diff --git a/tests/scripts/common/common_functions.sh b/tests/scripts/common/common_functions.sh index 93e731721..eeea358e9 100755 --- a/tests/scripts/common/common_functions.sh +++ b/tests/scripts/common/common_functions.sh @@ -46,7 +46,8 @@ TEST_SUITE_ARRAY=("app_autotune_yaml_tests" "kruize_layer_id_tests" "em_standalone_tests" "remote_monitoring_tests" -"local_monitoring_tests") +"local_monitoring_tests" +"authentication_tests") modify_kruize_layer_tests=("add_new_tunable" "apply_null_tunable" diff --git a/tests/scripts/functional_tests.sh b/tests/scripts/functional_tests.sh index bfea136ab..39edbd91a 100755 --- a/tests/scripts/functional_tests.sh +++ b/tests/scripts/functional_tests.sh @@ -33,6 +33,7 @@ SCRIPTS_DIR="${CURRENT_DIR}" . ${SCRIPTS_DIR}/em/em_standalone_tests.sh . ${SCRIPTS_DIR}/remote_monitoring_tests/remote_monitoring_tests.sh . ${SCRIPTS_DIR}/local_monitoring_tests/local_monitoring_tests.sh +. ${SCRIPTS_DIR}/local_monitoring_tests/authentication_tests.sh # Iterate through the commandline options while getopts i:o:r:-: gopts diff --git a/tests/scripts/local_monitoring_tests/Local_monitoring_tests.md b/tests/scripts/local_monitoring_tests/Local_monitoring_tests.md index 3444b66d3..5fa8d3f9f 100644 --- a/tests/scripts/local_monitoring_tests/Local_monitoring_tests.md +++ b/tests/scripts/local_monitoring_tests/Local_monitoring_tests.md @@ -182,3 +182,21 @@ Else, you can change the workload name and namespace name in the test to match w Note: The test will fail if it's run as is if there are no matching workloads that the test looks for. This test result can be ignored in case of a non-gpu workload +### Authentication Test: + +Kruize 0.2 supports the authentication which provides the user an option to pass authentication details in the yaml for the service they are using. + +The authentication test is part of functional bucket and has a separate script similar to local_monitoring tests. It contains various valid and invalid scenarios for testing. + +It can be run as shown in the example below: + +`/test_autotune.sh -c -i -r benchmarks/ --testsuite=authentication_tests` + +#### Scenarios +**_valid_**: a valid path to the token + +**_expired_**: an expired token value + +**_invalid_**: an invalid path to the token + +**_empty_**: a blank input in place of the token file path diff --git a/tests/scripts/local_monitoring_tests/authentication_tests.sh b/tests/scripts/local_monitoring_tests/authentication_tests.sh new file mode 100644 index 000000000..623376879 --- /dev/null +++ b/tests/scripts/local_monitoring_tests/authentication_tests.sh @@ -0,0 +1,181 @@ +#!/bin/bash +# +# Copyright (c) 2024, 2024 Red Hat, IBM Corporation and others. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# + +# Get the absolute path of current directory +CURRENT_DIR="$(dirname "$(realpath "$0")")" +LOCAL_MONITORING_TEST_DIR="${CURRENT_DIR}/local_monitoring_tests" + +# Source the common functions scripts +. ${LOCAL_MONITORING_TEST_DIR}/../common/common_functions.sh + +APP_DEPLOYMENT="kruize" + +# Define token scenarios +declare -A tokens +tokens=( + ["valid"]="/var/run/secrets/kubernetes.io/serviceaccount/token" + ["expired"]="EXPIRED_TOKEN" + ["invalid"]="/var/run/secrets/kubernetes.io/serviceaccount/token2" + ["empty"]="" +) +# Tests to validate authentication types in Kruize +function authentication_tests() { + start_time=$(get_date) + FAILED_CASES=() + TESTS=0 + failed=0 + ((TOTAL_TEST_SUITES++)) + + TEST_SUITE_DIR="${RESULTS}/authentication_tests" + mkdir -p "${TEST_SUITE_DIR}" 2>&1 + KRUIZE_SETUP_LOG="${TEST_SUITE_DIR}/kruize_setup.log" + KRUIZE_POD_LOG="${TEST_SUITE_DIR}/kruize_pod.log" + target="crc" + echo "" + echo "Setting up kruize..." | tee -a ${LOG} + echo "${KRUIZE_SETUP_LOG}" + setup "${KRUIZE_POD_LOG}" >> "${KRUIZE_SETUP_LOG}" 2>&1 + echo "Setting up kruize...Done" | tee -a ${LOG} + sleep 15 + if [ "$cluster_type" == "minikube" ] || [ "$cluster_type" == "kind" ]; then + NAMESPACE="monitoring" + YAML_FILE="${LOCAL_MONITORING_TEST_DIR}/../../../manifests/crc/default-db-included-installation/minikube/kruize-crc-minikube.yaml" + elif [ "$cluster_type" == "openshift" ]; then + NAMESPACE="openshift-tuning" + YAML_FILE="${LOCAL_MONITORING_TEST_DIR}/../../../manifests/crc/default-db-included-installation/openshift/kruize-crc-openshift.yaml" + else + echo "Invalid cluster type found: ${cluster_type}" + fi + kubectl_cmd="kubectl -n ${NAMESPACE}" + + echo "" + echo "******************* Executing test suite ${FUNCNAME} ****************" + echo "" + for token_type in "${!tokens[@]}"; + do + echo "" + echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" + echo " Running Test ${token_type}-token" + echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" + + deploy_and_check_pod "$token_type" + +# check for success and failed cases here + if [ "${TESTS_FAILED}" -ne "0" ]; then + FAILED_CASES+=(${test}) + fi + done + + TESTS=$(($TESTS_PASSED + $TESTS_FAILED)) + TOTAL_TESTS_FAILED=${TESTS_FAILED} + TOTAL_TESTS_PASSED=${TESTS_PASSED} + TOTAL_TESTS=${TESTS} + + if [ "${TESTS_FAILED}" -ne "0" ]; then + FAILED_TEST_SUITE+=(${FUNCNAME}) + fi + + end_time=$(get_date) + elapsed_time=$(time_diff "${start_time}" "${end_time}") + + # Remove the duplicates + FAILED_CASES=( $(printf '%s\n' "${FAILED_CASES[@]}" | uniq ) ) + + # print the testsuite summary + testsuitesummary ${FUNCNAME} "${elapsed_time}" ${FAILED_CASES} +} + +# Deploy app and check pod status +deploy_and_check_pod() { + local token_type=$1 + POD_LOG="${TEST_SUITE_DIR}/${token_type}-pod.log" + + # Update the yaml with the appropriate token + echo "*************************************" + echo "Updating the yaml with $token_type token and restarting kruize..." + echo "*************************************" + update_yaml_with_token "${tokens[$token_type]}" + echo "" + + # re-apply the yaml to update the auth config + $kubectl_cmd apply -f "$YAML_FILE" > /dev/null + # get the kruize pod name + POD_NAME=$($kubectl_cmd get pods | grep 'kruize' | grep -v -E 'kruize-db|kruize-ui' | awk 'NR==1{print $1}') + # Check if POD_NAME is not empty + if [ -n "$POD_NAME" ]; then + # Delete the pod + $kubectl_cmd delete pod "$POD_NAME" + else + echo "No matching pod found to delete." + fi + + # Wait for the new pod to be ready or fail + $kubectl_cmd wait --for=condition=Ready pod -l app=$APP_DEPLOYMENT --timeout=120s > /dev/null + # Check pod logs for errors + echo "Checking logs for the pod..." + POD_NAME=$($kubectl_cmd get pods | grep 'kruize' | grep -v -E 'kruize-db|kruize-ui' | awk 'NR==1{print $1}') + echo "$kubectl_cmd logs -f ${POD_NAME} > ${POD_LOG} 2>&1 &" + $kubectl_cmd logs -f "${POD_NAME}" > "${POD_LOG}" 2>&1 & + sleep 10 + echo "" + # Determine the test outcome based on logs + if [[ $(grep -i "Datasource connection refused or timed out" ${POD_LOG}) ]]; then + if [ "$token_type" == "valid" ]; then + echo "$token_type token: Unexpected failure detected in logs." + ((TESTS_FAILED++)) # Increment the global TESTS_FAILED + else + echo "$token_type token: Failure detected in logs (as expected for invalid tokens)." + ((TESTS_PASSED++)) # Increment the global TESTS_PASSED + fi + else + if [ "$token_type" == "valid" ]; then + echo "$token_type token: No failure detected in logs (as expected for valid tokens)." + ((TESTS_PASSED++)) # Increment the global TESTS_PASSED + else + echo "$token_type token: Unexpected success detected in logs." + ((TESTS_FAILED++)) # Increment the global TESTS_FAILED + fi + fi + # Restore original YAML file + mv "${YAML_FILE}".token.bak "$YAML_FILE" + mv "${YAML_FILE}".image.bak "$YAML_FILE" +} + +# Update the YAML file with the token +update_yaml_with_token() { + local token_value=$1 + + # Escape special characters in the new token to avoid sed issues + new_token_escaped=$(printf '%s\n' "$token_value" | sed -e 's/[\/&]/\\&/g') + + # Update the tokenFilePath + sed -i.token.bak 's/\("tokenFilePath": \)"[^"]*"/\1"'"$new_token_escaped"'"/' "$YAML_FILE" + echo "Token updated" + + # Update the image in the Deployment YAML + sed -i.image.bak ' + /kind: Deployment/,/kind:/{ + /name: kruize$/,/containers:/{ + /^ - name: kruize$/{ + n + s|image: .*|image: '"$AUTOTUNE_IMAGE"'| + } + } + }' "$YAML_FILE" + echo "Updated image in YAML to $AUTOTUNE_IMAGE" +}