From 3a3c3e52c231d9c42c587369d0fc8ad8979e5b9f Mon Sep 17 00:00:00 2001 From: Julien Pinsonneau Date: Wed, 15 Jan 2025 15:59:11 +0100 Subject: [PATCH] add flow / packet yaml tests --- e2e/yaml_test.go | 202 +++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 197 insertions(+), 5 deletions(-) diff --git a/e2e/yaml_test.go b/e2e/yaml_test.go index 49776e54..b74d095d 100644 --- a/e2e/yaml_test.go +++ b/e2e/yaml_test.go @@ -21,14 +21,206 @@ var ( ylog = logrus.WithField("component", "yaml_test") ) +func TestFlowFiltersYAML(t *testing.T) { + f1 := features.New("flow yaml").Setup( + func(ctx context.Context, t *testing.T, cfg *envconf.Config) context.Context { + output, err := RunCommand(ylog, "oc-netobserv", "flows", + "--protocol=TCP", + "--port=8080", + "or", + "--protocol=UDP", + "--yaml") + assert.Nil(t, err) + + err = os.WriteFile(path.Join("output", StartupDate+"-flowYAMLOutput"), output, 0666) + assert.Nil(t, err) + + str := string(output) + assert.NotEmpty(t, str) + // ensure script setup is fine + assert.Contains(t, str, "creating netobserv-cli namespace") + assert.Contains(t, str, "creating service account") + assert.Contains(t, str, "creating collector service") + assert.Contains(t, str, "creating flow-capture agents") + // check CLI done successfully + assert.Contains(t, str, "Check the generated YAML file in output folder") + + return ctx + }, + ).Assess("check generated yaml output", + func(ctx context.Context, t *testing.T, cfg *envconf.Config) context.Context { + var yamls []string + + dirPath := "output" + assert.True(t, dirExists(dirPath), "directory %s not found", dirPath) + err := filepath.Walk(dirPath, func(path string, info os.FileInfo, err error) error { + if err != nil { + fmt.Println(err) + } + + if !info.IsDir() { + if strings.Contains(path, "flows_capture") && filepath.Ext(path) == ".yml" { + yamls = append(yamls, path) + } + } + + return nil + }) + assert.Nil(t, err) + + // check yaml file + assert.Equal(t, 1, len(yamls)) + yamlBytes, err := os.ReadFile(yamls[0]) + assert.Nil(t, err) + + // check yamls parts + yamlStr := string(yamlBytes[:]) + yamls = strings.Split(yamlStr, "---") + assert.Equal(t, 6, len(yamls)) + + // check yaml contents + assert.Contains(t, yamls[0], "kind: Namespace") + assert.Contains(t, yamls[0], "name: \"netobserv-cli\"") + assert.Contains(t, Normalize(yamls[0]), Normalize("labels: app: netobserv pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/audit: privileged openshift.io/cluster-monitoring: \"true\"")) + + assert.Contains(t, yamls[1], "kind: ServiceAccount") + assert.Contains(t, yamls[1], "name: netobserv-cli") + assert.Contains(t, yamls[1], "namespace: \"netobserv-cli\"") + + assert.Contains(t, yamls[2], "kind: ClusterRole") + assert.Contains(t, yamls[2], "name: netobserv-cli") + assert.Contains(t, yamls[2], "namespace: \"netobserv-cli\"") + assert.Contains(t, Normalize(yamls[2]), Normalize("- apiGroups: - security.openshift.io resourceNames: - privileged resources: - securitycontextconstraints verbs: - use")) + assert.Contains(t, Normalize(yamls[2]), Normalize("- apiGroups: - apps resources: - daemonsets verbs: - list - get - watch - delete")) + assert.Contains(t, Normalize(yamls[2]), Normalize("- apiGroups: - resources: - pods - services - nodes verbs: - list - get - watch")) + assert.Contains(t, Normalize(yamls[2]), Normalize("- apiGroups: - apps resources: - replicasets verbs: - list - get - watch")) + + assert.Contains(t, yamls[3], "kind: ClusterRoleBinding") + assert.Contains(t, yamls[3], "name: netobserv-cli") + assert.Contains(t, yamls[3], "namespace: \"netobserv-cli\"") + assert.Contains(t, Normalize(yamls[3]), Normalize("subjects: - kind: ServiceAccount name: netobserv-cli namespace: \"netobserv-cli\"")) + assert.Contains(t, Normalize(yamls[3]), Normalize("roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: netobserv-cli")) + + assert.Contains(t, yamls[4], "kind: Service") + assert.Contains(t, yamls[4], "name: collector") + assert.Contains(t, yamls[4], "namespace: \"netobserv-cli\"") + assert.Contains(t, Normalize(yamls[4]), Normalize("ports: - name: collector protocol: TCP port: 9999 targetPort: 9999")) + + assert.Contains(t, yamls[5], "kind: DaemonSet") + assert.Contains(t, yamls[5], "name: netobserv-cli") + assert.Contains(t, yamls[5], "namespace: \"netobserv-cli\"") + assert.Contains(t, Normalize(yamls[5]), Normalize("[{\"direction\": \"\", \"ip_cidr\": \"0.0.0.0/0\", \"protocol\": \"TCP\", \"source_port\": 0, \"destination_port\": 0, \"port\": 8080, \"source_port_range\": \"\", \"source_ports\": \"\", \"destination_port_range\": \"\", \"destination_ports\": \"\", \"port_range\": \"\", \"ports\": \"\", \"icmp_type\": 0, \"icmp_code\": 0, \"peer_ip\": \"\", \"action\": \"Accept\", \"tcp_flags\": \"\", \"drops\": false}, {\"direction\": \"\", \"ip_cidr\": \"0.0.0.0/0\", \"protocol\": \"UDP\", \"source_port\": 0, \"destination_port\": 0, \"port\": 0, \"source_port_range\": \"\", \"source_ports\": \"\", \"destination_port_range\": \"\", \"destination_ports\": \"\", \"port_range\": \"\", \"ports\": \"\", \"icmp_type\": 0, \"icmp_code\": 0, \"peer_ip\": \"\", \"action\": \"Accept\", \"tcp_flags\": \"\", \"drops\": false}]")) + assert.Contains(t, Normalize(yamls[5]), Normalize("\"grpc\": { \"targetHost\": \"collector.netobserv-cli.svc.cluster.local\", \"targetPort\": 9999 }")) + + return ctx + }, + ).Feature() + testCluster.TestEnv().Test(t, f1) +} + +func TestPacketFiltersYAML(t *testing.T) { + f1 := features.New("packet yaml").Setup( + func(ctx context.Context, t *testing.T, cfg *envconf.Config) context.Context { + output, err := RunCommand(ylog, "oc-netobserv", "packets", + "--node-selector=netobserv:true", + "--port=80", + "--yaml") + assert.Nil(t, err) + + err = os.WriteFile(path.Join("output", StartupDate+"-packetYAMLOutput"), output, 0666) + assert.Nil(t, err) + + str := string(output) + assert.NotEmpty(t, str) + // ensure script setup is fine + assert.Contains(t, str, "creating netobserv-cli namespace") + assert.Contains(t, str, "creating service account") + assert.Contains(t, str, "creating collector service") + assert.Contains(t, str, "creating packet-capture agents") + // check CLI done successfully + assert.Contains(t, str, "Check the generated YAML file in output folder") + + return ctx + }, + ).Assess("check generated yaml output", + func(ctx context.Context, t *testing.T, cfg *envconf.Config) context.Context { + var yamls []string + + dirPath := "output" + assert.True(t, dirExists(dirPath), "directory %s not found", dirPath) + err := filepath.Walk(dirPath, func(path string, info os.FileInfo, err error) error { + if err != nil { + fmt.Println(err) + } + + if !info.IsDir() { + if strings.Contains(path, "packets_capture") && filepath.Ext(path) == ".yml" { + yamls = append(yamls, path) + } + } + + return nil + }) + assert.Nil(t, err) + + // check yaml file + assert.Equal(t, 1, len(yamls)) + yamlBytes, err := os.ReadFile(yamls[0]) + assert.Nil(t, err) + + // check yamls parts + yamlStr := string(yamlBytes[:]) + yamls = strings.Split(yamlStr, "---") + assert.Equal(t, 6, len(yamls)) + + // check yaml contents + assert.Contains(t, yamls[0], "kind: Namespace") + assert.Contains(t, yamls[0], "name: \"netobserv-cli\"") + assert.Contains(t, Normalize(yamls[0]), Normalize("labels: app: netobserv pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/audit: privileged openshift.io/cluster-monitoring: \"true\"")) + + assert.Contains(t, yamls[1], "kind: ServiceAccount") + assert.Contains(t, yamls[1], "name: netobserv-cli") + assert.Contains(t, yamls[1], "namespace: \"netobserv-cli\"") + + assert.Contains(t, yamls[2], "kind: ClusterRole") + assert.Contains(t, yamls[2], "name: netobserv-cli") + assert.Contains(t, yamls[2], "namespace: \"netobserv-cli\"") + assert.Contains(t, Normalize(yamls[2]), Normalize("- apiGroups: - security.openshift.io resourceNames: - privileged resources: - securitycontextconstraints verbs: - use")) + assert.Contains(t, Normalize(yamls[2]), Normalize("- apiGroups: - apps resources: - daemonsets verbs: - list - get - watch - delete")) + assert.Contains(t, Normalize(yamls[2]), Normalize("- apiGroups: - resources: - pods - services - nodes verbs: - list - get - watch")) + assert.Contains(t, Normalize(yamls[2]), Normalize("- apiGroups: - apps resources: - replicasets verbs: - list - get - watch")) + + assert.Contains(t, yamls[3], "kind: ClusterRoleBinding") + assert.Contains(t, yamls[3], "name: netobserv-cli") + assert.Contains(t, yamls[3], "namespace: \"netobserv-cli\"") + assert.Contains(t, Normalize(yamls[3]), Normalize("subjects: - kind: ServiceAccount name: netobserv-cli namespace: \"netobserv-cli\"")) + assert.Contains(t, Normalize(yamls[3]), Normalize("roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: netobserv-cli")) + + assert.Contains(t, yamls[4], "kind: Service") + assert.Contains(t, yamls[4], "name: collector") + assert.Contains(t, yamls[4], "namespace: \"netobserv-cli\"") + assert.Contains(t, Normalize(yamls[4]), Normalize("ports: - name: collector protocol: TCP port: 9999 targetPort: 9999")) + + assert.Contains(t, yamls[5], "kind: DaemonSet") + assert.Contains(t, yamls[5], "name: netobserv-cli") + assert.Contains(t, yamls[5], "namespace: \"netobserv-cli\"") + assert.Contains(t, Normalize(yamls[5]), Normalize("[{\"direction\": \"\", \"ip_cidr\": \"0.0.0.0/0\", \"protocol\": \"\", \"source_port\": 0, \"destination_port\": 0, \"port\": 80, \"source_port_range\": \"\", \"source_ports\": \"\", \"destination_port_range\": \"\", \"destination_ports\": \"\", \"port_range\": \"\", \"ports\": \"\", \"icmp_type\": 0, \"icmp_code\": 0, \"peer_ip\": \"\", \"action\": \"Accept\", \"tcp_flags\": \"\", \"drops\": false}]")) + assert.Contains(t, Normalize(yamls[5]), Normalize("nodeSelector: netobserv: \"true\"")) + + return ctx + }, + ).Feature() + testCluster.TestEnv().Test(t, f1) +} + +// test metrics only as YAML output as kind can't manage ServiceMonitor CR func TestMetricYAML(t *testing.T) { f1 := features.New("metric yaml").Setup( func(ctx context.Context, t *testing.T, cfg *envconf.Config) context.Context { - // use yaml output here as kind can't manage ServiceMonitor CR output, err := RunCommand(ylog, "oc-netobserv", "metrics", "--yaml") assert.Nil(t, err) - err = os.WriteFile(path.Join("output", StartupDate+"-metricOutput"), output, 0666) + err = os.WriteFile(path.Join("output", StartupDate+"-metricYAMLOutput"), output, 0666) assert.Nil(t, err) str := string(output) @@ -39,7 +231,7 @@ func TestMetricYAML(t *testing.T) { assert.Contains(t, str, "creating service monitor") assert.Contains(t, str, "creating metric-capture agents") // check CLI done successfully - assert.Contains(t, str, "Check generated YAML file in output folder.") + assert.Contains(t, str, "Check the generated YAML file in output folder.") return ctx }, @@ -55,7 +247,7 @@ func TestMetricYAML(t *testing.T) { } if !info.IsDir() { - if filepath.Ext(path) == ".yml" { + if strings.Contains(path, "metrics_capture") && filepath.Ext(path) == ".yml" { yamls = append(yamls, path) } } @@ -106,7 +298,7 @@ func TestMetricYAML(t *testing.T) { assert.Contains(t, yamls[5], "kind: ConfigMap") assert.Contains(t, yamls[5], "name: netobserv-cli") assert.Contains(t, yamls[5], "namespace: openshift-config-managed") - assert.Contains(t, yamls[5], "console.openshift.io/dashboard: 'true'") + assert.Contains(t, yamls[5], "console.openshift.io/dashboard: true") assert.Contains(t, yamls[6], "kind: DaemonSet") assert.Contains(t, yamls[6], "name: netobserv-cli")