Jv integration tests for runtime config #1899
Conversation
JoukoVirtanen
force-pushed
the
jv-integration-tests-for-runtime-config
branch
from
316fecb
to
ae8bf37
Compare
JoukoVirtanen
force-pushed
the
jv-integration-tests-for-runtime-config
branch
from
4b6cf76
to
4b227bd
Compare
JoukoVirtanen
force-pushed
the
jv-integration-tests-for-runtime-config
branch
from
6d06416
to
075a4df
Compare
collector/lib/ConfigLoader.cpp
Outdated
| } catch (const YAML::Exception& e) { | ||
| CLOG(ERROR) << "Failed to parse the configuration file: " << config_file << ". Error: " << e.what(); | ||
| } catch (const std::exception& e) { | ||
| CLOG(ERROR) << "An unknown error occured while loading the configuration file: " << config_file << ". Error: " << e.what(); |
collector/test/ConfigLoaderTest.cpp
Outdated
| @@ -67,12 +67,20 @@ TEST(CollectorConfigTest, TestYamlConfigToConfigInvalid) { | |||
| } | |||
|
|
|||
| TEST(CollectorConfigTest, TestYamlConfigToConfigEmpty) { | |||
There was a problem hiding this comment.
Please update this test name.
| @@ -41,6 +41,7 @@ func NewDockerCollectorManager(e executor.Executor, name string) *DockerCollecto | |||
| "/host/etc:ro": "/etc", | |||
| "/host/usr/lib:ro": "/usr/lib", | |||
| "/host/sys/kernel/debug:ro": "/sys/kernel/debug", | |||
| "/etc/stackrox:ro": "/tmp", | |||
There was a problem hiding this comment.
Consider creating a separate directory for this like /tmp/collector-test and use that instead of the full /tmp directory.
| func AssertExternalIps(t *testing.T, enable bool, collectorIP string) { | ||
| AssertRepeated(t, func() bool { | ||
| body := QueryConfig(t, collectorIP) | ||
| var response types.RuntimeConfig | ||
| err := json.Unmarshal(body, &response) | ||
| assert.NoError(t, err) | ||
|
|
||
| return response.Networking.ExternalIps.Enable == enable | ||
| }) | ||
| } | ||
|
|
||
| func AssertNoRuntimeConfig(t *testing.T, collectorIP string) { | ||
| AssertRepeated(t, func() bool { | ||
| body := QueryConfig(t, collectorIP) | ||
| return strings.TrimSpace(string(body)) == "{}" | ||
| }) | ||
| } | ||
|
|
||
| // TODO: This should be in its own package | ||
| func AssertRepeated(t *testing.T, condition func() bool) { | ||
| tick := time.NewTicker(1 * time.Second) | ||
| timer := time.After(3 * time.Minute) | ||
|
|
||
| for { | ||
| select { | ||
| case <-tick.C: | ||
| if condition() { | ||
| // Condition has been met | ||
| return | ||
| } | ||
|
|
||
| case <-timer: | ||
| // TODO: This message should be passed in rather than hard coded here | ||
| t.Log("Timeout reached: Runtime configuration was not updated") | ||
| t.FailNow() | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
We probably want to move all assertions to a separate pkg/assert or similar.
| func QueryConfig(t *testing.T, collectorIP string) []byte { | ||
| log.Info("Querying: /state/config") | ||
| body, err := IntrospectionQuery(collectorIP, "/state/config") | ||
| assert.NoError(t, err) | ||
| log.Info("Response: %q", body) | ||
| return body | ||
| } |
There was a problem hiding this comment.
I'm not 100% sold this is something we need, from a test we could just do:
body, err := IntrospectionQuery(s.Collector().IP(), "/state/config")
s.Require().NoError(err)This is simple enough and you can add the logging if you deem it necessary.
JoukoVirtanen
force-pushed
the
jv-integration-tests-for-runtime-config
branch
from
b446ed0
to
347114d
Compare
JoukoVirtanen
changed the base branch from
master
to
jv-ROX-26726-collector-integration-tests-should-record-all-connections
JoukoVirtanen
changed the base branch from
jv-ROX-26726-collector-integration-tests-should-record-all-connections
to
master
| @@ -33,7 +33,7 @@ loop: | |||
| case <-timer: | |||
| // we know they don't match at this point, but by using | |||
| // ElementsMatch we get much better logging about the differences | |||
| return assert.ElementsMatch(t, expected, s.Connections(containerID), "timed out waiting for networks") | |||
| return assert.ElementsMatch(t, expected, s.Connections(containerID), "timed out waiting for network connections") | |||
There was a problem hiding this comment.
The changes in this file were made here https://github.com/stackrox/collector/pull/1902/files
| @@ -32,7 +32,6 @@ const ( | |||
| // us to use any comparable type as the key) | |||
| type ProcessMap map[types.ProcessInfo]interface{} | |||
| type LineageMap map[types.ProcessLineage]interface{} | |||
| type ConnMap map[types.NetworkInfo]interface{} | |||
There was a problem hiding this comment.
The changes in this file were made here https://github.com/stackrox/collector/pull/1902/files
| func AssertExternalIps(t *testing.T, enable bool, collectorIP string) { | ||
| AssertRepeated(t, func() bool { | ||
| body, err := collector.IntrospectionQuery(collectorIP, "/state/config") |
There was a problem hiding this comment.
We don't need to do this here, but the IntrospectionQuery method needs to be part of a collector manager object, it would change this to be a lot simpler/clearer:
func AssertExternalIps(t *testing.T, enable bool, collector *CollectorManager) {
AssertRepeated(t, func() bool {
body, err := collector.IntrospectionQuery("/state/config")There was a problem hiding this comment.
I think it can be done in another PR. Maybe we should have an Introspection struct that could be a member of a Collector interface. The introspection object would get the IP address from the collector object.
There was a problem hiding this comment.
Thanks for splitting the tests up, as silly as it may sound, it's a lot easier to understand what is going on now.
The comments I left now are mostly on moving some comments around to leave the code blocks on their own. This should help reduce clutter a bit more, since the description of what will be done is provided up front and the code is left as clean as possible.
| // The runtime config file was deleted before starting collector so there should not be any config | ||
| assert.AssertNoRuntimeConfig(s.T(), collectorIP) | ||
| // Since there is no config the default is used, which means external IPs is disabled and we should | ||
| // expect a normalized connection |
There was a problem hiding this comment.
| // The runtime config file was deleted before starting collector so there should not be any config | |
| assert.AssertNoRuntimeConfig(s.T(), collectorIP) | |
| // Since there is no config the default is used, which means external IPs is disabled and we should | |
| // expect a normalized connection | |
| // The runtime config file was deleted before starting collector. | |
| // Default configuration is external IPs disabled. | |
| // We expect normalized connections. | |
| assert.AssertNoRuntimeConfig(s.T(), collectorIP) |
There was a problem hiding this comment.
This same change can be applied to the other 2 tests.
There was a problem hiding this comment.
This was not applied to all tests.
There was a problem hiding this comment.
It has now been applied to all tests.
|
CI results Run 1 The other konflux integration tests failed with either problems pulling the image. Both konflux and non-konflux cos integration tests failed with verifier errors. Run 2: Run 3: I did not see a previous failure that caused this error. There were other failures unrelated to the changes in the PR. |
| tick := time.NewTicker(1 * time.Second) | ||
| timer := time.After(3 * time.Minute) |
There was a problem hiding this comment.
Can these timeouts be configurable via some parameters?
JoukoVirtanen
force-pushed
the
jv-integration-tests-for-runtime-config
branch
from
8420864
to
9b4f72e
Compare
I have addressed the PR review comments in the other PR. |
JoukoVirtanen
force-pushed
the
jv-integration-tests-for-runtime-config
branch
from
d734a7c
to
f092de4
Compare
JoukoVirtanen
force-pushed
the
jv-integration-tests-for-runtime-config
branch
from
4a03f7b
to
9241f09
Compare
e8bb38d Starting work 23ee1b0 Working with config introspection endpoint. No checks for connections yet 1b919ee Moved code for introspection endpoint from mock sensor to own directory 91ee35e Testing with an invalid config ae8bf37 Creates a container with an external connection and adds tests for it. Also made changes so that external connections can be checked for 34247e2 Mock server no longer maintains just a map of connections seen, but all connections edf7ca3 Should be able to handle cidr blocks and non-cidr blocks 4b227bd Able to handle the case when there is only port data dbed0a1 Brought in changes to server.go to handle external ips fd24fe8 Apply suggestions from code review 3eb5e48 Cleanup 13f8539 Able to control if connections should be ordered or not. Also added comments f9ea3fc Listening for new connection events instead of using a ticker 6d06416 Using ExpectSameElementsConnections instead of ExpectExactConnections 9c3f013 More error handling for reading the configuration. Using a volume mount a4fe63b Fixed lint error 8dce19c The runtime config file is only modified on the host machine 1c05a55 There is now only one source code file for runtime config introspection 7b77e23 Minor fixes for k8s e53509f Added comments and sleeps when config does not change so we get a scrape interval 2da34ae Increased the afterglow period ca6dd2c Update collector/lib/ConfigLoader.cpp 6aa60e0 Renamed unit test. Integration tests use a dedicated directory a6b0c57 Created a new assert package 949534d Apply suggestions from code review 09b13aa Split test into smaller tests 9346776 Apply suggestions from code review 3586964 Removed unneeded sort 5e95832 Using slices.ContainsFunc in HasConnection 76e244d Made timings in AssertRepeated configurable 5e94d5c Always sort the connections when comparing 12c04f3 Not using assertMismatch 129308e Updated comments 0b34466 Apply suggestions from code review e2fd23c Sorting connections inside Connections instead of SortedConnections a544a68 Created ElementsMatchFunc in assert pkg 6d1a737 Using spew for logging 2ae0101 Apply suggestions from code review 416b7f2 Importing logging package 9241f09 Simplified by removing checkIfConnectionsMatchExpected ba6babc Changed assert.True to assert.Fail
JoukoVirtanen
force-pushed
the
jv-integration-tests-for-runtime-config
branch
from
ba6babc
to
72fb150
Compare
| // TODO: This message should be passed in rather than hard coded here | ||
| log.Error("Timeout reached: Runtime configuration was not updated") |
There was a problem hiding this comment.
This TODO should be relatively simple to solve, add a format and args parameter to the function like this:
func AssertRepeated(t *testing.T, tickTime time.Duration, timeout time.Duration, condition func() bool, msg string, args ...interface{}) {Then here you can just call log.Error like this:
log.Error("Timeout reached: " + msg, args...)If this ends up being too verbose on the call sites with the function being defined inline, you can always define the function and assign it to a variable, then pass that in.
|
Also, there are some tests on the multiarch for konflux, but those are due to the integration test image not being rebuilt for those archs, this is not a blocker for this PR and I'm trying to address it here: #1974 |
Description
Integration tests for runtime configuration. The tests create various versions of the runtime configuration file and check that the configuration introspection endpoint returns the correct expected configuration.
Checklist
Automated testing
If any of these don't apply, please comment below.
Testing Performed
TODO(replace-me)
Use this space to explain how you tested your PR, or, if you didn't test it, why you did not do so. (Valid reasons include "CI is sufficient" or "No testable changes")
In addition to reviewing your code, reviewers must also review your testing instructions, and make sure they are sufficient.
For more details, ref the Confluence page about this section.