Add unit tests for SSH reruns

CircleCI-Public · Jun 29, 2023 · 05cda75 · 05cda75
1 parent 584792e
commit 05cda75
Show file tree

Hide file tree

Showing 4 changed files with 208 additions and 1 deletion.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -41,6 +41,7 @@ jobs:
     steps:
       - checkout
       - run: ./do check-version-bump << pipeline.git.branch >>
+      - notify_failing_main
 
   validate-helm-chart:
     docker:
@@ -54,6 +55,7 @@ jobs:
           aws-secret-access-key: BINARY_S3_AWS_SECRET_ACCESS_KEY
       - run: ./do install-helm
       - run: helm lint
+      - run: ./do unit-tests
       - run: ./do provision-test
       - notify_failing_main
 

diff --git a/do b/do
@@ -18,7 +18,8 @@ check-version-bump() {
     fi
 
     if [ "$(git diff ${prev} HEAD ./templates)" != "" ] || [ "$(git diff ${prev} HEAD values.yaml)" != "" ]; then
-        if [ "$(./do version)" == "$(git show HEAD^:Chart.yaml | grep version | sed -nE 's/.*"(.*)".*/\1/p')" ]; then
+        set -x
+        if [ "$(./do version)" == "$(git show "${prev}:Chart.yaml" | grep version | sed -nE 's/.*"(.*)".*/\1/p')" ]; then
             exit 1
         fi
     fi
@@ -123,6 +124,23 @@ install-helm() {
   sudo apt-get install helm
 }
 
+# This variable is used, but shellcheck can't tell.
+# shellcheck disable=SC2034
+help_unit_tests="Run helm unittest"
+unit-tests() {
+    if ! [ -x "$(command -v helm)" ]; then
+        echo 'Helm is required. See: https://helm.sh/docs/intro/install/'
+        exit 1
+    fi
+
+    if ! helm plugin list | grep unittest >/dev/null; then
+        echo 'Installing helm unittest'
+        helm plugin install https://github.com/helm-unittest/helm-unittest.git
+    fi
+
+    helm unittest -f 'tests/*.yaml' . "$@"
+}
+
 help-text-intro() {
     echo "
 DO

diff --git a/tests/__snapshot__/ssh_test.yaml.snap b/tests/__snapshot__/ssh_test.yaml.snap
@@ -0,0 +1,100 @@
+should create Gateway and Service resources if enabled:
+  1: |
+    apiVersion: gateway.networking.k8s.io/v1beta1
+    kind: GatewayClass
+    metadata:
+      name: RELEASE-NAME-container-agent-ssh
+      namespace: NAMESPACE
+    spec:
+      controllerName: example.net/gateway-controller
+  2: |
+    apiVersion: gateway.networking.k8s.io/v1beta1
+    kind: Gateway
+    metadata:
+      name: RELEASE-NAME-container-agent-ssh
+      namespace: NAMESPACE
+    spec:
+      gatewayClassName: RELEASE-NAME-container-agent-ssh
+      listeners:
+        - allowedRoutes:
+            kinds:
+              - kind: TCPRoute
+          name: ssh-22
+          port: 22
+          protocol: TCP
+        - allowedRoutes:
+            kinds:
+              - kind: TCPRoute
+          name: ssh-23
+          port: 23
+          protocol: TCP
+        - allowedRoutes:
+            kinds:
+              - kind: TCPRoute
+          name: ssh-24
+          port: 24
+          protocol: TCP
+  3: |
+    apiVersion: gateway.networking.k8s.io/v1alpha2
+    kind: TCPRoute
+    metadata:
+      name: ssh-22
+      namespace: NAMESPACE
+    spec:
+      parentRefs:
+        - name: RELEASE-NAME-container-agent-ssh
+          sectionName: ssh-22
+      rules:
+        - backendRefs:
+            - name: RELEASE-NAME-container-agent-ssh
+              port: 22
+  4: |
+    apiVersion: gateway.networking.k8s.io/v1alpha2
+    kind: TCPRoute
+    metadata:
+      name: ssh-23
+      namespace: NAMESPACE
+    spec:
+      parentRefs:
+        - name: RELEASE-NAME-container-agent-ssh
+          sectionName: ssh-23
+      rules:
+        - backendRefs:
+            - name: RELEASE-NAME-container-agent-ssh
+              port: 23
+  5: |
+    apiVersion: gateway.networking.k8s.io/v1alpha2
+    kind: TCPRoute
+    metadata:
+      name: ssh-24
+      namespace: NAMESPACE
+    spec:
+      parentRefs:
+        - name: RELEASE-NAME-container-agent-ssh
+          sectionName: ssh-24
+      rules:
+        - backendRefs:
+            - name: RELEASE-NAME-container-agent-ssh
+              port: 24
+  6: |
+    apiVersion: v1
+    kind: Service
+    metadata:
+      name: RELEASE-NAME-container-agent-ssh
+      namespace: NAMESPACE
+    spec:
+      ports:
+        - name: ssh-22
+          port: 22
+          protocol: TCP
+          targetPort: ssh-22
+        - name: ssh-23
+          port: 23
+          protocol: TCP
+          targetPort: ssh-23
+        - name: ssh-24
+          port: 24
+          protocol: TCP
+          targetPort: ssh-24
+      selector:
+        app.kubernetes.io/managed-by: circleci-container-agent
diff --git a/tests/ssh_test.yaml b/tests/ssh_test.yaml
@@ -0,0 +1,87 @@
+suite: test ssh
+tests:
+  - it: should create Gateway and Service resources if enabled
+    template: templates/ssh.yaml
+    set:
+      agent.ssh.isEnabled: true
+      agent.ssh.controllerName: "example.net/gateway-controller"
+      agent.ssh.startPort: 22
+      agent.ssh.numPorts: 3
+    asserts:
+      - matchSnapshot: {}
+
+  - it: should update Role rules to allow get Gateway and Services resources if enabled
+    template: templates/role.yaml
+    set:
+      agent.ssh.isEnabled: true
+    asserts:
+      - contains:
+          path: rules
+          content:
+            apiGroups: ["", "gateway.networking.k8s.io"]
+            resources: ["gateways", "services", "endpoints"]
+            verbs: ["get"]
+        documentIndex: 0
+
+  - it: should set container-agent ssh configuration if enabled
+    template: templates/deployment.yaml
+    set:
+      agent.ssh.isEnabled: true
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: KUBE_SSH_IS_ENABLED
+            value: "true"
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: KUBE_SSH_GATEWAY_NAME
+            value: "RELEASE-NAME-container-agent-ssh"
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: KUBE_SSH_SERVICE_NAME
+            value: "RELEASE-NAME-container-agent-ssh"
+
+  - it: should not create any Gateway or Service resources if disabled
+    template: templates/ssh.yaml
+    set:
+      agent.ssh.isEnabled: false
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: should not update Role rules to allow get Gateway and Services resources if disabled
+    template: templates/role.yaml
+    set:
+      agent.ssh.isEnabled: false
+    asserts:
+      - notContains:
+          path: rules
+          content:
+            apiGroups: ["", "gateway.networking.k8s.io"]
+            resources: ["gateways", "services", "endpoints"]
+            verbs: ["get"]
+        documentIndex: 0
+
+  - it: should not set container-agent ssh configuration if disabled
+    template: templates/deployment.yaml
+    set:
+      agent.ssh.isEnabled: false
+    asserts:
+      - notContains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: KUBE_SSH_IS_ENABLED
+            value: "true"
+      - notContains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: KUBE_SSH_GATEWAY_NAME
+            value: "RELEASE-NAME-container-agent-ssh"
+      - notContains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: KUBE_SSH_SERVICE_NAME
+            value: "RELEASE-NAME-container-agent-ssh"