From b07e49e0039116c7819e8964fdb0ba5589fb8137 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Sm=C3=A4do?= Date: Thu, 10 Oct 2024 13:58:25 +0200 Subject: [PATCH 1/7] Add sonobuoy registry test wip MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tomáš Smädo --- .../scs_0212_v1_registry_standard_test.go | 86 +++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 Tests/kaas/kaas-sonobuoy-tests/scs_k8s_conformance_tests/scs_0212_v1_registry_standard_test.go diff --git a/Tests/kaas/kaas-sonobuoy-tests/scs_k8s_conformance_tests/scs_0212_v1_registry_standard_test.go b/Tests/kaas/kaas-sonobuoy-tests/scs_k8s_conformance_tests/scs_0212_v1_registry_standard_test.go new file mode 100644 index 000000000..ba9f58caa --- /dev/null +++ b/Tests/kaas/kaas-sonobuoy-tests/scs_k8s_conformance_tests/scs_0212_v1_registry_standard_test.go @@ -0,0 +1,86 @@ +package scs_k8s_tests + +import ( + "context" + "fmt" + "log" + "testing" + + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/rest" +) + +// list of common Harbor components. +var HarborComponentNames = []string{ + "harbor-core", + "harbor-db", + "harbor-jobservice", + "harbor-portal", + "harbor-registry", + "nginx", +} + +func Test_scs_0212_registry_standard_test(t *testing.T) { + // Set up the Kubernetes client + config, err := rest.InClusterConfig() + if err != nil { + log.Fatalf("Failed to create rest config: %v", err) + } + + clientset, err := kubernetes.NewForConfig(config) + if err != nil { + log.Fatalf("Failed to create Kubernetes client: %v", err) + } + + fmt.Println("Checking for Harbor components in Deployments...") + if err := checkDeployments(clientset); err != nil { + log.Fatalf("Error checking deployments: %v", err) + } + + fmt.Println("Checking for Harbor components in Services...") + if err := checkServices(clientset); err != nil { + log.Fatalf("Error checking services: %v", err) + } + + fmt.Println("Harbor check completed.") +} + +// check deployments for the registry +func checkDeployments(clientset *kubernetes.Clientset) error { + deployments, err := clientset.AppsV1().Deployments("").List(context.TODO(), v1.ListOptions{}) + if err != nil { + return fmt.Errorf("failed to list deployments: %v", err) + } + + for _, deployment := range deployments.Items { + for _, componentName := range HarborComponentNames { + if containsString(deployment.Name, componentName) { + fmt.Printf("Found Harbor deployment: %s in namespace: %s\n", deployment.Name, deployment.Namespace) + } + } + } + return nil +} + +// check services for the registry components +func checkServices(clientset *kubernetes.Clientset) error { + services, err := clientset.CoreV1().Services("").List(context.TODO(), v1.ListOptions{}) + if err != nil { + return fmt.Errorf("failed to list services: %v", err) + } + + for _, service := range services.Items { + for _, componentName := range HarborComponentNames { + if containsString(service.Name, componentName) { + fmt.Printf("Found Harbor service: %s in namespace: %s\n", service.Name, service.Namespace) + } + } + } + return nil +} + +// containsString checks if a string is contained in another string (case-insensitive). +func containsString(str, substr string) bool { + return len(str) > 0 && len(substr) > 0 && (str == substr || (len(str) > len(substr) && str[:len(substr)] == substr)) +} From 373123742ed2c7bac913db40f088df3a37157491 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Sm=C3=A4do?= Date: Tue, 5 Nov 2024 12:39:00 +0100 Subject: [PATCH 2/7] Harbor testing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tomáš Smädo --- .../kaas/kaas-sonobuoy-tests/kind_config.yaml | 9 +++++++ .../harbor_values.yaml | 27 +++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 Tests/kaas/kaas-sonobuoy-tests/scs_k8s_conformance_tests/harbor_values.yaml diff --git a/Tests/kaas/kaas-sonobuoy-tests/kind_config.yaml b/Tests/kaas/kaas-sonobuoy-tests/kind_config.yaml index 947a9fa8a..9cb7327d6 100644 --- a/Tests/kaas/kaas-sonobuoy-tests/kind_config.yaml +++ b/Tests/kaas/kaas-sonobuoy-tests/kind_config.yaml @@ -3,6 +3,15 @@ apiVersion: kind.x-k8s.io/v1alpha4 networking: apiServerAddress: 127.0.0.1 apiServerPort: 6443 +kubeadmConfigPatches: + - | + apiVersion: kubeadm.k8s.io/v1beta3 + kind: ClusterConfiguration + metadata: + name: config + apiServer: + extraArgs: + enable-admission-plugins: "NodeRestriction,PodSecurity" nodes: - role: control-plane - role: worker diff --git a/Tests/kaas/kaas-sonobuoy-tests/scs_k8s_conformance_tests/harbor_values.yaml b/Tests/kaas/kaas-sonobuoy-tests/scs_k8s_conformance_tests/harbor_values.yaml new file mode 100644 index 000000000..eaed27509 --- /dev/null +++ b/Tests/kaas/kaas-sonobuoy-tests/scs_k8s_conformance_tests/harbor_values.yaml @@ -0,0 +1,27 @@ +expose: + type: ingress + tls: + enabled: false + ingress: + hosts: + core: core.harbor.domain + notary: notary.harbor.domain + +persistence: + persistentVolumeClaim: + registry: + storageClass: "" + accessMode: ReadWriteOnce + size: 5Gi + jobservice: + storageClass: "" + accessMode: ReadWriteOnce + size: 1Gi + chartmuseum: + storageClass: "" + accessMode: ReadWriteOnce + size: 1Gi + trivy: + storageClass: "" + accessMode: ReadWriteOnce + size: 5Gi \ No newline at end of file From ec7c9ceb471047d533fce49a3882f00e42a576d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Sm=C3=A4do?= Date: Tue, 5 Nov 2024 13:08:41 +0100 Subject: [PATCH 3/7] Update kubeconfig handling MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tomáš Smädo --- .../scs_0212_v1_registry_standard_test.go | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/Tests/kaas/kaas-sonobuoy-tests/scs_k8s_conformance_tests/scs_0212_v1_registry_standard_test.go b/Tests/kaas/kaas-sonobuoy-tests/scs_k8s_conformance_tests/scs_0212_v1_registry_standard_test.go index ba9f58caa..0720dcd18 100644 --- a/Tests/kaas/kaas-sonobuoy-tests/scs_k8s_conformance_tests/scs_0212_v1_registry_standard_test.go +++ b/Tests/kaas/kaas-sonobuoy-tests/scs_k8s_conformance_tests/scs_0212_v1_registry_standard_test.go @@ -4,11 +4,14 @@ import ( "context" "fmt" "log" + "os" "testing" + "path/filepath" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" - "k8s.io/client-go/rest" + "k8s.io/client-go/tools/clientcmd" ) // list of common Harbor components. @@ -23,7 +26,8 @@ var HarborComponentNames = []string{ func Test_scs_0212_registry_standard_test(t *testing.T) { // Set up the Kubernetes client - config, err := rest.InClusterConfig() + // config, err := rest.InClusterConfig() + config, err := clientcmd.BuildConfigFromFlags("", filepath.Join(homeDir(), ".kube", "config")) if err != nil { log.Fatalf("Failed to create rest config: %v", err) } @@ -84,3 +88,10 @@ func checkServices(clientset *kubernetes.Clientset) error { func containsString(str, substr string) bool { return len(str) > 0 && len(substr) > 0 && (str == substr || (len(str) > len(substr) && str[:len(substr)] == substr)) } + +func homeDir() string { + if h := os.Getenv("HOME"); h != "" { + return h + } + return "" +} From 6b47f48169130ed17ee8e70daf98bf8039f45c58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Sm=C3=A4do?= Date: Tue, 5 Nov 2024 14:02:23 +0100 Subject: [PATCH 4/7] Add additional checks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tomáš Smädo --- .../scs_0212_v1_registry_standard_test.go | 23 +++++++++++++++---- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/Tests/kaas/kaas-sonobuoy-tests/scs_k8s_conformance_tests/scs_0212_v1_registry_standard_test.go b/Tests/kaas/kaas-sonobuoy-tests/scs_k8s_conformance_tests/scs_0212_v1_registry_standard_test.go index 0720dcd18..af6920f9a 100644 --- a/Tests/kaas/kaas-sonobuoy-tests/scs_k8s_conformance_tests/scs_0212_v1_registry_standard_test.go +++ b/Tests/kaas/kaas-sonobuoy-tests/scs_k8s_conformance_tests/scs_0212_v1_registry_standard_test.go @@ -7,11 +7,9 @@ import ( "os" "testing" - "path/filepath" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" - "k8s.io/client-go/tools/clientcmd" + "k8s.io/client-go/rest" ) // list of common Harbor components. @@ -26,8 +24,8 @@ var HarborComponentNames = []string{ func Test_scs_0212_registry_standard_test(t *testing.T) { // Set up the Kubernetes client - // config, err := rest.InClusterConfig() - config, err := clientcmd.BuildConfigFromFlags("", filepath.Join(homeDir(), ".kube", "config")) + config, err := rest.InClusterConfig() + // config, err := clientcmd.BuildConfigFromFlags("", filepath.Join(homeDir(), ".kube", "config")) if err != nil { log.Fatalf("Failed to create rest config: %v", err) } @@ -53,6 +51,7 @@ func Test_scs_0212_registry_standard_test(t *testing.T) { // check deployments for the registry func checkDeployments(clientset *kubernetes.Clientset) error { deployments, err := clientset.AppsV1().Deployments("").List(context.TODO(), v1.ListOptions{}) + harborDeployments := 0 if err != nil { return fmt.Errorf("failed to list deployments: %v", err) } @@ -61,15 +60,22 @@ func checkDeployments(clientset *kubernetes.Clientset) error { for _, componentName := range HarborComponentNames { if containsString(deployment.Name, componentName) { fmt.Printf("Found Harbor deployment: %s in namespace: %s\n", deployment.Name, deployment.Namespace) + harborDeployments++ } } } + if harborDeployments > 0 { + fmt.Printf("Harbor deployments found\n") + } else { + fmt.Printf("Harbor was not found in deployments\n") + } return nil } // check services for the registry components func checkServices(clientset *kubernetes.Clientset) error { services, err := clientset.CoreV1().Services("").List(context.TODO(), v1.ListOptions{}) + harborServices := 0 if err != nil { return fmt.Errorf("failed to list services: %v", err) } @@ -78,9 +84,15 @@ func checkServices(clientset *kubernetes.Clientset) error { for _, componentName := range HarborComponentNames { if containsString(service.Name, componentName) { fmt.Printf("Found Harbor service: %s in namespace: %s\n", service.Name, service.Namespace) + harborServices++ } } } + if harborServices > 0 { + fmt.Printf("Harbor services found\n") + } else { + fmt.Printf("Harbor was not found services\n") + } return nil } @@ -91,6 +103,7 @@ func containsString(str, substr string) bool { func homeDir() string { if h := os.Getenv("HOME"); h != "" { + println(h) return h } return "" From 790575cacafec40ab3d805c3f8dd44c8afb95437 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Sm=C3=A4do?= Date: Tue, 5 Nov 2024 14:04:51 +0100 Subject: [PATCH 5/7] Remove unused functions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tomáš Smädo --- .../scs_0212_v1_registry_standard_test.go | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/Tests/kaas/kaas-sonobuoy-tests/scs_k8s_conformance_tests/scs_0212_v1_registry_standard_test.go b/Tests/kaas/kaas-sonobuoy-tests/scs_k8s_conformance_tests/scs_0212_v1_registry_standard_test.go index af6920f9a..6c39f414b 100644 --- a/Tests/kaas/kaas-sonobuoy-tests/scs_k8s_conformance_tests/scs_0212_v1_registry_standard_test.go +++ b/Tests/kaas/kaas-sonobuoy-tests/scs_k8s_conformance_tests/scs_0212_v1_registry_standard_test.go @@ -4,7 +4,6 @@ import ( "context" "fmt" "log" - "os" "testing" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -25,7 +24,6 @@ var HarborComponentNames = []string{ func Test_scs_0212_registry_standard_test(t *testing.T) { // Set up the Kubernetes client config, err := rest.InClusterConfig() - // config, err := clientcmd.BuildConfigFromFlags("", filepath.Join(homeDir(), ".kube", "config")) if err != nil { log.Fatalf("Failed to create rest config: %v", err) } @@ -100,11 +98,3 @@ func checkServices(clientset *kubernetes.Clientset) error { func containsString(str, substr string) bool { return len(str) > 0 && len(substr) > 0 && (str == substr || (len(str) > len(substr) && str[:len(substr)] == substr)) } - -func homeDir() string { - if h := os.Getenv("HOME"); h != "" { - println(h) - return h - } - return "" -} From cd72350c661d75b8da481372533141c0b2df099b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Sm=C3=A4do?= Date: Tue, 5 Nov 2024 14:11:42 +0100 Subject: [PATCH 6/7] Remove unused config for kind MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tomáš Smädo --- Tests/kaas/kaas-sonobuoy-tests/kind_config.yaml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/Tests/kaas/kaas-sonobuoy-tests/kind_config.yaml b/Tests/kaas/kaas-sonobuoy-tests/kind_config.yaml index 9cb7327d6..947a9fa8a 100644 --- a/Tests/kaas/kaas-sonobuoy-tests/kind_config.yaml +++ b/Tests/kaas/kaas-sonobuoy-tests/kind_config.yaml @@ -3,15 +3,6 @@ apiVersion: kind.x-k8s.io/v1alpha4 networking: apiServerAddress: 127.0.0.1 apiServerPort: 6443 -kubeadmConfigPatches: - - | - apiVersion: kubeadm.k8s.io/v1beta3 - kind: ClusterConfiguration - metadata: - name: config - apiServer: - extraArgs: - enable-admission-plugins: "NodeRestriction,PodSecurity" nodes: - role: control-plane - role: worker From 8a88ddc6ebcd1ac701e68f86156f44ae44c40572 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Sm=C3=A4do?= Date: Wed, 6 Nov 2024 00:53:39 +0100 Subject: [PATCH 7/7] Add additional checks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tomáš Smädo --- .../scs_0212_v1_registry_standard_test.go | 110 ++++++++++++------ 1 file changed, 72 insertions(+), 38 deletions(-) diff --git a/Tests/kaas/kaas-sonobuoy-tests/scs_k8s_conformance_tests/scs_0212_v1_registry_standard_test.go b/Tests/kaas/kaas-sonobuoy-tests/scs_k8s_conformance_tests/scs_0212_v1_registry_standard_test.go index 6c39f414b..a38f480c3 100644 --- a/Tests/kaas/kaas-sonobuoy-tests/scs_k8s_conformance_tests/scs_0212_v1_registry_standard_test.go +++ b/Tests/kaas/kaas-sonobuoy-tests/scs_k8s_conformance_tests/scs_0212_v1_registry_standard_test.go @@ -4,6 +4,8 @@ import ( "context" "fmt" "log" + "os" + "strings" "testing" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -11,7 +13,7 @@ import ( "k8s.io/client-go/rest" ) -// list of common Harbor components. +// list of common harbor components. var HarborComponentNames = []string{ "harbor-core", "harbor-db", @@ -21,8 +23,20 @@ var HarborComponentNames = []string{ "nginx", } +// other registries +var OtherRegistries = []string{ + "docker-registry", + "quay", + "jfrog", + "artifacthub", + "dragonfly", + "keppel", + "nexus", + "kraken", +} + func Test_scs_0212_registry_standard_test(t *testing.T) { - // Set up the Kubernetes client + // set up the kubernetes client config, err := rest.InClusterConfig() if err != nil { log.Fatalf("Failed to create rest config: %v", err) @@ -33,68 +47,88 @@ func Test_scs_0212_registry_standard_test(t *testing.T) { log.Fatalf("Failed to create Kubernetes client: %v", err) } + harborComponentsFound := make(map[string]bool) + otherRegistryFound := false + fmt.Println("Checking for Harbor components in Deployments...") - if err := checkDeployments(clientset); err != nil { - log.Fatalf("Error checking deployments: %v", err) - } + otherRegistryFound = checkHarborDeployments(clientset, harborComponentsFound) || otherRegistryFound fmt.Println("Checking for Harbor components in Services...") - if err := checkServices(clientset); err != nil { - log.Fatalf("Error checking services: %v", err) + otherRegistryFound = checkHarborServices(clientset, harborComponentsFound) || otherRegistryFound + + if otherRegistryFound { + log.Fatalf("Non-Harbor registry detected in the cluster. Failing test.") } - fmt.Println("Harbor check completed.") + // ensure all harbor components are found + for _, component := range HarborComponentNames { + if !harborComponentsFound[component] { + fmt.Printf("Harbor component missing: %s\n", component) + log.Fatalf("Harbor registry not fully deployed. Failing test.") + } + } + + fmt.Println("All Harbor components are deployed, and no other registries are found. Test passed.") + os.Exit(0) } -// check deployments for the registry -func checkDeployments(clientset *kubernetes.Clientset) error { + +// checkHarborDeployments checks if required harbor components are present in deployments +// and ensures no other registries are found. +func checkHarborDeployments(clientset *kubernetes.Clientset, harborComponentsFound map[string]bool) bool { + otherRegistryFound := false deployments, err := clientset.AppsV1().Deployments("").List(context.TODO(), v1.ListOptions{}) - harborDeployments := 0 if err != nil { - return fmt.Errorf("failed to list deployments: %v", err) + log.Fatalf("Failed to list deployments: %v", err) } for _, deployment := range deployments.Items { - for _, componentName := range HarborComponentNames { - if containsString(deployment.Name, componentName) { + // check for Harbor components + for _, component := range HarborComponentNames { + if strings.Contains(deployment.Name, component) { + harborComponentsFound[component] = true fmt.Printf("Found Harbor deployment: %s in namespace: %s\n", deployment.Name, deployment.Namespace) - harborDeployments++ + } + } + + // check for other registries + for _, registry := range OtherRegistries { + if strings.Contains(deployment.Name, registry) { + otherRegistryFound = true + fmt.Printf("Found non-Harbor registry deployment: %s in namespace: %s\n", deployment.Name, deployment.Namespace) } } } - if harborDeployments > 0 { - fmt.Printf("Harbor deployments found\n") - } else { - fmt.Printf("Harbor was not found in deployments\n") - } - return nil + + return otherRegistryFound } -// check services for the registry components -func checkServices(clientset *kubernetes.Clientset) error { +// checks if required harbor components are present in services +// and ensures no other registries are found. +func checkHarborServices(clientset *kubernetes.Clientset, harborComponentsFound map[string]bool) bool { + otherRegistryFound := false services, err := clientset.CoreV1().Services("").List(context.TODO(), v1.ListOptions{}) - harborServices := 0 if err != nil { - return fmt.Errorf("failed to list services: %v", err) + log.Fatalf("Failed to list services: %v", err) } for _, service := range services.Items { - for _, componentName := range HarborComponentNames { - if containsString(service.Name, componentName) { + // check for harbor components + for _, component := range HarborComponentNames { + if strings.Contains(service.Name, component) { + harborComponentsFound[component] = true fmt.Printf("Found Harbor service: %s in namespace: %s\n", service.Name, service.Namespace) - harborServices++ + } + } + + // check for other registries + for _, registry := range OtherRegistries { + if strings.Contains(service.Name, registry) { + otherRegistryFound = true + fmt.Printf("Found non-Harbor registry service: %s in namespace: %s\n", service.Name, service.Namespace) } } } - if harborServices > 0 { - fmt.Printf("Harbor services found\n") - } else { - fmt.Printf("Harbor was not found services\n") - } - return nil -} -// containsString checks if a string is contained in another string (case-insensitive). -func containsString(str, substr string) bool { - return len(str) > 0 && len(substr) > 0 && (str == substr || (len(str) > len(substr) && str[:len(substr)] == substr)) + return otherRegistryFound }