator
+      - openshift4_integration_tests:
+          filters:
+            branches:
+              only:
+                - chore/e2e-operator
+          requires:
+            - build_image
+            - build_operator
+            - upload_operator
+
   PR_TO_STAGING:
     jobs:
       - build_image:
@@ -473,6 +535,10 @@ workflows:
           <<: *staging_branch_only_filter
       - build_operator:
           <<: *staging_branch_only_filter
+      - upload_operator:
+          requires:
+            - build_operator
+          <<: *staging_branch_only_filter
       - unit_tests:
           <<: *staging_branch_only_filter
       - system_tests:
@@ -488,6 +554,8 @@ workflows:
       - openshift4_integration_tests:
           requires:
             - build_image
+            - build_operator
+            - upload_operator
           <<: *staging_branch_only_filter
       - package_manager_test_apk:
           requires:

package.json

@@ -7,15 +7,15 @@
     "test": "npm run lint && npm run build && npm run test:unit && npm run test:integration",
     "test:unit": "NODE_ENV=test tap test/unit",
     "test:system": "tap test/system --timeout=600",
-    "test:integration": "TEST_PLATFORM=kind CREATE_CLUSTER=true tap test/integration/kubernetes.test.ts --timeout=900",
-    "test:integration:kind": "TEST_PLATFORM=kind CREATE_CLUSTER=true tap test/integration/kubernetes.test.ts --timeout=900",
-    "test:integration:eks": "TEST_PLATFORM=eks CREATE_CLUSTER=false tap test/integration/kubernetes.test.ts --timeout=900",
-    "test:integration:openshift4": "TEST_PLATFORM=openshift4 CREATE_CLUSTER=false tap test/integration/kubernetes.test.ts --timeout=900",
+    "test:integration": "DEPLOYMENT_TYPE=YAML TEST_PLATFORM=kind CREATE_CLUSTER=true tap test/integration/kubernetes.test.ts --timeout=900",
+    "test:integration:kind": "DEPLOYMENT_TYPE=YAML TEST_PLATFORM=kind CREATE_CLUSTER=true tap test/integration/kubernetes.test.ts --timeout=900",
+    "test:integration:eks": "DEPLOYMENT_TYPE=YAML TEST_PLATFORM=eks CREATE_CLUSTER=false tap test/integration/kubernetes.test.ts --timeout=900",
+    "test:integration:openshift4": "DEPLOYMENT_TYPE=Operator TEST_PLATFORM=openshift4 CREATE_CLUSTER=false tap test/integration/kubernetes.test.ts --timeout=900",
     "test:coverage": "npm run test:unit -- --coverage",
     "test:watch": "tsc-watch --onSuccess 'npm run test:unit'",
-    "test:apk": "TEST_PLATFORM=kind CREATE_CLUSTER=true PACKAGE_MANAGER=apk tap test/integration/package-manager.test.ts --timeout=900",
-    "test:apt": "TEST_PLATFORM=kind CREATE_CLUSTER=true PACKAGE_MANAGER=apt tap test/integration/package-manager.test.ts --timeout=900",
-    "test:rpm": "TEST_PLATFORM=kind CREATE_CLUSTER=true PACKAGE_MANAGER=rpm tap test/integration/package-manager.test.ts --timeout=900",
+    "test:apk": "DEPLOYMENT_TYPE=YAML TEST_PLATFORM=kind CREATE_CLUSTER=true PACKAGE_MANAGER=apk tap test/integration/package-manager.test.ts --timeout=900",
+    "test:apt": "DEPLOYMENT_TYPE=YAML TEST_PLATFORM=kind CREATE_CLUSTER=true PACKAGE_MANAGER=apt tap test/integration/package-manager.test.ts --timeout=900",
+    "test:rpm": "DEPLOYMENT_TYPE=YAML TEST_PLATFORM=kind CREATE_CLUSTER=true PACKAGE_MANAGER=rpm tap test/integration/package-manager.test.ts --timeout=900",
     "start": "bin/start",
     "prepare": "npm run build",
     "build": "tsc",

test/README.md

@@ -43,6 +43,9 @@ Our integration tests may use different Kubernetes platforms to host the Kuberne
 * `TEST_PLATFORM` (`kind`, `eks`)
 * `CREATE_CLUSTER` (`true`, `false`).
 
+Additionally, the deployment of the Kubernetes-Monitor can be configured through an environment variable:
+* `DEPLOYMENT_TYPE` (`YAML`, `Operator`)
+
 All integration tests determine the image to be tested based on the environment variable called `KUBERNETES_MONITOR_IMAGE_NAME_AND_TAG`, and fallback to `snyk/kubernetes-monitor:local`, meaning one has to make sure the image desired to be tested is properly named and tagged.
 
 ### KinD ###

test/fixtures/operator/custom-resource.yaml

@@ -0,0 +1,7 @@
+apiVersion: charts.helm.k8s.io/v1alpha1
+kind: SnykMonitor
+metadata:
+  name: snyk-monitor
+  namespace: snyk-monitor
+spec:
+  integrationApi: https://kubernetes-upstream.dev.snyk.io

test/fixtures/operator/installation.yaml

@@ -0,0 +1,19 @@
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: snyk-operator
+  namespace: snyk-monitor
+spec:
+  targetNamespaces:
+  - snyk-monitor
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: snyk-operator
+  namespace: snyk-monitor
+spec:
+  channel: stable
+  name: snyk-operator
+  source: snyk-operator
+  sourceNamespace: openshift-marketplace

test/fixtures/operator/operator-source.yaml

@@ -0,0 +1,11 @@
+apiVersion: operators.coreos.com/v1
+kind: OperatorSource
+metadata:
+  name: snyk-operator
+  namespace: openshift-marketplace
+spec:
+  type: appregistry
+  endpoint: https://quay.io/cnr
+  registryNamespace: snyk-runtime
+  displayName: "Snyk Operator"
+  publisher: "Snyk Ltd."

test/helpers/kubectl.ts

@@ -67,6 +67,18 @@ export async function createDeploymentFromImage(name: string, image: string, nam
   console.log(`Done Letting Kubernetes decide how to manage image ${image} with name ${name}`);
 }
 
+export async function patchResourceFinalizers(kind: string, name: string, namespace: string) {
+  console.log(`Patching resource finalizers for ${kind} ${name} in namespace ${namespace}...`);
+  await exec(`./kubectl patch ${kind} ${name} -p '{"metadata":{"finalizers":[]}}' --type=merge -n ${namespace}`);
+  console.log(`Patched resources finalizers for ${kind} ${name}`);
+}
+
+export async function deleteResource(kind: string, name: string, namespace: string) {
+  console.log(`Deleting ${kind} ${name} in namespace ${namespace}...`);
+  await exec(`./kubectl delete ${kind} ${name} -n ${namespace}`);
+  console.log(`Deleted ${kind} ${name}`);
+}
+
 export async function deleteDeployment(deploymentName: string, namespace: string) {
   console.log(`Deleting deployment ${deploymentName} in namespace ${namespace}...`);
   await exec(`./kubectl delete deployment ${deploymentName} -n ${namespace}`);
@@ -96,6 +108,22 @@ export async function getPodLogs(podName: string, namespace: string): Promise<an
   return logsOutput.stdout;
 }
 
+export async function waitForDeployment(name: string, namespace: string): Promise<void> {
+  console.log(`Trying to find deployment ${name} in namespace ${namespace}`);
+  for (let attempt = 0; attempt < 60; attempt++) {
+    try {
+      await exec(`./kubectl get deployment.apps/${name} -n ${namespace}`);
+    } catch (error) {
+      await sleep(1000);
+    }
+  }
+  console.log(`Found deployment ${name} in namespace ${namespace}`);
+
+  console.log(`Begin waiting for deployment ${name} in namespace ${namespace}`);
+  await exec(`./kubectl wait --for=condition=available deployment.apps/${name} -n ${namespace} --timeout=60s`);
+  console.log(`Deployment ${name} in namespace ${namespace} is available`);
+}
+
 export async function waitForServiceAccount(name: string, namespace: string): Promise<void> {
   // TODO: add some timeout
   while (true) {

test/setup/deployers/index.ts

@@ -1,6 +1,7 @@
-import { DeploymentType } from './types';
 import { yamlDeployer } from './yaml';
+import { operatorDeployer } from './operator';
 
 export default {
-  [DeploymentType.YAML]: yamlDeployer,
+  YAML: yamlDeployer,
+  Operator: operatorDeployer,
 };

test/setup/deployers/operator.ts

@@ -0,0 +1,33 @@
+import { IDeployer } from './types';
+import * as kubectl from '../../helpers/kubectl';
+
+export const operatorDeployer: IDeployer = {
+  deploy: deployKubernetesMonitor,
+};
+
+async function deployKubernetesMonitor(
+  integrationId: string,
+  _imageOpts: {
+    imageNameAndTag: string;
+    imagePullPolicy: string;
+  },
+): Promise<void> {
+  const namespace = 'snyk-monitor';
+  await kubectl.createNamespace(namespace);
+
+  const secretName = 'snyk-monitor';
+  const gcrDockercfg = process.env['GCR_IO_DOCKERCFG'] || '{}';
+  await kubectl.createSecret(secretName, namespace, {
+    'dockercfg.json': gcrDockercfg,
+    integrationId,
+  });
+
+  await kubectl.applyK8sYaml('./test/fixtures/operator/operator-source.yaml');
+  await kubectl.applyK8sYaml('./test/fixtures/operator/installation.yaml');
+
+  // Await for the Operator to become available, only then
+  // the Operator can start processing the custom resource.
+  await kubectl.waitForDeployment('snyk-operator', 'snyk-monitor');
+
+  await kubectl.applyK8sYaml('./test/fixtures/operator/custom-resource.yaml');
+}

test/setup/deployers/types.ts

@@ -1,9 +1,3 @@
-export enum DeploymentType {
-  YAML,
-  Helm,
-  Operator,
-}
-
 export interface IDeployer {
   deploy: (
     integrationId: string,