Jv integration tests for runtime config #1899
Conversation
JoukoVirtanen
force-pushed
the
jv-integration-tests-for-runtime-config
branch
from
316fecb
to
ae8bf37
Compare
JoukoVirtanen
force-pushed
the
jv-integration-tests-for-runtime-config
branch
from
4b6cf76
to
4b227bd
Compare
JoukoVirtanen
force-pushed
the
jv-integration-tests-for-runtime-config
branch
from
6d06416
to
075a4df
Compare
collector/lib/ConfigLoader.cpp
Outdated
| } catch (const YAML::Exception& e) { | ||
| CLOG(ERROR) << "Failed to parse the configuration file: " << config_file << ". Error: " << e.what(); | ||
| } catch (const std::exception& e) { | ||
| CLOG(ERROR) << "An unknown error occured while loading the configuration file: " << config_file << ". Error: " << e.what(); |
collector/test/ConfigLoaderTest.cpp
Outdated
| @@ -67,12 +67,20 @@ TEST(CollectorConfigTest, TestYamlConfigToConfigInvalid) { | |||
| } | |||
|
|
|||
| TEST(CollectorConfigTest, TestYamlConfigToConfigEmpty) { | |||
There was a problem hiding this comment.
Please update this test name.
| @@ -41,6 +41,7 @@ func NewDockerCollectorManager(e executor.Executor, name string) *DockerCollecto | |||
| "/host/etc:ro": "/etc", | |||
| "/host/usr/lib:ro": "/usr/lib", | |||
| "/host/sys/kernel/debug:ro": "/sys/kernel/debug", | |||
| "/etc/stackrox:ro": "/tmp", | |||
There was a problem hiding this comment.
Consider creating a separate directory for this like /tmp/collector-test and use that instead of the full /tmp directory.
| func AssertExternalIps(t *testing.T, enable bool, collectorIP string) { | ||
| AssertRepeated(t, func() bool { | ||
| body := QueryConfig(t, collectorIP) | ||
| var response types.RuntimeConfig | ||
| err := json.Unmarshal(body, &response) | ||
| assert.NoError(t, err) | ||
|
|
||
| return response.Networking.ExternalIps.Enable == enable | ||
| }) | ||
| } | ||
|
|
||
| func AssertNoRuntimeConfig(t *testing.T, collectorIP string) { | ||
| AssertRepeated(t, func() bool { | ||
| body := QueryConfig(t, collectorIP) | ||
| return strings.TrimSpace(string(body)) == "{}" | ||
| }) | ||
| } | ||
|
|
||
| // TODO: This should be in its own package | ||
| func AssertRepeated(t *testing.T, condition func() bool) { | ||
| tick := time.NewTicker(1 * time.Second) | ||
| timer := time.After(3 * time.Minute) | ||
|
|
||
| for { | ||
| select { | ||
| case <-tick.C: | ||
| if condition() { | ||
| // Condition has been met | ||
| return | ||
| } | ||
|
|
||
| case <-timer: | ||
| // TODO: This message should be passed in rather than hard coded here | ||
| t.Log("Timeout reached: Runtime configuration was not updated") | ||
| t.FailNow() | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
We probably want to move all assertions to a separate pkg/assert or similar.
| func QueryConfig(t *testing.T, collectorIP string) []byte { | ||
| log.Info("Querying: /state/config") | ||
| body, err := IntrospectionQuery(collectorIP, "/state/config") | ||
| assert.NoError(t, err) | ||
| log.Info("Response: %q", body) | ||
| return body | ||
| } |
There was a problem hiding this comment.
I'm not 100% sold this is something we need, from a test we could just do:
body, err := IntrospectionQuery(s.Collector().IP(), "/state/config")
s.Require().NoError(err)This is simple enough and you can add the logging if you deem it necessary.
JoukoVirtanen
force-pushed
the
jv-integration-tests-for-runtime-config
branch
from
b446ed0
to
347114d
Compare
JoukoVirtanen
changed the base branch from
master
to
jv-ROX-26726-collector-integration-tests-should-record-all-connections
JoukoVirtanen
changed the base branch from
jv-ROX-26726-collector-integration-tests-should-record-all-connections
to
master
| @@ -33,7 +33,7 @@ loop: | |||
| case <-timer: | |||
| // we know they don't match at this point, but by using | |||
| // ElementsMatch we get much better logging about the differences | |||
| return assert.ElementsMatch(t, expected, s.Connections(containerID), "timed out waiting for networks") | |||
| return assert.ElementsMatch(t, expected, s.Connections(containerID), "timed out waiting for network connections") | |||
There was a problem hiding this comment.
The changes in this file were made here https://github.com/stackrox/collector/pull/1902/files
| @@ -32,7 +32,6 @@ const ( | |||
| // us to use any comparable type as the key) | |||
| type ProcessMap map[types.ProcessInfo]interface{} | |||
| type LineageMap map[types.ProcessLineage]interface{} | |||
| type ConnMap map[types.NetworkInfo]interface{} | |||
There was a problem hiding this comment.
The changes in this file were made here https://github.com/stackrox/collector/pull/1902/files
| func AssertExternalIps(t *testing.T, enable bool, collectorIP string) { | ||
| AssertRepeated(t, func() bool { | ||
| body, err := collector.IntrospectionQuery(collectorIP, "/state/config") |
There was a problem hiding this comment.
We don't need to do this here, but the IntrospectionQuery method needs to be part of a collector manager object, it would change this to be a lot simpler/clearer:
func AssertExternalIps(t *testing.T, enable bool, collector *CollectorManager) {
AssertRepeated(t, func() bool {
body, err := collector.IntrospectionQuery("/state/config")There was a problem hiding this comment.
I think it can be done in another PR. Maybe we should have an Introspection struct that could be a member of a Collector interface. The introspection object would get the IP address from the collector object.
There was a problem hiding this comment.
Thanks for splitting the tests up, as silly as it may sound, it's a lot easier to understand what is going on now.
The comments I left now are mostly on moving some comments around to leave the code blocks on their own. This should help reduce clutter a bit more, since the description of what will be done is provided up front and the code is left as clean as possible.
| // The runtime config file was deleted before starting collector so there should not be any config | ||
| assert.AssertNoRuntimeConfig(s.T(), collectorIP) | ||
| // Since there is no config the default is used, which means external IPs is disabled and we should | ||
| // expect a normalized connection |
There was a problem hiding this comment.
| // The runtime config file was deleted before starting collector so there should not be any config | |
| assert.AssertNoRuntimeConfig(s.T(), collectorIP) | |
| // Since there is no config the default is used, which means external IPs is disabled and we should | |
| // expect a normalized connection | |
| // The runtime config file was deleted before starting collector. | |
| // Default configuration is external IPs disabled. | |
| // We expect normalized connections. | |
| assert.AssertNoRuntimeConfig(s.T(), collectorIP) |
There was a problem hiding this comment.
This same change can be applied to the other 2 tests.
There was a problem hiding this comment.
This was not applied to all tests.
There was a problem hiding this comment.
It has now been applied to all tests.
|
CI results Run 1 The other konflux integration tests failed with either problems pulling the image. Both konflux and non-konflux cos integration tests failed with verifier errors. Run 2: Run 3: I did not see a previous failure that caused this error. There were other failures unrelated to the changes in the PR. |
| tick := time.NewTicker(1 * time.Second) | ||
| timer := time.After(3 * time.Minute) |
There was a problem hiding this comment.
Can these timeouts be configurable via some parameters?
JoukoVirtanen
force-pushed
the
jv-integration-tests-for-runtime-config
branch
from
8420864
to
9b4f72e
Compare
I have addressed the PR review comments in the other PR. |
e8bb38d Starting work 23ee1b0 Working with config introspection endpoint. No checks for connections yet 1b919ee Moved code for introspection endpoint from mock sensor to own directory 91ee35e Testing with an invalid config ae8bf37 Creates a container with an external connection and adds tests for it. Also made changes so that external connections can be checked for 34247e2 Mock server no longer maintains just a map of connections seen, but all connections edf7ca3 Should be able to handle cidr blocks and non-cidr blocks 4b227bd Able to handle the case when there is only port data dbed0a1 Brought in changes to server.go to handle external ips fd24fe8 Apply suggestions from code review 3eb5e48 Cleanup 13f8539 Able to control if connections should be ordered or not. Also added comments f9ea3fc Listening for new connection events instead of using a ticker 6d06416 Using ExpectSameElementsConnections instead of ExpectExactConnections
Co-authored-by: Mauro Ezequiel Moltrasio <[email protected]>
Co-authored-by: Mauro Ezequiel Moltrasio <[email protected]>
Co-authored-by: Mauro Ezequiel Moltrasio <[email protected]>
Co-authored-by: Giles Hutton <[email protected]>
JoukoVirtanen
force-pushed
the
jv-integration-tests-for-runtime-config
branch
from
d734a7c
to
f092de4
Compare
Description
Integration tests for runtime configuration. The tests create various versions of the runtime configuration file and check that the configuration introspection endpoint returns the correct expected configuration.
Checklist
Automated testing
If any of these don't apply, please comment below.
Testing Performed
TODO(replace-me)
Use this space to explain how you tested your PR, or, if you didn't test it, why you did not do so. (Valid reasons include "CI is sufficient" or "No testable changes")
In addition to reviewing your code, reviewers must also review your testing instructions, and make sure they are sufficient.
For more details, ref the Confluence page about this section.