Merge pull request #136 from weaveworks/integration-test

add integration tests
weaveworks · Dec 5, 2022 · e5feace · e5feace
2 parents cfff526 + a4af9d9
commit e5feace
Show file tree

Hide file tree

Showing 13 changed files with 816 additions and 3 deletions.
diff --git a/.github/workflows/integration_test.yml b/.github/workflows/integration_test.yml
@@ -0,0 +1,43 @@
+name: integration
+
+on:
+  push:
+    branches: [ master, dev ]
+  pull_request:
+    branches: [ master, dev ]
+
+jobs:
+  integration:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        namespace: [policy-system, test-system]
+    steps:
+      - name: Checkout repo 
+        uses: actions/checkout@v3
+      - name: Install Helm
+        uses: azure/setup-helm@v3
+      - name: Install kubectl
+        uses: azure/setup-kubectl@v3
+      - name: Install kind
+        uses: helm/[email protected]
+        with:
+          install_only: true
+      - name: setup go
+        uses: actions/setup-go@v3
+        with:
+          go-version: '1.17'
+          cache: true
+      - name: Run tests
+        env:
+          NAMESPACE: ${{ matrix.namespace }}
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+        run: |
+          make build
+
+          VERSION=$(cat ./version.txt)
+          docker build -t weaveworks/policy-agent:${VERSION} .
+
+          cd test/integration
+          bash deploy.sh
+          go test -v ./...
diff --git a/Makefile b/Makefile
@@ -73,7 +73,7 @@ vet: ## Run go vet against code.
 
 .PHONY: test
 test: manifests generate fmt vet envtest ## Run tests.
-	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test -v ./... -coverprofile cover.out
+	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test -v ./internal/... ./controllers/... ./pkg/... -coverprofile cover.out
 
 ##@ Build
 

diff --git a/internal/terraform/terraform.go b/internal/terraform/terraform.go
@@ -12,7 +12,7 @@ import (
 )
 
 const (
-	TypeTerraform = "Terraform"
+	TypeTFAdmission = "TFAdmission"
 )
 
 type Response struct {

diff --git a/main.go b/main.go
@@ -388,7 +388,7 @@ func main() {
 			validator := validation.NewOPAValidator(
 				policiesSource,
 				false,
-				terraform.TypeTerraform,
+				terraform.TypeTFAdmission,
 				config.AccountID,
 				config.ClusterID,
 				terraformSinks...,

diff --git a/test/integration/data/resources/admission_test_resources.yaml b/test/integration/data/resources/admission_test_resources.yaml
@@ -0,0 +1,100 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: orphan-deployment
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: orphan-deployment
+  template:
+    metadata:
+      labels:
+        app: orphan-deployment
+    spec:
+      containers:
+      - name: ubuntu
+        image: ubuntu:latest
+        command: ["sleep", "100d"]
+        securityContext:
+          privileged: true
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: test-deployment
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: test-deployment
+  template:
+    metadata:
+      labels:
+        app: test-deployment
+    spec:
+      containers:
+      - name: ubuntu
+        image: ubuntu:latest
+        command: ["sleep", "100d"]
+        securityContext:
+          privileged: true
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: helm-app-deployment
+  namespace: default
+  labels:
+    helm.toolkit.fluxcd.io/name: helm-app
+    helm.toolkit.fluxcd.io/namespace: flux-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: helm-app-deployment
+  template:
+    metadata:
+      labels:
+        app: helm-app-deployment
+    spec:
+      containers:
+      - name: ubuntu
+        image: ubuntu:latest
+        command: ["sleep", "100d"]
+        securityContext:
+          privileged: true
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kustomize-app-deployment
+  namespace: default
+  labels:
+    kustomize.toolkit.fluxcd.io/name: kustomize-app
+    kustomize.toolkit.fluxcd.io/namespace: flux-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: kustomize-app-deployment
+  template:
+    metadata:
+      labels:
+        app: kustomize-app-deployment
+    spec:
+      containers:
+      - name: ubuntu
+        image: ubuntu:latest
+        command: ["sleep", "100d"]
+        securityContext:
+          privileged: true
+
diff --git a/test/integration/data/resources/audit_test_resources.yaml b/test/integration/data/resources/audit_test_resources.yaml
@@ -0,0 +1,45 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: deployment-1
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: deployment-1
+  template:
+    metadata:
+      labels:
+        app: deployment-1
+    spec:
+      containers:
+      - name: ubuntu
+        image: ubuntu:latest
+        command: ["sleep", "100d"]
+        securityContext:
+          privileged: true
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: deployment-2
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: deployment-2
+  template:
+    metadata:
+      labels:
+        app: deployment-2
+    spec:
+      containers:
+      - name: ubuntu
+        image: ubuntu:latest
+        command: ["sleep", "100d"]
+        securityContext:
+          privileged: true
-Original file line number
+Diff line change
@@ Expand Up / @@ -12,7 +12,7 @@ import ( @@
     )
     const (
-    	TypeTerraform = "Terraform"
+    	TypeTFAdmission = "TFAdmission"
     )
     type Response struct {
@@ Expand Down @@