diff --git a/.chainsaw.yaml b/.chainsaw.yaml new file mode 100644 index 000000000..e3644593c --- /dev/null +++ b/.chainsaw.yaml @@ -0,0 +1,12 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/kyverno/chainsaw/main/.schemas/json/configuration-chainsaw-v1alpha1.json +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Configuration +metadata: + name: configuration +spec: + timeouts: + assert: 5m0s + cleanup: 5m0s + delete: 5m0s + error: 5m0s + exec: 5m0s diff --git a/.github/workflows/build_test_ci.yml b/.github/workflows/build_test_ci.yml index 0da8dc538..56c71f98b 100644 --- a/.github/workflows/build_test_ci.yml +++ b/.github/workflows/build_test_ci.yml @@ -157,6 +157,65 @@ jobs: name: logs path: .logs/* + chainsaw-test: + needs: [go-build-test, docker-build] + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@v2 + with: + disable-sudo: true + egress-policy: block + allowed-endpoints: > + api.linode.com:443 + api.github.com:443 + github.com:443 + gcr.io:443 + proxy.golang.org:443 + sum.golang.org:443 + *.githubusercontent.com:443 + docker.io:443 + registry-1.docker.io:443 + auth.docker.io:443 + production.cloudflare.docker.com:443 + storage.googleapis.com:443 + registry.k8s.io:443 + *.pkg.dev:443 + *.amazonaws.com:443 + *.blob.core.windows.net:443 + quay.io:443 + *.quay.io:443 + api.snapcraft.io:443 + cloud.tilt.dev:443 + + - uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: '1.22' + + - name: Docker cache + uses: ScribeMD/docker-cache@0.3.7 + with: + key: docker-${{ runner.os }}-${{ hashFiles('go.sum') }}} + + - name: Chainsaw test + run: make chainsaw-test + env: + GITHUB_TOKEN: ${{ secrets.github_token }} + LINODE_TOKEN: ${{ secrets.LINODE_TOKEN }} + + - name: Copy logs + if: ${{ always() }} + run: docker cp tilt-control-plane:/var/log .logs + + - uses: actions/upload-artifact@v4 + if: ${{ always() }} + with: + name: logs + path: .logs/* + docker-build: runs-on: ubuntu-latest steps: diff --git a/Makefile b/Makefile index 6dd8ad5b4..e62376c52 100644 --- a/Makefile +++ b/Makefile @@ -136,7 +136,7 @@ test: manifests generate fmt vet envtest ## Run tests. e2etest: make --no-print-directory _e2etest # Workaround to force the flag on Github Action -local-deploy: kind ctlptl tilt kuttl kustomize clusterctl +local-deploy: kind ctlptl tilt kuttl chainsaw kustomize clusterctl @echo -n "LINODE_TOKEN=$(LINODE_TOKEN)" > config/default/.env.linode $(CTLPTL) apply -f .tilt/ctlptl-config.yaml $(TILT) ci --timeout 240s -f Tiltfile @@ -144,6 +144,10 @@ local-deploy: kind ctlptl tilt kuttl kustomize clusterctl _e2etest: manifests generate local-deploy ROOT_DIR="$(PWD)" $(KUTTL) test --config e2e/kuttl-config.yaml +.PHONY: chainsaw-test +chainsaw-test: manifests generate local-deploy + $(CHAINSAW) test ./e2e/linodecluster-controller + ## -------------------------------------- ## Build ## -------------------------------------- @@ -291,6 +295,7 @@ CONTROLLER_GEN ?= $(CACHE_BIN)/controller-gen TILT ?= $(LOCALBIN)/tilt KIND ?= $(LOCALBIN)/kind KUTTL ?= $(LOCALBIN)/kubectl-kuttl +CHAINSAW ?= $(CACHE_BIN)/chainsaw ENVTEST ?= $(CACHE_BIN)/setup-envtest HUSKY ?= $(LOCALBIN)/husky NILAWAY ?= $(LOCALBIN)/nilaway @@ -304,12 +309,13 @@ CONTROLLER_TOOLS_VERSION ?= v0.14.0 TILT_VERSION ?= 0.33.6 KIND_VERSION ?= 0.20.0 KUTTL_VERSION ?= 0.15.0 +CHAINSAW_VERSION ?= v0.1.7 HUSKY_VERSION ?= v0.2.16 NILAWAY_VERSION ?= latest GOVULNC_VERSION ?= v1.0.1 .PHONY: tools -tools: $(KUSTOMIZE) $(CTLPTL) $(CLUSTERCTL) $(CONTROLLER_GEN) $(TILT) $(KIND) $(KUTTL) $(ENVTEST) $(HUSKY) $(NILAWAY) $(GOVULNC) +tools: $(KUSTOMIZE) $(CTLPTL) $(CLUSTERCTL) $(CONTROLLER_GEN) $(TILT) $(KIND) $(KUTTL) $(CHAINSAW) $(ENVTEST) $(HUSKY) $(NILAWAY) $(GOVULNC) .PHONY: kustomize kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. @@ -354,6 +360,11 @@ $(KUTTL): $(LOCALBIN) curl -Lso $(KUTTL) https://github.com/kudobuilder/kuttl/releases/download/v$(KUTTL_VERSION)/kubectl-kuttl_$(KUTTL_VERSION)_$(OS)_$(ARCH) chmod +x $(KUTTL) +.PHONY: chainsaw +chainsaw: $(CHAINSAW) ## Download chainsaw locally if necessary. +$(CHAINSAW): $(CACHE_BIN) + GOBIN=$(CACHE_BIN) go install github.com/kyverno/chainsaw@$(CHAINSAW_VERSION) + .PHONY: envtest envtest: $(ENVTEST) ## Download setup-envtest locally if necessary. $(ENVTEST): $(LOCALBIN) diff --git a/e2e/kuttl-config.yaml b/e2e/kuttl-config.yaml index 8ecc60bf1..60d38f0c6 100644 --- a/e2e/kuttl-config.yaml +++ b/e2e/kuttl-config.yaml @@ -1,7 +1,6 @@ apiVersion: kuttl.dev/v1beta1 kind: TestSuite testDirs: -- e2e/linodecluster-controller - e2e/linodemachine-controller - e2e/linodevpc-controller - e2e/linodeobjectstoragebucket-controller diff --git a/e2e/linodecluster-controller/minimal-linodecluster/03-verify-nodebalancer.yaml b/e2e/linodecluster-controller/minimal-linodecluster/03-verify-nodebalancer.yaml deleted file mode 100644 index 005f982f3..000000000 --- a/e2e/linodecluster-controller/minimal-linodecluster/03-verify-nodebalancer.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: - - script: |- - URI="nodebalancers" FILTER="{\"label\":\"linodecluster-test-api-server\"}" make callLinodeApiGet | grep 'results": 1' diff --git a/e2e/linodecluster-controller/minimal-linodecluster/04-delete-linodecluster.yaml b/e2e/linodecluster-controller/minimal-linodecluster/04-delete-linodecluster.yaml deleted file mode 100644 index b7187f64c..000000000 --- a/e2e/linodecluster-controller/minimal-linodecluster/04-delete-linodecluster.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -delete: -- apiVersion: cluster.x-k8s.io/v1beta1 - kind: Cluster - name: cluster-test diff --git a/e2e/linodecluster-controller/minimal-linodecluster/05-verify-nodebalancer-destroyed.yaml b/e2e/linodecluster-controller/minimal-linodecluster/05-verify-nodebalancer-destroyed.yaml deleted file mode 100644 index c54597d2e..000000000 --- a/e2e/linodecluster-controller/minimal-linodecluster/05-verify-nodebalancer-destroyed.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kuttl.dev/v1beta1 -kind: TestStep -commands: - - script: |- - URI="nodebalancers" FILTER="{\"tags\":\"linodecluster-test-api-server\"}" make callLinodeApiGet | grep 'results": 0' diff --git a/e2e/linodecluster-controller/minimal-linodecluster/Makefile b/e2e/linodecluster-controller/minimal-linodecluster/Makefile deleted file mode 100644 index 3924bfdc1..000000000 --- a/e2e/linodecluster-controller/minimal-linodecluster/Makefile +++ /dev/null @@ -1 +0,0 @@ -include ../../Makefile diff --git a/e2e/linodecluster-controller/minimal-linodecluster/chainsaw-test.yaml b/e2e/linodecluster-controller/minimal-linodecluster/chainsaw-test.yaml new file mode 100755 index 000000000..093b424a8 --- /dev/null +++ b/e2e/linodecluster-controller/minimal-linodecluster/chainsaw-test.yaml @@ -0,0 +1,81 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/kyverno/chainsaw/main/.schemas/json/test-chainsaw-v1alpha1.json +apiVersion: chainsaw.kyverno.io/v1alpha1 +kind: Test +metadata: + creationTimestamp: null + name: minimal-linodecluster +spec: + steps: + - name: step-00 + try: + - assert: + file: 00-assert.yaml + - name: step-01 + try: + - apply: + file: 01-create-cluster.yaml + - name: step-02 + try: + - apply: + file: 02-create-linodecluster.yaml + - assert: + file: 02-assert.yaml + - name: step-03 + try: + - script: + env: + - name: TARGET_API + value: api.linode.com + - name: TARGET_API_VERSION + value: v4beta + - name: URI + value: nodebalancers + - name: FILTER + value: '{"label":"linodecluster-test-api-server"}' + content: | + set -e + curl -s \ + -H "Authorization: Bearer $LINODE_TOKEN" \ + -H "X-Filter: $FILTER" \ + -H "Content-Type: application/json" \ + "https://$TARGET_API/$TARGET_API_VERSION/$URI" + check: + ($error): ~ + (json_parse($stdout)): + results: 1 + - name: step-04 + try: + - delete: + ref: + apiVersion: cluster.x-k8s.io/v1beta1 + kind: Cluster + name: cluster-test + - error: + file: 04-error.yaml + - name: step-05 + try: + - script: + env: + - name: TARGET_API + value: api.linode.com + - name: TARGET_API_VERSION + value: v4beta + - name: URI + value: nodebalancers + - name: FILTER + value: '{"label":"linodecluster-test-api-server"}' + content: | + set -e + curl -s \ + -H "Authorization: Bearer $LINODE_TOKEN" \ + -H "X-Filter: $FILTER" \ + -H "Content-Type: application/json" \ + "https://$TARGET_API/$TARGET_API_VERSION/$URI" + check: + ($error): ~ + (json_parse($stdout)): + results: 0 + - name: step-06 + try: + - apply: + file: 06-cleanup-cluster.yaml