From 7e683e86ed7464c237c44324fde855711a7b36e0 Mon Sep 17 00:00:00 2001 From: Brandt Keller <43887158+brandtkeller@users.noreply.github.com> Date: Fri, 17 Nov 2023 12:50:19 -0800 Subject: [PATCH] fix: simplify api test dependencies (#117) * fix: simplify api test dependencies * Cleanup commented code --- renovate.json | 3 +- src/test/e2e/api_validation_test.go | 147 +--- src/test/e2e/kind-config.yaml | 9 - src/test/e2e/main_test.go | 57 -- src/test/e2e/nginx-ingress.yaml | 683 ------------------ .../scenarios/api-field/configmap.fail.yaml | 2 +- .../scenarios/api-field/configmap.pass.yaml | 2 +- src/test/e2e/scenarios/api-field/ingress.yaml | 18 - .../scenarios/api-field/oscal-component.yaml | 2 +- src/test/e2e/scenarios/api-field/pod.yaml | 3 +- src/test/e2e/scenarios/api-field/service.yaml | 17 - src/test/util/utils.go | 4 +- 12 files changed, 30 insertions(+), 917 deletions(-) delete mode 100644 src/test/e2e/nginx-ingress.yaml delete mode 100644 src/test/e2e/scenarios/api-field/ingress.yaml delete mode 100644 src/test/e2e/scenarios/api-field/service.yaml diff --git a/renovate.json b/renovate.json index b7371314..d65e2157 100644 --- a/renovate.json +++ b/renovate.json @@ -19,5 +19,6 @@ "platformAutomerge": true, "platformCommit": true, "postUpdateOptions": ["gomodTidy"], - "commitBodyTable": true + "commitBodyTable": true, + "commitMessagePrefix": "deps" } diff --git a/src/test/e2e/api_validation_test.go b/src/test/e2e/api_validation_test.go index 4c42783d..c563a986 100644 --- a/src/test/e2e/api_validation_test.go +++ b/src/test/e2e/api_validation_test.go @@ -2,23 +2,24 @@ package test import ( "context" - "testing" - "time" "github.com/defenseunicorns/lula/src/cmd/validate" "github.com/defenseunicorns/lula/src/test/util" "github.com/defenseunicorns/lula/src/types" corev1 "k8s.io/api/core/v1" - netv1 "k8s.io/api/networking/v1" - "sigs.k8s.io/e2e-framework/klient/k8s" + // netv1 "k8s.io/api/networking/v1" + // "sigs.k8s.io/e2e-framework/klient/k8s" "sigs.k8s.io/e2e-framework/klient/wait" "sigs.k8s.io/e2e-framework/klient/wait/conditions" "sigs.k8s.io/e2e-framework/pkg/envconf" "sigs.k8s.io/e2e-framework/pkg/features" + "testing" + "time" ) func TestApiValidation(t *testing.T) { featureTrueValidation := features.New("Check API Validation - Success"). Setup(func(ctx context.Context, t *testing.T, config *envconf.Config) context.Context { + // Create the configmap configMap, err := util.GetConfigMap("./scenarios/api-field/configmap.pass.yaml") if err != nil { t.Fatal(err) @@ -28,6 +29,7 @@ func TestApiValidation(t *testing.T) { } ctx = context.WithValue(ctx, "api-field-configmap", configMap) + // Create the pod pod, err := util.GetPod("./scenarios/api-field/pod.yaml") if err != nil { t.Fatal(err) @@ -37,42 +39,13 @@ func TestApiValidation(t *testing.T) { } err = wait. For(conditions.New(config.Client().Resources()). - PodConditionMatch(pod, corev1.PodReady, corev1.ConditionTrue), - wait.WithTimeout(time.Minute*5)) + PodConditionMatch(pod, corev1.PodReady, corev1.ConditionTrue), + wait.WithTimeout(time.Minute*5)) if err != nil { t.Fatal(err) } ctx = context.WithValue(ctx, "api-field-pod", pod) - service, err := util.GetService("./scenarios/api-field/service.yaml") - if err != nil { - t.Fatal(err) - } - if err = config.Client().Resources().Create(ctx, service); err != nil { - t.Fatal(err) - } - ctx = context.WithValue(ctx, "api-field-service", service) - - ingress, err := util.GetIngress("./scenarios/api-field/ingress.yaml") - if err != nil { - t.Fatal(err) - } - if err = config.Client().Resources().Create(ctx, ingress); err != nil { - t.Fatal(err) - } - err = wait. - For(conditions.New(config.Client().Resources()). - ResourceMatch(ingress, func(object k8s.Object) bool { - ing, _ := object.(*netv1.Ingress) - if len(ing.Status.LoadBalancer.Ingress) < 1 { return false } - return ing.Status.LoadBalancer.Ingress[0].Hostname == "localhost" - }), - wait.WithTimeout(time.Minute*5)) - if err != nil { - t.Fatal(err) - } - ctx = context.WithValue(ctx, "api-field-ingress", ingress) - return ctx }). Assess("Validate API response field", func(ctx context.Context, t *testing.T, config *envconf.Config) context.Context { @@ -102,38 +75,14 @@ func TestApiValidation(t *testing.T) { return ctx }). Teardown(func(ctx context.Context, t *testing.T, config *envconf.Config) context.Context { - ingress := ctx.Value("api-field-ingress").(*netv1.Ingress) - if err := config.Client().Resources().Delete(ctx, ingress); err != nil { - t.Fatal(err) - } - err := wait. - For(conditions.New(config.Client().Resources()). - ResourceDeleted(ingress), - wait.WithTimeout(time.Minute*5)) - if err != nil { - t.Fatal(err) - } - - service := ctx.Value("api-field-service").(*corev1.Service) - if err := config.Client().Resources().Delete(ctx, service); err != nil { - t.Fatal(err) - } - err = wait. - For(conditions.New(config.Client().Resources()). - ResourceDeleted(service), - wait.WithTimeout(time.Minute*5)) - if err != nil { - t.Fatal(err) - } - pod := ctx.Value("api-field-pod").(*corev1.Pod) if err := config.Client().Resources().Delete(ctx, pod); err != nil { t.Fatal(err) } - err = wait. + err := wait. For(conditions.New(config.Client().Resources()). - ResourceDeleted(pod), - wait.WithTimeout(time.Minute*5)) + ResourceDeleted(pod), + wait.WithTimeout(time.Minute*5)) if err != nil { t.Fatal(err) } @@ -144,8 +93,8 @@ func TestApiValidation(t *testing.T) { } err = wait. For(conditions.New(config.Client().Resources()). - ResourceDeleted(configMap), - wait.WithTimeout(time.Minute*5)) + ResourceDeleted(configMap), + wait.WithTimeout(time.Minute*5)) if err != nil { t.Fatal(err) } @@ -173,42 +122,12 @@ func TestApiValidation(t *testing.T) { } err = wait. For(conditions.New(config.Client().Resources()). - PodConditionMatch(pod, corev1.PodReady, corev1.ConditionTrue), - wait.WithTimeout(time.Minute*5)) + PodConditionMatch(pod, corev1.PodReady, corev1.ConditionTrue), + wait.WithTimeout(time.Minute*5)) if err != nil { t.Fatal(err) } ctx = context.WithValue(ctx, "api-field-pod", pod) - - service, err := util.GetService("./scenarios/api-field/service.yaml") - if err != nil { - t.Fatal(err) - } - if err = config.Client().Resources().Create(ctx, service); err != nil { - t.Fatal(err) - } - ctx = context.WithValue(ctx, "api-field-service", service) - - ingress, err := util.GetIngress("./scenarios/api-field/ingress.yaml") - if err != nil { - t.Fatal(err) - } - if err = config.Client().Resources().Create(ctx, ingress); err != nil { - t.Fatal(err) - } - err = wait. - For(conditions.New(config.Client().Resources()). - ResourceMatch(ingress, func(object k8s.Object) bool { - ing, _ := object.(*netv1.Ingress) - if len(ing.Status.LoadBalancer.Ingress) < 1 { return false } - return ing.Status.LoadBalancer.Ingress[0].Hostname == "localhost" - }), - wait.WithTimeout(time.Minute*5)) - if err != nil { - t.Fatal(err) - } - ctx = context.WithValue(ctx, "api-field-ingress", ingress) - return ctx }). Assess("Validate API response field", func(ctx context.Context, t *testing.T, config *envconf.Config) context.Context { @@ -236,38 +155,14 @@ func TestApiValidation(t *testing.T) { return ctx }). Teardown(func(ctx context.Context, t *testing.T, config *envconf.Config) context.Context { - ingress := ctx.Value("api-field-ingress").(*netv1.Ingress) - if err := config.Client().Resources().Delete(ctx, ingress); err != nil { - t.Fatal(err) - } - err := wait. - For(conditions.New(config.Client().Resources()). - ResourceDeleted(ingress), - wait.WithTimeout(time.Minute*5)) - if err != nil { - t.Fatal(err) - } - - service := ctx.Value("api-field-service").(*corev1.Service) - if err := config.Client().Resources().Delete(ctx, service); err != nil { - t.Fatal(err) - } - err = wait. - For(conditions.New(config.Client().Resources()). - ResourceDeleted(service), - wait.WithTimeout(time.Minute*5)) - if err != nil { - t.Fatal(err) - } - pod := ctx.Value("api-field-pod").(*corev1.Pod) if err := config.Client().Resources().Delete(ctx, pod); err != nil { t.Fatal(err) } - err = wait. + err := wait. For(conditions.New(config.Client().Resources()). - ResourceDeleted(pod), - wait.WithTimeout(time.Minute*5)) + ResourceDeleted(pod), + wait.WithTimeout(time.Minute*5)) if err != nil { t.Fatal(err) } @@ -278,8 +173,8 @@ func TestApiValidation(t *testing.T) { } err = wait. For(conditions.New(config.Client().Resources()). - ResourceDeleted(configMap), - wait.WithTimeout(time.Minute*5)) + ResourceDeleted(configMap), + wait.WithTimeout(time.Minute*5)) if err != nil { t.Fatal(err) } @@ -287,5 +182,5 @@ func TestApiValidation(t *testing.T) { return ctx }).Feature() - testEnv.Test(t, featureTrueValidation, featureFalseValidation ) + testEnv.Test(t, featureTrueValidation, featureFalseValidation) } diff --git a/src/test/e2e/kind-config.yaml b/src/test/e2e/kind-config.yaml index efb4fcab..1503864e 100644 --- a/src/test/e2e/kind-config.yaml +++ b/src/test/e2e/kind-config.yaml @@ -2,16 +2,7 @@ kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 nodes: - role: control-plane - kubeadmConfigPatches: - - | - kind: InitConfiguration - nodeRegistration: - kubeletExtraArgs: - node-labels: "ingress-ready=true" extraPortMappings: - containerPort: 80 hostPort: 80 - protocol: TCP - - containerPort: 443 - hostPort: 443 protocol: TCP \ No newline at end of file diff --git a/src/test/e2e/main_test.go b/src/test/e2e/main_test.go index 04e17ff2..96193e6b 100644 --- a/src/test/e2e/main_test.go +++ b/src/test/e2e/main_test.go @@ -3,22 +3,11 @@ package test import ( "os" "testing" - "log" - "context" - "strings" - "time" "sigs.k8s.io/e2e-framework/pkg/env" "sigs.k8s.io/e2e-framework/pkg/envconf" "sigs.k8s.io/e2e-framework/pkg/envfuncs" "sigs.k8s.io/e2e-framework/support/kind" - "sigs.k8s.io/e2e-framework/klient/k8s/resources" - "sigs.k8s.io/e2e-framework/klient/decoder" - "sigs.k8s.io/e2e-framework/klient/wait/conditions" - "sigs.k8s.io/e2e-framework/klient/wait" - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) var ( @@ -40,52 +29,6 @@ func TestMain(m *testing.M) { "kind-config.yaml"), envfuncs.CreateNamespace(namespace), - - func(ctx context.Context, cfg *envconf.Config) (context.Context, error) { - // load stream of nginx-ingress resources - ingressBytes, err := os.ReadFile("nginx-ingress.yaml") - if err != nil { - log.Fatal(err) - } - ingressYAML := string(ingressBytes) - resource, err := resources.New(cfg.Client().RESTConfig()) - if err != nil { - return ctx, err - } - decoder.DecodeEach(ctx, strings.NewReader(ingressYAML), decoder.CreateHandler(resource)) - - // wait for ingress controller deployment object to be ready - deployment := appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ - Name: "ingress-nginx-controller", - Namespace: "ingress-nginx", - }, - } - err = wait.For(conditions.New(cfg.Client().Resources()).DeploymentConditionMatch(&deployment, appsv1.DeploymentAvailable, corev1.ConditionTrue), wait.WithTimeout(time.Minute*5)) - if err != nil { - log.Fatal(err) - } - - // find nginx ingress controller pod - var pods corev1.PodList - err = cfg.Client().Resources().WithNamespace("ingress-nginx").List( - ctx, &pods, resources.WithLabelSelector( - "app.kubernetes.io/component=controller," + - "app.kubernetes.io/instance=ingress-nginx," + - "app.kubernetes.io/name=ingress-nginx")) - if err != nil { - log.Fatal(err) - } - pod := &pods.Items[0] - - // wait for ingress controller to be ready - err = wait.For(conditions.New(cfg.Client().Resources()).PodConditionMatch(pod, corev1.PodReady, corev1.ConditionTrue), wait.WithTimeout(time.Minute*5)) - if err != nil { - log.Fatal(err) - } - - return ctx, nil - }, ) testEnv.Finish( diff --git a/src/test/e2e/nginx-ingress.yaml b/src/test/e2e/nginx-ingress.yaml deleted file mode 100644 index 92c0eb45..00000000 --- a/src/test/e2e/nginx-ingress.yaml +++ /dev/null @@ -1,683 +0,0 @@ -# This manifest was pulled on 11/3/23 from: https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.4 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.4 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.4 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-nginx-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.4 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.4 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.4 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.4 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.4 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.4 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.4 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "false" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.4 - name: ingress-nginx-controller - namespace: ingress-nginx ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.4 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.4 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.4 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - minReadySeconds: 0 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - strategy: - rollingUpdate: - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.4 - spec: - containers: - - args: - - /nginx-ingress-controller - - --election-id=ingress-nginx-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - - --watch-ingress-without-class=true - - --publish-status-address=localhost - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.9.4@sha256:5b161f051d017e55d358435f295f5e9a297e66158f136321d9b04520ec6c48a3 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - hostPort: 80 - name: http - protocol: TCP - - containerPort: 443 - hostPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - ingress-ready: "true" - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 0 - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Equal - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - operator: Equal - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.4 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.4 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.4 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.4 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231011-8b53cabe0@sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - securityContext: - fsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.4 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.4 - name: ingress-nginx-admission - namespace: ingress-nginx -spec: - egress: - - {} - podSelector: - matchLabels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - policyTypes: - - Ingress - - Egress ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.9.4 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None \ No newline at end of file diff --git a/src/test/e2e/scenarios/api-field/configmap.fail.yaml b/src/test/e2e/scenarios/api-field/configmap.fail.yaml index a4e07332..6f291f3b 100644 --- a/src/test/e2e/scenarios/api-field/configmap.fail.yaml +++ b/src/test/e2e/scenarios/api-field/configmap.fail.yaml @@ -18,7 +18,7 @@ data: listen 80; server_name _; location / { - add_header Content-Type application/json; + default_type application/json; return 200 '{"pass":false}\n'; } } diff --git a/src/test/e2e/scenarios/api-field/configmap.pass.yaml b/src/test/e2e/scenarios/api-field/configmap.pass.yaml index 280a613a..413409c2 100644 --- a/src/test/e2e/scenarios/api-field/configmap.pass.yaml +++ b/src/test/e2e/scenarios/api-field/configmap.pass.yaml @@ -18,7 +18,7 @@ data: listen 80; server_name _; location / { - add_header Content-Type application/json; + default_type application/json; return 200 '{"pass":true}\n'; } } diff --git a/src/test/e2e/scenarios/api-field/ingress.yaml b/src/test/e2e/scenarios/api-field/ingress.yaml deleted file mode 100644 index 63878dc0..00000000 --- a/src/test/e2e/scenarios/api-field/ingress.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: api-field-ingress - namespace: validation-test - annotations: - nginx.ingress.kubernetes.io/rewrite-target: /$2 -spec: - rules: - - http: - paths: - - pathType: Prefix - path: /api-field - backend: - service: - name: api-field - port: - number: 80 \ No newline at end of file diff --git a/src/test/e2e/scenarios/api-field/oscal-component.yaml b/src/test/e2e/scenarios/api-field/oscal-component.yaml index 426be1ec..76c25df2 100644 --- a/src/test/e2e/scenarios/api-field/oscal-component.yaml +++ b/src/test/e2e/scenarios/api-field/oscal-component.yaml @@ -51,7 +51,7 @@ component-definition: domain: api payload: request: - url: "http://localhost/api-field" + url: "http://localhost" rego: | package validate diff --git a/src/test/e2e/scenarios/api-field/pod.yaml b/src/test/e2e/scenarios/api-field/pod.yaml index 5e2bbf16..0f031ca1 100644 --- a/src/test/e2e/scenarios/api-field/pod.yaml +++ b/src/test/e2e/scenarios/api-field/pod.yaml @@ -11,7 +11,8 @@ spec: - image: nginx name: nginx ports: - - containerPort: 80 + - containerPort: 80 + hostPort: 80 volumeMounts: - mountPath: /etc/nginx readOnly: true diff --git a/src/test/e2e/scenarios/api-field/service.yaml b/src/test/e2e/scenarios/api-field/service.yaml deleted file mode 100644 index 6f5959a1..00000000 --- a/src/test/e2e/scenarios/api-field/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: api-field - namespace: validation-test - labels: - app: api-field -spec: - type: ClusterIP - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 80 - selector: - app: api-field diff --git a/src/test/util/utils.go b/src/test/util/utils.go index 27ab4e9c..c9ee00e6 100644 --- a/src/test/util/utils.go +++ b/src/test/util/utils.go @@ -5,8 +5,8 @@ import ( appsv1 "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" - rbacv1 "k8s.io/api/rbac/v1" netv1 "k8s.io/api/networking/v1" + rbacv1 "k8s.io/api/rbac/v1" "sigs.k8s.io/yaml" ) @@ -86,4 +86,4 @@ func GetIngress(ingressFilePath string) (*netv1.Ingress, error) { return nil, err } return ingress, nil -} \ No newline at end of file +}