From 535c4c030a38c8a89f08541e00181c47f362e358 Mon Sep 17 00:00:00 2001 From: Xinhe Li Date: Fri, 24 May 2024 12:32:34 +0800 Subject: [PATCH] test: fix base image e2e test for v1.2.0-rc.1 (#1501) Signed-off-by: Xinhe Li --- Makefile | 46 ++++++++++++++++++++------------------ test/bats/base-test.bats | 28 ----------------------- test/bats/plugin-test.bats | 29 ++++++++++++++++++++++++ 3 files changed, 53 insertions(+), 50 deletions(-) diff --git a/Makefile b/Makefile index 6e9f841b3..818cee791 100644 --- a/Makefile +++ b/Makefile @@ -527,36 +527,38 @@ e2e-build-crd-image: docker build --progress=plain --no-cache --build-arg KUBE_VERSION=${KUBERNETES_VERSION} --build-arg TARGETOS="linux" --build-arg TARGETARCH="amd64" -f crd.Dockerfile -t localbuildcrd:test ./charts/ratify/crds kind load docker-image --name kind localbuildcrd:test -e2e-deploy-base-ratify: e2e-notation-setup e2e-notation-leaf-cert-setup e2e-inlinecert-setup e2e-build-crd-image - docker build --progress=plain --no-cache \ - -f ./httpserver/Dockerfile \ - -t baselocalbuild:test . - kind load docker-image --name kind baselocalbuild:test - +e2e-deploy-base-ratify: e2e-notation-setup e2e-notation-leaf-cert-setup e2e-cosign-setup e2e-inlinecert-setup e2e-build-crd-image e2e-build-local-ratify-base-image printf "{\n\t\"auths\": {\n\t\t\"registry:5000\": {\n\t\t\t\"auth\": \"`echo "${TEST_REGISTRY_USERNAME}:${TEST_REGISTRY_PASSWORD}" | tr -d '\n' | base64 -i -w 0`\"\n\t\t}\n\t}\n}" > mount_config.json ./.staging/helm/linux-amd64/helm install ${RATIFY_NAME} \ - ./charts/ratify --atomic --namespace ${GATEKEEPER_NAMESPACE} --create-namespace \ - --set image.repository=baselocalbuild \ - --set image.crdRepository=localbuildcrd \ - --set image.tag=test \ - --set gatekeeper.version=${GATEKEEPER_VERSION} \ - --set featureFlags.RATIFY_CERT_ROTATION=${CERT_ROTATION_ENABLED} \ - --set-file provider.tls.crt=${CERT_DIR}/server.crt \ - --set-file provider.tls.key=${CERT_DIR}/server.key \ - --set-file provider.tls.caCert=${CERT_DIR}/ca.crt \ - --set-file provider.tls.caKey=${CERT_DIR}/ca.key \ - --set provider.tls.cabundle="$(shell cat ${CERT_DIR}/ca.crt | base64 | tr -d '\n')" \ - --set notationCerts[0]="$$(cat ~/.config/notation/localkeys/ratify-bats-test.crt)" \ - --set oras.useHttp=true \ - --set cosign.enabled=false \ - --set-file dockerConfig="mount_config.json" \ - --set logger.level=debug + ./charts/ratify --atomic --namespace ${GATEKEEPER_NAMESPACE} --create-namespace \ + --set image.repository=baselocalbuild \ + --set image.crdRepository=localbuildcrd \ + --set image.tag=test \ + --set gatekeeper.version=${GATEKEEPER_VERSION} \ + --set featureFlags.RATIFY_CERT_ROTATION=${CERT_ROTATION_ENABLED} \ + --set-file provider.tls.crt=${CERT_DIR}/server.crt \ + --set-file provider.tls.key=${CERT_DIR}/server.key \ + --set-file provider.tls.caCert=${CERT_DIR}/ca.crt \ + --set-file provider.tls.caKey=${CERT_DIR}/ca.key \ + --set provider.tls.cabundle="$(shell cat ${CERT_DIR}/ca.crt | base64 | tr -d '\n')" \ + --set notationCerts[0]="$$(cat ~/.config/notation/localkeys/ratify-bats-test.crt)" \ + --set cosignKeys[0]="$$(cat .staging/cosign/cosign.pub)" \ + --set cosign.key="$$(cat .staging/cosign/cosign.pub)" \ + --set oras.useHttp=true \ + --set-file dockerConfig="mount_config.json" \ + --set logger.level=debug rm mount_config.json e2e-deploy-ratify: e2e-notation-setup e2e-notation-leaf-cert-setup e2e-cosign-setup e2e-cosign-setup e2e-licensechecker-setup e2e-sbom-setup e2e-schemavalidator-setup e2e-vulnerabilityreport-setup e2e-inlinecert-setup e2e-build-crd-image e2e-build-local-ratify-image e2e-helm-deploy-ratify +e2e-build-local-ratify-base-image: + docker build --progress=plain --no-cache \ + -f ./httpserver/Dockerfile \ + -t baselocalbuild:test . + kind load docker-image --name kind baselocalbuild:test + e2e-build-local-ratify-image: docker build --progress=plain --no-cache \ --build-arg build_sbom=true \ diff --git a/test/bats/base-test.bats b/test/bats/base-test.bats index 11d6ed533..bd08de0d2 100644 --- a/test/bats/base-test.bats +++ b/test/bats/base-test.bats @@ -239,34 +239,6 @@ RATIFY_NAMESPACE=gatekeeper-system assert_success } -@test "verifier crd status check" { - teardown() { - echo "cleaning up" - wait_for_process ${WAIT_TIME} ${SLEEP_TIME} 'kubectl delete verifiers.config.ratify.deislabs.io/verifier-license-checker' - } - - # apply a valid verifier, validate status property shows success - run kubectl apply -f ./config/samples/clustered/verifier/config_v1beta1_verifier_complete_licensechecker.yaml - assert_success - run bash -c "kubectl describe verifiers.config.ratify.deislabs.io/verifier-license-checker -n ${RATIFY_NAMESPACE} | grep 'Issuccess: true'" - assert_success - - # apply a invalid verifier CR, validate status with error - sed 's/licensechecker/invalidlicensechecker/' ./config/samples/clustered/verifier/config_v1beta1_verifier_complete_licensechecker.yaml >invalidVerifier.yaml - run kubectl apply -f invalidVerifier.yaml - assert_success - run bash -c "kubectl describe verifiers.config.ratify.deislabs.io/verifier-license-checker -n ${RATIFY_NAMESPACE} | grep 'Brieferror: Original Error:'" - assert_success - - # apply a valid verifier, validate status property shows success - run kubectl apply -f ./config/samples/clustered/verifier/config_v1beta1_verifier_complete_licensechecker.yaml - assert_success - run bash -c "kubectl describe verifiers.config.ratify.deislabs.io/verifier-license-checker -n ${RATIFY_NAMESPACE} | grep 'Issuccess: true'" - assert_success - run bash -c "kubectl describe verifiers.config.ratify.deislabs.io/verifier-license-checker -n ${RATIFY_NAMESPACE} | grep 'Brieferror: Original Error:'" - assert_failure -} - @test "store crd status check" { teardown() { echo "cleaning up" diff --git a/test/bats/plugin-test.bats b/test/bats/plugin-test.bats index 389d802c2..3d37bbd4e 100644 --- a/test/bats/plugin-test.bats +++ b/test/bats/plugin-test.bats @@ -18,6 +18,7 @@ load helpers BATS_TESTS_DIR=${BATS_TESTS_DIR:-test/bats/tests} WAIT_TIME=60 SLEEP_TIME=1 +RATIFY_NAMESPACE=gatekeeper-system @test "helm genCert test" { # tls cert provided @@ -295,6 +296,34 @@ SLEEP_TIME=1 assert_success } +@test "verifier crd status check" { + teardown() { + echo "cleaning up" + wait_for_process ${WAIT_TIME} ${SLEEP_TIME} 'kubectl delete verifiers.config.ratify.deislabs.io/verifier-license-checker' + } + + # apply a valid verifier, validate status property shows success + run kubectl apply -f ./config/samples/clustered/verifier/config_v1beta1_verifier_complete_licensechecker.yaml + assert_success + run bash -c "kubectl describe verifiers.config.ratify.deislabs.io/verifier-license-checker -n ${RATIFY_NAMESPACE} | grep 'Issuccess: true'" + assert_success + + # apply a invalid verifier CR, validate status with error + sed 's/licensechecker/invalidlicensechecker/' ./config/samples/clustered/verifier/config_v1beta1_verifier_complete_licensechecker.yaml >invalidVerifier.yaml + run kubectl apply -f invalidVerifier.yaml + assert_success + run bash -c "kubectl describe verifiers.config.ratify.deislabs.io/verifier-license-checker -n ${RATIFY_NAMESPACE} | grep 'Brieferror: Original Error:'" + assert_success + + # apply a valid verifier, validate status property shows success + run kubectl apply -f ./config/samples/clustered/verifier/config_v1beta1_verifier_complete_licensechecker.yaml + assert_success + run bash -c "kubectl describe verifiers.config.ratify.deislabs.io/verifier-license-checker -n ${RATIFY_NAMESPACE} | grep 'Issuccess: true'" + assert_success + run bash -c "kubectl describe verifiers.config.ratify.deislabs.io/verifier-license-checker -n ${RATIFY_NAMESPACE} | grep 'Brieferror: Original Error:'" + assert_failure +} + @test "dynamic plugins disabled test" { teardown() { echo "cleaning up"