feat: E2E for admission controls (#49)

Author: csviri

.github/workflows/master-snapshot-release.yml

@@ -27,7 +27,7 @@ jobs:
           cache: 'maven'
       - name: Run unit tests
         run: ./mvnw ${MAVEN_ARGS} -B test --file pom.xml
-      - name: Run integration tests
+      - name: Package
         run: ./mvnw ${MAVEN_ARGS} -B package --file pom.xml
   release-snapshot:
     runs-on: ubuntu-latest

.github/workflows/pr.yml

@@ -31,7 +31,7 @@ jobs:
           ./mvnw ${MAVEN_ARGS} impsort:check --file pom.xml
       - name: Run unit tests
         run: ./mvnw ${MAVEN_ARGS} -B test --file pom.xml
-  spring-boot-integration-test:
+  spring-boot-e2e-tests:
     runs-on: ubuntu-latest
     needs: build
     strategy:
@@ -46,59 +46,50 @@ jobs:
           distribution: ${{ matrix.distribution }}
           java-version: ${{ matrix.java }}
           cache: 'maven'
-      - name: Build
-        run: ./mvnw ${MAVEN_ARGS} clean install -DskipTests
-      - name: Kubernetes KinD Cluster
-        uses: container-tools/kind-action@v1
+      - name: Setup Minikube-Kubernetes
+        uses: manusa/[email protected]
         with:
-          version: v0.11.1
-          registry: true
-      - name: Install Cert-Manager
+          minikube version: v1.25.2
+          kubernetes version: v1.23.6
+          github token: ${{ secrets.GITHUB_TOKEN }}
+          driver: docker
+      - name: Run E2E Test
         run: |
-          OS=$(go env GOOS); ARCH=$(go env GOARCH); curl -sSL -o kubectl-cert-manager.tar.gz https://github.com/cert-manager/cert-manager/releases/download/v1.7.2/kubectl-cert_manager-$OS-$ARCH.tar.gz
-          tar xzf kubectl-cert-manager.tar.gz
-          sudo mv kubectl-cert_manager /usr/local/bin
-          kubectl cert-manager x install
-      - name: Run Integration Test
+          set -x
+          eval $(minikube -p minikube docker-env)
+          ./mvnw ${MAVEN_ARGS} clean install -DskipTests
+          cd samples/spring-boot
+          pwd
+          ./mvnw ${MAVEN_ARGS} jib:dockerBuild -DskipTests
+          ./mvnw ${MAVEN_ARGS} test -Pend-to-end-tests  
+          
+  quarkus-e2e-tests:
+    runs-on: ubuntu-latest
+    needs: build
+    strategy:
+      matrix:
+        java: [ 11 ]
+        distribution: [ temurin ]
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Java and Maven
+        uses: actions/setup-java@v2
+        with:
+          distribution: ${{ matrix.distribution }}
+          java-version: ${{ matrix.java }}
+          cache: 'maven'
+      - name: Setup Minikube-Kubernetes
+        uses: manusa/[email protected]
+        with:
+          minikube version: v1.25.2
+          kubernetes version: v1.23.6
+          github token: ${{ secrets.GITHUB_TOKEN }}
+          driver: docker
+      - name: Run E2E Test
         run: |
           set -x
-
-          # Create namespace
-          kubectl create namespace test
-          kubectl config set-context --current --namespace=test
-
-          # Generate manifests and image
-          cd samples/spring-boot          
-          ./mvnw ${MAVEN_ARGS} clean install -Ddekorate.jib.registry=$KIND_REGISTRY -Ddekorate.jib.group=tests -Ddekorate.jib.version=latest -Ddekorate.jib.autoPushEnabled=true -DskipTests
-
-          # Install manifests
-          kubectl apply -f target/classes/META-INF/dekorate/kubernetes.yml
-
-          # Wait until the service is started
-          kubectl wait --for=condition=available --timeout=600s deployment/spring-boot-sample
-
-          # First test: verify validating webhook works
-          ## Install webhook
-          kubectl apply -f k8s/validating-webhook-configuration.yml
-
-          ## Wait some time to let Cert-Manager to inject issuers
-          sleep 10
-
-          ## Test Pod with missing label: it should fail
-          K8S_MESSAGE=$(kubectl apply -f k8s/create-pod-with-missing-label-example.yml 2>&1 || true)
-          if [[ $K8S_MESSAGE != *"Missing label"* ]]; then
-            echo "The validation webhook didn't work. Message: $K8S_MESSAGE"
-            exit 1
-          fi
-
-          # Second test: verify mutating webhook works
-          ## Install webhook
-          kubectl apply -f k8s/mutating-webhook-configuration.yml
-
-          ## Test the same Pod can now be installed because the mutating webhook adds the missing label
-          kubectl apply -f k8s/create-pod-with-missing-label-example.yml
-          K8S_MESSAGE=`kubectl get pod pod-with-missing-label -o yaml | grep app.kubernetes.io/name`
-          if [[ $K8S_MESSAGE != *"mutation-test"* ]]; then
-            echo "The mutating webhook didn't work. Message: $K8S_MESSAGE"
-            exit 1
-          fi
+          eval $(minikube -p minikube docker-env)
+          ./mvnw clean install -DskipTests
+          cd samples/quarkus
+          ./mvnw install -Dquarkus.container-image.build=true -DskipTests
+          ./mvnw ${MAVEN_ARGS} test -Pend-to-end-tests

delme.yaml

@@ -0,0 +1,21 @@
+# TODO del this
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: minimal-ingress
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+  labels:
+    app.kubernetes.io/name: "app"
+spec:
+  ingressClassName: nginx-example
+  rules:
+  - http:
+      paths:
+      - path: /testpath
+        pathType: Prefix
+        backend:
+          service:
+            name: test
+            port:
+              number: 80

pom.xml

@@ -134,6 +134,11 @@
                 <artifactId>certmanager-annotations</artifactId>
                 <version>${dekorate.version}</version>
             </dependency>
+            <dependency>
+                <groupId>io.dekorate</groupId>
+                <artifactId>kubernetes-annotations</artifactId>
+                <version>${dekorate.version}</version>
+            </dependency>
             <dependency>
                 <groupId>io.dekorate</groupId>
                 <artifactId>jib-annotations</artifactId>

samples/commons/src/main/java/io/javaoperatorsdk/webhook/sample/commons/AdmissionControllers.java

@@ -3,7 +3,7 @@
 import java.util.HashMap;
 import java.util.concurrent.CompletableFuture;
 
-import io.fabric8.kubernetes.api.model.Pod;
+import io.fabric8.kubernetes.api.model.networking.v1.Ingress;
 import io.javaoperatorsdk.webhook.admission.AdmissionController;
 import io.javaoperatorsdk.webhook.admission.AsyncAdmissionController;
 import io.javaoperatorsdk.webhook.admission.NotAllowedException;
@@ -14,68 +14,69 @@
 public class AdmissionControllers {
 
   public static final String ERROR_MESSAGE = "Some error happened";
-  public static final String APP_NAME_LABEL_KEY = "app.kubernetes.io/name";
+  public static final String VALIDATION_TARGET_LABEL = "app.kubernetes.io/name";
+  public static final String MUTATION_TARGET_LABEL = "app.kubernetes.io/id";
 
-  public static AdmissionController<Pod> mutatingController() {
+  public static AdmissionController<Ingress> mutatingController() {
     return new AdmissionController<>((resource, operation) -> {
       if (resource.getMetadata().getLabels() == null) {
         resource.getMetadata().setLabels(new HashMap<>());
       }
-      resource.getMetadata().getLabels().putIfAbsent(APP_NAME_LABEL_KEY, "mutation-test");
+      resource.getMetadata().getLabels().putIfAbsent(MUTATION_TARGET_LABEL, "mutation-test");
       return resource;
     });
   }
 
-  public static AdmissionController<Pod> validatingController() {
+  public static AdmissionController<Ingress> validatingController() {
     return new AdmissionController<>((resource, operation) -> {
       if (resource.getMetadata().getLabels() == null
-          || resource.getMetadata().getLabels().get(APP_NAME_LABEL_KEY) == null) {
-        throw new NotAllowedException("Missing label: " + APP_NAME_LABEL_KEY);
+          || resource.getMetadata().getLabels().get(VALIDATION_TARGET_LABEL) == null) {
+        throw new NotAllowedException("Missing label: " + VALIDATION_TARGET_LABEL);
       }
     });
   }
 
-  public static AsyncAdmissionController<Pod> asyncMutatingController() {
+  public static AsyncAdmissionController<Ingress> asyncMutatingController() {
     return new AsyncAdmissionController<>(
-        (AsyncMutator<Pod>) (resource, operation) -> CompletableFuture.supplyAsync(() -> {
+        (AsyncMutator<Ingress>) (resource, operation) -> CompletableFuture.supplyAsync(() -> {
           if (resource.getMetadata().getLabels() == null) {
             resource.getMetadata().setLabels(new HashMap<>());
           }
-          resource.getMetadata().getLabels().putIfAbsent(APP_NAME_LABEL_KEY, "mutation-test");
+          resource.getMetadata().getLabels().putIfAbsent(MUTATION_TARGET_LABEL, "mutation-test");
           return resource;
         }));
   }
 
-  public static AsyncAdmissionController<Pod> asyncValidatingController() {
+  public static AsyncAdmissionController<Ingress> asyncValidatingController() {
     return new AsyncAdmissionController<>((resource, operation) -> {
       if (resource.getMetadata().getLabels() == null
-          || resource.getMetadata().getLabels().get(APP_NAME_LABEL_KEY) == null) {
-        throw new NotAllowedException("Missing label: " + APP_NAME_LABEL_KEY);
+          || resource.getMetadata().getLabels().get(VALIDATION_TARGET_LABEL) == null) {
+        throw new NotAllowedException("Missing label: " + VALIDATION_TARGET_LABEL);
       }
     });
   }
 
 
-  public static AdmissionController<Pod> errorMutatingController() {
-    return new AdmissionController<>((Validator<Pod>) (resource, operation) -> {
+  public static AdmissionController<Ingress> errorMutatingController() {
+    return new AdmissionController<>((Validator<Ingress>) (resource, operation) -> {
       throw new IllegalStateException(ERROR_MESSAGE);
     });
   }
 
-  public static AdmissionController<Pod> errorValidatingController() {
-    return new AdmissionController<>((Mutator<Pod>) (resource, operation) -> {
+  public static AdmissionController<Ingress> errorValidatingController() {
+    return new AdmissionController<>((Mutator<Ingress>) (resource, operation) -> {
       throw new IllegalStateException(ERROR_MESSAGE);
     });
   }
 
-  public static AsyncAdmissionController<Pod> errorAsyncMutatingController() {
-    return new AsyncAdmissionController<>((AsyncMutator<Pod>) (resource, operation) -> {
+  public static AsyncAdmissionController<Ingress> errorAsyncMutatingController() {
+    return new AsyncAdmissionController<>((AsyncMutator<Ingress>) (resource, operation) -> {
       throw new IllegalStateException(ERROR_MESSAGE);
     });
   }
 
-  public static AsyncAdmissionController<Pod> errorAsyncValidatingController() {
-    return new AsyncAdmissionController<>((Validator<Pod>) (resource, operation) -> {
+  public static AsyncAdmissionController<Ingress> errorAsyncValidatingController() {
+    return new AsyncAdmissionController<>((Validator<Ingress>) (resource, operation) -> {
       throw new IllegalStateException(ERROR_MESSAGE);
     });
   }

samples/commons/src/main/java/io/javaoperatorsdk/webhook/sample/commons/Utils.java

@@ -0,0 +1,63 @@
+package io.javaoperatorsdk.webhook.sample.commons;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+
+import io.fabric8.kubernetes.api.model.networking.v1.*;
+import io.fabric8.kubernetes.client.KubernetesClient;
+
+import static io.javaoperatorsdk.webhook.sample.commons.AdmissionControllers.VALIDATION_TARGET_LABEL;
+
+public class Utils {
+
+  public static final int SPIN_UP_GRACE_PERIOD = 120;
+
+  public static void applyAndWait(KubernetesClient client, String path) {
+    try (FileInputStream fileInputStream = new FileInputStream(path)) {
+      applyAndWait(client, fileInputStream);
+    } catch (IOException e) {
+      throw new IllegalStateException(e);
+    }
+  }
+
+  public static void applyAndWait(KubernetesClient client, InputStream is) {
+    var resources = client.load(is).get();
+    client.resourceList(resources).createOrReplace();
+    client.resourceList(resources).waitUntilReady(3, TimeUnit.MINUTES);
+  }
+
+  public static void addRequiredLabels(Ingress ingress) {
+    ingress.getMetadata().setLabels(Map.of(VALIDATION_TARGET_LABEL, "val"));
+  }
+
+  public static Ingress testIngress(String name) {
+    return new IngressBuilder()
+        .withNewMetadata()
+        .withName(name)
+        .endMetadata()
+        .withSpec(new IngressSpecBuilder()
+            .withIngressClassName("sample")
+            .withRules(new IngressRuleBuilder()
+                .withHttp(new HTTPIngressRuleValueBuilder()
+                    .withPaths(new HTTPIngressPathBuilder()
+                        .withPath("/test")
+                        .withPathType("Prefix")
+                        .withBackend(new IngressBackendBuilder()
+                            .withService(new IngressServiceBackendBuilder()
+                                .withName("service")
+                                .withPort(new ServiceBackendPortBuilder()
+                                    .withNumber(80)
+                                    .build())
+                                .build())
+                            .build())
+                        .build())
+                    .build())
+                .build())
+            .build())
+        .build();
+  }
+
+}