diff --git a/.drone.yml b/.drone.yml index 888b753..82c21ae 100644 --- a/.drone.yml +++ b/.drone.yml @@ -466,6 +466,9 @@ steps: - export CLUSTER_NAME=123 - export INSTANCE_IP=$(cat /shared/machine/ip) - export KUBECONFIG=/shared/kube/kubeconfig-123 + - mkdir -p ./katalog/tests/libs + - git clone https://github.com/bats-core/bats-support katalog/tests/libs/bats-support + - git clone https://github.com/bats-core/bats-assert katalog/tests/libs/bats-assert - bats -t katalog/tests/tests.bats - bats -t katalog/tests/nginx-ldap-auth.sh diff --git a/katalog/tests/nginx-ldap-auth.sh b/katalog/tests/nginx-ldap-auth.sh index 1b9f7dd..8895477 100755 --- a/katalog/tests/nginx-ldap-auth.sh +++ b/katalog/tests/nginx-ldap-auth.sh @@ -7,6 +7,10 @@ load ./helper +load "libs/bats-support/load" +load "libs/bats-assert/load" + + @test "Ensure ingress controller" { info ensure_ingress(){ @@ -18,25 +22,14 @@ load ./helper [ "$status" -eq 0 ] } -@test "Wait for ingress controller" { +@test "Wait for ingress controller to be ready" { info - test(){ - status=$(kubectl get pods -n ingress-nginx -l app=ingress,type=external -o jsonpath="{.items[*].status.phase}") - if [ "${status}" != "Running" ]; then return 1; fi + check(){ + kubectl wait --timeout=180s --for=condition=ready pod -n ingress-nginx -l app=ingress,type=external } - loop_it test 30 2 - status=${loop_it_result} - [ "$status" -eq 0 ] -} -@test "Check Ingress controller is ready" { - info - test() { - kubectl get pods -n ingress-nginx -l app=ingress,type=external -o json | jq '.items[].status.containerStatuses[].ready' | uniq | grep -q true - } - loop_it test 60 10 - status=${loop_it_result} - [ "$status" -eq 0 ] + run check + assert_success } @test "Setup httpbin demo project" { @@ -52,19 +45,17 @@ load ./helper @test "Test no-auth httpbin ingress demo project" { info test(){ - http_code=$(curl -H "Host: ${INSTANCE_IP//./-}.nip.io" "http://${INSTANCE_IP}:${CLUSTER_NAME}80/get" -s -o /dev/null -w "%{http_code}") - if [ "${http_code}" -ne "200" ]; then return 1; fi + kubectl run tmp --rm -it --restart=Never --image=nginx -- curl -s -o /dev/null -w "%{http_code}" http://httpbin.demo-nginx-ldap-auth.svc.cluster.local/get } - loop_it test 30 2 - status=${loop_it_result} - [ "$status" -eq 0 ] + run test + echo "200pod \"tmp6\" deleted" | assert_output } @test "Deploy example ldap instance" { info setup_ldap(){ kubectl create ns demo-ldap - kubectl create configmap ldap-ldif --from-file=sighup.io.ldif=katalog/tests/nginx-ldap-auth/sighup.io-users.ldif -n demo-ldap --dry-run -o yaml |kubectl apply -f - + kubectl create configmap ldap-ldif --from-file=sighup.io.ldif=katalog/tests/nginx-ldap-auth/sighup.io-users.ldif -n demo-ldap --dry-run=client -o yaml |kubectl apply -f - kubectl apply -f katalog/tests/nginx-ldap-auth/ldap-server.yaml -n demo-ldap } run setup_ldap @@ -75,7 +66,7 @@ load ./helper info setup_nginx_ldap_auth() { kubectl create secret generic nginx-ldap-auth --from-file=config.yaml=katalog/tests/nginx-ldap-auth/nginx-ldap-auth-config.yaml -n ingress-nginx - apply katalog/nginx-ldap-auth + kustomize build katalog/nginx-ldap-auth | kubectl apply -n ingress-nginx -f- } run setup_nginx_ldap_auth [ "$status" -eq 0 ] @@ -83,24 +74,22 @@ load ./helper @test "Wait for example ldap instance" { info - test(){ - status=$(kubectl get pods -n demo-ldap -l app=ldap-server -o jsonpath="{.items[*].status.phase}") - if [ "${status}" != "Running" ]; then return 1; fi + check(){ + kubectl wait --timeout=180s --for=condition=ready pod -n demo-ldap -l app=ldap-server } - loop_it test 30 2 - status=${loop_it_result} - [ "$status" -eq 0 ] + + run check + assert_success } @test "Wait for nginx-ldap-auth" { info - test(){ - status=$(kubectl get pods -n ingress-nginx -l app=nginx-ldap-auth -o jsonpath="{.items[*].status.phase}") - if [ "${status}" != "Running" ]; then return 1; fi + check(){ + kubectl wait --timeout=180s --for=condition=ready pod -n ingress-nginx -l app=nginx-ldap-auth } - loop_it test 30 2 - status=${loop_it_result} - [ "$status" -eq 0 ] + + run check + assert_success } @test "Securize ingress definition" { @@ -115,6 +104,7 @@ load ./helper @test "Users. Test no-auth secured httpbin ingress demo project" { info test(){ + kubectl run tmp --rm -it --restart=Never --image=nginx -- curl -s -o /dev/null -w "%{http_code}" http://httpbin.demo-nginx-ldap-auth.svc.cluster.local/get http_code=$(curl -H "Host: ${INSTANCE_IP//./-}.nip.io" "http://${INSTANCE_IP}:${CLUSTER_NAME}80/get" -s -o /dev/null -w "%{http_code}") if [ "${http_code}" -ne "401" ]; then return 1; fi } @@ -149,7 +139,7 @@ load ./helper @test "Groups. Deploy example ldap instance" { info setup_ldap(){ - kubectl create configmap ldap-ldif --from-file=sighup.io.ldif=katalog/tests/nginx-ldap-auth/sighup.io-groups.ldif -n demo-ldap --dry-run -o yaml |kubectl apply -f - + kubectl create configmap ldap-ldif --from-file=sighup.io.ldif=katalog/tests/nginx-ldap-auth/sighup.io-groups.ldif -n demo-ldap --dry-run=client -o yaml |kubectl apply -f - kubectl rollout restart deploy/ldap-server -n demo-ldap } run setup_ldap @@ -159,7 +149,7 @@ load ./helper @test "Groups. Deploy nginx-ldap-auth" { info setup_nginx_ldap_auth() { - kubectl create secret generic nginx-ldap-auth --from-file=config.yaml=katalog/tests/nginx-ldap-auth/nginx-ldap-auth-config-groups.yaml -n ingress-nginx --dry-run -o yaml |kubectl apply -f - + kubectl create secret generic nginx-ldap-auth --from-file=config.yaml=katalog/tests/nginx-ldap-auth/nginx-ldap-auth-config-groups.yaml -n ingress-nginx --dry-run=client -o yaml |kubectl apply -f - kubectl rollout restart deploy/nginx-ldap-auth -n ingress-nginx } run setup_nginx_ldap_auth