-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
There is a framework for adding end-to-end tests to the OSS suite release repo #39
Comments
Some considerations and considerations for putting together this framework.
|
I'll try to put together an E2E test case with these considerations in mind and share my findings here. |
Just to respond to a few of your notes:
I encourage you to think of these end-to-end test cases as corresponding to end user use cases or workflows - it may help in how you think about writing them. |
So if we're looking for high fidelity tests then KinD isn't so great. It might be useful for carrying out local iterations in the way that minikube might. |
My latest thoughts regarding this testing framework, taking into account your comment @izgeri. The content below still a bit abstract and talks about the sort of test we'd like and not how we'll do it. I'm still thinking about that and trying things out. Testing OSS release suitesThe release suites are a combination of Conjur (the root dependency), deployment tools for Conjur and consumption tools for Conjur. Each tool will likely already have independent tests to ensure that it works in isolation with Conjur. The purpose of these tests is to ensure that Conjur deployed by a particular tool can be consumed by another tool. Our suite of tests then is made up from combinations of a deployment tool, and a consumption tool . Conjur OSSThis component is standalone and no tests are exercised on it. For deployment to any given environment we need only input the version. Deployment toolsConjur AWSAWS CloudFormation templates for deploying Conjur OSS. Conjur Helm ChartThis component deploys Conjur to Kubernetes (not OpenShift). For deploying Conjur, the helm chart can take a version. ClientsThese components provide language specific capabilities to interact with Conjur. They depend on [Conjur OSS](#Conjur OSS) Kubernetes authenticatorThis component authenticates workloads running in Kubernetes. SecretlessThis component facilitates secured connections to target services. Ultimately it's just another client. E2E Tests casesBelow are some example test cases: Client library usage of Conjur deployed via Cloud Formation. In this case the clients connect to a publicly available Conjur instance using API keys
Client library usage of Kubernetes authenticator on Conjur deployed via Helm. In this case the clients make use of the Kubernetes authenticator client sidecar. This excludes Secretless since it has this behaviour built in.
Secretless usage of Kubernetes authenticator on Conjur deployed via Helm.
|
I'm not sure it's accurate that every test case will be "deployment + Conjur OSS + consumer" - at a minimum, when you use the authn-k8s client you are typically using something like "deployment + Conjur OSS + authn-k8s client (consumer 1) + client library (consumer 2)" I agree that the consumer end is where the most customization may happen, though. what if we want to run some tests cases where ansible + jenkins are somehow used in concert? this seems reasonable to me - have a Conjur OSS instance up, your app runs a Jenkins pipeline which uses creds to push to a registry, and then ansible deploys your app to prod. to be clear, the only test case we need to implement at first is helm chart + conjur oss + secretless - but in considering the design of the test framework, it's good to have a few other possible future examples in mind:
|
Agreed. A single consumer would be oversimplifying. We can call it I'm thinking that if I spend too much time thinking about the framework in a vacuum then I might end up wasting cycles just spinning wheels in one place. For now we can focus on an implementation of the |
My thoughts on this:
Smoke test of full e2e of some basic functionality of each component
Yup. K8s and OC would probably the most wanted candidates though we should stick to K8s/minikube/KinD for now to make sure our users can run the same tests and that we don't need any privileged infra. I think we should only run one set of tests per OSS suite release. Once we shrinkwrap an old OSS release, we can leave it as-is probably.
I expect re-runnable tests will be needed but won't need to be frequent (maybe only on pre-releases/releases?)
Yeah this will happen but we probably don't worry about it until that happens. We should make our stuff modular though just for best-practices.
Bash is adequate but probably not optimal. We can try exploring maybe golang or python testing frameworks here? |
Testing(A) At present an E2E test case exists that exercises the following components:
The components are deployed using bash scripts. These should be organised into meaningful abstractions (B) The types of activity surrounding a test scenario can be broken down into the following:
Test casesTest cases are defined in Go. Shell scripts can be executed via Go to exercise the test cases and any assertions can be carried out in Go. Shared stateA key-value store exists as the soure of truth of values that allow components to interact with one another, e.g. the CONJUR_ACCOUNT value set in (A1) is the same value that's needed in (A3). LoggingMultiple levels of logging are needed to cater to the different use cases for logs.
There's a few things missing right now from the E2E test. Right now B1 (Deployment of components) is carried out in a pretty imperative way. If I wanted to add some Secretless test cases it wouldn't be simple. Ideally I should be able to
With (1), (2) and (3) in place we can create automation that resolves the dependency graph and runs the providers in the order that makes sense. Test cases can use the shared state to execute steps across the components. We'd also need to write utility functions for executing code on any given component. |
The suite release repo has a pipeline set up so that end-to-end tests can be added to the project easily.
The text was updated successfully, but these errors were encountered: