Skip to content

Commit

Permalink
e2e: add genpolicy regression tests
Browse files Browse the repository at this point in the history
  • Loading branch information
burgerdev committed Jun 26, 2024
1 parent 2ede1c2 commit f60c643
Show file tree
Hide file tree
Showing 4 changed files with 124 additions and 12 deletions.
Original file line number Diff line number Diff line change
@@ -1,25 +1,32 @@
name: e2e test getdents
name: regression tests

on:
workflow_dispatch:
inputs:
skip-undeploy:
description: "Skip undeploy"
required: false
type: boolean
default: false
schedule:
- cron: "16 6 * * 6" # 6:16 on Saturdays
workflow_dispatch:
inputs:
skip-undeploy:
description: "Skip undeploy"
required: false
type: boolean
default: false

env:
container_registry: ghcr.io/edgelesssys
azure_resource_group: contrast-ci
DO_NOT_TRACK: 1

jobs:
test:
regression-test:
runs-on: ubuntu-22.04
permissions:
contents: read
packages: write
strategy:
matrix:
case:
- getdents
- genpolicy
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: ./.github/actions/setup_nix
Expand Down Expand Up @@ -49,9 +56,9 @@ jobs:
- name: Build and prepare deployments
run: |
just node-installer
- name: E2E Test
- name: Run regression test
run: |
nix shell .#contrast.e2e --command getdents.test -test.v \
nix shell .#contrast.e2e --command ${{ matrix.case }}.test -test.v \
--image-replacements workspace/just.containerlookup \
--namespace-file workspace/e2e.namespace \
--skip-undeploy="${{ inputs.skip-undeploy && 'true' || 'false' }}"
Expand Down
73 changes: 73 additions & 0 deletions e2e/genpolicy/genpolicy_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
// Copyright 2024 Edgeless Systems GmbH
// SPDX-License-Identifier: AGPL-3.0-only

//go:build e2e

package genpolicy

import (
"bytes"
"context"
"flag"
"io"
"os"
"path"
"testing"
"time"

"github.com/edgelesssys/contrast/cli/cmd"
"github.com/edgelesssys/contrast/e2e/internal/contrasttest"
"github.com/edgelesssys/contrast/e2e/internal/kubeclient"
"github.com/edgelesssys/contrast/internal/kuberesource"
"github.com/stretchr/testify/require"
)

var (
imageReplacementsFile, namespaceFile string
skipUndeploy bool
)

// TestGenpolicy runs regression tests for generated policies.
func TestGenpolicy(t *testing.T) {
testCases := kuberesource.GenpolicyRegressionTests()

for name, deploy := range testCases {
t.Run(name, func(t *testing.T) {
ct := contrasttest.New(t, imageReplacementsFile, namespaceFile, skipUndeploy)

ct.Init(t, []any{deploy})

require.True(t, t.Run("generate", func(t *testing.T) {
require := require.New(t)
args := []string{
"--workspace-dir", ct.WorkDir,
"--skip-initializer",
path.Join(ct.WorkDir, "resources.yaml"),
}
generate := cmd.NewGenerateCmd()
generate.Flags().String("workspace-dir", "", "") // Make generate aware of root flags
generate.SetArgs(args)
generate.SetOut(io.Discard)
errBuf := &bytes.Buffer{}
generate.SetErr(errBuf)

require.NoError(generate.Execute(), "generate failed:\n%s", errBuf.String())
}), "contrast generate needs to succeed for subsequent tests")

require.True(t, t.Run("apply", ct.Apply), "Kubernetes resources need to be applied for subsequent tests")

ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)
t.Cleanup(cancel)
require.NoError(t, ct.Kubeclient.WaitFor(ctx, kubeclient.Deployment{}, ct.Namespace, name))
})
}
}

func TestMain(m *testing.M) {
flag.StringVar(&imageReplacementsFile, "image-replacements", "", "path to image replacements file")
flag.StringVar(&namespaceFile, "namespace-file", "", "file to store the namespace in")
flag.BoolVar(&skipUndeploy, "skip-undeploy", false, "skip undeploy step in the test")
flag.Parse()

os.Exit(m.Run())
}
32 changes: 32 additions & 0 deletions internal/kuberesource/sets.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"fmt"

"k8s.io/apimachinery/pkg/util/intstr"
applyappsv1 "k8s.io/client-go/applyconfigurations/apps/v1"
applycorev1 "k8s.io/client-go/applyconfigurations/core/v1"
)

Expand Down Expand Up @@ -151,6 +152,37 @@ func GetDEnts() ([]any, error) {
return []any{tester}, nil
}

// GenpolicyRegressionTests returns deployments for regression testing genpolicy.
func GenpolicyRegressionTests() map[string]*applyappsv1.DeploymentApplyConfiguration {
out := make(map[string]*applyappsv1.DeploymentApplyConfiguration)

// Reproduces https://github.com/edgelesssys/contrast/issues/624.
badLayer := "bad-layer"
out[badLayer] = Deployment(badLayer, "").
WithSpec(DeploymentSpec().
WithReplicas(1).
WithSelector(LabelSelector().
WithMatchLabels(map[string]string{"app.kubernetes.io/name": badLayer}),
).
WithTemplate(PodTemplateSpec().
WithLabels(map[string]string{"app.kubernetes.io/name": badLayer}).
WithSpec(PodSpec().
WithRuntimeClassName(runtimeHandler).
WithContainers(
Container().
WithName(badLayer).
WithImage("docker.io/library/httpd:2.4.59-bookworm@sha256:10182d88d7fbc5161ae0f6f758cba7adc56d4aae2dc950e51d72c0cf68967cea").
WithResources(ResourceRequirements().
WithMemoryLimitAndRequest(50),
),
),
),
),
)

return out
}

// Emojivoto returns resources for deploying Emojivoto application.
func Emojivoto(smMode serviceMeshMode) []any {
ns := ""
Expand Down
2 changes: 1 addition & 1 deletion packages/by-name/contrast/package.nix
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ let
"-X github.com/edgelesssys/contrast/internal/kuberesource.runtimeHandler=${runtimeHandler}"
];

subPackages = [ "e2e/getdents" "e2e/openssl" "e2e/servicemesh" "e2e/release" ];
subPackages = [ "e2e/genpolicy" "e2e/getdents" "e2e/openssl" "e2e/servicemesh" "e2e/release" ];
};

launchDigest = builtins.readFile "${runtime-class-files}/launch-digest.hex";
Expand Down

0 comments on commit f60c643

Please sign in to comment.