From d2a1fa9e7d25d84cda9989bb5db35adb34d9c5b3 Mon Sep 17 00:00:00 2001 From: Eduardo Espinoza Perez Date: Mon, 21 Nov 2022 13:54:54 -0300 Subject: [PATCH 1/5] feat(k8s): add networkpolicy support --- modules/k8s/networkpolicy.go | 53 ++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 modules/k8s/networkpolicy.go diff --git a/modules/k8s/networkpolicy.go b/modules/k8s/networkpolicy.go new file mode 100644 index 000000000..124028e6e --- /dev/null +++ b/modules/k8s/networkpolicy.go @@ -0,0 +1,53 @@ +package k8s + +import ( + "context" + "fmt" + "time" + + "github.com/gruntwork-io/terratest/modules/logger" + "github.com/gruntwork-io/terratest/modules/retry" + "github.com/gruntwork-io/terratest/modules/testing" + "github.com/stretchr/testify/require" + networkingv1 "k8s.io/api/networking/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// GetNetworkPolicy returns a Kubernetes networkpolicy resource in the provided namespace with the given name. The namespace used +// is the one provided in the KubectlOptions. This will fail the test if there is an error. +func GetNetworkPolicy(t testing.TestingT, options *KubectlOptions, networkPolicyName string) *networkingv1.NetworkPolicy { + networkPolicy, err := GetNetworkPolicyE(t, options, networkPolicyName) + require.NoError(t, err) + return networkPolicy +} + +// GetNetworkPolicyE returns a Kubernetes networkpolicy resource in the provided namespace with the given name. The namespace used +// is the one provided in the KubectlOptions. +func GetNetworkPolicyE(t testing.TestingT, options *KubectlOptions, networkPolicyName string) (*networkingv1.NetworkPolicy, error) { + clientset, err := GetKubernetesClientFromOptionsE(t, options) + if err != nil { + return nil, err + } + return clientset.NetworkingV1().NetworkPolicies(options.Namespace).Get(context.Background(), networkPolicyName, metav1.GetOptions{}) +} + +// WaitUntilNetworkPolicyAvailable waits until the networkpolicy is present on the cluster in cases where it is not immediately +// available (for example, when using ClusterIssuer to request a certificate). +func WaitUntilNetworkPolicyAvailable(t testing.TestingT, options *KubectlOptions, networkPolicyName string, retries int, sleepBetweenRetries time.Duration) { + statusMsg := fmt.Sprintf("Wait for networkpolicy %s to be provisioned.", networkPolicyName) + message := retry.DoWithRetry( + t, + statusMsg, + retries, + sleepBetweenRetries, + func() (string, error) { + _, err := GetNetworkPolicyE(t, options, networkPolicyName) + if err != nil { + return "", err + } + + return "networkpolicy is now available", nil + }, + ) + logger.Logf(t, message) +} From 5abb20fbde49b2020621c82e3c1acb66db43337a Mon Sep 17 00:00:00 2001 From: Bryan Quintana Date: Mon, 21 Nov 2022 16:07:26 -0300 Subject: [PATCH 2/5] test(k8s): Adding test suite to networkpolicy --- modules/k8s/networkpolicy_test.go | 72 +++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 modules/k8s/networkpolicy_test.go diff --git a/modules/k8s/networkpolicy_test.go b/modules/k8s/networkpolicy_test.go new file mode 100644 index 000000000..01e6227b2 --- /dev/null +++ b/modules/k8s/networkpolicy_test.go @@ -0,0 +1,72 @@ +//go:build kubeall || kubernetes +// +build kubeall kubernetes + +// NOTE: we have build tags to differentiate kubernetes tests from non-kubernetes tests. This is done because minikube +// is heavy and can interfere with docker related tests in terratest. Specifically, many of the tests start to fail with +// `connection refused` errors from `minikube`. To avoid overloading the system, we run the kubernetes tests and helm +// tests separately from the others. This may not be necessary if you have a sufficiently powerful machine. We +// recommend at least 4 cores and 16GB of RAM if you want to run all the tests together. + +package k8s + +import ( + "fmt" + "strings" + "testing" + "time" + + "github.com/stretchr/testify/require" + + "github.com/gruntwork-io/terratest/modules/random" +) + +func TestGetNetworkPolicyEReturnsErrorForNonExistantNetworkPolicy(t *testing.T) { + t.Parallel() + + options := NewKubectlOptions("", "", "default") + _, err := GetNetworkPolicyE(t, options, "test-network-policy") + require.Error(t, err) +} + +func TestGetNetworkPolicyEReturnsCorrectNetworkPolicyInCorrectNamespace(t *testing.T) { + t.Parallel() + + uniqueID := strings.ToLower(random.UniqueId()) + options := NewKubectlOptions("", "", uniqueID) + configData := fmt.Sprintf(EXAMPLE_NETWORK_POLICY_YAML_TEMPLATE, uniqueID, uniqueID) + defer KubectlDeleteFromString(t, options, configData) + KubectlApplyFromString(t, options, configData) + + networkPolicy := GetNetworkPolicy(t, options, "test-network-policy") + require.Equal(t, networkPolicy.Name, "test-network-policy") + require.Equal(t, networkPolicy.Namespace, uniqueID) +} + +func TestWaitUntilNetworkPolicyAvailableReturnsSuccessfully(t *testing.T) { + t.Parallel() + + uniqueID := strings.ToLower(random.UniqueId()) + options := NewKubectlOptions("", "", uniqueID) + configData := fmt.Sprintf(EXAMPLE_NETWORK_POLICY_YAML_TEMPLATE, uniqueID, uniqueID) + defer KubectlDeleteFromString(t, options, configData) + + KubectlApplyFromString(t, options, configData) + WaitUntilNetworkPolicyAvailable(t, options, "test-network-policy", 10, 1*time.Second) +} + +const EXAMPLE_NETWORK_POLICY_YAML_TEMPLATE = `--- +apiVersion: v1 +kind: Namespace +metadata: + name: %s +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: test-network-policy + namespace: %s +spec: + podSelector: {} + policyTypes: + - Ingress +` From 918c614e3157b938626b5b35039e6a60650cece6 Mon Sep 17 00:00:00 2001 From: Bryan Quintana Date: Mon, 21 Nov 2022 16:13:13 -0300 Subject: [PATCH 3/5] chore: Change module name to github.com/fiftech/terratest --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 8e65c7da4..cb8d19b65 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/gruntwork-io/terratest +module github.com/fiftech/terratest go 1.18 From fb306ab3ee9a7cdb5902551ffe7207376a8102e0 Mon Sep 17 00:00:00 2001 From: Bryan Quintana Date: Mon, 28 Nov 2022 11:22:45 -0300 Subject: [PATCH 4/5] fix: Restore module name to github.com/gruntwork-io/terratest --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index cb8d19b65..8e65c7da4 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/fiftech/terratest +module github.com/gruntwork-io/terratest go 1.18 From ca35d5453ac325fb74f6f64cf4ca87aa1c2c06fd Mon Sep 17 00:00:00 2001 From: Eduardo Espinoza Perez Date: Thu, 1 Dec 2022 13:20:13 -0300 Subject: [PATCH 5/5] test(k8s): use spaces instead of tabs in example yaml --- modules/k8s/networkpolicy_test.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/k8s/networkpolicy_test.go b/modules/k8s/networkpolicy_test.go index 01e6227b2..9e06933e5 100644 --- a/modules/k8s/networkpolicy_test.go +++ b/modules/k8s/networkpolicy_test.go @@ -58,15 +58,15 @@ const EXAMPLE_NETWORK_POLICY_YAML_TEMPLATE = `--- apiVersion: v1 kind: Namespace metadata: - name: %s + name: %s --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: test-network-policy - namespace: %s + name: test-network-policy + namespace: %s spec: - podSelector: {} - policyTypes: - - Ingress + podSelector: {} + policyTypes: + - Ingress `