Skip to content

Commit

Permalink
Merge branch 'main' into dependabot/go_modules/sigs.k8s.io/controller…
Browse files Browse the repository at this point in the history 
…-runtime-0.12.0
  • Loading branch information
@georgethebeatle
georgethebeatle committed May 12, 2022
2 parents 950f993 + 0e45455 commit 2598196
Show file tree
Hide file tree
Showing 51 changed files with 8,962 additions and 287 deletions.
56 changes: 9 additions & 47 deletions .github/workflows/test-build-push-main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ jobs:
name: controllers-coverage
path: "**/cover.out"

api-unit-tests:
api-tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
Expand All @@ -102,53 +102,22 @@ jobs:
with:
go-version: '^1.17'

- name: Run API unit tests
run: make test-api-unit
- name: Run API tests
run: make test-api

- name: Sanitize coverage report
run: sed -i -E '/(fake|generated|vendor)/d' **/cover.out

- name: Upload coverage report
uses: actions/upload-artifact@v3
with:
name: api-unit-coverage
path: "**/cover.out"

api-integration-tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3

- uses: actions/cache@v3
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('api/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- uses: actions/setup-go@v3
with:
go-version: '^1.17'

- name: Run API integration tests
run: make test-api-integration

- name: Sanitize coverage report
run: sed -i -E '/(fake|generated|vendor)/d' **/cover.out

- name: Upload coverage report
uses: actions/upload-artifact@v3
with:
name: api-integration-coverage
name: api-coverage
path: "**/cover.out"

publish-code-coverage:
needs:
- controllers-tests
- api-unit-tests
- api-integration-tests
- api-tests

runs-on: ubuntu-latest
steps:
Expand All @@ -160,17 +129,11 @@ jobs:
name: controllers-coverage
path: controllers-coverage

- name: Download api unit coverage
uses: actions/download-artifact@v3
with:
name: api-unit-coverage
path: api-unit-coverage

- name: Download api integration coverage
- name: Download api test coverage
uses: actions/download-artifact@v3
with:
name: api-integration-coverage
path: api-integration-coverage
name: api-coverage
path: api-coverage

- name: Generate and publish code coverage report
uses: paambaati/codeclimate-action@v3.0.0
Expand Down Expand Up @@ -297,8 +260,7 @@ jobs:

push-latest-docker-images:
needs:
- api-unit-tests
- api-integration-tests
- api-tests
- controllers-tests
- e2e-tests

Expand Down
25 changes: 2 additions & 23 deletions .github/workflows/test-pr.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ jobs:
- name: Run Controllers tests
run: make test-controllers

api-unit-tests:
api-tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
Expand All @@ -90,25 +90,4 @@ jobs:
go-version: '^1.17'

- name: Run API unit tests
run: make test-api-unit

api-integration-tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3

- uses: actions/cache@v3
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('api/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- uses: actions/setup-go@v3
with:
go-version: '^1.17'

- name: Run API integration tests
run: make test-api-integration
run: make test-api
7 changes: 1 addition & 6 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,14 +76,9 @@ test-unit: test-controllers test-api-unit
test-controllers: install-ginkgo manifests-controllers generate-controllers fmt vet ## Run tests.
cd controllers && GINKGO_NODES=$(CONTROLLERS_GINKGO_NODES) ../scripts/run-tests.sh

test-api: test-api-unit test-api-integration

test-api-unit: install-ginkgo fmt vet
test-api: install-ginkgo fmt vet
cd api && ../scripts/run-tests.sh --skip-package=test

test-api-integration: install-ginkgo
cd api && ../scripts/run-tests.sh tests/integration

test-e2e: install-ginkgo
cd api && ../scripts/run-tests.sh tests/e2e

Expand Down
10 changes: 5 additions & 5 deletions api/apis/integration/integration_suite_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,8 @@ import (
"time"

"code.cloudfoundry.org/korifi/api/authorization"
"code.cloudfoundry.org/korifi/api/authorization/testhelpers"
"code.cloudfoundry.org/korifi/api/repositories"
"code.cloudfoundry.org/korifi/api/tests/integration/helpers"
networkingv1alpha1 "code.cloudfoundry.org/korifi/controllers/apis/networking/v1alpha1"
servicesv1alpha1 "code.cloudfoundry.org/korifi/controllers/apis/services/v1alpha1"
workloadsv1alpha1 "code.cloudfoundry.org/korifi/controllers/apis/workloads/v1alpha1"
Expand Down Expand Up @@ -67,7 +67,7 @@ var (
orgManagerRole *rbacv1.ClusterRole
rootNamespaceUserRole *rbacv1.ClusterRole
rootNamespace string
clientFactory repositories.UserK8sClientFactory
clientFactory authorization.UserK8sClientFactory
nsPermissions *authorization.NamespacePermissions
)

Expand Down Expand Up @@ -128,16 +128,16 @@ var _ = BeforeEach(func() {

mapper, err := apiutil.NewDynamicRESTMapper(k8sConfig)
Expect(err).NotTo(HaveOccurred())
clientFactory = repositories.NewUnprivilegedClientFactory(k8sConfig, mapper, repositories.NewDefaultBackoff())
clientFactory = authorization.NewUnprivilegedClientFactory(k8sConfig, mapper, authorization.NewDefaultBackoff())
tokenInspector := authorization.NewTokenReviewer(k8sClient)
certInspector := authorization.NewCertInspector(k8sConfig)
identityProvider := authorization.NewCertTokenIdentityProvider(tokenInspector, certInspector)
nsPermissions = authorization.NewNamespacePermissions(k8sClient, identityProvider, rootNamespace)

userName = generateGUID()

cert, key := helpers.ObtainClientCert(testEnv, userName)
authInfo := authorization.Info{CertData: helpers.JoinCertAndKey(cert, key)}
cert, key := testhelpers.ObtainClientCert(testEnv, userName)
authInfo := authorization.Info{CertData: testhelpers.JoinCertAndKey(cert, key)}
ctx = authorization.NewContext(context.Background(), &authInfo)

Expect(k8sClient.Create(ctx, &corev1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: rootNamespace}})).To(Succeed())
Expand Down
99 changes: 90 additions & 9 deletions api/authorization/authorization_suite_test.go
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,22 @@
package authorization_test

import (
"bytes"
"context"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"math/big"
"testing"
"time"

"code.cloudfoundry.org/korifi/api/authorization/testhelpers"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
authv1 "k8s.io/api/authentication/v1"
corev1 "k8s.io/api/core/v1"
"k8s.io/client-go/kubernetes/scheme"
"k8s.io/client-go/rest"
"sigs.k8s.io/controller-runtime/pkg/client"
Expand All @@ -13,32 +25,101 @@ import (
"sigs.k8s.io/controller-runtime/pkg/log/zap"
)

const oidcPrefix string = "oidc:"

func TestAuthorization(t *testing.T) {
RegisterFailHandler(Fail)
RunSpecs(t, "Authorization Suite")
}

var (
testEnv *envtest.Environment
k8sClient client.Client
k8sConfig *rest.Config
testEnv *envtest.Environment
k8sClient client.Client
k8sConfig *rest.Config
authProvider *testhelpers.AuthProvider
)

var _ = BeforeSuite(func() {
SetDefaultEventuallyTimeout(10 * time.Second)

authProvider = testhelpers.NewAuthProvider()
startEnvTest(authProvider.APIServerExtraArgs(oidcPrefix))
})

var _ = AfterSuite(func() {
authProvider.Stop()
Expect(testEnv.Stop()).To(Succeed())
})

func startEnvTest(apiServerExtraArgs map[string]string) {
logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true)))

testEnv = &envtest.Environment{}
testEnv = &envtest.Environment{
AttachControlPlaneOutput: false, // set to true for full apiserver logs
}

for key, value := range apiServerExtraArgs {
testEnv.ControlPlane.GetAPIServer().Configure().Append(key, value)
}

var err error
k8sConfig, err = testEnv.Start()
Expect(err).NotTo(HaveOccurred())
Expect(k8sConfig).NotTo(BeNil())

err = authv1.AddToScheme(scheme.Scheme)
Expect(err).NotTo(HaveOccurred())

k8sClient, err = client.New(k8sConfig, client.Options{Scheme: scheme.Scheme})
Expect(err).NotTo(HaveOccurred())
Expect(k8sClient).NotTo(BeNil())
})

var _ = AfterSuite(func() {
namespaceList := &corev1.NamespaceList{}
Eventually(func() error {
return k8sClient.List(context.Background(), namespaceList)
}).Should(Succeed())

Eventually(func() error {
token := authProvider.GenerateJWTToken("ping")
cfg := rest.AnonymousClientConfig(k8sConfig)
cfg.BearerToken = token

_, err := client.New(cfg, client.Options{})
return err
}).Should(Succeed())
}

func restartEnvTest(apiServerEtraArgs map[string]string) {
Expect(testEnv.Stop()).To(Succeed())
})
startEnvTest(apiServerEtraArgs)
}

func generateUnsignedCert(name string) []byte {
cert := &x509.Certificate{
SerialNumber: big.NewInt(1658),
Subject: pkix.Name{
CommonName: name,
},
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(10, 0, 0),
SubjectKeyId: []byte{1, 2, 3, 4, 6},
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
KeyUsage: x509.KeyUsageDigitalSignature,
}

privKey, err := rsa.GenerateKey(rand.Reader, 4096)
Expect(err).NotTo(HaveOccurred())

certBytes, err := x509.CreateCertificate(rand.Reader, cert, cert, &privKey.PublicKey, privKey)
Expect(err).NotTo(HaveOccurred())

buf := new(bytes.Buffer)
Expect(pem.Encode(buf, &pem.Block{
Type: "CERTIFICATE",
Bytes: certBytes,
})).To(Succeed())
Expect(pem.Encode(buf, &pem.Block{
Type: "PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(privKey),
})).To(Succeed())

return buf.Bytes()
}
6 changes: 3 additions & 3 deletions api/tests/integration/cert_inspector_test.go → api/authorization/cert_inspector_test.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package integration_test
package authorization_test

import (
"bytes"
Expand All @@ -7,7 +7,7 @@ import (

"code.cloudfoundry.org/korifi/api/apierrors"
"code.cloudfoundry.org/korifi/api/authorization"
"code.cloudfoundry.org/korifi/api/tests/integration/helpers"
"code.cloudfoundry.org/korifi/api/authorization/testhelpers"
"code.cloudfoundry.org/korifi/tests/matchers"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
Expand All @@ -26,7 +26,7 @@ var _ = Describe("CertInspector", func() {
BeforeEach(func() {
ctx = context.Background()
certInspector = authorization.NewCertInspector(k8sConfig)
certData, keyData := helpers.ObtainClientCert(testEnv, "alice")
certData, keyData := testhelpers.ObtainClientCert(testEnv, "alice")
certPEM = certData
certPEM = append(certPEM, keyData...)
})
Expand Down
2 changes: 1 addition & 1 deletion api/repositories/retrying_k8s_client.go → api/authorization/retrying_k8s_client.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package repositories
package authorization

import (
"context"
Expand Down
6 changes: 3 additions & 3 deletions api/repositories/retrying_k8s_client_test.go → ...authorization/retrying_k8s_client_test.go
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
package repositories_test
package authorization_test

import (
"context"
"errors"

"code.cloudfoundry.org/korifi/api/repositories"
"code.cloudfoundry.org/korifi/api/authorization"
"code.cloudfoundry.org/korifi/api/repositories/fake"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
Expand All @@ -30,7 +30,7 @@ var _ = Describe("RetryingK8sClient", func() {
backoff := wait.Backoff{
Steps: 5,
}
retryingClient = repositories.NewAuthRetryingClient(k8sClient, backoff)
retryingClient = authorization.NewAuthRetryingClient(k8sClient, backoff)
ctx = context.Background()
})

Expand Down
2 changes: 1 addition & 1 deletion ...ests/integration/helpers/auth_provider.go → ...uthorization/testhelpers/auth_provider.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package helpers
package testhelpers

import (
"crypto/rand"
Expand Down
2 changes: 1 addition & 1 deletion api/tests/integration/helpers/client_cert.go → api/authorization/testhelpers/client_cert.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package helpers
package testhelpers

import (
. "github.com/onsi/gomega"
Expand Down
2 changes: 1 addition & 1 deletion api/tests/integration/token_reviewer_test.go → api/authorization/token_reviewer_test.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package integration_test
package authorization_test

import (
"context"
Expand Down

0 comments on commit 2598196

Please sign in to comment.