-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add e2e testing. #121
add e2e testing. #121
Conversation
morvencao
commented
Jun 11, 2024
•
edited
Loading
edited
- Add spec resync testing for agent restart
- Add status resync testing for server restart
- Add gRPC API testing
- Enable MTLS auth for MQTT broker.
- Add resync test after reconnecting for Maestro agent.
3a1e6e0
to
f70ca5d
Compare
/assign @qiujian16 @clyang82 @skeeey |
9faf013
to
8ebc1d1
Compare
test/e2e/setup/e2e_setup.sh
Outdated
tar -xzvf step_0.26.2_amd64.tar.gz | ||
chmod +x ./step_0.26.2/bin/step | ||
sudo mv ./step_0.26.2/bin/step /usr/local/bin/step | ||
rm -rf ./step_0.26.2_amd64.tar.gz ./step_0.26.2 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is worth extracting a version variable to define 0.26.2.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done.
6ecf1a7
to
a46b394
Compare
test/e2e/setup/e2e_setup.sh
Outdated
|
||
# create secret containing the client certs to mqtt broker and patch the maestro deployment | ||
kubectl create secret generic maestro-server-certs -n $namespace --from-file=ca.crt=${certDir}/ca.crt --from-file=client.crt=${certDir}/server-client.crt --from-file=client.key=${certDir}/server-client.key | ||
kubectl create secret generic maestro-server-invalid-certs -n $namespace --from-file=ca.crt=${certDir}/ca.crt --from-file=client.crt=${certDir}/invalid-client.crt --from-file=client.key=${certDir}/invalid-client.key |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why do you need maestro-server-invalid-certs
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This certificate will be expired in 1 minute, it is used to replace the client certificate, to simulate the case:
- the MQTT client certificate is expired, the connection to broker will be broken
- then we replace the expired certificate with the valid certificate, after that the maestro agent should be able to reload the valid certificate and then resync the resources during disconnected time.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is mainly used to test:
- agent reload certificate.
- agent resync spec after reconnect to broker.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
as we discussed, removed this for now.
cmd/maestro/agent/cmd.go
Outdated
@@ -70,4 +77,6 @@ func addFlags(fs *pflag.FlagSet) { | |||
commonOptions.SpokeClusterName, "Name of the consumer") | |||
fs.BoolVar(&commonOptions.CommoOpts.CmdConfig.DisableLeaderElection, "disable-leader-election", | |||
true, "Disable leader election.") | |||
fs.DurationVar(&certRefreshDuration, "cert-refresh-duration", | |||
certRefreshDuration, "Client certificate refresh duration for MQTT broker.") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
add default value 5 minutes in the message.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks like cobra flag will add this, if you try --help, you will see:
# go run ./cmd/maestro/main.go agent --help
Start the Maestro Agent
Usage:
maestro agent [flags]
Flags:
--add-dir-header If true, adds the file directory to the header of the log messages
--alsologtostderr log to standard error as well as files (no effect when -logtostderr=true)
--appliedmanifestwork-eviction-grace-period duration Grace period for appliedmanifestwork eviction (default 1h0m0s)
--cert-refresh-duration duration Client certificate refresh duration for MQTT broker. (default 5m0s)
test/e2e/pkg/certificate_test.go
Outdated
} | ||
|
||
return fmt.Errorf("maestro-agent logs does not have 'expired certificate'") | ||
}, 3*time.Minute, 3*time.Second).ShouldNot(HaveOccurred()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
will not refresh the certificates if they are expired?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you mean deploying a cert-manager for certificate rotation?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no. i mean the current behaviour. we do not refresh the certificate. correct?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we don't refresh the certificate, only replace it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
as we discussed, removed the certificate test for now.
@@ -175,13 +193,13 @@ var _ = Describe("Resources", Ordered, Label("e2e-tests-resources"), func() { | |||
Consistently(func() error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here is using Consistently. Consistently blocks when called for a specified duration. During that duration Consistently repeatedly polls its matcher and ensures that it is satisfied. If the matcher is consistently satisfied, then Consistently will pass. Otherwise Consistently will fail.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, I updated the Consistently
check to avoid intermittent error to break the check when getting nginx deployment.
test/e2e/pkg/spec_resync_test.go
Outdated
}, 30*time.Second, 2*time.Second).ShouldNot(HaveOccurred()) | ||
}) | ||
|
||
It("start maestro agent", func() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why do you need to shutdown maestro agent repeatedly? to trigger re-sync?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if so, how about use Consistently?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated this to only restart agent once, to resync spec for created resource, updated resource and deleted resource.
75c704a
to
768daa5
Compare
Signed-off-by: morvencao <[email protected]>
Signed-off-by: morvencao <[email protected]>
Signed-off-by: morvencao <[email protected]>
8f38127
to
d48b2a6
Compare
e3339e1
to
fc3620a
Compare
@clyang82 Another look? |
/ok-to-test |
I listed some cases that take a longer time to complete. Is this desired? Can the time be reduced? |
eec9217
to
1cfc614
Compare
Signed-off-by: morvencao <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM