Merge pull request #315 from snyk/fix/revert-os-changes

fix: Revert "Merge pull request #310 from snyk/feat/include_openshift support"

Author: ivanstanev

.circleci/config.yml

@@ -222,32 +222,6 @@ jobs:
             fi
           when: on_fail
 
-  openshift4_integration_tests:
-    <<: *default_machine_config
-    steps:
-      - checkout
-      - run:
-          name: INTEGRATION TESTS OpenShift 4
-          command: |
-            export NVM_DIR="/opt/circleci/.nvm" &&
-            [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" &&
-            nvm install v10 &&
-            npm install &&
-            docker login --username ${DOCKERHUB_USER} --password ${DOCKERHUB_PASSWORD} &&
-            export IMAGE_TAG=$([[ "$CIRCLE_BRANCH" == "staging" ]] && echo "staging-candidate" || echo "discardable") &&
-            export KUBERNETES_MONITOR_IMAGE_NAME_AND_TAG=snyk/kubernetes-monitor:${IMAGE_TAG}-${CIRCLE_SHA1} &&
-            docker pull ${KUBERNETES_MONITOR_IMAGE_NAME_AND_TAG} &&
-            .circleci/do-exclusively --branch staging npm run test:integration:openshift4
-      - run:
-          name: Notify Slack on failure
-          command: |
-            if [[ "$CIRCLE_BRANCH" == "staging" ]]; then
-              ./scripts/slack-notify-failure.sh "staging-openshift4-integration-tests-${CIRCLE_SHA1}"
-            else
-              echo "Current branch is $CIRCLE_BRANCH so skipping notifying Slack"
-            fi
-          when: on_fail
-
 ######################## MERGE TO STAGING ########################
   tag_and_push:
     <<: *default_container_config
@@ -376,10 +350,6 @@ workflows:
           requires:
             - build_image
           <<: *staging_branch_only_filter
-      - openshift4_integration_tests:
-          requires:
-            - build_image
-          <<: *staging_branch_only_filter
       - package_manager_test_apk:
           requires:
             - build_image

package.json

@@ -10,7 +10,6 @@
     "test:integration": "TEST_PLATFORM=kind CREATE_CLUSTER=true tap test/integration/kubernetes.test.ts --timeout=1200",
     "test:integration:kind": "TEST_PLATFORM=kind CREATE_CLUSTER=true tap test/integration/kubernetes.test.ts --timeout=1200",
     "test:integration:eks": "TEST_PLATFORM=eks CREATE_CLUSTER=false tap test/integration/kubernetes.test.ts --timeout=1200",
-    "test:integration:openshift4": "TEST_PLATFORM=openshift4 CREATE_CLUSTER=false tap test/integration/kubernetes.test.ts --timeout=1200",
     "test:coverage": "npm run test:unit -- --coverage",
     "test:watch": "tsc-watch --onSuccess 'npm run test:unit'",
     "test:apk": "TEST_PLATFORM=kind CREATE_CLUSTER=true PACKAGE_MANAGER=apk tap test/integration/package-manager.test.ts --timeout=7200",

snyk-monitor-deployment.yaml

@@ -56,8 +56,6 @@ spec:
                 optional: true
           - name: SNYK_MONITOR_VERSION
             value: IMAGE_TAG_OVERRIDE_WHEN_PUBLISHING
-          - name: HOME
-            value: /srv/app
         resources:
           requests:
             cpu: '250m'

src/common/process.ts

@@ -16,7 +16,6 @@ export function exec(bin: string, ...processArgs: IProcessArgument[]):
   // For example, that process doesn't need to know secrets like our integrationId!
   const env = {
     PATH: process.env.PATH,
-    HOME: process.env.HOME,
   };
 
   const allArguments = processArgs.map((arg) => arg.body);

test/README.md

@@ -69,17 +69,6 @@ This test runs whenever we commit to our `staging` branch, and at the moment may
 
 Run with `npm run test:integration:eks`.
 
-### OpenShift 4 ###
-
-OpenShift 4 is Red Hat platform and helps us ensure we support not only the generic Kubernetes API, but also specifically OpenShift 4.
-
-This test uses an existing Google Cloud Platform (GCP) account with an existing OpenShift 4 cluster, and as such has a few more prerequisites:
-- OpenShift 4 environment variables: `OPEN_SHIFT_4_USER_PASSWORD` and `OPEN_SHIFT_4_CLUSTER_URL` are used to authenticate against the OpenShift 4 cluster in GCP account.
-
-This test runs whenever we commit to our `staging` branch, and at the moment may only run once concurrently since it uses the same cluster.
-
-Run with `npm run test:integration:openshift4`.
-
 ### Package Managers ###
 
 These tests attempt to provide some more thorough coverage for our scans of specific package manager: APK, APT and RPM.

test/helpers/deployment.ts

@@ -1,9 +1,6 @@
 import * as tap from 'tap';
 import { V1Deployment } from '@kubernetes/client-node';
 
-const OPENSHIFT4 = "openshift4";
-const testPlatform = process.env['TEST_PLATFORM'] || 'kind';
-
 export function validateSecureConfiguration(test: tap, deployment: V1Deployment) {
   if (
     !deployment.spec ||
@@ -45,19 +42,16 @@ export function validateSecureConfiguration(test: tap, deployment: V1Deployment)
   tap.ok(securityContext.allowPrivilegeEscalation === false, 'must explicitly set allowPrivilegeEscalation to false');
   tap.ok(securityContext.privileged === false, 'must explicitly set privileged to false');
   tap.ok(securityContext.runAsNonRoot === true, 'must explicitly set runAsNonRoot to true');
-
-  if (testPlatform !== OPENSHIFT4) {
-    tap.ok(
-      securityContext.runAsUser !== undefined &&
-        securityContext.runAsUser >= 10001,
-      'must explicitly set runAsUser to be 10001 or greater',
-    );
-    tap.ok(
-      securityContext.runAsGroup !== undefined &&
-        securityContext.runAsGroup >= 10001,
-      'must explicitly set runAsGroup to be 10001 or greater',
-    );
-  }
+  tap.ok(
+    securityContext.runAsUser !== undefined &&
+      securityContext.runAsUser >= 10001,
+    'must explicitly set runAsUser to be 10001 or greater',
+  );
+  tap.ok(
+    securityContext.runAsGroup !== undefined &&
+      securityContext.runAsGroup >= 10001,
+    'must explicitly set runAsGroup to be 10001 or greater',
+  );
 }
 
 export function validateVolumeMounts(test: tap, deployment: V1Deployment) {

test/setup/index.ts

@@ -6,7 +6,6 @@ import platforms from './platforms';
 import * as kubectl from '../helpers/kubectl';
 import * as waiters from './waiters';
 
-const OPENSHIFT4 = "openshift4";
 const testPlatform = process.env['TEST_PLATFORM'] || 'kind';
 const createCluster = process.env['CREATE_CLUSTER'] === 'true';
 
@@ -28,7 +27,6 @@ function createTestYamlDeployment(
   integrationId: string,
   imageNameAndTag: string,
   imagePullPolicy: string,
-  platform: string,
 ): void {
   console.log('Creating test deployment...');
   const originalDeploymentYaml = readFileSync('./snyk-monitor-deployment.yaml', 'utf8');
@@ -55,11 +53,6 @@ function createTestYamlDeployment(
     value: 'https://kubernetes-upstream.dev.snyk.io',
   };
 
-  if (platform === OPENSHIFT4) {
-    delete deployment.spec.template.spec.containers[0].securityContext.runAsUser;
-    delete deployment.spec.template.spec.containers[0].securityContext.runAsGroup;
-  }
-
   writeFileSync(newYamlPath, stringify(deployment));
   console.log('Created test deployment');
 }
@@ -116,7 +109,6 @@ async function createSecretForGcrIoAccess(): Promise<void> {
 async function installKubernetesMonitor(
   imageNameAndTag: string,
   imagePullPolicy: string,
-  platform: string,
   ): Promise<string> {
   const namespace = 'snyk-monitor';
   await kubectl.createNamespace(namespace);
@@ -130,7 +122,7 @@ async function installKubernetesMonitor(
   });
 
   const testYaml = 'snyk-monitor-test-deployment.yaml';
-  createTestYamlDeployment(testYaml, integrationId, imageNameAndTag, imagePullPolicy, platform);
+  createTestYamlDeployment(testYaml, integrationId, imageNameAndTag, imagePullPolicy);
 
   await kubectl.applyK8sYaml('./snyk-monitor-cluster-permissions.yaml');
   await kubectl.applyK8sYaml('./snyk-monitor-test-deployment.yaml');
@@ -162,7 +154,7 @@ export async function deployMonitor(): Promise<string> {
     // TODO: hack, rewrite this
     const imagePullPolicy = testPlatform === 'kind' ? 'Never' : 'Always';
 
-    const integrationId = await installKubernetesMonitor(remoteImageName, imagePullPolicy, testPlatform);
+    const integrationId = await installKubernetesMonitor(remoteImageName, imagePullPolicy);
     await waiters.waitForMonitorToBeReady();
     console.log(`Deployed the snyk-monitor with integration ID ${integrationId}`);
     return integrationId;

test/setup/platforms/index.ts

@@ -1,6 +1,5 @@
 import * as kind from './kind';
 import * as eks from './eks';
-import * as openshift4 from './openshift4';
 
 interface IPlatformSetup {
   // create a Kubernetes cluster
@@ -31,16 +30,7 @@ const eksSetup: IPlatformSetup = {
   clean: eks.clean,
 };
 
-const openshift4Setup: IPlatformSetup = {
-  create: openshift4.createCluster,
-  loadImage: openshift4.loadImageInCluster,
-  delete: openshift4.deleteCluster,
-  config: openshift4.exportKubeConfig,
-  clean: openshift4.clean,
-};
-
 export default {
   kind: kindSetup,
   eks: eksSetup,
-  openshift4: openshift4Setup,
 };