test: Add e2e tests for UWM federate service

arajkumar · arajkumar · commit f1863aa9e684 · 2022-04-06T11:08:51.000+05:30
Signed-off-by: Arunprasad Rajkumar &lt;arajkuma@redhat.com&gt;
diff --git a/test/e2e/alertmanager_test.go b/test/e2e/alertmanager_test.go
@@ -87,7 +87,7 @@ func TestAlertmanagerKubeRbacProxy(t *testing.T) {
 
 	// The tenancy port (9092) is only exposed in-cluster so we need to use
 	// port forwarding to access kube-rbac-proxy.
-	host, cleanUp, err := f.ForwardPort(t, "alertmanager-main", 9092)
+	host, cleanUp, err := f.ForwardPort(t, f.Ns, "alertmanager-main", 9092)
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/test/e2e/framework/framework.go b/test/e2e/framework/framework.go
@@ -411,12 +411,12 @@ func (f *Framework) CreateRoleBindingFromRole(namespace, serviceAccount, role st
 	}, nil
 }
 
-func (f *Framework) ForwardPort(t *testing.T, svc string, port int) (string, func(), error) {
+func (f *Framework) ForwardPort(t *testing.T, ns, svc string, port int) (string, func(), error) {
 	t.Helper()
 
 	ctx, cancel := context.WithCancel(context.Background())
 	// Taken from github.com/openshift/origin/test/extended/etcd/etcd_test_runner.go
-	cmd := exec.CommandContext(ctx, "oc", "port-forward", fmt.Sprintf("service/%s", svc), fmt.Sprintf(":%d", port), "-n", f.Ns, "--kubeconfig", f.kubeConfigPath)
+	cmd := exec.CommandContext(ctx, "oc", "port-forward", fmt.Sprintf("service/%s", svc), fmt.Sprintf(":%d", port), "-n", ns, "--kubeconfig", f.kubeConfigPath)
 
 	cleanUp := func() {
 		cancel()
diff --git a/test/e2e/thanos_ruler_test.go b/test/e2e/thanos_ruler_test.go
@@ -118,7 +118,7 @@ func createPrometheusRule(t *testing.T) {
 
 func verifyAlertmanagerAlertReceived(t *testing.T) {
 
-	host, cleanUp, err := f.ForwardPort(t, "alertmanager-operated", 9093)
+	host, cleanUp, err := f.ForwardPort(t, f.Ns, "alertmanager-operated", 9093)
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/test/e2e/user_workload_monitoring_test.go b/test/e2e/user_workload_monitoring_test.go
@@ -99,6 +99,11 @@ func TestUserWorkloadMonitoringMetrics(t *testing.T) {
 			name: "assert alertmanager is not deployed in user namespace",
 			f:    f.AssertStatefulsetDoesNotExist("alertmanager-not-to-be-reconciled", userWorkloadTestNs),
 		},
+
+		{
+			name: "assert UWM federate endpoint is exposed",
+			f:    assertUWMFederateEndpoint,
+		},
 	} {
 		t.Run(scenario.name, scenario.f)
 	}
@@ -631,7 +636,7 @@ func assertTenancyForMetrics(t *testing.T) {
 			err = framework.Poll(5*time.Second, time.Minute, func() error {
 				// The tenancy port (9092) is only exposed in-cluster so we need to use
 				// port forwarding to access kube-rbac-proxy.
-				host, cleanUp, err := f.ForwardPort(t, "thanos-querier", 9092)
+				host, cleanUp, err := f.ForwardPort(t, f.Ns, "thanos-querier", 9092)
 				if err != nil {
 					t.Fatal(err)
 				}
@@ -698,7 +703,7 @@ func assertTenancyForMetrics(t *testing.T) {
 	err = framework.Poll(5*time.Second, time.Minute, func() error {
 		// The tenancy port (9092) is only exposed in-cluster so we need to use
 		// port forwarding to access kube-rbac-proxy.
-		host, cleanUp, err := f.ForwardPort(t, "thanos-querier", 9092)
+		host, cleanUp, err := f.ForwardPort(t, f.Ns, "thanos-querier", 9092)
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -764,7 +769,7 @@ func assertTenancyForRules(t *testing.T) {
 
 	// The tenancy port (9093) is only exposed in-cluster so we need to use
 	// port forwarding to access kube-rbac-proxy.
-	host, cleanUp, err := f.ForwardPort(t, "thanos-querier", 9093)
+	host, cleanUp, err := f.ForwardPort(t, f.Ns, "thanos-querier", 9093)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -891,6 +896,80 @@ func assertTenancyForRules(t *testing.T) {
 	}
 }
 
+func assertUWMFederateEndpoint(t *testing.T) {
+	const testAccount = "test-uwm-federate"
+
+	err := framework.Poll(2*time.Second, 10*time.Second, func() error {
+		_, err := f.CreateServiceAccount(userWorkloadTestNs, testAccount)
+		return err
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Grant enough permissions to invoke /federate endpoint which is protected by kube-rbac-proxy.
+	err = framework.Poll(2*time.Second, 10*time.Second, func() error {
+		_, err = f.CreateClusterRoleBinding(userWorkloadTestNs, testAccount, "admin")
+		return err
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	var token string
+	err = framework.Poll(5*time.Second, time.Minute, func() error {
+		token, err = f.GetServiceAccountToken(userWorkloadTestNs, testAccount)
+		return err
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// check /federate endpoint
+	err = framework.Poll(5*time.Second, time.Minute, func() error {
+		// The federate port (9092) is only exposed in-cluster so we need to use
+		// port forwarding to access kube-rbac-proxy.
+		host, cleanUp, err := f.ForwardPort(t, f.UserWorkloadMonitoringNs, "prometheus-user-workload", 9092)
+		if err != nil {
+			return err
+		}
+		defer cleanUp()
+
+		client := framework.NewPrometheusClient(
+			host,
+			token,
+			&framework.QueryParameterInjector{
+				Name:  "match[]",
+				Value: `up`,
+			},
+		)
+
+		resp, err := client.Do("GET", "/federate", nil)
+		if err != nil {
+			return err
+		}
+		defer resp.Body.Close()
+
+		b, err := ioutil.ReadAll(resp.Body)
+		if err != nil {
+			return err
+		}
+		if resp.StatusCode != http.StatusOK {
+			return fmt.Errorf("unexpected status code response, want %d, got %d (%s)", http.StatusOK, resp.StatusCode, framework.ClampMax(b))
+		}
+
+		if !strings.Contains(string(b), "up") {
+			return fmt.Errorf("'up' metric is missing, got (%s)", framework.ClampMax(b))
+		}
+
+		return nil
+	})
+
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
 func assertTenancyForSeriesMetadata(t *testing.T) {
 	const testAccount = "test-labels"
 
@@ -924,7 +1003,7 @@ func assertTenancyForSeriesMetadata(t *testing.T) {
 	err = framework.Poll(5*time.Second, time.Minute, func() error {
 		// The tenancy port (9092) is only exposed in-cluster so we need to use
 		// port forwarding to access kube-rbac-proxy.
-		host, cleanUp, err := f.ForwardPort(t, "thanos-querier", 9092)
+		host, cleanUp, err := f.ForwardPort(t, f.Ns, "thanos-querier", 9092)
 		if err != nil {
 			return err
 		}
@@ -978,7 +1057,7 @@ func assertTenancyForSeriesMetadata(t *testing.T) {
 	err = framework.Poll(5*time.Second, time.Minute, func() error {
 		// The tenancy port (9092) is only exposed in-cluster so we need to use
 		// port forwarding to access kube-rbac-proxy.
-		host, cleanUp, err := f.ForwardPort(t, "thanos-querier", 9092)
+		host, cleanUp, err := f.ForwardPort(t, f.Ns, "thanos-querier", 9092)
 		if err != nil {
 			return err
 		}
@@ -1032,7 +1111,7 @@ func assertTenancyForSeriesMetadata(t *testing.T) {
 	err = framework.Poll(5*time.Second, time.Minute, func() error {
 		// The tenancy port (9092) is only exposed in-cluster so we need to use
 		// port forwarding to access kube-rbac-proxy.
-		host, cleanUp, err := f.ForwardPort(t, "thanos-querier", 9092)
+		host, cleanUp, err := f.ForwardPort(t, f.Ns, "thanos-querier", 9092)
 		if err != nil {
 			return err
 		}

Original file line number	Diff line number	Diff line change
`@@ -87,7 +87,7 @@ func TestAlertmanagerKubeRbacProxy(t *testing.T) {`
`87`	`87`
`88`	`88`	`// The tenancy port (9092) is only exposed in-cluster so we need to use`
`89`	`89`	`// port forwarding to access kube-rbac-proxy.`
`90`		`- host, cleanUp, err := f.ForwardPort(t, "alertmanager-main", 9092)`
	`90`	`+ host, cleanUp, err := f.ForwardPort(t, f.Ns, "alertmanager-main", 9092)`
`91`	`91`	`if err != nil {`
`92`	`92`	`t.Fatal(err)`
`93`	`93`	`}`
Original file line number	Diff line number	Diff line change
`@@ -118,7 +118,7 @@ func createPrometheusRule(t *testing.T) {`
`118`	`118`
`119`	`119`	`func verifyAlertmanagerAlertReceived(t *testing.T) {`
`120`	`120`
`121`		`- host, cleanUp, err := f.ForwardPort(t, "alertmanager-operated", 9093)`
	`121`	`+ host, cleanUp, err := f.ForwardPort(t, f.Ns, "alertmanager-operated", 9093)`
`122`	`122`	`if err != nil {`
`123`	`123`	`t.Fatal(err)`
`124`	`124`	`}`