Merge pull request kruize#1307 from khansaad/bearer-auth-tests

Add test script for authentication
dinogun · Nov 25, 2024 · b9e71c4 · b9e71c4
2 parents 5acb23f + f484a5a
commit b9e71c4
Show file tree

Hide file tree

Showing 4 changed files with 202 additions and 1 deletion.
diff --git a/tests/scripts/common/common_functions.sh b/tests/scripts/common/common_functions.sh
@@ -46,7 +46,8 @@ TEST_SUITE_ARRAY=("app_autotune_yaml_tests"
 "kruize_layer_id_tests"
 "em_standalone_tests"
 "remote_monitoring_tests"
-"local_monitoring_tests")
+"local_monitoring_tests"
+"authentication_tests")
 
 modify_kruize_layer_tests=("add_new_tunable"
 "apply_null_tunable"

diff --git a/tests/scripts/functional_tests.sh b/tests/scripts/functional_tests.sh
@@ -33,6 +33,7 @@ SCRIPTS_DIR="${CURRENT_DIR}"
 . ${SCRIPTS_DIR}/em/em_standalone_tests.sh
 . ${SCRIPTS_DIR}/remote_monitoring_tests/remote_monitoring_tests.sh
 . ${SCRIPTS_DIR}/local_monitoring_tests/local_monitoring_tests.sh
+. ${SCRIPTS_DIR}/local_monitoring_tests/authentication_tests.sh
 
 # Iterate through the commandline options
 while getopts i:o:r:-: gopts

diff --git a/tests/scripts/local_monitoring_tests/Local_monitoring_tests.md b/tests/scripts/local_monitoring_tests/Local_monitoring_tests.md
@@ -182,3 +182,21 @@ Else, you can change the workload name and namespace name in the test to match w
 
 Note: The test will fail if it's run as is if there are no matching workloads that the test looks for. This test result can be ignored in case of a non-gpu workload
 
+### Authentication Test:
+
+Kruize 0.2 supports the authentication which provides the user an option to pass authentication details in the yaml for the service they are using.
+
+The authentication test is part of functional bucket and has a separate script similar to local_monitoring tests. It contains various valid and invalid scenarios for testing.
+
+It can be run as shown in the example below:
+
+`/test_autotune.sh -c <cluster-type> -i <image-name> -r benchmarks/ --testsuite=authentication_tests`
+
+#### Scenarios
+**_valid_**: a valid path to the token
+
+**_expired_**: an expired token value
+
+**_invalid_**: an invalid path to the token
+
+**_empty_**: a blank input in place of the token file path
diff --git a/tests/scripts/local_monitoring_tests/authentication_tests.sh b/tests/scripts/local_monitoring_tests/authentication_tests.sh
@@ -0,0 +1,181 @@
+#!/bin/bash
+#
+# Copyright (c) 2024, 2024 Red Hat, IBM Corporation and others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+
+# Get the absolute path of current directory
+CURRENT_DIR="$(dirname "$(realpath "$0")")"
+LOCAL_MONITORING_TEST_DIR="${CURRENT_DIR}/local_monitoring_tests"
+
+# Source the common functions scripts
+. ${LOCAL_MONITORING_TEST_DIR}/../common/common_functions.sh
+
+APP_DEPLOYMENT="kruize"
+
+# Define token scenarios
+declare -A tokens
+tokens=(
+  ["valid"]="/var/run/secrets/kubernetes.io/serviceaccount/token"
+  ["expired"]="EXPIRED_TOKEN"
+  ["invalid"]="/var/run/secrets/kubernetes.io/serviceaccount/token2"
+  ["empty"]=""
+)
+# Tests to validate authentication types in Kruize
+function authentication_tests() {
+	start_time=$(get_date)
+	FAILED_CASES=()
+	TESTS=0
+	failed=0
+	((TOTAL_TEST_SUITES++))
+
+  TEST_SUITE_DIR="${RESULTS}/authentication_tests"
+  mkdir -p "${TEST_SUITE_DIR}" 2>&1
+  KRUIZE_SETUP_LOG="${TEST_SUITE_DIR}/kruize_setup.log"
+ 	KRUIZE_POD_LOG="${TEST_SUITE_DIR}/kruize_pod.log"
+ 	target="crc"
+  echo ""
+  echo "Setting up kruize..." | tee -a ${LOG}
+		echo "${KRUIZE_SETUP_LOG}"
+		setup "${KRUIZE_POD_LOG}" >> "${KRUIZE_SETUP_LOG}" 2>&1
+		echo "Setting up kruize...Done" | tee -a ${LOG}
+	sleep 15
+  if [ "$cluster_type" == "minikube" ] || [ "$cluster_type" == "kind" ]; then
+  	NAMESPACE="monitoring"
+  	YAML_FILE="${LOCAL_MONITORING_TEST_DIR}/../../../manifests/crc/default-db-included-installation/minikube/kruize-crc-minikube.yaml"
+	elif [ "$cluster_type" == "openshift" ]; then
+  	NAMESPACE="openshift-tuning"
+		YAML_FILE="${LOCAL_MONITORING_TEST_DIR}/../../../manifests/crc/default-db-included-installation/openshift/kruize-crc-openshift.yaml"
+	else
+		echo "Invalid cluster type found: ${cluster_type}"
+	fi
+  kubectl_cmd="kubectl -n ${NAMESPACE}"
+
+  echo ""
+	echo "******************* Executing test suite ${FUNCNAME} ****************"
+	echo ""
+  for token_type in "${!tokens[@]}";
+  do
+		echo ""
+		echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
+		echo "                    Running Test ${token_type}-token"
+		echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
+
+    deploy_and_check_pod "$token_type"
+
+#	 check for success and failed cases here
+		if [ "${TESTS_FAILED}" -ne "0" ]; then
+			FAILED_CASES+=(${test})
+		fi
+  done
+
+  TESTS=$(($TESTS_PASSED + $TESTS_FAILED))
+  TOTAL_TESTS_FAILED=${TESTS_FAILED}
+	TOTAL_TESTS_PASSED=${TESTS_PASSED}
+	TOTAL_TESTS=${TESTS}
+
+	if [ "${TESTS_FAILED}" -ne "0" ]; then
+		FAILED_TEST_SUITE+=(${FUNCNAME})
+	fi
+
+	end_time=$(get_date)
+	elapsed_time=$(time_diff "${start_time}" "${end_time}")
+
+	# Remove the duplicates
+	FAILED_CASES=( $(printf '%s\n' "${FAILED_CASES[@]}" | uniq ) )
+
+	# print the testsuite summary
+	testsuitesummary ${FUNCNAME} "${elapsed_time}" ${FAILED_CASES}
+}
+
+# Deploy app and check pod status
+deploy_and_check_pod() {
+  local token_type=$1
+  POD_LOG="${TEST_SUITE_DIR}/${token_type}-pod.log"
+
+  # Update the yaml with the appropriate token
+  echo "*************************************"
+  echo "Updating the yaml with $token_type token and restarting kruize..."
+  echo "*************************************"
+  update_yaml_with_token "${tokens[$token_type]}"
+  echo ""
+
+  # re-apply the yaml to update the auth config
+  $kubectl_cmd apply -f "$YAML_FILE" > /dev/null
+	# get the kruize pod name
+	POD_NAME=$($kubectl_cmd get pods | grep 'kruize' | grep -v -E 'kruize-db|kruize-ui' | awk 'NR==1{print $1}')
+	# Check if POD_NAME is not empty
+	if [ -n "$POD_NAME" ]; then
+		# Delete the pod
+		$kubectl_cmd delete pod "$POD_NAME"
+	else
+		echo "No matching pod found to delete."
+	fi
+
+  # Wait for the new pod to be ready or fail
+  $kubectl_cmd wait --for=condition=Ready pod -l app=$APP_DEPLOYMENT --timeout=120s > /dev/null
+ # Check pod logs for errors
+  echo "Checking logs for the pod..."
+ 	POD_NAME=$($kubectl_cmd get pods | grep 'kruize' | grep -v -E 'kruize-db|kruize-ui' | awk 'NR==1{print $1}')
+  echo "$kubectl_cmd logs -f ${POD_NAME} > ${POD_LOG} 2>&1 &"
+	$kubectl_cmd logs -f "${POD_NAME}" > "${POD_LOG}" 2>&1 &
+  sleep 10
+	echo ""
+  # Determine the test outcome based on logs
+	if [[ $(grep -i "Datasource connection refused or timed out" ${POD_LOG}) ]]; then
+    if [ "$token_type" == "valid" ]; then
+      echo "$token_type token: Unexpected failure detected in logs."
+      ((TESTS_FAILED++)) # Increment the global TESTS_FAILED
+    else
+      echo "$token_type token: Failure detected in logs (as expected for invalid tokens)."
+      ((TESTS_PASSED++)) # Increment the global TESTS_PASSED
+    fi
+  else
+    if [ "$token_type" == "valid" ]; then
+      echo "$token_type token: No failure detected in logs (as expected for valid tokens)."
+      ((TESTS_PASSED++)) # Increment the global TESTS_PASSED
+    else
+      echo "$token_type token: Unexpected success detected in logs."
+      ((TESTS_FAILED++)) # Increment the global TESTS_FAILED
+    fi
+  fi
+   # Restore original YAML file
+  mv "${YAML_FILE}".token.bak "$YAML_FILE"
+  mv "${YAML_FILE}".image.bak "$YAML_FILE"
+}
+
+# Update the YAML file with the token
+update_yaml_with_token() {
+  local token_value=$1
+
+  # Escape special characters in the new token to avoid sed issues
+  new_token_escaped=$(printf '%s\n' "$token_value" | sed -e 's/[\/&]/\\&/g')
+
+  # Update the tokenFilePath
+  sed -i.token.bak 's/\("tokenFilePath": \)"[^"]*"/\1"'"$new_token_escaped"'"/' "$YAML_FILE"
+  echo "Token updated"
+
+  # Update the image in the Deployment YAML
+  sed -i.image.bak '
+	/kind: Deployment/,/kind:/{
+		/name: kruize$/,/containers:/{
+			/^        - name: kruize$/{
+				n
+				s|image: .*|image: '"$AUTOTUNE_IMAGE"'|
+			}
+		}
+	}' "$YAML_FILE"
+  echo "Updated image in YAML to $AUTOTUNE_IMAGE"
+}