Skip to content

Commit

Permalink
Merge pull request #765 from fabriziosestito/test/port-airgap-tests-t…
Browse files Browse the repository at this point in the history
…o-integration-tests

test: rewrite airgap tests as integration tests
  • Loading branch information
flavio authored Apr 3, 2024
2 parents 696cb5c + 2be9b4f commit 895ad97
Show file tree
Hide file tree
Showing 7 changed files with 124 additions and 46 deletions.
35 changes: 0 additions & 35 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -143,38 +143,3 @@ jobs:
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2

- run: shellcheck $(find scripts/ -name '*.sh')

airgap-e2e-test:
name: Airgap E2E test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: Run registry
run: |
export CONTAINER_ID=$(docker run -d -p 5000:5000 --name registry registry:2)
echo "CONTAINER_ID=${CONTAINER_ID}" >> $GITHUB_ENV
- name: Install kwctl
run: cargo install --locked --path .
- name: Save policies
run: ./scripts/kubewarden-save-policies.sh --policies-list tests/data/airgap/policies.txt --policies policies.tar.gz
- name: Remove policies from store
run: |
kwctl rm registry://ghcr.io/kubewarden/tests/pod-privileged:v0.1.9
kwctl rm https://github.com/kubewarden/pod-privileged-policy/releases/download/v0.1.6/policy.wasm
- name: Load policies
run: |
./scripts/kubewarden-load-policies.sh \
--policies policies.tar.gz \
--policies-list tests/data/airgap/policies.txt \
--registry localhost:5000 \
--sources-path tests/data/airgap/insecure.yml
- name: Verify policies in local registry
run: |
kwctl pull registry://localhost:5000/kubewarden/tests/pod-privileged:v0.1.9 \
--sources-path tests/data/airgap/insecure.yml
kwctl pull registry://localhost:5000/kubewarden/pod-privileged-policy/releases/download/v0.1.6/policy.wasm \
--sources-path tests/data/airgap/insecure.yml
- name: Clean up - delete registry
if: always()
run: |
docker rm -f ${{ env.CONTAINER_ID }}
11 changes: 6 additions & 5 deletions scripts/kubewarden-load-policies.sh
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
#!/bin/bash
#!/usr/bin/env bash
set -euo pipefail

kwctl="${KWCTL_CMD:-kwctl}"
policies="kubewarden-policies.tar.gz"
list="kubewarden-policies.txt"

Expand All @@ -16,9 +17,9 @@ usage () {
pushPolicy() {
newPolicyUrl=$1
if [[ -n $sourcesPath ]]; then
kwctl push "$policy" "$newPolicyUrl" --sources-path "$sourcesPath"
$kwctl push "$policy" "$newPolicyUrl" --sources-path "$sourcesPath"
else
kwctl push "$policy" "$newPolicyUrl"
$kwctl push "$policy" "$newPolicyUrl"
fi
}

Expand Down Expand Up @@ -60,7 +61,7 @@ if [[ -z ${registry:-} ]]; then
exit 1
fi

kwctl load --input "${policies}"
$kwctl load --input "${policies}"

policies=()
while read -r policy; do
Expand All @@ -83,4 +84,4 @@ for policy in "${policies[@]}"; do
newPolicyUrl="registry://$registry/${oldPolicyUrl#*/}"
pushPolicy "$newPolicyUrl"
fi
done
done
7 changes: 4 additions & 3 deletions scripts/kubewarden-save-policies.sh
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
#!/bin/bash
#!/usr/bin/env bash
set -euo pipefail

kwctl="${KWCTL_CMD:-kwctl}"
policies="kubewarden-policies.tar.gz"
list="kubewarden-policies.txt"

Expand Down Expand Up @@ -41,7 +42,7 @@ fi
pulled=()
while IFS= read -r i; do
[ -z "${i}" ] && continue
if kwctl pull "${i}" > /dev/null 2>&1; then
if $kwctl pull "${i}" > /dev/null 2>&1; then
echo "Policy pull success: ${i}"
pulled+=("${i}")
else
Expand All @@ -50,5 +51,5 @@ while IFS= read -r i; do
done < "${list}"

echo "Creating ${policies} with ${#pulled[@]} policies"
kwctl save "${pulled[@]}" --output "${policies}"
$kwctl save "${pulled[@]}" --output "${policies}"

111 changes: 111 additions & 0 deletions tests/airgap.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
use assert_cmd::Command;
use std::path::{Path, PathBuf};
use tempfile::tempdir;
use testcontainers::{clients, core::WaitFor};

mod common;

#[test]
fn test_airgap() {
let tempdir = tempdir().unwrap();
let project_root = PathBuf::from(env!("CARGO_MANIFEST_DIR"));

// Run registry
let docker = clients::Cli::default();
let registry_image = testcontainers::GenericImage::new("docker.io/library/registry", "2")
.with_wait_for(WaitFor::message_on_stderr("listening on "));
let testcontainer = docker.run(registry_image);
let port = testcontainer.get_host_port_ipv4(5000);

// Save policies
let mut save_policies_script = setup_airgap_script_command(
&project_root.join("scripts/kubewarden-save-policies.sh"),
tempdir.path(),
);
save_policies_script
.arg("--policies-list")
.arg(project_root.join("tests/data/airgap/policies.txt"))
.arg("--policies")
.arg(tempdir.path().join("policies.tar.gz"))
.assert()
.success();

// Remove policies from store
let mut kwctl = common::setup_command(tempdir.path());
kwctl
.arg("rm")
.arg("registry://ghcr.io/kubewarden/tests/pod-privileged:v0.1.9")
.assert()
.success();

let mut kwctl = common::setup_command(tempdir.path());
kwctl
.arg("rm")
.arg("https://github.com/kubewarden/pod-privileged-policy/releases/download/v0.1.6/policy.wasm")
.assert()
.success();

// Create sources.yml
let sources_yaml = format!(
r#"
insecure_sources:
- "localhost:{}"
"#,
port
);
std::fs::write(tempdir.path().join("sources.yml"), sources_yaml).unwrap();

// Load policies
let mut load_policies_script = setup_airgap_script_command(
&project_root.join("scripts/kubewarden-load-policies.sh"),
tempdir.path(),
);
load_policies_script
.arg("--policies")
.arg(tempdir.path().join("policies.tar.gz"))
.arg("--policies-list")
.arg(project_root.join("tests/data/airgap/policies.txt"))
.arg("--registry")
.arg(format!("localhost:{}", port))
.arg("--sources-path")
.arg(tempdir.path().join("sources.yml"))
.assert()
.success();

// Verify policies in local registry
let mut kwctl = common::setup_command(tempdir.path());
kwctl
.arg("pull")
.arg(format!(
"registry://localhost:{}/kubewarden/tests/pod-privileged:v0.1.9",
port
))
.arg("--sources-path")
.arg(tempdir.path().join("sources.yml"))
.assert()
.success();

let mut kwctl = common::setup_command(tempdir.path());
kwctl
.arg("pull")
.arg(format!(
"registry://localhost:{}/kubewarden/pod-privileged-policy/releases/download/v0.1.6/policy.wasm ",
port
))
.arg("--sources-path")
.arg(tempdir.path().join("sources.yml"))
.assert()
.success();
}

fn setup_airgap_script_command(script: &Path, tempdir: &Path) -> Command {
let mut cmd = Command::new(script);

cmd.current_dir(tempdir)
.env("XDG_CONFIG_HOME", tempdir.join(".config"))
.env("XDG_CACHE_HOME", tempdir.join(".cache"))
.env("XDG_DATA_HOME", tempdir.join(".local/share"))
.env("KWCTL_CMD", env!("CARGO_BIN_EXE_kwctl"));

cmd
}
2 changes: 2 additions & 0 deletions tests/common/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ use std::path::Path;

use assert_cmd::Command;

#[allow(dead_code)]
pub fn setup_command(path: &Path) -> Command {
let mut cmd = Command::cargo_bin("kwctl").unwrap();

Expand All @@ -13,6 +14,7 @@ pub fn setup_command(path: &Path) -> Command {
cmd
}

#[allow(dead_code)]
pub fn test_data(path: &str) -> String {
Path::new(env!("CARGO_MANIFEST_DIR"))
.join("tests")
Expand Down
2 changes: 0 additions & 2 deletions tests/data/airgap/insecure.yml

This file was deleted.

2 changes: 1 addition & 1 deletion tests/secure_supply_chain_e2e.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ use rstest::rstest;
use std::{fs, path::Path};
use tempfile::tempdir;

pub mod common;
mod common;

fn cosign_initialize(path: &Path) {
let mut cmd = Command::new("cosign");
Expand Down

0 comments on commit 895ad97

Please sign in to comment.