test: system test

introducing a new system test infrastructure to the Kubernetes Monitor.

this kind of tests focus on the Kubernetes-Monitor's code, and its interactions with Kubernetes, without letting it run completely in an end-to-end fashion.

this means that:
1. we're losing the Monitor's "natural" runtime environment (inside the cluster)
2. we're gaining the ability to test for implementation details we otherwise couldn'tsuch as the content of the payload the Kubernetes Monitor sends out (as opposed to testing its affect on an external upstream)

the new test creates a KinD cluster, but runs the Kubernetes-Monitor _locally_ (not from inside the cluster). it uses Nock to assert outgoing requests.
right now it only uses a java deployment, because it's distroless, saving us the trouble of forcing an OS on Skopeo's pull (which would try to get an Ubuntu image for MacOS... and fail.)

Author: Shesekino

package-lock.json

@@ -51,6 +51,7 @@
     "@typescript-eslint/parser": "^2.6.1",
     "eslint": "^6.6.0",
     "eslint-config-prettier": "^6.5.0",
+    "nock": "^11.7.2",
     "sinon": "^8.0.1",
     "tap": "^14.10.5",
     "ts-node": "^8.1.0",

package.json

@@ -0,0 +1,22 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: java
+  namespace: services
+  labels:
+    app.kubernetes.io/name: java
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: java
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: java
+    spec:
+      containers:
+      - image: java:latest
+        imagePullPolicy: Always
+        name: java
+      securityContext: {}

test/fixtures/java-deployment.yaml

@@ -0,0 +1,99 @@
+import * as tap from 'tap';
+import * as nock from 'nock';
+import * as sleep from 'sleep-promise';
+import { exec } from 'child-process-promise';
+
+import * as kubectl from '../helpers/kubectl';
+import * as kind from '../setup/platforms/kind';
+
+// let integrationId: string;
+
+async function tearDown() {
+  console.log('Begin removing the snyk-monitor...');
+  await kind.deleteCluster();
+  console.log('Removed the snyk-monitor!');
+}
+
+tap.tearDown(tearDown);
+
+tap.test('Kubernetes-Monitor with KinD', async (t) => {
+
+  // Start fresh
+  try {
+    await tearDown();
+  } catch (error) {
+    console.log(`could not start with a clean environment: ${error.message}`);
+  }
+
+  // install Skopeo
+  // TODO: this thing should probably be in a setup test environment script
+  // not in this file
+  try {
+    await exec('which skopeo');
+    console.log('Skopeo already installed :tada:');
+  } catch (err) {
+    // linux-oriented, not mac
+    // for mac, install skopeo with brew
+    console.log('installing Skopeo');
+    await exec('git clone https://github.com/containers/skopeo');
+    await exec('(cd skopeo && make binary-static DISABLE_CGO=1)');
+    await exec('sudo mkdir -p /etc/containers');
+    await exec('sudo chown circleci:circleci /etc/containers');
+    await exec('cp ./skopeo/default-policy.json /etc/containers/policy.json');
+
+    process.env['PATH'] = process.env['PATH'] + ':./skopeo';
+  }
+
+  // kubectl
+  await kubectl.downloadKubectl();
+
+  // KinD
+  await kind.createCluster();
+  await kind.exportKubeConfig();
+  Promise.all([
+    kubectl.createNamespace('snyk-monitor'),
+    kubectl.createNamespace('services'),
+  ]);
+  // wait for default service account
+  await kubectl.waitForServiceAccount('default', 'default');
+
+  // Services
+  await Promise.all([
+    kubectl.applyK8sYaml('./test/fixtures/java-deployment.yaml'),
+  ]);
+
+  // TODO: wait for the services to start?
+
+  // Setup nocks
+  nock('https://kubernetes-upstream.snyk.io')
+    .post('/api/v1/workload')
+    .times(1)
+    .reply(200, (uri, requestBody) => {
+      // TODO assert POST payload
+    });
+
+  nock('https://kubernetes-upstream.snyk.io')
+    .post('/api/v1/dependency-graph')
+    .times(1)
+    .reply(200, (uri, requestBody) => {
+      // TODO assert POST payload
+    });
+
+  // Start the monitor
+  require('../../src');
+
+  // TODO: replace with being event driven?
+  // will still need SOME timeout 
+  while (true) {
+    if (nock.isDone()) {
+      break;
+    } else {
+      await sleep(5 * 1000);
+    }
+  }
+
+  // additional asserts?
+  t.ok(nock.isDone(), 'all outgoing calls were made');
+
+  // TODO cleanup the images we saved to /var/tmp?
+});