Skip to content

Smoke tests for the Google CAS issuer #62

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 14 commits into
base: main
Choose a base branch
from
Draft

Smoke tests for the Google CAS issuer #62

wants to merge 14 commits into from

Conversation

maelvls
Copy link
Member

@maelvls maelvls commented Jul 6, 2021

Up to today, we only tested that we can create a GoogleCASIssuer and GoogleCASClusterIssuer, but we did not test the actual issuance due to limitations with the testrunner. We said in #19 that we want to smoke test the CAS. Now that we moved to our own bash-like tests (see smoke-test.t), we can confidently add more tests.

This PR implements these new test cases.

TBD:

  • Ask Google if we can expect somehow to be given a GCP service account when running mpdev verify. If they can't, then there is no point in adding these tests since we won't be able to pass the Google automated validation.

maelvls added 14 commits June 18, 2021 18:17
@maelvls
Update the release process notes
0755545 
Signed-off-by: Maël Valais <[email protected]>
@maelvls
schema: add ClusterRoles added with the 1.4 release
d92cbeb 
Signed-off-by: Maël Valais <[email protected]>
@maelvls
bump version to 1.4.0-gcm.0
79544ce
@maelvls
app-crd: the Application CRD breaks under CRD v1
9adc68c 
For some reason, the Application that we have had a field that does not
exist on the v1beta1 spec. More specifically, we had:

  apiVersion: app.k8s.io/v1beta1
  kind: Application
  spec:
    descriptor:
      ...
      info: []

It should have been:

  apiVersion: app.k8s.io/v1beta1
  kind: Application
  spec:
    descriptor:
      ...
    info: []

It seems like when Google upgraded [1] the Application CRD from v1beta1
to v1 (this in the version of the CRD object, not the version of the
Application itself). After this change, the above Application manifest
could not be applied anymore. The error looked like this:

  error: error validating "/data/resources.yaml": error validating data:
  ValidationError(Application.spec.descriptor): unknown field "info" in
  io.k8s.app.v1beta1.Application.spec.descriptor; if you choose to ignore
  these errors, turn validation off with --validate=false

My guess is that before this change, the faulty "info" field was not
being validated, and the new v1 CRD version started validating it.

[1]: GoogleCloudPlatform/marketplace-k8s-app-tools#562

Signed-off-by: Maël Valais <[email protected]>
@maelvls
cas-issuer: upgrade googlecasissuers: v1alpha1 -> v1beta1
238bcc6 
Signed-off-by: Maël Valais <[email protected]>
@maelvls
schema: lease was missing from the controller's service account
fefd8fc 
Signed-off-by: Maël Valais <[email protected]>
@maelvls
schema: hardcode leader elect namespace to kube-system, schema.yaml l…
800baa0 
…imitations

Signed-off-by: Maël Valais <[email protected]>
@maelvls
schema: move lease and configmap RBACs to ClusterRole, events to Role
3812adc 
Signed-off-by: Maël Valais <[email protected]>
@maelvls
smoke-test: disable the debugging step
85b9287 
Signed-off-by: Maël Valais <[email protected]>
@maelvls
smoke-tests: clarify the test case descriptions
4a03e11 
Signed-off-by: Maël Valais <[email protected]>
@maelvls
cloudbuild: only display the logs, not when waiting for the pod
9b68e00 
Signed-off-by: Maël Valais <[email protected]>
@maelvls
smoke-test: use our own bash-based runner
6193a40 
I went with cram because it gives excellent stderr and stdout diagnostic
in case of error.

You can run it locally with:

  docker build --file smoke-test.Dockerfile -t runner .
  docker run -it -v ~/.kube:/root/.kube -v $PWD:/opt runner cram smoke-test.t

To update the stdout/stderr and status codes interactively, run:

  docker run -it -v ~/.kube:/root/.kube -v $PWD:/opt runner cram smoke-test.t -i

Signed-off-by: Maël Valais <[email protected]>
@maelvls
smoke-test: only "kubectl logs" on failure
b0e4112 
Running stern immediately (kubectl logs was giving similar results), the
following error would show:

  Error: failed to set up watch: failed to set up watch: unknown (get pods)

To get around this issue, the logs are now only fetched on error.

Signed-off-by: Maël Valais <[email protected]>
@maelvls
cram tests: disable GitHub highlighting for .t files
d745a4a 
Signed-off-by: Maël Valais <[email protected]>
@maelvls maelvls changed the title Update the release process notes Smoke tests for the Google CAS issuer Jul 6, 2021
@maelvls maelvls marked this pull request as draft July 13, 2021 09:21
@jetstack-bot
Copy link
Contributor

@maelvls: PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
do-not-merge/work-in-progress needs-rebase size/XL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@maelvls @jetstack-bot